diff --git a/g3proxy/src/auth/user.rs b/g3proxy/src/auth/user.rs index 6f13f50ac..bb7beb879 100644 --- a/g3proxy/src/auth/user.rs +++ b/g3proxy/src/auth/user.rs @@ -27,7 +27,7 @@ use governor::{clock::DefaultClock, state::InMemoryState, state::NotKeyed, RateL use tokio::time::Instant; use g3_io_ext::{GlobalDatagramLimiter, GlobalLimitGroup, GlobalStreamLimiter}; -use g3_types::acl::{AclAction, AclNetworkRule, ActionContract}; +use g3_types::acl::{AclAction, AclNetworkRule}; use g3_types::acl_set::AclDstHostRuleSet; use g3_types::auth::UserAuthError; use g3_types::limit::{GaugeSemaphore, GaugeSemaphorePermit}; @@ -605,7 +605,7 @@ impl User { forbid_stats.add_dest_denied(); return action; }; - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } if let Some(filter) = &self.dst_host_filter { @@ -614,7 +614,7 @@ impl User { forbid_stats.add_dest_denied(); return action; } - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } if default_action.forbid_early() { @@ -636,7 +636,7 @@ impl User { forbid_stats.add_ua_blocked(); return Some(action); } - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } } Some(default_action) diff --git a/g3proxy/src/inspect/http/v1/upgrade/mod.rs b/g3proxy/src/inspect/http/v1/upgrade/mod.rs index b9488180f..c2859e1b2 100644 --- a/g3proxy/src/inspect/http/v1/upgrade/mod.rs +++ b/g3proxy/src/inspect/http/v1/upgrade/mod.rs @@ -154,11 +154,8 @@ where CW: AsyncWrite + Unpin, { let policy_action = match self.req.host.as_ref() { - Some(upstream) => { - let (_, policy_action) = self.ctx.websocket_inspect_policy().check(upstream.host()); - policy_action - } - None => self.ctx.websocket_inspect_policy().missing_action(), + Some(upstream) => self.ctx.websocket_inspect_action(upstream.host()), + None => self.ctx.websocket_inspect_missing_action(), }; let retain_websocket_upgrade = policy_action != ProtocolInspectAction::Block; diff --git a/g3proxy/src/inspect/http/v2/connect/extended.rs b/g3proxy/src/inspect/http/v2/connect/extended.rs index 7a6db8f4a..a5972d986 100644 --- a/g3proxy/src/inspect/http/v2/connect/extended.rs +++ b/g3proxy/src/inspect/http/v2/connect/extended.rs @@ -176,11 +176,8 @@ where }; let policy_action = match self.upstream.as_ref() { - Some(upstream) => { - let (_, policy_action) = self.ctx.websocket_inspect_policy().check(upstream.host()); - policy_action - } - None => self.ctx.websocket_inspect_policy().missing_action(), + Some(upstream) => self.ctx.websocket_inspect_action(upstream.host()), + None => self.ctx.websocket_inspect_missing_action(), }; if policy_action == ProtocolInspectAction::Block { self.reply_forbidden(clt_send_rsp); diff --git a/g3proxy/src/inspect/http/v2/mod.rs b/g3proxy/src/inspect/http/v2/mod.rs index 76b3e03a9..95897b8de 100644 --- a/g3proxy/src/inspect/http/v2/mod.rs +++ b/g3proxy/src/inspect/http/v2/mod.rs @@ -110,8 +110,7 @@ where SC: ServerConfig + Send + Sync + 'static, { pub(crate) async fn intercept(mut self) -> ServerTaskResult<()> { - let (_, inspect_action) = self.ctx.h2_inspect_policy().check(self.upstream.host()); - let r = match inspect_action { + let r = match self.ctx.h2_inspect_action(self.upstream.host()) { ProtocolInspectAction::Intercept => self .do_intercept() .await diff --git a/g3proxy/src/inspect/imap/mod.rs b/g3proxy/src/inspect/imap/mod.rs index 7d82bf22b..e129175ef 100644 --- a/g3proxy/src/inspect/imap/mod.rs +++ b/g3proxy/src/inspect/imap/mod.rs @@ -130,8 +130,7 @@ where } pub(crate) async fn intercept(mut self) -> ServerTaskResult>> { - let (_, inspect_action) = self.ctx.imap_inspect_policy().check(self.upstream.host()); - let r = match inspect_action { + let r = match self.ctx.imap_inspect_action(self.upstream.host()) { ProtocolInspectAction::Intercept => self.do_intercept().await, #[cfg(feature = "quic")] ProtocolInspectAction::Detour => self.do_detour().await.map(|_| None), diff --git a/g3proxy/src/inspect/mod.rs b/g3proxy/src/inspect/mod.rs index ee4d2f7d4..af581d16b 100644 --- a/g3proxy/src/inspect/mod.rs +++ b/g3proxy/src/inspect/mod.rs @@ -25,9 +25,9 @@ use uuid::Uuid; use g3_daemon::server::ServerQuitPolicy; use g3_dpi::{ H1InterceptionConfig, H2InterceptionConfig, ImapInterceptionConfig, MaybeProtocol, - ProtocolInspectPolicy, ProtocolInspector, SmtpInterceptionConfig, + ProtocolInspectAction, ProtocolInspector, SmtpInterceptionConfig, }; -use g3_types::net::OpensslClientConfig; +use g3_types::net::{Host, OpensslClientConfig}; use crate::audit::AuditHandle; use crate::auth::{User, UserForbiddenStats, UserSite}; @@ -263,8 +263,17 @@ impl StreamInspectContext { } #[inline] - fn h2_inspect_policy(&self) -> &ProtocolInspectPolicy { - self.audit_handle.h2_inspect_policy() + fn h2_inspect_action(&self, host: &Host) -> ProtocolInspectAction { + match self.audit_handle.h2_inspect_policy().check(host) { + (true, policy_action) => policy_action, + (false, missing_policy_action) => missing_policy_action, + } + } + + #[inline] + #[allow(dead_code)] + fn h2_inspect_missing_action(&self) -> ProtocolInspectAction { + self.audit_handle.h2_inspect_policy().missing_action() } #[inline] @@ -281,13 +290,32 @@ impl StreamInspectContext { } #[inline] - fn websocket_inspect_policy(&self) -> &ProtocolInspectPolicy { - self.audit_handle.websocket_inspect_policy() + fn websocket_inspect_action(&self, host: &Host) -> ProtocolInspectAction { + match self.audit_handle.websocket_inspect_policy().check(host) { + (true, policy_action) => policy_action, + (false, missing_policy_action) => missing_policy_action, + } + } + + #[inline] + fn websocket_inspect_missing_action(&self) -> ProtocolInspectAction { + self.audit_handle + .websocket_inspect_policy() + .missing_action() } #[inline] - fn smtp_inspect_policy(&self) -> &ProtocolInspectPolicy { - self.audit_handle.smtp_inspect_policy() + fn smtp_inspect_action(&self, host: &Host) -> ProtocolInspectAction { + match self.audit_handle.smtp_inspect_policy().check(host) { + (true, policy_action) => policy_action, + (false, missing_policy_action) => missing_policy_action, + } + } + + #[inline] + #[allow(dead_code)] + fn smtp_inspect_missing_action(&self) -> ProtocolInspectAction { + self.audit_handle.smtp_inspect_policy().missing_action() } #[inline] @@ -296,8 +324,17 @@ impl StreamInspectContext { } #[inline] - fn imap_inspect_policy(&self) -> &ProtocolInspectPolicy { - self.audit_handle.imap_inspect_policy() + fn imap_inspect_action(&self, host: &Host) -> ProtocolInspectAction { + match self.audit_handle.imap_inspect_policy().check(host) { + (true, policy_action) => policy_action, + (false, missing_policy_action) => missing_policy_action, + } + } + + #[inline] + #[allow(dead_code)] + fn imap_inspect_missing_action(&self) -> ProtocolInspectAction { + self.audit_handle.imap_inspect_policy().missing_action() } #[inline] diff --git a/g3proxy/src/inspect/smtp/mod.rs b/g3proxy/src/inspect/smtp/mod.rs index 8df647d6d..5abd19ed1 100644 --- a/g3proxy/src/inspect/smtp/mod.rs +++ b/g3proxy/src/inspect/smtp/mod.rs @@ -121,8 +121,7 @@ where } pub(crate) async fn intercept(mut self) -> ServerTaskResult>> { - let (_, inspect_action) = self.ctx.smtp_inspect_policy().check(self.upstream.host()); - let r = match inspect_action { + let r = match self.ctx.smtp_inspect_action(self.upstream.host()) { ProtocolInspectAction::Intercept => self.do_intercept().await, #[cfg(feature = "quic")] ProtocolInspectAction::Detour => self.do_detour().await.map(|_| None), diff --git a/g3proxy/src/inspect/tls/mod.rs b/g3proxy/src/inspect/tls/mod.rs index 338e74e80..168384f20 100644 --- a/g3proxy/src/inspect/tls/mod.rs +++ b/g3proxy/src/inspect/tls/mod.rs @@ -167,14 +167,14 @@ impl TlsInterceptObject { fn retain_alpn_protocol(&self, p: &[u8]) -> bool { if p == AlpnProtocol::Http2.identification_sequence() { - let (_, policy_action) = self.ctx.h2_inspect_policy().check(self.upstream.host()); - return ProtocolInspectAction::Block != policy_action; + return ProtocolInspectAction::Block + != self.ctx.h2_inspect_action(self.upstream.host()); } else if p == AlpnProtocol::Smtp.identification_sequence() { - let (_, policy_action) = self.ctx.smtp_inspect_policy().check(self.upstream.host()); - return ProtocolInspectAction::Block != policy_action; + return ProtocolInspectAction::Block + != self.ctx.smtp_inspect_action(self.upstream.host()); } else if p == AlpnProtocol::Imap.identification_sequence() { - let (_, policy_action) = self.ctx.imap_inspect_policy().check(self.upstream.host()); - return ProtocolInspectAction::Block != policy_action; + return ProtocolInspectAction::Block + != self.ctx.imap_inspect_action(self.upstream.host()); } true } diff --git a/g3proxy/src/inspect/websocket/h1.rs b/g3proxy/src/inspect/websocket/h1.rs index 811615af6..090380702 100644 --- a/g3proxy/src/inspect/websocket/h1.rs +++ b/g3proxy/src/inspect/websocket/h1.rs @@ -90,11 +90,7 @@ impl H1WebsocketInterceptObject { } pub(crate) async fn intercept(mut self) -> ServerTaskResult<()> { - let (_, inspect_action) = self - .ctx - .websocket_inspect_policy() - .check(self.upstream.host()); - let r = match inspect_action { + let r = match self.ctx.websocket_inspect_action(self.upstream.host()) { ProtocolInspectAction::Intercept => self.do_intercept().await, #[cfg(feature = "quic")] ProtocolInspectAction::Detour => self.do_detour().await, diff --git a/g3proxy/src/inspect/websocket/h2.rs b/g3proxy/src/inspect/websocket/h2.rs index 9e852cbb3..c8bdc7fc6 100644 --- a/g3proxy/src/inspect/websocket/h2.rs +++ b/g3proxy/src/inspect/websocket/h2.rs @@ -74,11 +74,7 @@ impl H2WebsocketInterceptObject { ups_r: RecvStream, ups_w: SendStream, ) { - let (_, inspect_action) = self - .ctx - .websocket_inspect_policy() - .check(self.upstream.host()); - let r = match inspect_action { + let r = match self.ctx.websocket_inspect_action(self.upstream.host()) { ProtocolInspectAction::Intercept => self.do_intercept(clt_r, clt_w, ups_r, ups_w).await, #[cfg(feature = "quic")] ProtocolInspectAction::Detour => self.do_detour(clt_r, clt_w, ups_r, ups_w).await, diff --git a/g3proxy/src/serve/http_proxy/task/common.rs b/g3proxy/src/serve/http_proxy/task/common.rs index c6c64b761..b08208569 100644 --- a/g3proxy/src/serve/http_proxy/task/common.rs +++ b/g3proxy/src/serve/http_proxy/task/common.rs @@ -21,7 +21,7 @@ use slog::Logger; use g3_daemon::server::ClientConnectionInfo; use g3_icap_client::reqmod::h1::HttpAdapterErrorResponse; -use g3_types::acl::{AclAction, ActionContract}; +use g3_types::acl::AclAction; use g3_types::acl_set::AclDstHostRuleSet; use g3_types::net::{OpensslClientConfig, UpstreamAddr}; @@ -73,7 +73,7 @@ impl CommonTaskContext { if found && action.forbid_early() { return action; }; - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } if let Some(filter) = &self.dst_host_filter { @@ -81,7 +81,7 @@ impl CommonTaskContext { if found && action.forbid_early() { return action; } - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } default_action diff --git a/g3proxy/src/serve/socks_proxy/task/common.rs b/g3proxy/src/serve/socks_proxy/task/common.rs index b9e9c278d..61bc8fc64 100644 --- a/g3proxy/src/serve/socks_proxy/task/common.rs +++ b/g3proxy/src/serve/socks_proxy/task/common.rs @@ -21,7 +21,7 @@ use slog::Logger; use tokio::net::UdpSocket; use g3_daemon::server::ClientConnectionInfo; -use g3_types::acl::{AclAction, AclNetworkRule, ActionContract}; +use g3_types::acl::{AclAction, AclNetworkRule}; use g3_types::acl_set::AclDstHostRuleSet; use g3_types::net::UpstreamAddr; @@ -70,7 +70,7 @@ impl CommonTaskContext { if found && action.forbid_early() { return action; }; - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } if let Some(filter) = &self.dst_host_filter { @@ -78,7 +78,7 @@ impl CommonTaskContext { if found && action.forbid_early() { return action; } - default_action = default_action.restrict(&action); + default_action = default_action.restrict(action); } default_action diff --git a/lib/g3-dpi/src/config/mod.rs b/lib/g3-dpi/src/config/mod.rs index 44b7c2944..013f45d07 100644 --- a/lib/g3-dpi/src/config/mod.rs +++ b/lib/g3-dpi/src/config/mod.rs @@ -14,12 +14,15 @@ * limitations under the License. */ +use std::fmt; +use std::str::FromStr; use std::time::Duration; -use std::{fmt, str::FromStr}; + +use g3_types::acl::ActionContract; +use g3_types::acl_set::AclDstHostRuleSet; mod size_limit; -use g3_types::acl::ActionContract; pub use size_limit::ProtocolInspectionSizeLimit; mod http; @@ -31,9 +34,9 @@ pub use smtp::SmtpInterceptionConfig; mod imap; pub use imap::ImapInterceptionConfig; -pub type ProtocolInspectPolicy = g3_types::acl_set::AclDstHostRuleSet; +pub type ProtocolInspectPolicy = AclDstHostRuleSet; -#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Hash)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Ord, Hash)] pub enum ProtocolInspectAction { Intercept, #[cfg(feature = "quic")] @@ -64,7 +67,7 @@ impl FromStr for ProtocolInspectAction { } } -impl g3_types::acl::ActionContract for ProtocolInspectAction { +impl ActionContract for ProtocolInspectAction { fn default_forbid() -> Self { Self::Block } @@ -73,27 +76,6 @@ impl g3_types::acl::ActionContract for ProtocolInspectAction { Self::Intercept } - fn restrict(&self, other: &ProtocolInspectAction) -> ProtocolInspectAction { - if other > self { - *other - } else { - *self - } - } - - fn strict_than(&self, other: &ProtocolInspectAction) -> bool { - self.gt(other) - } - - fn forbid_early(&self) -> bool { - match self { - Self::Block => true, - Self::Intercept | Self::Bypass => false, - #[cfg(feature = "quic")] - Self::Detour => false, - } - } - fn serialize(&self) -> &'static str { match self { Self::Intercept => "intercept", diff --git a/lib/g3-types/src/acl/a_hash.rs b/lib/g3-types/src/acl/a_hash.rs index 9a790f2b7..f9e7ae4a8 100644 --- a/lib/g3-types/src/acl/a_hash.rs +++ b/lib/g3-types/src/acl/a_hash.rs @@ -68,9 +68,9 @@ where Q: Hash + Eq + ?Sized, { if let Some(action) = self.inner.get(node) { - (true, action.clone()) + (true, *action) } else { - (false, self.missed_action.clone()) + (false, self.missed_action) } } } diff --git a/lib/g3-types/src/acl/exact_host.rs b/lib/g3-types/src/acl/exact_host.rs index f33b57908..e5525adec 100644 --- a/lib/g3-types/src/acl/exact_host.rs +++ b/lib/g3-types/src/acl/exact_host.rs @@ -31,8 +31,8 @@ impl AclExactHostRule { #[inline] pub fn new(missed_action: Action) -> Self { AclExactHostRule { - missed_action: missed_action.clone(), - domain: AclAHashRule::new(missed_action.clone()), + missed_action, + domain: AclAHashRule::new(missed_action), ip: AclAHashRule::new(missed_action), } } @@ -56,14 +56,14 @@ impl AclExactHostRule { #[inline] pub fn set_missed_action(&mut self, action: Action) { - self.missed_action = action.clone(); - self.domain.set_missed_action(action.clone()); + self.missed_action = action; + self.domain.set_missed_action(action); self.ip.set_missed_action(action); } #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } #[inline] diff --git a/lib/g3-types/src/acl/exact_port.rs b/lib/g3-types/src/acl/exact_port.rs index 592143793..71cd5e5fb 100644 --- a/lib/g3-types/src/acl/exact_port.rs +++ b/lib/g3-types/src/acl/exact_port.rs @@ -30,13 +30,13 @@ impl AclExactPortRule { pub fn add_port_range(&mut self, port_range: RangeInclusive, action: Action) { for port in port_range { - self.0.add_node(port, action.clone()); + self.0.add_node(port, action); } } pub fn add_ports(&mut self, ports: Ports, action: Action) { for port in ports { - self.0.add_node(port, action.clone()); + self.0.add_node(port, action); } } diff --git a/lib/g3-types/src/acl/fx_hash.rs b/lib/g3-types/src/acl/fx_hash.rs index db951d15a..89e0cc593 100644 --- a/lib/g3-types/src/acl/fx_hash.rs +++ b/lib/g3-types/src/acl/fx_hash.rs @@ -68,9 +68,9 @@ where Q: Hash + Eq + ?Sized, { if let Some(action) = self.inner.get(node) { - (true, action.clone()) + (true, *action) } else { - (false, self.missed_action.clone()) + (false, self.missed_action) } } } diff --git a/lib/g3-types/src/acl/mod.rs b/lib/g3-types/src/acl/mod.rs index 20a86ccd0..ee5e1a9c1 100644 --- a/lib/g3-types/src/acl/mod.rs +++ b/lib/g3-types/src/acl/mod.rs @@ -40,19 +40,17 @@ pub use proxy_request::AclProxyRequestRule; pub use regex_set::{AclRegexSetRule, AclRegexSetRuleBuilder}; pub use user_agent::AclUserAgentRule; -pub trait ActionContract: Clone + PartialEq + Eq + PartialOrd + std::hash::Hash { +pub trait ActionContract: + Clone + Copy + PartialEq + Eq + PartialOrd + Ord + std::hash::Hash +{ fn default_forbid() -> Self; fn default_permit() -> Self; - fn restrict(&self, other: &Self) -> Self; - fn strict_than(&self, other: &Self) -> bool; - fn forbid_early(&self) -> bool; - fn serialize(&self) -> &'static str; fn deserialize(s: &str) -> Result; } -#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Hash)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Ord, Hash)] pub enum AclAction { Permit, PermitAndLog, @@ -60,6 +58,23 @@ pub enum AclAction { ForbidAndLog, } +impl AclAction { + pub fn restrict(self, other: AclAction) -> AclAction { + other.max(self) + } + + pub fn strict_than(self, other: AclAction) -> bool { + self.gt(&other) + } + + pub fn forbid_early(&self) -> bool { + match self { + AclAction::ForbidAndLog | AclAction::Forbid => true, + AclAction::PermitAndLog | AclAction::Permit => false, + } + } +} + impl AclAction { #[inline] fn as_str(&self) -> &'static str { @@ -76,25 +91,6 @@ impl ActionContract for AclAction { AclAction::Forbid } - fn restrict(&self, other: &AclAction) -> AclAction { - if other > self { - *other - } else { - *self - } - } - - fn strict_than(&self, other: &AclAction) -> bool { - self.gt(other) - } - - fn forbid_early(&self) -> bool { - match self { - AclAction::ForbidAndLog | AclAction::Forbid => true, - AclAction::PermitAndLog | AclAction::Permit => false, - } - } - fn serialize(&self) -> &'static str { match self { AclAction::Permit => "Permit", @@ -137,17 +133,17 @@ mod tests { #[test] fn acl_action_order() { assert_eq!( - AclAction::Permit.restrict(&AclAction::PermitAndLog), + AclAction::Permit.restrict(AclAction::PermitAndLog), AclAction::PermitAndLog ); assert_eq!( - AclAction::Forbid.restrict(&AclAction::ForbidAndLog), + AclAction::Forbid.restrict(AclAction::ForbidAndLog), AclAction::ForbidAndLog ); assert_eq!( - AclAction::Permit.restrict(&AclAction::Forbid), + AclAction::Permit.restrict(AclAction::Forbid), AclAction::Forbid ); } diff --git a/lib/g3-types/src/acl/network.rs b/lib/g3-types/src/acl/network.rs index 01415344b..dc1a41b8f 100644 --- a/lib/g3-types/src/acl/network.rs +++ b/lib/g3-types/src/acl/network.rs @@ -87,7 +87,7 @@ impl AclNetworkRuleBuilder { #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } #[inline] @@ -98,11 +98,11 @@ impl AclNetworkRuleBuilder { pub fn build(&self) -> AclNetworkRule { let mut inner = IpNetworkTable::new(); for (net, action) in &self.inner { - inner.insert(*net, action.clone()); + inner.insert(*net, *action); } AclNetworkRule { inner, - default_action: self.missed_action.clone(), + default_action: self.missed_action, } } } @@ -119,11 +119,11 @@ impl Clone for AclNetworkRule { let (ipv4_size, ipv6_size) = self.inner.len(); let mut table = IpNetworkTable::with_capacity(ipv4_size, ipv6_size); for (k, v) in self.inner.iter() { - table.insert(k, v.clone()); + table.insert(k, *v); } table }, - default_action: self.default_action.clone(), + default_action: self.default_action, } } } @@ -131,9 +131,9 @@ impl Clone for AclNetworkRule { impl AclNetworkRule { pub fn check(&self, ip: IpAddr) -> (bool, Action) { if let Some((_, action)) = self.inner.longest_match(ip) { - (true, action.clone()) + (true, *action) } else { - (false, self.default_action.clone()) + (false, self.default_action) } } } diff --git a/lib/g3-types/src/acl/proxy_request.rs b/lib/g3-types/src/acl/proxy_request.rs index e5dbd9965..7ff5b44fb 100644 --- a/lib/g3-types/src/acl/proxy_request.rs +++ b/lib/g3-types/src/acl/proxy_request.rs @@ -27,7 +27,7 @@ impl AclProxyRequestRule { #[inline] pub fn new(missed_action: Action) -> Self { AclProxyRequestRule { - missed_action: missed_action.clone(), + missed_action, request: AclAHashRule::new(missed_action), } } @@ -39,13 +39,13 @@ impl AclProxyRequestRule { #[inline] pub fn set_missed_action(&mut self, action: Action) { - self.missed_action = action.clone(); + self.missed_action = action; self.request.set_missed_action(action); } #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } #[inline] diff --git a/lib/g3-types/src/acl/radix_trie.rs b/lib/g3-types/src/acl/radix_trie.rs index 4518d0de7..961dc82a3 100644 --- a/lib/g3-types/src/acl/radix_trie.rs +++ b/lib/g3-types/src/acl/radix_trie.rs @@ -55,19 +55,19 @@ where #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } pub fn build(&self) -> AclRadixTrieRule { let mut trie = Trie::new(); for (k, v) in &self.inner { - trie.insert(k.clone(), v.clone()); + trie.insert(k.clone(), *v); } AclRadixTrieRule { inner: trie, - missed_action: self.missed_action.clone(), + missed_action: self.missed_action, } } } @@ -85,9 +85,9 @@ impl AclRadixTrieRule { Q: TrieKey, { if let Some(action) = self.inner.get_ancestor_value(key) { - (true, action.clone()) + (true, *action) } else { - (false, self.missed_action.clone()) + (false, self.missed_action) } } } diff --git a/lib/g3-types/src/acl/regex_set.rs b/lib/g3-types/src/acl/regex_set.rs index 38ed25da8..24a2f7b7e 100644 --- a/lib/g3-types/src/acl/regex_set.rs +++ b/lib/g3-types/src/acl/regex_set.rs @@ -51,14 +51,14 @@ impl AclRegexSetRuleBuilder { #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } pub fn build(&self) -> AclRegexSetRule { let mut set_map: FxHashMap> = FxHashMap::default(); for (r, action) in &self.inner { - set_map.entry(action.clone()).or_default().push(r.as_str()); + set_map.entry(*action).or_default().push(r.as_str()); } AclRegexSetRule { @@ -66,7 +66,7 @@ impl AclRegexSetRuleBuilder { .into_iter() .map(|(k, v)| (k, RegexSet::new(v).unwrap())) .collect(), - missed_action: self.missed_action.clone(), + missed_action: self.missed_action, } } } @@ -81,10 +81,10 @@ impl AclRegexSetRule { pub fn check(&self, text: &str) -> (bool, Action) { for (action, set) in &self.set_map { if set.is_match(text) { - return (true, action.clone()); + return (true, *action); } } - (false, self.missed_action.clone()) + (false, self.missed_action) } } diff --git a/lib/g3-types/src/acl/user_agent.rs b/lib/g3-types/src/acl/user_agent.rs index ea3a26b7c..b5beef4a5 100644 --- a/lib/g3-types/src/acl/user_agent.rs +++ b/lib/g3-types/src/acl/user_agent.rs @@ -45,7 +45,7 @@ impl AclUserAgentRule { #[inline] pub fn missed_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } #[inline] @@ -81,14 +81,14 @@ impl AclUserAgentRule { continue; } - return (true, action.clone()); + return (true, *action); } else { break; } } } - (false, self.missed_action.clone()) + (false, self.missed_action) } } diff --git a/lib/g3-types/src/acl_set/dst_host.rs b/lib/g3-types/src/acl_set/dst_host.rs index 324d5837a..58d415d22 100644 --- a/lib/g3-types/src/acl_set/dst_host.rs +++ b/lib/g3-types/src/acl_set/dst_host.rs @@ -43,28 +43,25 @@ impl Default for AclDstHostRuleSetBuilder { impl AclDstHostRuleSetBuilder { pub fn build(&self) -> AclDstHostRuleSet { - let mut missed_action = self - .missing_action - .clone() - .unwrap_or_else(Action::default_permit); + let mut missed_action = self.missing_action.unwrap_or_else(Action::default_permit); let exact_rule = self.exact.as_ref().map(|rule| { - missed_action = missed_action.restrict(&rule.missed_action()); + missed_action = rule.missed_action().max(missed_action); rule.clone() }); let child_rule = self.child.as_ref().map(|builder| { - missed_action = missed_action.restrict(&builder.missed_action()); + missed_action = builder.missed_action().max(missed_action); builder.build() }); let regex_rule = self.regex.as_ref().map(|builder| { - missed_action = missed_action.restrict(&builder.missed_action()); + missed_action = builder.missed_action().max(missed_action); builder.build() }); let subnet_rule = self.subnet.as_ref().map(|builder| { - missed_action = missed_action.restrict(&builder.missed_action()); + missed_action = builder.missed_action().max(missed_action); builder.build() }); @@ -100,7 +97,7 @@ impl AclDstHostRuleSet { } pub fn missing_action(&self) -> Action { - self.missed_action.clone() + self.missed_action } pub fn check(&self, upstream: &Host) -> (bool, Action) { @@ -144,6 +141,6 @@ impl AclDstHostRuleSet { } } - (false, self.missed_action.clone()) + (false, self.missed_action) } } diff --git a/lib/g3-yaml/src/value/acl/mod.rs b/lib/g3-yaml/src/value/acl/mod.rs index 5f0a75804..f2bd5d110 100644 --- a/lib/g3-yaml/src/value/acl/mod.rs +++ b/lib/g3-yaml/src/value/acl/mod.rs @@ -65,7 +65,7 @@ trait AclRuleYamlParser { .map_err(|_| anyhow!("the key {k} is not a valid Action"))?; if let Yaml::Array(seq) = v { for (i, v) in seq.iter().enumerate() { - self.add_rule_for_action(action.clone(), v) + self.add_rule_for_action(action, v) .context(format!("invalid value for {k}#{i}"))?; } Ok(())