feat(acl): add group-based ACL rules and related structures (#1265)

* feat(acl): add group-based ACL rules and related structures * refactor(acl): optimize group handling with Arc and improve cache management * refactor(acl): clippy * feat(tests): add performance tests for generate_with_proof and verify methods * feat: update group_trust_map to use HashMap for more secure group proofs * refactor: refactor the logic of the trusted group getting and setting * feat(acl): support kcp/quic use group acl * feat(proxy): optimize group retrieval by IP in Kcp and Quic proxy handlers * feat(tests): add group-based ACL tree node test * always allow quic proxy traffic --------- Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn> Co-authored-by: sijie.sun <sijie.sun@smartx.com>
2026-05-07 10:14:35 +00:00 · 2025-08-22 22:25:00 +08:00
parent 34560af141
commit 08a92a53c3
18 changed files with 1042 additions and 29 deletions
@@ -560,6 +560,45 @@ pub mod tests {
        }
    }

+    pub(crate) async fn _tunnel_pingpong_netns_with_timeout<L, C>(
+        listener: L,
+        connector: C,
+        l_netns: NetNS,
+        c_netns: NetNS,
+        buf: Vec<u8>,
+        timeout: std::time::Duration,
+    ) -> Result<(), anyhow::Error>
+    where
+        L: TunnelListener + Send + Sync + 'static,
+        C: TunnelConnector + Send + Sync + 'static,
+    {
+        let handle = tokio::spawn(async move {
+            _tunnel_pingpong_netns(listener, connector, l_netns, c_netns, buf).await;
+        });
+
+        match tokio::time::timeout(timeout, handle).await {
+            Ok(join_res) => match join_res {
+                Ok(_) => Ok(()),
+                Err(join_err) => {
+                    if join_err.is_panic() {
+                        let payload = join_err.into_panic();
+                        let msg = match payload.downcast::<String>() {
+                            Ok(s) => *s,
+                            Err(payload) => match payload.downcast::<&str>() {
+                                Ok(s) => (*s).to_string(),
+                                Err(_) => "non-string panic payload".to_string(),
+                            },
+                        };
+                        Err(anyhow::anyhow!("task panicked: {}", msg))
+                    } else {
+                        Err(anyhow::anyhow!("task cancelled"))
+                    }
+                }
+            },
+            Err(elapsed) => Err(elapsed.into()),
+        }
+    }
+
    pub(crate) async fn _tunnel_bench<L, C>(listener: L, connector: C)
    where
        L: TunnelListener + Send + Sync + 'static,
@@ -679,6 +679,14 @@ impl ZCPacket {
            ZCPacketType::DummyTunnel,
        )
    }
+
+    pub fn get_src_peer_id(&self) -> Option<u32> {
+        self.peer_manager_header().map(|hdr| hdr.from_peer_id.get())
+    }
+
+    pub fn get_dst_peer_id(&self) -> Option<u32> {
+        self.peer_manager_header().map(|hdr| hdr.to_peer_id.get())
+    }
 }

 #[cfg(test)]