support mapping subnet proxy (#978)

- **support mapping subproxy network cidr**
- **add command line option for proxy network mapping**
- **fix Instance leak in tests.

easytier/src/common/config.rs

@@ -62,9 +62,9 @@ pub trait ConfigLoader: Send + Sync {
     fn get_dhcp(&self) -> bool;
     fn set_dhcp(&self, dhcp: bool);
 
-    fn add_proxy_cidr(&self, cidr: cidr::IpCidr);
-    fn remove_proxy_cidr(&self, cidr: cidr::IpCidr);
-    fn get_proxy_cidrs(&self) -> Vec<cidr::IpCidr>;
+    fn add_proxy_cidr(&self, cidr: cidr::Ipv4Cidr, mapped_cidr: Option<cidr::Ipv4Cidr>);
+    fn remove_proxy_cidr(&self, cidr: cidr::Ipv4Cidr);
+    fn get_proxy_cidrs(&self) -> Vec<ProxyNetworkConfig>;
 
     fn get_network_identity(&self) -> NetworkIdentity;
     fn set_network_identity(&self, identity: NetworkIdentity);
@@ -171,7 +171,8 @@ pub struct PeerConfig {
 
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
 pub struct ProxyNetworkConfig {
-    pub cidr: String,
+    pub cidr: cidr::Ipv4Cidr,                // the CIDR of the proxy network
+    pub mapped_cidr: Option<cidr::Ipv4Cidr>, // allow remap the proxy CIDR to another CIDR
     pub allow: Option<Vec<String>>,
 }
 
@@ -418,50 +419,52 @@ impl ConfigLoader for TomlConfigLoader {
         self.config.lock().unwrap().dhcp = Some(dhcp);
     }
 
-    fn add_proxy_cidr(&self, cidr: cidr::IpCidr) {
+    fn add_proxy_cidr(&self, cidr: cidr::Ipv4Cidr, mapped_cidr: Option<cidr::Ipv4Cidr>) {
         let mut locked_config = self.config.lock().unwrap();
         if locked_config.proxy_network.is_none() {
             locked_config.proxy_network = Some(vec![]);
         }
-        let cidr_str = cidr.to_string();
+        if let Some(mapped_cidr) = mapped_cidr.as_ref() {
+            assert_eq!(
+                cidr.network_length(),
+                mapped_cidr.network_length(),
+                "Mapped CIDR must have the same network length as the original CIDR",
+            );
+        }
         // insert if no duplicate
         if !locked_config
             .proxy_network
             .as_ref()
             .unwrap()
             .iter()
-            .any(|c| c.cidr == cidr_str)
+            .any(|c| c.cidr == cidr)
         {
             locked_config
                 .proxy_network
                 .as_mut()
                 .unwrap()
                 .push(ProxyNetworkConfig {
-                    cidr: cidr_str,
+                    cidr,
+                    mapped_cidr,
                     allow: None,
                 });
         }
     }
 
-    fn remove_proxy_cidr(&self, cidr: cidr::IpCidr) {
+    fn remove_proxy_cidr(&self, cidr: cidr::Ipv4Cidr) {
         let mut locked_config = self.config.lock().unwrap();
         if let Some(proxy_cidrs) = &mut locked_config.proxy_network {
-            let cidr_str = cidr.to_string();
-            proxy_cidrs.retain(|c| c.cidr != cidr_str);
+            proxy_cidrs.retain(|c| c.cidr != cidr);
         }
     }
 
-    fn get_proxy_cidrs(&self) -> Vec<cidr::IpCidr> {
+    fn get_proxy_cidrs(&self) -> Vec<ProxyNetworkConfig> {
         self.config
             .lock()
             .unwrap()
             .proxy_network
             .as_ref()
-            .map(|v| {
-                v.iter()
-                    .map(|c| c.cidr.parse().unwrap())
-                    .collect::<Vec<cidr::IpCidr>>()
-            })
+            .cloned()
             .unwrap_or_default()
     }