cli for port forward and tcp whitelist (#1165)

2026-05-07 02:09:06 +00:00 · 2025-07-29 09:30:47 +08:00
parent 5514de1187
commit 2ec88da823
8 changed files with 828 additions and 171 deletions
@@ -1,13 +1,18 @@
 use std::sync::Arc;

-use crate::proto::{
-    cli::{
-        AclManageRpc, DumpRouteRequest, DumpRouteResponse, GetAclStatsRequest, GetAclStatsResponse,
-        ListForeignNetworkRequest, ListForeignNetworkResponse, ListGlobalForeignNetworkRequest,
-        ListGlobalForeignNetworkResponse, ListPeerRequest, ListPeerResponse, ListRouteRequest,
-        ListRouteResponse, PeerInfo, PeerManageRpc, ShowNodeInfoRequest, ShowNodeInfoResponse,
+use crate::{
+    common::acl_processor::AclRuleBuilder,
+    proto::{
+        cli::{
+            AclManageRpc, DumpRouteRequest, DumpRouteResponse, GetAclStatsRequest,
+            GetAclStatsResponse, GetWhitelistRequest, GetWhitelistResponse,
+            ListForeignNetworkRequest, ListForeignNetworkResponse, ListGlobalForeignNetworkRequest,
+            ListGlobalForeignNetworkResponse, ListPeerRequest, ListPeerResponse, ListRouteRequest,
+            ListRouteResponse, PeerInfo, PeerManageRpc, SetWhitelistRequest, SetWhitelistResponse,
+            ShowNodeInfoRequest, ShowNodeInfoResponse,
+        },
+        rpc_types::{self, controller::BaseController},
    },
-    rpc_types::{self, controller::BaseController},
 };

 use super::peer_manager::PeerManager;
@@ -153,4 +158,45 @@ impl AclManageRpc for PeerManagerRpcService {
            acl_stats: Some(acl_stats),
        })
    }
+
+    async fn set_whitelist(
+        &self,
+        _: BaseController,
+        request: SetWhitelistRequest,
+    ) -> Result<SetWhitelistResponse, rpc_types::error::Error> {
+        tracing::info!(
+            "Setting whitelist - TCP: {:?}, UDP: {:?}",
+            request.tcp_ports,
+            request.udp_ports
+        );
+
+        let global_ctx = self.peer_manager.get_global_ctx();
+
+        global_ctx.config.set_tcp_whitelist(request.tcp_ports);
+        global_ctx.config.set_udp_whitelist(request.udp_ports);
+        global_ctx
+            .get_acl_filter()
+            .reload_rules(AclRuleBuilder::build(&global_ctx)?.as_ref());
+
+        Ok(SetWhitelistResponse {})
+    }
+
+    async fn get_whitelist(
+        &self,
+        _: BaseController,
+        _request: GetWhitelistRequest,
+    ) -> Result<GetWhitelistResponse, rpc_types::error::Error> {
+        let global_ctx = self.peer_manager.get_global_ctx();
+        let tcp_ports = global_ctx.config.get_tcp_whitelist();
+        let udp_ports = global_ctx.config.get_udp_whitelist();
+        tracing::info!(
+            "Getting whitelist - TCP: {:?}, UDP: {:?}",
+            tcp_ports,
+            udp_ports
+        );
+        Ok(GetWhitelistResponse {
+            tcp_ports,
+            udp_ports,
+        })
+    }
 }