feat(core): implement ForwardingPolicy with rule-based allow/deny

Add ForwardingPolicy, ForwardingAction, ForwardingRule, and TargetPattern
types in config/forwarding.rs. Implement policy evaluation with first-match
wins semantics, principal and transport matching, CIDR and glob patterns.

Modify ServerHandler to check ForwardingPolicy before proxying in
channel_open_direct_tcpip. Reserved alknet-* destinations bypass policy.
Preserve existing behavior with default allow_all() policy.
This commit is contained in:
2026-06-07 14:47:44 +00:00
parent 92a307fd03
commit 9478e2911d
6 changed files with 503 additions and 41 deletions

View File

@@ -1,10 +1,11 @@
pub mod config_service;
pub mod dynamic_config;
pub mod forwarding;
pub mod static_config;
pub use config_service::ConfigServiceImpl;
pub use dynamic_config::{
new_dynamic_config, AuthPolicy, ConfigReloadHandle, DynamicConfig, ForwardingAction,
ForwardingPolicy, ForwardingRule, RateLimitConfig,
new_dynamic_config, AuthPolicy, ConfigReloadHandle, DynamicConfig, RateLimitConfig,
};
pub use forwarding::{ForwardingAction, ForwardingPolicy, ForwardingRule, TargetPattern};
pub use static_config::StaticConfig;