feat(core): implement ForwardingPolicy with rule-based allow/deny
Add ForwardingPolicy, ForwardingAction, ForwardingRule, and TargetPattern types in config/forwarding.rs. Implement policy evaluation with first-match wins semantics, principal and transport matching, CIDR and glob patterns. Modify ServerHandler to check ForwardingPolicy before proxying in channel_open_direct_tcpip. Reserved alknet-* destinations bypass policy. Preserve existing behavior with default allow_all() policy.
This commit is contained in:
@@ -66,7 +66,7 @@ pub use client::channel_manager::{ChannelManager, ForwardRequest};
|
||||
pub use client::connect::{ClientSession, ConnectError, ConnectOptions, TransportMode};
|
||||
pub use config::{
|
||||
AuthPolicy, ConfigReloadHandle, ConfigServiceImpl, DynamicConfig, ForwardingAction,
|
||||
ForwardingPolicy, ForwardingRule, RateLimitConfig, StaticConfig,
|
||||
ForwardingPolicy, ForwardingRule, RateLimitConfig, StaticConfig, TargetPattern,
|
||||
};
|
||||
pub use error::{AuthError, ChannelError, ConfigError, ForwardError, TransportError};
|
||||
pub use server::serve::{ListenerConfig, ServeError, ServeOptions, ServeTransportMode, Server};
|
||||
|
||||
Reference in New Issue
Block a user