Match matches hello based on the connection's remote IP.
(hello *tls.ClientHelloInfo)
| 352 | |
| 353 | // Match matches hello based on the connection's remote IP. |
| 354 | func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool { |
| 355 | remoteAddr := hello.Conn.RemoteAddr().String() |
| 356 | ipStr, _, err := net.SplitHostPort(remoteAddr) |
| 357 | if err != nil { |
| 358 | ipStr = remoteAddr // weird; maybe no port? |
| 359 | } |
| 360 | ipAddr, err := netip.ParseAddr(ipStr) |
| 361 | if err != nil { |
| 362 | if c := m.logger.Check(zapcore.ErrorLevel, "invalid client IP address"); c != nil { |
| 363 | c.Write(zap.String("ip", ipStr)) |
| 364 | } |
| 365 | return false |
| 366 | } |
| 367 | return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) && |
| 368 | (len(m.notCidrs) == 0 || !m.matches(ipAddr, m.notCidrs)) |
| 369 | } |
| 370 | |
| 371 | func (MatchRemoteIP) parseIPRange(str string) ([]netip.Prefix, error) { |
| 372 | var cidrs []netip.Prefix |