package constant // Rule Type const ( Domain RuleType = iota DomainSuffix DomainKeyword GEOSITE GEOIP IPCIDR SrcIPCIDR SrcPort DstPort Process ProcessPath RuleSet Network Uid INTYPE MATCH AND OR NOT ) type RuleType int func (rt RuleType) String() string { switch rt { case Domain: return "Domain" case DomainSuffix: return "DomainSuffix" case DomainKeyword: return "DomainKeyword" case GEOSITE: return "GeoSite" case GEOIP: return "GeoIP" case IPCIDR: return "IPCIDR" case SrcIPCIDR: return "SrcIPCIDR" case SrcPort: return "SrcPort" case DstPort: return "DstPort" case Process: return "Process" case ProcessPath: return "ProcessPath" case MATCH: return "Match" case RuleSet: return "RuleSet" case Network: return "Network" case Uid: return "Uid" case INTYPE: return "InType" case AND: return "AND" case OR: return "OR" case NOT: return "NOT" default: return "Unknown" } } type Rule interface { RuleType() RuleType Match(metadata *Metadata) bool Adapter() string Payload() string ShouldResolveIP() bool ShouldFindProcess() bool RuleExtra() *RuleExtra SetRuleExtra(re *RuleExtra) }