fix(connlib): match exact domains before wildcard ones #6809
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
9606e12 to
c7c0a7e
Compare
ReactorScram
approved these changes
Sep 25, 2024
conectado
approved these changes
Sep 25, 2024
Comment on lines
+508
to
+510
| (Some(self_char), Some(other_char)) => { | ||
| break self_char.cmp(&other_char).reverse(); // Reverse because we compare from right to left. | ||
| } |
There was a problem hiding this comment.
Does this mean this will return the ordering of the first non-wildcard character where they differ?
I guess we're fine with that because that means they're non overlapping
There was a problem hiding this comment.
Does this mean this will return the ordering of the first non-wildcard character where they differ?
Yes.
|
@thomaseizinger lets merge this? Want to ship it to the client that hit this issue. |
jamilbk
approved these changes
Sep 25, 2024
@AndrewDryga I'll be at my desk for standup, if you want it earlier, feel free to jump and merge it :) |
c7c0a7e to
22fec29
Compare
Co-authored-by: Reactor Scram <[email protected]> Signed-off-by: Thomas Eizinger <[email protected]>
8371363 to
fa3a4ad
Compare
github-merge-queue bot
pushed a commit
that referenced
this pull request
Sep 26, 2024
Bump gui/headless clients for #6809
jamilbk
added a commit
that referenced
this pull request
Sep 26, 2024
jamilbk
added a commit
that referenced
this pull request
Sep 26, 2024
github-merge-queue bot
pushed a commit
that referenced
this pull request
Sep 28, 2024
Documents how overlapping addresses are matched. Draft until #6809 is merged and published. --------- Signed-off-by: Jamil <[email protected]> Co-authored-by: Thomas Eizinger <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, the order in which connlib matches against the patterns of DNS resources is not specified. We simply iterate over all patterns and take the first one that matches. Due to the iteration order of
HashMaps, this also isn't deterministic.With this patch, we introduce a defined order in which we attempt to match a particular domain against the defined DNS resources:
?) take priority over label wildcards (*)*) take priority over catch-all wildcards (**)By matching against the DNS resources in a defined order, we ensure that DNS resources that overlap always resolve to the most specific resource.