Fix nested rule-set match cache isolation

2026-05-13 13:57:05 +00:00 · 2026-03-23 12:26:19 +08:00 · 2026-03-23 12:26:19 +08:00 · 795d1c2892
commit 795d1c2892
parent 6913b11e0a
4 changed files with 15 additions and 5 deletions
--- a/adapter/inbound.go
+++ b/adapter/inbound.go
@ -101,6 +101,10 @@ type InboundContext struct {
 func (c *InboundContext) ResetRuleCache() {
 	c.IPCIDRMatchSource = false
 	c.IPCIDRAcceptEmpty = false
+	c.ResetRuleMatchCache()
+}
+
+func (c *InboundContext) ResetRuleMatchCache() {
 	c.SourceAddressMatch = false
 	c.SourcePortMatch = false
 	c.DestinationAddressMatch = false
--- a/route/rule/rule_item_rule_set.go
+++ b/route/rule/rule_item_rule_set.go
@ -41,10 +41,12 @@ func (r *RuleSetItem) Start() error {
 }

 func (r *RuleSetItem) Match(metadata *adapter.InboundContext) bool {
-	metadata.IPCIDRMatchSource = r.ipCidrMatchSource
-	metadata.IPCIDRAcceptEmpty = r.ipCidrAcceptEmpty
 	for _, ruleSet := range r.setList {
-		if ruleSet.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		nestedMetadata.IPCIDRMatchSource = r.ipCidrMatchSource
+		nestedMetadata.IPCIDRAcceptEmpty = r.ipCidrAcceptEmpty
+		if ruleSet.Match(&nestedMetadata) {
 			return true
 		}
 	}
--- a/route/rule/rule_set_local.go
+++ b/route/rule/rule_set_local.go
@ -203,7 +203,9 @@ func (s *LocalRuleSet) Close() error {

 func (s *LocalRuleSet) Match(metadata *adapter.InboundContext) bool {
 	for _, rule := range s.rules {
-		if rule.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		if rule.Match(&nestedMetadata) {
 			return true
 		}
 	}
--- a/route/rule/rule_set_remote.go
+++ b/route/rule/rule_set_remote.go
@ -323,7 +323,9 @@ func (s *RemoteRuleSet) Close() error {

 func (s *RemoteRuleSet) Match(metadata *adapter.InboundContext) bool {
 	for _, rule := range s.rules {
-		if rule.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		if rule.Match(&nestedMetadata) {
 			return true
 		}
 	}