diff options
| author | Kalle Lindström <karl.lindstrom@mullvad.net> | 2025-05-16 10:41:49 +0200 |
|---|---|---|
| committer | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2025-05-16 14:32:42 +0200 |
| commit | 7ed99ce3f76536c6146f0e7d5013af8add6ef918 (patch) | |
| tree | 7df524a6dab4c01aef5fc7f9f57c1c8a614cc70f | |
| parent | b0e750b873877acf7b9b40ddefb019763d4d4b83 (diff) | |
| download | mullvadvpn-7ed99ce3f76536c6146f0e7d5013af8add6ef918.tar.xz mullvadvpn-7ed99ce3f76536c6146f0e7d5013af8add6ef918.zip | |
Add assert
| -rw-r--r-- | ci/ios/test-router/raas/src/block_list/rule.rs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ci/ios/test-router/raas/src/block_list/rule.rs b/ci/ios/test-router/raas/src/block_list/rule.rs index a95dbd55ac..04ad57720d 100644 --- a/ci/ios/test-router/raas/src/block_list/rule.rs +++ b/ci/ios/test-router/raas/src/block_list/rule.rs @@ -20,6 +20,8 @@ pub enum BlockRule { pub struct Endpoints { pub src: IpNetwork, pub dst: IpNetwork, + /// Normally a packet sent to `dst` would match the block rule, but this option inverts that + /// so that any packet *not* sent to `dst` will match the block rule. pub invert_dst: bool, } @@ -27,13 +29,15 @@ impl BlockRule { /// Creates one or more nft rules that correspond to this BlockRule. The returned Vec will always /// have at least one element. pub fn create_nft_rules<'a>(&'a self, chain: &'a Chain<'a>) -> Vec<Rule<'a>> { - match self { + let rules = match self { BlockRule::Host { protocols, .. } if !protocols.is_empty() => protocols .iter() .flat_map(|protocol| self.create_nft_rules_inner(chain, Some(*protocol))) .collect(), _ => self.create_nft_rules_inner(chain, None), - } + }; + assert!(!rules.is_empty()); + rules } fn create_nft_rules_inner<'a>( |