classify

package

v0.1.2 Latest Latest Go to latest Published: Jun 3, 2026 License: MIT Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vybzai/clipbeam-cli

Links

Open Source Insights

Documentation ¶

Overview ¶

Package classify ports the source-IP classifier verbatim from Swift Server.swift (PLAN §3.3, §6.2). It is the load-bearing gate for the Tier-1 Tailscale /clip surface (exact-peer → loopback → tailnet-range-logged-only → foreign) using numeric net/netip comparison, v4-mapped-v6 unwrap, and zone-id strip. It is NOT the auth control for Tier-0 SSH (a unix-socket peer is gated by the 0600 mode; a loopback-TCP /clip peer by the token).

Index ¶

func RemoteEndpoint(remoteAddr string) string
type SourceClass
- func Classify(remote string, peer string) SourceClass
- func (c SourceClass) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RemoteEndpoint ¶

func RemoteEndpoint(remoteAddr string) string

RemoteEndpoint extracts the bare host from a net.Addr-style "host:port" or a raw host string, stripping brackets and a trailing :port where unambiguous. It is the Go analog of Swift remoteEndpoint(of:)+hostString(from:) (PLAN §6.2): callers pass an *http.Request RemoteAddr or a forwarded socket address. Zone ids are kept here and stripped by parseIP.

Types ¶

type SourceClass ¶

type SourceClass int

SourceClass is how a connection's validated socket source address is classified.

const (
	// Foreign is anything not matching peer/loopback/tailnet (the default).
	Foreign SourceClass = iota
	// Loopback is 127.0.0.0/8, ::1, or a v4-mapped 127/8.
	Loopback
	// Peer is an exact numeric match against the configured peer host.
	Peer
	// TailnetOther is the Tailscale range (100.64.0.0/10 or fd7a:115c:a1e0::/48) —
	// a LOGGED-ONLY belt that never authorizes on its own.
	TailnetOther
)

func Classify ¶

func Classify(remote string, peer string) SourceClass

Classify classifies a remote host string relative to the configured peer host, with the MANDATED ordering: exact-peer → loopback → tailnet-range → foreign (Swift classify(), PLAN §3.3). Numeric comparison only — never string-prefix. Both remote and peer are unwrapped from their v4-mapped-v6 form and zone-stripped before comparison. An unparseable remote → Foreign. An empty/unparseable peer simply never matches Peer (the never-configured case).

func (SourceClass) String ¶

func (c SourceClass) String() string

String renders the class for logs/tests.

Source Files ¶

View all Source files

classify.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL