Fix nested rule-set match cache isolation

adapter/inbound.go

@@ -101,6 +101,10 @@ type InboundContext struct {
 func (c *InboundContext) ResetRuleCache() {
 	c.IPCIDRMatchSource = false
 	c.IPCIDRAcceptEmpty = false
+	c.ResetRuleMatchCache()
+}
+
+func (c *InboundContext) ResetRuleMatchCache() {
 	c.SourceAddressMatch = false
 	c.SourcePortMatch = false
 	c.DestinationAddressMatch = false

route/rule/rule_item_rule_set.go

@@ -41,10 +41,12 @@ func (r *RuleSetItem) Start() error {
 }
 
 func (r *RuleSetItem) Match(metadata *adapter.InboundContext) bool {
-	metadata.IPCIDRMatchSource = r.ipCidrMatchSource
-	metadata.IPCIDRAcceptEmpty = r.ipCidrAcceptEmpty
 	for _, ruleSet := range r.setList {
-		if ruleSet.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		nestedMetadata.IPCIDRMatchSource = r.ipCidrMatchSource
+		nestedMetadata.IPCIDRAcceptEmpty = r.ipCidrAcceptEmpty
+		if ruleSet.Match(&nestedMetadata) {
 			return true
 		}
 	}

route/rule/rule_set_local.go

@@ -203,7 +203,9 @@ func (s *LocalRuleSet) Close() error {
 
 func (s *LocalRuleSet) Match(metadata *adapter.InboundContext) bool {
 	for _, rule := range s.rules {
-		if rule.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		if rule.Match(&nestedMetadata) {
 			return true
 		}
 	}

route/rule/rule_set_remote.go

@@ -323,7 +323,9 @@ func (s *RemoteRuleSet) Close() error {
 
 func (s *RemoteRuleSet) Match(metadata *adapter.InboundContext) bool {
 	for _, rule := range s.rules {
-		if rule.Match(metadata) {
+		nestedMetadata := *metadata
+		nestedMetadata.ResetRuleMatchCache()
+		if rule.Match(&nestedMetadata) {
 			return true
 		}
 	}