From 24e30509e4c4f7b318b0e9ae7a3200aa00b4c572 Mon Sep 17 00:00:00 2001 From: huweishan Date: Tue, 9 Apr 2024 10:29:54 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=BC=E5=AE=B9=E5=8E=86=E5=8F=B2=E5=8D=95?= =?UTF-8?q?=E7=AB=AF=E5=8F=A3=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/dbdata/group.go | 46 ++++++++++++++++----------------------- server/handler/payload.go | 9 +++++--- 2 files changed, 25 insertions(+), 30 deletions(-) diff --git a/server/dbdata/group.go b/server/dbdata/group.go index efedd43..929674b 100644 --- a/server/dbdata/group.go +++ b/server/dbdata/group.go @@ -5,10 +5,9 @@ import ( "fmt" "net" "regexp" - "strings" "strconv" + "strings" "time" - "reflect" "github.com/bjdgyc/anylink/base" "golang.org/x/text/language" @@ -26,12 +25,12 @@ const DsMaxLen = 20000 type GroupLinkAcl struct { // 自上而下匹配 默认 allow * * - Action string `json:"action"` // allow、deny - Val string `json:"val"` - Port interface{} `json:"port"` - Ports map[uint16]int8 `json:"ports"` - IpNet *net.IPNet `json:"ip_net"` - Note string `json:"note"` + Action string `json:"action"` // allow、deny + Val string `json:"val"` + Port interface{} `json:"port"` //兼容单端口历史数据类型uint16 + Ports map[uint16]int8 `json:"ports"` + IpNet *net.IPNet `json:"ip_net"` + Note string `json:"note"` } type ValData struct { @@ -45,13 +44,6 @@ type GroupNameId struct { Name string `json:"name"` } - -type PortData struct { - PortFrom uint16 `json:"port_from"` - PortTo uint16 `json:"port_to"` -} - - // type Group struct { // Id int `json:"id" xorm:"pk autoincr not null"` // Name string `json:"name" xorm:"varchar(60) not null unique"` @@ -172,14 +164,14 @@ func SetGroup(g *Group) error { } v.IpNet = ipNet - port:=""; - //base.Debug("v.port:",v.Port,v.Ports,reflect.TypeOf(v.Port).Name()) - switch v := v.Port.(type) { + port := "" + switch vp := v.Port.(type) { case float64: - port = strconv.Itoa(int(v)) + port = strconv.Itoa(int(vp)) case string: - port = v + port = vp } + if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(port) { ports := map[uint16]int8{} for _, p := range strings.Split(port, ",") { @@ -187,23 +179,23 @@ func SetGroup(g *Group) error { continue } if regexp.MustCompile(`^\d{1,5}-\d{1,5}$`).MatchString(p) { - rp := strings.Split(p, "-"); - portfrom, err := strconv.Atoi(rp[0]) + rp := strings.Split(p, "-") + portfrom, err := strconv.Atoi(rp[0]) if err != nil { - return errors.New("端口:"+rp[0]+" 格式错误, " + err.Error()) + return errors.New("端口:" + rp[0] + " 格式错误, " + err.Error()) } portto, err := strconv.Atoi(rp[1]) if err != nil { - return errors.New("端口:"+rp[1]+" 格式错误, " + err.Error()) + return errors.New("端口:" + rp[1] + " 格式错误, " + err.Error()) } for i := portfrom; i <= portto; i++ { ports[uint16(i)] = 1 - } + } } else { port, err := strconv.Atoi(p) if err != nil { - return errors.New("端口:"+p+" 格式错误, " + err.Error()) + return errors.New("端口:" + p + " 格式错误, " + err.Error()) } ports[uint16(port)] = 1 } @@ -211,7 +203,7 @@ func SetGroup(g *Group) error { v.Ports = ports linkAcl = append(linkAcl, v) } else { - return errors.New("端口: "+port+" 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678") + return errors.New("端口: " + port + " 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678") } } diff --git a/server/handler/payload.go b/server/handler/payload.go index f4613be..9bc9d31 100644 --- a/server/handler/payload.go +++ b/server/handler/payload.go @@ -88,9 +88,12 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool { for _, v := range group.LinkAcl { // 循环判断ip和端口 if v.IpNet.Contains(ipDst) { + // 放行允许ip的ping - if(v.Ports==nil || len(v.Ports)==0){ - if v.Port==ipPort || v.Port==0 || ipProto == waterutil.ICMP { + if v.Ports == nil || len(v.Ports) == 0 { + //单端口历史数据兼容 + port := uint16(v.Port.(float64)) + if port == ipPort || port == 0 || ipProto == waterutil.ICMP { if v.Action == dbdata.Allow { return true } else { @@ -98,7 +101,7 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool { } } } else { - if dbdata.ContainsInPorts( v.Ports , ipPort) || dbdata.ContainsInPorts( v.Ports , 0) || ipProto == waterutil.ICMP { + if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) || ipProto == waterutil.ICMP { if v.Action == dbdata.Allow { return true } else {