升级go版本添加acl协议支持

2025-08-08 13:49:24 +08:00 · 2024-09-03 17:55:19 +08:00
parent a5487771da
commit 415f312f40
15 changed files with 92 additions and 31 deletions
--- a/server/handler/link_tunnel.go
+++ b/server/handler/link_tunnel.go
@@ -138,7 +138,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {

 	// 允许的路由
 	for _, v := range cSess.Group.RouteInclude {
-		if strings.ToLower(v.Val) == dbdata.All {
+		if strings.ToLower(v.Val) == dbdata.ALL {
 			continue
 		}
 		HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
--- a/server/handler/payload.go
+++ b/server/handler/payload.go
@@ -102,11 +102,18 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
 			// 	}
 			// } else {

-			if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) || ipProto == waterutil.ICMP {
-				if v.Action == dbdata.Allow {
-					return true
-				} else {
-					return false
+			// 先判断协议
+			// 兼容旧数据 v.Protocol == ""
+			if v.Protocol == "" || v.Protocol == dbdata.ALL || v.IpProto == ipProto {
+				// 全部通过
+				if dbdata.ContainsInPorts(v.Ports, ipPort) || dbdata.ContainsInPorts(v.Ports, 0) {
+					if v.Action == dbdata.Allow {
+						// log.Println(dbdata.Allow, v.Ports)
+						return true
+					} else {
+						// log.Println(dbdata.Deny, v.Ports)
+						return false
+					}
 				}
 			}
 		}