From 4f56ea49c3eafeac1e20ca21bf1760c7572674ca Mon Sep 17 00:00:00 2001 From: huweishan Date: Mon, 8 Apr 2024 19:34:11 +0800 Subject: [PATCH] =?UTF-8?q?ports=E4=BF=9D=E5=AD=98=E4=B8=BAmap=20=E5=85=BC?= =?UTF-8?q?=E5=AE=B9=E8=80=81=E7=9A=84=E9=85=8D=E7=BD=AE=E6=95=B0=E6=8D=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/dbdata/group.go | 54 +++++++++++++++++++++--------------- server/handler/payload.go | 20 +++++++++---- web/src/pages/group/List.vue | 6 ++-- 3 files changed, 49 insertions(+), 31 deletions(-) diff --git a/server/dbdata/group.go b/server/dbdata/group.go index 40941b4..efedd43 100644 --- a/server/dbdata/group.go +++ b/server/dbdata/group.go @@ -8,6 +8,7 @@ import ( "strings" "strconv" "time" + "reflect" "github.com/bjdgyc/anylink/base" "golang.org/x/text/language" @@ -25,12 +26,12 @@ const DsMaxLen = 20000 type GroupLinkAcl struct { // 自上而下匹配 默认 allow * * - Action string `json:"action"` // allow、deny - Val string `json:"val"` - PortStr string `json:"port_str"` - Ports []PortData `json:"ports"` - IpNet *net.IPNet `json:"ip_net"` - Note string `json:"note"` + Action string `json:"action"` // allow、deny + Val string `json:"val"` + Port interface{} `json:"port"` + Ports map[uint16]int8 `json:"ports"` + IpNet *net.IPNet `json:"ip_net"` + Note string `json:"note"` } type ValData struct { @@ -170,13 +171,21 @@ func SetGroup(g *Group) error { return errors.New("GroupLinkAcl 错误" + err.Error()) } v.IpNet = ipNet - if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(v.PortStr) { - ports := []PortData{} - for _, p := range strings.Split(v.PortStr, ",") { + + port:=""; + //base.Debug("v.port:",v.Port,v.Ports,reflect.TypeOf(v.Port).Name()) + switch v := v.Port.(type) { + case float64: + port = strconv.Itoa(int(v)) + case string: + port = v + } + if regexp.MustCompile(`^\d{1,5}(-\d{1,5})?(,\d{1,5}(-\d{1,5})?)*$`).MatchString(port) { + ports := map[uint16]int8{} + for _, p := range strings.Split(port, ",") { if p == "" { continue } - portData :=PortData{PortFrom: 0, PortTo: 0} if regexp.MustCompile(`^\d{1,5}-\d{1,5}$`).MatchString(p) { rp := strings.Split(p, "-"); portfrom, err := strconv.Atoi(rp[0]) @@ -187,23 +196,22 @@ func SetGroup(g *Group) error { if err != nil { return errors.New("端口:"+rp[1]+" 格式错误, " + err.Error()) } - portData.PortFrom=uint16(portfrom) - portData.PortTo=uint16(portto) + for i := portfrom; i <= portto; i++ { + ports[uint16(i)] = 1 + } + } else { port, err := strconv.Atoi(p) if err != nil { return errors.New("端口:"+p+" 格式错误, " + err.Error()) } - portData.PortFrom=uint16(port) - portData.PortTo=uint16(port) + ports[uint16(port)] = 1 } - - ports = append(ports, portData) } v.Ports = ports linkAcl = append(linkAcl, v) } else { - return errors.New("端口: "+v.PortStr+" 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678") + return errors.New("端口: "+port+" 格式错误,请用逗号分隔的端口,比如: 22,80,443 连续端口用-,比如:1234-5678") } } @@ -283,13 +291,13 @@ func SetGroup(g *Group) error { return err } -func ContainsInPorts(ports []PortData, port uint16) bool { - for _, p := range ports { - if p.PortFrom<=port && p.PortTo >= port { - return true - } +func ContainsInPorts(ports map[uint16]int8, port uint16) bool { + _, ok := ports[port] + if ok { + return true + } else { + return false } - return false } func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error { diff --git a/server/handler/payload.go b/server/handler/payload.go index 590f272..f4613be 100644 --- a/server/handler/payload.go +++ b/server/handler/payload.go @@ -89,11 +89,21 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool { // 循环判断ip和端口 if v.IpNet.Contains(ipDst) { // 放行允许ip的ping - if dbdata.ContainsInPorts( v.Ports , ipPort) || v.Ports[0].PortFrom == 0 || ipProto == waterutil.ICMP { - if v.Action == dbdata.Allow { - return true - } else { - return false + if(v.Ports==nil || len(v.Ports)==0){ + if v.Port==ipPort || v.Port==0 || ipProto == waterutil.ICMP { + if v.Action == dbdata.Allow { + return true + } else { + return false + } + } + } else { + if dbdata.ContainsInPorts( v.Ports , ipPort) || dbdata.ContainsInPorts( v.Ports , 0) || ipProto == waterutil.ICMP { + if v.Action == dbdata.Allow { + return true + } else { + return false + } } } } diff --git a/web/src/pages/group/List.vue b/web/src/pages/group/List.vue index 0f20d5b..df4f2ce 100644 --- a/web/src/pages/group/List.vue +++ b/web/src/pages/group/List.vue @@ -100,12 +100,12 @@ min-width="180">