From 76779de80a3687571a322301fa9d330482e25a92 Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Wed, 4 Sep 2024 16:59:16 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0acl=E5=8D=8F=E8=AE=AE?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/dbdata/group.go    |  3 +++
 server/handler/payload.go | 37 ++++++++++++++++++-------------------
 2 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/server/dbdata/group.go b/server/dbdata/group.go
index 0d2f822..a25240f 100644
--- a/server/dbdata/group.go
+++ b/server/dbdata/group.go
@@ -178,6 +178,9 @@ func SetGroup(g *Group) error {
 				v.IpProto = waterutil.UDP
 			case ICMP:
 				v.IpProto = waterutil.ICMP
+			default:
+				// 其他类型都是 all
+				v.Protocol = ALL
 			}
 
 			portsStr := v.Port
diff --git a/server/handler/payload.go b/server/handler/payload.go
index 26bcfca..576ada3 100644
--- a/server/handler/payload.go
+++ b/server/handler/payload.go
@@ -86,27 +86,26 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
 	}
 
 	for _, v := range group.LinkAcl {
-		// 循环判断ip和端口
-		if v.IpNet.Contains(ipDst) {
+		// 放行允许ip的ping
+		// if v.Ports == nil || len(v.Ports) == 0 {
+		// 	//单端口历史数据兼容
+		// 	port := uint16(v.Port.(float64))
+		// 	if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
+		// 		if v.Action == dbdata.Allow {
+		// 			return true
+		// 		} else {
+		// 			return false
+		// 		}
+		// 	}
+		// } else {
 
-			// 放行允许ip的ping
-			// if v.Ports == nil || len(v.Ports) == 0 {
-			// 	//单端口历史数据兼容
-			// 	port := uint16(v.Port.(float64))
-			// 	if port == ipPort || port == 0 || ipProto == waterutil.ICMP {
-			// 		if v.Action == dbdata.Allow {
-			// 			return true
-			// 		} else {
-			// 			return false
-			// 		}
-			// 	}
-			// } else {
-
-			// 先判断协议
-			// 兼容旧数据 v.Protocol == ""
-			if v.Protocol == "" || v.Protocol == dbdata.ALL || v.IpProto == ipProto {
+		// 先判断协议
+		// 兼容旧数据 v.Protocol == ""
+		if v.Protocol == "" || v.Protocol == dbdata.ALL || v.IpProto == ipProto {
+			// 循环判断ip和端口
+			if v.IpNet.Contains(ipDst) {
+				// icmp 不判断端口
 				if ipProto == waterutil.ICMP {
-					// icmp 不判断端口
 					if v.Action == dbdata.Allow {
 						return true
 					} else {