From ef95b1f9273990df568119375cdf879fe7253a9b Mon Sep 17 00:00:00 2001 From: bjd Date: Mon, 1 Feb 2021 17:34:56 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0LinkAcl=E5=8A=9F=E8=83=BD?= =?UTF-8?q?=EF=BC=8C=E5=8F=AF=E4=BB=A5=E9=99=90=E5=88=B6=E8=AE=BF=E9=97=AE?= =?UTF-8?q?=E7=AB=AF=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- base/app_ver.go | 2 +- dbdata/group.go | 14 ++++++------- down_files/index.html | 10 --------- handler/payload.go | 48 +++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 55 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index d68a3a2..03448bd 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ sh bridge-init.sh ## Soft -相关软件下载: https://gitee.com/bjdgyc/anylink-soft +相关软件下载: QQ群共享文件: 567510628 ## Discussion diff --git a/base/app_ver.go b/base/app_ver.go index abc866e..9c31e5e 100644 --- a/base/app_ver.go +++ b/base/app_ver.go @@ -2,5 +2,5 @@ package base const ( APP_NAME = "AnyLink" - APP_VER = "0.1.0" + APP_VER = "0.1.1" ) diff --git a/dbdata/group.go b/dbdata/group.go index 419b8ee..8fc0604 100644 --- a/dbdata/group.go +++ b/dbdata/group.go @@ -83,8 +83,9 @@ func SetGroup(g *Group) error { if err != nil { return errors.New("RouteInclude 错误" + err.Error()) } - vn := ValData{Val: v.Val, IpMask: ipMask} - routeInclude = append(routeInclude, vn) + + v.IpMask = ipMask + routeInclude = append(routeInclude, v) } } g.RouteInclude = routeInclude @@ -95,8 +96,8 @@ func SetGroup(g *Group) error { if err != nil { return errors.New("RouteExclude 错误" + err.Error()) } - vn := ValData{Val: v.Val, IpMask: ipMask} - routeExclude = append(routeExclude, vn) + v.IpMask = ipMask + routeExclude = append(routeExclude, v) } } g.RouteExclude = routeExclude @@ -108,9 +109,8 @@ func SetGroup(g *Group) error { if err != nil { return errors.New("GroupLinkAcl 错误" + err.Error()) } - vn := v - vn.IpNet = ipNet - linkAcl = append(linkAcl, vn) + v.IpNet = ipNet + linkAcl = append(linkAcl, v) } } g.LinkAcl = linkAcl diff --git a/down_files/index.html b/down_files/index.html index 566549b..e69de29 100644 --- a/down_files/index.html +++ b/down_files/index.html @@ -1,10 +0,0 @@ - - - - - Title - - - - - \ No newline at end of file diff --git a/handler/payload.go b/handler/payload.go index 6413598..adabfaa 100644 --- a/handler/payload.go +++ b/handler/payload.go @@ -1,6 +1,10 @@ package handler -import "github.com/bjdgyc/anylink/sessdata" +import ( + "github.com/bjdgyc/anylink/dbdata" + "github.com/bjdgyc/anylink/sessdata" + "github.com/songgao/water/waterutil" +) func payloadIn(cSess *sessdata.ConnSession, lType sessdata.LType, pType byte, data []byte) bool { payload := &sessdata.Payload{ @@ -13,8 +17,14 @@ func payloadIn(cSess *sessdata.ConnSession, lType sessdata.LType, pType byte, da } func payloadInData(cSess *sessdata.ConnSession, payload *sessdata.Payload) bool { - closed := false + // 进行Acl规则判断 + check := checkLinkAcl(cSess.Group, payload) + if !check { + // 校验不通过直接丢弃 + return false + } + closed := false select { case cSess.PayloadIn <- payload: case <-cSess.CloseChan: @@ -45,3 +55,37 @@ func payloadOutData(cSess *sessdata.ConnSession, payload *sessdata.Payload) bool return closed } + +// Acl规则校验 +func checkLinkAcl(group *dbdata.Group, payload *sessdata.Payload) bool { + if payload.LType == sessdata.LTypeIPData && payload.PType == 0x00 && len(group.LinkAcl) > 0 { + } else { + return true + } + + ip_dst := waterutil.IPv4Destination(payload.Data) + ip_port := waterutil.IPv4DestinationPort(payload.Data) + // fmt.Println("sent:", ip_dst, ip_port) + + // 优先放行dns端口 + for _, v := range group.ClientDns { + if v.Val == ip_dst.String() && ip_port == 53 { + return true + } + } + + for _, v := range group.LinkAcl { + // 循环判断ip和端口 + if v.IpNet.Contains(ip_dst) { + if v.Port == ip_port || v.Port == 0 { + if v.Action == dbdata.Allow { + return true + } else { + return false + } + } + } + } + + return false +}