增加LinkAcl功能，可以限制访问端口

2025-11-04 19:16:22 +08:00 · 2021-02-01 17:34:56 +08:00
parent 9e0da33c6a
commit ef95b1f927
5 changed files with 55 additions and 21 deletions
--- a/README.md
+++ b/README.md
@@ -122,7 +122,7 @@ sh bridge-init.sh
 ## Soft
-相关软件下载： https://gitee.com/bjdgyc/anylink-soft
+相关软件下载： QQ群共享文件: 567510628
 ## Discussion
--- a/base/app_ver.go
+++ b/base/app_ver.go
@@ -2,5 +2,5 @@ package base
 const (
 	APP_NAME = "AnyLink"
-	APP_VER  = "0.1.0"
+	APP_VER  = "0.1.1"
 )
--- a/dbdata/group.go
+++ b/dbdata/group.go
@@ -83,8 +83,9 @@ func SetGroup(g *Group) error {
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
-			vn := ValData{Val: v.Val, IpMask: ipMask}
+
-			routeInclude = append(routeInclude, vn)
+			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
 	}
 	g.RouteInclude = routeInclude
@@ -95,8 +96,8 @@ func SetGroup(g *Group) error {
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
-			vn := ValData{Val: v.Val, IpMask: ipMask}
+			v.IpMask = ipMask
-			routeExclude = append(routeExclude, vn)
+			routeExclude = append(routeExclude, v)
 		}
 	}
 	g.RouteExclude = routeExclude
@@ -108,9 +109,8 @@ func SetGroup(g *Group) error {
 			if err != nil {
 				return errors.New("GroupLinkAcl 错误" + err.Error())
 			}
-			vn := v
+			v.IpNet = ipNet
-			vn.IpNet = ipNet
+			linkAcl = append(linkAcl, v)
 			linkAcl = append(linkAcl, vn)
 		}
 	}
 	g.LinkAcl = linkAcl
--- a/down_files/index.html
+++ b/down_files/index.html
@@ -1,10 +0,0 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>Title</title>
 </head>
 <body>
 </body>
 </html>
--- a/handler/payload.go
+++ b/handler/payload.go
@@ -1,6 +1,10 @@
 package handler
-import "github.com/bjdgyc/anylink/sessdata"
+import (
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/sessdata"
 	"github.com/songgao/water/waterutil"
 )
 func payloadIn(cSess *sessdata.ConnSession, lType sessdata.LType, pType byte, data []byte) bool {
 	payload := &sessdata.Payload{
@@ -13,8 +17,14 @@ func payloadIn(cSess *sessdata.ConnSession, lType sessdata.LType, pType byte, da
 }
 func payloadInData(cSess *sessdata.ConnSession, payload *sessdata.Payload) bool {
-	closed := false
+	// 进行Acl规则判断
 	check := checkLinkAcl(cSess.Group, payload)
 	if !check {
 		// 校验不通过直接丢弃
 		return false
 	}
 	closed := false
 	select {
 	case cSess.PayloadIn <- payload:
 	case <-cSess.CloseChan:
@@ -45,3 +55,37 @@ func payloadOutData(cSess *sessdata.ConnSession, payload *sessdata.Payload) bool
 	return closed
 }
 // Acl规则校验
 func checkLinkAcl(group *dbdata.Group, payload *sessdata.Payload) bool {
 	if payload.LType == sessdata.LTypeIPData && payload.PType == 0x00 && len(group.LinkAcl) > 0 {
 	} else {
 		return true
 	}
 	ip_dst := waterutil.IPv4Destination(payload.Data)
 	ip_port := waterutil.IPv4DestinationPort(payload.Data)
 	// fmt.Println("sent:", ip_dst, ip_port)
 	// 优先放行dns端口
 	for _, v := range group.ClientDns {
 		if v.Val == ip_dst.String() && ip_port == 53 {
 			return true
 		}
 	}
 	for _, v := range group.LinkAcl {
 		// 循环判断ip和端口
 		if v.IpNet.Contains(ip_dst) {
 			if v.Port == ip_port || v.Port == 0 {
 				if v.Action == dbdata.Allow {
 					return true
 				} else {
 					return false
 				}
 			}
 		}
 	}
 	return false
 }