2021-06-08 20:45:26 +08:00
|
|
|
package handler
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/bjdgyc/anylink/dbdata"
|
|
|
|
|
"github.com/bjdgyc/anylink/sessdata"
|
|
|
|
|
"github.com/songgao/water/waterutil"
|
|
|
|
|
)
|
|
|
|
|
|
2021-08-02 20:41:35 +08:00
|
|
|
func payloadIn(cSess *sessdata.ConnSession, pl *sessdata.Payload) bool {
|
2021-06-08 20:45:26 +08:00
|
|
|
// 进行Acl规则判断
|
2021-08-02 20:41:35 +08:00
|
|
|
check := checkLinkAcl(cSess.Group, pl)
|
2021-06-08 20:45:26 +08:00
|
|
|
if !check {
|
|
|
|
|
// 校验不通过直接丢弃
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
closed := false
|
|
|
|
|
select {
|
2021-08-02 20:41:35 +08:00
|
|
|
case cSess.PayloadIn <- pl:
|
2021-06-08 20:45:26 +08:00
|
|
|
case <-cSess.CloseChan:
|
|
|
|
|
closed = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return closed
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-02 20:41:35 +08:00
|
|
|
func payloadOut(cSess *sessdata.ConnSession, pl *sessdata.Payload) bool {
|
2021-06-08 20:45:26 +08:00
|
|
|
dSess := cSess.GetDtlsSession()
|
|
|
|
|
if dSess == nil {
|
2021-08-02 20:41:35 +08:00
|
|
|
return payloadOutCstp(cSess, pl)
|
2021-06-08 20:45:26 +08:00
|
|
|
} else {
|
2021-08-02 20:41:35 +08:00
|
|
|
return payloadOutDtls(cSess, dSess, pl)
|
2021-06-08 20:45:26 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-02 20:41:35 +08:00
|
|
|
func payloadOutCstp(cSess *sessdata.ConnSession, pl *sessdata.Payload) bool {
|
2021-06-08 20:45:26 +08:00
|
|
|
closed := false
|
|
|
|
|
|
|
|
|
|
select {
|
|
|
|
|
case cSess.PayloadOutCstp <- pl:
|
|
|
|
|
case <-cSess.CloseChan:
|
|
|
|
|
closed = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return closed
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-02 20:41:35 +08:00
|
|
|
func payloadOutDtls(cSess *sessdata.ConnSession, dSess *sessdata.DtlsSession, pl *sessdata.Payload) bool {
|
2021-06-08 20:45:26 +08:00
|
|
|
select {
|
|
|
|
|
case cSess.PayloadOutDtls <- pl:
|
|
|
|
|
case <-dSess.CloseChan:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Acl规则校验
|
2021-08-02 20:41:35 +08:00
|
|
|
func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {
|
|
|
|
|
if pl.LType == sessdata.LTypeIPData && pl.PType == 0x00 && len(group.LinkAcl) > 0 {
|
2021-06-08 20:45:26 +08:00
|
|
|
} else {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-02 20:41:35 +08:00
|
|
|
data := pl.Data
|
|
|
|
|
ip_dst := waterutil.IPv4Destination(data)
|
|
|
|
|
ip_port := waterutil.IPv4DestinationPort(data)
|
|
|
|
|
ip_proto := waterutil.IPv4Protocol(data)
|
2021-06-08 20:45:26 +08:00
|
|
|
// fmt.Println("sent:", ip_dst, ip_port)
|
|
|
|
|
|
|
|
|
|
// 优先放行dns端口
|
|
|
|
|
for _, v := range group.ClientDns {
|
|
|
|
|
if v.Val == ip_dst.String() && ip_port == 53 {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, v := range group.LinkAcl {
|
|
|
|
|
// 循环判断ip和端口
|
|
|
|
|
if v.IpNet.Contains(ip_dst) {
|
2021-08-02 20:41:35 +08:00
|
|
|
// 放行允许ip的ping
|
|
|
|
|
if v.Port == ip_port || v.Port == 0 || ip_proto == waterutil.ICMP {
|
2021-06-08 20:45:26 +08:00
|
|
|
if v.Action == dbdata.Allow {
|
|
|
|
|
return true
|
|
|
|
|
} else {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
