-
Notifications
You must be signed in to change notification settings - Fork 182
/
ip_table.go
153 lines (134 loc) · 3.09 KB
/
ip_table.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package teawaf
import (
"github.com/TeaWeb/build/internal/teaconfigs/shared"
"github.com/TeaWeb/build/internal/teautils"
"github.com/iwind/TeaGo/lists"
"github.com/iwind/TeaGo/rands"
"github.com/iwind/TeaGo/types"
"regexp"
"strings"
"time"
)
type IPAction = string
const (
IPActionAccept IPAction = "accept"
IPActionReject IPAction = "reject"
)
// ip table
type IPTable struct {
Id string `yaml:"id" json:"id"`
On bool `yaml:"on" json:"on"`
IP string `yaml:"ip" json:"ip"` // single ip, cidr, ip range, TODO support *
Port string `yaml:"port" json:"port"` // single port, range, *
Action IPAction `yaml:"action" json:"action"` // accept, reject
TimeFrom int64 `yaml:"timeFrom" json:"timeFrom"` // from timestamp
TimeTo int64 `yaml:"timeTo" json:"timeTo"` // zero means forever
Remark string `yaml:"remark" json:"remark"`
// port
minPort int
maxPort int
minPortWildcard bool
maxPortWildcard bool
ports []int
// ip
ipRange *shared.IPRangeConfig
}
func NewIPTable() *IPTable {
return &IPTable{
On: true,
Id: rands.HexString(16),
}
}
func (this *IPTable) Init() error {
// parse port
if teautils.RegexpDigitNumber.MatchString(this.Port) {
this.minPort = types.Int(this.Port)
this.maxPort = types.Int(this.Port)
} else if regexp.MustCompile(`[:-]`).MatchString(this.Port) {
pieces := regexp.MustCompile(`[:-]`).Split(this.Port, 2)
if pieces[0] == "*" {
this.minPortWildcard = true
} else {
this.minPort = types.Int(pieces[0])
}
if pieces[1] == "*" {
this.maxPortWildcard = true
} else {
this.maxPort = types.Int(pieces[1])
}
} else if strings.Contains(this.Port, ",") {
pieces := strings.Split(this.Port, ",")
for _, piece := range pieces {
piece = strings.TrimSpace(piece)
if len(piece) > 0 {
this.ports = append(this.ports, types.Int(piece))
}
}
} else if this.Port == "*" {
this.minPortWildcard = true
this.maxPortWildcard = true
}
// parse ip
if len(this.IP) > 0 {
ipRange, err := shared.ParseIPRange(this.IP)
if err != nil {
return err
}
this.ipRange = ipRange
}
return nil
}
// check ip
func (this *IPTable) Match(ip string, port int) (isMatched bool) {
if !this.On {
return
}
now := time.Now().Unix()
if this.TimeFrom > 0 && now < this.TimeFrom {
return
}
if this.TimeTo > 0 && now > this.TimeTo {
return
}
if !this.matchPort(port) {
return
}
if !this.matchIP(ip) {
return
}
return true
}
func (this *IPTable) matchPort(port int) bool {
if port == 0 {
return false
}
if this.minPortWildcard {
if this.maxPortWildcard {
return true
}
if this.maxPort >= port {
return true
}
}
if this.maxPortWildcard {
if this.minPortWildcard {
return true
}
if this.minPort <= port {
return true
}
}
if (this.minPort > 0 || this.maxPort > 0) && this.minPort <= port && this.maxPort >= port {
return true
}
if len(this.ports) > 0 {
return lists.ContainsInt(this.ports, port)
}
return false
}
func (this *IPTable) matchIP(ip string) bool {
if this.ipRange == nil {
return false
}
return this.ipRange.Contains(ip)
}