4 달 전 · 410f909e86
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -738,8 +738,20 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 
				 		if !policy.Enabled {
			
 
				 			continue
			
 
				 		}
			
 
				+
			
 
				 		srcMap = convAclTagToValueMap(policy.Src)
			
 
				 		dstMap = convAclTagToValueMap(policy.Dst)
			
 
				+		for _, dst := range policy.Dst {
			
 
				+			if dst.ID == models.EgressID {
			
 
				+				e := schema.Egress{ID: dst.Value}
			
 
				+				err := e.Get(db.WithContext(context.TODO()))
			
 
				+				if err == nil {
			
 
				+					for nodeID := range e.Nodes {
			
 
				+						dstMap[nodeID] = struct{}{}
			
 
				+					}
			
 
				+				}
			
 
				+			}
			
 
				+		}
			
 
				 		if checkTagGroupPolicy(srcMap, dstMap, node, peer, nodeTags, peerTags) {
			
 
				 			return true
			
 
				 		}
			
@@ -1001,6 +1013,17 @@ func IsNodeAllowedToCommunicateV1(node, peer models.Node, checkDefaultPolicy boo
 
				 		allowed := false
			
 
				 		srcMap = convAclTagToValueMap(policy.Src)
			
 
				 		dstMap = convAclTagToValueMap(policy.Dst)
			
 
				+		for _, dst := range policy.Dst {
			
 
				+			if dst.ID == models.EgressID {
			
 
				+				e := schema.Egress{ID: dst.Value}
			
 
				+				err := e.Get(db.WithContext(context.TODO()))
			
 
				+				if err == nil {
			
 
				+					for nodeID := range e.Nodes {
			
 
				+						dstMap[nodeID] = struct{}{}
			
 
				+					}
			
 
				+				}
			
 
				+			}
			
 
				+		}
			
 
				 		_, srcAll := srcMap["*"]
			
 
				 		_, dstAll := dstMap["*"]
			
 
				 		if policy.AllowedDirection == models.TrafficDirectionBi {
			
--- a/migrate/migrate.go
+++ b/migrate/migrate.go
@@ -512,11 +512,15 @@ func migrateToEgressV1() {
 
				 	}
			
 
				 	for _, node := range nodes {
			
 
				 		if node.IsEgressGateway {
			
 
				+			egressHost, err := logic.GetHost(node.HostID.String())
			
 
				+			if err != nil {
			
 
				+				continue
			
 
				+			}
			
 
				 			for _, rangeI := range node.EgressGatewayRequest.Ranges {
			
 
				 				e := schema.Egress{
			
 
				 					ID:          uuid.New().String(),
			
 
				-					Name:        rangeI,
			
 
				-					Description: "add description",
			
 
				+					Name:        fmt.Sprintf("%s egress", egressHost.Name),
			
 
				+					Description: "",
			
 
				 					Network:     node.Network,
			
 
				 					Nodes: datatypes.JSONMap{
			
 
				 						node.ID.String(): 256,
			
@@ -536,11 +540,17 @@ func migrateToEgressV1() {
 
				 					logic.UpsertNode(&node)
			
 
				 				}
			
 
				 			}
			
 
				+
			
 
				 		}
			
 
				+
			
 
				 		if node.IsInternetGateway {
			
 
				+			inetHost, err := logic.GetHost(node.HostID.String())
			
 
				+			if err != nil {
			
 
				+				continue
			
 
				+			}
			
 
				 			e := schema.Egress{
			
 
				 				ID:          uuid.New().String(),
			
 
				-				Name:        "inet gw",
			
 
				+				Name:        fmt.Sprintf("%s inet gw", inetHost.Name),
			
 
				 				Description: "add description",
			
 
				 				Network:     node.Network,
			
 
				 				Nodes: datatypes.JSONMap{