private void CreateChains(IpTablesDetails config, RuleBuilder rb)
{
foreach (var c in config.Chains)
{
if (c.IsDynamic)
{
rb.DefineDynamicChain(c.Dynamic);
}
foreach (var v in c.Versions)
{
var rules = _ruleSets[v];
var chains = rules.Chains;
foreach (var t in c.Tables)
{
if (c.IsDynamic)
{
rb.Dcr.RegisterDynamicChain(c.Dynamic, t, c.Name, v);
}
else if (!chains.HasChain(c.Name, t))
{
chains.AddChain(c.Name, t, _iptables);
}
}
}
}
}
private void CreateRules(IpTablesDetails config, RuleBuilder rb)
{
var rules = config.Rules.AsParallel().AsOrdered()
.Where((c) => rb.IsConditionTrue(c.Condition))
.SelectMany((c) => ParseAll(rb, c)).AsSequential();
foreach (var rule in rules)
{
lock (_dynamicLock)
{
if (rb.Dcr.IsDynamic(rule.Chain))
{
rb.Dcr.AddRule(rule);
continue;
}
}
var chains = _ruleSets[rule.IpVersion].Chains;
IpTablesChain chain;
lock (chains)
{
chain = chains.GetChainOrDefault(rule.Chain.Name, rule.Chain.Table);
}
if (chain == null)
{
throw new Exception(String.Format("Chain was not created ipv{0},{1}:{2}",
rule.Chain.IpVersion, rule.Chain.Table, rule.Chain.Name));
}
lock (chain)
{
chain.AddRule(rule);
}
}
}
public void InitFromModel(Dictionary <String, EnvironmentDetails> environment, IpTablesDetails config)
{
var rb = InitEnvironment(environment);
CreateChains(config, rb);
CreateSets(config, rb);
CreateRules(config, rb);
foreach (var c in config.Chains)
{
if (c.IsDynamic)
{
var chains = _ruleSets.Select(
(a) => a.Value.Chains.FirstOrDefault((d) => d.Name == c.Name && c.Tables.Contains(d.Table))).Where((a) => a != null).ToList();
foreach (var di in c.DynamicInit)
{
foreach (var cc in chains)
{
rb.Dcr.GetDynamicChainRules(cc, di);
}
}
}
}
}
private void CreateSets(IpTablesDetails config, RuleBuilder rb)
{
foreach (var set in config.Sets)
{
var ipset = new IpSetSet(IpSetTypeHelper.StringToType(set.Type), set.Name, 0, set.Family, _iptables, IpSetSyncMode.SetAndEntries);
String[] resolved = set.Entries.ToArray();
if (ipset.Type == IpSetType.HashIp)
{
IPAddress ip;
int retries = 0;
do
{
List <Task> tasks = new List <Task>();
for (int index = 0; index < resolved.Length; index++)
{
var entry = resolved[index];
String entryIp = rb.Format(entry);
if (!IPAddress.TryParse(entryIp, out ip))
{
DomainName domain;
if (!DomainName.TryParse(entryIp, out domain))
{
throw new Exception("Unable to parse domain " + entryIp);
}
var asyncResult = _dns.ResolveAsync(domain).ContinueWith(CompleteLambda(index, resolved));
tasks.Add(asyncResult);
}
}
if (tasks.Any())
{
Task.WaitAll(tasks.ToArray());
}
} while (++retries <= 3 && resolved.Any((entry) => !IPAddress.TryParse(rb.Format(entry), out ip)));
for (int index = 0; index < resolved.Length; index++)
{
var entry = resolved[index];
String entryIp = rb.Format(entry);
if (!IPAddress.TryParse(entryIp, out ip))
{
throw new Exception("Unable to resolve " + entryIp);
}
}
}
//Check Uniqueness
HashSet <IpSetEntry> ipsetEntries = new HashSet <IpSetEntry>();
for (int index = 0; index < resolved.Length; index++)
{
var entry = resolved[index];
String entryIp = rb.Format(entry);
var setEntry = IpSetEntry.ParseFromParts(ipset, entryIp);
if (ipsetEntries.Add(setEntry))
{
ipset.Entries.Add(setEntry);
}
}
_sets.AddSet(ipset);
}
//Add new sets (dont delete!)
_sets.Sync((a) => false);
}
