Ejemplo n.º 1
0
        public List <IpTablesRule> GetDynamicChainRules(IpTablesChain chain, String arg)
        {
            if (!IsDynamic(chain))
            {
                throw new Exception("Chain " + chain.Name + " should be dynamic");
            }

            var chains = _chains[chain.IpVersion];

            List <IpTablesRule> rules = new List <IpTablesRule>();
            var targetTemplate        = _dynamicChains[chain];

            if (targetTemplate.Count == 0)
            {
                throw new Exception("Chain " + chain.Name + " should have rules");
            }
            foreach (var rule in targetTemplate)
            {
                var formatted = String.Format(rule.GetActionCommand(), arg);
                var newRule   = IpTablesRule.Parse(formatted, _system, chains, rule.Chain.IpVersion,
                                                   rule.Chain.Table, IpTablesRule.ChainCreateMode.CreateNewChainIfNeeded);
                rules.Add(newRule);
            }
            return(rules);
        }
        /// <summary>
        /// Create a rule with a goto target to a specified chain
        /// </summary>
        /// <param name="chainIn"></param>
        /// <param name="chainJump"></param>
        /// <param name="system"></param>
        /// <returns></returns>
        public static IpTablesRule CreateGoto(IpTablesChain chainIn, String chainJump, NetfilterSystem system)
        {
            var rule = new IpTablesRule(system, chainIn);

            rule.GetModuleOrLoad <CoreModule>("core").Goto = chainJump;
            return(rule);
        }
Ejemplo n.º 3
0
        private string DynamicLookup(string dynamicName, string subname)
        {
            if (_tableState == null)
            {
                throw new Exception("Unexpected state");
            }

            var chain = Dcr.GetByVariable(dynamicName, _tableState, _versionState);
            if (chain == null)
            {
                throw new Exception("Variable " + dynamicName + " not found");
            }
            Debug.Assert(Dcr.IsDynamic(chain));
            var chainName = String.Format(chain.Name, subname);

            var createdChain = new IpTablesChain(chain.Table, chainName, chain.IpVersion, null);

            if (_dynamicChainsCreated.Contains(createdChain))
            {
                return chainName;
            }

            var ruleset = _ruleSets[chain.IpVersion];

            //Get chain rules, for all applicable tables and versions
            var rules = Dcr.GetDynamicChainRules(chain, subname);
            foreach (var r in rules)
            {
                ruleset.AddRule(r);
            }
            _dynamicChainsCreated.Add(createdChain);

            return chainName;
        }
Ejemplo n.º 4
0
        public void RegisterDynamicChain(String variable, String table, String chainName, int ipVersion)
        {
            var regChain = new IpTablesChain(table, chainName, ipVersion, _system);
            if (_dynamicChains.ContainsKey(regChain))
            {
                throw new Exception(String.Format("A chain of ipv{0},{1}:{2} is already registered", ipVersion, chainName, table));
            }
            _dynamicChains.Add(regChain, new List<IpTablesRule>());

            _variables.Add(new Tuple<string, string, int>(table, variable, ipVersion), regChain);//todo: Support for multiple table!
        }
Ejemplo n.º 5
0
        public void TestSync <TSync>(INetfilterAdapterClient client, IpTablesRuleSet rulesOriginal, IpTablesRuleSet rulesNew, TSync sync, List <string> expectedCommands = null) where TSync : INetfilterSync <IpTablesRule>
        {
            IpTablesChain chain = rulesOriginal.Chains.First();

            chain.Sync(client, rulesNew.Chains.First().Rules, sync);

            if (expectedCommands != null)
            {
                CollectionAssert.AreEqual(expectedCommands, ExecutionLog.Select(a => a.Value).ToList());
            }
        }
Ejemplo n.º 6
0
        public void RegisterDynamicChain(String variable, String table, String chainName, int ipVersion)
        {
            var regChain = new IpTablesChain(table, chainName, ipVersion, _system);

            if (_dynamicChains.ContainsKey(regChain))
            {
                throw new Exception(String.Format("A chain of ipv{0},{1}:{2} is already registered", ipVersion, chainName, table));
            }
            _dynamicChains.Add(regChain, new List <IpTablesRule>());

            _variables.Add(new Tuple <string, string, int>(table, variable, ipVersion), regChain);//todo: Support for multiple table!
        }
Ejemplo n.º 7
0
        public void TestSync(IpTablesRuleSet rulesOriginal, IpTablesRuleSet rulesNew, Func <IpTablesRule, IpTablesRule, bool> commentComparer = null)
        {
            IpTablesChain chain = rulesOriginal.Chains.First();

            DefaultNetfilterSync <IpTablesRule> sync = new DefaultNetfilterSync <IpTablesRule>(commentComparer, null);

            if (commentComparer == null)
            {
                chain.Sync(rulesNew.Chains.First().Rules, sync);
            }
            else
            {
                chain.Sync(rulesNew.Chains.First().Rules, sync);
            }
        }
Ejemplo n.º 8
0
        public IpTablesChain AddChain(IpTablesChain chain, bool addRules = false)
        {
            GetTableAdapter(chain.IpVersion).AddChain(chain.Table, chain.Name);

            if (addRules)
            {
                foreach (IpTablesRule r in chain.Rules)
                {
                    r.AddRule();
                }
            }
            else
            {
                chain = new IpTablesChain(chain.Table, chain.Name, chain.IpVersion, chain.System);
            }

            return(chain);
        }
Ejemplo n.º 9
0
        public IpTablesChain AddChain(INetfilterAdapterClient client, IpTablesChain chain, bool addRules = false)
        {
            client.AddChain(chain.Table, chain.Name);

            if (addRules)
            {
                foreach (IpTablesRule r in chain.Rules)
                {
                    r.AddRule();
                }
            }
            else
            {
                chain = new IpTablesChain(chain.Table, chain.Name, chain.IpVersion, chain.System);
            }

            return(chain);
        }
Ejemplo n.º 10
0
        public List<IpTablesRule> GetDynamicChainRules(IpTablesChain chain, String arg)
        {
            if (!IsDynamic(chain))
            {
                throw new Exception("Chain should be dynamic");
            }

            var chains = _chains[chain.IpVersion];

            List<IpTablesRule> rules = new List<IpTablesRule>();
            foreach (var rule in _dynamicChains[chain])
            {
                var formatted = String.Format(rule.GetActionCommand(), arg);
                var newRule = IpTablesRule.Parse(formatted, _system, chains, rule.Chain.IpVersion,
                    rule.Chain.Table, IpTablesRule.ChainCreateMode.CreateNewChainIfNeeded);
                rules.Add(newRule);
            }
            return rules;
        }
Ejemplo n.º 11
0
        public override void AddChain(string table, string chainName)
        {
            Debug.Assert(chainName != null);
            if (!IpTablesChain.ValidateChainName(chainName))
            {
                throw new IpTablesNetException(String.Format("Failed to add chain \"{0}\" to table \"{1}\" due to validation error", chainName, table));
            }
            if (!_inTransaction)
            {
                //Revert to using IPTables Binary if non transactional
                IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary);
                binaryClient.AddChain(table, chainName);
                return;
            }

            if (!GetInterface(table).AddChain(chainName))
            {
                throw new IpTablesNetException(String.Format("Failed to add chain \"{0}\" to table \"{1}\" due to error: \"{2}\"", chainName, table, GetInterface(table).GetErrorString()));
            }
        }
Ejemplo n.º 12
0
        private void AcceptIPInternal(IPAddress address)
        {
            if (address == null)
            {
                return;
            }

            using var adapter = System.GetTableAdapter(4);

            var chain = new IpTablesChain(IpTable, IpChain, 4, System);
            var rule  = new IpTablesRule(System, chain);

            rule.AppendToRule(GetAcceptRule(address));
            chain.AddRule(rule);

            var sync = new DefaultNetfilterSync <IpTablesRule>();

            (System.GetChain(adapter, IpTable, IpChain) as IpTablesChain).Sync(adapter, chain.Rules, sync);
            Logger.LogInformation($"Whitelisted {address}");
        }
Ejemplo n.º 13
0
        private string DynamicLookup(string dynamicName, string subname)
        {
            if (_tableState == null)
            {
                throw new Exception("Unexpected state");
            }

            var chain = Dcr.GetByVariable(dynamicName, _tableState, _versionState);

            if (chain == null)
            {
                throw new Exception("Variable " + dynamicName + " not found");
            }
            Debug.Assert(Dcr.IsDynamic(chain));
            var chainName = String.Format(chain.Name, subname);

            var createdChain = new IpTablesChain(chain.Table, chainName, chain.IpVersion, null);

            if (_dynamicChainsCreated.Contains(createdChain))
            {
                return(chainName);
            }

            var ruleset = _ruleSets[chain.IpVersion];

            //Get chain rules, for all applicable tables and versions
            var rules = Dcr.GetDynamicChainRules(chain, subname);

            foreach (var r in rules)
            {
                ruleset.AddRule(r);
            }
            _dynamicChainsCreated.Add(createdChain);

            return(chainName);
        }
Ejemplo n.º 14
0
 public IpTablesChain AddChain(IpTablesChain chain, bool addRules = false)
 {
     return(AddChain(chain.Name, chain.Table, chain.IpVersion));
 }
Ejemplo n.º 15
0
        public IpTablesChain AddChain(INetfilterAdapterClient client, IpTablesChain chain, bool addRules = false)
        {
            client.AddChain(chain.Table, chain.Name);

            if (addRules)
            {
                foreach (IpTablesRule r in chain.Rules)
                {
                    r.AddRule();
                }
            }
            else
            {
                chain = new IpTablesChain(chain.Table,chain.Name, chain.IpVersion, chain.System);
            }

            return chain;
        }
Ejemplo n.º 16
0
        public bool IsDynamic(IpTablesChain chain)
        {
            var comparisonChain = new IpTablesChain(chain.Table, chain.Name, chain.IpVersion, _system);

            return(_dynamicChains.ContainsKey(comparisonChain));
        }
Ejemplo n.º 17
0
 public IpTablesChain AddChain(IpTablesChain chain, bool addRules = false)
 {
     return AddChain(chain.Name, chain.Table, chain.IpVersion);
 }
Ejemplo n.º 18
0
 /// <summary>
 /// Create a rule with a goto target to a specified chain
 /// </summary>
 /// <param name="chain"></param>
 /// <param name="target"></param>
 /// <returns></returns>
 public static IpTablesRule CreateGoto(IpTablesChain chain, String target)
 {
     return(CreateGoto(chain, target, chain.System));
 }
Ejemplo n.º 19
0
 public bool IsDynamic(IpTablesChain chain)
 {
     var comparisonChain = new IpTablesChain(chain.Table, chain.Name, chain.IpVersion, _system);
     return _dynamicChains.ContainsKey(comparisonChain);
 }