public void TestCompare1()
{
String rule = "-A ATTK_CHECK -m recent --rcheck --name BANNED --seconds 180 --reap --rttl -j ATTACKED";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
}
public void TestCompare1()
{
String rule = "-A ABC -m hashlimit --hashlimit-name aaaaaaaaaaaaaaaaaaaaaa --hashlimit-above 125/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -j AVS";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
}
public void TestPolyfillArgumentsComparison1()
{
String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
}
public void TestSplit()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesChainSet chains = new IpTablesChainSet(4);
FeatureSplitter<RuleOutputter, IPAddress> ma = new FeatureSplitter<RuleOutputter,IPAddress>("INPUT", "filter", extractor, setter, nestedGenerator, "_");
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));
IpTablesRuleSet rules = new IpTablesRuleSet(4,system);
ma.Output(system, rules);
Assert.AreEqual(3, rules.Chains.Count());
Assert.AreEqual(2, rules.Chains.First().Rules.Count);
Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
Assert.AreEqual("-A INPUT -s 8.1.1.1 -j QGkTSfSaLIaS4B/kr3WQ -m comment --comment '_|FS|INPUT_8.1.1.1'",
rules.Chains.First().Rules.First().GetActionCommand());
Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ciE0aMcfwN36u0sNiC6w -m comment --comment '_|FS|INPUT_8.1.1.2'",
rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
Assert.AreEqual("-A QGkTSfSaLIaS4B/kr3WQ -j ACCEPT -m udp --sport 1",
rules.Chains.Skip(1).First().Rules.First().GetActionCommand());
}
public void TestCompare2()
{
String rule = "-A AAAA -t raw -m hashlimit --hashlimit-name synflood_spoofe --hashlimit-above 111/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -g AA";
String rule2 = "-A AAAA -t raw -m hashlimit --hashlimit-above 111/sec --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-name synflood_spoofe --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-gcinterval 600 --hashlimit-htable-expire 6 -g AA";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains));
}
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable)
{
_arguments = arguments;
_ipRule = ipRule;
_parsers = ModuleRegistry.PreloadDuplicateModules.ToList();
_chains = chains;
_tableName = defaultTable;
}
public void TestCompareTarget1()
{
String rule = "-A ABC -j HASHROUTE --hashroute-name aaaaaaaaaaaaaaaaaaaaaa --hashroute-mode dstip,dstport --hashroute-srcmask 32 --hashroute-dstmask 32 --hashroute-htable-size 65000 --hashroute-htable-max 30000 --hashroute-htable-expire 6 --hashroute-htable-gcinterval 600 -j AVS";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
Assert.IsFalse(IpTablesRule.Parse(rule, null, chains, 4).GetCommand().Contains("-m HASHROUTE"));
}
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable)
{
_arguments = arguments;
_ipRule = ipRule;
_parsers.AddRange(_moduleFactory.GetPreloadModules());
_chains = chains;
_tableName = defaultTable;
}
public void TestDropConnectionLimit()
{
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXmark()
{
String rule = "-A INPUT -j NFLOG --nflog-group 30";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestDnatSingleSource()
{
String rule = "-A PREROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.2";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestPolyfillParseAdditionalOptionsAfter()
{
String rule = "-A INPUT -m unknown --unknown -p tcp -d 1.1.1.1 -m tcp --dport 80";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreSportZeroValue()
{
String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 0";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule1.GetActionCommand());
}
public void TestHelper()
{
String rule = "-A INPUT -m helper ! --helper abc -j ACCEPT";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreFragmenting()
{
String rule = "-A INPUT ! -f -j test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSingleRule()
{
String rule = "-A INPUT -p tcp -i eth0 -j SYNPROXY --mss 1460 --wscale 9 --sack-perm --timestamp -m state --state UNTRACKED,INVALID";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSnatSingleSource()
{
String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.2";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void Test2()
{
String rule = "-A FORWARD -m set --match-set test src --return-nomatch ! --update-counters --packets-lt 3 ! --bytes-eq 1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSet()
{
String rule = "-A ATTK_CHECK -m recent --set --name ATTK";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSmall()
{
String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXmark()
{
String rule = "-A INPUT -j NFQUEUE --queue-num 1 --queue-bypass";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestDropFragmentedTcpDnsWithComment()
{
String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestUpdate()
{
String rule = "-A ATTK_CHECK -m recent --update --name ATTK --seconds 180 --hitcount 20 -j ATTACKED";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestLogWithPrefix()
{
String rule = "-A INPUT -j LOG --log-prefix 'IPTABLES (Rule ATTACKED): ' --log-level 7";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestCoreDropingUdp()
{
String rule = "-A INPUT -p udp -j DROP";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestSourceNotMultiports()
{
String rule = "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestNotLength()
{
String rule = "-A INPUT -m length ! --length 10 -j ACCEPT";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestXMarkMasked()
{
String rule = "-A RETURN_AFWCON -j CONNMARK --set-xmark 0x1/0x1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void Test1()
{
String rule = "-A FORWARD -m set --match-set test src";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestPolyfillParseMultiple()
{
String rule = "-A INPUT -m unknown --unknown -m unknown2";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule, irule.GetActionCommand());
}
public void TestComparisonMultiport()
{
String rule = "-A INPUT -p tcp -j RETURN -m multiport --dports 79,22 -m comment --comment TCP";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule r1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule r2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.IsTrue(r1.Compare(r2));
}
public void TestXmark()
{
String rule = "-A INPUT -p tcp -j MARK --set-xmark 0xFF";
String ruleExpect = "-A INPUT -p tcp -j MARK --set-xmark 0xFF";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(ruleExpect, irule.GetActionCommand());
}
public void TestCoreFragmentingEquality()
{
String rule = "-A INPUT ! -f -j test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(irule1, irule2);
}
public void TestDropFragmentedTcpDnsWithCommentEquality()
{
String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.IsTrue(irule2.Compare(irule1));
}
public void TestCoreSportEquality()
{
String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 1";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(irule1, irule2);
}
public void TestCoreDropingSourceEquality()
{
String rule = "-A INPUT -s 1.2.3.4 -j DROP";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(irule1, irule2);
}
public void TestDropConnectionLimitEquality()
{
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(irule1, irule2);
}
public void TestDropFragmentedTcpDnsEquality()
{
String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(irule1, irule2);
}
public void TestPolyfillArgumentsComparison4()
{
String rule =
"-A INPUT -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80";
String rule2 =
"-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80";
IpTablesChainSet chains = new IpTablesChainSet(4);
Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains)));
}
public void TestRandomRounding()
{
String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999911";
String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999957";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);
Assert.IsTrue(irule.Compare(irule2));
}
public void MatchMarkHex()
{
String rule = "-A INPUT -p tcp -j ACCEPT -m mark --mark 0xc6ff00/0xFFFF00";
String ruleExpect = "-A INPUT -p tcp -j ACCEPT -m mark --mark 13041408/0xFFFF00";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(ruleExpect, irule.GetActionCommand());
Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule);
}
public void TestXorMark()
{
Int32 mark = 0;
String rule = "-A INPUT -p tcp -j CONNMARK --xor-mark " + mark;
String ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0x" + mark.ToString("X") + "/0x0";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(ruleExpect, irule.GetActionCommand());
}
public void TestDoubleSpace()
{
String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name \"test\"";
String rule2 = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
Assert.AreEqual(rule2, irule.GetActionCommand());
Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule));
}
public void TestSnatRangeSourceAndEquality()
{
String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.1-2.2.2.250";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(irule1, irule2);
Assert.AreEqual(rule, irule1.GetActionCommand());
Assert.AreEqual(rule, irule2.GetActionCommand());
}
public void TestDnatRangeSourceAndEquality()
{
String rule = "-A POSTROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.1-2.2.2.250";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
Assert.IsTrue(irule2.Compare(irule1));
Assert.AreEqual(rule, irule1.GetActionCommand());
Assert.AreEqual(rule, irule2.GetActionCommand());
}
public void TestAddCommentAfter()
{
String rule1 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53";
String rule2 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains);
irule1.SetComment("this is a test rule");
Assert.AreEqual(rule2, irule1.GetActionCommand());
}
public void TestParse()
{
String rule1 = "-A PREROUTING -t raw -p tcp -j CT --ctevents new,destroy";
String rule2 = "-A PREROUTING -t raw -p tcp -j CT --ctevents \"destroy, new\"";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);
irule2.Equals(irule1);
Assert.AreEqual(irule1, irule2);
}
public void TestRandomRounding3()
{
String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.09000000000";
String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.08999999985";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);
Assert.AreEqual(irule.GetActionCommand(), irule2.GetActionCommand());
Assert.IsTrue(irule.Compare(irule2));
}
public void TestLimitComparison()
{
String rule = "-A INPUT -m limit --limit 100/second --limit-burst 7";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(irule2, irule);
}
public void TestDifficultCharacters()
{
String rule = "-A kY9xlwGhPJW6N1QCHoRg -t mangle -p tcp -d 107.1.107.1 -g x_ComPlex -m comment --comment 'ABC||+sPeC14l=|1' -m tcp --dport 81";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(rule, irule.GetActionCommand());
IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains);
Assert.AreEqual(irule2, irule);
}
public void TestAddChain()
{
IpTablesRuleSet ruleSet = new IpTablesRuleSet(4, null);
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
ruleSet.AddRule(irule);
Assert.AreEqual(1, ruleSet.Chains.Count());
Assert.AreEqual("filter", ruleSet.Chains.First().Table);
Assert.AreEqual(1, ruleSet.Chains.First().Rules.Count());
}
public void TestNesting()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesChainSet chains = new IpTablesChainSet(4);
FeatureSplitter <MultiportAggregator <IPAddress>, String> ma = new FeatureSplitter <MultiportAggregator <IPAddress>, String>("INPUT", "filter", extractor, setter, nestedGenerator, "_");
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth0 -m udp --sport 1 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -i eth1 -m udp --sport 2 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -i eth0 -m udp --sport 3 -j ACCEPT", system, chains));
IpTablesRuleSet rules = new IpTablesRuleSet(4, system);
ma.Output(system, rules);
Assert.AreEqual(3, rules.Chains.Count());
Assert.AreEqual(2, rules.Chains.Skip(1).First().Rules.Count);
Assert.AreEqual(1, rules.Chains.Skip(2).First().Rules.Count);
}
public void TestMultiple()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesChainSet chains = new IpTablesChainSet(4);
MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
PortRangeHelpers.SourcePortSetter, setSourceIp, "_");
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 10 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 20 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 30 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 40 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 50 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 60 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 70 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 80 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 90 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 100 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 110 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 120 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 130 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 140 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 150 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 160 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 170 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 180 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 190 -j ACCEPT", system, chains));
IpTablesRuleSet rules = new IpTablesRuleSet(4, system);
ma.Output(system, rules);
Assert.AreEqual(2, rules.Chains.Count());
Assert.AreEqual(1, rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.Count);
Assert.AreEqual("-A INPUT -s 8.1.1.1 -j uXTlO5H/5x9hJe9WK1hw -m comment --comment '_|MA|INPUT_8.1.1.1'",
rules.Chains.GetChainOrDefault("INPUT", "filter").Rules.First().GetActionCommand());
Assert.AreEqual("-A uXTlO5H/5x9hJe9WK1hw -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 10,20,30,40,50,60,70,80,90,100,110,120,130,140,150",
rules.Chains.GetChainOrDefault("uXTlO5H/5x9hJe9WK1hw", "filter").Rules.First().GetActionCommand());
}
public void TestSingular()
{
var mock = new MockIptablesSystemFactory();
var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
IpTablesChainSet chains = new IpTablesChainSet(4);
MultiportAggregator <IPAddress> ma = new MultiportAggregator <IPAddress>("INPUT", "filter", extractSrcIp, extractSrcPort,
PortRangeHelpers.SourcePortSetter, setSourceIp, "_", null);
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 1 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.1 -m udp --sport 2 -j ACCEPT", system, chains));
ma.AddRule(IpTablesRule.Parse("-A INPUT -s 8.1.1.2 -m udp --sport 3 -j ACCEPT", system, chains));
IpTablesRuleSet rules = new IpTablesRuleSet(4, system);
ma.Output(system, rules);
Assert.AreEqual(1, rules.Chains.Count());
Assert.AreEqual(2, rules.Chains.First().Rules.Count);
Assert.AreEqual("-A INPUT -s 8.1.1.1 -j ACCEPT -m comment --comment '_|uXTlO5H/5x9hJe9WK1hw|1' -m multiport --sports 1:2", rules.Chains.First().Rules.First().GetActionCommand());
Assert.AreEqual("-A INPUT -s 8.1.1.2 -j ACCEPT -m comment --comment '_|s5FXv5bN+84QgKZzjZ3Q|1' -m multiport --sports 3", rules.Chains.First().Rules.Skip(1).First().GetActionCommand());
}
public static IpTablesChainSet GetRulesFromOutput(NetfilterSystem system, String output, String table, int ipVersion, bool ignoreErrors = false)
{
var ret = new IpTablesChainSet(ipVersion);
String ttable = null;
foreach (string lineRaw in output.Split(new[] { '\n' }))
{
string line = lineRaw.Trim();
if (String.IsNullOrEmpty(line))
{
continue;
}
char c = line[0];
IpTablesRule rule;
IpTablesChain chain;
switch (c)
{
case '*':
ttable = line.Substring(1);
break;
case ':':
string[] split = line.Split(new[] { ' ' });
ret.AddChain(new IpTablesChain(ttable, split[0].Substring(1), ipVersion, system));
break;
//Byte & packet count
case '[':
int positionEnd = line.IndexOf(']');
if (positionEnd == -1)
{
throw new IpTablesNetException("Parsing error, could not find end of counters");
}
string[] counters = line.Substring(1, positionEnd - 1).Split(new[] { ':' });
line = line.Substring(positionEnd + 1);
try
{
rule = IpTablesRule.Parse(line, system, ret, ttable);
}
catch
{
if (ignoreErrors)
{
continue;
}
throw;
}
rule.Counters = new PacketCounters(long.Parse(counters[0]), long.Parse(counters[1]));
ret.AddRule(rule);
break;
case '-':
rule = IpTablesRule.Parse(line, system, ret, ttable);
ret.AddRule(rule);
break;
case '#':
break;
case 'C':
if (line == "COMMIT" && ttable == table)
{
if (ttable == null)
{
throw new IpTablesNetException("Parsing error");
}
return(ret);
}
throw new IpTablesNetException("Unexepected table \"" + table + "\" found \"" + ttable + "\" instead");
}
}
return(null);
}
