public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
foreach (var p in _protocols)
{
var description = _chain + "_" + p.Key;
String chainName = ShortHash.HexHash(description);
if (ruleSet.Chains.HasChain(chainName, _table))
{
throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName));
}
//Jump to chain
var chain = ruleSet.Chains.GetChainOrAdd(_chain, _table, system);
IpTablesRule jumpRule = new IpTablesRule(system, chain);
jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName;
jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|FS|" + description;
_setter(jumpRule, p.Key);
ruleSet.AddRule(jumpRule);
//Nested output
ruleSet.AddChain(chainName, _table);
p.Value.Output(system, ruleSet);
}
}
/// <summary>
/// Create a rule with a goto target to a specified chain
/// </summary>
/// <param name="chainIn"></param>
/// <param name="chainJump"></param>
/// <param name="system"></param>
/// <returns></returns>
public static IpTablesRule CreateGoto(IpTablesChain chainIn, String chainJump, NetfilterSystem system)
{
var rule = new IpTablesRule(system, chainIn);
rule.GetModuleOrLoad <CoreModule>("core").Goto = chainJump;
return(rule);
}
public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
//foreach group => rules
foreach (var p in _rules)
{
//The new chain
var description = _chain + "_" + p.Key;
String chainName = ShortHash.HexHash(description + "|" + _table);
if (ruleSet.Chains.HasChain(chainName, _table))
{
throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName));
}
var chain = ruleSet.Chains.GetChainOrAdd(chainName, _table, system);
//Nested output
var singleRule = OutputRulesForGroup(ruleSet, system, p.Value, chainName, p.Key);
//Console.WriteLine("Is Single Rule: {0}", singleRule == null ? "NO" : "YES");
if (singleRule == null)
{
if (chain.Rules.Count != 0)
{
IpTablesRule jumpRule = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains);
_setJump(jumpRule, p.Key);
//jumpRule.
jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName;
jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|MA|" +
description;
ruleSet.AddRule(jumpRule);
}
else
{
//Console.WriteLine(String.Format("No rules in the chain \"{0}\", skipping jump from {1}.", chainName, _chain));
}
}
else
{
_setJump(singleRule, p.Key);
//ruleSet.AddRule(singleRule);
}
if (chain.Rules.Count == 0)
{
ruleSet.Chains.RemoveChain(chain);
}
}
}
public static void SourcePortSetter(IpTablesRule rule, List <PortOrRange> ranges)
{
var protocol = rule.GetModule <CoreModule>("core").Protocol;
if (ranges.Count == 1 && !protocol.Null && !protocol.Not)
{
if (protocol.Value == "tcp")
{
var tcp = rule.GetModuleOrLoad <TcpModule>("tcp");
tcp.SourcePort = new ValueOrNot <PortOrRange>(ranges[0]);
}
else
{
var tcp = rule.GetModuleOrLoad <UdpModule>("udp");
tcp.SourcePort = new ValueOrNot <PortOrRange>(ranges[0]);
}
}
else
{
var multiport = rule.GetModuleOrLoad <MultiportModule>("multiport");
multiport.SourcePorts = new ValueOrNot <IEnumerable <PortOrRange> >(ranges);
}
}
/// <summary>
/// Add the rules
/// </summary>
/// <param name="ruleSet"></param>
/// <param name="system"></param>
/// <param name="rules"></param>
/// <param name="chainName"></param>
/// <param name="key"></param>
/// <returns>an IPTables rule if the output is singular</returns>
private IpTablesRule OutputRulesForGroup(IpTablesRuleSet ruleSet, IpTablesSystem system, List <IpTablesRule> rules, string chainName, TKey key)
{
if (rules.Count == 0)
{
return(null);
}
int count = 0, ruleCount = 0;
List <PortOrRange> ranges = new List <PortOrRange>();
IpTablesRule rule1 = null;
var firstCore = rules[0].GetModule <CoreModule>("core");
int ruleIdx = 1;
Action buildRule = () =>
{
//Console.WriteLine("t2");
if (ranges.Count == 0)
{
throw new IpTablesNetException("this should not happen");
}
rule1 = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains);
//Core Module
var ruleCore = rule1.GetModuleOrLoad <CoreModule>("core");
ruleCore.Protocol = firstCore.Protocol;
if (firstCore.TargetMode == TargetMode.Goto && !String.IsNullOrEmpty(firstCore.Goto))
{
ruleCore.Goto = firstCore.Goto;
}
else if (firstCore.TargetMode == TargetMode.Jump && !String.IsNullOrEmpty(firstCore.Jump))
{
ruleCore.Jump = firstCore.Jump;
}
//Comment Module
var ruleComment = rule1.GetModuleOrLoad <CommentModule>("comment");
ruleComment.CommentText = _commentPrefix + "|" + chainName + "|" + ruleIdx;
// Create just one rule if there is only one set of multiports
if (ruleCount == 1 && ranges.Count == 1 && _setJump != null)
{
_setJump(rule1, key);
rule1.Chain = ruleSet.Chains.GetChainOrDefault(_chain, _table);
}
else
{
rule1.Chain = ruleSet.Chains.GetChainOrDefault(chainName, _table);
}
//Console.WriteLine(rule1.GetActionCommandParamters());
_setPort(rule1, new List <PortOrRange>(ranges));
ruleSet.AddRule(rule1);
ruleIdx++;
};
List <PortOrRange> ports = rules.Select(rule => _extractPort(rule)).ToList();
PortRangeHelpers.SortRangeFirstLowHigh(ports);
ports = PortRangeHelpers.CompressRanges(ports);
ruleCount = PortRangeHelpers.CountRequiredMultiports(ports);
foreach (var e in ports)
{
if (!_ipset && (count == 14 && e.IsRange() || count == 15))
{
buildRule();
count = 0;
ranges.Clear();
}
ranges.Add(e);
if (e.IsRange())
{
count += 2;
}
else
{
count++;
}
}
if (ranges.Count != 0)
{
buildRule();
}
if (ruleCount != 1 || ranges.Count != 1)
{
return(null);
}
return(rule1);
}
public static void SourcePortSetter(IpTablesRule rule, List<PortOrRange> ranges)
{
var protocol = rule.GetModule<CoreModule>("core").Protocol;
if (ranges.Count == 1 && !protocol.Null && !protocol.Not)
{
if (protocol.Value == "tcp")
{
var tcp = rule.GetModuleOrLoad<TcpModule>("tcp");
tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]);
}
else
{
var tcp = rule.GetModuleOrLoad<UdpModule>("udp");
tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]);
}
}
else
{
var multiport = rule.GetModuleOrLoad<MultiportModule>("multiport");
multiport.SourcePorts = new ValueOrNot<IEnumerable<PortOrRange>>(ranges);
}
}
public static void SetComment(this IpTablesRule rule, String commentText)
{
var commentModule = rule.GetModuleOrLoad <CommentModule>("comment");
commentModule.CommentText = commentText;
}
private void setSourceIp(IpTablesRule arg1, IPAddress arg2)
{
arg1.GetModuleOrLoad <CoreModule>("core").Source = new ValueOrNot <IpCidr>(new IpCidr(arg2, 32));
}
private void setter(IpTablesRule arg1, String arg2)
{
arg1.GetModuleOrLoad <CoreModule>("core").InInterface = new ValueOrNot <String>(arg2);
}
private void setter(IpTablesRule arg1, IPAddress arg2)
{
arg1.GetModuleOrLoad<CoreModule>("core").Source = new ValueOrNot<IpCidr>(new IpCidr(arg2));
}
private void setter(IpTablesRule arg1, String arg2)
{
arg1.GetModuleOrLoad<CoreModule>("core").InInterface = new ValueOrNot<String>(arg2);
}