private void CreateChains(IpTablesDetails config, RuleBuilder rb) { foreach (var c in config.Chains) { if (c.IsDynamic) { rb.DefineDynamicChain(c.Dynamic); } foreach (var v in c.Versions) { var rules = _ruleSets[v]; var chains = rules.Chains; foreach (var t in c.Tables) { if (c.IsDynamic) { rb.Dcr.RegisterDynamicChain(c.Dynamic, t, c.Name, v); } else if (!chains.HasChain(c.Name, t)) { chains.AddChain(c.Name, t, _iptables); } } } } }
private void CreateRules(IpTablesDetails config, RuleBuilder rb) { var rules = config.Rules.AsParallel().AsOrdered() .Where((c) => rb.IsConditionTrue(c.Condition)) .SelectMany((c) => ParseAll(rb, c)).AsSequential(); foreach (var rule in rules) { lock (_dynamicLock) { if (rb.Dcr.IsDynamic(rule.Chain)) { rb.Dcr.AddRule(rule); continue; } } var chains = _ruleSets[rule.IpVersion].Chains; IpTablesChain chain; lock (chains) { chain = chains.GetChainOrDefault(rule.Chain.Name, rule.Chain.Table); } if (chain == null) { throw new Exception(String.Format("Chain was not created ipv{0},{1}:{2}", rule.Chain.IpVersion, rule.Chain.Table, rule.Chain.Name)); } lock (chain) { chain.AddRule(rule); } } }
public void InitFromModel(Dictionary <String, EnvironmentDetails> environment, IpTablesDetails config) { var rb = InitEnvironment(environment); CreateChains(config, rb); CreateSets(config, rb); CreateRules(config, rb); foreach (var c in config.Chains) { if (c.IsDynamic) { var chains = _ruleSets.Select( (a) => a.Value.Chains.FirstOrDefault((d) => d.Name == c.Name && c.Tables.Contains(d.Table))).Where((a) => a != null).ToList(); foreach (var di in c.DynamicInit) { foreach (var cc in chains) { rb.Dcr.GetDynamicChainRules(cc, di); } } } } }
private void CreateSets(IpTablesDetails config, RuleBuilder rb) { foreach (var set in config.Sets) { var ipset = new IpSetSet(IpSetTypeHelper.StringToType(set.Type), set.Name, 0, set.Family, _iptables, IpSetSyncMode.SetAndEntries); String[] resolved = set.Entries.ToArray(); if (ipset.Type == IpSetType.HashIp) { IPAddress ip; int retries = 0; do { List <Task> tasks = new List <Task>(); for (int index = 0; index < resolved.Length; index++) { var entry = resolved[index]; String entryIp = rb.Format(entry); if (!IPAddress.TryParse(entryIp, out ip)) { DomainName domain; if (!DomainName.TryParse(entryIp, out domain)) { throw new Exception("Unable to parse domain " + entryIp); } var asyncResult = _dns.ResolveAsync(domain).ContinueWith(CompleteLambda(index, resolved)); tasks.Add(asyncResult); } } if (tasks.Any()) { Task.WaitAll(tasks.ToArray()); } } while (++retries <= 3 && resolved.Any((entry) => !IPAddress.TryParse(rb.Format(entry), out ip))); for (int index = 0; index < resolved.Length; index++) { var entry = resolved[index]; String entryIp = rb.Format(entry); if (!IPAddress.TryParse(entryIp, out ip)) { throw new Exception("Unable to resolve " + entryIp); } } } //Check Uniqueness HashSet <IpSetEntry> ipsetEntries = new HashSet <IpSetEntry>(); for (int index = 0; index < resolved.Length; index++) { var entry = resolved[index]; String entryIp = rb.Format(entry); var setEntry = IpSetEntry.ParseFromParts(ipset, entryIp); if (ipsetEntries.Add(setEntry)) { ipset.Entries.Add(setEntry); } } _sets.AddSet(ipset); } //Add new sets (dont delete!) _sets.Sync((a) => false); }