public void TestBitmapPortNoChange()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List <String>()
{
"create test bitmap:port range 1-65535",
"add test 80",
"add test 81"
}, iptables);
rulesOriginal.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetAndEntries;
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List <String>()
{
"create test bitmap:port bitmap:port range 1-65535",
"add test 81",
"add test 80"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetAndEntries;
systemFactory.TestSync(rulesNew, new List <string>
{
});
}
public void TestSyncEntryNotValues()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List <String>()
{
"create test hash:ip family inet hashsize 1024 maxelem 65536",
"add test 8.8.8.8"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List <String>()
{
"create test hash:ip"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetOnly;
systemFactory.TestSync(rulesNew, new List <string>
{
});
}
public virtual IpSetSets SaveSets(IpTablesSystem iptables)
{
IpSetSets sets = new IpSetSets(iptables);
String output, error;
using (ISystemProcess process = _system.StartProcess(BinaryName, "save"))
{
ProcessHelper.ReadToEnd(process, out output, out error);
}
String[] all = output.Split(new string[] { "\r\n", "\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (String line in all)
{
if (String.IsNullOrEmpty(line))
{
break;
}
var trimmed = line.Trim();
if (trimmed.Length != 0)
{
sets.Accept(trimmed, iptables);
}
}
return(sets);
}
public void TestBitmapPort()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List <String>()
{
"create test bitmap:port family inet",
"add test 80"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List <String>()
{
"create test bitmap:port"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetOnly;
systemFactory.TestSync(rulesNew, new List <string>
{
});
}
public ModelLoad(IpTablesSystem iptables, Dictionary <int, IpTablesRuleSet> ruleSets, IpSetSets sets, DnsClient dns = null)
{
_iptables = iptables;
_ruleSets = ruleSets;
_sets = sets;
if (dns != null)
{
_dns = dns;
}
}
public void TestParseEntryIp()
{
var set = IpSetSet.Parse("test_set hash:ip family inet hashsize 10 maxelem 14", null);
IpSetSets sets = new IpSetSets(null);
sets.AddSet(set);
String toParse = "test_set 1.2.3.4";
var entry = IpSetEntry.Parse(toParse, sets);
Assert.AreEqual("test_set", entry.Set.Name);
Assert.AreEqual(IPAddress.Parse("1.2.3.4"), entry.Cidr.Address);
}
public void TestParseEntry2()
{
var set = IpSetSet.Parse("test_set hash:ip,port family inet hashsize 10 maxelem 14", null);
IpSetSets sets = new IpSetSets(null);
sets.AddSet(set);
String toParse = "test_set 8.8.8.8,tcp:80";
var entry = IpSetEntry.Parse(toParse, sets);
Assert.AreEqual("test_set", entry.Set.Name);
Assert.AreEqual(IPAddress.Parse("8.8.8.8"), entry.Cidr.Address);
Assert.AreEqual(80, entry.Port);
}
public void PerformSync(string matches)
{
var whitelist = _aclProvider.GetWhitelisted();
IpSetSet set = new IpSetSet(IpSetType.HashIp, "wl_ip", 0, _system, IpSetSyncMode.SetAndEntries);
foreach (var w in whitelist)
{
set.Entries.Add(new IpSetEntry(set, new IpCidr(w)));
}
IpSetSets sets = new IpSetSets(_system);
sets.AddSet(set);
sets.Sync();
IpTablesRuleSet rules = new IpTablesRuleSet(4, _system);
rules.AddRule("-A INPUT -m set --match-set wl_ip src -j ACCEPT -m comment --comment WLRULE");
rules.AddRule("-A INPUT " + matches + " j DROP -m comment --comment DROPRULE");
rules.Sync(new DefaultNetfilterSync <IpTablesRule>(Comparer));
}
public void TestSyncDelete()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List <String>()
{
"create test hash:ip",
"add test 8.8.8.8"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List <String>()
{
}, iptables);
systemFactory.TestSync(rulesNew, new List <string>
{
"destroy test"
});
}
public virtual IpSetSets SaveSets(IpTablesSystem iptables)
{
IpSetSets sets = new IpSetSets(iptables);
//ipset save
using (ISystemProcess process = _system.StartProcess(BinaryName, "save"))
{
ProcessHelper.ReadToEnd(process, line =>
{
if (line == null)
{
return;
}
var trimmed = line.Trim();
if (trimmed.Length != 0)
{
sets.Accept(trimmed, iptables);
}
}, err => { });
}
return(sets);
}
public virtual IpSetSets SaveSets(IpTablesSystem iptables)
{
ISystemProcess process = _system.StartProcess(BinaryName, "save");
IpSetSets sets = new IpSetSets(iptables);
String[] all = process.StandardOutput.ReadToEnd().Split(new string[] { "\r\n", "\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (String line in all)
{
if (String.IsNullOrEmpty(line))
{
break;
}
var trimmed = line.Trim();
if (trimmed.Length != 0)
{
sets.Accept(trimmed, iptables);
}
}
process.WaitForExit();
return(sets);
}
public void TestSyncCreateNet()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List <String>()
{
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List <String>()
{
"create test hash:net",
"add test 8.8.8.8/32"
}, iptables);
systemFactory.TestSync(rulesNew, new List <string>
{
"create test hash:net family inet hashsize 1024 maxelem 65536",
"add test 8.8.8.8"
});
}
public IpSetEntryParser(string[] arguments, IpSetEntry entry, IpSetSets sets)
{
_arguments = arguments;
_entry = entry;
_sets = sets;
}
public IpSetEntryParser(string[] arguments, IpSetEntry entry, IpSetSets sets)
{
_arguments = arguments;
_entry = entry;
_sets = sets;
}
public void TestSync(IpSetSets rulesNew, List <string> expectedCommands)
{
TestSync(rulesNew);
CollectionAssert.AreEqual(expectedCommands, Commands.Select(a => a.Value).ToList());
}
public virtual IpSetSets SaveSets(IpTablesSystem iptables)
{
ISystemProcess process = _system.StartProcess(BinaryName, "save");
IpSetSets sets = new IpSetSets(iptables);
String[] all = process.StandardOutput.ReadToEnd().Split(new string[]{"\r\n","\n"}, StringSplitOptions.RemoveEmptyEntries);
foreach(String line in all){
if (String.IsNullOrEmpty(line))
{
break;
}
var trimmed = line.Trim();
if (trimmed.Length != 0)
{
sets.Accept(trimmed, iptables);
}
}
process.WaitForExit();
return sets;
}
public void SetSets(IpSetSets sets)
{
_sets = sets;
}
public void TestSync(IpSetSets rulesNew)
{
rulesNew.Sync((a) => true, false);
}
public MockIpsetBinaryAdapter(MockIpsetSystemFactory systemFactory, IpSetSets sets = null)
: base(systemFactory)
{
SetSets(sets);
}
public virtual IpSetSets SaveSets(IpTablesSystem iptables)
{
IpSetSets sets = new IpSetSets(iptables);
String output, error;
using (ISystemProcess process = _system.StartProcess(BinaryName, "save"))
{
ProcessHelper.ReadToEnd(process, out output, out error);
}
String[] all = output.Split(new string[]{"\r\n","\n"}, StringSplitOptions.RemoveEmptyEntries);
foreach(String line in all){
if (String.IsNullOrEmpty(line))
{
break;
}
var trimmed = line.Trim();
if (trimmed.Length != 0)
{
sets.Accept(trimmed, iptables);
}
}
return sets;
}
