public static void ExecuteIptables(NetfilterSystem system, String command, String iptablesBinary, out String output, out String error)
{
using (ISystemProcess process = system.System.StartProcess(iptablesBinary, command))
{
ProcessHelper.ReadToEnd(process, out output, out error);
//OK
if (process.ExitCode == 0)
{
return;
}
//ERR: INVALID COMMAND LINE
if (process.ExitCode == 2)
{
throw new IpTablesNetException("IPTables execution failed: Invalid Command Line - " + command);
}
//ERR: GENERAL ERROR
if (process.ExitCode == 1)
{
throw new IpTablesNetException("IPTables execution failed: Error - " + command);
}
//ERR: UNKNOWN
throw new IpTablesNetException("IPTables execution failed: Unknown Error - " + command);
}
}
public IpTablesChain CreateChain(NetfilterSystem system, int ipVersion)
{
var chain = GetNewChain(system, ipVersion);
_chains.AddChain(chain);
return(chain);
}
/// <summary>
/// Parse a IPTables rule
/// </summary>
/// <param name="rule"></param>
/// <param name="system"></param>
/// <param name="chains"></param>
/// <param name="version"></param>
/// <param name="defaultTable"></param>
/// <param name="createChain"></param>
/// <returns></returns>
public static IpTablesRule Parse(String rule, NetfilterSystem system, IpTablesChainSet chains,
int version = 4, String defaultTable = "filter", ChainCreateMode createChain = ChainCreateMode.CreateNewChainIfNeeded)
{
CommandParser parser;
var ipCmd = IpTablesCommand.Parse(rule, system, chains, out parser, version, defaultTable);
if (ipCmd.Type != IpTablesCommandType.Add)
{
throw new IpTablesParserException(rule, "must be add rule to parse");
}
var chain = parser.GetChainFromSet();
if (chain == null)
{
if (createChain == ChainCreateMode.DontCreateErrorInstead)
{
throw new IpTablesParserException(rule, String.Format("Unable to find chain: {0}", parser.ChainName));
}
var ipVersion = chains == null ? 4 : chains.IpVersion;
if (createChain == ChainCreateMode.ReturnNewChain)
{
chain = parser.GetNewChain(system, ipVersion);
}
else
{
chain = parser.CreateChain(system, ipVersion);
}
}
Debug.Assert(chain.IpVersion == version);
ipCmd.Rule.Chain = chain;
return(ipCmd.Rule);
}
/// <summary>
/// Copy constructor
/// </summary>
/// <param name="rule"></param>
public IpTablesRule(IpTablesRule rule)
{
_system = rule.System;
Chain = rule.Chain;
_moduleData = rule.ModuleDataInternal;
_cow = true;
}
public static ISystemProcess ExecuteIptables(NetfilterSystem system, String command, String iptablesBinary)
{
ISystemProcess process = system.System.StartProcess(iptablesBinary, command);
process.WaitForExit();
//OK
if (process.ExitCode == 0)
{
return(process);
}
//ERR: INVALID COMMAND LINE
if (process.ExitCode == 2)
{
throw new IpTablesNetException("IPTables execution failed: Invalid Command Line - " + command);
}
//ERR: GENERAL ERROR
if (process.ExitCode == 1)
{
throw new IpTablesNetException("IPTables execution failed: Error - " + command);
}
//ERR: UNKNOWN
throw new IpTablesNetException("IPTables execution failed: Unknown Error - " + command);
}
public IpTablesChain(String table, String chainName, int ipVersion, NetfilterSystem system)
{
_name = chainName;
_table = table;
_system = system;
_rules = new List <IpTablesRule>();
_ipVersion = ipVersion;
}
public IPTablesRestoreAdapterClient(int ipVersion, NetfilterSystem system, String iptablesRestoreBinary = "iptables-restore", String iptableSaveBinary = "iptables-save", String iptablesBinary = "iptables")
{
_system = system;
_iptablesRestoreBinary = iptablesRestoreBinary;
_iptablesSaveBinary = iptableSaveBinary;
_iptablesBinary = iptablesBinary;
_ipVersion = ipVersion;
}
public void AddChain(String name, String table, NetfilterSystem system)
{
if (HasChain(name, table))
{
throw new IpTablesNetException("A chain with that name already exists");
}
AddChain(new IpTablesChain(table, name, _ipVersion, system));
}
public void AddDefaultChains(NetfilterSystem system)
{
foreach (var tablePair in IPTablesTables.Tables)
{
foreach (var chain in tablePair.Value)
{
_chains.Add(new IpTablesChain(tablePair.Key, chain, _ipVersion, system));
}
}
}
public IpTablesChain AddChain(String name, String table, NetfilterSystem system)
{
if (HasChain(name, table))
{
throw new IpTablesNetException("A chain with that name already exists");
}
var newChain = new IpTablesChain(table, name, _ipVersion, system);
AddChain(newChain);
return(newChain);
}
/// <summary>
/// Parse a IPTables rule
/// </summary>
/// <param name="rule"></param>
/// <param name="system"></param>
/// <param name="chains"></param>
/// <param name="version"></param>
/// <param name="defaultTable"></param>
/// <param name="createChain"></param>
/// <returns></returns>
public static IpTablesRule Parse(String rule, NetfilterSystem system, IpTablesChainSet chains,
int version = 4, String defaultTable = "filter", ChainCreateMode createChain = ChainCreateMode.CreateNewChainIfNeeded)
{
Debug.Assert(chains.IpVersion == version);
string[] arguments = ArgumentHelper.SplitArguments(rule);
int count = arguments.Length;
var ipRule = new IpTablesRule(system, new IpTablesChain(null, defaultTable, version, system));
try
{
var parser = new RuleParser(arguments, ipRule, chains, defaultTable);
bool not = false;
for (int i = 0; i < count; i++)
{
if (arguments[i] == "!")
{
not = true;
continue;
}
i += parser.FeedToSkip(i, not, version);
not = false;
}
var chain = parser.GetChainFromSet();
if (chain == null)
{
if (createChain == ChainCreateMode.DontCreateErrorInstead)
{
throw new IpTablesNetException(String.Format("Unable to find chain: {0}", parser.ChainName));
}
var ipVersion = chains == null ? 4 : chains.IpVersion;
if (createChain == ChainCreateMode.ReturnNewChain)
{
chain = parser.GetNewChain(system, ipVersion);
}
else
{
chain = parser.CreateChain(system, ipVersion);
}
}
Debug.Assert(chain.IpVersion == version);
ipRule.Chain = chain;
}
catch (Exception ex)
{
throw new IpTablesParserException(rule, ex);
}
return(ipRule);
}
/// <summary>
/// Parse a IPTables rule
/// </summary>
/// <param name="rule"></param>
/// <param name="system"></param>
/// <param name="chains"></param>
/// <param name="defaultTable"></param>
/// <param name="createChain"></param>
/// <param name="ipVersion"></param>
/// <returns></returns>
public static IpTablesRule Parse(String rule, NetfilterSystem system, IpTablesChainSet chains,
String defaultTable = "filter", bool createChain = false)
{
string[] arguments = ArgumentHelper.SplitArguments(rule);
int count = arguments.Length;
var ipRule = new IpTablesRule(system, null);
try
{
var parser = new RuleParser(arguments, ipRule, chains, defaultTable);
bool not = false;
for (int i = 0; i < count; i++)
{
if (arguments[i] == "!")
{
not = true;
continue;
}
i += parser.FeedToSkip(i, not);
not = false;
}
var chain = parser.GetChain(system);
if (chain == null)
{
if (!createChain)
{
throw new IpTablesNetException(String.Format("Unable to find chain: {0}", parser.ChainName));
}
chain = parser.CreateNewChain(system, chains == null ? 4 : chains.IpVersion);
}
ipRule.Chain = chain;
}
catch (Exception ex)
{
throw new IpTablesParserException(rule, ex);
}
return(ipRule);
}
public static IpTablesChainSet GetRulesFromOutput(NetfilterSystem system, String output, String table, int ipVersion, bool ignoreErrors = false)
{
var ret = new IpTablesChainSet(ipVersion);
String ttable = null;
foreach (string lineRaw in output.Split(new[] { '\n' }))
{
string line = lineRaw.Trim();
if (String.IsNullOrEmpty(line))
{
continue;
}
char c = line[0];
IpTablesRule rule;
IpTablesChain chain;
switch (c)
{
case '*':
ttable = line.Substring(1);
break;
case ':':
string[] split = line.Split(new[] { ' ' });
ret.AddChain(new IpTablesChain(ttable, split[0].Substring(1), ipVersion, system));
break;
//Byte & packet count
case '[':
int positionEnd = line.IndexOf(']');
if (positionEnd == -1)
{
throw new IpTablesNetException("Parsing error, could not find end of counters");
}
string[] counters = line.Substring(1, positionEnd - 1).Split(new[] { ':' });
line = line.Substring(positionEnd + 1);
try
{
rule = IpTablesRule.Parse(line, system, ret, ttable);
}
catch
{
if (ignoreErrors)
{
continue;
}
throw;
}
rule.Counters = new PacketCounters(long.Parse(counters[0]), long.Parse(counters[1]));
ret.AddRule(rule);
break;
case '-':
rule = IpTablesRule.Parse(line, system, ret, ttable);
ret.AddRule(rule);
break;
case '#':
break;
case 'C':
if (line == "COMMIT" && ttable == table)
{
if (ttable == null)
{
throw new IpTablesNetException("Parsing error");
}
return(ret);
}
throw new IpTablesNetException("Unexepected table \"" + table + "\" found \"" + ttable + "\" instead");
}
}
return(null);
}
public IpTablesChain GetChain(NetfilterSystem system)
{
return(_chains.GetChainOrAdd(_chainName, _tableName, system));
}
INetfilterAdapterClient INetfilterAdapter.GetClient(NetfilterSystem system, int ipVersion = 4)
{
return(GetClient(system as IpTablesSystem, ipVersion));
}
public IPTablesLibAdapterClient(int ipVersion, NetfilterSystem system, String iptablesBinary)
{
_system = system;
_iptablesBinary = iptablesBinary;
_ipVersion = ipVersion;
}
public static void ExecuteIptables(NetfilterSystem system, String command, String iptablesBinary)
{
String output, error;
ExecuteIptables(system, command, iptablesBinary, out output, out error);
}
protected override IpTablesChain CreateChain(string tableName, string chainName, NetfilterSystem system)
{
return(new IpTablesChain(tableName, chainName, _ipVersion, system));
}
public MockIpTablesRestoreAdapterClient(NetfilterSystem system, string iptablesRestoreBinary = "iptables-restore") : base(4, system, iptablesRestoreBinary)
{
}
/// <summary>
/// Create a new (empty) IPTables Rule
/// </summary>
/// <param name="system"></param>
/// <param name="chain"></param>
public IpTablesRule(NetfilterSystem system, IpTablesChain chain)
{
_system = system;
_chain = chain;
}
/// <summary>
/// Create a rule with a goto target to a specified chain
/// </summary>
/// <param name="chainIn"></param>
/// <param name="chainJump"></param>
/// <param name="system"></param>
/// <returns></returns>
public static IpTablesRule CreateGoto(IpTablesChain chainIn, String chainJump, NetfilterSystem system)
{
var rule = new IpTablesRule(system, chainIn);
rule.GetModuleOrLoad <CoreModule>("core").Goto = chainJump;
return(rule);
}
protected override NfTablesChain CreateChain(string tableName, string chainName, NetfilterSystem system)
{
return(new NfTablesChain(tableName, chainName, system));
}
public IpTablesChain GetNewChain(NetfilterSystem system, int ipVersion)
{
return(new IpTablesChain(_tableName, _chainName, ipVersion, system));
}
public IpTablesChain GetNewChain(NetfilterSystem system, int ipVersion)
{
return(new IpTablesChain(_ipCommand.Table, _ipCommand.ChainName, ipVersion, system));
}
public NfTablesChain(string tableName, string chainName, NetfilterSystem netfilterSystem)
{
throw new NotImplementedException();
}
