public void PerformSync(string matches)
{
var whitelist = _aclProvider.GetWhitelisted();
IpSetSet set = new IpSetSet(IpSetType.HashIp,"wl_ip",0, _system, IpSetSyncMode.SetAndEntries);
foreach (var w in whitelist)
{
set.Entries.Add(new IpSetEntry(set, new IpCidr(w)));
}
IpSetSets sets = new IpSetSets(_system);
sets.AddSet(set);
sets.Sync();
IpTablesRuleSet rules = new IpTablesRuleSet(4, _system);
rules.AddRule("-A INPUT -m set --match-set wl_ip src -j ACCEPT -m comment --comment WLRULE");
rules.AddRule("-A INPUT " + matches + " j DROP -m comment --comment DROPRULE");
rules.Sync(new DefaultNetfilterSync<IpTablesRule>(Comparer));
}
public IpSetSet GetSetByName(string name)
{
IpSetSet ret = null;
_sets.TryGetValue(name, out ret);
return(ret);
}
public static IpSetEntry ParseFromParts(IpSetSet set, String value)
{
var entry = new IpSetEntry(set);
IpSetEntryParser.ParseEntry(entry, value);
return(entry);
}
public IpSetEntry(IpSetSet set, IpCidr?cidr = null, string protocol = null, int port = -1, string mac = null)
{
_set = set;
_cidr = cidr.HasValue?cidr.Value:IpCidr.Any;
_protocol = protocol;
_port = port;
_mac = mac;
}
public IpSetEntry(IpSetSet set, IpCidr? cidr = null, string protocol = null, int port = -1, string mac = null)
{
_set = set;
_cidr = cidr.HasValue?cidr.Value:IpCidr.Any;
_protocol = protocol;
_port = port;
_mac = mac;
}
public static IpSetSet Parse(String[] arguments, IpTablesSystem system, int startOffset = 0)
{
IpSetSet set = new IpSetSet(system);
var parser = new IpSetSetParser(arguments, set);
for (int i = startOffset; i < arguments.Length; i++)
{
i += parser.FeedToSkip(i, startOffset == i);
}
return(set);
}
public bool SetEquals(IpSetSet set, bool size = false)
{
if (!(set.MaxElem == MaxElem && set.Name == Name && set.Timeout == Timeout &&
set.Type == Type))
{
return(false);
}
if (size)
{
return(set.HashSize == HashSize);
}
return(true);
}
public static IpSetSet Parse(String rule, IpTablesSystem system)
{
IpSetSet set = new IpSetSet(system);
string[] arguments = ArgumentHelper.SplitArguments(rule);
var parser = new IpSetSetParser(arguments, set);
for (int i = 0; i < arguments.Length; i++)
{
i += parser.FeedToSkip(i);
}
return(set);
}
public bool SetEquals(IpSetSet set, bool size = false)
{
if (!(set.MaxElem == MaxElem && set.Name == Name && set.Timeout == Timeout &&
set.Type == Type && set.BitmapRange.Equals(BitmapRange) && set.CreateOptions.OrderBy(a => a).SequenceEqual(CreateOptions.OrderBy(a => a))))
{
return(false);
}
if (size)
{
return(set.HashSize == HashSize);
}
return(true);
}
public void Accept(String line, IpTablesSystem iptables)
{
String[] split = ArgumentHelper.SplitArguments(line);
if (split.Length == 0)
{
return;
}
var command = split[0];
switch (command)
{
case "create":
var set = IpSetSet.Parse(split, iptables, 1);
AddSet(set);
break;
case "add":
IpSetEntry.Parse(split, this, 1);
break;
}
}
public void Accept(String line, IpTablesSystem iptables)
{
String[] split = line.Split(new char[] { ' ' });
if (split.Length == 0)
{
return;
}
var command = split[0];
var options = String.Join(" ", split.Skip(1).ToArray());
switch (command)
{
case "create":
var set = IpSetSet.Parse(options, iptables);
AddSet(set);
break;
case "add":
IpSetEntry.Parse(options, this);
break;
}
}
public void AddSet(IpSetSet set)
{
_sets.Add(set.Name, set);
}
public static IpSetSet Parse(String rule, IpTablesSystem system)
{
IpSetSet set = new IpSetSet(system);
string[] arguments = ArgumentHelper.SplitArguments(rule);
var parser = new IpSetSetParser(arguments, set);
for (int i = 0; i < arguments.Length; i++)
{
i += parser.FeedToSkip(i);
}
return set;
}
/// <summary>
/// Sync with an IPTables system
/// </summary>
/// <param name="canDeleteSet"></param>
/// <param name="transactional"></param>
public void Sync(
Func <IpSetSet, bool> canDeleteSet = null, bool transactional = true)
{
if (transactional)
{
//Start transaction
_system.SetAdapter.StartTransaction();
}
var systemSets = _system.SetAdapter.SaveSets(_system);
foreach (var set in _sets)
{
var systemSet = systemSets.GetSetByName(set.Name);
if (systemSet == null)
{
//Add
_system.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, _system, set.SyncMode);
}
else
{
//Update if applicable
if (!systemSet.SetEquals(set))
{
_system.SetAdapter.DestroySet(set.Name);
_system.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, _system, set.SyncMode);
}
}
if (set.SyncMode == IpSetSyncMode.SetAndEntries)
{
foreach (var entry in set.Entries)
{
try
{
var systemEntry = systemSet.Entries.FirstOrDefault((a) => a.KeyEquals(entry));
if (systemEntry == null)
{
_system.SetAdapter.AddEntry(entry);
}
}
catch (Exception ex)
{
Console.WriteLine(entry.Port);
Console.WriteLine(systemSet.Entries.Count);
throw;
}
}
foreach (var entry in systemSet.Entries)
{
IpSetEntry entry1 = entry;
var memEntry = set.Entries.FirstOrDefault(((a) => a.KeyEquals(entry1)));
if (memEntry == null)
{
_system.SetAdapter.DeleteEntry(entry);
}
}
}
}
if (canDeleteSet != null)
{
foreach (var set in systemSets.Sets)
{
if (_sets.FirstOrDefault((a) => a.Name == set.Name) == null && canDeleteSet(set))
{
_system.SetAdapter.DestroySet(set.Name);
}
}
}
if (transactional)
{
//End Transaction: COMMIT
_system.SetAdapter.EndTransactionCommit();
}
}
private void CreateSets(IpTablesDetails config, RuleBuilder rb)
{
foreach (var set in config.Sets)
{
var ipset = new IpSetSet(IpSetTypeHelper.StringToType(set.Type), set.Name, 0, set.Family, _iptables, IpSetSyncMode.SetAndEntries);
String[] resolved = set.Entries.ToArray();
if (ipset.Type == IpSetType.HashIp)
{
List<IAsyncResult> tasks = new List<IAsyncResult>();
for (int index = 0; index < resolved.Length; index++)
{
var entry = resolved[index];
String entryIp = rb.Format(entry);
IPAddress ip;
if (!IPAddress.TryParse(entryIp, out ip))
{
var asyncResult = Dns.BeginGetHostAddresses(entryIp, (a) =>
{
var ips = Dns.EndGetHostAddresses(a);
if (ips.Length == 0)
{
throw new Exception("Unable to resolve: " + entryIp);
}
String entryIp2 = ips.First().ToString();
resolved[(int) a.AsyncState] = entryIp2;
}, index);
tasks.Add(asyncResult);
}
}
if (tasks.Any()) {
WaitHandle.WaitAll(tasks.Select((a) => a.AsyncWaitHandle).ToArray());
}
}
//Check Uniqueness
HashSet<IpSetEntry> ipsetEntries = new HashSet<IpSetEntry>();
for (int index = 0; index < resolved.Length; index++)
{
var entry = resolved[index];
String entryIp = rb.Format(entry);
var setEntry = IpSetEntry.ParseFromParts(ipset, entryIp);
if (ipsetEntries.Add(setEntry))
{
ipset.Entries.Add(setEntry);
}
}
_sets.AddSet(ipset);
}
//Add new sets (dont delete!)
_sets.Sync((a) => false);
}
public bool SetEquals(IpSetSet set)
{
return(set.HashSize == HashSize && set.MaxElem == MaxElem && set.Name == Name && set.Timeout == Timeout &&
set.Type == Type);
}
public bool SetEquals(IpSetSet set, bool size = false)
{
if (!(set.MaxElem == MaxElem && set.Name == Name && set.Timeout == Timeout &&
set.Type == Type))
{
return false;
}
if (size)
{
return set.HashSize == HashSize;
}
return true;
}
/// <summary>
/// Sync with an IPTables system
/// </summary>
/// <param name="canDeleteSet"></param>
/// <param name="transactional"></param>
public void Sync(
Func<IpSetSet, bool> canDeleteSet = null, bool transactional = true)
{
if (transactional)
{
//Start transaction
System.SetAdapter.StartTransaction();
}
var systemSets = System.SetAdapter.SaveSets(System);
foreach (var set in _sets)
{
var systemSet = systemSets.GetSetByName(set.Name);
if (systemSet == null)
{
//Add
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode);
}
else
{
//Update if applicable
if (!systemSet.SetEquals(set))
{
System.SetAdapter.DestroySet(set.Name);
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode);
}
}
if (set.SyncMode == IpSetSyncMode.SetAndEntries)
{
try
{
foreach (var entry in set.Entries)
{
try
{
var systemEntry = systemSet.Entries.FirstOrDefault((a) => a.KeyEquals(entry));
if (systemEntry == null)
{
System.SetAdapter.AddEntry(entry);
}
}
catch (Exception ex)
{
throw;
}
}
foreach (var entry in systemSet.Entries)
{
IpSetEntry entry1 = entry;
var memEntry = set.Entries.FirstOrDefault(((a) => a.KeyEquals(entry1)));
if (memEntry == null)
{
System.SetAdapter.DeleteEntry(entry);
}
}
}
catch (Exception ex)
{
throw new IpTablesNetException(String.Format("An exception occured while adding or removing on entries of set {0} message:{1}",set.Name,ex.Message),ex);
}
}
}
if (canDeleteSet != null)
{
foreach (var set in systemSets.Sets)
{
if (_sets.FirstOrDefault((a) => a.Name == set.Name) == null && canDeleteSet(set))
{
System.SetAdapter.DestroySet(set.Name);
}
}
}
if (transactional)
{
//End Transaction: COMMIT
if (!System.SetAdapter.EndTransactionCommit())
{
throw new IpTablesNetException("Failed to commit IPSets");
}
}
}
/// <summary>
/// Sync with an IPTables system
/// </summary>
/// <param name="canDeleteSet"></param>
/// <param name="transactional"></param>
public void Sync(
Func <IpSetSet, bool> canDeleteSet = null, bool transactional = true)
{
if (transactional)
{
//Start transaction
System.SetAdapter.StartTransaction();
}
var systemSets = System.SetAdapter.SaveSets(System);
foreach (var set in _sets)
{
var systemSet = systemSets.GetSetByName(set.Name);
if (systemSet == null)
{
//Add
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode);
}
else
{
//Update if applicable
if (!systemSet.SetEquals(set))
{
System.SetAdapter.DestroySet(set.Name);
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode);
}
}
if (set.SyncMode == IpSetSyncMode.SetAndEntries)
{
var distinctEntries = set.Entries.Distinct().ToList();
try
{
foreach (var entry in distinctEntries)
{
try
{
var systemEntry = systemSet.Entries.FirstOrDefault((a) => a.KeyEquals(entry));
if (systemEntry == null)
{
System.SetAdapter.AddEntry(entry);
}
}
catch (Exception ex)
{
throw;
}
}
foreach (var entry in systemSet.Entries)
{
IpSetEntry entry1 = entry;
var memEntry = distinctEntries.FirstOrDefault(((a) => a.KeyEquals(entry1)));
if (memEntry == null)
{
System.SetAdapter.DeleteEntry(entry);
}
}
}
catch (Exception ex)
{
throw new IpTablesNetException(String.Format("An exception occured while adding or removing on entries of set {0} message:{1}", set.Name, ex.Message), ex);
}
}
}
if (canDeleteSet != null)
{
foreach (var set in systemSets.Sets)
{
if (_sets.FirstOrDefault((a) => a.Name == set.Name) == null && canDeleteSet(set))
{
System.SetAdapter.DestroySet(set.Name);
}
}
}
if (transactional)
{
//End Transaction: COMMIT
if (!System.SetAdapter.EndTransactionCommit())
{
throw new IpTablesNetException("Failed to commit IPSets");
}
}
}
/// <summary>
/// Sync with an IPTables system
/// </summary>
/// <param name="canDeleteSet"></param>
/// <param name="transactional"></param>
public void Sync(
Func <IpSetSet, bool> canDeleteSet = null, bool transactional = true)
{
if (transactional)
{
//Start transaction
System.SetAdapter.StartTransaction();
}
var systemSets = System.SetAdapter.SaveSets(System);
foreach (var set in _sets.Values)
{
var systemSet = systemSets.GetSetByName(set.Name);
if (systemSet == null)
{
//Add
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode, set.BitmapRange, set.CreateOptions);
}
else
{
//Update if applicable
if (!systemSet.SetEquals(set))
{
System.SetAdapter.DestroySet(set.Name);
System.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, "inet", System, set.SyncMode, set.BitmapRange, set.CreateOptions, set.Entries);
}
}
if (set.SyncMode == IpSetSyncMode.SetAndEntries)
{
HashSet <IpSetEntry> indexedEntries = new HashSet <IpSetEntry>(set.Entries, new IpSetEntryKeyComparer());
HashSet <IpSetEntry> systemEntries = new HashSet <IpSetEntry>(systemSet.Entries, new IpSetEntryKeyComparer());
try
{
foreach (var entry in indexedEntries)
{
if (!systemEntries.Remove(entry))
{
System.SetAdapter.AddEntry(entry);
}
}
foreach (var entry in systemEntries)
{
System.SetAdapter.DeleteEntry(entry);
}
}
catch (Exception ex)
{
throw new IpTablesNetException(String.Format("An exception occured while adding or removing on entries of set {0} message:{1}", set.Name, ex.Message), ex);
}
}
}
if (canDeleteSet != null)
{
foreach (var set in systemSets.Sets)
{
if (!_sets.ContainsKey(set.Name) && canDeleteSet(set))
{
System.SetAdapter.DestroySet(set.Name);
}
}
}
if (transactional)
{
//End Transaction: COMMIT
if (!System.SetAdapter.EndTransactionCommit())
{
throw new IpTablesNetException("Failed to commit IPSets");
}
}
}
public void AddSet(IpSetSet set)
{
_sets.Add(set);
}
public static IpSetEntry ParseFromParts(IpSetSet set, String value)
{
var entry = new IpSetEntry(set);
IpSetEntryParser.ParseEntry(entry, value);
return entry;
}
/// <summary>
/// Sync with an IPTables system
/// </summary>
/// <param name="canDeleteSet"></param>
/// <param name="transactional"></param>
public void Sync(
Func<IpSetSet, bool> canDeleteSet = null, bool transactional = true)
{
if (transactional)
{
//Start transaction
_system.SetAdapter.StartTransaction();
}
var systemSets = _system.SetAdapter.SaveSets(_system);
foreach (var set in _sets)
{
var systemSet = systemSets.GetSetByName(set.Name);
if (systemSet == null)
{
//Add
_system.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, _system, set.SyncMode);
}
else
{
//Update if applicable
if (!systemSet.SetEquals(set))
{
_system.SetAdapter.DestroySet(set.Name);
_system.SetAdapter.CreateSet(set);
systemSet = new IpSetSet(set.Type, set.Name, set.Timeout, _system, set.SyncMode);
}
}
if (set.SyncMode == IpSetSyncMode.SetAndEntries)
{
foreach (var entry in set.Entries)
{
try
{
var systemEntry = systemSet.Entries.FirstOrDefault((a) => a.KeyEquals(entry));
if (systemEntry == null)
{
_system.SetAdapter.AddEntry(entry);
}
}
catch (Exception ex)
{
Console.WriteLine(entry.Port);
Console.WriteLine(systemSet.Entries.Count);
throw;
}
}
foreach (var entry in systemSet.Entries)
{
IpSetEntry entry1 = entry;
var memEntry = set.Entries.FirstOrDefault(((a) => a.KeyEquals(entry1)));
if (memEntry == null)
{
_system.SetAdapter.DeleteEntry(entry);
}
}
}
}
if (canDeleteSet != null)
{
foreach (var set in systemSets.Sets)
{
if (_sets.FirstOrDefault((a) => a.Name == set.Name) == null && canDeleteSet(set))
{
_system.SetAdapter.DestroySet(set.Name);
}
}
}
if (transactional)
{
//End Transaction: COMMIT
_system.SetAdapter.EndTransactionCommit();
}
}