Compare method and EqualityComparers for rule

splitice · May 10, 2020 · 18dc969 · 18dc969
1 parent b75bc64
commit 18dc969
Show file tree

Hide file tree

Showing 20 changed files with 135 additions and 98 deletions.
diff --git a/IPTables.Net.Tests/IpTablesComparisonTests.cs b/IPTables.Net.Tests/IpTablesComparisonTests.cs
@@ -27,7 +27,7 @@ public void TestComparisonMultiport()
             IpTablesRule r1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule r2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.IsTrue(r1.Equals(r2));
+            Assert.IsTrue(r1.Compare(r2));
         }
 
         [Test]
@@ -42,7 +42,7 @@ public void TestLimitComparison()
 
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule2, irule);
+            Assert.IsTrue(irule2.Compare(irule));
         }
 
         [Test]
@@ -57,7 +57,7 @@ public void TestDifficultCharacters()
 
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule2, irule);
+            Assert.IsTrue(irule2.Compare(irule));
         }
     }
 }
diff --git a/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs b/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs
@@ -26,7 +26,7 @@ internal void TestApply(IpTablesRuleSet rulesOrig, IpTablesRuleSet rulesSynced,
             catch (Exception ex)
             {
                 Console.WriteLine("Sync:");
-                DumpRuleset(rulesOrig);
+                DumpRuleset(rulesSynced);
                 Console.WriteLine("New:");
                 DumpRuleset(rulesNew);
                 throw;
@@ -540,6 +540,45 @@ public void TestUpdateMiddle()
             }
         }
 
+        [Test]
+        public void TestUpdateUnlabelled()
+        {
+            var mock = new MockIptablesSystemFactory();
+            var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter());
+
+            IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>()
+                                               {
+                                                   "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
+                                               }, system);
+            IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>()
+                                               {
+                                                   "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 11",
+                                                   "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2"
+                                               }, system);
+
+            List<String> expectedCommands = new List<String>
+                                            {
+                                                "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), rulesNew.Chains.First().Rules[2].GetActionCommand("-R"), "COMMIT"
+                                            };
+
+
+            using (var client = system.GetTableAdapter(4))
+            {
+                var sync = new DefaultNetfilterSync<IpTablesRule>();
+                var rulesSynced = rulesOriginal.DeepClone();
+                mock.TestSync(client, rulesSynced, rulesNew, sync);
+                var output = (client as IMockIpTablesRestoreGetOutput).GetOutput();
+                CollectionAssert.AreEqual(expectedCommands, output);
+
+                TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands);
+            }
+        }
+
 
         [Test]
         public void TestUpdateMiddleTwo()

diff --git a/IPTables.Net.Tests/SingleCommentRuleParseTests.cs b/IPTables.Net.Tests/SingleCommentRuleParseTests.cs
@@ -28,7 +28,7 @@ public void TestDropFragmentedTcpDnsWithCommentEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]

diff --git a/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs
@@ -27,7 +27,7 @@ public void TestDropConnectionLimitEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs b/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs
@@ -18,7 +18,7 @@ public void TestParse()
             IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4);
 
             irule2.Equals(irule1);
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SingleCoreRuleParseTests.cs b/IPTables.Net.Tests/SingleCoreRuleParseTests.cs
@@ -71,7 +71,7 @@ public void TestCoreDropingDestinationEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]
@@ -83,7 +83,7 @@ public void TestCoreDropingInterfaceEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]
@@ -95,7 +95,7 @@ public void TestCoreDropingSourceEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]
@@ -107,7 +107,7 @@ public void TestCoreDropingUdpEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]
@@ -119,7 +119,7 @@ public void TestCoreFragmentingEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SingleDnatParseTests.cs b/IPTables.Net.Tests/SingleDnatParseTests.cs
@@ -17,7 +17,7 @@ public void DnatTest1()
             IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
 
             Assert.AreEqual(rule, irule.GetActionCommand());
-            Assert.AreEqual(irule, IpTablesRule.Parse(rule, null, chains, 4));
+            Assert.IsTrue(irule.Compare(IpTablesRule.Parse(rule, null, chains, 4)));
         }
 
     }

diff --git a/IPTables.Net.Tests/SingleDnatRuleParseTests.cs b/IPTables.Net.Tests/SingleDnatRuleParseTests.cs
@@ -27,7 +27,7 @@ public void TestDnatRangeSourceAndEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
             Assert.AreEqual(rule, irule1.GetActionCommand());
             Assert.AreEqual(rule, irule2.GetActionCommand());
         }

diff --git a/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs
@@ -13,7 +13,7 @@ public void TestCompare1()
             String rule = "-A ABC -m hashlimit --hashlimit-name aaaaaaaaaaaaaaaaaaaaaa --hashlimit-above 125/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -j AVS";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4)));
         }
 
         [Test]
@@ -23,7 +23,7 @@ public void TestCompare2()
             String rule2 = "-A AAAA -t raw -m hashlimit --hashlimit-above 111/sec --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-name synflood_spoofe --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-gcinterval 600 --hashlimit-htable-expire 6 -g AA";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains)));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SingleMarkRuleParseTests.cs b/IPTables.Net.Tests/SingleMarkRuleParseTests.cs
@@ -17,7 +17,7 @@ public void MatchMarkDec()
             IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
 
             Assert.AreEqual(ruleExpect, irule.GetActionCommand());
-            Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule);
+            Assert.IsTrue(IpTablesRule.Parse(ruleExpect, null, chains, 4).Compare(irule));
         }
 
         [Test]
@@ -30,7 +30,7 @@ public void MatchMarkHex()
             IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
 
             Assert.AreEqual(ruleExpect, irule.GetActionCommand());
-            Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule);
+            Assert.IsTrue(IpTablesRule.Parse(ruleExpect, null, chains, 4).Compare(irule));
         }
 
 

diff --git a/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs b/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs
@@ -28,7 +28,7 @@ public void TestQuote()
             IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
 
             Assert.AreEqual(rule2, irule.GetActionCommand());
-            Assert.AreEqual(IpTablesRule.Parse(rule2, null, chains, 4), irule);
+            Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule));
         }
 
         [Test]
@@ -41,7 +41,7 @@ public void TestDoubleSpace()
             IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4);
 
             Assert.AreEqual(rule2, irule.GetActionCommand());
-            Assert.AreEqual(IpTablesRule.Parse(rule2, null, chains, 4), irule);
+            Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SinglePolyfillTests.cs b/IPTables.Net.Tests/SinglePolyfillTests.cs
@@ -47,7 +47,7 @@ public void TestPolyfillArgumentsComparison1()
             String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4)));
         }
 
         [Test]
@@ -57,7 +57,7 @@ public void TestPolyfillArgumentsComparison2()
                 "-A INPUT -m unknown --unknown --unknown-2 1111 -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4)));
         }
 
         [Test]
@@ -69,7 +69,7 @@ public void TestPolyfillArgumentsComparison3()
                 "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains)));
         }
 
         [Test]
@@ -81,7 +81,7 @@ public void TestPolyfillArgumentsComparison4()
                 "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains)));
         }
 
         public void TestPolyfillArgumentsComparison5()

diff --git a/IPTables.Net.Tests/SingleRecentRuleParseTests.cs b/IPTables.Net.Tests/SingleRecentRuleParseTests.cs
@@ -35,7 +35,7 @@ public void TestCompare1()
             String rule = "-A ATTK_CHECK -m recent --rcheck --name BANNED --seconds 180 --reap --rttl -j ATTACKED";
             IpTablesChainSet chains = new IpTablesChainSet(4);
 
-            Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4));
+            Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4)));
         }
     }
 }
diff --git a/IPTables.Net.Tests/SingleSnatRuleParseTests.cs b/IPTables.Net.Tests/SingleSnatRuleParseTests.cs
@@ -27,7 +27,7 @@ public void TestSnatRangeSourceAndEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
             Assert.AreEqual(rule, irule1.GetActionCommand());
             Assert.AreEqual(rule, irule2.GetActionCommand());
         }

diff --git a/IPTables.Net.Tests/SingleTcpRuleParseTests.cs b/IPTables.Net.Tests/SingleTcpRuleParseTests.cs
@@ -27,7 +27,7 @@ public void TestDropFragmentedTcpDnsEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]
@@ -39,7 +39,7 @@ public void TestCoreSportEquality()
             IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4);
             IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4);
 
-            Assert.AreEqual(irule1, irule2);
+            Assert.IsTrue(irule2.Compare(irule1));
         }
 
         [Test]

diff --git a/IPTables.Net/Iptables/IpTablesChain.cs b/IPTables.Net/Iptables/IpTablesChain.cs
@@ -166,9 +166,10 @@ public override int GetHashCode()
             }
         }
 
-        public bool CompareRules(IpTablesChain ipTablesChain)
+        public bool CompareRules(IpTablesChain ipTablesChain, IEqualityComparer<IpTablesRule> eqc = null)
         {
-            return Enumerable.SequenceEqual(_rules, ipTablesChain._rules);
+            eqc = eqc ?? new IpTablesRule.ValueComparison();
+            return Enumerable.SequenceEqual(_rules, ipTablesChain._rules, eqc);
         }
     }
 }