From 18dc96956da7595e7a207b8f97a6cdf03f327cd4 Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Sun, 10 May 2020 16:16:54 +1000 Subject: [PATCH] Compare method and EqualityComparers for rule --- IPTables.Net.Tests/IpTablesComparisonTests.cs | 6 +- .../IpTablesRestoreSyncTests.cs | 41 ++++++- .../SingleCommentRuleParseTests.cs | 2 +- .../SingleConnlimitRuleParseTests.cs | 2 +- .../SingleConntrackRuleParseTests.cs | 2 +- .../SingleCoreRuleParseTests.cs | 10 +- IPTables.Net.Tests/SingleDnatParseTests.cs | 2 +- .../SingleDnatRuleParseTests.cs | 2 +- .../SingleHashlimitRuleParseTests.cs | 4 +- .../SingleMarkRuleParseTests.cs | 4 +- .../SingleNfacctRuleParseTests.cs | 4 +- IPTables.Net.Tests/SinglePolyfillTests.cs | 8 +- .../SingleRecentRuleParseTests.cs | 2 +- .../SingleSnatRuleParseTests.cs | 2 +- IPTables.Net.Tests/SingleTcpRuleParseTests.cs | 4 +- IPTables.Net/Iptables/IpTablesChain.cs | 5 +- IPTables.Net/Iptables/IpTablesRule.cs | 110 +++++++++--------- IPTables.Net/Iptables/IpTablesRuleSet.cs | 4 +- IPTables.Net/Netfilter/INetfilterRule.cs | 1 - .../TableSync/DefaultNetfilterSync.cs | 18 +-- 20 files changed, 135 insertions(+), 98 deletions(-) diff --git a/IPTables.Net.Tests/IpTablesComparisonTests.cs b/IPTables.Net.Tests/IpTablesComparisonTests.cs index 34e16f8..a6c5dd2 100644 --- a/IPTables.Net.Tests/IpTablesComparisonTests.cs +++ b/IPTables.Net.Tests/IpTablesComparisonTests.cs @@ -27,7 +27,7 @@ public void TestComparisonMultiport() IpTablesRule r1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule r2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.IsTrue(r1.Equals(r2)); + Assert.IsTrue(r1.Compare(r2)); } [Test] @@ -42,7 +42,7 @@ public void TestLimitComparison() IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule2, irule); + Assert.IsTrue(irule2.Compare(irule)); } [Test] @@ -57,7 +57,7 @@ public void TestDifficultCharacters() IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule2, irule); + Assert.IsTrue(irule2.Compare(irule)); } } } diff --git a/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs b/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs index 306f214..a16f642 100644 --- a/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs +++ b/IPTables.Net.Tests/IpTablesRestoreSyncTests.cs @@ -26,7 +26,7 @@ internal void TestApply(IpTablesRuleSet rulesOrig, IpTablesRuleSet rulesSynced, catch (Exception ex) { Console.WriteLine("Sync:"); - DumpRuleset(rulesOrig); + DumpRuleset(rulesSynced); Console.WriteLine("New:"); DumpRuleset(rulesNew); throw; @@ -540,6 +540,45 @@ public void TestUpdateMiddle() } } + [Test] + public void TestUpdateUnlabelled() + { + var mock = new MockIptablesSystemFactory(); + var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); + + IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List() + { + "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" + }, system); + IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List() + { + "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 11", + "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" + }, system); + + List expectedCommands = new List + { + "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), rulesNew.Chains.First().Rules[2].GetActionCommand("-R"), "COMMIT" + }; + + + using (var client = system.GetTableAdapter(4)) + { + var sync = new DefaultNetfilterSync(); + var rulesSynced = rulesOriginal.DeepClone(); + mock.TestSync(client, rulesSynced, rulesNew, sync); + var output = (client as IMockIpTablesRestoreGetOutput).GetOutput(); + CollectionAssert.AreEqual(expectedCommands, output); + + TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); + } + } + [Test] public void TestUpdateMiddleTwo() diff --git a/IPTables.Net.Tests/SingleCommentRuleParseTests.cs b/IPTables.Net.Tests/SingleCommentRuleParseTests.cs index 5d1ff72..900fa1b 100644 --- a/IPTables.Net.Tests/SingleCommentRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleCommentRuleParseTests.cs @@ -28,7 +28,7 @@ public void TestDropFragmentedTcpDnsWithCommentEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] diff --git a/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs index 2d17ce9..6c4323e 100644 --- a/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs @@ -27,7 +27,7 @@ public void TestDropConnectionLimitEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs b/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs index 4287a1e..751c867 100644 --- a/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs @@ -18,7 +18,7 @@ public void TestParse() IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); irule2.Equals(irule1); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SingleCoreRuleParseTests.cs b/IPTables.Net.Tests/SingleCoreRuleParseTests.cs index 637c8b5..4583d83 100644 --- a/IPTables.Net.Tests/SingleCoreRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleCoreRuleParseTests.cs @@ -71,7 +71,7 @@ public void TestCoreDropingDestinationEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] @@ -83,7 +83,7 @@ public void TestCoreDropingInterfaceEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] @@ -95,7 +95,7 @@ public void TestCoreDropingSourceEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] @@ -107,7 +107,7 @@ public void TestCoreDropingUdpEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] @@ -119,7 +119,7 @@ public void TestCoreFragmentingEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SingleDnatParseTests.cs b/IPTables.Net.Tests/SingleDnatParseTests.cs index fd42ccb..03af8de 100644 --- a/IPTables.Net.Tests/SingleDnatParseTests.cs +++ b/IPTables.Net.Tests/SingleDnatParseTests.cs @@ -17,7 +17,7 @@ public void DnatTest1() IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); - Assert.AreEqual(irule, IpTablesRule.Parse(rule, null, chains, 4)); + Assert.IsTrue(irule.Compare(IpTablesRule.Parse(rule, null, chains, 4))); } } diff --git a/IPTables.Net.Tests/SingleDnatRuleParseTests.cs b/IPTables.Net.Tests/SingleDnatRuleParseTests.cs index d1e622e..4d7e009 100644 --- a/IPTables.Net.Tests/SingleDnatRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleDnatRuleParseTests.cs @@ -27,7 +27,7 @@ public void TestDnatRangeSourceAndEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); } diff --git a/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs index 46cdf3b..95e1aa1 100644 --- a/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs @@ -13,7 +13,7 @@ public void TestCompare1() String rule = "-A ABC -m hashlimit --hashlimit-name aaaaaaaaaaaaaaaaaaaaaa --hashlimit-above 125/second --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-expire 6 --hashlimit-htable-gcinterval 600 -j AVS"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4))); } [Test] @@ -23,7 +23,7 @@ public void TestCompare2() String rule2 = "-A AAAA -t raw -m hashlimit --hashlimit-above 111/sec --hashlimit-burst 500 --hashlimit-mode dstip,dstport --hashlimit-name synflood_spoofe --hashlimit-htable-size 65000 --hashlimit-htable-max 30000 --hashlimit-htable-gcinterval 600 --hashlimit-htable-expire 6 -g AA"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains))); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SingleMarkRuleParseTests.cs b/IPTables.Net.Tests/SingleMarkRuleParseTests.cs index 0a58ce9..209cc06 100644 --- a/IPTables.Net.Tests/SingleMarkRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleMarkRuleParseTests.cs @@ -17,7 +17,7 @@ public void MatchMarkDec() IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); - Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule); + Assert.IsTrue(IpTablesRule.Parse(ruleExpect, null, chains, 4).Compare(irule)); } [Test] @@ -30,7 +30,7 @@ public void MatchMarkHex() IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); - Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule); + Assert.IsTrue(IpTablesRule.Parse(ruleExpect, null, chains, 4).Compare(irule)); } diff --git a/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs b/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs index 86c7764..e389274 100644 --- a/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs @@ -28,7 +28,7 @@ public void TestQuote() IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule2, irule.GetActionCommand()); - Assert.AreEqual(IpTablesRule.Parse(rule2, null, chains, 4), irule); + Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule)); } [Test] @@ -41,7 +41,7 @@ public void TestDoubleSpace() IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule2, irule.GetActionCommand()); - Assert.AreEqual(IpTablesRule.Parse(rule2, null, chains, 4), irule); + Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule)); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SinglePolyfillTests.cs b/IPTables.Net.Tests/SinglePolyfillTests.cs index dfeff2c..1055e76 100644 --- a/IPTables.Net.Tests/SinglePolyfillTests.cs +++ b/IPTables.Net.Tests/SinglePolyfillTests.cs @@ -47,7 +47,7 @@ public void TestPolyfillArgumentsComparison1() String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4))); } [Test] @@ -57,7 +57,7 @@ public void TestPolyfillArgumentsComparison2() "-A INPUT -m unknown --unknown --unknown-2 1111 -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4))); } [Test] @@ -69,7 +69,7 @@ public void TestPolyfillArgumentsComparison3() "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains))); } [Test] @@ -81,7 +81,7 @@ public void TestPolyfillArgumentsComparison4() "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains))); } public void TestPolyfillArgumentsComparison5() diff --git a/IPTables.Net.Tests/SingleRecentRuleParseTests.cs b/IPTables.Net.Tests/SingleRecentRuleParseTests.cs index 0b1a674..9c870ec 100644 --- a/IPTables.Net.Tests/SingleRecentRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleRecentRuleParseTests.cs @@ -35,7 +35,7 @@ public void TestCompare1() String rule = "-A ATTK_CHECK -m recent --rcheck --name BANNED --seconds 180 --reap --rttl -j ATTACKED"; IpTablesChainSet chains = new IpTablesChainSet(4); - Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule, null, chains, 4)); + Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4))); } } } \ No newline at end of file diff --git a/IPTables.Net.Tests/SingleSnatRuleParseTests.cs b/IPTables.Net.Tests/SingleSnatRuleParseTests.cs index 1b3ae65..ee03144 100644 --- a/IPTables.Net.Tests/SingleSnatRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleSnatRuleParseTests.cs @@ -27,7 +27,7 @@ public void TestSnatRangeSourceAndEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); } diff --git a/IPTables.Net.Tests/SingleTcpRuleParseTests.cs b/IPTables.Net.Tests/SingleTcpRuleParseTests.cs index 773aad2..f50820f 100644 --- a/IPTables.Net.Tests/SingleTcpRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleTcpRuleParseTests.cs @@ -27,7 +27,7 @@ public void TestDropFragmentedTcpDnsEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] @@ -39,7 +39,7 @@ public void TestCoreSportEquality() IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); - Assert.AreEqual(irule1, irule2); + Assert.IsTrue(irule2.Compare(irule1)); } [Test] diff --git a/IPTables.Net/Iptables/IpTablesChain.cs b/IPTables.Net/Iptables/IpTablesChain.cs index 9728287..ae20d62 100644 --- a/IPTables.Net/Iptables/IpTablesChain.cs +++ b/IPTables.Net/Iptables/IpTablesChain.cs @@ -166,9 +166,10 @@ public override int GetHashCode() } } - public bool CompareRules(IpTablesChain ipTablesChain) + public bool CompareRules(IpTablesChain ipTablesChain, IEqualityComparer eqc = null) { - return Enumerable.SequenceEqual(_rules, ipTablesChain._rules); + eqc = eqc ?? new IpTablesRule.ValueComparison(); + return Enumerable.SequenceEqual(_rules, ipTablesChain._rules, eqc); } } } \ No newline at end of file diff --git a/IPTables.Net/Iptables/IpTablesRule.cs b/IPTables.Net/Iptables/IpTablesRule.cs index 9860a04..d304df5 100644 --- a/IPTables.Net/Iptables/IpTablesRule.cs +++ b/IPTables.Net/Iptables/IpTablesRule.cs @@ -12,7 +12,7 @@ namespace IPTables.Net.Iptables /// /// An IPTables Rule, which is tied to a specific system (ready to be added, removed, updated etc) /// - public class IpTablesRule : IEquatable, INetfilterRule + public class IpTablesRule : INetfilterRule { public enum ChainCreateMode { @@ -21,6 +21,51 @@ public enum ChainCreateMode ReturnNewChain } + public class ValueComparison : IEqualityComparer, IEqualityComparer + { + public bool Equals(IpTablesRule x, IpTablesRule y) + { + return x.Compare(y); + } + + public int GetHashCode(IpTablesRule obj) + { + throw new NotImplementedException(); + } + + public bool Equals(INetfilterRule x, INetfilterRule y) + { + if (x.GetType() != y.GetType()) + { + return false; + } + + var xI = (IpTablesRule) x; + return Equals(xI, y as IpTablesRule); + } + + public int GetHashCode(INetfilterRule obj) + { + throw new NotImplementedException(); + } + } + + public class DebugComparison: ValueComparison + { + public new bool Equals(IpTablesRule x, IpTablesRule y) + { + var ret = base.Equals(x, y); + if (!ret) + { + var diff = x._moduleData.DictionaryDiffering(y.ModuleDataInternal); + Console.WriteLine("1: {0}\r\n2: {1}\r\nDifference: {2}", x.GetActionCommand(), y.GetActionCommand(), + diff); + } + + return ret; + } + } + #region Fields private bool _cow; @@ -144,63 +189,13 @@ public IEnumerable ModuleData #endregion #region Methods - - /// - /// Equality comparison, for this to be equal the module data must match - /// - /// - /// - public bool DebugEquals(IpTablesRule rule, bool debug) - { - if (!Chain.Equals(rule.Chain)) - { - return false; - } - - var diff = _moduleData.DictionaryDiffering(rule.ModuleDataInternal); - var ret = diff == default(string); - if (debug && !ret) - { - Console.WriteLine("1: {0}\r\n2: {1}\r\nDifference: {2}", GetActionCommand(), rule.GetActionCommand(), - diff); - } - - return ret; - } + public INetfilterRule ShallowClone() { return new IpTablesRule(this); } - - - public bool DebugEquals(INetfilterRule obj, bool debug) - { - if (obj is IpTablesRule) - { - return DebugEquals(obj as IpTablesRule, debug); - } - - return Equals(obj); - } - - - public bool Equals(IpTablesRule other) - { - return DebugEquals(other, false); - } - - public override bool Equals(object obj) - { - if (obj is IpTablesRule) - { - return Equals(obj as IpTablesRule); - } - - return base.Equals(obj); - } - /// /// Get the command parameters that would be necessary to define this rule /// @@ -524,5 +519,16 @@ internal void LoadModule(ModuleEntry entry) { GetModuleForParseInternal(entry.Name, entry.Activator, Chain.IpVersion); } + + public bool Compare(IpTablesRule y) + { + if (!Chain.Equals(y.Chain)) + { + return false; + } + + var diff = _moduleData.DictionaryDiffering(y.ModuleDataInternal); + return diff == default(string); + } } } \ No newline at end of file diff --git a/IPTables.Net/Iptables/IpTablesRuleSet.cs b/IPTables.Net/Iptables/IpTablesRuleSet.cs index 4e8d931..30b0585 100644 --- a/IPTables.Net/Iptables/IpTablesRuleSet.cs +++ b/IPTables.Net/Iptables/IpTablesRuleSet.cs @@ -12,7 +12,7 @@ namespace IPTables.Net.Iptables /// /// A List of rules (and chains!) in an IPTables system /// - public class IpTablesRuleSet + public class IpTablesRuleSet: IEquatable { #region Fields /// @@ -284,7 +284,7 @@ public void Sync(INetfilterSync sync, #endregion - protected bool Equals(IpTablesRuleSet other) + public bool Equals(IpTablesRuleSet other) { return _chains.Equals(other._chains) && Equals(_system, other._system) && _ipVersion == other._ipVersion; } diff --git a/IPTables.Net/Netfilter/INetfilterRule.cs b/IPTables.Net/Netfilter/INetfilterRule.cs index e30848b..90dbdd4 100644 --- a/IPTables.Net/Netfilter/INetfilterRule.cs +++ b/IPTables.Net/Netfilter/INetfilterRule.cs @@ -23,6 +23,5 @@ public interface INetfilterRule INetfilterChain Chain { get; set; } INetfilterRule ShallowClone(); - bool DebugEquals(INetfilterRule rule, bool debug); } } diff --git a/IPTables.Net/Netfilter/TableSync/DefaultNetfilterSync.cs b/IPTables.Net/Netfilter/TableSync/DefaultNetfilterSync.cs index 0435c81..1145f83 100644 --- a/IPTables.Net/Netfilter/TableSync/DefaultNetfilterSync.cs +++ b/IPTables.Net/Netfilter/TableSync/DefaultNetfilterSync.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using IPTables.Net.Iptables; namespace IPTables.Net.Netfilter.TableSync { @@ -25,7 +26,7 @@ public Func ShouldDelete } private Func _ruleComparerForUpdate; - private bool _debug; + private IEqualityComparer _comparer = null; public Func RuleComparerForUpdate { @@ -43,11 +44,11 @@ public Func RuleComparerForUpdate } } - public DefaultNetfilterSync(Func ruleComparerForUpdate = null, Func shouldDelete = null, bool debug = false) + public DefaultNetfilterSync(Func ruleComparerForUpdate = null, Func shouldDelete = null, IEqualityComparer comparer = null) { ShouldDelete = shouldDelete; RuleComparerForUpdate = ruleComparerForUpdate; - _debug = debug; + _comparer = comparer ?? new IpTablesRule.ValueComparison(); } public void SyncChainRules(INetfilterAdapterClient client, IEnumerable with, INetfilterChain chain) @@ -74,16 +75,7 @@ public void SyncChainRules(INetfilterAdapterClient client, IEnumerable with, //Get the rule for comparison T withRule = with.ElementAt(i); - bool eq; - if (_debug) - { - eq = cR.DebugEquals(withRule, true); - } - else - { - eq = cR.Equals(withRule); - } - + bool eq = _comparer.Equals(cR,withRule); if (eq) { //No need to make any changes