From 0c5858ab8ab793ef004b643e18d6d12855c41122 Mon Sep 17 00:00:00 2001 From: Mathew Date: Tue, 23 Jun 2026 02:58:29 +0000 Subject: [PATCH] expand testing --- IPTables.Net.Tests/RuleParseAssert.cs | 21 ++++++++++ IPTables.Net.Tests/SingleBpfRuleParseTests.cs | 11 +++++ .../SingleCommentRuleParseTests.cs | 8 +++- .../SingleConnlimitRuleParseTests.cs | 12 +++++- .../SingleConnmarkRuleParseTests.cs | 14 ++++++- .../SingleConntrackRuleParseTests.cs | 13 +++++- .../SingleCoreRuleParseTests.cs | 23 ++++++++++- .../SingleDevgroupRuleParseTests.cs | 16 ++++++++ .../SingleDnatRuleParseTests.cs | 12 +++++- .../SingleDynjmpRuleParseTests.cs | 13 ++++++ .../SingleHashlimitRuleParseTests.cs | 11 ++++- .../SingleHelperRuleParseTests.cs | 8 +++- .../SingleIpSetRuleParseTests.cs | 31 +++++++++++++- .../SingleLengthRuleParseTests.cs | 8 +++- IPTables.Net.Tests/SingleLimitParseTests.cs | 13 +++++- IPTables.Net.Tests/SingleLogRuleParseTests.cs | 10 ++++- .../SingleMarkRuleParseTests.cs | 14 ++++++- IPTables.Net.Tests/SingleMssRuleParseTests.cs | 11 ++++- .../SingleMultiportRuleParseTests.cs | 18 ++++++++- .../SingleNetflowRuleParseTests.cs | 40 +++++-------------- .../SingleNfacctRuleParseTests.cs | 10 ++++- .../SingleNflogRuleParseTests.cs | 12 +++++- .../SingleNqueueRuleParseTests.cs | 10 ++++- .../SingleRecentRuleParseTests.cs | 13 +++++- IPTables.Net.Tests/SingleRejectTargetTests.cs | 8 +++- IPTables.Net.Tests/SingleRtsParseTests.cs | 8 +++- .../SingleSdnatRuleParseTests.cs | 16 +++++++- .../SingleSnatRuleParseTests.cs | 12 +++++- .../SingleSocketRuleParseTests.cs | 11 +++++ .../SingleStateRuleParseTests.cs | 16 ++++++++ .../SingleStatisticParseTests.cs | 10 ++++- .../SingleStringRuleParseTests.cs | 15 +++++++ .../SingleTProxyRuleParseTests.cs | 15 +++++++ IPTables.Net.Tests/SingleTcpRuleParseTests.cs | 24 ++++++++++- .../SingleTs3InitRuleParseTests.cs | 16 ++++++++ IPTables.Net.Tests/SingleTtlRuleParseTests.cs | 11 +++++ IPTables.Net.Tests/SingleU32RuleParseTests.cs | 13 ++++++ IPTables.Net.Tests/SingleUdpRuleParseTests.cs | 15 +++++++ .../Iptables/Modules/Core/CoreModule.cs | 14 ++++++- .../Iptables/Modules/Ct/CtTargetModule.cs | 5 ++- .../Modules/StringMatch/StringModule.cs | 4 +- 41 files changed, 504 insertions(+), 61 deletions(-) create mode 100644 IPTables.Net.Tests/RuleParseAssert.cs create mode 100644 IPTables.Net.Tests/SingleBpfRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleDevgroupRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleDynjmpRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleSocketRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleStateRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleStringRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleTProxyRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleTs3InitRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleTtlRuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleU32RuleParseTests.cs create mode 100644 IPTables.Net.Tests/SingleUdpRuleParseTests.cs diff --git a/IPTables.Net.Tests/RuleParseAssert.cs b/IPTables.Net.Tests/RuleParseAssert.cs new file mode 100644 index 0000000..ca71293 --- /dev/null +++ b/IPTables.Net.Tests/RuleParseAssert.cs @@ -0,0 +1,21 @@ +using IPTables.Net.Iptables; + +namespace IPTables.Net.Tests +{ + internal static class RuleParseAssert + { + public static IpTablesRule RoundTrips(string input, string expected = null, int version = 4) + { + expected = expected ?? input; + + var rule = IpTablesRule.Parse(input, null, new IpTablesChainSet(version), version); + Assert.Equal(expected, rule.GetActionCommand()); + + var reparsed = IpTablesRule.Parse(expected, null, new IpTablesChainSet(version), version); + Assert.True(reparsed.Compare(rule), "Rendered rule should parse back to the same model: " + expected); + Assert.Equal(expected, reparsed.GetActionCommand()); + + return rule; + } + } +} diff --git a/IPTables.Net.Tests/SingleBpfRuleParseTests.cs b/IPTables.Net.Tests/SingleBpfRuleParseTests.cs new file mode 100644 index 0000000..e478515 --- /dev/null +++ b/IPTables.Net.Tests/SingleBpfRuleParseTests.cs @@ -0,0 +1,11 @@ +namespace IPTables.Net.Tests +{ + public class SingleBpfRuleParseTests + { + [Fact] + public void TestBpfBytecodeRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -m bpf --bytecode 1,6,0,0,262144"); + } + } +} diff --git a/IPTables.Net.Tests/SingleCommentRuleParseTests.cs b/IPTables.Net.Tests/SingleCommentRuleParseTests.cs index 31a5523..e07d533 100644 --- a/IPTables.Net.Tests/SingleCommentRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleCommentRuleParseTests.cs @@ -54,5 +54,11 @@ public void TestAddCommentAfter() Assert.Equal(rule2, irule1.GetActionCommand()); } + + [Fact] + public void TestCommentRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -m comment --comment 'this is a test rule'"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs index a54d76a..a52cdae 100644 --- a/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleConnlimitRuleParseTests.cs @@ -27,5 +27,15 @@ public void TestDropConnectionLimitEquality() Assert.True(irule2.Compare(irule1)); } + + [Theory] + [InlineData("-A INPUT -p tcp -m connlimit --connlimit-upto 5", "-A INPUT -p tcp -m connlimit --connlimit-upto 5")] + [InlineData("-A INPUT -p tcp -m connlimit --connlimit-above 10 --connlimit-mask 24", "-A INPUT -p tcp -m connlimit --connlimit-above 10 --connlimit-mask 24")] + [InlineData("-A INPUT -p tcp -m connlimit --connlimit-above 10 --connlimit-daddr", "-A INPUT -p tcp -m connlimit --connlimit-above 10 --connlimit-daddr")] + [InlineData("-A INPUT -p tcp -m connlimit --connlimit-above 10 --connlimit-saddr", "-A INPUT -p tcp -m connlimit --connlimit-above 10")] + public void TestConnlimitOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleConnmarkRuleParseTests.cs b/IPTables.Net.Tests/SingleConnmarkRuleParseTests.cs index 7c72fb1..a96f2ad 100644 --- a/IPTables.Net.Tests/SingleConnmarkRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleConnmarkRuleParseTests.cs @@ -154,5 +154,17 @@ public void TestRestoreMark() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -m connmark ! --mark 0xFF", "-A INPUT -m connmark ! --mark 0xFF")] + [InlineData("-A INPUT -j CONNMARK --set-mark 0xFF", "-A INPUT -j CONNMARK --set-xmark 0xFF")] + [InlineData("-A INPUT -j CONNMARK --and-mark 0x0", "-A INPUT -j CONNMARK --set-xmark 0x0")] + [InlineData("-A INPUT -j CONNMARK --or-mark 0", "-A INPUT -j CONNMARK --set-xmark 0x0/0x0")] + [InlineData("-A INPUT -j CONNMARK --xor-mark 0", "-A INPUT -j CONNMARK --set-xmark 0x0/0x0")] + [InlineData("-A INPUT -j CONNMARK --save-mark --ctmask 0x11 --nfmask 0x3FFFF00", "-A INPUT -j CONNMARK --save-mark --ctmask 0x11 --nfmask 0x3FFFF00")] + public void TestConnmarkOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs b/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs index cd6a5ad..3989946 100644 --- a/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleConntrackRuleParseTests.cs @@ -18,5 +18,16 @@ public void TestParse() irule2.Equals(irule1); Assert.True(irule2.Compare(irule1)); } + + [Theory] + [InlineData("-A PREROUTING -t raw -j CT --helper ftp", "-A PREROUTING -t raw -j CT --helper ftp")] + [InlineData("-A PREROUTING -t raw -j CT --ctevents new,destroy", "-A PREROUTING -t raw -j CT --ctevents new,destroy")] + [InlineData("-A PREROUTING -t raw -j CT --expevents related", "-A PREROUTING -t raw -j CT --expevents related")] + [InlineData("-A PREROUTING -t raw -j CT --notrack", "-A PREROUTING -t raw -j CT --notrack")] + [InlineData("-A PREROUTING -t raw -j CT --helper ftp --ctevents new,destroy --expevents related --notrack", "-A PREROUTING -t raw -j CT --notrack --helper ftp --ctevents new,destroy --expevents related")] + public void TestCtTargetOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleCoreRuleParseTests.cs b/IPTables.Net.Tests/SingleCoreRuleParseTests.cs index 94a973c..65e3034 100644 --- a/IPTables.Net.Tests/SingleCoreRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleCoreRuleParseTests.cs @@ -154,5 +154,26 @@ public void TestCoreFragmentingEquality() Assert.True(irule2.Compare(irule1)); } + + [Theory] + [InlineData("-A INPUT --protocol tcp -j ACCEPT", "-A INPUT -p tcp -j ACCEPT")] + [InlineData("-A INPUT ! --protocol tcp -j ACCEPT", "-A INPUT ! -p tcp -j ACCEPT")] + [InlineData("-A INPUT --source 10.0.0.1/24 -j ACCEPT", "-A INPUT -s 10.0.0.1/24 -j ACCEPT")] + [InlineData("-A INPUT ! --source 10.0.0.1/24 -j ACCEPT", "-A INPUT ! -s 10.0.0.1/24 -j ACCEPT")] + [InlineData("-A INPUT --destination 192.0.2.5 -j ACCEPT", "-A INPUT -d 192.0.2.5 -j ACCEPT")] + [InlineData("-A INPUT ! --destination 192.0.2.5 -j ACCEPT", "-A INPUT ! -d 192.0.2.5 -j ACCEPT")] + [InlineData("-A INPUT --in-interface eth0+ -j ACCEPT", "-A INPUT -i eth0+ -j ACCEPT")] + [InlineData("-A INPUT ! --in-interface eth0+ -j ACCEPT", "-A INPUT ! -i eth0+ -j ACCEPT")] + [InlineData("-A INPUT --out-interface eth1 -j ACCEPT", "-A INPUT -o eth1 -j ACCEPT")] + [InlineData("-A INPUT ! --out-interface eth1 -j ACCEPT", "-A INPUT ! -o eth1 -j ACCEPT")] + [InlineData("-A INPUT --fragment -j ACCEPT", "-A INPUT -f -j ACCEPT")] + [InlineData("-A INPUT ! --fragment -j ACCEPT", "-A INPUT ! -f -j ACCEPT")] + [InlineData("-A INPUT --jump ACCEPT", "-A INPUT -j ACCEPT")] + [InlineData("-A INPUT --goto NEXT_CHAIN", "-A INPUT -g NEXT_CHAIN")] + [InlineData("-A INPUT --set-counters 12 34 -j ACCEPT", "-A INPUT -c 12 34 -j ACCEPT")] + public void TestCoreOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleDevgroupRuleParseTests.cs b/IPTables.Net.Tests/SingleDevgroupRuleParseTests.cs new file mode 100644 index 0000000..ddb4bf4 --- /dev/null +++ b/IPTables.Net.Tests/SingleDevgroupRuleParseTests.cs @@ -0,0 +1,16 @@ +namespace IPTables.Net.Tests +{ + public class SingleDevgroupRuleParseTests + { + [Theory] + [InlineData("-A INPUT -m devgroup --src-group 0x1/0xFF")] + [InlineData("-A INPUT -m devgroup ! --src-group 0x1/0xFF")] + [InlineData("-A INPUT -m devgroup --dst-group 0x2/0xFF")] + [InlineData("-A INPUT -m devgroup ! --dst-group 0x2/0xFF")] + [InlineData("-A INPUT -m devgroup --src-group 0x1/0xFF --dst-group 0x2/0xFF")] + public void TestDevgroupOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } + } +} diff --git a/IPTables.Net.Tests/SingleDnatRuleParseTests.cs b/IPTables.Net.Tests/SingleDnatRuleParseTests.cs index ad99a59..fec5ace 100644 --- a/IPTables.Net.Tests/SingleDnatRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleDnatRuleParseTests.cs @@ -29,5 +29,15 @@ public void TestDnatRangeSourceAndEquality() Assert.Equal(rule, irule1.GetActionCommand()); Assert.Equal(rule, irule2.GetActionCommand()); } + + [Theory] + [InlineData("-A PREROUTING -t nat -j DNAT --to-destination 2.2.2.2:1000-2000")] + [InlineData("-A PREROUTING -t nat -j DNAT --random")] + [InlineData("-A PREROUTING -t nat -j DNAT --persistent")] + [InlineData("-A PREROUTING -t nat -j DNAT --to-destination 2.2.2.2 --random --persistent")] + public void TestDnatOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleDynjmpRuleParseTests.cs b/IPTables.Net.Tests/SingleDynjmpRuleParseTests.cs new file mode 100644 index 0000000..eb5ad24 --- /dev/null +++ b/IPTables.Net.Tests/SingleDynjmpRuleParseTests.cs @@ -0,0 +1,13 @@ +namespace IPTables.Net.Tests +{ + public class SingleDynjmpRuleParseTests + { + [Theory] + [InlineData("-A INPUT -j DYNJMP")] + [InlineData("-A INPUT -j SYNJMP")] + public void TestNoOptionDynjmpTargetsRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } + } +} diff --git a/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs b/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs index aacbaf6..0883011 100644 --- a/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleHashlimitRuleParseTests.cs @@ -112,5 +112,14 @@ public void TestRateCompare() Assert.False(r1.Compare(r2)); } + + [Theory] + [InlineData("-A ABC -m hashlimit --hashlimit 9/min --hashlimit-burst 4 --hashlimit-mode srcip --hashlimit-name h --hashlimit-srcmask 24 --hashlimit-dstmask 32 --hashlimit-htable-size 111 --hashlimit-htable-max 222 --hashlimit-htable-expire 333 --hashlimit-htable-gcinterval 444", "-A ABC -m hashlimit --hashlimit-name h --hashlimit-upto 9/minute --hashlimit-burst 4 --hashlimit-mode srcip --hashlimit-srcmask 24 --hashlimit-dstmask 32 --hashlimit-htable-size 111 --hashlimit-htable-max 222 --hashlimit-htable-expire 333 --hashlimit-htable-gcinterval 444")] + [InlineData("-A ABC -m hashlimit --hashlimit-upto 8/s --hashlimit-burst 4 --hashlimit-mode dstip --hashlimit-name h", "-A ABC -m hashlimit --hashlimit-name h --hashlimit-upto 8/second --hashlimit-burst 4 --hashlimit-mode dstip --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 200000 --hashlimit-htable-expire 10000 --hashlimit-htable-gcinterval 1000")] + [InlineData("-A ABC -m hashlimit --hashlimit-above 8/s --hashlimit-burst 4 --hashlimit-mode dstip --hashlimit-name h", "-A ABC -m hashlimit --hashlimit-name h --hashlimit-above 8/second --hashlimit-burst 4 --hashlimit-mode dstip --hashlimit-srcmask 32 --hashlimit-dstmask 32 --hashlimit-htable-size 65000 --hashlimit-htable-max 200000 --hashlimit-htable-expire 10000 --hashlimit-htable-gcinterval 1000")] + public void TestHashlimitOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleHelperRuleParseTests.cs b/IPTables.Net.Tests/SingleHelperRuleParseTests.cs index d31f7af..a3d272c 100644 --- a/IPTables.Net.Tests/SingleHelperRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleHelperRuleParseTests.cs @@ -26,5 +26,11 @@ public void TestHelper() Assert.Equal(rule, irule.GetActionCommand()); } + + [Fact] + public void TestPositiveHelperRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -m helper --helper ftp -j ACCEPT"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleIpSetRuleParseTests.cs b/IPTables.Net.Tests/SingleIpSetRuleParseTests.cs index 70920d0..ee88838 100644 --- a/IPTables.Net.Tests/SingleIpSetRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleIpSetRuleParseTests.cs @@ -26,5 +26,34 @@ public void Test2() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A FORWARD -m set ! --match-set test src", "-A FORWARD -m set ! --match-set test src")] + [InlineData("-A FORWARD -m set --match-set test src --return-nomatch", "-A FORWARD -m set --match-set test src --return-nomatch")] + [InlineData("-A FORWARD -m set --match-set test src ! --update-counters", "-A FORWARD -m set --match-set test src ! --update-counters")] + [InlineData("-A FORWARD -m set --match-set test src ! --update-subcounters", "-A FORWARD -m set --match-set test src ! --update-subcounters")] + [InlineData("-A FORWARD -m set --match-set test src --packets-eq 3", "-A FORWARD -m set --match-set test src --packets-eq 3")] + [InlineData("-A FORWARD -m set --match-set test src ! --packets-eq 3", "-A FORWARD -m set --match-set test src ! --packets-eq 3")] + [InlineData("-A FORWARD -m set --match-set test src --packets-lt 3", "-A FORWARD -m set --match-set test src --packets-lt 3")] + [InlineData("-A FORWARD -m set --match-set test src --packets-gt 3", "-A FORWARD -m set --match-set test src --packets-gt 3")] + [InlineData("-A FORWARD -m set --match-set test src --bytes-eq 4", "-A FORWARD -m set --match-set test src --bytes-eq 4")] + [InlineData("-A FORWARD -m set --match-set test src ! --bytes-eq 4", "-A FORWARD -m set --match-set test src ! --bytes-eq 4")] + [InlineData("-A FORWARD -m set --match-set test src --bytes-lt 4", "-A FORWARD -m set --match-set test src --bytes-lt 4")] + [InlineData("-A FORWARD -m set --match-set test src --bytes-gt 4", "-A FORWARD -m set --match-set test src --bytes-gt 4")] + public void TestSetMatchOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } + + [Theory] + [InlineData("-A FORWARD -j SET --add-set test src", "-A FORWARD -j SET --add-set test src")] + [InlineData("-A FORWARD -j SET --del-set test dst", "-A FORWARD -j SET --del-set test dst")] + [InlineData("-A FORWARD -j SET --map-set test src,dst", "-A FORWARD -j SET --map-set test src,dst")] + [InlineData("-A FORWARD -j SET --add-set test src --exist", "-A FORWARD -j SET --add-set test src --exist")] + [InlineData("-A FORWARD -j SET --add-set test src --timeout 30", "-A FORWARD -j SET --add-set test src --timeout 30")] + public void TestSetTargetOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleLengthRuleParseTests.cs b/IPTables.Net.Tests/SingleLengthRuleParseTests.cs index d58e5d3..06b3017 100644 --- a/IPTables.Net.Tests/SingleLengthRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleLengthRuleParseTests.cs @@ -36,5 +36,11 @@ public void TestNotLength() Assert.Equal(rule, irule.GetActionCommand()); } + + [Fact] + public void TestLengthRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -m length --length 10 -j ACCEPT"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleLimitParseTests.cs b/IPTables.Net.Tests/SingleLimitParseTests.cs index fbd0cf1..95090f8 100644 --- a/IPTables.Net.Tests/SingleLimitParseTests.cs +++ b/IPTables.Net.Tests/SingleLimitParseTests.cs @@ -42,5 +42,16 @@ public void TestRateCompare3() Assert.True(r1.Compare(r2)); } + + [Theory] + [InlineData("-A ABC -m limit --limit 10/s", "-A ABC -m limit --limit 10/second --limit-burst 5")] + [InlineData("-A ABC -m limit --limit 10/sec --limit-burst 7", "-A ABC -m limit --limit 10/second --limit-burst 7")] + [InlineData("-A ABC -m limit --limit 10/minute --limit-burst 7", "-A ABC -m limit --limit 10/minute --limit-burst 7")] + [InlineData("-A ABC -m limit --limit 10/h --limit-burst 7", "-A ABC -m limit --limit 10/hour --limit-burst 7")] + [InlineData("-A ABC -m limit --limit 10/day --limit-burst 7", "-A ABC -m limit --limit 10/day --limit-burst 7")] + public void TestLimitOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleLogRuleParseTests.cs b/IPTables.Net.Tests/SingleLogRuleParseTests.cs index 1119fb3..740acc8 100644 --- a/IPTables.Net.Tests/SingleLogRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleLogRuleParseTests.cs @@ -15,5 +15,13 @@ public void TestLogWithPrefix() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -j LOG --log-level 4", "-A INPUT -j LOG --log-level 4")] + [InlineData("-A INPUT -j LOG --log-prefix prefix", "-A INPUT -j LOG --log-prefix prefix --log-level 7")] + public void TestLogOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleMarkRuleParseTests.cs b/IPTables.Net.Tests/SingleMarkRuleParseTests.cs index 7edb1c1..d4e651a 100644 --- a/IPTables.Net.Tests/SingleMarkRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleMarkRuleParseTests.cs @@ -82,5 +82,17 @@ public void TestXorMark() Assert.Equal(ruleExpect, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -m mark ! --mark 0xFF", "-A INPUT -m mark ! --mark 0xFF")] + [InlineData("-A INPUT -j MARK --set-mark 0xFF", "-A INPUT -j MARK --set-xmark 0xFF")] + [InlineData("-A INPUT -j MARK --set-mark 0xF/0xF0", "-A INPUT -j MARK --set-xmark 0xF/0xFF")] + [InlineData("-A INPUT -j MARK --and-mark 0x0", "-A INPUT -j MARK --set-xmark 0x0")] + [InlineData("-A INPUT -j MARK --or-mark 0", "-A INPUT -j MARK --set-xmark 0x0/0x0")] + [InlineData("-A INPUT -j MARK --xor-mark 0", "-A INPUT -j MARK --set-xmark 0x0/0x0")] + public void TestMarkOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleMssRuleParseTests.cs b/IPTables.Net.Tests/SingleMssRuleParseTests.cs index 1551e79..1101169 100644 --- a/IPTables.Net.Tests/SingleMssRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleMssRuleParseTests.cs @@ -25,5 +25,14 @@ public void TestMssWithSetMssRange() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -m tcpmss ! --mss 536:1460 -j ACCEPT")] + [InlineData("-A INPUT -j TCPMSS --clamp-mss-to-pmtu")] + [InlineData("-A INPUT -j TCPMSS --set-mss 1200")] + public void TestMssOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleMultiportRuleParseTests.cs b/IPTables.Net.Tests/SingleMultiportRuleParseTests.cs index 3e240db..9f5543c 100644 --- a/IPTables.Net.Tests/SingleMultiportRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleMultiportRuleParseTests.cs @@ -66,5 +66,21 @@ public void TestSourceNotMultiports() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -p tcp -m multiport --ports 80,1000:1080", "-A INPUT -p tcp -m multiport --ports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport --sports 80,1000:1080", "-A INPUT -p tcp -m multiport --sports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport --dports 80,1000:1080", "-A INPUT -p tcp -m multiport --dports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport ! --ports 80,1000:1080", "-A INPUT -p tcp -m multiport ! --ports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport ! --sports 80,1000:1080", "-A INPUT -p tcp -m multiport ! --sports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport ! --dports 80,1000:1080", "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport --source-ports 80,1000:1080", "-A INPUT -p tcp -m multiport --sports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport --destination-ports 80,1000:1080", "-A INPUT -p tcp -m multiport --dports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport ! --source-ports 80,1000:1080", "-A INPUT -p tcp -m multiport ! --sports 80,1000:1080")] + [InlineData("-A INPUT -p tcp -m multiport ! --destination-ports 80,1000:1080", "-A INPUT -p tcp -m multiport ! --dports 80,1000:1080")] + public void TestMultiportLongAliasRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleNetflowRuleParseTests.cs b/IPTables.Net.Tests/SingleNetflowRuleParseTests.cs index dd7c2ee..07fe586 100644 --- a/IPTables.Net.Tests/SingleNetflowRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleNetflowRuleParseTests.cs @@ -5,37 +5,15 @@ namespace IPTables.Net.Tests { public class SingleNetflowRuleParseTests { - [Fact] - public void TestFwmark() + [Theory] + [InlineData("-A INPUT -m netflow --fw_status 1 -j ACCEPT")] + [InlineData("-A INPUT -m ctnetflow --fw_status 1 -j ACCEPT")] + [InlineData("-A INPUT -m netflow --fw_status 65 --nf-noports -j DROP")] + [InlineData("-A INPUT -j NETFLOW")] + [InlineData("-A INPUT -m netflow --nf-noports -j DROP")] + public void TestNetflowOptionRoundTrip(string rule) { - String rule = "-A INPUT -m netflow --fw_status 1 -j ACCEPT"; - IpTablesChainSet chains = new IpTablesChainSet(4); - - IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); - - Assert.Equal(rule, irule.GetActionCommand()); - } - [Fact] - public void TestFwmarkCt() - { - String rule = "-A INPUT -m ctnetflow --fw_status 1 -j ACCEPT"; - IpTablesChainSet chains = new IpTablesChainSet(4); - - IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); - - Assert.Equal(rule, irule.GetActionCommand()); - } - - - [Fact] - public void TestNoPorts() - { - String rule = "-A INPUT -m netflow --fw_status 65 --nf-noports -j DROP"; - IpTablesChainSet chains = new IpTablesChainSet(4); - - IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); - - Assert.Equal(rule, irule.GetActionCommand()); + RuleParseAssert.RoundTrips(rule); } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs b/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs index e29838f..4131a21 100644 --- a/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleNfacctRuleParseTests.cs @@ -41,5 +41,13 @@ public void TestDoubleSpace() Assert.Equal(rule2, irule.GetActionCommand()); Assert.True(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule)); } + + [Fact] + public void TestNfacctQuotedNameRoundTrip() + { + RuleParseAssert.RoundTrips( + "-A INPUT -j ACCEPT -m nfacct --nfacct-name 'test name'", + "-A INPUT -j ACCEPT -m nfacct --nfacct-name 'test name'"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleNflogRuleParseTests.cs b/IPTables.Net.Tests/SingleNflogRuleParseTests.cs index 53b7326..87f6d8a 100644 --- a/IPTables.Net.Tests/SingleNflogRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleNflogRuleParseTests.cs @@ -15,5 +15,15 @@ public void TestXmark() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -j NFLOG --nflog-prefix 'prefix text'", "-A INPUT -j NFLOG --nflog-prefix 'prefix text'")] + [InlineData("-A INPUT -j NFLOG --nflog-range 128", "-A INPUT -j NFLOG --nflog-range 128")] + [InlineData("-A INPUT -j NFLOG --nflog-threshold 10", "-A INPUT -j NFLOG --nflog-threshold 10")] + [InlineData("-A INPUT -j NFLOG --nflog-group 30 --nflog-prefix 'prefix text' --nflog-range 128 --nflog-threshold 10", "-A INPUT -j NFLOG --nflog-group 30 --nflog-prefix 'prefix text' --nflog-range 128 --nflog-threshold 10")] + public void TestNflogOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleNqueueRuleParseTests.cs b/IPTables.Net.Tests/SingleNqueueRuleParseTests.cs index 515dc98..73327dc 100644 --- a/IPTables.Net.Tests/SingleNqueueRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleNqueueRuleParseTests.cs @@ -15,5 +15,13 @@ public void TestXmark() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -j NFQUEUE --queue-num 2")] + [InlineData("-A INPUT -j NFQUEUE --queue-bypass")] + public void TestNfqueueOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleRecentRuleParseTests.cs b/IPTables.Net.Tests/SingleRecentRuleParseTests.cs index db01a6a..11a714b 100644 --- a/IPTables.Net.Tests/SingleRecentRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleRecentRuleParseTests.cs @@ -35,5 +35,16 @@ public void TestCompare1() Assert.True(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule, null, chains, 4))); } + + [Theory] + [InlineData("-A ATTK_CHECK -m recent --remove --name BANNED", "-A ATTK_CHECK -m recent --remove --name BANNED")] + [InlineData("-A ATTK_CHECK -m recent --set --rsource", "-A ATTK_CHECK -m recent --set")] + [InlineData("-A ATTK_CHECK -m recent --set --rdest", "-A ATTK_CHECK -m recent --set --rdest")] + [InlineData("-A ATTK_CHECK -m recent --update --seconds 60 --hitcount 5 --reap --rttl", "-A ATTK_CHECK -m recent --update --seconds 60 --hitcount 5 --reap --rttl")] + [InlineData("-A ATTK_CHECK -m recent --rcheck --mask 255.255.255.0", "-A ATTK_CHECK -m recent --rcheck --mask 255.255.255.0")] + public void TestRecentOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleRejectTargetTests.cs b/IPTables.Net.Tests/SingleRejectTargetTests.cs index 79f7a9b..1d11442 100644 --- a/IPTables.Net.Tests/SingleRejectTargetTests.cs +++ b/IPTables.Net.Tests/SingleRejectTargetTests.cs @@ -15,5 +15,11 @@ public void TestRejectWithIcmp() Assert.Equal(rule, irule.GetActionCommand()); } + + [Fact] + public void TestRejectRoundTrip() + { + RuleParseAssert.RoundTrips("-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleRtsParseTests.cs b/IPTables.Net.Tests/SingleRtsParseTests.cs index dd4ff7e..e51558a 100644 --- a/IPTables.Net.Tests/SingleRtsParseTests.cs +++ b/IPTables.Net.Tests/SingleRtsParseTests.cs @@ -27,5 +27,11 @@ public void TestWithDest() Assert.True(irule2.Compare(irule1)); } + + [Fact] + public void TestRtsDestinationRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -j RTS --rts-dst 1.1.1.1"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleSdnatRuleParseTests.cs b/IPTables.Net.Tests/SingleSdnatRuleParseTests.cs index 8cd6c25..0b6da96 100644 --- a/IPTables.Net.Tests/SingleSdnatRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleSdnatRuleParseTests.cs @@ -15,6 +15,20 @@ public void TestSnatSingleSource() Assert.Equal(rule, irule.GetActionCommand()); } + + [Theory] + [InlineData("-A PREROUTING -t nat -j SDNAT --to-source 78.141.209.124", "-A PREROUTING -t nat -j SDNAT --to-source 78.141.209.124")] + [InlineData("-A PREROUTING -t nat -j SDNAT --to-destination 104.236.152.141:80", "-A PREROUTING -t nat -j SDNAT --to-destination 104.236.152.141:80")] + [InlineData("-A PREROUTING -t nat -j SDNAT --random", "-A PREROUTING -t nat -j SDNAT --random")] + [InlineData("-A PREROUTING -t nat -j SDNAT --persistent", "-A PREROUTING -t nat -j SDNAT --persistent")] + [InlineData("-A PREROUTING -t nat -j SDNAT --add-seqadj", "-A PREROUTING -t nat -j SDNAT --add-seqadj")] + [InlineData("-A PREROUTING -t nat -j SDNAT --ctmark 0x91", "-A PREROUTING -t nat -j SDNAT --ctmark 145")] + [InlineData("-A PREROUTING -t nat -j SDNAT --ctmask 0x1", "-A PREROUTING -t nat -j SDNAT --ctmask 1")] + [InlineData("-A PREROUTING -t nat -j SDNAT --to-source 78.141.209.124 --to-destination 104.236.152.141:80 --random --add-seqadj --persistent --ctmark 145 --ctmask 1", "-A PREROUTING -t nat -j SDNAT --to-source 78.141.209.124 --to-destination 104.236.152.141:80 --random --add-seqadj --persistent --ctmark 145 --ctmask 1")] + public void TestSdnatOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleSnatRuleParseTests.cs b/IPTables.Net.Tests/SingleSnatRuleParseTests.cs index dde9792..859221a 100644 --- a/IPTables.Net.Tests/SingleSnatRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleSnatRuleParseTests.cs @@ -29,5 +29,15 @@ public void TestSnatRangeSourceAndEquality() Assert.Equal(rule, irule1.GetActionCommand()); Assert.Equal(rule, irule2.GetActionCommand()); } + + [Theory] + [InlineData("-A POSTROUTING -t nat -j SNAT --to-source 2.2.2.2:1000-2000")] + [InlineData("-A POSTROUTING -t nat -j SNAT --random")] + [InlineData("-A POSTROUTING -t nat -j SNAT --persistent")] + [InlineData("-A POSTROUTING -t nat -j SNAT --to-source 2.2.2.2 --random --persistent")] + public void TestSnatOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleSocketRuleParseTests.cs b/IPTables.Net.Tests/SingleSocketRuleParseTests.cs new file mode 100644 index 0000000..61f61ab --- /dev/null +++ b/IPTables.Net.Tests/SingleSocketRuleParseTests.cs @@ -0,0 +1,11 @@ +namespace IPTables.Net.Tests +{ + public class SingleSocketRuleParseTests + { + [Fact] + public void TestSocketTransparentRoundTrip() + { + RuleParseAssert.RoundTrips("-A INPUT -m socket --transparent"); + } + } +} diff --git a/IPTables.Net.Tests/SingleStateRuleParseTests.cs b/IPTables.Net.Tests/SingleStateRuleParseTests.cs new file mode 100644 index 0000000..da52f26 --- /dev/null +++ b/IPTables.Net.Tests/SingleStateRuleParseTests.cs @@ -0,0 +1,16 @@ +namespace IPTables.Net.Tests +{ + public class SingleStateRuleParseTests + { + [Theory] + [InlineData("-A INPUT -m state --state ESTABLISHED")] + [InlineData("-A INPUT -m state --state NEW")] + [InlineData("-A INPUT -m state --state RELATED")] + [InlineData("-A INPUT -m state --state INVALID")] + [InlineData("-A INPUT -m state --state UNTRACKED")] + public void TestStateOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } + } +} diff --git a/IPTables.Net.Tests/SingleStatisticParseTests.cs b/IPTables.Net.Tests/SingleStatisticParseTests.cs index 5953d07..44238fd 100644 --- a/IPTables.Net.Tests/SingleStatisticParseTests.cs +++ b/IPTables.Net.Tests/SingleStatisticParseTests.cs @@ -80,5 +80,13 @@ public void TestRandomRounding3() Assert.Equal(irule.GetActionCommand(), irule2.GetActionCommand()); Assert.True(irule.Compare(irule2)); } + + [Theory] + [InlineData("-A FORWARD -m statistic --mode nth ! --every 3 --packet 1")] + [InlineData("-A CHAIN -t raw -m statistic --mode random ! --probability 0.04")] + public void TestStatisticOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleStringRuleParseTests.cs b/IPTables.Net.Tests/SingleStringRuleParseTests.cs new file mode 100644 index 0000000..6954a33 --- /dev/null +++ b/IPTables.Net.Tests/SingleStringRuleParseTests.cs @@ -0,0 +1,15 @@ +namespace IPTables.Net.Tests +{ + public class SingleStringRuleParseTests + { + [Theory] + [InlineData("-A INPUT -m string --algo bm --from 1 --to 10 --string test", "-A INPUT -m string --algo bm --from 1 --to 10 --string test")] + [InlineData("-A INPUT -m string --algo kmp --string test", "-A INPUT -m string --algo kmp --string test")] + [InlineData("-A INPUT -m string --algo bm ! --string test", "-A INPUT -m string --algo bm ! --string test")] + [InlineData("-A INPUT -m string --algo bm --hex-string '|41 42|'", "-A INPUT -m string --algo bm --hex-string '|4142|'")] + public void TestStringOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } + } +} diff --git a/IPTables.Net.Tests/SingleTProxyRuleParseTests.cs b/IPTables.Net.Tests/SingleTProxyRuleParseTests.cs new file mode 100644 index 0000000..b42e526 --- /dev/null +++ b/IPTables.Net.Tests/SingleTProxyRuleParseTests.cs @@ -0,0 +1,15 @@ +namespace IPTables.Net.Tests +{ + public class SingleTProxyRuleParseTests + { + [Theory] + [InlineData("-A PREROUTING -t mangle -j TPROXY --on-port 8080", "-A PREROUTING -t mangle -j TPROXY --on-port 8080 --on-ip 0.0.0.0")] + [InlineData("-A PREROUTING -t mangle -j TPROXY --on-ip 127.0.0.1", "-A PREROUTING -t mangle -j TPROXY --on-port 0 --on-ip 127.0.0.1")] + [InlineData("-A PREROUTING -t mangle -j TPROXY --tproxy-mark 0x1/0xFF", "-A PREROUTING -t mangle -j TPROXY --on-port 0 --on-ip 0.0.0.0 --tproxy-mark 0x1/0xFF")] + [InlineData("-A PREROUTING -t mangle -j TPROXY --on-port 8080 --on-ip 127.0.0.1 --tproxy-mark 0x1/0xFF", "-A PREROUTING -t mangle -j TPROXY --on-port 8080 --on-ip 127.0.0.1 --tproxy-mark 0x1/0xFF")] + public void TestTProxyOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } + } +} diff --git a/IPTables.Net.Tests/SingleTcpRuleParseTests.cs b/IPTables.Net.Tests/SingleTcpRuleParseTests.cs index 07cb705..f4f9418 100644 --- a/IPTables.Net.Tests/SingleTcpRuleParseTests.cs +++ b/IPTables.Net.Tests/SingleTcpRuleParseTests.cs @@ -50,5 +50,27 @@ public void TestCoreSportZeroValue() Assert.Equal(rule, irule1.GetActionCommand()); } + + [Theory] + [InlineData("-A INPUT -p tcp -m tcp --source-port 1000:2000", "-A INPUT -p tcp -m tcp --sport 1000:2000")] + [InlineData("-A INPUT -p tcp -m tcp ! --source-port 1000:2000", "-A INPUT -p tcp -m tcp ! --sport 1000:2000")] + [InlineData("-A INPUT -p tcp -m tcp --destination-port 443", "-A INPUT -p tcp -m tcp --dport 443")] + [InlineData("-A INPUT -p tcp -m tcp ! --destination-port 443", "-A INPUT -p tcp -m tcp ! --dport 443")] + [InlineData("-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN", "-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN")] + [InlineData("-A INPUT -p tcp -m tcp ! --tcp-flags SYN,ACK SYN", "-A INPUT -p tcp -m tcp ! --tcp-flags SYN,ACK SYN")] + [InlineData("-A INPUT -p tcp -m tcp --tcp-option 2", "-A INPUT -p tcp -m tcp --tcp-option 2")] + [InlineData("-A INPUT -p tcp -m tcp ! --tcp-option 2", "-A INPUT -p tcp -m tcp ! --tcp-option 2")] + public void TestTcpOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } + + [Fact] + public void TestTcpSynAliasRoundTrip() + { + RuleParseAssert.RoundTrips( + "-A INPUT -p tcp -m tcp --syn", + "-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK,FIN SYN"); + } } -} \ No newline at end of file +} diff --git a/IPTables.Net.Tests/SingleTs3InitRuleParseTests.cs b/IPTables.Net.Tests/SingleTs3InitRuleParseTests.cs new file mode 100644 index 0000000..a496e9c --- /dev/null +++ b/IPTables.Net.Tests/SingleTs3InitRuleParseTests.cs @@ -0,0 +1,16 @@ +namespace IPTables.Net.Tests +{ + public class SingleTs3InitRuleParseTests + { + [Theory] + [InlineData("-A INPUT -j TS3INIT_GET_COOKIE")] + [InlineData("-A INPUT -j TS3INIT_RESET")] + [InlineData("-A INPUT -j TS3INIT_SET_COOKIE --random-seed abc")] + [InlineData("-A INPUT -m ts3init_get_cookie --min-client 5 --check-time 10")] + [InlineData("-A INPUT -m ts3init_get_puzzle --random-seed abc --min-client 5 --check-cookie")] + public void TestTs3InitOptionRoundTrip(string rule) + { + RuleParseAssert.RoundTrips(rule); + } + } +} diff --git a/IPTables.Net.Tests/SingleTtlRuleParseTests.cs b/IPTables.Net.Tests/SingleTtlRuleParseTests.cs new file mode 100644 index 0000000..d973182 --- /dev/null +++ b/IPTables.Net.Tests/SingleTtlRuleParseTests.cs @@ -0,0 +1,11 @@ +namespace IPTables.Net.Tests +{ + public class SingleTtlRuleParseTests + { + [Fact] + public void TestTtlIncrementRoundTrip() + { + RuleParseAssert.RoundTrips("-A PREROUTING -t mangle -j TTL --ttl-inc 1"); + } + } +} diff --git a/IPTables.Net.Tests/SingleU32RuleParseTests.cs b/IPTables.Net.Tests/SingleU32RuleParseTests.cs new file mode 100644 index 0000000..f48dfc4 --- /dev/null +++ b/IPTables.Net.Tests/SingleU32RuleParseTests.cs @@ -0,0 +1,13 @@ +namespace IPTables.Net.Tests +{ + public class SingleU32RuleParseTests + { + [Fact] + public void TestU32OptionRoundTrip() + { + RuleParseAssert.RoundTrips( + "-A INPUT -m u32 --u32 '0&0xFFFF=0x100:0xFFFF'", + "-A INPUT -m u32 --u32 '0&65535=256:65535'"); + } + } +} diff --git a/IPTables.Net.Tests/SingleUdpRuleParseTests.cs b/IPTables.Net.Tests/SingleUdpRuleParseTests.cs new file mode 100644 index 0000000..0dbbc03 --- /dev/null +++ b/IPTables.Net.Tests/SingleUdpRuleParseTests.cs @@ -0,0 +1,15 @@ +namespace IPTables.Net.Tests +{ + public class SingleUdpRuleParseTests + { + [Theory] + [InlineData("-A INPUT -p udp -m udp --source-port 1000:2000", "-A INPUT -p udp -m udp --sport 1000:2000")] + [InlineData("-A INPUT -p udp -m udp ! --source-port 1000:2000", "-A INPUT -p udp -m udp ! --sport 1000:2000")] + [InlineData("-A INPUT -p udp -m udp --destination-port 53", "-A INPUT -p udp -m udp --dport 53")] + [InlineData("-A INPUT -p udp -m udp ! --destination-port 53", "-A INPUT -p udp -m udp ! --dport 53")] + public void TestUdpOptionRoundTrip(string input, string expected) + { + RuleParseAssert.RoundTrips(input, expected); + } + } +} diff --git a/IPTables.Net/Iptables/Modules/Core/CoreModule.cs b/IPTables.Net/Iptables/Modules/Core/CoreModule.cs index a2e8dc5..f3d2180 100644 --- a/IPTables.Net/Iptables/Modules/Core/CoreModule.cs +++ b/IPTables.Net/Iptables/Modules/Core/CoreModule.cs @@ -178,7 +178,17 @@ public string GetRuleString() sb.Append("-f"); } - sb.Append(SetCounters.ToOption(OptionFragmentShort)); + if (!SetCounters.Null) + { + if (sb.Length != 0) + sb.Append(" "); + if (SetCounters.Not) sb.Append("! "); + sb.Append(OptionSetCountersShort); + sb.Append(" "); + sb.Append(SetCounters.Value.Packets); + sb.Append(" "); + sb.Append(SetCounters.Value.Bytes); + } if (Target != null) { @@ -238,4 +248,4 @@ public override bool Equals(object obj) return Equals((CoreModule) obj); } } -} \ No newline at end of file +} diff --git a/IPTables.Net/Iptables/Modules/Ct/CtTargetModule.cs b/IPTables.Net/Iptables/Modules/Ct/CtTargetModule.cs index 64def7c..2bc4e2f 100644 --- a/IPTables.Net/Iptables/Modules/Ct/CtTargetModule.cs +++ b/IPTables.Net/Iptables/Modules/Ct/CtTargetModule.cs @@ -64,18 +64,21 @@ public string GetRuleString() if (Helper != null) { + if (sb.Length != 0) sb.Append(" "); sb.Append(OptionHelperLong + " "); sb.Append(Helper); } if (CtEvents.Any()) { + if (sb.Length != 0) sb.Append(" "); sb.Append(OptionCtEventsLong + " "); sb.Append(string.Join(",", CtEvents)); } if (ExpEvents.Any()) { + if (sb.Length != 0) sb.Append(" "); sb.Append(OptionExpEventsLong + " "); sb.Append(string.Join(",", ExpEvents)); } @@ -116,4 +119,4 @@ public override int GetHashCode() } } } -} \ No newline at end of file +} diff --git a/IPTables.Net/Iptables/Modules/StringMatch/StringModule.cs b/IPTables.Net/Iptables/Modules/StringMatch/StringModule.cs index 3f0925a..1fa540e 100644 --- a/IPTables.Net/Iptables/Modules/StringMatch/StringModule.cs +++ b/IPTables.Net/Iptables/Modules/StringMatch/StringModule.cs @@ -89,7 +89,7 @@ public int Feed(CommandParser parser, bool not) public string GetRuleString() { - var ret = "--alg "; + var ret = "--algo "; if (Algorithm == Strategy.BoyerMoore) ret += "bm"; else @@ -154,4 +154,4 @@ public override int GetHashCode() } } } -} \ No newline at end of file +}