Skip to content

Commit

Permalink
fix: Fixed Weight issues for large rules.
Browse files Browse the repository at this point in the history
  • Loading branch information
@HavenDV
HavenDV committed Nov 7, 2023
1 parent f245579 commit 898d2bd
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 18 deletions.
1 change: 1 addition & 0 deletions src/libs/H.Firewall/Fluent/Condition.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ internal sealed class Condition
public ActionType Action { get; set; }
public ConditionType Type { get; set; }
public InternetProtocolVersion Version { get; set; } = InternetProtocolVersion.All;
public byte Weight { get; set; }

public string Path { get; set; } = string.Empty;
public Uri Uri { get; set; } = new("http://localhost/");
Expand Down
61 changes: 43 additions & 18 deletions src/libs/H.Firewall/Fluent/FirewallBuilder.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ public class FirewallBuilder
{
private ActionType CurrentAction { get; set; } = ActionType.Block;
private InternetProtocolVersion CurrentVersion { get; set; } = InternetProtocolVersion.All;
private byte CurrentWeight { get; set; }

private List<Condition> Conditions { get; } = new();

Expand All @@ -22,6 +23,7 @@ public class FirewallBuilder
/// <returns></returns>
public FirewallBuilder Block()
{
CurrentWeight += 1;
CurrentAction = ActionType.Block;
return this;
}
Expand All @@ -32,10 +34,21 @@ public FirewallBuilder Block()
/// <returns></returns>
public FirewallBuilder Allow()
{
CurrentWeight += 1;
CurrentAction = ActionType.Permit;
return this;
}

/// <summary>
/// Specifies that everything following will have specified weight.
/// </summary>
/// <returns></returns>
public FirewallBuilder Weight(byte weight)
{
CurrentWeight = weight;
return this;
}

/// <summary>
/// Specifies that everything following will be only for IPv4.
/// </summary>
Expand Down Expand Up @@ -76,6 +89,7 @@ public FirewallBuilder Localhost()
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.Localhost,
});

Expand All @@ -92,6 +106,7 @@ public FirewallBuilder All()
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.All,
});

Expand All @@ -108,6 +123,7 @@ public FirewallBuilder LocalAreaNetwork()
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.LocalAreaNetwork,
});

Expand All @@ -124,6 +140,7 @@ public FirewallBuilder DomainNameSystem()
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.DomainNameSystem,
});

Expand All @@ -144,6 +161,7 @@ public FirewallBuilder Application(params string[] paths)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.Application,
Path = path,
});
Expand All @@ -166,6 +184,7 @@ public FirewallBuilder PeerName(params Uri[] uris)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.PeerName,
Uri = uri,
});
Expand Down Expand Up @@ -223,6 +242,7 @@ public FirewallBuilder IpAddress(params IPAddress[] addresses)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.IpAddress,
Addresses = addresses,
});
Expand Down Expand Up @@ -251,6 +271,7 @@ public FirewallBuilder InternetKeyExchangeVersion2()
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.InternetKeyExchangeVersion2,
});

Expand All @@ -271,6 +292,7 @@ public FirewallBuilder TcpPort(params ushort[] ports)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.TcpPort,
Port = port,
});
Expand All @@ -293,6 +315,7 @@ public FirewallBuilder UdpPort(params ushort[] ports)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.UdpPort,
Port = port,
});
Expand All @@ -315,6 +338,7 @@ public FirewallBuilder LocalSubNetwork(params IPNetwork[] networks)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.LocalSubNetwork,
Network = network,
});
Expand Down Expand Up @@ -348,6 +372,7 @@ public FirewallBuilder RemoteSubNetwork(params IPNetwork[] networks)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.RemoteSubNetwork,
Network = network,
});
Expand Down Expand Up @@ -381,6 +406,7 @@ public FirewallBuilder NetworkInterface(params ulong[] indexes)
{
Action = CurrentAction,
Version = CurrentVersion,
Weight = CurrentWeight,
Type = ConditionType.NetworkInterface,
InterfaceIndex = index,
});
Expand All @@ -401,25 +427,24 @@ public HFirewall Build()
firewall.Start();
firewall.RunTransaction(handle =>
{
byte weight = 0;
var (providerKey, subLayerKey) = handle.RegisterKeys();

foreach (var condition in Conditions)
{
switch (condition.Type, condition.Action)
{
case (ConditionType.All, ActionType.Block):
handle.BlockAll(providerKey, subLayerKey, weight++);
handle.BlockAll(providerKey, subLayerKey, condition.Weight);
break;
case (ConditionType.Localhost, ActionType.Permit):
handle.PermitLocalhost(providerKey, subLayerKey, weight++);
handle.PermitLocalhost(providerKey, subLayerKey, condition.Weight);
break;
case (ConditionType.LocalAreaNetwork, ActionType.Permit):
handle.PermitLan(providerKey, subLayerKey, weight++);
handle.PermitLan(providerKey, subLayerKey, condition.Weight);
break;
case (ConditionType.DomainNameSystem, ActionType.Permit):
var weightDeny = weight++;
var weightAllow = weight++;
var weightDeny = condition.Weight;
var weightAllow = condition.Weight;
handle.PermitDns(providerKey, subLayerKey, weightAllow, weightDeny);
break;
case (ConditionType.Application, _):
Expand All @@ -428,84 +453,84 @@ public HFirewall Build()
providerKey,
subLayerKey,
condition.Path,
weight++);
condition.Weight);
break;
case (ConditionType.IpAddress, ActionType.Block):
handle.BlockIpAddresses(
providerKey,
subLayerKey,
weight++,
condition.Weight,
condition.Addresses);
break;
case (ConditionType.IpAddress, ActionType.Permit):
handle.PermitIpAddresses(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
condition.Addresses);
break;
case (ConditionType.InternetKeyExchangeVersion2, ActionType.Permit):
handle.PermitIKEv2(
providerKey,
subLayerKey,
weight: weight++);
weight: condition.Weight);
break;
case (ConditionType.TcpPort, ActionType.Permit):
handle.PermitTcpPortV4(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
port: condition.Port);
break;
case (ConditionType.UdpPort, ActionType.Permit):
handle.PermitUdpPortV4(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
port: condition.Port);
break;
case (ConditionType.LocalSubNetwork, ActionType.Permit):
handle.PermitLocalSubNetworkV4(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
network: condition.Network);
break;
case (ConditionType.RemoteSubNetwork, ActionType.Permit):
handle.PermitRemoteSubNetworkV4(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
network: condition.Network);
break;
case (ConditionType.RemoteSubNetwork, ActionType.Block):
handle.BlockRemoteSubNetworkV4(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
network: condition.Network);
break;
case (ConditionType.NetworkInterface, ActionType.Permit):
handle.PermitNetworkInterface(
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
ifLuid: condition.InterfaceIndex);
break;
case (ConditionType.PeerName, ActionType.Permit):
handle.AddPeerName(
ActionType.Permit,
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
uri: condition.Uri);
break;
case (ConditionType.PeerName, ActionType.Block):
handle.AddPeerName(
ActionType.Block,
providerKey,
subLayerKey,
weight: weight++,
weight: condition.Weight,
uri: condition.Uri);
break;
default:
Expand Down

0 comments on commit 898d2bd

Please sign in to comment.