void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask) { const InetAddr *addr = o->getAddressPtr(); // check for the case when dynamic interface is used in TSrc (or when // interface in TSrc just has no IP address ) if (Interface::cast(o) != nullptr && (addr==nullptr || addr->isAny())) { compiler->output << "0/32 "; return; } if (addr) { InetAddr mask = *(o->getNetmaskPtr)(); if (Interface::cast(o) != nullptr) mask = InetAddr(InetAddr::getAllOnes()); if (o->dimension()==1) mask = InetAddr(InetAddr::getAllOnes()); if (addr->isAny() && print_netmask && mask.isHostMask()) { compiler->output << "0/32 "; } else { compiler->output << addr->toString(); if (print_netmask) compiler->output << "/" << mask.getLength(); compiler->output << " "; } } }
void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask) { FWOptions* options=compiler->fw->getOptionsObject(); MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=nullptr) { if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) { compiler->output << atrt->getSourceName() << " "; return; } // at this time we only support two types of MultiAddress // objects: AddressTable and DNSName. Both should be converted // to MultiAddressRunTime at this point. If we get some other // kind of MultiAddressRunTime object, we do not know what to do // with it so we stop. assert(atrt==nullptr); } if (Interface::cast(o)!=nullptr && Interface::cast(o)->isDyn()) { if (options->getBool("dynAddr")) compiler->output << "(" << o->getName() << ") "; else compiler->output << "any "; return; } const InetAddr *addr = o->getAddressPtr(); if (addr) { InetAddr mask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=nullptr && ! Interface::cast(o)->isDyn()) mask = InetAddr(InetAddr::getAllOnes()); if (o->dimension()==1) mask = InetAddr(InetAddr::getAllOnes()); if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { compiler->output << addr->toString(); if (print_netmask) compiler->output << "/" << mask.getLength(); compiler->output << " "; } } }
void NATCompiler_pf::PrintRule::_printAddr(FWObject *o) { MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=NULL) { if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) { compiler->output << atrt->getSourceName() << " "; return; } if (atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) { compiler->output << "<" << o->getName() << "> "; return; } if (atrt->getSubstitutionTypeName()==AttachedNetworks::TYPENAME) { compiler->output << atrt->getSourceName() << ":network "; return ; } assert(atrt==NULL); } if (Interface::cast(o)!=NULL) { compiler->output << "(" << o->getName() << ") "; return; } if (o->getBool("pf_table")) { compiler->output << "<" << o->getName() << "> "; return; } Address *addr_obj = Address::cast(o); assert(addr_obj!=NULL); const InetAddr *addr = addr_obj->getAddressPtr(); if (addr) { InetAddr mask = *(addr_obj->getNetmaskPtr()); if (Interface::cast(o)!=NULL || Address::cast(o)->dimension()==1) { mask = InetAddr(InetAddr::getAllOnes()); } if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { compiler->output << addr->toString(); if (!mask.isHostMask()) { compiler->output << "/" << mask.getLength(); } compiler->output << " "; } } }
string TableFactory::PrintTables() { if (tables.size() == 0) return ""; stringstream output; output << endl; output << "# Tables: (" << tables.size() << ")" << endl; for (map<string,string>::const_iterator i=tblnames.begin(); i!=tblnames.end(); i++) { string tblID = i->second; FWObject *grp = tables[tblID]; output << "table "; output << "<" << grp->getName() << "> "; MultiAddressRunTime *atrt = MultiAddressRunTime::cast(grp); if (atrt!=nullptr && atrt->getSubstitutionTypeName()==AddressTable::TYPENAME) { output << "persist"; if ( !atrt->getSourceName().empty() ) { string path = atrt->getSourceNameAsPath(firewall->getOptionsObject()); if (path.empty()) { compiler->abort("Error: Firewall's data directory not set for address table: " + atrt->getName()); } output << " file \"" << path << "\""; } output << endl; continue; } output << "{ "; for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) { if (i!=grp->begin()) output << ", "; FWObject *o = FWReference::getObject(*i); if (o==nullptr) compiler->abort("broken table object "); MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=nullptr) { if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME) { output << atrt->getSourceName() << " "; } if (atrt->getSubstitutionTypeName()==AttachedNetworks::TYPENAME) { output << atrt->getSourceName() << ":network "; } } else { if (Interface::cast(o)) { output << o->getName(); } else { Address *A=Address::cast( o ); if (A==nullptr) compiler->abort("table object must be an address: '" + o->getTypeName()+"'"); const InetAddr *addr = A->getAddressPtr(); InetAddr mask = *(A->getNetmaskPtr()); if (A->dimension()==1) { mask = InetAddr(InetAddr::getAllOnes()); } output << addr->toString(); if (!mask.isHostMask()) { output << "/" << mask.getLength(); } } } output << " "; } output << "} "; output << endl; } output << endl; return output.str(); }
string PolicyCompiler_iosacl::PrintRule::_printAddr(Address *o) { PolicyCompiler_iosacl *iosacl_comp = dynamic_cast<PolicyCompiler_iosacl*>(compiler); if (Interface::cast(o)!=NULL) { Interface *interface_ = Interface::cast(o); if (interface_->isDyn()) { return string("interface ") + interface_->getLabel() + " "; } } ostringstream str; const InetAddr *srcaddr = o->getAddressPtr(); if (srcaddr) { const InetAddr *nm = o->getNetmaskPtr(); InetAddr srcmask; if (nm != NULL) { srcmask = *nm; } else { cerr << "Address object " << o << " " << o->getName() << " (" << o->getTypeName() << ") " << " has no netmask" << endl; srcmask = InetAddr(InetAddr::getAllOnes(srcaddr->addressFamily())); } // const InetAddr srcmask = *(o->getNetmaskPtr()); if (srcaddr->isAny() && srcmask.isAny()) { str << "any "; } else { if (Interface::cast(o)==NULL && Interface::cast(o->getParent())==NULL && o->dimension() > 1 && !srcmask.isHostMask()) { if (iosacl_comp->ipv6) { str << srcaddr->toString() << "/" << srcmask.getLength() << " "; } else { str << srcaddr->toString() << " "; // cisco uses "wildcards" instead of netmasks //long nm = srcmask.to32BitInt(); //struct in_addr na; //na.s_addr = ~nm; InetAddr nnm( ~srcmask ); str << nnm.toString() << " "; } } else { str << "host " << srcaddr->toString() << " "; } } return str.str(); } ostringstream errstr; errstr << "Object " << o->getName() << " (id=" << o->getId() << ") " << " has no ip address and can not be used " << "in the rule."; compiler->abort(errstr.str()); return ""; // to make compiler happy }