bool PolicyCompiler_pf::addLoopbackForRedirect::processNext() { PolicyRule *rule = getNext(); if (rule==NULL) return false; PolicyCompiler_pf *pf_comp = dynamic_cast<PolicyCompiler_pf*>(compiler); RuleElementDst *dst = rule->getDst(); RuleElementSrv *srv = rule->getSrv(); if (pf_comp->redirect_rules_info==NULL) compiler->abort( rule, "addLoopbackForRedirect needs a valid pointer to " "the list<NATCompiler_pf::redirectRuleInfo> object"); tmp_queue.push_back(rule); if (pf_comp->redirect_rules_info->empty()) return true; for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) { FWObject *o1 = FWReference::getObject(*i); Service *s = Service::cast( o1 ); assert(s); for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++) { FWObject *o2 = FWReference::getObject(*j); if (o2->getName() == "self" && DNSName::isA(o2)) continue; Address *a = Address::cast( o2 ); assert(a); list<NATCompiler_pf::redirectRuleInfo>::const_iterator k; for (k=pf_comp->redirect_rules_info->begin(); k!=pf_comp->redirect_rules_info->end(); ++k) { Address *old_tdst_obj = Address::cast( compiler->dbcopy->findInIndex(k->old_tdst)); Service *tsrv_obj = Service::cast( compiler->dbcopy->findInIndex(k->tsrv)); if ( *a == *(old_tdst_obj) && *s == *(tsrv_obj) ) { // insert address used for redirection in the NAT rule. FWObject *new_tdst_obj = compiler->dbcopy->findInIndex(k->new_tdst); dst->addRef(new_tdst_obj); return true; } } } } return true; }
bool PolicyCompiler_pf::splitIfFirewallInDst::processNext() { PolicyRule *rule = getNext(); if (rule==NULL) return false; PolicyRule *r; RuleElementDst *dst = rule->getDst(); assert(dst); if (dst->size()==1 || dst->getNeg()) { tmp_queue.push_back(rule); return true; } FWObject *fw_in_dst = NULL; vector<FWObject*> cl; for (FWObject::iterator i1=dst->begin(); i1!=dst->end(); ++i1) { FWObject *obj = FWReference::getObject(*i1); if (obj==NULL) compiler->abort(rule, "Broken Dst"); if (obj->getId()==compiler->getFwId()) { fw_in_dst = obj; RuleElementDst *ndst; r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); ndst = r->getDst(); ndst->clearChildren(); ndst->setAnyElement(); ndst->addRef( compiler->fw ); tmp_queue.push_back(r); } } if (fw_in_dst!=NULL) dst->removeRef( fw_in_dst ); tmp_queue.push_back(rule); return true; }
void PolicyCompiler_pix::replaceTranslatedAddresses::action( PolicyRule* policy_rule, NATRule* nat_rule, Address *src, Address*, Service *srv) { // FWObject *rule_iface = compiler->dbcopy->findInIndex( // policy_rule->getInterfaceId()); RuleElementItf *intf_re = policy_rule->getItf(); FWObject *rule_iface = FWObjectReference::getObject(intf_re->front()); RuleElement *re = nat_rule->getOSrc(); FWObject *o = FWReference::getObject(re->front()); #ifndef NDEBUG Address *osrc = Address::cast(o); assert(osrc); #endif re = nat_rule->getODst(); o = FWReference::getObject(re->front()); Address *odst = Address::cast(o); assert(odst); re = nat_rule->getOSrv(); o = FWReference::getObject(re->front()); Service *osrv = Service::cast(o); assert(osrv); #ifndef NDEBUG re = nat_rule->getTSrc(); o = FWReference::getObject(re->front()); Address *tsrc = Address::cast(o); assert(tsrc); re = nat_rule->getTDst(); o = FWReference::getObject(re->front()); Address *tdst = Address::cast(o); assert(tdst); re = nat_rule->getTSrv(); o = FWReference::getObject(re->front()); Service *tsrv = Service::cast(o); assert(tsrv); #endif FWObject *p = odst->getParent(); if (odst->getId() == rule_iface->getId() || p->getId() == rule_iface->getId()) { PolicyRule *r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(policy_rule); RuleElementSrc *nsrc = r->getSrc(); nsrc->clearChildren(); nsrc->addRef( src ); RuleElementDst *ndst = r->getDst(); ndst->clearChildren(); ndst->addRef( odst ); RuleElementSrv *nsrv = r->getSrv(); nsrv->clearChildren(); if (osrv->isAny()) nsrv->addRef( srv ); else nsrv->addRef( osrv ); transformed_rules.push_back(r); } }