bool PolicyCompiler::InterfacePolicyRules::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
RuleElementItf *itfre = rule->getItf(); assert(itfre);
if (itfre->isAny())
{
// rule->setInterfaceId(-1);
tmp_queue.push_back(rule);
return true;
}
for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i)
{
FWObject *o = FWReference::getObject(*i);
if (ObjectGroup::isA(o))
{
// a group in "interface" rule element. GUI checks that only
// interfaces are allowed in such group, but we should check anyway.
for (FWObject::iterator i=o->begin(); i!=o->end(); ++i)
{
FWObject *o1 = FWReference::getObject(*i);
if (!Interface::isA(o1))
{
compiler->warning(
"Object '" + o1->getName() +
"', which is not an interface, is a member of the group '" +
o->getName() +
"' used in 'Interface' element of a rule.");
continue;
}
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementItf *nitf = r->getItf();
nitf->clearChildren();
nitf->setAnyElement();
nitf->addRef(o1);
tmp_queue.push_back(r);
}
} else
{
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementItf *nitf = r->getItf();
nitf->clearChildren();
nitf->setAnyElement();
nitf->addRef(o);
tmp_queue.push_back(r);
}
}
return true;
}
string TableFactory::PrintTables()
{
if (tables.size() == 0) return "";
stringstream output;
output << endl;
output << "# Tables: (" << tables.size() << ")" << endl;
for (map<string,string>::const_iterator i=tblnames.begin();
i!=tblnames.end(); i++)
{
string tblID = i->second;
FWObject *grp = tables[tblID];
output << "table ";
output << "<" << grp->getName() << "> ";
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(grp);
if (atrt!=nullptr &&
atrt->getSubstitutionTypeName()==AddressTable::TYPENAME)
{
output << "persist";
if ( !atrt->getSourceName().empty() )
{
string path =
atrt->getSourceNameAsPath(firewall->getOptionsObject());
if (path.empty()) {
compiler->abort("Error: Firewall's data directory not set for address table: " + atrt->getName());
}
output << " file \"" << path << "\"";
}
output << endl;
continue;
}
output << "{ ";
for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++)
{
if (i!=grp->begin()) output << ", ";
FWObject *o = FWReference::getObject(*i);
if (o==nullptr) compiler->abort("broken table object ");
MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
if (atrt!=nullptr)
{
if (atrt->getSubstitutionTypeName()==DNSName::TYPENAME)
{
output << atrt->getSourceName() << " ";
}
if (atrt->getSubstitutionTypeName()==AttachedNetworks::TYPENAME)
{
output << atrt->getSourceName() << ":network ";
}
} else
{
if (Interface::cast(o))
{
output << o->getName();
} else
{
Address *A=Address::cast( o );
if (A==nullptr)
compiler->abort("table object must be an address: '" +
o->getTypeName()+"'");
const InetAddr *addr = A->getAddressPtr();
InetAddr mask = *(A->getNetmaskPtr());
if (A->dimension()==1)
{
mask = InetAddr(InetAddr::getAllOnes());
}
output << addr->toString();
if (!mask.isHostMask())
{
output << "/" << mask.getLength();
}
}
}
output << " ";
}
output << "} ";
output << endl;
}
output << endl;
return output.str();
}
