bool PolicyCompiler_pf::splitIfFirewallInSrc::processNext() { PolicyRule *rule=getNext(); if (rule==NULL) return false; PolicyRule *r; RuleElementSrc *src = rule->getSrc(); assert(src); if (src->size()==1 || src->getNeg()) { tmp_queue.push_back(rule); return true; } FWObject *fw_in_src = NULL; vector<FWObject*> cl; for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1) { FWObject *obj = FWReference::getObject(*i1); if (obj==NULL) compiler->abort(rule, "Broken Src object"); if (obj->getId()==compiler->getFwId()) { fw_in_src = obj; RuleElementSrc *nsrc; r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); nsrc = r->getSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); nsrc->addRef( compiler->fw ); tmp_queue.push_back(r); } } if (fw_in_src!=NULL) src->removeRef( fw_in_src ); tmp_queue.push_back(rule); return true; }
void PolicyCompiler_pix::replaceTranslatedAddresses::action( PolicyRule* policy_rule, NATRule* nat_rule, Address *src, Address*, Service *srv) { // FWObject *rule_iface = compiler->dbcopy->findInIndex( // policy_rule->getInterfaceId()); RuleElementItf *intf_re = policy_rule->getItf(); FWObject *rule_iface = FWObjectReference::getObject(intf_re->front()); RuleElement *re = nat_rule->getOSrc(); FWObject *o = FWReference::getObject(re->front()); #ifndef NDEBUG Address *osrc = Address::cast(o); assert(osrc); #endif re = nat_rule->getODst(); o = FWReference::getObject(re->front()); Address *odst = Address::cast(o); assert(odst); re = nat_rule->getOSrv(); o = FWReference::getObject(re->front()); Service *osrv = Service::cast(o); assert(osrv); #ifndef NDEBUG re = nat_rule->getTSrc(); o = FWReference::getObject(re->front()); Address *tsrc = Address::cast(o); assert(tsrc); re = nat_rule->getTDst(); o = FWReference::getObject(re->front()); Address *tdst = Address::cast(o); assert(tdst); re = nat_rule->getTSrv(); o = FWReference::getObject(re->front()); Service *tsrv = Service::cast(o); assert(tsrv); #endif FWObject *p = odst->getParent(); if (odst->getId() == rule_iface->getId() || p->getId() == rule_iface->getId()) { PolicyRule *r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(policy_rule); RuleElementSrc *nsrc = r->getSrc(); nsrc->clearChildren(); nsrc->addRef( src ); RuleElementDst *ndst = r->getDst(); ndst->clearChildren(); ndst->addRef( odst ); RuleElementSrv *nsrv = r->getSrv(); nsrv->clearChildren(); if (osrv->isAny()) nsrv->addRef( srv ); else nsrv->addRef( osrv ); transformed_rules.push_back(r); } }