string RoutingCompiler_iosacl::PrintRule::_printRItf(RoutingRule *rule)
{
    RuleElementRItf *itfrel = rule->getRItf();
    if (!itfrel->isAny())
    {
        Interface *itf =
            Interface::cast(FWObjectReference::getObject(itfrel->front()));
        if (itf != nullptr) return itf->getName() + " ";
    }
    return "";
}
bool RoutingCompiler_iosacl::checkRItfAndGw::processNext()
{
    RoutingRule *rule=getNext(); if (rule==NULL) return false;
    tmp_queue.push_back(rule);

    RuleElementRItf *itfrel = rule->getRItf();    assert(itfrel);
    RuleElementRGtw *gtwrel = rule->getRGtw();    assert(gtwrel);

    if (!itfrel->isAny() && !gtwrel->isAny())
        compiler->abort(rule, "Can not use both gateway address and interface in "
                        "IOS routing rule");

    return true;
}
예제 #3
0
bool RoutingCompiler::interfaceOrGateway::processNext()
{
    RoutingRule *rule = getNext(); if (rule==NULL) return false;
    tmp_queue.push_back(rule);
    
    RuleElementRItf *itfrel = rule->getRItf();
    RuleElementRGtw *gtwrel = rule->getRGtw();

    if (!itfrel->isAny() && !gtwrel->isAny())
    {
        compiler->abort(rule,
                        "Use either gateway or interface in a routing rule "
                        "but not both at the same time");
    }

    return true;
}
bool RoutingCompiler_pix::emptyRDstOrRItf::processNext()
{
    RoutingRule *rule=getNext(); if (rule==NULL) return false;
    tmp_queue.push_back(rule);
    
    RuleElementRGtw *gtwrel = rule->getRGtw();
    RuleElementRItf *itfrel = rule->getRItf();

    if (itfrel->isAny() || gtwrel->isAny())
    {
        compiler->abort(
            rule,
            "Interface and gateway rule elements can not be empty in "
            "the PIX routing rule");
    }

    return true;
}
예제 #5
0
bool RoutingCompiler::rItfChildOfFw::processNext()
{
    RoutingRule *rule=getNext(); if (rule==NULL) return false;
    tmp_queue.push_back(rule);
    
    RuleElementRItf *itfrel = rule->getRItf();

    if (itfrel->isAny()) return true;

    FWObject *o = FWReference::cast(itfrel->front())->getPointer();

    // the interface is not a child of the firewall. Could be
    // cluster interface though. In that case make sure the
    // firewall is a member of that cluster.
    Interface *iface = Interface::cast(o);
    if (iface)
    {
        FWObject *parent = Host::getParentHost(iface);
        //FWObject *parent = iface->getParentHost();
        if (parent->getId() == compiler->fw->getId()) return true;

        Cluster *cluster = Cluster::cast(parent);
        if (cluster)
        {            
            list<Firewall*> members;
            cluster->getMembersList(members);
            list<Firewall*>::iterator it;
            for (it=members.begin(); it!=members.end(); ++it)
            {
                if ((*it)->getId() == compiler->fw->getId()) return true;
            }
        }
    }
    string msg;
    msg = "Object \"" + o->getName() + 
        "\" used as interface in the routing rule " +
        rule->getLabel() +
        " is not a child of the firewall the rule belongs to";
    compiler->abort(rule, msg.c_str());
    // even though we call abort() here, it does not actually stop the
    // program if it runs in the test mode.
    return true;
}