bool PolicyCompiler_pf::splitIfFirewallInSrc::processNext() { PolicyRule *rule=getNext(); if (rule==NULL) return false; PolicyRule *r; RuleElementSrc *src = rule->getSrc(); assert(src); if (src->size()==1 || src->getNeg()) { tmp_queue.push_back(rule); return true; } FWObject *fw_in_src = NULL; vector<FWObject*> cl; for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1) { FWObject *obj = FWReference::getObject(*i1); if (obj==NULL) compiler->abort(rule, "Broken Src object"); if (obj->getId()==compiler->getFwId()) { fw_in_src = obj; RuleElementSrc *nsrc; r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); nsrc = r->getSrc(); nsrc->clearChildren(); nsrc->setAnyElement(); nsrc->addRef( compiler->fw ); tmp_queue.push_back(r); } } if (fw_in_src!=NULL) src->removeRef( fw_in_src ); tmp_queue.push_back(rule); return true; }
bool PolicyCompiler_ipf::doSrcNegation::processNext() { PolicyRule *rule=getNext(); if (rule==NULL) return false; RuleElementSrc *src=rule->getSrc(); if (src->getNeg()) { RuleElementSrc *nsrc; PolicyRule *r; FWOptions *ruleopt; r= compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); r->setAction(PolicyRule::Continue); r->setLogging(false); nsrc=r->getSrc(); nsrc->setNeg(false); r->setBool("quick",false); r->setBool("skip_check_for_duplicates",true); ruleopt = r->getOptionsObject(); ruleopt->setBool("stateless", true); tmp_queue.push_back(r); r= compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); nsrc=r->getSrc(); nsrc->setNeg(false); nsrc->clearChildren(); nsrc->setAnyElement(); r->setBool("quick",true); r->setBool("skip_check_for_duplicates",true); tmp_queue.push_back(r); return true; } tmp_queue.push_back(rule); return true; }
bool PolicyCompiler_pf::doSrcNegation::processNext() { PolicyRule *rule=getNext(); if (rule==NULL) return false; RuleElementSrc *src=rule->getSrc(); if (src->getNeg()) { RuleElementSrc *nsrc; PolicyRule *r; r= compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); if (rule->getAction()==PolicyRule::Accept) r->setAction(PolicyRule::Deny); else r->setAction(PolicyRule::Accept); nsrc=r->getSrc(); nsrc->setNeg(false); r->setBool("quick",true); r->setLogging(false); tmp_queue.push_back(r); r= compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); nsrc=r->getSrc(); nsrc->setNeg(false); nsrc->clearChildren(); nsrc->setAnyElement(); r->setBool("quick",true); tmp_queue.push_back(r); return true; } tmp_queue.push_back(rule); return true; }