本文整理汇总了C++中Firewall类的典型用法代码示例。如果您正苦于以下问题:C++ Firewall类的具体用法?C++ Firewall怎么用?C++ Firewall使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Firewall类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: assert
list<int> Helper::getAllInterfaceIDs()
{
Firewall *fw = compiler->fw;
list<int> intf_id_list;
FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i)
{
Interface *ifs = Interface::cast(*i);
assert(ifs);
if (ifs->isUnprotected()) continue; // skip!
intf_id_list.push_back( (*i)->getId() );
}
return intf_id_list;
}示例2: getPossibleMembers
void clusterMembersDialog::getPossibleMembers()
{
t_fwList fwlist;
mw->findAllFirewalls(fwlist);
Firewall *fw;
for (t_fwList::iterator it = fwlist.begin(); it != fwlist.end(); it++)
{
// does host_OS and platform match?
fw = *it;
if (fw->getStr("host_OS").c_str() != host_os ||
fw->getStr("platform").c_str() != platform)
{
continue;
}
// does the firewall provide at least one phys. interface?
FWObjectTypedChildIterator iface_i = fw->findByType(Interface::TYPENAME);
if (iface_i == iface_i.end())
{
continue;
}
else
{
// previously selected? skip
PredFindFw pred;
pred.setSearchString(fw->getName().c_str());
t_memberList::iterator it = find_if(selected.begin(),
selected.end(), pred);
if (it != selected.end())
{
continue;
}
// valid member, add to member list
ClusterMember *new_member = createMember(fw);
if (new_member == NULL)
{
qWarning() << "clusterMembersDialog: could not create new "
"cluster member";
return;
}
available.push_back(new_member);
}
}
fwlist.sort(FWObjectNameCmpPredicate());
}示例3: main
//.........这里部分代码省略.........
if (flags.version) {
cout << "mesos" << " " << MESOS_VERSION << endl;
return EXIT_SUCCESS;
}
if (flags.help) {
cout << flags.usage() << endl;
return EXIT_SUCCESS;
}
if (ip_discovery_command.isSome() && ip.isSome()) {
EXIT(EXIT_FAILURE) << flags.usage(
"Only one of `--ip` or `--ip_discovery_command` should be specified");
}
if (ip_discovery_command.isSome()) {
Try<string> ipAddress = os::shell(ip_discovery_command.get());
if (ipAddress.isError()) {
EXIT(EXIT_FAILURE) << ipAddress.error();
}
os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get()));
} else if (ip.isSome()) {
os::setenv("LIBPROCESS_IP", ip.get());
}
os::setenv("LIBPROCESS_PORT", stringify(port));
if (advertise_ip.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get());
}
if (advertise_port.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get());
}
if (zk.isNone()) {
if (flags.master_contender.isSome() ^ flags.master_detector.isSome()) {
EXIT(EXIT_FAILURE)
<< flags.usage("Both --master_contender and --master_detector should "
"be specified or omitted.");
}
} else {
if (flags.master_contender.isSome() || flags.master_detector.isSome()) {
EXIT(EXIT_FAILURE)
<< flags.usage("Only one of --zk or the "
"--master_contender/--master_detector "
"pair should be specified.");
}
}
// Log build information.
LOG(INFO) << "Build: " << build::DATE << " by " << build::USER;
LOG(INFO) << "Version: " << MESOS_VERSION;
if (build::GIT_TAG.isSome()) {
LOG(INFO) << "Git tag: " << build::GIT_TAG.get();
}
if (build::GIT_SHA.isSome()) {
LOG(INFO) << "Git SHA: " << build::GIT_SHA.get();
}
// This should be the first invocation of `process::initialize`. If it returns
// `false`, then it has already been called, which means that the
// authentication realm for libprocess-level HTTP endpoints was not set to the
// correct value for the master.
if (!process::initialize(
"master",
READWRITE_HTTP_AUTHENTICATION_REALM,
READONLY_HTTP_AUTHENTICATION_REALM)) {
EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the master's "
<< "`main()` was not the function's first invocation";
}
logging::initialize(argv[0], flags, true); // Catch signals.
// Log any flag warnings (after logging is initialized).
foreach (const flags::Warning& warning, load->warnings) {
LOG(WARNING) << warning.message;
}
spawn(new VersionProcess(), true);
// Initialize firewall rules.
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (const string& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}示例4: main
//.........这里部分代码省略.........
if (flags.version) {
cout << "mesos" << " " << MESOS_VERSION << endl;
return EXIT_SUCCESS;
}
// TODO(marco): this pattern too should be abstracted away
// in FlagsBase; I have seen it at least 15 times.
if (load.isError()) {
cerr << flags.usage(load.error()) << endl;
return EXIT_FAILURE;
}
if (flags.master.isNone() && flags.master_detector.isNone()) {
cerr << flags.usage("Missing required option `--master` or "
"`--master_detector`.") << endl;
return EXIT_FAILURE;
}
if (flags.master.isSome() && flags.master_detector.isSome()) {
cerr << flags.usage("Only one of --master or --master_detector options "
"should be specified.");
return EXIT_FAILURE;
}
// Initialize libprocess.
if (flags.ip_discovery_command.isSome() && flags.ip.isSome()) {
EXIT(EXIT_FAILURE) << flags.usage(
"Only one of `--ip` or `--ip_discovery_command` should be specified");
}
if (flags.ip_discovery_command.isSome()) {
Try<string> ipAddress = os::shell(flags.ip_discovery_command.get());
if (ipAddress.isError()) {
EXIT(EXIT_FAILURE) << ipAddress.error();
}
os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get()));
} else if (flags.ip.isSome()) {
os::setenv("LIBPROCESS_IP", flags.ip.get());
}
os::setenv("LIBPROCESS_PORT", stringify(flags.port));
if (flags.advertise_ip.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_IP", flags.advertise_ip.get());
}
if (flags.advertise_port.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_PORT", flags.advertise_port.get());
}
// Log build information.
LOG(INFO) << "Build: " << build::DATE << " by " << build::USER;
LOG(INFO) << "Version: " << MESOS_VERSION;
if (build::GIT_TAG.isSome()) {
LOG(INFO) << "Git tag: " << build::GIT_TAG.get();
}
if (build::GIT_SHA.isSome()) {
LOG(INFO) << "Git SHA: " << build::GIT_SHA.get();
}
const string id = process::ID::generate("slave"); // Process ID.
// If `process::initialize()` returns `false`, then it was called before this
// invocation, meaning the authentication realm for libprocess-level HTTP
// endpoints was set incorrectly. This should be the first invocation.
if (!process::initialize(
id,
READWRITE_HTTP_AUTHENTICATION_REALM,
READONLY_HTTP_AUTHENTICATION_REALM)) {
EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the agent's "
<< "`main()` was not the function's first invocation";
}
logging::initialize(argv[0], flags, true); // Catch signals.
// Log any flag warnings (after logging is initialized).
foreach (const flags::Warning& warning, load->warnings) {
LOG(WARNING) << warning.message;
}
spawn(new VersionProcess(), true);
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (const string& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}示例5: main
//.........这里部分代码省略.........
"May be one of:\n"
" zk://host1:port1,host2:port2,.../path\n"
" zk://username:[email protected]:port1,host2:port2,.../path\n"
" file:///path/to/file (where file contains one of the above)");
Try<Nothing> load = flags.load("MESOS_", argc, argv);
// TODO(marco): this pattern too should be abstracted away
// in FlagsBase; I have seen it at least 15 times.
if (load.isError()) {
cerr << flags.usage(load.error()) << endl;
return EXIT_FAILURE;
}
if (flags.help) {
cout << flags.usage() << endl;
return EXIT_SUCCESS;
}
if (flags.version) {
version();
return EXIT_SUCCESS;
}
if (master.isNone()) {
cerr << flags.usage("Missing required option --master") << endl;
return EXIT_FAILURE;
}
// Initialize modules. Note that since other subsystems may depend
// upon modules, we should initialize modules before anything else.
if (flags.modules.isSome()) {
Try<Nothing> result = ModuleManager::load(flags.modules.get());
if (result.isError()) {
EXIT(EXIT_FAILURE) << "Error loading modules: " << result.error();
}
}
// Initialize hooks.
if (flags.hooks.isSome()) {
Try<Nothing> result = HookManager::initialize(flags.hooks.get());
if (result.isError()) {
EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error();
}
}
// Initialize libprocess.
if (ip.isSome()) {
os::setenv("LIBPROCESS_IP", ip.get());
}
os::setenv("LIBPROCESS_PORT", stringify(port));
process::initialize("slave(1)");
logging::initialize(argv[0], flags, true); // Catch signals.
LOG(INFO) << "Build: " << build::DATE << " by " << build::USER;
LOG(INFO) << "Version: " << MESOS_VERSION;
if (build::GIT_TAG.isSome()) {
LOG(INFO) << "Git tag: " << build::GIT_TAG.get();
}
if (build::GIT_SHA.isSome()) {
LOG(INFO) << "Git SHA: " << build::GIT_SHA.get();
}
Fetcher fetcher;
Try<Containerizer*> containerizer =
Containerizer::create(flags, false, &fetcher);
if (containerizer.isError()) {
EXIT(EXIT_FAILURE)
<< "Failed to create a containerizer: " << containerizer.error();
}
Try<MasterDetector*> detector = MasterDetector::create(master.get());
if (detector.isError()) {
EXIT(EXIT_FAILURE)
<< "Failed to create a master detector: " << detector.error();
}
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (const string& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}示例6: getFirewallAndClusterObjects
QString CompilerDriver_pix::run(const std::string &cluster_id,
const std::string &firewall_id,
const std::string &single_rule_id)
{
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
if (cluster)
{
// PIX failover is dfferent from VRRP and other failover protocols
// in that it does not create new virtual address. Instead, each
// unit is configured with two ip addresses, one for the active
// unit and another for standby one. When active unit fails, the
// other one assumes its address.
//
// This matters because when we use cluster object or one of its
// interfaces in rules, compiler should expand it to the set of
// addresses that includes addresses of the corresponding
// interface of both member firewalls. Method
// CompilerDriver::copyFailoverInterface adds a copy of firewall
// interface to the cluster object. This works for all firewalls,
// but for PIX we need to add copies of interfaces from both
// members.
//
FWObjectTypedChildIterator cl_iface = cluster->findByType(Interface::TYPENAME);
for (; cl_iface != cl_iface.end(); ++cl_iface)
{
FailoverClusterGroup *failover_group =
FailoverClusterGroup::cast(
(*cl_iface)->getFirstByType(FailoverClusterGroup::TYPENAME));
if (failover_group)
{
//FWObject *this_member_interface = NULL; //UNUSED
list<FWObject*> other_member_interfaces;
for (FWObjectTypedChildIterator it =
failover_group->findByType(FWObjectReference::TYPENAME);
it != it.end(); ++it)
{
FWObject *intf = FWObjectReference::getObject(*it);
assert(intf);
//if (intf->isChildOf(fw)) this_member_interface = intf; //UNUSED
//else other_member_interfaces.push_back(intf);
if (!intf->isChildOf(fw)) other_member_interfaces.push_back(intf);
}
if (!other_member_interfaces.empty())
{
for (list<FWObject*>::iterator it=other_member_interfaces.begin();
it!=other_member_interfaces.end(); ++it)
{
cluster->addCopyOf(*it, true);
}
}
}
}
}
#if 0
FWObjectTypedChildIterator iface = fw->findByType(Interface::TYPENAME);
for (; iface != iface.end(); ++iface)
{
(*iface)->dump(true, true);
}
#endif
determineOutputFileNames(cluster, fw, !cluster_id.empty(),
QStringList(""), QStringList("fw"),
QStringList(""));
FWOptions* options = fw->getOptionsObject();
QString script_buffer;
std::auto_ptr<NATCompiler_pix> n;
std::auto_ptr<PolicyCompiler_pix> c;
std::auto_ptr<RoutingCompiler_pix> r;
try
{
clearReadOnly(fw);
commonChecks2(cluster, fw);
pixClusterConfigurationChecks(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
bool pix_acl_basic = options->getBool("pix_acl_basic");
bool pix_acl_no_clear = options->getBool("pix_acl_no_clear");
bool pix_acl_substitution = options->getBool("pix_acl_substitution");
bool pix_add_clear_statements = options->getBool("pix_add_clear_statements");
//.........这里部分代码省略.........
示例7: getFirewallAndClusterObjects
QString CompilerDriver_junosacl::run(const string &cluster_id,
const string &firewall_id,
const string &single_rule_id)
{
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
try
{
clearReadOnly(fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
commonChecks2(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
determineOutputFileNames(cluster, fw, !cluster_id.empty(),
QStringList(""), QStringList("fw"),
QStringList(""));
/* Now that all checks are done, we can drop copies of cluster
* interfaces that were added to the firewall by
* CompilerDriver::populateClusterElements()
*/
list<FWObject*> all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
list<FWObject*> copies_of_cluster_interfaces;
for (std::list<FWObject*>::iterator i=all_interfaces.begin(); i!=all_interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);
if (iface->getOptionsObject()->getBool("cluster_interface"))
copies_of_cluster_interfaces.push_back(iface);
}
while (copies_of_cluster_interfaces.size())
{
fw->remove(copies_of_cluster_interfaces.front());
copies_of_cluster_interfaces.pop_front();
}
FWOptions* options = fw->getOptionsObject();
string fwvers = fw->getStr("version");
if (fwvers == "") fw->setStr("version", "11.2");
if (fwvers == "11.x") fw->setStr("version", "11.2");
string platform = fw->getStr("platform");
std::auto_ptr<OSConfigurator_junos> oscnf(new OSConfigurator_junos(objdb, fw, false));
oscnf->prolog();
oscnf->processFirewallOptions();
list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
// assign unique rule ids that later will be used to generate
// chain names. This should be done after calls to
// findImportedRuleSets()
// NB: these ids are not used by this compiler
assignUniqueRuleIds(all_policies);
vector<int> ipv4_6_runs;
// // // // //NamedObjectsManager named_objects_manager(persistent_objects, fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
// be generated. If "-6" is used, only ipv6 part will be generated.
// If neither is used, both parts will be done.
if (options->getStr("ipv4_6_order").empty() ||
options->getStr("ipv4_6_order") == "ipv4_first")
{
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
}
if (options->getStr("ipv4_6_order") == "ipv6_first")
{
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
}
string object_groups_definitions;
for (vector<int>::iterator i=ipv4_6_runs.begin();
i!=ipv4_6_runs.end(); ++i)
{
int policy_af = *i;
bool ipv6_policy = (policy_af == AF_INET6);
// Count rules for each address family
int policy_count = 0;
//.........这里部分代码省略.........
示例8: createTreeItem
void instDialog::fillCompileSelectList()
{
if (fwbdebug) qDebug("instDialog::fillCompileSelectList");
Firewall *fw;
Cluster *cl;
QDateTime dt;
creatingTable = true;
m_dialog->selectTable->clear();
list<Firewall*> working_list_of_firewalls = firewalls;
for (list<Cluster *>::iterator i=clusters.begin(); i!=clusters.end(); ++i)
{
cl = *i;
QTreeWidgetItem* cluster_item = createTreeItem(NULL, cl);
m_dialog->selectTable->addTopLevelItem(cluster_item);
list<Firewall*> members;
cl->getMembersList(members);
for (list<Firewall*>::iterator member=members.begin();
member!=members.end(); ++member)
{
createTreeItem(cluster_item, *member);
working_list_of_firewalls.remove(*member);
}
cluster_item->setExpanded(true);
}
for (list<Firewall *>::iterator i=working_list_of_firewalls.begin();
i!=working_list_of_firewalls.end(); ++i)
{
fw = *i;
QTreeWidgetItem* fw_item = createTreeItem(NULL, fw);
m_dialog->selectTable->addTopLevelItem(fw_item);
}
QTreeWidgetItemIterator it(m_dialog->selectTable);
while (*it)
{
setFlags(*it);
++it;
}
/* ticket #1305
* check if any of the firewall objects are members of clusters but
* the clusters are not requested for compile
*/
QString warn1(
tr("<b>You are trying to compile policy for a firewall object that is "
"a member of a cluster, however you requested compilation of only "
"this member firewall and not the cluster it belongs to. Assuming "
"firewall is standalone and not cluster member. Rules and parts of "
"the script specific for the cluster configuration will not be "
"generated.</b>"));
QStringList warn2;
list<FWObject*> all_libs = project->db()->getByType(Library::TYPENAME);
foreach(FWObject *lib, all_libs)
{
if (lib->getId() == FWObjectDatabase::DELETED_OBJECTS_ID) continue;
list<FWObject*> all_clusters = lib->getByTypeDeep(Cluster::TYPENAME);
foreach(FWObject *_cl, all_clusters)
{
if (std::find(clusters.begin(), clusters.end(), _cl) == clusters.end())
{
Cluster *cluster = Cluster::cast(_cl);
assert(cluster);
foreach(FWObject *fw, firewalls)
{
if (cluster->hasMember(Firewall::cast(fw)))
{
warn2 <<
QString(tr("Firewall '%1' is member of cluster '%2'")
.arg(QString::fromUtf8(fw->getName().c_str()))
.arg(QString::fromUtf8(cluster->getPath().c_str())));
}
}
}
}
}示例9: qDebug
void FirewallDialog::applyChanges()
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges()";
bool autorename_chidren = false;
QString dialog_txt = tr(
"The name of the object '%1' has changed. The program can also "
"rename IP address objects that belong to this object, "
"using standard naming scheme 'host_name:interface_name:ip'. "
"This makes it easier to distinguish what host or a firewall "
"given IP address object belongs to when it is used in "
"the policy or NAT rule. The program also renames MAC address "
"objects using scheme 'host_name:interface_name:mac'. "
"Do you want to rename child IP and MAC address objects now? "
"(If you click 'No', names of all address objects that belong to "
"%2 will stay the same.)")
.arg(QString::fromUtf8(obj->getName().c_str()))
.arg(QString::fromUtf8(obj->getName().c_str()));
if (obj->getName() != m_dialog->obj_name->text().toUtf8().constData())
{
/*
* when we open this warning dialog, FirewallDialog class
* loses focus and obj_name lineEdit widget sends signal
* "editingfinished" again. To the user this looks like the
* warning dialog popped up twice (in fact two copies of the
* same warning dialog appear at the same time, one exactly on
* top of another). To avoid this, block signals for the
* duration while we show the dialog. Note that documentation
* does not mention that QObject::blockSignals() affects not
* only the widget but all its children, but it seems to work
* that way. Tested with Qt 4.6.1. See #1171
*/
blockSignals(true);
autorename_chidren = (QMessageBox::warning(
this,"Firewall Builder", dialog_txt,
tr("&Yes"), tr("&No"), QString::null,
0, 1 )==0 );
blockSignals(false);
}
if (fwbdebug)
qDebug() << "Sending FWCmdChange autorename_chidren="
<< autorename_chidren;
std::unique_ptr<FWCmdChange> cmd(
new FWCmdChange(m_project, obj, "", autorename_chidren));
// new_state is a copy of the fw object
FWObject* new_state = cmd->getNewState();
Firewall *s = dynamic_cast<Firewall*>(new_state);
#ifndef NDEBUG
Management *mgmt = s->getManagementObject();
assert(mgmt!=nullptr);
#endif
string old_name = obj->getName();
string new_name = string(m_dialog->obj_name->text().toUtf8().constData());
string old_platform = obj->getStr("platform");
string old_host_os = obj->getStr("host_OS");
string old_version = obj->getStr("version");
new_state->setName(new_name);
m_dialog->commentKeywords->applyChanges(new_state);
s->setInactive(m_dialog->inactive->isChecked());
saveVersion(new_state);
string new_version = new_state->getStr("version");
string new_platform = readPlatform(m_dialog->platform).toLatin1().constData();
if (new_platform.empty()) new_platform = "unknown";
new_state->setStr("platform", new_platform );
if (old_platform!=new_platform)
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges() platform has changed"
<< old_platform.c_str() << "->" << new_platform.c_str()
<< "clearing option 'compiler'";
platformChanged();
FWOptions *opt =s->getOptionsObject();
opt->setStr("compiler", "");
// Set default options for the new platform
Resources::setDefaultTargetOptions(new_platform, s);
}
string new_host_os = readHostOS(m_dialog->hostOS).toLatin1().constData();
if (new_host_os.empty()) new_host_os = "unknown_os";
new_state->setStr("host_OS", new_host_os);
if (old_host_os!=new_host_os)
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges() host_OS has changed"
//.........这里部分代码省略.........
示例10: main
//.........这里部分代码省略.........
// Initialize hooks.
if (flags.hooks.isSome()) {
Try<Nothing> result = HookManager::initialize(flags.hooks.get());
if (result.isError()) {
EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error();
}
}
spawn(new VersionProcess(), true);
LOG(INFO) << "Build: " << build::DATE << " by " << build::USER;
LOG(INFO) << "Version: " << MESOS_VERSION;
if (build::GIT_TAG.isSome()) {
LOG(INFO) << "Git tag: " << build::GIT_TAG.get();
}
if (build::GIT_SHA.isSome()) {
LOG(INFO) << "Git SHA: " << build::GIT_SHA.get();
}
Fetcher fetcher;
#ifdef __linux__
// Initialize systemd if it exists.
if (systemd::exists() && flags.systemd_enable_support) {
LOG(INFO) << "Inializing systemd state";
systemd::Flags systemdFlags;
systemdFlags.enabled = flags.systemd_enable_support;
systemdFlags.runtime_directory = flags.systemd_runtime_directory;
systemdFlags.cgroups_hierarchy = flags.cgroups_hierarchy;
Try<Nothing> initialize = systemd::initialize(systemdFlags);
if (initialize.isError()) {
EXIT(EXIT_FAILURE)
<< "Failed to initialize systemd: " + initialize.error();
}
}
#endif // __linux__
Try<Containerizer*> containerizer =
Containerizer::create(flags, false, &fetcher);
if (containerizer.isError()) {
EXIT(EXIT_FAILURE)
<< "Failed to create a containerizer: " << containerizer.error();
}
Try<MasterDetector*> detector_ = MasterDetector::create(
master, flags.master_detector);
if (detector_.isError()) {
EXIT(EXIT_FAILURE)
<< "Failed to create a master detector: " << detector_.error();
}
MasterDetector* detector = detector_.get();
Option<Authorizer*> authorizer_ = None();
string authorizerName = flags.authorizer;
Result<Authorizer*> authorizer((None()));
if (authorizerName != slave::DEFAULT_AUTHORIZER) {
LOG(INFO) << "Creating '" << authorizerName << "' authorizer";
// NOTE: The contents of --acls will be ignored.
authorizer = Authorizer::create(authorizerName);
} else {
// `authorizerName` is `DEFAULT_AUTHORIZER` at this point.
if (flags.acls.isSome()) {
LOG(INFO) << "Creating default '" << authorizerName << "' authorizer";
authorizer = Authorizer::create(flags.acls.get());
}
}
if (authorizer.isError()) {
EXIT(EXIT_FAILURE) << "Could not create '" << authorizerName
<< "' authorizer: " << authorizer.error();
} else if (authorizer.isSome()) {
authorizer_ = authorizer.get();
}
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (const string& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}示例11: db
bool ProjectPanel::event(QEvent *event)
{
if (event->type() >= QEvent::User)
{
fwbUpdateEvent *ev = dynamic_cast<fwbUpdateEvent*>(event);
int event_code = event->type() - QEvent::User;
QString data_file = ev->getFileName();
int obj_id = ev->getObjectId();
FWObject *obj = db()->findInIndex(obj_id);
if (fwbdebug)
qDebug() << this
<< "rcs:"
<< rcs
<< "rcs->getFileName():"
<< QString((rcs!=NULL) ? rcs->getFileName() : "")
<< "file:"
<< data_file
<< "event:"
<< ev->getEventName()
<< "object:"
<< ((obj!=NULL) ? QString::fromUtf8(obj->getName().c_str()) : "")
<< "(" << ((obj!=NULL) ? obj->getTypeName().c_str() : "") << ")"
<< "id=" << ((obj!=NULL) ? obj->getId() : -1);
if (event_code == UPDATE_GUI_STATE_EVENT && mdiWindow != NULL)
{
m_panel->om->updateCreateObjectMenu(getCurrentLib());
ev->accept();
return true;
}
if ((rcs && rcs->getFileName() == data_file) ||
(!rcs && data_file.isEmpty()))
{
switch (event_code)
{
case RELOAD_OBJECT_TREE_EVENT:
registerTreeReloadRequest();
ev->accept();
return true;
case RELOAD_OBJECT_TREE_IMMEDIATELY_EVENT:
m_panel->om->reload();
ev->accept();
return true;
case RELOAD_RULESET_EVENT:
registerRuleSetRedrawRequest();
// update rule set title as well
//updateFirewallName();
ev->accept();
return true;
case MAKE_CURRENT_RULE_VISIBLE_IN_RULESET_EVENT:
{
RuleSetView* rsv = getCurrentRuleSetView();
if (rsv) rsv->makeCurrentRuleVisible();
ev->accept();
return true;
}
case RELOAD_RULESET_IMMEDIATELY_EVENT:
redrawRuleSets();
//reopenFirewall();
// update rule set title as well
//updateFirewallName();
ev->accept();
return true;
}
if (obj == NULL) return false;
switch (event_code)
{
case DATA_MODIFIED_EVENT:
{
// This event does not trigger any updates in the UI,
// this purely data structure update event.
FWObject *p = obj;
while (p && Firewall::cast(p)==NULL) p = p->getParent();
Firewall *f = Firewall::cast(p);
// when user locks firewall object, this code tries to
// update last_modified timestamp in it because it
// depends on itself. Dont.
if (f && !f->isReadOnly())
{
f->updateLastModifiedTimestamp();
QCoreApplication::postEvent(
mw, new updateObjectInTreeEvent(data_file, f->getId()));
}
registerModifiedObject(obj);
QCoreApplication::postEvent(mw, new updateGUIStateEvent());
ev->accept();
return true;
}
//.........这里部分代码省略.........
示例12: throw
/**
* finds interface of the firewall associated with the netzone
* that object 'obj' belongs to. Returns interface ID
*
*/
int Helper::findInterfaceByNetzone(const InetAddr *addr, const InetAddr *nm)
throw(FWException)
{
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " matching to";
cerr << " addr=" << addr;
if (addr) cerr << " " << addr->toString();
cerr << " nm=" << nm;
if (nm) cerr << " " << nm->toString();
cerr << endl;
#endif
Firewall *fw = compiler->fw;
map<int,FWObject*> zones;
list<FWObject*> l2 = fw->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{
Interface *iface = Interface::cast(*i);
if (iface->isDedicatedFailover()) continue;
if (iface->isUnprotected()) continue;
// NOTE: "network_zone" is globally unique string ID
int netzone_id =
FWObjectDatabase::getIntId(iface->getStr("network_zone"));
if (netzone_id != -1)
{
FWObject *netzone = fw->getRoot()->findInIndex(netzone_id);
list<FWObject*> nz;
expand_group_recursive(netzone, nz);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " netzone_id=" << netzone_id
<< " " << iface->getStr("network_zone")
<< " " << netzone->getName()
<< endl;
#endif
for (list<FWObject*>::iterator j=nz.begin(); j!=nz.end(); ++j)
{
Address *netzone_addr = Address::cast(*j);
if (netzone_addr == NULL) continue;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " " << netzone_addr->getName()
<< " " << netzone_addr->getAddressPtr()->toString()
<< endl;
#endif
// if addr==NULL, return id of the interfacce that has
// net_zone=="any"
if (addr==NULL)
{
if (netzone_addr->getId()==FWObjectDatabase::ANY_ADDRESS_ID)
return iface->getId(); // id of the interface
} else
{
// see SF bug 3213019
// skip ipv6 addresses in network zone group
if (netzone_addr->getAddressPtr()->addressFamily() !=
addr->addressFamily()) continue;
const InetAddr *nz_addr = netzone_addr->getAddressPtr();
const InetAddr *nz_netm = netzone_addr->getNetmaskPtr();
if (nm != NULL && nz_netm != NULL)
{
InetAddrMask nz_subnet(*nz_addr, *nz_netm);
InetAddrMask other_subnet(*addr, *nm);
vector<InetAddrMask> ovr =
libfwbuilder::getOverlap(nz_subnet,
other_subnet);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " addr=" << other_subnet.toString();
cerr << " nz=" << nz_subnet.toString();
cerr << " overlap:";
cerr << " ovr.size()=" << ovr.size();
if (ovr.size() > 0)
cerr << " ovr.front()=" << ovr.front().toString();
cerr << endl;
#endif
if (ovr.size()==0) continue;
// if nz_subnet is equal or wider than other_subnet,
// getOverlap() returns subnet object equal to other_subnet
// If other_subnet is wider, returned object is equal
// to nz_subnet. If they intersect but one does not fit
// completely in the other, returned object is not equal
// to either.
if (ovr.front() == other_subnet)
{
zones[iface->getId()] = netzone_addr;
//.........这里部分代码省略.........
示例13: findInterfaceByAddress
int Helper::findInterfaceByAddress(const InetAddr *addr,
const InetAddr *nm)
{
if (addr==NULL) return -1;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " addr=" << addr->toString();
cerr << " nm=" << nm->toString();
cerr << endl;
#endif
Firewall *fw = compiler->fw;
list<FWObject*> l2 = fw->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{
Interface *iface = Interface::cast(*i);
if (iface->isDedicatedFailover()) continue;
if (iface->isUnprotected()) continue;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " intf=" << iface->getName();
cerr << endl;
#endif
FWObjectTypedChildIterator j =
iface->findByType((addr->isV4())?IPv4::TYPENAME:IPv6::TYPENAME);
for (; j!=j.end(); ++j)
{
const Address *i_addr = Address::constcast(*j);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " i_addr=" << i_addr->getName();
cerr << endl;
cerr << " " << i_addr->getAddressPtr()->toString();
cerr << " " << i_addr->getNetmaskPtr()->toString();
cerr << endl;
#endif
if (nm != NULL)
{
InetAddrMask interface_subnet(*(i_addr->getAddressPtr()),
*(i_addr->getNetmaskPtr()));
InetAddrMask other_subnet(*addr, *nm);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " addr=" << other_subnet.toString();
cerr << " intf=" << iface->getName()
<< " " << interface_subnet.toString();
cerr << endl;
#endif
vector<InetAddrMask> ovr =
libfwbuilder::getOverlap(interface_subnet, other_subnet);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " overlap:";
cerr << " ovr.size()=" << ovr.size();
if (ovr.size() > 0)
cerr << " ovr.front()=" << ovr.front().toString();
cerr << endl;
#endif
if (ovr.size()==0) continue;
// if interface_subnet is equal or wider than other_subnet,
// getOverlap() returns subnet object equal to other_subnet
// If other_subnet is wider, returned object is equal
// to interface_subnet. If they intersect but one does not fit
// completely in the other, returned object is not equal
// to either.
if (ovr.front() == other_subnet)
{
return iface->getId();
}
} else
{
if ( i_addr->belongs(*addr) ) return iface->getId();
}
}
}
return -1;
}示例14: main
//.........这里部分代码省略.........
if (load.isError()) {
cerr << flags.usage(load.error()) << endl;
return EXIT_FAILURE;
}
if (flags.help) {
cout << flags.usage() << endl;
return EXIT_SUCCESS;
}
if (flags.version) {
cout << "mesos" << " " << MESOS_VERSION << endl;
return EXIT_SUCCESS;
}
if (master.isNone() && flags.master_detector.isNone()) {
cerr << flags.usage("Missing required option `--master` or "
"`--master_detector`.") << endl;
return EXIT_FAILURE;
}
if (master.isSome() && flags.master_detector.isSome()) {
cerr << flags.usage("Only one of --master or --master_detector options "
"should be specified.");
return EXIT_FAILURE;
}
// Initialize libprocess.
if (ip_discovery_command.isSome() && ip.isSome()) {
EXIT(EXIT_FAILURE) << flags.usage(
"Only one of `--ip` or `--ip_discovery_command` should be specified");
}
if (ip_discovery_command.isSome()) {
Try<string> ipAddress = os::shell(ip_discovery_command.get());
if (ipAddress.isError()) {
EXIT(EXIT_FAILURE) << ipAddress.error();
}
os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get()));
} else if (ip.isSome()) {
os::setenv("LIBPROCESS_IP", ip.get());
}
os::setenv("LIBPROCESS_PORT", stringify(port));
if (advertise_ip.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get());
}
if (advertise_port.isSome()) {
os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get());
}
// Log build information.
LOG(INFO) << "Build: " << build::DATE << " by " << build::USER;
LOG(INFO) << "Version: " << MESOS_VERSION;
if (build::GIT_TAG.isSome()) {
LOG(INFO) << "Git tag: " << build::GIT_TAG.get();
}
if (build::GIT_SHA.isSome()) {
LOG(INFO) << "Git SHA: " << build::GIT_SHA.get();
}
const string id = process::ID::generate("slave"); // Process ID.
// If `process::initialize()` returns `false`, then it was called before this
// invocation, meaning the authentication realm for libprocess-level HTTP
// endpoints was set incorrectly. This should be the first invocation.
if (!process::initialize(id, DEFAULT_HTTP_AUTHENTICATION_REALM)) {
EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the agent's "
<< "`main()` was not the function's first invocation";
}
logging::initialize(argv[0], flags, true); // Catch signals.
// Log any flag warnings (after logging is initialized).
foreach (const flags::Warning& warning, load->warnings) {
LOG(WARNING) << warning.message;
}
spawn(new VersionProcess(), true);
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (const string& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}示例15: loadFWObject
void FirewallDialog::loadFWObject(FWObject *o)
{
try
{
obj = o;
Firewall *s = dynamic_cast<Firewall*>(obj);
assert(s!=nullptr);
init = true;
QString platform = obj->getStr("platform").c_str();
/* fill in platform */
setPlatform(m_dialog->platform, platform);
fillVersion();
/* fill in host OS */
setHostOS(m_dialog->hostOS, platform, obj->getStr("host_OS").c_str());
/* ---------------- */
updateTimeStamps();
#ifndef NDEBUG
Management *mgmt=s->getManagementObject();
assert(mgmt!=nullptr);
#endif
// FWOptions *opt =s->getOptionsObject();
m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) );
m_dialog->commentKeywords->loadFWObject(o);
m_dialog->inactive->setChecked(s->getInactive());
m_dialog->obj_name->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->obj_name);
m_dialog->platform->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->platform);
m_dialog->version->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->version);
m_dialog->hostOS->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->hostOS);
m_dialog->fwAdvanced->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->fwAdvanced);
m_dialog->osAdvanced->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->osAdvanced);
// snmpCommunity->setEnabled(!o->isReadOnly());
// setDisabledPalette(snmpCommunity);
m_dialog->inactive->setEnabled(!o->isReadOnly());
setDisabledPalette(m_dialog->inactive);
} catch (FWException &ex)
{
qDebug() << "Caught FWException:" << ex.toString().c_str();
}
init=false;
}