本文整理汇总了C++中Firewall::getByTypeDeep方法的典型用法代码示例。如果您正苦于以下问题:C++ Firewall::getByTypeDeep方法的具体用法?C++ Firewall::getByTypeDeep怎么用?C++ Firewall::getByTypeDeep使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Firewall的用法示例。
在下文中一共展示了Firewall::getByTypeDeep方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: run
//.........这里部分代码省略.........
QString script_buffer;
std::auto_ptr<NATCompiler_pix> n;
std::auto_ptr<PolicyCompiler_pix> c;
std::auto_ptr<RoutingCompiler_pix> r;
try
{
clearReadOnly(fw);
commonChecks2(cluster, fw);
pixClusterConfigurationChecks(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
bool pix_acl_basic = options->getBool("pix_acl_basic");
bool pix_acl_no_clear = options->getBool("pix_acl_no_clear");
bool pix_acl_substitution = options->getBool("pix_acl_substitution");
bool pix_add_clear_statements = options->getBool("pix_add_clear_statements");
if (!pix_acl_basic && !pix_acl_no_clear && !pix_acl_substitution)
{
if ( pix_add_clear_statements ) options->setBool("pix_acl_basic",true);
else options->setBool("pix_acl_no_clear",true);
}
list<FWObject*> all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
pixSecurityLevelChecks(fw, all_interfaces);
pixNetworkZoneChecks(fw, all_interfaces);
/* Now that all checks are done, we can drop copies of cluster
* interfaces that were added to the firewall by
* CompilerDriver::populateClusterElements()
*/
list<FWObject*> copies_of_cluster_interfaces;
for (std::list<FWObject*>::iterator i=all_interfaces.begin(); i!=all_interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);
if (iface->getOptionsObject()->getBool("cluster_interface"))
copies_of_cluster_interfaces.push_back(iface);
}
while (copies_of_cluster_interfaces.size())
{
fw->remove(copies_of_cluster_interfaces.front());
copies_of_cluster_interfaces.pop_front();
}
NamedObjectsManagerPIX named_objects_manager(persistent_objects, fw);
all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
for (std::list<FWObject*>::iterator i=all_interfaces.begin();
i!=all_interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);示例2: findInterfaceByNetzone
/**
* finds interface of the firewall associated with the netzone
* that object 'obj' belongs to. Returns interface ID
*
*/
int Helper::findInterfaceByNetzone(const InetAddr *addr, const InetAddr *nm)
throw(FWException)
{
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " matching to";
cerr << " addr=" << addr;
if (addr) cerr << " " << addr->toString();
cerr << " nm=" << nm;
if (nm) cerr << " " << nm->toString();
cerr << endl;
#endif
Firewall *fw = compiler->fw;
map<int,FWObject*> zones;
list<FWObject*> l2 = fw->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{
Interface *iface = Interface::cast(*i);
if (iface->isDedicatedFailover()) continue;
if (iface->isUnprotected()) continue;
// NOTE: "network_zone" is globally unique string ID
int netzone_id =
FWObjectDatabase::getIntId(iface->getStr("network_zone"));
if (netzone_id != -1)
{
FWObject *netzone = fw->getRoot()->findInIndex(netzone_id);
list<FWObject*> nz;
expand_group_recursive(netzone, nz);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " netzone_id=" << netzone_id
<< " " << iface->getStr("network_zone")
<< " " << netzone->getName()
<< endl;
#endif
for (list<FWObject*>::iterator j=nz.begin(); j!=nz.end(); ++j)
{
Address *netzone_addr = Address::cast(*j);
if (netzone_addr == NULL) continue;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " " << netzone_addr->getName()
<< " " << netzone_addr->getAddressPtr()->toString()
<< endl;
#endif
// if addr==NULL, return id of the interfacce that has
// net_zone=="any"
if (addr==NULL)
{
if (netzone_addr->getId()==FWObjectDatabase::ANY_ADDRESS_ID)
return iface->getId(); // id of the interface
} else
{
// see SF bug 3213019
// skip ipv6 addresses in network zone group
if (netzone_addr->getAddressPtr()->addressFamily() !=
addr->addressFamily()) continue;
const InetAddr *nz_addr = netzone_addr->getAddressPtr();
const InetAddr *nz_netm = netzone_addr->getNetmaskPtr();
if (nm != NULL && nz_netm != NULL)
{
InetAddrMask nz_subnet(*nz_addr, *nz_netm);
InetAddrMask other_subnet(*addr, *nm);
vector<InetAddrMask> ovr =
libfwbuilder::getOverlap(nz_subnet,
other_subnet);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByNetzone";
cerr << " addr=" << other_subnet.toString();
cerr << " nz=" << nz_subnet.toString();
cerr << " overlap:";
cerr << " ovr.size()=" << ovr.size();
if (ovr.size() > 0)
cerr << " ovr.front()=" << ovr.front().toString();
cerr << endl;
#endif
if (ovr.size()==0) continue;
// if nz_subnet is equal or wider than other_subnet,
// getOverlap() returns subnet object equal to other_subnet
// If other_subnet is wider, returned object is equal
// to nz_subnet. If they intersect but one does not fit
// completely in the other, returned object is not equal
// to either.
if (ovr.front() == other_subnet)
{
zones[iface->getId()] = netzone_addr;
//.........这里部分代码省略.........
示例3: run
QString CompilerDriver_junosacl::run(const string &cluster_id,
const string &firewall_id,
const string &single_rule_id)
{
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
try
{
clearReadOnly(fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
commonChecks2(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
determineOutputFileNames(cluster, fw, !cluster_id.empty(),
QStringList(""), QStringList("fw"),
QStringList(""));
/* Now that all checks are done, we can drop copies of cluster
* interfaces that were added to the firewall by
* CompilerDriver::populateClusterElements()
*/
list<FWObject*> all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
list<FWObject*> copies_of_cluster_interfaces;
for (std::list<FWObject*>::iterator i=all_interfaces.begin(); i!=all_interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);
if (iface->getOptionsObject()->getBool("cluster_interface"))
copies_of_cluster_interfaces.push_back(iface);
}
while (copies_of_cluster_interfaces.size())
{
fw->remove(copies_of_cluster_interfaces.front());
copies_of_cluster_interfaces.pop_front();
}
FWOptions* options = fw->getOptionsObject();
string fwvers = fw->getStr("version");
if (fwvers == "") fw->setStr("version", "11.2");
if (fwvers == "11.x") fw->setStr("version", "11.2");
string platform = fw->getStr("platform");
std::auto_ptr<OSConfigurator_junos> oscnf(new OSConfigurator_junos(objdb, fw, false));
oscnf->prolog();
oscnf->processFirewallOptions();
list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
// assign unique rule ids that later will be used to generate
// chain names. This should be done after calls to
// findImportedRuleSets()
// NB: these ids are not used by this compiler
assignUniqueRuleIds(all_policies);
vector<int> ipv4_6_runs;
// // // // //NamedObjectsManager named_objects_manager(persistent_objects, fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
// be generated. If "-6" is used, only ipv6 part will be generated.
// If neither is used, both parts will be done.
if (options->getStr("ipv4_6_order").empty() ||
options->getStr("ipv4_6_order") == "ipv4_first")
{
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
}
if (options->getStr("ipv4_6_order") == "ipv6_first")
{
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
}
string object_groups_definitions;
for (vector<int>::iterator i=ipv4_6_runs.begin();
i!=ipv4_6_runs.end(); ++i)
{
int policy_af = *i;
bool ipv6_policy = (policy_af == AF_INET6);
// Count rules for each address family
int policy_count = 0;
//.........这里部分代码省略.........
示例4: findInterfaceByAddress
int Helper::findInterfaceByAddress(const InetAddr *addr,
const InetAddr *nm)
{
if (addr==NULL) return -1;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " addr=" << addr->toString();
cerr << " nm=" << nm->toString();
cerr << endl;
#endif
Firewall *fw = compiler->fw;
list<FWObject*> l2 = fw->getByTypeDeep(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
{
Interface *iface = Interface::cast(*i);
if (iface->isDedicatedFailover()) continue;
if (iface->isUnprotected()) continue;
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " intf=" << iface->getName();
cerr << endl;
#endif
FWObjectTypedChildIterator j =
iface->findByType((addr->isV4())?IPv4::TYPENAME:IPv6::TYPENAME);
for (; j!=j.end(); ++j)
{
const Address *i_addr = Address::constcast(*j);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " i_addr=" << i_addr->getName();
cerr << endl;
cerr << " " << i_addr->getAddressPtr()->toString();
cerr << " " << i_addr->getNetmaskPtr()->toString();
cerr << endl;
#endif
if (nm != NULL)
{
InetAddrMask interface_subnet(*(i_addr->getAddressPtr()),
*(i_addr->getNetmaskPtr()));
InetAddrMask other_subnet(*addr, *nm);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " addr=" << other_subnet.toString();
cerr << " intf=" << iface->getName()
<< " " << interface_subnet.toString();
cerr << endl;
#endif
vector<InetAddrMask> ovr =
libfwbuilder::getOverlap(interface_subnet, other_subnet);
#if DEBUG_NETZONE_OPS
cerr << "Helper::findInterfaceByAddress";
cerr << " overlap:";
cerr << " ovr.size()=" << ovr.size();
if (ovr.size() > 0)
cerr << " ovr.front()=" << ovr.front().toString();
cerr << endl;
#endif
if (ovr.size()==0) continue;
// if interface_subnet is equal or wider than other_subnet,
// getOverlap() returns subnet object equal to other_subnet
// If other_subnet is wider, returned object is equal
// to interface_subnet. If they intersect but one does not fit
// completely in the other, returned object is not equal
// to either.
if (ovr.front() == other_subnet)
{
return iface->getId();
}
} else
{
if ( i_addr->belongs(*addr) ) return iface->getId();
}
}
}
return -1;
}