本文整理汇总了C++中Firewall::getOptionsObject方法的典型用法代码示例。如果您正苦于以下问题:C++ Firewall::getOptionsObject方法的具体用法?C++ Firewall::getOptionsObject怎么用?C++ Firewall::getOptionsObject使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Firewall的用法示例。
在下文中一共展示了Firewall::getOptionsObject方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: run
QString CompilerDriver_pix::run(const std::string &cluster_id,
const std::string &firewall_id,
const std::string &single_rule_id)
{
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
if (cluster)
{
// PIX failover is dfferent from VRRP and other failover protocols
// in that it does not create new virtual address. Instead, each
// unit is configured with two ip addresses, one for the active
// unit and another for standby one. When active unit fails, the
// other one assumes its address.
//
// This matters because when we use cluster object or one of its
// interfaces in rules, compiler should expand it to the set of
// addresses that includes addresses of the corresponding
// interface of both member firewalls. Method
// CompilerDriver::copyFailoverInterface adds a copy of firewall
// interface to the cluster object. This works for all firewalls,
// but for PIX we need to add copies of interfaces from both
// members.
//
FWObjectTypedChildIterator cl_iface = cluster->findByType(Interface::TYPENAME);
for (; cl_iface != cl_iface.end(); ++cl_iface)
{
FailoverClusterGroup *failover_group =
FailoverClusterGroup::cast(
(*cl_iface)->getFirstByType(FailoverClusterGroup::TYPENAME));
if (failover_group)
{
//FWObject *this_member_interface = NULL; //UNUSED
list<FWObject*> other_member_interfaces;
for (FWObjectTypedChildIterator it =
failover_group->findByType(FWObjectReference::TYPENAME);
it != it.end(); ++it)
{
FWObject *intf = FWObjectReference::getObject(*it);
assert(intf);
//if (intf->isChildOf(fw)) this_member_interface = intf; //UNUSED
//else other_member_interfaces.push_back(intf);
if (!intf->isChildOf(fw)) other_member_interfaces.push_back(intf);
}
if (!other_member_interfaces.empty())
{
for (list<FWObject*>::iterator it=other_member_interfaces.begin();
it!=other_member_interfaces.end(); ++it)
{
cluster->addCopyOf(*it, true);
}
}
}
}
}
#if 0
FWObjectTypedChildIterator iface = fw->findByType(Interface::TYPENAME);
for (; iface != iface.end(); ++iface)
{
(*iface)->dump(true, true);
}
#endif
determineOutputFileNames(cluster, fw, !cluster_id.empty(),
QStringList(""), QStringList("fw"),
QStringList(""));
FWOptions* options = fw->getOptionsObject();
QString script_buffer;
std::auto_ptr<NATCompiler_pix> n;
std::auto_ptr<PolicyCompiler_pix> c;
std::auto_ptr<RoutingCompiler_pix> r;
try
{
clearReadOnly(fw);
commonChecks2(cluster, fw);
pixClusterConfigurationChecks(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
bool pix_acl_basic = options->getBool("pix_acl_basic");
bool pix_acl_no_clear = options->getBool("pix_acl_no_clear");
bool pix_acl_substitution = options->getBool("pix_acl_substitution");
bool pix_add_clear_statements = options->getBool("pix_add_clear_statements");
//.........这里部分代码省略.........
示例2: run
/*
* Go through paces to compile firewall which may be a member of a
* cluster. Note that both firewall and cluster are defined by their
* unique string IDs. This is necessary because CompilerDriver
* operates with a copy of the object database which is not exposed
* outside, so the caller can not provide pointers to these obejcts.
*/
QString CompilerDriver_ipt::run(const std::string &cluster_id,
const std::string &firewall_id,
const std::string &single_rule_id)
{
FWObjectDatabase::registerObjectType(combinedAddress::TYPENAME,
&create_combinedAddress);
// see #2212 Create temporary copy of the firewall and cluster
// objects and pass them to the compilers.
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
string generated_script;
try
{
clearReadOnly(fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
commonChecks2(cluster, fw);
string fw_version = fw->getStr("version");
if (fw_version.empty()) fw_version = "(any version)";
string platform = fw->getStr("platform");
string host_os = fw->getStr("host_OS");
FWOptions* options = fw->getOptionsObject();
string s;
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
if (fw->getOptionsObject()->getStr("prolog_place") == "after_flush" &&
fw->getOptionsObject()->getBool("use_iptables_restore"))
{
abort("Prolog place \"after policy reset\" can not be used"
" when policy is activated with iptables-restore");
}
string firewall_dir = options->getStr("firewall_dir");
if (firewall_dir=="") firewall_dir="/etc";
bool debug=options->getBool("debug");
QString shell_dbg = (debug)?"set -x":"" ;
std::auto_ptr<OSConfigurator_linux24> oscnf;
string platform_family = Resources::platform_res[platform]->
getResourceStr("/FWBuilderResources/Target/family");
string os_family = Resources::os_res[host_os]->
getResourceStr("/FWBuilderResources/Target/family");
bool supports_prolog_epilog = Resources::getTargetCapabilityBool(
platform, "supports_prolog_epilog");
if (!supports_prolog_epilog)
{
prolog_done = true;
epilog_done = true;
}
string os_variant = DISTRO;
/* minimal sanity checking */
if (os_family == "ipcop")
{
os_variant = "ipcop";
// can't use iptables-restore with ipcop
fw->getOptionsObject()->setBool("use_iptables_restore", false);
// ipcop has its own iptables commands that accept packets
// in states ESTABLISHED,RELATED
fw->getOptionsObject()->setBool("accept_established", false);
oscnf = std::auto_ptr<OSConfigurator_linux24>(
new OSConfigurator_ipcop(objdb , fw, false));
}
if (os_family == "linux24" ||
os_family == "openwrt" ||
os_family == "dd-wrt-nvram" ||
os_family == "dd-wrt-jffs" ||
os_family == "sveasoft")
oscnf = std::auto_ptr<OSConfigurator_linux24>(
new OSConfigurator_linux24(objdb , fw, false));
//.........这里部分代码省略.........
示例3: run
QString CompilerDriver_junosacl::run(const string &cluster_id,
const string &firewall_id,
const string &single_rule_id)
{
Cluster *cluster = NULL;
Firewall *fw = NULL;
getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw);
try
{
clearReadOnly(fw);
// Copy rules from the cluster object
populateClusterElements(cluster, fw);
commonChecks2(cluster, fw);
// Note that fwobjectname may be different from the name of the
// firewall fw This happens when we compile a member of a cluster
current_firewall_name = fw->getName().c_str();
determineOutputFileNames(cluster, fw, !cluster_id.empty(),
QStringList(""), QStringList("fw"),
QStringList(""));
/* Now that all checks are done, we can drop copies of cluster
* interfaces that were added to the firewall by
* CompilerDriver::populateClusterElements()
*/
list<FWObject*> all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
list<FWObject*> copies_of_cluster_interfaces;
for (std::list<FWObject*>::iterator i=all_interfaces.begin(); i!=all_interfaces.end(); ++i)
{
Interface *iface = Interface::cast(*i);
assert(iface);
if (iface->getOptionsObject()->getBool("cluster_interface"))
copies_of_cluster_interfaces.push_back(iface);
}
while (copies_of_cluster_interfaces.size())
{
fw->remove(copies_of_cluster_interfaces.front());
copies_of_cluster_interfaces.pop_front();
}
FWOptions* options = fw->getOptionsObject();
string fwvers = fw->getStr("version");
if (fwvers == "") fw->setStr("version", "11.2");
if (fwvers == "11.x") fw->setStr("version", "11.2");
string platform = fw->getStr("platform");
std::auto_ptr<OSConfigurator_junos> oscnf(new OSConfigurator_junos(objdb, fw, false));
oscnf->prolog();
oscnf->processFirewallOptions();
list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
// assign unique rule ids that later will be used to generate
// chain names. This should be done after calls to
// findImportedRuleSets()
// NB: these ids are not used by this compiler
assignUniqueRuleIds(all_policies);
vector<int> ipv4_6_runs;
// // // // //NamedObjectsManager named_objects_manager(persistent_objects, fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
// be generated. If "-6" is used, only ipv6 part will be generated.
// If neither is used, both parts will be done.
if (options->getStr("ipv4_6_order").empty() ||
options->getStr("ipv4_6_order") == "ipv4_first")
{
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
}
if (options->getStr("ipv4_6_order") == "ipv6_first")
{
if (ipv6_run) ipv4_6_runs.push_back(AF_INET6);
if (ipv4_run) ipv4_6_runs.push_back(AF_INET);
}
string object_groups_definitions;
for (vector<int>::iterator i=ipv4_6_runs.begin();
i!=ipv4_6_runs.end(); ++i)
{
int policy_af = *i;
bool ipv6_policy = (policy_af == AF_INET6);
// Count rules for each address family
int policy_count = 0;
//.........这里部分代码省略.........
示例4: applyChanges
void FirewallDialog::applyChanges()
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges()";
bool autorename_chidren = false;
QString dialog_txt = tr(
"The name of the object '%1' has changed. The program can also "
"rename IP address objects that belong to this object, "
"using standard naming scheme 'host_name:interface_name:ip'. "
"This makes it easier to distinguish what host or a firewall "
"given IP address object belongs to when it is used in "
"the policy or NAT rule. The program also renames MAC address "
"objects using scheme 'host_name:interface_name:mac'. "
"Do you want to rename child IP and MAC address objects now? "
"(If you click 'No', names of all address objects that belong to "
"%2 will stay the same.)")
.arg(QString::fromUtf8(obj->getName().c_str()))
.arg(QString::fromUtf8(obj->getName().c_str()));
if (obj->getName() != m_dialog->obj_name->text().toUtf8().constData())
{
/*
* when we open this warning dialog, FirewallDialog class
* loses focus and obj_name lineEdit widget sends signal
* "editingfinished" again. To the user this looks like the
* warning dialog popped up twice (in fact two copies of the
* same warning dialog appear at the same time, one exactly on
* top of another). To avoid this, block signals for the
* duration while we show the dialog. Note that documentation
* does not mention that QObject::blockSignals() affects not
* only the widget but all its children, but it seems to work
* that way. Tested with Qt 4.6.1. See #1171
*/
blockSignals(true);
autorename_chidren = (QMessageBox::warning(
this,"Firewall Builder", dialog_txt,
tr("&Yes"), tr("&No"), QString::null,
0, 1 )==0 );
blockSignals(false);
}
if (fwbdebug)
qDebug() << "Sending FWCmdChange autorename_chidren="
<< autorename_chidren;
std::unique_ptr<FWCmdChange> cmd(
new FWCmdChange(m_project, obj, "", autorename_chidren));
// new_state is a copy of the fw object
FWObject* new_state = cmd->getNewState();
Firewall *s = dynamic_cast<Firewall*>(new_state);
#ifndef NDEBUG
Management *mgmt = s->getManagementObject();
assert(mgmt!=nullptr);
#endif
string old_name = obj->getName();
string new_name = string(m_dialog->obj_name->text().toUtf8().constData());
string old_platform = obj->getStr("platform");
string old_host_os = obj->getStr("host_OS");
string old_version = obj->getStr("version");
new_state->setName(new_name);
m_dialog->commentKeywords->applyChanges(new_state);
s->setInactive(m_dialog->inactive->isChecked());
saveVersion(new_state);
string new_version = new_state->getStr("version");
string new_platform = readPlatform(m_dialog->platform).toLatin1().constData();
if (new_platform.empty()) new_platform = "unknown";
new_state->setStr("platform", new_platform );
if (old_platform!=new_platform)
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges() platform has changed"
<< old_platform.c_str() << "->" << new_platform.c_str()
<< "clearing option 'compiler'";
platformChanged();
FWOptions *opt =s->getOptionsObject();
opt->setStr("compiler", "");
// Set default options for the new platform
Resources::setDefaultTargetOptions(new_platform, s);
}
string new_host_os = readHostOS(m_dialog->hostOS).toLatin1().constData();
if (new_host_os.empty()) new_host_os = "unknown_os";
new_state->setStr("host_OS", new_host_os);
if (old_host_os!=new_host_os)
{
if (fwbdebug)
qDebug() << "FirewallDialog::applyChanges() host_OS has changed"
//.........这里部分代码省略.........