本文整理汇总了C++中PolicyRule类的典型用法代码示例。如果您正苦于以下问题:C++ PolicyRule类的具体用法?C++ PolicyRule怎么用?C++ PolicyRule使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了PolicyRule类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: if
bool PolicyCompiler::DetectShadowingForNonTerminatingRules::processNext()
{
PolicyRule *rule;
rule=getNext(); if (rule==NULL) return false;
tmp_queue.push_back(rule); // to pass it to the next processor, if any
if (rule->isFallback()) return true; // do not check fallback ..
if (rule->isHidden()) return true; // ... and hidden rules
std::deque<Rule*>::iterator i =
find_more_general_rule(rule,
true,
rules_seen_so_far.begin(),
rules_seen_so_far.end(),
true); // <<<<<<< NB!
if (i!=rules_seen_so_far.end())
{
Rule *r = *i;
/*
* find_more_general finds more general _or_ equivalent rule
*/
if (r && r->getAbsRuleNumber() != rule->getAbsRuleNumber() &&
! (*r == *rule) )
{
compiler->abort(
rule,
"Non-terminating rule '" + rule->getLabel() +
"' shadows rule '" + r->getLabel() + "' above it");
}
}
rules_seen_so_far.push_back(rule);
return true;
}示例2: getNext
bool PolicyCompiler::expandGroupsInSrv::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
RuleElementSrv *srv = rule->getSrv();
compiler->expandGroupsInRuleElement(srv);
tmp_queue.push_back(rule);
return true;
}示例3:
std::deque<Rule*>::iterator
PolicyCompiler::findMoreGeneralRule::find_more_general_rule(
PolicyRule *rule,
bool check_interface,
const std::deque<Rule*>::iterator &start_here,
const std::deque<Rule*>::iterator &stop_here,
bool reverse)
{
PolicyCompiler *pcomp=dynamic_cast<PolicyCompiler*>(compiler);
if (compiler->debug>=9)
{
cerr << "********* searching for more general rule: -------------\n";
cerr << compiler->debugPrintRule(rule);
cerr << endl;
}
std::deque<Rule*>::iterator j;
for (j=start_here ; j!=stop_here; j++)
{
PolicyRule *r = PolicyRule::cast( *j );
bool intf_cr = false;
if (reverse)
intf_cr = pcomp->checkInterfacesForShadowing( *r , *rule );
else
intf_cr = pcomp->checkInterfacesForShadowing( *rule , *r );
if (! check_interface || intf_cr)
{
bool cr = false;
if (reverse)
cr = pcomp->checkForShadowing( *r , *rule );
else
cr = pcomp->checkForShadowing( *rule , *r );
if ( cr && pcomp->checkForShadowingPlatformSpecific(rule, r))
{
if (compiler->debug>=9)
{
cerr << r->getLabel()
<< ": FOUND more general rule:\n";
cerr << compiler->debugPrintRule(r);
cerr << endl;
}
return j;
} else
{
if (compiler->debug>=9)
cerr << r->getLabel()
<< ": rules do not intersect \n";
continue;
}
}
}
return j;
}示例4: getNext
bool PolicyCompiler_junosacl::checkForDynamicInterface::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
findDynamicInterface(rule,rule->getSrc());
findDynamicInterface(rule,rule->getDst());
tmp_queue.push_back(rule);
return true;
}示例5: getNext
bool PolicyCompiler_pf::addLoopbackForRedirect::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
PolicyCompiler_pf *pf_comp = dynamic_cast<PolicyCompiler_pf*>(compiler);
RuleElementDst *dst = rule->getDst();
RuleElementSrv *srv = rule->getSrv();
if (pf_comp->redirect_rules_info==NULL)
compiler->abort(
rule,
"addLoopbackForRedirect needs a valid pointer to "
"the list<NATCompiler_pf::redirectRuleInfo> object");
tmp_queue.push_back(rule);
if (pf_comp->redirect_rules_info->empty()) return true;
for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++)
{
FWObject *o1 = FWReference::getObject(*i);
Service *s = Service::cast( o1 );
assert(s);
for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++)
{
FWObject *o2 = FWReference::getObject(*j);
if (o2->getName() == "self" && DNSName::isA(o2)) continue;
Address *a = Address::cast( o2 );
assert(a);
list<NATCompiler_pf::redirectRuleInfo>::const_iterator k;
for (k=pf_comp->redirect_rules_info->begin();
k!=pf_comp->redirect_rules_info->end(); ++k)
{
Address *old_tdst_obj = Address::cast(
compiler->dbcopy->findInIndex(k->old_tdst));
Service *tsrv_obj = Service::cast(
compiler->dbcopy->findInIndex(k->tsrv));
if ( *a == *(old_tdst_obj) && *s == *(tsrv_obj) )
{
// insert address used for redirection in the NAT rule.
FWObject *new_tdst_obj = compiler->dbcopy->findInIndex(k->new_tdst);
dst->addRef(new_tdst_obj);
return true;
}
}
}
}
return true;
}示例6: addDst
void PFImporter::addDst()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
RuleElement *re = rule->getDst();
list<AddressSpec>::iterator it;
for (it=dst_group.begin(); it!=dst_group.end(); ++it)
{
FWObject *obj = makeAddressObj(*it);
if (obj) re->addRef(obj);
}
}示例7: debugPrintRule
list<FWObject*>::iterator
PolicyCompiler::find_more_specific_rule(
PolicyRule *rule,
bool check_interface,
const list<FWObject*>::iterator &start_here,
const list<FWObject*>::iterator &stop_here,
PolicyRule **intersection)
{
list<FWObject*>::iterator j;
for (j=start_here ; j!=stop_here; j++) {
PolicyRule *r = PolicyRule::cast( *j );
if (! check_interface || (rule->getStr("acl")==r->getStr("acl")) ) {
try {
if (! intersect( *rule, *r )) continue;
if (debug>=9) {
cerr << "********* getIntersection: ------------------\n";
cerr << debugPrintRule(rule);
cerr << debugPrintRule(r);
cerr << "----------------------------------------------\n";
}
PolicyRule *ir=new PolicyRule();
/* need to place this rule into the tree somewhere so references will
* get resolved */
temp_ruleset->add( ir );
/* copy attributes from the current rule we are looking at. Do not change
* this part of the algorithm as pix compiler relies upon it.
*/
ir->duplicate(r);
getIntersection(*rule , *r, *ir );
if (! ir->isEmpty()) {
if (debug>=9) {
cerr << debugPrintRule(ir);
cerr << "------------------------------------------------\n";
}
if (intersection!=NULL) *intersection=ir;
return j;
}
} catch (FWException ex) {
cerr << " *** Exception: " << ex.toString() << endl;
}
}
}
return j;
}示例8: checkInterfacesForShadowing
/**
* compare interfaces of rules r1 and r2.
*
* Return true if r2 shadows r1 (only inetrface rule element is
* checked)
*
* If interface element is "all" (empty), it shadows any specific
* interface in the other rule, also "all" shadows "all". If neither
* is "all", return true if both rules refer the same interface,
* otherwise return false.
*/
bool PolicyCompiler::checkInterfacesForShadowing(PolicyRule &r1, PolicyRule &r2)
{
RuleElementItf *intf1_re = r1.getItf();
FWObject *rule1_iface = FWObjectReference::getObject(intf1_re->front());
RuleElementItf *intf2_re = r2.getItf();
FWObject *rule2_iface = FWObjectReference::getObject(intf2_re->front());
int intf1_id = rule1_iface->getId();
int intf2_id = rule2_iface->getId();
if (intf2_re->isAny()) return true; // "eth0" -- "all" or "all" -- "all"
return (intf1_id == intf2_id);
}示例9: assert
void Importer::pushRule()
{
assert(current_ruleset!=NULL);
assert(current_rule!=NULL);
// populate all elements of the rule
PolicyRule *rule = PolicyRule::cast(current_rule);
FWOptions *ropt = current_rule->getOptionsObject();
assert(ropt!=NULL);
if (action=="permit")
{
rule->setAction(PolicyRule::Accept);
ropt->setBool("stateless", false);
}
if (action=="deny")
{
rule->setAction(PolicyRule::Deny);
ropt->setBool("stateless", true);
}
rule->setDirection(PolicyRule::Both);
addSrc();
addDst();
addSrv();
addLogging();
// then add it to the current ruleset
current_ruleset->ruleset->add(current_rule);
if (error_tracker->hasWarnings())
{
QStringList warn = error_tracker->getWarnings();
// parser errors and warnings are added to the log by
// PFCfgParser::reportError() and PFCfgParser::reportWarning()
// so we dont need to add them again here
foreach(QString w, warn)
{
if (!w.startsWith("Parser warning:")) addMessageToLog("Warning: " + w);
}
markCurrentRuleBad();
}示例10: assert
void PolicyCompiler_iosacl::PrintCompleteACLs::printRulesForACL::operator()(
Rule* rule)
{
// print rule if it belongs to ACL <acl>
PolicyRule *prule = PolicyRule::cast(rule);
string acl_name = prule->getStr("acl");
assert (acl_name!="");
ciscoACL *rule_acl = iosacl_comp->acls[acl_name];
assert(rule_acl!=NULL);
if (acl == rule_acl)
{
*output << print_acl_p->_printRule(prule);
}
}示例11: if
bool PolicyCompiler_pf::splitIfFirewallInSrc::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
PolicyRule *r;
RuleElementSrc *src = rule->getSrc();
assert(src);
if (src->size()==1 || src->getNeg())
{
tmp_queue.push_back(rule);
return true;
}
FWObject *fw_in_src = NULL;
vector<FWObject*> cl;
for (FWObject::iterator i1=src->begin(); i1!=src->end(); ++i1)
{
FWObject *obj = FWReference::getObject(*i1);
if (obj==NULL)
compiler->abort(rule, "Broken Src object");
if (obj->getId()==compiler->getFwId())
{
fw_in_src = obj;
RuleElementSrc *nsrc;
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrc = r->getSrc();
nsrc->clearChildren();
nsrc->setAnyElement();
nsrc->addRef( compiler->fw );
tmp_queue.push_back(r);
}
}
if (fw_in_src!=NULL) src->removeRef( fw_in_src );
tmp_queue.push_back(rule);
return true;
}示例12: if
/*
* This rule processor is used to separate TCP service objects that
* match tcp flags when generated config uses object-group clause
*/
bool PolicyCompiler_junosacl::splitTCPServiceWithFlags::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
RuleElementSrv *srv = rule->getSrv();
if (srv->size() > 1)
{
std::list<FWObject*> cl;
for (list<FWObject*>::iterator i1=srv->begin(); i1!=srv->end(); ++i1)
{
FWObject *o = *i1;
FWObject *obj = NULL;
if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();
Service *s=Service::cast(obj);
assert(s!=NULL);
TCPService *tcp_srv = TCPService::cast(s);
if (tcp_srv && (tcp_srv->inspectFlags() || tcp_srv->getEstablished()))
cl.push_back(s);
}
while (!cl.empty())
{
PolicyRule *r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementSrv *nsrv = r->getSrv();
nsrv->clearChildren();
nsrv->addRef( cl.front() );
tmp_queue.push_back(r);
srv->removeRef( cl.front() );
cl.pop_front();
}
if (srv->size()>0) tmp_queue.push_back(rule);
} else
tmp_queue.push_back(rule);
return true;
}示例13: if
bool PolicyCompiler_ipf::expandAnyService::processNext()
{
PolicyCompiler_ipf *pcomp=dynamic_cast<PolicyCompiler_ipf*>(compiler);
PolicyRule *rule=getNext(); if (rule==NULL) return false;
RuleElementSrv *srv=rule->getSrv();
FWOptions *ruleopt =rule->getOptionsObject();
if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) {
PolicyRule *r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementSrv *nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anyicmp); //compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anytcp); //compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anyudp); //compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
FWOptions *ruleopt =r->getOptionsObject();
ruleopt->setBool("stateless",true);
tmp_queue.push_back(r);
} else
tmp_queue.push_back(rule);
return true;
}示例14: getNext
bool PolicyCompiler_ipf::eliminateDuplicateRules::processNext()
{
PolicyCompiler *pcomp = dynamic_cast<PolicyCompiler*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
// Note that if rule has "any" in Interface column, it is
// implemented as reference to the AnyNetwork object. In this case
// Compiler::getFirstItf() returns NULL.
Interface *intf_rule = compiler->getFirstItf(rule);
int intf_id_rule = (intf_rule) ? intf_rule->getId() : -1;
if ( ! rule->getBool("skip_check_for_duplicates"))
{
for (deque<PolicyRule*>::iterator i=rules_seen_so_far.begin(); i!=rules_seen_so_far.end(); ++i)
{
PolicyRule *r=(*i);
if (r->getBool("skip_check_for_duplicates") ) continue;
if (r->getAction()==PolicyRule::Continue ||
r->getAction()==PolicyRule::Skip) continue;
Interface *intf_r = compiler->getFirstItf(r);
int intf_id_r = (intf_r) ? intf_r->getId() : -1;
if (intf_id_r==intf_id_rule &&
r->getAction()==rule->getAction() &&
r->getLogging()==rule->getLogging() &&
pcomp->cmpRules(*r,*rule) )
{
// cout << "---------------------------------------" << endl;
// cout << pcomp->debugPrintRule(r) << endl;
// cout << pcomp->debugPrintRule(rule) << endl;
return true;
}
}
}
tmp_queue.push_back(rule);
rules_seen_so_far.push_back(rule);
return true;
}示例15: slurp
bool PolicyCompiler_ipf::calculateSkip::processNext()
{
// PolicyRule *rule;
slurp();
if (tmp_queue.size()==0) return false;
/*
* first, we scan all rules and build a hash that maps attribute
* "skip_label" to rule number. Attribute "skip_label" is set in
* optimize1, after which we could have split some rules, so this
* attrbiute may not be unique. We want to skip to the first rule
* marked with the same skip label if there are few with the same
* label. The simplest way to find the first one with the same label
* is to scan rules in reverse order, that is from the bottom up.
*/
int N=tmp_queue.size()-1; // The last rule number is N
for (deque<Rule*>::reverse_iterator k=tmp_queue.rbegin(); k!=tmp_queue.rend(); ++k)
{
PolicyRule *r = PolicyRule::cast( *k );
if (!r->getStr("skip_label").empty()) allrules[r->getStr("skip_label")]=N;
r->setInt("rule_num",N);
N--;
}
for (deque<Rule*>::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k)
{
PolicyRule *r = PolicyRule::cast( *k );
string rl=r->getLabel();
int current_position=r->getPosition();
if (r->getAction()==PolicyRule::Skip)
{
assert(!r->getStr("skip_to").empty());
int to=allrules[r->getStr("skip_to")];
int n =r->getInt("rule_num");
r->setInt("no_to_skip",to-n-1);
}
/* Action 'Continue' means we need to jump to the next rule in the
* GUI. We scan rules down from the current one, looking for the first
* rule that corresponds to the next rule in the GUI.
*/
if (r->getAction()==PolicyRule::Continue)
{
r->setAction(PolicyRule::Skip);
r->setBool("quick",false);
deque<Rule*>::iterator j=k;
++j;
int n=0;
for ( ; j!=tmp_queue.end(); ++j)
{
PolicyRule *r2 = PolicyRule::cast( *j );
if (r2->getPosition()!=current_position) break;
/* 'skip' only skips rules with the same setting of 'in' or 'out',
* that is the same direction
*/
if (r2->getDirection()==r->getDirection()) ++n;
}
r->setInt("no_to_skip",n);
}
}
return true;
}