本文整理汇总了C++中PolicyRule::getDirection方法的典型用法代码示例。如果您正苦于以下问题:C++ PolicyRule::getDirection方法的具体用法?C++ PolicyRule::getDirection怎么用?C++ PolicyRule::getDirection使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类PolicyRule的用法示例。
在下文中一共展示了PolicyRule::getDirection方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: getNext
bool PolicyCompiler_junosacl::mirrorRule::processNext()
{
//PolicyCompiler_iosacl *iosacl_comp=dynamic_cast<PolicyCompiler_iosacl*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
if (rule->getOptionsObject()->getBool("iosacl_add_mirror_rule"))
{
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setAction(rule->getAction());
switch (rule->getDirection())
{
case PolicyRule::Inbound: r->setDirection(PolicyRule::Outbound); break;
case PolicyRule::Outbound: r->setDirection(PolicyRule::Inbound); break;
default: r->setDirection(PolicyRule::Both); break;
}
RuleElementSrc *osrc = rule->getSrc();
RuleElementDst *odst = rule->getDst();
RuleElementSrv *osrv = rule->getSrv();
RuleElementItf *oitf = rule->getItf();
RuleElementSrc *nsrc = r->getSrc();
RuleElementDst *ndst = r->getDst();
RuleElementSrv *nsrv = r->getSrv();
RuleElementItf *nitf = r->getItf();
duplicateRuleElement(osrc, ndst);
duplicateRuleElement(odst, nsrc);
duplicateRuleElement(oitf, nitf);
if (!osrv->isAny())
{
ObjectMirror mirror;
nsrv->clearChildren();
for (list<FWObject*>::iterator i1=osrv->begin(); i1!=osrv->end(); ++i1)
{
Service *nobj = mirror.getMirroredService(
Service::cast(FWReference::getObject(*i1)));
if (nobj->getParent() == NULL)
compiler->persistent_objects->add(nobj, false);
nsrv->addRef(nobj);
}
}
tmp_queue.push_back(r);
}
tmp_queue.push_back(rule);
return true;
}示例2: cmpRules
bool PolicyCompiler::cmpRules(PolicyRule &r1, PolicyRule &r2)
{
if (r1.getSrc()->getNeg()!=r2.getSrc()->getNeg()) return false;
if (r1.getDst()->getNeg()!=r2.getDst()->getNeg()) return false;
if (r1.getSrv()->getNeg()!=r2.getSrv()->getNeg()) return false;
if (r2.getSrc()->getNeg()!=r2.getSrc()->getNeg()) return false;
if (r2.getDst()->getNeg()!=r2.getDst()->getNeg()) return false;
if (r2.getSrv()->getNeg()!=r2.getSrv()->getNeg()) return false;
Address *src1=getFirstSrc(&r1);
Address *dst1=getFirstDst(&r1);
Service *srv1=getFirstSrv(&r1);
Address *src2=getFirstSrc(&r2);
Address *dst2=getFirstDst(&r2);
Service *srv2=getFirstSrv(&r2);
if (src1==NULL || dst1==NULL || srv1==NULL)
throw FWException("Can not compare rules because rule " +
r1.getLabel() +
" has a group in one of its elements. Aborting.");
if (src2==NULL || dst2==NULL || srv2==NULL)
throw FWException("Can not compare rules because rule " +
r2.getLabel() +
" has a group in one of its elements. Aborting.");
PolicyRule::Direction dir1=r1.getDirection();
PolicyRule::Direction dir2=r2.getDirection();
if (dir1==PolicyRule::Both) dir1=dir2;
if (dir2==PolicyRule::Both) dir2=dir1;
if (dir1!=dir2) return false;
return ( (*src1 == *src2) && (*dst1 == *dst2) && (*srv1 == *srv2) );
}示例3: slurp
bool PolicyCompiler_ipf::calculateSkip::processNext()
{
// PolicyRule *rule;
slurp();
if (tmp_queue.size()==0) return false;
/*
* first, we scan all rules and build a hash that maps attribute
* "skip_label" to rule number. Attribute "skip_label" is set in
* optimize1, after which we could have split some rules, so this
* attrbiute may not be unique. We want to skip to the first rule
* marked with the same skip label if there are few with the same
* label. The simplest way to find the first one with the same label
* is to scan rules in reverse order, that is from the bottom up.
*/
int N=tmp_queue.size()-1; // The last rule number is N
for (deque<Rule*>::reverse_iterator k=tmp_queue.rbegin(); k!=tmp_queue.rend(); ++k)
{
PolicyRule *r = PolicyRule::cast( *k );
if (!r->getStr("skip_label").empty()) allrules[r->getStr("skip_label")]=N;
r->setInt("rule_num",N);
N--;
}
for (deque<Rule*>::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k)
{
PolicyRule *r = PolicyRule::cast( *k );
string rl=r->getLabel();
int current_position=r->getPosition();
if (r->getAction()==PolicyRule::Skip)
{
assert(!r->getStr("skip_to").empty());
int to=allrules[r->getStr("skip_to")];
int n =r->getInt("rule_num");
r->setInt("no_to_skip",to-n-1);
}
/* Action 'Continue' means we need to jump to the next rule in the
* GUI. We scan rules down from the current one, looking for the first
* rule that corresponds to the next rule in the GUI.
*/
if (r->getAction()==PolicyRule::Continue)
{
r->setAction(PolicyRule::Skip);
r->setBool("quick",false);
deque<Rule*>::iterator j=k;
++j;
int n=0;
for ( ; j!=tmp_queue.end(); ++j)
{
PolicyRule *r2 = PolicyRule::cast( *j );
if (r2->getPosition()!=current_position) break;
/* 'skip' only skips rules with the same setting of 'in' or 'out',
* that is the same direction
*/
if (r2->getDirection()==r->getDirection()) ++n;
}
r->setInt("no_to_skip",n);
}
}
return true;
}示例4: checkForShadowing
//.........这里部分代码省略.........
* r2 has action != Return and r1 has action Return, we ignore r1.
*/
if (r1_action==PolicyRule::Return ||
r2_action==PolicyRule::Return ) return false;
/*
* the problem with branching rules is that it is combination of
* the head rule and rules in the branch rather than a single rule
* that can shadow other rules below them. Our current mechanism for
* shadowing detection does not support this so all we can do is
* skip rules with action Branch.
*/
if (r1_action==PolicyRule::Branch ||
r2_action==PolicyRule::Branch ) return false;
/*
* rules with action continue do not make final decision and
* therefore can not shadow other rules (but can be shadowed)
*/
if (/* r1_action==PolicyRule::Continue || */
r2_action==PolicyRule::Continue ) return false;
Address *src1;
Address *dst1;
Service *srv1;
Address *src2;
Address *dst2;
Service *srv2;
map<int, threeTuple*>::iterator it = rule_elements_cache.find(r1.getId());
if (it!=rule_elements_cache.end())
{
threeTuple *tt = it->second;
src1 = tt->src;
dst1 = tt->dst;
srv1 = tt->srv;
} else
{
src1 = Address::cast(FWReference::cast(srcrel1->front())->getPointer());
dst1 = Address::cast(FWReference::cast(dstrel1->front())->getPointer());
srv1 = Service::cast(FWReference::cast(srvrel1->front())->getPointer());
threeTuple *tt = new struct threeTuple;
tt->src = src1;
tt->dst = dst1;
tt->srv = srv1;
rule_elements_cache[r1.getId()] = tt;
}
it = rule_elements_cache.find(r2.getId());
if (it!=rule_elements_cache.end())
{
threeTuple *tt = it->second;
src2 = tt->src;
dst2 = tt->dst;
srv2 = tt->srv;
} else
{
src2 = Address::cast(FWReference::cast(srcrel2->front())->getPointer());
dst2 = Address::cast(FWReference::cast(dstrel2->front())->getPointer());
srv2 = Service::cast(FWReference::cast(srvrel2->front())->getPointer());
threeTuple *tt = new struct threeTuple;
tt->src = src2;
tt->dst = dst2;
tt->srv = srv2;
rule_elements_cache[r2.getId()] = tt;
}
if (src1==NULL || dst1==NULL || srv1==NULL)
throw FWException("Can not compare rules because rule " +
r1.getLabel()
+ " has a group in one of its elements. Aborting.");
if (src2==NULL || dst2==NULL || srv2==NULL)
throw FWException("Can not compare rules because rule " +
r2.getLabel() +
" has a group in one of its elements. Aborting.");
if (MultiAddressRunTime::isA(src1) || MultiAddressRunTime::isA(dst1) ||
MultiAddressRunTime::isA(src2) || MultiAddressRunTime::isA(dst2))
return false;
PolicyRule::Direction dir1 = r1.getDirection();
PolicyRule::Direction dir2 = r2.getDirection();
if (dir1 == PolicyRule::Both) dir1 = dir2;
if (dir2 == PolicyRule::Both) dir2 = dir1;
if (dir1 != dir2) return false;
return (
Compiler::checkForShadowing(*src1, *src2) &&
Compiler::checkForShadowing(*dst1, *dst2) &&
Compiler::checkForShadowing(*srv1, *srv2)
);
// complete: 3'5"
return false;
}示例5: getNext
bool MangleTableCompiler_ipt::keepMangleTableRules::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
FWOptions *ruleopt = rule->getOptionsObject();
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
string ruleset_name = compiler->getRuleSetName();
FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject();
if (rulesetopts->getBool("mangle_only_rule_set"))
tmp_queue.push_back(rule);
else
{
if (rule->getAction() == PolicyRule::Branch &&
ruleopt->getBool("ipt_branch_in_mangle"))
{
PolicyRule* r;
// this is a branching rule for mangle table. Need to put it
// into PREROUTING and POSTROUTING chains as well because some
// targets that work with mangle table can only go into these
// chains, yet we do not know what kind of rules will user
// place in the branch
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Inbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","PREROUTING");
tmp_queue.push_back(r);
}
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Outbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","POSTROUTING");
tmp_queue.push_back(r);
}
// ticket #1415 User reports that only packets that went
// through the FORWARD chain can match inbound "-i" and
// outbound "-o" interface at the same time. Since we do
// not allow both in and out interface matches in one rule
// and have to use branch to do this, need to branch in
// FORWARD chain as well so that inbound interface can be
// matched in the branching rule and outbound interface
// can be matched in a rule in the branch
//
// This is ugly, this means the branch will inspect the
// packet at least twice - in PREROUTING and FORWARD, or
// FORWARD and POSTROUTING chains.
//
// I mention above that some targets can only be used in
// PREROUTING or POSTROUTING chains. It would help if
// these tagrets worked in FORWARD chain, in that case we
// could just branch in FORWARD instead of all thress chains.
//
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","FORWARD");
tmp_queue.push_back(r);
// tmp_queue.push_back(rule);
return true;
}
if (rule->getTagging() ||
rule->getRouting() ||
rule->getClassification() ||
ruleopt->getBool("put_in_mangle_table")) tmp_queue.push_back(rule);
}
return true;
}