本文整理汇总了C++中PolicyRule::getOptionsObject方法的典型用法代码示例。如果您正苦于以下问题:C++ PolicyRule::getOptionsObject方法的具体用法?C++ PolicyRule::getOptionsObject怎么用?C++ PolicyRule::getOptionsObject使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类PolicyRule的用法示例。
在下文中一共展示了PolicyRule::getOptionsObject方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: if
bool PolicyCompiler_pf::ProcessScrubOption::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
FWOptions *ruleopt =rule->getOptionsObject();
if ( ruleopt->getBool("scrub") ) {
if (rule->getAction()!=PolicyRule::Accept) {
ruleopt->setBool("scrub",false);
tmp_queue.push_back(rule);
compiler->abort(rule,
"Rule option 'scrub' is supported only for rules "
"with action 'Accept'");
return true;
}
PolicyRule *r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setAction(PolicyRule::Scrub);
r->getOptionsObject()->setBool("scrub",false);
tmp_queue.push_back(r);
ruleopt->setBool("scrub",false);
tmp_queue.push_back(rule);
return true;
}
/* if service is ip_fragment and action is 'Deny', then add rule with scrub */
Service *srv=compiler->getFirstSrv(rule); assert(srv);
if ( (srv->getBool("short_fragm") || srv->getBool("fragm")) &&
( rule->getAction()==PolicyRule::Deny || rule->getAction()==PolicyRule::Reject) ) {
PolicyRule *r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setAction(PolicyRule::Scrub);
r->getOptionsObject()->setBool("scrub",false);
tmp_queue.push_back(r);
return true;
}
tmp_queue.push_back(rule);
return true;
}示例2: getNext
bool PolicyCompiler_junosacl::mirrorRule::processNext()
{
//PolicyCompiler_iosacl *iosacl_comp=dynamic_cast<PolicyCompiler_iosacl*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
if (rule->getOptionsObject()->getBool("iosacl_add_mirror_rule"))
{
PolicyRule *r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setAction(rule->getAction());
switch (rule->getDirection())
{
case PolicyRule::Inbound: r->setDirection(PolicyRule::Outbound); break;
case PolicyRule::Outbound: r->setDirection(PolicyRule::Inbound); break;
default: r->setDirection(PolicyRule::Both); break;
}
RuleElementSrc *osrc = rule->getSrc();
RuleElementDst *odst = rule->getDst();
RuleElementSrv *osrv = rule->getSrv();
RuleElementItf *oitf = rule->getItf();
RuleElementSrc *nsrc = r->getSrc();
RuleElementDst *ndst = r->getDst();
RuleElementSrv *nsrv = r->getSrv();
RuleElementItf *nitf = r->getItf();
duplicateRuleElement(osrc, ndst);
duplicateRuleElement(odst, nsrc);
duplicateRuleElement(oitf, nitf);
if (!osrv->isAny())
{
ObjectMirror mirror;
nsrv->clearChildren();
for (list<FWObject*>::iterator i1=osrv->begin(); i1!=osrv->end(); ++i1)
{
Service *nobj = mirror.getMirroredService(
Service::cast(FWReference::getObject(*i1)));
if (nobj->getParent() == NULL)
compiler->persistent_objects->add(nobj, false);
nsrv->addRef(nobj);
}
}
tmp_queue.push_back(r);
}
tmp_queue.push_back(rule);
return true;
}示例3: if
bool PolicyCompiler_ipf::expandAnyService::processNext()
{
PolicyCompiler_ipf *pcomp=dynamic_cast<PolicyCompiler_ipf*>(compiler);
PolicyRule *rule=getNext(); if (rule==NULL) return false;
RuleElementSrv *srv=rule->getSrv();
FWOptions *ruleopt =rule->getOptionsObject();
if (srv->isAny() && ! ruleopt->getBool("stateless") && rule->getAction()==PolicyRule::Accept) {
PolicyRule *r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
RuleElementSrv *nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anyicmp); //compiler->dbcopy->findInIndex(ANY_ICMP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anytcp); //compiler->dbcopy->findInIndex(ANY_TCP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrv=r->getSrv();
nsrv->clearChildren();
nsrv->addRef(pcomp->anyudp); //compiler->dbcopy->findInIndex(ANY_UDP_OBJ_ID));
tmp_queue.push_back(r);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
FWOptions *ruleopt =r->getOptionsObject();
ruleopt->setBool("stateless",true);
tmp_queue.push_back(r);
} else
tmp_queue.push_back(rule);
return true;
}示例4: addLogging
void PFImporter::addLogging()
{
PolicyRule *rule = PolicyRule::cast(current_rule);
FWOptions *ropt = rule->getOptionsObject();
/*
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
disable Disable log option on this ACL element, (no log at all)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
inactive Keyword for disabling an ACL element
informational Informational messages (severity=6)
interval Configure log interval, default value is 300 sec
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
*/
QMap<QString, QString> logging_levels;
logging_levels["alerts"] = "alert";
logging_levels["critical"] = "crit";
logging_levels["debugging"] = "debug";
logging_levels["emergencies"] = "";
logging_levels["errors"] = "error";
logging_levels["informational"] = "info";
logging_levels["notifications"] = "notice";
logging_levels["warnings"] = "warning";
logging_levels["0"] = "";
logging_levels["1"] = "alert";
logging_levels["2"] = "crit";
logging_levels["3"] = "error";
logging_levels["4"] = "warning";
logging_levels["5"] = "notice";
logging_levels["6"] = "info";
logging_levels["7"] = "debug";
// QStringList log_levels = getLogLevels("pix");
rule->setLogging(logging);
QString log_level_qs = log_level.c_str();
if ( ! log_level_qs.isEmpty())
{
if (logging_levels.count(log_level_qs) != 0)
ropt->setStr("log_level", logging_levels[log_level_qs].toStdString());
else
ropt->setStr("log_level", log_level);
if (log_level_qs == "disable" || log_level_qs == "inactive")
ropt->setBool("disable_logging_for_this_rule", true);
}
if ( ! log_interval.empty())
{
bool ok = false;
int log_interval_int = QString(log_interval.c_str()).toInt(&ok);
if (ok)
ropt->setInt("log_interval", log_interval_int);
}
}示例5: getNext
bool MangleTableCompiler_ipt::keepMangleTableRules::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
FWOptions *ruleopt = rule->getOptionsObject();
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
string ruleset_name = compiler->getRuleSetName();
FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject();
if (rulesetopts->getBool("mangle_only_rule_set"))
tmp_queue.push_back(rule);
else
{
if (rule->getAction() == PolicyRule::Branch &&
ruleopt->getBool("ipt_branch_in_mangle"))
{
PolicyRule* r;
// this is a branching rule for mangle table. Need to put it
// into PREROUTING and POSTROUTING chains as well because some
// targets that work with mangle table can only go into these
// chains, yet we do not know what kind of rules will user
// place in the branch
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Inbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","PREROUTING");
tmp_queue.push_back(r);
}
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Outbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","POSTROUTING");
tmp_queue.push_back(r);
}
// ticket #1415 User reports that only packets that went
// through the FORWARD chain can match inbound "-i" and
// outbound "-o" interface at the same time. Since we do
// not allow both in and out interface matches in one rule
// and have to use branch to do this, need to branch in
// FORWARD chain as well so that inbound interface can be
// matched in the branching rule and outbound interface
// can be matched in a rule in the branch
//
// This is ugly, this means the branch will inspect the
// packet at least twice - in PREROUTING and FORWARD, or
// FORWARD and POSTROUTING chains.
//
// I mention above that some targets can only be used in
// PREROUTING or POSTROUTING chains. It would help if
// these tagrets worked in FORWARD chain, in that case we
// could just branch in FORWARD instead of all thress chains.
//
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","FORWARD");
tmp_queue.push_back(r);
// tmp_queue.push_back(rule);
return true;
}
if (rule->getTagging() ||
rule->getRouting() ||
rule->getClassification() ||
ruleopt->getBool("put_in_mangle_table")) tmp_queue.push_back(rule);
}
return true;
}