本文整理汇总了C++中PolicyRule::getTagging方法的典型用法代码示例。如果您正苦于以下问题:C++ PolicyRule::getTagging方法的具体用法?C++ PolicyRule::getTagging怎么用?C++ PolicyRule::getTagging使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类PolicyRule的用法示例。
在下文中一共展示了PolicyRule::getTagging方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: getNext
bool MangleTableCompiler_ipt::keepMangleTableRules::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
FWOptions *ruleopt = rule->getOptionsObject();
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
string ruleset_name = compiler->getRuleSetName();
FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject();
if (rulesetopts->getBool("mangle_only_rule_set"))
tmp_queue.push_back(rule);
else
{
if (rule->getAction() == PolicyRule::Branch &&
ruleopt->getBool("ipt_branch_in_mangle"))
{
PolicyRule* r;
// this is a branching rule for mangle table. Need to put it
// into PREROUTING and POSTROUTING chains as well because some
// targets that work with mangle table can only go into these
// chains, yet we do not know what kind of rules will user
// place in the branch
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Inbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","PREROUTING");
tmp_queue.push_back(r);
}
if (rule->getDirection()==PolicyRule::Undefined ||
rule->getDirection()==PolicyRule::Both ||
rule->getDirection()==PolicyRule::Outbound)
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","POSTROUTING");
tmp_queue.push_back(r);
}
// ticket #1415 User reports that only packets that went
// through the FORWARD chain can match inbound "-i" and
// outbound "-o" interface at the same time. Since we do
// not allow both in and out interface matches in one rule
// and have to use branch to do this, need to branch in
// FORWARD chain as well so that inbound interface can be
// matched in the branching rule and outbound interface
// can be matched in a rule in the branch
//
// This is ugly, this means the branch will inspect the
// packet at least twice - in PREROUTING and FORWARD, or
// FORWARD and POSTROUTING chains.
//
// I mention above that some targets can only be used in
// PREROUTING or POSTROUTING chains. It would help if
// these tagrets worked in FORWARD chain, in that case we
// could just branch in FORWARD instead of all thress chains.
//
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("ipt_chain","FORWARD");
tmp_queue.push_back(r);
// tmp_queue.push_back(rule);
return true;
}
if (rule->getTagging() ||
rule->getRouting() ||
rule->getClassification() ||
ruleopt->getBool("put_in_mangle_table")) tmp_queue.push_back(rule);
}
return true;
}示例2: _findWhereObjectIsUsed
bool FWObjectDatabase::_findWhereObjectIsUsed(FWObject *o,
FWObject *p,
std::set<FWObject *> &resset,
int search_id)
{
bool res = false;
if ( _isInIgnoreList(p)) return res;
if (p->size()==0) return res;
if (p->getInt(".search_id")==search_id) return p->getBool(".searchResult");
// set flags to break indefinite recursion in case we encounter circular groups
p->setInt(".search_id", search_id);
p->setBool(".searchResult", false);
Interface *intf = Interface::cast(p);
if (intf)
{
string netzone_id = intf->getStr("network_zone");
FWObject *netzone = findInIndex(FWObjectDatabase::getIntId(netzone_id));
if (netzone == o)
{
resset.insert(p);
res = true;
}
}
PolicyRule *rule = PolicyRule::cast(p);
if (rule)
{
if (rule->getAction() == PolicyRule::Branch)
{
FWObject *ruleset = rule->getBranch();
if (o==ruleset)
{
resset.insert(p);
res = true;
}
}
if (rule->getTagging())
{
FWObject *tagobj = rule->getTagObject();
if (o==tagobj)
{
resset.insert(p);
res = true;
}
}
}
NATRule *nat_rule = NATRule::cast(p);
if (nat_rule && nat_rule->getAction() == NATRule::Branch)
{
FWObject *ruleset = nat_rule->getBranch();
if (o==ruleset)
{
resset.insert(p);
res = true;
}
}
if (Firewall::isA(o) && Cluster::isA(p))
{
if (Cluster::cast(p)->hasMember(Firewall::cast(o)))
{
resset.insert(p);
res = true;
}
}
FWObject::iterator i1 = p->begin();
for ( ; i1!=p->end(); ++i1)
{
FWReference *ref = FWReference::cast(*i1);
if (ref!=nullptr)
{ // child is a reference
FWObject *g = ref->getPointer();
if (o->getId() == g->getId())
{
resset.insert(*i1);
res = true;
}
}
else // child is a regular object, not a reference
{
if (o->getId() == (*i1)->getId())
{
resset.insert(p);
res = true;
// still run search recursively, the same object could be
// used in rules if it is a firewall
}
_findWhereObjectIsUsed(o, *i1, resset, search_id);
}
}
p->setBool(".searchResult", res);
return res;
}