onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 20:57:29 +01:00
Code Issues Releases Wiki Activity

merging -r62:HEAD from branch inet-addr-changes

Browse Source
This commit is contained in:
Vadim Kurland 2008-04-14 04:14:51 +00:00
parent 7d237a01f9
commit 1cafbf3e39
14 changed files with 77 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/ChangeLog
View File

@ -13,6 +13,9 @@
position in the tree, in which case FWObject* is sufficient, or
their address/netmask, in which case we should use InetAddrMask.
* (various places in src/pflib): PREPARATION FOR IPV6: Changing
IPv4::cast to dynamic_cast<InetAddrMask*> everywhere.
2008-03-09 vadim <vadim@vk.crocodile.org>
* (from 2.1) pf.cpp: fixed bug #1899914: "Script to apply the new

14
src/ipt/PolicyCompiler_ipt.cpp
View File

@ -2190,9 +2190,10 @@ bool PolicyCompiler_ipt::splitIfSrcFWNetwork::processNext()
{
FWObject *o = *i1;
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Address *a=Address::cast(o);
Address *na;
if ( Network::isA(a) && (na=compiler->findAddressFor( a , compiler->fw ))!=NULL )
Address *a = Address::cast(o);
FWObject *na;
if (Network::isA(a) &&
(na=compiler->findAddressFor(a, compiler->fw ))!=NULL)
{
obj_subst[a]=na;
}
@ -2261,9 +2262,10 @@ bool PolicyCompiler_ipt::splitIfDstFWNetwork::processNext()
{
FWObject *o = *i1;
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Address *a=Address::cast(o);
Address *na;
if ( Network::isA(a) && (na=compiler->findAddressFor( a , compiler->fw ))!=NULL )
Address *a = Address::cast(o);
FWObject *na;
if (Network::isA(a) &&
(na=compiler->findAddressFor(a, compiler->fw))!=NULL)
{
obj_subst[a]=na;
}

8
src/pflib/NATCompiler_ipf_writers.cpp
View File

@ -89,15 +89,17 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn())
mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL)
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes());
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else {
} else
{
compiler->output << addr.toString();
if (print_netmask)
compiler->output << "/" << mask.getLength();
compiler->output << " ";
@ -112,7 +114,7 @@ void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask)
if (Interface::cast(o) != NULL)
mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL)
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes());
if (addr.isAny() && print_netmask && mask.isHostMask())

23
src/pflib/NATCompiler_pf.cpp
View File

@ -84,15 +84,22 @@ int NATCompiler_pf::prolog()
}
if (!found_ext)
throw FWException(_("At least one interface should be marked as external, can not configure NAT"));
throw FWException(
"At least one interface should be marked as external, "
"can not configure NAT");
}
/* pseudo-host with ip address 127.0.0.1 We'll use it for redirection NAT rules */
/* pseudo-host with ip address 127.0.0.1 We'll use it for redirection
* NAT rules
*/
//FWObject *grp;
loopback_address=IPv4::cast(dbcopy->create(IPv4::TYPENAME) );
loopback_address->setAddress(InetAddr::getLoopbackAddr());
loopback_address = dbcopy->create(IPv4::TYPENAME);
loopback_address->setName("__loopback_address__");
loopback_address->setId("__loopback_address_id__");
dynamic_cast<InetAddrMask*>(loopback_address)->setAddress(
InetAddr::getLoopbackAddr());
dbcopy->add(loopback_address,false);
cacheObj(loopback_address);
@ -650,7 +657,7 @@ bool NATCompiler_pf::ReplaceObjectsTDst::processNext()
RuleElementTDst *rel=rule->getTDst(); assert(rel);
Address *otdst=compiler->getFirstTDst(rule);
Interface *loopback=NULL;
IPv4 *loopback_address=NULL;
FWObject *loopback_address=NULL;
/* if firewall is used in TDst in redirection rule, replace it with
* its loopback interface
@ -661,12 +668,12 @@ bool NATCompiler_pf::ReplaceObjectsTDst::processNext()
for (std::list<FWObject*>::iterator i=l2.begin();
i!=l2.end(); ++i)
{
Interface *iface=dynamic_cast<Interface*>(*i);
Interface *iface = dynamic_cast<Interface*>(*i);
assert(iface);
if (iface->isLoopback())
{
loopback=iface;
loopback_address=IPv4::cast(loopback->getFirstByType(IPv4::TYPENAME));
loopback = iface;
loopback_address = loopback->getFirstByType(IPv4::TYPENAME);
}
}

10
src/pflib/NATCompiler_pf.h
View File

@ -59,12 +59,12 @@ namespace fwcompiler {
struct redirectRuleInfo {
std::string natrule_label;
libfwbuilder::Address *old_tdst;
libfwbuilder::Address *new_tdst;
libfwbuilder::FWObject *old_tdst;
libfwbuilder::FWObject *new_tdst;
libfwbuilder::Service *tsrv;
redirectRuleInfo(const std::string &rl,
libfwbuilder::Address *oa,
libfwbuilder::Address *na,
libfwbuilder::FWObject *oa,
libfwbuilder::FWObject *na,
libfwbuilder::Service *s)
{ natrule_label=rl; old_tdst=oa; new_tdst=na; tsrv=s; }
};
@ -72,7 +72,7 @@ namespace fwcompiler {
protected:
libfwbuilder::IPv4 *loopback_address;
libfwbuilder::FWObject *loopback_address;
TableFactory *tables;

8
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -326,7 +326,7 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
Address *a = Address::cast(o);
InetAddr addr=a->getAddress();
InetNetmask mask=a->getNetmask();
InetNetmask mask=a->getNetmask();
if (Interface::cast(o)!=NULL)
{
@ -340,14 +340,16 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL) {
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
{
mask = InetNetmask(InetAddr::getAllOnes());
}
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else {
} else
{
compiler->output << addr.toString();
if (!mask.isHostMask())
{

40
src/pflib/OSConfigurator_freebsd.cpp
View File

@ -87,14 +87,16 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end())
{
IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) );
FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL)
{
Interface *iface=Interface::cast(iaddr->getParent());
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr);
assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL);
output << "add_addr " << addr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iaddr_addr->getNetmask().toString() << " "
<< iface->getName() << endl;
virtual_addresses.push_back(addr->getAddress());
@ -102,34 +104,6 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
warning(_("Can not add virtual address ") + addr->getAddress().toString() );
}
}
#if 0
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) {
FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
{
Interface *iface=dynamic_cast<Interface*>(*i);
assert(iface);
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
<< iface->getName() << " "
<< addr->getAddress().toString() << " alias" << endl;
virtual_addresses.push_back(addr->getAddress());
return;
}
}
}
warning(_("Can not add virtual address ") + addr->getAddress().toString() );
}
#endif
int OSConfigurator_freebsd::prolog()
{
@ -267,12 +241,10 @@ void OSConfigurator_freebsd::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j);
output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iface->getName() << endl;
virtual_addresses.push_back(iaddr->getAddress());
}
}

11
src/pflib/OSConfigurator_macosx.cpp
View File

@ -81,14 +81,16 @@ void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr)
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end())
{
IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) );
FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL)
{
Interface *iface=Interface::cast(iaddr->getParent());
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr);
assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL);
output << "add_addr " << addr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iaddr_addr->getNetmask().toString() << " "
<< iface->getName() << endl;
virtual_addresses.push_back(addr->getAddress());
@ -174,8 +176,7 @@ void OSConfigurator_macosx::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j);
output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iface->getName() << endl;

16
src/pflib/OSConfigurator_openbsd.cpp
View File

@ -89,14 +89,16 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end())
{
IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) );
FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL)
{
Interface *iface=Interface::cast(iaddr->getParent());
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr);
assert(iaddr_addr!=NULL);
Interface *iface = Interface::cast(iaddr->getParent());
assert(iface!=NULL);
output << "add_addr " << addr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iaddr_addr->getNetmask().toString() << " "
<< iface->getName() << endl;
virtual_addresses.push_back(addr->getAddress());
@ -115,8 +117,9 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
assert(iface);
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) {
IPv4 *iaddr=IPv4::cast(*j);
for ( ; j!=j.end(); ++j )
{
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j);
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
@ -210,8 +213,7 @@ void OSConfigurator_openbsd::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j);
output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iface->getName() << endl;

38
src/pflib/OSConfigurator_solaris.cpp
View File

@ -98,14 +98,16 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end())
{
IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) );
FWObject *iaddr = findAddressFor(addr, fw );
if (iaddr!=NULL)
{
InetAddrMask *iaddr_addr = dynamic_cast<InetAddrMask*>(iaddr);
assert(iaddr_addr!=NULL);
Interface *iface=Interface::cast(iaddr->getParent());
assert(iface!=NULL);
output << "add_addr " << addr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iaddr_addr->getNetmask().toString() << " "
<< iface->getName() << endl;
virtual_addresses.push_back(addr->getAddress());
@ -114,35 +116,6 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
}
}
#if 0
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) {
FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
{
Interface *iface=dynamic_cast<Interface*>(*i);
assert(iface);
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
<< iface->getName() << " "
<< addr->getAddress().toString() << " alias" << endl;
virtual_addresses.push_back(addr->getAddress());
return;
}
}
}
warning(_("Can not add virtual address ") + addr->getAddress().toString() );
}
}
#endif
int OSConfigurator_solaris::prolog()
{
printPathForAllTools("solaris");
@ -219,8 +192,7 @@ void OSConfigurator_solaris::configureInterfaces()
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
InetAddrMask *iaddr = dynamic_cast<InetAddrMask*>(*j);
output << "add_addr " << iaddr->getAddress().toString() << " "
<< iaddr->getNetmask().toString() << " "
<< iface->getName() << endl;

3
src/pflib/PolicyCompiler_ipf_writers.cpp
View File

@ -282,7 +282,8 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg)
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL) {
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
{
mask = InetNetmask(InetAddr::getAllOnes());
}

7
src/pflib/PolicyCompiler_ipfw_writers.cpp
View File

@ -293,8 +293,11 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg)
InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask();
if (Interface::cast(o)!=NULL) mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL) mask = InetNetmask(InetAddr::getAllOnes());
if (Interface::cast(o)!=NULL)
mask = InetNetmask(InetAddr::getAllOnes());
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
mask = InetNetmask(InetAddr::getAllOnes());
if (addr.isAny() && mask.isAny())
{

2
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -611,7 +611,7 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg)
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL)
if (dynamic_cast<InetAddrMask*>(o)->dimension()==1)
{
mask = InetNetmask(InetAddr::getAllOnes());
}

3
src/pflib/TableFactory.cpp
View File

@ -215,7 +215,8 @@ string TableFactory::PrintTables()
InetAddr addr=A->getAddress();
InetNetmask mask=A->getNetmask();
if (IPv4::cast(A)!=NULL) {
if (dynamic_cast<InetAddrMask*>(A)->dimension()==1)
{
mask = InetNetmask(InetAddr::getAllOnes());
}