onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 09:47:20 +01:00
Code Issues Releases Wiki Activity

fixes #614 Use FatalErrorInSingleRuleCompleMode in all compilers

Browse Source
This commit is contained in:
Vadim Kurland 2009-11-13 19:30:17 +00:00
parent 011ca8ca27
commit 301a4ed864
14 changed files with 1535 additions and 1411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 1747 #define BUILD_NUM 1748

7
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -135,6 +135,8 @@ string CompilerDriver_iosacl::run(const std::string &cluster_id,
objdb->findInIndex(objdb->getIntId(firewall_id))); objdb->findInIndex(objdb->getIntId(firewall_id)));
assert(fw); assert(fw);
try
{
// Copy rules from the cluster object // Copy rules from the cluster object
populateClusterElements(cluster, fw); populateClusterElements(cluster, fw);
@ -347,6 +349,11 @@ string CompilerDriver_iosacl::run(const std::string &cluster_id,
fw_file_name.toStdString() + fw_file_name.toStdString() +
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

13
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -557,14 +557,6 @@ string CompilerDriver_pix::run(const std::string &cluster_id,
script_buffer = assembleFwScript( script_buffer = assembleFwScript(
cluster, fw, !cluster_id.empty(), oscnf.get()); cluster, fw, !cluster_id.empty(), oscnf.get());
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
if (haveErrorsAndWarnings())
{
all_errors.push_front(getErrors("").c_str());
}
}
if (single_rule_compile_on) if (single_rule_compile_on)
{ {
@ -593,6 +585,11 @@ string CompilerDriver_pix::run(const std::string &cluster_id,
fw_file_name.toStdString() + fw_file_name.toStdString() +
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

42
src/compiler_lib/CompilerDriver.cpp
View File

@ -266,16 +266,39 @@ void CompilerDriver::commonChecks(Firewall *fw)
if (ofname.empty()) continue; if (ofname.empty()) continue;
if (output_file_names.count(ofname) > 0) if (output_file_names.count(ofname) > 0)
{ {
string err = QString err("Member firewalls use the same output file name %1");
string("Member firewalls use the same output file name ") + error(cluster, NULL, NULL, err.arg(ofname.c_str()).toStdString());
ofname;
throw FWException(err);
} }
output_file_names.insert(ofname); output_file_names.insert(ofname);
} }
} }
} }
/*
* This method performs series of checks for the configuration
* consitency of clusters and cluster members as well as common
* problems with interfaces, addresses and their combinations. There
* are several possible levels of errors:
*
* - errors that can be worked around. Compiler makes minor changes
* to objects and continues. These are not warnings though, the user
* should fix these problems. Using Compiler::error() to report.
*
* - serious errors that should stop processing because generated file
* will be incorrect or inconsistent. However it is possible to
* continue in single rule compile mode because the error may not
* affect the rule being compiled. Using Compiler::abort() to
* report. Normally this method throws FWException() but in single
* rule compile mode or in testing mode it records the error and
* continues.
*
* - fatal errors that make it impossible to continue even in test or
* single rule compile modes. To report call Compiler::abort() and
* then throw FatalErrorInSingleRuleCompileMode exception. This
* exception should be caught in CompilerDriver::run() (virtual
* method) where recorded error can be shown to the user in the GUI.
*
*/
void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw) void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
{ {
QString current_firewall_name = fw->getName().c_str(); QString current_firewall_name = fw->getName().c_str();
@ -312,6 +335,7 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
"the wildcard's interface name: '%1'."); "the wildcard's interface name: '%1'.");
abort(fw, NULL, NULL, abort(fw, NULL, NULL,
err.arg(iface->getName().c_str()).toStdString()); err.arg(iface->getName().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
/* /*
removed test to implement RFE #837238: "unnummbered wildcard interfaces" removed test to implement RFE #837238: "unnummbered wildcard interfaces"
@ -354,6 +378,7 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
"that is used in the firewall policy rule."); "that is used in the firewall policy rule.");
abort(fw, NULL, NULL, abort(fw, NULL, NULL,
err.arg(iface->getName().c_str()).toStdString()); err.arg(iface->getName().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
QString err("Dynamic interface %1 should not have an " QString err("Dynamic interface %1 should not have an "
@ -397,6 +422,7 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
QString err("Missing IP address for interface %1"); QString err("Missing IP address for interface %1");
abort(fw, NULL, NULL, abort(fw, NULL, NULL,
err.arg(iface->getName().c_str()).toStdString()); err.arg(iface->getName().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
for (list<FWObject*>::iterator j = all_addr.begin(); for (list<FWObject*>::iterator j = all_addr.begin();
@ -411,6 +437,7 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
.arg(FWObjectDatabase::getStringId( .arg(FWObjectDatabase::getStringId(
iface->getId()).c_str()) iface->getId()).c_str())
.arg(ip_addr->toString().c_str()).toStdString()); .arg(ip_addr->toString().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
} }
} }
@ -430,7 +457,10 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
QString err; QString err;
if (!int_prop->validateInterface(parent, iface, true, err)) if (!int_prop->validateInterface(parent, iface, true, err))
{
abort(fw, NULL, NULL, err.toStdString()); abort(fw, NULL, NULL, err.toStdString());
throw FatalErrorInSingleRuleCompileMode();
}
string interface_type = iface->getOptionsObject()->getStr("type"); string interface_type = iface->getOptionsObject()->getStr("type");
if (interface_type.empty()) interface_type = "ethernet"; if (interface_type.empty()) interface_type = "ethernet";
@ -467,6 +497,7 @@ void CompilerDriver::commonChecks2(Cluster *cluster, Firewall *fw)
); );
abort(fw, NULL, NULL, abort(fw, NULL, NULL,
err.arg(iface->getName().c_str()).toStdString()); err.arg(iface->getName().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
} }
} }
@ -977,6 +1008,7 @@ int CompilerDriver::checkCluster(Cluster* cluster)
{ {
/* No configured cluster interface found */ /* No configured cluster interface found */
abort(cluster, NULL, NULL, "The cluster has no interfaces."); abort(cluster, NULL, NULL, "The cluster has no interfaces.");
throw FatalErrorInSingleRuleCompileMode();
} }
for (; cluster_ifaces != cluster_ifaces.end(); ++cluster_ifaces) for (; cluster_ifaces != cluster_ifaces.end(); ++cluster_ifaces)
@ -991,6 +1023,7 @@ int CompilerDriver::checkCluster(Cluster* cluster)
{ {
QString err("Found duplicate cluster interface %1"); QString err("Found duplicate cluster interface %1");
abort(cluster, NULL, NULL, err.arg(iface_name.c_str()).toStdString()); abort(cluster, NULL, NULL, err.arg(iface_name.c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
const InetAddr *other_iface_address = Interface::cast(*other_ifaces)->getAddressPtr(); const InetAddr *other_iface_address = Interface::cast(*other_ifaces)->getAddressPtr();
if (other_iface_address==NULL) continue; // cluster interface with no address if (other_iface_address==NULL) continue; // cluster interface with no address
@ -998,6 +1031,7 @@ int CompilerDriver::checkCluster(Cluster* cluster)
{ {
QString err("Found duplicate cluster interface address %1"); QString err("Found duplicate cluster interface address %1");
abort(cluster, NULL, NULL, err.arg(iface_address->toString().c_str()).toStdString()); abort(cluster, NULL, NULL, err.arg(iface_address->toString().c_str()).toStdString());
throw FatalErrorInSingleRuleCompileMode();
} }
} }
} }

11
src/iptlib/CompilerDriver_ipt_run.cpp
View File

@ -113,6 +113,10 @@ string CompilerDriver_ipt::run(const std::string &cluster_id,
objdb->findInIndex(objdb->getIntId(firewall_id))); objdb->findInIndex(objdb->getIntId(firewall_id)));
assert(fw); assert(fw);
string generated_script;
try
{
// Copy rules from the cluster object // Copy rules from the cluster object
populateClusterElements(cluster, fw); populateClusterElements(cluster, fw);
@ -216,7 +220,6 @@ string CompilerDriver_ipt::run(const std::string &cluster_id,
std::map<const std::string, bool> minus_n_commands_nat; std::map<const std::string, bool> minus_n_commands_nat;
vector<int> ipv4_6_runs; vector<int> ipv4_6_runs;
string generated_script;
findImportedRuleSets(fw, all_policies); findImportedRuleSets(fw, all_policies);
findBranchesInMangleTable(fw, all_policies); findBranchesInMangleTable(fw, all_policies);
@ -689,6 +692,12 @@ string CompilerDriver_ipt::run(const std::string &cluster_id,
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

14
src/pflib/CompilerDriver_ipf_run.cpp
View File

@ -182,6 +182,8 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
objdb->findInIndex(objdb->getIntId(firewall_id))); objdb->findInIndex(objdb->getIntId(firewall_id)));
assert(fw); assert(fw);
try
{
// Copy rules from the cluster object // Copy rules from the cluster object
populateClusterElements(cluster, fw); populateClusterElements(cluster, fw);
@ -305,9 +307,6 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
if (c.haveErrorsAndWarnings()) if (c.haveErrorsAndWarnings())
{ {
all_errors.push_back(c.getErrors("").c_str()); all_errors.push_back(c.getErrors("").c_str());
// ostr << "# Policy compiler errors and warnings:"
// << endl;
// ostr << c.getErrors("# ");
} }
ostr << c.getCompiledScript(); ostr << c.getCompiledScript();
} }
@ -317,9 +316,6 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
if (n.haveErrorsAndWarnings()) if (n.haveErrorsAndWarnings())
{ {
all_errors.push_back(n.getErrors("").c_str()); all_errors.push_back(n.getErrors("").c_str());
// ostr << "# NAT compiler errors and warnings:"
// << endl;
// ostr << n.getErrors("# ");
} }
ostr << n.getCompiledScript(); ostr << n.getCompiledScript();
} }
@ -428,6 +424,12 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
fw_file_name.toStdString() + fw_file_name.toStdString() +
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

8
src/pflib/CompilerDriver_ipfw_run.cpp
View File

@ -129,6 +129,8 @@ string CompilerDriver_ipfw::run(const std::string &cluster_id,
objdb->findInIndex(objdb->getIntId(firewall_id))); objdb->findInIndex(objdb->getIntId(firewall_id)));
assert(fw); assert(fw);
try
{
// Copy rules from the cluster object // Copy rules from the cluster object
populateClusterElements(cluster, fw); populateClusterElements(cluster, fw);
@ -337,6 +339,12 @@ string CompilerDriver_ipfw::run(const std::string &cluster_id,
fw_file_name.toStdString() + fw_file_name.toStdString() +
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

7
src/pflib/CompilerDriver_pf_run.cpp
View File

@ -209,6 +209,8 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
objdb->findInIndex(objdb->getIntId(firewall_id))); objdb->findInIndex(objdb->getIntId(firewall_id)));
assert(fw); assert(fw);
try
{
// Copy rules from the cluster object // Copy rules from the cluster object
populateClusterElements(cluster, fw); populateClusterElements(cluster, fw);
@ -603,6 +605,11 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
fw_file_name.toStdString() + fw_file_name.toStdString() +
" for writing"); " for writing");
} }
}
catch (FatalErrorInSingleRuleCompileMode &ex)
{
return getErrors("");
}
return ""; return "";
} }

35
test/iosacl/quick-cmp.sh
View File

@ -1,15 +1,28 @@
#!/usr/bin/perl #!/bin/sh
$XMLFILE=@ARGV[0];
$DIFFCMD="diff -U 0 -u -b -B -I \"! Generated\" "; DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
while (<>) { for f in $(ls *.fw.orig)
$str=$_; do
while ( $str=~ /<Firewall / ) { V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
$str=~ /<Firewall [^>]+name="([^"]*).*$"/; echo "echo \"$V\" | cut -c1-72"
$fw=$1; new_f=$(echo $f | sed 's/.org//')
printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw; echo "$DIFFCMD $f $new_f"
$str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//; done
} exit 0
run_diffs_for_file() {
xmlfile=$1
folder=$2
fwbedit list -f $xmlfile -o $folder -c -F%name% | sort | while read fwobj; do
V="$fwobj <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw"
done
} }
run_diffs_for_file objects-for-regression-tests.fwb /User/Firewalls
# run_diffs_for_file cluster-tests.fwb /User/Clusters

31
test/iosacl/run.all
View File

@ -1,17 +1,22 @@
#!/usr/bin/perl #!/bin/sh
$XMLFILE=@ARGV[0]; XMLFILE="objects-for-regression-tests.fwb"
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
sort | while read fwobj
do
echo "echo"
echo "echo \"============================ $fwobj\""
echo "fwb_iosacl -v -f $XMLFILE -xt $fwobj"
done
exit 0
while (<>) { XMLFILE="cluster-tests.fwb"
$str=$_; fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
while ( $str=~ /<Firewall / ) { sort | while read fwobj
$str=~ /<Firewall [^>]+name="([^"]*).*$"/; do
$fw=$1; echo "echo"
printf "echo ====================== $fw =========================================\n"; echo "echo \"============================ $fwobj\""
printf "fwb_iosacl -xt -v -f $XMLFILE $fw\n"; echo "fwb_iosacl -v -f $XMLFILE -xt -xc $fwobj"
$str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//; done
}
}

14
test/ipf/quick-cmp.sh
View File

@ -1,12 +1,12 @@
#!/bin/sh #!/bin/sh
XMLFILE=$1 DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipf v' -I 'Can not find file' -I '====' -I 'log '"
DIFFCMD="diff -C 1 -c -b -B -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do for f in $(ls *.fw.orig *.conf.orig)
echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw" do
echo "$DIFFCMD ${fwobj}-ipf.conf.orig ${fwobj}-ipf.conf" V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "$DIFFCMD ${fwobj}-nat.conf.orig ${fwobj}-nat.conf" echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.org//')
echo "$DIFFCMD $f $new_f"
done done

18
test/ipf/run.all
View File

@ -1,10 +1,22 @@
#!/bin/sh #!/bin/sh
XMLFILE=$1 XMLFILE="objects-for-regression-tests.fwb"
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do sort | while read fwobj
do
echo "echo" echo "echo"
echo "echo \"============================ $fwobj\"" echo "echo \"============================ $fwobj\""
echo "fwb_ipf -v -f $XMLFILE -xt $fwobj" echo "fwb_ipf -v -f $XMLFILE -xt $fwobj"
done done
exit 0
XMLFILE="cluster-tests.fwb"
fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
sort | while read fwobj
do
echo "echo"
echo "echo \"============================ $fwobj\""
echo "fwb_ipf -v -f $XMLFILE -xt -xc $fwobj"
done

24
test/ipfw/quick-cmp.sh
View File

@ -1,10 +1,28 @@
#!/bin/sh #!/bin/sh
XMLFILE=$1 DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
DIFFCMD="diff -C 5 -c -b -B -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do for f in $(ls *.fw.orig)
do
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.org//')
echo "$DIFFCMD $f $new_f"
done
exit 0
run_diffs_for_file() {
xmlfile=$1
folder=$2
fwbedit list -f $xmlfile -o $folder -c -F%name% | sort | while read fwobj; do
V="$fwobj <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw" echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw"
done done
}
run_diffs_for_file objects-for-regression-tests.fwb /User/Firewalls
# run_diffs_for_file cluster-tests.fwb /User/Clusters

18
test/ipfw/run.all
View File

@ -1,10 +1,22 @@
#!/bin/sh #!/bin/sh
XMLFILE=$1 XMLFILE="objects-for-regression-tests.fwb"
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do sort | while read fwobj
do
echo "echo" echo "echo"
echo "echo \"============================ $fwobj\"" echo "echo \"============================ $fwobj\""
echo "fwb_ipfw -v -f $XMLFILE -xt $fwobj" echo "fwb_ipfw -v -f $XMLFILE -xt $fwobj"
done done
exit 0
XMLFILE="cluster-tests.fwb"
fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
sort | while read fwobj
do
echo "echo"
echo "echo \"============================ $fwobj\""
echo "fwb_ipfw -v -f $XMLFILE -xt -xc $fwobj"
done