diff --git a/doc/ChangeLog b/doc/ChangeLog index 9387f5c24..79d3a2a93 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,10 @@ +2008-05-18 Vadim Kurland + + * OSConfigurator_linux24.cpp: compiler for iptables converted to + use exclusively methods getAddressPtr and getNetmaskPtr. Checking + for when Address object has no IP address where + appropriate (getAddressPtr() returns NULL in this case). + 2008-05-10 vadim * pf.cpp: (from 2.1) fixed bug #1961202: "Pf Timeouts overriden by diff --git a/src/cisco_lib/Helper.cpp b/src/cisco_lib/Helper.cpp index 179c3accf..472589651 100644 --- a/src/cisco_lib/Helper.cpp +++ b/src/cisco_lib/Helper.cpp @@ -100,7 +100,7 @@ void Helper::expand_group_recursive(FWObject *o,list &ol) string Helper::findInterfaceByAddress(libfwbuilder::Address *obj) { - return findInterfaceByAddress(obj->getAddress()); + return findInterfaceByAddress( *(obj->getAddressPtr()) ); } string Helper::findInterfaceByAddress(const libfwbuilder::InetAddr &addr) @@ -116,7 +116,7 @@ string Helper::findInterfaceByAddress(const libfwbuilder::InetAddr &addr) string Helper::findInterfaceByNetzone(Address *obj) { - return findInterfaceByNetzone(obj->getAddress()); + return findInterfaceByNetzone(*(obj->getAddressPtr())); } string Helper::findInterfaceByNetzone(const InetAddr &addr) throw(string) @@ -240,7 +240,7 @@ list Helper::findInterfaceByNetzoneOrAll(RuleElement *re) string triplet::hash() { - return src->getAddress().toString() + "." + - dst->getAddress().toString() + "." + + return src->getAddressPtr()->toString() + "." + + dst->getAddressPtr()->toString() + "." + srv->getId(); } diff --git a/src/fwblookup/fwblookup.cpp b/src/fwblookup/fwblookup.cpp index 9015575f0..7b574fd0e 100644 --- a/src/fwblookup/fwblookup.cpp +++ b/src/fwblookup/fwblookup.cpp @@ -291,7 +291,8 @@ int main(int argc, char * const *argv) if ( print_addr ) { if (Address::cast(obj)!=NULL) - cout << Address::cast(obj)->getAddress().toString() << endl; + cout << Address::cast(obj)->getAddressPtr()->toString() + << endl; else { SNPRINTF(errstr,sizeof(errstr), _("Can not print address for %s (ID='%s'): objects of this type do not have address"), diff --git a/src/gui/DiscoveryDruid.cpp b/src/gui/DiscoveryDruid.cpp index b78c7b56a..f8d25ccf9 100644 --- a/src/gui/DiscoveryDruid.cpp +++ b/src/gui/DiscoveryDruid.cpp @@ -1486,8 +1486,8 @@ void DiscoveryDruid::loadDataFromCrawler() ObjectDescriptor od; od.sysname = m->toString(); - od.addr = m->getAddress(); - od.netmask = m->getNetmask(); + od.addr = *(m->getAddressPtr()); + od.netmask = *(m->getNetmaskPtr()); od.type = Network::TYPENAME; od.isSelected = false; diff --git a/src/gui/FWObjectPropertiesFactory.cpp b/src/gui/FWObjectPropertiesFactory.cpp index 95463c34b..7d015ac17 100644 --- a/src/gui/FWObjectPropertiesFactory.cpp +++ b/src/gui/FWObjectPropertiesFactory.cpp @@ -91,9 +91,9 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj) { if (IPv4::isA(obj)) { - str << IPv4::cast(obj)->getAddress().toString().c_str(); + str << IPv4::cast(obj)->getAddressPtr()->toString().c_str(); str << "/"; - str << IPv4::cast(obj)->getNetmask().toString().c_str(); + str << IPv4::cast(obj)->getNetmaskPtr()->toString().c_str(); } else if (physAddress::isA(obj)) { @@ -135,7 +135,7 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj) } else if (Host::isA(obj)) { - str << Address::cast(obj)->getAddress().toString().c_str(); + str << Address::cast(obj)->getAddressPtr()->toString().c_str(); FWObject *co=obj->getFirstByType("Interface"); if (co!=NULL) @@ -148,9 +148,9 @@ QString FWObjectPropertiesFactory::getObjectProperties(FWObject *obj) } else if (Network::isA(obj)) { Network *n=Network::cast(obj); - str << n->getAddress().toString().c_str(); + str << n->getAddressPtr()->toString().c_str(); str << "/"; - str << n->getNetmask().toString().c_str(); + str << n->getNetmaskPtr()->toString().c_str(); } else if (Group::cast(obj)!=NULL) // just any group { @@ -271,9 +271,9 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj, if (IPv4::isA(obj)) { if (showPath && !tooltip) str += "Path: " + path + "
\n"; - str += IPv4::cast(obj)->getAddress().toString().c_str(); + str += IPv4::cast(obj)->getAddressPtr()->toString().c_str(); str += "/"; - str += IPv4::cast(obj)->getNetmask().toString().c_str(); + str += IPv4::cast(obj)->getNetmaskPtr()->toString().c_str(); } else if (physAddress::isA(obj)) { @@ -320,9 +320,9 @@ QString FWObjectPropertiesFactory::getObjectPropertiesDetailed(FWObject *obj, { if (showPath && !tooltip) str += "Path: " + path + "
\n"; Network *n=Network::cast(obj); - str += n->getAddress().toString().c_str(); + str += n->getAddressPtr()->toString().c_str(); str += "/"; - str += n->getNetmask().toString().c_str(); + str += n->getNetmaskPtr()->toString().c_str(); } else if (Group::cast(obj)!=NULL) // just any group { diff --git a/src/gui/FindObjectWidget.cpp b/src/gui/FindObjectWidget.cpp index dc0f1c2e7..13a59f392 100644 --- a/src/gui/FindObjectWidget.cpp +++ b/src/gui/FindObjectWidget.cpp @@ -186,7 +186,7 @@ bool FindObjectWidget::matchAttr(libfwbuilder::FWObject *obj) Address *a = Address::cast(obj); if (a!=NULL) { - QString addr = a->getAddress().toString().c_str(); + QString addr = a->getAddressPtr()->toString().c_str(); if (m_widget->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 ); else res= ( addr == s ); diff --git a/src/gui/IPv4Dialog.cpp b/src/gui/IPv4Dialog.cpp index 03193a677..76a5db3d9 100644 --- a/src/gui/IPv4Dialog.cpp +++ b/src/gui/IPv4Dialog.cpp @@ -107,13 +107,13 @@ void IPv4Dialog::loadFWObject(FWObject *o) * still can show netmask */ try { - m_dialog->address->setText( s->getAddress().toString().c_str() ); + m_dialog->address->setText( s->getAddressPtr()->toString().c_str() ); } catch (FWException &ex) {} try { if ( Interface::isA( obj->getParent() ) ) - m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() ); } catch (FWException &ex) {} //apply->setEnabled( false ); diff --git a/src/gui/IPv6Dialog.cpp b/src/gui/IPv6Dialog.cpp index 00459bf65..8bc53f5ed 100644 --- a/src/gui/IPv6Dialog.cpp +++ b/src/gui/IPv6Dialog.cpp @@ -109,13 +109,13 @@ void IPv6Dialog::loadFWObject(FWObject *o) try { m_dialog->address->setText( Inet6Addr().toString().c_str() ); - m_dialog->address->setText( s->getAddress(true).toString().c_str() ); + m_dialog->address->setText( s->getAddressPtr(true)->toString().c_str()); } catch (FWException &ex) {} try { if ( Interface::isA( obj->getParent() ) ) - m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str()); } catch (FWException &ex) {} //apply->setEnabled( false ); diff --git a/src/gui/InterfaceData.cpp b/src/gui/InterfaceData.cpp index 66ec9056b..d4ec183ce 100644 --- a/src/gui/InterfaceData.cpp +++ b/src/gui/InterfaceData.cpp @@ -35,6 +35,34 @@ using namespace libfwbuilder; using namespace std; +InterfaceData::InterfaceData(const libfwbuilder::Interface &iface) +{ + id = iface.getId(); + name = iface.getName(); + + IPv4 *addr = IPv4::cast(iface.getFirstByType(IPv4::TYPENAME)); + if (addr) + { + address = addr->getAddressPtr()->toString(); + netmask = addr->getNetmaskPtr()->toString(); + } + else + { + address = ""; + netmask = ""; + } + + securityLevel = iface.getSecurityLevel(); + isDyn = iface.isDyn(); + isUnnumbered = iface.isUnnumbered(); + isBridgePort = iface.isBridgePort(); + libfwbuilder::physAddress *pa = iface.getPhysicalAddress(); + if (pa!=NULL) + physicalAddress = pa->getPhysAddress(); + label = iface.getLabel(); + networkZone = iface.getStr("network_zone"); +} + void InterfaceData::guessLabel(const string &platform) { /* diff --git a/src/gui/InterfaceData.h b/src/gui/InterfaceData.h index 4533502d7..917aafcb5 100644 --- a/src/gui/InterfaceData.h +++ b/src/gui/InterfaceData.h @@ -55,22 +55,7 @@ struct InterfaceData securityLevel = 0; } - InterfaceData(const libfwbuilder::Interface &iface) - { - id = iface.getId(); - name = iface.getName(); - address = iface.getAddress().toString(); - netmask = iface.getNetmask().toString(); - securityLevel = iface.getSecurityLevel(); - isDyn = iface.isDyn(); - isUnnumbered = iface.isUnnumbered(); - isBridgePort = iface.isBridgePort(); - libfwbuilder::physAddress *pa = iface.getPhysicalAddress(); - if (pa!=NULL) - physicalAddress = pa->getPhysAddress(); - label = iface.getLabel(); - networkZone = iface.getStr("network_zone"); - } + InterfaceData(const libfwbuilder::Interface &iface); /** * this method is a collection of heuristics that allow us to assign diff --git a/src/gui/NetworkDialog.cpp b/src/gui/NetworkDialog.cpp index beb0cc95b..2b29aa81e 100644 --- a/src/gui/NetworkDialog.cpp +++ b/src/gui/NetworkDialog.cpp @@ -72,8 +72,8 @@ void NetworkDialog::loadFWObject(FWObject *o) fillLibraries(m_dialog->libs,obj); m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); - m_dialog->address->setText( s->getAddress().toString().c_str() ); - m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + m_dialog->address->setText( s->getAddressPtr()->toString().c_str() ); + m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() ); m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); //apply->setEnabled( false ); diff --git a/src/gui/NetworkDialogIPv6.cpp b/src/gui/NetworkDialogIPv6.cpp index fb694fc87..325469bf0 100644 --- a/src/gui/NetworkDialogIPv6.cpp +++ b/src/gui/NetworkDialogIPv6.cpp @@ -73,8 +73,8 @@ void NetworkDialogIPv6::loadFWObject(FWObject *o) fillLibraries(m_dialog->libs,obj); m_dialog->obj_name->setText( QString::fromUtf8(s->getName().c_str()) ); - m_dialog->address->setText( s->getAddress().toString().c_str() ); - m_dialog->netmask->setText( s->getNetmask().toString().c_str() ); + m_dialog->address->setText( s->getAddressPtr()->toString().c_str() ); + m_dialog->netmask->setText( s->getNetmaskPtr()->toString().c_str() ); m_dialog->comment->setText( QString::fromUtf8(s->getComment().c_str()) ); //apply->setEnabled( false ); diff --git a/src/gui/findDialog.cpp b/src/gui/findDialog.cpp index 65c92a815..429ee38db 100644 --- a/src/gui/findDialog.cpp +++ b/src/gui/findDialog.cpp @@ -159,7 +159,7 @@ bool findDialog::matchAttr(libfwbuilder::FWObject *obj) Address *a = Address::cast(obj); if (a!=NULL) { - QString addr = a->getAddress().toString().c_str(); + QString addr = a->getAddressPtr()->toString().c_str(); if (m_dialog->useRegexp->isChecked()) res= ( addr.indexOf( QRegExp(s) )!=-1 ); else res= ( addr == s ); } diff --git a/src/gui/iosaclAdvancedDialog.cpp b/src/gui/iosaclAdvancedDialog.cpp index 1a6a89da1..9927dc519 100644 --- a/src/gui/iosaclAdvancedDialog.cpp +++ b/src/gui/iosaclAdvancedDialog.cpp @@ -335,7 +335,7 @@ void iosaclAdvancedDialog::accept() // pis->setCommand( installScript->text() ); // pis->setArguments( installScriptArgs->text() ); - mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) ); PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); diff --git a/src/gui/iptAdvancedDialog.cpp b/src/gui/iptAdvancedDialog.cpp index cdec4baa7..ed4b0d527 100644 --- a/src/gui/iptAdvancedDialog.cpp +++ b/src/gui/iptAdvancedDialog.cpp @@ -217,7 +217,7 @@ void iptAdvancedDialog::accept() /********************* data for fwbd and install script **************/ PolicyInstallScript *pis = mgmt->getPolicyInstallScript(); - mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) ); pis->setCommand( m_dialog->installScript->text().toLatin1().constData() ); pis->setArguments( m_dialog->installScriptArgs->text().toLatin1().constData() ); diff --git a/src/gui/newFirewallDialog.cpp b/src/gui/newFirewallDialog.cpp index f3fde05cd..6deafbb29 100644 --- a/src/gui/newFirewallDialog.cpp +++ b/src/gui/newFirewallDialog.cpp @@ -562,8 +562,8 @@ void newFirewallDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte) if (intf->isBridgePort()) s += tr("Bridge port"); else s += QString("%1/%2") - .arg(intf->getAddress().toString().c_str()) - .arg( intf->getNetmask().toString().c_str()); + .arg(intf->getAddressPtr()->toString().c_str()) + .arg(intf->getNetmaskPtr()->toString().c_str()); s += ""; s += ""; s += ""; diff --git a/src/gui/newHostDialog.cpp b/src/gui/newHostDialog.cpp index c5461d0b7..22ff1535a 100644 --- a/src/gui/newHostDialog.cpp +++ b/src/gui/newHostDialog.cpp @@ -472,8 +472,8 @@ void newHostDialog::fillInterfaceData(Interface *intf, QTextBrowser *qte) if (intf->isUnnumbered()) s += tr("Unnumbered interface"); else s += QString("%1/%2") - .arg(intf->getAddress().toString().c_str()) - .arg( intf->getNetmask().toString().c_str()); + .arg(intf->getAddressPtr()->toString().c_str()) + .arg(intf->getNetmaskPtr()->toString().c_str()); s += ""; s += ""; s += ""; diff --git a/src/gui/pixAdvancedDialog.cpp b/src/gui/pixAdvancedDialog.cpp index 74602ec66..a43a5a983 100644 --- a/src/gui/pixAdvancedDialog.cpp +++ b/src/gui/pixAdvancedDialog.cpp @@ -756,7 +756,7 @@ void pixAdvancedDialog::accept() // pis->setCommand( installScript->text() ); // pis->setArguments( installScriptArgs->text() ); - mgmt->setAddress( (Firewall::cast(obj))->getAddress() ); + mgmt->setAddress( *((Firewall::cast(obj))->getAddressPtr()) ); if (syslogDeviceIdSupported) diff --git a/src/iosacl/OSConfigurator_ios.cpp b/src/iosacl/OSConfigurator_ios.cpp index c63a0bcb8..00dda90be 100644 --- a/src/iosacl/OSConfigurator_ios.cpp +++ b/src/iosacl/OSConfigurator_ios.cpp @@ -148,9 +148,9 @@ string OSConfigurator_ios::_printIPAddress() if ((n = setAddrCmd.find("%in"))!=string::npos) setAddrCmd.replace(n,3,iface->getName()); if ((n = setAddrCmd.find("%a"))!=string::npos) - setAddrCmd.replace(n,2,iface->getAddress().toString()); + setAddrCmd.replace(n,2,iface->getAddressPtr()->toString()); if ((n = setAddrCmd.find("%n"))!=string::npos) - setAddrCmd.replace(n,2,iface->getNetmask().toString()); + setAddrCmd.replace(n,2,iface->getNetmaskPtr()->toString()); res << setAddrCmd; } diff --git a/src/iosacl/PolicyCompiler_iosacl_writers.cpp b/src/iosacl/PolicyCompiler_iosacl_writers.cpp index 0c92957a3..681ba1684 100644 --- a/src/iosacl/PolicyCompiler_iosacl_writers.cpp +++ b/src/iosacl/PolicyCompiler_iosacl_writers.cpp @@ -371,8 +371,8 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o) { ostringstream str; - InetAddr srcaddr=o->getAddress(); - InetAddr srcmask=o->getNetmask(); + const InetAddr *srcaddr = o->getAddressPtr(); + InetAddr srcmask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=NULL) { @@ -382,23 +382,23 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o) return string("interface ") + interface_->getLabel() + " "; } - srcmask=InetAddr(InetAddr::getAllOnes()); + srcmask = InetAddr(InetAddr::getAllOnes()); } if (IPv4::cast(o)!=NULL) - srcmask=InetAddr(InetAddr::getAllOnes()); + srcmask = InetAddr(InetAddr::getAllOnes()); - if (srcaddr.isAny() && srcmask.isAny()) + if (srcaddr->isAny() && srcmask.isAny()) { str << "any "; } else { if (srcmask.isHostMask()) { - str << "host " << srcaddr.toString() << " "; + str << "host " << srcaddr->toString() << " "; } else { - str << srcaddr.toString() << " "; + str << srcaddr->toString() << " "; // cisco uses "wildcards" instead of netmasks diff --git a/src/ipf/ipf.cpp b/src/ipf/ipf.cpp index a857e7f99..49569e21e 100644 --- a/src/ipf/ipf.cpp +++ b/src/ipf/ipf.cpp @@ -103,7 +103,7 @@ FWObjectDatabase *objdb = NULL; class UpgradePredicate: public XMLTools::UpgradePredicate { public: - virtual bool operator()(const string &msg) const + virtual bool operator()(const string&) const { cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; return false; @@ -319,7 +319,7 @@ int main(int argc, char * const *argv) for (list::iterator j=la.begin(); j!=la.end(); ++j) { IPv4 *ipv4 = IPv4::cast(*j); - if ( ipv4->getAddress() == InetAddr::getAny()) + if ( ipv4->getAddressPtr()->isAny()) { char errstr[256]; sprintf(errstr, diff --git a/src/ipfw/ipfw.cpp b/src/ipfw/ipfw.cpp index 6bc4dbfaf..f319aeb4c 100644 --- a/src/ipfw/ipfw.cpp +++ b/src/ipfw/ipfw.cpp @@ -103,7 +103,7 @@ FWObjectDatabase *objdb = NULL; class UpgradePredicate: public XMLTools::UpgradePredicate { public: - virtual bool operator()(const string &msg) const + virtual bool operator()(const string&) const { cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; return false; @@ -286,7 +286,7 @@ int main(int argc, char * const *argv) for (list::iterator j=la.begin(); j!=la.end(); ++j) { IPv4 *ipv4 = IPv4::cast(*j); - if ( ipv4->getAddress() == InetAddr::getAny()) + if ( ipv4->getAddressPtr()->isAny()) { char errstr[256]; sprintf(errstr, diff --git a/src/ipt/NATCompiler_PrintRule.cpp b/src/ipt/NATCompiler_PrintRule.cpp index 2176cc341..50548b2d0 100644 --- a/src/ipt/NATCompiler_PrintRule.cpp +++ b/src/ipt/NATCompiler_PrintRule.cpp @@ -427,7 +427,8 @@ string NATCompiler_ipt::PrintRule::_printDstService(RuleElementOSrv *rel) return ostr.str(); } -string NATCompiler_ipt::PrintRule::_printAddr(Address *o,bool print_mask,bool print_range) +string NATCompiler_ipt::PrintRule::_printAddr(Address *o, + bool print_mask, bool print_range) { NATCompiler_ipt *ipt_comp=dynamic_cast(compiler); std::ostringstream ostr; @@ -460,35 +461,38 @@ string NATCompiler_ipt::PrintRule::_printAddr(Address *o,bool print_mask,bool p ostr << a1.toString() << "-" << a2.toString(); } else { - const InetAddr& addr = o->getAddress(); - const InetAddr& mask = o->getNetmask(); - Interface *iface = Interface::cast(o); - if (iface!=NULL) + if (iface!=NULL && iface->isDyn() && iface->getBool("use_var_address")) { - if (iface->isDyn() && iface->getBool("use_var_address")) - { - ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " "; - return ostr.str(); - } - ostr << addr.toString(); + ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " "; return ostr.str(); } - if (addr == InetAddr::getAny() && mask == InetAddr::getAny()) + const InetAddr* addr = o->getAddressPtr(); + const InetAddr* mask = o->getNetmaskPtr(); + if (addr && mask) { - ostr << "0/0"; - } else - { - ostr << addr.toString(); - - if (print_mask && - Address::cast(o)->dimension()!=1 && - !mask.isHostMask()) + if (iface!=NULL) { - ostr << "/" << mask.getLength(); + ostr << addr->toString(); + return ostr.str(); } - } + + if (addr->isAny() && mask->isAny()) + { + ostr << "0/0"; + } else + { + ostr << addr->toString(); + + if (print_mask && + Address::cast(o)->dimension()!=1 && + !mask->isHostMask()) + { + ostr << "/" << mask->getLength(); + } + } + } } return ostr.str(); } @@ -571,17 +575,12 @@ bool NATCompiler_ipt::PrintRule::processNext() cmdout << " -m mac --mac-source " << physaddress; } -/* - * fool-proof: this is last resort check for situation when user created IPv4 object - * for the interface but left it with empty address ( 0.0.0.0 ). - */ - if ( ! physaddress.empty() && osrc->getAddress()==InetAddr()) + + const InetAddr *osrc_addr = osrc->getAddressPtr(); + if (osrc_addr==NULL || !osrc_addr->isAny()) { - ; - } else - { - cmdout << " -s "; - cmdout << _printAddr(osrc); + string osrc_out = _printAddr(osrc); + if (!osrc_out.empty()) cmdout << " -s " << osrc_out; } // cmdout << " -s "; diff --git a/src/ipt/NATCompiler_ipt.cpp b/src/ipt/NATCompiler_ipt.cpp index 024fd33a2..ba9c29feb 100644 --- a/src/ipt/NATCompiler_ipt.cpp +++ b/src/ipt/NATCompiler_ipt.cpp @@ -197,8 +197,8 @@ void NATCompiler_ipt::_expandInterface(Interface *iface, dbcopy->addToIndex(ca); cacheObj(ca); ca->setName( "CA("+iface->getName()+")" ); - ca->setAddress( ipv4->getAddress() ); - ca->setNetmask( ipv4->getNetmask() ); + ca->setAddress( *(ipv4->getAddressPtr()) ); + ca->setNetmask( *(ipv4->getNetmaskPtr()) ); ca->setPhysAddress( pa->getPhysAddress() ); nol.push_back(ca); } else @@ -454,7 +454,7 @@ bool NATCompiler_ipt::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstOSrc(rule)); Network *a2=Network::cast(compiler->getFirstTSrc(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength() != a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); } @@ -463,7 +463,7 @@ bool NATCompiler_ipt::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstODst(rule)); Network *a2=Network::cast(compiler->getFirstTDst(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength() != a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); } diff --git a/src/ipt/OSConfigurator_linux24.cpp b/src/ipt/OSConfigurator_linux24.cpp index 0f44e341c..326d932b4 100644 --- a/src/ipt/OSConfigurator_linux24.cpp +++ b/src/ipt/OSConfigurator_linux24.cpp @@ -202,23 +202,23 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw) { if (virtual_addresses.empty() || find(virtual_addresses.begin(),virtual_addresses.end(), - nw->getAddress())==virtual_addresses.end()) + *(nw->getAddressPtr())) == virtual_addresses.end()) { Interface *iface=findInterfaceFor( nw, fw ); if (iface!=NULL) { - const InetAddr& a = nw->getAddress(); + const InetAddr *a = nw->getAddressPtr(); string str, subnet, first, last; - first = (a + 1).toString(); - last = (nw->getBroadcastAddress() -1).toString(); + first = (*a + 1).toString(); + last = (*(nw->getBroadcastAddressPtr()) -1).toString(); ostr << endl; ostr << "a=\"" << first << "\"" << endl; ostr << "while test \"$a\" != \"" << last << "\"; do" << endl; - ostr << " add_addr ${a} " << nw->getNetmask().getLength() + ostr << " add_addr ${a} " << nw->getNetmaskPtr()->getLength() << " " << iface->getName() << endl; ostr << endl; @@ -234,10 +234,11 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw) ostr << " a=$a4\".\"$a3\".\"$a2\".\"$a1" << endl; ostr << "done" << endl << endl; - virtual_addresses.push_back(nw->getAddress()); + virtual_addresses.push_back( *(nw->getAddressPtr()) ); registerVirtualAddressForNat(); } else - warning(_("Can not add virtual address ") + nw->getAddress().toString() + + warning(_("Can not add virtual address ") + + nw->getAddressPtr()->toString() + _(" (object ") + nw->getName() + ")" ); } commands_to_add_virtual_addresses.push_back(ostr.str()); @@ -253,7 +254,7 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr) { if (virtual_addresses.empty() || find(virtual_addresses.begin(),virtual_addresses.end(), - addr->getAddress())==virtual_addresses.end()) + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObject *vaddr = findAddressFor(addr, fw ); if (vaddr!=NULL) @@ -265,15 +266,15 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr) vaddr)->getAddressObjectInetAddrMask(); assert(vaddr_addr!=NULL); - ostr << "add_addr " << addr->getAddress().toString() << " " - << vaddr_addr->getNetmask().getLength() << " " + ostr << "add_addr " << addr->getAddressPtr()->toString() << " " + << vaddr_addr->getNetmaskPtr()->getLength() << " " << iface->getName() << endl; - virtual_addresses.push_back(addr->getAddress()); + virtual_addresses.push_back(*(addr->getAddressPtr())); registerVirtualAddressForNat(); } else warning(_("Can not add virtual address ") + - addr->getAddress().toString() + + addr->getAddressPtr()->toString() + _(" (object ") + addr->getName() + ")" ); } commands_to_add_virtual_addresses.push_back(ostr.str()); @@ -364,12 +365,13 @@ void OSConfigurator_linux24::configureInterfaces() { const InetAddrMask *iaddr = Address::cast(*j)->getAddressObjectInetAddrMask(); - output << "add_addr " << iaddr->getAddress().toString() << " " - << iaddr->getNetmask().getLength() << " " + output << "add_addr " << iaddr->getAddressPtr()->toString() + << " " + << iaddr->getNetmaskPtr()->getLength() << " " << iface->getName() << endl; // add to the table of virtual addresses so we won't generate code to // configure the same address if it is needed for NAT - virtual_addresses.push_back(iaddr->getAddress()); + virtual_addresses.push_back(*(iaddr->getAddressPtr())); } output << "$IP link set " << iface->getName() << " up" << endl; } diff --git a/src/ipt/PolicyCompiler_PrintRule.cpp b/src/ipt/PolicyCompiler_PrintRule.cpp index e0026864e..11d8ee515 100644 --- a/src/ipt/PolicyCompiler_PrintRule.cpp +++ b/src/ipt/PolicyCompiler_PrintRule.cpp @@ -911,21 +911,21 @@ string PolicyCompiler_ipt::PrintRule::_printAddr(Address *o) return ostr.str(); } - const InetAddr& addr = o->getAddress(); - const InetAddr& mask = o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + const InetAddr *mask = o->getNetmaskPtr(); - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask->isAny()) { ostr << "0/0 "; } else { - ostr << addr.toString(); + ostr << addr->toString(); if (Interface::cast(o)==NULL && Address::cast(o)->dimension() > 1 && - !mask.isHostMask()) + !mask->isHostMask()) { - ostr << "/" << mask.getLength(); + ostr << "/" << mask->getLength(); } ostr << " "; } @@ -1155,7 +1155,7 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule) * combinedAddress::hasInetAddress returns true; * */ - if (src->hasInetAddress() && !src->getAddress().isAny()) + if (src->hasInetAddress() && !src->getAddressPtr()->isAny()) { command_line << " -s " << _printSingleObjectNegation(srcrel); command_line << _printAddr(src); diff --git a/src/ipt/PolicyCompiler_ipt.cpp b/src/ipt/PolicyCompiler_ipt.cpp index 21362a160..783644a00 100644 --- a/src/ipt/PolicyCompiler_ipt.cpp +++ b/src/ipt/PolicyCompiler_ipt.cpp @@ -236,8 +236,8 @@ void PolicyCompiler_ipt::_expandInterface(Interface *iface, dbcopy->add(ca); cacheObj(ca); ca->setName( "CA("+iface->getName()+")" ); - ca->setAddress( ipv4->getAddress() ); - ca->setNetmask( ipv4->getNetmask() ); + ca->setAddress( *(ipv4->getAddressPtr()) ); + ca->setNetmask( *(ipv4->getNetmaskPtr()) ); ca->setPhysAddress( pa->getPhysAddress() ); ol.push_back(ca); @@ -1709,9 +1709,9 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast( Address *addr) { - const InetAddr& obj1_addr = addr->getAddress(); - if (!obj1_addr.isAny() && - (obj1_addr.isBroadcast() || obj1_addr.isMulticast()) + const InetAddr *obj1_addr = addr->getAddressPtr(); + if (!obj1_addr->isAny() && + (obj1_addr->isBroadcast() || obj1_addr->isMulticast()) ) return true; FWObjectTypedChildIterator j= compiler->fw->findByType(Interface::TYPENAME); @@ -1736,7 +1736,7 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast( * interface, and the netmask is 255.255.255.255, then we get positive * match because this routine interprets this address as a broadcast. */ - if (ipv4->getNetmask().isHostMask()) + if (ipv4->getNetmaskPtr()->isHostMask()) continue; /* * commented out to fix bug #637694 - "bridge enbaled / management" @@ -1746,8 +1746,10 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast( if ( ipv4->getAddress()==obj1_addr ) return true; */ - if (ipv4->getNetworkAddress() == obj1_addr) return true; - if (ipv4->getBroadcastAddress() == obj1_addr) return true; + if (*(ipv4->getNetworkAddressPtr()) == *(obj1_addr)) + return true; + if (*(ipv4->getBroadcastAddressPtr()) == *(obj1_addr)) + return true; } } } diff --git a/src/ipt/RoutingCompiler_ipt_writers.cpp b/src/ipt/RoutingCompiler_ipt_writers.cpp index 6c3610b74..b36dbc5d7 100644 --- a/src/ipt/RoutingCompiler_ipt_writers.cpp +++ b/src/ipt/RoutingCompiler_ipt_writers.cpp @@ -78,13 +78,12 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o) return ostr.str(); } - InetAddr addr; - InetAddr mask; - try { - addr=o->getAddress(); - mask = o->getNetmask(); - } - catch (FWException ex) + const InetAddr *addr; + const InetAddr *mask; + addr = o->getAddressPtr(); + mask = o->getNetmaskPtr(); + + if (addr==NULL) { FWObject *obj=o; /* @@ -98,23 +97,22 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o) !Firewall::isA(obj) && !Network::isA(obj)) obj=obj->getParent(); - compiler->error(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'"); - throw; + compiler->abort(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'"); } - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask->isAny()) { ostr << "default "; } else { - ostr << addr.toString(); + ostr << addr->toString(); if (Interface::cast(o)==NULL && Address::cast(o)->dimension() > 1 && - !mask.isHostMask()) + !mask->isHostMask()) { - ostr << "/" << mask.getLength(); + ostr << "/" << mask->getLength(); } ostr << " "; } diff --git a/src/ipt/ipt.cpp b/src/ipt/ipt.cpp index b61cdc2c6..f44f295d2 100644 --- a/src/ipt/ipt.cpp +++ b/src/ipt/ipt.cpp @@ -362,14 +362,14 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi { const InetAddrMask *ipv4 = IPv4::cast(*j)->getAddressObjectInetAddrMask(); - if ( ipv4->getAddress().isAny()) + if ( ipv4->getAddressPtr()->isAny()) { char errstr[256]; sprintf(errstr, "Interface %s (id=%s) has IP address %s.\n", iface->getName().c_str(), iface->getId().c_str(), - ipv4->getAddress().toString().c_str()); + ipv4->getAddressPtr()->toString().c_str()); throw FWException(errstr); } } diff --git a/src/pf/pf.cpp b/src/pf/pf.cpp index 7f7921042..5e16f28b1 100644 --- a/src/pf/pf.cpp +++ b/src/pf/pf.cpp @@ -108,7 +108,7 @@ FWObjectDatabase *objdb = NULL; class UpgradePredicate: public XMLTools::UpgradePredicate { public: - virtual bool operator()(const string &msg) const + virtual bool operator()(const string&) const { cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; return false; @@ -350,7 +350,7 @@ int main(int argc, char * const *argv) for (list::iterator j=la.begin(); j!=la.end(); ++j) { IPv4 *ipv4 = IPv4::cast(*j); - if ( ipv4->getAddress() == InetAddr::getAny()) + if (ipv4->getAddressPtr()->isAny()) { char errstr[256]; sprintf(errstr, diff --git a/src/pflib/NATCompiler_ipf.cpp b/src/pflib/NATCompiler_ipf.cpp index 528620c50..705961689 100644 --- a/src/pflib/NATCompiler_ipf.cpp +++ b/src/pflib/NATCompiler_ipf.cpp @@ -107,7 +107,7 @@ bool NATCompiler_ipf::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstOSrc(rule)); Network *a2=Network::cast(compiler->getFirstTSrc(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); } @@ -115,7 +115,7 @@ bool NATCompiler_ipf::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstODst(rule)); Network *a2=Network::cast(compiler->getFirstTDst(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); } diff --git a/src/pflib/NATCompiler_ipf_writers.cpp b/src/pflib/NATCompiler_ipf_writers.cpp index 740193295..a9cb86017 100644 --- a/src/pflib/NATCompiler_ipf_writers.cpp +++ b/src/pflib/NATCompiler_ipf_writers.cpp @@ -90,8 +90,8 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask) assert(atrt==NULL); } - InetAddr addr=o->getAddress(); - InetAddr mask=o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + InetAddr mask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) { @@ -109,13 +109,13 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask) if (o->dimension()==1) mask = InetAddr(InetAddr::getAllOnes()); - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (print_netmask) compiler->output << "/" << mask.getLength(); @@ -125,8 +125,8 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask) void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask) { - InetAddr addr = o->getAddress(); - InetAddr mask = o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + InetAddr mask = *(o->getNetmaskPtr)(); if (Interface::cast(o) != NULL) mask = InetAddr(InetAddr::getAllOnes()); @@ -134,12 +134,12 @@ void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask) if (o->dimension()==1) mask = InetAddr(InetAddr::getAllOnes()); - if (addr.isAny() && print_netmask && mask.isHostMask()) + if (addr->isAny() && print_netmask && mask.isHostMask()) { compiler->output << "0/32 "; } else { - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (print_netmask) compiler->output << "/" << mask.getLength(); compiler->output << " "; @@ -158,10 +158,10 @@ void NATCompiler_ipf::PrintRule::_printAddr_R_LB(RuleElementTDst *tdst) Address *a=Address::cast(obj); - InetAddr addr=a->getAddress(); + const InetAddr *addr = a->getAddressPtr(); if (!first) compiler->output << ","; - compiler->output << addr.toString(); + compiler->output << addr->toString(); first=false; } compiler->output << " "; diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp index c87717b0c..3a6302212 100644 --- a/src/pflib/NATCompiler_pf.cpp +++ b/src/pflib/NATCompiler_pf.cpp @@ -315,7 +315,7 @@ bool NATCompiler_pf::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstOSrc(rule)); Network *a2=Network::cast(compiler->getFirstTSrc(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated source should both be networks of the same size . Rule ")+rule->getLabel()); } @@ -324,7 +324,7 @@ bool NATCompiler_pf::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstODst(rule)); Network *a2=Network::cast(compiler->getFirstTDst(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) throw FWException(_("Original and translated destination should both be networks of the same size . Rule ")+rule->getLabel()); } @@ -397,7 +397,8 @@ bool NATCompiler_pf::addVirtualAddress::processNext() Interface *iface=dynamic_cast(*i); assert(iface); - if ( a->getAddress() == iface->getAddress() ) return true; + if ( *(a->getAddressPtr()) == *(iface->getAddressPtr()) ) + return true; } compiler->osconfigurator->addVirtualAddressForNAT( a ); } diff --git a/src/pflib/NATCompiler_pf_writers.cpp b/src/pflib/NATCompiler_pf_writers.cpp index b10120bc1..04d7b9372 100644 --- a/src/pflib/NATCompiler_pf_writers.cpp +++ b/src/pflib/NATCompiler_pf_writers.cpp @@ -291,7 +291,7 @@ void NATCompiler_pf::PrintRule::_printREAddr(RuleElement *rel) } -void NATCompiler_pf::PrintRule::_printAddrList(FWObject *grp,bool negflag) +void NATCompiler_pf::PrintRule::_printAddrList(FWObject *grp,bool ) { compiler->output << "{ "; for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) @@ -325,8 +325,8 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o) } Address *a = Address::cast(o); - InetAddr addr=a->getAddress(); - InetAddr mask=a->getNetmask(); + const InetAddr *addr = a->getAddressPtr(); + InetAddr mask = *(a->getNetmaskPtr()); if (Interface::cast(o)!=NULL) { @@ -345,12 +345,12 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o) mask = InetAddr(InetAddr::getAllOnes()); } - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (!mask.isHostMask()) { compiler->output << "/" << mask.getLength(); diff --git a/src/pflib/OSConfigurator_freebsd.cpp b/src/pflib/OSConfigurator_freebsd.cpp index fda2ae0f2..feab5ab26 100644 --- a/src/pflib/OSConfigurator_freebsd.cpp +++ b/src/pflib/OSConfigurator_freebsd.cpp @@ -78,14 +78,15 @@ void OSConfigurator_freebsd::processFirewallOptions() } } -void OSConfigurator_freebsd::addVirtualAddressForNAT(const Network *addr) +void OSConfigurator_freebsd::addVirtualAddressForNAT(const Network*) { } void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr) { if (virtual_addresses.empty() || - find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + find(virtual_addresses.begin(),virtual_addresses.end(), + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) @@ -95,13 +96,14 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr) Interface *iface = Interface::cast(iaddr->getParent()); assert(iface!=NULL); - output << "add_addr " << addr->getAddress().toString() << " " - << iaddr_addr->getNetmask().toString() << " " + output << "add_addr " << addr->getAddressPtr()->toString() << " " + << iaddr_addr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(addr->getAddress()); + virtual_addresses.push_back(*(addr->getAddressPtr())); } else - warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + warning(_("Can not add virtual address ") + + addr->getAddressPtr()->toString() ); } } @@ -242,10 +244,11 @@ void OSConfigurator_freebsd::configureInterfaces() for ( ; j!=j.end(); ++j ) { Address *iaddr = Address::cast(*j); - output << "add_addr " << iaddr->getAddress().toString() << " " - << iaddr->getNetmask().toString() << " " + output << "add_addr " + << iaddr->getAddressPtr()->toString() << " " + << iaddr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(iaddr->getAddress()); + virtual_addresses.push_back(*(iaddr->getAddressPtr())); } } output << endl; diff --git a/src/pflib/OSConfigurator_macosx.cpp b/src/pflib/OSConfigurator_macosx.cpp index 5a71e1ba8..87f4b22ef 100644 --- a/src/pflib/OSConfigurator_macosx.cpp +++ b/src/pflib/OSConfigurator_macosx.cpp @@ -72,14 +72,15 @@ void OSConfigurator_macosx::processFirewallOptions() } } -void OSConfigurator_macosx::addVirtualAddressForNAT(const Network *addr) +void OSConfigurator_macosx::addVirtualAddressForNAT(const Network*) { } void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr) { if (virtual_addresses.empty() || - find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + find(virtual_addresses.begin(),virtual_addresses.end(), + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) @@ -89,13 +90,14 @@ void OSConfigurator_macosx::addVirtualAddressForNAT(const Address *addr) Interface *iface = Interface::cast(iaddr->getParent()); assert(iface!=NULL); - output << "add_addr " << addr->getAddress().toString() << " " - << iaddr_addr->getNetmask().toString() << " " + output << "add_addr " << addr->getAddressPtr()->toString() << " " + << iaddr_addr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(addr->getAddress()); + virtual_addresses.push_back(*(addr->getAddressPtr())); } else - warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + warning(_("Can not add virtual address ") + + addr->getAddressPtr()->toString() ); } } @@ -177,11 +179,12 @@ void OSConfigurator_macosx::configureInterfaces() for ( ; j!=j.end(); ++j ) { Address *iaddr = Address::cast(*j); - output << "add_addr " << iaddr->getAddress().toString() << " " - << iaddr->getNetmask().toString() << " " + output << "add_addr " + << iaddr->getAddressPtr()->toString() << " " + << iaddr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(iaddr->getAddress()); + virtual_addresses.push_back(*(iaddr->getAddressPtr())); } } output << endl; diff --git a/src/pflib/OSConfigurator_openbsd.cpp b/src/pflib/OSConfigurator_openbsd.cpp index 0616f542b..e246f1664 100644 --- a/src/pflib/OSConfigurator_openbsd.cpp +++ b/src/pflib/OSConfigurator_openbsd.cpp @@ -80,7 +80,7 @@ void OSConfigurator_openbsd::processFirewallOptions() } } -void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network *nw) +void OSConfigurator_openbsd::addVirtualAddressForNAT(const Network*) { } @@ -89,7 +89,7 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr) if (virtual_addresses.empty() || find(virtual_addresses.begin(), virtual_addresses.end(), - addr->getAddress()) == virtual_addresses.end()) + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) @@ -99,20 +99,21 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr) Interface *iface = Interface::cast(iaddr->getParent()); assert(iface!=NULL); - output << "add_addr " << addr->getAddress().toString() << " " - << iaddr_addr->getNetmask().toString() << " " + output << "add_addr " << addr->getAddressPtr()->toString() << " " + << iaddr_addr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(addr->getAddress()); + virtual_addresses.push_back(*(addr->getAddressPtr())); } else warning(_("Can not add virtual address ") + - addr->getAddress().toString() ); + addr->getAddressPtr()->toString() ); } } #if 0 if (virtual_addresses.empty() || - find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) { + find(virtual_addresses.begin(),virtual_addresses.end(), + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObjectTypedChildIterator i=fw->findByType(Interface::TYPENAME); for ( ; i!=i.end(); ++i ) { @@ -123,17 +124,19 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr) for ( ; j!=j.end(); ++j ) { Address *iaddr = Address::cast(*j); - if ( ipv4->belongs( addr->getAddress() ) ) + if ( ipv4->belongs( *(addr->getAddressPtr()) ) ) { output << "ifconfig " << iface->getName() << " " - << addr->getAddress().toString() << " alias" << endl; - virtual_addresses.push_back( addr->getAddress() ); + << addr->getAddressPtr()->toString() + << " alias" << endl; + virtual_addresses.push_back( *(addr->getAddressPtr()) ); return; } } } - warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + warning(_("Can not add virtual address ") + + addr->getAddressPtr()->toString() ); } } #endif @@ -217,11 +220,12 @@ void OSConfigurator_openbsd::configureInterfaces() for ( ; j!=j.end(); ++j ) { Address *iaddr = Address::cast(*j); - output << "add_addr " << iaddr->getAddress().toString() << " " - << iaddr->getNetmask().toString() << " " + output << "add_addr " + << iaddr->getAddressPtr()->toString() << " " + << iaddr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(iaddr->getAddress()); + virtual_addresses.push_back(*(iaddr->getAddressPtr())); } } output << endl; diff --git a/src/pflib/OSConfigurator_solaris.cpp b/src/pflib/OSConfigurator_solaris.cpp index 2c24a461a..29f57b67d 100644 --- a/src/pflib/OSConfigurator_solaris.cpp +++ b/src/pflib/OSConfigurator_solaris.cpp @@ -89,14 +89,15 @@ void OSConfigurator_solaris::processFirewallOptions() } -void OSConfigurator_solaris::addVirtualAddressForNAT(const Network *nw) +void OSConfigurator_solaris::addVirtualAddressForNAT(const Network*) { } void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr) { if (virtual_addresses.empty() || - find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end()) + find(virtual_addresses.begin(),virtual_addresses.end(), + *(addr->getAddressPtr())) == virtual_addresses.end()) { FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) @@ -106,13 +107,14 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr) Interface *iface=Interface::cast(iaddr->getParent()); assert(iface!=NULL); - output << "add_addr " << addr->getAddress().toString() << " " - << iaddr_addr->getNetmask().toString() << " " + output << "add_addr " << addr->getAddressPtr()->toString() << " " + << iaddr_addr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(addr->getAddress()); + virtual_addresses.push_back(*(addr->getAddressPtr())); } else - warning(_("Can not add virtual address ") + addr->getAddress().toString() ); + warning(_("Can not add virtual address ") + + addr->getAddressPtr()->toString() ); } } @@ -193,11 +195,12 @@ void OSConfigurator_solaris::configureInterfaces() for ( ; j!=j.end(); ++j ) { Address *iaddr = Address::cast(*j); - output << "add_addr " << iaddr->getAddress().toString() << " " - << iaddr->getNetmask().toString() << " " + output << "add_addr " + << iaddr->getAddressPtr()->toString() << " " + << iaddr->getNetmaskPtr()->toString() << " " << iface->getName() << endl; - virtual_addresses.push_back(iaddr->getAddress()); + virtual_addresses.push_back(*(iaddr->getAddressPtr())); } } output << endl; diff --git a/src/pflib/PolicyCompiler_ipf_optimizer.cpp b/src/pflib/PolicyCompiler_ipf_optimizer.cpp index 8748deb8e..717842430 100644 --- a/src/pflib/PolicyCompiler_ipf_optimizer.cpp +++ b/src/pflib/PolicyCompiler_ipf_optimizer.cpp @@ -53,7 +53,6 @@ void PolicyCompiler_ipf::optimize1::optimizeForRuleElement(PolicyRule *r const std::string &re_type) { RuleElement *re=RuleElement::cast(rule->getFirstByType(re_type)); - int nre=re->size(); PolicyRule *r; diff --git a/src/pflib/PolicyCompiler_ipf_writers.cpp b/src/pflib/PolicyCompiler_ipf_writers.cpp index 94b87ac14..c7e859876 100644 --- a/src/pflib/PolicyCompiler_ipf_writers.cpp +++ b/src/pflib/PolicyCompiler_ipf_writers.cpp @@ -267,8 +267,8 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg) assert(atrt==NULL); } - InetAddr addr=o->getAddress(); - InetAddr mask=o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + InetAddr mask = *(o->getNetmaskPtr()); if (options->getBool("dynAddr") && Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) @@ -287,12 +287,12 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg) mask = InetAddr(InetAddr::getAllOnes()); } - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { if (neg) compiler->output << "! "; - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (!mask.isHostMask()) { compiler->output << "/" << mask.getLength(); diff --git a/src/pflib/PolicyCompiler_ipfw_writers.cpp b/src/pflib/PolicyCompiler_ipfw_writers.cpp index 800b5b66b..cc1f3b591 100644 --- a/src/pflib/PolicyCompiler_ipfw_writers.cpp +++ b/src/pflib/PolicyCompiler_ipfw_writers.cpp @@ -110,7 +110,7 @@ void PolicyCompiler_ipfw::PrintRule::_printProtocol(Service *srv) -string PolicyCompiler_ipfw::PrintRule::_printPort(int rs,int re,bool neg) +string PolicyCompiler_ipfw::PrintRule::_printPort(int rs,int re,bool ) { ostringstream str; @@ -290,8 +290,8 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg) assert(atrt==NULL); } - InetAddr addr=o->getAddress(); - InetAddr mask=o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + InetAddr mask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=NULL) mask = InetAddr(InetAddr::getAllOnes()); @@ -299,13 +299,13 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg) if (o->dimension()==1) mask = InetAddr(InetAddr::getAllOnes()); - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { if (neg) compiler->output << "not "; - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (!mask.isHostMask()) { compiler->output << "/" << mask.getLength(); diff --git a/src/pflib/PolicyCompiler_pf_writers.cpp b/src/pflib/PolicyCompiler_pf_writers.cpp index 0dde76c85..55266a598 100644 --- a/src/pflib/PolicyCompiler_pf_writers.cpp +++ b/src/pflib/PolicyCompiler_pf_writers.cpp @@ -180,7 +180,7 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule) compiler->output << roif << " "; compiler->output << roaddr << " "; compiler->output << ") "; - int sp = roaddr.find('/'); + std::string::size_type sp = roaddr.find('/'); if (sp!=std::string::npos) { // roaddr is addr/netmask @@ -578,7 +578,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr return str; } -void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg) +void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool ) { MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=NULL) @@ -596,8 +596,8 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg) assert(atrt==NULL); } - InetAddr addr=o->getAddress(); - InetAddr mask=o->getNetmask(); + const InetAddr *addr = o->getAddressPtr(); + InetAddr mask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=NULL) { @@ -616,13 +616,13 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg) mask = InetAddr(InetAddr::getAllOnes()); } - if (addr.isAny() && mask.isAny()) + if (addr->isAny() && mask.isAny()) { compiler->output << "any "; } else { // if (neg) compiler->output << "! "; - compiler->output << addr.toString(); + compiler->output << addr->toString(); if (!mask.isHostMask()) { compiler->output << "/" << mask.getLength(); diff --git a/src/pflib/TableFactory.cpp b/src/pflib/TableFactory.cpp index 2939ef562..f418282e7 100644 --- a/src/pflib/TableFactory.cpp +++ b/src/pflib/TableFactory.cpp @@ -212,15 +212,15 @@ string TableFactory::PrintTables() if (A==NULL) throw(FWException("table object must be an address: '"+o->getTypeName()+"'")); - InetAddr addr=A->getAddress(); - InetAddr mask=A->getNetmask(); + const InetAddr *addr = A->getAddressPtr(); + InetAddr mask = *(A->getNetmaskPtr()); if (A->dimension()==1) { mask = InetAddr(InetAddr::getAllOnes()); } - output << addr.toString(); + output << addr->toString(); if (!mask.isHostMask()) { output << "/" << mask.getLength(); diff --git a/src/pix/NATCompiler_pix.cpp b/src/pix/NATCompiler_pix.cpp index 064b11d78..5fe31a543 100644 --- a/src/pix/NATCompiler_pix.cpp +++ b/src/pix/NATCompiler_pix.cpp @@ -127,11 +127,11 @@ string NATCompiler_pix::debugPrintRule(Rule *r) os << " rule=" << natcmd->rule_label; os << " nat_acl_name=" << natcmd->nat_acl_name; os << " (" << nat_acl_names[natcmd->nat_acl_name] << ")"; - os << " o_src=" << natcmd->o_src->getAddress().toString(); - os << " o_dst=" << natcmd->o_dst->getAddress().toString(); + os << " o_src=" << natcmd->o_src->getAddressPtr()->toString(); + os << " o_dst=" << natcmd->o_dst->getAddressPtr()->toString(); os << " o_srv=" << natcmd->o_srv->getName(); os << " o_iface=" << natcmd->o_iface->getLabel(); - os << " t_addr=" << natcmd->t_addr->getAddress().toString(); + os << " t_addr=" << natcmd->t_addr->getAddressPtr()->toString(); os << " t_iface=" << natcmd->t_iface->getLabel(); os << " ignore_global=" << string((natcmd->ignore_global)?"1":"0"); os << " ignore_nat=" << string((natcmd->ignore_nat)?"1":"0"); @@ -150,9 +150,9 @@ string NATCompiler_pix::debugPrintRule(Rule *r) os << " StaticCmd:"; os << " acl=" << scmd->acl_name; os << " (" << nat_acl_names[scmd->acl_name] << ")"; - os << " iaddr=" << scmd->iaddr->getAddress().toString(); - os << " oaddr=" << scmd->oaddr->getAddress().toString(); - os << " osrc=" << scmd->osrc->getAddress().toString(); + os << " iaddr=" << scmd->iaddr->getAddressPtr()->toString(); + os << " oaddr=" << scmd->oaddr->getAddressPtr()->toString(); + os << " osrc=" << scmd->osrc->getAddressPtr()->toString(); os << " osrv=" << scmd->osrv->getName(); os << " tsrv=" << scmd->tsrv->getName(); } @@ -203,9 +203,9 @@ list NATCompiler_pix::findDNATForAddress(Address *src, Address *tdst=getFirstTDst(rule); assert(tdst); Service *tsrv=getFirstTSrv(rule); assert(tsrv); - if (src->getAddress()==osrc->getAddress() && + if (*(src->getAddressPtr()) == *(osrc->getAddressPtr()) && (osrv->isAny() || srv->getId()==tsrv->getId()) && - dst->getAddress()==tdst->getAddress()) + *(dst->getAddressPtr()) == *(tdst->getAddressPtr())) { if (osrv->isAny()) { @@ -302,7 +302,7 @@ bool NATCompiler_pix::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstOSrc(rule)); Network *a2=Network::cast(compiler->getFirstTSrc(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) compiler->abort("Original and translated source should both be networks of the same size . Rule "+rule->getLabel()); } @@ -311,7 +311,7 @@ bool NATCompiler_pix::VerifyRules::processNext() Network *a1=Network::cast(compiler->getFirstODst(rule)); Network *a2=Network::cast(compiler->getFirstTDst(rule)); if ( a1==NULL || a2==NULL || - a1->getNetmask().getLength()!=a2->getNetmask().getLength() ) + a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() ) compiler->abort("Original and translated destination should both be networks of the same size . Rule "+rule->getLabel()); } @@ -421,8 +421,10 @@ bool NATCompiler_pix::verifyRuleElements::processNext() if (Network::isA(odst) && Network::isA(tdst)) { - InetAddr n1=(Interface::cast(odst))?InetAddr(InetAddr::getAllOnes()):odst->getNetmask(); - InetAddr n2=(Interface::cast(tdst))?InetAddr(InetAddr::getAllOnes()):tdst->getNetmask(); + InetAddr n1 = (Interface::cast(odst)) ? + InetAddr(InetAddr::getAllOnes()) : (*(odst->getNetmaskPtr())); + InetAddr n2 = (Interface::cast(tdst)) ? + InetAddr(InetAddr::getAllOnes()) : (*(tdst->getNetmaskPtr())); if ( !(n1==n2) ) compiler->abort( @@ -650,7 +652,7 @@ void NATCompiler_pix::UseFirewallInterfaces::scanInterfaces(RuleElement *rel) { Interface *interface_=Interface::cast(*i); - if (interface_->getAddress()==obj->getAddress()) + if ((*interface_->getAddressPtr()) == *(obj->getAddressPtr())) { rel->removeRef(obj); rel->addRef(interface_); @@ -883,13 +885,13 @@ bool NATCompiler_pix::mergeNATCmd::processNext() */ if (natcmd==nc) break; - InetAddr a1=natcmd->t_addr->getAddress(); - InetAddr a2=nc->t_addr->getAddress(); + const InetAddr *a1 = natcmd->t_addr->getAddressPtr(); + const InetAddr *a2 = nc->t_addr->getAddressPtr(); - Interface *int1=natcmd->t_iface; - Interface *int2=nc->t_iface; + Interface *int1 = natcmd->t_iface; + Interface *int2 = nc->t_iface; - if ( a1 == a2 && int1->getId()==int2->getId() ) + if ( *a1 == *a2 && int1->getId() == int2->getId() ) { natcmd->ignore_global=true; natcmd->nat_id=nc->nat_id; @@ -1112,10 +1114,10 @@ bool NATCompiler_pix::SuppressDuplicateNONATStatics::processNext() Address *odst=compiler->getFirstODst(rule); assert(odst); nonat_static_parameters sp; - sp.iface1= helper.findInterfaceByNetzone(osrc ); - sp.iface2= helper.findInterfaceByNetzone(odst ); - sp.addr=odst->getAddress(); - sp.mask=odst->getNetmask(); + sp.iface1 = helper.findInterfaceByNetzone(osrc ); + sp.iface2 = helper.findInterfaceByNetzone(odst ); + sp.addr = *(odst->getAddressPtr()); + sp.mask = *(odst->getNetmaskPtr()); for (deque::iterator i=all_nonat_statics.begin(); i!=all_nonat_statics.end(); ++i ) @@ -1135,17 +1137,17 @@ bool NATCompiler_pix::SuppressDuplicateNONATStatics::processNext() NATCompiler_pix::DetectOverlap::~DetectOverlap() {}; bool NATCompiler_pix::DetectOverlap::checkOverlapping( - const libfwbuilder::Address &addr1, + const libfwbuilder::Address &addr1, const libfwbuilder::InetAddr &addr2) { if (AddressRange::isA(&addr1)) { - const InetAddr a1=AddressRange::constcast(&addr1)->getRangeStart(); - const InetAddr a2=AddressRange::constcast(&addr1)->getRangeEnd(); + const InetAddr a1 = AddressRange::constcast(&addr1)->getRangeStart(); + const InetAddr a2 = AddressRange::constcast(&addr1)->getRangeEnd(); return (addr2==a1 || addr2==a2 || (addr2>a1 && addr2toString() + "/" + + pool.getNetmaskPtr()->toString(); } } @@ -1177,16 +1180,17 @@ bool NATCompiler_pix::DetectGlobalPoolProblems::processNext() if (natcmd->type!= INTERFACE) { if (checkOverlapping(*(natcmd->t_addr), - natcmd->t_iface->getAddress())) + *(natcmd->t_iface->getAddressPtr()))) compiler->abort("Global pool " +printGlobalPoolAddress(*(natcmd->t_addr)) +" overlaps with interface address. Rule " +rule->getLabel()); if (checkOverlapping(*(natcmd->t_addr), - natcmd->t_iface->getBroadcastAddress()) || + *(natcmd->t_iface->getBroadcastAddressPtr())) + || checkOverlapping(*(natcmd->t_addr), - natcmd->t_iface->getAddress()) ) + *(natcmd->t_iface->getAddressPtr())) ) compiler->warning("Global pool " +printGlobalPoolAddress(*(natcmd->t_addr)) +" overlaps with broadcast address. Rule " @@ -1264,16 +1268,16 @@ bool NATCompiler_pix::DetectOverlappingGlobalPoolsAndStaticRules::processNext() if (iface!=NULL && iface->getId()==outa->getId()) return true; - addr.setAddress(natcmd->t_addr->getAddress()); - addr.setNetmask(natcmd->t_addr->getNetmask()); + addr.setAddress(*(natcmd->t_addr->getAddressPtr())); + addr.setNetmask(*(natcmd->t_addr->getNetmaskPtr())); if (natcmd->type== INTERFACE) { addr.setNetmask(InetAddr(InetAddr::getAllOnes())); } - if ( checkOverlapping( addr, outa->getAddress()) || - checkOverlapping( *outa, addr.getAddress()) ) + if ( checkOverlapping( addr, *(outa->getAddressPtr())) || + checkOverlapping( *outa, *(addr.getAddressPtr())) ) compiler->abort("Global pool " +printGlobalPoolAddress(addr) +" from rule " @@ -1325,15 +1329,15 @@ bool NATCompiler_pix::DetectDuplicateNAT::processNext() compiler->abort("Duplicate NAT detected: rules " +rule->getLabel() +" and "+nc->rule_label - +" : "+natcmd->o_src->getAddress().toString() - +"/"+natcmd->o_src->getNetmask().toString() + +" : "+natcmd->o_src->getAddressPtr()->toString() + +"/"+natcmd->o_src->getNetmaskPtr()->toString() + " " + natcmd->o_srv->getProtocolName() + natcmd->o_srv->getStr("src_range_start")+":" + natcmd->o_srv->getStr("src_range_end")+":" + " " - +"->"+natcmd->o_dst->getAddress().toString() - +"/"+natcmd->o_dst->getNetmask().toString() + +"->"+natcmd->o_dst->getAddressPtr()->toString() + +"/"+natcmd->o_dst->getNetmaskPtr()->toString() + " " + natcmd->o_srv->getStr("dst_range_start")+"/" + natcmd->o_srv->getStr("dst_range_end")); @@ -1373,8 +1377,8 @@ bool NATCompiler_pix::DetectOverlappingStatics::processNext() "outside address: "+ "interface "+Interface::cast(scmd->oaddr)->getLabel()+ " inside address: "+ - scmd->iaddr->getAddress().toString()+"/"+ - scmd->iaddr->getNetmask().toString()); + scmd->iaddr->getAddressPtr()->toString()+"/"+ + scmd->iaddr->getNetmaskPtr()->toString()); } else { if ( *(sc->osrv) == *(scmd->osrv) && @@ -1397,11 +1401,11 @@ bool NATCompiler_pix::DetectOverlappingStatics::processNext() "Static NAT rules overlap or are redundant: rules "+ sc->rule+" and "+scmd->rule+" : "+ "outside address: "+ - scmd->oaddr->getAddress().toString()+"/"+ - scmd->oaddr->getNetmask().toString()+ + scmd->oaddr->getAddressPtr()->toString()+"/"+ + scmd->oaddr->getNetmaskPtr()->toString()+ " inside address: "+ - scmd->iaddr->getAddress().toString()+"/"+ - scmd->iaddr->getNetmask().toString()); + scmd->iaddr->getAddressPtr()->toString()+"/"+ + scmd->iaddr->getNetmaskPtr()->toString()); } } } diff --git a/src/pix/NATCompiler_pix_writers.cpp b/src/pix/NATCompiler_pix_writers.cpp index 0fee4029a..671719187 100644 --- a/src/pix/NATCompiler_pix_writers.cpp +++ b/src/pix/NATCompiler_pix_writers.cpp @@ -51,7 +51,6 @@ using namespace std; bool NATCompiler_pix::PrintClearCommands::processNext() { - NATCompiler_pix *pix_comp=dynamic_cast(compiler); string version = compiler->fw->getStr("version"); string platform = compiler->fw->getStr("platform"); @@ -83,8 +82,8 @@ bool NATCompiler_pix::PrintClearCommands::processNext() string NATCompiler_pix::PrintRule::_printAddress(Address *a,bool print_netmask) { - string addr=a->getAddress().toString(); - string mask=a->getNetmask().toString(); + string addr = a->getAddressPtr()->toString(); + string mask = a->getNetmaskPtr()->toString(); if (addr=="0.0.0.0" && mask=="0.0.0.0") return "any"; // if (addr=="0.0.0.0") addr="0"; // if (mask=="0.0.0.0") mask="0"; @@ -174,9 +173,9 @@ void NATCompiler_pix::PrintRule::_printNONAT(NATRule *rule) Interface *osrc_iface=compiler->getCachedFwInterface( helper.findInterfaceByNetzone(osrc ) ); Interface *odst_iface=compiler->getCachedFwInterface( helper.findInterfaceByNetzone(odst ) ); - string addr=odst->getAddress().toString(); + string addr=odst->getAddressPtr()->toString(); string mask; - if (Network::isA(odst)) mask=odst->getNetmask().toString(); + if (Network::isA(odst)) mask=odst->getNetmaskPtr()->toString(); else mask="255.255.255.255"; compiler->output << "static (" @@ -354,14 +353,14 @@ bool NATCompiler_pix::PrintRule::processNext() break; case SINGLE_ADDRESS: compiler->output << " " - << natcmd->t_addr->getAddress().toString() + << natcmd->t_addr->getAddressPtr()->toString() << endl; break; case NETWORK_ADDRESS: compiler->output << " " - << natcmd->t_addr->getAddress().toString() + << natcmd->t_addr->getAddressPtr()->toString() << " netmask " - << natcmd->t_addr->getNetmask().toString() + << natcmd->t_addr->getNetmaskPtr()->toString() << endl; break; case ADDRESS_RANGE: @@ -372,7 +371,7 @@ bool NATCompiler_pix::PrintRule::processNext() << "-" << ar->getRangeEnd().toString() << " netmask " - << natcmd->t_iface->getNetmask().toString() + << natcmd->t_iface->getNetmaskPtr()->toString() << endl; } break; @@ -389,13 +388,16 @@ bool NATCompiler_pix::PrintRule::processNext() libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.3")<0) { /* old, < 6.3 */ - compiler->output << "nat (" << natcmd->o_iface->getLabel() << ") " - << natcmd->nat_id - << " " - << natcmd->o_src->getAddress().toString() << " " - << natcmd->o_src->getNetmask().toString(); - if (natcmd->outside) compiler->output << " outside"; - else compiler->output << " " << _printConnOptions(rule); + compiler->output + << "nat (" << natcmd->o_iface->getLabel() << ") " + << natcmd->nat_id + << " " + << natcmd->o_src->getAddressPtr()->toString() << " " + << natcmd->o_src->getNetmaskPtr()->toString(); + if (natcmd->outside) + compiler->output << " outside"; + else + compiler->output << " " << _printConnOptions(rule); compiler->output << endl; } else { @@ -447,11 +449,11 @@ bool NATCompiler_pix::PrintRule::processNext() case NATRule::DNAT: { - StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ]; + StaticCmd *scmd = pix_comp->static_commands[ rule->getInt("sc_cmd") ]; - InetAddr outa=scmd->oaddr->getAddress(); - InetAddr outm=scmd->oaddr->getNetmask(); - InetAddr insa=scmd->iaddr->getAddress(); + const InetAddr *outa = scmd->oaddr->getAddressPtr(); + const InetAddr *outm = scmd->oaddr->getNetmaskPtr(); + const InetAddr *insa = scmd->iaddr->getAddressPtr(); /* * we verify that odst and tdst have the same size in verifyRuleElements, * so we can rely on that now. @@ -477,17 +479,17 @@ bool NATCompiler_pix::PrintRule::processNext() compiler->output << "interface "; if (use_ports) _printPort(scmd->osrv); - compiler->output << insa.toString() << " "; + compiler->output << insa->toString() << " "; if (use_ports) _printPort(scmd->tsrv); } else { - compiler->output << outa.toString() << " "; + compiler->output << outa->toString() << " "; if (use_ports) _printPort(scmd->osrv); - compiler->output << insa.toString() << " "; + compiler->output << insa->toString() << " "; if (use_ports) _printPort(scmd->tsrv); - compiler->output << " netmask " << outm.toString(); + compiler->output << " netmask " << outm->toString(); } compiler->output << " " << _printConnOptions(rule) << endl; } else @@ -540,8 +542,10 @@ bool NATCompiler_pix::PrintRule::processNext() if (TCPService::cast(scmd->osrv)) { use_ports=true; compiler->output << "tcp "; } if (UDPService::cast(scmd->osrv)) { use_ports=true; compiler->output << "udp "; } - if (Interface::cast(scmd->oaddr)!=NULL) compiler->output << "interface "; - else compiler->output << outa.toString() << " "; + if (Interface::cast(scmd->oaddr)!=NULL) + compiler->output << "interface "; + else + compiler->output << outa->toString() << " "; if (use_ports) _printPort(scmd->osrv); compiler->output << " "; diff --git a/src/pix/OSConfigurator_pix_os.cpp b/src/pix/OSConfigurator_pix_os.cpp index 6307dd130..b66a1816f 100644 --- a/src/pix/OSConfigurator_pix_os.cpp +++ b/src/pix/OSConfigurator_pix_os.cpp @@ -157,9 +157,9 @@ string OSConfigurator_pix_os::_printIPAddress() if ((n = setAddrCmd.find("%in"))!=string::npos) setAddrCmd.replace(n,3,iface->getName()); if ((n = setAddrCmd.find("%a"))!=string::npos) - setAddrCmd.replace(n,2,iface->getAddress().toString()); + setAddrCmd.replace(n,2,iface->getAddressPtr()->toString()); if ((n = setAddrCmd.find("%n"))!=string::npos) - setAddrCmd.replace(n,2,iface->getNetmask().toString()); + setAddrCmd.replace(n,2,iface->getNetmaskPtr()->toString()); res << setAddrCmd; } diff --git a/src/pix/PolicyCompiler_pix_writers.cpp b/src/pix/PolicyCompiler_pix_writers.cpp index dfb737b3c..b45ed7a56 100644 --- a/src/pix/PolicyCompiler_pix_writers.cpp +++ b/src/pix/PolicyCompiler_pix_writers.cpp @@ -161,15 +161,16 @@ bool PolicyCompiler_pix::PrintObjectGroupsAndClearCommands::processNext() { Address *a=Address::cast(obj); assert(a!=NULL); - InetAddr addr=a->getAddress(); + const InetAddr *addr = a->getAddressPtr(); pix_comp->output << " network-object "; - if (Network::cast(obj)!=NULL) { - InetAddr mask=a->getNetmask(); - pix_comp->output << addr.toString() << " "; - pix_comp->output << mask.toString() << " "; + if (Network::cast(obj)!=NULL) + { + const InetAddr *mask = a->getNetmaskPtr(); + pix_comp->output << addr->toString() << " "; + pix_comp->output << mask->toString() << " "; } else { pix_comp->output << " host "; - pix_comp->output << addr.toString() << " "; + pix_comp->output << addr->toString() << " "; } pix_comp->output << endl; break; @@ -352,8 +353,8 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o) { ostringstream str; - InetAddr srcaddr=o->getAddress(); - InetAddr srcmask=o->getNetmask(); + const InetAddr *srcaddr = o->getAddressPtr(); + InetAddr srcmask = *(o->getNetmaskPtr()); if (Interface::cast(o)!=NULL) { @@ -363,23 +364,23 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o) return string("interface ") + interface_->getLabel() + " "; } - srcmask=InetAddr(InetAddr::getAllOnes()); + srcmask = InetAddr(InetAddr::getAllOnes()); } if (IPv4::cast(o)!=NULL) - srcmask=InetAddr(InetAddr::getAllOnes()); + srcmask = InetAddr(InetAddr::getAllOnes()); - if (srcaddr.isAny() && srcmask.isAny()) + if (srcaddr->isAny() && srcmask.isAny()) { str << "any "; } else { if (srcmask.isHostMask()) { - str << "host " << srcaddr.toString() << " "; + str << "host " << srcaddr->toString() << " "; } else { - str << srcaddr.toString() << " "; + str << srcaddr->toString() << " "; str << srcmask.toString() << " "; } } @@ -500,15 +501,15 @@ string PolicyCompiler_pix::PrintRule::_printSingleSSHTelnetCommand(int port, if (port==23) { res += "telnet "; - res += a->getAddress().toString() + " " - + a->getNetmask().toString() + " " + res += a->getAddressPtr()->toString() + " " + + a->getNetmaskPtr()->toString() + " " + interfaceLabel + "\n"; } if (port==22) { res += "ssh "; - res += a->getAddress().toString() + " " - + a->getNetmask().toString() + " " + res += a->getAddressPtr()->toString() + " " + + a->getNetmaskPtr()->toString() + " " + interfaceLabel + "\n"; } return res; diff --git a/src/pix/globalNATPool.cpp b/src/pix/globalNATPool.cpp index 51d821c14..132690c61 100644 --- a/src/pix/globalNATPool.cpp +++ b/src/pix/globalNATPool.cpp @@ -57,7 +57,7 @@ ostream& fwcompiler::operator<<(ostream &s,const globalNATPool &pool) s << " interface" << endl; break; case globalNATPool::SINGLE_ADDRESS: - s << " " << pool.addr->getAddress().toString() << endl; + s << " " << pool.addr->getAddressPtr()->toString() << endl; break; case globalNATPool::ADDRESS_RANGE: AddressRange *ar=AddressRange::cast(pool.addr); diff --git a/test/ipt/run.all b/test/ipt/run.all index 923912538..2db93729d 100755 --- a/test/ipt/run.all +++ b/test/ipt/run.all @@ -8,6 +8,8 @@ while (<>) { while ( $str=~ /]+name="([^"]*).*$"/; $fw=$1; + printf "\n"; + printf "echo '***** $fw'\n"; printf "fwb_ipt -v -f $XMLFILE $fw\n"; $str=~ s/^.*]+name="$fw"[^>]+>//; }