* Helper.cpp (list): fixed #1691 , this is a better fix for the

problem reported in the earlier bug (see #1690). Function Helper::findInterfaceByNetzone() throws FWException, this changed in v4.1.0 with a fix for #1653.
2026-03-21 10:47:16 +01:00 · 2010-08-18 19:02:18 +00:00 · 2010-08-18 19:02:18 +00:00 · 5718886174
commit 5718886174
parent 6f4a986273
7 changed files with 33 additions and 5 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 3233
+#define BUILD_NUM 3234
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,10 @@
+2010-08-18  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* Helper.cpp (list): fixed #1691 , this is a better fix for the
+	problem reported in the earlier bug (see #1690).
+	Function Helper::findInterfaceByNetzone() throws FWException, this
+	changed in v4.1.0 with a fix for #1653.
+
 2010-08-17  Vadim Kurland  <vadim@vk.crocodile.org>

 	* procurveInterfaces.cpp (procurveInterfaces::parseVlan): fixed #1683
--- a/src/cisco_lib/Helper.cpp
+++ b/src/cisco_lib/Helper.cpp
@ -281,7 +281,7 @@ list<int> Helper::findInterfaceByNetzoneOrAll(RuleElement *re)
        {
            int intf_id = findInterfaceByNetzone(a);
            intf_id_list.push_back(intf_id);
-        } catch(string err)
+        } catch(FWException &ex)
        {
            // could not find interface with netzone to match address 'a'
            // will assign rule to all interfaces. Act as if all interfaces
@ -294,7 +294,7 @@ list<int> Helper::findInterfaceByNetzoneOrAll(RuleElement *re)
                    compiler->fw->getStr("platform"), "network_zones");

            if (supports_network_zones)
-                compiler->warning(err);
+                compiler->warning(ex.toString());

            FWObjectTypedChildIterator i = compiler->fw->findByType(
                Interface::TYPENAME);
--- a/src/cisco_lib/PolicyCompiler_cisco.cpp
+++ b/src/cisco_lib/PolicyCompiler_cisco.cpp
@ -103,6 +103,17 @@ void PolicyCompiler_cisco::setAllNetworkZonesToAny()

 }

+void PolicyCompiler_cisco::setAllNetworkZonesToNone()
+{
+    list<FWObject*> l2 = fw->getByTypeDeep(Interface::TYPENAME);
+    for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
+    {
+	Interface *iface = Interface::cast(*i);
+        if (iface->getStr("network_zone") != "")
+            iface->setStr("network_zone", "");
+    }
+}
+
 ciscoACL* PolicyCompiler_cisco::createACLObject(const string &acl_name,
                                                Interface *intf,
                                                const string &dir,
--- a/src/cisco_lib/PolicyCompiler_cisco.h
+++ b/src/cisco_lib/PolicyCompiler_cisco.h
@ -84,6 +84,16 @@ protected:
         * by the user.
         */
        virtual void setAllNetworkZonesToAny();
+
+        /*
+         * complementary operation: sets all interface's network zones
+         * to blank to make sure compiler operates with predictable
+         * configuration. This can be important if user switches from
+         * platform that requires network zones (PIX) to the one that
+         * does not support them, but compiler code uses the same
+         * classes.
+         */
+        virtual void setAllNetworkZonesToNone();
       
 	/**
 	 * drops dynamic interface from the rule in the following
--- a/src/cisco_lib/PolicyCompiler_iosacl.cpp
+++ b/src/cisco_lib/PolicyCompiler_iosacl.cpp
@ -88,7 +88,7 @@ int PolicyCompiler_iosacl::prolog()
    object_groups = new Group();
    dbcopy->add( object_groups );

-    setAllNetworkZonesToAny();
+    setAllNetworkZonesToNone();

    return PolicyCompiler::prolog();
 }
--- a/src/cisco_lib/PolicyCompiler_procurve_acl.cpp
+++ b/src/cisco_lib/PolicyCompiler_procurve_acl.cpp
@ -73,7 +73,7 @@ int PolicyCompiler_procurve_acl::prolog()
        fw->getOptionsObject()->getBool("procurve_acl_use_acl_remarks"));


-    setAllNetworkZonesToAny();
+    setAllNetworkZonesToNone();

    return PolicyCompiler::prolog();
 }