onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-10 11:05:06 +02:00
Code Issues Releases Wiki Activity

support for tos and dscp matching in ios access lists

Browse Source
This commit is contained in:
Vadim Kurland
2008-07-06 02:35:45 +00:00
parent ce2508e93a
commit 6766d917b9
4 changed files with 1101 additions and 3979 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ChangeLog
View File

@@ -1,7 +1,11 @@
2008-07-05 Vadim Kurland <vadim@vk.crocodile.org> 2008-07-05 Vadim Kurland <vadim@vk.crocodile.org>
* PolicyCompiler_iosacl_writers.cpp (PrintRule::_printTOS):
Support for TOS and DSCP matching in IOS access lists.
* PolicyCompiler_pf_writers.cpp (PrintRule::_printDstService): * PolicyCompiler_pf_writers.cpp (PrintRule::_printDstService):
Support for tos matching in compiler for pf. Support for tos matching in compiler for pf. PF does not support
DSCP matching.
* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): Support for * PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): Support for
TOS and DSCP matching in compiler for iptables. TOS and DSCP matching in compiler for iptables.

1
src/iosacl/PolicyCompiler_iosacl.h
View File

@@ -195,6 +195,7 @@ namespace fwcompiler {
std::string _printACL(libfwbuilder::PolicyRule *r); std::string _printACL(libfwbuilder::PolicyRule *r);
std::string _printLog(libfwbuilder::PolicyRule *r); std::string _printLog(libfwbuilder::PolicyRule *r);
std::string _printFragm(libfwbuilder::Service *srv); std::string _printFragm(libfwbuilder::Service *srv);
std::string _printTOS(libfwbuilder::Service *srv);
std::string _printRule(libfwbuilder::PolicyRule *rule); std::string _printRule(libfwbuilder::PolicyRule *rule);

18
src/iosacl/PolicyCompiler_iosacl_writers.cpp
View File

@@ -262,6 +262,7 @@ string PolicyCompiler_iosacl::PrintRule::_printRule(PolicyRule *rule)
aclstr << _printLog( rule ); aclstr << _printLog( rule );
// "fragments" should be the last option in the access-list command // "fragments" should be the last option in the access-list command
aclstr << _printFragm( compiler->getFirstSrv(rule) ); aclstr << _printFragm( compiler->getFirstSrv(rule) );
aclstr << _printTOS( compiler->getFirstSrv(rule) );
// aclstr << endl; // aclstr << endl;
@@ -331,12 +332,27 @@ string PolicyCompiler_iosacl::PrintRule::_printSrcService(libfwbuilder::Service
string PolicyCompiler_iosacl::PrintRule::_printFragm(Service *srv) string PolicyCompiler_iosacl::PrintRule::_printFragm(Service *srv)
{ {
if (IPService::isA(srv) && (srv->getBool("fragm") || srv->getBool("short_fragm"))) if (IPService::isA(srv) && (
srv->getBool("fragm") || srv->getBool("short_fragm")))
return "fragments "; return "fragments ";
return ""; return "";
} }
string PolicyCompiler_iosacl::PrintRule::_printTOS(Service *srv)
{
const IPService *ip;
if ((ip=IPService::constcast(srv))!=NULL)
{
string tos = ip->getTOSCode();
string dscp = ip->getDSCPCode();
if (!dscp.empty()) return string("dscp ") + dscp;
else
if (!tos.empty()) return string("tos ") + tos;
}
return "";
}
string PolicyCompiler_iosacl::PrintRule::_printDstService(Service *srv) string PolicyCompiler_iosacl::PrintRule::_printDstService(Service *srv)
{ {
ostringstream str; ostringstream str;

5055
test/iosacl/objects.fwb
View File

File diff suppressed because it is too large Load Diff