onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 02:37:16 +01:00
Code Issues Releases Wiki Activity

2009-01-05 vadim <vadim@vk.crocodile.org>

Browse Source 
* RoutingCompiler_cisco.cpp (RoutingCompiler_cisco::compile):
fixed bug (no #): routing compiler for pix refused to add more
than one routing rule with an error saying that other rules were
duplicates. Error was introduced in build 732.
This commit is contained in:
Vadim Kurland 2009-01-06 03:56:35 +00:00
parent 5422511d63
commit 8bb882cccd
6 changed files with 95 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 732
#define BUILD_NUM 733

7
doc/ChangeLog
View File

@ -1,3 +1,10 @@
2009-01-05 vadim <vadim@vk.crocodile.org>
* RoutingCompiler_cisco.cpp (RoutingCompiler_cisco::compile):
fixed bug (no #): routing compiler for pix refused to add more
than one routing rule with an error saying that other rules were
duplicates. Error was introduced in build 732.
2009-01-02 vadim <vadim@vk.crocodile.org>
* RoutingCompiler_iosacl.cpp (RoutingCompiler_iosacl::compile):

18
src/cisco_lib/RoutingCompiler_cisco.cpp
View File

@ -57,8 +57,10 @@ int RoutingCompiler_cisco::prolog()
*/
bool RoutingCompiler_cisco::eliminateDuplicateRules::processNext()
{
RoutingRule *rule;
rule = getNext();
RoutingCompiler_cisco *cisco_comp =
dynamic_cast<RoutingCompiler_cisco*>(compiler);
RoutingRule *rule = getNext();
if (rule == NULL) return false;
if (rule->isFallback() || rule->isHidden())
@ -67,17 +69,12 @@ bool RoutingCompiler_cisco::eliminateDuplicateRules::processNext()
return true;
}
if (printRule == NULL)
{
printRule = new PrintRule("");
printRule->setContext(compiler);
}
string label = rule->getLabel();
int bracepos = label.find("(");
label.erase(0, bracepos);
string thisRule = label + " " + printRule->RoutingRuleToString(rule);
string thisRule = label + " " +
cisco_comp->printRule->RoutingRuleToString(rule);
rules_it = rules_seen_so_far.find(thisRule);
@ -87,7 +84,7 @@ bool RoutingCompiler_cisco::eliminateDuplicateRules::processNext()
msg = "Two of the sub rules created from the gui routing rules " +
rules_it->second + " and " + rule->getLabel() +
" are identical, skipping the second. " +
"Please revise them to avoid this warning!";
"Please revise them to avoid this warning";
compiler->warning( msg.c_str() );
return true;
}
@ -100,6 +97,7 @@ bool RoutingCompiler_cisco::eliminateDuplicateRules::processNext()
void RoutingCompiler_cisco::compile()
{
printRule = new RoutingCompiler_cisco::PrintRule("");
}
string RoutingCompiler_cisco::debugPrintRule(Rule *r)

25
src/cisco_lib/RoutingCompiler_cisco.h
View File

@ -52,23 +52,17 @@ namespace fwcompiler {
*/
DECLARE_ROUTING_RULE_PROCESSOR(DstNegation);
/**
* remove duplicate rules
*/
class PrintRule;
/**
* eliminates duplicate objects in DST. Uses default comparison
* in eliminateDuplicatesInRE which compares IDs
*/
class eliminateDuplicatesInDST : public eliminateDuplicatesInRE
{
public:
eliminateDuplicatesInDST(const std::string &n) :
eliminateDuplicatesInRE(n,libfwbuilder::RuleElementRDst::TYPENAME) {}
eliminateDuplicatesInDST(const std::string &name) :
eliminateDuplicatesInRE(name,
libfwbuilder::RuleElementRDst::TYPENAME)
{}
};
/**
@ -78,13 +72,11 @@ namespace fwcompiler {
{
std::map<std::string, std::string> rules_seen_so_far;
std::map<std::string, std::string>::iterator rules_it;
RoutingCompiler_cisco::PrintRule *printRule;
public:
eliminateDuplicateRules(const std::string &name) : RoutingRuleProcessor(name){
printRule=NULL;
}
eliminateDuplicateRules(const std::string &name) :
RoutingRuleProcessor(name) {}
virtual bool processNext();
};
@ -112,12 +104,12 @@ namespace fwcompiler {
virtual std::string _printRGtw(libfwbuilder::RoutingRule *r);
virtual std::string _printRItf(libfwbuilder::RoutingRule *r);
virtual std::string _printRDst(libfwbuilder::RoutingRule *r);
};
friend class RoutingCompiler_cisco::PrintRule;
public:
RoutingCompiler_cisco::PrintRule *printRule;
RoutingCompiler_cisco(libfwbuilder::FWObjectDatabase *_db,
const std::string &fwname, bool ipv6_policy,
fwcompiler::OSConfigurator *_oscnf) :
@ -125,7 +117,6 @@ namespace fwcompiler {
virtual int prolog();
virtual void compile();
};
}

2
src/pix/RoutingCompiler_pix.cpp
View File

@ -66,6 +66,8 @@ void RoutingCompiler_pix::epilog()
*/
void RoutingCompiler_pix::compile()
{
printRule = new RoutingCompiler_pix::PrintRule("");
cout << " Compiling routing rules for "
<< fw->getName() << " ..." << endl << flush;

72
test/pix/objects-for-regression-tests.fwb
View File

@ -1,8 +1,21 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1230842501" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1231213988" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id16325X21455"/>
<ObjectRef ref="sysid0"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
@ -22,6 +35,10 @@
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
<IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="255.255.255.255"/>
<IPv4 id="id16325X21455" name="internal gw" comment="" ro="False" address="10.3.14.254" netmask="0.0.0.0"/>
<IPv4 id="id23261X67574" name="external gw 1" comment="" ro="False" address="22.22.22.254" netmask="0.0.0.0"/>
<IPv4 id="id23284X67574" name="internal gw 2" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
<IPv4 id="id23297X67574" name="external gw2" comment="" ro="False" address="22.22.22.100" netmask="0.0.0.0"/>
<IPv4 id="id30235X67574" name="internal gw1" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
<ObjectGroup id="id3D420A09" name="dmz-netzone" comment="" ro="False">
@ -848,7 +865,7 @@
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="pix_os" inactive="False" lastCompiled="1163922727" lastInstalled="0" lastModified="1176515435" platform="pix" version="6.2" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<Firewall id="fw-firewall2" host_OS="pix_os" inactive="False" lastCompiled="1163922727" lastInstalled="0" lastModified="1231214031" platform="pix" version="6.2" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" comment="">
<OSrc neg="False">
@ -1676,7 +1693,56 @@
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="fw-firewall2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Routing id="fw-firewall2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RoutingRule id="id16355X67574" disabled="False" metric="0" position="0" comment="">
<RDst neg="False">
<ObjectRef ref="sysid0"/>
</RDst>
<RGtw neg="False">
<ObjectRef ref="id23261X67574"/>
</RGtw>
<RItf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</RItf>
<RoutingRuleOptions/>
</RoutingRule>
<RoutingRule id="id23264X67574" disabled="False" group="" metric="0" position="1" comment="">
<RDst neg="False">
<ObjectRef ref="id47B7C22921818"/>
</RDst>
<RGtw neg="False">
<ObjectRef ref="id30235X67574"/>
</RGtw>
<RItf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</RItf>
<RoutingRuleOptions/>
</RoutingRule>
<RoutingRule id="id23275X67574" disabled="False" group="" metric="0" position="2" comment="">
<RDst neg="False">
<ObjectRef ref="id3FA34EFA"/>
</RDst>
<RGtw neg="False">
<ObjectRef ref="id23284X67574"/>
</RGtw>
<RItf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</RItf>
<RoutingRuleOptions/>
</RoutingRule>
<RoutingRule id="id23287X67574" disabled="False" group="" metric="0" position="3" comment="">
<RDst neg="False">
<ObjectRef ref="id3B665643"/>
</RDst>
<RGtw neg="False">
<ObjectRef ref="id23297X67574"/>
</RGtw>
<RItf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</RItf>
<RoutingRuleOptions/>
</RoutingRule>
</Routing>
<Interface id="if-FW-firewall2-eth1" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth1-ipv4" name="a1" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>