onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity

using different xml element to control when "advanced interface settings" button is enabled; generating different commands to bind acls to vlan or regular inetrfaces on ProCurve

Browse Source
This commit is contained in:
Vadim Kurland 2010-05-11 17:01:08 +00:00
parent f15d348e7b
commit 8f9b516e9b
26 changed files with 182 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2884
#define BUILD_NUM 2890

15
doc/ChangeLog
View File

@ -1,3 +1,18 @@
2010-05-11 vadim <vadim@vk.crocodile.org>
* PolicyCompiler_procurve_acl_writers.cpp (PolicyCompiler_procurve_acl::printAccessGroupCmd):
ProCurve uses different syntax for vlan ACLs and ACLs bound to
switch ports. Enabled "advanced interface settings" dialog for
ProCurve interfaces.
* InterfaceDialog.cpp (InterfaceDialog::loadFWObject): button
"Advanced interface settings" is controlled by element
<supports_advanced_interface_options> in the host OS xml resource
file. Before, it was controlled by the element
<supports_subinterfaces>. I need this button and associated dialog
for vlan interfaces on ProCurves, where vlan interfaces are not
subinterfaces.
2010-05-10 vadim <vadim@vk.crocodile.org>
* CompilerDriver_procurve_acl_run.cpp (CompilerDriver_procurve_acl::run):

2
src/cisco_lib/PolicyCompiler_iosacl.h
View File

@ -281,7 +281,7 @@ namespace fwcompiler {
protected:
virtual std::string myPlatformName();
std::string printAccessGroupCmd(ciscoACL *acl, bool neg=false);
virtual std::string printAccessGroupCmd(ciscoACL *acl, bool neg=false);
public:

2
src/cisco_lib/PolicyCompiler_procurve_acl.h
View File

@ -47,8 +47,8 @@ namespace fwcompiler {
protected:
virtual std::string myPlatformName();
virtual void _printClearCommands();
virtual std::string printAccessGroupCmd(ciscoACL *acl, bool neg=false);
public:

53
src/cisco_lib/PolicyCompiler_procurve_acl_writers.cpp
View File

@ -27,11 +27,15 @@
#include "fwbuilder/Firewall.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/RuleSet.h"
#include <iostream>
#include <assert.h>
#include <QStringList>
#include <QString>
using namespace libfwbuilder;
using namespace fwcompiler;
@ -71,4 +75,53 @@ void PolicyCompiler_procurve_acl::_printClearCommands()
output << endl;
}
string PolicyCompiler_procurve_acl::printAccessGroupCmd(ciscoACL *acl, bool neg)
{
if (getSourceRuleSet()->isTop())
{
QString dir;
if (acl->direction()=="in" || acl->direction()=="Inbound") dir="in";
if (acl->direction()=="out" || acl->direction()=="Outbound") dir="out";
QString addr_family_prefix = "ip";
if (ipv6) addr_family_prefix = "ipv6";
// ProCurve uses different syntax for vlan ACLs
Interface *intf = acl->getInterface();
FWOptions *ifopt = intf->getOptionsObject();
string itype = ifopt->getStr("type");
if (itype == "8021q")
{
int vlan_id = ifopt->getInt("vlan_id");
QStringList outp;
if (neg) outp.push_back("no");
outp.push_back("vlan");
outp.push_back(QString("%1").arg(vlan_id));
outp.push_back(addr_family_prefix);
outp.push_back(getAccessGroupCommandForAddressFamily(ipv6).c_str());
outp.push_back(acl->workName().c_str());
outp.push_back(dir);
return outp.join(" ").toStdString() + "\n";
} else
{
QStringList outp;
QStringList outp_combined;
outp_combined.push_back(
QString("interface %1").arg(intf->getName().c_str()));
if (neg) outp.push_back("no");
outp.push_back(addr_family_prefix);
outp.push_back(getAccessGroupCommandForAddressFamily(ipv6).c_str());
outp.push_back(acl->workName().c_str());
outp.push_back(dir);
outp_combined.push_back(" " + outp.join(" "));
outp_combined.push_back("exit");
return outp_combined.join("\n").toStdString();
}
}
return "";
}

3
src/gui/DialogFactory.cpp
View File

@ -295,7 +295,8 @@ QWidget *DialogFactory::createIfaceDialog(QWidget *parent,FWObject *o)
QObject::tr("Support module for %1 is not available").
arg(host_OS.c_str()).toLocal8Bit().constData()));
string dlgname = os->Resources::getResourceStr("/FWBuilderResources/Target/interface_dialog");
string dlgname = os->Resources::getResourceStr(
"/FWBuilderResources/Target/interface_dialog");
// add further dlgname support here ...

30
src/gui/InterfaceDialog.cpp
View File

@ -193,6 +193,8 @@ void InterfaceDialog::loadFWObject(FWObject *o)
FWObject *f = s->getParentHost();
m_dialog->advancedconfig->setEnabled(true);
/* if parent is a host, hide firewall related settings */
if (Host::isA(f))
{
@ -218,21 +220,32 @@ void InterfaceDialog::loadFWObject(FWObject *o)
{
// platform specific
supports_security_levels =
Resources::getTargetCapabilityBool(f->getStr("platform"), "security_levels");
Resources::getTargetCapabilityBool(
f->getStr("platform"), "security_levels");
supports_network_zones =
Resources::getTargetCapabilityBool(f->getStr("platform"), "network_zones");
Resources::getTargetCapabilityBool(
f->getStr("platform"), "network_zones");
supports_unprotected =
Resources::getTargetCapabilityBool(f->getStr("platform"), "unprotected_interfaces");
Resources::getTargetCapabilityBool(
f->getStr("platform"), "unprotected_interfaces");
// OS specific
supports_advanced_ifaces =
Resources::getTargetCapabilityBool(f->getStr("host_OS"),
"supports_subinterfaces");
Resources::getTargetCapabilityBool(
f->getStr("host_OS"), "supports_advanced_interface_options");
// disable advanced options dialog if this is main interface of a cluster
if (Cluster::isA(s->getParent()))
supports_advanced_ifaces = false;
if (Cluster::isA(s->getParent())) supports_advanced_ifaces = false;
} catch (FWException &ex) { }
if (fwbdebug)
qDebug() << "parent=" << f->getName().c_str()
<< "Firewall::isA(f)=" << Firewall::isA(f)
<< "host_OS=" << f->getStr("host_OS").c_str()
<< "supports_advanced_ifaces=" << supports_advanced_ifaces;
/* if parent is a firewall or a fw cluster, it is more complex ... */
if (Firewall::isA(f) || Cluster::isA(f))
{
@ -270,8 +283,7 @@ void InterfaceDialog::loadFWObject(FWObject *o)
// well. Current implementation can not generate configuration
// code for interfaces and subinterfaces of member firewalls
// from cluster interface or subinterface objects
m_dialog->interfaceOptionsGroup->setEnabled(
!Cluster::isA(s->getParentHost()));
m_dialog->interfaceOptionsGroup->setEnabled(!Cluster::isA(f));
if (supports_network_zones)
{

1
src/res/os/dd-wrt-jffs.xml
View File

@ -35,6 +35,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/dd-wrt-nvram.xml
View File

@ -35,6 +35,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/endian.xml
View File

@ -34,6 +34,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/freebsd.xml
View File

@ -25,6 +25,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/fwsm_os.xml
View File

@ -15,6 +15,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

4
src/res/os/ios.xml
View File

@ -18,6 +18,10 @@
</activation>
</options>
<capabilities>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>
<cluster>
</cluster>

1
src/res/os/ipcop.xml
View File

@ -34,6 +34,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/linux24.xml
View File

@ -32,6 +32,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/macosx.xml
View File

@ -22,6 +22,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/oneshield.xml
View File

@ -34,6 +34,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/openbsd.xml
View File

@ -24,6 +24,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/openwrt.xml
View File

@ -35,6 +35,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/pix_os.xml
View File

@ -24,6 +24,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

8
src/res/os/procurve.xml
View File

@ -6,6 +6,7 @@
<compiler>fwb_procurve</compiler>
<family>procurve</family>
<dialog>procurve</dialog>
<interface_dialog>vlan_only</interface_dialog>
<options>
<user_can_change_install_dir>false</user_can_change_install_dir>
@ -21,6 +22,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>False</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>False</supports_cluster>
</capabilities>
@ -29,14 +31,12 @@
</cluster>
<firewall>
<string>ethernet,Ethernet</string>
<string>8021q,VLAN</string>
<string>unknown,Unknown</string>
</firewall>
</interfaces>
<subinterfaces>
<ethernet>
<string>8021q,VLAN</string>
<string>unknown,Unknown</string>
</ethernet>
</subinterfaces>

1
src/res/os/secuwall.xml
View File

@ -42,6 +42,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_subinterfaces>True</supports_subinterfaces>
<supports_advanced_interface_options>True</supports_advanced_interface_options>
<supports_cluster>True</supports_cluster>
</capabilities>

1
src/res/os/solaris.xml
View File

@ -22,6 +22,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/sveasoft.xml
View File

@ -32,6 +32,7 @@
<capabilities>
<supports_routing>True</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

1
src/res/os/unknown_os.xml
View File

@ -20,6 +20,7 @@
<capabilities>
<supports_routing>False</supports_routing>
<supports_advanced_interface_options>False</supports_advanced_interface_options>
</capabilities>
<interfaces>

67
test/procurve_acl/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1273546043" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1273597059" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -598,7 +598,7 @@
<ServiceGroup id="id4511636C23682_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4511637423682" name="Firewalls" comment="" ro="False">
<Firewall id="id46412B5226577" host_OS="procurve" inactive="False" lastCompiled="1261963115" lastInstalled="0" lastModified="1273546106" platform="procurve_acl" version="K.13" name="testhp1" comment="" ro="False">
<Firewall id="id46412B5226577" host_OS="procurve" inactive="False" lastCompiled="1273596546" lastInstalled="0" lastModified="1273597135" platform="procurve_acl" version="K.13" name="testhp1" comment="" ro="False">
<NAT id="id46412B5626577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
@ -1044,7 +1044,48 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46412C2726611" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="">
<PolicyRule id="id5646X48212" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id5494X48212"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id5801X48212" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id5494X48212"/>
<ObjectRef ref="id5528X48212"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id46412C2726611" disabled="False" log="True" position="23" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1102,6 +1143,26 @@
<Option name="vlan_id">402</Option>
</InterfaceOptions>
</Interface>
<Interface id="id5494X48212" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="a1" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
</Interface>
<Interface id="id5528X48212" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="a2" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
</Interface>
<Interface id="id5554X48212" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="b1" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
</Interface>
<Interface id="id5588X48212" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="b2" comment="" ro="False">
<InterfaceOptions>
<Option name="type">ethernet</Option>
</InterfaceOptions>
</Interface>
<Management address="1.1.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>