* ACL.cpp (ciscoACL::addRemark): fixed bug #1778536 "IOSACL -

remark command". Remarks now include rule comments; if comment consists of several lines, each line is added using separate remark statement. This works for both IOS ACL and PIX platforms.
2026-03-24 12:17:26 +01:00 · 2009-07-13 15:45:49 +00:00 · 2009-07-13 15:45:49 +00:00 · a08e47cc69
commit a08e47cc69
parent caf536c8f4
8 changed files with 47 additions and 29 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 1150
+#define BUILD_NUM 1151
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,10 @@
+2009-07-13  vadim  <vadim@vk.crocodile.org>
+
+	* ACL.cpp (ciscoACL::addRemark): fixed bug #1778536 "IOSACL -
+	remark command". Remarks now include rule comments; if comment
+	consists of several lines, each line is added using separate
+	remark statement. This works for both IOS ACL and PIX platforms.
+
 2009-07-12  vadim  <vadim@vk.crocodile.org>

 	* printerStream.cpp (printerStream::printQTable): fix bug
--- a/src/cisco_lib/ACL.cpp
+++ b/src/cisco_lib/ACL.cpp
@ -36,18 +36,37 @@ string ciscoACL::addLine(const std::string &s)
    return printLastLine();
 }

-    /*
-     * Adds remark to access list. Checks and adds each remark only
-     * once. We use rule labels for remarks
-     */
-string ciscoACL::addRemark(const std::string &rl)
+/*
+ * Adds remark to access list. Checks and adds each remark only
+ * once. We use rule labels for remarks
+ */
+string ciscoACL::addRemark(const std::string &rl, const std::string &comment)
 {
-    if (_last_rule_label!=rl)
+    string output;
+    if (_last_rule_label != rl)
    {
-        acl.push_back(" remark "+rl);
-        _last_rule_label=rl;
+        acl.push_back(" remark " + rl);
+        output += printLastLine();
        nlines++;
-        return printLastLine();
+
+        if (!comment.empty())
+        {
+            string::size_type n, c1;
+            c1 = 0;
+            while ( (n = comment.find("\n", c1)) != string::npos )
+            {
+                acl.push_back(" remark " + comment.substr(c1, n-c1));
+                output += printLastLine();
+                nlines++;
+                c1 = n + 1;
+            }
+            acl.push_back(" remark " + comment.substr(c1));
+            output += printLastLine();
+            nlines++;
+        }
+
+        _last_rule_label = rl;
+        return output;
    }
    return "";
 }
--- a/src/cisco_lib/ACL.h
+++ b/src/cisco_lib/ACL.h
@ -73,9 +73,9 @@ class ciscoACL {

    /*
     * Adds remark to access list. Checks and adds each remark only
-     * once. We use rule labels for remarks
+     * once. We use rule labels and comments for remarks
     */
-    std::string addRemark(const std::string &rl);
+    std::string addRemark(const std::string &rl, const std::string &comment);

    void setName(const std::string &s) { _name=s; }
    std::string name() { return _name; }
--- a/src/cisco_lib/PolicyCompiler_cisco.cpp
+++ b/src/cisco_lib/PolicyCompiler_cisco.cpp
@ -126,7 +126,7 @@ void PolicyCompiler_cisco::addDefaultPolicyRule()
        r->setLogging(false);
        r->setDirection(PolicyRule::Inbound);
        r->setPosition(-1);
-        r->setComment("   backup ssh access rule ");
+//        r->setComment("   backup ssh access rule ");
        r->setHidden(true);
        r->setFallback(false);
        r->setLabel("backup ssh access rule");
--- a/src/iosacl/PolicyCompiler_iosacl_writers.cpp
+++ b/src/iosacl/PolicyCompiler_iosacl_writers.cpp
@ -60,6 +60,7 @@

 #include <assert.h>

+
 using namespace libfwbuilder;
 using namespace fwcompiler;
 using namespace std;
@ -280,7 +281,9 @@ string PolicyCompiler_iosacl::PrintRule::_printRule(PolicyRule *rule)
 //    aclstr << endl;

    if (compiler->fw->getOptionsObject()->getBool("iosacl_use_acl_remarks"))
-        ruleout << acl->addRemark( rule->getLabel() );
+    {
+        ruleout << acl->addRemark(rule->getLabel(), rule->getComment());
+    }

    ruleout << acl->addLine(aclstr.str());

--- a/src/pix/PolicyCompiler_pix_writers.cpp
+++ b/src/pix/PolicyCompiler_pix_writers.cpp
@ -635,7 +635,7 @@ bool PolicyCompiler_pix::PrintRule::processNext()

    if (compiler->fw->getOptionsObject()->getBool("pix_use_acl_remarks"))
    {
-        compiler->output << acl->addRemark( rule->getLabel() );
+        compiler->output << acl->addRemark(rule->getLabel(), rule->getComment());
    }

    /*
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@ -2,20 +2,8 @@
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
 <FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1231213988" id="root">
  <Library id="sysid99" name="Deleted Objects" comment="" ro="False">
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
-    <ObjectRef ref="sysid0"/>
    <ObjectRef ref="sysid0"/>
    <ObjectRef ref="id16325X21455"/>
-    <ObjectRef ref="sysid0"/>
  </Library>
  <Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
    <ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
@ -2508,6 +2496,7 @@
          <Option name="no_iochains_for_any">False</Option>
          <Option name="no_optimisation">False</Option>
          <Option name="pass_all_out">False</Option>
+          <Option name="pix_acl_no_clear">True</Option>
          <Option name="pix_add_clear_statements">False</Option>
          <Option name="pix_assume_fw_part_of_any">False</Option>
          <Option name="pix_check_duplicate_nat">False</Option>
@ -3955,7 +3944,7 @@ no sysopt nodnsalias outbound
          <Option name="xlate_ss">0</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id3F8F9590" host_OS="pix_os" lastCompiled="1145688317" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="firewall12" comment="this firewall has DMZ using routable address&#10;" ro="False">
+      <Firewall id="id3F8F9590" host_OS="pix_os" lastCompiled="1145688317" lastInstalled="0" lastModified="1247498770" platform="pix" version="6.3" name="firewall12" comment="this firewall has DMZ using routable address&#10;" ro="False">
        <NAT id="id3F8F9591" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
          <NATRule id="id3F8F9592" disabled="False" position="0" comment="">
            <OSrc neg="False">
@ -4055,7 +4044,7 @@ no sysopt nodnsalias outbound
            </When>
            <PolicyRuleOptions/>
          </PolicyRule>
-          <PolicyRule id="id3F8F95CD" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
+          <PolicyRule id="id3F8F95CD" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="this comment&#10;consists of&#10;3 lines of text">
            <Src neg="False">
              <ObjectRef ref="sysid0"/>
            </Src>