onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-22 19:27:13 +01:00
Code Issues Releases Wiki Activity

********************************

Browse Source 
Merge branch inet-addr-changes r26
********************************
This commit is contained in:
Vadim Kurland 2008-04-13 07:05:57 +00:00
parent 748223d383
commit f17bdd839c
48 changed files with 2046 additions and 1498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
migration/FWObjectDatabase_2.1.17.xslt Normal file
View File

@ -0,0 +1,31 @@
<!--
Filename: FWObjectDatabase_2.1.17.xslt
Author: Vadim Kurland
Build date: 03/14/2008
Last changed: 03/14/2008
Version: 1.0.0
Description: translates fwbuilder object database from v2.1.15 to v3
only changes version number
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fwb="http://www.fwbuilder.org/1.0/"
exclude-result-prefixes="fwb">
<xsl:output method="xml" version="1.0"
doctype-system="fwbuilder.dtd" indent="yes" encoding="utf-8"/>
<xsl:template match="*[attribute::id='root']">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="version">3</xsl:attribute>
<xsl:attribute name="id">root</xsl:attribute>
<xsl:copy-of select="*"/>
</FWObjectDatabase>
</xsl:template>
</xsl:stylesheet>

31
migration/FWObjectDatabase_2.1.18.xslt Normal file
View File

@ -0,0 +1,31 @@
<!--
Filename: FWObjectDatabase_2.1.18.xslt
Author: Vadim Kurland
Build date: 03/14/2008
Last changed: 03/14/2008
Version: 1.0.0
Description: translates fwbuilder object database from v2.1.18 to v3
only changes version number
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fwb="http://www.fwbuilder.org/1.0/"
exclude-result-prefixes="fwb">
<xsl:output method="xml" version="1.0"
doctype-system="fwbuilder.dtd" indent="yes" encoding="utf-8"/>
<xsl:template match="*[attribute::id='root']">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/">
<xsl:attribute name="version">3</xsl:attribute>
<xsl:attribute name="id">root</xsl:attribute>
<xsl:copy-of select="*"/>
</FWObjectDatabase>
</xsl:template>
</xsl:stylesheet>

2
migration/migration.pro
View File

@ -69,6 +69,8 @@ target.files = FWObjectDatabase_0.8.7.xslt \
FWObjectDatabase_2.1.14.xslt \
FWObjectDatabase_2.1.15.xslt \
FWObjectDatabase_2.1.16.xslt \
FWObjectDatabase_2.1.17.xslt \
FWObjectDatabase_2.1.18.xslt \
FWObjectDatabase_2.1.99.xslt \
FWObjectDatabase_3.xslt

49
src/fwbuilder/Address.cpp
View File

@ -32,19 +32,50 @@
#include <fwbuilder/FWObjectDatabase.h>
using namespace libfwbuilder;
using namespace std;
const char *Address::TYPENAME={"Address"};
Address::Address(const FWObject *root,bool prepopulate) : FWObject(root,prepopulate) {}
Address::Address() :
FWObject(),
InetAddrMask(InetAddr(), InetNetmask(InetAddr::getAllOnes()))
{
setName("address");
}
IPAddress Address::getAddress() const { return IPAddress(); }
Netmask Address::getNetmask() const { return Netmask(); }
guint32 Address::dimension() const { return 0; }
Address::Address(const FWObject *root,bool prepopulate) :
FWObject(root, prepopulate),
InetAddrMask(InetAddr(), InetNetmask(InetAddr::getAllOnes()))
{
setName("address");
}
void Address::setAddress(const IPAddress &a) {}
void Address::setNetmask(const Netmask &nm) {}
void Address::setAddress(const std::string &a) {}
void Address::setNetmask(const std::string &nm) {}
Address::Address(const Address& other) :
FWObject(other),
InetAddrMask(other)
{
}
Address::Address(const string& a, const string& nm) :
FWObject(),
InetAddrMask(InetAddr(a), InetNetmask(nm))
{
}
Address::Address(const std::string &s) throw(FWException) :
FWObject(),
InetAddrMask(s)
{
}
FWObject& Address::shallowDuplicate(const FWObject *other,
bool preserve_id) throw(FWException)
{
const Address* a_other = Address::constcast(other);
setAddress(a_other->getAddress());
setNetmask(a_other->getNetmask());
return FWObject::shallowDuplicate(other, preserve_id);
}
FWReference* Address::createRef()
{
@ -59,3 +90,5 @@ bool Address::isAny() const
{
return getId()==FWObjectDatabase::getAnyNetworkId();
}

25
src/fwbuilder/Address.h
View File

@ -28,7 +28,8 @@
#define __GEN_ADDRESS_HH_FLAG__
#include <fwbuilder/FWObject.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/InetAddrMask.h>
namespace libfwbuilder
{
@ -42,26 +43,22 @@ namespace libfwbuilder
* TODO: we might need to derive ObjectGroup and AddressRange from Address,
* but this requires lot more testing
*/
class Address : public FWObject
class Address : public FWObject , public InetAddrMask
{
private:
public:
DECLARE_FWOBJECT_SUBTYPE(Address);
Address() {}
Address();
Address(const FWObject *root,bool prepopulate);
Address(const Address&);
Address(const std::string& addr,const std::string& mask);
Address(const std::string &s) throw(FWException);
virtual IPAddress getAddress() const;
virtual Netmask getNetmask() const;
virtual guint32 dimension() const;
virtual void setAddress(const IPAddress &a);
virtual void setNetmask(const Netmask &nm);
virtual void setAddress(const std::string &a);
virtual void setNetmask(const std::string &nm);
virtual FWObject& shallowDuplicate(const FWObject *obj,
bool preserve_id = true)
throw(FWException);
virtual FWReference* createRef();
bool isAny() const;

67
src/fwbuilder/AddressRange.cpp
View File

@ -2,7 +2,7 @@
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Copyright (C) 2006 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
@ -24,6 +24,7 @@
*/
#include <assert.h>
#include <iostream>
#include <fwbuilder/libfwbuilder-config.h>
@ -34,44 +35,52 @@ using namespace libfwbuilder;
const char *AddressRange::TYPENAME={"AddressRange"};
AddressRange::AddressRange() : Address() ,
start_address("0.0.0.0") ,
end_address("0.0.0.0")
AddressRange::AddressRange() : Address(), start_address(), end_address()
{
}
AddressRange::AddressRange(const FWObject *root,bool prepopulate) :
Address(root,prepopulate) , start_address("0.0.0.0") , end_address("0.0.0.0")
AddressRange::AddressRange(const FWObject *root, bool prepopulate) :
Address(root, prepopulate), start_address(), end_address()
{
}
AddressRange::AddressRange(AddressRange &o) : Address() ,
start_address(o.getRangeStart()) ,
start_address(o.getRangeStart()),
end_address(o.getRangeEnd())
{
FWObject::operator=(o);
}
IPAddress AddressRange::getAddress() const { return getRangeStart(); }
Netmask AddressRange::getNetmask() const { return Netmask("255.255.255.255"); }
guint32 AddressRange::dimension() const
const InetAddr& AddressRange::getAddress() const
{
guint32 a1=ntohl( start_address.to32BitInt() );
guint32 a2=ntohl( end_address.to32BitInt() );
return a2-a1+1;
return start_address;
}
void AddressRange::setAddress(const IPAddress &a) { setRangeStart(a); setRangeEnd(a); }
void AddressRange::setNetmask(const Netmask &nm) {}
const InetAddr* AddressRange::getAddressPtr() const
{
return &start_address;
}
void AddressRange::setAddress(const std::string &a) { setRangeStart(IPAddress(a)); setRangeEnd(IPAddress(a)); }
void AddressRange::setNetmask(const std::string &nm) {}
unsigned int AddressRange::dimension() const
{
return start_address.distance(end_address);
}
void AddressRange::setAddress(const InetAddr &a)
{
setRangeStart(a);
setRangeEnd(a);
}
FWObject& AddressRange::shallowDuplicate(const FWObject *o, bool preserve_id) throw(FWException)
void AddressRange::setNetmask(const InetNetmask& ) {}
FWObject& AddressRange::shallowDuplicate(const FWObject *o, bool preserve_id)
throw(FWException)
{
const AddressRange *n = dynamic_cast<const AddressRange *>(o);
if (n==NULL) throw(FWException("Attempt to copy incompatible object to AddressRange: objectID="+o->getId()));
if (n==NULL)
throw(FWException(
"Attempt to copy incompatible object to AddressRange: objectID="+o->getId()));
start_address = n->getRangeStart();
end_address = n->getRangeEnd();
@ -84,16 +93,16 @@ bool AddressRange::cmp(const FWObject *obj) throw(FWException)
if (AddressRange::constcast(obj)==NULL) return false;
if (!FWObject::cmp(obj)) return false;
IPAddress o1b;
IPAddress o1e;
IPAddress o2b;
IPAddress o2e;
InetAddr o1b;
InetAddr o1e;
InetAddr o2b;
InetAddr o2e;
o1b=getRangeStart();
o1e=getRangeEnd();
o1b = getRangeStart();
o1e = getRangeEnd();
o2b=AddressRange::constcast(obj)->getRangeStart();
o2e=AddressRange::constcast(obj)->getRangeEnd();
o2b = AddressRange::constcast(obj)->getRangeStart();
o2e = AddressRange::constcast(obj)->getRangeEnd();
return (o1b==o2b && o1e==o2e);
}
@ -104,12 +113,12 @@ void AddressRange::fromXML(xmlNodePtr root) throw(FWException)
const char *n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("start_address")));
assert(n!=NULL);
start_address = n;
start_address = InetAddr(n);
FREEXMLBUFF(n);
n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("end_address")));
assert(n!=NULL);
end_address = n;
end_address = InetAddr(n);
FREEXMLBUFF(n);
}

29
src/fwbuilder/AddressRange.h
View File

@ -28,7 +28,7 @@
#define __ADDRESSRANGE_HH_FLAG__
#include <fwbuilder/Address.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
namespace libfwbuilder
{
@ -37,8 +37,8 @@ class AddressRange : public Address
{
private:
IPAddress start_address;
IPAddress end_address;
InetAddr start_address;
InetAddr end_address;
public:
@ -46,26 +46,25 @@ class AddressRange : public Address
AddressRange(const FWObject *root,bool prepopulate);
AddressRange(AddressRange &);
const IPAddress &getRangeStart() const { return start_address; }
const IPAddress &getRangeEnd() const { return end_address; }
const InetAddr &getRangeStart() const { return start_address; }
const InetAddr &getRangeEnd() const { return end_address; }
void setRangeStart(const IPAddress &o) { start_address=o; }
void setRangeEnd(const IPAddress &o) { end_address=o; }
void setRangeStart(const InetAddr &o) { start_address = o; }
void setRangeEnd(const InetAddr &o) { end_address = o; }
/**
* virtual methods inherited from Address
*/
virtual IPAddress getAddress() const;
virtual Netmask getNetmask() const;
virtual guint32 dimension() const;
virtual const InetAddr& getAddress() const;
virtual const InetAddr* getAddressPtr() const;
virtual unsigned int dimension() const;
virtual void setAddress(const IPAddress &a);
virtual void setNetmask(const Netmask &nm);
virtual void setAddress(const std::string &a);
virtual void setNetmask(const std::string &nm);
virtual void setAddress(const InetAddr &a);
virtual void setNetmask(const InetNetmask &nm);
virtual FWObject& shallowDuplicate(const FWObject *obj, bool preserve_id) throw(FWException);
virtual FWObject& shallowDuplicate(const FWObject *obj, bool preserve_id)
throw(FWException);
virtual bool cmp(const FWObject *obj) throw(FWException);
virtual void fromXML (xmlNodePtr parent) throw(FWException);

8
src/fwbuilder/DNSName.cpp
View File

@ -31,7 +31,7 @@
#include <fwbuilder/FWException.h>
#include <fwbuilder/FWObjectReference.h>
#include <fwbuilder/FWObjectDatabase.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/IPv4.h>
#include <fwbuilder/dns.h>
@ -62,11 +62,11 @@ void DNSName::loadFromSource() throw(FWException)
{
try
{
list<IPAddress> v = DNS::getHostByName(getSourceName() );
for (list<IPAddress>::iterator i=v.begin(); i!=v.end(); ++i)
list<InetAddr> v = DNS::getHostByName(getSourceName() );
for (list<InetAddr>::iterator i=v.begin(); i!=v.end(); ++i)
{
IPv4 *a = IPv4::cast(getRoot()->create(IPv4::TYPENAME));
a->setAddress( i->toString() );
a->setAddress( *i );
addRef(a);
}
} catch (const FWException &ex)

47
src/fwbuilder/Host.cpp
View File

@ -25,6 +25,7 @@
*/
#include <assert.h>
#include <iostream>
#include <fwbuilder/libfwbuilder-config.h>
@ -117,46 +118,52 @@ FWOptions* Host::getOptionsObject()
return FWOptions::cast( getFirstByType(HostOptions::TYPENAME) );
}
IPAddress Host::getAddress() const
const InetAddr& Host::getAddress() const
{
Interface *iface=NULL;
for(FWObjectTypedChildIterator j=findByType(Interface::TYPENAME); j!=j.end(); ++j)
for(FWObjectTypedChildIterator j = findByType(Interface::TYPENAME);
j!=j.end(); ++j)
{
iface=Interface::cast(*j);
iface = Interface::cast(*j);
if (iface->isLoopback()) continue;
if (iface->isManagement()) return iface->getAddress();
}
if (iface!=NULL) return iface->getAddress();
return IPAddress("0.0.0.0");
return InetAddrMask::getAddress();
}
Netmask Host::getNetmask() const
const InetAddr* Host::getAddressPtr() const
{
Interface *iface=NULL;
for(FWObjectTypedChildIterator j=findByType(Interface::TYPENAME); j!=j.end(); ++j)
{
iface = Interface::cast(*j);
if (iface->isLoopback()) continue;
if (iface->isManagement()) return iface->getAddressPtr();
}
if (iface!=NULL) return iface->getAddressPtr();
return InetAddrMask::getAddressPtr();
}
const InetNetmask& Host::getNetmask() const
{
Interface *iface=Interface::cast( getFirstByType(Interface::TYPENAME));
if (iface!=NULL) return iface->getNetmask();
return Netmask("0.0.0.0");
return InetAddrMask::getNetmask();
}
void Host::setAddress(const IPAddress &a) { setAddress(a.toString()); }
void Host::setNetmask(const Netmask&) {}
void Host::setAddress(const std::string &a)
{
void Host::setAddress(const InetAddr &a)
{
Interface *iface=Interface::cast( getFirstByType(Interface::TYPENAME));
if (iface!=NULL) iface->setAddress(a);
}
void Host::setNetmask(const std::string &nm)
{
void Host::setNetmask(const InetNetmask &nm)
{
Interface *iface=Interface::cast( getFirstByType(Interface::TYPENAME));
if (iface!=NULL) iface->setNetmask(nm);
}
guint32 Host::dimension() const
{
return 1;
}
Management *Host::getManagementObject()
{
Management *res = dynamic_cast<Management *>(getFirstByType(Management::TYPENAME));
@ -172,7 +179,7 @@ Management *Host::getManagementObject()
* address to be found, returns "0.0.0.0". May throw exception if
* interface has invalid address.
*/
IPAddress Host::getManagementAddress() throw(FWException)
InetAddr Host::getManagementAddress() throw(FWException)
{
Management *mgmt=getManagementObject();
@ -185,5 +192,5 @@ IPAddress Host::getManagementAddress() throw(FWException)
return iface->getAddress();
}
}
return IPAddress("0.0.0.0");
return InetAddr();
}

16
src/fwbuilder/Host.h
View File

@ -63,16 +63,16 @@ class Host : public Address
void addInterface(Interface *i);
void removeInterface(Interface *i);
IPAddress getManagementAddress() throw(FWException);
InetAddr getManagementAddress() throw(FWException);
virtual IPAddress getAddress() const;
virtual Netmask getNetmask() const;
virtual guint32 dimension() const;
virtual const InetAddr& getAddress() const;
virtual const InetAddr* getAddressPtr() const;
virtual void setAddress(const IPAddress &a);
virtual void setNetmask(const Netmask &nm);
virtual void setAddress(const std::string &a);
virtual void setNetmask(const std::string &nm);
virtual const InetNetmask& getNetmask() const;
virtual unsigned int dimension() const { return 1; }
virtual void setAddress(const InetAddr &a);
virtual void setNetmask(const InetNetmask &nm);
/**
* This method returns reference to the object representing

4
src/fwbuilder/HostsFile.cpp
View File

@ -61,7 +61,7 @@ void HostsFile::parse(istream &from) throw(FWException)
state = s_iws;
IPAddress ip ;
InetAddr ip ;
string name ;
vector<string> names ;
@ -92,7 +92,7 @@ void HostsFile::parse(istream &from) throw(FWException)
// throw exception here.
try
{
ip = IPAddress(name);
ip = InetAddr(name);
names.clear();
name="";
state=s_ws;

6
src/fwbuilder/HostsFile.h
View File

@ -28,7 +28,7 @@
#define __HOSTS_FILE_HH_FLAG__
#include <fwbuilder/FWException.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <iostream>
#include <string>
@ -50,11 +50,11 @@ class HostsFile
void parse(std::istream &from) throw(FWException);
// Returns all hosts found
std::map<IPAddress, std::vector<std::string> > getAll() { return data; }
std::map<InetAddr, std::vector<std::string> > getAll() { return data; }
private:
std::map<IPAddress, std::vector<std::string> > data;
std::map<InetAddr, std::vector<std::string> > data;
};
}

677
src/fwbuilder/IPAddress.cpp
View File

@ -1,677 +0,0 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: IPAddress.cpp 1034 2007-08-02 05:19:28Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <fwbuilder/libfwbuilder-config.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/Interface.h>
#include <stdio.h>
#include <iostream>
#ifndef _WIN32
# include <sys/types.h>
# include <netinet/in.h>
#else
# include <winsock2.h>
#endif
using namespace std;
namespace libfwbuilder
{
bool operator<(const IPAddress &a, const IPAddress &b)
{
guint32 a1=ntohl( a.to32BitInt() );
guint32 a2=ntohl( b.to32BitInt() );
return (a1<a2);
#if 0
for(int i=0;i<4;i++)
if(a.octets[i]!=b.octets[i])
return a.octets[i]<b.octets[i];
return false;
#endif
}
bool operator==(const IPAddress &a, const IPAddress &b)
{
for(int i=0;i<4;i++)
if(a.octets[i]!=b.octets[i])
return false;
return true;
}
bool operator==(const Netmask &a, const Netmask &b)
{
for(int i=0;i<4;i++)
if(a.octets[i]!=b.octets[i])
return false;
return true;
}
}
using namespace libfwbuilder;
IPAddress::IPAddress(const unsigned char *data, size_t len) throw(FWException)
{
if(len!=4)
throw FWException("Invalid IP address length. Must be 4.");
if(!data)
throw FWException("NULL IP address data..");
for(int i=0;i<4;i++)
octets[i]=data[i];
}
IPAddress::IPAddress(const struct in_addr *na) throw(FWException)
{
/*
struct in_addr {
unsigned long int s_addr;
}
Note that on the i80x86 the host byte order is Least Sig­
nificant Byte first, whereas the network byte order, as
used on the Internet, is Most Significant Byte first.
*/
guint32 x = ntohl(na->s_addr);
for(int i=3;i>=0;i--)
{
octets[i]=x&0377;
x>>=8;
}
}
IPAddress::IPAddress()
{
octets[0]=octets[1]=octets[2]=octets[3]=0;
}
IPAddress::~IPAddress()
{
}
guint32 IPAddress::to32BitInt() const
{
guint32 x=0l;
#if defined(WORDS_LITTLEENDIAN)
for(int i=3;i>=0;i--)
#elif defined(WORDS_BIGENDIAN)
for(int i=0; i<4; i++)
#else
#error "Only LITTLE_ENDIAN and BIG_ENDIAN platforms are supported"
#endif
{
x<<=8;
x|=octets[i]&0377;
}
return x;
}
IPAddress::IPAddress(const string &s) throw(FWException, FWNotSupportedException)
{
*this=s;
}
IPAddress& IPAddress::operator=(const string &s) throw(FWException, FWNotSupportedException)
{
//TODO: do actual parsing according to RFC1884
if(s.find(":")!=string::npos && s.find_first_not_of(":0123456789ABCDEFabcdef")==string::npos)
throw FWNotSupportedException("IPv6 addresses are not supported");
if(sscanf(s.c_str(), "%3u.%3u.%3u.%3u", &octets[0], &octets[1], &octets[2], &octets[3])!=4)
throw FWException(string("Invalid IP address: '")+s+"'");
validate();
return *this;
}
namespace libfwbuilder
{
/* TODO: use operator ulong() when it is fixed */
IPAddress operator+(const IPAddress &a,const IPAddress &b)
{
guint32 x=0l;
int i;
for(i=0;i<4;i++) { x<<=8; x|=a.octets[i]&0377; }
guint32 a1=htonl(x);
x=0l;
for(i=0;i<4;i++) { x<<=8; x|=b.octets[i]&0377; }
guint32 a2=htonl(x);
struct in_addr na;
na.s_addr=a1+a2;
return IPAddress(&na);
}
/* TODO: use operator ulong() when it is fixed */
IPAddress operator-(const IPAddress &a,const IPAddress &b)
{
guint32 x=0l;
int i;
for(i=0;i<4;i++) { x<<=8; x|=a.octets[i]&0377; }
guint32 a1=htonl(x);
x=0l;
for(i=0;i<4;i++) { x<<=8; x|=b.octets[i]&0377; }
guint32 a2=htonl(x);
struct in_addr na;
na.s_addr=a1-a2;
return IPAddress(&na);
}
IPAddress operator+(const IPAddress &addr,int increment)
{
guint32 a= ntohl( addr.to32BitInt() );
a++;
struct in_addr na;
na.s_addr=htonl(a);
return IPAddress(&na);
}
IPAddress operator-(const IPAddress &addr,int decrement)
{
guint32 a=ntohl( addr.to32BitInt() );
a--;
struct in_addr na;
na.s_addr=htonl(a);
return IPAddress(&na);
}
}
IPAddress& IPAddress::addMask(const Netmask &nm)
{
for (int i=0; i<4; i++)
octets[i] |= nm.octets[i];
return *this;
}
void IPAddress::validate() throw(FWException)
{
if(!octets[0] && !octets[1] && !octets[2] && !octets[3])
return; //0.0.0.0 magic IP address.
if((octets[0]>255) ||
(octets[1]>255) ||
(octets[2]>255) ||
(octets[3]>255))
{
throw FWException(string("Invalid IP address: '")+string(*this)+"'");
}
}
IPAddress::IPAddress(const IPAddress &o)
{
*this=o;
}
IPAddress& IPAddress::operator=(const IPAddress &o)
{
octets[0]=o.octets[0];
octets[1]=o.octets[1];
octets[2]=o.octets[2];
octets[3]=o.octets[3];
return *this;
}
string IPAddress::toString() const
{
char buf[32];
sprintf(buf, "%u.%u.%u.%u", octets[0], octets[1], octets[2], octets[3]);
return buf;
}
bool IPAddress::isBroadcast() const
{
return (octets[0]==octets[1] &&
octets[1]==octets[2] &&
octets[2]==octets[3] &&
(octets[0]==255 || octets[0]==0)
);
}
bool IPAddress::isMulticast() const
{
return (octets[0]>=224 && octets[0]<=239 );
}
void Netmask::validate() throw(FWException)
{
guint32 nm = octets[3] | (octets[2]<<8) | (octets[1]<<16) | (octets[0]<<24);
if(nm)
{
nm = (~nm)+1;
// at this point nm must consist
// of exactly one '1' in binary form
while(!(nm&1))
nm>>=1;
if(nm!=1)
throw FWException(string("Invalid netmask: '")+string(*this)+string("'"));
}
}
Netmask& Netmask::operator=(const string &s) throw(FWException)
{
if(sscanf(s.c_str(), "%3u.%3u.%3u.%3u", &octets[0], &octets[1], &octets[2], &octets[3])!=4)
throw FWException(string("Invalid netmask: '")+s+string("'"));
validate();
return *this;
}
namespace libfwbuilder
{
Netmask operator~(const Netmask &nm)
{
Netmask res;
for (int i=0; i<4; i++)
res.octets[i]= (~ nm.octets[i] ) & 0xff;
return res;
}
}
Netmask::Netmask(const IPAddress &a)
{
octets[0]=255;
octets[1]=octets[2]=octets[3]=0;
if(a[0]>127) octets[1]=255;
if(a[0]>191) octets[2]=255;
}
Netmask::Netmask(const unsigned char *data, size_t len) throw(FWException):IPAddress(data, len)
{
}
Netmask::Netmask()
{
octets[0]=octets[1]=octets[2]=octets[3]=255;
}
Netmask::Netmask(const string &s) throw(FWException)
{
*this=s;
}
Netmask::Netmask(int n) throw(FWException)
{
if (n<0 || n>32) throw FWException(string("Invalid netmask length"));
octets[0]=octets[1]=octets[2]=octets[3]=0;
guint32 i=0;
while (n>=8) { octets[i] = 255; i++; n-=8; }
guint32 m=128;
while (n!=0) { octets[i] |= m; m>>=1; n--; }
}
Netmask::~Netmask()
{
}
int Netmask::getLength() const
{
if (toString()=="255.255.255.255") return 32;
guint32 n= ntohl( to32BitInt() );
int i=0;
while (n) {
n=n<<1;
i++;
}
return i;
}
IPNetwork::IPNetwork(const IPAddress &a, const Netmask &n, int _bcast_bits)
{
bcast_bits = _bcast_bits;
netmask = n;
for(unsigned i=0;i<4;i++)
address.octets[i]=a[i]&netmask[i];
}
const IPAddress& IPNetwork::getAddress() const
{
return address;
}
const Netmask& IPNetwork::getNetmask() const
{
return netmask;
}
IPAddress IPNetwork::getBroadcastAddress () const
{
guint32 a;
if(bcast_bits)
a=address.to32BitInt() | ~( netmask.to32BitInt() );
else
a=address.to32BitInt() & netmask.to32BitInt();
struct in_addr na;
na.s_addr=a;
return IPAddress(&na);
/*
struct in_addr na;
na.s_addr=htonl(a);
return IPAddress(&na);
*/
}
bool IPNetwork::belongs(const IPAddress &o) const
{
for(unsigned i=0;i<4;i++)
if ( ( o[i] & netmask[i] ) != address[i] )
return false;
return true;
}
bool IPNetwork::isBroadcast() const
{
return address.isBroadcast();
}
bool IPNetwork::isMulticast() const
{
return address.isMulticast();
}
IPNetwork& IPNetwork::operator=(const IPNetwork &o)
{
address=o.address;
netmask=o.netmask;
return *this;
}
namespace libfwbuilder
{
bool operator==(const IPNetwork &a, const IPNetwork &b)
{
return a.getNetmask()==b.getNetmask() && a.getAddress()==b.getAddress();
}
bool operator<(const IPNetwork &a, const IPNetwork &b)
{
return a.getAddress()<b.getAddress();
}
/* this is just a better interface to _convert_range_to_networks */
vector<IPNetwork> convertAddressRange(const IPAddress &start,
const IPAddress &end)
{
vector<IPNetwork> res;
IPNetwork::_convert_range_to_networks(start,end,res);
return res;
}
}
bool IPNetwork::_convert_range_to_networks(const IPAddress &start,
const IPAddress &end,
vector<IPNetwork> &res)
{
if (end < start) return false;
if (start == end)
{
res.push_back( IPNetwork(start, Netmask()) );
return false;
}
if (htonl(start.to32BitInt())==0l && htonl(end.to32BitInt())==0xffffffff)
{
res.push_back( IPNetwork(IPAddress("0.0.0.0"),Netmask("0.0.0.0")) );
return false;
}
guint32 size = htonl(end.to32BitInt()) - htonl(start.to32BitInt()) + 1;
if (size==2)
{
res.push_back( IPNetwork(start, Netmask()) );
res.push_back( IPNetwork(end, Netmask()) );
return false;
}
/* determine closest power of 2 which is less or equal to size */
guint32 l=size;
int m=0;
while ( l!=0 ) { l>>=1; m++; }
m--;
/* m represents number of bits in a netmask for the new subnet */
/* test start address to see if it is a good network address for netmask */
Netmask nm1(32-m); // new netmask
IPNetwork tn1(start,nm1);
IPAddress nstart;
IPAddress nend;
Netmask nnm;
if (start!=tn1.getAddress())
{
/* we can not use start address for the network because it shifts
* beginning of the range back after netmask is applied to it. Need to
* make netmask longer and then find the first address higher than
* start, which matches the netmask and can be used as a network
* address
*/
do
{
nstart=start;
nnm=Netmask(32-m); // new netmask
nstart.addMask( ~nnm );
nstart=nstart+1;
nend =nstart;
nend.addMask( ~nnm );
m--;
} while (m>0 && end < nend);
} else
{
nstart=start;
nnm=Netmask(32-m); // new netmask
nend =nstart;
nend.addMask( ~nnm );
}
/* new range starts from nstart and ends at nend */
res.push_back( IPNetwork(nstart,nnm) );
if (!(nstart == start))
{
/* there are some addresses between start and nstart */
while ( _convert_range_to_networks(start,nstart-1,res) );
}
if (!(nend == end))
{
/* the remainder of the original range is nend+1 - end */
while ( _convert_range_to_networks(nend+1,end,res) );
}
return false;
}
namespace libfwbuilder
{
vector<IPNetwork> getOverlap(const IPNetwork &n1,const IPNetwork &n2)
{
IPAddress s1 = n1.getAddress();
IPAddress s2 = n2.getAddress();
Netmask m1 = n1.getNetmask();
Netmask m2 = n2.getNetmask();
IPAddress e1 = s1; e1.addMask( ~m1 );
IPAddress e2 = s2; e2.addMask( ~m2 );
/*
* now both networks are represented by their first and last addresses
*
* we assume network 0.0.0.0/0.0.0.0 in fact represents the whole
* possible range of ip addresses (for ip v4 it is 0.0.0.0 -
* 255.255.255.255). Check for this condition and replace e1 or e2
* accordingly if needed.
*
* TODO: comparison with IPAddress() looks ugly. May be need to
* overload operator==(int) so we could compare with '0'
*
*/
if (s1==IPAddress() && m1==IPAddress()) e1=IPAddress("255.255.255.255");
if (s2==IPAddress() && m2==IPAddress()) e2=IPAddress("255.255.255.255");
vector<IPNetwork> res;
IPAddress rs,re;
if (e2<s1) return res;
if (s2<s1 && e2>s1 && e2<e1) { rs=s1; re=e2; }
if (s2>s1 && e2<e1) { rs=s2; re=e2; }
if (s2>s1 && s2<e1 && e2>e1) { rs=s2; re=e1; }
if (s2>e1) return res;
if (s2<s1 && e2>e1) { rs=s1; re=e1; }
if (s1==s2 && e1==e2) { rs=s1; re=e1; }
/* rb and re represent resulting address range boundaries */
IPNetwork::_convert_range_to_networks(rs,re,res);
return res;
}
vector<IPNetwork> substract(const IPNetwork &n1,const IPNetwork &n2)
{
IPAddress n1s = n1.getAddress();
IPAddress n2s = n2.getAddress();
Netmask n1m = n1.getNetmask();
Netmask n2m = n2.getNetmask();
IPAddress n1e = n1s; n1e.addMask( ~n1m );
IPAddress n2e = n2s; n2e.addMask( ~n2m );
/*
* now both networks are represented by their first and last addresses
*
* we assume network 0.0.0.0/0.0.0.0 in fact represents the whole
* possible range of ip addresses (for ip v4 it is 0.0.0.0 -
* 255.255.255.255). Check for this condition and replace n1e or n2e
* accordingly if needed.
*/
if (n1s.to32BitInt()==0 && n1e.to32BitInt()==0) n1e=IPAddress("255.255.255.255");
if (n2s.to32BitInt()==0 && n2e.to32BitInt()==0) n2e=IPAddress("255.255.255.255");
vector<IPNetwork> res;
if (/* n2s<n1s && */ n2e<n1s) {
res.push_back(n1);
}
if ( n2s<n1s && n2e>n1s) {
IPAddress rs=n2e + 1;
IPAddress re=n1e;
IPNetwork::_convert_range_to_networks(rs,re,res);
}
if ( n2s>n1s && n2e<n1e) {
IPAddress rs1=n1s;
IPAddress re1=n2s - 1;
IPNetwork::_convert_range_to_networks(rs1,re1,res);
IPAddress rs2=n2e + 1;
IPAddress re2=n1e;
IPNetwork::_convert_range_to_networks(rs2,re2,res);
}
if ( n2s>n1s && n2e>n1e) {
IPAddress rs=n1s;
IPAddress re=n2s - 1;
IPNetwork::_convert_range_to_networks(rs,re,res);
}
if (n2s>n1e /* && n2e>n1e */) {
res.push_back(n1);
}
if (n2s<n1s && n2e>n1e) {
/*
* Do nothing since in this case network n2 is bigger than n1 and n1
* is totally eclipsed by n2. Result is empty list.
*/
;
}
return res;
}
}
IPRoute::IPRoute(const IPRoute &o)
{
nm = o.nm ;
dst = o.dst ;
gw = o.gw ;
intf = o.intf?new Interface(*o.intf):NULL ;
direct = o.direct ;
}
IPRoute::~IPRoute()
{
delete intf;
}
IPRoute::IPRoute(const IPAddress &_dst, const Netmask &_nm, const IPAddress &_gw, const Interface *_intf, bool _direct)
{
nm = _nm ;
dst = _dst ;
gw = _gw ;
intf = _intf?new Interface(*_intf):NULL ;
direct = _direct ;
}

246
src/fwbuilder/IPAddress.h
View File

@ -1,246 +0,0 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: IPAddress.h 966 2006-08-18 03:59:32Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __IPADDRESS_HH_FLAG__
#define __IPADDRESS_HH_FLAG__
#include <string>
#include <vector>
#ifndef _WIN32
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
#else
# include <winsock2.h>
#endif
#include <fwbuilder/FWException.h>
typedef unsigned int guint32;
namespace libfwbuilder
{
class Netmask;
class IPAddress
{
protected:
friend class IPNetwork;
unsigned int octets[4];
virtual void validate() throw(FWException);
public:
explicit IPAddress();
virtual ~IPAddress();
IPAddress(const unsigned char *data, size_t len) throw(FWException);
IPAddress(const struct in_addr *) throw(FWException);
explicit IPAddress(const std::string &) throw(FWException, FWNotSupportedException);
IPAddress(const IPAddress &);
IPAddress& operator=(const IPAddress &);
friend IPAddress operator+(const IPAddress &a,const IPAddress &b);
friend IPAddress operator-(const IPAddress &a,const IPAddress &b);
friend IPAddress operator+(const IPAddress &a,int increment);
friend IPAddress operator-(const IPAddress &a,int decrement);
IPAddress& operator=(const std::string &s) throw(FWException, FWNotSupportedException);
IPAddress& addMask(const Netmask &b);
friend bool operator<(const IPAddress &a, const IPAddress &b);
friend bool operator==(const IPAddress &a, const IPAddress &b);
unsigned const int operator[](size_t pos) const { return octets[pos]; }
operator std::string() const { return toString(); }
operator guint32() const { return to32BitInt(); }
std::string toString() const;
guint32 to32BitInt() const;
/**
* Broadcast : 255.255.255.255 and 0.0.0.0,
*/
bool isBroadcast() const;
/**
* Multicast : 224.0.0.0 - 239.0.0.0
*/
bool isMulticast() const;
};
class Netmask: public IPAddress
{
protected:
virtual void validate() throw(FWException);
public:
explicit Netmask();
explicit Netmask(const std::string &) throw(FWException);
Netmask(const unsigned char *data, size_t len) throw(FWException);
Netmask(int n) throw(FWException); // creates netmask with 'n' bits set to '1'
/**
* This constructor creates natural classful netmask for given IP address
*
* Cheatsheet:
* Net Host Total
* Net Addr Addr Addr Number
* Class Range NetMask Bits Bits of hosts
* ----------------------------------------------------------
* A 0-127 255.0.0.0 8 24 16777216
* B 128-191 255.255.0.0 16 16 65536
* C 192-254 255.255.255.0 24 8 256
*
* (ref: RFC1375 & www.isi.edu/in-notes/iana/assignments/ipv4-address-space)
*
*/
explicit Netmask(const IPAddress &);
virtual ~Netmask();
/**
* returns the "length" of the netmask, that is number of bits set to '1'
* counting from left to right
*/
int getLength() const;
Netmask& operator=(const std::string &s) throw(FWException);
friend Netmask operator~(const Netmask &nm);
friend bool operator==(const Netmask &a, const Netmask &b);
};
class IPNetwork;
std::vector<IPNetwork> getOverlap(const IPNetwork &n1,const IPNetwork &n2);
std::vector<IPNetwork> substract(const IPNetwork &n1,const IPNetwork &n2);
std::vector<IPNetwork> convertAddressRange(const IPAddress &start,
const IPAddress &end);
class IPNetwork
{
private:
IPAddress address ;
Netmask netmask ;
int bcast_bits ;
static bool _convert_range_to_networks(const IPAddress &start,
const IPAddress &end,
std::vector<IPNetwork> &res);
public:
IPNetwork(const IPAddress &, const Netmask&, int bcast_bits=1);
const IPAddress &getAddress () const;
const Netmask &getNetmask () const;
IPAddress getBroadcastAddress () const;
/**
* Broadcast : 255.255.255.255 and 0.0.0.0,
*/
bool isBroadcast() const;
/**
* Multicast : 224.0.0.0 - 239.0.0.0
*/
bool isMulticast() const;
IPNetwork& operator=(const IPNetwork &o);
friend bool operator==(const IPNetwork &a, const IPNetwork &b);
friend bool operator<(const IPNetwork &a, const IPNetwork &b);
operator std::string() const { return address.toString()+"/"+netmask.toString(); }
bool belongs(const IPAddress &) const;
/**
* calculates overlapping part of two networks n1 and
* n2. Overlapping part is defined as in sets: if we think of
* networks as sets of addresses, then intersection contains all
* addresses that belong to both networks
*/
friend std::vector<IPNetwork> getOverlap(const IPNetwork &n1,const IPNetwork &n2);
/**
* substract network n2 from the network n1. The meaning of this
* operation is opposite to getOverlap: it returns all addresses
* that belong to n1 but do not belong to n2
*/
friend std::vector<IPNetwork> substract(const IPNetwork &n1,const IPNetwork &n2);
/**
* converts address range (defined by its start and end) to a
* bunch of networks
*/
friend std::vector<IPNetwork> convertAddressRange(const IPAddress &start,
const IPAddress &end);
};
class Interface;
class IPRoute
{
public:
IPRoute(const IPRoute &);
IPRoute(const IPAddress &_dst, const Netmask &_nm, const IPAddress &_gw, const Interface *_intf, bool _direct);
virtual ~IPRoute();
bool isDirect() const { return direct;}
const Netmask &getNetmask () const { return nm; }
const IPAddress &getDestination() const { return dst; }
const IPAddress &getGateway () const { return gw; }
/**
* @return interface associated with this route, or
* NULL if none.
*/
const Interface *getInterface () const { return intf; }
private:
Netmask nm ;
IPAddress dst ;
IPAddress gw ;
const Interface *intf;
bool direct ;
};
}
#endif

74
src/fwbuilder/IPRoute.cpp Normal file
View File

@ -0,0 +1,74 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddr.cpp 1034 2007-08-02 05:19:28Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <fwbuilder/libfwbuilder-config.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/IPRoute.h>
#include <fwbuilder/Interface.h>
#include <stdio.h>
#include <iostream>
#ifndef _WIN32
# include <sys/types.h>
# include <netinet/in.h>
#else
# include <winsock2.h>
#endif
using namespace std;
namespace libfwbuilder
{
IPRoute::IPRoute(const IPRoute &o)
{
nm = o.nm ;
dst = o.dst ;
gw = o.gw ;
intf = o.intf?new Interface(*o.intf):NULL ;
direct = o.direct ;
}
IPRoute::~IPRoute()
{
delete intf;
}
IPRoute::IPRoute(const InetAddr &_dst, const InetNetmask &_nm, const InetAddr &_gw, const Interface *_intf, bool _direct)
{
nm = _nm ;
dst = _dst ;
gw = _gw ;
intf = _intf?new Interface(*_intf):NULL ;
direct = _direct ;
}
}

81
src/fwbuilder/IPRoute.h Normal file
View File

@ -0,0 +1,81 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: IPRoute.h 966 2006-08-18 03:59:32Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __IPROUTE_HH_FLAG__
#define __IPROUTE_HH_FLAG__
#include <string>
#include <vector>
#ifndef _WIN32
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
#else
# include <winsock2.h>
#endif
#include <fwbuilder/FWException.h>
#include <fwbuilder/InetAddr.h>
namespace libfwbuilder
{
class Interface;
class IPRoute
{
public:
IPRoute(const IPRoute &);
IPRoute(const InetAddr &_dst, const InetNetmask &_nm, const InetAddr &_gw,
const Interface *_intf, bool _direct);
virtual ~IPRoute();
bool isDirect() const { return direct;}
const InetNetmask &getNetmask () const { return nm; }
const InetAddr &getDestination() const { return dst; }
const InetAddr &getGateway () const { return gw; }
/**
* @return interface associated with this route, or
* NULL if none.
*/
const Interface *getInterface () const { return intf; }
private:
InetNetmask nm ;
InetAddr dst ;
InetAddr gw ;
const Interface *intf;
bool direct ;
};
}
#endif

70
src/fwbuilder/IPv4.cpp
View File

@ -24,7 +24,22 @@
*/
/*
Class IPv4 serves two purposes:
- it is used to describe configuration of an interface which consists
of an address and netmask
- it is used to describe a single standalone address object (in the tree,
under Objects/Addresses)
Even though class Network also has address and netmask, IPv4 objects are
recognized by compilers as single addresses.
*/
#include <assert.h>
#include <iostream>
#include <fwbuilder/libfwbuilder-config.h>
@ -37,30 +52,11 @@ using namespace libfwbuilder;
const char *IPv4::TYPENAME={"IPv4"};
IPv4::IPv4(const IPv4 &i):Address()
{
FWObject::operator=(i);
}
IPv4::IPv4() : Address()
{}
IPv4::IPv4():Address()
{
setName("address");
setAddress("0.0.0.0");
setNetmask("0.0.0.0");
}
IPv4::IPv4(const FWObject *root,bool prepopulate) : Address(root,prepopulate)
{
setName("address");
setAddress("0.0.0.0");
setNetmask("0.0.0.0");
}
IPv4::IPv4(const string& a,const string& nm):Address()
{
setAddress(a);
setNetmask(nm);
}
IPv4::IPv4(const FWObject *root, bool prepopulate) : Address(root, prepopulate)
{}
IPv4::~IPv4() {}
@ -75,26 +71,28 @@ void IPv4::fromXML(xmlNodePtr root) throw(FWException)
n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("address")));
assert(n!=NULL);
setStr("address", n);
setAddress(InetAddr(n));
FREEXMLBUFF(n);
n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("netmask")));
assert(n!=NULL);
setStr("netmask", n);
if (strlen(n)) setNetmask(InetNetmask(n));
else setNetmask(InetNetmask(0));
FREEXMLBUFF(n);
}
IPNetwork IPv4::getIPNetwork() const throw(FWException)
xmlNodePtr IPv4::toXML(xmlNodePtr xml_parent_node) throw(FWException)
{
return IPNetwork(IPAddress(getStr("address")), Netmask(getStr("netmask")) );
xmlNodePtr me = FWObject::toXML(xml_parent_node);
xmlNewProp(me,
TOXMLCAST("address"),
STRTOXMLCAST(getAddress().toString()));
xmlNewProp(me,
TOXMLCAST("netmask"),
STRTOXMLCAST(getNetmask().toString()));
return me;
}
void IPv4::setAddress(const std::string &a) { setStr("address",a);}
void IPv4::setAddress(const IPAddress &a) { setStr("address" , a.toString() );}
void IPv4::setNetmask(const std::string &nm){ setStr("netmask" , nm );}
void IPv4::setNetmask(const Netmask &nm) { setStr("netmask" , nm.toString() );}
IPAddress IPv4::getAddress() const{ return IPAddress( getStr("address") );}
Netmask IPv4::getNetmask() const{ return Netmask( getStr("netmask") );}
guint32 IPv4::dimension() const{ return 1;}

21
src/fwbuilder/IPv4.h
View File

@ -37,31 +37,22 @@ namespace libfwbuilder
class IPv4 : public Address
{
public:
private:
public:
IPv4();
IPv4(const FWObject *root,bool prepopulate);
IPv4(const IPv4 &i);
IPv4(const std::string& addr,const std::string& mask);
virtual ~IPv4();
virtual void fromXML(xmlNodePtr parent) throw(FWException);
virtual xmlNodePtr toXML(xmlNodePtr xml_parent_node) throw(FWException);
virtual unsigned int dimension() const { return 1; }
DECLARE_FWOBJECT_SUBTYPE(IPv4);
IPNetwork getIPNetwork() const throw(FWException);
void setAddress(const std::string &a);
void setNetmask(const std::string &nm);
virtual IPAddress getAddress() const;
virtual Netmask getNetmask() const;
virtual guint32 dimension() const;
virtual void setAddress(const IPAddress &a);
virtual void setNetmask(const Netmask &nm);
};
}

132
src/fwbuilder/Inet6Addr.cpp Normal file
View File

@ -0,0 +1,132 @@
/*
Firewall Builder
Copyright (C) 2008 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: Inet6Addr.cpp 1034 2007-08-02 05:19:28Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <fwbuilder/libfwbuilder-config.h>
#include <fwbuilder/Inet6Addr.h>
#include <fwbuilder/Interface.h>
#include <stdio.h>
#include <iostream>
#ifndef _WIN32
# include <sys/types.h>
# include <netinet/in.h>
#else
# include <winsock2.h>
#endif
using namespace std;
namespace libfwbuilder
{
Inet6Addr::Inet6Addr(const string &s)
throw(FWException, FWNotSupportedException)
{
if (inet_pton(AF_INET6, s.c_str(), &ipv4) == 0)
throw FWException(string("Invalid IPv6 address: '")+s+"'");
}
Inet6Addr::Inet6Addr(const Inet6Addr &o)
{
*this = o;
}
Inet6Addr::Inet6Addr(const char *data) throw(FWException)
{
if(!data)
throw FWException("NULL IP address data..");
if (inet_pton(AF_INET6, data, &ipv4) == 0)
throw FWException(string("Invalid IP address: '")+string(data)+"'");
}
Inet6Addr::Inet6Addr(const struct in6_addr *na) throw(FWException)
{
if (int i=0; i<4; ++i)
ipv6.s_addr32[i] = na->s_addr32[i];
}
/*****************************************************************
*
* Inet6Netmask
*/
Inet6Netmask::Inet6Netmask() : Inet6Addr() {}
Inet6Netmask::Inet6Netmask(const Inet6Addr& nm)
{
if (int i=0; i<4; ++i)
ipv6.s_addr32[i] = nm.s_addr32[i];
}
Inet6Netmask::Inet6Netmask(const char *data) throw(FWException) : Inet6Addr(data)
{
}
Inet6Netmask::Inet6Netmask(const string &s) throw(FWException) : Inet6Addr(s)
{
}
// Set netmask to 'n' bits
Inet6Netmask::Inet6Netmask(int n) throw(FWException)
{
if (n<0 || n>32) throw FWException(string("Invalid netmask length"));
unsigned long nm_bits = 0;
int i = n;
while (i>0)
{
nm_bits >>= 1;
nm_bits |= 0x80000000;
i--;
}
ipv4.s_addr = htonl(nm_bits);
}
Inet6Netmask::~Inet6Netmask()
{
}
int Inet6Netmask::getLength() const
{
if (ipv4.s_addr == INADDR_BROADCAST) return 32;
if (ipv4.s_addr == 0) return 0;
unsigned int n = ntohl(ipv4.s_addr);
int i=0;
while (n)
{
n=n<<1;
i++;
}
return i;
}
}

244
src/fwbuilder/Inet6Addr.h Normal file
View File

@ -0,0 +1,244 @@
/*
Firewall Builder
Copyright (C) 2008 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddr.h 966 2006-08-18 03:59:32Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __INET6ADDR_HH_FLAG__
#define __INET6ADDR_HH_FLAG__
#include <string>
#include <vector>
#ifndef _WIN32
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
#else
# include <winsock2.h>
#endif
#include <fwbuilder/InetAddr.h>
namespace libfwbuilder
{
/**
* Class Inet6Addr is a wrapper for struct in6_addr
*
*/
class Inet6Addr : public InetAddr
{
protected:
friend class IPv6Network;
// Address in network order
struct in6_addr ipv6;
public:
explicit Inet6Addr() { ipv6 = IN6ADDR_ANY_INIT; }
virtual ~Inet6Addr() {}
Inet6Addr(const char *data) throw(FWException);
Inet6Addr(const struct in6_addr*) throw(FWException);
explicit Inet6Addr(const std::string&)
throw(FWException, FWNotSupportedException);
Inet6Addr(const Inet6Addr &);
static inline Inet6Addr getAny()
{
return Inet6Addr();
}
static inline Inet6Addr getAllOnes()
{
struct in6_addr allones;
allones.s_addr32[0] = 0xffffffff;
allones.s_addr32[1] = 0xffffffff;
allones.s_addr32[2] = 0xffffffff;
allones.s_addr32[3] = 0xffffffff;
return Inet6Addr(&allones);
}
static inline Inet6Addr getLoopbackAddr()
{
struct in6_addr loopback;
loopback = htonl(IN6ADDR_LOOPBACK_INIT);
return Inet6Addr(&loopback);
}
inline virtual std::string toString() const
{
char ntop_buf[INET6_ADDRSTRLEN];
const char *cp;
cp = inet_ntop(AF_INET6, &ipv6, ntop_buf, sizeof(ntop_buf));
return std::string(strdup(cp));
}
/**
* Broadcast : there are no broadcast addresses in ipv6
* However some multicast addresses serve similar purpose. For example
* "link-scope all-hosts multicast" address ff02::1 corresponds to
* the ipv4 broadcast 255.255.255.255
*/
inline virtual bool isBroadcast() const
{
return IN6_IS_ADDR_MC_LINKLOCAL(ipv6);
}
/**
* Multicast
*/
inline virtual bool isMulticast() const
{
return IN6_IS_ADDR_MULTICAST(ntohl(ipv6));
}
/**
* Unspecified ipv6 address
*/
inline virtual bool isAny() const
{
return (IN6_IS_ADDR_UNSPECIFIED(ipv6));
}
/**
* calculate distance between _this_ address and address a2 and return
* it as int.
* This method is limited, it only calculates distance between two
* ipv6 addresses
*/
inline virtual int distance(const Inet6Addr &a2)
{
return a2.to32BitInt() - to32BitInt() + 1;
}
/*****************************************************************/
inline friend Inet6Addr operator&(const Inet6Addr &addr,
const Inet6Addr &mask)
{
struct in6_addr res;
for (int i=0; i<4; ++i)
res.s_addr32[i] =
htonl(ntohl(addr.ipv6.s_addr32[i]) & ntohl(mask.ipv6.s_addr32[i]));
return Inet6Addr(&res);
}
inline friend Inet6Addr operator|(const Inet6Addr &addr,
const Inet6Addr &mask)
{
struct in6_addr res;
for (int i=0; i<4; ++i)
res.s_addr32[i] =
htonl(ntohl(addr.ipv6.s_addr32[i]) | ntohl(mask.ipv6.s_addr32[i]));
return Inet6Addr(&res);
}
inline friend Inet6Addr operator+(const Inet6Addr &addr, int increment)
{
struct in6_addr res;
res.s_addr = htonl(ntohl(addr.ipv6.s_addr32[3]) + increment);
return Inet6Addr(&res);
}
inline friend Inet6Addr operator-(const Inet6Addr &addr,int decrement)
{
struct in6_addr res;
res.s_addr = htonl(ntohl(addr.ipv6.s_addr32[3]) - decrement);
return Inet6Addr(&res);
}
inline Inet6Addr& operator=(const Inet6Addr &addr)
{
for (int i=0; i<4; ++i)
ipv6.s_addr32[i] = addr.ipv6.s_addr32[i];
return *this;
}
inline friend bool operator<(const Inet6Addr &a, const Inet6Addr &b)
{
return (ntohl(a.ipv6.s_addr32[3] ) < ntohl( b.ipv6.s_addr32[3]));
}
inline friend bool operator>(const Inet6Addr &a, const Inet6Addr &b)
{
return (ntohl(a.ipv6.s_addr32[3] ) > ntohl( b.ipv6.s_addr32[3]));
}
inline friend bool operator==(const Inet6Addr &a, const Inet6Addr &b)
{
return (IN6_ARE_ADDR_EQUAL(a.ipv6, b.ipv6));
}
inline friend bool operator!=(const Inet6Addr &a, const Inet6Addr &b)
{
return (!(IN6_ARE_ADDR_EQUAL(a.ipv6, b.ipv6)));
}
};
/*
* class Inet6Netmask represents netmask. The only difference between it
* and its base class InetAddr is that its constructor can accept
* an integer that defines netmask length. Correspondingly, this class
* has a method that returns the length of the netmask.
*/
class Inet6Netmask: public Inet6Addr
{
public:
explicit Inet6Netmask();
explicit Inet6Netmask(const std::string &) throw(FWException);
Inet6Netmask(const char *data) throw(FWException);
Inet6Netmask(int n) throw(FWException); // creates netmask 'n' bits long
explicit Inet6Netmask(const Inet6Addr &);
virtual ~Inet6Netmask();
/**
* returns the "length" of the netmask, that is number of bits set to '1'
* counting from left to right
*/
int getLength() const;
/**
* for netmasks: return true if this is host mask, i.e. all '1'
*/
inline bool isHostMask() const
{
return (ipv6.s_addr32[0] == 0xffffffff &&
ipv6.s_addr32[1] == 0xffffffff &&
ipv6.s_addr32[2] == 0xffffffff &&
ipv6.s_addr32[3] == 0xffffffff);
}
};
}
#endif

127
src/fwbuilder/InetAddr.cpp Normal file
View File

@ -0,0 +1,127 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddr.cpp 1034 2007-08-02 05:19:28Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <fwbuilder/libfwbuilder-config.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/Interface.h>
#include <stdio.h>
#include <iostream>
#ifndef _WIN32
# include <sys/types.h>
# include <netinet/in.h>
#else
# include <winsock2.h>
#endif
using namespace std;
namespace libfwbuilder
{
InetAddr::InetAddr(const string &s)
throw(FWException, FWNotSupportedException)
{
if (inet_aton(s.c_str(), &ipv4)==0)
throw FWException(string("Invalid IP address: '")+s+"'");
}
InetAddr::InetAddr(const InetAddr &o)
{
*this = o;
}
InetAddr::InetAddr(const char *data) throw(FWException)
{
if(!data)
throw FWException("NULL IP address data..");
if (inet_aton(data, &ipv4)==0)
throw FWException(string("Invalid IP address: '")+string(data)+"'");
}
InetAddr::InetAddr(const struct in_addr *na) throw(FWException)
{
ipv4.s_addr = na->s_addr;
}
/*****************************************************************
*
* InetNetmask
*/
InetNetmask::InetNetmask() : InetAddr() {}
InetNetmask::InetNetmask(const InetAddr& a) : InetAddr(a) {}
InetNetmask::InetNetmask(const char *data) throw(FWException) : InetAddr(data)
{
}
InetNetmask::InetNetmask(const string &s) throw(FWException) : InetAddr(s)
{
}
// Set netmask to 'n' bits
InetNetmask::InetNetmask(int n) throw(FWException)
{
if (n<0 || n>32) throw FWException(string("Invalid netmask length"));
unsigned long nm_bits = 0;
int i = n;
while (i>0)
{
nm_bits >>= 1;
nm_bits |= 0x80000000;
i--;
}
ipv4.s_addr = htonl(nm_bits);
}
InetNetmask::~InetNetmask()
{
}
int InetNetmask::getLength() const
{
if (ipv4.s_addr == INADDR_BROADCAST) return 32;
if (ipv4.s_addr == 0) return 0;
unsigned int n = ntohl(ipv4.s_addr);
int i=0;
while (n)
{
n=n<<1;
i++;
}
return i;
}
}

233
src/fwbuilder/InetAddr.h Normal file
View File

@ -0,0 +1,233 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddr.h 966 2006-08-18 03:59:32Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __INETADDR_HH_FLAG__
#define __INETADDR_HH_FLAG__
#include <string>
#include <vector>
#ifndef _WIN32
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
#else
# include <winsock2.h>
#endif
#include <fwbuilder/FWException.h>
namespace libfwbuilder
{
/**
* Class InetAddr is a wrapper for struct inet_addr
*
*/
class InetAddr
{
protected:
friend class InetAddrMask;
// Address in network order
struct in_addr ipv4;
public:
explicit InetAddr() { ipv4.s_addr = 0; }
virtual ~InetAddr() {}
InetAddr(const char *data) throw(FWException);
InetAddr(const struct in_addr*) throw(FWException);
explicit InetAddr(const std::string&)
throw(FWException, FWNotSupportedException);
InetAddr(const InetAddr &);
static inline InetAddr getAny()
{
return InetAddr();
}
static inline InetAddr getAllOnes()
{
struct in_addr allones;
allones.s_addr = 0xffffffff;
return InetAddr(&allones);
}
static inline InetAddr getLoopbackAddr()
{
struct in_addr loopback;
loopback.s_addr = htonl(INADDR_LOOPBACK);
return InetAddr(&loopback);
}
inline virtual std::string toString() const
{
return std::string(strdup(inet_ntoa(ipv4)));
}
/**
* Broadcast : 255.255.255.255
*/
inline virtual bool isBroadcast() const
{
return ipv4.s_addr == INADDR_BROADCAST;
}
/**
* Multicast : 224.0.0.0 - 239.0.0.0
*/
inline virtual bool isMulticast() const
{
return IN_MULTICAST(ntohl(ipv4.s_addr));
}
/**
* INADDR_ANY: 0
*/
inline virtual bool isAny() const
{
return ipv4.s_addr == INADDR_ANY;
}
/**
* calculate distance between _this_ address and address a2 and return
* it as int
*/
inline virtual int distance(const InetAddr &a2) const
{
return ntohl(a2.ipv4.s_addr) - ntohl(ipv4.s_addr) + 1;
}
/*****************************************************************/
inline friend InetAddr operator&(const InetAddr &addr,
const InetAddr &mask)
{
struct in_addr res;
res.s_addr = htonl(ntohl(addr.ipv4.s_addr) & ntohl(mask.ipv4.s_addr));
return InetAddr(&res);
}
inline friend InetAddr operator|(const InetAddr &addr,
const InetAddr &mask)
{
struct in_addr res;
res.s_addr = htonl(ntohl(addr.ipv4.s_addr) | ntohl(mask.ipv4.s_addr));
return InetAddr(&res);
}
inline friend InetAddr operator+(const InetAddr &addr, int increment)
{
struct in_addr res;
res.s_addr = htonl(ntohl(addr.ipv4.s_addr) + increment);
return InetAddr(&res);
}
inline friend InetAddr operator-(const InetAddr &addr,int decrement)
{
struct in_addr res;
res.s_addr = htonl(ntohl(addr.ipv4.s_addr) - decrement);
return InetAddr(&res);
}
inline InetAddr& operator=(const InetAddr &addr)
{
ipv4.s_addr = addr.ipv4.s_addr;
return *this;
}
inline friend bool operator<(const InetAddr &a, const InetAddr &b)
{
return (ntohl( a.ipv4.s_addr ) < ntohl( b.ipv4.s_addr ));
}
inline friend bool operator>(const InetAddr &a, const InetAddr &b)
{
return (ntohl( a.ipv4.s_addr ) > ntohl( b.ipv4.s_addr ));
}
inline friend bool operator==(const InetAddr &a, const InetAddr &b)
{
return a.ipv4.s_addr == b.ipv4.s_addr;
}
inline friend bool operator!=(const InetAddr &a, const InetAddr &b)
{
return a.ipv4.s_addr != b.ipv4.s_addr;
}
inline friend InetAddr operator~(const InetAddr &a)
{
struct in_addr res;
res.s_addr = htonl(~(ntohl(a.ipv4.s_addr)));
return InetAddr(&res);
}
};
/*
* class InetNetmask represents netmask. The only difference between it
* and its base class InetAddr is that its constructor can accept
* an integer that defines netmask length. Correspondingly, this class
* has a method that returns the length of the netmask.
*/
class InetNetmask: public InetAddr
{
public:
explicit InetNetmask();
explicit InetNetmask(const std::string &) throw(FWException);
InetNetmask(const char *data) throw(FWException);
InetNetmask(int n) throw(FWException); // creates netmask 'n' bits long
explicit InetNetmask(const InetAddr &);
virtual ~InetNetmask();
/**
* returns the "length" of the netmask, that is number of bits set to '1'
* counting from left to right
*/
int getLength() const;
/**
* for netmasks: return true if this is host mask, i.e. all '1'
*/
inline bool isHostMask() const
{
return ipv4.s_addr == INADDR_BROADCAST;
}
};
}
#endif

406
src/fwbuilder/InetAddrMask.cpp Normal file
View File

@ -0,0 +1,406 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddr.cpp 1034 2007-08-02 05:19:28Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <fwbuilder/libfwbuilder-config.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/Interface.h>
#include <stdio.h>
#include <iostream>
#include <string>
#ifndef _WIN32
# include <sys/types.h>
# include <netinet/in.h>
#else
# include <winsock2.h>
#endif
using namespace std;
using namespace libfwbuilder;
void InetAddrMask::setNetworkAndBroadcastAddress()
{
*network_address = *address & *netmask;
*broadcast_address = *address | (~(*netmask));
}
InetAddrMask::InetAddrMask()
{
address = new InetAddr();
netmask = new InetNetmask();
broadcast_address = new InetAddr();
network_address = new InetAddr();
}
InetAddrMask::InetAddrMask(const InetAddr &a, const InetNetmask &n)
{
address = new InetAddr(a & n);
netmask = new InetNetmask(n);
broadcast_address = new InetAddr();
network_address = new InetAddr();
setNetworkAndBroadcastAddress();
}
InetAddrMask::InetAddrMask(const InetAddrMask& other)
{
address = new InetAddr(*(other.address));
netmask = new InetNetmask(*(other.netmask));
broadcast_address = new InetAddr();
network_address = new InetAddr();
setNetworkAndBroadcastAddress();
}
InetAddrMask::InetAddrMask(const string &s) throw(FWException)
{
address = new InetAddr();
netmask = new InetNetmask();
broadcast_address = new InetAddr();
network_address = new InetAddr();
if(s.find_first_not_of(".1234567890/")!=string::npos)
{
throw FWException(string("Invalid IP address: '")+s+"'");
}
string::size_type pos=s.find("/");
if (pos==string::npos)
{
setAddress(InetAddr(s));
setNetmask(InetNetmask(InetAddr::getAllOnes()));
}
else
{
setAddress(InetAddr(s.substr(0,pos)));
string netm = s.substr(pos+1);
if (netm.find(".")==string::npos)
{
// netmask is represented as /NN (length in bits)
int d = atoi(netm.c_str());
*netmask = InetNetmask(d);
}
else
{
setNetmask(InetNetmask(netm));
}
}
setNetworkAndBroadcastAddress();
}
InetAddrMask::~InetAddrMask()
{
delete address;
delete netmask;
delete network_address;
delete broadcast_address;
}
void InetAddrMask::setAddress(const InetAddr &a)
{
*address = a;
setNetworkAndBroadcastAddress();
}
void InetAddrMask::setNetmask(const InetNetmask &nm)
{
*netmask = nm;
setNetworkAndBroadcastAddress();
}
// check if address 'o' belongs to the network
bool InetAddrMask::belongs(const InetAddr &o) const
{
return ((o & *netmask) == *network_address);
}
unsigned int InetAddrMask::dimension() const
{
/*
* TODO: this code not portable 'cause it implies specific to IPv4
* maximum length of netmask
*/
int masklength = netmask->getLength();
if (masklength==0) return 0;
unsigned int u = 1;
for (int i=0; i<32-masklength; ++i) u<<=1;
return u;
}
InetAddrMask& InetAddrMask::operator=(const InetAddrMask &o)
{
*address = *(o.address);
*netmask = *(o.netmask);
setNetworkAndBroadcastAddress();
return *this;
}
bool libfwbuilder::operator==(const InetAddrMask &a, const InetAddrMask &b)
{
return a.getNetmask() == b.getNetmask() && a.getAddress() == b.getAddress();
}
bool libfwbuilder::operator<(const InetAddrMask &a, const InetAddrMask &b)
{
return a.getAddress() < b.getAddress();
}
/* this is just a better interface to _convert_range_to_networks */
vector<InetAddrMask> libfwbuilder::convertAddressRange(const InetAddr &start,
const InetAddr &end)
{
vector<InetAddrMask> res;
_convert_range_to_networks(start,end,res);
return res;
}
bool libfwbuilder::_convert_range_to_networks(const InetAddr &start,
const InetAddr &end,
vector<InetAddrMask> &res)
{
if (end < start) return false;
if (start == end)
{
res.push_back(InetAddrMask(start, InetNetmask(InetAddr::getAllOnes())));
return false;
}
if (start.isAny() && end.isBroadcast())
{
res.push_back( InetAddrMask() );
return false;
}
unsigned int size = start.distance(end);
if (size==2)
{
res.push_back(InetAddrMask(start, InetNetmask(InetAddr::getAllOnes())));
res.push_back(InetAddrMask(end, InetNetmask(InetAddr::getAllOnes())));
return false;
}
/* determine closest power of 2 which is less or equal to size */
unsigned int l = size;
int mask_bits = 0;
while ( l!=0 ) { l>>=1; mask_bits++; }
mask_bits--;
mask_bits = 32 - mask_bits;
/* mask_bits represents number of '1'in the netmask for the new subnet */
/* test start address to see if it is a good network address for netmask */
InetNetmask nm1(mask_bits); // new netmask
InetAddrMask tn1(start, nm1);
InetAddr nstart;
InetAddr nend;
InetNetmask nnm;
nstart = start;
if (start!=tn1.getAddress())
{
/* we can not use start address for the network because it shifts
* beginning of the range back after netmask is applied to it. Need to
* make netmask longer and then find the first address higher than
* start, which matches the netmask and can be used as a network
* address
*/
do
{
mask_bits++;
nnm = InetNetmask(mask_bits);
tn1 = InetAddrMask(nstart, nnm);
} while (start!=tn1.getAddress() and mask_bits>0);
nend = nstart;
nend = nend | (~nnm);
} else
{
/* find shortest netmask that yields subnet with end address within
* required range. Start with very short netmask and keep making it longer
* while the end of the subnet it defines is still above required end of
* the range. Once the end moves inside the range, stop.
*/
mask_bits--;
do
{
mask_bits++;
nnm = InetNetmask(mask_bits); // new netmask
nend = start;
nend = nend | (~nnm);
} while (nend > end);
}
/* new range starts from nstart and ends at nend */
res.push_back( InetAddrMask(nstart, nnm) );
if (!(nstart == start))
{
/* there are some addresses between start and nstart */
while ( libfwbuilder::_convert_range_to_networks(start,nstart-1,res) );
}
if (!(nend == end))
{
/* the remainder of the original range is nend+1 - end */
while ( libfwbuilder::_convert_range_to_networks(nend+1,end,res) );
}
return false;
}
vector<InetAddrMask> libfwbuilder::getOverlap(const InetAddrMask &n1,
const InetAddrMask &n2)
{
const InetAddr& s1 = n1.getAddress();
const InetAddr& s2 = n2.getAddress();
const InetNetmask& m1 = n1.getNetmask();
const InetNetmask& m2 = n2.getNetmask();
InetAddr e1 = s1 | (~m1);
InetAddr e2 = s2 | (~m2);
/*
* now both networks are represented by their first and last addresses
*
* we assume network 0.0.0.0/0.0.0.0 in fact represents the whole
* possible range of ip addresses (for ip v4 it is 0.0.0.0 -
* 255.255.255.255). Check for this condition and replace e1 or e2
* accordingly if needed.
*
* TODO: comparison with InetAddr() looks ugly. May be need to
* overload operator==(int) so we could compare with '0'
*
*/
if (s1==InetAddr() && m1==InetAddr()) e1=InetAddr(InetAddr::getAllOnes());
if (s2==InetAddr() && m2==InetAddr()) e2=InetAddr(InetAddr::getAllOnes());
vector<InetAddrMask> res;
InetAddr rs,re;
if (e2<s1) return res;
if (s2<s1 && e2>s1 && e2<e1) { rs=s1; re=e2; }
if (s2>s1 && e2<e1) { rs=s2; re=e2; }
if (s2>s1 && s2<e1 && e2>e1) { rs=s2; re=e1; }
if (s2>e1) return res;
if (s2<s1 && e2>e1) { rs=s1; re=e1; }
if (s1==s2 && e1==e2) { rs=s1; re=e1; }
/* rb and re represent resulting address range boundaries */
libfwbuilder::_convert_range_to_networks(rs,re,res);
return res;
}
vector<InetAddrMask> libfwbuilder::substract(const InetAddrMask &n1,
const InetAddrMask &n2)
{
InetAddr n1s = n1.getAddress();
InetAddr n2s = n2.getAddress();
InetNetmask n1m = n1.getNetmask();
InetNetmask n2m = n2.getNetmask();
InetAddr n1e = n1s; n1e = n1e | (~n1m);
InetAddr n2e = n2s; n2e = n2e | (~n2m);
/*
* now both networks are represented by their first and last addresses
*
* we assume network 0.0.0.0/0.0.0.0 in fact represents the whole
* possible range of ip addresses (for ip v4 it is 0.0.0.0 -
* 255.255.255.255). Check for this condition and replace n1e or n2e
* accordingly if needed.
*/
if (n1s.isAny() && n1e.isAny())
n1e=InetAddr(InetAddr::getAllOnes());
if (n2s.isAny() && n2e.isAny())
n2e=InetAddr(InetAddr::getAllOnes());
vector<InetAddrMask> res;
if (/* n2s<n1s && */ n2e<n1s)
{
res.push_back(n1);
}
if ( n2s<n1s && n2e>n1s)
{
InetAddr rs=n2e + 1;
InetAddr re=n1e;
libfwbuilder::_convert_range_to_networks(rs,re,res);
}
if ( n2s>n1s && n2e<n1e)
{
InetAddr rs1=n1s;
InetAddr re1=n2s - 1;
libfwbuilder::_convert_range_to_networks(rs1,re1,res);
InetAddr rs2=n2e + 1;
InetAddr re2=n1e;
libfwbuilder::_convert_range_to_networks(rs2,re2,res);
}
if ( n2s>n1s && n2e>n1e)
{
InetAddr rs=n1s;
InetAddr re=n2s - 1;
libfwbuilder::_convert_range_to_networks(rs,re,res);
}
if (n2s>n1e /* && n2e>n1e */)
{
res.push_back(n1);
}
if (n2s<n1s && n2e>n1e)
{
/*
* Do nothing since in this case network n2 is bigger than n1 and n1
* is totally eclipsed by n2. Result is empty list.
*/
;
}
return res;
}

145
src/fwbuilder/InetAddrMask.h Normal file
View File

@ -0,0 +1,145 @@
/*
Firewall Builder
Copyright (C) 2000 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id: InetAddrMask.h 966 2006-08-18 03:59:32Z vkurland $
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* This class is a holder of a pair address / netmask.
* It can act both as a container for the address/netmask configuration
* data (such as for an interface) or as a network.
*
* TODO(vadim): need better name. InetNetwork ? InetAddrMaskPair ?
*/
#ifndef __INETADDRMASK_HH_FLAG__
#define __INETADDRMASK_HH_FLAG__
#include <string>
#include <vector>
#ifndef _WIN32
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
#else
# include <winsock2.h>
#endif
#include <fwbuilder/FWException.h>
#include <fwbuilder/InetAddr.h>
namespace libfwbuilder
{
class InetAddrMask;
std::vector<InetAddrMask> getOverlap(const InetAddrMask &n1,
const InetAddrMask &n2);
std::vector<InetAddrMask> substract(const InetAddrMask &n1,
const InetAddrMask &n2);
std::vector<InetAddrMask> convertAddressRange(const InetAddr &start,
const InetAddr &end);
bool _convert_range_to_networks(const InetAddr &start,
const InetAddr &end,
std::vector<InetAddrMask> &res);
class InetAddrMask
{
private:
InetAddr* address;
InetNetmask* netmask;
InetAddr* broadcast_address;
InetAddr* network_address;
void setNetworkAndBroadcastAddress();
public:
InetAddrMask();
InetAddrMask(const InetAddr&, const InetNetmask&);
InetAddrMask(const std::string &s) throw(FWException);
InetAddrMask(const InetAddrMask&);
virtual ~InetAddrMask();
virtual const InetAddr& getAddress() const { return *address; }
virtual const InetAddr* getAddressPtr() const { return address; }
virtual const InetNetmask& getNetmask() const { return *netmask; }
virtual const InetNetmask* getNetmaskPtr() const { return netmask; }
virtual const InetAddr& getNetworkAddress() const {
return *network_address; }
virtual const InetAddr& getBroadcastAddress() const {
return *broadcast_address; }
virtual const InetAddr* getBroadcastAddressPtr() const {
return broadcast_address; }
virtual void setAddress(const InetAddr &a);
virtual void setNetmask(const InetNetmask &nm);
virtual unsigned int dimension() const;
InetAddrMask& operator=(const InetAddrMask &o);
friend bool operator==(const InetAddrMask &a, const InetAddrMask &b);
friend bool operator<(const InetAddrMask &a, const InetAddrMask &b);
std::string toString() const
{
return address->toString()+"/"+netmask->toString();
}
bool belongs(const InetAddr &) const;
/**
* calculates overlapping part of two networks n1 and
* n2. Overlapping part is defined as in sets: if we think of
* networks as sets of addresses, then intersection contains all
* addresses that belong to both networks
*/
friend std::vector<InetAddrMask> getOverlap(const InetAddrMask &n1,
const InetAddrMask &n2);
/**
* substract network n2 from the network n1. The meaning of this
* operation is opposite to getOverlap: it returns all addresses
* that belong to n1 but do not belong to n2
*/
friend std::vector<InetAddrMask> substract(const InetAddrMask &n1,
const InetAddrMask &n2);
/**
* converts address range (defined by its start and end) to a
* bunch of networks
*/
friend std::vector<InetAddrMask> convertAddressRange(const InetAddr &start,
const InetAddr &end);
};
}
#endif

77
src/fwbuilder/Interface.cpp
View File

@ -175,14 +175,18 @@ xmlNodePtr Interface::toXML(xmlNodePtr parent) throw(FWException)
xmlNodePtr me = FWObject::toXML(parent, false);
FWObject *o;
for(FWObjectTypedChildIterator j1=findByType(IPv4::TYPENAME); j1!=j1.end(); ++j1)
for(FWObjectTypedChildIterator j1=findByType(IPv4::TYPENAME);
j1!=j1.end(); ++j1)
{
if((o=(*j1))!=NULL )
o->toXML(me);
for(FWObjectTypedChildIterator j2=findByType(physAddress::TYPENAME); j2!=j2.end(); ++j2)
}
for(FWObjectTypedChildIterator j2=findByType(physAddress::TYPENAME);
j2!=j2.end(); ++j2)
{
if((o=(*j2))!=NULL )
o->toXML(me);
}
o=getFirstByType( InterfacePolicy::TYPENAME );
if (o) o->toXML(me);
@ -240,12 +244,13 @@ void Interface::setBroadcastBits(int _val) { bcast_bits=_val; }
bool Interface::validateChild(FWObject *o)
{
string otype=o->getTypeName();
return (otype==IPv4::TYPENAME || otype==physAddress::TYPENAME || otype==InterfacePolicy::TYPENAME );
return (otype==IPv4::TYPENAME || otype==physAddress::TYPENAME ||
otype==InterfacePolicy::TYPENAME );
}
bool Interface::isLoopback() const
{
return (getAddress()==IPAddress("127.0.0.1"));
return (getAddress() == InetAddr::getLoopbackAddr());
}
physAddress* Interface::getPhysicalAddress () const
@ -270,42 +275,52 @@ void Interface::setPhysicalAddress(const std::string &paddr)
}
}
const string &Interface::getLabel() const
const string& Interface::getLabel() const
{
return getStr("label");
}
void Interface::setLabel(const string& n)
void Interface::setLabel(const string& n)
{
setStr("label",n);
}
const IPAddress Interface::getIPAddress() const throw(FWException)
/*
* if this interface has child IPv4 object, return its address. Otherwise
* return its own member 'address' (this is possible because Interface
* inherits Address which has this member variable). Note that constructor of
* Address initializes address as 0.0.0.0
*
*/
const InetAddr& Interface::getAddress() const
{
IPv4 *ipv4=IPv4::cast( getFirstByType( IPv4::TYPENAME ) );
if (ipv4!=NULL) return ipv4->getAddress();
else return IPAddress();
else
return InetAddrMask::getAddress();
}
IPNetwork Interface::getIPNetwork() const throw(FWException)
{
IPv4 *ipv4=IPv4::cast( getFirstByType(IPv4::TYPENAME) );
if (ipv4!=NULL) return ipv4->getIPNetwork();
else return IPNetwork( IPAddress() , Netmask() );
}
IPAddress Interface::getAddress() const
const InetAddr* Interface::getAddressPtr() const
{
IPv4 *ipv4=IPv4::cast( getFirstByType( IPv4::TYPENAME ) );
if (ipv4!=NULL) return ipv4->getAddress();
else return IPAddress();
if (ipv4!=NULL) return ipv4->getAddressPtr();
else
return InetAddrMask::getAddressPtr();
}
Netmask Interface::getNetmask() const
/*
* if this interface has child IPv4 object, return its net mask. Otherwise
* return its own member 'netmask' (this is possible because Interface
* inherits Address which has this member variable). Note that constructor of
* Address initializes netmask as all ones
*
*/
const InetNetmask& Interface::getNetmask() const
{
IPv4 *ipv4=IPv4::cast( getFirstByType( IPv4::TYPENAME ) );
if (ipv4!=NULL) return ipv4->getNetmask();
else return Netmask();
else
return InetAddrMask::getNetmask();
}
IPv4* Interface::addIPv4()
@ -315,34 +330,20 @@ IPv4* Interface::addIPv4()
return ipv4;
}
void Interface::setAddress(const IPAddress &a)
void Interface::setAddress(const InetAddr &a)
{
IPv4 *ipv4=IPv4::cast( getFirstByType( IPv4::TYPENAME ) );
if (ipv4==NULL) ipv4=addIPv4();
ipv4->setAddress(a);
}
void Interface::setNetmask(const Netmask &nm)
void Interface::setNetmask(const InetNetmask &nm)
{
IPv4 *ipv4=IPv4::cast( getFirstByType( IPv4::TYPENAME ) );
if (ipv4==NULL) ipv4=addIPv4();
ipv4->setNetmask(nm);
}
void Interface::setAddress(const std::string &a)
{
setAddress(IPAddress(a));
}
void Interface::setNetmask(const std::string &nm)
{
setNetmask(Netmask(nm));
}
guint32 Interface::dimension() const
{
return 1;
}

17
src/fwbuilder/Interface.h
View File

@ -146,30 +146,25 @@ class Interface : public Address
*/
bool isLoopback() const;
const IPAddress getIPAddress () const throw(FWException);
IPv4* addIPv4();
physAddress* getPhysicalAddress () const;
void setPhysicalAddress(const std::string &pa);
IPNetwork getIPNetwork() const throw(FWException);
virtual FWObject& shallowDuplicate(const FWObject *obj, bool preserve_id = true) throw(FWException);
virtual FWObject& duplicate(const FWObject *obj, bool preserve_id = true) throw(FWException);
const std::string &getLabel() const;
void setLabel(const std::string& n);
virtual IPAddress getAddress() const;
virtual Netmask getNetmask() const;
virtual guint32 dimension() const;
virtual const InetAddr& getAddress() const;
virtual const InetAddr* getAddressPtr() const;
virtual const InetNetmask& getNetmask() const;
virtual unsigned int dimension() const { return 1; }
virtual void setAddress(const IPAddress &a);
virtual void setNetmask(const Netmask &nm);
virtual void setAddress(const std::string &a);
virtual void setNetmask(const std::string &nm);
virtual void setAddress(const InetAddr &a);
virtual void setNetmask(const InetNetmask &nm);
};

2
src/fwbuilder/Library.cpp
View File

@ -42,7 +42,7 @@ Library::~Library()
{
}
bool Library::validateChild(FWObject *o)
bool Library::validateChild(FWObject*)
{
return true; // anything goes
}

2
src/fwbuilder/Logger.cpp
View File

@ -74,7 +74,7 @@ Logger& NullLogger::operator<< (const char*) { return *this;}
Logger& NullLogger::operator<< (const string&) { return *this;}
Logger& NullLogger::operator<< (int) { return *this;}
Logger& NullLogger::operator<< (long) { return *this;}
Logger& NullLogger::operator<< (std::ostringstream &sstr) { return *this;}
Logger& NullLogger::operator<< (std::ostringstream&) { return *this;}

14
src/fwbuilder/Management.cpp
View File

@ -70,7 +70,7 @@ void Management::fromXML(xmlNodePtr root) throw(FWException)
throw FWException("Missing required address attributre in Management element");
try
{
addr = n;
addr = InetAddr(n);
} catch(FWNotSupportedException ex)
{
throw FWException(string("Invalid address attributre in Management element: ")+ex.toString());
@ -137,17 +137,7 @@ bool Management::isEmpty() const
(!pi || pi->isEmpty()) &&
(!sm || sm->isEmpty()) &&
(!fm || fm->isEmpty()) &&
addr.to32BitInt()==0;
}
const IPAddress& Management::getAddress() const
{
return addr;
}
void Management::setAddress(const IPAddress &a)
{
addr = a;
addr.isAny();
}
PolicyInstallScript *Management::getPolicyInstallScript()

8
src/fwbuilder/Management.h
View File

@ -28,7 +28,7 @@
#ifndef __MANAGEMENT_HH_FLAG__
#define __MANAGEMENT_HH_FLAG__
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/FWObject.h>
namespace libfwbuilder
@ -142,8 +142,8 @@ namespace libfwbuilder
virtual bool cmp(const FWObject *obj) throw(FWException);
virtual bool validateChild(FWObject *o);
const IPAddress& getAddress() const;
void setAddress(const IPAddress&);
const InetAddr& getAddress() const { return addr; }
void setAddress(const InetAddr& a) { addr = a; }
PolicyInstallScript *getPolicyInstallScript();
SNMPManagement *getSNMPManagement();
@ -153,7 +153,7 @@ namespace libfwbuilder
private:
IPAddress addr;
InetAddr addr;
};
}

89
src/fwbuilder/Network.cpp
View File

@ -40,51 +40,41 @@ using namespace std;
const char *Network::TYPENAME={"Network"};
Network::Network() : Address() ,
address("0.0.0.0") ,
netmask("0.0.0.0")
Network::Network() : Address()
{
setNetmask(InetNetmask(0));
}
Network::Network(const FWObject *root,bool prepopulate) : Address(root,prepopulate),
address("0.0.0.0") ,
netmask("0.0.0.0")
Network::Network(const FWObject *root,bool prepopulate) :
Address(root, prepopulate)
{
setNetmask(InetNetmask(0));
}
Network::Network(Network &o) : Address() ,
address(o.getAddress()) ,
netmask(o.getNetmask())
Network::Network(Network &o) : Address(o)
{
FWObject::operator=(o);
setAddress(o.getAddress());
setNetmask(o.getNetmask());
}
Network::Network (const string &s) : Address()
Network::Network (const string &s) : Address(s)
{
*this=s;
}
FWObject& Network::shallowDuplicate(const FWObject *o, bool preserve_id) throw(FWException)
{
const Network *n=dynamic_cast<const Network *>(o);
address = n->getAddress();
netmask = n->getNetmask();
return FWObject::shallowDuplicate(o, preserve_id);
}
void Network::fromXML(xmlNodePtr root) throw(FWException)
{
FWObject::fromXML(root);
const char *n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("address")));
assert(n!=NULL);
address = n;
setAddress(InetAddr(n));
FREEXMLBUFF(n);
n=FROMXMLCAST(xmlGetProp(root,TOXMLCAST("netmask")));
assert(n!=NULL);
netmask = n;
setNetmask(InetNetmask(n));
FREEXMLBUFF(n);
}
@ -94,69 +84,18 @@ xmlNodePtr Network::toXML(xmlNodePtr xml_parent_node) throw(FWException)
xmlNewProp(me,
TOXMLCAST("address"),
STRTOXMLCAST(address.toString()));
STRTOXMLCAST(getAddress().toString()));
xmlNewProp(me,
TOXMLCAST("netmask"),
STRTOXMLCAST(netmask.toString()));
STRTOXMLCAST(getNetmask().toString()));
return me;
}
guint32 Network::dimension() const
{
/*
* TODO: this code not portable 'cause it implies specific to IPv4
* maximum length of netmask
*/
int masklength=netmask.getLength();
if (masklength==0) return 0;
guint32 u=1;
for (int i=0; i<32-masklength; ++i) u<<=1;
return u;
}
/* check if host address bits are cleared */
bool Network::isValidRoutingNet() const
{
for(unsigned i=0;i<4;i++)
if ( ( address[i] & netmask[i] ) != address[i] )
return false;
return true;
return (getAddress() == (getAddress() & getNetmask()));
}
Network& Network::operator=(const string &s) throw(FWException)
{
if(s.find_first_not_of(".1234567890/")!=string::npos)
{
throw FWException(string("Invalid IP address: '")+s+"'");
}
size_type pos=s.find("/");
if (pos==string::npos)
{
setAddress(s);
setNetmask("255.255.255.255");
}
else
{
setAddress(s.substr(0,pos));
string netm=s.substr(pos+1);
if (netm.find(".")==string::npos)
{
int d=atoi(netm.c_str());
netmask=Netmask(d);
}
else
{
setNetmask(netm);
}
}
return *this;
}

27
src/fwbuilder/Network.h
View File

@ -28,18 +28,14 @@
#define __NETWORK_HH_FLAG__
#include <fwbuilder/Address.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/InetAddrMask.h>
namespace libfwbuilder
{
class Network : public Address
{
private:
IPAddress address;
Netmask netmask;
public:
Network();
@ -47,25 +43,16 @@ class Network : public Address
Network(Network &);
Network(const std::string &);
virtual IPAddress getAddress() const { return address; }
virtual Netmask getNetmask() const { return netmask; }
virtual guint32 dimension() const;
virtual void setAddress(const IPAddress &a) { address=a; }
virtual void setNetmask(const Netmask &nm) { netmask=nm; }
virtual void setAddress(const std::string &a) { address=IPAddress(a); }
virtual void setNetmask(const std::string &nm) { netmask=Netmask(nm); }
bool isValidRoutingNet() const;
void setData(IPNetwork &n) { address=n.getAddress(); netmask=n.getNetmask(); }
virtual FWObject& shallowDuplicate(const FWObject *obj, bool preserve_id = true) throw(FWException);
void setData(InetAddrMask &n)
{
setAddress(n.getAddress());
setNetmask(n.getNetmask());
}
virtual void fromXML (xmlNodePtr parent) throw(FWException);
virtual xmlNodePtr toXML (xmlNodePtr xml_parent_node) throw(FWException);
Network& operator=(const std::string &s) throw(FWException);
DECLARE_FWOBJECT_SUBTYPE(Network);

50
src/fwbuilder/RuleElement.cpp
View File

@ -483,53 +483,51 @@ bool RuleElementRGtw::checkSingleIPAdress(FWObject *o) {
}
// the IP address of the gateway has to be in a local network of the firewall
bool RuleElementRGtw::checkReachableIPAdress(FWObject *o) {
bool RuleElementRGtw::checkReachableIPAdress(FWObject *o)
{
FWObject* o_tmp = this;
while( Firewall::cast(o_tmp) == NULL) o_tmp = o_tmp->getParent();
// let's walk over all interfaces of this firewall
FWObjectTypedChildIterator j=o_tmp->findByType(Interface::TYPENAME);
if( Host::cast(o) != NULL) {
if( Host::cast(o) != NULL)
{
Host *host=Host::cast(o);
IPAddress ip_host = host->getAddress();
for ( ; j!=j.end(); ++j ) {
InetAddr ip_host = host->getAddress();
for ( ; j!=j.end(); ++j )
{
Interface *i_firewall=Interface::cast(*j);
for(FWObjectTypedChildIterator fw_ips=i_firewall->findByType(IPv4::TYPENAME); fw_ips!=fw_ips.end(); ++fw_ips) {
IPv4 *ipv4_obj_firewall = IPv4::cast(*fw_ips);
Netmask n_firewall = ipv4_obj_firewall->getNetmask();
IPAddress ip_firewall = ipv4_obj_firewall->getAddress();
if ((n_firewall.to32BitInt() & ip_firewall.to32BitInt()) == (n_firewall.to32BitInt() & ip_host.to32BitInt())) {
InetAddrMask fw_net(ipv4_obj_firewall->getAddress(),
ipv4_obj_firewall->getNetmask());
if (fw_net.belongs(ip_host))
return true;
}
}
}
return false;
} else if( Interface::cast(o) != NULL) {
} else if( Interface::cast(o) != NULL)
{
Interface *gw_interface=Interface::cast(o);
IPAddress ip_gateway = gw_interface->getAddress();
InetAddr ip_gateway = gw_interface->getAddress();
// walk over all interfaces of this firewall
for ( ; j!=j.end(); ++j ) {
for ( ; j!=j.end(); ++j )
{
Interface *if_firewall=Interface::cast(*j);
FWObjectTypedChildIterator addresses=if_firewall->findByType(IPv4::TYPENAME);
// check all IPv4 addresses of this firewall interface
for ( ; addresses!=addresses.end(); ++addresses ) {
IPv4 *ipv4_obj_firewall = IPv4::cast(*addresses);
Netmask n_firewall = ipv4_obj_firewall->getNetmask();
IPAddress ip_firewall = ipv4_obj_firewall->getAddress();
if ((n_firewall.to32BitInt() & ip_firewall.to32BitInt()) == (n_firewall.to32BitInt() & ip_gateway.to32BitInt())) {
InetAddrMask fw_net(ipv4_obj_firewall->getAddress(),
ipv4_obj_firewall->getNetmask());
if (fw_net.belongs(ip_gateway))
return true;
}
}
}
return false;
@ -537,7 +535,7 @@ bool RuleElementRGtw::checkReachableIPAdress(FWObject *o) {
} else if( IPv4::cast(o) != NULL) {
IPv4 *ipv4=IPv4::cast(o);
IPAddress ip_ipv4 = ipv4->getAddress();
InetAddr ip_ipv4 = ipv4->getAddress();
for ( ; j!=j.end(); ++j ) {
Interface *if_firewall=Interface::cast(*j);
@ -547,12 +545,10 @@ bool RuleElementRGtw::checkReachableIPAdress(FWObject *o) {
for ( ; addresses!=addresses.end(); ++addresses ) {
IPv4 *ipv4_obj_firewall = IPv4::cast(*addresses);
Netmask n_firewall = ipv4_obj_firewall->getNetmask();
IPAddress ip_firewall = ipv4_obj_firewall->getAddress();
if ((n_firewall.to32BitInt() & ip_firewall.to32BitInt()) == (n_firewall.to32BitInt() & ip_ipv4.to32BitInt())) {
InetAddrMask fw_net(ipv4_obj_firewall->getAddress(),
ipv4_obj_firewall->getNetmask());
if (fw_net.belongs(ip_ipv4))
return true;
}
}
} return false;

49
src/fwbuilder/dns.cpp
View File

@ -116,7 +116,7 @@ void* DNS_bulkBackResolve_Thread(void *args)
p->queue_mutex.unlock();
break;
}
IPAddress j=p->ips.front();
InetAddr j=p->ips.front();
p->ips.pop();
p->queue_mutex.unlock();
@ -214,7 +214,7 @@ string DNS::getErrorMessage(int rcode)
#endif
}
HostEnt DNS::getHostByAddr(const IPAddress &addr, int retries_, int timeout_) throw(FWException)
HostEnt DNS::getHostByAddr(const InetAddr &addr, int retries_, int timeout_) throw(FWException)
{
#if !defined(HAVE_GOODLIBRESOLV)
#ifndef _WIN32
@ -290,7 +290,7 @@ HostEnt DNS::getHostByAddr(const IPAddress &addr, int retries_, int timeout_) th
}
HostEnt DNS::getHostByAddr(const IPAddress &addr) throw(FWException)
HostEnt DNS::getHostByAddr(const InetAddr &addr) throw(FWException)
{
struct hostent hostbuf;
struct hostent *hp;
@ -300,7 +300,8 @@ HostEnt DNS::getHostByAddr(const IPAddress &addr) throw(FWException)
char *tmphstbuf = (char *)malloc(hstbuflen);
struct in_addr naddr;
naddr.s_addr=addr.to32BitInt();
inet_aton(addr.toString().c_str(), &naddr);
#ifdef HAVE_LWRES_GETIPNODE
struct hostent *res;
@ -360,7 +361,7 @@ HostEnt DNS::getHostByAddr(const IPAddress &addr) throw(FWException)
#endif
free(tmphstbuf);
throw FWException(string("Hostname of address: '")+IPAddress(&naddr).toString()+"' not found");
throw FWException(string("Hostname of address: '")+InetAddr(&naddr).toString()+"' not found");
}
HostEnt v;
@ -376,7 +377,7 @@ HostEnt DNS::getHostByAddr(const IPAddress &addr) throw(FWException)
return v;
}
list<IPAddress> DNS::getHostByName(const string &name) throw(FWException)
list<InetAddr> DNS::getHostByName(const string &name) throw(FWException)
{
struct hostent hostbuf;
struct hostent *hp=NULL;
@ -448,11 +449,11 @@ list<IPAddress> DNS::getHostByName(const string &name) throw(FWException)
#endif
list<IPAddress> v;
list<InetAddr> v;
try
{
for(char **p = hp->h_addr_list; *p != 0; p++)
v.push_back(IPAddress((struct in_addr *)(*p)));
v.push_back(InetAddr((struct in_addr *)(*p)));
} catch(const FWException &e)
{
if(tmphstbuf)
@ -481,7 +482,7 @@ list<IPAddress> DNS::getHostByName(const string &name) throw(FWException)
return v;
}
multimap<string, IPAddress> DNS::getNS(const string &domain, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
multimap<string, InetAddr> DNS::getNS(const string &domain, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
{
std::ostringstream str;
@ -516,7 +517,7 @@ multimap<string, IPAddress> DNS::getNS(const string &domain, Logger *logger,Sync
throw FWException("Error returned while quering domain NS records");
// Rsp. buffer
multimap<string, IPAddress> v;
multimap<string, InetAddr> v;
ns_msg handle;
@ -552,10 +553,10 @@ multimap<string, IPAddress> DNS::getNS(const string &domain, Logger *logger,Sync
if(dn_expand(answer.get(), answer.get() + len, ns_rr_rdata(rr), dn, sizeof(dn))<0)
throw FWException("A record parse error in parserr");
CHECK_STOP_AND_THROW_EXCEPTION
list<IPAddress> a=DNS::getHostByName(dn);
list<InetAddr> a=DNS::getHostByName(dn);
CHECK_STOP_AND_THROW_EXCEPTION
for(list<IPAddress>::iterator i=a.begin();i!=a.end();++i)
v.insert(pair<string, IPAddress>(string(dn), (*i)));
for(list<InetAddr>::iterator i=a.begin();i!=a.end();++i)
v.insert(pair<string, InetAddr>(string(dn), (*i)));
}
}
@ -571,7 +572,7 @@ multimap<string, IPAddress> DNS::getNS(const string &domain, Logger *logger,Sync
* TCP connection to transfer zone established and attempted
* only once.
*/
map<string, set<IPAddress> > DNS::findA(const string &domain, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
map<string, set<InetAddr> > DNS::findA(const string &domain, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
{
std::ostringstream str;
#if !defined(HAVE_GOODLIBRESOLV)
@ -581,7 +582,7 @@ map<string, set<IPAddress> > DNS::findA(const string &domain, Logger *logger,Syn
*logger << "Looking for authoritative servers" << '\n';
multimap<string, IPAddress> ns=DNS::getNS(domain, logger,stop_program);
multimap<string, InetAddr> ns=DNS::getNS(domain, logger,stop_program);
if(!ns.size())
throw FWException("No NS records found");
@ -589,7 +590,7 @@ map<string, set<IPAddress> > DNS::findA(const string &domain, Logger *logger,Syn
timeout.check();
FWException *last_err=NULL; // to avoid compiler warning
for(multimap<string, IPAddress>::iterator nsi=ns.begin(); nsi!=ns.end(); ++nsi)
for(multimap<string, InetAddr>::iterator nsi=ns.begin(); nsi!=ns.end(); ++nsi)
{
try
{
@ -620,7 +621,7 @@ map<string, set<IPAddress> > DNS::findA(const string &domain, Logger *logger,Syn
* TCP connection to transfer zone established and attempted
* only once.
*/
map<string, set<IPAddress> > DNS::findA(const string &domain, const IPAddress &ns, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
map<string, set<InetAddr> > DNS::findA(const string &domain, const InetAddr &ns, Logger *logger,SyncFlag *stop_program, int retries_, int timeout_) throw(FWException)
{
std::ostringstream str;
#if !defined(HAVE_GOODLIBRESOLV)
@ -681,7 +682,7 @@ map<string, set<IPAddress> > DNS::findA(const string &domain, const IPAddress &n
u_char tmp[NS_INT16SZ];
ns_put16(msglen, tmp);
map<string, set<IPAddress> > v;
map<string, set<InetAddr> > v;
try
{
@ -796,9 +797,9 @@ map<string, set<IPAddress> > DNS::findA(const string &domain, const IPAddress &n
throw FWException("Invalid address length in A record");
if(v.find(ns_rr_name(rr))==v.end())
v[ns_rr_name(rr)]=set<IPAddress>();
v[ns_rr_name(rr)]=set<InetAddr>();
v[ns_rr_name(rr)].insert(IPAddress((const struct in_addr *)ns_rr_rdata(rr)));
v[ns_rr_name(rr)].insert(InetAddr((const struct in_addr *)ns_rr_rdata(rr)));
} else if(ns_rr_type(rr)==ns_t_soa)
{
@ -851,7 +852,7 @@ DNS_findA_query::DNS_findA_query()
{
}
DNS_findA_query::DNS_findA_query(const string &domain_, const IPAddress &ns_, int retries_, int timeout_)
DNS_findA_query::DNS_findA_query(const string &domain_, const InetAddr &ns_, int retries_, int timeout_)
{
domain = domain_ ;
retries = retries_ ;
@ -859,7 +860,7 @@ DNS_findA_query::DNS_findA_query(const string &domain_, const IPAddress &ns_, in
ns = ns_ ;
}
void DNS_findA_query::init(const string &domain_, const IPAddress &ns_, int retries_, int timeout_)
void DNS_findA_query::init(const string &domain_, const InetAddr &ns_, int retries_, int timeout_)
{
domain = domain_ ;
retries = retries_ ;
@ -877,12 +878,12 @@ void DNS_findA_query::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWEx
}
}
DNS_bulkBackResolve_query::DNS_bulkBackResolve_query(set<IPAddress> _ips,
DNS_bulkBackResolve_query::DNS_bulkBackResolve_query(set<InetAddr> _ips,
unsigned int _nthreads,
int _retries,
int _timeout)
{
for(set<IPAddress>::iterator j = _ips.begin(); j!=_ips.end(); ++j)
for(set<InetAddr>::iterator j = _ips.begin(); j!=_ips.end(); ++j)
ips.push(*j);
retries = _retries ;

44
src/fwbuilder/dns.h
View File

@ -52,7 +52,7 @@
#endif // _WIN32
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/FWException.h>
#include <fwbuilder/BackgroundOp.h>
#include <fwbuilder/ThreadTools.h>
@ -99,37 +99,37 @@ class DNS : public BackgroundOp
* This operation does not run in backgound.
* Returned list is sorted.
*/
static std::list<IPAddress> getHostByName(const std::string &name) throw(FWException);
static std::list<InetAddr> getHostByName(const std::string &name) throw(FWException);
/**
* Find all host names of host with given IP.
* This operation does not run in backgound.
*/
static HostEnt getHostByAddr(const IPAddress &addr) throw(FWException);
static HostEnt getHostByAddr(const InetAddr &addr) throw(FWException);
/**
* Return name of host with given IP.
*/
static HostEnt getHostByAddr(const IPAddress &addr, int retries_, int timeout_) throw(FWException);
static HostEnt getHostByAddr(const InetAddr &addr, int retries_, int timeout_) throw(FWException);
/**
* Finds NS records for given domain
*/
std::multimap<std::string, IPAddress> getNS(const std::string &domain, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
std::multimap<std::string, InetAddr> getNS(const std::string &domain, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
/**
* Attempts to fetch zone for given domain for
* it's name server. If succeeded, finds all 'A'
* records in it and returs hostname/IPAddress pairs.
* records in it and returs hostname/InetAddr pairs.
*/
std::map<std::string, std::set<IPAddress> > findA(const std::string &domain, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
std::map<std::string, std::set<InetAddr> > findA(const std::string &domain, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
/**
* Attempts to fetch zone for given domain for
* specific server. If succeeded, finds all 'A'
* records in it and returs hostname/IPAddress pairs.
* records in it and returs hostname/InetAddr pairs.
*/
std::map<std::string, std::set<IPAddress> > findA(const std::string &domain, const IPAddress &ns, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
std::map<std::string, std::set<InetAddr> > findA(const std::string &domain, const InetAddr &ns, Logger *logger,SyncFlag *stop_program, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT) throw(FWException);
protected:
@ -149,21 +149,21 @@ class DNS_findA_query : public DNS
explicit DNS_findA_query();
DNS_findA_query(const std::string &domain_, const IPAddress &ns_, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT);
DNS_findA_query(const std::string &domain_, const InetAddr &ns_, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT);
void init(const std::string &domain_, const IPAddress &ns_, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT);
void init(const std::string &domain_, const InetAddr &ns_, int retries_=RES_DFLRETRY, int timeout_=RES_TIMEOUT);
virtual void run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException);
std::map<std::string, std::set<IPAddress> > getResult() { return result; }
std::map<std::string, std::set<InetAddr> > getResult() { return result; }
private:
std::map<std::string, std::set<IPAddress> > result;
std::map<std::string, std::set<InetAddr> > result;
std::string domain;
int retries;
int timeout;
IPAddress ns;
InetAddr ns;
};
class DNS_getNS_query : public DNS
@ -174,11 +174,11 @@ class DNS_getNS_query : public DNS
virtual void run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException);
std::multimap<std::string, IPAddress> getResult() { return result; }
std::multimap<std::string, InetAddr> getResult() { return result; }
private:
std::multimap<std::string, IPAddress> result;
std::multimap<std::string, InetAddr> result;
std::string domain;
int retries;
int timeout;
@ -190,7 +190,7 @@ class DNS_bulkBackResolve_query : public DNS
public:
DNS_bulkBackResolve_query(std::set<IPAddress>, unsigned int nthreads,
DNS_bulkBackResolve_query(std::set<InetAddr>, unsigned int nthreads,
int retries_=RES_DFLRETRY,
int timeout_=RES_TIMEOUT);
virtual ~DNS_bulkBackResolve_query();
@ -203,19 +203,19 @@ class DNS_bulkBackResolve_query : public DNS
*/
virtual void run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException);
std::map<IPAddress, HostEnt> getResult() { return result; }
std::set<IPAddress> getFailed() { return failed; }
std::map<InetAddr, HostEnt> getResult() { return result; }
std::set<InetAddr> getFailed() { return failed; }
pthread_attr_t tattr;
protected:
std::map<IPAddress, HostEnt> result;
std::map<InetAddr, HostEnt> result;
Mutex failed_mutex;
std::set<IPAddress> failed;
std::set<InetAddr> failed;
Mutex result_mutex;
std::queue<IPAddress> ips;
std::queue<InetAddr> ips;
Mutex queue_mutex;
int retries;

12
src/fwbuilder/fwbuilder.pro
View File

@ -4,7 +4,10 @@ include(../../qmake.inc)
#
VERSION = $$SO_VERSION
#
SOURCES = Address.cpp \
SOURCES = InetAddr.cpp \
InetAddrMask.cpp \
IPRoute.cpp \
Address.cpp \
AddressRange.cpp \
BackgroundOp.cpp \
Constants.cpp \
@ -28,7 +31,6 @@ SOURCES = Address.cpp \
InterfacePolicy.cpp \
Interval.cpp \
IntervalGroup.cpp \
IPAddress.cpp \
IPService.cpp \
IPv4.cpp \
Library.cpp \
@ -58,7 +60,10 @@ SOURCES = Address.cpp \
XMLTools.cpp
HEADERS = Address.h \
HEADERS = InetAddr.h \
InetAddrMask.h \
IPRoute.h \
Address.h \
AddressRange.h \
BackgroundOp.h \
Constants.h \
@ -82,7 +87,6 @@ HEADERS = Address.h \
InterfacePolicy.h \
IntervalGroup.h \
Interval.h \
IPAddress.h \
IPService.h \
IPv4.h \
libfwbuilder-config.h \

12
src/fwbuilder/physAddress.cpp
View File

@ -62,18 +62,6 @@ void physAddress::fromXML(xmlNodePtr root) throw(FWException)
}
IPAddress physAddress::getAddress() const
{
// std::cerr << "physAddress::getAddress() method called" << endl;
return IPAddress();
}
void physAddress::setAddress(const std::string &s)
{
std::cerr << "physAddress::setAddress() method called" << endl;
}
std::string physAddress::getPhysAddress() const
{
return getStr("address");

3
src/fwbuilder/physAddress.h
View File

@ -46,9 +46,6 @@ class physAddress : public Address
physAddress() {}
physAddress(const FWObject *root,bool prepopulate);
virtual IPAddress getAddress() const;
virtual void setAddress(const std::string &s);
std::string getPhysAddress() const;
void setPhysAddress(const std::string &s);

137
src/fwbuilder/snmp.cpp
View File

@ -269,7 +269,7 @@ void SNMPQuery::fetchArpTable(Logger *logger,SyncFlag *stop_program, SNMPConnect
SNMP_AT_TABLE_NET << "' table. Skipping it.\n";
continue;
}
IPAddress ip = dynamic_cast<SNMPVariable_IPaddr*>((*j).second)->getIPAddressValue();
InetAddr ip = dynamic_cast<SNMPVariable_IPaddr*>((*j).second)->getInetAddrValue();
str << "Learned: " << ip.toString();
@ -371,7 +371,7 @@ void SNMPQuery::fetchRoutingTable(Logger *logger,SyncFlag *stop_program, SNMPCon
continue;
}
IPAddress dst = dynamic_cast<SNMPVariable_IPaddr*>((*j).second)->getIPAddressValue();
InetAddr dst = dynamic_cast<SNMPVariable_IPaddr*>((*j).second)->getInetAddrValue();
string rname=(*j).first.substr(strlen(SNMP_ROUTE_DST_TABLE)+1);
v=c->get(string(SNMP_ROUTE_NM_TABLE)+"."+rname);
@ -384,7 +384,7 @@ void SNMPQuery::fetchRoutingTable(Logger *logger,SyncFlag *stop_program, SNMPCon
SNMPVariable::freeVarList(v);
continue;
}
Netmask nm = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getNetmaskValue();
InetNetmask nm = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getNetmaskValue();
SNMPVariable::freeVarList(v);
v=c->get(string(SNMP_ROUTE_TYPE_TABLE)+"."+rname);
@ -401,7 +401,7 @@ void SNMPQuery::fetchRoutingTable(Logger *logger,SyncFlag *stop_program, SNMPCon
SNMPVariable::freeVarList(v);
continue;
}
IPAddress gw = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getIPAddressValue();
InetAddr gw = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getInetAddrValue();
SNMPVariable::freeVarList(v);
v=c->get(string(SNMP_ROUTE_IF_TABLE)+"."+rname);
@ -433,7 +433,7 @@ void SNMPQuery::fetchRoutingTable(Logger *logger,SyncFlag *stop_program, SNMPCon
route_intf=&(*ici).second;
}
bool isdef= type!=SNMP_DIRECT_ROUTE &&
nm.getLength() == 0 && dst == IPAddress("0.0.0.0");
nm.getLength() == 0 && dst == InetAddr("0.0.0.0");
if (isdef && route_intf) route_intf->setExt(true);
@ -480,7 +480,7 @@ bool SNMPQuery::isDefault(const IPRoute &r) const
{
return !r.isDirect() &&
r.getNetmask().getLength() == 0 &&
r.getDestination() == IPAddress("0.0.0.0");
r.getDestination() == InetAddr("0.0.0.0");
}
void SNMPQuery::fetchInterfaces(Logger *logger,SyncFlag *stop_program, SNMPConnection *connection) throw(FWException)
@ -674,7 +674,7 @@ void SNMPQuery::fetchInterfaces(Logger *logger,SyncFlag *stop_program, SNMPConne
throw FWException("Can't get IP address");
if(v[0]->type!=SNMPVariable::snmp_ipaddr)
throw FWException("Wrong return type for IP address");
string ad = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getIPAddressValue().toString();
string ad = dynamic_cast<SNMPVariable_IPaddr*>(v[0])->getInetAddrValue().toString();
SNMPVariable::freeVarList(v);
v=c->get(string(SNMP_BCAST_TABLE)+"."+aprefix);
@ -684,8 +684,8 @@ void SNMPQuery::fetchInterfaces(Logger *logger,SyncFlag *stop_program, SNMPConne
SNMPVariable::freeVarList(v);
IPv4 *ipaddr=interfaces[ifindex].addIPv4();
ipaddr->setAddress(ad);
ipaddr->setNetmask(nm);
ipaddr->setAddress(InetAddr(ad));
ipaddr->setNetmask(InetNetmask(nm));
str << "Adding interface #" << ifindex
<< ": " << ad << "/" << nm
@ -799,7 +799,7 @@ const vector<IPRoute> &SNMPQuery::getRoutes()
return routes;
}
const map<IPAddress, string> &SNMPQuery::getArtpTable()
const map<InetAddr, string> &SNMPQuery::getArtpTable()
{
return arptable;
}
@ -1081,7 +1081,7 @@ string SNMPVariable_Bits::toString()
string SNMPVariable_IPaddr::toString()
{
string res="SNMP IPAddress/Netmask[";
string res="SNMP InetAddr/Netmask[";
for(size_t i=0;i<len;i++)
{
if(i)
@ -1094,14 +1094,27 @@ string SNMPVariable_IPaddr::toString()
return res;
}
IPAddress SNMPVariable_IPaddr::getIPAddressValue() throw(FWException)
InetAddr SNMPVariable_IPaddr::getInetAddrValue() throw(FWException)
{
return IPAddress(value, len);
// value comes from ASN1-encoded snmp reply. I am not sure 100% but
// I'll assume it consists of 4 bytes that represent ip address in
// network order.
union {
struct in_addr ipaddr;
char addr_bytes[4];
} addr_conversion;
memcpy((void*)(&addr_conversion), value, len);
return InetAddr(&addr_conversion.ipaddr);
}
Netmask SNMPVariable_IPaddr::getNetmaskValue() throw(FWException)
InetNetmask SNMPVariable_IPaddr::getNetmaskValue() throw(FWException)
{
return Netmask(value, len);
union {
struct in_addr ipaddr;
char addr_bytes[4];
} addr_conversion;
memcpy((void*)(&addr_conversion), value, len);
return InetNetmask(&addr_conversion.ipaddr);
}
string SNMPVariable_String::toString()
@ -1175,7 +1188,7 @@ long SNMPVariable::varList2Int(vector<SNMPVariable*> &v) throw(FWException)
SNMPCrawler::SNMPCrawler()
{}
SNMPCrawler::SNMPCrawler(const IPAddress &_seed,
SNMPCrawler::SNMPCrawler(const InetAddr &_seed,
const string &_community,
bool _recursive,
bool _skip_virtual,
@ -1186,7 +1199,7 @@ SNMPCrawler::SNMPCrawler(const IPAddress &_seed,
long _snmp_timeout,
int _dns_retries,
int _dns_timeout,
const vector<IPNetwork> *_include)
const vector<InetAddrMask> *_include)
{
init(_seed, _community, _recursive, _skip_virtual,
_do_dns, _follow_ptp, _dns_threads,
@ -1198,7 +1211,7 @@ SNMPCrawler::~SNMPCrawler()
{
}
void SNMPCrawler::init(const IPAddress &_seed,
void SNMPCrawler::init(const InetAddr &_seed,
const string &_community,
bool _recursive,
bool _skip_virtual,
@ -1209,7 +1222,7 @@ void SNMPCrawler::init(const IPAddress &_seed,
long _snmp_timeout,
int _dns_retries,
int _dns_timeout,
const vector<IPNetwork> *_include)
const vector<InetAddrMask> *_include)
{
include = _include ;
community = _community ;
@ -1238,25 +1251,27 @@ set<Interface> SNMPCrawler::guessInterface(const IPRoute &r, const map<int, Inte
{
set<Interface> res;
for(map<int, Interface>::const_iterator i=intf.begin(); i!=intf.end(); ++i)
if((*i).second.getIPNetwork().belongs(r.getGateway()))
{
InetAddrMask iface_net((*i).second.getAddress(), (*i).second.getNetmask());
if (iface_net.belongs(r.getGateway()))
res.insert((*i).second);
}
return res;
}
bool SNMPCrawler::included(const IPAddress &a) const
bool SNMPCrawler::included(const InetAddr &a) const
{
if(!include)
return true; // no include list provided. All hosts are OK.
for(vector<IPNetwork>::const_iterator i=include->begin(); i!=include->end(); ++i) {
for(vector<InetAddrMask>::const_iterator i=include->begin(); i!=include->end(); ++i) {
if((*i).belongs(a))
return true;
}
return false;
}
bool SNMPCrawler::alreadyseen(const IPAddress &a) const
bool SNMPCrawler::alreadyseen(const InetAddr &a) const
{
return found.find(a) != found.end();
}
@ -1264,16 +1279,17 @@ bool SNMPCrawler::alreadyseen(const IPAddress &a) const
/**
* loopback : All addresses on the net 127.0.0.0/255.0.0.0
*/
const IPNetwork SNMPCrawler::LOOPBACK_NET(IPAddress("127.0.0.0"),Netmask("255.0.0.0"));
const Netmask SNMPCrawler::PTP_NETMASK("255.255.255.255");
const IPAddress SNMPCrawler::ZERO_IP("0.0.0.0");
const InetAddrMask SNMPCrawler::LOOPBACK_NET(InetAddr::getLoopbackAddr(),
InetNetmask("255.0.0.0"));
const InetNetmask SNMPCrawler::PTP_NETMASK(InetAddr::getAllOnes());
const InetAddr SNMPCrawler::ZERO_IP("0.0.0.0");
bool SNMPCrawler::isvirtual(const IPAddress &addr, const string &pa) const
bool SNMPCrawler::isvirtual(const InetAddr &addr, const string &pa) const
{
if(!pa.length())
return false;
for(map<IPAddress, CrawlerFind>::const_iterator i=found.begin(); i!=found.end(); ++i)
for(map<InetAddr, CrawlerFind>::const_iterator i=found.begin(); i!=found.end(); ++i)
{
const CrawlerFind &c = (*i).second ;
@ -1281,8 +1297,10 @@ bool SNMPCrawler::isvirtual(const IPAddress &addr, const string &pa) const
{
try
{
physAddress *paddr=(*j).second.getPhysicalAddress();
if(paddr!=NULL && pa == paddr->getPhysAddress() && addr != (*j).second.getIPAddress())
physAddress *paddr = (*j).second.getPhysicalAddress();
if (paddr!=NULL &&
pa == paddr->getPhysAddress() &&
addr != (*j).second.getAddress())
return true;
} catch(FWException &ex)
{
@ -1295,7 +1313,7 @@ bool SNMPCrawler::isvirtual(const IPAddress &addr, const string &pa) const
return false;
}
bool SNMPCrawler::point2point(const IPNetwork &n, const Interface *intf) const
bool SNMPCrawler::point2point(const InetAddrMask &n, const Interface *intf) const
{
return n.getNetmask()==PTP_NETMASK || point2point(intf);
}
@ -1321,14 +1339,17 @@ bool SNMPCrawler::point2point(const Interface *intf) const
* This include hosts on loopback, special addresses
* as "0.0.0.0".
*/
bool SNMPCrawler::special(const IPAddress &a) const
bool SNMPCrawler::special(const InetAddr &a) const
{
return LOOPBACK_NET.belongs(a) || ZERO_IP==a;
}
bool SNMPCrawler::special(const IPNetwork &n) const
bool SNMPCrawler::special(const InetAddrMask &n) const
{
return n==LOOPBACK_NET || n.isBroadcast() || n.isMulticast() || n.getAddress()==ZERO_IP;
return n==LOOPBACK_NET ||
n.getAddress().isBroadcast() ||
n.getAddress().isMulticast() ||
n.getAddress().isAny();
}
//TODO: multiple threads (via pool).
@ -1346,12 +1367,12 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
do {
CHECK_STOP_AND_RETURN
map<IPAddress,string>::iterator i=queue.begin();
map<InetAddr,string>::iterator i=queue.begin();
if(i==queue.end())
{
break;
}
IPAddress task = (*i).first ;
InetAddr task = (*i).first ;
string task_phys_address = (*i).second ;
queue.erase(i);
@ -1361,7 +1382,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
// Now in task we have element to probe
q.init(string(task), // fake host make - IP in dotted notation
q.init(task.toString(), // fake host - IP in dotted notation
community,
snmp_retries,
snmp_timeout
@ -1392,17 +1413,17 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
continue;
}
map<IPAddress, string> at=q.getArtpTable();
map<InetAddr, string> at=q.getArtpTable();
str << "Got " << long(at.size()) << " entries\n";
*logger << str;
int qplus=0, rplus=0, dplus=0;
for(map<IPAddress, string>::iterator j=at.begin();j!=at.end();++j)
for(map<InetAddr, string>::iterator j=at.begin();j!=at.end();++j)
{
CHECK_STOP_AND_RETURN
IPAddress c = (*j).first;
InetAddr c = (*j).first;
string pa = (*j).second;
if(included(c) && !alreadyseen(c) && !isvirtual(c,pa) && !special(c))
{
@ -1438,7 +1459,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
}
set<IPAddress> interface_broadcasts;
set<InetAddr> interface_broadcasts;
try
{
@ -1452,12 +1473,14 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
if(!(*j).second.isUp())
continue;
IPNetwork net=(*j).second.getIPNetwork();
//InetAddrMask net=(*j).second.getInetAddrMask();
InetAddrMask net((*j).second.getAddress(),
(*j).second.getNetmask());
interface_broadcasts.insert(net.getBroadcastAddress());
if(!special(net) && included(net.getAddress()) && !point2point(net, NULL))
{
str << "Network " << string(net) << " found.\n";
str << "Network " << net.toString() << " found.\n";
*logger << str;
networks.insert(net);
@ -1515,7 +1538,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
have_intf = false;
}
IPNetwork net((*j).getDestination(), (*j).getNetmask());
InetAddrMask net((*j).getDestination(), (*j).getNetmask());
if(!have_intf)
{
@ -1561,7 +1584,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
break;
}
if(have_intf)
str << "Guessed that network " << string(net)
str << "Guessed that network " << net.toString()
<< " is using interface " << intf.getName() << "\n";
*logger << str;
@ -1571,7 +1594,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
// ignore it.
if(have_intf && !intf.isUp())
{
str << "Skipping route for network " << string(net)
str << "Skipping route for network " << net.toString()
<< " which is associated with interface which is currently down.\n";
*logger << str;
@ -1582,7 +1605,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
{
if(point2point(net, NULL))
{
IPAddress c=net.getAddress();
InetAddr c=net.getAddress();
// For all addresses found in the routing table
// we must check if they are broadcast addresses
@ -1608,7 +1631,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
}
} else
{
str << "Network " << string(net)
str << "Network " << net.toString()
<< " found (via "
<< string(((*j).isDirect())?"direct":"indirect")
<< " route).\n";
@ -1620,7 +1643,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
}
}
IPAddress gw((*j).getGateway());
InetAddr gw((*j).getGateway());
if(included(gw) && !alreadyseen(gw) && !isvirtual(gw, "") && !special(gw) && !interface_broadcasts.count(gw))
{
bool isptp=point2point(net, &intf);
@ -1697,7 +1720,7 @@ void SNMPCrawler::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWExcept
void SNMPCrawler::remove_virtual(Logger *logger,SyncFlag *stop_program) throw(FWException)
{
*logger << "Removing virtual IPs.\n";
for(map<IPAddress, CrawlerFind>::iterator j=found.begin(); j!=found.end(); ++j)
for(map<InetAddr, CrawlerFind>::iterator j=found.begin(); j!=found.end(); ++j)
if(isvirtual((*j).first, (*j).second.found_phys_addr))
found.erase(j);
}
@ -1706,8 +1729,8 @@ void SNMPCrawler::bacresolve_results(Logger *logger,SyncFlag *stop_program) thro
{
*logger << "Resolving names\n";
set<IPAddress> resolv_set;
for(map<IPAddress, CrawlerFind>::iterator j=found.begin(); j!=found.end(); ++j)
set<InetAddr> resolv_set;
for(map<InetAddr, CrawlerFind>::iterator j=found.begin(); j!=found.end(); ++j)
resolv_set.insert((*j).first);
DNS_bulkBackResolve_query backresq(resolv_set, dns_threads,
dns_retries,dns_timeout );
@ -1722,8 +1745,8 @@ void SNMPCrawler::bacresolve_results(Logger *logger,SyncFlag *stop_program) thro
}
*logger << "Finished.\n";
map<IPAddress, HostEnt> resolv_res=backresq.getResult();
for(map<IPAddress, HostEnt>::iterator j=resolv_res.begin(); j!=resolv_res.end(); ++j)
map<InetAddr, HostEnt> resolv_res=backresq.getResult();
for(map<InetAddr, HostEnt>::iterator j=resolv_res.begin(); j!=resolv_res.end(); ++j)
{
found[(*j).first].dns_ok = true;
found[(*j).first].name = (*j).second.name;
@ -1732,12 +1755,12 @@ void SNMPCrawler::bacresolve_results(Logger *logger,SyncFlag *stop_program) thro
}
set<IPNetwork> SNMPCrawler::getNetworks()
set<InetAddrMask> SNMPCrawler::getNetworks()
{
return networks;
}
map<IPAddress, CrawlerFind> SNMPCrawler::getAllIPs()
map<InetAddr, CrawlerFind> SNMPCrawler::getAllIPs()
{
return found;
}

51
src/fwbuilder/snmp.h
View File

@ -38,7 +38,8 @@
#include <fwbuilder/Interface.h>
#include <fwbuilder/BackgroundOp.h>
#include <fwbuilder/FWException.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/IPRoute.h>
#include <fwbuilder/dns.h>
#ifdef UCD_SNMP
@ -139,7 +140,7 @@ class SNMPVariable_Bits : public SNMPVariable
};
/**
* Unfortunately SNMP does not distinguish Netmask and IPAddress
* Unfortunately SNMP does not distinguish Netmask and InetAddr
* types. On our framework they are different, and thus
* we have to do late type conversion.
* (lord)
@ -152,8 +153,8 @@ class SNMPVariable_IPaddr : public SNMPVariable
virtual std::string toString();
virtual IPAddress getIPAddressValue() throw(FWException);
virtual Netmask getNetmaskValue () throw(FWException);
virtual InetAddr getInetAddrValue() throw(FWException);
virtual InetNetmask getNetmaskValue () throw(FWException);
protected:
@ -306,7 +307,7 @@ class SNMPQuery : public BackgroundOp
std::string hostname, community;
std::string descr, contact, location, sysname;
std::map<int, Interface> interfaces;
std::map<IPAddress, std::string> arptable;
std::map<InetAddr, std::string> arptable;
std::vector<IPRoute> routes;
int retries;
long timeout;
@ -334,7 +335,7 @@ class SNMPQuery : public BackgroundOp
void fetchRoutingTable (Logger *,SyncFlag *stop_program, SNMPConnection *connection=NULL) throw(FWException);
const std::map<int, Interface> &getInterfaces() ;
const std::map<IPAddress, std::string> &getArtpTable() ;
const std::map<InetAddr, std::string> &getArtpTable() ;
const std::vector<IPRoute> &getRoutes() ;
const std::string& getSysname ();
@ -432,14 +433,14 @@ class SNMPCrawler : public BackgroundOp
{
private:
const std::vector<IPNetwork> *include ;
static const IPAddress ZERO_IP ;
static const IPNetwork LOOPBACK_NET ;
static const Netmask PTP_NETMASK ;
const std::vector<InetAddrMask> *include ;
static const InetAddr ZERO_IP ;
static const InetAddrMask LOOPBACK_NET ;
static const InetNetmask PTP_NETMASK ;
std::map<IPAddress, std::string> queue ;
std::map<IPAddress, CrawlerFind> found ;
std::set<IPNetwork> networks ;
std::map<InetAddr, std::string> queue ;
std::map<InetAddr, CrawlerFind> found ;
std::set<InetAddrMask> networks ;
std::string community ;
int snmp_retries ;
long snmp_timeout ;
@ -455,20 +456,20 @@ class SNMPCrawler : public BackgroundOp
protected:
bool included (const IPAddress &) const ;
bool alreadyseen (const IPAddress &) const ;
bool special (const IPNetwork &) const ;
bool special (const IPAddress &) const ;
bool point2point (const IPNetwork &, const Interface *) const ;
bool included (const InetAddr &) const ;
bool alreadyseen (const InetAddr &) const ;
bool special (const InetAddrMask &) const ;
bool special (const InetAddr &) const ;
bool point2point (const InetAddrMask &, const Interface *) const ;
bool point2point (const Interface *) const ;
bool isvirtual (const IPAddress &, const std::string &) const ;
bool isvirtual (const InetAddr &, const std::string &) const ;
std::set<Interface> guessInterface(const IPRoute &r, const std::map<int, Interface> &intf) const;
public:
SNMPCrawler();
SNMPCrawler(const IPAddress &seed,
SNMPCrawler(const InetAddr &seed,
const std::string &_community,
bool _recursive=true,
bool _skip_virtual=true,
@ -479,10 +480,10 @@ class SNMPCrawler : public BackgroundOp
long _timeout=SNMP_DEFAULT_TIMEOUT,
int _dns_retries=RES_DFLRETRY,
int _dns_timeout=RES_TIMEOUT,
const std::vector<IPNetwork> *include=NULL);
const std::vector<InetAddrMask> *include=NULL);
virtual ~SNMPCrawler();
void init(const IPAddress &seed,
void init(const InetAddr &seed,
const std::string &_community,
bool _recursive=true,
bool _skip_virtual=true,
@ -493,10 +494,10 @@ class SNMPCrawler : public BackgroundOp
long _snmp_timeout=SNMP_DEFAULT_TIMEOUT,
int _dns_retries=RES_DFLRETRY,
int _dns_timeout=RES_TIMEOUT,
const std::vector<IPNetwork> *include=NULL);
const std::vector<InetAddrMask> *include=NULL);
std::map<IPAddress, CrawlerFind> getAllIPs();
std::set<IPNetwork> getNetworks();
std::map<InetAddr, CrawlerFind> getAllIPs();
std::set<InetAddrMask> getNetworks();
virtual void run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException);
void remove_virtual(Logger *logger,SyncFlag *stop_program) throw(FWException);

30
src/fwcompiler/Compiler.cpp
View File

@ -452,11 +452,11 @@ void Compiler::_expandAddressRanges(Rule *rule,FWObject *s)
if (AddressRange::cast(o)==NULL) cl.push_back(o);
else
{
IPAddress a1=AddressRange::cast(o)->getRangeStart();
IPAddress a2=AddressRange::cast(o)->getRangeEnd();
vector<IPNetwork> vn=libfwbuilder::convertAddressRange(a1,a2);
InetAddr a1=AddressRange::cast(o)->getRangeStart();
InetAddr a2=AddressRange::cast(o)->getRangeEnd();
vector<InetAddrMask> vn = libfwbuilder::convertAddressRange(a1,a2);
for (vector<IPNetwork>::iterator i=vn.begin(); i!=vn.end(); i++)
for (vector<InetAddrMask>::iterator i=vn.begin(); i!=vn.end(); i++)
{
Network *h;
h= Network::cast(dbcopy->create(Network::TYPENAME) );
@ -493,7 +493,7 @@ bool Compiler::_complexMatchWithInterface(Address *obj1,
Interface *iface,
bool recognize_broadcasts)
{
IPAddress obj1_addr=obj1->getAddress();
const InetAddr& obj1_addr = obj1->getAddress();
if ( physAddress::isA(obj1))
{
@ -512,7 +512,7 @@ bool Compiler::_complexMatchWithInterface(Address *obj1,
if ( ipv4->getAddress()==obj1_addr ) return true;
IPNetwork n( ipv4->getAddress() , ipv4->getNetmask() );
InetAddrMask n( ipv4->getAddress() , ipv4->getNetmask() );
/*
* bug #1040773: need to match network address as well as
* broadcast. Packets sent to the network address (192.168.1.0 for net
@ -562,7 +562,7 @@ bool Compiler::complexMatch(Address *obj1,
* ranges, and some often used ranges trigger that (like
* "255.255.255.255-255.255.255.255" or "0.0.0.0-0.0.0.0")
*/
if (nobj1->getNetmask().toString()!="255.255.255.255")
if (!nobj1->getNetmask().isHostMask())
return false;
}
/*
@ -596,8 +596,8 @@ bool Compiler::complexMatch(Address *obj1,
if ((obj1->getByType(IPv4::TYPENAME)).size()>1) return false;
IPAddress obj1_addr=obj1->getAddress();
if (obj1_addr!=IPAddress("0.0.0.0") &&
const InetAddr& obj1_addr = obj1->getAddress();
if (!obj1_addr.isAny() &&
( (recognize_broadcasts && obj1_addr.isBroadcast()) ||
(recognize_multicasts && obj1_addr.isMulticast()) )
) return true;
@ -648,12 +648,13 @@ Interface* Compiler::findInterfaceFor(const Address *obj1, const Address *obj2)
if (Network::constcast(obj1)!=NULL)
{
IPNetwork n1( obj1->getAddress() , Network::constcast(obj1)->getNetmask() );
InetAddrMask n1( obj1->getAddress() ,
obj1->getNetmask() );
if (n1.belongs( addr->getAddress() ) ) return iface;
}
/* n2 is the network interface is sitting on */
IPNetwork n2( addr->getAddress() , addr->getNetmask() );
InetAddrMask n2( addr->getAddress() , addr->getNetmask() );
if ( n2.belongs( obj1->getAddress() ) ) return iface;
}
}
@ -684,12 +685,13 @@ Address* Compiler::findAddressFor(const Address *obj1,const Address *obj2)
if (Network::constcast(obj1)!=NULL)
{
IPNetwork n1( obj1->getAddress() , Network::constcast(obj1)->getNetmask() );
InetAddrMask n1( obj1->getAddress(),
obj1->getNetmask() );
if (n1.belongs( addr->getAddress() ) ) return addr;
}
/* n2 is the network interface is sitting on */
IPNetwork n2( addr->getAddress() , addr->getNetmask() );
InetAddrMask n2( addr->getAddress() , addr->getNetmask() );
if ( n2.belongs( obj1->getAddress() ) ) return addr;
}
}
@ -893,7 +895,7 @@ bool Compiler::splitIfRuleElementMatchesFW::processNext()
Address *a=Address::cast(obj);
assert(a!=NULL);
// IPAddress obj_addr=a->getAddress();
// InetAddr obj_addr=a->getAddress();
if (compiler->complexMatch(a,compiler->fw))
{

2
src/fwcompiler/Compiler.h
View File

@ -42,7 +42,7 @@ namespace libfwbuilder {
class FWObject;
class FWOptions;
class FWObjectDatabase;
class IPAddress;
class InetAddr;
class Address;
class Service;
class Interval;

112
src/fwcompiler/Compiler_ops.cpp
View File

@ -41,6 +41,8 @@
#include "fwbuilder/Policy.h"
#include "fwbuilder/Rule.h"
#include <iostream>
using namespace fwcompiler;
using namespace libfwbuilder;
using namespace std;
@ -54,25 +56,27 @@ using namespace std;
*/
vector<FWObject*> fwcompiler::_find_obj_intersection(Address *op1, Address *op2)
{
const IPNetwork n1( op1->getAddress() ,
(Interface::cast(op1))?Netmask("255.255.255.255"):op1->getNetmask() );
const IPNetwork n2( op2->getAddress() ,
(Interface::cast(op2))?Netmask("255.255.255.255"):op2->getNetmask() );
const InetAddrMask n1( op1->getAddress() ,
(Interface::cast(op1)) ? InetNetmask(InetAddr::getAllOnes()) : op1->getNetmask() );
const InetAddrMask n2( op2->getAddress() ,
(Interface::cast(op2)) ? InetNetmask(InetAddr::getAllOnes()) : op2->getNetmask() );
vector<IPNetwork> intersection= libfwbuilder::getOverlap(n1,n2);
vector<InetAddrMask> intersection = libfwbuilder::getOverlap(n1,n2);
vector<FWObject*> res;
for (vector<IPNetwork>::iterator i=intersection.begin(); i!=intersection.end(); i++) {
IPNetwork *n= &(*i);
if (n->getNetmask()==Netmask("255.255.255.255")) {
IPv4 *h=new IPv4();
for (vector<InetAddrMask>::iterator i=intersection.begin(); i!=intersection.end(); i++)
{
InetAddrMask *n= &(*i);
if (n->getNetmask().isHostMask())
{
IPv4 *h = new IPv4();
h->setAddress(n->getAddress());
h->setName("h-"+n->getAddress().toString());
op1->getRoot()->add(h,false);
res.push_back(h);
} else {
Network *net=new Network();
Network *net = new Network();
net->setAddress(n->getAddress());
net->setNetmask(n->getNetmask());
net->setName("n-"+n->getAddress().toString());
@ -280,57 +284,63 @@ bool fwcompiler::checkForShadowing(const Address &o1,const Address &o2)
return o1_pa->getPhysAddress()==o2_pa->getPhysAddress();
}
IPAddress o1b;
IPAddress o1e;
IPAddress o2b;
IPAddress o2e;
const InetAddr *o1b;
const InetAddr *o1e;
const InetAddr *o2b;
const InetAddr *o2e;
if (AddressRange::isA(&o1))
{
o1b=AddressRange::constcast(&o1)->getRangeStart();
o1e=AddressRange::constcast(&o1)->getRangeEnd();
o1b = &(AddressRange::constcast(&o1)->getRangeStart());
o1e = &(AddressRange::constcast(&o1)->getRangeEnd());
} else
{
if (Network::isA(&o1))
{
o1b=o1.getAddress();
o1e=IPNetwork(o1.getAddress(),o1.getNetmask()).getBroadcastAddress();
o1b = o1.getAddressPtr();
o1e = o1.getBroadcastAddressPtr();
} else
{
o1b=o1.getAddress();
o1e=o1.getAddress();
o1b = o1.getAddressPtr();
o1e = o1.getAddressPtr();
}
}
if (AddressRange::isA(&o2))
{
o2b=AddressRange::constcast(&o2)->getRangeStart();
o2e=AddressRange::constcast(&o2)->getRangeEnd();
o2b = &(AddressRange::constcast(&o2)->getRangeStart());
o2e = &(AddressRange::constcast(&o2)->getRangeEnd());
} else
{
if (Network::isA(&o2))
{
o2b=o2.getAddress();
o2e=IPNetwork(o2.getAddress(),o2.getNetmask()).getBroadcastAddress();
o2b = o2.getAddressPtr();
o2e = o2.getBroadcastAddressPtr();
} else
{
o2b=o2.getAddress();
o2e=o2.getAddress();
o2b = o2.getAddressPtr();
o2e = o2.getAddressPtr();
}
}
/*
cerr << "# o1=" << o1.getName() << " "
<< o1b.toString() << "-" << o1e.toString() << "(" << o1.dimension() << ")"
<< " o2=" << o2.getName() << " "
<< o2b.toString() << "-" << o2e.toString() << "(" << o2.dimension() << ")"
<< " " << int( (o1b>o2b || o1b==o2b) && (o1e<o2e || o1e==o2e) )
#if 0
cerr << "# o1=" << o1.getName() << " [" << o1.toString() << "] "
<< o1b->toString() << "-" << o1e->toString()
<< "(" << o1.dimension() << ")"
<< " o2=" << o2.getName() << " [" << o2.toString() << "] "
<< o2b->toString() << "-" << o2e->toString()
<< "(" << o2.dimension() << ")"
<< " " << int( ((*o1b)>(*o2b) || (*o1b)==(*o2b)) &&
((*o1e)<(*o2e) || (*o1e)==(*o2e)) )
<< endl;
*/
#endif
if (o1.isAny() && o2.isAny()) return true;
if (o1.isAny() && !o2.isAny()) return false;
if (!o1.isAny() && o2.isAny()) return true;
return ( (o2b<o1b || o1b==o2b) && (o1e<o2e || o1e==o2e) );
return ( ((*o2b) < (*o1b) || (*o1b) == (*o2b)) &&
((*o1e) < (*o2e) || (*o1e) == (*o2e)) );
}
/*************************************************************************/
@ -398,10 +408,10 @@ bool fwcompiler::operator==(const Address &o1,const Address &o2)
{
if (o1.getId()==o2.getId()) return true;
IPAddress o1b;
IPAddress o1e;
IPAddress o2b;
IPAddress o2e;
const InetAddr* o1b;
const InetAddr* o1e;
const InetAddr* o2b;
const InetAddr* o2e;
if (Interface::isA(&o1) && Interface::isA(&o2))
{
@ -422,35 +432,35 @@ bool fwcompiler::operator==(const Address &o1,const Address &o2)
if (AddressRange::isA(&o1))
{
o1b=AddressRange::constcast(&o1)->getRangeStart();
o1e=AddressRange::constcast(&o1)->getRangeEnd();
o1b = &(AddressRange::constcast(&o1)->getRangeStart());
o1e = &(AddressRange::constcast(&o1)->getRangeEnd());
} else
if (Network::isA(&o1))
{
o1b=o1.getAddress();
o1e=IPNetwork(o1.getAddress(),o1.getNetmask()).getBroadcastAddress();
o1b = o1.getAddressPtr();
o1e = o1.getBroadcastAddressPtr();
} else
{
o1b=o1.getAddress();
o1e=o1.getAddress();
o1b = o1.getAddressPtr();
o1e = o1.getAddressPtr();
}
if (AddressRange::isA(&o2))
{
o2b=AddressRange::constcast(&o2)->getRangeStart();
o2e=AddressRange::constcast(&o2)->getRangeEnd();
o2b = &(AddressRange::constcast(&o2)->getRangeStart());
o2e = &(AddressRange::constcast(&o2)->getRangeEnd());
} else
if (Network::isA(&o2))
{
o2b=o2.getAddress();
o2e=IPNetwork(o2.getAddress(),o2.getNetmask()).getBroadcastAddress();
o2b = o2.getAddressPtr();
o2e = o2.getBroadcastAddressPtr();
} else
{
o2b=o2.getAddress();
o2e=o2.getAddress();
o2b = o2.getAddressPtr();
o2e = o2.getAddressPtr();
}
return (o1b==o2b && o1e==o2e);
return ((*o1b) == (*o2b) && (*o1e) == (*o2e));
}
bool fwcompiler::operator==(const Interval &o1,const Interval &o2)

2
src/fwcompiler/NATCompiler.cpp
View File

@ -33,7 +33,7 @@
#include "fwbuilder/InterfacePolicy.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/RuleSet.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/Interface.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/FWObjectDatabase.h"

2
src/fwcompiler/OSConfigurator.h
View File

@ -31,7 +31,7 @@
#include "fwbuilder/FWException.h"
#include "fwbuilder/FWObjectDatabase.h"
#include "fwbuilder/FWOptions.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include <fstream>
#include <sstream>

8
src/fwcompiler/PolicyCompiler.cpp
View File

@ -42,7 +42,7 @@
#include "fwbuilder/InterfacePolicy.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/RuleSet.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/Interface.h"
#include "fwbuilder/IPv4.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -664,11 +664,11 @@ Address* PolicyCompiler::checkForZeroAddr::findZeroAddress(RuleElement *re)
continue;
if ( ! addr->isAny()
&& addr->getAddress()==IPAddress("0.0.0.0")
&& addr->getNetmask()==Netmask("0.0.0.0")
&& addr->getAddress().isAny()
&& addr->getNetmask().isAny()
)
{
a=addr;
a = addr;
break;
}
}

19
src/fwcompiler/RoutingCompiler.cpp
View File

@ -41,7 +41,8 @@
#include "fwbuilder/Rule.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/RuleSet.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/IPRoute.h"
#include "fwbuilder/Interface.h"
#include "fwbuilder/IPv4.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -361,30 +362,26 @@ bool RoutingCompiler::contradictionRGtwAndRItf::processNext()
if( Host::cast(oRGtw) != NULL || Interface::cast(oRGtw) != NULL || IPv4::cast(oRGtw) != NULL) {
IPAddress ip_interface;
const InetAddr* ip_interface;
if ( Host::cast(oRGtw) != NULL) {
Host *host=Host::cast(oRGtw);
ip_interface= host->getAddress();
ip_interface = host->getAddressPtr();
} else if (Interface::cast(oRGtw) != NULL) {
Interface *intf=Interface::cast(oRGtw);
ip_interface= intf->getAddress();
ip_interface = intf->getAddressPtr();
} else if (IPv4::cast(oRGtw) != NULL) {
IPv4 *ipv4=IPv4::cast(oRGtw);
ip_interface= ipv4->getAddress();
ip_interface = ipv4->getAddressPtr();
}
list<FWObject*> obj_list = oRItf->getByType("IPv4");
for (list<FWObject*>::iterator i=obj_list.begin(); i!=obj_list.end(); ++i)
{
IPv4 *firewall=IPv4::cast(*i);
Netmask n_firewall = firewall->getNetmask();
IPAddress ip_firewall = firewall->getAddress();
if ((n_firewall.to32BitInt() & ip_firewall.to32BitInt()) == (n_firewall.to32BitInt() & ip_interface.to32BitInt())) {
IPv4 *firewall_addr = IPv4::cast(*i);
if (firewall_addr->belongs(*ip_interface))
return true;
}
}
string msg;

4
src/test/ipAddressTest.cpp
View File

@ -115,9 +115,9 @@ void IPAddressTest(FWObjectDatabase *objdb)
<< " (" << size << " addresses) "
<< " to networks" << endl;
vector<IPNetwork> vn=libfwbuilder::convertAddressRange(*a1,*a2);
vector<InetAddrMask> vn=libfwbuilder::convertAddressRange(*a1,*a2);
for (vector<IPNetwork>::iterator i=vn.begin(); i!=vn.end(); i++)
for (vector<InetAddrMask>::iterator i=vn.begin(); i!=vn.end(); i++)
{
IPAddress bcast=i->getBroadcastAddress();