onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-06-25 02:19:37 +02:00
Code Issues Releases Wiki Activity

Initial import into v3 branch

Browse Source
This commit is contained in:
Vadim Kurland
2007-12-25 22:25:59 +00:00
commit fcfedad398
852 changed files with 319104 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

275
Doxyfile Normal file
View File

@@ -0,0 +1,275 @@
# Doxyfile 1.4.1-KDevelop
#---------------------------------------------------------------------------
# Project related configuration options
#---------------------------------------------------------------------------
PROJECT_NAME = someproj.kdevelop
PROJECT_NUMBER = 1
OUTPUT_DIRECTORY =
CREATE_SUBDIRS = NO
OUTPUT_LANGUAGE = English
USE_WINDOWS_ENCODING = NO
BRIEF_MEMBER_DESC = YES
REPEAT_BRIEF = YES
ABBREVIATE_BRIEF = "The $name class" \
"The $name widget" \
"The $name file" \
is \
provides \
specifies \
contains \
represents \
a \
an \
the
ALWAYS_DETAILED_SEC = NO
INLINE_INHERITED_MEMB = NO
FULL_PATH_NAMES = YES
STRIP_FROM_PATH = /home/krava/work/fwbuilder2/
STRIP_FROM_INC_PATH =
SHORT_NAMES = NO
JAVADOC_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
DETAILS_AT_TOP = NO
INHERIT_DOCS = YES
DISTRIBUTE_GROUP_DOC = NO
TAB_SIZE = 8
ALIASES =
OPTIMIZE_OUTPUT_FOR_C = NO
OPTIMIZE_OUTPUT_JAVA = NO
SUBGROUPING = YES
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
EXTRACT_ALL = NO
EXTRACT_PRIVATE = NO
EXTRACT_STATIC = NO
EXTRACT_LOCAL_CLASSES = YES
EXTRACT_LOCAL_METHODS = NO
HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
HIDE_FRIEND_COMPOUNDS = NO
HIDE_IN_BODY_DOCS = NO
INTERNAL_DOCS = NO
CASE_SENSE_NAMES = YES
HIDE_SCOPE_NAMES = NO
SHOW_INCLUDE_FILES = YES
INLINE_INFO = YES
SORT_MEMBER_DOCS = YES
SORT_BRIEF_DOCS = NO
SORT_BY_SCOPE_NAME = NO
GENERATE_TODOLIST = YES
GENERATE_TESTLIST = YES
GENERATE_BUGLIST = YES
GENERATE_DEPRECATEDLIST= YES
ENABLED_SECTIONS =
MAX_INITIALIZER_LINES = 30
SHOW_USED_FILES = YES
SHOW_DIRECTORIES = YES
FILE_VERSION_FILTER =
#---------------------------------------------------------------------------
# configuration options related to warning and progress messages
#---------------------------------------------------------------------------
QUIET = NO
WARNINGS = YES
WARN_IF_UNDOCUMENTED = YES
WARN_IF_DOC_ERROR = YES
WARN_NO_PARAMDOC = NO
WARN_FORMAT = "$file:$line: $text"
WARN_LOGFILE =
#---------------------------------------------------------------------------
# configuration options related to the input files
#---------------------------------------------------------------------------
INPUT = /home/krava/work/kdev/someproj
FILE_PATTERNS = *.c \
*.cc \
*.cxx \
*.cpp \
*.c++ \
*.java \
*.ii \
*.ixx \
*.ipp \
*.i++ \
*.inl \
*.h \
*.hh \
*.hxx \
*.hpp \
*.h++ \
*.idl \
*.odl \
*.cs \
*.php \
*.php3 \
*.inc \
*.m \
*.mm \
*.dox \
*.C \
*.CC \
*.C++ \
*.II \
*.I++ \
*.H \
*.HH \
*.H++ \
*.CS \
*.PHP \
*.PHP3 \
*.M \
*.MM \
*.C \
*.H \
*.tlh \
*.diff \
*.patch \
*.moc \
*.xpm \
*.dox
RECURSIVE = yes
EXCLUDE =
EXCLUDE_SYMLINKS = NO
EXCLUDE_PATTERNS =
EXAMPLE_PATH =
EXAMPLE_PATTERNS = *
EXAMPLE_RECURSIVE = NO
IMAGE_PATH =
INPUT_FILTER =
FILTER_PATTERNS =
FILTER_SOURCE_FILES = NO
#---------------------------------------------------------------------------
# configuration options related to source browsing
#---------------------------------------------------------------------------
SOURCE_BROWSER = NO
INLINE_SOURCES = NO
STRIP_CODE_COMMENTS = YES
REFERENCED_BY_RELATION = YES
REFERENCES_RELATION = YES
VERBATIM_HEADERS = YES
#---------------------------------------------------------------------------
# configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
ALPHABETICAL_INDEX = NO
COLS_IN_ALPHA_INDEX = 5
IGNORE_PREFIX =
#---------------------------------------------------------------------------
# configuration options related to the HTML output
#---------------------------------------------------------------------------
GENERATE_HTML = YES
HTML_OUTPUT = html
HTML_FILE_EXTENSION = .html
HTML_HEADER =
HTML_FOOTER =
HTML_STYLESHEET =
HTML_ALIGN_MEMBERS = YES
GENERATE_HTMLHELP = NO
CHM_FILE =
HHC_LOCATION =
GENERATE_CHI = NO
BINARY_TOC = NO
TOC_EXPAND = NO
DISABLE_INDEX = NO
ENUM_VALUES_PER_LINE = 4
GENERATE_TREEVIEW = NO
TREEVIEW_WIDTH = 250
#---------------------------------------------------------------------------
# configuration options related to the LaTeX output
#---------------------------------------------------------------------------
GENERATE_LATEX = YES
LATEX_OUTPUT = latex
LATEX_CMD_NAME = latex
MAKEINDEX_CMD_NAME = makeindex
COMPACT_LATEX = NO
PAPER_TYPE = a4wide
EXTRA_PACKAGES =
LATEX_HEADER =
PDF_HYPERLINKS = NO
USE_PDFLATEX = NO
LATEX_BATCHMODE = NO
LATEX_HIDE_INDICES = NO
#---------------------------------------------------------------------------
# configuration options related to the RTF output
#---------------------------------------------------------------------------
GENERATE_RTF = NO
RTF_OUTPUT = rtf
COMPACT_RTF = NO
RTF_HYPERLINKS = NO
RTF_STYLESHEET_FILE =
RTF_EXTENSIONS_FILE =
#---------------------------------------------------------------------------
# configuration options related to the man page output
#---------------------------------------------------------------------------
GENERATE_MAN = NO
MAN_OUTPUT = man
MAN_EXTENSION = .3
MAN_LINKS = NO
#---------------------------------------------------------------------------
# configuration options related to the XML output
#---------------------------------------------------------------------------
GENERATE_XML = yes
XML_OUTPUT = xml
XML_SCHEMA =
XML_DTD =
XML_PROGRAMLISTING = YES
#---------------------------------------------------------------------------
# configuration options for the AutoGen Definitions output
#---------------------------------------------------------------------------
GENERATE_AUTOGEN_DEF = NO
#---------------------------------------------------------------------------
# configuration options related to the Perl module output
#---------------------------------------------------------------------------
GENERATE_PERLMOD = NO
PERLMOD_LATEX = NO
PERLMOD_PRETTY = YES
PERLMOD_MAKEVAR_PREFIX =
#---------------------------------------------------------------------------
# Configuration options related to the preprocessor
#---------------------------------------------------------------------------
ENABLE_PREPROCESSING = YES
MACRO_EXPANSION = NO
EXPAND_ONLY_PREDEF = NO
SEARCH_INCLUDES = YES
INCLUDE_PATH =
INCLUDE_FILE_PATTERNS =
PREDEFINED =
EXPAND_AS_DEFINED =
SKIP_FUNCTION_MACROS = YES
#---------------------------------------------------------------------------
# Configuration::additions related to external references
#---------------------------------------------------------------------------
TAGFILES =
GENERATE_TAGFILE = someproj.tag
ALLEXTERNALS = NO
EXTERNAL_GROUPS = YES
PERL_PATH = /usr/bin/perl
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
CLASS_DIAGRAMS = YES
HIDE_UNDOC_RELATIONS = YES
HAVE_DOT = NO
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES
GROUP_GRAPHS = YES
UML_LOOK = NO
TEMPLATE_RELATIONS = NO
INCLUDE_GRAPH = YES
INCLUDED_BY_GRAPH = YES
CALL_GRAPH = NO
GRAPHICAL_HIERARCHY = YES
DIRECTORY_GRAPH = YES
DOT_IMAGE_FORMAT = png
DOT_PATH =
DOTFILE_DIRS =
MAX_DOT_GRAPH_WIDTH = 1024
MAX_DOT_GRAPH_HEIGHT = 1024
MAX_DOT_GRAPH_DEPTH = 1000
DOT_TRANSPARENT = NO
DOT_MULTI_TARGETS = NO
GENERATE_LEGEND = YES
DOT_CLEANUP = YES
#---------------------------------------------------------------------------
# Configuration::additions related to the search engine
#---------------------------------------------------------------------------
SEARCHENGINE = NO

0
FWBMainWindow_q.h Normal file
View File

30
VERSION Normal file
View File

@@ -0,0 +1,30 @@
#-*- mode: shell-script; tab-width: 4; -*-
# $Id: VERSION,v 1.47 2007/07/21 23:44:19 vkurland Exp $
FWB_MAJOR_VERSION=2
FWB_MINOR_VERSION=1
FWB_MICRO_VERSION=99
VERSION=$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION
#
# release num. I use it to distinguish between pre-release builds and
# in rare situation when I need to produce replacement RPMs and do not
# want to change version number.
#
# Set it to "1" before publishing the release.
#
RELEASE_NUM="1"
# RELEASE_NUM="`date +%Y%m%d`cvs"
# RELEASE_NUM="RC1"
# RELEASE_NUM="b"
BETA="no"
REQUIRED_LIBFWBUILDER_VERSION="2.1.99"
# current (or major) version number of the library so file
#
LIBFWBUILDER_SOMAJOR=7

2
VERSION.h Normal file
View File

@@ -0,0 +1,2 @@
#define VERSION "2.1.99"
#define RELEASE_NUM "1"

33
autogen.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/sh
MAKE=`which gnumake 2>/dev/null`
if test ! -x "$MAKE" ; then MAKE=`which gmake` ; fi
if test ! -x "$MAKE" ; then MAKE=`which make` ; fi
HAVE_GNU_MAKE=`$MAKE --version|grep -c "Free Software Foundation"`
if test "$HAVE_GNU_MAKE" != "1"; then
echo Could not find GNU make on this system, can not proceed with build.
exit 1
else
echo Found GNU Make at $MAKE ... good.
fi
echo This script runs configure ...
echo You did remember necessary arguments for configure, right?
if test ! -x "`which aclocal`"
then echo you need autoconf to generate the configure script
fi
ACLOCALARG=""
test -d /sw/share/ && ACLOCALARG=" -I /sw/share/aclocal"
libtoolize --force --copy
acinclude
aclocal ${ACLOCALARG}
autoconf
./configure ${CFGARGS} $*

1
build_num Normal file
View File

@@ -0,0 +1 @@
#define BUILD_NUM 301

1388
config.guess vendored Normal file
View File

@@ -0,0 +1,1388 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2003-02-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Per Bothner <per@bothner.com>.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
# The plan is that this can be called by configure scripts if you
# don't specify an explicit build system type.
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION]
Output the configuration name of the system \`$me' is run on.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help" >&2
exit 1 ;;
* )
break ;;
esac
done
if test $# != 0; then
echo "$me: too many arguments$help" >&2
exit 1
fi
trap 'exit 1' 1 2 15
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
# compiler to aid in system detection is discouraged as it requires
# temporary files to be created and, as you can see below, it is a
# headache to deal with in a portable fashion.
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
# Portable tmp directory creation inspired by the Autoconf team.
set_cc_for_build='
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
{ tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
dummy=$tmp/dummy ;
tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
esac ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
# compatibility and a consistent mechanism for selecting the
# object file format.
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep __ELF__ >/dev/null
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
os=netbsd
else
os=netbsdelf
fi
;;
*)
os=netbsd
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
case "${UNAME_VERSION}" in
Debian*)
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
exit 0 ;;
amiga:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
arc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
hp300:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mac68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
macppc:OpenBSD:*:*)
echo powerpc-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme88k:OpenBSD:*:*)
echo m88k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvmeppc:OpenBSD:*:*)
echo powerpc-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
pmax:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
sgi:OpenBSD:*:*)
echo mipseb-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
sun3:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
wgrisc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
*:OpenBSD:*:*)
echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
alpha:OSF1:*:*)
if test $UNAME_RELEASE = "V4.0"; then
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
fi
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
esac
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit 0 ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
exit 0 ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit 0 ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit 0;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
exit 0 ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
exit 0 ;;
*:OS/390:*:*)
echo i370-ibm-openedition
exit 0 ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit 0;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
exit 0;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
fi
exit 0 ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
DRS?6000:UNIX_SV:4.2*:7*)
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7 && exit 0 ;;
esac ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
i86pc:SunOS:5.*:*)
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
exit 0 ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
exit 0 ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
;;
sun4)
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
exit 0 ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
exit 0 ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
# to the lowercase version "mint" (or "freemint"). Finally
# the system name "TOS" denotes a system which is actually not
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit 0 ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
exit 0 ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __cplusplus
#include <stdio.h> /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#if defined (host_mips) && defined (MIPSEB)
#if defined (SYSTYPE_SYSV)
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_SVR4)
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
#endif
#endif
exit (-1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c \
&& $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
&& exit 0
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
exit 0 ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
exit 0 ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
exit 0 ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
exit 0 ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
[ ${TARGET_BINARY_INTERFACE}x = x ]
then
echo m88k-dg-dgux${UNAME_RELEASE}
else
echo m88k-dg-dguxbcs${UNAME_RELEASE}
fi
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
exit 0 ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
exit 0 ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
exit 0 ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
exit 0 ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
exit 0 ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <sys/systemcfg.h>
main()
{
if (!__power_pc())
exit(1);
puts("powerpc-ibm-aix3.2.5");
exit(0);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
exit 0 ;;
*:AIX:*:[45])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:*:*)
echo rs6000-ibm-aix
exit 0 ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
exit 0 ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
exit 0 ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
exit 0 ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
exit 0 ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
exit 0 ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
exit 0 ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
9000/31? ) HP_ARCH=m68000 ;;
9000/[34]?? ) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
esac ;;
esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
# avoid double evaluation of $set_cc_for_build
test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
then
HP_ARCH="hppa2.0w"
else
HP_ARCH="hppa64"
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
exit 0 ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <unistd.h>
int
main ()
{
long cpu = sysconf (_SC_CPU_VERSION);
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
results, however. */
if (CPU_IS_PA_RISC (cpu))
{
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
default: puts ("hppa-hitachi-hiuxwe2"); break;
}
}
else if (CPU_IS_HP_MC68K (cpu))
puts ("m68k-hitachi-hiuxwe2");
else puts ("unknown-hitachi-hiuxwe2");
exit (0);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
exit 0 ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
exit 0 ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
exit 0 ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
exit 0 ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
exit 0 ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
exit 0 ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
*:UNICOS/mp:*:*)
echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:FreeBSD:*:*)
# Determine whether the default compiler uses glibc.
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <features.h>
#if __GLIBC__ >= 2
LIBC=gnu
#else
LIBC=
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
exit 0 ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit 0 ;;
i*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit 0 ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit 0 ;;
x86:Interix*:3*)
echo i586-pc-interix3
exit 0 ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit 0 ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
exit 0 ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit 0 ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit 0 ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
*:GNU:*:*)
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit 0 ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit 0 ;;
arm*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
mips:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef mips
#undef mipsel
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=mipsel
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=mips
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef mips64
#undef mips64el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=mips64el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=mips64
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
exit 0 ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
exit 0 ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
PCA57) UNAME_MACHINE=alphapca56 ;;
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit 0 ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*) echo hppa1.1-unknown-linux-gnu ;;
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
esac
exit 0 ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
exit 0 ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit 0 ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
exit 0 ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
# problems with other programs or directories called `ld' in the path.
# Set LC_ALL=C to ensure ld outputs messages in English.
ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
| sed -ne '/supported targets:/!d
s/[ ][ ]*/ /g
s/.*supported targets: *//
s/ .*//
p'`
case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
a.out-i386-linux)
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
exit 0 ;;
coff-i386)
echo "${UNAME_MACHINE}-pc-linux-gnucoff"
exit 0 ;;
"")
# Either a pre-BFD a.out linker (linux-gnuoldld) or
# one that does not give us useful --help.
echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
exit 0 ;;
esac
# Determine whether the default compiler is a.out or elf
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <features.h>
#ifdef __ELF__
# ifdef __GLIBC__
# if __GLIBC__ >= 2
LIBC=gnu
# else
LIBC=gnulibc1
# endif
# else
LIBC=gnulibc1
# endif
#else
#ifdef __INTEL_COMPILER
LIBC=gnu
#else
LIBC=gnuaout
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
exit 0 ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit 0 ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
exit 0 ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
exit 0 ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit 0 ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
exit 0 ;;
i*86:*:5:[78]*)
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
exit 0 ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
&& UNAME_MACHINE=i686
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
paragon:*:*:*)
echo i860-intel-osf1
exit 0 ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
exit 0 ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
exit 0 ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4.3${OS_REL} && exit 0
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
exit 0 ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
echo ${UNAME_MACHINE}-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit 0 ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
exit 0 ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit 0 ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
exit 0 ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
exit 0 ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
exit 0 ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit 0 ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit 0 ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Darwin:*:*)
case `uname -p` in
*86) UNAME_PROCESSOR=i686 ;;
powerpc) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit 0 ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
exit 0 ;;
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
exit 0 ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
exit 0 ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
exit 0 ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit 0 ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
exit 0 ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
exit 0 ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
exit 0 ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
exit 0 ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
exit 0 ;;
*:ITS:*:*)
echo pdp10-unknown-its
exit 0 ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
# if !defined (ultrix)
# include <sys/param.h>
# if defined (BSD)
# if BSD == 43
printf ("vax-dec-bsd4.3\n"); exit (0);
# else
# if BSD == 199006
printf ("vax-dec-bsd4.3reno\n"); exit (0);
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# endif
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# else
printf ("vax-dec-ultrix\n"); exit (0);
# endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit 0 ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
c34*)
echo c34-convex-bsd
exit 0 ;;
c38*)
echo c38-convex-bsd
exit 0 ;;
c4*)
echo c4-convex-bsd
exit 0 ;;
esac
fi
cat >&2 <<EOF
$0: unable to guess system type
This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
ftp://ftp.gnu.org/pub/gnu/config/
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
pertinent to <config-patches@gnu.org> in order to provide the needed
information to handle your system.
config.guess timestamp = $timestamp
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
hostinfo = `(hostinfo) 2>/dev/null`
/bin/universe = `(/bin/universe) 2>/dev/null`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
/bin/arch = `(/bin/arch) 2>/dev/null`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
UNAME_MACHINE = ${UNAME_MACHINE}
UNAME_RELEASE = ${UNAME_RELEASE}
UNAME_SYSTEM = ${UNAME_SYSTEM}
UNAME_VERSION = ${UNAME_VERSION}
EOF
exit 1
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

121
config.h.in Normal file
View File

@@ -0,0 +1,121 @@
#include "VERSION.h"
#include "build_num"
#undef PACKAGE_LOCALE_DIR
#undef PACKAGE_DATA_DIR
#undef PACKAGE_SOURCE_DIR
#undef RCS_DIR
#undef RCS_FILE_NAME
#undef RCSDIFF_FILE_NAME
#undef RLOG_FILE_NAME
#undef CI_FILE_NAME
#undef CO_FILE_NAME
/* Where system-wide QT translations are installed */
#undef QTTRANSLATIONSDIR
/* Define if you have the <X11/SM/SMlib.h> header file. */
#undef HAVE_X11_SM_SMLIB_H
/* Name of package */
#undef PACKAGE
/* OS */
#undef OS
/* OS */
#undef OS_CYGWIN
#undef OS_MINGW
#undef OS_MACOSX
#undef OS_SOLARIS
#undef OS_FREEBSD
#undef OS_OPENBSD
#undef OS_LINUX
#undef OS_UNKNOWN
#if defined(OS_SOLARIS) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || defined(OS_LINUX) || defined(OS_MACOSX)
#define OS_UNIX 1
#endif
#if defined(_WIN32)
#define OS_WIN32 1
#endif
/* distribution (for Linux) */
#undef DISTRO
/* prefix dir */
/* #undef PREFIX */
/* init dir */
#undef RES_DIR
#define MANIFEST_MARKER "# files: "
#undef HAVE_LOCALE_H
#undef HAVE_GETOPT_H
#undef HAVE_SETLOCALE
#undef HAVE_SETENV
#undef HAVE_PUTENV
#undef HAVE_SIGNAL
#undef HAVE_SIGNAL_H
#undef HAVE_PTY_H
#undef HAVE_LIBUTIL_H
#undef HAVE_UTIL_H
#ifdef HAVE_GETOPT_H
# define HAVE_DECL_GETOPT HAVE_GETOPT_H
#endif
#undef HAVE_STRUCT_TM_TM_ZONE
#undef TM_IN_SYS_TIME
#undef HAVE_FORKPTY
#undef HAVE_CFMAKERAW
/*
* This is needed for Solaris
*/
#undef __PRAGMA_REDEFINE_EXTNAME
#undef HAVE_CATGETS
#undef HAVE_GETTEXT
#undef HAVE_LC_MESSAGES
#undef HAVE_STPCPY
#undef HAVE_LIBSM
#undef HAVE_MEMPCPY
#undef HAVE_STRCHR
#undef HAVE_ANTLR_RUNTIME
/*
* on some platforms (OpenBSD) the second parameter to dlopen is different
*/
#undef DLOPEN_MODE
#if 0
#ifdef __cplusplus
using namespace std;
/*
#ifndef __STD
#define __STD std
#endif
*/
#endif
#endif
#ifndef _WIN32
# define SNPRINTF snprintf
# define VSNPRINTF vsnprintf
#else
# define SNPRINTF _snprintf
# define VSNPRINTF _vsnprintf
#endif
#define _(x) x

1489
config.sub vendored Normal file
View File

@@ -0,0 +1,1489 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2003-02-22'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
# Each package is responsible for reporting which valid configurations
# it does not support. The user should be able to distinguish
# a failure to support a valid configuration from a meaningless
# configuration.
# The goal of this file is to map all the various variations of a given
# machine specification into a single specification in the form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
# or in some cases, the newer four-part form:
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Canonicalize a configuration name.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help"
exit 1 ;;
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
* )
break ;;
esac
done
case $# in
0) echo "$me: missing argument$help" >&2
exit 1;;
1) ;;
*) echo "$me: too many arguments$help" >&2
exit 1;;
esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
then os=`echo $1 | sed 's/.*-/-/'`
else os=; fi
;;
esac
### Let's recognize common machines as not being operating systems so
### that things like config.sub decstation-3100 work. We also
### recognize some manufacturers as not being operating systems, so we
### can provide default operating systems below.
case $os in
-sun*os*)
# Prevent following clause from handling this invalid input.
;;
-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis)
os=
basic_machine=$1
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
;;
-scout)
;;
-wrs)
os=-vxworks
basic_machine=$1
;;
-chorusos*)
os=-chorusos
basic_machine=$1
;;
-chorusrdb)
os=-chorusrdb
basic_machine=$1
;;
-hiux*)
os=-hiuxwe2
;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
os=-sco3.2v4
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2.[4-9]*)
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2v[4-9]*)
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-clix*)
basic_machine=clipper-intergraph
;;
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*)
os=-lynxos
;;
-ptx*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
;;
-windowsnt*)
os=`echo $os | sed -e 's/windowsnt/winnt/'`
;;
-psos*)
os=-psos
;;
-mint | -mint[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
esac
# Decode aliases for certain CPU-COMPANY combinations.
case $basic_machine in
# Recognize the basic CPU types without company name.
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
| clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k \
| m32r | m68000 | m68k | m88k | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
| mips64vr | mips64vrel \
| mips64orion | mips64orionel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| msp430 \
| ns16k | ns32k \
| openrisc | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic80 | tron \
| v850 | v850e \
| we32k \
| x86 | xscale | xstormy16 | xtensa \
| z8k)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
i*86 | x86_64)
basic_machine=$basic_machine-pc
;;
# Object if more than one company name word.
*-*-*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
| bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* \
| m32r-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
| mips64vr-* | mips64vrel-* \
| mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
| msp430-* \
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
| xtensa-* \
| ymp-* \
| z8k-*)
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
basic_machine=m68000-att
;;
3b*)
basic_machine=we32k-att
;;
a29khif)
basic_machine=a29k-amd
os=-udi
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
;;
alliant | fx80)
basic_machine=fx80-alliant
;;
altos | altos3068)
basic_machine=m68k-altos
;;
am29k)
basic_machine=a29k-none
os=-bsd
;;
amdahl)
basic_machine=580-amdahl
os=-sysv
;;
amiga | amiga-*)
basic_machine=m68k-unknown
;;
amigaos | amigados)
basic_machine=m68k-unknown
os=-amigaos
;;
amigaunix | amix)
basic_machine=m68k-unknown
os=-sysv4
;;
apollo68)
basic_machine=m68k-apollo
os=-sysv
;;
apollo68bsd)
basic_machine=m68k-apollo
os=-bsd
;;
aux)
basic_machine=m68k-apple
os=-aux
;;
balance)
basic_machine=ns32k-sequent
os=-dynix
;;
c90)
basic_machine=c90-cray
os=-unicos
;;
convex-c1)
basic_machine=c1-convex
os=-bsd
;;
convex-c2)
basic_machine=c2-convex
os=-bsd
;;
convex-c32)
basic_machine=c32-convex
os=-bsd
;;
convex-c34)
basic_machine=c34-convex
os=-bsd
;;
convex-c38)
basic_machine=c38-convex
os=-bsd
;;
cray | j90)
basic_machine=j90-cray
os=-unicos
;;
crds | unos)
basic_machine=m68k-crds
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
basic_machine=mips-dec
;;
decsystem10* | dec10*)
basic_machine=pdp10-dec
os=-tops10
;;
decsystem20* | dec20*)
basic_machine=pdp10-dec
os=-tops20
;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
basic_machine=m68k-motorola
;;
delta88)
basic_machine=m88k-motorola
os=-sysv3
;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
;;
dpx2* | dpx2*-bull)
basic_machine=m68k-bull
os=-sysv3
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
;;
elxsi)
basic_machine=elxsi-elxsi
os=-bsd
;;
encore | umax | mmax)
basic_machine=ns32k-encore
;;
es1800 | OSE68k | ose68k | ose | OSE)
basic_machine=m68k-ericsson
os=-ose
;;
fx2800)
basic_machine=i860-alliant
;;
genix)
basic_machine=ns32k-ns
;;
gmicro)
basic_machine=tron-gmicro
os=-sysv
;;
go32)
basic_machine=i386-pc
os=-go32
;;
h3050r* | hiux*)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
h8300hms)
basic_machine=h8300-hitachi
os=-hms
;;
h8300xray)
basic_machine=h8300-hitachi
os=-xray
;;
h8500hms)
basic_machine=h8500-hitachi
os=-hms
;;
harris)
basic_machine=m88k-harris
os=-sysv3
;;
hp300-*)
basic_machine=m68k-hp
;;
hp300bsd)
basic_machine=m68k-hp
os=-bsd
;;
hp300hpux)
basic_machine=m68k-hp
os=-hpux
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
basic_machine=m68000-hp
;;
hp9k3[2-9][0-9])
basic_machine=m68k-hp
;;
hp9k6[0-9][0-9] | hp6[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
basic_machine=hppa1.1-hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
;;
hppro)
basic_machine=hppa1.1-hp
os=-proelf
;;
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
;;
i*86v4*)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv4
;;
i*86v)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv
;;
i*86sol2)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
basic_machine=i386-unknown
os=-vsta
;;
iris | iris4d)
basic_machine=mips-sgi
case $os in
-irix*)
;;
*)
os=-irix4
;;
esac
;;
isi68 | isi)
basic_machine=m68k-isi
os=-sysv
;;
m88k-omron*)
basic_machine=m88k-omron
;;
magnum | m3230)
basic_machine=mips-mips
os=-sysv
;;
merlin)
basic_machine=ns32k-utek
os=-sysv
;;
mingw32)
basic_machine=i386-pc
os=-mingw32
;;
miniframe)
basic_machine=m68000-convergent
;;
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
;;
morphos)
basic_machine=powerpc-unknown
os=-morphos
;;
msdos)
basic_machine=i386-pc
os=-msdos
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
;;
netbsd386)
basic_machine=i386-unknown
os=-netbsd
;;
netwinder)
basic_machine=armv4l-rebel
os=-linux
;;
news | news700 | news800 | news900)
basic_machine=m68k-sony
os=-newsos
;;
news1000)
basic_machine=m68030-sony
os=-newsos
;;
news-3600 | risc-news)
basic_machine=mips-sony
os=-newsos
;;
necv70)
basic_machine=v70-nec
os=-sysv
;;
next | m*-next )
basic_machine=m68k-next
case $os in
-nextstep* )
;;
-ns2*)
os=-nextstep2
;;
*)
os=-nextstep3
;;
esac
;;
nh3000)
basic_machine=m68k-harris
os=-cxux
;;
nh[45]000)
basic_machine=m88k-harris
os=-cxux
;;
nindy960)
basic_machine=i960-intel
os=-nindy
;;
mon960)
basic_machine=i960-intel
os=-mon960
;;
nonstopux)
basic_machine=mips-compaq
os=-nonstopux
;;
np1)
basic_machine=np1-gould
;;
nv1)
basic_machine=nv1-cray
os=-unicosmp
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
;;
or32 | or32-*)
basic_machine=or32-unknown
os=-coff
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
;;
os68k)
basic_machine=m68k-none
os=-os68k
;;
pa-hitachi)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
paragon)
basic_machine=i860-intel
os=-osf
;;
pbd)
basic_machine=sparc-tti
;;
pbb)
basic_machine=m68k-tti
;;
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
pentiumpro | p6 | 6x86 | athlon | athlon_*)
basic_machine=i686-pc
;;
pentiumii | pentium2)
basic_machine=i686-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
;;
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64) basic_machine=powerpc64-unknown
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
basic_machine=powerpc64le-unknown
;;
ppc64le-* | powerpc64little-*)
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ps2)
basic_machine=i386-ibm
;;
pw32)
basic_machine=i586-unknown
os=-pw32
;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
;;
rm[46]00)
basic_machine=mips-siemens
;;
rtpc | rtpc-*)
basic_machine=romp-ibm
;;
s390 | s390-*)
basic_machine=s390-ibm
;;
s390x | s390x-*)
basic_machine=s390x-ibm
;;
sa29200)
basic_machine=a29k-amd
os=-udi
;;
sb1)
basic_machine=mipsisa64sb1-unknown
;;
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
sequent)
basic_machine=i386-sequent
;;
sh)
basic_machine=sh-hitachi
os=-hms
;;
sparclite-wrs | simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
sps7)
basic_machine=m68k-bull
os=-sysv2
;;
spur)
basic_machine=spur-unknown
;;
st2000)
basic_machine=m68k-tandem
;;
stratus)
basic_machine=i860-stratus
os=-sysv4
;;
sun2)
basic_machine=m68000-sun
;;
sun2os3)
basic_machine=m68000-sun
os=-sunos3
;;
sun2os4)
basic_machine=m68000-sun
os=-sunos4
;;
sun3os3)
basic_machine=m68k-sun
os=-sunos3
;;
sun3os4)
basic_machine=m68k-sun
os=-sunos4
;;
sun4os3)
basic_machine=sparc-sun
os=-sunos3
;;
sun4os4)
basic_machine=sparc-sun
os=-sunos4
;;
sun4sol2)
basic_machine=sparc-sun
os=-solaris2
;;
sun3 | sun3-*)
basic_machine=m68k-sun
;;
sun4)
basic_machine=sparc-sun
;;
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
basic_machine=sv1-cray
os=-unicos
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3e)
basic_machine=alphaev5-cray
os=-unicos
;;
t90)
basic_machine=t90-cray
os=-unicos
;;
tic4x | c4x*)
basic_machine=tic4x-unknown
os=-coff
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tic55x | c55x*)
basic_machine=tic55x-unknown
os=-coff
;;
tic6x | c6x*)
basic_machine=tic6x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
tx39el)
basic_machine=mipstx39el-unknown
;;
toad1)
basic_machine=pdp10-xkl
os=-tops20
;;
tower | tower-32)
basic_machine=m68k-ncr
;;
udi29k)
basic_machine=a29k-amd
os=-udi
;;
ultra3)
basic_machine=a29k-nyu
os=-sym1
;;
v810 | necv810)
basic_machine=v810-nec
os=-none
;;
vaxv)
basic_machine=vax-dec
os=-sysv
;;
vms)
basic_machine=vax-dec
os=-vms
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
;;
vxworks68)
basic_machine=m68k-wrs
os=-vxworks
;;
vxworks29k)
basic_machine=a29k-wrs
os=-vxworks
;;
w65*)
basic_machine=w65-wdc
os=-none
;;
w89k-*)
basic_machine=hppa1.1-winbond
os=-proelf
;;
xps | xps100)
basic_machine=xps100-honeywell
;;
ymp)
basic_machine=ymp-cray
os=-unicos
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
;;
# Here we handle the default manufacturer of certain CPU types. It is in
# some cases the only manufacturer, in others, it is the most popular.
w89k)
basic_machine=hppa1.1-winbond
;;
op50n)
basic_machine=hppa1.1-oki
;;
op60c)
basic_machine=hppa1.1-oki
;;
romp)
basic_machine=romp-ibm
;;
rs6000)
basic_machine=rs6000-ibm
;;
vax)
basic_machine=vax-dec
;;
pdp10)
# there are many clones, so DEC is not a safe bet
basic_machine=pdp10-unknown
;;
pdp11)
basic_machine=pdp11-dec
;;
we32k)
basic_machine=we32k-att
;;
sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sh64)
basic_machine=sh64-unknown
;;
sparc | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
cydra)
basic_machine=cydra-cydrome
;;
orion)
basic_machine=orion-highlevel
;;
orion105)
basic_machine=clipper-highlevel
;;
mac | mpw | mac-mpw)
basic_machine=m68k-apple
;;
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
*-unknown)
# Make sure to match an already-canonicalized machine name.
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
esac
# Here we canonicalize certain aliases for manufacturers.
case $basic_machine in
*-digital*)
basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
;;
*-commodore*)
basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
;;
*)
;;
esac
# Decode manufacturer-specific aliases for certain operating systems.
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
-solaris)
os=-solaris2
;;
-svr4*)
os=-sysv4
;;
-unixware*)
os=-sysv4.2uw
;;
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
# First accept the basic system types.
# The portable systems comes first.
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
case $basic_machine in
x86-* | i*86-*)
;;
*)
os=-nto$os
;;
esac
;;
-nto-qnx*)
;;
-nto*)
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
-sunos5*)
os=`echo $os | sed -e 's|sunos5|solaris2|'`
;;
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
;;
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
-osf*)
os=-osf
;;
-utek*)
os=-bsd
;;
-dynix*)
os=-bsd
;;
-acis*)
os=-aos
;;
-atheos*)
os=-atheos
;;
-386bsd)
os=-bsd
;;
-ctix* | -uts*)
os=-sysv
;;
-nova*)
os=-rtmk-nova
;;
-ns2 )
os=-nextstep2
;;
-nsk*)
os=-nsk
;;
# Preserve the version number of sinix5.
-sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
;;
-sinix*)
os=-sysv4
;;
-triton*)
os=-sysv3
;;
-oss*)
os=-sysv3
;;
-svr4)
os=-sysv4
;;
-svr3)
os=-sysv3
;;
-sysvr4)
os=-sysv4
;;
# This must come after -sysvr4.
-sysv*)
;;
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
-aros*)
os=-aros
;;
-kaos*)
os=-kaos
;;
-none)
;;
*)
# Get rid of the `-' at the beginning of $os.
os=`echo $os | sed 's/[^-]*-//'`
echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
exit 1
;;
esac
else
# Here we handle the default operating systems that come with various machines.
# The value should be what the vendor currently ships out the door with their
# machine or put another way, the most popular os provided with the machine.
# Note that if you're going to try to match "-MANUFACTURER" here (say,
# "-sun"), then you have to tell the case statement up towards the top
# that MANUFACTURER isn't an operating system. Otherwise, code above
# will signal an error saying that MANUFACTURER isn't an operating
# system, and we'll never get to this point.
case $basic_machine in
*-acorn)
os=-riscix1.2
;;
arm*-rebel)
os=-linux
;;
arm*-semi)
os=-aout
;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
;;
pdp11-*)
os=-none
;;
*-dec | vax-*)
os=-ultrix4.2
;;
m68*-apollo)
os=-domain
;;
i386-sun)
os=-sunos4.0.2
;;
m68000-sun)
os=-sunos3
# This also exists in the configure program, but was not the
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
;;
mips*-cisco)
os=-elf
;;
mips*-*)
os=-elf
;;
or32-*)
os=-coff
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
sparc-* | *-sun)
os=-sunos4.1.1
;;
*-be)
os=-beos
;;
*-ibm)
os=-aix
;;
*-wec)
os=-proelf
;;
*-winbond)
os=-proelf
;;
*-oki)
os=-proelf
;;
*-hp)
os=-hpux
;;
*-hitachi)
os=-hiux
;;
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
os=-sysv
;;
*-cbm)
os=-amigaos
;;
*-dg)
os=-dgux
;;
*-dolphin)
os=-sysv3
;;
m68k-ccur)
os=-rtu
;;
m88k-omron*)
os=-luna
;;
*-next )
os=-nextstep
;;
*-sequent)
os=-ptx
;;
*-crds)
os=-unos
;;
*-ns)
os=-genix
;;
i370-*)
os=-mvs
;;
*-next)
os=-nextstep3
;;
*-gould)
os=-sysv
;;
*-highlevel)
os=-bsd
;;
*-encore)
os=-bsd
;;
*-sgi)
os=-irix
;;
*-siemens)
os=-sysv4
;;
*-masscomp)
os=-rtu
;;
f30[01]-fujitsu | f700-fujitsu)
os=-uxpv
;;
*-rom68k)
os=-coff
;;
*-*bug)
os=-coff
;;
*-apple)
os=-macos
;;
*-atari*)
os=-mint
;;
*)
os=-none
;;
esac
fi
# Here we handle the case where we know the os, and the CPU type, but not the
# manufacturer. We pick the logical manufacturer.
vendor=unknown
case $basic_machine in
*-unknown)
case $os in
-riscix*)
vendor=acorn
;;
-sunos*)
vendor=sun
;;
-aix*)
vendor=ibm
;;
-beos*)
vendor=be
;;
-hpux*)
vendor=hp
;;
-mpeix*)
vendor=hp
;;
-hiux*)
vendor=hitachi
;;
-unos*)
vendor=crds
;;
-dgux*)
vendor=dg
;;
-luna*)
vendor=omron
;;
-genix*)
vendor=ns
;;
-mvs* | -opened*)
vendor=ibm
;;
-ptx*)
vendor=sequent
;;
-vxsim* | -vxworks* | -windiss*)
vendor=wrs
;;
-aux*)
vendor=apple
;;
-hms*)
vendor=hitachi
;;
-mpw* | -macos*)
vendor=apple
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
vendor=atari
;;
-vos*)
vendor=stratus
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

461
configure.in Normal file
View File

@@ -0,0 +1,461 @@
dnl $Id: configure.in,v 1.70 2007/06/07 02:33:53 vkurland Exp $
AC_INIT(src/gui/main.cpp)
AC_CANONICAL_SYSTEM
AC_CONFIG_HEADER(config.h)
PACKAGE=fwbuilder
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [package])
AC_SUBST(PACKAGE)
dnl
dnl all version numbers are defined in the file VERSION
dnl
. ./VERSION
BUILD_NUM=`cat build_num | cut -d' ' -f3`
AC_SUBST(FWB_MAJOR_VERSION)
AC_SUBST(FWB_MINOR_VERSION)
AC_SUBST(FWB_MICRO_VERSION)
AC_SUBST(FWB_VERSION)
SHORTVERSION=${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}${FWB_MICRO_VERSION}
AC_SUBST(SHORTVERSION)
AC_SUBST(RELEASE_NUM)
AC_DEFINE_UNQUOTED(RELEASE_NUM, "$RELEASE_NUM", [release_num])
AC_SUBST(REQUIRED_LIBFWBUILDER_VERSION)
AC_SUBST(LIBFWBUILDER_SOMAJOR)
echo "Creating VERSION.h file..."
echo "#define VERSION \"$VERSION\"" > VERSION.h
echo "#define RELEASE_NUM \"$RELEASE_NUM\"" >> VERSION.h
dnl try to find QT
dnl
AC_ARG_WITH(qtdir,[ --with-qtdir=DIR Specify directory path for QT ])
AC_MSG_CHECKING(looking for QT)
if test -n "$with_qtdir"; then
QTDIR="$with_qtdir";
elif test -z "$QTDIR"; then
test -f "/usr/local/lib/qt3/include/qstyle.h" && QTDIR="/usr/local/lib/qt3"
test -f "/opt/lib/qt3/include/qstyle.h" && QTDIR="/opt/lib/qt3"
test -f "/opt/qt3/include/qstyle.h" && QTDIR="/opt/qt3"
test -f "/usr/lib/qt3/include/qstyle.h" && QTDIR="/usr/lib/qt3"
test -f "/usr/lib/qt-3.1/include/qstyle.h" && QTDIR="/usr/lib/qt-3.1"
test -f "/usr/lib/qt-3.2/include/qstyle.h" && QTDIR="/usr/lib/qt-3.2"
test -f "/usr/lib/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib/qt-3.3"
test -f "/usr/local/include/qstyle.h" && QTDIR="/usr/local"
test -f "/usr/include/qstyle.h" && QTDIR="/usr"
test -f "/usr/lib64/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib64/qt-3.3"
fi
export QTDIR
AC_MSG_RESULT($QTDIR)
echo $QTDIR > qtdir
QTTRANSLATIONSDIR="${QTDIR}/translations"
AC_DEFINE_UNQUOTED(QTTRANSLATIONSDIR, "$QTTRANSLATIONSDIR", [qttranslationsdir])
AC_SUBST(QTTRANSLATIONSDIR)
EXTENDED_PATH="${QTDIR}/bin:/usr/local/bin:$PATH"
AC_PATH_PROG(QMAKE, qmake, ,[$EXTENDED_PATH])
if test -z "$QMAKE"; then
AC_MSG_ERROR("Could not find qmake")
fi
AC_MSG_CHECKING(checking version of QT this qmake is part of)
qmake_version=`$QMAKE -v 2>&1 | awk '/Using Qt version/ { print $4;}'`
case $qmake_version in
4.*) AC_MSG_RESULT( $qmake_version ) ;;
*) AC_MSG_ERROR( "$qmake_version -- v4.x is required") ;;
esac
AC_ARG_WITH(templatedir, [ --with-templatedir=DIR Specify directory path for fwbuilder template files ])
AC_ARG_WITH(docdir, [ --with-docdir=DIR Specify directory path for fwbuilder
documentation files ])
dnl
dnl Determine init dir and add definition to config.h. Program
dnl determines prefix name of the directory it was started from
dnl and prepends it to the RES_DIR
dnl
PREFIX=$ac_default_prefix
if test "x$prefix" != "xNONE"; then
PREFIX=$prefix
fi
AC_DEFINE_UNQUOTED(PREFIX, "${PREFIX}", [prefix])
AC_SUBST(PREFIX)
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version])
AC_SUBST(VERSION)
AC_PROG_INSTALL
AC_ISC_POSIX
AC_PROG_CC
dnl AM_PROG_CC_STDC
AC_HEADER_STDC
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_CXXCPP
dnl need this for intl to compile on FreeBSD and may be other platforms
AC_CHECK_FUNCS(strchr memcpy)
dnl AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
dnl AC_CANONICAL_HOST
AC_PROG_MAKE_SET
dnl Check for GNU make
dnl
AC_MSG_CHECKING(whether make is GNU Make)
if ${MAKE-make} -q --version 2>/dev/null | grep '^GNU Make ' >/dev/null ; then
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
if test "$host_vendor" = "sun" ; then
AC_MSG_ERROR("SUN make does not work for building Firewall Builder. Please install GNU make")
fi
fi
dnl some platform-dependent flags
dnl
dnl e.g. we need to set -I/sw/include before check for GETTEXT
dnl
GUILINKFLAGS=
case "$build_os" in
*solaris*)
GUILINKFLAGS="-export-dynamic"
;;
*darwin*)
if test -d /sw/include; then
CXXFLAGS="-I/sw/include"
CPPFLAGS="-I/sw/include"
CFLAGS="-I/sw/include"
LDFLAGS="-flat_namespace"
fi
LIBS="$LIBS -L/sw/lib"
AC_CHECK_LIB(poll, poll, [LIBS="$LIBS -lpoll"],[
AC_MSG_ERROR([Could not link with libpoll: library is not installed on this system])
])
;;
esac
AC_SUBST(GUILINKFLAGS)
dnl
dnl forkpty is in libutil on Linux and BSD, while on Mac it is in libc
dnl
AC_CHECK_HEADERS( [pty.h libutil.h util.h],[],[],[#include <sys/types.h>])
AC_CHECK_LIB(c,forkpty,[
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
],[
AC_CHECK_LIB(util,forkpty,[
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
LIBS="-lutil $LIBS"
],[
AC_MSG_RESULT(["forkpty not found, will use emulation"])
],[])
],[])
AC_CHECK_LIB(c,cfmakeraw,[
AC_DEFINE_UNQUOTED(HAVE_CFMAKERAW, 1, [cfmakeraw])
])
dnl standard LIBTOOL fragment
dnl
dnl commented out 12/20 - we now use qmake and do not need libtool
dnl
dnl AC_LIBTOOL_DLOPEN
dnl AC_PROG_LIBTOOL
dnl AC_SUBST(LIBTOOL_DEPS)
dnl AM_PROG_LIBTOOL
dnl AC_PROG_RANLIB
AC_CHECK_HEADERS([getopt.h])
AC_CHECK_HEADERS([signal.h])
AC_CHECK_FUNCS(stat _stat signal)
AC_STRUCT_TM
AC_STRUCT_TIMEZONE
dnl do not insert spaces in these macros, even outside of []
AC_PATH_PROG(RCS_FILE_NAME,[rcs],[rcs],[$EXTENDED_PATH])
AC_PATH_PROG(RCSDIFF_FILE_NAME,[rcsdiff],[rcsdiff],[$EXTENDED_PATH])
AC_PATH_PROG(RLOG_FILE_NAME,[rlog],[rlog],[$EXTENDED_PATH])
AC_PATH_PROG(CI_FILE_NAME,[ci],[ci],[$EXTENDED_PATH])
AC_PATH_PROG(CO_FILE_NAME,[co],[co],[$EXTENDED_PATH])
AC_DEFINE_UNQUOTED(RCS_FILE_NAME, ["$RCS_FILE_NAME"], [rcs_file_name])
AC_DEFINE_UNQUOTED(RCSDIFF_FILE_NAME, ["$RCSDIFF_FILE_NAME"], [rcsdiff_file_name])
AC_DEFINE_UNQUOTED(RLOG_FILE_NAME, ["$RLOG_FILE_NAME"], [rlog_file_name])
AC_DEFINE_UNQUOTED(CI_FILE_NAME, ["$CI_FILE_NAME"], [ci_file_name])
AC_DEFINE_UNQUOTED(CO_FILE_NAME, ["$CO_FILE_NAME"], [co_file_name])
AC_PATH_PROG(LIBFWBUILDER_CONFIG, libfwbuilder-config-${FWB_MAJOR_VERSION}.${FWB_MINOR_VERSION}, ,[$EXTENDED_PATH])
if test x$LIBFWBUILDER_CONFIG = x ; then
AC_MSG_ERROR([*** libfwbuilder not installed, or libfwbuilder-config-2 is not in path])
else
LIBFWBUILDER_CFLAGS_FWBUILDER="`$LIBFWBUILDER_CONFIG --cflags fwbuilder`"
LIBFWBUILDER_CFLAGS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --cflags fwcompiler`"
LIBFWBUILDER_CFLAGS_FWBD="`$LIBFWBUILDER_CONFIG --cflags fwbd`"
LIBFWBUILDER_INCLUDEPATH="`$LIBFWBUILDER_CONFIG --includepath`"
LIBFWBUILDER_LIBPATH="`$LIBFWBUILDER_CONFIG --libpath`"
LIBFWBUILDER_LIBS_FWBUILDER="`$LIBFWBUILDER_CONFIG --libs fwbuilder`"
LIBFWBUILDER_LIBS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --libs fwcompiler`"
LIBFWBUILDER_LIBS_FWBD="`$LIBFWBUILDER_CONFIG --libs fwbd`"
LIBFWBUILDER_STATICLIBS="`$LIBFWBUILDER_CONFIG --staticlibs`"
LIBFWBUILDER_VERSION="`$LIBFWBUILDER_CONFIG --version`"
AC_MSG_CHECKING(libfwbuilder version)
if test x${LIBFWBUILDER_VERSION} != x${REQUIRED_LIBFWBUILDER_VERSION} ; then
AC_MSG_ERROR([*** Need libfwbuilder version $REQUIRED_LIBFWBUILDER_VERSION, found $LIBFWBUILDER_VERSION ])
fi
AC_MSG_RESULT($LIBFWBUILDER_VERSION)
AC_SUBST(LIBFWBUILDER_CFLAGS_FWBUILDER)
AC_SUBST(LIBFWBUILDER_CFLAGS_FWCOMPILER)
AC_SUBST(LIBFWBUILDER_LIBS_FWBUILDER)
AC_SUBST(LIBFWBUILDER_LIBS_FWCOMPILER)
AC_SUBST(LIBFWBUILDER_LIBPATH)
AC_SUBST(LIBFWBUILDER_INCLUDEPATH)
AC_SUBST(LIBFWBUILDER_STATICLIBS)
AC_SUBST(LIBFWBUILDER_VERSION)
fi
AC_DEFINE_UNQUOTED(LIBFWBUILDER_VERSION, "$LIBFWBUILDER_VERSION", [libfwbuilder_version])
AC_SUBST(LIBS)
AC_LANG_CPLUSPLUS
AC_PATH_PROG(ANTLR_CONFIG, antlr-config, , [$EXTENDED_PATH])
AC_MSG_CHECKING(antlr)
HAVE_ANTLR_RUNTIME="1"
HAVE_EXTERNAL_ANTLR="0";
if test x$ANTLR_CONFIG = x; then
ANTLR_INCLUDEPATH="`pwd`/src/"
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
AC_MSG_RESULT(using provided)
else
ANTLR_VERSION="`$ANTLR_CONFIG --version`"
if test x$ANTLR_VERSION != x2.7.7; then
ANTLR_INCLUDEPATH="`pwd`/src/"
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
AC_MSG_RESULT(using provided)
else
ANTLR_INCLUDEPATH="`$ANTLR_CONFIG --cflags`"
ANTLR_LIBS="`$ANTLR_CONFIG --libs`"
HAVE_EXTERNAL_ANTLR="1"
AC_MSG_RESULT(using external version $ANTLR_VERSION)
fi
fi
AC_DEFINE_UNQUOTED(HAVE_ANTLR_RUNTIME, 1, [antlr_runtime])
AC_DEFINE_UNQUOTED(HAVE_EXTERNAL_ANTLR, $HAVE_EXTERNAL_ANTLR, [external_antlr])
AC_SUBST(HAVE_ANTLR_RUNTIME)
AC_SUBST(HAVE_EXTERNAL_ANTLR)
AC_SUBST(ANTLR_LIBS)
AC_SUBST(ANTLR_INCLUDEPATH)
dnl ********************************************************************
if test -z ${RELEASE_NUM}; then
RPMRELEASE="1"
else
RPMRELEASE="${RELEASE_NUM}";
fi
AC_SUBST(RPMRELEASE)
AC_MSG_CHECKING(what OS this is)
case ${host} in
*-*-cygwin*)
OS=cygwin
OS_CYGWIN=1
AC_MSG_RESULT(Win32 cygwin)
DEFAULT_RES_DIR="resources"
;;
*-*-mingw32*)
OS=mingw32
OS_MINGW=1
AC_MSG_RESULT(Win32 mingw)
DEFAULT_RES_DIR="resources"
;;
*-*-darwin*)
OS=MacOSX
OS_MACOSX=1
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(MacOSX)
DEFAULT_RES_DIR="../Resources"
;;
*-*-solaris*)
OS=Solaris
OS_SOLARIS=1
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(Solaris)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-freebsd*)
OS=FreeBSD
OS_FREEBSD=1
MANDIR="${PREFIX}/man/"
AC_MSG_RESULT(FreeBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-openbsd*)
OS=OpenBSD
OS_OPENBSD=1
MANDIR="${PREFIX}/man/"
AC_MSG_RESULT(OpenBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-kfreebsd*)
OS=FreeBSD
OS_FREEBSD=1
if test -f /etc/debian_version ; then
DISTRO=Debian
else
DISTRO="Unknown"
fi
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT($DISTRO GNU/kFreeBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-linux*)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
OS=Linux
OS_LINUX=1
if test -f /etc/debian_version ; then
DISTRO=Debian
elif test -f /etc/mandrake-release ; then
DISTRO=Mandrake
elif test -f /etc/slackware-version ; then
DISTRO=Slackware
elif test -f /etc/SuSE-release ; then
DISTRO=SuSE
elif test -f /etc/redhat-release ; then
#
# Mandrake has symlink /etc/redhat-release -> /etc/manrake-release ,
# so this check must be the last
#
DISTRO=RedHat
else
DISTRO="Unknown"
fi
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT($DISTRO Linux)
;;
*)
OS=Unknown
OS_UNKNOWN=1
DISTRO=Unknown
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(Unknown)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
esac
if test "x$with_templatedir" != "x"; then
RES_DIR="${with_templatedir}"
else
RES_DIR="$DEFAULT_RES_DIR"
fi
AC_DEFINE_UNQUOTED(RES_DIR, "$RES_DIR", [res_dir])
AC_SUBST(RES_DIR)
if test "x$with_docdir" != "x"; then
DOCDIR="${with_docdir}"
else
DOCDIR="${PREFIX}/share/doc/fwbuilder-${VERSION}"
fi
DOCDIRPATH=`dirname ${DOCDIR}`
AC_SUBST(OS)
AC_DEFINE_UNQUOTED(OS, "${OS}", [os])
test -n "$OS_CYGWIN" && AC_DEFINE_UNQUOTED(OS_CYGWIN, "${OS_CYGWIN}", [cygwin])
test -n "$OS_MINGW" && AC_DEFINE_UNQUOTED(OS_MINGW, "${OS_MINGW}", [mingw])
test -n "$OS_MACOSX" && AC_DEFINE_UNQUOTED(OS_MACOSX, "${OS_MACOSX}", [macosx])
test -n "$OS_SOLARIS" && AC_DEFINE_UNQUOTED(OS_SOLARIS, "${OS_SOLARIS}", [solaris])
test -n "$OS_FREEBSD" && AC_DEFINE_UNQUOTED(OS_FREEBSD, "${OS_FREEBSD}", [freebsd])
test -n "$OS_OPENBSD" && AC_DEFINE_UNQUOTED(OS_OPENBSD, "${OS_OPENBSD}", [openbsd])
test -n "$OS_LINUX" && AC_DEFINE_UNQUOTED(OS_LINUX, "${OS_LINUX}", [linux])
test -n "$OS_UNKNOWN" && AC_DEFINE_UNQUOTED(OS_UNKNOWN, "${OS_UNKNOWN}", [unknown])
AC_SUBST(DISTRO)
AC_DEFINE_UNQUOTED(DISTRO, "${DISTRO}", [distro])
AC_SUBST(DOCDIRPATH)
AC_DEFINE_UNQUOTED(DOCDIRPATH, "${DOCDIRPATH}", [docdirpath])
AC_SUBST(DOCDIR)
AC_DEFINE_UNQUOTED(DOCDIR, "${DOCDIR}", [docdir])
AC_SUBST(MANDIR)
AC_PATH_PROG(CCACHE, ccache, , )
dnl Support for the po directory.
AM_PO_SUBDIRS
dnl AC_CONFIG_FILES([ Main.make ])
AC_CONFIG_FILES([ qmake.inc ])
AC_CONFIG_FILES([ po/POmakefile ], [AM_POSTPROCESS_PO_MAKEFILE])
AC_CONFIG_FILES([ src/res/objects_init.xml ])
AC_CONFIG_FILES([ src/res/templates.xml ])
AC_CONFIG_FILES([ src/res/resources.xml ])
AC_CONFIG_FILES([ src/res/os/fwsm_os.xml ])
AC_CONFIG_FILES([ src/res/os/freebsd.xml ])
AC_CONFIG_FILES([ src/res/os/linux24.xml ])
AC_CONFIG_FILES([ src/res/os/linksys.xml ])
AC_CONFIG_FILES([ src/res/os/macosx.xml ])
AC_CONFIG_FILES([ src/res/os/openbsd.xml ])
AC_CONFIG_FILES([ src/res/os/pix_os.xml ])
AC_CONFIG_FILES([ src/res/os/ios.xml ])
AC_CONFIG_FILES([ src/res/os/solaris.xml ])
AC_CONFIG_FILES([ src/res/os/unknown_os.xml ])
AC_CONFIG_FILES([ src/res/platform/fwsm.xml ])
AC_CONFIG_FILES([ src/res/platform/ipf.xml ])
AC_CONFIG_FILES([ src/res/platform/ipfw.xml ])
AC_CONFIG_FILES([ src/res/platform/iptables.xml ])
AC_CONFIG_FILES([ src/res/platform/pf.xml ])
AC_CONFIG_FILES([ src/res/platform/pix.xml ])
AC_CONFIG_FILES([ src/res/platform/iosacl.xml ])
AC_CONFIG_FILES([ src/res/platform/unknown.xml ])
AC_OUTPUT
. ./runqmake.sh

39
definitions.h Normal file
View File

@@ -0,0 +1,39 @@
/*
Firewall Builder
Copyright (C) 2003 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
$Id$
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Define global macros and constants in this file if they are used in
the GUI, compilers and tools
*/
#ifndef __DEFINITIONS_
#define __DEFINITIONS_
#define DIVERTSOCKET 0
#define DUMMYNETPIPE 1
#define DUMMYNETQUEUE 2
#endif

44
description.txt Normal file
View File

@@ -0,0 +1,44 @@
This is the report of porting FWBuilder to the QT4 library.
Done at all:
1) AboutDialog_q.ui: form completelly ported; CREATED: FWBAboutDialog.h
2) FWObjectClipboard.h, .cpp: no work at most
3) ColorCheckViewItem.h, .cpp: I found that this module isn't used in the project so I didn't do anything with it.
4) definitions.h
5) platforms.h, .cpp
6) FWObjectPropertiesFactory.h, .cpp
7) FWBSettings.h, .cpp
8) listOfLibraries.h, .cpp
9) FWBTree.h, .cpp
10) utils.h, .cpp
11) utils_no_qt.h, .cpp
12) FWObjectDropArea.h, .cpp, .ui: not tested
13) ObjectTreeViewItem.h, .cpp
14) ObjectTreeView.h, .cpp
15) listOfLibraries.h, .cpp
16) upgradePredicate.h
17) ObjConflictResolutionDialog.h, .cpp, .ui
18) SimpleTextEditor.h, .cpp, .ui
19) SimpleTextView.h, .cpp, .ui
20) SimpleIntEditor.h, .cpp, .ui
21) inplaceComboBox.h, .cpp
22) ActionsDialog.h, .cpp, .ui
23) ColorLabelMenuItem.h, .cpp, .ui
24) findDialog.h, .cpp, .ui
25) FindObjectWidget.h, .cpp, .ui
26) RCSFileDialog.h, .cpp
Almost done:
1) FWBMainWindow.ui: form needs some attention in later porting but now it does work
2) RCS.h, .cpp: need some attention, may have problems with QProcess objects
3) DialogData.h, .cpp
In work:
1) FWWindow.h, .cpp: big part of code is commented.
2) main.cpp: some part of code is commented.
3) ObjectManipulator.h, .cpp, .ui: need to connect Object Editor.
4) RuleSetView.h, .cpp
Stopped files, files having problems:
1) FWObjectDrag.h, .cpp: problems with inheriting (QStoredDrag -> QMimeData, QDrag).
2) RCSFilePreview.h, .cpp, .ui: there is no such thing as file preview in Qt4 so I can't use these files for the RCSFileDialog dialog.

4
doc/.cvsignore Normal file
View File

@@ -0,0 +1,4 @@
Makefile
.moc
.ui
*.app

13
doc/AUTHORS Normal file
View File

@@ -0,0 +1,13 @@
Vadim Kurland <vadim@vk.crocodile.org.> Main author: GUI, iptables compiler
Vadim Zaliva <lord@crocodile.org> libfwbuilder API design;
XML DTD design;
XML data storage implementation;
implementation of printing

340
doc/COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

5553
doc/ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

99
doc/Credits Normal file
View File

@@ -0,0 +1,99 @@
$Id: Credits 899 2005-12-14 06:58:43Z vkurland $
We would like to thank the following people who helped us in various
ways to make this project happen:
Special thanks to Friedhelm Düsterhöft <fd@msdd.net> for help with XML
development and initial XSLT filters implementation.
For icons : Hector Rivera Falu <misha@phreaker.net>
For icons and a first web site: Tanya Soussokolova <ts@vk.crocodile.org>
For debugging on SuSE, building packages for SuSE and for help
with answering support requests:
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
For German translation for Firewall Builder v1.x:
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
Jens Hektor <hektor@RZ.RWTH-Aachen.DE>
Axel Stenkamp <axel.stenkamp@post.rwth-aachen.de>
For localization patch (gettext support) and French translation
for Firewall Builder v1.x:
Florent MANENS <manens@efrei.fr>
For French translation for Firewall Builder v2.x
Jean-Michel Pour̩ <jm@poure.com>
For Japanese translation for Firewall Builder v2.x
Tadashi Jokagi <elf@elf.no-ip.org>
For Swedish translation: Daniel Nylander <yeager@lidkoping.net>
For ideas, suggestions, patches and contributions:
-------------------------------------------------------------
Friedhelm Düsterhöft" <friedhelm.duesterhoeft@msdd.net>
- many suggestions and prototype for DTD.
Jeremy T. Bouse <jbouse@Debian.org>
- package maintainer for Debian
- libxml2 support.
- X.509 certificate generation druid assistance
- iptables/iproute2 patches
Carlo Wood <carlo@alinoe.com>
- many valuable patches and bug reports
- suggestions regarding rpm building process and changes to spec file
Jochen Friedrich <jochen+fwbuilder-dev@scram.de>
- ideas for future development
Vadim Fedukovich <vf@unity.net>
- help with OpenSSL and answering related questins.
David Gullasch <gullasch@secunet.de> and
stephan_r@users.sourceforge.net
- firewall policy installation script
Igor Morozov <igor@grad.kiev.ua>
- first attempt at Win32 porting and a prototype
Mark Vevers <mark@vevers.net>
- for an idea and a patch that fixes optimizer in fwb_ipt
Patch information:
Author: Mark Vevers
Copyright (c) 2004 Research Machines Plc
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

23
doc/FWBuilder-Routing-LICENSE.txt Normal file
View File

@@ -0,0 +1,23 @@
Firewall Builder Routing add-on
Copyright (C) 2004 Compal GmbH, Germany
Author: Tidei Maurizio <fwbuilder-routing at compal.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

36
doc/PatchAcceptancePolicy.txt Normal file
View File

@@ -0,0 +1,36 @@
$Id: PatchAcceptancePolicy.txt 152 2004-03-27 17:11:54Z vkurland $
Firewall Buider Project welcomes user contributions. Because we would
like not to be limited in future licensing options of the code,
authors of all submitted patches must agree that their contribution is
donated to our project under terms of following license (this is MIT
license):
-------------------------------------------------------------------------
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-------------------------------------------------------------------------
When submitting the patch please state that you agree with this
license.

73
doc/README.floppyfw Normal file
View File

@@ -0,0 +1,73 @@
How to generate firewall script for floppyfw
(http://www.zelow.no/floppyfw/index.html)
1. in Firewall dialog, tab "Firewall", set the following parameters:
- "Load modules" - OFF
- "Create virtual addresses for NAT rules" - ON
- "Use numeric log levels" - ON
2. download and install rpm "fwbuilder-floppyfw-0.9.7"
3. in "Compile/Install" tab configure full path and name of the
install script "/usr/bin/floppyfw_install.sh". Now you can compile
policy in a usual way using menu Rules->Compile and then install it
to floppyfw floppy using menu Rules->Install. Install script makes
certain checks to verify that floppy you use indeed contains floppyfw
code. Install script depends on mtools package.
4. some useful configuration parameters for floppyfw:
- activate serial console for kernel boot-time messages and shell:
in file "config" : SERIAL_CONSOLE=ttyS0
in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters:
------- file config ----------------------
# Choose the serial port for the console "n" for none.
SERIAL_CONSOLE=ttyS0
------------------------------------------
------- file syslinux.cfg ----------------
default floppyfw
display floppyfw.msg
label floppyfw
kernel vmlinuz
append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
------------------------------------------
- logging via syslog:
in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
------- file config ----------------------
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=y
# This SYSLOG does not use syslogd.conf so we have to set things here.
# Flags:
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
# good idea on a ramdisk.
# -O /dev/tty3
# Log to network. host:port
# -R 10.42.42.42:514
# Log to both network and file:
# -L
# --MARK-- 0 is no mark.
# -m 0
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
------------------------------------------
- do not forget to add rule to the firewall policy to permit sending
syslog packets from firewall to your loghost

75
doc/README.iosacl Normal file
View File

@@ -0,0 +1,75 @@
Policy compiler for Cisco IOS Access lists has been implemented as
part of the Firewall Builder GUI as of version 2.1.12. The first
functional build were importer worked on all supported OS was build
270 (May 22, 2007)
Support for Cisco IOS access lists in Firewall Builder v2.1.12, build 270:
----------------------------------------------------------------
Features implemented in this version:
- The compiler generates extended ACLs using "ip access-list
extended" command. ACL names are automatically generated using
abbreviated interface names and direction symbols to make it easy
to figure out which ACL is which. Compiler uses rather minimal set
of options of the "ip access-list" command and should generate code
that will work for IOS 12.x. I did not test with 11.x but I am
pretty sure it will work, at least with the latest versions of
11.x.
- Compiler can also add commands to configure logging.
- The GUI includes built-in installer for routers which works just
like installer for PIX. Both installers were updated however to
improve support for the automatic roll-back feature in case you
lose connect with the firewall or the router because of an error in
the policy. Now you can make installer schedule reboot in a few
minutes, then upload new policy or ACLs and then cancel reboot if
upload was successful. While before auto-rollback option was only
available if you installed in the test mode, now you can always use
it. Test mode means that installer does not save configuration in
the permanent memory, as before.
- All three installation methods that were available for PIX are now
available for routers: you can make it clear all access lists and
then load new ones or just update access lists without
clearing. The last method (the "safety net" method) creates
temporary acl to permit communication with the management station,
assigns it to the interface marked as management interface, then
clears all access lists and loads new ones and in the end swaps
proper list on the management interface. This helps prevent
locking yourself out of the router in the middle of the
installation process in case of an error in the ACL and at the same
time does not leave the router with no acls for the time it takes
to install new policy. In combination with automatic roll-back,
installation process is pretty reliable.
- New option has been added to the interface object, called
"unprotected". This allows you to mark some interfaces to be
skipped by the compiler when it picks interfaces for ACL
rules. This should be useful when you have routers with many
interfaces and only want to add ACLs to some of them. Also, you can
explicitly put interface objects into policy rules and specify
direction if you want to do this manually.
- Since router ACLs have no state, all rules should be created in the
policy pretty much like you do it on the router, including rules
that permit reply packets. New option has been added to the TCP
Service object, called "established". This makes compiler use
option "established" in rules it generates if it is supported by
the firewall platform. Compilers for iptables, ipfilter, pf and PIX
can not use objects with this option and treat it as an error
because corresponding platforms do not support it. IPFW, on the
other hand, supports it so compiler fwb_ipfw can use it.
Shortcomings of this version:
- "tos", "precedence" and "time-range" options are not supported
- "igmp" access lists can no be generated

149
doc/README.ipf Normal file
View File

@@ -0,0 +1,149 @@
fwb_ipf(1) Firewall Builder fwb_ipf(1)
NNAAMMEE
fwb_ipf - Policy compiler for ipfilter
SSYYNNOOPPSSIISS
ffwwbb__iippff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iippff is a firewall policy compiler component of Fire­
wall Builder (see fwbuilder(1)). This compiler generates
code for ipfilter. Compiler reads objects definitions and
firewall description from the data file specified with
"-f" option and generates ipfilter configuration files and
firewall activation script.
All generated files have names that start with the name of
the firewall object. Firewall activation script has exten­
sion ".fw" and is simple shell script that flushes current
policy, loads new filter and nat rules and then activates
ipfilter. IPFilter configuration file name starts with
the name of the firewall object, plus "-ipf.conf". NAT
configuration file name also starts with the name of the
firewall object, plus "-nat.conf". For example, if fire­
wall object has name "myfirewall", then compiler will cre­
ate three files: "myfirewall.fw", "myfirewall-pf.conf",
"myfirewall-nat.conf".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates
firewall activation script and ipfilter configura­
tion files in this directory. If this parameter is
missing, then all files will be placed in the cur­
rent working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for ipf returned in version 1.0.1 of Firewall
Builder
Supported features:
o both ipf.conf and nat.conf files are generated
o negation in policy rules
o stateful inspection in individual rule can be
turned off in rule options dialog. By default com­
piler adds "keep state" or "modulate state" to each
rule with action 'pass'
o rule options dialog provides a choice of icmp or
tcp rst replies for rules with action "Reject"
o compiler adds flag "allow-opts" if match on ip
options is needed
o compiler can generate rules matching on TCP flags
o compiler can generate script adding ip aliases for
NAT rules using addresses that do not belong to any
interface of the firewall
o compiler always adds rule "block quick all" at the
very bottom of the script to ensure "block all by
default" policy even if the policy is empty.
o Address ranges in both policy and NAT
Features that are not supported (yet)
o negation in NAT
o custom services
Features that won't be supported (at least not anytime
soon)
o policy routing
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11))
FWB fwb_ipf(1)

82
doc/README.ipfw Normal file
View File

@@ -0,0 +1,82 @@
fwb_ipfw(1) Firewall Builder fwb_ipfw(1)
NNAAMMEE
fwb_ipfw - Policy compiler for ipfw
SSYYNNOOPPSSIISS
ffwwbb__iippffww [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iippffww is a firewall policy compiler component of Fire­
wall Builder (see fwbuilder(1)). This compiler generates
code for ipfw - a firewall and traffic shaper in FreeBSD
(see ipfw(8)). Compiler reads objects definitions and
firewall description from the data file specified with
"-f" option and generates firewall configuration and acti­
vation script.
The generated file has a name that starts with the name of
the firewall object, with an extension ".fw". It is a
shell script that flushes current policy, then loads new
filter and nat rules.
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates fire­
wall activation script in this directory. If this
parameter is missing, then all files will be placed
in the current working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for ipfw was added in version 1.0.10 of Firewall
Builder
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11)) ffwwbb__iippff((11))
FWB fwb_ipfw(1)

68
doc/README.ipt Normal file
View File

@@ -0,0 +1,68 @@
fwb_ipt(1) Firewall Builder fwb_ipt(1)
NNAAMMEE
fwb_ipt - Policy compiler for iptables
SSYYNNOOPPSSIISS
ffwwbb__iipptt [[--wwvvVV]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iipptt is firewall policy compiler component of Firewall
Builder (see fwbuilder(1)). Compiler reads objects defini­
tions and firewall description from the data file speci­
fied with "-f" option and generates resultant iptables
script. The script is written to the file with the name
the same as the name of the firewall object, plus exten­
sion ".fw".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates file
with iptables script in this directory. If this
parameter is missing, then iptables script will be
placed in the current working directory.
-w Supress compiler's warnings
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iippff((11)),, ffwwbb__ppff((11))
FWB fwb_ipt(1)

152
doc/README.pf Normal file
View File

@@ -0,0 +1,152 @@
fwb_pf(1) Firewall Builder fwb_pf(1)
NNAAMMEE
fwb_pf - Policy compiler for OpenBSD packet filter "pf"
SSYYNNOOPPSSIISS
ffwwbb__ppff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__ppff is a firewall policy compiler component of Firewall
Builder (see fwbuilder(1)). This compiler generates code
for OpenBSD Packet Filter (pf). Compiler reads objects
definitions and firewall description from the data file
specified with "-f" option and generates pf configuration
files and firewall activation script.
All generated files have names that start with the name of
the firewall object. Firewall activation script has exten­
sion ".fw" and is simple shell script that flushes current
policy, loads new filter and nat rules and then activates
pf. PF configuration file name starts with the name of
the firewall object, plus "-pf.conf". NAT configuration
file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object
has name "myfirewall", then compiler will create three
files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall-
nat.conf".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates
firewall activation script and PF configuration
files in this directory. If this parameter is
missing, then all files will be placed in the cur­
rent working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for PF has been introduced in version 1.0.1 of
Firewall Builder
Supported features:
o both pf.conf and nat.conf files are generated
o negation in policy and NAT rules
o grouping in "from", "to" and ports using '{' '}'
syntax
o if checkbox "Scrub" is checked in the rule options
dialog, and rule's action is Accept, the compiler
generates two (almost) identical rules: first with
action 'scrub' and the second with action 'pass
quick'
o stateful inspection in individual rule can be
turned off in rule options dialog. By default com­
piler adds "keep state" or "modulate state" to each
rule with action 'pass'
o rule options dialog provides a choice of icmp or
tcp rst replies for rules with action "Reject"
o compiler adds flag "allow-opts" if match on ip
options is needed
o compiler can generate rules matching on TCP flags
o compiler can generate script adding ip aliases for
NAT rules using addresses that do not belong to any
interface of the firewall
o compiler always adds rule "block quick all" at the
very bottom of the script to ensure "block all by
default" policy even if the policy is empty.
o Address ranges in both policy and NAT
Features that are not supported (yet)
o custom services
What will not be supported (at least not anytime soon)
o policy routing
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__iippff((11))
FWB fwb_pf(1)

166
doc/README.policy_import Normal file
View File

@@ -0,0 +1,166 @@
Policy importer has been implemented as part of the Firewall Builder
GUI as of version 2.1.12. The first functional build were importer
worked on all supported OS was build 270 (May 22, 2007)
Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ )
Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ )
Firewall Builder needs ANTLR C++ runtime header files and library and
include these in the source tree under src/antlr. Unless you want to
change the grammar (*.g files) you don't need to install ANTLR
separately. All relevant ANTLR files are included in the package. For
more information on ANTRL see: http://www.antlr2.org
Policy import iptables configurations (v2.1.12, build 281 and later)
----------------------------------------------------------------
Features implemented in this version :
- Importer can parse iptables config saved using iptables-save
utility. Because of the huge variety of iptables modules, Importer
can only interpret basic iptables configuration and a subset of
modules. Currently the following modules are supported:
* state
* multiport
* limit
* mark
- Importer creates firewall object with all interfaces. It can not
assign object name for the firewall object nor add IP and MAC
addresses to interfaces because this information is not present in
iptables-save file.
- option "Assume firewall is part of 'any'" is off in the created
firewall object. Import is done this way in order to preserve logic
of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder
rules. Rules that had chain INPUT in the imported script will have
firewall object in "destination" in the corresponding fwbuilder
rules. Firewall object is placed in "Source" for rules with chain
OUTPUT. For rules with chain FORWARD rule elements "Source" and
"Destination" are populated with objects created using options "-s"
and "-d" of the original rules or left empty ("any").
- all recognized iptables rules are imported and interface and
direction are set in all rules appropriately. Interface objects are
created as parser finds them in the script.
- targets ACCEPT, DROP, REJECT, MARK and others are converted to the
corresponding fwbuilder policy rule actions. Unrecognized targets
and converted to branching rules, where the name of the target
becomes the name of the branch.
- SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
parameters are recognized in the NAT rules.
- Address and service objects are created in the process for all
addresses and ports used in all rules.
- iptables rules can refer to tcp/udp ports both by name or by
number. Importer can properly interpret both formats using system
function getservbyname() to convert service name to the port
number. Since the result of this function depends on the OS, some
port names may not convert on some systems. For example, Windows
can convert more limited set of service names compared to Linux or
BSD.
- targets LOG and ULOG are converted to the "logging" option in
fwbuilder rules with action "Continue". This is an empty action
that does not affect packet flow through the firewall but can be
used in combination with "logging" option to log the packet. If
such empty (logging-only) rule is undesired, it must be manually
merged with some other rule in the policy.
- "--log-prefix", and "--log-level" options of the LOG target are
recognized
- "--ulog-prefix" option of the ULOG target is recognized. Other
options of the ULOG target are not.
- Address and service objects are reused in the process of import.
- in case when importer fails to parse some part of the iptables-save
file, corresponding policy rule is colored red and appropriate
diagnostic message added to its comment. The problem must be
corrected manually.
- comments ("#") found inside access lists are ignored.
Shortcomings of this version:
- user-defined chains in table "nat" are not supported
- no import of time intervals
- no MAC address matching import
Policy import of Cisco IOS access lists (v2.1.12, build 270)
----------------------------------------------------------------
Features implemented in this version :
- Importer can parse router config saved using "show run"
command. Although importer can only interpret a subset of IOS
configuration commands, other commands that it does not understand
will be ignored and should not affect operation. No manual editing
of the config is required prior to import.
- Importer creates firewall object with all interfaces
- firewall object name is assigned if "hostname" command is found in
the configuration. If this command is not present, the name remains
generic "New Firewall"
- interface addresses are assigned if command "ip address" is found
(multiple addresses per interface are supported). Interfaces
without "ip address" in the configuration are marked as
"unnumbered" in the firewall builder object tree.
- all access lists are imported and interface and direction are set
in all rules appropriately
- Address and service objects are created in the process for all
addresses and ports used in access lists
- IOS access lists can define ip protocol, icmp code and type, and
tcp/udp ports both by name or by number. Importer can properly
interpret both formats.
- "log", "log-input", "fragments", "established" keywords are
supported and translated into rule or object options as
appropriate.
- Address and service objects are reused in the process of import.
- in case when importer fails to parse some part of the access-list
command, corresponding policy rule is colored in red and
appropriate diagnostic message added to its comment. The problem
must be corrected manually.
- "remark" commands found inside access lists are translated into
rule comments
- comments ("!") found inside access lists are ignored.
Shortcomings of this version:
- importer does not use address and service objects that existed in
the tree before the operation has started, it creates new
ones. Deduplication only works for objects created in the process
of import.
- the following keywords available in extended access lists are not
supported at this time: tos, precedence, time-range.
- igmp access lists are not parsed.

206
doc/README.routing Normal file
View File

@@ -0,0 +1,206 @@
//=========================================================================\\
|| Firewall Builder Routing Add-On ||
|| ||
|| Copyright (c) 2004 Compal GmbH, Germany ||
|| Tidei Maurizio, fwbuilder-routing at compal.de ||
|| ||
\\=========================================================================//
Index
1 - Requirements
2 - Features
3 - Problems
4 - Future
(1) Requirements
================
The routing rules composed in the gui can be compiled using the ip
tables compiler, which now generates "ip route" commands, too. The
"ip" command is available since Linux 2.2. The other compilers (ipf,
ipfw, pf and cisco pix) simply ignore the routing rules.
If you want to use ECMP routing rules (Equal Cost Multi Path), make
sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH
option.
(2) Features
============
The GUI's routing add-on offers object based definition of the routing
rules, exactly the same way as you define policy rules. This enables
you to use the same objects you already defined to build the firewall
policy in your routing rules. You won't have to update them
separately when you change something in your network.
In the GUI a routing rule is composed of a Destination, a Gateway, an
Interface, a Metric and the Comment. The following table shows what
can be inserted for this elements:
| | | | |
|Destination |Gateway |Interface |Metric |Comment
------------------------|-------------------------------|---------------|---------------|-------|--------
What can be inserted? |all Objects under the |- ip-adress |- interface |int |text
|library's "Objects" section: |- interface | | |
|- address ranges |- host | | |
|- addresses | | | |
|- groups | | | |
|- hosts | | | |
|- networks | | | |
------------------------|-------------------------------|---------------|---------------|-------|--------
Restrictions |none |Only one |The interface |0-255 |none
| |interface or |has to be a | |
| |host with ONE |child of the | |
| |ip adress can |current fire- | |
| |be inserted |wall | |
------------------------|-------------------------------|---------------|---------------|-------|--------
Default value |"Default" (0.0.0.0/0) |none |none |0 |""
| | | | |
To build a valid routing rule you have to insert at least one of the
two elements gateway and interface. More than one path can be
sprecified for one destination.
"This approach is called 'Equal-Cost Multi-Path Routing' and is used
for load balancing (Note that this does not provide failover). With
ECMP, a router potentially has several available next hops towards any
given destination. A new gateway is chosen for each new
source/destination IP pair. This means that, for example, one FTP
connection will use only one link, but new connection to a different
server will use another link. This also means that routes to
often-used sites will always be over the same provider. But on big
backbones this should distribute traffic fine. Also this has another
good feature - single connection packets do not get reordered and
therefore do not kill TCP performance." (The last Paragraph is a
quotation from
"http://www.mikrotik.com/Documentation/manual_2.7/IP/Route.html")
To create an ECMP rule simply specify several rules with different
paths, i.e. different combinations of Gateway and Interface, for the
same Destination and with the same metric.
Example:
Destination Gateway Interface Metric Comment
hostA hostB eth1 0 first possible route
hostA hostC 0 second possible route
hostA eth3 0 third possible route
If you try to insert a non-valid object in a field, it will be ignored
and a message box informs you of the mistake.
The "Default" route can be specified by inserting a new rule or
deleting all the destination of an existing rule.
Before compiling the rules, they traverse several checks, to make sure
that only complete, non-ambiguous and non-concurring rules are
translated into ip commands. Follow the instructions of the compiler
to correct the errors.
If no error was found, the rules are automatically classified in ECMP
rules and non-ECMP. The ECMP rules are written out in a separated
section of the firewall script after the "normal" routing rules.
(3) Problems
============
1.
Please note that when executing a firewall script all existing
routing rules previously set by user space processes will be
deleted.
To see which rules will be deleted, you can use the command "ip
route show". All lines not including "proto kernel" will be deleted
upon reload of the firewall script.
2.
*** NOTE FOR REDHAT 8.0 ***
Redhat seems to reset routing rules explicitly upon system
startup. Therefore its hard to distinguish interface rules from
rules setup by the user. On Redhat systems you need to include the
interface basic routing rules into your fwbuilder routing setup. IF
YOU DO NOT FOLLOW THIS HINT, YOUR MACHINE WILL FREEZE ANY NETWORK
TRAFFIC UPON START OF THE FIREWALL SCRIPT. This means e.g. if eth0
has network 192.168.3.0/24 attached to it, you need to add a route
with Destination=Network(192.168.3.0/24), Gateway empty and
Interface=eth0. We encountered this problem on redhat 8.0. Other
versions and distros might be affected too. Debian sarge and SuSE
Linux work fine without interface routing rules being included in
fwbuilders routing rules.
3.
If the firewall script states that the ECMP routes could not be
installed on your system, make sure your Kernel was compiled with
the CONFIG_IP_ROUTE_MULTIPATH option or renounce to ECMP rules.
4.
If you have interfaces with a dynamic address or a point-to-point
address and you try to insert a routing rule for the default
gateway, compilation might fail, stateing "gateway not reachable".
Typically this is the case for DSL dialup links. Solution: leave the
gateway field empty. Just specify the interface.
Example:
The firewall connects itself to the internet by a DSL link via
interface ppp0. During dialup pppd configures the default route:
default via 62.14.190.33 dev ppp
After specifying a routing rule in fwbuilder Destination=default,
Gateway empty, Interface=ppp0 and running the script on the
firewall, the route looks like:
default dev ppp0 scope link
Besides this, the kernel generates another route automaticelly upon
default gw setup:
62.14.190.33 dev ppp0 proto kernel scope link src 191.54.12.143
We tested this on Debian/sarge with kernel 2.4.27.
Technical explanation:
On compilation, fwbuilder checks if gateways are reachable through
any local network of the firewall. Otherwise setting up routing
rules will fail on the firewall upon install. In case of
point-to-point interfaces fwbuilder doesn't know the point-to-point
address of the interface. Therefore this check fails since for
fwbuilder it looks like the gateway is not from any local network.
The only workaround available so far is to leave the gateway empty
and to specify the interface only. Pakets will find their way to
the internet anyway, since they are traveling over a point-to-point
interface.
(4) Future
==========
Ideas, that could be implemented in the future, are:
- Multiple customizable routing tables
The idea is to add an option to the policy rules enabling the user
to mark matching packets with a color. For every used color a new
routing table would have to be built, that will be used only for
packets marked with the associated color.
- Load balancing
Another idea is to integrate more sophisticated load balancing
options in fwbuilder's GUI.

103
doc/ReleaseNotes_2.0.1.html Normal file
View File

@@ -0,0 +1,103 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.1</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.1 </h2>
<br>
<p>
Released 08/11/04
<br>
<b>GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.1 is a maintenance release that includes
fixes for bugs discovered since 2.0 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>bug #1001725: "object with empty name can not be
deleted". the problem was caused by the algorithm used in
FWObject::getPath. If object had had a blank name, the path
returned by this method would end with the name of its parent
without slash.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1001521: "Cant create ICMP service". ICMP Service
dialog did not save icmp code and type numbers in the object.
</li>
<li>bug #1001275: "object duplication fails w/ no action". GUI
used to not allow user to duplicate IP address object. Now any
object can be duplicated so that the copy is placed under the
same parent, including IP address.</li>
<li>bug #1000862: "Creating groups in Deleted Objects". Library
"Deleted objects" should not be offered as a choice for "group
objects" operation.</li>
<li>bug #1000485: "Firewalls in the drop-down box not
ordered". List of firewalls in the pull-down that controls
policy views is now alphabetically sorted on program
startup.</li>
<li>there were two TCP Service objects "linuxconf" in the
Standard objects library. Object with ID id3AED0D6D has been
removed. It seems this object has been duplicated long time ago
(at least it was like this in 1.1.2)</li>
<li>bug #1002388: "Clamp MSS to MTU" option was missing in
2.0</li>
<li>bug #1001833: fixed memory leak that appeared when autosave
option was used</li>
<li>bug #1003068: "object copy/paste not always working". IP
address object could not be placed under interface using
copy/paste operation. Now ip address object can be pasted to
interface as well as to Objects/Addresses folder.</li>
<li>Operation File/discard could not be used if the file was
upgraded. Changed the way operation File/Discard works: it now
closes the file, discards all the changes that have been made to
it and replaces it with a fresh copy of the head revision from
RCS. This works if user wants to abort file upgrade when they
switch to the new version of fwbuilder.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1004153 "limit-burst = 0 is not valid". Iptables does not
accept the rule using "limit-burst" option if it is set to
zero.</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Wed Aug 11 20:54:38 PDT 2004
<!-- hhmts end -->
</body>
</html>

55
doc/ReleaseNotes_2.0.1.txt Normal file
View File

@@ -0,0 +1,55 @@
Firewall Builder Release Notes
Version 2.0.1
Released 08/11/04
GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1
Summary
Firewall Builder GUI v2.0.1 is a maintenance release that includes fixes for bugs discovered
since 2.0 has been released.
For those who wish to build from source, instructions are outlined in "Install and Build
instructions"
Bugs fixed in libfwbuilder API:
* bug #1001725: "object with empty name can not be deleted". the problem was caused by the
algorithm used in FWObject::getPath. If object had had a blank name, the path returned by
this method would end with the name of its parent without slash.
Bugs fixed in GUI:
* bug #1001521: "Cant create ICMP service". ICMP Service dialog did not save icmp code and
type numbers in the object.
* bug #1001275: "object duplication fails w/ no action". GUI used to not allow user to
duplicate IP address object. Now any object can be duplicated so that the copy is placed
under the same parent, including IP address.
* bug #1000862: "Creating groups in Deleted Objects". Library "Deleted objects" should not
be offered as a choice for "group objects" operation.
* bug #1000485: "Firewalls in the drop-down box not ordered". List of firewalls in the
pull-down that controls policy views is now alphabetically sorted on program startup.
* there were two TCP Service objects "linuxconf" in the Standard objects library. Object
with ID id3AED0D6D has been removed. It seems this object has been duplicated long time
ago (at least it was like this in 1.1.2)
* bug #1002388: "Clamp MSS to MTU" option was missing in 2.0
* bug #1001833: fixed memory leak that appeared when autosave option was used
* bug #1003068: "object copy/paste not always working". IP address object could not be
placed under interface using copy/paste operation. Now ip address object can be pasted to
interface as well as to Objects/Addresses folder.
* Operation File/discard could not be used if the file was upgraded. Changed the way
operation File/Discard works: it now closes the file, discards all the changes that have
been made to it and replaces it with a fresh copy of the head revision from RCS. This
works if user wants to abort file upgrade when they switch to the new version of
fwbuilder.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1004153 "limit-burst = 0 is not valid". Iptables does not accept the rule using
"limit-burst" option if it is set to zero.
------------------------------------------------------------------------------------------
Last modified: Wed Aug 11 20:54:38 PDT 2004
6 PDT 2004

171
doc/ReleaseNotes_2.0.2.html Normal file
View File

@@ -0,0 +1,171 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.2</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.2 </h2>
<br>
<p>
Released 08/31/04
<br>
<b>GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.2 is a maintenance release that includes
fixes for bugs discovered since 2.0.1 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<h2>General</h2>
<ul>
<li>Updated FreeBSD ports, tested on 5.3-BETA</li>
</ul>
<p>
<br>
<br>
<h2>New standard objects</h2>
<ul>
<li>added new service objects to the Standard objects library:
"xmas scan" (old object renamed "xmas scan - full"), rsync,
distcc, cvspserver, cvsup, afp, whois, bgp, radius and radius
acct, SSDP and UPnP.</li>
</ul>
<p>
<br>
<br>
<h2>New template objects</h2>
<ul>
<li>added template firewall objects for Linksys firewall and a
web server.</li>
</ul>
<p>
<br>
<br>
<h2>New features in policy compiler for PF</h2>
<ul>
<li>Implemented support for all timeout settings in pf:
tcp.first,tcp.opening,tcp.established,
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
icmp.first,icmp.error,other.first,other.single,other.multiple,
including adaptive timeout scaling options adaptive.start and
adaptive.end</li>
<li>Added support for options "max", "max-src-nodes" and
"max-src-states" in pf. These allow to limit number of
concurrent state table entries ("max"), number of source
addresses that can simultaneously have state table entries
("max-src-nodes") and number of simultaneous state entries per
source address ("max-src-states") per rule.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>: added element physAddress to list of child elements of
Library (bug #1011617)</li>
<li>bug #1012733: "configure --libdir=DIR will be ignored at
installation". Needed to use macro _libdir to specify target
directory for libraries. Used it in configure, qmake.in,
libfwbuilder-config-2 and a .spec file. Code should compile and
install in correct place on 64-bit systems.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1019691: "040829 nightly build doesn't add paths for
linksys"</li>
<li>bug #1013177: "deleting multiple hosts causes crash"
</li>
<li>bug #1009345: "Can only move one host object at a time
between libraries"</li>
<li>bug #1013018: "host OS settings" dialog is missing for
linksys. Added host OS settings dialog for
linksys/Sveasoft. Dialog provides entry fields for paths to
iptables, lsmod, modprobe, logger tools and two shell prompt
string patterns, this should help to work around changes in the
shell prompt on Linksys.</li>
<li>bug #1013022: "can not install policy script on linksts
Alchemy pre-5.2". Built-in installer uses shell prompt string
patterns configured in the host OS settings dialog for
linksys.</li>
<li>bug #1008956: "Existing .fwb file gets overwritten if has
wrong extension". If the GUI needs to rename a data file with
old extension .xml to .fwb, it checks if a file with new
extension exists and offers user a chance to choose a different
name. It also treats symlinks in a special way: if user creates
a symlink with extension .xml pointing at a file with extension
.fwb, the GUI simply follows the link and works with .fwb
file. This should work with Windows shortcuts, too. </li>
<li>bug #1013485: "File/Import should allow to import .fwb
file". Function File/Import offers a choice of .fwl, .fwb and
"all files" in the open file dialog.</li>
<li>bug #1011248: "need two xmas scan service objects". </li>
<li>bug #1013957: "incorrect NAT rule in firewall created from
template #3". The problem was caused by incorrect ip address of
interface "dmz" in the template object #3.</li>
<li>bug #1014725: "adding new ICMP types". If user created
service group with the name "ICMP", the GUI would place new ICMP
objects under this group instead of the standard folder
"ICMP". There was the same problem with other object types, too.</li>
<li>bug #1015884: "Export more than one library fails with 0
references". Export library operation failed if user exported
two libraries with groups or rules in one library referencing
objects in the other.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1005148: "MAC matching - space missing". Space was
missing between MAC address and custom service code.</li>
<li>avoiding grep in the script generated for Linksys/Sveasoft
firewall - Sveasoft Alchemy pre-5.2.3 does not have grep</li>
<li>bug #1019943: "Missing ip addresses in the rule using
interfaces"</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Tue Aug 31 20:38:55 PDT 2004
<!-- hhmts end -->
</body>
</html>

100
doc/ReleaseNotes_2.0.2.txt Normal file
View File

@@ -0,0 +1,100 @@
Firewall Builder Release Notes
Version 2.0.2
Released 08/31/04
GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2
Summary
Firewall Builder GUI v2.0.2 is a maintenance release that includes fixes
for bugs discovered since 2.0.1 has been released.
For those who wish to build from source, instructions are outlined in
"Install and Build instructions"
General
* Updated FreeBSD ports, tested on 5.3-BETA
New standard objects
* added new service objects to the Standard objects library: "xmas scan"
(old object renamed "xmas scan - full"), rsync, distcc, cvspserver,
cvsup, afp, whois, bgp, radius and radius acct, SSDP and UPnP.
New template objects
* added template firewall objects for Linksys firewall and a web server.
New features in policy compiler for PF
* Implemented support for all timeout settings in pf:
tcp.first,tcp.opening,tcp.established,
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
icmp.first,icmp.error,other.first,other.single,other.multiple,
including adaptive timeout scaling options adaptive.start and
adaptive.end
* Added support for options "max", "max-src-nodes" and "max-src-states"
in pf. These allow to limit number of concurrent state table entries
("max"), number of source addresses that can simultaneously have state
table entries ("max-src-nodes") and number of simultaneous state
entries per source address ("max-src-states") per rule.
Bugs fixed in libfwbuilder API:
* : added element physAddress to list of child elements of Library (bug
#1011617)
* bug #1012733: "configure --libdir=DIR will be ignored at
installation". Needed to use macro _libdir to specify target directory
for libraries. Used it in configure, qmake.in, libfwbuilder-config-2
and a .spec file. Code should compile and install in correct place on
64-bit systems.
Bugs fixed in GUI:
* bug #1019691: "040829 nightly build doesn't add paths for linksys"
* bug #1013177: "deleting multiple hosts causes crash"
* bug #1009345: "Can only move one host object at a time between
libraries"
* bug #1013018: "host OS settings" dialog is missing for linksys. Added
host OS settings dialog for linksys/Sveasoft. Dialog provides entry
fields for paths to iptables, lsmod, modprobe, logger tools and two
shell prompt string patterns, this should help to work around changes
in the shell prompt on Linksys.
* bug #1013022: "can not install policy script on linksts Alchemy
pre-5.2". Built-in installer uses shell prompt string patterns
configured in the host OS settings dialog for linksys.
* bug #1008956: "Existing .fwb file gets overwritten if has wrong
extension". If the GUI needs to rename a data file with old extension
.xml to .fwb, it checks if a file with new extension exists and offers
user a chance to choose a different name. It also treats symlinks in a
special way: if user creates a symlink with extension .xml pointing at
a file with extension .fwb, the GUI simply follows the link and works
with .fwb file. This should work with Windows shortcuts, too.
* bug #1013485: "File/Import should allow to import .fwb file". Function
File/Import offers a choice of .fwl, .fwb and "all files" in the open
file dialog.
* bug #1011248: "need two xmas scan service objects".
* bug #1013957: "incorrect NAT rule in firewall created from template
#3". The problem was caused by incorrect ip address of interface "dmz"
in the template object #3.
* bug #1014725: "adding new ICMP types". If user created service group
with the name "ICMP", the GUI would place new ICMP objects under this
group instead of the standard folder "ICMP". There was the same
problem with other object types, too.
* bug #1015884: "Export more than one library fails with 0 references".
Export library operation failed if user exported two libraries with
groups or rules in one library referencing objects in the other.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1005148: "MAC matching - space missing". Space was missing
between MAC address and custom service code.
* avoiding grep in the script generated for Linksys/Sveasoft firewall -
Sveasoft Alchemy pre-5.2.3 does not have grep
* bug #1019943: "Missing ip addresses in the rule using interfaces"
----------------------------------------------------------------------
Last modified: Tue Aug 31 20:38:55 PDT 2004

306
doc/ReleaseNotes_2.0.3.html Normal file
View File

@@ -0,0 +1,306 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.3</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.3 </h2>
<br>
<p>
Released 09/30/04
<br>
<b>GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.3 is a maintenance release that includes
fixes for bugs discovered since 2.0.2 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<ul>
<li>This release improves support for the PF firewall by always
using tables in policy rules; it also uses syntax " !
&lt;tbl&gt;" for negation, assignes "rdr" rules to interfaces
and adds "flags S/SA" to policy rules that keep state. </li>
<li>This release significantly improves optimizer for iptables
and adds an automatically generated rule to block packets that
correspond to an INVALID state</li>
<li>Built-in policy installer can compress firewall policy
script before it is installed in flash memory on
Linksys/Sveasoft firewall; this allows for much larger policy to
be used on Linksys. Script compression is optional.</li>
<li>Built-in policy installer can be used to test new policy
rules with automatic roll-back to the previous version of the
policy after specified interval of time. This feature helps to
work around errors in the policy that block access to the
firewall from the management workstation.
</ul>
<p>
<h2>Caveats</h2>
<p>New version (as of build 421) completely changes the way it
loads and activates firewall script on linksys. Old version put
the whole script in variable rc_firewall. New one puts script in
variable fwb and puts a one-line command in rc_firewall to read
the script from fwb and execute it. This was done because of the
need to uncompress it when linksys executes command stored in
rc_firewall, in other words, rc_firewall needs to be a little
script that uncompresses and runs the main firewall script. This
is why scripts were separated and rc_firewall has changed compared
to the previous versions of fwbuilder.
<p>Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires
you to erase nvram variable "fwb" which holds the whole script in
the new builds.
<p>
<br>
<h2>New features in the built in policy installer</h2>
<ul>
<li>added an option for test run. When this option is activated,
policy script is pushed to the firewall and is executed but is
not stored there permanently. Firewall reverts to the last
working configuration after reboot.</li>
<li>implemented compression of the firewall script for
Linksys/Sveasoft combo. Using gzip and uuencode/uudecode to
compress the script and store it in flash variable
'fwb'. Installer prints flash memory stats after commiting
changes. Installer uses scp to copy firewall script to the
firewall and autogenerated prompt to detect when it logged in;
it does not depend on Linksys shell prompt anymore.</li>
<li>added an option to schedule automatic firewall reboot in
specified time (in minutes) after policy activation. <b>This
option is available for all firewall platforms but PIX</b>. This
option only works if user requested policy activation in a test
mode, in which case policy is copied and activated on the
firewall but not stored in the permanent location. After reboot
the firewall reverts to the previous version of the policy. To
cancel scheduled reboot, run installer again with "test run"
option turned off. Installer stores the policy in the permanent
location, activates it and cancels scheduled reboot. The
commands used to schedule reboot and cancel it depend on the
host os of the firewall. On Linux, it will use "shutdown -r +NN"
and "shutdown -c". On *BSD systems it uses "shutdown -r +NN" and
a combination of ps and awk to find and kill shutdown when
reboot is canceled. Installer uses "reboot" and kills it with
"killall" on linksys.</li>
<li>All manipulations that installer does on the firewall are
programmed in little one-line scripts stored in resource file
for each supported OS the firewall is running. These are in
/usr/share/fwbuilder/os on Linux/*BSD or in
C:\FWBuilder\resources\os on Windows. Users can hack commands
in these files to make installer work with host OS that is not
supported by default. Currently, the GUI only looks for the
OS-specific resource files in the system-wide directory. Future
versions will also look in a predefined directory in users'
home. Directory path to be defined later.</li>
<li>Added option "output file name" to firewall settings dialogs
for all platforms. User can specify the name for the output
file; this name is then used by built in installer in place of a
macro %FWSCRIPT%.</li>
</ul>
<p>
<br>
<br>
<h2>New features in policy compiler for iptables</h2>
<ul>
<li>implemented feature request #1023430: "add checkbox for
INVALID support in fw settings". Added two checkboxes to the
firewall settings dialog: one adds a rule to drop INVALID
packets and another adds logging to the rule.</li>
<li>rules that permit packets associated with
ESTABLISHED,RELATED states moved to the beginning of the script
before NAT rules.</li>
<li>bug #1022216: "negated time produces incorrect iptables
rule". Implemented negation for the "Time" rule element for
iptables</li>
<li>using abbreviated versions of "--dport", "--sport",
"--dports", "--sports" options to make generated iptables script
smaller. Also changed the name of the variables used to hold IP
address of dynamic interface from "interface_&lt;ifname&gt;" to
"i_&lt;ifname&gt;". All this should help to fit larger policies into
small flash on linksys. These changes shrunk my test script from
7964 bytes to 7430 bytes</li>
<li>Generated iptables script flushes only secondary ip
addresses on interfaces during initialization phase if option
"configure interfaces" is on. This should fix a bug that caused
linksys/sveasoft unit to lose default route upon reboot if
external interface has static IP address.</li>
<li>Generated script checks if /usr/sbin/ip exists on the
firewall before it tries to use it to verify interfaces and
configure IP addresses. This check is only performed if user
activated options that use this tool. An error message
"Interface eth0 does not exist" was generated if package
iproute2 was not installed on the firewall, which was
confusing.</li>
</ul>
<br>
<br>
<h2>New features in policy compiler for PF</h2>
<ul>
<li> A NAT rule of type DNAT (rdr rule) is assigned to an
interface of the firewall if interface object or its address
object is used in ODst. To get rdr rule without interface
assignment, use an Address or a Host object that has the same IP
address as that of firewall's interface but that is not a child
of an interface. This is the same approach that is used in
iptables.</li>
<li>Compiler for pf always uses tables; this breaks
compatibility with older OpenBSD systems (3.2 and 3.3)</li>
<li>Compiler for pf puts interface name in a table for rules
that use multiple objects in src or dst and one of these objects
is dynamic interface of the firewall that is being
processed. Using dynamic interface of another object in a rule
is still considered an error. Compiler puts the name of dynamic
interface in a table verbatim, without brackets '(' ')' since pf
does not replace dynamic interface with its address dynamically
if it is used in a table (pfctl issues an error if interface is
put in brackets)</li>
<li>added an option to permit tcp sessions opened prior to
firewall restart. This is needed now since compiler generates
"flags S/SA" for the "keep state" and "modulate state" rules
which means firewall won't permit TCP sessions unless it saw
opening SYN packet.</li>
<li>bug #1028973: fwb_pf: missing "flags S/SA" in front of
"modulate state". Compiler adds "flags S/SA" to policy rules
that use either "keep state" or "modulate state" options.</li>
<li>bug #1028980: "need an option to turn logging on on fallback
rule". Option has been added.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>bug #1022788: "GUI corrupts XML file after creating a second
firewall". Global object ID counter was getting reset every time
new FWObjectDatabase object was created. This lead to the ID
collision if user quickly created and deleted complex objects
(such as Firewall) and used database merge. This should also fix
bug #1022785: "GUI corrupts XML file after creating a host
entry"</li>
<li>fixed bug (no number): all references to the interfaces, as
well as their IP and MAC addresses, in policy and NAT rules
should be replaced when Firewall object is duplicated. Until now
only references to the firewall object itself and to its
interfaces were replaced with references to the newly created
copies of object. References to IP and MAC addresses still
pointed at the old objects.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug (no number): after deleting a library firewall objects
that belong to it were not removed from the pull-down list</li>
<li>bug #1026945: '"Save As" does not work if current file is in
RCS'</li>
<li>bug #1028078: "options.png is not displayed for "Assume
firewall is part..."</li>
<li>bug #1035132: "compile errors with default Linksys firewall
object". This bug has been introduced in build 435. When user
created a new firewall object using one of the template objects,
the GUI would add bunch of garbage to the firewall options. This
garbage violated XML DTD, so compilers and the GUI would not
accept the data file anymore.</li>
<li>bug #1035130: 'Persistent "Save" dialog box'. Certain
combination of actions on user's part used to lead to an
indefinite loop of "do you want to save the data" dialogs. The
problem was triggered if user skipped choosing a name for the
new file in startup dialog.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1024861: "optimizer is broken in fwb_ipt". Used idea
and a patch by Mark Vevers <mark@vevers.net>. Fixed compiler
fwb_ipt generates more efficient iptables script for rules with
multiple objects in all rule elements. The script is smaller and
eliminates unnecessary comparisons for packet attributes. Every
attribute (i.e. source address, destination address, protocol
and port numbers) is checked by the script only once. This
should help reduce load on firewalls with lots of complex
rules.</mark>
<li>bug #1026509: "incorrect rules generated for dual negation
with time". Compiler generated incorrect iptables commands for
rules that had negation in two or more rule elements, one of
which was Time.</li>
<li>bug #1026794: multiple SRC ntwks --> "iptables: invalid
argument". Recent changes in optimizer introduced this
bug. Rules with multiple objects in src or dst, TCP service,
action Reject and option "reject with TCP RST" would generate
iptables command that used option "--reject-with tcp-reset"
without "-p tcp"</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_pf:</h2>
<ul>
<li>bug #1006906: "Negated network causes pass on
network". Compiler for pf uses native negation syntax that is
now available in pf</li>
<li>bug (no num): "firewall settings" dialog for OpenBSD pf did
not save option "Use tables". Since compiler is always using
tables, this option was removed from the dialog.</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Thu Sep 30 20:16:23 PDT 2004
<!-- hhmts end -->
</body>
</html>

204
doc/ReleaseNotes_2.0.3.txt Normal file
View File

@@ -0,0 +1,204 @@
Firewall Builder Release Notes
Version 2.0.3
Released 09/30/04
GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3
Summary
Firewall Builder GUI v2.0.3 is a maintenance release that includes fixes
for bugs discovered since 2.0.2 has been released.
For those who wish to build from source, instructions are outlined in
"Install and Build instructions"
* This release improves support for the PF firewall by always using
tables in policy rules; it also uses syntax " ! <tbl>" for negation,
assignes "rdr" rules to interfaces and adds "flags S/SA" to policy
rules that keep state.
* This release significantly improves optimizer for iptables and adds an
automatically generated rule to block packets that correspond to an
INVALID state
* Built-in policy installer can compress firewall policy script before
it is installed in flash memory on Linksys/Sveasoft firewall; this
allows for much larger policy to be used on Linksys. Script
compression is optional.
* Built-in policy installer can be used to test new policy rules with
automatic roll-back to the previous version of the policy after
specified interval of time. This feature helps to work around errors
in the policy that block access to the firewall from the management
workstation.
Caveats
New version (as of build 421) completely changes the way it loads and
activates firewall script on linksys. Old version put the whole script in
variable rc_firewall. New one puts script in variable fwb and puts a
one-line command in rc_firewall to read the script from fwb and execute
it. This was done because of the need to uncompress it when linksys
executes command stored in rc_firewall, in other words, rc_firewall needs
to be a little script that uncompresses and runs the main firewall script.
This is why scripts were separated and rc_firewall has changed compared to
the previous versions of fwbuilder.
Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires you to
erase nvram variable "fwb" which holds the whole script in the new builds.
New features in the built in policy installer
* added an option for test run. When this option is activated, policy
script is pushed to the firewall and is executed but is not stored
there permanently. Firewall reverts to the last working configuration
after reboot.
* implemented compression of the firewall script for Linksys/Sveasoft
combo. Using gzip and uuencode/uudecode to compress the script and
store it in flash variable 'fwb'. Installer prints flash memory stats
after commiting changes. Installer uses scp to copy firewall script to
the firewall and autogenerated prompt to detect when it logged in; it
does not depend on Linksys shell prompt anymore.
* added an option to schedule automatic firewall reboot in specified
time (in minutes) after policy activation. This option is available
for all firewall platforms but PIX. This option only works if user
requested policy activation in a test mode, in which case policy is
copied and activated on the firewall but not stored in the permanent
location. After reboot the firewall reverts to the previous version of
the policy. To cancel scheduled reboot, run installer again with "test
run" option turned off. Installer stores the policy in the permanent
location, activates it and cancels scheduled reboot. The commands used
to schedule reboot and cancel it depend on the host os of the
firewall. On Linux, it will use "shutdown -r +NN" and "shutdown -c".
On *BSD systems it uses "shutdown -r +NN" and a combination of ps and
awk to find and kill shutdown when reboot is canceled. Installer uses
"reboot" and kills it with "killall" on linksys.
* All manipulations that installer does on the firewall are programmed
in little one-line scripts stored in resource file for each supported
OS the firewall is running. These are in /usr/share/fwbuilder/os on
Linux/*BSD or in C:\FWBuilder\resources\os on Windows. Users can hack
commands in these files to make installer work with host OS that is
not supported by default. Currently, the GUI only looks for the
OS-specific resource files in the system-wide directory. Future
versions will also look in a predefined directory in users' home.
Directory path to be defined later.
* Added option "output file name" to firewall settings dialogs for all
platforms. User can specify the name for the output file; this name is
then used by built in installer in place of a macro %FWSCRIPT%.
New features in policy compiler for iptables
* implemented feature request #1023430: "add checkbox for INVALID
support in fw settings". Added two checkboxes to the firewall settings
dialog: one adds a rule to drop INVALID packets and another adds
logging to the rule.
* rules that permit packets associated with ESTABLISHED,RELATED states
moved to the beginning of the script before NAT rules.
* bug #1022216: "negated time produces incorrect iptables rule".
Implemented negation for the "Time" rule element for iptables
* using abbreviated versions of "--dport", "--sport", "--dports",
"--sports" options to make generated iptables script smaller. Also
changed the name of the variables used to hold IP address of dynamic
interface from "interface_<ifname>" to "i_<ifname>". All this should
help to fit larger policies into small flash on linksys. These changes
shrunk my test script from 7964 bytes to 7430 bytes
* Generated iptables script flushes only secondary ip addresses on
interfaces during initialization phase if option "configure
interfaces" is on. This should fix a bug that caused linksys/sveasoft
unit to lose default route upon reboot if external interface has
static IP address.
* Generated script checks if /usr/sbin/ip exists on the firewall before
it tries to use it to verify interfaces and configure IP addresses.
This check is only performed if user activated options that use this
tool. An error message "Interface eth0 does not exist" was generated
if package iproute2 was not installed on the firewall, which was
confusing.
New features in policy compiler for PF
* A NAT rule of type DNAT (rdr rule) is assigned to an interface of the
firewall if interface object or its address object is used in ODst. To
get rdr rule without interface assignment, use an Address or a Host
object that has the same IP address as that of firewall's interface
but that is not a child of an interface. This is the same approach
that is used in iptables.
* Compiler for pf always uses tables; this breaks compatibility with
older OpenBSD systems (3.2 and 3.3)
* Compiler for pf puts interface name in a table for rules that use
multiple objects in src or dst and one of these objects is dynamic
interface of the firewall that is being processed. Using dynamic
interface of another object in a rule is still considered an error.
Compiler puts the name of dynamic interface in a table verbatim,
without brackets '(' ')' since pf does not replace dynamic interface
with its address dynamically if it is used in a table (pfctl issues an
error if interface is put in brackets)
* added an option to permit tcp sessions opened prior to firewall
restart. This is needed now since compiler generates "flags S/SA" for
the "keep state" and "modulate state" rules which means firewall won't
permit TCP sessions unless it saw opening SYN packet.
* bug #1028973: fwb_pf: missing "flags S/SA" in front of "modulate
state". Compiler adds "flags S/SA" to policy rules that use either
"keep state" or "modulate state" options.
* bug #1028980: "need an option to turn logging on on fallback rule".
Option has been added.
Bugs fixed in libfwbuilder API:
* bug #1022788: "GUI corrupts XML file after creating a second
firewall". Global object ID counter was getting reset every time new
FWObjectDatabase object was created. This lead to the ID collision if
user quickly created and deleted complex objects (such as Firewall)
and used database merge. This should also fix bug #1022785: "GUI
corrupts XML file after creating a host entry"
* fixed bug (no number): all references to the interfaces, as well as
their IP and MAC addresses, in policy and NAT rules should be replaced
when Firewall object is duplicated. Until now only references to the
firewall object itself and to its interfaces were replaced with
references to the newly created copies of object. References to IP and
MAC addresses still pointed at the old objects.
Bugs fixed in GUI:
* bug (no number): after deleting a library firewall objects that belong
to it were not removed from the pull-down list
* bug #1026945: '"Save As" does not work if current file is in RCS'
* bug #1028078: "options.png is not displayed for "Assume firewall is
part..."
* bug #1035132: "compile errors with default Linksys firewall object".
This bug has been introduced in build 435. When user created a new
firewall object using one of the template objects, the GUI would add
bunch of garbage to the firewall options. This garbage violated XML
DTD, so compilers and the GUI would not accept the data file anymore.
* bug #1035130: 'Persistent "Save" dialog box'. Certain combination of
actions on user's part used to lead to an indefinite loop of "do you
want to save the data" dialogs. The problem was triggered if user
skipped choosing a name for the new file in startup dialog.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1024861: "optimizer is broken in fwb_ipt". Used idea and a patch
by Mark Vevers <mark@vevers.net>. Fixed compiler fwb_ipt generates
more efficient iptables script for rules with multiple objects in all
rule elements. The script is smaller and eliminates unnecessary
comparisons for packet attributes. Every attribute (i.e. source
address, destination address, protocol and port numbers) is checked by
the script only once. This should help reduce load on firewalls with
lots of complex rules.
* bug #1026509: "incorrect rules generated for dual negation with time".
Compiler generated incorrect iptables commands for rules that had
negation in two or more rule elements, one of which was Time.
* bug #1026794: multiple SRC ntwks --> "iptables: invalid argument".
Recent changes in optimizer introduced this bug. Rules with multiple
objects in src or dst, TCP service, action Reject and option "reject
with TCP RST" would generate iptables command that used option
"--reject-with tcp-reset" without "-p tcp"
Bugs fixed in iptables policy compiler fwb_pf:
* bug #1006906: "Negated network causes pass on network". Compiler for
pf uses native negation syntax that is now available in pf
* bug (no num): "firewall settings" dialog for OpenBSD pf did not save
option "Use tables". Since compiler is always using tables, this
option was removed from the dialog.
----------------------------------------------------------------------
Last modified: Thu Sep 30 20:16:23 PDT 2004

381
doc/ReleaseNotes_2.0.4.html Normal file
View File

@@ -0,0 +1,381 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.4 </h2>
<br>
<p>
Released 12/02/04
<br>
<b>GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4</b>
<br>
<h2>Summary </h2>
<p>
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>improved error handling: if the GUI is started with a
file on the command line or is configured to open a file
automatically on startup and RCS can not check the file out,
the GUI will come up empty (with only standard objects
loaded). Previously in a situation when the GUI was
configured to open a file automatically, but the file could
not be checked out, there was no way to cancel this
automatic file open operation since the GUI would never come
up.</li>
<li>Added Japanese translation by Tadashi Jokagi
&lt;elf@elf.no-ip.org&gt;</li>
<li>Added Russian translation by RusBusinessSecurity Co. Ltd.,
Russia. This translation is fairly complete but is still
considered preliminary. Bug reports and suggestions are very
welcome.
</li>
</ul>
<li>Improvements in the built-in policy installer
<p>
<ul>
<li>Built-in installer checks exit status of the script it
runs on the firewall and aborts installation sequence if it
detects an error. OS resource files have been updated
accordingly so they return exit status '1' in case of error
and '0' when they succeed.</li>
<li>Added an option to push PIX configuration to a standby
firewall at the end of install.</li>
<li>Added support in installer for new configuration script
formats for PIX:
<p>
<ol>
<li>basic or old format when access lists are cleared
and added from scratch</li>
<li>Access lists have unique names each time policy is
recompiled, lists are added without clearing.</li>
<li>Access lists are added with temporary names and
assigned to interfaces, then the same lists are added
with permanent names, lists are swapped and temporary
lists cleared</li>
</ol>
<p>Last two methods provide for instantaneous access list
swap so that the firewall never runs with empty
lists. This helps maintain access to the firewall if
configuration is installed remotely.
</li>
</ul>
</li>
<li>Improvements in policy compiler for iptables:
<p>
<ul>
<li>implemented Feature Request #1021201: "output
iptables-restore compatible config from fwb_ipt". Policy
compiler for iptables can use iptables-restore to activate
firewall policy. Iptables-restore provides for atomic policy
load and allows to load large policy much faster. Atomic
load means the whole filter or nat table is activated at
once, and if there is an error, nothing is changed. Compiler
generates script in three possible formats:
<p>
<ol>
<li>the ususal shell script that adds rules one at a
time by executing iptables command with an "-A" flag to
add a rule;</li>
<li>commands are fed to iptables-restore, this format is
used when all interfaces of the firewall have static IP
addresses and script does not need to determine
addresses at run time;</li>
<li>script determines IP addresses of interfaces and
discovers dynamic interfaces that were defined as a
"wildcard" interface in fwbuilder (e.g. 'ppp*'); code
that is sent to iptables-restore is generated
dynamically by the script at run time.</li>
</ol>
<p>Using iptables-restore is optional and is controlled by
the checkbutton in the "Script options" tab of firewall
settings dialog. Path to iptables-restore utility can be
set in the "Paths" tab of the host settings dialog.
</p>
</li>
<li>policy installation via iptables-restore has been tested
with old versions of iptables (1.2.6a). Script need to
include "-m tcp", "-m udp" or "-m icmp", otherwise
iptables-restore does not understand options "--dport",
"--tcp-flags" and some others. Also had to use "--tcp-flags
SYN,RST,ACK SYN" instea dof "--syn" for better backwards
compatibility.</li>
<li>A change in the script generated by fwb_ipt: if
iptables-restore is not used to load policy, generated shell
script purges existing firewall policy (all tables and
chains) and sets default chain policies after it configures
interfaces of the firewall. Previously, it would flush
tables and set default policy before it configured
interfaces.</li>
<li>removed code that added iptables command to the "drop"
table to drop and log all dropped packets. This rule used
obsoleted patch-o-matic patch "drop" which is not available
anymore. </li>
<li>moved rule permitting backup ssh access from the
management station to the firewall to the top of the
script. This helps maintain ssh session, otherwise it may
stall or break because stdout buffer is filled with
diagnostic or progress output from the script that is
printed after all chains are flushed but before rule
permitting ssh to the firewall is added. If stdout buffer is
full, ssh stops and tries to send the text to the management
station but times out because firewall blocks it.</li>
</ul>
<br><br>
</li>
<li>Improvements in policy compiler for pf:
<p>
<ul>
<li>Activation script for PF flushes only information about
rules, nat, source and tables (it used to flush "all"). This
preserves queue entries and states. </li>
</ul>
<p>
</li>
<li>Improvements in policy compilers for all platforms:
<p>
<ul>
<li>added support for prolog and epilog scripts for all
firewall platforms. This was available for PIX for some
time, now it has been added for all
platforms. "Prolog/Epilog" tab of the firewall settings
dialog allows for editing of two blocks of commands that
will be added to the generated firewall script
verbatim. Prolog block is added on top, while epilog block
is added at the bottom. Both prolog and epilog are expected
to be shell scripts and are added to the generated shell
script that activates firewall. For iptables and ipfw all
compiler generates is this shell script and prolog and
epilog commands are inserted into it. These commands may
execute some actions, as well as add any policy or nat
commands. For ipf and pf prolog and epilog commands are
added to the activation shell script ( .fw file); prolog is
added immediately after the command that flushes all
rules. This way user may either execute shell commands or
add policy and/or nat rules by loading them from external
file. </li>
<li>all policy compilers properly detect an error when the
output file can not be created or overwritten and print
error message to warn the user.</li>
<li>Added element "Target/family" to all OS resource XML
files. Compilers use "family" resource element to determine
if host OS is supported. User may want to copy host OS
resource file to modify installer scriptlets; as long as the
family element is kept the same, compiler will accept new
resource file.</li>
</ul>
<p>
</li>
<br>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1077072: "CrossPlatform Firewall Builder Crash" -
pressing arrow down key on the keyboard right after the GUI
started with no firewall objects defined caused crash.</li>
<li>bug (no num): if a library was assigned a name with
non-ascii characters, it would appear distorted in the pull-down
list in object dialogs.</li>
<li>bug (no number) introduced in 2.0.3 when GUI crashed if user
tried to choose pull-down menu item in the firewall list after
the very first firewall object has been created. </li>
<li>bug (no number): group object dialog corrupted object names
if they contained non-ascii characters.</li>
<li>bug #1046345: "ipfw - no option to specify ipfw
executable". Added GUI control to let user specify alternative
path to "ipfw" on FreeBSD. Control like that was previously
available only for Mac OS X </li>
<li>bug #1028866: "incorrect order when several rules copied
using copy/paste". Pasting multiple rules into an empty policy
caused rules to be inserted in the wrong order.</li>
<li>bug (no number): Policy installer failed if the following
conditions were met: - it was running on Linux, FreeBSD or Mac
OS X - working directory configured in the "General" tab of the
Preferences dialog did not exist and could not be created or its
permissions did not allow user that runs the GUI to access
it</li>
<li>Added #include <errno.h> to make code compile with gcc 3.4.2
and glibc 2.3.3</li>
<li>bug (no number): GUI could not find names of the object
libraries in external library files that user added for
automatic load in the Preferences dialog on Windows. It would
find the name of the library in the first file, but failed to
find library names in subsequent files and used the name from
the first file. Since this library was only present in the first
file, object tree was getting corrupted when the program
attempted to load this library from every file configured for
automatic pre-load. This only happened on Windows.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1077496 ] Error compiling libfwbuilder in FreeBSD:
The problem was caused by changed major version number of libnetsnmp library
in the latest net-snmp port (v5.2)</li>
<li>bug #1055937: "Any->all_multicasts not in INPUT Chain". Need
to check if network objects are multicasts; assume that
multicast always matches firewall object (e.g fwb_ipt will put
rule with such network object in destination in INPUT
chain)</li>
<li>bug #1040773: need to match network address as well as
broadcast. Packets sent to the network address (192.168.1.0 for
net 192.168.1.0/24) go in the broadcast frame and behave just
like IP broadcast packets (sent to 192.168.1.1255 for the same
net)</li>
<li>bug (no number): rule shadowing algorithm now assumes that
IPService object with protocol number '0' shades any other
service just like 'any' does.</li>
<li>bug (no num): rule shadowing algorithm checks for IP flags
in IP service object. IP service object with protocol 0 shades
anything only if its flags are cleared. Two IP services shade
each other only if they are completely equal (protocols and all
flags settings are the same). However, IP service with protocol
0 shades other IP service with protocol !=0 if all flags
settings are the same.</li>
<li>change in the object database merge algorithm: when an
object database we are trying to merge has non-empty "Deleted
objects" library, deleted objects from this library should be
ignored (they used to be deleted from the current
tree). Likewise, when current tree has non-empty "Deleted
objects" library and objects in it match objects being merged
in, objects should be removed from "Deleted objects" library to
avoid creating duplicate IDs with objects being merged in.</li>
<li>bug (no number): program crashed on FreeBSD 5.3 when using
SNMP to obtain parameters for hosts and interfaces. Crash
occurred because of use of uninitialized mutex variables in
module dns.cpp</li>
<li>bug (no number): The API used to corrupt CustomService
object while saving data to the XML file if service code
included special characters such as '&'</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1073491: incorrect code for rules using two interfaces
with negation. If a rule had two (or more) interfaces of the
firewall in the destination, with negation, the code generated
by compiler would check one interface's address in INPUT chain
and another in FORWARD chain. It should check addresses of all
interfaces from the corresponding rule element in the INPUT
chain and also check addresses and possibly services from other
rule elements in the FORWARD chain. This bug affected rules with
two or more interfaces both in source and destination.</li>
<li>bug #1040788: fwb_ipt and user name. Compiler used to read
environment variable "USER" to find out user's name. Sometimes
this variable is not set, which caused compiler to abort. Using
env variable LOGNAME in addition to USER.</li>
<li>bug #1040599: "unnecessary FORWARD rules". If ip forwarding
is turned off in the host settings dialog of the linux-based
firewall, compiler should not generate rules in FORWARD
chain.</li>
<li>bug (no number): compiler placed extra quote '"' at the end
of each NAT command in the script using iptables-restore; this
happened only if all interfaces of the firewall had static
addresses.</li>
<li>bug (no number) in fwb_ipt that caused no-nat rules with
firewall in OSrc to be placed only in OUTPUT chain. Packets
originating on the firewall go into OUTPUT and POSTROUTING
chains, so no-nat rules must be placed in both. Other minor
improvements for NAT of the locally originated connections have
been done as well.</li>
<li>bug (no number) where compiler for iptables used option
"--destination-port" with module "multiport" for versions of
iptables that do not understand it (1.2.6 and later, as well as
default version setting 'any'). The option should be
"--destination-ports" or "--dports".</li>
<li>bug #1063953: "Wrong accept/multiport rule
generated". Compiler generated wrong code for rules using
multiple service objects of different types (TCP and UDP, or TCP
and ICMP etc), multiple addresses in src or dst with option that
requires using TCP RST for action REJECT. This bug was
introduced in build 453</li>
<li>bug (no number): policy compiler for iptables used "tail -1"
in the shell script that read actual IP addresses of interfaces
of the firewall. This shell code failed to determine correct
address of an interface that was configured with a secondary
address. Reverted to using grep (I switched to tail when ran
into limitations of one of the beta builds of Sveasoft Linksys
firmware that did not have grep)</li>
</ul>
</body>
</html>

254
doc/ReleaseNotes_2.0.4.txt Normal file
View File

@@ -0,0 +1,254 @@
Firewall Builder Release Notes
Version 2.0.4
Released 12/02/04
GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4
Summary
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* improved error handling: if the GUI is started with a file on the
command line or is configured to open a file automatically on
startup and RCS can not check the file out, the GUI will come up
empty (with only standard objects loaded). Previously in a
situation when the GUI was configured to open a file
automatically, but the file could not be checked out, there was
no way to cancel this automatic file open operation since the GUI
would never come up.
* Added Japanese translation by Tadashi Jokagi <elf@elf.no-ip.org>
* Added Russian translation by RusBusinessSecurity Co. Ltd.,
Russia. This translation is fairly complete but is still
considered preliminary. Bug reports and suggestions are very
welcome.
* Improvements in the built-in policy installer
* Built-in installer checks exit status of the script it runs on
the firewall and aborts installation sequence if it detects an
error. OS resource files have been updated accordingly so they
return exit status '1' in case of error and '0' when they
succeed.
* Added an option to push PIX configuration to a standby firewall
at the end of install.
* Added support in installer for new configuration script formats
for PIX:
1. basic or old format when access lists are cleared and added
from scratch
2. Access lists have unique names each time policy is
recompiled, lists are added without clearing.
3. Access lists are added with temporary names and assigned to
interfaces, then the same lists are added with permanent
names, lists are swapped and temporary lists cleared
Last two methods provide for instantaneous access list swap so
that the firewall never runs with empty lists. This helps
maintain access to the firewall if configuration is installed
remotely.
* Improvements in policy compiler for iptables:
* implemented Feature Request #1021201: "output iptables-restore
compatible config from fwb_ipt". Policy compiler for iptables can
use iptables-restore to activate firewall policy.
Iptables-restore provides for atomic policy load and allows to
load large policy much faster. Atomic load means the whole filter
or nat table is activated at once, and if there is an error,
nothing is changed. Compiler generates script in three possible
formats:
1. the ususal shell script that adds rules one at a time by
executing iptables command with an "-A" flag to add a rule;
2. commands are fed to iptables-restore, this format is used
when all interfaces of the firewall have static IP addresses
and script does not need to determine addresses at run time;
3. script determines IP addresses of interfaces and discovers
dynamic interfaces that were defined as a "wildcard"
interface in fwbuilder (e.g. 'ppp*'); code that is sent to
iptables-restore is generated dynamically by the script at
run time.
Using iptables-restore is optional and is controlled by the
checkbutton in the "Script options" tab of firewall settings
dialog. Path to iptables-restore utility can be set in the
"Paths" tab of the host settings dialog.
* policy installation via iptables-restore has been tested with old
versions of iptables (1.2.6a). Script need to include "-m tcp",
"-m udp" or "-m icmp", otherwise iptables-restore does not
understand options "--dport", "--tcp-flags" and some others. Also
had to use "--tcp-flags SYN,RST,ACK SYN" instea dof "--syn" for
better backwards compatibility.
* A change in the script generated by fwb_ipt: if iptables-restore
is not used to load policy, generated shell script purges
existing firewall policy (all tables and chains) and sets default
chain policies after it configures interfaces of the firewall.
Previously, it would flush tables and set default policy before
it configured interfaces.
* removed code that added iptables command to the "drop" table to
drop and log all dropped packets. This rule used obsoleted
patch-o-matic patch "drop" which is not available anymore.
* moved rule permitting backup ssh access from the management
station to the firewall to the top of the script. This helps
maintain ssh session, otherwise it may stall or break because
stdout buffer is filled with diagnostic or progress output from
the script that is printed after all chains are flushed but
before rule permitting ssh to the firewall is added. If stdout
buffer is full, ssh stops and tries to send the text to the
management station but times out because firewall blocks it.
* Improvements in policy compiler for pf:
* Activation script for PF flushes only information about rules,
nat, source and tables (it used to flush "all"). This preserves
queue entries and states.
* Improvements in policy compilers for all platforms:
* added support for prolog and epilog scripts for all firewall
platforms. This was available for PIX for some time, now it has
been added for all platforms. "Prolog/Epilog" tab of the firewall
settings dialog allows for editing of two blocks of commands that
will be added to the generated firewall script verbatim. Prolog
block is added on top, while epilog block is added at the bottom.
Both prolog and epilog are expected to be shell scripts and are
added to the generated shell script that activates firewall. For
iptables and ipfw all compiler generates is this shell script and
prolog and epilog commands are inserted into it. These commands
may execute some actions, as well as add any policy or nat
commands. For ipf and pf prolog and epilog commands are added to
the activation shell script ( .fw file); prolog is added
immediately after the command that flushes all rules. This way
user may either execute shell commands or add policy and/or nat
rules by loading them from external file.
* all policy compilers properly detect an error when the output
file can not be created or overwritten and print error message to
warn the user.
* Added element "Target/family" to all OS resource XML files.
Compilers use "family" resource element to determine if host OS
is supported. User may want to copy host OS resource file to
modify installer scriptlets; as long as the family element is
kept the same, compiler will accept new resource file.
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1077072: "CrossPlatform Firewall Builder Crash" - pressing arrow
down key on the keyboard right after the GUI started with no firewall
objects defined caused crash.
* bug (no num): if a library was assigned a name with non-ascii
characters, it would appear distorted in the pull-down list in object
dialogs.
* bug (no number) introduced in 2.0.3 when GUI crashed if user tried to
choose pull-down menu item in the firewall list after the very first
firewall object has been created.
* bug (no number): group object dialog corrupted object names if they
contained non-ascii characters.
* bug #1046345: "ipfw - no option to specify ipfw executable". Added GUI
control to let user specify alternative path to "ipfw" on FreeBSD.
Control like that was previously available only for Mac OS X
* bug #1028866: "incorrect order when several rules copied using
copy/paste". Pasting multiple rules into an empty policy caused rules
to be inserted in the wrong order.
* bug (no number): Policy installer failed if the following conditions
were met: - it was running on Linux, FreeBSD or Mac OS X - working
directory configured in the "General" tab of the Preferences dialog
did not exist and could not be created or its permissions did not
allow user that runs the GUI to access it
* Added #include <errno.h> to make code compile with gcc 3.4.2 and glibc
2.3.3
* bug (no number): GUI could not find names of the object libraries in
external library files that user added for automatic load in the
Preferences dialog on Windows. It would find the name of the library
in the first file, but failed to find library names in subsequent
files and used the name from the first file. Since this library was
only present in the first file, object tree was getting corrupted when
the program attempted to load this library from every file configured
for automatic pre-load. This only happened on Windows.
Bugs fixed in API:
* bug #1077496 ] Error compiling libfwbuilder in FreeBSD: The problem
was caused by changed major version number of libnetsnmp library in
the latest net-snmp port (v5.2)
* bug #1055937: "Any->all_multicasts not in INPUT Chain". Need to check
if network objects are multicasts; assume that multicast always
matches firewall object (e.g fwb_ipt will put rule with such network
object in destination in INPUT chain)
* bug #1040773: need to match network address as well as broadcast.
Packets sent to the network address (192.168.1.0 for net
192.168.1.0/24) go in the broadcast frame and behave just like IP
broadcast packets (sent to 192.168.1.1255 for the same net)
* bug (no number): rule shadowing algorithm now assumes that IPService
object with protocol number '0' shades any other service just like
'any' does.
* bug (no num): rule shadowing algorithm checks for IP flags in IP
service object. IP service object with protocol 0 shades anything only
if its flags are cleared. Two IP services shade each other only if
they are completely equal (protocols and all flags settings are the
same). However, IP service with protocol 0 shades other IP service
with protocol !=0 if all flags settings are the same.
* change in the object database merge algorithm: when an object database
we are trying to merge has non-empty "Deleted objects" library,
deleted objects from this library should be ignored (they used to be
deleted from the current tree). Likewise, when current tree has
non-empty "Deleted objects" library and objects in it match objects
being merged in, objects should be removed from "Deleted objects"
library to avoid creating duplicate IDs with objects being merged in.
* bug (no number): program crashed on FreeBSD 5.3 when using SNMP to
obtain parameters for hosts and interfaces. Crash occurred because of
use of uninitialized mutex variables in module dns.cpp
* bug (no number): The API used to corrupt CustomService object while
saving data to the XML file if service code included special
characters such as '&'
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1073491: incorrect code for rules using two interfaces with
negation. If a rule had two (or more) interfaces of the firewall in
the destination, with negation, the code generated by compiler would
check one interface's address in INPUT chain and another in FORWARD
chain. It should check addresses of all interfaces from the
corresponding rule element in the INPUT chain and also check addresses
and possibly services from other rule elements in the FORWARD chain.
This bug affected rules with two or more interfaces both in source and
destination.
* bug #1040788: fwb_ipt and user name. Compiler used to read environment
variable "USER" to find out user's name. Sometimes this variable is
not set, which caused compiler to abort. Using env variable LOGNAME in
addition to USER.
* bug #1040599: "unnecessary FORWARD rules". If ip forwarding is turned
off in the host settings dialog of the linux-based firewall, compiler
should not generate rules in FORWARD chain.
* bug (no number): compiler placed extra quote '"' at the end of each
NAT command in the script using iptables-restore; this happened only
if all interfaces of the firewall had static addresses.
* bug (no number) in fwb_ipt that caused no-nat rules with firewall in
OSrc to be placed only in OUTPUT chain. Packets originating on the
firewall go into OUTPUT and POSTROUTING chains, so no-nat rules must
be placed in both. Other minor improvements for NAT of the locally
originated connections have been done as well.
* bug (no number) where compiler for iptables used option
"--destination-port" with module "multiport" for versions of iptables
that do not understand it (1.2.6 and later, as well as default version
setting 'any'). The option should be "--destination-ports" or
"--dports".
* bug #1063953: "Wrong accept/multiport rule generated". Compiler
generated wrong code for rules using multiple service objects of
different types (TCP and UDP, or TCP and ICMP etc), multiple addresses
in src or dst with option that requires using TCP RST for action
REJECT. This bug was introduced in build 453
* bug (no number): policy compiler for iptables used "tail -1" in the
shell script that read actual IP addresses of interfaces of the
firewall. This shell code failed to determine correct address of an
interface that was configured with a secondary address. Reverted to
using grep (I switched to tail when ran into limitations of one of the
beta builds of Sveasoft Linksys firmware that did not have grep)

212
doc/ReleaseNotes_2.0.5.html Normal file
View File

@@ -0,0 +1,212 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.5 </h2>
<br>
<p>
Released 01/07/05
<br>
<b>GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5</b>
<br>
<h2>Summary </h2>
<p>
This is a bugfix release; its main focus is on internationalization and usability
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Fixed lots of places were strings were not properly
marked for localization, this lead to GUI showing '????'
instead of a text in some menu items and dialogs in
non-english locales</li>
<li>properly synchronizing state of the items main menu with
state of corresponding items in the pop-up menu that appears
when user right-mouse-clicks on an object in the tree</li>
<li>fixes for non-localized text strings in dialogs (mostly
"Continue", "Yes"/"No" etc. in many places)</li>
<li>proper localization of the human-readable version number
text for iptables; also made info window print readable text
instead of "lt_1.2.6"</li>
<li>cosmetic changes in some dialogs layout to make the look
better when localized text makes strings much longer</li>
<li>firewall object dialog tab "Templates" has been hidden. It
is unlikely that this feature will be implemented in 2.0.X
series.</li>
<li>Streamlined logic in the object editor dialog. This improves
handling of the situation when user closes dialog by clicking on
[x] while 1) there are unsaved data and/or 2) some of the
object's parameters have illegal values. The dialog behavior
also depends on the setting of the global flag "Autosave" that
causes dialog to automatically save data when user switches
between objects.</li>
<li>when user opens data file in the old format (fwbuilder
v1.1.x, extension .xml) and after autoupgrade the program
discovers that the same file with extension .fwb already
exists, it offers the user a chance to choose different
name. If user clicks "Cancel" at this point, the program
cancel operation and reverts upgraded data file back to its
original name and version.</li>
<li>improved behavior of the main menu "Edit" as well as
pop-up menu that appears when user right mouse clicks on an
object in the tree. Menu item "Paste" should only be enabled
if the clipboard is not empty and objects that are stored in
it can be pasted into selected object in the tree.</li>
<li>when user clicks menu item "File/Open" to open a new
file, the GUI should save and close currently opened file
only after the user chooses new file. If user clicks Cancel
in the File/Open dialog, operation should be cancelled so
the user can continue working with currently opened
file. The same applies to operation File/New.</li>
<li>implemented feature request: colors that are used to
color rules can be changed in Preferences dialog.</li>
<li>main menu item "Object/New Object/Address" and
corresponding toolbar button always creates an Address
object under Objects/Addresses folder in the tree. Address
of an interface can be created using pop-up menu item "Add
IP Address"</li>
<li>Pull-down menu "On startup" in the "General" tab of the
preferences dialog now has three items: "Load standard
objects", "Load last edited file" and "Ask user what to
do". The last item is default.</li>
<li>Updated Japanese and Russian translations</li>
</ul>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug (no num): the GUI crashed when user tried to add a
library file for auto-load in Preferences/Libraries and the
first library object in that file had a name using non-ascii
characters</li>
<li>bug (internal #34) the program should issue a warning when
user tries to add a library file (.fwl) that contains object
library that already exists in the opened data file.</li>
<li>bugfixes for the behavior of the object editor
dialogs. Dialog should ask if user wants to save data and then
validate it when user clicks on [x] to close editor dialog. It
used to validate the data first, then ask if they want to close
dialog.</li>
<li>bug (localization): RCS log entries made using non-ascii
characters used to appear as '???' in Open File and
File/Properties dialogs.</li>
<li>localization was broken on win32 and mac os x because
translation files were not installed properly. Now fixed.</li>
<li>bug #1092810: "Multiline RCS comments are shown as a single
line on windows". As it turned out, this bug affected all
platforms.</li>
<li>bug (no num) that caused GUI crash when user created new
firewall object using template with three interfaces.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1068119: "additional whitespace for Rule comments in
.fw file". Added extra space between rule number and interface
spec in rule comments.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1089586: "default --icmp-type value is 0 in iptables &lt;
1.2.9". The problem concerns policy rules using service object
"any ICMP". A rule like this is supposed to match any ICMP
packet. Few versions ago I had to add option "-m icmp" (and "-m
udp", "-m tcp") because I've discovered that iptables-restore on
some systems (linksys sveasoft firmware, iptables v1.2.11)
refused to load rules without it. Now it turns out that iptables
v &lt; 1.2.9 (tested on 1.2.6a and 1.2.7a) implicitly adds
equivalent of "--icmp-type 0" to rules with "-p icmp -m icmp"
and without "--icmp-type" option. Since type 0 is actually icmp
echo reply, a rule like this does not match "any ICMP" as it was
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255"
which matches any icmp type. Using "--icmp-type 255" on iptables
1.2.6 and 1.2.7 does not work (a rule does not match icmp
packets with type different from 255). The fix generates "-p
icmp -m icmp --icmp-type any" for iptables 1.2.9 and later, as
well as when iptables version is not specified in the firewall
object settings. It generates just "-p icmp" for versions &lt;
1.2.9.</li>
<li>bug #1092141: "irritating FORWARD rule for established
connections". Need rule in FORWARD chain only if ip forwarding
is on or set to "no change"</li>
<li>bug #1059393: "function getaddr failed for
eth1.0020". Generated script can now work with interfaces that
have a dot in their name (such as "eth1.0020" - vlan interface)</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for ipfw fwb_ipfw:</h2>
<ul>
<li>bug #1089866: "multiple services in one rule confuses ipfw
compiler". If several UDP or TCP objects were used in the same
policy rule and these service objects had source port ranges
defined, the compiler would produce incorrect code by combining
source port range specifications together in the same ipfw
command.</li>
<li>bug #1093461: "problem with 'established' in ipfw". Ipfw
requires protocol to be set to 'tcp' if option 'established' is
used in a rule.</li>
<li>bug #1093472: "ipfw port range(s) errors". There can only be
one port range in a single ipfw rule.</li>
<li>bug #1093620: "path (to ipfw) with spaces fails". Generated
script failed if path to ipfw contained space. I only worked
around this problem for ipfw; paths to sysctl and logger must be
standard and never contain spaces.</li>
</ul>
</body>
</html>

140
doc/ReleaseNotes_2.0.5.txt Normal file
View File

@@ -0,0 +1,140 @@
Firewall Builder Release Notes
Version 2.0.5
Released 01/07/05
GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5
Summary
This is a bugfix release; its main focus is on internationalization and
usability
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* Fixed lots of places were strings were not properly marked for
localization, this lead to GUI showing '????' instead of a text
in some menu items and dialogs in non-english locales
* properly synchronizing state of the items main menu with state of
corresponding items in the pop-up menu that appears when user
right-mouse-clicks on an object in the tree
* fixes for non-localized text strings in dialogs (mostly
"Continue", "Yes"/"No" etc. in many places)
* proper localization of the human-readable version number text for
iptables; also made info window print readable text instead of
"lt_1.2.6"
* cosmetic changes in some dialogs layout to make the look better
when localized text makes strings much longer
* firewall object dialog tab "Templates" has been hidden. It is
unlikely that this feature will be implemented in 2.0.X series.
* Streamlined logic in the object editor dialog. This improves
handling of the situation when user closes dialog by clicking on
[x] while 1) there are unsaved data and/or 2) some of the
object's parameters have illegal values. The dialog behavior also
depends on the setting of the global flag "Autosave" that causes
dialog to automatically save data when user switches between
objects.
* when user opens data file in the old format (fwbuilder v1.1.x,
extension .xml) and after autoupgrade the program discovers that
the same file with extension .fwb already exists, it offers the
user a chance to choose different name. If user clicks "Cancel"
at this point, the program cancel operation and reverts upgraded
data file back to its original name and version.
* improved behavior of the main menu "Edit" as well as pop-up menu
that appears when user right mouse clicks on an object in the
tree. Menu item "Paste" should only be enabled if the clipboard
is not empty and objects that are stored in it can be pasted into
selected object in the tree.
* when user clicks menu item "File/Open" to open a new file, the
GUI should save and close currently opened file only after the
user chooses new file. If user clicks Cancel in the File/Open
dialog, operation should be cancelled so the user can continue
working with currently opened file. The same applies to operation
File/New.
* implemented feature request: colors that are used to color rules
can be changed in Preferences dialog.
* main menu item "Object/New Object/Address" and corresponding
toolbar button always creates an Address object under
Objects/Addresses folder in the tree. Address of an interface can
be created using pop-up menu item "Add IP Address"
* Pull-down menu "On startup" in the "General" tab of the
preferences dialog now has three items: "Load standard objects",
"Load last edited file" and "Ask user what to do". The last item
is default.
* Updated Japanese and Russian translations
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug (no num): the GUI crashed when user tried to add a library file
for auto-load in Preferences/Libraries and the first library object in
that file had a name using non-ascii characters
* bug (internal #34) the program should issue a warning when user tries
to add a library file (.fwl) that contains object library that already
exists in the opened data file.
* bugfixes for the behavior of the object editor dialogs. Dialog should
ask if user wants to save data and then validate it when user clicks
on [x] to close editor dialog. It used to validate the data first,
then ask if they want to close dialog.
* bug (localization): RCS log entries made using non-ascii characters
used to appear as '???' in Open File and File/Properties dialogs.
* localization was broken on win32 and mac os x because translation
files were not installed properly. Now fixed.
* bug #1092810: "Multiline RCS comments are shown as a single line on
windows". As it turned out, this bug affected all platforms.
* bug (no num) that caused GUI crash when user created new firewall
object using template with three interfaces.
Bugs fixed in API:
* bug #1068119: "additional whitespace for Rule comments in .fw file".
Added extra space between rule number and interface spec in rule
comments.
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1089586: "default --icmp-type value is 0 in iptables < 1.2.9".
The problem concerns policy rules using service object "any ICMP". A
rule like this is supposed to match any ICMP packet. Few versions ago
I had to add option "-m icmp" (and "-m udp", "-m tcp") because I've
discovered that iptables-restore on some systems (linksys sveasoft
firmware, iptables v1.2.11) refused to load rules without it. Now it
turns out that iptables v < 1.2.9 (tested on 1.2.6a and 1.2.7a)
implicitly adds equivalent of "--icmp-type 0" to rules with "-p icmp
-m icmp" and without "--icmp-type" option. Since type 0 is actually
icmp echo reply, a rule like this does not match "any ICMP" as it was
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which
matches any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and
1.2.7 does not work (a rule does not match icmp packets with type
different from 255). The fix generates "-p icmp -m icmp --icmp-type
any" for iptables 1.2.9 and later, as well as when iptables version is
not specified in the firewall object settings. It generates just "-p
icmp" for versions < 1.2.9.
* bug #1092141: "irritating FORWARD rule for established connections".
Need rule in FORWARD chain only if ip forwarding is on or set to "no
change"
* bug #1059393: "function getaddr failed for eth1.0020". Generated
script can now work with interfaces that have a dot in their name
(such as "eth1.0020" - vlan interface)
Bugs fixed in policy compiler for ipfw fwb_ipfw:
* bug #1089866: "multiple services in one rule confuses ipfw compiler".
If several UDP or TCP objects were used in the same policy rule and
these service objects had source port ranges defined, the compiler
would produce incorrect code by combining source port range
specifications together in the same ipfw command.
* bug #1093461: "problem with 'established' in ipfw". Ipfw requires
protocol to be set to 'tcp' if option 'established' is used in a rule.
* bug #1093472: "ipfw port range(s) errors". There can only be one port
range in a single ipfw rule.
* bug #1093620: "path (to ipfw) with spaces fails". Generated script
failed if path to ipfw contained space. I only worked around this
problem for ipfw; paths to sysctl and logger must be standard and
never contain spaces.

259
doc/ReleaseNotes_2.0.6.html Normal file
View File

@@ -0,0 +1,259 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.6 </h2>
<br>
<p>
Released 02/17/05
<br>
<b>GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6</b>
<br>
<h2>Summary </h2>
<p>
This release adds ability to print firewall rulesets
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Support for printing of firewall rulesets:
<p>
<ul>
<li>prints policies and NAT rules for the currently
opened firewall object</li>
<li>can print a header on each page, header includes
file name, RCS revision number and page number. Header
can be turned off</li>
<li>can print a legend at the end of the
printout. Legend shows each icon and what object type it
corresponds to. Printing of the legend can be turned
off.</li>
<li>can print a list of objects used in all rules of the
firewall. Each object is accompanied with a brief
summary of its parameters. This can be turned off as
well.</li>
<li>While printing rule sets, the program will break the
table on the boundary of a rule when it reaches end of
the page</li>
<li>Rule sets are printed as screenshots of the same
table widget used in the GUI. The user can change
scaling factor for the tables to make them fit on the
page</li>
<li>Printing has been tested on Linux, Windows and Mac
OS X</li>
</ul>
</li>
<li>slightly changed logic with user warnings in the object
removal code. The program asks the user for confirmation if
they remove an ordinary object from a regular
library. Confirmation is not asked if object is removed from
"Deleted objects" library or when a library is being deleted
(in this case we ask a different quastion later
anyway). This helps avoid double warning when a library is
deleted.
<p>
</li>
<li>New service objects:
<ul>
<li>TCP service objects for regular VNC viewer (displays
0 and 1) and Java VNC viewer (displays 0 and 1)</li>
<li>UDP service object for OpenVPN</li>
</ul>
</li>
</ul>
</li>
<li>Improvements in compiler for iptables fwb_ipt
<p>
<ul>
<li>implemented feature req. #1112980: "Need unique names
for accounting rules". User can now specify a unique name
for rules with action 'Accounting'; this name will be
converted to a chain name. This simplifies accounting since
chain name for such rule won't change if the user adds or
removes rules above or below. </li>
</ul>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1107838: "bug in configure script in fwbuilder
2.0.6". Need to specify path "./" when calling runqmake.sh </li>
<li>bug #1109631: "can not copy firewall script to /etc on
Linksys". Added an option ot all OS resource files that
determines whether user is allowed to change installation
directory on the firewall. Currently it is allowed on all
supported OS except Linksys/Sveasoft because there /etc/ resides
on read-only filesystem</li>
<li>bug #1109174: "Cannot print rule base" - implemented
printing</li>
<li>bug #1111244 "GUI allows to add more than one MAC address to
an interface". There can only be one MAC address for each
interface.</li>
<li>bug #1112264: "Load last edited file" setting doesn't
work. This was broken only on Mac OS X.</li>
<li>bug #1112764: "some Objects are partially obscured in
printout". Parts of the "Objects" table were clipped. </li>
<li>bug #1112776: "some items touching seperator lines on
printouts". Rule elements "Action", "Direction", "Options" and
"Comment" were placed right at the top of the table cell which
led to their clipping when rule set was printed on Mac OS
X. Need more testing.</li>
<li>bug #1115412: "Problem installer FWbuilder 2.0.5 for
Windows". Switched to command line option "-l" to specify user
name for external ssh in installer. This was necessary because
Van Dyke SecureCRT on Windows does not support user@host syntax.</li>
<li>bug #1030538: "incorrect highlighting when selecting
multiple rules". This bug seems to be specific to Mac OS X</li>
<li>support request #1118039: "Error when Windows client calls
plink -ssh". The problem is that putty ignores protocol and port
specified in the session file if command line option -ssh is
given. On the other hand, the sign of session usage is an empty
user name, so we can check for that. If user name is empty, then
putty will use current Windows account name to log in to the
firewall and this is unlikely to work anyway. This seems to be a
decent workaround.</li>
<li>bug #1118717: "fwbuilder 206 on Windows XP SP2: error
checking out". Env variable USERNAME was not set in user's
profile, which triggered this bug. Now using getuid to get user
name on Unix and GetUserName on Windows. This should make the
program more resilient for situations when environment variable
LOGNAME or USERNAME is not set</li>
<li>bug #1120904: "GUI hangs when accessing RCS file". Improved
parsing of rlog output.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1108861: "two rules using MAC address matching shadow
each other". Need to check for MAC addresses while processing
rules for shadowing. </li>
<li>bug #1105167: "Crash when importing a library that has been
deleted".</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1106701: 'backup ssh access' and statefulness
interation. Need to add rules matching states ESTABLISHED and
RELATED for the backup ssh access to make sure it works even if
global rule matching these states is disabled. </li>
<li>bug #1101910: "Samba problem with Bridged Firewall". Need to
split rule to take care of broadcasts forwarded by the bridge
and broadcasts that are accepted by the firewall itself. Need to
do this only if the rule is not associated with any bridging
interface.</li>
<li>bug #1102629: "lost chain in accounting rules". Rules with
multiple objects in one of the rule elements and action
'Accounting' generated code that ignored objects in that rule
element</li>
<li>bug #1112976: "Accounting rule with logging produces looped
iptables command"</li>
<li>bug #1112470: "Problem with FW part of ANY in Bridged mode".
If fw is considered part of any, we should place rule in
INPUT/OUTPUT chains even if it is a bridging fw since fw itself
may send or receive packets.</li>
<li>bug #1123748 "busybox grep -E". Busybox does not support
option "-E" with grep, however it has "egrep".</li>
<li>bug #1123933 "iptables add_addr() expr binary not found". As
it turns out, /usr/bin/ is not in PATH during boot time on
Slackware. I added /usr/bin/ to PATH variable in generated
iptables script.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
<ul>
<li>bug #1105755 "Custom Service objects not working for PF
compiler".User tried to generate a nat rule like this using
CustomService object:
<p>
<blockquote>
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22
</blockquote>
<p>
Taken from the bug report:
<p>
as it turned out, I can not fix this. You are trying to use
Custom Service object to insert protocol list into a "nat"
rule. Normally, a service object such as TCP or UDP service
generates two components for any rule where it is used: a
protocol specification and port specification (type/ code spec
for ICMP). PF is sensitive to the order of parameters in the
rule, in particular, protocol must be defined after interface
but before src/dst addresses in the rule, while port numbers
go after addresses. Compiler easily retrieves this
information from IP, TCP, UDP and ICMP services and places it
in a proper slots in the rule it generates. CustomService
does not have a notion of protocol and parameters for it, so
compiler puts a string that is configured in the CustomService
in the place reserved for port numbers. This means you can not
use CustomService to specify protocols.
<p>
There still was a bug in fwb_pf where it would print
"custom_service" in place of protocol. This is fixed in 2.0.6
build 542. Protocols can not be inserted with Custom Service
though.
<p>
Feature request #1111267 "CustomService should specify protocol
and parameters for it" has been opened
</li>
</ul>
</body>
</html>

166
doc/ReleaseNotes_2.0.6.txt Normal file
View File

@@ -0,0 +1,166 @@
Firewall Builder Release Notes
Version 2.0.6
Released 02/17/05
GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6
Summary
This release adds ability to print firewall rulesets
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* Support for printing of firewall rulesets:
* prints policies and NAT rules for the currently opened
firewall object
* can print a header on each page, header includes file name,
RCS revision number and page number. Header can be turned
off
* can print a legend at the end of the printout. Legend shows
each icon and what object type it corresponds to. Printing
of the legend can be turned off.
* can print a list of objects used in all rules of the
firewall. Each object is accompanied with a brief summary of
its parameters. This can be turned off as well.
* While printing rule sets, the program will break the table
on the boundary of a rule when it reaches end of the page
* Rule sets are printed as screenshots of the same table
widget used in the GUI. The user can change scaling factor
for the tables to make them fit on the page
* Printing has been tested on Linux, Windows and Mac OS X
* slightly changed logic with user warnings in the object removal
code. The program asks the user for confirmation if they remove
an ordinary object from a regular library. Confirmation is not
asked if object is removed from "Deleted objects" library or when
a library is being deleted (in this case we ask a different
quastion later anyway). This helps avoid double warning when a
library is deleted.
* New service objects:
* TCP service objects for regular VNC viewer (displays 0 and
1) and Java VNC viewer (displays 0 and 1)
* UDP service object for OpenVPN
* Improvements in compiler for iptables fwb_ipt
* implemented feature req. #1112980: "Need unique names for
accounting rules". User can now specify a unique name for rules
with action 'Accounting'; this name will be converted to a chain
name. This simplifies accounting since chain name for such rule
won't change if the user adds or removes rules above or below.
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1107838: "bug in configure script in fwbuilder 2.0.6". Need to
specify path "./" when calling runqmake.sh
* bug #1109631: "can not copy firewall script to /etc on Linksys". Added
an option ot all OS resource files that determines whether user is
allowed to change installation directory on the firewall. Currently it
is allowed on all supported OS except Linksys/Sveasoft because there
/etc/ resides on read-only filesystem
* bug #1109174: "Cannot print rule base" - implemented printing
* bug #1111244 "GUI allows to add more than one MAC address to an
interface". There can only be one MAC address for each interface.
* bug #1112264: "Load last edited file" setting doesn't work. This was
broken only on Mac OS X.
* bug #1112764: "some Objects are partially obscured in printout". Parts
of the "Objects" table were clipped.
* bug #1112776: "some items touching seperator lines on printouts". Rule
elements "Action", "Direction", "Options" and "Comment" were placed
right at the top of the table cell which led to their clipping when
rule set was printed on Mac OS X. Need more testing.
* bug #1115412: "Problem installer FWbuilder 2.0.5 for Windows".
Switched to command line option "-l" to specify user name for external
ssh in installer. This was necessary because Van Dyke SecureCRT on
Windows does not support user@host syntax.
* bug #1030538: "incorrect highlighting when selecting multiple rules".
This bug seems to be specific to Mac OS X
* support request #1118039: "Error when Windows client calls plink
-ssh". The problem is that putty ignores protocol and port specified
in the session file if command line option -ssh is given. On the other
hand, the sign of session usage is an empty user name, so we can check
for that. If user name is empty, then putty will use current Windows
account name to log in to the firewall and this is unlikely to work
anyway. This seems to be a decent workaround.
* bug #1118717: "fwbuilder 206 on Windows XP SP2: error checking out".
Env variable USERNAME was not set in user's profile, which triggered
this bug. Now using getuid to get user name on Unix and GetUserName on
Windows. This should make the program more resilient for situations
when environment variable LOGNAME or USERNAME is not set
* bug #1120904: "GUI hangs when accessing RCS file". Improved parsing of
rlog output.
Bugs fixed in API:
* bug #1108861: "two rules using MAC address matching shadow each
other". Need to check for MAC addresses while processing rules for
shadowing.
* bug #1105167: "Crash when importing a library that has been deleted".
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1106701: 'backup ssh access' and statefulness interation. Need to
add rules matching states ESTABLISHED and RELATED for the backup ssh
access to make sure it works even if global rule matching these states
is disabled.
* bug #1101910: "Samba problem with Bridged Firewall". Need to split
rule to take care of broadcasts forwarded by the bridge and broadcasts
that are accepted by the firewall itself. Need to do this only if the
rule is not associated with any bridging interface.
* bug #1102629: "lost chain in accounting rules". Rules with multiple
objects in one of the rule elements and action 'Accounting' generated
code that ignored objects in that rule element
* bug #1112976: "Accounting rule with logging produces looped iptables
command"
* bug #1112470: "Problem with FW part of ANY in Bridged mode". If fw is
considered part of any, we should place rule in INPUT/OUTPUT chains
even if it is a bridging fw since fw itself may send or receive
packets.
* bug #1123748 "busybox grep -E". Busybox does not support option "-E"
with grep, however it has "egrep".
* bug #1123933 "iptables add_addr() expr binary not found". As it turns
out, /usr/bin/ is not in PATH during boot time on Slackware. I added
/usr/bin/ to PATH variable in generated iptables script.
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1105755 "Custom Service objects not working for PF compiler".User
tried to generate a nat rule like this using CustomService object:
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any ->
22.22.22.22
Taken from the bug report:
as it turned out, I can not fix this. You are trying to use Custom
Service object to insert protocol list into a "nat" rule. Normally, a
service object such as TCP or UDP service generates two components for
any rule where it is used: a protocol specification and port
specification (type/ code spec for ICMP). PF is sensitive to the order
of parameters in the rule, in particular, protocol must be defined
after interface but before src/dst addresses in the rule, while port
numbers go after addresses. Compiler easily retrieves this information
from IP, TCP, UDP and ICMP services and places it in a proper slots in
the rule it generates. CustomService does not have a notion of
protocol and parameters for it, so compiler puts a string that is
configured in the CustomService in the place reserved for port
numbers. This means you can not use CustomService to specify
protocols.
There still was a bug in fwb_pf where it would print "custom_service"
in place of protocol. This is fixed in 2.0.6 build 542. Protocols can
not be inserted with Custom Service though.
Feature request #1111267 "CustomService should specify protocol and
parameters for it" has been opened

271
doc/ReleaseNotes_2.0.7.html Normal file
View File

@@ -0,0 +1,271 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.7 </h2>
<br>
<p>
Released 05/08/2005
<br>
<b>GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7</b>
<br>
<h2>Summary </h2>
<p>
This is a bug fix release
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>implemented feature req. #1151220: "Close" button should
change is caption/title to "Install". When user clicks
"Install" toolbar button or main menu item, the "Close"
button in the pop-up window that displays compiler progress
changes its text caption to "Install"</li>
<li>implemented feature request #1151206: "Search for IP
Addresses". "Find" dialog searches for objects by a
combination of name and one of the following attributes:
address, tcp/udp port, ip protocol number or icmp message
type. Regular expressions can be used for both name and
attribute.</li>
<li>Support for SNMP operations has been added in Windows
packages of Firewall Builder</li>
</ul>
</li>
<li>Improvements in built-in installer:
<p>
User can specify additional command line parameters for ssh
that built-in installer runs to access firewall. This allows
for alternative ssh port or alternative ssh identity to be
used when accessing firewall. Parameters can be added in the
"Installer" tab of firewall settings dialog for all
platforms.
</p>
</li>
<li>Improvements in compiler for ipfilter fwb_ipf
<p>
Added support for dynamic addresses in ipfilter. Actual
address of dynamic interface is now determined at run-time
in the policy activation script &lt;firewall_name&gt;.fw
generated by fwbuilder. If dynamic interface is used
somewhere in the policy or nat rules, it will be replaced
with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This
run-time substitution is done only if a checkbox is checked
in the "Script options" tab of firewall settings
dialog. Default behavior is to use "any". This is because
ipfilter configuration files &lt;firewall&gt;-ipf.conf and
&lt;firewall&gt;-nat.conf that rely on run-time substitution
of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
</p>
<p>
Generated script uses function getaddr() to determine
address of dynamic interface. This function falls back to
0.0.0.0/32 if dynamic interface has not been assigned an
address yet or is down. Ipfilter policy using run-time
substitution of dynamic interface addresses will be
functional even if these interfaces are down or do not have
IP address.
</p>
</li>
<li>Improvements in compiler for iptables fwb_ipt
<p>
Generated iptables script sets default policies to DROP in
all ipv6 filter chains. More detailed control can be
implemented using prolog or epilog scripts.
<p>
Note that this changes behavior of the generated iptables
script with respect to IPv6. Until now, the script just
ignored IPv6 but some people felt this leaves a hole in the
firewall and asked me to make the script close it. Generated
shell code will check if ip6tables is installed on the
system and if it actually works before setting default
policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is
not compiled into the kernel (so ip6tables does not work and
generates errors).
</p>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1151052: "Not external interfaces marked as
external". Dialog for an interface object that belongs to a host
should not show checkbox "external (insecure) interface"</li>
<li>bug #1151212: "Collapsed sub-objects shouldn't be added if
they are hidden". When user selects multiple objects in the tree
some of which have child objects, those child objects used to be
also selected and added to groups in addition to their parent
objects via drag-and-drop operation.</li>
<li>bug #1151243: "Maintain format of description text". The GUI
ignored text formatting in object comment when displayed it in
the info panel (lower left corner of the main windows)</li>
<li>bug #1155163: "print does not print group contents". The
program printed only number of objects contaned in object or
service groups. Now it prints lists of member objects for all
groups used in rules. If groups contain other groups, they are
printed recursively.</li>
<li>bug #1172620: "Add tcp service object for icslap". Added
this object to the objects library "Standard".</li>
<li>bug #1184791: "can not copy/paste multiple objects into a
group"</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>
bug #1158870: "mutexes are not properly created on
FreeBSD". Mutexes gethostbyname_mutex and gethostbyaddr_mutex
were never created but used on OS where thread-safe resolver
is not available.
</li>
<li>bug #1151219: "New Host creation window is not well
dimensioned". Fixed wrong dialog page layout in the new host
wizard.</li>
<li>bug #1157976: "patches to make fwbuilder compile under
NetBSD 1.6". Applied patches.</li>
<li>bug #1173801: '"&" character in prolog/epilog'. Needed to
call xmlEncodeSpecialChars to encode special characters in
firewall options</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>
bug #1123748: "busybox grep -E". Busybox in floppyfw is
compiled without support for egrep (or grep -E). Switched to
using "plain" grep.</li>
<li>bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16
or 31 ports were used in a single rule, compiler generated
command with conflicting options "-m multiport --dport"</li>
<li>
bug #1176890: "block IPv6". Generated iptables script sets
default policies to DROP in all ipv6 filter chains. More
detailed control can be implemented using prolog or epilog
scripts.
<p>
Note that this changes behavior of the generated iptables
script with respect to IPv6. Until now, the script just
ignored IPv6 but some people felt this leaves a hole in the
firewall and asked me to make the script close it. Generated
shell code will check if ip6tables is installed on the
system and if it actually works before setting default
policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is
not compiled into the kernel (so ip6tables does not work and
generates errors).
</li>
<li>bug #1176890: "block IPv6". Generated iptables script sets
default policies to DROP in all ipv6 filter chains. More
detailed control can be implemented using prolog or epilog
scripts.</li>
<li>bug #1179103: 'compiled rules can not be
installed'. Generated iptables script could not be used on
systems with non-English locale where timezone name used local
characters because these characters were printed as hex (
"&amp;#21488;" ) and '&amp;' caused problems with shell. Now using
single quotes to make shell ignore any characters in the
string. Will deal with proper printing of localazed timezone
later.</li>
<li>bug #1181359: "Missing traling space in "INVALID state"
syslog message"</li>
<li>bug #1195201: "getaddr function return error ip address". Yet
another change in the way we use grep to find IP addresses of an
interface on Linux. We can't use regex (bug #1123748) and need
to filter out secondary addresses from the "ip addr show"
output. It looks like "grep -v :" neatly solves the problem
without using regex.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_ipf:</h2>
<ul>
<li>bug #1173067: "support for port ranges in NAT rules
(ipfilter)" - policy compiler for ipfilter should split DNAT
rules (rdr) that use TCP or UDP objects with port ranges. A
warning is issued if more than 20 rules are created.
</li>
<li>bug
#1173064: "support for dynamic interfaces in ipfilter". Actual
address of dynamic interface is now determined at run-time in the
policy activation script &lt;firewall_name&gt;.fw generated by
fwbuilder. If dynamic interface is used somewhere in the policy or
nat rules, it will be replaced with its actual address by
activation script before configuration is sent to ipf or ipnat for
activation. This run-time substitution is done only if a checkbox
is checked in the "Script options" tab of firewall settings
dialog. Default behavior is to use "any". This is because ipfilter
configuration files &lt;firewall&gt;-ipf.conf and &lt;firewall&gt;-nat.conf
that rely on run-time substitution of dynamic interface address
can not be loaded using standard activation scripts that come with
FreeBSD.
<p>
This also fixes another problem in fwb_ipf where it generated rdr
and nat commands with address 0.0.0.0/32 if dynamic interface was
used in a NAT rule.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
<ul>
<li>bug #1176051: "incorrect rule generated for TCP service
ftp-data". If a rule used several TCP or UDP service objects and
one of them has source port range configured, generated PF
filter rule incorrectly matched on a combiantion of that source
port range _and_ destination port ranges from all other service
objects. This bug affected compilers for OpenBSD PF and ipfilter</li>
</ul>
</body>
</html>

181
doc/ReleaseNotes_2.0.7.txt Normal file
View File

@@ -0,0 +1,181 @@
Firewall Builder Release Notes
Version 2.0.7
Released 05/08/2005
GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7
Summary
This is a bug fix release
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* implemented feature req. #1151220: "Close" button should change
is caption/title to "Install". When user clicks "Install" toolbar
button or main menu item, the "Close" button in the pop-up window
that displays compiler progress changes its text caption to
"Install"
* implemented feature request #1151206: "Search for IP Addresses".
"Find" dialog searches for objects by a combination of name and
one of the following attributes: address, tcp/udp port, ip
protocol number or icmp message type. Regular expressions can be
used for both name and attribute.
* Support for SNMP operations has been added in Windows packages of
Firewall Builder
* Improvements in built-in installer:
User can specify additional command line parameters for ssh that
built-in installer runs to access firewall. This allows for
alternative ssh port or alternative ssh identity to be used when
accessing firewall. Parameters can be added in the "Installer" tab of
firewall settings dialog for all platforms.
* Improvements in compiler for ipfilter fwb_ipf
Added support for dynamic addresses in ipfilter. Actual address of
dynamic interface is now determined at run-time in the policy
activation script <firewall_name>.fw generated by fwbuilder. If
dynamic interface is used somewhere in the policy or nat rules, it
will be replaced with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This run-time
substitution is done only if a checkbox is checked in the "Script
options" tab of firewall settings dialog. Default behavior is to use
"any". This is because ipfilter configuration files
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
substitution of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
Generated script uses function getaddr() to determine address of
dynamic interface. This function falls back to 0.0.0.0/32 if dynamic
interface has not been assigned an address yet or is down. Ipfilter
policy using run-time substitution of dynamic interface addresses will
be functional even if these interfaces are down or do not have IP
address.
* Improvements in compiler for iptables fwb_ipt
Generated iptables script sets default policies to DROP in all ipv6
filter chains. More detailed control can be implemented using prolog
or epilog scripts.
Note that this changes behavior of the generated iptables script with
respect to IPv6. Until now, the script just ignored IPv6 but some
people felt this leaves a hole in the firewall and asked me to make
the script close it. Generated shell code will check if ip6tables is
installed on the system and if it actually works before setting
default policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is not
compiled into the kernel (so ip6tables does not work and generates
errors).
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1151052: "Not external interfaces marked as external". Dialog for
an interface object that belongs to a host should not show checkbox
"external (insecure) interface"
* bug #1151212: "Collapsed sub-objects shouldn't be added if they are
hidden". When user selects multiple objects in the tree some of which
have child objects, those child objects used to be also selected and
added to groups in addition to their parent objects via drag-and-drop
operation.
* bug #1151243: "Maintain format of description text". The GUI ignored
text formatting in object comment when displayed it in the info panel
(lower left corner of the main windows)
* bug #1155163: "print does not print group contents". The program
printed only number of objects contaned in object or service groups.
Now it prints lists of member objects for all groups used in rules. If
groups contain other groups, they are printed recursively.
* bug #1172620: "Add tcp service object for icslap". Added this object
to the objects library "Standard".
* bug #1184791: "can not copy/paste multiple objects into a group"
Bugs fixed in API:
* bug #1158870: "mutexes are not properly created on FreeBSD". Mutexes
gethostbyname_mutex and gethostbyaddr_mutex were never created but
used on OS where thread-safe resolver is not available.
* bug #1151219: "New Host creation window is not well dimensioned".
Fixed wrong dialog page layout in the new host wizard.
* bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6".
Applied patches.
* bug #1173801: '"&" character in prolog/epilog'. Needed to call
xmlEncodeSpecialChars to encode special characters in firewall options
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1123748: "busybox grep -E". Busybox in floppyfw is compiled
without support for egrep (or grep -E). Switched to using "plain"
grep.
* bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31
ports were used in a single rule, compiler generated command with
conflicting options "-m multiport --dport"
* bug #1176890: "block IPv6". Generated iptables script sets default
policies to DROP in all ipv6 filter chains. More detailed control can
be implemented using prolog or epilog scripts.
Note that this changes behavior of the generated iptables script with
respect to IPv6. Until now, the script just ignored IPv6 but some
people felt this leaves a hole in the firewall and asked me to make
the script close it. Generated shell code will check if ip6tables is
installed on the system and if it actually works before setting
default policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is not
compiled into the kernel (so ip6tables does not work and generates
errors).
* bug #1176890: "block IPv6". Generated iptables script sets default
policies to DROP in all ipv6 filter chains. More detailed control can
be implemented using prolog or epilog scripts.
* bug #1179103: 'compiled rules can not be installed'. Generated
iptables script could not be used on systems with non-English locale
where timezone name used local characters because these characters
were printed as hex ( "&#21488;" ) and '&' caused problems with shell.
Now using single quotes to make shell ignore any characters in the
string. Will deal with proper printing of localazed timezone later.
* bug #1181359: "Missing traling space in "INVALID state" syslog
message"
* bug #1195201: "getaddr function return error ip address". Yet another
change in the way we use grep to find IP addresses of an interface on
Linux. We can't use regex (bug #1123748) and need to filter out
secondary addresses from the "ip addr show" output. It looks like
"grep -v :" neatly solves the problem without using regex.
Bugs fixed in policy compiler for pf fwb_ipf:
* bug #1173067: "support for port ranges in NAT rules (ipfilter)" -
policy compiler for ipfilter should split DNAT rules (rdr) that use
TCP or UDP objects with port ranges. A warning is issued if more than
20 rules are created.
* bug #1173064: "support for dynamic interfaces in ipfilter". Actual
address of dynamic interface is now determined at run-time in the
policy activation script <firewall_name>.fw generated by fwbuilder. If
dynamic interface is used somewhere in the policy or nat rules, it
will be replaced with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This run-time
substitution is done only if a checkbox is checked in the "Script
options" tab of firewall settings dialog. Default behavior is to use
"any". This is because ipfilter configuration files
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
substitution of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
This also fixes another problem in fwb_ipf where it generated rdr and
nat commands with address 0.0.0.0/32 if dynamic interface was used in
a NAT rule.
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1176051: "incorrect rule generated for TCP service ftp-data". If
a rule used several TCP or UDP service objects and one of them has
source port range configured, generated PF filter rule incorrectly
matched on a combiantion of that source port range _and_ destination
port ranges from all other service objects. This bug affected
compilers for OpenBSD PF and ipfilter

203
doc/ReleaseNotes_2.0.8.html Normal file
View File

@@ -0,0 +1,203 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.8 </h2>
<br>
<p>
Released 07/08/2005
<br>
<b>GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8</b>
<br>
<h2>Summary </h2>
<p>
This is a bug fix release
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Included updated German translation by Hans Peter
Dittler &lt;hpdittler at braintec-consult.de&gt;
</li>
<li>implemented Feature Request #1145666: "Print RCS
Log". File/Properties dialog can now print RCS log. Thanks
to "Ilya V. Yalovoy" &lt;yalovoy@pilot.aip.mk.ua&gt; for the
patch.</li>
<li>Some code changes were made to make the code comiple and
work on Solaris. In particular, tests and emulation for
forkpty and cfmakeraw functions were added. Currently this
still remains largely untested.</li>
</ul>
</li>
<li>Improvements in policy compilers for pf, ipf, ipfw
<p>
<ul>
<li>implemented support for subnets for backup ssh access for
pf,ipf,ipfw. Subnet can be defined using either full netmask or
bitlength: both "192.168.1.0/255.255.255.0" and "192.168.1.0/24"
are acceptable. Single host address works too, both as
"192.168.1.10" and as "192.168.1.10/255.255.255.255" or
"192.168.1.10/32". Incorrect address or netmask cause compiler
to abort processing.</li>
</ul>
</li>
<li>Improvements in compiler for ipfw
<p>
<ul>
<li>using rule sets to atomically swap old and new
rules. New rules are loaded in the set 1 and then swapped
into set 0. If there is an error in a new rule set, it is
caught while loading rules into inactive set 1, at which
point script stops without changing old firewall rules.</li>
<li>added "established" rule on top of the regular backup
ssh access rule; this allows to maintain management ssh
session after the policy is reloaded. both "ipfw -f" and
swapping sets flushes all states, so the ssh session used to
upload and activate new policy breaks. A rule with
"established" keyword maintains this session.</li>
</ul>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in the Standard Objects library:</h2>
<ul>
<li>bug #210518: 'Incorrect ending day in the standard object
"weekends"'. This object defined time interval ending at 23:59
on Monday instead of Sunday</li>
</ul>
<br>
<br>
<h2>Bugs fixed in scripts and tools:</h2>
<ul>
<li>bug #1200902: "fwb_compile_all does not work in 2.0". Script
fwb_compile_all broke because of changes in data file
format</li>
</ul>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1072842: "fwbuilder: Solaris and forkpty". We need
forkpty fr built-in installer but this function is not awailable
on Solaris. I am adding re-implementation, but it hasn't been
tested since I do not have Solaris machine.</li>
<li>bug #1201406: "shutdown messages should be
suppressed". Installation scriptlet tries to kill shutdown
process, if there is one, to cancel pending shutdown that might
have been left over from test install. If there is none, the
script prints an error message "shutdown process not found" or
similar, which confuses user. Needed to suppress these error
messages.</li>
<li>bug #1204067: "incorrect timezone handling in RCS". Windows
version of RCS incorrectly converts check-in time when time zone
is east of GMT. This caused the GUI to incorrectly show checkin
time of files in the "Open File" dialog if the program was
running in locale East of GMT, for instance in Japan. </li>
<li>bug #1207983: "incorrect size of "I" and "L" buttons in the
group view dialog". Tested with large font and cleaned up layout
in many dialogs.</li>
<li>bug #1212121: "sudo shutdown doesn't work".</li>
<li>bug #1212123: "executing file below /tmp as root". Avoiding
world-writable directory /tmp/ while activating policy in the
test mode. This change makes installer use subdirectory "tmp"
under directory specified in the "intaller" tab of firewall
settings dialog. That directory is expected to have proper
permissions; subdirectory "tmp" can be created manually,
otherwise installer creates it. Either way, it is not
world-writable, therefore unauthorized users can not create
scripts in it.</li>
<li>bug #1212179: "tool tips for TCP services cuts off some
services". The gui would show very long tooltip for large
groups; if the group was too large, the tooltip did not fit on
the screen.</li>
<li>bug #1213361: "PF on FreeBSD-5.4R". Bug description is
misleading, the probem was caused by built-in installer rather
than by compiler for PF. Installer would not copy generated
script over ssh if the script was longer than some threshold and
the gui was running on FreeBSD.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables:</h2>
<ul>
<li>bug #191423: "Weekend Time restriction not created
correctly". Rules with time restriction spanning from Saturday
to Sunday were generated with incorrect "--day" option
</li>
<li>bug #1205665: "Error with summer time when compiling
script". Sometimes timezone name has "'" in it which confuses
shell and causes an error when generated script prints
"Activating firewall policy..." log message</li>
<li>bug #1215279: "rate limiting rule logs everything". Rule
utlilizing "limit" module to rate limit packets with logging
logged every packet and dropped those that exceeded the
limit. The fix makes it apply the limit first and then log only
packets that were dropped.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptw:</h2>
<ul>
<li>bug #1155351: "Remote install of FW rulset fails due to race
condition". Generated ipfw firewall script could not be ran
reliably over ssh session because "ipfw -f" flushes all rules
and all state, which breaks ssh session. As soon as the script
needed to print anything, it got I/O error from the system
because TCP session for ssh was blocked; this stopped the script
and did not let it activate new firewall policy. Using rule sets
and "established" rule for the backup ssh access solved the
problem.
</li>
</ul>
</body>
</html>

124
doc/ReleaseNotes_2.0.8.txt Normal file
View File

@@ -0,0 +1,124 @@
Firewall Builder Release Notes
Version 2.0.8
Released 07/08/2005
GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8
Summary
This is a bug fix release
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* Included updated German translation by Hans Peter Dittler
<hpdittler at braintec-consult.de>
* implemented Feature Request #1145666: "Print RCS Log".
File/Properties dialog can now print RCS log. Thanks to "Ilya V.
Yalovoy" <yalovoy@pilot.aip.mk.ua> for the patch.
* Some code changes were made to make the code comiple and work on
Solaris. In particular, tests and emulation for forkpty and
cfmakeraw functions were added. Currently this still remains
largely untested.
* Improvements in policy compilers for pf, ipf, ipfw
* implemented support for subnets for backup ssh access for
pf,ipf,ipfw. Subnet can be defined using either full netmask or
bitlength: both "192.168.1.0/255.255.255.0" and "192.168.1.0/24"
are acceptable. Single host address works too, both as
"192.168.1.10" and as "192.168.1.10/255.255.255.255" or
"192.168.1.10/32". Incorrect address or netmask cause compiler to
abort processing.
* Improvements in compiler for ipfw
* using rule sets to atomically swap old and new rules. New rules
are loaded in the set 1 and then swapped into set 0. If there is
an error in a new rule set, it is caught while loading rules into
inactive set 1, at which point script stops without changing old
firewall rules.
* added "established" rule on top of the regular backup ssh access
rule; this allows to maintain management ssh session after the
policy is reloaded. both "ipfw -f" and swapping sets flushes all
states, so the ssh session used to upload and activate new policy
breaks. A rule with "established" keyword maintains this session.
----------------------------------------------------------------------
Bugs fixed in the Standard Objects library:
* bug #210518: 'Incorrect ending day in the standard object "weekends"'.
This object defined time interval ending at 23:59 on Monday instead of
Sunday
Bugs fixed in scripts and tools:
* bug #1200902: "fwb_compile_all does not work in 2.0". Script
fwb_compile_all broke because of changes in data file format
Bugs fixed in GUI:
* bug #1072842: "fwbuilder: Solaris and forkpty". We need forkpty fr
built-in installer but this function is not awailable on Solaris. I am
adding re-implementation, but it hasn't been tested since I do not
have Solaris machine.
* bug #1201406: "shutdown messages should be suppressed". Installation
scriptlet tries to kill shutdown process, if there is one, to cancel
pending shutdown that might have been left over from test install. If
there is none, the script prints an error message "shutdown process
not found" or similar, which confuses user. Needed to suppress these
error messages.
* bug #1204067: "incorrect timezone handling in RCS". Windows version of
RCS incorrectly converts check-in time when time zone is east of GMT.
This caused the GUI to incorrectly show checkin time of files in the
"Open File" dialog if the program was running in locale East of GMT,
for instance in Japan.
* bug #1207983: "incorrect size of "I" and "L" buttons in the group view
dialog". Tested with large font and cleaned up layout in many dialogs.
* bug #1212121: "sudo shutdown doesn't work".
* bug #1212123: "executing file below /tmp as root". Avoiding
world-writable directory /tmp/ while activating policy in the test
mode. This change makes installer use subdirectory "tmp" under
directory specified in the "intaller" tab of firewall settings dialog.
That directory is expected to have proper permissions; subdirectory
"tmp" can be created manually, otherwise installer creates it. Either
way, it is not world-writable, therefore unauthorized users can not
create scripts in it.
* bug #1212179: "tool tips for TCP services cuts off some services". The
gui would show very long tooltip for large groups; if the group was
too large, the tooltip did not fit on the screen.
* bug #1213361: "PF on FreeBSD-5.4R". Bug description is misleading, the
probem was caused by built-in installer rather than by compiler for
PF. Installer would not copy generated script over ssh if the script
was longer than some threshold and the gui was running on FreeBSD.
Bugs fixed in policy compiler for iptables:
* bug #191423: "Weekend Time restriction not created correctly". Rules
with time restriction spanning from Saturday to Sunday were generated
with incorrect "--day" option
* bug #1205665: "Error with summer time when compiling script".
Sometimes timezone name has "'" in it which confuses shell and causes
an error when generated script prints "Activating firewall policy..."
log message
* bug #1215279: "rate limiting rule logs everything". Rule utlilizing
"limit" module to rate limit packets with logging logged every packet
and dropped those that exceeded the limit. The fix makes it apply the
limit first and then log only packets that were dropped.
Bugs fixed in policy compiler for iptw:
* bug #1155351: "Remote install of FW rulset fails due to race
condition". Generated ipfw firewall script could not be ran reliably
over ssh session because "ipfw -f" flushes all rules and all state,
which breaks ssh session. As soon as the script needed to print
anything, it got I/O error from the system because TCP session for ssh
was blocked; this stopped the script and did not let it activate new
firewall policy. Using rule sets and "established" rule for the backup
ssh access solved the problem.

100
doc/ReleaseNotes_2.0.9.html Normal file
View File

@@ -0,0 +1,100 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.9 </h2>
<br>
<p>
Released 09/17/2005
<br>
<b>GUI and compilers v2.0.9 require API library libfwbuilder version 2.0.9</b>
<br>
<h2>Summary </h2>
<p>
This is a bug fix release
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Added support for Cisco FWSM. This includes recognition
of platform-specific options and parameters for FWSM v2.3
(based on PIX 6.3), as well as interaction with FWSM in
built-in policy installer. Firewall Builder for PIX v1.1.10
is required to generate configuration compatible with FWSM.
</li>
<li>Improvements in the GUI
<p>
<ul>
<li>Feature Request #1225393 "Print comments on objects"
</li>
<li>Feature Request #1187461 "Add "commit" menu item". This
menu item commits opened data file to RCS but keeps it
opened so the user can continue editing.</li>
<li>Spanish translation has been added, thanks to Carlos
Lozano &lt;clozano@andago.com&gt;</li>
</ul>
</li>
</ul>
<br>
<br>
<h2>Bugs fixed in the GUI:</h2>
<ul>
<li>bug #1254775: "RCS checkin fails on Windows when data file
is too big". RCS tools failed to check the file in if it
consisted of one huge line of text. This fix makes th GUI save
data file (.fwb) in formatted form on Windows, just like on
Linux. This means each XML element is saved on separate line
instead of all of them being on the same line.</li>
<li>bug #1226069: "Segfault: Drag&Drop between two
instances". If user started two instances of the GUI and tried
to drag and drop objects between them, the instance receiving an
object crashed.</li>
<li>bugs #1233165: "Illegal Logging-Limit string" and #1287755:
"i18n is breaking iptables script". The GUI stored options of the
"limit" module as translated strings instead of standard
attributes.</li>
<li>bug #1240205: "Iilegal --log-level Information". The GUI
stored log levels as translated strings instead of standard
attributes.
</li>
<li>bug #1277129: "script is truncated when installed by the GUI
running on Mac". Built-in installer truncated firewall script
while copying it to the firewall if GUI was running on Mac OS X
and the script was relatively large. This bug triggered only on
Mac OS X.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for PF:</h2>
<ul>
<li>bug #1276083: "Destination NAT rules". Old restriction on
"rdr" rules that required service in OSrv is not valid anymore,
pf supports rdr rules with no protocol specification. </li>
</ul>
</body>
</html>

56
doc/ReleaseNotes_2.0.9.txt Normal file
View File

@@ -0,0 +1,56 @@
Firewall Builder Release Notes
Version 2.0.9
Released 09/17/2005
GUI and compilers v2.0.9 require API library libfwbuilder version 2.0.9
Summary
This is a bug fix release
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Added support for Cisco FWSM. This includes recognition of
platform-specific options and parameters for FWSM v2.3 (based on PIX
6.3), as well as interaction with FWSM in built-in policy installer.
Firewall Builder for PIX v1.1.10 is required to generate configuration
compatible with FWSM.
* Improvements in the GUI
* Feature Request #1225393 "Print comments on objects"
* Feature Request #1187461 "Add "commit" menu item". This menu item
commits opened data file to RCS but keeps it opened so the user
can continue editing.
* Spanish translation has been added, thanks to Carlos Lozano
<clozano@andago.com>
Bugs fixed in the GUI:
* bug #1254775: "RCS checkin fails on Windows when data file is too
big". RCS tools failed to check the file in if it consisted of one
huge line of text. This fix makes th GUI save data file (.fwb) in
formatted form on Windows, just like on Linux. This means each XML
element is saved on separate line instead of all of them being on the
same line.
* bug #1226069: "Segfault: Drag&Drop between two instances". If user
started two instances of the GUI and tried to drag and drop objects
between them, the instance receiving an object crashed.
* bugs #1233165: "Illegal Logging-Limit string" and #1287755: "i18n is
breaking iptables script". The GUI stored options of the "limit"
module as translated strings instead of standard attributes.
* bug #1240205: "Iilegal --log-level Information". The GUI stored log
levels as translated strings instead of standard attributes.
* bug #1277129: "script is truncated when installed by the GUI running
on Mac". Built-in installer truncated firewall script while copying it
to the firewall if GUI was running on Mac OS X and the script was
relatively large. This bug triggered only on Mac OS X.
Bugs fixed in policy compiler for PF:
* bug #1276083: "Destination NAT rules". Old restriction on "rdr" rules
that required service in OSrv is not valid anymore, pf supports rdr
rules with no protocol specification.

59
doc/ReleaseNotes_2.1.10.html Normal file
View File

@@ -0,0 +1,59 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.10 </h2>
<br>
<p>
Released 02/17/2007
<br>
<b>GUI and compilers v2.1.10 require API library libfwbuilder version 2.1.10</b>
<br>
<h2>Summary </h2>
<p>
This is bugfix release.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>fixed bug #1661140: "built-in installer broken in 2.1.9 for
PF". Installer incorrectly set name for files it copied to the
firewall if generated configuration consisted of several
files. Affected platforms are PF and ipfilter because normally for
these platforms compiler generates two files.
</li>
<li>fixed bug #1659832: "No compile with QT without STL
support"</li>
<li>a workaround for the bug 1629461: "Policy tabs do not scroll @
window extent on OSX". The tab widget used to show policy, nat,
routing and policy branch rulesets does not switch to a "folded"
mode on Mac OS X when it needs to show more tabs that fit in the
window. Since I can't figure out a way to force it to do that, I
am dropping "Policy/" from the tab titles for branches to make
them shorter. This will help users with policies with many
branches, however it does not solve the problem because as they
keep adding branches, at some point they won't fit in the window
again.</li>
<li>added an item "Where used" to the context menu associated with
objects in rules</li>
</ul>
</body>
</html>

33
doc/ReleaseNotes_2.1.10.txt Normal file
View File

@@ -0,0 +1,33 @@
Firewall Builder Release Notes
Version 2.1.10
Released 02/17/2007
GUI and compilers v2.1.10 require API library libfwbuilder version 2.1.10
Summary
This is bugfix release.
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in the GUI
* fixed bug #1661140: "built-in installer broken in 2.1.9 for PF".
Installer incorrectly set name for files it copied to the firewall if
generated configuration consisted of several files. Affected platforms
are PF and ipfilter because normally for these platforms compiler
generates two files.
* fixed bug #1659832: "No compile with QT without STL support"
* a workaround for the bug 1629461: "Policy tabs do not scroll @ window
extent on OSX". The tab widget used to show policy, nat, routing and
policy branch rulesets does not switch to a "folded" mode on Mac OS X
when it needs to show more tabs that fit in the window. Since I can't
figure out a way to force it to do that, I am dropping "Policy/" from
the tab titles for branches to make them shorter. This will help users
with policies with many branches, however it does not solve the
problem because as they keep adding branches, at some point they won't
fit in the window again.
* added an item "Where used" to the context menu associated with objects
in rules

109
doc/ReleaseNotes_2.1.11.html Normal file
View File

@@ -0,0 +1,109 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.11 </h2>
<br>
<p>
Released 04/29/2007
<br>
<b>GUI and compilers v2.1.11 require API library libfwbuilder version 2.1.11</b>
<br>
<h2>Summary </h2>
<p>
This is bugfix release.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>redesigned TimeService object dialog</li>
<li>minor redesign of the interface object dialog to make network
zone more prominent and easier to set when network and group
objects have long names.</li>
<li>fixed bug #1685741: "GUI crash: click on an empty part of obj
tree, then desktop"</li>
<li>fixed bug #1692411: "can't set accouting rule name (fwbuilder
2.1.11)"</li>
<li>fixed bug #1684334: "RCS should use $LOGNAME when commit"</li>
<li>fixed bug #1701971: "Enabeling test mode doent activate the
reboot interval". Checking "Test mode" checkbox in the
installer options dialog should enable widgets that configure
automatic reboot timeout.</li>
<li>fixed bug #1702830: "fwbuilder does not detect errors during
policy install". Built-in installer detects error messages
printed by iptables and iptables-restore and aborts
installation process. Summary page shown in the end reflects
this as failed install.</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for iptables</h2>
<ul>
<li>Added support for --datestart and --datestop options for module
'time' in compiler for iptables</li>
<li>fixed bug #1672191: "Time limit generates unexpected iptables
command"</li>
<li>fixed bug #1695481: "compliation error with lower end
port". Before, user could enter start port range number
greater than the end port range number. Neither the GUI nor
compiler noticed this, which resulted in the incorrect
firewall configuration. This fix adds check in the GUI to not
let the user enter port ranges like that.</li>
<li>fixed bug 1699483: "hashlimit-htable-expire not set". Added GUI
controls and compiler support for hashlimit module options
"--hashlimit-name", "--hashlimit-htable-size",
"--hashlimit-htable-max", "--hashlimit-htable-expire" and
"--hashlimit-htable-gcinterval"</li>
<li>fixed bug #1703954: "Mark target in postrouting chain". Packets
that originate on the firewall should be marked in the OUTPUT
chain. According to the netfilter packet flow diagram at
http://www.shorewall.net/NetfilterOverview.html , rerouting
happens after OUTPUT hook but before POSTROUTING hook. So in
order to be able to reroute packet originated on the firewall,
they should be marked in OUTPUT</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for PF</h2>
<ul>
<li>fixed bug #1674940: "if max-src-conn == 0: syntax
error". Options max-src-conn and max-src-states can not have
value '0'</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for ipfilter</h2>
<ul>
<li>fixed bug #1678410: "Ipfilter compiler uses wrong keyword for
"fragment""</li>
<li>fixed bug #1676845: "lsrr option not compiling"</li>
</ul>
</body>
</html>

65
doc/ReleaseNotes_2.1.11.txt Normal file
View File

@@ -0,0 +1,65 @@
Firewall Builder Release Notes
Version 2.1.11
Released 04/29/2007
GUI and compilers v2.1.11 require API library libfwbuilder version 2.1.11
Summary
This is bugfix release.
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in the GUI
* redesigned TimeService object dialog
* minor redesign of the interface object dialog to make network zone
more prominent and easier to set when network and group objects have
long names.
* fixed bug #1685741: "GUI crash: click on an empty part of obj tree,
then desktop"
* fixed bug #1692411: "can't set accouting rule name (fwbuilder 2.1.11)"
* fixed bug #1684334: "RCS should use $LOGNAME when commit"
* fixed bug #1701971: "Enabeling test mode doent activate the reboot
interval". Checking "Test mode" checkbox in the installer options
dialog should enable widgets that configure automatic reboot timeout.
* fixed bug #1702830: "fwbuilder does not detect errors during policy
install". Built-in installer detects error messages printed by
iptables and iptables-restore and aborts installation process. Summary
page shown in the end reflects this as failed install.
Improvements and bug fixes in policy compiler for iptables
* Added support for --datestart and --datestop options for module 'time'
in compiler for iptables
* fixed bug #1672191: "Time limit generates unexpected iptables command"
* fixed bug #1695481: "compliation error with lower end port". Before,
user could enter start port range number greater than the end port
range number. Neither the GUI nor compiler noticed this, which
resulted in the incorrect firewall configuration. This fix adds check
in the GUI to not let the user enter port ranges like that.
* fixed bug 1699483: "hashlimit-htable-expire not set". Added GUI
controls and compiler support for hashlimit module options
"--hashlimit-name", "--hashlimit-htable-size",
"--hashlimit-htable-max", "--hashlimit-htable-expire" and
"--hashlimit-htable-gcinterval"
* fixed bug #1703954: "Mark target in postrouting chain". Packets that
originate on the firewall should be marked in the OUTPUT chain.
According to the netfilter packet flow diagram at
http://www.shorewall.net/NetfilterOverview.html , rerouting happens
after OUTPUT hook but before POSTROUTING hook. So in order to be able
to reroute packet originated on the firewall, they should be marked in
OUTPUT
Improvements and bug fixes in policy compiler for PF
* fixed bug #1674940: "if max-src-conn == 0: syntax error". Options
max-src-conn and max-src-states can not have value '0'
Improvements and bug fixes in policy compiler for ipfilter
* fixed bug #1678410: "Ipfilter compiler uses wrong keyword for
"fragment""
* fixed bug #1676845: "lsrr option not compiling"

436
doc/ReleaseNotes_2.1.12.html Normal file
View File

@@ -0,0 +1,436 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.12 </h2>
<br>
<p>
Released 06/24/2007
<br>
<b>GUI and compilers v2.1.12 require API library libfwbuilder version 2.1.12</b>
<br>
<h2>Summary </h2>
<p>
This release comes with support for Cisco IOS access lists and ability
to import existing iptables and IOS access lists
configurations. Multiple bug fixes are included as well.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Support for Cisco IOS access lists</h2>
Policy compiler for Cisco IOS Access lists has been implemented as
part of the Firewall Builder GUI as of version 2.1.12. The first
functional build were importer worked on all supported OS was build
270 (May 22, 2007)
<p>
<b>Features implemented in this version:</b>
<p>
<ul>
<li> The compiler generates extended ACLs using "ip access-list
extended" command. ACL names are automatically generated using
abbreviated interface names and direction symbols to make it easy
to figure out which ACL is which. Compiler uses rather minimal set
of options of the "ip access-list" command and should generate code
that will work for IOS 12.x. I did not test with 11.x but I am
pretty sure it will work, at least with the latest versions of
11.x.
<li> Compiler can also add commands to configure logging.
<li> The GUI includes built-in installer for routers which works just
like installer for PIX. Both installers were updated however to
improve support for the automatic roll-back feature in case you
lose connect with the firewall or the router because of an error in
the policy. Now you can make installer schedule reboot in a few
minutes, then upload new policy or ACLs and then cancel reboot if
upload was successful. While before auto-rollback option was only
available if you installed in the test mode, now you can always use
it. Test mode means that installer does not save configuration in
the permanent memory, as before.
<li> All three installation methods that were available for PIX are now
available for routers: you can make it clear all access lists and
then load new ones or just update access lists without
clearing. The last method (the "safety net" method) creates
temporary acl to permit communication with the management station,
assigns it to the interface marked as management interface, then
clears all access lists and loads new ones and in the end swaps
proper list on the management interface. This helps prevent
locking yourself out of the router in the middle of the
installation process in case of an error in the ACL and at the same
time does not leave the router with no acls for the time it takes
to install new policy. In combination with automatic roll-back,
installation process is pretty reliable.
<li> New option has been added to the interface object, called
"unprotected". This allows you to mark some interfaces to be
skipped by the compiler when it picks interfaces for ACL
rules. This should be useful when you have routers with many
interfaces and only want to add ACLs to some of them. Also, you can
explicitly put interface objects into policy rules and specify
direction if you want to do this manually.
<li> Since router ACLs have no state, all rules should be created in the
policy pretty much like you do it on the router, including rules
that permit reply packets. New option has been added to the TCP
Service object, called "established". This makes compiler use
option "established" in rules it generates if it is supported by
the firewall platform. Compilers for iptables, ipfilter, pf and PIX
can not use objects with this option and treat it as an error
because corresponding platforms do not support it. IPFW, on the
other hand, supports it so compiler fwb_ipfw can use it.
</ul>
<p>
<b>Shortcomings of this version:</b>
<p>
<ul>
<li> "tos", "precedence" and "time-range" options are not supported
<li> "igmp" access lists can no be generated
</ul>
<p>
<h2>Policy import iptables configurations (v2.1.12, build 281 and later)</h2>
<p>
Policy importer has been implemented as part of the Firewall Builder
GUI as of version 2.1.12. The first functional build were importer
worked on all supported OS was build 270 (May 22, 2007)
<p>
Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ )
Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ )
<p>
Firewall Builder needs ANTLR C++ runtime header files and library and
include these in the source tree under src/antlr. Unless you want to
change the grammar (*.g files) you don't need to install ANTLR
separately. All relevant ANTLR files are included in the package. For
more information on ANTRL see: http://www.antlr2.org
<p>
<b> Features implemented in this version :</b>
<ul>
<li> Importer can parse iptables config saved using iptables-save
utility. Because of the huge variety of iptables modules, Importer
can only interpret basic iptables configuration and a subset of
modules. Currently the following modules are supported:
<p>
<ul>
<li> state
<li> multiport
<li> limit
<li> mark
</ul>
</p>
<li> Importer creates firewall object with all interfaces. It can not
assign object name for the firewall object nor add IP and MAC
addresses to interfaces because this information is not present in
iptables-save file.
<li> option "Assume firewall is part of 'any'" is off in the created
firewall object. Import is done this way in order to preserve logic
of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder
rules. Rules that had chain INPUT in the imported script will have
firewall object in "destination" in the corresponding fwbuilder
rules. Firewall object is placed in "Source" for rules with chain
OUTPUT. For rules with chain FORWARD rule elements "Source" and
"Destination" are populated with objects created using options "-s"
and "-d" of the original rules or left empty ("any").
<li> all recognized iptables rules are imported and interface and
direction are set in all rules appropriately. Interface objects are
created as parser finds them in the script.
<li> targets ACCEPT, DROP, REJECT, MARK and others are converted to the
corresponding fwbuilder policy rule actions. Unrecognized targets
and converted to branching rules, where the name of the target
becomes the name of the branch.
<li> SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
parameters are recognized in the NAT rules.
<li> Address and service objects are created in the process for all
addresses and ports used in all rules.
<li> iptables rules can refer to tcp/udp ports both by name or by
number. Importer can properly interpret both formats using system
function getservbyname() to convert service name to the port
number. Since the result of this function depends on the OS, some
port names may not convert on some systems. For example, Windows
can convert more limited set of service names compared to Linux or
BSD.
<li> targets LOG and ULOG are converted to the "logging" option in
fwbuilder rules with action "Continue". This is an empty action
that does not affect packet flow through the firewall but can be
used in combination with "logging" option to log the packet. If
such empty (logging-only) rule is undesired, it must be manually
merged with some other rule in the policy.
<li> "--log-prefix", and "--log-level" options of the LOG target are
recognized
<li> "--ulog-prefix" option of the ULOG target is recognized. Other
options of the ULOG target are not.
<li> Address and service objects are reused in the process of import.
<li> in case when importer fails to parse some part of the iptables-save
file, corresponding policy rule is colored red and appropriate
diagnostic message added to its comment. The problem must be
corrected manually.
<li> comments ("#") found inside access lists are ignored.
</ul>
<b>Shortcomings of this version:</b>
<ul>
<li> user-defined chains in table "nat" are not supported
<li> no import of time intervals
<li> no MAC address matching import
</ul>
<p>
<h2>Policy import of Cisco IOS access lists (v2.1.12, build 270)</h2>
<p>
<b> Features implemented in this version :</b>
<ul>
<li> Importer can parse router config saved using "show run"
command. Although importer can only interpret a subset of IOS
configuration commands, other commands that it does not understand
will be ignored and should not affect operation. No manual editing
of the config is required prior to import.
<li> Importer creates firewall object with all interfaces
<li> firewall object name is assigned if "hostname" command is found in
the configuration. If this command is not present, the name remains
generic "New Firewall"
<li> interface addresses are assigned if command "ip address" is found
(multiple addresses per interface are supported). Interfaces
without "ip address" in the configuration are marked as
"unnumbered" in the firewall builder object tree.
<li> all access lists are imported and interface and direction are set
in all rules appropriately
<li> Address and service objects are created in the process for all
addresses and ports used in access lists
<li> IOS access lists can define ip protocol, icmp code and type, and
tcp/udp ports both by name or by number. Importer can properly
interpret both formats.
<li> "log", "log-input", "fragments", "established" keywords are
supported and translated into rule or object options as
appropriate.
<li> Address and service objects are reused in the process of import.
<li> in case when importer fails to parse some part of the access-list
command, corresponding policy rule is colored in red and
appropriate diagnostic message added to its comment. The problem
must be corrected manually.
<li> "remark" commands found inside access lists are translated into
rule comments
<li> comments ("!") found inside access lists are ignored.
</ul>
<p>
<b>Shortcomings of this version:</b>
<ul>
<li> importer does not use address and service objects that existed in
the tree before the operation has started, it creates new
ones. Deduplication only works for objects created in the process
of import.
<li> the following keywords available in extended access lists are not
supported at this time: tos, precedence, time-range.
<li> igmp access lists are not parsed.
</ul>
<p>
<hr>
<p>
<h2>New object types and improvements in the base API</h2>
<ul>
<li>TCPService object now has flag "established". Policy comilers
for platforms that have special keyword for this flag can recognize
this flag in TCPService object.</li>
<li>TCPService object "All TCP established" has been added to the
Standard objects library.</li>
<li>Interface of the firewall has new flag "unprotected", currently
only used in compiler for Cisco IOS access lists. Compiler skips
interfaces marked as "unprotected" when it decides which interface a
policy rule should be assigned to.
</ul>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>dialogs and resource files for Cisco IOS access lists.</li>
<li>Policy installer for Cisco routers</li>
<li>fixed long-standing problem with size of the built-in installer
options dialog. The dialog was too big and did not properly resize
itself when some options were hidden.</li>
<li>PIX and Cisco routers (IOS) : built-in installer can schedule
reboot of the firewall before activating new policy, then cancel
it if the policy has been activated successfully. </li>
<li>note about built-in installer on windows. Installer seems to
have broke with upgrade of QT to 3.3.8. Specifically, in
SSHSession::readFromStdout(), proc->readStdout() returns a byte
array that contains actual output from the device, with some
garbage appeneded to it. The garbage is included in the size()
count of QByteArray returned by readStdout so it gets included
into the QString which we append to stdoutBuffer. This happens
only on win32; reverting to QT 3.3.7 fixes the problem.</li>
<li>the GUI is compiled with ANTLR C++ run-time, used for policy
importer</li>
<li>Policy importer: can read and import iptables rules from the
iptables-save file and Cisco IOS access lists from the router
configuration saved using "show run" command. See
README.policy_import file for more details.</li>
<li>allow for object group in "Interface" rule element</li>
<li>Added support for action "Continue" (an empty action) in the GUI
and compiler for iptables. This action creates a rule that does
nothing, however it generates iptables command with target "-j
LOG" if logging is turned on. This can be useful if one wants only
to log packets that match certain pattern but not make any policy
decision in the same rule.</li>
<li>After changes made in the compiler to simplify algorithm used to
decide which chain a rule with action Tag should go to, rule
action option "Mark connections in PREROUTING chain" (
"ipt_mark_prerouting" ) has been deprecated.</li>
<li>fixed bug (no number) where installer failed to properly copy
.fwb file over to the firewall if file name contained
whitespace</li>
<li>fixed bug #1739373: "FWB2111, register Routing not printed". Tab
"Routing" was not included in the printed copy of firewall
policies</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for iptables</h2>
<ul>
<li>fixed bug 1737733: "install script doesn't detect BROADCAST if
eth is NO-CARRIER". If firewall script runs before network
interface comes up (i.e. is still in NO-CARRIER state), script
failed to add virtual addresses for NAT.</li>
<li>fixed bug #1711595: "ip6tables DROPs". Compiler adds rules to
permit any-to-any on loopback interface for ipv6 in addition to
rules that set default policy to DROP for all chains in ipv6</li>
<li>streamlined algorithm that assigns chain to a rule with action
Tag. The goal is to always use chain PREROUTING for rules with
direction Inbound or Both and a combination of OUTPUT and
POSTROUTING for rules with direction Outbound and Both.</li>
<li>Added support for action "Continue" (an empty action) in the GUI
and compiler for iptables. This action creates a rule that does
nothing, however it generates iptables command with target "-j
LOG" if logging is turned on. This can be useful if one wants only
to log packets that match certain pattern but not make any policy
decision in the same rule.</li>
<li>fixed bug #1718791: "Bug with more than one router". This bug
affected routing rules.</li>
<li>fixed bug #1720022: "Fail to load modules .ko.gz".</li>
<li>fixed bug #1720480: '"-A POSTROUTING -i interface" in branching
rules'. Compiler should not generate iptables commands in
POSTROUTING chain with "-i interface" clause.</li>
<li>bug (no number): compiler used to not set unique internal id for
rules in branches, which lead to chain names like 'C.0' in
generated script.</li>
<li>bug (no number): when a rule number is inserted into a log
record in place of macro %N, it should be formatted as "N/M" for
rules in a branch.</li>
<li>bug (no number): setting chain for Classify action only if it
has not been set before. Setting chain to POSTROUTING always broke
things if a rule with action 'Classify' was used in a branch (so
the chain has been set to that of the branch)</li>
<li>bugs #1676635: "no way to match on state if the action is drop"
and #1671910: "2.1.8 In 'Branch' acton compiler doesn't insert NEW
stanza". Rely only on rule option 'stateless' to decide whether
the rule should have "-m state --state NEW". Rule option
'stateless' is automatically set when user changes rule action so
it becomes anything except 'Accept', 'Tag' or 'Route'. This option
is also automatically cleared when action is switched to any of
these three actions. The user can override these default settings
by checking or unchecking the option in the rule options dialog.
</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for PF</h2>
<ul>
<li>fixed bug #1727715: "Policy Installer failed but indicates
succes". Activation script for PF exits with non-zero return code
if script activation fails.</li>
<li>fixed bug #1740545: "AddressTable in NAT section". Policy
compiler for PF crashed if AddressTable object was used in TDst
element of a NAT rule.</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for ipfw</h2>
<ul>
<li>new TCPService object flag "established" in compiler for
ipfw.</li>
<li></li>
</ul>
</body>
</html>

311
doc/ReleaseNotes_2.1.12.txt Normal file
View File

@@ -0,0 +1,311 @@
Firewall Builder Release Notes
Version 2.1.12
Released 06/24/2007
GUI and compilers v2.1.12 require API library libfwbuilder version 2.1.12
Summary
This release comes with support for Cisco IOS access lists and ability to
import existing iptables and IOS access lists configurations. Multiple bug
fixes are included as well.
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Support for Cisco IOS access lists
Policy compiler for Cisco IOS Access lists has been implemented as part of
the Firewall Builder GUI as of version 2.1.12. The first functional build
were importer worked on all supported OS was build 270 (May 22, 2007)
Features implemented in this version:
* The compiler generates extended ACLs using "ip access-list extended"
command. ACL names are automatically generated using abbreviated
interface names and direction symbols to make it easy to figure out
which ACL is which. Compiler uses rather minimal set of options of the
"ip access-list" command and should generate code that will work for
IOS 12.x. I did not test with 11.x but I am pretty sure it will work,
at least with the latest versions of 11.x.
* Compiler can also add commands to configure logging.
* The GUI includes built-in installer for routers which works just like
installer for PIX. Both installers were updated however to improve
support for the automatic roll-back feature in case you lose connect
with the firewall or the router because of an error in the policy. Now
you can make installer schedule reboot in a few minutes, then upload
new policy or ACLs and then cancel reboot if upload was successful.
While before auto-rollback option was only available if you installed
in the test mode, now you can always use it. Test mode means that
installer does not save configuration in the permanent memory, as
before.
* All three installation methods that were available for PIX are now
available for routers: you can make it clear all access lists and then
load new ones or just update access lists without clearing. The last
method (the "safety net" method) creates temporary acl to permit
communication with the management station, assigns it to the interface
marked as management interface, then clears all access lists and loads
new ones and in the end swaps proper list on the management interface.
This helps prevent locking yourself out of the router in the middle of
the installation process in case of an error in the ACL and at the
same time does not leave the router with no acls for the time it takes
to install new policy. In combination with automatic roll-back,
installation process is pretty reliable.
* New option has been added to the interface object, called
"unprotected". This allows you to mark some interfaces to be skipped
by the compiler when it picks interfaces for ACL rules. This should be
useful when you have routers with many interfaces and only want to add
ACLs to some of them. Also, you can explicitly put interface objects
into policy rules and specify direction if you want to do this
manually.
* Since router ACLs have no state, all rules should be created in the
policy pretty much like you do it on the router, including rules that
permit reply packets. New option has been added to the TCP Service
object, called "established". This makes compiler use option
"established" in rules it generates if it is supported by the firewall
platform. Compilers for iptables, ipfilter, pf and PIX can not use
objects with this option and treat it as an error because
corresponding platforms do not support it. IPFW, on the other hand,
supports it so compiler fwb_ipfw can use it.
Shortcomings of this version:
* "tos", "precedence" and "time-range" options are not supported
* "igmp" access lists can no be generated
Policy import iptables configurations (v2.1.12, build 281 and later)
Policy importer has been implemented as part of the Firewall Builder GUI
as of version 2.1.12. The first functional build were importer worked on
all supported OS was build 270 (May 22, 2007)
Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ )
Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/
)
Firewall Builder needs ANTLR C++ runtime header files and library and
include these in the source tree under src/antlr. Unless you want to
change the grammar (*.g files) you don't need to install ANTLR separately.
All relevant ANTLR files are included in the package. For more information
on ANTRL see: http://www.antlr2.org
Features implemented in this version :
* Importer can parse iptables config saved using iptables-save utility.
Because of the huge variety of iptables modules, Importer can only
interpret basic iptables configuration and a subset of modules.
Currently the following modules are supported:
* state
* multiport
* limit
* mark
* Importer creates firewall object with all interfaces. It can not
assign object name for the firewall object nor add IP and MAC
addresses to interfaces because this information is not present in
iptables-save file.
* option "Assume firewall is part of 'any'" is off in the created
firewall object. Import is done this way in order to preserve logic of
chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder rules.
Rules that had chain INPUT in the imported script will have firewall
object in "destination" in the corresponding fwbuilder rules. Firewall
object is placed in "Source" for rules with chain OUTPUT. For rules
with chain FORWARD rule elements "Source" and "Destination" are
populated with objects created using options "-s" and "-d" of the
original rules or left empty ("any").
* all recognized iptables rules are imported and interface and direction
are set in all rules appropriately. Interface objects are created as
parser finds them in the script.
* targets ACCEPT, DROP, REJECT, MARK and others are converted to the
corresponding fwbuilder policy rule actions. Unrecognized targets and
converted to branching rules, where the name of the target becomes the
name of the branch.
* SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
parameters are recognized in the NAT rules.
* Address and service objects are created in the process for all
addresses and ports used in all rules.
* iptables rules can refer to tcp/udp ports both by name or by number.
Importer can properly interpret both formats using system function
getservbyname() to convert service name to the port number. Since the
result of this function depends on the OS, some port names may not
convert on some systems. For example, Windows can convert more limited
set of service names compared to Linux or BSD.
* targets LOG and ULOG are converted to the "logging" option in
fwbuilder rules with action "Continue". This is an empty action that
does not affect packet flow through the firewall but can be used in
combination with "logging" option to log the packet. If such empty
(logging-only) rule is undesired, it must be manually merged with some
other rule in the policy.
* "--log-prefix", and "--log-level" options of the LOG target are
recognized
* "--ulog-prefix" option of the ULOG target is recognized. Other options
of the ULOG target are not.
* Address and service objects are reused in the process of import.
* in case when importer fails to parse some part of the iptables-save
file, corresponding policy rule is colored red and appropriate
diagnostic message added to its comment. The problem must be corrected
manually.
* comments ("#") found inside access lists are ignored.
Shortcomings of this version:
* user-defined chains in table "nat" are not supported
* no import of time intervals
* no MAC address matching import
Policy import of Cisco IOS access lists (v2.1.12, build 270)
Features implemented in this version :
* Importer can parse router config saved using "show run" command.
Although importer can only interpret a subset of IOS configuration
commands, other commands that it does not understand will be ignored
and should not affect operation. No manual editing of the config is
required prior to import.
* Importer creates firewall object with all interfaces
* firewall object name is assigned if "hostname" command is found in the
configuration. If this command is not present, the name remains
generic "New Firewall"
* interface addresses are assigned if command "ip address" is found
(multiple addresses per interface are supported). Interfaces without
"ip address" in the configuration are marked as "unnumbered" in the
firewall builder object tree.
* all access lists are imported and interface and direction are set in
all rules appropriately
* Address and service objects are created in the process for all
addresses and ports used in access lists
* IOS access lists can define ip protocol, icmp code and type, and
tcp/udp ports both by name or by number. Importer can properly
interpret both formats.
* "log", "log-input", "fragments", "established" keywords are supported
and translated into rule or object options as appropriate.
* Address and service objects are reused in the process of import.
* in case when importer fails to parse some part of the access-list
command, corresponding policy rule is colored in red and appropriate
diagnostic message added to its comment. The problem must be corrected
manually.
* "remark" commands found inside access lists are translated into rule
comments
* comments ("!") found inside access lists are ignored.
Shortcomings of this version:
* importer does not use address and service objects that existed in the
tree before the operation has started, it creates new ones.
Deduplication only works for objects created in the process of import.
* the following keywords available in extended access lists are not
supported at this time: tos, precedence, time-range.
* igmp access lists are not parsed.
----------------------------------------------------------------------
New object types and improvements in the base API
* TCPService object now has flag "established". Policy comilers for
platforms that have special keyword for this flag can recognize this
flag in TCPService object.
* TCPService object "All TCP established" has been added to the Standard
objects library.
* Interface of the firewall has new flag "unprotected", currently only
used in compiler for Cisco IOS access lists. Compiler skips interfaces
marked as "unprotected" when it decides which interface a policy rule
should be assigned to.
Improvements and bug fixes in the GUI
* dialogs and resource files for Cisco IOS access lists.
* Policy installer for Cisco routers
* fixed long-standing problem with size of the built-in installer
options dialog. The dialog was too big and did not properly resize
itself when some options were hidden.
* PIX and Cisco routers (IOS) : built-in installer can schedule reboot
of the firewall before activating new policy, then cancel it if the
policy has been activated successfully.
* note about built-in installer on windows. Installer seems to have
broke with upgrade of QT to 3.3.8. Specifically, in
SSHSession::readFromStdout(), proc->readStdout() returns a byte array
that contains actual output from the device, with some garbage
appeneded to it. The garbage is included in the size() count of
QByteArray returned by readStdout so it gets included into the QString
which we append to stdoutBuffer. This happens only on win32; reverting
to QT 3.3.7 fixes the problem.
* the GUI is compiled with ANTLR C++ run-time, used for policy importer
* Policy importer: can read and import iptables rules from the
iptables-save file and Cisco IOS access lists from the router
configuration saved using "show run" command. See README.policy_import
file for more details.
* allow for object group in "Interface" rule element
* Added support for action "Continue" (an empty action) in the GUI and
compiler for iptables. This action creates a rule that does nothing,
however it generates iptables command with target "-j LOG" if logging
is turned on. This can be useful if one wants only to log packets that
match certain pattern but not make any policy decision in the same
rule.
* After changes made in the compiler to simplify algorithm used to
decide which chain a rule with action Tag should go to, rule action
option "Mark connections in PREROUTING chain" ( "ipt_mark_prerouting"
) has been deprecated.
* fixed bug (no number) where installer failed to properly copy .fwb
file over to the firewall if file name contained whitespace
* fixed bug #1739373: "FWB2111, register Routing not printed". Tab
"Routing" was not included in the printed copy of firewall policies
Improvements and bug fixes in policy compiler for iptables
* fixed bug 1737733: "install script doesn't detect BROADCAST if eth is
NO-CARRIER". If firewall script runs before network interface comes up
(i.e. is still in NO-CARRIER state), script failed to add virtual
addresses for NAT.
* fixed bug #1711595: "ip6tables DROPs". Compiler adds rules to permit
any-to-any on loopback interface for ipv6 in addition to rules that
set default policy to DROP for all chains in ipv6
* streamlined algorithm that assigns chain to a rule with action Tag.
The goal is to always use chain PREROUTING for rules with direction
Inbound or Both and a combination of OUTPUT and POSTROUTING for rules
with direction Outbound and Both.
* Added support for action "Continue" (an empty action) in the GUI and
compiler for iptables. This action creates a rule that does nothing,
however it generates iptables command with target "-j LOG" if logging
is turned on. This can be useful if one wants only to log packets that
match certain pattern but not make any policy decision in the same
rule.
* fixed bug #1718791: "Bug with more than one router". This bug affected
routing rules.
* fixed bug #1720022: "Fail to load modules .ko.gz".
* fixed bug #1720480: '"-A POSTROUTING -i interface" in branching
rules'. Compiler should not generate iptables commands in POSTROUTING
chain with "-i interface" clause.
* bug (no number): compiler used to not set unique internal id for rules
in branches, which lead to chain names like 'C.0' in generated script.
* bug (no number): when a rule number is inserted into a log record in
place of macro %N, it should be formatted as "N/M" for rules in a
branch.
* bug (no number): setting chain for Classify action only if it has not
been set before. Setting chain to POSTROUTING always broke things if a
rule with action 'Classify' was used in a branch (so the chain has
been set to that of the branch)
* bugs #1676635: "no way to match on state if the action is drop" and
#1671910: "2.1.8 In 'Branch' acton compiler doesn't insert NEW
stanza". Rely only on rule option 'stateless' to decide whether the
rule should have "-m state --state NEW". Rule option 'stateless' is
automatically set when user changes rule action so it becomes anything
except 'Accept', 'Tag' or 'Route'. This option is also automatically
cleared when action is switched to any of these three actions. The
user can override these default settings by checking or unchecking the
option in the rule options dialog.
Improvements and bug fixes in policy compiler for PF
* fixed bug #1727715: "Policy Installer failed but indicates succes".
Activation script for PF exits with non-zero return code if script
activation fails.
* fixed bug #1740545: "AddressTable in NAT section". Policy compiler for
PF crashed if AddressTable object was used in TDst element of a NAT
rule.
Improvements and bug fixes in policy compiler for ipfw
* new TCPService object flag "established" in compiler for ipfw.
*

106
doc/ReleaseNotes_2.1.13.html Normal file
View File

@@ -0,0 +1,106 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.13 </h2>
<br>
<p>
Released 07/22/2007
<br>
<b>GUI and compilers v2.1.13 require API library libfwbuilder version 2.1.13</b>
<br>
<h2>Summary </h2>
<p>
This is bugfix release; its main focus is better support for new
features available in PF in OpenBSD 4.1.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>fixed bug #1740766: "lock not saved". This method now copies the
value of "ro" attribute (read-only). Clear it in the caller if
neccessary. Method duplicate() clears it after calling
shallowDuplicate in order to be able to modify the object, then
restores this attribute to its original value.</li>
<li>fixed bug #1743117: "crash while editing any". Added check, user
should not be able to unlock Standard objects library</li>
<li>fixed bug #1753188: "policy activation fails on PIX and
IOS". Installer failed if account used to authenticate to the
router or PIX went straight to 'enable' mode after login.</li>
<li>added simple template object for Cisco router 36xx </li>
</ul>
<h2>Improvements and bug fixes in policy compiler for iptables</h2>
<ul>
<li>fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to
the firewall settings dialog for iptables that controls whether
compiler should skip generation of the code to set default policy
of all ipv6 chains to DROP. This option is off by default, that is
compiler puts the code in. This helps maintain backwards
compatibility with old data files that do not have this option,
which is equivalent to this option being "off".</li>
<li>fixed bug #1747332: "missing CONNMARK/ restore mark in Output
Chain"</li>
<li>compiler permits setting direction in the rule while interface
field is "All". This generates iptables command in chain INPUT or
OUTPUT with "-i +" or "-o +" interface specification to match all
interfaces.</li>
</ul>
<h2>Improvements and bug fixes in policy compiler for PF</h2>
<ul>
<li>fixed bug #1747828: "anchors generation - "log" not
supported". "Log" keyword is not allowed in "anchor" rules;
compiler should not generate it even if user turned logging on in
a rule with action 'Branch'</li>
<li>implemented support for PF limit options "src-nodes", "tables"
and "table-entries". Feature Req. #1674919: "Support "set limit
table-entries""</li>
<li>better compliance with PF 4.x. Feature Req. #1679793: "add 'no
state' and 'flags any'". If version is set to 4.x, compiler skips
"flags S/SA keep state" for rules mathcing tcp services. However,
according to the section "1.2. Operational changes" in PF FAQ at
http://www.openbsd.org/faq/upgrade41.html , there should be a way
to add "keep state" explicitly for rules on interface enc0. Added
this option to the rule options dialog.</li>
<li>Added support for "set skip on <ifspec>" command for PF. If an
interface is marked as "unprotected" in the GUI, compiler
generates this command for it. This is useful for loopback or
other virtual interfaces.</ifspec>
</ul>
<h2>Improvements and bug fixes in policy compilers for Cisco IOS ACL</h2>
<ul>
<li>Fixed bug that caused compiler to exit abnormally while
compiling a rule with interface field "all". Compiler should
generate ACL lines for all interfaces of the router (except those
marked "unprotected")</li>
</ul>
</body>
</html>

67
doc/ReleaseNotes_2.1.13.txt Normal file
View File

@@ -0,0 +1,67 @@
Firewall Builder Release Notes
Version 2.1.13
Released 07/22/2007
GUI and compilers v2.1.13 require API library libfwbuilder version 2.1.13
Summary
This is bugfix release; its main focus is better support for new features
available in PF in OpenBSD 4.1
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in the GUI
* fixed bug #1740766: "lock not saved". This method now copies the value
of "ro" attribute (read-only). Clear it in the caller if neccessary.
Method duplicate() clears it after calling shallowDuplicate in order
to be able to modify the object, then restores this attribute to its
original value.
* fixed bug #1743117: "crash while editing any". Added check, user
should not be able to unlock Standard objects library
* fixed bug #1753188: "policy activation fails on PIX and IOS".
Installer failed if account used to authenticate to the router or PIX
went straight to 'enable' mode after login.
* added simple template object for Cisco router 36xx
Improvements and bug fixes in policy compiler for iptables
* fixed bug #1746257: "fwbuilder breaks IPv6". Added an option to the
firewall settings dialog for iptables that controls whether compiler
should skip generation of the code to set default policy of all ipv6
chains to DROP. This option is off by default, that is compiler puts
the code in. This helps maintain backwards compatibility with old data
files that do not have this option, which is equivalent to this option
being "off".
* fixed bug #1747332: "missing CONNMARK/ restore mark in Output Chain"
* compiler permits setting direction in the rule while interface field
is "All". This generates iptables command in chain INPUT or OUTPUT
with "-i +" or "-o +" interface specification to match all interfaces.
Improvements and bug fixes in policy compiler for PF
* fixed bug #1747828: "anchors generation - "log" not supported". "Log"
keyword is not allowed in "anchor" rules; compiler should not generate
it even if user turned logging on in a rule with action 'Branch'
* implemented support for PF limit options "src-nodes", "tables" and
"table-entries". Feature Req. #1674919: "Support "set limit
table-entries""
* better compliance with PF 4.x. Feature Req. #1679793: "add 'no state'
and 'flags any'". If version is set to 4.x, compiler skips "flags S/SA
keep state" for rules mathcing tcp services. However, according to the
section "1.2. Operational changes" in PF FAQ at
http://www.openbsd.org/faq/upgrade41.html , there should be a way to
add "keep state" explicitly for rules on interface enc0. Added this
option to the rule options dialog.
* Added support for "set skip on " command for PF. If an interface is
marked as "unprotected" in the GUI, compiler generates this command
for it. This is useful for loopback or other virtual interfaces.
Improvements and bug fixes in policy compilers for Cisco IOS ACL
* Fixed bug that caused compiler to exit abnormally while compiling a
rule with interface field "all". Compiler should generate ACL lines
for all interfaces of the router (except those marked "unprotected")

106
doc/ReleaseNotes_2.1.14.html Normal file
View File

@@ -0,0 +1,106 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.14 </h2>
<br>
<p>
Released 09/10/2007
<br>
<b>GUI and compilers v2.1.14 require API library libfwbuilder version 2.1.14</b>
<br>
<h2>Summary </h2>
<p>
This is another bugfix release, it comes with numerous improvements in
the iptables policy importer and fixes for gcc 4.2 and 4.3
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Improvements and bug fixes in libfwbuilder library</h2>
<ul>
<li>fixed bug #1761373: "libfwbuilder doesn't build on Mandriva
cooker". Applied fixes to make the code compile with gcc 4.2</li>
</ul>
<h2>Improvements and bug fixes in the policy importer for iptables</h2>
<ul>
<li>fixed bug #1764988: "iptables import -> GUI crash":
<p>
<ul>
<li>iptables policy importer recognizes and parses target
RETURN</li>
<li>iptables policy importer recognizes and parses TCP flag
parameters ALL and NONE</li>
<li>syntax for TCP flag matching in iptables-save should allow
for more than 2 flags in 'comp' part</li>
</ul>
<p>
</li>
<li>fixed bug (no num): iptables policy importer should properly
parse numeric protocol specification (e.g. "-p 47").</li>
<li>added missing supprot for "--log-tcp-sequence",
"--log-tcp-options" and "--log-ip-options" options for target LOG to
iptables policy importer</li>
<li>added a workaround for a situation when several iptables
commands pass control to the same user-define chain in the
iptables-save file. As of fwbuilder v2.1, branch ruleset is a
child object of PolicyRule. This means two different rules can not
point at the same branch ruleset. This is unfortunate but it is
hard to fix in the current version because it requires changes XML
DTD and API. Will do this in 3.0. Meanwhile, checking if branch
ruleset with requested name already exists and change the name by
adding suffix '1', '2' etc to make it different. Imported rule is
marked as 'bad' (red background) and gets a comment explaining
this.</li>
<li>fixed bug (no num): importer for iptables should properly assign
rule options when it finds "-m limit" and "--limit" options in the
input file.</li>
</ul>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>configure.in: another patch by Carlos Silva
&lt;r3pek@r3pek.org&gt; to add third parameter to
AC_DEFINE_UNQUOTED </r3pek>
<li>fixed bug reported in Debian Bug report #417685 - added missing
#include <algorithm> to make code compile with gcc 4.3</li>
<li>applied patch by Carlos Silva &lt;r3pek@r3pek.org&gt; to make
configure.in use ANTLR C++ run-time installed on the system if
it can find one; otherwise it uses copy in src/antlr</li>
<li>fixed bug #1772722: "installer should recognize when it uses
plink 0.60". We detect when installer uses plink on Windows by
checking the name of the configured ssh client. The check should
be case-insensitive.</li>
<li>fixed bug #1764971: "allowed value range for burst
limit". Iptables "--limit-burst" option should not be limited in
the GUI.</li>
</ul>
</body>
</html>

64
doc/ReleaseNotes_2.1.14.txt Normal file
View File

@@ -0,0 +1,64 @@
Firewall Builder Release Notes
Version 2.1.14
Released 09/10/2007
GUI and compilers v2.1.14 require API library libfwbuilder version 2.1.14
Summary
This is another bugfix release, it comes with numerous improvements in the
iptables policy importer and fixes for gcc 4.2 and 4.3
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in libfwbuilder library
* fixed bug #1761373: "libfwbuilder doesn't build on Mandriva cooker".
Applied fixes to make the code compile with gcc 4.2
Improvements and bug fixes in the policy importer for iptables
* fixed bug #1764988: "iptables import -> GUI crash":
* iptables policy importer recognizes and parses target RETURN
* iptables policy importer recognizes and parses TCP flag
parameters ALL and NONE
* syntax for TCP flag matching in iptables-save should allow for
more than 2 flags in 'comp' part
* fixed bug (no num): iptables policy importer should properly parse
numeric protocol specification (e.g. "-p 47").
* added missing supprot for "--log-tcp-sequence", "--log-tcp-options"
and "--log-ip-options" options for target LOG to iptables policy
importer
* added a workaround for a situation when several iptables commands pass
control to the same user-define chain in the iptables-save file. As of
fwbuilder v2.1, branch ruleset is a child object of PolicyRule. This
means two different rules can not point at the same branch ruleset.
This is unfortunate but it is hard to fix in the current version
because it requires changes XML DTD and API. Will do this in 3.0.
Meanwhile, checking if branch ruleset with requested name already
exists and change the name by adding suffix '1', '2' etc to make it
different. Imported rule is marked as 'bad' (red background) and gets
a comment explaining this.
* fixed bug (no num): importer for iptables should properly assign rule
options when it finds "-m limit" and "--limit" options in the input
file.
Improvements and bug fixes in the GUI
* configure.in: another patch by Carlos Silva <r3pek@r3pek.org> to add
third parameter to AC_DEFINE_UNQUOTED
* fixed bug reported in Debian Bug report #417685 - added missing
#include to make code compile with gcc 4.3
* applied patch by Carlos Silva <r3pek@r3pek.org> to make configure.in
use ANTLR C++ run-time installed on the system if it can find one;
otherwise it uses copy in src/antlr
* fixed bug #1772722: "installer should recognize when it uses plink
0.60". We detect when installer uses plink on Windows by checking the
name of the configured ssh client. The check should be
case-insensitive.
* fixed bug #1764971: "allowed value range for burst limit". Iptables
"--limit-burst" option should not be limited in the GUI.

88
doc/ReleaseNotes_2.1.15.html Normal file
View File

@@ -0,0 +1,88 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.15 </h2>
<br>
<p>
Released 12/10/2007
<br>
<b>GUI and compilers v2.1.15 require API library libfwbuilder version 2.1.15</b>
<br>
<h2>Summary </h2>
<p>
This is another bugfix release. Several problems with policy installer
running in batch mode have been fixed, also this release resolves
compatibility issues with Windows Vista and Mac OS X Leopard.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<p>
The GUI code is in the freeze for QT4 conversion. I will fix bugs in
policy compilers but will try to avoid changes in the GUI. New GUI
based on QT4 will be released next spring when KDE4 is included in all
major Linux distributions and FreeBSD. There will be one more bugfix
release for v2.1 if necessary.
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>fixed bug #1811781: "Batch Install". Built-in installer used
address of the first firewall of the batch to communicate with
all firewalls in the "batch install" mode.
</li>
<li>fixed bug #1826558: "OSX 10.5 font problem". This problem
appeared only in Mac OS X Leoprard (10.5) build, other platforms
were unaffected.</li>
<li>Starting with build 320 Windows packages install on Vista</li>
<li>Added Brazilian Portuguese translation by Jose Carlos Medeiros
&lt;jose@psabs.com.br&gt;</li>
<li>fixed bug #1821576: "Rule option tracking gives inavlid config
with default value". Compiler should skip max-src-nodes when it is
set to default '0' in the GUI.</li>
</ul>
<h2>Improvements and bug fixes in the policy importer for iptables</h2>
<ul>
<li>fixed bug #1812295: "Can't use runtime address tables AND
iptabels-restore". Script generated by fwb_ipt used "here
document" if the option "use iptables-restore to activate
policy" was turned on. This did not work in case policy used
any tun-time address table objects. Now generated script
always uses "echo" to generate iptables commands that it sends
to th standard input of iptables-restore.
</li>
</ul>
<h2>Improvements and bug fixes in the policy importer for ipfilter</h2>
<ul>
<li>applied patch by <Cy.Schubert@komquats.com> to add support for
Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules.
</li>
</ul>
<h2>Improvements and bug fixes in the policy importer for pf</h2>
<ul>
<li>fixed bug #1800875 "'keep state' missing from pass out going
traffic rule". Compilers for pf, ipf and ipfw were affected.
</li>
</ul>
</body>
</html>

55
doc/ReleaseNotes_2.1.15.txt Normal file
View File

@@ -0,0 +1,55 @@
Firewall Builder Release Notes
Version 2.1.15
Released 12/10/2007
GUI and compilers v2.1.15 require API library libfwbuilder version 2.1.15
Summary
This is another bugfix release. Several problems with policy installer
running in batch mode have been fixed, also this release resolves
compatibility issues with Windows Vista and Mac OS X Leopard.
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
The GUI code is in the freeze for QT4 conversion. I will fix bugs in
policy compilers but will try to avoid changes in the GUI. New GUI based
on QT4 will be released next spring when KDE4 is included in all major
Linux distributions and FreeBSD. There will be one more bugfix release for
v2.1 if necessary.
Improvements and bug fixes in the GUI
* fixed bug #1811781: "Batch Install". Built-in installer used address
of the first firewall of the batch to communicate with all firewalls
in the "batch install" mode.
* fixed bug #1826558: "OSX 10.5 font problem". This problem appeared
only in Mac OS X Leoprard (10.5) build, other platforms were
unaffected.
* Starting with build 320 Windows packages install on Vista
* Added Brazilian Portuguese translation by Jose Carlos Medeiros
<jose@psabs.com.br>
* fixed bug #1821576: "Rule option tracking gives inavlid config with
default value". Compiler should skip max-src-nodes when it is set to
default '0' in the GUI.
Improvements and bug fixes in the policy importer for iptables
* fixed bug #1812295: "Can't use runtime address tables AND
iptabels-restore". Script generated by fwb_ipt used "here document" if
the option "use iptables-restore to activate policy" was turned on.
This did not work in case policy used any tun-time address table
objects. Now generated script always uses "echo" to generate iptables
commands that it sends to th standard input of iptables-restore.
Improvements and bug fixes in the policy importer for ipfilter
* applied patch by <Cy.Schubert@komquats.com> to add support for
Kerberos rcmd and Kerberos ekshell proxies in ipfilter NAT rules.
Improvements and bug fixes in the policy importer for pf
* fixed bug #1800875 "'keep state' missing from pass out going traffic
rule". Compilers for pf, ipf and ipfw were affected.

487
doc/ReleaseNotes_2.1.7.html Normal file
View File

@@ -0,0 +1,487 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.7 </h2>
<br>
<p>
Released 10/31/2006
<br>
<b>GUI and compilers v2.1.7 require API library libfwbuilder version 2.1.7</b>
<br>
<h2>Summary </h2>
<p>
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Installation</h2>
<p>
Packages of Firewall Builder 2.1 are built in a such way that you
should be able to install them on the same machine with Firewall
Builder 2.0.X. All binaries have names that end with <b>"21"</b>,
e.g. <b>"fwbuilder21"</b> or <b>"fwb_ipt21"</b>. On Windows the
binary name is the same but the package installs in
directory <b>c:\FWBuilder21</b> which is different from the default
directory for Firewall Builder 2.0; all registry entries are also
located in different subtrees. All this is done to ensure the user
can run Firewall Builder 2.1 while still using stable version 2.0.12
on the same machine.
</p>
<h2>Improvements and changes in the GUI</h2>
<ul>
<li>The GUI works much faster with very large object trees. Tested
using a data file with over 3000 objects)
<p>
</p>
</li>
<li>"Where used" menu item has been added to quickly find and show
all groups and firewall rules that reference given
object. Confirmation dialog that is shown when user tries to
delete an object also shows all groups and rules that use it.
<p>
</p>
</li>
<li>By popular request, built-in installer can now save a copy of
.fwb file to the firewall.
<p>
</p>
</li>
<li>Compile/install dialog is now an independent window instead of a
modal dialog, this means the user can look at the policy and
objects while compilation and/or installation is going on. This is
especially convenient as it allows one to inspect the rules after
failed compilation while still having compiler error on screen.
<p>
</p>
</li>
<li>Network discovery driud is back, ported from fwbuilder
1.0. As before, it supports reading object definitions from a
file in <b>/etc/hosts</b> format, can read DNS zone and also can
crawl the network using SNMP queries.
<p>
</p>
</li>
<li>Startup wizard ("Welcome to Firewall Builder") has been
removed. The GUI now starts either into an empty database or
opens data file specified on the command line.
<p>
</li>
<li>Keeping track of dependencies between objects. This is
useful when many firewalls in the tree use the same set of
objects. Each firewall object keeps track of objects it
depends on, so if any object is modified, all firewalls that
use it in their rules are marked with bold font to indicate
that they need to be recompiled. Object dependencies are
tracked not only when objects are directly used in rules,
but also when they apepar there indirectly, as members of
groups
<p>
</li>
<li>Added bulk compile and install operations. This is useful
when there are many firewalls in the tree that need to be
compiled and installed in one go. Bulk install operation is
only possible if all firewalls use the same user name and
password for authentication. If this is not the case,
built-in installer can be instructed to ask for the
authentication information before it touches each firewall.
<p>
</li>
<li>All object dialogs have been converted into built-in
panels that appear in the right hand part of the main
window. This simplifies navigation ( pop-up dialogs used to
obscure parts of the main window). Objects open in the
editor on a single mouse click in the tree and rules.
<p>
</li>
<li>Improvements in "Find" function: administrator can now
drag an object into a well in the find dialog panel to make
it search for this particular object. This is useful if the
name of the obejct is not unique. Search by object's name or
a value of its attribute is also possible.
<p>
<img src="http://www.fwbuilder.org/images/find_dialog_1.png">
<p>
</li>
<li>In addition to the "Find" function, the "Find and replace"
operation has been implemented. Objects can be found and
replaced in groups and firewall rules
<p>
<img src="http://www.fwbuilder.org/images/find_replace_1.png">
<p>
</li>
</ul>
<h2>New object types, new rule types and rule elements, new
actions and other new features</h2>
<ul>
<li><b>AddressTable</b>&nbsp; This object resolves to a set of
IP addresses defined in an external file. The object can be
configured to read the file at compile time or at run time. For
each compile-time AddressTable object defined in the object tree
compiler tries to find and read the file specified in the object
configuration. Compiler aborts processing if the file can not be
found or can not be read. If the file is in place and can be
read, such AddressTable object behaves as if it was a group of
IP address objects, that is, all addresses are explicitly copied
into generated configuration, although compiler may use target
firewall syntax that helps to group such sets of addresses into
tables. Compilers for iptables, ipfw, ipf and PIX generate bunch
of rules matching each address read from the file. Compiler for
PF creates a table and also lists all IP addresses it reads from
the file; it uses the name of the AddressTable object for the
name of the table it creates.<p>
Run-time AddressTable objects are only supported by
compilers for iptables and PF. Compiler for iptables
generates shell code to read the contents of the file when
firewall configuration is activated. Compiler for PF uses
native <b>"table &lt;name&gt; persist file &lt;file_name&gt;"</b>
syntax. Here also the name of the table is the same as the
name of the AddressTable object it was created for.
<p>
</li>
<li><b>DNSName:</b>&nbsp; This object resolves a host name to
the IP address using DNS. Object can be confgiured to do so at
compile time or run time. Resolution is done using system call
gethostbyaddr() to read DNS A records for the name. System
resolver should take care of recursion and CNAME records, if
any. If the name resolves to several IP addresses, all addresses
are used in the generated firewall configuration. Run-time
DNSName objects rely on the target firewall software to be able
to convert symbolic names used in rules into actual IP addresses
at a time when policy is activated. Not all platforms provide
means to support run-time DNSName objects.
<p>
</li>
<li><b>TagService:</b>&nbsp; This object matches tags set by
action <b>Tag</b>. It is translated into <b>--mark
&lt;mark_code&gt;</b> for iptables and <b>tag</b> option for
PF. This service object is only supported by compilers for
iptables and PF.
<p>
</li>
<li><b>Interface</b> objects can now have an attribute to mark
them as bridge ports, used for bridging firewalls.
<p>
</li>
<li>Support for routing rules has been implemented using patch
provided by Tidei Maurizio &lt;fwbuilder-routing at
compal.de&gt; Support for routing rules is only implemented in
compiler for iptables. See file README.routing included in
fwbuilder2 package.
<p>
<blockquote>
<b>NOTE:</b>&nbsp;I can only provide very limited support for this feature, please direct your questions and bugreports to the author
</blockquote>
<p>
</li>
<li>Global policy and interface policies have been merged. Each
policy rule now has rule element "Interface". Administrator
can drag and drop interface object of the firewall into this
rule element field. Policy compilers support multiple
interfaces and negation in "Interface" rule element. Rule
element "direction" that previously was only part of the
interface policy rules is now part of all policy rules.
<p>
</li>
<li>Policy rules can have the following new actions:<p>
<ul>
<li><b>Queue:</b>&nbsp; This action passes the packet to
user space process for inspection, it is translated
into <b>QUEUE</b> for iptables and <b>divert</b> for
ipfw. This action is only supported by compilers for
iptables and ipfw..
<p>
</li>
<li><b>Custom:</b>&nbsp; This action allows administrator
to define arbitrary piece of code to be used in place of
an action. Supported by compilers for iptables, ipf and
ipfw
<p>
</li>
<li><b>Branch:</b>&nbsp; This action is used to create a
branch in the rule set. It works on target platforms that
provide suitable syntax and allow control to return to the
higher level rule set if the branch can not make final
decision about the packet. For iptables this action is
translated into user-defined chain. The name of the chain
is the name of the branch choosen by administrator. For PF
this action is translated into an anchor with the name the
same as the name of the branch defined by the
administrator. This action is only supported by compilers
for iptables and PF.
<p>
<img src="http://www.fwbuilder.org/images/action_branch_1.png"><br>
Fig.1 <i>Rule #0 of the global policy creates a branch with the name <b>rule0_branch</b></i>
<p>
<p>
</li>
<li><b>Tag:</b>&nbsp; This action associates internal tag
with the packet. Tag can later be inspected using
service object <b>TagService</b>. This action is
translated into <b>MARK</b> target with
corresponding <b>--set-mark</b> parameter and optionally
additional rule with <b>CONNMARK --save-mark</b> target
for iptables. If option that activates <b>CONNMARK</b>
target is used, compiler also adds a rule at the very
top of the policy to restore the mark. Rules are placed
in <b>INPUT</b>,<b>OUTPUT</b> and <b>FORWARD</b> chain
of the <b>"mangle"</b> table, this ensures
that <b>DNAT</b> happens before rules placed in the
mangle table see the packet. <b>PREROUTING</b> chain in
mangle table is executed before <b>PREROUTING</b> chain
in the nat table, so placing tagging rules in the
<b>PREROUTING</b> chain would make them fire before
<b>DNAT</b>. <b>POSTROUTING</b> chain of the mangle
table, as well as its <b>FORWARD</b> and <b>OUTPUT</b>
chains, work before corresponding chains of the nat
table. In all cases the goal is to make sure <b>DNAT</b>
rules process the packet before, and SNAT rules process
it after filtering and tagging rules.<p>
For PF this action is translated into <b>tag</b>.
Supported only by compilers for iptables and PF.
<p>
<img src="http://www.fwbuilder.org/images/action_tag_1.png"><br>
Fig.2 <i>Example of a rule utilizing action <b>Tag</b>. To illustrate policy branches, this rule belongs to the branch with the name <b>rule0_branch</b></i>
<p>
<p>
</li>
<li><b>Classify:</b>&nbsp; This action allows the firewall
to define QoS class for the packet that matches the
rule. It is translated into <b>CLASSIFY</b> for
iptables, with parameter <b>--set-class</b>. For PF it
is translated into <b>queue</b>; compiler for ipfw can
use <b>pipe</b>, <b>queue</b> or <b>divert</b> depending
on how the action is configured by the administrator in
the GUI. This action is only supported by compilers for
iptables, PF and ipfw.
<p>
</li>
<li><b>Route:</b>&nbsp; This action makes the firewall to
route the packet that matches the rule through an
interface or a gateway specified in the parameters of the
action. This action is translated into <b>ROUTE</b> target
for iptables and <b>route</b> option for PF and
ipfilter. Compilers for PF and ipfilter
support <b><i>fastroute</i></b>, <b><i>route-to</i></b>,
<b><i>reply-to</i></b> and <b><i>dup-to</i></b> options.
<p>
<img src="http://www.fwbuilder.org/images/action_route.png"><br>
Fig.3 <i>Rules #0 and #1 tag packets entering the firewall through interfaces <b>eth0</b> and <b>eth2</b>; rules #3 and #4 help route reply packets back through the same interfaces</i>
<p>
<p>
</li>
</ul>
<p>
The GUI uses different names for the new actions depending
on the target firewall platform to simplify adoption. For
example, new action that created branch in rule set is
called <b>Chain</b> for iptables firewalls and <b>Anchor</b>
for PF fierwalls.
</p>
</li>
<li>Firewall object now has an attribute <b>"inactive"</b>. Firewall
marked as inactive will not be picked by the GUI for the bulk
compile and install operations even if the timestamps indicate
that this firewall object needs to be recompiled
<p>
</li>
</ul>
<h2>Compiler for iptables</h2>
<ul>
<li>Support for address tables loaded from external files at
compile or run time
<p>
</li>
<li>Support user defined chains with predefined names (using
special action )
<p>
</li>
<li>Support
for <b>CLASSIFY</b>, <b>MARK</b>, <b>CONNMARK</b>, <b>QUEUE</b>, <b>ROUTE</b>
targets
<p>
</li>
<li>Support for <b>physdev</b> module for bridging firewalls
<p>
</li>
<li>additional optimization of rules i INPUT and OUTPUT chain:
now removing firewall object from src or dst to simplify rule
if it uses OUTPUT or INPUT chain. Doing this only if original
rule did not have negation and we do not add any virtual
addresses for NAT. After removal the rule collapses to a
simple command like this:
<p>
<pre>
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
</pre>
<p>
this works fine except if we have added virtual addresses for
NAT. It is assumed that firewall object in rules represents
combination of addresses configured in its interfaces in the
GUI. Virtual addresses added for NAT are considered to be a
side effect and connections should not be implicitly permitted
to them by a rule with fw object in destination. The same
applies to fw object in source. See bug #685947 for
discussion. To avoid inadvertently opening holes in the
firewall by a rule like that, we remove fw object only when it
is safe to do so.
<p>
</li>
<li> support for modules <b>connlimit</b>
and <b>hashlimit</b>. There is an option to generate commands
for the latter module using name <b>dstlimit</b> because older
versions of iptables included this module under this (now
obsolete) name.
<p>
</li>
</ul>
<h2>Compiler for PF</h2>
<ul>
<li>Support for load balancing rules</li>
<li>Support for <b>tag</b> and <b>route</b> options</li>
<li>Support for address ranges and networ objects in TSrc in NAT
rules</li>
<li>Support for pool types in NAT rules ('bitmask', 'random',
'source-hash', 'round-robin'), as well as 'static-port'
option.</li>
<li>Supprot for anchors (by way of a special action)</li>
<li>Support for tables with predefined names (using AddressTable object)</li>
<li>Support for packet 'tagging' (by way of a special action and service object TagService)</li>
</ul>
<h2>Compiler for ipfilter</h2>
<ul>
<li>Support for PPTP and IRC proxies</li>
<li>Support for <b>route</b> option</li>
</ul>
<h2>API</h2>
<ul>
<li>internal object ID is augumented with process ID of the
program that creates an object. This allows fwbedit to quickly
create objects and still ensure their IDs are unique
</li>
<li>
</ul>
<h2>fwbedit</h2>
<p>
Fwbedit can now create objects and repair broken object
database. This tool can now be used to populate object database
using shell scripts or other automation. For example, to create an
address object in object library 'Test' one could run it like
this:
</p>
<p>
<blockquote>
fwbedit -f filename.fwb -t IPv4 -n newAddress -L Test -o 192.0.2.1
</blockquote>
<pre>
Firewall Builder: general purpose object tree editing tool
Version 2.1.5-b
Usage: fwbedit21 -f filename.fwb -u [-a obj,grp] [-r obj,grp] [-d obj] [-s] [-l path] [(-p parent|-L library) -t objtype -n objname [-o object attributes]]
-t objtype : create an object of this type
-L library : specify library when creating a new object
-p obj : specify parent object when creating a new object
-n name : specify a name of the new object
-o attribute1[,attribute2...] : specify attributes when creating a new object
-a obj,grp : create reference to object 'obj' in the group 'grp'
-r obj,grp : remove reference to object 'obj' from the group 'grp'
-d obj : delete object 'obj' and remove references to it from
all rules and groups
-l path : print list of objects for 'path'
-s : test and repair object tree structure
-u : autoupgrade of file
An object and a group can be defined by their ID or
by the full path and name in the XML tree
Object creation syntax:
-t Firewall -n obj_name -L User -o platform, host OS
-t IPv4 -n obj_name -L User -o IP address
-t DNSName -n obj_name -L User -o DNS record,run time
-t AddressRange -n obj_name -L User -o start address, end address
-t ObjectGroup
-t Network -n obj_name -L User -o address,netmask
-t Interval -n obj_name -L User -o start time,start date,start day,end time, end date, end day
-t Interface -n obj_name -L User -o security level,address type (dynamic or unnumbered),management
-t Host
-t TCPService -n obj_name -L User -o source port range start,end,Destination port range start,end,UAPRSF,UAPRSF
-t UDPService -n obj_name -L User -o source port range start,end,Destination port range start,end
-t ICMPService -n obj_name -L User -o ICMP type,ICMP code
-t IPService -n obj_name -L User -o protocol number,lsrr/ssrr/rr/ts/fragm/short_fragm
</pre>
</body>
</html>

325
doc/ReleaseNotes_2.1.7.txt Normal file
View File

@@ -0,0 +1,325 @@
Firewall Builder Release Notes
Version 2.1.7
Released 10/31/2006
GUI and compilers v2.1.7 require API library libfwbuilder version 2.1.7
Summary
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Installation
Packages of Firewall Builder 2.1 are built in a such way that you should
be able to install them on the same machine with Firewall Builder 2.0.X.
All binaries have names that end with "21", e.g. "fwbuilder21" or
"fwb_ipt21". On Windows the binary name is the same but the package
installs in directory c:\FWBuilder21 which is different from the default
directory for Firewall Builder 2.0; all registry entries are also located
in different subtrees. All this is done to ensure the user can run
Firewall Builder 2.1 while still using stable version 2.0.12 on the same
machine.
Improvements and changes in the GUI
* The GUI works much faster with very large object trees. Tested using a
data file with over 3000 objects)
* "Where used" menu item has been added to quickly find and show all
groups and firewall rules that reference given object. Confirmation
dialog that is shown when user tries to delete an object also shows
all groups and rules that use it.
* By popular request, built-in installer can now save a copy of .fwb
file to the firewall.
* Compile/install dialog is now an independent window instead of a modal
dialog, this means the user can look at the policy and objects while
compilation and/or installation is going on. This is especially
convenient as it allows one to inspect the rules after failed
compilation while still having compiler error on screen.
* Network discovery driud is back, ported from fwbuilder 1.0. As before,
it supports reading object definitions from a file in /etc/hosts
format, can read DNS zone and also can crawl the network using SNMP
queries.
* Startup wizard ("Welcome to Firewall Builder") has been removed. The
GUI now starts either into an empty database or opens data file
specified on the command line.
* Keeping track of dependencies between objects. This is useful when
many firewalls in the tree use the same set of objects. Each firewall
object keeps track of objects it depends on, so if any object is
modified, all firewalls that use it in their rules are marked with
bold font to indicate that they need to be recompiled. Object
dependencies are tracked not only when objects are directly used in
rules, but also when they apepar there indirectly, as members of
groups
* Added bulk compile and install operations. This is useful when there
are many firewalls in the tree that need to be compiled and installed
in one go. Bulk install operation is only possible if all firewalls
use the same user name and password for authentication. If this is not
the case, built-in installer can be instructed to ask for the
authentication information before it touches each firewall.
* All object dialogs have been converted into built-in panels that
appear in the right hand part of the main window. This simplifies
navigation ( pop-up dialogs used to obscure parts of the main window).
Objects open in the editor on a single mouse click in the tree and
rules.
* Improvements in "Find" function: administrator can now drag an object
into a well in the find dialog panel to make it search for this
particular object. This is useful if the name of the obejct is not
unique. Search by object's name or a value of its attribute is also
possible.
* In addition to the "Find" function, the "Find and replace" operation
has been implemented. Objects can be found and replaced in groups and
firewall rules
New object types, new rule types and rule elements, new actions and other new
features
* AddressTable This object resolves to a set of IP addresses defined in
an external file. The object can be configured to read the file at
compile time or at run time. For each compile-time AddressTable object
defined in the object tree compiler tries to find and read the file
specified in the object configuration. Compiler aborts processing if
the file can not be found or can not be read. If the file is in place
and can be read, such AddressTable object behaves as if it was a group
of IP address objects, that is, all addresses are explicitly copied
into generated configuration, although compiler may use target
firewall syntax that helps to group such sets of addresses into
tables. Compilers for iptables, ipfw, ipf and PIX generate bunch of
rules matching each address read from the file. Compiler for PF
creates a table and also lists all IP addresses it reads from the
file; it uses the name of the AddressTable object for the name of the
table it creates.
Run-time AddressTable objects are only supported by compilers for
iptables and PF. Compiler for iptables generates shell code to read
the contents of the file when firewall configuration is activated.
Compiler for PF uses native "table <name> persist file <file_name>"
syntax. Here also the name of the table is the same as the name of the
AddressTable object it was created for.
* DNSName: This object resolves a host name to the IP address using
DNS. Object can be confgiured to do so at compile time or run time.
Resolution is done using system call gethostbyaddr() to read DNS A
records for the name. System resolver should take care of recursion
and CNAME records, if any. If the name resolves to several IP
addresses, all addresses are used in the generated firewall
configuration. Run-time DNSName objects rely on the target firewall
software to be able to convert symbolic names used in rules into
actual IP addresses at a time when policy is activated. Not all
platforms provide means to support run-time DNSName objects.
* TagService: This object matches tags set by action Tag. It is
translated into --mark <mark_code> for iptables and tag option for PF.
This service object is only supported by compilers for iptables and
PF.
* Interface objects can now have an attribute to mark them as bridge
ports, used for bridging firewalls.
* Support for routing rules has been implemented using patch provided by
Tidei Maurizio <fwbuilder-routing at compal.de> Support for routing
rules is only implemented in compiler for iptables. See file
README.routing included in fwbuilder2 package.
NOTE: I can only provide very limited support for this feature,
please direct your questions and bugreports to the author
* Global policy and interface policies have been merged. Each policy
rule now has rule element "Interface". Administrator can drag and drop
interface object of the firewall into this rule element field. Policy
compilers support multiple interfaces and negation in "Interface" rule
element. Rule element "direction" that previously was only part of the
interface policy rules is now part of all policy rules.
* Policy rules can have the following new actions:
* Queue: This action passes the packet to user space process for
inspection, it is translated into QUEUE for iptables and divert
for ipfw. This action is only supported by compilers for iptables
and ipfw..
* Custom: This action allows administrator to define arbitrary
piece of code to be used in place of an action. Supported by
compilers for iptables, ipf and ipfw
* Branch: This action is used to create a branch in the rule set.
It works on target platforms that provide suitable syntax and
allow control to return to the higher level rule set if the
branch can not make final decision about the packet. For iptables
this action is translated into user-defined chain. The name of
the chain is the name of the branch choosen by administrator. For
PF this action is translated into an anchor with the name the
same as the name of the branch defined by the administrator. This
action is only supported by compilers for iptables and PF.
Fig.1 Rule #0 of the global policy creates a branch with the name
rule0_branch
* Tag: This action associates internal tag with the packet. Tag
can later be inspected using service object TagService. This
action is translated into MARK target with corresponding
--set-mark parameter and optionally additional rule with CONNMARK
--save-mark target for iptables. If option that activates
CONNMARK target is used, compiler also adds a rule at the very
top of the policy to restore the mark. Rules are placed in
INPUT,OUTPUT and FORWARD chain of the "mangle" table, this
ensures that DNAT happens before rules placed in the mangle table
see the packet. PREROUTING chain in mangle table is executed
before PREROUTING chain in the nat table, so placing tagging
rules in the PREROUTING chain would make them fire before DNAT.
POSTROUTING chain of the mangle table, as well as its FORWARD and
OUTPUT chains, work before corresponding chains of the nat table.
In all cases the goal is to make sure DNAT rules process the
packet before, and SNAT rules process it after filtering and
tagging rules.
For PF this action is translated into tag. Supported only by
compilers for iptables and PF.
Fig.2 Example of a rule utilizing action Tag. To illustrate
policy branches, this rule belongs to the branch with the name
rule0_branch
* Classify: This action allows the firewall to define QoS class
for the packet that matches the rule. It is translated into
CLASSIFY for iptables, with parameter --set-class. For PF it is
translated into queue; compiler for ipfw can use pipe, queue or
divert depending on how the action is configured by the
administrator in the GUI. This action is only supported by
compilers for iptables, PF and ipfw.
* Route: This action makes the firewall to route the packet that
matches the rule through an interface or a gateway specified in
the parameters of the action. This action is translated into
ROUTE target for iptables and route option for PF and ipfilter.
Compilers for PF and ipfilter support fastroute, route-to,
reply-to and dup-to options.
Fig.3 Rules #0 and #1 tag packets entering the firewall through
interfaces eth0 and eth2; rules #3 and #4 help route reply
packets back through the same interfaces
The GUI uses different names for the new actions depending on the
target firewall platform to simplify adoption. For example, new action
that created branch in rule set is called Chain for iptables firewalls
and Anchor for PF fierwalls.
* Firewall object now has an attribute "inactive". Firewall marked as
inactive will not be picked by the GUI for the bulk compile and
install operations even if the timestamps indicate that this firewall
object needs to be recompiled
Compiler for iptables
* Support for address tables loaded from external files at compile or
run time
* Support user defined chains with predefined names (using special
action )
* Support for CLASSIFY, MARK, CONNMARK, QUEUE, ROUTE targets
* Support for physdev module for bridging firewalls
* additional optimization of rules i INPUT and OUTPUT chain: now
removing firewall object from src or dst to simplify rule if it uses
OUTPUT or INPUT chain. Doing this only if original rule did not have
negation and we do not add any virtual addresses for NAT. After
removal the rule collapses to a simple command like this:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
this works fine except if we have added virtual addresses for NAT. It
is assumed that firewall object in rules represents combination of
addresses configured in its interfaces in the GUI. Virtual addresses
added for NAT are considered to be a side effect and connections
should not be implicitly permitted to them by a rule with fw object in
destination. The same applies to fw object in source. See bug #685947
for discussion. To avoid inadvertently opening holes in the firewall
by a rule like that, we remove fw object only when it is safe to do
so.
* support for modules connlimit and hashlimit. There is an option to
generate commands for the latter module using name dstlimit because
older versions of iptables included this module under this (now
obsolete) name.
Compiler for PF
* Support for load balancing rules
* Support for tag and route options
* Support for address ranges and networ objects in TSrc in NAT rules
* Support for pool types in NAT rules ('bitmask', 'random',
'source-hash', 'round-robin'), as well as 'static-port' option.
* Supprot for anchors (by way of a special action)
* Support for tables with predefined names (using AddressTable object)
* Support for packet 'tagging' (by way of a special action and service
object TagService)
Compiler for ipfilter
* Support for PPTP and IRC proxies
* Support for route option
API
* internal object ID is augumented with process ID of the program that
creates an object. This allows fwbedit to quickly create objects and
still ensure their IDs are unique
* fwbedit
Fwbedit can now create objects and repair broken object database. This
tool can now be used to populate object database using shell scripts or
other automation. For example, to create an address object in object
library 'Test' one could run it like this:
fwbedit -f filename.fwb -t IPv4 -n newAddress -L Test -o 192.0.2.1
Firewall Builder: general purpose object tree editing tool
Version 2.1.5-b
Usage: fwbedit21 -f filename.fwb -u [-a obj,grp] [-r obj,grp] [-d obj] [-s] [-l path] [(-p parent|-L library) -t objtype -n objname [-o object attributes]]
-t objtype : create an object of this type
-L library : specify library when creating a new object
-p obj : specify parent object when creating a new object
-n name : specify a name of the new object
-o attribute1[,attribute2...] : specify attributes when creating a new object
-a obj,grp : create reference to object 'obj' in the group 'grp'
-r obj,grp : remove reference to object 'obj' from the group 'grp'
-d obj : delete object 'obj' and remove references to it from
all rules and groups
-l path : print list of objects for 'path'
-s : test and repair object tree structure
-u : autoupgrade of file
An object and a group can be defined by their ID or
by the full path and name in the XML tree
Object creation syntax:
-t Firewall -n obj_name -L User -o platform, host OS
-t IPv4 -n obj_name -L User -o IP address
-t DNSName -n obj_name -L User -o DNS record,run time
-t AddressRange -n obj_name -L User -o start address, end address
-t ObjectGroup
-t Network -n obj_name -L User -o address,netmask
-t Interval -n obj_name -L User -o start time,start date,start day,end time, end date, end day
-t Interface -n obj_name -L User -o security level,address type (dynamic or unnumbered),management
-t Host
-t TCPService -n obj_name -L User -o source port range start,end,Destination port range start,end,UAPRSF,UAPRSF
-t UDPService -n obj_name -L User -o source port range start,end,Destination port range start,end
-t ICMPService -n obj_name -L User -o ICMP type,ICMP code
-t IPService -n obj_name -L User -o protocol number,lsrr/ssrr/rr/ts/fragm/short_fragm

97
doc/ReleaseNotes_2.1.8.html Normal file
View File

@@ -0,0 +1,97 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.8 </h2>
<br>
<p>
Released 12/02/2006
<br>
<b>GUI and compilers v2.1.8 require API library libfwbuilder version 2.1.8</b>
<br>
<h2>Summary </h2>
<p>
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Installation</h2>
<p>
<b>
Optinon poll ran on the fwbuilder-discussion mailing list showed
that majority of users are not interested in ability to install and
run both fwbuilder 2.0 and 2.1 on the same machine at the same
time. Hence we are reverting to the old naming schema without suffix
'21' for the binaries and man pages in this release.
</b>
</p>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>The user can search for objects using regular expressions
matching their names or attributes.
<p>
</p>
</li>
<li>Fixed bug #1592130: "Policy Chaining Issues". The GUI should
properly display nested branch rulesets. The user can create
policy branches within other branches.
</li>
</ul>
<h2>All compilers</h2>
<ul>
<li>Fixed bug #1590746 "problem with using "DNS Names" objects on MS
Windows". Compiler failed to convert DNSName objects set to resolve
at compile time into IP addresses.
</li>
</ul>
<h2>Compiler for iptables</h2>
<ul>
<li>fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV:
no physdev opti..." Some times rules were generated with "-m
physdev" but witout "--physdev-in" or "--physdev-out" options.
</li>
</ul>
<h2>Compiler for Cisco PIX</h2>
<ul>
<li>fixed a bug (no num, support req. #1604103: "fwb_pix policy
compiler dies when SNMP or NTP hosts defined". Compiler did not
print error message when it could not find an interface with
network zone matching IP address of NTP or SNMP server (it just
printed the address without explanation of what went wrong)
</li>
<li>Experimental utility <b>fwb_pix_diff</b> has been added to the
package. This utility takes two PIX configurations on the command
line and produces the 'diff' that consists of a set of commands
that should bring the firewall from the state defined by the first
config to the state defined by the second. Only PIX 7.0 is
supported. This utility will be incorporated into policy installer
in the future to make policy updates simpler and faster,
especially when small changes are made to the large set of access
lists and nat rules.
</li>
</ul>
</body>
</html>

56
doc/ReleaseNotes_2.1.8.txt Normal file
View File

@@ -0,0 +1,56 @@
Firewall Builder Release Notes
Version 2.1.8
Released 12/02/2006
GUI and compilers v2.1.8 require API library libfwbuilder version 2.1.8
Summary
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Installation
Optinon poll ran on the fwbuilder-discussion mailing list showed that
majority of users are not interested in ability to install and run both
fwbuilder 2.0 and 2.1 on the same machine at the same time. Hence we are
reverting to the old naming schema without suffix '21' for the binaries
and man pages in this release.
Improvements and bug fixes in the GUI
* The user can search for objects using regular expressions matching
their names or attributes.
* Fixed bug #1592130: "Policy Chaining Issues". The GUI should properly
display nested branch rulesets. The user can create policy branches
within other branches.
All compilers
* Fixed bug #1590746 "problem with using "DNS Names" objects on MS
Windows". Compiler failed to convert DNSName objects set to resolve at
compile time into IP addresses.
Compiler for iptables
* fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV: no
physdev opti..." Some times rules were generated with "-m physdev" but
witout "--physdev-in" or "--physdev-out" options.
Compiler for Cisco PIX
* fixed a bug (no num, support req. #1604103: "fwb_pix policy compiler
dies when SNMP or NTP hosts defined". Compiler did not print error
message when it could not find an interface with network zone matching
IP address of NTP or SNMP server (it just printed the address without
explanation of what went wrong)
* Experimental utility fwb_pix_diff has been added to the package. This
utility takes two PIX configurations on the command line and produces
the 'diff' that consists of a set of commands that should bring the
firewall from the state defined by the first config to the state
defined by the second. Only PIX 7.0 is supported. This utility will be
incorporated into policy installer in the future to make policy
updates simpler and faster, especially when small changes are made to
the large set of access lists and nat rules.

187
doc/ReleaseNotes_2.1.9.html Normal file
View File

@@ -0,0 +1,187 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.1.9 </h2>
<br>
<p>
Released 02/10/2007
<br>
<b>GUI and compilers v2.1.9 require API library libfwbuilder version 2.1.9</b>
<br>
<h2>Summary </h2>
<p>
This is bugfix release.
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>Improvements and bug fixes in the GUI</h2>
<ul>
<li>New feature: new operation "Tools/Find Conflicting Objects in
Two Data Files". This operation inspects two data files (either
.fwb or .fwl) and finds conflicting objects. Conflicting objects
have the same internal ID but different attributes. Two data files
can not be merged, or one imported into another, if they contain
such objects. This operation also helps identify changes made to
objects in two copies of the same data file. This operation does
not find objects present in one file but not in the other, such
objects present no problem for merge or import operations. This
operation works with two external files, neither of which needs to
be opened in the program. Currently opened data file is not
affected by this operation and objects in the tree do not
change. In the process of this operation user is presented with
series of dialogs showing conflicting objects side by side. In the
end the program can generate report and write it to a text
file.</li>
<li>installOptionsDialog was too large and did not fit on some
laptop screens. Doing tricks to make sure the dialog properly
resized after unused GUI elements are hidden.
</li>
<li>bug #1629521: "can't delete empty chain/policy tab"</li>
<li>bug #1619842: "prolog "script editor" opens behind other
windows"</li>
<li>bug #1620206: "RuleOptions' "Apply" button greyed-out until menu
selection"</li>
<li>bug 1619930: "Prolog tab's ScriptEditor's import fails to
overwrite"</li>
<li>bug #1617501:"Install fails after compile". The GUI got confused
when user enter full path to the policy file in the "Output file
name" input field in the "Compiler" tab of firewall object
dialog. Making sure we always strip directory path from the file
name if user specified full path for the policy file in the
"Output file name" input field in the "Compiler" tab of firewall
object dialog. Need to strip path when macro "%FWSCRIPT%" is
substituted in installation scriptlets and in some other
places.</li>
<li>"Apply" and "Close" buttons in the objct editor panel should be
of fixed size horizontally</li>
<li>bug #1624577: "group window doesn't stay open on
multiple-adds". Using special flag to tell ObjectTreeView that it
should ignore MouseReleaseEvent it gets after d&d operation, so it
wont switch object in the editor panel. Note the bug triggered
only on Mac OS X.</li>
<li>bug (no num.): GUI used show fanthom 'Policy', 'NAT' and
'Routing' tabs when user deleted objects from the Deleted Objects
library, provided some of these objects were previously deleted
firewalls.</li>
<li>bug #1620284: "conflict when adding library to
Preferences/Libraries". When the user tried to add a library to
the list in Preferemces/Libraries when a data file with the same
object library was loaded, the GUI detected the conflict and
showed error dialog.</li>
<li>bug #1650369: "[patch] please add support for
GNU/kFreeBSD". Applied patch to make code compile on kFreeBSD.</li>
</ul>
<h2>Compiler for iptables</h2>
<ul>
<li>bug #1623338: "Can not disable rules in a branch". Compiler for
iptables ignored flag 'disabled' on rules in a branch.
</li>
<li>bug #1623113: 'connlimit fails in compiled "address table"
rules' Module connlimit can only be used in iptables rules
matching TCP services. Such iptables commands have "-p tcp"
and/or "-m tcp" options. If a rule in fwbuilder uses TCP Service
and connlimit option and has multiple objects in src and dst,
optimizer used to split it to minimize matches. It however
preserved connlimit option in all subrules, even though some of
them did not have TCP service after the split. This lead to
generation of incorrect iptables commands.</li>
<li>bug #1620925: "compile-time AddressTable object with empty
file". Compile-time AddressTable object that uses file with no
addresses should be treated as an empty group according to the
"Ignore empty groups" option.</li>
<li>bug #1618381: "CLASSIFY/MARK are non-terminating". This bug
report in fact reported several problems.
<p>
<ul>
<li>For action Branch with option to add branching rule to the
mangle table: we now generate rules in PREROUTING,
POSTROUTING, INPUT, OUTPUT and FORWARD chains. This is
because some targets can only work in PREROUTING or
POSTROUTING chains but we do not know what rules will user
put in the branch. So we need to branch in all chains
</li>
<li>For rules in mangle table with direction set to Inbound or
Outbound force chain to PREROUTING or POSTROUTING
respectively early. This eliminates duplicates such as the
same rule in PREROUTING and INPUT chains. Also since most
(all?) targets that require mangle table go into either
PREROUTING or POSTROUTING chains, it should be enough to use
these two chains.
</li>
<li>Non-terminating rules shadow each other "backwards", that
is more general rule shadows other rules _above_ it. Added
flag 'reverse' to the method find_more_general_rule and
added new rule processor
DetectShadowingForNonTerminatingRules that finds such cases
of 'reverse' shadowing. Using it for rules in the mangle
table for iptables.
</li>
<li>Adding iptables rule with target ACCEPT to emulate
terminating behavior for Tag and Classify actions. Emulation
is controlled by a global option in the "Compiler" tab of
the firewall properties dialog (default is "off"). This
means emulation can be turned on and off for all rules that
might require it at once. It is impossible to mix such rules
with terminating and non-termninating behavior. The reason
for this is that shadowing detection algorithm can only work
with either terminating or non-terminating rules, not with
the mix. </li>
</ul>
</p>
</li>
<li>bug #1628989: "run-time-loaded rules don't accept ";" as line
comment"</li>
<li>bug #1632054: "Runtime AddressObjects FAIL to load if "Name:"
contains "."". Compiler checks if the name of the run-time
AddressTable object contains characters that have special meaning
in sheel and relaces them with '_' when it generates the name of
the temporary shell variable.</li>
<li>bug (no num.): data files used for run-time AddressTable objects
can have empty lines, the script should skip them.</li>
</ul>
</body>
</html>

118
doc/ReleaseNotes_2.1.9.txt Normal file
View File

@@ -0,0 +1,118 @@
Firewall Builder Release Notes
Version 2.1.9
Released 02/10/2007
GUI and compilers v2.1.9 require API library libfwbuilder version 2.1.9
Summary
This is bugfix release.
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
Improvements and bug fixes in the GUI
* New feature: new operation "Tools/Find Conflicting Objects in Two Data
Files". This operation inspects two data files (either .fwb or .fwl)
and finds conflicting objects. Conflicting objects have the same
internal ID but different attributes. Two data files can not be
merged, or one imported into another, if they contain such objects.
This operation also helps identify changes made to objects in two
copies of the same data file. This operation does not find objects
present in one file but not in the other, such objects present no
problem for merge or import operations. This operation works with two
external files, neither of which needs to be opened in the program.
Currently opened data file is not affected by this operation and
objects in the tree do not change. In the process of this operation
user is presented with series of dialogs showing conflicting objects
side by side. In the end the program can generate report and write it
to a text file.
* installOptionsDialog was too large and did not fit on some laptop
screens. Doing tricks to make sure the dialog properly resized after
unused GUI elements are hidden.
* bug #1629521: "can't delete empty chain/policy tab"
* bug #1619842: "prolog "script editor" opens behind other windows"
* bug #1620206: "RuleOptions' "Apply" button greyed-out until menu
selection"
* bug 1619930: "Prolog tab's ScriptEditor's import fails to overwrite"
* bug #1617501:"Install fails after compile". The GUI got confused when
user enter full path to the policy file in the "Output file name"
input field in the "Compiler" tab of firewall object dialog. Making
sure we always strip directory path from the file name if user
specified full path for the policy file in the "Output file name"
input field in the "Compiler" tab of firewall object dialog. Need to
strip path when macro "%FWSCRIPT%" is substituted in installation
scriptlets and in some other places.
* "Apply" and "Close" buttons in the objct editor panel should be of
fixed size horizontally
* bug #1624577: "group window doesn't stay open on multiple-adds". Using
special flag to tell ObjectTreeView that it should ignore
MouseReleaseEvent it gets after d&d operation, so it wont switch
object in the editor panel. Note the bug triggered only on Mac OS X.
* bug (no num.): GUI used show fanthom 'Policy', 'NAT' and 'Routing'
tabs when user deleted objects from the Deleted Objects library,
provided some of these objects were previously deleted firewalls.
* bug #1620284: "conflict when adding library to Preferences/Libraries".
When the user tried to add a library to the list in
Preferemces/Libraries when a data file with the same object library
was loaded, the GUI detected the conflict and showed error dialog.
* bug #1650369: "[patch] please add support for GNU/kFreeBSD". Applied
patch to make code compile on kFreeBSD.
Compiler for iptables
* bug #1623338: "Can not disable rules in a branch". Compiler for
iptables ignored flag 'disabled' on rules in a branch.
* bug #1623113: 'connlimit fails in compiled "address table" rules'
Module connlimit can only be used in iptables rules matching TCP
services. Such iptables commands have "-p tcp" and/or "-m tcp"
options. If a rule in fwbuilder uses TCP Service and connlimit option
and has multiple objects in src and dst, optimizer used to split it to
minimize matches. It however preserved connlimit option in all
subrules, even though some of them did not have TCP service after the
split. This lead to generation of incorrect iptables commands.
* bug #1620925: "compile-time AddressTable object with empty file".
Compile-time AddressTable object that uses file with no addresses
should be treated as an empty group according to the "Ignore empty
groups" option.
* bug #1618381: "CLASSIFY/MARK are non-terminating". This bug report in
fact reported several problems.
* For action Branch with option to add branching rule to the mangle
table: we now generate rules in PREROUTING, POSTROUTING, INPUT,
OUTPUT and FORWARD chains. This is because some targets can only
work in PREROUTING or POSTROUTING chains but we do not know what
rules will user put in the branch. So we need to branch in all
chains
* For rules in mangle table with direction set to Inbound or
Outbound force chain to PREROUTING or POSTROUTING respectively
early. This eliminates duplicates such as the same rule in
PREROUTING and INPUT chains. Also since most (all?) targets that
require mangle table go into either PREROUTING or POSTROUTING
chains, it should be enough to use these two chains.
* Non-terminating rules shadow each other "backwards", that is more
general rule shadows other rules _above_ it. Added flag 'reverse'
to the method find_more_general_rule and added new rule processor
DetectShadowingForNonTerminatingRules that finds such cases of
'reverse' shadowing. Using it for rules in the mangle table for
iptables.
* Adding iptables rule with target ACCEPT to emulate terminating
behavior for Tag and Classify actions. Emulation is controlled by
a global option in the "Compiler" tab of the firewall properties
dialog (default is "off"). This means emulation can be turned on
and off for all rules that might require it at once. It is
impossible to mix such rules with terminating and
non-termninating behavior. The reason for this is that shadowing
detection algorithm can only work with either terminating or
non-terminating rules, not with the mix.
* bug #1628989: "run-time-loaded rules don't accept ";" as line comment"
* bug #1632054: "Runtime AddressObjects FAIL to load if "Name:" contains
"."". Compiler checks if the name of the run-time AddressTable object
contains characters that have special meaning in sheel and relaces
them with '_' when it generates the name of the temporary shell
variable.
* bug (no num.): data files used for run-time AddressTable objects can
have empty lines, the script should skip them.

335
doc/ReleaseNotes_2_0.html Normal file
View File

@@ -0,0 +1,335 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0 </h2>
<br>
<p>
Released 07/28/04
<br>
<b>GUI and compilers v2.0 require API library libfwbuilder version 2.0</b>
<br>
<h2>Summary </h2>
<p>
<b>Firewall Builder GUI v2.0 has been completely rewritten using QT</b>
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<h2>What's new</h2>
<p>
The GUI has been rewritten from scratch. The new GUI is based on
QT 3.x. It has been tested with Qt v3.1.1, 3.2.3 and 3.3.1. We
build on RedHat 9.0, Mandrake 10, SuSE 9.1, FreeBSD 5.2 using QT
packages that come with these systems.
<p>The GUI has been redesigned to addresses problems known to
exist in fwbuilder 1.1.x user interface:
<ul>
<li>Speed imporevements in the GUI. Firewall policy that consist
of 1000 rules renders just as fast as policy that has only 10
rules. The GUI has actually been tested with 1000 rules
policies.</li>
<li>Object tree is not synchronized with firewall policy
view. Selecting an object in the tree does not immediately open
it in the right hand panel in the main window. Right hand side
panel is dedicated for the policy view and always shows policy
or NAT rules of the firewall selected in the pull-down menu
above it. Editing of all objects is done in a separate floating
editor window that can be kept open at all times.
</li>
<li>Properties of an object selected in the tree or in any rule
are shown in the information panel under the tree. The size of
the panel can be changed; the panel has three modes of
operation: a) hidden, b) showing only comment associated with
selected object, c) showing its parameters and comment. User can
choose the mode by clilcking on the toolbar button under the
information panel.</li>
<li>"Find object" function finds obejcts by their name in the
tree, in groups and in rules. Regular expressions are
recognized.</li>
<li>Built-in version control based on RCS provides for a simple
way to track changes.</li>
<li>Data file can be opened read-only for inspection. If the
file is checked out and locked by a different user, it can only
be opened read-only.</li>
<li>Data file can be given on the command line without "-f"
switch. The "-f" is also supported for backwards
compatibility. </li>
<li>The program does not make copies of standard objects in user
data file anymore (per Feature Request #810504 "'Standard'
definitions should not be saved" )</li>
<li>Users can create and distribute their own libraries of
objects. The GUI allows for objects to be exported to external
library file with extension .fwl and imported from such
file.</li>
<li>Objects in the 'Standard' objects library, as well as
objects in libraries imported from external files, are
read-only</li>
<li>Added an option for autosave - if this option is turned on,
the gui periodically saves data to the file. The autosave
interval can be set between 1 minute and 2 hours.</li>
<li>The GUI detects collisions between objects when external
library is imported. Collision is detected when any attribute of
an objects in the tree is different from that attribute in the
object with the same unique ID in the file being imported. Some
old data files may trigger collisions because of subtle
differences in comments</li>
<li>Whenever user changes the name of a firewall, host or an
interface object, the GUI asks whether they want to also rename
all IP and MAC addresses that belong to that firewall or
host. If user agrees to rename them, the program generates names
automatically using scheme 'host_name:interface_name:ip' and
'host_name:interface_name:mac'</li>
<li>Deleted objects are moved to a special library and can be
recovered with "Undelete" operation</li>
<li>Rules can be color-labeled in all policies.</li>
<li>Window size and position is remembered across multiple
sessions for all dialogs.</li>
<li>Two modes of drag-and-drop of objects in policy and NAT
rules: dragging of an object moves it; dragging of an object
with Ctrl key pressed copies it</li>
<li>Multiple objects can be selected in the tree. Operations
such as duplication, moving between libraries, copy/paste can be
performed on multiple selected objects</li>
<li>Multiple rules can also be selected for operations such as
moving, deleting, copy/paste, setting colors</li>
<li>A collection of firewall template objects comes in a
separate XML file with the package. You can create a new
firewall object using one for these templates. This replaced
"help me build firewall" wizard. </li>
<li>The "Help me build firewall policy" wizard was phased out
and replaced with firewall templates. The template library will
be extended in the future releases.</li>
<li>GUI has a built-in installer that uses external ssh client
to communicate with firewall. Installer has simple GUI interface
and works on both Linux and Windows (uses putty or SecureCRT on
Windows). There is no need in external install script
fwb_install anymore.</li>
<li>An option has been added to firewall platforms iptables,
ipfilter, pf and ipfw that sets up a policy rule to permit ssh
access from one specified IP address to the firewall regardless
of other rules. This is for a backup ssh access from the
management workstation in case of an error in the policy that
locks user out of the firewall. The option (a checkbox and entry
field for the management station address) is located in the
"Compiler" tab of the firewall settings dialog. A command that
permits ssh to the firewall from the given address is added on
top of all other rules.</li>
<li>Packages for Windows 2000, Windows XP and Mac OS X will be
distributed under a different license.</li>
<li>The build process is based on qmake and uses autoconf
sparingly. Libtool is not used at all.</li>
<li>Internationalization is done using gettext 0.14.1 which
supports QT .qm files</li>
<li>Reasonably complete French translation is provided.</li>
<li>Object names and comments are stored in the object file in
UTF-8 format. This allows for names and comments to be entered
and displayed in local languages. Although object names can be
localized, it is recommended to keep firewall names in plain
ASCII because compilers do not support UTF-8 yet. This fixes
very old bug #657156: "Special characters problem".</li>
<li>Code compiles with gcc 3.4</li>
</ul>
<br>
<br>
<br>
<h2>New firewall platforms and new features that apply to all
platforms:</h2>
<ul>
<li>
Added support for Linksys devices running Sveasoft
firmware. Firewall object should be configured as platform
"iptables", host OS "linksys". Policy installer works both
using password and public key authentication.</li>
<li>Added an option to firewall platforms iptables, ipfilter, pf
and ipfw that sets up a policy rule to permit ssh access from
one specified IP address to the firewall regardless of other
rules. This is for a backup ssh access from the management
workstation in case of an error in the policy that locks user
out of the firewall. The option (a checkbox and entry field for
the management station address) is located in the "Compiler" tab
of the firewall settings dialog. A command that permits ssh to
the firewall from the given address is added on top of all other
rules.</li>
<li>added attribute 'lastModified' to element FWBObjectDatabase
in DTD. this attribute holds time of last modification done to
any object in the database (GMT). Added support for this
attribute in class FWObjectDatabase. This attribute is
implied.</li>
</ul>
<br>
<br>
<hr>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>fixed bug that appeared only when used with libxml2 2.6.6
and libxslt 1.0.33 - '*Group' elements were not converted
properly (losing all child elements). It worked on RH 9 with
libxml2 2.5.4 and libxslt 1.0.27. Fix tested with libxml2 2.6.6
and libxslt 1.0.33 on Fedora C1 </li>
<li>Method Firewall::duplicate replaces references to the
firewall, its interfaces as well as IPv4 and physical addresses
of the interfaces in all rule sets with references to the copies
of corresponding objects. Now firewall created from another one
using 'duplicate' does not reference interfaces or addresses
that belong to the original firewall object. </li>
<li>bug #950857: "Incorrect conversion of address range" -
address range that consisted of two IP addresses was converted
to a set of networks incorrectly.</li>
<li>bug that occured on big endian architecture (e.g. Macintosh)
because of incorrect usage of preprocessor directives to check
BYTE_ORDER. This bug caused incorrect address arithmetics.</li>
<li>bug #906709: "A dynamic interface". Dynamic interface used
to "shadow" old broadcast object (0.0.0.0)</li>
</ul>
<br>
<br>
<h2>New features in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>Feature Request #913273: make "assume fw is part of any" a
per-rule option</li>
<li>Processing of policy rules where firewall object is used in
src or dst with negation (possibly in combination with other
objects) has been optimized. Before, generated script would
match firewall's addresses in INPUT/OUTPUT and FORWARD chains
which added redundant checks in the FORWARD chain.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>
bug #956544: "Error into load modules script generation",
where generated script would not load kernel modules with
names "module.ko.gz". Regular expression should match on
".ko.*$" to find these modules properly. Thanks to Andrey
Kaminsky <and@fao.lv> who pointed this out.
</li>
<li>bug #934949: "duplicate rules". fwb_ipt created duplicate
rules for a bridging firewall if fw object or its interfaces or
their addresses were not in the source or desintaion</li>
<li>bug #912849: "Reorder activation of network interfaces in
IPT" - script generated by the compiler for iptables sets
default policy to DROP, flushes all rules and then reconfigures
interfaces of the firewall (it used to reconfigure intefaces and
then flush the rules).</li>
<li>bug #906709: "A dynamic interface". Dynamic interface used
to "shadow" old broadcast object (0.0.0.0)</li>
<li>bug #979484: "improper command for rule with service any and
action reject." For rules like that, and if rule options dialog
does not specify particular way to handle this combination, the
compiler splits the rule; the first iptables command rejects any
tcp packet with TCP RST, while the second rejects everything
else with ICMP message.</li>
<li>bug #917422: "compiler misinterprets interface with addr
0.0.0.0". If an interface has IP address "0.0.0.0", it is
considered an error.</li>
<li>bug #978854: "false rule generated for fw object in
interface rule". Policy compiler for iptables generated
incorrect code for rules using negated firewall object in source
or destination when global option "assume firewall is part of
any" was turned off.</li>
<li>bug #925199: "compiles wrongly a double negation". Policy
compiler for iptables generated incorrect code for rules where
two rule elements used negation (i.e. both src and dst, or dst
and srv, etc.)</li>
<li>bug #988860: "Logging missing when firewall start is
aborted". When iptables script generated by fwb_ipt finds
missing interfaces, it prints error message both on stdout and
sends it to the log.</li>
<li>bug #965558: "False ruleset generated for iptables (negate
w/ nat)". There were problems with double negations in NAT rules
(OSrc and ODst, or ODst and OSrv, etc).</li>
<li>bugs #935794: "dual translation and negation in fwb_ipt" and
#986376: "Wrong result for negated source in NAT rules". Dual
translation rule with negation in OSrc did not process negation
in the second half (POSTROUTING rule, the one that translates
the source).</li>
<li>bug #990037: "Wrong rule generated: fw interface included in
negated group". Rules with negation should not generate code in
INPUT/OUTPUT chains if option "assume firewall is part of any"
is off.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_pf:</h2>
<ul>
<li> bug (no number) where fwb_pf would not include code defined by
custom service object in the .conf file</li>
<li>bug #985527: pf NAT rules miss destination port
specification. NAT rules that translate to "map" missed
destination port specification. </li>
<li>bug #986518: "PF redirection always point to loopback
address"</li>
</ul>
</body>
</html>

227
doc/ReleaseNotes_2_0.txt Normal file
View File

@@ -0,0 +1,227 @@
Firewall Builder Release Notes
Version 2.0
Released 07/28/04
GUI and compilers v2.0 require API library libfwbuilder version 2.0
Summary
Firewall Builder GUI v2.0 has been completely rewritten using QT
For those who wish to build from source, instructions are outlined in
"Install and Build instructions"
What's new
The GUI has been rewritten from scratch. The new GUI is based on QT 3.x.
It has been tested with Qt v3.1.1, 3.2.3 and 3.3.1. We build on RedHat
9.0, Mandrake 10, SuSE 9.1, FreeBSD 5.2 using QT packages that come with
these systems.
The GUI has been redesigned to addresses problems known to exist in
fwbuilder 1.1.x user interface:
* Speed imporevements in the GUI. Firewall policy that consist of 1000
rules renders just as fast as policy that has only 10 rules. The GUI
has actually been tested with 1000 rules policies.
* Object tree is not synchronized with firewall policy view. Selecting
an object in the tree does not immediately open it in the right hand
panel in the main window. Right hand side panel is dedicated for the
policy view and always shows policy or NAT rules of the firewall
selected in the pull-down menu above it. Editing of all objects is
done in a separate floating editor window that can be kept open at
all times.
* Properties of an object selected in the tree or in any rule are
shown in the information panel under the tree. The size of the panel
can be changed; the panel has three modes of operation: a) hidden,
b) showing only comment associated with selected object, c) showing
its parameters and comment. User can choose the mode by clilcking on
the toolbar button under the information panel.
* "Find object" function finds obejcts by their name in the tree, in
groups and in rules. Regular expressions are recognized.
* Built-in version control based on RCS provides for a simple way to
track changes.
* Data file can be opened read-only for inspection. If the file is
checked out and locked by a different user, it can only be opened
read-only.
* Data file can be given on the command line without "-f" switch. The
"-f" is also supported for backwards compatibility.
* The program does not make copies of standard objects in user data
file anymore (per Feature Request #810504 "'Standard' definitions
should not be saved" )
* Users can create and distribute their own libraries of objects. The
GUI allows for objects to be exported to external library file with
extension .fwl and imported from such file.
* Objects in the 'Standard' objects library, as well as objects in
libraries imported from external files, are read-only
* Added an option for autosave - if this option is turned on, the gui
periodically saves data to the file. The autosave interval can be
set between 1 minute and 2 hours.
* The GUI detects collisions between objects when external library is
imported. Collision is detected when any attribute of an objects in
the tree is different from that attribute in the object with the
same unique ID in the file being imported. Some old data files may
trigger collisions because of subtle differences in comments
* Whenever user changes the name of a firewall, host or an interface
object, the GUI asks whether they want to also rename all IP and MAC
addresses that belong to that firewall or host. If user agrees to
rename them, the program generates names automatically using scheme
'host_name:interface_name:ip' and 'host_name:interface_name:mac'
* Deleted objects are moved to a special library and can be recovered
with "Undelete" operation
* Rules can be color-labeled in all policies.
* Window size and position is remembered across multiple sessions for
all dialogs.
* Two modes of drag-and-drop of objects in policy and NAT rules:
dragging of an object moves it; dragging of an object with Ctrl key
pressed copies it
* Multiple objects can be selected in the tree. Operations such as
duplication, moving between libraries, copy/paste can be performed
on multiple selected objects
* Multiple rules can also be selected for operations such as moving,
deleting, copy/paste, setting colors
* A collection of firewall template objects comes in a separate XML
file with the package. You can create a new firewall object using
one for these templates. This replaced "help me build firewall"
wizard.
* The "Help me build firewall policy" wizard was phased out and
replaced with firewall templates. The template library will be
extended in the future releases.
* GUI has a built-in installer that uses external ssh client to
communicate with firewall. Installer has simple GUI interface and
works on both Linux and Windows (uses putty or SecureCRT on
Windows). There is no need in external install script fwb_install
anymore.
* An option has been added to firewall platforms iptables, ipfilter,
pf and ipfw that sets up a policy rule to permit ssh access from one
specified IP address to the firewall regardless of other rules. This
is for a backup ssh access from the management workstation in case
of an error in the policy that locks user out of the firewall. The
option (a checkbox and entry field for the management station
address) is located in the "Compiler" tab of the firewall settings
dialog. A command that permits ssh to the firewall from the given
address is added on top of all other rules.
* Packages for Windows 2000, Windows XP and Mac OS X will be
distributed under a different license.
* The build process is based on qmake and uses autoconf sparingly.
Libtool is not used at all.
* Internationalization is done using gettext 0.14.1 which supports QT
.qm files
* Reasonably complete French translation is provided.
* Object names and comments are stored in the object file in UTF-8
format. This allows for names and comments to be entered and
displayed in local languages. Although object names can be
localized, it is recommended to keep firewall names in plain ASCII
because compilers do not support UTF-8 yet. This fixes very old bug
#657156: "Special characters problem".
* Code compiles with gcc 3.4
New firewall platforms and new features that apply to all platforms:
* Added support for Linksys devices running Sveasoft firmware.
Firewall object should be configured as platform "iptables", host OS
"linksys". Policy installer works both using password and public key
authentication.
* Added an option to firewall platforms iptables, ipfilter, pf and
ipfw that sets up a policy rule to permit ssh access from one
specified IP address to the firewall regardless of other rules. This
is for a backup ssh access from the management workstation in case
of an error in the policy that locks user out of the firewall. The
option (a checkbox and entry field for the management station
address) is located in the "Compiler" tab of the firewall settings
dialog. A command that permits ssh to the firewall from the given
address is added on top of all other rules.
* added attribute 'lastModified' to element FWBObjectDatabase in DTD.
this attribute holds time of last modification done to any object in
the database (GMT). Added support for this attribute in class
FWObjectDatabase. This attribute is implied.
--------------------------------------------------------------------
Bugs fixed in libfwbuilder API:
* fixed bug that appeared only when used with libxml2 2.6.6 and
libxslt 1.0.33 - '*Group' elements were not converted properly
(losing all child elements). It worked on RH 9 with libxml2 2.5.4
and libxslt 1.0.27. Fix tested with libxml2 2.6.6 and libxslt 1.0.33
on Fedora C1
* Method Firewall::duplicate replaces references to the firewall, its
interfaces as well as IPv4 and physical addresses of the interfaces
in all rule sets with references to the copies of corresponding
objects. Now firewall created from another one using 'duplicate'
does not reference interfaces or addresses that belong to the
original firewall object.
* bug #950857: "Incorrect conversion of address range" - address range
that consisted of two IP addresses was converted to a set of
networks incorrectly.
* bug that occured on big endian architecture (e.g. Macintosh) because
of incorrect usage of preprocessor directives to check BYTE_ORDER.
This bug caused incorrect address arithmetics.
* bug #906709: "A dynamic interface". Dynamic interface used to
"shadow" old broadcast object (0.0.0.0)
New features in iptables policy compiler fwb_ipt:
* Feature Request #913273: make "assume fw is part of any" a per-rule
option
* Processing of policy rules where firewall object is used in src or
dst with negation (possibly in combination with other objects) has
been optimized. Before, generated script would match firewall's
addresses in INPUT/OUTPUT and FORWARD chains which added redundant
checks in the FORWARD chain.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #956544: "Error into load modules script generation", where
generated script would not load kernel modules with names
"module.ko.gz". Regular expression should match on ".ko.*$" to find
these modules properly. Thanks to Andrey Kaminsky <and@fao.lv> who
pointed this out.
* bug #934949: "duplicate rules". fwb_ipt created duplicate rules for
a bridging firewall if fw object or its interfaces or their
addresses were not in the source or desintaion
* bug #912849: "Reorder activation of network interfaces in IPT" -
script generated by the compiler for iptables sets default policy to
DROP, flushes all rules and then reconfigures interfaces of the
firewall (it used to reconfigure intefaces and then flush the
rules).
* bug #906709: "A dynamic interface". Dynamic interface used to
"shadow" old broadcast object (0.0.0.0)
* bug #979484: "improper command for rule with service any and action
reject." For rules like that, and if rule options dialog does not
specify particular way to handle this combination, the compiler
splits the rule; the first iptables command rejects any tcp packet
with TCP RST, while the second rejects everything else with ICMP
message.
* bug #917422: "compiler misinterprets interface with addr 0.0.0.0".
If an interface has IP address "0.0.0.0", it is considered an error.
* bug #978854: "false rule generated for fw object in interface rule".
Policy compiler for iptables generated incorrect code for rules
using negated firewall object in source or destination when global
option "assume firewall is part of any" was turned off.
* bug #925199: "compiles wrongly a double negation". Policy compiler
for iptables generated incorrect code for rules where two rule
elements used negation (i.e. both src and dst, or dst and srv, etc.)
* bug #988860: "Logging missing when firewall start is aborted". When
iptables script generated by fwb_ipt finds missing interfaces, it
prints error message both on stdout and sends it to the log.
* bug #965558: "False ruleset generated for iptables (negate w/ nat)".
There were problems with double negations in NAT rules (OSrc and
ODst, or ODst and OSrv, etc).
* bugs #935794: "dual translation and negation in fwb_ipt" and
#986376: "Wrong result for negated source in NAT rules". Dual
translation rule with negation in OSrc did not process negation in
the second half (POSTROUTING rule, the one that translates the
source).
* bug #990037: "Wrong rule generated: fw interface included in negated
group". Rules with negation should not generate code in INPUT/OUTPUT
chains if option "assume firewall is part of any" is off.
Bugs fixed in iptables policy compiler fwb_pf:
* bug (no number) where fwb_pf would not include code defined by
custom service object in the .conf file
* bug #985527: pf NAT rules miss destination port specification. NAT
rules that translate to "map" missed destination port specification.
* bug #986518: "PF redirection always point to loopback address"

131
doc/ReleaseNotes_template.html Normal file
View File

@@ -0,0 +1,131 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.1 </h2>
<br>
<p>
Released MM/DD/YY
<br>
<b>GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1</b>
<br>
<h2>Summary </h2>
<p>
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI:
<p>
<ul>
<li>
</li>
</ul>
<br>
</li>
<li>Improvements in policy compiler for iptables:
<p>
<ul>
<li>
</li>
</ul>
<br><br>
</li>
<li>Improvements in policy compiler for ipfiler:
<p>
<ul>
<li>
</li>
</ul>
<p>
</li>
<li>Improvements in policy compilers for all platforms:
<p>
<ul>
<li>
</li>
</ul>
<p>
</li>
<li>
New components:
<p>
<ul>
<li>
</li>
</ul>
<br>
</ul>
<br>
<br>
<hr>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>
</li>
</ul>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>
</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>
</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipf:</h2>
<ul>
<li>
</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_pf:</h2>
<ul>
<li>
</li>
</ul>
</body>
</html>

69
doc/doc.pro Normal file
View File

@@ -0,0 +1,69 @@
#-*- mode: makefile; tab-width: 4; -*-
#
include(../qmake.inc)
win32 {
QMAKE_RUN_CC = @echo
QMAKE_RUN_CXX = @echo
QMAKE_LINK = @echo
}
!win32 {
QMAKE_RUN_CC = @echo > /dev/null
QMAKE_RUN_CXX = @echo > /dev/null
QMAKE_LINK = @echo > /dev/null
}
TARGET = doc
doc.files = AUTHORS \
ChangeLog \
COPYING \
Credits \
README.floppyfw \
README.ipf \
README.ipfw \
README.ipt \
README.pf \
README.routing \
README.iosacl \
README.policy_import \
FWBuilder-Routing-LICENSE.txt \
PatchAcceptancePolicy.txt \
ReleaseNotes_2.1.7.html \
ReleaseNotes_2.1.7.txt \
ReleaseNotes_2.1.8.html \
ReleaseNotes_2.1.8.txt \
ReleaseNotes_2.1.9.html \
ReleaseNotes_2.1.9.txt \
ReleaseNotes_2.1.10.html \
ReleaseNotes_2.1.10.txt \
ReleaseNotes_2.1.11.html \
ReleaseNotes_2.1.11.txt \
ReleaseNotes_2.1.12.html \
ReleaseNotes_2.1.12.txt \
ReleaseNotes_2.1.13.html \
ReleaseNotes_2.1.13.txt \
ReleaseNotes_2.1.14.html \
ReleaseNotes_2.1.14.txt \
ReleaseNotes_2.1.15.html \
ReleaseNotes_2.1.15.txt
doc.path = $$DOCDIR
man.files = fwbedit.1 \
fwblookup.1 \
fwbuilder.1 \
fwb_ipf.1 \
fwb_ipfw.1 \
fwb_ipt.1 \
fwb_pf.1 \
# fwb_install.1 \
# fwb_compile_all.1 \
man.path = $$MANDIR/man1
INSTALLS -= target
INSTALLS += doc
INSTALLS += man

446
doc/examples.fwb Normal file
View File

@@ -0,0 +1,446 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.5" lastModified="1150430669" id="root">
<Library color="#d2ffd0" id="id449356F828075" name="User">
<ObjectGroup id="id449356F928075" name="Objects">
<ObjectGroup id="id449356FA28075" name="Addresses"/>
<ObjectGroup id="id449356FB28075" name="DNS Names"/>
<ObjectGroup id="id449356FC28075" name="Address Tables"/>
<ObjectGroup id="id449356FD28075" name="Groups"/>
<ObjectGroup id="id449356FE28075" name="Hosts">
<Host comment="This object represents a PC with a single network interface" id="id44935FEF28075" name="server">
<Interface bridgeport="False" dyn="False" id="id44935FF128075" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="192.168.1.1" comment="" id="id44935FF228075" name="server:eth0:ip" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="id449356FF28075" name="Networks"/>
<ObjectGroup id="id4493570028075" name="Address Ranges"/>
</ObjectGroup>
<ServiceGroup id="id4493570128075" name="Services">
<ServiceGroup id="id4493570228075" name="Groups"/>
<ServiceGroup id="id4493570328075" name="ICMP"/>
<ServiceGroup id="id4493570428075" name="IP"/>
<ServiceGroup id="id4493570528075" name="TCP"/>
<ServiceGroup id="id4493570628075" name="UDP"/>
<ServiceGroup id="id4493570728075" name="Custom"/>
<ServiceGroup id="id4493570828075" name="TagServices">
<TagService comment="" id="id44935FFA28075" name="tag-isp1" tagcode="1"/>
<TagService comment="" id="id44935FFB28075" name="tag-isp2" ro="False" tagcode="2"/>
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="id4493570928075" name="Firewalls">
<Firewall comment="this firewall demonstrates technique for the redundant Internet connection through two different ISPs. Firewall provides outgoing access for hosts on internal network through ISP1 and allows access to a server on internal net using NAT through IP addresses provided by both ISPs." host_OS="linux24" id="id44935AA428075" inactive="False" lastCompiled="1150429960" lastInstalled="0" lastModified="1150430669" name="example1" platform="iptables" ro="False" version="">
<NAT id="id44935B3E28075">
<NATRule comment="Translate source address&#10;for outgoing connections" disabled="False" id="id44935B4D28075" position="0">
<OSrc neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id44935B6E28075"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id44935B5C28075" position="1">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id44935B7428075"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id44935FEF28075"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id4493621228075" position="2">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id44935B6E28075"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id44935FEF28075"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id44935AAA28075">
<PolicyRule action="Tag" direction="Inbound" disabled="False" id="id44935B8828075" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id44935B6E28075"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">True</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagvalue">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Tag" direction="Inbound" disabled="False" id="id44935FFD28075" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id44935B7428075"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">True</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="tagvalue">2</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Route" direction="Both" disabled="False" id="id4493608A28075" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id44935FFA28075"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif">eth1</Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Route" direction="Both" disabled="False" id="id4493609728075" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id44935FFB28075"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_anchor_name"></Option>
<Option name="branch_chain_name"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif">eth2</Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4493613C28075" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id44935FEF28075"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4493615428075" log="False" position="5">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id44935B3228075" log="True" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
</Policy>
<Routing id="id44935B6A28075"/>
<Interface bridgeport="False" comment="this interface is internal, it is connected to LAN behind the firewall" dyn="False" id="id44935B6B28075" label="" mgmt="True" name="eth0" security_level="100" unnum="False">
<IPv4 address="192.168.1.1" comment="" id="id44935B6D28075" name="example1:eth0:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="first external interface connected to ISP1" dyn="False" id="id44935B6E28075" label="" mgmt="False" name="eth1" security_level="0" unnum="False">
<IPv4 address="192.0.2.1" comment="" id="id44935B7028075" name="example1:eth1:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="loopback interface" dyn="False" id="id44935B7128075" label="" mgmt="False" name="lo" security_level="100" unnum="False">
<IPv4 address="127.0.0.1" comment="" id="id44935B7328075" name="example1:lo:ip" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="the second external interface, connected to ISP2" dyn="False" id="id44935B7428075" label="" mgmt="False" name="eth2" security_level="0" unnum="False">
<IPv4 address="192.0.3.1" comment="" id="id44935B7628075" name="example1:eth2:ip" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="id4493570A28075" name="Time"/>
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="id3DC75CE7-2"/>
</Library>
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="False">
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
<AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
<ServiceGroup id="stdid05" name="Services">
<ServiceGroup id="stdid09" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="80" dst_range_start="80" fin_flag="False" fin_flag_mask="False" id="tcp-HTTP" name="http" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="25" dst_range_start="25" fin_flag="False" fin_flag_mask="False" id="tcp-SMTP" name="smtp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="stdid01" name="Objects">
<ObjectGroup id="stdid03" name="Networks">
<Network comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" id="id3DC75CE7-1" name="net-192.168.1.0" address="192.168.1.0" netmask="255.255.255.0"/>
<Network comment="192.168.2.0/24 - Address often used for home and small office networks.&#10;" id="id3DC75CE7-2" name="net-192.168.2.0" address="192.168.2.0" netmask="255.255.255.0"/>
</ObjectGroup>
</ObjectGroup>
</Library>
</FWObjectDatabase>

56
doc/fwb_compile_all.1 Normal file
View File

@@ -0,0 +1,56 @@
.TH fwb_compile_all 1 "" FWB "Firewall Builder"
.SH NAME
fwb_compile_all \- Wrapper script that compiles policies for multiple firewall objects
.SH SYNOPSIS
.B fwb_compile_all
.RB -f file.xml
.RB [-d wdir]
.RB [-av]
[obj[ obj ...]]
.SH "DESCRIPTION"
.B fwb_compile_all
is a wrapper script that compiles policies for several firewall
objects in one batch job. This script takes a list of firewall object
names on the command line (or '-a' command line option, see below) and
calls policy compiler for each one. The script correctly determines
which policy compiler is needed depending on the firewall platform of
each object.
.SH OPTIONS
.IP "-a"
The script processes all firewall objects in the "/Firewalls" subtree.
.IP "-d wdir"
Specify working directory. Compiler creates file with iptables script
in this directory. If this parameter is missing, then iptables script
will be placed in the current working directory.
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-v"
Script passes this option to the compiler, this makes it print
diagnostic messages indicating its progress.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1)
.BR fwb_ipf(1)
.BR fwb_pf(1)
.BR fwbedit(1),
.BR fwblookup(1)
.P

126
doc/fwb_install.1 Normal file
View File

@@ -0,0 +1,126 @@
.\"-*- mode: nroff; tab-width: 4; -*-
.\"
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_install 1 "" FWB "Firewall Builder"
.SH NAME
fwb_install \- Firewall policy installation and activation script
.SH SYNOPSIS
.B fwb_install
.B [-d wdir]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_install
is firewall policy installation and activation script for Firewall
Builder (see fwbuilder(1)). This script transfers compiled
rulesets via ssh to a firewall and activates them. Optionally it
transfers a backup of the .xml source file, too.
.PP
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.PP
The firewall rules should allow ssh traffic to the firewall, or you
will lock yourself out.
.PP
.SH INSTALLATION
You should have a ssh and sshd installed and configured properly.
.PP
Make a public/private keypair using ssh-keygen tool, the public key
goes into ~$REMOTEUSER/.ssh/ on the firewall, $SSHIDENTITY locally
points to the private key. Protect your key with a good passphrase!
.PP
Tell fwbuilder to use the script: enter /home/vadim/Projects/fwb/fwbuilder/../usr//bin/fwb_install (a full
path and name for this script) in the "install script" entry field in
the firewall object dialog.
.PP
To customize the script you can adjust the following variables inside
of it :
.PP
.PD 0
.TP
.B REMOTEDIR
Specifies where the firewall script or configuration file will be
placed on the firewall (default: "/etc/firewall")
.TP
.B REMOTEUSER
Specifies the user on the firewall allowed to set up the firewall rulesets
(default: "root")
.TP
.B DOXMLBACKUP
Specifies whether we want to store a backup copy of the .xml on the firewall
(default: "YES")
.TP
.B SSHIDENTITY
location of private ssh key (default: "${HOME}/.ssh/id_dsa")
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-d wdir"
Specify working directory. Policy compilers create firewall
configurations and/or scripts in this directory. If this parameter is
missing, then script looks in the current working directory.
.SH CAVEATS
The firewall rules should allow ssh traffic to the firewall, or you
will lock yourself out.
.PP
The script uses address of firewall's interface which is marked as
"management". The script aborts if there is no management interface.
.PP
There still is a depenency on the current DTD structure in that the
script assumes that all firewalls are always located in the tree
branch "Firewalls". This may change in the future; the script will
need to be updated then.
.PP
This script has been developed and tested for iptables firewall on
Linux systems. To the best of my knowledge, nobody used this script
for any other firewall type or OS, however it should work for any
firewall running on a Unix box where firewall configuration is
represented in a form of a shell script. On example is ipfw used on
FreeBSD or Mac OS X.
.PP
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH AUTHOR
David Gullasch <xonox@web.de>, <gullasch@secunet.de>
Changes and corrections by Vadim Kurland <vadim@fwbuilder.org>
.SH DISCLAIMER
(K) 2001 by David Gullasch <xonox@web.de>, <gullasch@secunet.de> All
rights reversed. Copy what you like, but give credit and include this
note. Don't blame me when this script does not do what you want it to
- there is no bug-free software.
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_ipf(1),
.BR fwb_pf(1)
.P

139
doc/fwb_ipf.1 Normal file
View File

@@ -0,0 +1,139 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_ipf 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipf \- Policy compiler for ipfilter
.SH SYNOPSIS
.B fwb_ipf
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipf
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for ipfilter. Compiler
reads objects definitions and firewall description from the data file
specified with "-f" option and generates ipfilter configuration files
and firewall activation script.
All generated files have names that start with the name of the
firewall object. Firewall activation script has extension ".fw" and is
simple shell script that flushes current policy, loads new filter and
nat rules and then activates ipfilter. IPFilter configuration file name
starts with the name of the firewall object, plus "-ipf.conf". NAT
configuration file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object has name
"myfirewall", then compiler will create three files: "myfirewall.fw",
"myfirewall-pf.conf", "myfirewall-nat.conf".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script and ipfilter configuration files in this directory. If this
parameter is missing, then all files will be placed in the
current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for ipf returned in version 1.0.1 of Firewall Builder
Supported features:
.IP o
both ipf.conf and nat.conf files are generated
.IP o
negation in policy rules
.IP o
stateful inspection in individual rule can be turned off in rule
options dialog. By default compiler adds "keep state" or "modulate
state" to each rule with action 'pass'
.IP o
rule options dialog provides a choice of icmp or tcp rst replies for
rules with action "Reject"
.IP o
compiler adds flag "allow-opts" if match on ip options is needed
.IP o
compiler can generate rules matching on TCP flags
.IP o
compiler can generate script adding ip aliases for NAT rules using addresses
that do not belong to any interface of the firewall
.IP o
compiler always adds rule "block quick all" at the very bottom of
the script to ensure "block all by default" policy even if the policy
is empty.
.IP o
Address ranges in both policy and NAT
.PP
Features that are not supported (yet)
.IP o
negation in NAT
.IP o
custom services
.PP
Features that won't be supported (at least not anytime soon)
.IP o
policy routing
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_pf(1)
.P

139
doc/fwb_ipf21.1 Normal file
View File

@@ -0,0 +1,139 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_ipf 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipf \- Policy compiler for ipfilter
.SH SYNOPSIS
.B fwb_ipf
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipf
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for ipfilter. Compiler
reads objects definitions and firewall description from the data file
specified with "-f" option and generates ipfilter configuration files
and firewall activation script.
All generated files have names that start with the name of the
firewall object. Firewall activation script has extension ".fw" and is
simple shell script that flushes current policy, loads new filter and
nat rules and then activates ipfilter. IPFilter configuration file name
starts with the name of the firewall object, plus "-ipf.conf". NAT
configuration file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object has name
"myfirewall", then compiler will create three files: "myfirewall.fw",
"myfirewall-pf.conf", "myfirewall-nat.conf".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script and ipfilter configuration files in this directory. If this
parameter is missing, then all files will be placed in the
current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for ipf returned in version 1.0.1 of Firewall Builder
Supported features:
.IP o
both ipf.conf and nat.conf files are generated
.IP o
negation in policy rules
.IP o
stateful inspection in individual rule can be turned off in rule
options dialog. By default compiler adds "keep state" or "modulate
state" to each rule with action 'pass'
.IP o
rule options dialog provides a choice of icmp or tcp rst replies for
rules with action "Reject"
.IP o
compiler adds flag "allow-opts" if match on ip options is needed
.IP o
compiler can generate rules matching on TCP flags
.IP o
compiler can generate script adding ip aliases for NAT rules using addresses
that do not belong to any interface of the firewall
.IP o
compiler always adds rule "block quick all" at the very bottom of
the script to ensure "block all by default" policy even if the policy
is empty.
.IP o
Address ranges in both policy and NAT
.PP
Features that are not supported (yet)
.IP o
negation in NAT
.IP o
custom services
.PP
Features that won't be supported (at least not anytime soon)
.IP o
policy routing
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_pf(1)
.P

78
doc/fwb_ipfw.1 Normal file
View File

@@ -0,0 +1,78 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_ipfw 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipfw \- Policy compiler for ipfw
.SH SYNOPSIS
.B fwb_ipfw
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipfw
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for ipfw - a firewall and
traffic shaper in FreeBSD (see ipfw(8)). Compiler reads objects
definitions and firewall description from the data file specified with
"-f" option and generates firewall configuration and activation
script.
The generated file has a name that starts with the name of the
firewall object, with an extension ".fw". It is a shell script that
flushes current policy, then loads new filter and nat rules.
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script in this directory. If this parameter is missing, then all
files will be placed in the current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for ipfw was added in version 1.0.10 of Firewall Builder
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_pf(1)
.BR fwb_ipf(1)
.P

78
doc/fwb_ipfw21.1 Normal file
View File

@@ -0,0 +1,78 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_ipfw 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipfw \- Policy compiler for ipfw
.SH SYNOPSIS
.B fwb_ipfw
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipfw
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for ipfw - a firewall and
traffic shaper in FreeBSD (see ipfw(8)). Compiler reads objects
definitions and firewall description from the data file specified with
"-f" option and generates firewall configuration and activation
script.
The generated file has a name that starts with the name of the
firewall object, with an extension ".fw". It is a shell script that
flushes current policy, then loads new filter and nat rules.
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script in this directory. If this parameter is missing, then all
files will be placed in the current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for ipfw was added in version 1.0.10 of Firewall Builder
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_pf(1)
.BR fwb_ipf(1)
.P

59
doc/fwb_ipt.1 Normal file
View File

@@ -0,0 +1,59 @@
.TH fwb_ipt 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipt \- Policy compiler for iptables
.SH SYNOPSIS
.B fwb_ipt
.RB [-wvV]
.RB [-d wdir]
.RB [-o output.fw]
.RB -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipt
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). Compiler reads objects definitions and firewall
description from the data file specified with "-f" option and
generates resultant iptables script. The script is written to
the file with the name the same as the name of the firewall
object, plus extension ".fw".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates file with iptables script
in this directory. If this parameter is missing, then iptables script
will be placed in the current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipf(1),
.BR fwb_pf(1)
.P

59
doc/fwb_ipt21.1 Normal file
View File

@@ -0,0 +1,59 @@
.TH fwb_ipt 1 "" FWB "Firewall Builder"
.SH NAME
fwb_ipt \- Policy compiler for iptables
.SH SYNOPSIS
.B fwb_ipt
.RB [-wvV]
.RB [-d wdir]
.RB [-o output.fw]
.RB -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_ipt
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). Compiler reads objects definitions and firewall
description from the data file specified with "-f" option and
generates resultant iptables script. The script is written to
the file with the name the same as the name of the firewall
object, plus extension ".fw".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates file with iptables script
in this directory. If this parameter is missing, then iptables script
will be placed in the current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipf(1),
.BR fwb_pf(1)
.P

140
doc/fwb_pf.1 Normal file
View File

@@ -0,0 +1,140 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_pf 1 "" FWB "Firewall Builder"
.SH NAME
fwb_pf \- Policy compiler for OpenBSD packet filter "pf"
.SH SYNOPSIS
.B fwb_pf
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_pf
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for OpenBSD Packet
Filter (pf). Compiler reads objects definitions and firewall description
from the data file specified with "-f" option and generates pf
configuration files and firewall activation script.
All generated files have names that start with the name of the
firewall object. Firewall activation script has extension ".fw" and is
simple shell script that flushes current policy, loads new filter and
nat rules and then activates pf. PF configuration file name starts
with the name of the firewall object, plus "-pf.conf". NAT
configuration file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object has name
"myfirewall", then compiler will create three files: "myfirewall.fw",
"myfirewall-pf.conf", "myfirewall-nat.conf".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script and PF configuration files in this directory. If this
parameter is missing, then all files will be placed in the
current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for PF has been introduced in version 1.0.1 of Firewall Builder
Supported features:
.IP o
both pf.conf and nat.conf files are generated
.IP o
negation in policy and NAT rules
.IP o
grouping in "from", "to" and ports using '{' '}' syntax
.IP o
if checkbox "Scrub" is checked in the rule options dialog, and
rule's action is Accept, the compiler generates two (almost)
identical rules: first with action 'scrub' and the second with
action 'pass quick'
.IP o
stateful inspection in individual rule can be turned off in rule
options dialog. By default compiler adds "keep state" or "modulate
state" to each rule with action 'pass'
.IP o
rule options dialog provides a choice of icmp or tcp rst replies for
rules with action "Reject"
.IP o
compiler adds flag "allow-opts" if match on ip options is needed
.IP o
compiler can generate rules matching on TCP flags
.IP o
compiler can generate script adding ip aliases for NAT rules using addresses
that do not belong to any interface of the firewall
.IP o
compiler always adds rule "block quick all" at the very bottom of
the script to ensure "block all by default" policy even if the policy
is empty.
.IP o
Address ranges in both policy and NAT
.PP
Features that are not supported (yet)
.IP o
custom services
.PP
What will not be supported (at least not anytime soon)
.IP o
policy routing
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_ipf(1)
.P

140
doc/fwb_pf21.1 Normal file
View File

@@ -0,0 +1,140 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwb_pf 1 "" FWB "Firewall Builder"
.SH NAME
fwb_pf \- Policy compiler for OpenBSD packet filter "pf"
.SH SYNOPSIS
.B fwb_pf
.B [-vVx]
.B [-d wdir]
.B [-o output.fw]
.B -f data_file.xml
object_name
.SH "DESCRIPTION"
.B fwb_pf
is a firewall policy compiler component of Firewall Builder (see
fwbuilder(1)). This compiler generates code for OpenBSD Packet
Filter (pf). Compiler reads objects definitions and firewall description
from the data file specified with "-f" option and generates pf
configuration files and firewall activation script.
All generated files have names that start with the name of the
firewall object. Firewall activation script has extension ".fw" and is
simple shell script that flushes current policy, loads new filter and
nat rules and then activates pf. PF configuration file name starts
with the name of the firewall object, plus "-pf.conf". NAT
configuration file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object has name
"myfirewall", then compiler will create three files: "myfirewall.fw",
"myfirewall-pf.conf", "myfirewall-nat.conf".
The data file and the name of the firewall objects must be specified
on the command line. Other command line parameters are optional.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-o output.fw"
Specify output file name
.IP "-d wdir"
Specify working directory. Compiler creates firewall activation
script and PF configuration files in this directory. If this
parameter is missing, then all files will be placed in the
current working directory.
.IP "-v"
Be verbose: compiler prints diagnostic messages when it works.
.IP "-V"
Print version number and quit.
.IP "-x"
Generate debugging information while working. This option is intended
for debugging only and may produce lots of cryptic messages.
.SH NOTES
Support for PF has been introduced in version 1.0.1 of Firewall Builder
Supported features:
.IP o
both pf.conf and nat.conf files are generated
.IP o
negation in policy and NAT rules
.IP o
grouping in "from", "to" and ports using '{' '}' syntax
.IP o
if checkbox "Scrub" is checked in the rule options dialog, and
rule's action is Accept, the compiler generates two (almost)
identical rules: first with action 'scrub' and the second with
action 'pass quick'
.IP o
stateful inspection in individual rule can be turned off in rule
options dialog. By default compiler adds "keep state" or "modulate
state" to each rule with action 'pass'
.IP o
rule options dialog provides a choice of icmp or tcp rst replies for
rules with action "Reject"
.IP o
compiler adds flag "allow-opts" if match on ip options is needed
.IP o
compiler can generate rules matching on TCP flags
.IP o
compiler can generate script adding ip aliases for NAT rules using addresses
that do not belong to any interface of the firewall
.IP o
compiler always adds rule "block quick all" at the very bottom of
the script to ensure "block all by default" policy even if the policy
is empty.
.IP o
Address ranges in both policy and NAT
.PP
Features that are not supported (yet)
.IP o
custom services
.PP
What will not be supported (at least not anytime soon)
.IP o
policy routing
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwb_ipt(1),
.BR fwb_ipf(1)
.P

94
doc/fwbedit.1 Normal file
View File

@@ -0,0 +1,94 @@
.TH fwbedit 1 "" FWB "Firewall Builder"
.LO 1
.SH NAME
fwbedit \- General purpose object tree editing tool
.SH SYNOPSIS
.B fwbedit
.RB [-a obj,grp]
.RB [-r obj,grp]
.RB [-d obj]
.RB -f data_file.xml
.SH "DESCRIPTION"
.B fwbedit
is a general purpose object tree editing tool for Firewall Builder (see
fwbuilder(1)). This tool can be used in the shell scripts written for
batch-processing of the Firewall Builder data files. Fwbedit can
perform the following operations on the objects and the tree: add a
reference to the given object to a group, remove reference to an
object from a group and delete an object and all references to it from
the tree. Both object and a group can be specified by their ID or
by their name and a full path in the tree (see section
.B EXAMPLES
below).
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-a obj,grp"
Adds reference to object 'obj' to the group 'grp'.
.IP "-r obj,grp"
Removes reference to object 'obj' from the group 'grp'.
.IP "-d obj"
Deletes object 'obj' and references to it from all groups and rules.
.IP "-V"
Prints version number and quit.
.SH EXAMPLES
.PP
fwbedit -f x.xml -a /Objects/Hosts/A,/Objects/Groups/B
.PP
Adds reference to the Host object 'A' to the group 'B'.
.PP
.PP
fwbedit -f x.xml -a id3D71A1BA,id3D151943
.PP
Adds reference to the object with ID id3D71A1BA to the group with ID
id3D151943. If objects with given IDs do not exist, fwbedit prints an
error message and does not make any changes in the data file.
.PP
.PP
fwbedit -f x.xml -a id3D71A1BA,/Objects/Groups/testgroup
.PP
Adds reference to the object with ID id3D71A1BA to the group
'testgroup'.
.PP
.PP
fwbedit can be used in combination with fwblookup to execute
operations on many objects:
.LP
fwblookup -f x.xml -lP /Objects/Hosts | \\
grep domain.com | \\
while read h; do \\
fwbedit -f x.xml -a $h,/Objects/Groups/domainGRP; \\
done
.PP
first, this script uses fwblookup to print full path of all Host
objects (option -l in combination with option -P prints full path for
all children objects of /Objects/Hosts), then uses grep to filter only
those hosts that have 'domain.com' in their name, then cycles through
the obtained list and uses fwbedit to add them to the group 'domainGRP'.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwblookup(1),
.P

94
doc/fwbedit21.1 Normal file
View File

@@ -0,0 +1,94 @@
.TH fwbedit 1 "" FWB "Firewall Builder"
.LO 1
.SH NAME
fwbedit \- General purpose object tree editing tool
.SH SYNOPSIS
.B fwbedit
.RB [-a obj,grp]
.RB [-r obj,grp]
.RB [-d obj]
.RB -f data_file.xml
.SH "DESCRIPTION"
.B fwbedit
is a general purpose object tree editing tool for Firewall Builder (see
fwbuilder(1)). This tool can be used in the shell scripts written for
batch-processing of the Firewall Builder data files. Fwbedit can
perform the following operations on the objects and the tree: add a
reference to the given object to a group, remove reference to an
object from a group and delete an object and all references to it from
the tree. Both object and a group can be specified by their ID or
by their name and a full path in the tree (see section
.B EXAMPLES
below).
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-a obj,grp"
Adds reference to object 'obj' to the group 'grp'.
.IP "-r obj,grp"
Removes reference to object 'obj' from the group 'grp'.
.IP "-d obj"
Deletes object 'obj' and references to it from all groups and rules.
.IP "-V"
Prints version number and quit.
.SH EXAMPLES
.PP
fwbedit -f x.xml -a /Objects/Hosts/A,/Objects/Groups/B
.PP
Adds reference to the Host object 'A' to the group 'B'.
.PP
.PP
fwbedit -f x.xml -a id3D71A1BA,id3D151943
.PP
Adds reference to the object with ID id3D71A1BA to the group with ID
id3D151943. If objects with given IDs do not exist, fwbedit prints an
error message and does not make any changes in the data file.
.PP
.PP
fwbedit -f x.xml -a id3D71A1BA,/Objects/Groups/testgroup
.PP
Adds reference to the object with ID id3D71A1BA to the group
'testgroup'.
.PP
.PP
fwbedit can be used in combination with fwblookup to execute
operations on many objects:
.LP
fwblookup -f x.xml -lP /Objects/Hosts | \\
grep domain.com | \\
while read h; do \\
fwbedit -f x.xml -a $h,/Objects/Groups/domainGRP; \\
done
.PP
first, this script uses fwblookup to print full path of all Host
objects (option -l in combination with option -P prints full path for
all children objects of /Objects/Hosts), then uses grep to filter only
those hosts that have 'domain.com' in their name, then cycles through
the obtained list and uses fwbedit to add them to the group 'domainGRP'.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwblookup(1),
.P

95
doc/fwblookup.1 Normal file
View File

@@ -0,0 +1,95 @@
.TH fwblookup 1 "" FWB "Firewall Builder"
.SH NAME
fwblookup \- General purpose object lookup tool
.SH SYNOPSIS
.B fwblookup
.RB [-a attribute]
.RB [-rADILMNPTV]
.RB -f data_file.xml
object_id|tree_path_to_object
.SH "DESCRIPTION"
.B fwblookup
is a general purpose object lookup tool for Firewall Builder (see
fwbuilder(1)). This tool finds object in the data file specified with
"-f" option and prints its attributes requested via command line
options. Object to be found is designated by its ID or full tree path
given as an argument on the command line. This tool can be used in
scripts that need to be able to find and inspect objects in the XML
file, such as firewall policy installation script etc.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-a atribute"
Print value of the XML attribute 'attribute'. If specified attribute
does not exist in the object, fwblookup prints an error message and
terminates. This is universal option that can find and print any
attribute in any object, provided it exists, however you need to know
full tree path to the object or its ID and correct name of the
attribute you want to print. This means that detailed knowledge of
Firewall Builder XML DTD is required. See below for some convenient
shortcut options. This option can be used only once on a command line;
if it is used multiple times, then only the last attribute is printed.
.IP "-A"
Print an address of the object. Since not all objects can have an
address, the program verifies type of the object and returns an error
if the object does not have an address.
.IP "-D"
Dump all the data available for the object. If option "-r" is also
used, dump recursively the object and all other objects in the tree
below it.
.IP "-I"
Print object's ID.
.IP "-l"
List all the objects located immediately under the given object in the
tree (its 'children') and print their names, IDs, path or type,
depending on the options -N, -I, -T or -P which can be used together
with -l.
.IP "-L"
Print interface label
.IP "-M"
Print management address. Only Host and Firewall objects can have
management address.
.IP "-N"
Print object's name
.IP "-P"
Print full tree path to the object, starting with a tree root
"FWobjectDatabase".
.IP "-r"
Dump or list the object and all other objects in the tree below
it (see "-l and -D")
.IP "-T"
Print objects's type name.
.IP "-V"
Print version number and quit.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwbedit(1),
.P

95
doc/fwblookup21.1 Normal file
View File

@@ -0,0 +1,95 @@
.TH fwblookup 1 "" FWB "Firewall Builder"
.SH NAME
fwblookup \- General purpose object lookup tool
.SH SYNOPSIS
.B fwblookup
.RB [-a attribute]
.RB [-rADILMNPTV]
.RB -f data_file.xml
object_id|tree_path_to_object
.SH "DESCRIPTION"
.B fwblookup
is a general purpose object lookup tool for Firewall Builder (see
fwbuilder(1)). This tool finds object in the data file specified with
"-f" option and prints its attributes requested via command line
options. Object to be found is designated by its ID or full tree path
given as an argument on the command line. This tool can be used in
scripts that need to be able to find and inspect objects in the XML
file, such as firewall policy installation script etc.
.SH OPTIONS
.IP "-f FILE"
Specify the name of the data file to be processed.
.IP "-a atribute"
Print value of the XML attribute 'attribute'. If specified attribute
does not exist in the object, fwblookup prints an error message and
terminates. This is universal option that can find and print any
attribute in any object, provided it exists, however you need to know
full tree path to the object or its ID and correct name of the
attribute you want to print. This means that detailed knowledge of
Firewall Builder XML DTD is required. See below for some convenient
shortcut options. This option can be used only once on a command line;
if it is used multiple times, then only the last attribute is printed.
.IP "-A"
Print an address of the object. Since not all objects can have an
address, the program verifies type of the object and returns an error
if the object does not have an address.
.IP "-D"
Dump all the data available for the object. If option "-r" is also
used, dump recursively the object and all other objects in the tree
below it.
.IP "-I"
Print object's ID.
.IP "-l"
List all the objects located immediately under the given object in the
tree (its 'children') and print their names, IDs, path or type,
depending on the options -N, -I, -T or -P which can be used together
with -l.
.IP "-L"
Print interface label
.IP "-M"
Print management address. Only Host and Firewall objects can have
management address.
.IP "-N"
Print object's name
.IP "-P"
Print full tree path to the object, starting with a tree root
"FWobjectDatabase".
.IP "-r"
Dump or list the object and all other objects in the tree below
it (see "-l and -D")
.IP "-T"
Print objects's type name.
.IP "-V"
Print version number and quit.
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwbuilder(1),
.BR fwbedit(1),
.P

62
doc/fwbuilder.1 Normal file
View File

@@ -0,0 +1,62 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwbuilder 1 "" FWB "Firewall Builder"
.SH NAME
fwbuilder \- Multiplatform firewall configuration tool
.SH SYNOPSIS
.B /usr/bin/fwbuilder
[
.B -f file.xml
]
.SH "DESCRIPTION"
.B fwbuilder
is the Graphic User Interface (GUI) component of Firewall Builder.
Firewall Builder consists of a GUI and set of policy
compilers for various firewall platforms. It helps
users maintain a database of objects and allows policy
editing using simple drag-and-drop operations. GUI
generates firewall description in the form of XML file,
which compilers then interpret and generate platform-specific
code. Several algorithms are provided for automated
network objects discovery and bulk import of data. The
GUI and policy compilers are completely independent,
this provides for a consistent abstract model and the
same GUI for different firewall platforms.
At the moment of this writing Firewall Builder supports firewalls
based on iptables (available on Linux, kernel 2.4.x, see
fwb_ipt(1)), ipfilter (available on a variety of platforms
including *BSD, Solaris and others, see fwb_ipf(1)) and pf (available
on OpenBSD 3.0, see fwb_pf(1))
.SH OPTIONS
.IP "-f FILE"
Specify the name of the file to be loaded when program starts.
.SH FILES
.IP $HOME/.qt/firewallbuilder2rc
fwbuilder stores user preferences in this file
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwblookup(1),
.BR fwb_ipt(1),
.BR fwb_ipf(1),
.BR fwb_pf(1)
.P

62
doc/fwbuilder21.1 Normal file
View File

@@ -0,0 +1,62 @@
.de Sp
.if n .sp
.if t .sp 0.4
..
.TH fwbuilder 1 "" FWB "Firewall Builder"
.SH NAME
fwbuilder \- Multiplatform firewall configuration tool
.SH SYNOPSIS
.B /usr/bin/fwbuilder
[
.B -f file.xml
]
.SH "DESCRIPTION"
.B fwbuilder
is the Graphic User Interface (GUI) component of Firewall Builder.
Firewall Builder consists of a GUI and set of policy
compilers for various firewall platforms. It helps
users maintain a database of objects and allows policy
editing using simple drag-and-drop operations. GUI
generates firewall description in the form of XML file,
which compilers then interpret and generate platform-specific
code. Several algorithms are provided for automated
network objects discovery and bulk import of data. The
GUI and policy compilers are completely independent,
this provides for a consistent abstract model and the
same GUI for different firewall platforms.
At the moment of this writing Firewall Builder supports firewalls
based on iptables (available on Linux, kernel 2.4.x, see
fwb_ipt(1)), ipfilter (available on a variety of platforms
including *BSD, Solaris and others, see fwb_ipf(1)) and pf (available
on OpenBSD 3.0, see fwb_pf(1))
.SH OPTIONS
.IP "-f FILE"
Specify the name of the file to be loaded when program starts.
.SH FILES
.IP $HOME/.qt/firewallbuilder2rc
fwbuilder stores user preferences in this file
.SH URL
Firewall Builder home page is located at the following URL:
.B http://www.fwbuilder.org/
.SH BUGS
Please report bugs using bug tracking system on SourceForge:
.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314
.SH SEE ALSO
.BR fwblookup(1),
.BR fwb_ipt(1),
.BR fwb_ipf(1),
.BR fwb_pf(1)
.P

7
fwbuilder4.pro Normal file
View File

@@ -0,0 +1,7 @@
#-*- mode: makefile; tab-width: 4; -*-
#
TEMPLATE = subdirs
SUBDIRS = po src doc

250
install.sh Normal file
View File

@@ -0,0 +1,250 @@
#! /bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission. M.I.T. makes no representations about the
# suitability of this software for any purpose. It is provided "as is"
# without express or implied warranty.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

267
log Normal file
View File

@@ -0,0 +1,267 @@
g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB -DQT_SHARED -I/usr/local/Trolltech/Qt-4.2.1/mkspecs/linux-g++ -I. -I/usr/local/Trolltech/Qt-4.2.1/include/QtCore -I/usr/local/Trolltech/Qt-4.2.1/include/QtCore -I/usr/local/Trolltech/Qt-4.2.1/include/QtNetwork -I/usr/local/Trolltech/Qt-4.2.1/include/QtNetwork -I/usr/local/Trolltech/Qt-4.2.1/include/QtGui -I/usr/local/Trolltech/Qt-4.2.1/include/QtGui -I/usr/local/Trolltech/Qt-4.2.1/include -I. -Isrc/gui -I. -I. -o FWWindow.o src/gui/FWWindow.cpp
In file included from src/gui/FWWindow.cpp:29:
src/gui/utils.h:47:32: fwbuilder/FWObject.h: No such file or directory
src/gui/utils.h:48:35: fwbuilder/FWReference.h: No such file or directory
In file included from src/gui/FWWindow.cpp:29:
src/gui/utils.h:79: error: `libfwbuilder' has not been declared
src/gui/utils.h:79: error: `FWObject' has not been declared
src/gui/utils.h:80: error: ISO C++ forbids declaration of `obj' with no type
src/gui/utils.h:81: error: `libfwbuilder' has not been declared
src/gui/utils.h:81: error: `FWObject' has not been declared
src/gui/utils.h:82: error: ISO C++ forbids declaration of `obj' with no type
src/gui/utils.h:92: error: `libfwbuilder' has not been declared
src/gui/utils.h:92: error: `FWObject' has not been declared
src/gui/utils.h:92: error: ISO C++ forbids declaration of `obj' with no type
src/gui/utils.h:101: error: `libfwbuilder' has not been declared
src/gui/utils.h:101: error: `FWObject' has not been declared
src/gui/utils.h:102: error: ISO C++ forbids declaration of `obj' with no type
In file included from src/gui/FWWindow.cpp:30:
src/gui/utils_no_qt.h:43: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:43: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:43: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:43: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:44: error: template argument 1 is invalid
src/gui/utils_no_qt.h:44: error: template argument 2 is invalid
src/gui/utils_no_qt.h:45: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:45: error: `FWObject' has not been declared
src/gui/utils_no_qt.h:45: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:45: error: `FWObject' has not been declared
src/gui/utils_no_qt.h:46: error: ISO C++ forbids declaration of `a' with no type
src/gui/utils_no_qt.h:46: error: ISO C++ forbids declaration of `b' with no type
src/gui/utils_no_qt.h: In member function `bool FWObjectNameCmpPredicate::operator()(int*, int*)':
src/gui/utils_no_qt.h:47: error: request for member `getName' in `*a', which is of non-class type `int'
src/gui/utils_no_qt.h:47: error: request for member `getName' in `*b', which is of non-class type `int'
src/gui/utils_no_qt.h: At global scope:
src/gui/utils_no_qt.h:51: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:51: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:52: error: template argument 1 is invalid
src/gui/utils_no_qt.h:56: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:56: error: expected `,' or `...' before '*' token
src/gui/utils_no_qt.h:57: error: ISO C++ forbids declaration of `FWObject' with no type
src/gui/utils_no_qt.h: In member function `bool findFWObjectIDPredicate::operator()(int) const':
src/gui/utils_no_qt.h:57: error: `o' was not declared in this scope
src/gui/utils_no_qt.h:57: warning: unused variable 'o'
src/gui/utils_no_qt.h: At global scope:
src/gui/utils_no_qt.h:60: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:60: warning: `findFirewalls' initialized and declared `extern'
src/gui/utils_no_qt.h:60: error: variable or field `findFirewalls' declared void
src/gui/utils_no_qt.h:60: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:60: error: `o' was not declared in this scope
src/gui/utils_no_qt.h:61: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:61: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:61: error: template argument 1 is invalid
src/gui/utils_no_qt.h:61: error: template argument 2 is invalid
src/gui/utils_no_qt.h:61: error: `fwlist' was not declared in this scope
src/gui/utils_no_qt.h:62: error: expected primary-expression before "bool"
src/gui/utils_no_qt.h:62: error: initializer expression list treated as compound expression
src/gui/utils_no_qt.h:64: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:64: warning: `findHosts' initialized and declared `extern'
src/gui/utils_no_qt.h:64: error: variable or field `findHosts' declared void
src/gui/utils_no_qt.h:64: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:64: error: `o' was not declared in this scope
src/gui/utils_no_qt.h:65: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:65: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:65: error: template argument 1 is invalid
src/gui/utils_no_qt.h:65: error: template argument 2 is invalid
src/gui/utils_no_qt.h:65: error: `fwlist' was not declared in this scope
src/gui/utils_no_qt.h:66: error: expected primary-expression before "bool"
src/gui/utils_no_qt.h:66: error: initializer expression list treated as compound expression
src/gui/utils_no_qt.h:68: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:68: warning: `findByObjectType' initialized and declared `extern'
src/gui/utils_no_qt.h:68: error: variable or field `findByObjectType' declared void
src/gui/utils_no_qt.h:68: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:68: error: `o' was not declared in this scope
src/gui/utils_no_qt.h:69: error: expected primary-expression before "const"
src/gui/utils_no_qt.h:70: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:70: error: `FWObject' was not declared in this scope
src/gui/utils_no_qt.h:70: error: template argument 1 is invalid
src/gui/utils_no_qt.h:70: error: template argument 2 is invalid
src/gui/utils_no_qt.h:70: error: `fwlist' was not declared in this scope
src/gui/utils_no_qt.h:71: error: expected primary-expression before "bool"
src/gui/utils_no_qt.h:71: error: initializer expression list treated as compound expression
src/gui/utils_no_qt.h:73: error: `libfwbuilder' has not been declared
src/gui/utils_no_qt.h:73: error: expected initializer before '*' token
In file included from src/gui/FWWindow.cpp:32:
src/gui/FWWindow.h:75: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:75: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:75: error: template argument 1 is invalid
src/gui/FWWindow.h:75: error: template argument 2 is invalid
src/gui/FWWindow.h:75: error: ISO C++ forbids declaration of `firewalls' with no type
src/gui/FWWindow.h:76: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:76: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:76: error: template argument 1 is invalid
src/gui/FWWindow.h:76: error: template argument 3 is invalid
src/gui/FWWindow.h:76: error: template argument 4 is invalid
src/gui/FWWindow.h:76: error: ISO C++ forbids declaration of `ruleSetViews' with no type
src/gui/FWWindow.h:79: error: using-declaration for non-member at class scope
src/gui/FWWindow.h:79: error: expected `;' before '*' token
src/gui/FWWindow.h:81: error: using-declaration for non-member at class scope
src/gui/FWWindow.h:81: error: expected `;' before '*' token
src/gui/FWWindow.h:90: error: using-declaration for non-member at class scope
src/gui/FWWindow.h:90: error: expected `;' before '*' token
src/gui/FWWindow.h:91: error: using-declaration for non-member at class scope
src/gui/FWWindow.h:91: error: expected `;' before '*' token
src/gui/FWWindow.h:104: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:104: error: ISO C++ forbids declaration of `fw' with no type
src/gui/FWWindow.h:135: error: `std::set' has not been declared
src/gui/FWWindow.h:135: error: expected `,' or `...' before '<' token
src/gui/FWWindow.h:135: error: ISO C++ forbids declaration of `parameter' with no type
src/gui/FWWindow.h:137: error: `std::set' has not been declared
src/gui/FWWindow.h:137: error: expected `,' or `...' before '<' token
src/gui/FWWindow.h:137: error: ISO C++ forbids declaration of `parameter' with no type
src/gui/FWWindow.h:185: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:185: error: ISO C++ forbids declaration of `f' with no type
src/gui/FWWindow.h:186: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:186: error: ISO C++ forbids declaration of `f' with no type
src/gui/FWWindow.h:187: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:187: error: ISO C++ forbids declaration of `f' with no type
src/gui/FWWindow.h:188: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:188: error: ISO C++ forbids declaration of `f' with no type
src/gui/FWWindow.h:192: error: `libfwbuilder::FWReference' has not been declared
src/gui/FWWindow.h:192: error: ISO C++ forbids declaration of `obj' with no type
src/gui/FWWindow.h:200: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:200: error: ISO C++ forbids declaration of `fw' with no type
src/gui/FWWindow.h:202: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:202: error: ISO C++ forbids declaration of `obj' with no type
src/gui/FWWindow.h:218: error: using-declaration for non-member at class scope
src/gui/FWWindow.h:218: error: expected `;' before '*' token
src/gui/FWWindow.h:219: error: expected `;' before "QString"
src/gui/FWWindow.h:221: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:221: error: ISO C++ forbids declaration of `o' with no type
src/gui/FWWindow.h:224: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:224: error: ISO C++ forbids declaration of `parameter' with no type
src/gui/FWWindow.h:225: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:225: error: ISO C++ forbids declaration of `parameter' with no type
src/gui/FWWindow.h:226: error: expected `;' before '(' token
src/gui/FWWindow.h:244: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:244: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:244: error: template argument 1 is invalid
src/gui/FWWindow.h:244: error: template argument 2 is invalid
src/gui/FWWindow.h:244: error: ISO C++ forbids declaration of `selectedLibs' with no type
src/gui/FWWindow.h:245: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:245: error: `FWObject' is not a member of `libfwbuilder'
src/gui/FWWindow.h:245: error: template argument 1 is invalid
src/gui/FWWindow.h:245: error: template argument 2 is invalid
src/gui/FWWindow.h:245: error: ISO C++ forbids declaration of `selectedLibs' with no type
src/gui/FWWindow.h:247: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:248: error: `libfwbuilder::FWObject' has not been declared
src/gui/FWWindow.h:249: error: `FWReference' is not a member of `libfwbuilder'
src/gui/FWWindow.h:249: error: `FWReference' is not a member of `libfwbuilder'
src/gui/FWWindow.h:249: error: template argument 1 is invalid
src/gui/FWWindow.h:249: error: template argument 2 is invalid
src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `lib' with no type
src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `root' with no type
src/gui/FWWindow.h:249: error: ISO C++ forbids declaration of `extRefs' with no type
src/gui/FWWindow.cpp:354: error: variable or field `info' declared void
src/gui/FWWindow.cpp:354: error: `int FWWindow::info' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:354: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:354: error: `obj' was not declared in this scope
src/gui/FWWindow.cpp:355: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1566: error: variable or field `findExternalRefs' declared void
src/gui/FWWindow.cpp:1566: error: `int FWWindow::findExternalRefs' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1566: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1566: error: `lib' was not declared in this scope
src/gui/FWWindow.cpp:1567: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1567: error: `root' was not declared in this scope
src/gui/FWWindow.cpp:1568: error: `FWReference' was not declared in this scope
src/gui/FWWindow.cpp:1568: error: template argument 1 is invalid
src/gui/FWWindow.cpp:1568: error: template argument 2 is invalid
src/gui/FWWindow.cpp:1568: error: `extRefs' was not declared in this scope
src/gui/FWWindow.cpp:1569: error: initializer expression list treated as compound expression
src/gui/FWWindow.cpp:1569: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1586: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1586: error: template argument 1 is invalid
src/gui/FWWindow.cpp:1586: error: template argument 2 is invalid
src/gui/FWWindow.cpp:1587: error: ISO C++ forbids declaration of `selectedLibs' with no type
src/gui/FWWindow.cpp:1732: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1732: error: template argument 1 is invalid
src/gui/FWWindow.cpp:1732: error: template argument 2 is invalid
src/gui/FWWindow.cpp:1733: error: ISO C++ forbids declaration of `selectedLibs' with no type
src/gui/FWWindow.cpp:1867: error: `int FWWindow::findFirewallInList' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1867: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1867: error: `f' was not declared in this scope
src/gui/FWWindow.cpp:1868: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1878: error: variable or field `addFirewallToList' declared void
src/gui/FWWindow.cpp:1878: error: `int FWWindow::addFirewallToList' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1878: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1878: error: `o' was not declared in this scope
src/gui/FWWindow.cpp:1879: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1908: error: variable or field `removeFirewallFromList' declared void
src/gui/FWWindow.cpp:1908: error: `int FWWindow::removeFirewallFromList' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1908: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1908: error: `o' was not declared in this scope
src/gui/FWWindow.cpp:1909: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1926: error: variable or field `ensureObjectVisibleInRules' declared void
src/gui/FWWindow.cpp:1926: error: `int FWWindow::ensureObjectVisibleInRules' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1926: error: `FWReference' was not declared in this scope
src/gui/FWWindow.cpp:1926: error: `obj' was not declared in this scope
src/gui/FWWindow.cpp:1927: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1964: error: variable or field `updateFirewallName' declared void
src/gui/FWWindow.cpp:1964: error: `int FWWindow::updateFirewallName' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1964: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1964: error: `obj' was not declared in this scope
src/gui/FWWindow.cpp:1964: error: expected primary-expression before "const"
src/gui/FWWindow.cpp:1965: error: initializer expression list treated as compound expression
src/gui/FWWindow.cpp:1965: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:1993: error: variable or field `deleteFirewall' declared void
src/gui/FWWindow.cpp:1993: error: `int FWWindow::deleteFirewall' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:1993: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:1993: error: `fw' was not declared in this scope
src/gui/FWWindow.cpp:1994: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2170: error: variable or field `showFirewall' declared void
src/gui/FWWindow.cpp:2170: error: `int FWWindow::showFirewall' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2170: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:2170: error: `obj' was not declared in this scope
src/gui/FWWindow.cpp:2171: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2210: error: variable or field `showFirewallRuleSets' declared void
src/gui/FWWindow.cpp:2210: error: `int FWWindow::showFirewallRuleSets' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2210: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:2210: error: `fw' was not declared in this scope
src/gui/FWWindow.cpp:2211: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2351: error: variable or field `compile' declared void
src/gui/FWWindow.cpp:2351: error: `int FWWindow::compile' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2351: error: `set' was not declared in this scope
src/gui/FWWindow.cpp:2351: error: expected primary-expression before '*' token
src/gui/FWWindow.cpp:2351: error: expected primary-expression before '>' token
src/gui/FWWindow.cpp:2351: error: `vf' was not declared in this scope
src/gui/FWWindow.cpp:2352: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2377: error: variable or field `install' declared void
src/gui/FWWindow.cpp:2377: error: `int FWWindow::install' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2377: error: `set' was not declared in this scope
src/gui/FWWindow.cpp:2377: error: expected primary-expression before '*' token
src/gui/FWWindow.cpp:2377: error: expected primary-expression before '>' token
src/gui/FWWindow.cpp:2377: error: `vf' was not declared in this scope
src/gui/FWWindow.cpp:2378: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2506: error: variable or field `findWhereUsed' declared void
src/gui/FWWindow.cpp:2506: error: `int FWWindow::findWhereUsed' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2506: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:2506: error: `obj' was not declared in this scope
src/gui/FWWindow.cpp:2507: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2585: error: variable or field `findObject' declared void
src/gui/FWWindow.cpp:2585: error: `int FWWindow::findObject' is not a static member of `class FWWindow'
src/gui/FWWindow.cpp:2585: error: `FWObject' was not declared in this scope
src/gui/FWWindow.cpp:2585: error: `o' was not declared in this scope
src/gui/FWWindow.cpp:2586: error: expected `,' or `;' before '{' token
src/gui/FWWindow.cpp:2656: warning: unused parameter 'w'
src/gui/FWWindow.cpp:2611: warning: unused parameter 'w'
src/gui/FWWindow.cpp:2531: warning: unused parameter 'ev'
src/gui/FWWindow.cpp:2514: warning: unused parameter 'ev'
src/gui/FWWindow.cpp:2321: warning: unused parameter 'ev'
src/gui/FWWindow.cpp:2189: warning: unused parameter 'idx'
src/gui/FWWindow.cpp:2049: warning: unused parameter 'subset'
src/gui/FWWindow.cpp:2014: warning: unused parameter 'subset'
src/gui/FWWindow.cpp:2003: warning: unused parameter 'subset'
src/gui/FWWindow.cpp:1824: warning: unused parameter 'open_first_firewall'
src/gui/FWWindow.cpp:1733: warning: unused parameter 'fname'
src/gui/FWWindow.cpp:1733: warning: unused parameter 'selectedLibs'
src/gui/FWWindow.cpp:1733: warning: unused parameter 'rof'
src/gui/FWWindow.cpp:1587: warning: unused parameter 'selectedLibs'
src/gui/FWWindow.cpp:1336: warning: unused parameter 'libfpath'
src/gui/FWWindow.cpp:1195: warning: unused parameter 'unlock'
src/gui/FWWindow.cpp:778: warning: unused parameter 'dialogs_parent'
src/gui/FWWindow.cpp:470: warning: unused parameter 'fname'
src/gui/FWWindow.cpp:443: warning: unused parameter 'fname'
src/gui/FWWindow.cpp:443: warning: unused parameter 'checkPresence'
src/gui/FWWindow.cpp:443: warning: unused parameter 'title'
src/gui/FWWindow.cpp:410: warning: unused parameter 'fname'
make: *** [FWWindow.o] Error 1

49
m4/nls.m4 Normal file
View File

@@ -0,0 +1,49 @@
# nls.m4 serial 1 (gettext-0.12)
dnl Copyright (C) 1995-2003 Free Software Foundation, Inc.
dnl This file is free software, distributed under the terms of the GNU
dnl General Public License. As a special exception to the GNU General
dnl Public License, this file may be distributed as part of a program
dnl that contains a configuration script generated by Autoconf, under
dnl the same distribution terms as the rest of that program.
dnl
dnl This file can can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
dnl gettext package package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
AC_DEFUN([AM_NLS],
[
AC_MSG_CHECKING([whether NLS is requested])
dnl Default is enabled NLS
AC_ARG_ENABLE(nls,
[ --disable-nls do not use Native Language Support],
USE_NLS=$enableval, USE_NLS=yes)
AC_MSG_RESULT($USE_NLS)
AC_SUBST(USE_NLS)
])
AC_DEFUN([AM_MKINSTALLDIRS],
[
dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly
dnl find the mkinstalldirs script in another subdir but $(top_srcdir).
dnl Try to locate it.
MKINSTALLDIRS=
if test -n "$ac_aux_dir"; then
case "$ac_aux_dir" in
/*) MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" ;;
*) MKINSTALLDIRS="\$(top_builddir)/$ac_aux_dir/mkinstalldirs" ;;
esac
fi
if test -z "$MKINSTALLDIRS"; then
MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs"
fi
AC_SUBST(MKINSTALLDIRS)
])

426
m4/po.m4 Normal file
View File

@@ -0,0 +1,426 @@
# po.m4 serial 3 (gettext-0.14)
dnl Copyright (C) 1995-2003 Free Software Foundation, Inc.
dnl This file is free software, distributed under the terms of the GNU
dnl General Public License. As a special exception to the GNU General
dnl Public License, this file may be distributed as part of a program
dnl that contains a configuration script generated by Autoconf, under
dnl the same distribution terms as the rest of that program.
dnl
dnl This file can can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
dnl gettext package package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
dnl Checks for all prerequisites of the po subdirectory.
AC_DEFUN([AM_PO_SUBDIRS],
[
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AC_PROG_INSTALL])dnl
AC_REQUIRE([AM_MKINSTALLDIRS])dnl
AC_REQUIRE([AM_NLS])dnl
dnl Perform the following tests also if --disable-nls has been given,
dnl because they are needed for "make dist" to work.
dnl Search for GNU msgfmt in the PATH.
dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions.
dnl The second test excludes FreeBSD msgfmt.
AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
[$ac_dir/$ac_word --statistics /dev/null >/dev/null 2>&1 &&
(if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
:)
AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
dnl Search for GNU xgettext 0.12 or newer in the PATH.
dnl The first test excludes Solaris xgettext and early GNU xgettext versions.
dnl The second test excludes FreeBSD xgettext.
AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
[$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 &&
(if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
:)
dnl Remove leftover from FreeBSD xgettext call.
rm -f messages.po
dnl Search for GNU msgmerge 0.11 or newer in the PATH.
AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge,
[$ac_dir/$ac_word --update -q /dev/null /dev/null >/dev/null 2>&1], :)
dnl This could go away some day; the PATH_PROG_WITH_TEST already does it.
dnl Test whether we really found GNU msgfmt.
if test "$GMSGFMT" != ":"; then
dnl If it is no GNU msgfmt we define it as : so that the
dnl Makefiles still can work.
if $GMSGFMT --statistics /dev/null >/dev/null 2>&1 &&
(if $GMSGFMT --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
: ;
else
GMSGFMT=`echo "$GMSGFMT" | sed -e 's,^.*/,,'`
AC_MSG_RESULT(
[found $GMSGFMT program is not GNU msgfmt; ignore it])
GMSGFMT=":"
fi
fi
dnl This could go away some day; the PATH_PROG_WITH_TEST already does it.
dnl Test whether we really found GNU xgettext.
if test "$XGETTEXT" != ":"; then
dnl If it is no GNU xgettext we define it as : so that the
dnl Makefiles still can work.
if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 &&
(if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
: ;
else
AC_MSG_RESULT(
[found xgettext program is not GNU xgettext; ignore it])
XGETTEXT=":"
fi
dnl Remove leftover from FreeBSD xgettext call.
rm -f messages.po
fi
AC_OUTPUT_COMMANDS([
for ac_file in $CONFIG_FILES; do
# Support "outfile[:infile[:infile...]]"
case "$ac_file" in
*:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
esac
# PO directories have a Makefile.in generated from Makefile.in.in.
case "$ac_file" in */Makefile.in)
# Adjust a relative srcdir.
ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
# In autoconf-2.13 it is called $ac_given_srcdir.
# In autoconf-2.50 it is called $srcdir.
test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
case "$ac_given_srcdir" in
.) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
/*) top_srcdir="$ac_given_srcdir" ;;
*) top_srcdir="$ac_dots$ac_given_srcdir" ;;
esac
if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
rm -f "$ac_dir/POTFILES"
test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
POMAKEFILEDEPS="POTFILES.in"
# ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
# on $ac_dir but don't depend on user-specified configuration
# parameters.
if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
# The LINGUAS file contains the set of available languages.
if test -n "$OBSOLETE_ALL_LINGUAS"; then
test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
fi
ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"`
# Hide the ALL_LINGUAS assigment from automake.
eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
else
# The set of available languages was given in configure.in.
eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
fi
# Compute POFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
# Compute UPDATEPOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
# Compute DUMMYPOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
# Compute GMOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
case "$ac_given_srcdir" in
.) srcdirpre= ;;
*) srcdirpre='$(srcdir)/' ;;
esac
POFILES=
UPDATEPOFILES=
DUMMYPOFILES=
GMOFILES=
for lang in $ALL_LINGUAS; do
POFILES="$POFILES $srcdirpre$lang.po"
UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
done
# CATALOGS depends on both $ac_dir and the user's LINGUAS
# environment variable.
INST_LINGUAS=
if test -n "$ALL_LINGUAS"; then
for presentlang in $ALL_LINGUAS; do
useit=no
if test "%UNSET%" != "$LINGUAS"; then
desiredlanguages="$LINGUAS"
else
desiredlanguages="$ALL_LINGUAS"
fi
for desiredlang in $desiredlanguages; do
# Use the presentlang catalog if desiredlang is
# a. equal to presentlang, or
# b. a variant of presentlang (because in this case,
# presentlang can be used as a fallback for messages
# which are not translated in the desiredlang catalog).
case "$desiredlang" in
"$presentlang"*) useit=yes;;
esac
done
if test $useit = yes; then
INST_LINGUAS="$INST_LINGUAS $presentlang"
fi
done
fi
CATALOGS=
if test -n "$INST_LINGUAS"; then
for lang in $INST_LINGUAS; do
CATALOGS="$CATALOGS $lang.gmo"
done
fi
test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
if test -f "$f"; then
case "$f" in
*.orig | *.bak | *~) ;;
*) cat "$f" >> "$ac_dir/Makefile" ;;
esac
fi
done
fi
;;
esac
done],
[# Capture the value of obsolete ALL_LINGUAS because we need it to compute
# POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
# from automake.
eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
# Capture the value of LINGUAS because we need it to compute CATALOGS.
LINGUAS="${LINGUAS-%UNSET%}"
])
])
dnl Postprocesses a Makefile in a directory containing PO files.
AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE],
[
# When this code is run, in config.status, two variables have already been
# set:
# - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in,
# - LINGUAS is the value of the environment variable LINGUAS at configure
# time.
changequote(,)dnl
# Adjust a relative srcdir.
ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
# In autoconf-2.13 it is called $ac_given_srcdir.
# In autoconf-2.50 it is called $srcdir.
test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
case "$ac_given_srcdir" in
.) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
/*) top_srcdir="$ac_given_srcdir" ;;
*) top_srcdir="$ac_dots$ac_given_srcdir" ;;
esac
# Find a way to echo strings without interpreting backslash.
if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then
gt_echo='echo'
else
if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then
gt_echo='printf %s\n'
else
echo_func () {
cat <<EOT
$*
EOT
}
gt_echo='echo_func'
fi
fi
# A sed script that extracts the value of VARIABLE from a Makefile.
sed_x_variable='
# Test if the hold space is empty.
x
s/P/P/
x
ta
# Yes it was empty. Look if we have the expected variable definition.
/^[ ]*VARIABLE[ ]*=/{
# Seen the first line of the variable definition.
s/^[ ]*VARIABLE[ ]*=//
ba
}
bd
:a
# Here we are processing a line from the variable definition.
# Remove comment, more precisely replace it with a space.
s/#.*$/ /
# See if the line ends in a backslash.
tb
:b
s/\\$//
# Print the line, without the trailing backslash.
p
tc
# There was no trailing backslash. The end of the variable definition is
# reached. Clear the hold space.
s/^.*$//
x
bd
:c
# A trailing backslash means that the variable definition continues in the
# next line. Put a nonempty string into the hold space to indicate this.
s/^.*$/P/
x
:d
'
changequote([,])dnl
# Set POTFILES to the value of the Makefile variable POTFILES.
sed_x_POTFILES="`$gt_echo \"$sed_x_variable\" | sed -e '/^ *#/d' -e 's/VARIABLE/POTFILES/g'`"
POTFILES=`sed -n -e "$sed_x_POTFILES" < "$ac_file"`
# Compute POTFILES_DEPS as
# $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
POTFILES_DEPS=
for file in $POTFILES; do
POTFILES_DEPS="$POTFILES_DEPS "'$(top_srcdir)/'"$file"
done
POMAKEFILEDEPS=""
if test -n "$OBSOLETE_ALL_LINGUAS"; then
test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
fi
if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
# The LINGUAS file contains the set of available languages.
ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"`
POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
else
# Set ALL_LINGUAS to the value of the Makefile variable LINGUAS.
sed_x_LINGUAS="`$gt_echo \"$sed_x_variable\" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'`"
ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"`
fi
# Hide the ALL_LINGUAS assigment from automake.
eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
# Compute POFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
# Compute UPDATEPOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
# Compute DUMMYPOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
# Compute GMOFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
# Compute PROPERTIESFILES
# as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).properties)
# Compute CLASSFILES
# as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).class)
# Compute QMFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).qm)
# Compute MSGFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang)).msg)
# Compute RESOURCESDLLFILES
# as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang))/$(DOMAIN).resources.dll)
case "$ac_given_srcdir" in
.) srcdirpre= ;;
*) srcdirpre='$(srcdir)/' ;;
esac
POFILES=
UPDATEPOFILES=
DUMMYPOFILES=
GMOFILES=
PROPERTIESFILES=
CLASSFILES=
QMFILES=
MSGFILES=
RESOURCESDLLFILES=
for lang in $ALL_LINGUAS; do
POFILES="$POFILES $srcdirpre$lang.po"
UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
PROPERTIESFILES="$PROPERTIESFILES \$(top_srcdir)/\$(DOMAIN)_$lang.properties"
CLASSFILES="$CLASSFILES \$(top_srcdir)/\$(DOMAIN)_$lang.class"
QMFILES="$QMFILES $srcdirpre$lang.qm"
frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
MSGFILES="$MSGFILES $srcdirpre$frobbedlang.msg"
frobbedlang=`echo $lang | sed -e 's/_/-/g'`
RESOURCESDLLFILES="$RESOURCESDLLFILES $srcdirpre$frobbedlang/\$(DOMAIN).resources.dll"
done
# CATALOGS depends on both $ac_dir and the user's LINGUAS
# environment variable.
INST_LINGUAS=
if test -n "$ALL_LINGUAS"; then
for presentlang in $ALL_LINGUAS; do
useit=no
if test "%UNSET%" != "$LINGUAS"; then
desiredlanguages="$LINGUAS"
else
desiredlanguages="$ALL_LINGUAS"
fi
for desiredlang in $desiredlanguages; do
# Use the presentlang catalog if desiredlang is
# a. equal to presentlang, or
# b. a variant of presentlang (because in this case,
# presentlang can be used as a fallback for messages
# which are not translated in the desiredlang catalog).
case "$desiredlang" in
"$presentlang"*) useit=yes;;
esac
done
if test $useit = yes; then
INST_LINGUAS="$INST_LINGUAS $presentlang"
fi
done
fi
CATALOGS=
JAVACATALOGS=
QTCATALOGS=
TCLCATALOGS=
CSHARPCATALOGS=
if test -n "$INST_LINGUAS"; then
for lang in $INST_LINGUAS; do
CATALOGS="$CATALOGS $lang.gmo"
JAVACATALOGS="$JAVACATALOGS \$(DOMAIN)_$lang.properties"
QTCATALOGS="$QTCATALOGS $lang.qm"
frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
TCLCATALOGS="$TCLCATALOGS $frobbedlang.msg"
frobbedlang=`echo $lang | sed -e 's/_/-/g'`
CSHARPCATALOGS="$CSHARPCATALOGS $frobbedlang/\$(DOMAIN).resources.dll"
done
fi
sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp"
if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then
# Add dependencies that cannot be formulated as a simple suffix rule.
for lang in $ALL_LINGUAS; do
frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
cat >> "$ac_file.tmp" <<EOF
$frobbedlang.msg: $lang.po
@echo "\$(MSGFMT) -c --tcl -d \$(srcdir) -l $lang $srcdirpre$lang.po"; \
\$(MSGFMT) -c --tcl -d "\$(srcdir)" -l $lang $srcdirpre$lang.po || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
EOF
done
fi
if grep -l '@CSHARPCATALOGS@' "$ac_file" > /dev/null; then
# Add dependencies that cannot be formulated as a simple suffix rule.
for lang in $ALL_LINGUAS; do
frobbedlang=`echo $lang | sed -e 's/_/-/g'`
cat >> "$ac_file.tmp" <<EOF
$frobbedlang/\$(DOMAIN).resources.dll: $lang.po
@echo "\$(MSGFMT) -c --csharp -d \$(srcdir) -l $lang $srcdirpre$lang.po -r \$(DOMAIN)"; \
\$(MSGFMT) -c --csharp -d "\$(srcdir)" -l $lang $srcdirpre$lang.po -r "\$(DOMAIN)" || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
EOF
done
fi
if test -n "$POMAKEFILEDEPS"; then
cat >> "$ac_file.tmp" <<EOF
Makefile: $POMAKEFILEDEPS
EOF
fi
mv "$ac_file.tmp" "$ac_file"
])

5
po/.cvsignore Normal file
View File

@@ -0,0 +1,5 @@
.moc
.ui
Makefile
POmakefile
*.app

1
po/LINGUAS Normal file
View File

@@ -0,0 +1 @@
de es fr ja sv pt_BR

626
po/POmakefile.in Normal file
View File

@@ -0,0 +1,626 @@
# Makefile.in generated by automake 1.6.3 from Makefile.am.
# @configure_input@
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
MAKE=make -f POmakefile
# Example for use of GNU gettext.
# Copyright (C) 2003-2004 Free Software Foundation, Inc.
# This file is in the public domain.
#
# Makefile configuration - processed by automake.
SHELL = @SHELL@
#
# my build infrastructure uses INSTALL_ROOT in RPM build --vk
#
DESTDIR = $(INSTALL_ROOT)
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_HEADER = $(INSTALL_DATA)
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
host_triplet = @host@
EXEEXT = @EXEEXT@
OBJEXT = @OBJEXT@
PATH_SEPARATOR = @PATH_SEPARATOR@
AMTAR = @AMTAR@
AWK = @AWK@
CC = @CC@
CXX = @CXX@
DEPDIR = @DEPDIR@
GMSGFMT = @GMSGFMT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
MKINSTALLDIRS = @MKINSTALLDIRS@
MOC = @MOC@
PACKAGE = @PACKAGE@
QTVERSION = @QTVERSION@
QT_CXXFLAGS = @QT_CXXFLAGS@
QT_LDFLAGS = @QT_LDFLAGS@
QT_LIBS = @QT_LIBS@
STRIP = @STRIP@
UIC = @UIC@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
X_CFLAGS = @X_CFLAGS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_LIBS = @X_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
am__include = @am__include@
am__quote = @am__quote@
install_sh = @install_sh@
# List of files which contain translatable strings.
POTFILES = \
src/gui/ActionsDialog.cpp \
src/gui/AddressRangeDialog.cpp \
src/gui/AddressTableDialog.cpp \
src/gui/ColorCheckViewItem.cpp \
src/gui/ColorLabelMenuItem.cpp \
src/gui/CommentEditorPanel.cpp \
src/gui/ConfirmDeleteObjectDialog.cpp \
src/gui/CustomServiceDialog.cpp \
src/gui/debugDialog.cpp \
src/gui/DialogData.cpp \
src/gui/DialogFactory.cpp \
src/gui/DiscoveryDruid.cpp \
src/gui/DNSNameDialog.cpp \
src/gui/execDialog.cpp \
src/gui/filePropDialog.cpp \
src/gui/FilterDialog.cpp \
src/gui/findDialog.cpp \
src/gui/FindObjectWidget.cpp \
src/gui/FindWhereUsedWidget.cpp \
src/gui/FirewallDialog.cpp \
src/gui/freebsdAdvancedDialog.cpp \
src/gui/FWBSettings.cpp \
src/gui/FWBTree.cpp \
src/gui/FWObjectClipboard.cpp \
src/gui/FWObjectDrag.cpp \
src/gui/FWObjectDropArea.cpp \
src/gui/FWObjectPropertiesFactory.cpp \
src/gui/FWWindow.cpp \
src/gui/FWWindowPrint.cpp \
src/gui/GroupObjectDialog.cpp \
src/gui/HostDialog.cpp \
src/gui/ICMPServiceDialog.cpp \
src/gui/inplaceComboBox.cpp \
src/gui/InstallFirewallViewItem.cpp \
src/gui/instBatchOptionsDialog.cpp \
src/gui/instConf.cpp \
src/gui/instDialog.cpp \
src/gui/instOptionsDialog.cpp \
src/gui/InterfaceData.cpp \
src/gui/InterfaceDialog.cpp \
src/gui/ipfAdvancedDialog.cpp \
src/gui/ipfwAdvancedDialog.cpp \
src/gui/IPServiceDialog.cpp \
src/gui/iptAdvancedDialog.cpp \
src/gui/IPv4Dialog.cpp \
src/gui/LibExportDialog.cpp \
src/gui/LibraryDialog.cpp \
src/gui/linksysAdvancedDialog.cpp \
src/gui/linux24AdvancedDialog.cpp \
src/gui/listOfLibraries.cpp \
src/gui/longTextDialog.cpp \
src/gui/macosxAdvancedDialog.cpp \
src/gui/main.cpp \
src/gui/MetricEditorPanel.cpp \
src/gui/NATRuleOptionsDialog.cpp \
src/gui/NetworkDialog.cpp \
src/gui/newFirewallDialog.cpp \
src/gui/newGroupDialog.cpp \
src/gui/newHostDialog.cpp \
src/gui/ObjConflictResolutionDialog.cpp \
src/gui/ObjectEditor.cpp \
src/gui/ObjectIconView.cpp \
src/gui/ObjectListView.cpp \
src/gui/ObjectManipulator.cpp \
src/gui/ObjectTreeView.cpp \
src/gui/ObjectTreeViewItem.cpp \
src/gui/openbsdAdvancedDialog.cpp \
src/gui/pfAdvancedDialog.cpp \
src/gui/PhysicalAddressDialog.cpp \
src/gui/pixAdvancedDialog.cpp \
src/gui/pixosAdvancedDialog.cpp \
src/gui/platforms.cpp \
src/gui/PrefsDialog.cpp \
src/gui/printerStream.cpp \
src/gui/PrintingProgressDialog.cpp \
src/gui/PrototypeDialogClass.cpp \
src/gui/RCS.cpp \
src/gui/RCSFileDialog.cpp \
src/gui/RCSFilePreview.cpp \
src/gui/RoutingRuleOptionsDialog.cpp \
src/gui/RuleOptionsDialog.cpp \
src/gui/RuleSetView.cpp \
src/gui/SimpleIntEditor.cpp \
src/gui/SimpleTextEditor.cpp \
src/gui/SimpleTextView.cpp \
src/gui/solarisAdvancedDialog.cpp \
src/gui/SSHPIX.cpp \
src/gui/SSHSession.cpp \
src/gui/SSHUnx.cpp \
src/gui/StartWizard.cpp \
src/gui/TagServiceDialog.cpp \
src/gui/TCPServiceDialog.cpp \
src/gui/TimeDialog.cpp \
src/gui/UDPServiceDialog.cpp \
src/gui/.ui/aboutdialog_q.cpp \
src/gui/.ui/actionsdialog_q.cpp \
src/gui/.ui/addressrangedialog_q.cpp \
src/gui/.ui/addresstabledialog_q.cpp \
src/gui/.ui/askrulenumberdialog_q.cpp \
src/gui/.ui/colorlabelmenuitem_q.cpp \
src/gui/.ui/commenteditorpanel_q.cpp \
src/gui/.ui/confirmdeleteobjectdialog_q.cpp \
src/gui/.ui/customservicedialog_q.cpp \
src/gui/.ui/debugdialog_q.cpp \
src/gui/.ui/discoverydruid_q.cpp \
src/gui/.ui/dnsnamedialog_q.cpp \
src/gui/.ui/execdialog_q.cpp \
src/gui/.ui/filepropdialog_q.cpp \
src/gui/.ui/filterdialog_q.cpp \
src/gui/.ui/finddialog_q.cpp \
src/gui/.ui/findobjectwidget_q.cpp \
src/gui/.ui/findwhereusedwidget_q.cpp \
src/gui/.ui/firewalldialog_q.cpp \
src/gui/.ui/freebsdadvanceddialog_q.cpp \
src/gui/.ui/FWBMainWindow_q.cpp \
src/gui/.ui/fwobjectdroparea_q.cpp \
src/gui/.ui/groupobjectdialog_q.cpp \
src/gui/.ui/hostdialog_q.cpp \
src/gui/.ui/icmpservicedialog_q.cpp \
src/gui/.ui/instdialog_q.cpp \
src/gui/.ui/instoptionsdialog_q.cpp \
src/gui/.ui/interfacedialog_q.cpp \
src/gui/.ui/ipfadvanceddialog_q.cpp \
src/gui/.ui/ipfwadvanceddialog_q.cpp \
src/gui/.ui/ipservicedialog_q.cpp \
src/gui/.ui/iptadvanceddialog_q.cpp \
src/gui/.ui/ipv4dialog_q.cpp \
src/gui/.ui/libexport_q.cpp \
src/gui/.ui/librarydialog_q.cpp \
src/gui/.ui/linksysadvanceddialog_q.cpp \
src/gui/.ui/linux24advanceddialog_q.cpp \
src/gui/.ui/longtextdialog_q.cpp \
src/gui/.ui/macosxadvanceddialog_q.cpp \
src/gui/.ui/metriceditorpanel_q.cpp \
src/gui/.ui/natruleoptionsdialog_q.cpp \
src/gui/.ui/networkdialog_q.cpp \
src/gui/.ui/newfirewalldialog_q.cpp \
src/gui/.ui/newgroupdialog_q.cpp \
src/gui/.ui/newhostdialog_q.cpp \
src/gui/.ui/objconflictresolutiondialog_q.cpp \
src/gui/.ui/objectmanipulator_q.cpp \
src/gui/.ui/openbsdadvanceddialog_q.cpp \
src/gui/.ui/pagesetupdialog_q.cpp \
src/gui/.ui/pfadvanceddialog_q.cpp \
src/gui/.ui/physaddressdialog_q.cpp \
src/gui/.ui/pixadvanceddialog_q.cpp \
src/gui/.ui/pixosadvanceddialog_q.cpp \
src/gui/.ui/prefsdialog_q.cpp \
src/gui/.ui/printingprogressdialog_q.cpp \
src/gui/.ui/qmake_image_collection.cpp \
src/gui/.ui/rcsfilepreview_q.cpp \
src/gui/.ui/rcsfilesavedialog_q.cpp \
src/gui/.ui/routingruleoptionsdialog_q.cpp \
src/gui/.ui/ruleoptionsdialog_q.cpp \
src/gui/.ui/simpleinteditor_q.cpp \
src/gui/.ui/simpletexteditor_q.cpp \
src/gui/.ui/simpletextview_q.cpp \
src/gui/.ui/solarisadvanceddialog_q.cpp \
src/gui/.ui/tagservicedialog_q.cpp \
src/gui/.ui/tcpservicedialog_q.cpp \
src/gui/.ui/timedialog_q.cpp \
src/gui/.ui/udpservicedialog_q.cpp \
src/gui/utils.cpp \
src/gui/aboutdialog_q.ui.h \
src/gui/upgradePredicate.h
# Usually the message domain is the same as the package name.
DOMAIN = fwbuilder
# These options get passed to xgettext.
XGETTEXT_OPTIONS = \
--qt \
--keyword=tr --flag=tr:1:pass-c-format --flag=tr:1:pass-qt-format \
--keyword=translate:2 --flag=translate:2:pass-c-format --flag=translate:2:pass-qt-format \
--keyword=QT_TR_NOOP --flag=QT_TR_NOOP:1:pass-c-format --flag=QT_TR_NOOP:1:pass-qt-format \
--keyword=QT_TRANSLATE_NOOP:2 --flag=QT_TRANSLATE_NOOP:2:pass-c-format --flag=QT_TRANSLATE_NOOP:2:pass-qt-format \
--keyword=_ --flag=_:1:pass-c-format --flag=_:1:pass-qt-format \
--keyword=N_ --flag=N_:1:pass-c-format --flag=N_:1:pass-qt-format
# This is the copyright holder that gets inserted into the header of the
# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
# package. (Note that the msgstr strings, extracted from the package's
# sources, belong to the copyright holder of the package.) Translators are
# expected to transfer the copyright for their translations to this person
# or entity, or to disclaim their copyright. The empty string stands for
# the public domain; in this case the translators are expected to disclaim
# their copyright.
COPYRIGHT_HOLDER = NetCitadel, LLC
# This is the email address or URL to which the translators shall report
# bugs in the untranslated strings:
# - Strings which are not entire sentences, see the maintainer guidelines
# in the GNU gettext documentation, section 'Preparing Strings'.
# - Strings which use unclear terms or require additional context to be
# understood.
# - Strings which make invalid assumptions about notation of date, time or
# money.
# - Pluralisation problems.
# - Incorrect English spelling.
# - Incorrect formatting.
# It can be your email address, or a mailing list address where translators
# can write to without being subscribed, or the URL of a web page through
# which the translators can contact you.
MSGID_BUGS_ADDRESS = vadim@fwbuilder.org
localedir = $(datadir)/locale
MSGMERGE = msgmerge
MSGMERGE_UPDATE = @MSGMERGE@ --update
MSGINIT = msginit
MSGCONV = msgconv
MSGFILTER = msgfilter
XGETTEXT = @XGETTEXT@
# This is computed as $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
POTFILES_DEPS = @POTFILES_DEPS@
# This is computed as $(foreach lang, $(LINGUAS), $(srcdir)/$(lang).po)
POFILES = @POFILES@
# This is computed as $(foreach lang, $(LINGUAS), $(lang).po-update)
UPDATEPOFILES = @UPDATEPOFILES@
# This is computed as $(foreach lang, $(LINGUAS), $(lang).nop)
DUMMYPOFILES = @DUMMYPOFILES@
# This is computed as $(foreach lang, $(LINGUAS), $(srcdir)/$(lang).qm)
QMFILES = @QMFILES@
# This is computed as
# $(foreach lang, user-specified subset of $(LINGUAS), $(lang).qm)
CATALOGS = @QTCATALOGS@
SUFFIXES = .po .qm .sed .sin .nop .po-create .po-update
MOSTLYCLEANFILES = remove-potcdate.sed stamp-poT core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po *.o
MAINTAINERCLEANFILES = stamp-po $(QMFILES)
EXTRA_DIST = remove-potcdate.sin LINGUAS $(DOMAIN).pot stamp-po $(POFILES) $(QMFILES)
subdir = po
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_CLEAN_FILES =
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
DIST_SOURCES =
DIST_COMMON = Makefile.in
all: all-am
.SUFFIXES:
.SUFFIXES: .po .qm .sed .sin .nop .po-create .po-update
#$(srcdir)/Makefile.in: $(ACLOCAL_M4)
# cd $(top_srcdir) && \
# $(AUTOMAKE) --gnu po/Makefile
GNUmakefile: $(srcdir)/GNUmakefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
uninstall-info-am:
tags: TAGS
TAGS:
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
top_distdir = ..
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
distdir: $(DISTFILES)
@list='$(DISTFILES)'; for file in $$list; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
dir="/$$dir"; \
$(mkinstalldirs) "$(distdir)$$dir"; \
else \
dir=''; \
fi; \
if test -d $$d/$$file; then \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile all-local
installdirs: installdirs-local
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
-test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic mostlyclean-am
distclean: distclean-am
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
info: info-am
info-am:
install-data-am: install-data-local
install-exec-am:
install-info: install-info-am
install-man:
installcheck-am:
maintainer-clean: maintainer-clean-am
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic
uninstall-am: uninstall-info-am uninstall-local
.PHONY: all all-am all-local check check-am clean clean-generic \
distclean distclean-generic distdir dvi dvi-am info info-am \
install install-am install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
uninstall uninstall-am uninstall-info-am uninstall-local
.po.qm:
@lang=`echo $* | sed -e 's,.*/,,'`; \
test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
echo "$${cdcmd}rm -f $${lang}.qm && $(GMSGFMT) -c --qt --statistics -o $${lang}.qm $${lang}.po"; \
cd $(srcdir) && rm -f $${lang}.qm && $(GMSGFMT) -c --qt --statistics -o t-$${lang}.qm $${lang}.po && mv t-$${lang}.qm $${lang}.qm
.sin.sed:
sed -e '/^#/d' $< > t-$@
mv t-$@ $@
all-local: all-local-@USE_NLS@
all-local-yes: stamp-po
all-local-no:
# stamp-po is a timestamp denoting the last time at which the CATALOGS have
# been loosely updated. Its purpose is that when a developer or translator
# checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS,
# "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent
# invocations of "make" will do nothing. This timestamp would not be necessary
# if updating the $(CATALOGS) would always touch them; however, the rule for
# $(POFILES) has been designed to not touch files that don't need to be
# changed.
stamp-po: $(srcdir)/$(DOMAIN).pot
test -z "$(QMFILES)" || $(MAKE) $(QMFILES)
@echo "touch stamp-po"
@echo timestamp > stamp-poT
@mv stamp-poT stamp-po
# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update',
# otherwise packages like GCC can not be built if only parts of the source
# have been downloaded.
# This target rebuilds $(DOMAIN).pot; it is an expensive operation.
# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed.
$(DOMAIN).pot-update: $(POTFILES_DEPS) remove-potcdate.sed
$(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
--add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) \
--copyright-holder='$(COPYRIGHT_HOLDER)' \
--msgid-bugs-address='$(MSGID_BUGS_ADDRESS)' \
$(POTFILES)
test ! -f $(DOMAIN).po || { \
if test -f $(srcdir)/$(DOMAIN).pot; then \
sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \
rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \
else \
rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \
mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
fi; \
else \
mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
fi; \
}
# This rule has no dependencies: we don't need to update $(DOMAIN).pot at
# every "make" invocation, only create it when it is missing.
# Only "make $(DOMAIN).pot-update" or "make dist" will force an update.
$(srcdir)/$(DOMAIN).pot:
$(MAKE) $(DOMAIN).pot-update
# This target rebuilds a PO file if $(DOMAIN).pot has changed.
# Note that a PO file is not touched if it doesn't need to be changed.
$(POFILES): $(srcdir)/$(DOMAIN).pot
@lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \
if test -f "$(srcdir)/$${lang}.po"; then \
test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
echo "$${cdcmd}$(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot"; \
cd $(srcdir) && $(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot; \
else \
$(MAKE) $${lang}.po-create; \
fi
install-data-local: install-data-local-@USE_NLS@
install-data-local-no: all-local
install-data-local-yes: all-local
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/locale
@echo "*** Catalogs: $(CATALOGS)"
@catalogs='$(CATALOGS)'; \
for cat in $$catalogs; do \
cat=`basename $$cat`; \
if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \
$(INSTALL_DATA) $$realcat $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat; \
echo "installing $$realcat as $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat"; \
done
installdirs-local: installdirs-local-@USE_NLS@
installdirs-local-no:
installdirs-local-yes:
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/locale
uninstall-local: uninstall-local-@USE_NLS@
uninstall-local-no:
uninstall-local-yes:
catalogs='$(CATALOGS)'; \
for cat in $$catalogs; do \
cat=`basename $$cat`; \
rm -f $(DESTDIR)$(pkgdatadir)/locale/$(DOMAIN)_$$cat; \
done
html ID:
# Hidden from automake, but really activated. Works around an automake-1.5 bug.
#distdir: distdir1
distdir1:
$(MAKE) update-po
update-po: Makefile
$(MAKE) $(DOMAIN).pot-update
test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES)
$(MAKE) update-gmo
# General rule for creating PO files.
.nop.po-create:
@lang=`echo $@ | sed -e 's/\.po-create$$//'`; \
echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \
exit 1
# General rule for updating PO files.
.nop.po-update:
@lang=`echo $@ | sed -e 's/\.po-update$$//'`; \
tmpdir=`pwd`; \
echo "$$lang:"; \
test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \
cd $(srcdir); \
if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \
if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
rm -f $$tmpdir/$$lang.new.po; \
else \
if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
:; \
else \
echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
exit 1; \
fi; \
fi; \
else \
echo "msgmerge for $$lang.po failed!" 1>&2; \
rm -f $$tmpdir/$$lang.new.po; \
fi
$(DUMMYPOFILES):
update-gmo: Makefile $(QMFILES)
@:
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

22
po/README Normal file
View File

@@ -0,0 +1,22 @@
why makefiles in this directory are so strange
mostly because I need to be able to build on Linux/*BSD and Windows
and integrate qmake-based environment with automake/autoconf Makefile
that is needed to properly handle .po files.
Qmake generates Makefile using project file po.pro. This Makefile
can only install .qm files prepared beforehand and checked in to CVS.
This is just as well, since I do not have gettext 0.14. on my main development
machine so I can't regenerate .qm files there anyway. The Makefile generated
by qmake will also work on windows.
whenver I need to regenerate .qm files, I log in to a different machine
and use POmakefile:
cd po
make -f POmakefile update-po

8422
po/de.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/de.qm Normal file
View File

Binary file not shown.

7827
po/es.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/es.qm Normal file
View File

Binary file not shown.

7422
po/fr.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/fr.qm Normal file
View File

Binary file not shown.

7083
po/fwbuilder.pot Normal file
View File

File diff suppressed because it is too large Load Diff

7470
po/ja.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/ja.qm Normal file
View File

Binary file not shown.

52
po/po.pro Normal file
View File

@@ -0,0 +1,52 @@
#-*- mode: makefile; tab-width: 4; -*-
#
include(../qmake.inc)
win32 {
QMAKE_RUN_CC = @echo
QMAKE_RUN_CXX = @echo
QMAKE_LINK = @echo
}
!win32 {
QMAKE_RUN_CC = @echo > /dev/null
QMAKE_RUN_CXX = @echo > /dev/null
QMAKE_LINK = @echo > /dev/null
}
TARGET = po
!win32:LOCALEINSTALLDIR = $(INSTALL_ROOT)/$$PKGLOCALEDIR
win32:LOCALEINSTALLDIR = $$PKGLOCALEDIR
de.path = $$PKGLOCALEDIR
!win32:de.extra = /usr/bin/install -c -m 644 de.qm $$LOCALEINSTALLDIR/fwbuilder_de.qm
win32:de.extra = -$(INSTALL_FILE) de.qm $$LOCALEINSTALLDIR\fwbuilder_de.qm
es.path = $$PKGLOCALEDIR
!win32:es.extra = /usr/bin/install -c -m 644 es.qm $$LOCALEINSTALLDIR/fwbuilder_es.qm
win32:es.extra = -$(INSTALL_FILE) es.qm $$LOCALEINSTALLDIR\fwbuilder_es.qm
fr.path = $$PKGLOCALEDIR
!win32:fr.extra = /usr/bin/install -c -m 644 fr.qm $$LOCALEINSTALLDIR/fwbuilder_fr.qm
win32:fr.extra = -$(INSTALL_FILE) fr.qm $$LOCALEINSTALLDIR\fwbuilder_fr.qm
ja.path = $$PKGLOCALEDIR
!win32:ja.extra = /usr/bin/install -c -m 644 ja.qm $$LOCALEINSTALLDIR/fwbuilder_ja.qm
win32:ja.extra = -$(INSTALL_FILE) ja.qm $$LOCALEINSTALLDIR\fwbuilder_ja.qm
pt_BR.path = $$PKGLOCALEDIR
!win32:pt_BR.extra = /usr/bin/install -c -m 644 pt_BR.qm $$LOCALEINSTALLDIR/fwbuilder_pt_BR.qm
win32:pt_BR.extra = -$(INSTALL_FILE) pt_BR.qm $$LOCALEINSTALLDIR\fwbuilder_pt_BR.qm
ru.path = $$PKGLOCALEDIR
!win32:ru.extra = /usr/bin/install -c -m 644 ru.qm $$LOCALEINSTALLDIR/fwbuilder_ru.qm
win32:ru.extra = -$(INSTALL_FILE) ru.qm $$LOCALEINSTALLDIR\fwbuilder_ru.qm
sv.path = $$PKGLOCALEDIR
!win32:sv.extra = /usr/bin/install -c -m 644 sv.qm $$LOCALEINSTALLDIR/fwbuilder_sv.qm
win32:sv.extra = -$(INSTALL_FILE) sv.qm $$LOCALEINSTALLDIR\fwbuilder_sv.qm
INSTALLS -= target
INSTALLS += de es fr ja pt_BR ru sv

7173
po/pt_BR.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/pt_BR.qm Normal file
View File

Binary file not shown.

19
po/remove-potcdate.sin Normal file
View File

@@ -0,0 +1,19 @@
# Sed script that remove the POT-Creation-Date line in the header entry
# from a POT file.
#
# The distinction between the first and the following occurrences of the
# pattern is achieved by looking at the hold space.
/^"POT-Creation-Date: .*"$/{
x
# Test if the hold space is empty.
s/P/P/
ta
# Yes it was empty. First occurrence. Remove the line.
g
d
bb
:a
# The hold space was nonempty. Following occurrences. Do nothing.
x
:b
}

6874
po/ru.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/ru.qm Normal file
View File

Binary file not shown.

13189
po/ru.ts Normal file
View File

File diff suppressed because it is too large Load Diff

7786
po/sv.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/sv.qm Normal file
View File

Binary file not shown.

4478
po/vi.po Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
po/vi.qm Normal file
View File

Binary file not shown.

77
qmake.inc.in Normal file
View File

@@ -0,0 +1,77 @@
#-*- mode: makefile; tab-width: 4; -*-
#
######### libfwbuilder/qmake.inc.in
#
QTDIR = $$(QTDIR)
TEMPLATE = app
SO_VERSION = @LIBFWBUILDER_SOLIB_VERSION@
DEFINES += $$(DEFINES)
INCLUDEPATH += .. ../.. $$(INCLUDEPATH) @LIBFWBUILDER_INCLUDEPATH@
LANGUAGE = C++
UI_DIR = ui
MANDIR = @MANDIR@
DOCDIR = @DOCDIR@
HAVE_ANTLR_RUNTIME = @HAVE_ANTLR_RUNTIME@
HAVE_EXTERNAL_ANTLR = @HAVE_EXTERNAL_ANTLR@
unix {
ANTLR_INCLUDEPATH = @ANTLR_INCLUDEPATH@
ANTLR_LIBS = @ANTLR_LIBS@
FWBPARSER_LIB = ../parsers/libfwbparser.a
}
unix {
!macx {
UI_DIR = .ui
MOC_DIR = .moc
OBJECTS_DIR = .obj
PREFIX = @PREFIX@
exec_prefix = @EXEC_PREFIX@
DESTDIR =
LIBS_FWCOMPILER = @LIBFWBUILDER_LIBS_FWCOMPILER@
LIBS_FWBUILDER = @LIBFWBUILDER_LIBS_FWBUILDER@
target.path = $$PREFIX/bin
dtd.path = @TEMPLATE_DIR@/
migration.path = @TEMPLATE_DIR@/migration
doc.path = @DOCDIR@
# win32:target.path = $$PREFIX/
# unix:target.path = $$PREFIX/share/fwbuilder/
# macx:target.path = $$PREFIX/
res.files = src/res/objects_init.xml src/res/templates.xml src/res/resources.xml
res.path = @RES_DIR@
res_os.files = src/res/os/*.xml
res_os.path = @RES_DIR@/os/
res_platform.files = src/res/platform/*.xml
res_platform.path = @RES_DIR@/platform/
INSTALLS += res
INSTALLS += res_os
INSTALLS += res_platform
# INSTALLS += icns
LIBS += $$LIBS_FWBUILDER @LIBS@
PKGLOCALEDIR = $$res.path/locale
CONFIG += warn_on debug
QMAKE_CFLAGS_DEBUG += -Wno-unused-parameter
QMAKE_CFLAGS_RELEASE += -Wno-unused-parameter
QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter @CXXFLAGS@
QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter @CXXFLAGS@
}
}
exists(qmake2.inc) {
include( qmake2.inc)
}
INSTALLS += target

57
runqmake.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
if test -f qtdir ; then
QTDIR=`cat qtdir`
export QTDIR
fi
test -z "${QMAKE}" && QMAKE="qmake"
echo "Running qmake: ${QMAKE}"
${QMAKE}
${QMAKE} -o src/Makefile src/src.pro
${QMAKE} -o src/res/Makefile src/res/res.pro
${QMAKE} -o src/tools/Makefile src/tools/tools.pro
${QMAKE} -o doc/Makefile doc/doc.pro
${QMAKE} -o po/Makefile po/po.pro
if test -n "$CCACHE"; then
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/antlr/Makefile src/antlr/antlr.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/gui/Makefile src/gui/gui.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/fwblookup/Makefile src/fwblookup/fwblookup.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/fwbedit/Makefile src/fwbedit/fwbedit.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipt/Makefile src/ipt/ipt.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/pflib/Makefile src/pflib/pflib.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/pf/Makefile src/pf/pf.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipf/Makefile src/ipf/ipf.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/ipfw/Makefile src/ipfw/ipfw.pro
${QMAKE} 'QMAKE_CXX=ccache g++' -o src/parsers/Makefile src/parsers/parsers.pro
test -d src/unit_tests && ${QMAKE} 'QMAKE_CXX=ccache g++' -o src/unit_tests/importer/Makefile \
src/unit_tests/importer/importer.pro
else
${QMAKE} -o src/antlr/Makefile src/antlr/antlr.pro
${QMAKE} -o src/gui/Makefile src/gui/gui.pro
${QMAKE} -o src/fwblookup/Makefile src/fwblookup/fwblookup.pro
${QMAKE} -o src/fwbedit/Makefile src/fwbedit/fwbedit.pro
${QMAKE} -o src/ipt/Makefile src/ipt/ipt.pro
${QMAKE} -o src/pflib/Makefile src/pflib/pflib.pro
${QMAKE} -o src/pf/Makefile src/pf/pf.pro
${QMAKE} -o src/ipf/Makefile src/ipf/ipf.pro
${QMAKE} -o src/ipfw/Makefile src/ipfw/ipfw.pro
${QMAKE} -o src/parsers/Makefile src/parsers/parsers.pro
test -d src/unit_tests && ${QMAKE} -o src/unit_tests/importer/Makefile \
src/unit_tests/importer/importer.pro
fi

202
someproj.kdevelop Normal file
View File

@@ -0,0 +1,202 @@
<?xml version = '1.0'?>
<kdevelop>
<general>
<author></author>
<email>root@abs</email>
<version>1</version>
<projectmanagement>KDevTrollProject</projectmanagement>
<primarylanguage>C++</primarylanguage>
<keywords>
<keyword>Qt</keyword>
</keywords>
<projectname>someproj</projectname>
<ignoreparts/>
<projectdirectory>.</projectdirectory>
<absoluteprojectpath>false</absoluteprojectpath>
<description></description>
<defaultencoding/>
</general>
<kdevfileview>
<groups>
<group pattern="*.cpp;*.cxx;*.h" name="Sources" />
<group pattern="*.ui" name="User Interface" />
<group pattern="*.png" name="Icons" />
<group pattern="*" name="Others" />
</groups>
<tree>
<hidepatterns>*.o,*.lo,CVS</hidepatterns>
<hidenonprojectfiles>false</hidenonprojectfiles>
</tree>
</kdevfileview>
<kdevdoctreeview>
<ignoretocs>
<toc>bash</toc>
<toc>bash_bugs</toc>
<toc>clanlib</toc>
<toc>w3c-dom-level2-html</toc>
<toc>fortran_bugs_gcc</toc>
<toc>gnome1</toc>
<toc>gnustep</toc>
<toc>gtk</toc>
<toc>gtk_bugs</toc>
<toc>haskell</toc>
<toc>haskell_bugs_ghc</toc>
<toc>java_bugs_gcc</toc>
<toc>java_bugs_sun</toc>
<toc>kde2book</toc>
<toc>opengl</toc>
<toc>pascal_bugs_fp</toc>
<toc>php</toc>
<toc>php_bugs</toc>
<toc>perl</toc>
<toc>perl_bugs</toc>
<toc>python</toc>
<toc>python_bugs</toc>
<toc>qt-kdev3</toc>
<toc>ruby</toc>
<toc>ruby_bugs</toc>
<toc>sdl</toc>
<toc>stl</toc>
<toc>w3c-svg</toc>
<toc>sw</toc>
<toc>w3c-uaag10</toc>
<toc>wxwidgets_bugs</toc>
</ignoretocs>
<ignoredoxygen>
<toc>KDE Libraries (Doxygen)</toc>
</ignoredoxygen>
</kdevdoctreeview>
<kdevdebugger>
<general>
<dbgshell></dbgshell>
<gdbpath></gdbpath>
<configGdbScript></configGdbScript>
<runShellScript></runShellScript>
<runGdbScript></runGdbScript>
<breakonloadinglibs>true</breakonloadinglibs>
<separatetty>false</separatetty>
<floatingtoolbar>false</floatingtoolbar>
<programargs></programargs>
</general>
<display>
<staticmembers>false</staticmembers>
<demanglenames>true</demanglenames>
<outputradix>10</outputradix>
</display>
</kdevdebugger>
<kdevcppsupport>
<qt>
<version>3</version>
<used>true</used>
<includestyle>3</includestyle>
<designerintegration>ExternalDesigner</designerintegration>
<root>/usr/lib/qt</root>
<qmake>/usr/lib/qt/bin/qmake</qmake>
<designer>/usr/lib/qt/bin/designer</designer>
<designerpluginpaths/>
</qt>
<codecompletion>
<automaticCodeCompletion>false</automaticCodeCompletion>
<automaticArgumentsHint>true</automaticArgumentsHint>
<automaticHeaderCompletion>true</automaticHeaderCompletion>
<codeCompletionDelay>250</codeCompletionDelay>
<argumentsHintDelay>400</argumentsHintDelay>
<headerCompletionDelay>250</headerCompletionDelay>
<showOnlyAccessibleItems>false</showOnlyAccessibleItems>
<completionBoxItemOrder>0</completionBoxItemOrder>
<howEvaluationContextMenu>true</howEvaluationContextMenu>
<showCommentWithArgumentHint>true</showCommentWithArgumentHint>
<statusBarTypeEvaluation>false</statusBarTypeEvaluation>
<namespaceAliases>std=_GLIBCXX_STD;__gnu_cxx=std</namespaceAliases>
<processPrimaryTypes>true</processPrimaryTypes>
<processFunctionArguments>false</processFunctionArguments>
<preProcessAllHeaders>false</preProcessAllHeaders>
<parseMissingHeadersExperimental>false</parseMissingHeadersExperimental>
<resolveIncludePathsUsingMakeExperimental>false</resolveIncludePathsUsingMakeExperimental>
<alwaysParseInBackground>true</alwaysParseInBackground>
<usePermanentCaching>true</usePermanentCaching>
<alwaysIncludeNamespaces>false</alwaysIncludeNamespaces>
<includePaths>.;</includePaths>
<includeGlobalFunctions>true</includeGlobalFunctions>
<includeTypes>true</includeTypes>
<includeEnums>true</includeEnums>
<includeTypedefs>false</includeTypedefs>
</codecompletion>
<creategettersetter>
<prefixGet></prefixGet>
<prefixSet>set</prefixSet>
<prefixVariable>m_,_</prefixVariable>
<parameterName>theValue</parameterName>
<inlineGet>true</inlineGet>
<inlineSet>true</inlineSet>
</creategettersetter>
<splitheadersource>
<enabled>false</enabled>
<synchronize>true</synchronize>
<orientation>Vertical</orientation>
</splitheadersource>
<references/>
</kdevcppsupport>
<kdevfilecreate>
<useglobaltypes>
<type ext="ui" />
<type ext="cpp" />
<type ext="h" />
</useglobaltypes>
</kdevfilecreate>
<kdevtrollproject>
<general>
<activedir></activedir>
</general>
<run>
<directoryradio>build</directoryradio>
<runarguments>
<someproj/>
<fwbuilder4/>
</runarguments>
<cwd>
<someproj>/svejak/svejak/someproj</someproj>
<fwbuilder4>/svejak/svejak/someproj</fwbuilder4>
</cwd>
<debugarguments>
<someproj/>
<fwbuilder4/>
</debugarguments>
<mainprogram>fwbuilder4</mainprogram>
<programargs></programargs>
<globaldebugarguments/>
<globalcwd>/svejak/svejak/someproj</globalcwd>
<useglobalprogram>true</useglobalprogram>
<terminal>false</terminal>
<autocompile>false</autocompile>
<autoinstall>false</autoinstall>
<autokdesu>false</autokdesu>
<envvars/>
<customdirectory>/</customdirectory>
</run>
<make>
<abortonerror>true</abortonerror>
<runmultiplejobs>false</runmultiplejobs>
<numberofjobs>1</numberofjobs>
<dontact>false</dontact>
<makebin></makebin>
<prio>0</prio>
<envvars/>
</make>
<qmake>
<savebehaviour>2</savebehaviour>
<replacePaths>false</replacePaths>
<disableDefaultOpts>true</disableDefaultOpts>
</qmake>
</kdevtrollproject>
<cppsupportpart>
<filetemplates>
<interfacesuffix>.h</interfacesuffix>
<implementationsuffix>.cpp</implementationsuffix>
</filetemplates>
</cppsupportpart>
<ctagspart>
<customArguments></customArguments>
<customTagfilePath></customTagfilePath>
</ctagspart>
</kdevelop>

BIN
someproj.kdevelop.pcs Normal file
View File

Binary file not shown.

33
someproj.kdevses Normal file
View File

@@ -0,0 +1,33 @@
<?xml version = '1.0' encoding = 'UTF-8'?>
<!DOCTYPE KDevPrjSession>
<KDevPrjSession>
<DocsAndViews NumberOfDocuments="3" >
<Doc0 NumberOfViews="1" URL="file:///home/krava/work/kdev/someproj/VERSION.h" >
<View0 line="0" Type="Source" />
</Doc0>
<Doc1 NumberOfViews="1" URL="file:///home/krava/work/kdev/someproj/config.h" >
<View0 line="0" Type="Source" />
</Doc1>
<Doc2 NumberOfViews="1" URL="file:///home/krava/work/kdev/someproj/src/gui/ObjectManipulator.h" >
<View0 line="246" Type="Source" />
</Doc2>
</DocsAndViews>
<pluginList>
<kdevdebugger>
<breakpointList>
<breakpoint0 location="/svejak/svejak/someproj/src/gui/main.cpp:351" type="1" tracingFormatString="" traceFormatStringEnabled="0" condition="" tracingEnabled="0" enabled="1" >
<tracedExpressions/>
</breakpoint0>
</breakpointList>
</kdevdebugger>
<kdevbookmarks>
<bookmarks/>
</kdevbookmarks>
<kdevvalgrind>
<executable path="" params="" />
<valgrind path="" params="" />
<calltree path="" params="" />
<kcachegrind path="" />
</kdevvalgrind>
</pluginList>
</KDevPrjSession>

14
someproj.old Normal file
View File

@@ -0,0 +1,14 @@
######################################################################
# Automatically generated by qmake (2.01a) Sun Aug 12 19:41:49 2007
######################################################################
TEMPLATE = app
TARGET =
DEPENDPATH += .
INCLUDEPATH += . /home/krava/work/extlibs/libxml/libxml2-2.6.23/include /usr/include/Qt /home/krava/work/libfwbuilder/src
QT += network qt3support
# Input
HEADERS += ./src/gui/utils_no_qt.h ./src/gui/FWBTree.h ./src/gui/utils.h VERSION.h ./src/gui/FWWindow.h ./src/gui/FWBMainWindow_q.h
SOURCES += ./src/gui/utils_no_qt.cpp ./src/gui/FWBTree.cpp ./src/gui/utils.cpp ./src/gui/main.cpp ./src/gui/FWWindow.cpp
LIBS += /usr/local/lib/libfwbuilder.so

5
src/.cvsignore Normal file
View File

@@ -0,0 +1,5 @@
.cvsignore
Makefile
.moc
.ui

59
src/antlr/ANTLRException.hpp Normal file
View File

@@ -0,0 +1,59 @@
#ifndef INC_ANTLRException_hpp__
#define INC_ANTLRException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ANTLRException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API ANTLRException
{
public:
/// Create ANTLR base exception without error message
ANTLRException() : text("")
{
}
/// Create ANTLR base exception with error message
ANTLRException(const ANTLR_USE_NAMESPACE(std)string& s)
: text(s)
{
}
virtual ~ANTLRException() throw()
{
}
/** Return complete error message with line/column number info (if present)
* @note for your own exceptions override this one. Call getMessage from
* here to get the 'clean' error message stored in the text attribute.
*/
virtual ANTLR_USE_NAMESPACE(std)string toString() const
{
return text;
}
/** Return error message without additional info (if present)
* @note when making your own exceptions classes override toString
* and call in toString getMessage which relays the text attribute
* from here.
*/
virtual ANTLR_USE_NAMESPACE(std)string getMessage() const
{
return text;
}
private:
ANTLR_USE_NAMESPACE(std)string text;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ANTLRException_hpp__

163
src/antlr/ANTLRUtil.cpp Normal file
View File

@@ -0,0 +1,163 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ANTLRUtil.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/IOException.hpp>
#include <iostream>
#include <cctype>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Eat whitespace from the input stream
* @param is the stream to read from
*/
ANTLR_USE_NAMESPACE(std)istream& eatwhite( ANTLR_USE_NAMESPACE(std)istream& is )
{
char c;
while( is.get(c) )
{
#ifdef ANTLR_CCTYPE_NEEDS_STD
if( !ANTLR_USE_NAMESPACE(std)isspace(c) )
#else
if( !isspace(c) )
#endif
{
is.putback(c);
break;
}
}
return is;
}
/** Read a string enclosed by '"' from a stream. Also handles escaping of \".
* Skips leading whitespace.
* @param in the istream to read from.
* @returns the string read from file exclusive the '"'
* @throws IOException if string is badly formatted
*/
ANTLR_USE_NAMESPACE(std)string read_string( ANTLR_USE_NAMESPACE(std)istream& in )
{
char ch;
ANTLR_USE_NAMESPACE(std)string ret("");
// States for a simple state machine...
enum { START, READING, ESCAPE, FINISHED };
int state = START;
eatwhite(in);
while( state != FINISHED && in.get(ch) )
{
switch( state )
{
case START:
// start state: check wether starting with " then switch to READING
if( ch != '"' )
throw IOException("string must start with '\"'");
state = READING;
continue;
case READING:
// reading state: look out for escape sequences and closing "
if( ch == '\\' ) // got escape sequence
{
state = ESCAPE;
continue;
}
if( ch == '"' ) // close quote -> stop
{
state = FINISHED;
continue;
}
ret += ch; // else append...
continue;
case ESCAPE:
switch(ch)
{
case '\\':
ret += ch;
state = READING;
continue;
case '"':
ret += ch;
state = READING;
continue;
case '0':
ret += '\0';
state = READING;
continue;
default: // unrecognized escape is not mapped
ret += '\\';
ret += ch;
state = READING;
continue;
}
}
}
if( state != FINISHED )
throw IOException("badly formatted string: "+ret);
return ret;
}
/* Read a ([A-Z][0-9][a-z]_)* kindoff thing. Skips leading whitespace.
* @param in the istream to read from.
*/
ANTLR_USE_NAMESPACE(std)string read_identifier( ANTLR_USE_NAMESPACE(std)istream& in )
{
char ch;
ANTLR_USE_NAMESPACE(std)string ret("");
eatwhite(in);
while( in.get(ch) )
{
#ifdef ANTLR_CCTYPE_NEEDS_STD
if( ANTLR_USE_NAMESPACE(std)isupper(ch) ||
ANTLR_USE_NAMESPACE(std)islower(ch) ||
ANTLR_USE_NAMESPACE(std)isdigit(ch) ||
ch == '_' )
#else
if( isupper(ch) || islower(ch) || isdigit(ch) || ch == '_' )
#endif
ret += ch;
else
{
in.putback(ch);
break;
}
}
return ret;
}
/** Read a attribute="value" thing. Leading whitespace is skipped.
* Between attribute and '=' no whitespace is allowed. After the '=' it is
* permitted.
* @param in the istream to read from.
* @param attribute string the attribute name is put in
* @param value string the value of the attribute is put in
* @throws IOException if something is fishy. E.g. malformed quoting
* or missing '='
*/
void read_AttributeNValue( ANTLR_USE_NAMESPACE(std)istream& in,
ANTLR_USE_NAMESPACE(std)string& attribute,
ANTLR_USE_NAMESPACE(std)string& value )
{
attribute = read_identifier(in);
char ch;
if( in.get(ch) && ch == '=' )
value = read_string(in);
else
throw IOException("invalid attribute=value thing "+attribute);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

53
src/antlr/ANTLRUtil.hpp Normal file
View File

@@ -0,0 +1,53 @@
#ifndef INC_ANTLRUtil_hpp__
#define INC_ANTLRUtil_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ANTLRUtil.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <iostream>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Eat whitespace from the input stream
* @param is the stream to read from
*/
ANTLR_USE_NAMESPACE(std)istream& eatwhite( ANTLR_USE_NAMESPACE(std)istream& is );
/** Read a string enclosed by '"' from a stream. Also handles escaping of \".
* Skips leading whitespace.
* @param in the istream to read from.
* @returns the string read from file exclusive the '"'
* @throws ios_base::failure if string is badly formatted
*/
ANTLR_USE_NAMESPACE(std)string read_string( ANTLR_USE_NAMESPACE(std)istream& in );
/* Read a ([A-Z][0-9][a-z]_)* kindoff thing. Skips leading whitespace.
* @param in the istream to read from.
*/
ANTLR_USE_NAMESPACE(std)string read_identifier( ANTLR_USE_NAMESPACE(std)istream& in );
/** Read a attribute="value" thing. Leading whitespace is skipped.
* Between attribute and '=' no whitespace is allowed. After the '=' it is
* permitted.
* @param in the istream to read from.
* @param attribute string the attribute name is put in
* @param value string the value of the attribute is put in
* @throws ios_base::failure if something is fishy. E.g. malformed quoting
* or missing '='
*/
void read_AttributeNValue( ANTLR_USE_NAMESPACE(std)istream& in,
ANTLR_USE_NAMESPACE(std)string& attribute,
ANTLR_USE_NAMESPACE(std)string& value );
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif

166
src/antlr/AST.hpp Normal file
View File

@@ -0,0 +1,166 @@
#ifndef INC_AST_hpp__
#define INC_AST_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: AST.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/ASTRefCount.hpp>
#include <antlr/Token.hpp>
#include <vector>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
struct ASTRef;
class ANTLR_API AST {
public:
AST() : ref(0) {}
AST(const AST&) : ref(0) {}
virtual ~AST() {}
/// Return the type name for this AST node. (for XML output)
virtual const char* typeName( void ) const = 0;
/// Clone this AST node.
virtual RefAST clone( void ) const = 0;
/// Is node t equal to this in terms of token type and text?
virtual bool equals(RefAST t) const = 0;
/** Is t an exact structural and equals() match of this tree. The
* 'this' reference is considered the start of a sibling list.
*/
virtual bool equalsList(RefAST t) const = 0;
/** Is 't' a subtree of this list? The siblings of the root are NOT ignored.
*/
virtual bool equalsListPartial(RefAST t) const = 0;
/** Is tree rooted at 'this' equal to 't'? The siblings of 'this' are
* ignored.
*/
virtual bool equalsTree(RefAST t) const = 0;
/** Is 't' a subtree of the tree rooted at 'this'? The siblings of
* 'this' are ignored.
*/
virtual bool equalsTreePartial(RefAST t) const = 0;
/** Walk the tree looking for all exact subtree matches. Return
* a vector of RefAST that lets the caller walk the list
* of subtree roots found herein.
*/
virtual ANTLR_USE_NAMESPACE(std)vector<RefAST> findAll(RefAST t) = 0;
/** Walk the tree looking for all subtrees. Return
* a vector of RefAST that lets the caller walk the list
* of subtree roots found herein.
*/
virtual ANTLR_USE_NAMESPACE(std)vector<RefAST> findAllPartial(RefAST t) = 0;
/// Add a node to the end of the child list for this node
virtual void addChild(RefAST c) = 0;
/// Get the number of children. Returns 0 if the node is a leaf
virtual size_t getNumberOfChildren() const = 0;
/// Get the first child of this node; null if no children
virtual RefAST getFirstChild() const = 0;
/// Get the next sibling in line after this one
virtual RefAST getNextSibling() const = 0;
/// Get the token text for this node
virtual ANTLR_USE_NAMESPACE(std)string getText() const = 0;
/// Get the token type for this node
virtual int getType() const = 0;
/** Various initialization routines. Used by several factories to initialize
* an AST element.
*/
virtual void initialize(int t, const ANTLR_USE_NAMESPACE(std)string& txt) = 0;
virtual void initialize(RefAST t) = 0;
virtual void initialize(RefToken t) = 0;
#ifdef ANTLR_SUPPORT_XML
/** initialize this node from the contents of a stream.
* @param in the stream to read the AST attributes from.
*/
virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in ) = 0;
#endif
/// Set the first child of a node.
virtual void setFirstChild(RefAST c) = 0;
/// Set the next sibling after this one.
virtual void setNextSibling(RefAST n) = 0;
/// Set the token text for this node
virtual void setText(const ANTLR_USE_NAMESPACE(std)string& txt) = 0;
/// Set the token type for this node
virtual void setType(int type) = 0;
/// Return this AST node as a string
virtual ANTLR_USE_NAMESPACE(std)string toString() const = 0;
/// Print out a child-sibling tree in LISP notation
virtual ANTLR_USE_NAMESPACE(std)string toStringList() const = 0;
virtual ANTLR_USE_NAMESPACE(std)string toStringTree() const = 0;
#ifdef ANTLR_SUPPORT_XML
/** get attributes of this node to 'out'. Override to customize XML
* output.
* @param out the stream to write the AST attributes to.
* @returns if a explicit closetag should be written
*/
virtual bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const = 0;
/** Print a symbol over ostream. Overload this one to customize the XML
* output for AST derived AST-types
* @param output stream
*/
virtual void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const = 0;
/** Dump AST contents in XML format to output stream.
* Works in conjunction with to_stream method. Overload that one is
* derived classes to customize behaviour.
* @param output stream to write to string to put the stuff in.
* @param ast RefAST object to write.
*/
friend ANTLR_USE_NAMESPACE(std)ostream& operator<<( ANTLR_USE_NAMESPACE(std)ostream& output, const RefAST& ast );
#endif
private:
friend struct ASTRef;
ASTRef* ref;
AST(RefAST other);
AST& operator=(const AST& other);
AST& operator=(RefAST other);
};
#ifdef ANTLR_SUPPORT_XML
inline ANTLR_USE_NAMESPACE(std)ostream& operator<<( ANTLR_USE_NAMESPACE(std)ostream& output, const RefAST& ast )
{
ast->toStream(output);
return output;
}
#endif
extern ANTLR_API RefAST nullAST;
extern ANTLR_API AST* const nullASTptr;
#ifdef NEEDS_OPERATOR_LESS_THAN
// RK: apparently needed by MSVC and a SUN CC, up to and including
// 2.7.2 this was undefined ?
inline bool operator<( RefAST l, RefAST r )
{
return nullAST == l ? ( nullAST == r ? false : true ) : l->getType() < r->getType();
}
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_AST_hpp__

45
src/antlr/ASTArray.hpp Normal file
View File

@@ -0,0 +1,45 @@
#ifndef INC_ASTArray_hpp__
#define INC_ASTArray_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTArray.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** ASTArray is a class that allows ANTLR to
* generate code that can create and initialize an array
* in one expression, like:
* (new ASTArray(3))->add(x)->add(y)->add(z)
*/
class ANTLR_API ASTArray {
public:
int size; // = 0;
ANTLR_USE_NAMESPACE(std)vector<RefAST> array;
ASTArray(int capacity)
: size(0)
, array(capacity)
{
}
ASTArray* add(RefAST node)
{
array[size++] = node;
return this;
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ASTArray_hpp__

504
src/antlr/ASTFactory.cpp Normal file
View File

@@ -0,0 +1,504 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTFactory.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/CommonAST.hpp"
#include "antlr/ANTLRException.hpp"
#include "antlr/IOException.hpp"
#include "antlr/ASTFactory.hpp"
#include "antlr/ANTLRUtil.hpp"
#include <iostream>
#include <istream>
using namespace std;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** AST Support code shared by TreeParser and Parser.
* We use delegation to share code (and have only one
* bit of code to maintain) rather than subclassing
* or superclassing (forces AST support code to be
* loaded even when you don't want to do AST stuff).
*
* This class collects all factories of AST types used inside the code.
* New AST node types are registered with the registerFactory method.
* On creation of an ASTFactory object a default AST node factory may be
* specified.
*
* When registering types gaps between different types are filled with entries
* for the default factory.
*/
/// Initialize factory
ASTFactory::ASTFactory()
: default_factory_descriptor(ANTLR_USE_NAMESPACE(std)make_pair(CommonAST::TYPE_NAME,&CommonAST::factory))
{
nodeFactories.resize( Token::MIN_USER_TYPE, &default_factory_descriptor );
}
/** Initialize factory with a non default node type.
* factory_node_name should be the name of the AST node type the factory
* generates. (should exist during the existance of this ASTFactory instance)
*/
ASTFactory::ASTFactory( const char* factory_node_name, factory_type fact )
: default_factory_descriptor(ANTLR_USE_NAMESPACE(std)make_pair(factory_node_name, fact))
{
nodeFactories.resize( Token::MIN_USER_TYPE, &default_factory_descriptor );
}
/// Delete ASTFactory
ASTFactory::~ASTFactory()
{
factory_descriptor_list::iterator i = nodeFactories.begin();
while( i != nodeFactories.end() )
{
if( *i != &default_factory_descriptor )
delete *i;
i++;
}
}
/// Register a factory for a given AST type
void ASTFactory::registerFactory( int type, const char* ast_name, factory_type factory )
{
// check validity of arguments...
if( type < Token::MIN_USER_TYPE )
throw ANTLRException("Internal parser error invalid type passed to RegisterFactory");
if( factory == 0 )
throw ANTLRException("Internal parser error 0 factory passed to RegisterFactory");
// resize up to and including 'type' and initalize any gaps to default
// factory.
if( nodeFactories.size() < (static_cast<unsigned int>(type)+1) )
nodeFactories.resize( type+1, &default_factory_descriptor );
// And add new thing..
nodeFactories[type] = new ANTLR_USE_NAMESPACE(std)pair<const char*, factory_type>( ast_name, factory );
}
void ASTFactory::setMaxNodeType( int type )
{
if( nodeFactories.size() < (static_cast<unsigned int>(type)+1) )
nodeFactories.resize( type+1, &default_factory_descriptor );
}
/** Create a new empty AST node; if the user did not specify
* an AST node type, then create a default one: CommonAST.
*/
RefAST ASTFactory::create()
{
RefAST node = nodeFactories[0]->second();
node->setType(Token::INVALID_TYPE);
return node;
}
RefAST ASTFactory::create(int type)
{
RefAST t = nodeFactories[type]->second();
t->initialize(type,"");
return t;
}
RefAST ASTFactory::create(int type, const ANTLR_USE_NAMESPACE(std)string& txt)
{
RefAST t = nodeFactories[type]->second();
t->initialize(type,txt);
return t;
}
#ifdef ANTLR_SUPPORT_XML
RefAST ASTFactory::create(const ANTLR_USE_NAMESPACE(std)string& type_name, ANTLR_USE_NAMESPACE(std)istream& infile )
{
factory_descriptor_list::iterator fact = nodeFactories.begin();
while( fact != nodeFactories.end() )
{
if( type_name == (*fact)->first )
{
RefAST t = (*fact)->second();
t->initialize(infile);
return t;
}
fact++;
}
string error = "ASTFactory::create: Unknown AST type '" + type_name + "'";
throw ANTLRException(error);
}
#endif
/** Create a new empty AST node; if the user did not specify
* an AST node type, then create a default one: CommonAST.
*/
RefAST ASTFactory::create(RefAST tr)
{
if (!tr)
return nullAST;
// cout << "create(tr)" << endl;
RefAST t = nodeFactories[tr->getType()]->second();
t->initialize(tr);
return t;
}
RefAST ASTFactory::create(RefToken tok)
{
// cout << "create( tok="<< tok->getType() << ", " << tok->getText() << ")" << nodeFactories.size() << endl;
RefAST t = nodeFactories[tok->getType()]->second();
t->initialize(tok);
return t;
}
/** Add a child to the current AST */
void ASTFactory::addASTChild(ASTPair& currentAST, RefAST child)
{
if (child)
{
if (!currentAST.root)
{
// Make new child the current root
currentAST.root = child;
}
else
{
if (!currentAST.child)
{
// Add new child to current root
currentAST.root->setFirstChild(child);
}
else
{
currentAST.child->setNextSibling(child);
}
}
// Make new child the current child
currentAST.child = child;
currentAST.advanceChildToEnd();
}
}
/** Deep copy a single node. This function the new clone() methods in the AST
* interface. Returns nullAST if t is null.
*/
RefAST ASTFactory::dup(RefAST t)
{
if( t )
return t->clone();
else
return RefAST(nullASTptr);
}
/** Duplicate tree including siblings of root. */
RefAST ASTFactory::dupList(RefAST t)
{
RefAST result = dupTree(t); // if t == null, then result==null
RefAST nt = result;
while( t )
{ // for each sibling of the root
t = t->getNextSibling();
nt->setNextSibling(dupTree(t)); // dup each subtree, building new tree
nt = nt->getNextSibling();
}
return result;
}
/** Duplicate a tree, assuming this is a root node of a tree
* duplicate that node and what's below; ignore siblings of root node.
*/
RefAST ASTFactory::dupTree(RefAST t)
{
RefAST result = dup(t); // make copy of root
// copy all children of root.
if( t )
result->setFirstChild( dupList(t->getFirstChild()) );
return result;
}
/** Make a tree from a list of nodes. The first element in the
* array is the root. If the root is null, then the tree is
* a simple list not a tree. Handles null children nodes correctly.
* For example, make(a, b, null, c) yields tree (a b c). make(null,a,b)
* yields tree (nil a b).
*/
RefAST ASTFactory::make(ANTLR_USE_NAMESPACE(std)vector<RefAST>& nodes)
{
if ( nodes.size() == 0 )
return RefAST(nullASTptr);
RefAST root = nodes[0];
RefAST tail = RefAST(nullASTptr);
if( root )
root->setFirstChild(RefAST(nullASTptr)); // don't leave any old pointers set
// link in children;
for( unsigned int i = 1; i < nodes.size(); i++ )
{
if ( nodes[i] == 0 ) // ignore null nodes
continue;
if ( root == 0 ) // Set the root and set it up for a flat list
root = tail = nodes[i];
else if ( tail == 0 )
{
root->setFirstChild(nodes[i]);
tail = root->getFirstChild();
}
else
{
tail->setNextSibling(nodes[i]);
tail = tail->getNextSibling();
}
if( tail ) // RK: I cannot fathom why this missing check didn't bite anyone else...
{
// Chase tail to last sibling
while (tail->getNextSibling())
tail = tail->getNextSibling();
}
}
return root;
}
/** Make a tree from a list of nodes, where the nodes are contained
* in an ASTArray object
*/
RefAST ASTFactory::make(ASTArray* nodes)
{
RefAST ret = make(nodes->array);
delete nodes;
return ret;
}
/// Make an AST the root of current AST
void ASTFactory::makeASTRoot( ASTPair& currentAST, RefAST root )
{
if (root)
{
// Add the current root as a child of new root
root->addChild(currentAST.root);
// The new current child is the last sibling of the old root
currentAST.child = currentAST.root;
currentAST.advanceChildToEnd();
// Set the new root
currentAST.root = root;
}
}
void ASTFactory::setASTNodeFactory( const char* factory_node_name,
factory_type factory )
{
default_factory_descriptor.first = factory_node_name;
default_factory_descriptor.second = factory;
}
#ifdef ANTLR_SUPPORT_XML
bool ASTFactory::checkCloseTag( ANTLR_USE_NAMESPACE(std)istream& in )
{
char ch;
if( in.get(ch) )
{
if( ch == '<' )
{
char ch2;
if( in.get(ch2) )
{
if( ch2 == '/' )
{
in.putback(ch2);
in.putback(ch);
return true;
}
in.putback(ch2);
in.putback(ch);
return false;
}
}
in.putback(ch);
return false;
}
return false;
}
void ASTFactory::loadChildren( ANTLR_USE_NAMESPACE(std)istream& infile,
RefAST current )
{
char ch;
for(;;) // for all children of this node....
{
eatwhite(infile);
infile.get(ch); // '<'
if( ch != '<' )
{
string error = "Invalid XML file... no '<' found (";
error += ch + ")";
throw IOException(error);
}
infile.get(ch); // / or text....
if( ch == '/' ) // check for close tag...
{
string temp;
// read until '>' and see if it matches the open tag... if not trouble
temp = read_identifier( infile );
if( strcmp(temp.c_str(), current->typeName() ) != 0 )
{
string error = "Invalid XML file... close tag does not match start tag: ";
error += current->typeName();
error += " closed by " + temp;
throw IOException(error);
}
infile.get(ch); // must be a '>'
if( ch != '>' )
{
string error = "Invalid XML file... no '>' found (";
error += ch + ")";
throw IOException(error);
}
// close tag => exit loop
break;
}
// put our 'look ahead' back where it came from
infile.putback(ch);
infile.putback('<');
// and recurse into the tree...
RefAST child = LoadAST(infile);
current->addChild( child );
}
}
void ASTFactory::loadSiblings(ANTLR_USE_NAMESPACE(std)istream& infile,
RefAST current )
{
for(;;)
{
eatwhite(infile);
if( infile.eof() )
break;
if( checkCloseTag(infile) )
break;
RefAST sibling = LoadAST(infile);
current->setNextSibling(sibling);
}
}
RefAST ASTFactory::LoadAST( ANTLR_USE_NAMESPACE(std)istream& infile )
{
RefAST current = nullAST;
char ch;
eatwhite(infile);
if( !infile.get(ch) )
return nullAST;
if( ch != '<' )
{
string error = "Invalid XML file... no '<' found (";
error += ch + ")";
throw IOException(error);
}
string ast_type = read_identifier(infile);
// create the ast of type 'ast_type'
current = create( ast_type, infile );
if( current == nullAST )
{
string error = "Unsuported AST type: " + ast_type;
throw IOException(error);
}
eatwhite(infile);
infile.get(ch);
// now if we have a '/' here it's a single node. If it's a '>' we get
// a tree with children
if( ch == '/' )
{
infile.get(ch); // get the closing '>'
if( ch != '>' )
{
string error = "Invalid XML file... no '>' found after '/' (";
error += ch + ")";
throw IOException(error);
}
// get the rest on this level
loadSiblings( infile, current );
return current;
}
// and finaly see if we got the close tag...
if( ch != '>' )
{
string error = "Invalid XML file... no '>' found (";
error += ch + ")";
throw IOException(error);
}
// handle the ones below this level..
loadChildren( infile, current );
// load the rest on this level...
loadSiblings( infile, current );
return current;
}
#endif // ANTLR_SUPPORT_XML
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
/* Heterogeneous AST/XML-I/O ramblings...
*
* So there is some heterogeneous AST support....
* basically in the code generators a new custom ast is generated without
* going throug the factory. It also expects the RefXAST to be defined.
*
* Is it maybe better to register all AST types with the ASTFactory class
* together with the respective factory methods.
*
* More and more I get the impression that hetero ast was a kindoff hack
* on top of ANTLR's normal AST system.
*
* The heteroast stuff will generate trouble for all astFactory.create( ... )
* invocations. Most of this is handled via getASTCreateString methods in the
* codegenerator. At the moment getASTCreateString(GrammarAtom, String) has
* slightly to little info to do it's job (ok the hack that is in now
* works, but it's an ugly hack)
*
* An extra caveat is the 'nice' action.g thing. Which also judiciously calls
* getASTCreateString methods because it handles the #( ... ) syntax.
* And converts that to ASTFactory calls.
*
*
*/

165
src/antlr/ASTFactory.hpp Normal file
View File

@@ -0,0 +1,165 @@
#ifndef INC_ASTFactory_hpp__
#define INC_ASTFactory_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTFactory.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#include <antlr/ASTArray.hpp>
#include <antlr/ASTPair.hpp>
#include <istream>
#include <utility>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
// Using these extra types to appease MSVC
typedef RefAST (*factory_type_)();
typedef ANTLR_USE_NAMESPACE(std)pair< const char*, factory_type_ > factory_descriptor_;
typedef ANTLR_USE_NAMESPACE(std)vector< factory_descriptor_* > factory_descriptor_list_;
/** AST Super Factory shared by TreeParser and Parser.
* This super factory maintains a map of all AST node types to their respective
* AST factories. One instance should be shared among a parser/treeparser
* chain.
*
* @todo check all this code for possible use of references in
* stead of RefAST's.
*/
class ANTLR_API ASTFactory {
public:
typedef factory_type_ factory_type;
typedef factory_descriptor_ factory_descriptor;
typedef factory_descriptor_list_ factory_descriptor_list;
protected:
/* The mapping of AST node type to factory..
*/
factory_descriptor default_factory_descriptor;
factory_descriptor_list nodeFactories;
public:
/// Make new factory. Per default (Ref)CommonAST instances are generated.
ASTFactory();
/** Initialize factory with a non default node type.
* factory_node_name should be the name of the AST node type the factory
* generates. (should exist during the existance of this ASTFactory
* instance)
*/
ASTFactory( const char* factory_node_name, factory_type factory );
/// Destroy factory
virtual ~ASTFactory();
/// Register a node factory for the node type type with name ast_name
void registerFactory( int type, const char* ast_name, factory_type factory );
/// Set the maximum node (AST) type this factory may encounter
void setMaxNodeType( int type );
/// Add a child to the current AST
void addASTChild(ASTPair& currentAST, RefAST child);
/// Create new empty AST node. The right default type shou
virtual RefAST create();
/// Create AST node of the right type for 'type'
RefAST create(int type);
/// Create AST node of the right type for 'type' and initialize with txt
RefAST create(int type, const ANTLR_USE_NAMESPACE(std)string& txt);
/// Create duplicate of tr
RefAST create(RefAST tr);
/// Create new AST node and initialize contents from a token.
RefAST create(RefToken tok);
/// Create new AST node and initialize contents from a stream.
RefAST create(const ANTLR_USE_NAMESPACE(std)string& txt, ANTLR_USE_NAMESPACE(std)istream& infile );
/** Deep copy a single node. This function the new clone() methods in the
* AST interface. Returns a new RefAST(nullASTptr) if t is null.
*/
RefAST dup(RefAST t);
/// Duplicate tree including siblings of root.
RefAST dupList(RefAST t);
/** Duplicate a tree, assuming this is a root node of a tree--
* duplicate that node and what's below; ignore siblings of root node.
*/
RefAST dupTree(RefAST t);
/** Make a tree from a list of nodes. The first element in the
* array is the root. If the root is null, then the tree is
* a simple list not a tree. Handles null children nodes correctly.
* For example, make(a, b, null, c) yields tree (a b c). make(null,a,b)
* yields tree (nil a b).
*/
RefAST make(ANTLR_USE_NAMESPACE(std)vector<RefAST>& nodes);
/** Make a tree from a list of nodes, where the nodes are contained
* in an ASTArray object. The ASTArray is deleted after use.
* @todo FIXME! I have a feeling we can get rid of this ugly ASTArray thing
*/
RefAST make(ASTArray* nodes);
/// Make an AST the root of current AST
void makeASTRoot(ASTPair& currentAST, RefAST root);
/** Set a new default AST type.
* factory_node_name should be the name of the AST node type the factory
* generates. (should exist during the existance of this ASTFactory
* instance).
* Only change factory between parser runs. You might get unexpected results
* otherwise.
*/
void setASTNodeFactory( const char* factory_node_name, factory_type factory );
#ifdef ANTLR_SUPPORT_XML
/** Load a XML AST from stream. Make sure you have all the factories
* registered before use.
* @note this 'XML' stuff is quite rough still. YMMV.
*/
RefAST LoadAST( ANTLR_USE_NAMESPACE(std)istream& infile );
#endif
protected:
void loadChildren( ANTLR_USE_NAMESPACE(std)istream& infile, RefAST current );
void loadSiblings( ANTLR_USE_NAMESPACE(std)istream& infile, RefAST current );
bool checkCloseTag( ANTLR_USE_NAMESPACE(std)istream& infile );
#ifdef ANTLR_VECTOR_HAS_AT
/// construct a node of 'type'
inline RefAST getNodeOfType( unsigned int type )
{
return RefAST(nodeFactories.at(type)->second());
}
/// get the name of the node 'type'
const char* getASTNodeType( unsigned int type )
{
return nodeFactories.at(type)->first;
}
/// get the factory used for node 'type'
factory_type getASTNodeFactory( unsigned int type )
{
return nodeFactories.at(type)->second;
}
#else
inline RefAST getNodeOfType( unsigned int type )
{
return RefAST(nodeFactories[type]->second());
}
/// get the name of the node 'type'
const char* getASTNodeType( unsigned int type )
{
return nodeFactories[type]->first;
}
factory_type getASTNodeFactory( unsigned int type )
{
return nodeFactories[type]->second;
}
#endif
private:
// no copying and such..
ASTFactory( const ASTFactory& );
ASTFactory& operator=( const ASTFactory& );
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ASTFactory_hpp__

157
src/antlr/ASTNULLType.cpp Normal file
View File

@@ -0,0 +1,157 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTNULLType.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/config.hpp"
#include "antlr/AST.hpp"
#include "antlr/ASTNULLType.hpp"
#include <iostream>
ANTLR_USING_NAMESPACE(std)
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
RefAST ASTNULLType::clone( void ) const
{
return RefAST(this);
}
void ASTNULLType::addChild( RefAST )
{
}
size_t ASTNULLType::getNumberOfChildren() const
{
return 0;
}
bool ASTNULLType::equals( RefAST ) const
{
return false;
}
bool ASTNULLType::equalsList( RefAST ) const
{
return false;
}
bool ASTNULLType::equalsListPartial( RefAST ) const
{
return false;
}
bool ASTNULLType::equalsTree( RefAST ) const
{
return false;
}
bool ASTNULLType::equalsTreePartial( RefAST ) const
{
return false;
}
vector<RefAST> ASTNULLType::findAll( RefAST )
{
return vector<RefAST>();
}
vector<RefAST> ASTNULLType::findAllPartial( RefAST )
{
return vector<RefAST>();
}
RefAST ASTNULLType::getFirstChild() const
{
return this;
}
RefAST ASTNULLType::getNextSibling() const
{
return this;
}
string ASTNULLType::getText() const
{
return "<ASTNULL>";
}
int ASTNULLType::getType() const
{
return Token::NULL_TREE_LOOKAHEAD;
}
void ASTNULLType::initialize( int, const string& )
{
}
void ASTNULLType::initialize( RefAST )
{
}
void ASTNULLType::initialize( RefToken )
{
}
#ifdef ANTLR_SUPPORT_XML
void ASTNULLType::initialize( istream& )
{
}
#endif
void ASTNULLType::setFirstChild( RefAST )
{
}
void ASTNULLType::setNextSibling( RefAST )
{
}
void ASTNULLType::setText( const string& )
{
}
void ASTNULLType::setType( int )
{
}
string ASTNULLType::toString() const
{
return getText();
}
string ASTNULLType::toStringList() const
{
return getText();
}
string ASTNULLType::toStringTree() const
{
return getText();
}
#ifdef ANTLR_SUPPORT_XML
bool ASTNULLType::attributesToStream( ostream& ) const
{
return false;
}
void ASTNULLType::toStream( ostream& out ) const
{
out << "</ASTNULL>" << endl;
}
#endif
const char* ASTNULLType::typeName( void ) const
{
return "ASTNULLType";
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

64
src/antlr/ASTNULLType.hpp Normal file
View File

@@ -0,0 +1,64 @@
#ifndef INC_ASTNULLType_hpp__
#define INC_ASTNULLType_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTNULLType.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#include <iostream>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** There is only one instance of this class **/
class ANTLR_API ASTNULLType : public AST {
public:
const char* typeName( void ) const;
RefAST clone( void ) const;
void addChild(RefAST c);
size_t getNumberOfChildren() const;
void setFirstChild(RefAST c);
void setNextSibling(RefAST n);
bool equals(RefAST t) const;
bool equalsList(RefAST t) const;
bool equalsListPartial(RefAST t) const;
bool equalsTree(RefAST t) const;
bool equalsTreePartial(RefAST t) const;
ANTLR_USE_NAMESPACE(std)vector<RefAST> findAll(RefAST tree);
ANTLR_USE_NAMESPACE(std)vector<RefAST> findAllPartial(RefAST subtree);
RefAST getFirstChild() const;
RefAST getNextSibling() const;
ANTLR_USE_NAMESPACE(std)string getText() const;
int getType() const;
void initialize(int t, const ANTLR_USE_NAMESPACE(std)string& txt);
void initialize(RefAST t);
void initialize(RefToken t);
void initialize(ANTLR_USE_NAMESPACE(std)istream& infile);
void setText(const ANTLR_USE_NAMESPACE(std)string& text);
void setType(int ttype);
ANTLR_USE_NAMESPACE(std)string toString() const;
ANTLR_USE_NAMESPACE(std)string toStringList() const;
ANTLR_USE_NAMESPACE(std)string toStringTree() const;
bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const;
void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ASTNULLType_hpp__

57
src/antlr/ASTPair.hpp Normal file
View File

@@ -0,0 +1,57 @@
#ifndef INC_ASTPair_hpp__
#define INC_ASTPair_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTPair.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** ASTPair: utility class used for manipulating a pair of ASTs
* representing the current AST root and current AST sibling.
* This exists to compensate for the lack of pointers or 'var'
* arguments in Java.
*
* OK, so we can do those things in C++, but it seems easier
* to stick with the Java way for now.
*/
class ANTLR_API ASTPair {
public:
RefAST root; // current root of tree
RefAST child; // current child to which siblings are added
/** Make sure that child is the last sibling */
void advanceChildToEnd() {
if (child) {
while (child->getNextSibling()) {
child = child->getNextSibling();
}
}
}
// /** Copy an ASTPair. Don't call it clone() because we want type-safety */
// ASTPair copy() {
// ASTPair tmp = new ASTPair();
// tmp.root = root;
// tmp.child = child;
// return tmp;
// }
ANTLR_USE_NAMESPACE(std)string toString() const {
ANTLR_USE_NAMESPACE(std)string r = !root ? ANTLR_USE_NAMESPACE(std)string("null") : root->getText();
ANTLR_USE_NAMESPACE(std)string c = !child ? ANTLR_USE_NAMESPACE(std)string("null") : child->getText();
return "["+r+","+c+"]";
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ASTPair_hpp__

41
src/antlr/ASTRefCount.cpp Normal file
View File

@@ -0,0 +1,41 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTRefCount.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/ASTRefCount.hpp"
#include "antlr/AST.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
ASTRef::ASTRef(AST* p)
: ptr(p), count(1)
{
if (p && !p->ref)
p->ref = this;
}
ASTRef::~ASTRef()
{
delete ptr;
}
ASTRef* ASTRef::getRef(const AST* p)
{
if (p) {
AST* pp = const_cast<AST*>(p);
if (pp->ref)
return pp->ref->increment();
else
return new ASTRef(pp);
} else
return 0;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

98
src/antlr/ASTRefCount.hpp Normal file
View File

@@ -0,0 +1,98 @@
#ifndef INC_ASTRefCount_hpp__
# define INC_ASTRefCount_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ASTRefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
# include <antlr/config.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class AST;
struct ANTLR_API ASTRef
{
AST* const ptr;
unsigned int count;
ASTRef(AST* p);
~ASTRef();
ASTRef* increment()
{
++count;
return this;
}
bool decrement()
{
return (--count==0);
}
static ASTRef* getRef(const AST* p);
private:
ASTRef( const ASTRef& );
ASTRef& operator=( const ASTRef& );
};
template<class T>
class ANTLR_API ASTRefCount
{
private:
ASTRef* ref;
public:
ASTRefCount(const AST* p=0)
: ref(p ? ASTRef::getRef(p) : 0)
{
}
ASTRefCount(const ASTRefCount<T>& other)
: ref(other.ref ? other.ref->increment() : 0)
{
}
~ASTRefCount()
{
if (ref && ref->decrement())
delete ref;
}
ASTRefCount<T>& operator=(AST* other)
{
ASTRef* tmp = ASTRef::getRef(other);
if (ref && ref->decrement())
delete ref;
ref=tmp;
return *this;
}
ASTRefCount<T>& operator=(const ASTRefCount<T>& other)
{
if( other.ref != ref )
{
ASTRef* tmp = other.ref ? other.ref->increment() : 0;
if (ref && ref->decrement())
delete ref;
ref=tmp;
}
return *this;
}
operator T* () const { return ref ? static_cast<T*>(ref->ptr) : 0; }
T* operator->() const { return ref ? static_cast<T*>(ref->ptr) : 0; }
T* get() const { return ref ? static_cast<T*>(ref->ptr) : 0; }
};
typedef ASTRefCount<AST> RefAST;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ASTRefCount_hpp__

281
src/antlr/BaseAST.cpp Normal file
View File

@@ -0,0 +1,281 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: BaseAST.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/config.hpp"
#include <iostream>
#include "antlr/AST.hpp"
#include "antlr/BaseAST.hpp"
ANTLR_USING_NAMESPACE(std)
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
size_t BaseAST::getNumberOfChildren() const
{
RefBaseAST t = this->down;
size_t n = 0;
if( t )
{
n = 1;
while( t->right )
{
t = t->right;
n++;
}
return n;
}
return n;
}
void BaseAST::doWorkForFindAll(
ANTLR_USE_NAMESPACE(std)vector<RefAST>& v,
RefAST target,bool partialMatch)
{
// Start walking sibling lists, looking for matches.
for (RefAST sibling=this;
sibling;
sibling=sibling->getNextSibling())
{
if ( (partialMatch && sibling->equalsTreePartial(target)) ||
(!partialMatch && sibling->equalsTree(target)) ) {
v.push_back(sibling);
}
// regardless of match or not, check any children for matches
if ( sibling->getFirstChild() ) {
RefBaseAST(sibling->getFirstChild())->doWorkForFindAll(v, target, partialMatch);
}
}
}
/** Is t an exact structural and equals() match of this tree. The
* 'this' reference is considered the start of a sibling list.
*/
bool BaseAST::equalsList(RefAST t) const
{
// the empty tree is not a match of any non-null tree.
if (!t)
return false;
// Otherwise, start walking sibling lists. First mismatch, return false.
RefAST sibling=this;
for (;sibling && t;
sibling=sibling->getNextSibling(), t=t->getNextSibling()) {
// as a quick optimization, check roots first.
if (!sibling->equals(t))
return false;
// if roots match, do full list match test on children.
if (sibling->getFirstChild()) {
if (!sibling->getFirstChild()->equalsList(t->getFirstChild()))
return false;
}
// sibling has no kids, make sure t doesn't either
else if (t->getFirstChild())
return false;
}
if (!sibling && !t)
return true;
// one sibling list has more than the other
return false;
}
/** Is 'sub' a subtree of this list?
* The siblings of the root are NOT ignored.
*/
bool BaseAST::equalsListPartial(RefAST sub) const
{
// the empty tree is always a subset of any tree.
if (!sub)
return true;
// Otherwise, start walking sibling lists. First mismatch, return false.
RefAST sibling=this;
for (;sibling && sub;
sibling=sibling->getNextSibling(), sub=sub->getNextSibling()) {
// as a quick optimization, check roots first.
if (!sibling->equals(sub))
return false;
// if roots match, do partial list match test on children.
if (sibling->getFirstChild())
if (!sibling->getFirstChild()->equalsListPartial(sub->getFirstChild()))
return false;
}
if (!sibling && sub)
// nothing left to match in this tree, but subtree has more
return false;
// either both are null or sibling has more, but subtree doesn't
return true;
}
/** Is tree rooted at 'this' equal to 't'? The siblings
* of 'this' are ignored.
*/
bool BaseAST::equalsTree(RefAST t) const
{
// check roots first
if (!equals(t))
return false;
// if roots match, do full list match test on children.
if (getFirstChild()) {
if (!getFirstChild()->equalsList(t->getFirstChild()))
return false;
}
// sibling has no kids, make sure t doesn't either
else if (t->getFirstChild())
return false;
return true;
}
/** Is 'sub' a subtree of the tree rooted at 'this'? The siblings
* of 'this' are ignored.
*/
bool BaseAST::equalsTreePartial(RefAST sub) const
{
// the empty tree is always a subset of any tree.
if (!sub)
return true;
// check roots first
if (!equals(sub))
return false;
// if roots match, do full list partial match test on children.
if (getFirstChild())
if (!getFirstChild()->equalsListPartial(sub->getFirstChild()))
return false;
return true;
}
/** Walk the tree looking for all exact subtree matches. Return
* an ASTEnumerator that lets the caller walk the list
* of subtree roots found herein.
*/
ANTLR_USE_NAMESPACE(std)vector<RefAST> BaseAST::findAll(RefAST target)
{
ANTLR_USE_NAMESPACE(std)vector<RefAST> roots;
// the empty tree cannot result in an enumeration
if (target) {
doWorkForFindAll(roots,target,false); // find all matches recursively
}
return roots;
}
/** Walk the tree looking for all subtrees. Return
* an ASTEnumerator that lets the caller walk the list
* of subtree roots found herein.
*/
ANTLR_USE_NAMESPACE(std)vector<RefAST> BaseAST::findAllPartial(RefAST target)
{
ANTLR_USE_NAMESPACE(std)vector<RefAST> roots;
// the empty tree cannot result in an enumeration
if (target)
doWorkForFindAll(roots,target,true); // find all matches recursively
return roots;
}
ANTLR_USE_NAMESPACE(std)string BaseAST::toStringList() const
{
ANTLR_USE_NAMESPACE(std)string ts="";
if (getFirstChild())
{
ts+=" ( ";
ts+=toString();
ts+=getFirstChild()->toStringList();
ts+=" )";
}
else
{
ts+=" ";
ts+=toString();
}
if (getNextSibling())
ts+=getNextSibling()->toStringList();
return ts;
}
ANTLR_USE_NAMESPACE(std)string BaseAST::toStringTree() const
{
ANTLR_USE_NAMESPACE(std)string ts = "";
if (getFirstChild())
{
ts+=" ( ";
ts+=toString();
ts+=getFirstChild()->toStringList();
ts+=" )";
}
else
{
ts+=" ";
ts+=toString();
}
return ts;
}
#ifdef ANTLR_SUPPORT_XML
/* This whole XML output stuff needs a little bit more thought
* I'd like to store extra XML data in the node. e.g. for custom ast's
* with for instance symboltable references. This
* should be more pluggable..
* @returns boolean value indicating wether a closetag should be produced.
*/
bool BaseAST::attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const
{
out << "text=\"" << this->getText()
<< "\" type=\"" << this->getType() << "\"";
return false;
}
void BaseAST::toStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const
{
for( RefAST node = this; node != 0; node = node->getNextSibling() )
{
out << "<" << this->typeName() << " ";
// Write out attributes and if there is extra data...
bool need_close_tag = node->attributesToStream( out );
if( need_close_tag )
{
// got children so write them...
if( node->getFirstChild() != 0 )
node->getFirstChild()->toStream( out );
// and a closing tag..
out << "</" << node->typeName() << ">" << endl;
}
}
}
#endif
// this is nasty, but it makes the code generation easier
ANTLR_API RefAST nullAST;
#if defined(_MSC_VER) && !defined(__ICL) // Microsoft Visual C++
extern ANTLR_API AST* const nullASTptr = 0;
#else
ANTLR_API AST* const nullASTptr = 0;
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

193
src/antlr/BaseAST.hpp Normal file
View File

@@ -0,0 +1,193 @@
#ifndef INC_BaseAST_hpp__
#define INC_BaseAST_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: BaseAST.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#include <iostream>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API BaseAST;
typedef ASTRefCount<BaseAST> RefBaseAST;
class ANTLR_API BaseAST : public AST {
public:
BaseAST() : AST()
{
}
BaseAST(const BaseAST& other)
: AST(other)
{
}
virtual ~BaseAST()
{
}
/// Return the class name
virtual const char* typeName( void ) const = 0;
/// Clone this AST node.
virtual RefAST clone( void ) const = 0;
/// Is node t equal to this in terms of token type and text?
virtual bool equals(RefAST t) const;
/** Is t an exact structural and equals() match of this tree. The
* 'this' reference is considered the start of a sibling list.
*/
virtual bool equalsList(RefAST t) const;
/** Is 't' a subtree of this list? The siblings of the root are NOT ignored.
*/
virtual bool equalsListPartial(RefAST t) const;
/** Is tree rooted at 'this' equal to 't'? The siblings of 'this' are
* ignored.
*/
virtual bool equalsTree(RefAST t) const;
/** Is 't' a subtree of the tree rooted at 'this'? The siblings of
* 'this' are ignored.
*/
virtual bool equalsTreePartial(RefAST t) const;
/** Walk the tree looking for all exact subtree matches. Return
* an ASTEnumerator that lets the caller walk the list
* of subtree roots found herein.
*/
virtual ANTLR_USE_NAMESPACE(std)vector<RefAST> findAll(RefAST t);
/** Walk the tree looking for all subtrees. Return
* an ASTEnumerator that lets the caller walk the list
* of subtree roots found herein.
*/
virtual ANTLR_USE_NAMESPACE(std)vector<RefAST> findAllPartial(RefAST t);
/// Add a node to the end of the child list for this node
virtual void addChild(RefAST c)
{
if( !c )
return;
RefBaseAST tmp = down;
if (tmp)
{
while (tmp->right)
tmp = tmp->right;
tmp->right = c;
}
else
down = c;
}
/** Get the number of child nodes of this node (shallow e.g. not of the
* whole tree it spans).
*/
virtual size_t getNumberOfChildren() const;
/// Get the first child of this node; null if no children
virtual RefAST getFirstChild() const
{
return RefAST(down);
}
/// Get the next sibling in line after this one
virtual RefAST getNextSibling() const
{
return RefAST(right);
}
/// Get the token text for this node
virtual ANTLR_USE_NAMESPACE(std)string getText() const
{
return "";
}
/// Get the token type for this node
virtual int getType() const
{
return 0;
}
/// Remove all children
virtual void removeChildren()
{
down = static_cast<BaseAST*>(static_cast<AST*>(nullAST));
}
/// Set the first child of a node.
virtual void setFirstChild(RefAST c)
{
down = static_cast<BaseAST*>(static_cast<AST*>(c));
}
/// Set the next sibling after this one.
virtual void setNextSibling(RefAST n)
{
right = static_cast<BaseAST*>(static_cast<AST*>(n));
}
/// Set the token text for this node
virtual void setText(const ANTLR_USE_NAMESPACE(std)string& txt)
{
}
/// Set the token type for this node
virtual void setType(int type)
{
}
#ifdef ANTLR_SUPPORT_XML
/** print attributes of this node to 'out'. Override to customize XML
* output.
* @param out the stream to write the AST attributes to.
*/
virtual bool attributesToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const;
/** Write this subtree to a stream. Overload this one to customize the XML
* output for AST derived AST-types
* @param output stream
*/
virtual void toStream( ANTLR_USE_NAMESPACE(std)ostream &out ) const;
#endif
/// Return string representation for the AST
virtual ANTLR_USE_NAMESPACE(std)string toString() const
{
return getText();
}
/// Print out a child sibling tree in LISP notation
virtual ANTLR_USE_NAMESPACE(std)string toStringList() const;
virtual ANTLR_USE_NAMESPACE(std)string toStringTree() const;
protected:
RefBaseAST down;
RefBaseAST right;
private:
void doWorkForFindAll(ANTLR_USE_NAMESPACE(std)vector<RefAST>& v,
RefAST target,
bool partialMatch);
};
/** Is node t equal to this in terms of token type and text?
*/
inline bool BaseAST::equals(RefAST t) const
{
if (!t)
return false;
return ((getType() == t->getType()) && (getText() == t->getText()));
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_BaseAST_hpp__

62
src/antlr/BitSet.cpp Normal file
View File

@@ -0,0 +1,62 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: BitSet.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/BitSet.hpp"
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
BitSet::BitSet(unsigned int nbits)
: storage(nbits)
{
for (unsigned int i = 0; i < nbits ; i++ )
storage[i] = false;
}
BitSet::BitSet( const unsigned long* bits_, unsigned int nlongs )
: storage(nlongs*32)
{
for ( unsigned int i = 0 ; i < (nlongs * 32); i++)
storage[i] = (bits_[i>>5] & (1UL << (i&31))) ? true : false;
}
BitSet::~BitSet()
{
}
void BitSet::add(unsigned int el)
{
if( el >= storage.size() )
storage.resize( el+1, false );
storage[el] = true;
}
bool BitSet::member(unsigned int el) const
{
if ( el >= storage.size())
return false;
return storage[el];
}
ANTLR_USE_NAMESPACE(std)vector<unsigned int> BitSet::toArray() const
{
ANTLR_USE_NAMESPACE(std)vector<unsigned int> elems;
for (unsigned int i = 0; i < storage.size(); i++)
{
if (storage[i])
elems.push_back(i);
}
return elems;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

60
src/antlr/BitSet.hpp Normal file
View File

@@ -0,0 +1,60 @@
#ifndef INC_BitSet_hpp__
#define INC_BitSet_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: BitSet.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <vector>
#include <stdexcept>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A BitSet to replace java.util.BitSet.
* Primary differences are that most set operators return new sets
* as opposed to oring and anding "in place". Further, a number of
* operations were added. I cannot contain a BitSet because there
* is no way to access the internal bits (which I need for speed)
* and, because it is final, I cannot subclass to add functionality.
* Consider defining set degree. Without access to the bits, I must
* call a method n times to test the ith bit...ack!
*
* Also seems like or() from util is wrong when size of incoming set is bigger
* than this.length.
*
* This is a C++ version of the Java class described above, with only
* a handful of the methods implemented, because we don't need the
* others at runtime. It's really just a wrapper around vector<bool>,
* which should probably be changed to a wrapper around bitset, once
* bitset is more widely available.
*
* @author Terence Parr, MageLang Institute
* @author <br><a href="mailto:pete@yamuna.demon.co.uk">Pete Wells</a>
*/
class ANTLR_API BitSet {
private:
ANTLR_USE_NAMESPACE(std)vector<bool> storage;
public:
BitSet( unsigned int nbits=64 );
BitSet( const unsigned long* bits_, unsigned int nlongs);
~BitSet();
void add( unsigned int el );
bool member( unsigned int el ) const;
ANTLR_USE_NAMESPACE(std)vector<unsigned int> toArray() const;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_BitSet_hpp__

52
src/antlr/CharBuffer.cpp Normal file
View File

@@ -0,0 +1,52 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/CharBuffer.hpp"
#include <iostream>
//#include <ios>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/* RK: Per default istream does not throw exceptions. This can be
* enabled with:
* stream.exceptions(ios_base::badbit|ios_base::failbit|ios_base::eofbit);
*
* We could try catching the bad/fail stuff. But handling eof via this is
* not a good idea. EOF is best handled as a 'normal' character.
*
* So this does not work yet with gcc... Comment it until I get to a platform
* that does..
*/
/** Create a character buffer. Enable fail and bad exceptions, if supported
* by platform. */
CharBuffer::CharBuffer(ANTLR_USE_NAMESPACE(std)istream& input_)
: input(input_)
{
// input.exceptions(ANTLR_USE_NAMESPACE(std)ios_base::badbit|
// ANTLR_USE_NAMESPACE(std)ios_base::failbit);
}
/** Get the next character from the stream. May throw CharStreamIOException
* when something bad happens (not EOF) (if supported by platform).
*/
int CharBuffer::getChar()
{
// try {
return input.get();
// }
// catch (ANTLR_USE_NAMESPACE(std)ios_base::failure& e) {
// throw CharStreamIOException(e);
// }
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

56
src/antlr/CharBuffer.hpp Normal file
View File

@@ -0,0 +1,56 @@
#ifndef INC_CharBuffer_hpp__
#define INC_CharBuffer_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <istream>
#include <antlr/InputBuffer.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**A Stream of characters fed to the lexer from a InputStream that can
* be rewound via mark()/rewind() methods.
* <p>
* A dynamic array is used to buffer up all the input characters. Normally,
* "k" characters are stored in the buffer. More characters may be stored
* during guess mode (testing syntactic predicate), or when LT(i>k) is
* referenced.
* Consumption of characters is deferred. In other words, reading the next
* character is not done by consume(), but deferred until needed by LA or LT.
* <p>
*
* @see antlr.CharQueue
*/
class ANTLR_API CharBuffer : public InputBuffer {
public:
/// Create a character buffer
CharBuffer( ANTLR_USE_NAMESPACE(std)istream& input );
/// Get the next character from the stream
int getChar();
protected:
// character source
ANTLR_USE_NAMESPACE(std)istream& input;
private:
// NOTE: Unimplemented
CharBuffer(const CharBuffer& other);
CharBuffer& operator=(const CharBuffer& other);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CharBuffer_hpp__

77
src/antlr/CharInputBuffer.hpp Normal file
View File

@@ -0,0 +1,77 @@
#ifndef INC_CharInputBuffer_hpp__
# define INC_CharInputBuffer_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharInputBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
# include <antlr/config.hpp>
# include <antlr/InputBuffer.hpp>
# ifdef HAS_NOT_CCTYPE_H
# include <ctype.h>
# else
# include <cctype>
# endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** CharInputBuffer.hpp provides an InputBuffer for plain character arrays (buffers).
*/
class CharInputBuffer : public InputBuffer
{
public:
/** Construct a CharInputBuffer.hpp object with a char* buffer of 'size'
* if 'owner' is true, then the buffer will be delete[]-ed on destruction.
* @note it is assumed the buffer was allocated with new[]!
*/
CharInputBuffer( unsigned char* buf, size_t size, bool owner = false )
: buffer(buf)
, ptr(buf)
, end(buf + size)
, delete_buffer(owner)
{
}
/** Destructor
* @note If you're using malloced data, then you probably need to change
* this destructor. Or better use this class as template for your own.
*/
~CharInputBuffer( void )
{
if( delete_buffer && buffer )
delete [] buffer;
}
/** Reset the CharInputBuffer to initial state
* Called from LexerInputState::reset.
* @see LexerInputState
*/
virtual inline void reset( void )
{
InputBuffer::reset();
ptr = buffer;
}
virtual int getChar( void )
{
return (ptr < end) ? *ptr++ : EOF;
}
protected:
unsigned char* buffer; ///< the buffer with data
unsigned char* ptr; ///< position ptr into the buffer
unsigned char* end; ///< end sentry for buffer
bool delete_buffer; ///< flag signifying if we have to delete the buffer
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif

108
src/antlr/CharScanner.cpp Normal file
View File

@@ -0,0 +1,108 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharScanner.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <iostream>
#include "antlr/CharScanner.hpp"
#include "antlr/CommonToken.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
ANTLR_C_USING(exit)
CharScanner::CharScanner(InputBuffer& cb, bool case_sensitive )
: saveConsumedInput(true) //, caseSensitiveLiterals(true)
, caseSensitive(case_sensitive)
, literals(CharScannerLiteralsLess(this))
, inputState(new LexerInputState(cb))
, commitToPath(false)
, tabsize(8)
, traceDepth(0)
{
setTokenObjectFactory(&CommonToken::factory);
}
CharScanner::CharScanner(InputBuffer* cb, bool case_sensitive )
: saveConsumedInput(true) //, caseSensitiveLiterals(true)
, caseSensitive(case_sensitive)
, literals(CharScannerLiteralsLess(this))
, inputState(new LexerInputState(cb))
, commitToPath(false)
, tabsize(8)
, traceDepth(0)
{
setTokenObjectFactory(&CommonToken::factory);
}
CharScanner::CharScanner( const LexerSharedInputState& state, bool case_sensitive )
: saveConsumedInput(true) //, caseSensitiveLiterals(true)
, caseSensitive(case_sensitive)
, literals(CharScannerLiteralsLess(this))
, inputState(state)
, commitToPath(false)
, tabsize(8)
, traceDepth(0)
{
setTokenObjectFactory(&CommonToken::factory);
}
/** Report exception errors caught in nextToken() */
void CharScanner::reportError(const RecognitionException& ex)
{
ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser error-reporting function can be overridden in subclass */
void CharScanner::reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
if (getFilename() == "")
ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
else
ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser warning-reporting function can be overridden in subclass */
void CharScanner::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
if (getFilename() == "")
ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
else
ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
void CharScanner::traceIndent()
{
for( int i = 0; i < traceDepth; i++ )
ANTLR_USE_NAMESPACE(std)cout << " ";
}
void CharScanner::traceIn(const char* rname)
{
traceDepth++;
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "> lexer " << rname
<< "; c==" << LA(1) << ANTLR_USE_NAMESPACE(std)endl;
}
void CharScanner::traceOut(const char* rname)
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "< lexer " << rname
<< "; c==" << LA(1) << ANTLR_USE_NAMESPACE(std)endl;
traceDepth--;
}
#ifndef NO_STATIC_CONSTS
const int CharScanner::NO_CHAR;
const int CharScanner::EOF_CHAR;
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

574
src/antlr/CharScanner.hpp Normal file
View File

@@ -0,0 +1,574 @@
#ifndef INC_CharScanner_hpp__
#define INC_CharScanner_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharScanner.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <map>
#ifdef HAS_NOT_CCTYPE_H
#include <ctype.h>
#else
#include <cctype>
#endif
#if ( _MSC_VER == 1200 )
// VC6 seems to need this
// note that this is not a standard C++ include file.
# include <stdio.h>
#endif
#include <antlr/TokenStream.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/SemanticException.hpp>
#include <antlr/MismatchedCharException.hpp>
#include <antlr/InputBuffer.hpp>
#include <antlr/BitSet.hpp>
#include <antlr/LexerSharedInputState.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CharScanner;
ANTLR_C_USING(tolower)
#ifdef ANTLR_REALLY_NO_STRCASECMP
// Apparently, neither strcasecmp nor stricmp is standard, and Codewarrior
// on the mac has neither...
inline int strcasecmp(const char *s1, const char *s2)
{
while (true)
{
char c1 = tolower(*s1++),
c2 = tolower(*s2++);
if (c1 < c2) return -1;
if (c1 > c2) return 1;
if (c1 == 0) return 0;
}
}
#else
#ifdef NO_STRCASECMP
ANTLR_C_USING(stricmp)
#else
ANTLR_C_USING(strcasecmp)
#endif
#endif
/** Functor for the literals map
*/
class ANTLR_API CharScannerLiteralsLess : public ANTLR_USE_NAMESPACE(std)binary_function<ANTLR_USE_NAMESPACE(std)string,ANTLR_USE_NAMESPACE(std)string,bool> {
private:
const CharScanner* scanner;
public:
#ifdef NO_TEMPLATE_PARTS
CharScannerLiteralsLess() {} // not really used, definition to appease MSVC
#endif
CharScannerLiteralsLess(const CharScanner* theScanner)
: scanner(theScanner)
{
}
bool operator() (const ANTLR_USE_NAMESPACE(std)string& x,const ANTLR_USE_NAMESPACE(std)string& y) const;
// defaults are good enough..
// CharScannerLiteralsLess(const CharScannerLiteralsLess&);
// CharScannerLiteralsLess& operator=(const CharScannerLiteralsLess&);
};
/** Superclass of generated lexers
*/
class ANTLR_API CharScanner : public TokenStream {
protected:
typedef RefToken (*factory_type)();
public:
CharScanner(InputBuffer& cb, bool case_sensitive );
CharScanner(InputBuffer* cb, bool case_sensitive );
CharScanner(const LexerSharedInputState& state, bool case_sensitive );
virtual ~CharScanner()
{
}
virtual int LA(unsigned int i);
virtual void append(char c)
{
if (saveConsumedInput)
{
size_t l = text.length();
if ((l%256) == 0)
text.reserve(l+256);
text.replace(l,0,&c,1);
}
}
virtual void append(const ANTLR_USE_NAMESPACE(std)string& s)
{
if( saveConsumedInput )
text += s;
}
virtual void commit()
{
inputState->getInput().commit();
}
/** called by the generated lexer to do error recovery, override to
* customize the behaviour.
*/
virtual void recover(const RecognitionException& ex, const BitSet& tokenSet)
{
consume();
consumeUntil(tokenSet);
}
virtual void consume()
{
if (inputState->guessing == 0)
{
int c = LA(1);
if (caseSensitive)
{
append(c);
}
else
{
// use input.LA(), not LA(), to get original case
// CharScanner.LA() would toLower it.
append(inputState->getInput().LA(1));
}
// RK: in a sense I don't like this automatic handling.
if (c == '\t')
tab();
else
inputState->column++;
}
inputState->getInput().consume();
}
/** Consume chars until one matches the given char */
virtual void consumeUntil(int c)
{
for(;;)
{
int la_1 = LA(1);
if( la_1 == EOF_CHAR || la_1 == c )
break;
consume();
}
}
/** Consume chars until one matches the given set */
virtual void consumeUntil(const BitSet& set)
{
for(;;)
{
int la_1 = LA(1);
if( la_1 == EOF_CHAR || set.member(la_1) )
break;
consume();
}
}
/// Mark the current position and return a id for it
virtual unsigned int mark()
{
return inputState->getInput().mark();
}
/// Rewind the scanner to a previously marked position
virtual void rewind(unsigned int pos)
{
inputState->getInput().rewind(pos);
}
/// See if input contains character 'c' throw MismatchedCharException if not
virtual void match(int c)
{
int la_1 = LA(1);
if ( la_1 != c )
throw MismatchedCharException(la_1, c, false, this);
consume();
}
/** See if input contains element from bitset b
* throw MismatchedCharException if not
*/
virtual void match(const BitSet& b)
{
int la_1 = LA(1);
if ( !b.member(la_1) )
throw MismatchedCharException( la_1, b, false, this );
consume();
}
/** See if input contains string 's' throw MismatchedCharException if not
* @note the string cannot match EOF
*/
virtual void match( const char* s )
{
while( *s != '\0' )
{
// the & 0xFF is here to prevent sign extension lateron
int la_1 = LA(1), c = (*s++ & 0xFF);
if ( la_1 != c )
throw MismatchedCharException(la_1, c, false, this);
consume();
}
}
/** See if input contains string 's' throw MismatchedCharException if not
* @note the string cannot match EOF
*/
virtual void match(const ANTLR_USE_NAMESPACE(std)string& s)
{
size_t len = s.length();
for (size_t i = 0; i < len; i++)
{
// the & 0xFF is here to prevent sign extension lateron
int la_1 = LA(1), c = (s[i] & 0xFF);
if ( la_1 != c )
throw MismatchedCharException(la_1, c, false, this);
consume();
}
}
/** See if input does not contain character 'c'
* throw MismatchedCharException if not
*/
virtual void matchNot(int c)
{
int la_1 = LA(1);
if ( la_1 == c )
throw MismatchedCharException(la_1, c, true, this);
consume();
}
/** See if input contains character in range c1-c2
* throw MismatchedCharException if not
*/
virtual void matchRange(int c1, int c2)
{
int la_1 = LA(1);
if ( la_1 < c1 || la_1 > c2 )
throw MismatchedCharException(la_1, c1, c2, false, this);
consume();
}
virtual bool getCaseSensitive() const
{
return caseSensitive;
}
virtual void setCaseSensitive(bool t)
{
caseSensitive = t;
}
virtual bool getCaseSensitiveLiterals() const=0;
/// Get the line the scanner currently is in (starts at 1)
virtual int getLine() const
{
return inputState->line;
}
/// set the line number
virtual void setLine(int l)
{
inputState->line = l;
}
/// Get the column the scanner currently is in (starts at 1)
virtual int getColumn() const
{
return inputState->column;
}
/// set the column number
virtual void setColumn(int c)
{
inputState->column = c;
}
/// get the filename for the file currently used
virtual const ANTLR_USE_NAMESPACE(std)string& getFilename() const
{
return inputState->filename;
}
/// Set the filename the scanner is using (used in error messages)
virtual void setFilename(const ANTLR_USE_NAMESPACE(std)string& f)
{
inputState->filename = f;
}
virtual bool getCommitToPath() const
{
return commitToPath;
}
virtual void setCommitToPath(bool commit)
{
commitToPath = commit;
}
/** return a copy of the current text buffer */
virtual const ANTLR_USE_NAMESPACE(std)string& getText() const
{
return text;
}
virtual void setText(const ANTLR_USE_NAMESPACE(std)string& s)
{
text = s;
}
virtual void resetText()
{
text = "";
inputState->tokenStartColumn = inputState->column;
inputState->tokenStartLine = inputState->line;
}
virtual RefToken getTokenObject() const
{
return _returnToken;
}
/** Used to keep track of line breaks, needs to be called from
* within generated lexers when a \n \r is encountered.
*/
virtual void newline()
{
++inputState->line;
inputState->column = 1;
}
/** Advance the current column number by an appropriate amount according
* to the tabsize. This method needs to be explicitly called from the
* lexer rules encountering tabs.
*/
virtual void tab()
{
int c = getColumn();
int nc = ( ((c-1)/tabsize) + 1) * tabsize + 1; // calculate tab stop
setColumn( nc );
}
/// set the tabsize. Returns the old tabsize
int setTabsize( int size )
{
int oldsize = tabsize;
tabsize = size;
return oldsize;
}
/// Return the tabsize used by the scanner
int getTabSize() const
{
return tabsize;
}
/** Report exception errors caught in nextToken() */
virtual void reportError(const RecognitionException& e);
/** Parser error-reporting function can be overridden in subclass */
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s);
/** Parser warning-reporting function can be overridden in subclass */
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s);
virtual InputBuffer& getInputBuffer()
{
return inputState->getInput();
}
virtual LexerSharedInputState getInputState()
{
return inputState;
}
/** set the input state for the lexer.
* @note state is a reference counted object, hence no reference */
virtual void setInputState(LexerSharedInputState state)
{
inputState = state;
}
/// Set the factory for created tokens
virtual void setTokenObjectFactory(factory_type factory)
{
tokenFactory = factory;
}
/** Test the token text against the literals table
* Override this method to perform a different literals test
*/
virtual int testLiteralsTable(int ttype) const
{
ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,int,CharScannerLiteralsLess>::const_iterator i = literals.find(text);
if (i != literals.end())
ttype = (*i).second;
return ttype;
}
/** Test the text passed in against the literals table
* Override this method to perform a different literals test
* This is used primarily when you want to test a portion of
* a token
*/
virtual int testLiteralsTable(const ANTLR_USE_NAMESPACE(std)string& txt,int ttype) const
{
ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,int,CharScannerLiteralsLess>::const_iterator i = literals.find(txt);
if (i != literals.end())
ttype = (*i).second;
return ttype;
}
/// Override this method to get more specific case handling
virtual int toLower(int c) const
{
// test on EOF_CHAR for buggy (?) STLPort tolower (or HPUX tolower?)
// also VC++ 6.0 does this. (see fix 422 (is reverted by this fix)
// this one is more structural. Maybe make this configurable.
return (c == EOF_CHAR ? EOF_CHAR : tolower(c));
}
/** This method is called by YourLexer::nextToken() when the lexer has
* hit EOF condition. EOF is NOT a character.
* This method is not called if EOF is reached during
* syntactic predicate evaluation or during evaluation
* of normal lexical rules, which presumably would be
* an IOException. This traps the "normal" EOF condition.
*
* uponEOF() is called after the complete evaluation of
* the previous token and only if your parser asks
* for another token beyond that last non-EOF token.
*
* You might want to throw token or char stream exceptions
* like: "Heh, premature eof" or a retry stream exception
* ("I found the end of this file, go back to referencing file").
*/
virtual void uponEOF()
{
}
/// Methods used to change tracing behavior
virtual void traceIndent();
virtual void traceIn(const char* rname);
virtual void traceOut(const char* rname);
#ifndef NO_STATIC_CONSTS
static const int EOF_CHAR = EOF;
#else
enum {
EOF_CHAR = EOF
};
#endif
protected:
ANTLR_USE_NAMESPACE(std)string text; ///< Text of current token
/// flag indicating wether consume saves characters
bool saveConsumedInput;
factory_type tokenFactory; ///< Factory for tokens
bool caseSensitive; ///< Is this lexer case sensitive
ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,int,CharScannerLiteralsLess> literals; // set by subclass
RefToken _returnToken; ///< used to return tokens w/o using return val
/// Input state, gives access to input stream, shared among different lexers
LexerSharedInputState inputState;
/** Used during filter mode to indicate that path is desired.
* A subsequent scan error will report an error as usual
* if acceptPath=true;
*/
bool commitToPath;
int tabsize; ///< tab size the scanner uses.
/// Create a new RefToken of type t
virtual RefToken makeToken(int t)
{
RefToken tok = tokenFactory();
tok->setType(t);
tok->setColumn(inputState->tokenStartColumn);
tok->setLine(inputState->tokenStartLine);
return tok;
}
/** Tracer class, used when -traceLexer is passed to antlr
*/
class Tracer {
private:
CharScanner* parser;
const char* text;
Tracer(const Tracer& other); // undefined
Tracer& operator=(const Tracer& other); // undefined
public:
Tracer( CharScanner* p,const char* t )
: parser(p), text(t)
{
parser->traceIn(text);
}
~Tracer()
{
parser->traceOut(text);
}
};
int traceDepth;
private:
CharScanner( const CharScanner& other ); // undefined
CharScanner& operator=( const CharScanner& other ); // undefined
#ifndef NO_STATIC_CONSTS
static const int NO_CHAR = 0;
#else
enum {
NO_CHAR = 0
};
#endif
};
inline int CharScanner::LA(unsigned int i)
{
int c = inputState->getInput().LA(i);
if ( caseSensitive )
return c;
else
return toLower(c); // VC 6 tolower bug caught in toLower.
}
inline bool CharScannerLiteralsLess::operator() (const ANTLR_USE_NAMESPACE(std)string& x,const ANTLR_USE_NAMESPACE(std)string& y) const
{
if (scanner->getCaseSensitiveLiterals())
return ANTLR_USE_NAMESPACE(std)less<ANTLR_USE_NAMESPACE(std)string>()(x,y);
else
{
#ifdef NO_STRCASECMP
return (stricmp(x.c_str(),y.c_str())<0);
#else
return (strcasecmp(x.c_str(),y.c_str())<0);
#endif
}
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CharScanner_hpp__

29
src/antlr/CharStreamException.hpp Normal file
View File

@@ -0,0 +1,29 @@
#ifndef INC_CharStreamException_hpp__
#define INC_CharStreamException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharStreamException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/ANTLRException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CharStreamException : public ANTLRException {
public:
CharStreamException(const ANTLR_USE_NAMESPACE(std)string& s)
: ANTLRException(s) {}
~CharStreamException() throw() {}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CharStreamException_hpp__

31
src/antlr/CharStreamIOException.hpp Normal file
View File

@@ -0,0 +1,31 @@
#ifndef INC_CharStreamIOException_hpp__
#define INC_CharStreamIOException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CharStreamIOException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/CharStreamException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CharStreamIOException : public CharStreamException {
public:
ANTLR_USE_NAMESPACE(std)exception io;
CharStreamIOException(ANTLR_USE_NAMESPACE(std)exception& e)
: CharStreamException(e.what()), io(e) {}
~CharStreamIOException() throw() {}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CharStreamIOException_hpp__

100
src/antlr/CircularQueue.hpp Normal file
View File

@@ -0,0 +1,100 @@
#ifndef INC_CircularQueue_hpp__
#define INC_CircularQueue_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CircularQueue.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/Token.hpp>
#include <vector>
#include <cassert>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
// Resize every 5000 items
#define OFFSET_MAX_RESIZE 5000
template <class T>
class ANTLR_API CircularQueue {
public:
CircularQueue()
: storage()
, m_offset(0)
{
}
~CircularQueue()
{
}
/// Clear the queue
inline void clear( void )
{
m_offset = 0;
storage.clear();
}
/// @todo this should use at or should have a check
inline T elementAt( size_t idx ) const
{
return storage[idx+m_offset];
}
void removeFirst()
{
if (m_offset >= OFFSET_MAX_RESIZE)
{
storage.erase( storage.begin(), storage.begin() + m_offset + 1 );
m_offset = 0;
}
else
++m_offset;
}
inline void removeItems( size_t nb )
{
// it would be nice if we would not get called with nb > entries
// (or to be precise when entries() == 0)
// This case is possible when lexer/parser::recover() calls
// consume+consumeUntil when the queue is empty.
// In recover the consume says to prepare to read another
// character/token. Then in the subsequent consumeUntil the
// LA() call will trigger
// syncConsume which calls this method *before* the same queue
// has been sufficiently filled.
if( nb > entries() )
nb = entries();
if (m_offset >= OFFSET_MAX_RESIZE)
{
storage.erase( storage.begin(), storage.begin() + m_offset + nb );
m_offset = 0;
}
else
m_offset += nb;
}
inline void append(const T& t)
{
storage.push_back(t);
}
inline size_t entries() const
{
return storage.size() - m_offset;
}
private:
ANTLR_USE_NAMESPACE(std)vector<T> storage;
size_t m_offset;
CircularQueue(const CircularQueue&);
const CircularQueue& operator=(const CircularQueue&);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CircularQueue_hpp__

49
src/antlr/CommonAST.cpp Normal file
View File

@@ -0,0 +1,49 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonAST.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/config.hpp"
#include <cstdlib>
#include <iostream>
#include "antlr/CommonAST.hpp"
#include "antlr/ANTLRUtil.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
const char* const CommonAST::TYPE_NAME = "CommonAST";
#ifdef ANTLR_SUPPORT_XML
void CommonAST::initialize( ANTLR_USE_NAMESPACE(std)istream& in )
{
ANTLR_USE_NAMESPACE(std)string t1, t2, text;
// text
read_AttributeNValue( in, t1, text );
read_AttributeNValue( in, t1, t2 );
#ifdef ANTLR_ATOI_IN_STD
int type = ANTLR_USE_NAMESPACE(std)atoi(t2.c_str());
#else
int type = atoi(t2.c_str());
#endif
// initialize first part of AST.
this->initialize( type, text );
}
#endif
RefAST CommonAST::factory()
{
return RefAST(new CommonAST);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

110
src/antlr/CommonAST.hpp Normal file
View File

@@ -0,0 +1,110 @@
#ifndef INC_CommonAST_hpp__
#define INC_CommonAST_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonAST.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/BaseAST.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CommonAST : public BaseAST {
public:
CommonAST()
: BaseAST()
, ttype( Token::INVALID_TYPE )
, text()
{
}
CommonAST( RefToken t )
: BaseAST()
, ttype( t->getType() )
, text( t->getText() )
{
}
CommonAST( const CommonAST& other )
: BaseAST(other)
, ttype(other.ttype)
, text(other.text)
{
}
virtual ~CommonAST()
{
}
virtual const char* typeName( void ) const
{
return CommonAST::TYPE_NAME;
}
/// Clone this AST node.
virtual RefAST clone( void ) const
{
CommonAST *ast = new CommonAST( *this );
return RefAST(ast);
}
virtual ANTLR_USE_NAMESPACE(std)string getText() const
{
return text;
}
virtual int getType() const
{
return ttype;
}
virtual void initialize( int t, const ANTLR_USE_NAMESPACE(std)string& txt )
{
setType(t);
setText(txt);
}
virtual void initialize( RefAST t )
{
setType(t->getType());
setText(t->getText());
}
virtual void initialize( RefToken t )
{
setType(t->getType());
setText(t->getText());
}
#ifdef ANTLR_SUPPORT_XML
virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in );
#endif
virtual void setText( const ANTLR_USE_NAMESPACE(std)string& txt )
{
text = txt;
}
virtual void setType( int type )
{
ttype = type;
}
static RefAST factory();
static const char* const TYPE_NAME;
protected:
int ttype;
ANTLR_USE_NAMESPACE(std)string text;
};
typedef ASTRefCount<CommonAST> RefCommonAST;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CommonAST_hpp__

64
src/antlr/CommonASTWithHiddenTokens.cpp Normal file
View File

@@ -0,0 +1,64 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonASTWithHiddenTokens.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/config.hpp"
#include "antlr/AST.hpp"
#include "antlr/BaseAST.hpp"
#include "antlr/CommonAST.hpp"
#include "antlr/CommonASTWithHiddenTokens.hpp"
#include "antlr/CommonHiddenStreamToken.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
const char* const CommonASTWithHiddenTokens::TYPE_NAME = "CommonASTWithHiddenTokens";
// RK: Do not put constructor and destructor into the header file here..
// this triggers something very obscure in gcc 2.95.3 (and 3.0)
// missing vtables and stuff.
// Although this may be a problem with with binutils.
CommonASTWithHiddenTokens::CommonASTWithHiddenTokens()
: CommonAST()
{
}
CommonASTWithHiddenTokens::~CommonASTWithHiddenTokens()
{
}
void CommonASTWithHiddenTokens::initialize(int t,const ANTLR_USE_NAMESPACE(std)string& txt)
{
CommonAST::initialize(t,txt);
}
void CommonASTWithHiddenTokens::initialize(RefAST t)
{
CommonAST::initialize(t);
hiddenBefore = RefCommonASTWithHiddenTokens(t)->getHiddenBefore();
hiddenAfter = RefCommonASTWithHiddenTokens(t)->getHiddenAfter();
}
void CommonASTWithHiddenTokens::initialize(RefToken t)
{
CommonAST::initialize(t);
hiddenBefore = static_cast<CommonHiddenStreamToken*>(t.get())->getHiddenBefore();
hiddenAfter = static_cast<CommonHiddenStreamToken*>(t.get())->getHiddenAfter();
}
RefAST CommonASTWithHiddenTokens::factory()
{
return RefAST(new CommonASTWithHiddenTokens);
}
RefAST CommonASTWithHiddenTokens::clone( void ) const
{
CommonASTWithHiddenTokens *ast = new CommonASTWithHiddenTokens( *this );
return RefAST(ast);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

60
src/antlr/CommonASTWithHiddenTokens.hpp Normal file
View File

@@ -0,0 +1,60 @@
#ifndef INC_CommonASTWithHiddenTokens_hpp__
#define INC_CommonASTWithHiddenTokens_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonASTWithHiddenTokens.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/CommonAST.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A CommonAST whose initialization copies hidden token
* information from the Token used to create a node.
*/
class ANTLR_API CommonASTWithHiddenTokens : public CommonAST {
public:
CommonASTWithHiddenTokens();
virtual ~CommonASTWithHiddenTokens();
virtual const char* typeName( void ) const
{
return CommonASTWithHiddenTokens::TYPE_NAME;
}
/// Clone this AST node.
virtual RefAST clone( void ) const;
// Borland C++ builder seems to need the decl's of the first two...
virtual void initialize(int t,const ANTLR_USE_NAMESPACE(std)string& txt);
virtual void initialize(RefAST t);
virtual void initialize(RefToken t);
virtual RefToken getHiddenAfter() const
{
return hiddenAfter;
}
virtual RefToken getHiddenBefore() const
{
return hiddenBefore;
}
static RefAST factory();
static const char* const TYPE_NAME;
protected:
RefToken hiddenBefore,hiddenAfter; // references to hidden tokens
};
typedef ASTRefCount<CommonASTWithHiddenTokens> RefCommonASTWithHiddenTokens;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CommonASTWithHiddenTokens_hpp__

56
src/antlr/CommonHiddenStreamToken.cpp Normal file
View File

@@ -0,0 +1,56 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonHiddenStreamToken.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/CommonHiddenStreamToken.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
CommonHiddenStreamToken::CommonHiddenStreamToken()
: CommonToken()
{
}
CommonHiddenStreamToken::CommonHiddenStreamToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt)
: CommonToken(t,txt)
{
}
CommonHiddenStreamToken::CommonHiddenStreamToken(const ANTLR_USE_NAMESPACE(std)string& s)
: CommonToken(s)
{
}
RefToken CommonHiddenStreamToken::getHiddenAfter()
{
return hiddenAfter;
}
RefToken CommonHiddenStreamToken::getHiddenBefore()
{
return hiddenBefore;
}
RefToken CommonHiddenStreamToken::factory()
{
return RefToken(new CommonHiddenStreamToken);
}
void CommonHiddenStreamToken::setHiddenAfter(RefToken t)
{
hiddenAfter = t;
}
void CommonHiddenStreamToken::setHiddenBefore(RefToken t)
{
hiddenBefore = t;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

41
src/antlr/CommonHiddenStreamToken.hpp Normal file
View File

@@ -0,0 +1,41 @@
#ifndef INC_CommonHiddenStreamToken_hpp__
#define INC_CommonHiddenStreamToken_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonHiddenStreamToken.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/CommonToken.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CommonHiddenStreamToken : public CommonToken {
protected:
RefToken hiddenBefore;
RefToken hiddenAfter;
public:
CommonHiddenStreamToken();
CommonHiddenStreamToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt);
CommonHiddenStreamToken(const ANTLR_USE_NAMESPACE(std)string& s);
RefToken getHiddenAfter();
RefToken getHiddenBefore();
static RefToken factory();
void setHiddenAfter(RefToken t);
void setHiddenBefore(RefToken t);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CommonHiddenStreamToken_hpp__

45
src/antlr/CommonToken.cpp Normal file
View File

@@ -0,0 +1,45 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonToken.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/CommonToken.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
CommonToken::CommonToken() : Token(), line(1), col(1), text("")
{}
CommonToken::CommonToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt)
: Token(t)
, line(1)
, col(1)
, text(txt)
{}
CommonToken::CommonToken(const ANTLR_USE_NAMESPACE(std)string& s)
: Token()
, line(1)
, col(1)
, text(s)
{}
ANTLR_USE_NAMESPACE(std)string CommonToken::toString() const
{
return "[\""+getText()+"\",<"+getType()+">,line="+getLine()+",column="+getColumn()+"]";
}
RefToken CommonToken::factory()
{
return RefToken(new CommonToken);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

83
src/antlr/CommonToken.hpp Normal file
View File

@@ -0,0 +1,83 @@
#ifndef INC_CommonToken_hpp__
#define INC_CommonToken_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: CommonToken.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/Token.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API CommonToken : public Token {
public:
CommonToken();
CommonToken(int t, const ANTLR_USE_NAMESPACE(std)string& txt);
CommonToken(const ANTLR_USE_NAMESPACE(std)string& s);
/// return contents of token
virtual ANTLR_USE_NAMESPACE(std)string getText() const
{
return text;
}
/// set contents of token
virtual void setText(const ANTLR_USE_NAMESPACE(std)string& s)
{
text = s;
}
/** get the line the token is at (starting at 1)
* @see CharScanner::newline()
* @see CharScanner::tab()
*/
virtual int getLine() const
{
return line;
}
/** gt the column the token is at (starting at 1)
* @see CharScanner::newline()
* @see CharScanner::tab()
*/
virtual int getColumn() const
{
return col;
}
/// set line for token
virtual void setLine(int l)
{
line = l;
}
/// set column for token
virtual void setColumn(int c)
{
col = c;
}
virtual ANTLR_USE_NAMESPACE(std)string toString() const;
static RefToken factory();
protected:
// most tokens will want line and text information
int line;
int col;
ANTLR_USE_NAMESPACE(std)string text;
private:
CommonToken(const CommonToken&);
const CommonToken& operator=(const CommonToken&);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CommonToken_hpp__

45
src/antlr/IOException.hpp Normal file
View File

@@ -0,0 +1,45 @@
#ifndef INC_IOException_hpp__
#define INC_IOException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: IOException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/ANTLRException.hpp>
#include <exception>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Generic IOException used inside support code. (thrown by XML I/O routs)
* basically this is something I'm using since a lot of compilers don't
* support ios_base::failure.
*/
class ANTLR_API IOException : public ANTLRException
{
public:
ANTLR_USE_NAMESPACE(std)exception io;
IOException( ANTLR_USE_NAMESPACE(std)exception& e )
: ANTLRException(e.what())
{
}
IOException( const ANTLR_USE_NAMESPACE(std)string& mesg )
: ANTLRException(mesg)
{
}
virtual ~IOException() throw()
{
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_IOException_hpp__

81
src/antlr/InputBuffer.cpp Normal file
View File

@@ -0,0 +1,81 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: InputBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/config.hpp"
#include "antlr/InputBuffer.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Ensure that the character buffer is sufficiently full */
void InputBuffer::fill(unsigned int amount)
{
syncConsume();
// Fill the buffer sufficiently to hold needed characters
while (queue.entries() < amount + markerOffset)
{
// Append the next character
queue.append(getChar());
}
}
/** get the current lookahead characters as a string
* @warning it may treat 0 and EOF values wrong
*/
ANTLR_USE_NAMESPACE(std)string InputBuffer::getLAChars( void ) const
{
ANTLR_USE_NAMESPACE(std)string ret;
for(unsigned int i = markerOffset; i < queue.entries(); i++)
ret += queue.elementAt(i);
return ret;
}
/** get the current marked characters as a string
* @warning it may treat 0 and EOF values wrong
*/
ANTLR_USE_NAMESPACE(std)string InputBuffer::getMarkedChars( void ) const
{
ANTLR_USE_NAMESPACE(std)string ret;
for(unsigned int i = 0; i < markerOffset; i++)
ret += queue.elementAt(i);
return ret;
}
/** Return an integer marker that can be used to rewind the buffer to
* its current state.
*/
unsigned int InputBuffer::mark()
{
syncConsume();
nMarkers++;
return markerOffset;
}
/** Rewind the character buffer to a marker.
* @param mark Marker returned previously from mark()
*/
void InputBuffer::rewind(unsigned int mark)
{
syncConsume();
markerOffset = mark;
nMarkers--;
}
unsigned int InputBuffer::entries() const
{
//assert(queue.entries() >= markerOffset);
return queue.entries() - markerOffset;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

146
src/antlr/InputBuffer.hpp Normal file
View File

@@ -0,0 +1,146 @@
#ifndef INC_InputBuffer_hpp__
#define INC_InputBuffer_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: InputBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/CircularQueue.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A Stream of characters fed to the lexer from a InputStream that can
* be rewound via mark()/rewind() methods.
* <p>
* A dynamic array is used to buffer up all the input characters. Normally,
* "k" characters are stored in the buffer. More characters may be stored during
* guess mode (testing syntactic predicate), or when LT(i>k) is referenced.
* Consumption of characters is deferred. In other words, reading the next
* character is not done by conume(), but deferred until needed by LA or LT.
* <p>
*
* @see antlr.CharQueue
*/
class ANTLR_API InputBuffer {
public:
/** Create a character buffer */
InputBuffer()
: nMarkers(0)
, markerOffset(0)
, numToConsume(0)
{
}
virtual ~InputBuffer()
{
}
/// Reset the input buffer to empty state
virtual inline void reset( void )
{
nMarkers = 0;
markerOffset = 0;
numToConsume = 0;
queue.clear();
}
/** This method updates the state of the input buffer so that
* the text matched since the most recent mark() is no longer
* held by the buffer. So, you either do a mark/rewind for
* failed predicate or mark/commit to keep on parsing without
* rewinding the input.
*/
inline void commit( void )
{
nMarkers--;
}
/** Mark another character for deferred consumption */
virtual inline void consume()
{
numToConsume++;
}
/** Ensure that the character buffer is sufficiently full */
virtual void fill(unsigned int amount);
/** Override this in subclasses to get the next character */
virtual int getChar()=0;
/** Get a lookahead character */
virtual inline int LA(unsigned int i)
{
fill(i);
return queue.elementAt(markerOffset + i - 1);
}
/** Return an integer marker that can be used to rewind the buffer to
* its current state.
*/
virtual unsigned int mark();
/// Are there any marks active in the InputBuffer
virtual inline bool isMarked() const
{
return (nMarkers != 0);
}
/** Rewind the character buffer to a marker.
* @param mark Marker returned previously from mark()
*/
virtual void rewind(unsigned int mark);
/** Get the number of non-consumed characters
*/
virtual unsigned int entries() const;
ANTLR_USE_NAMESPACE(std)string getLAChars() const;
ANTLR_USE_NAMESPACE(std)string getMarkedChars() const;
protected:
// char source
// leave to subclasses
// Number of active markers
unsigned int nMarkers; // = 0;
// Additional offset used when markers are active
unsigned int markerOffset; // = 0;
// Number of calls to consume() since last LA() or LT() call
unsigned int numToConsume; // = 0;
// Circular queue
CircularQueue<int> queue;
/** Sync up deferred consumption */
void syncConsume();
private:
InputBuffer(const InputBuffer& other);
InputBuffer& operator=(const InputBuffer& other);
};
/** Sync up deferred consumption */
inline void InputBuffer::syncConsume() {
if (numToConsume > 0)
{
if (nMarkers > 0)
markerOffset += numToConsume;
else
queue.removeItems( numToConsume );
numToConsume = 0;
}
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_InputBuffer_hpp__

85
src/antlr/LLkParser.cpp Normal file
View File

@@ -0,0 +1,85 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: LLkParser.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/LLkParser.hpp"
#include <iostream>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
ANTLR_USING_NAMESPACE(std)
/**An LL(k) parser.
*
* @see antlr.Token
* @see antlr.TokenBuffer
* @see antlr.LL1Parser
*/
// LLkParser(int k_);
LLkParser::LLkParser(const ParserSharedInputState& state, int k_)
: Parser(state), k(k_)
{
}
LLkParser::LLkParser(TokenBuffer& tokenBuf, int k_)
: Parser(tokenBuf), k(k_)
{
}
LLkParser::LLkParser(TokenStream& lexer, int k_)
: Parser(new TokenBuffer(lexer)), k(k_)
{
}
void LLkParser::trace(const char* ee, const char* rname)
{
traceIndent();
cout << ee << rname << ((inputState->guessing>0)?"; [guessing]":"; ");
for (int i = 1; i <= k; i++)
{
if (i != 1) {
cout << ", ";
}
cout << "LA(" << i << ")==";
string temp;
try {
temp = LT(i)->getText().c_str();
}
catch( ANTLRException& ae )
{
temp = "[error: ";
temp += ae.toString();
temp += ']';
}
cout << temp;
}
cout << endl;
}
void LLkParser::traceIn(const char* rname)
{
traceDepth++;
trace("> ",rname);
}
void LLkParser::traceOut(const char* rname)
{
trace("< ",rname);
traceDepth--;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

67
src/antlr/LLkParser.hpp Normal file
View File

@@ -0,0 +1,67 @@
#ifndef INC_LLkParser_hpp__
#define INC_LLkParser_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: LLkParser.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/Parser.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**An LL(k) parser.
*
* @see antlr.Token
* @see antlr.TokenBuffer
* @see antlr.LL1Parser
*/
class ANTLR_API LLkParser : public Parser {
public:
LLkParser(const ParserSharedInputState& lexer, int k_);
LLkParser(TokenBuffer& tokenBuf, int k_);
LLkParser(TokenStream& lexer, int k_);
/** Consume another token from the input stream. Can only write sequentially!
* If you need 3 tokens ahead, you must consume() 3 times.
* <p>
* Note that it is possible to overwrite tokens that have not been matched.
* For example, calling consume() 3 times when k=2, means that the first token
* consumed will be overwritten with the 3rd.
*/
virtual inline void consume()
{
inputState->getInput().consume();
}
virtual inline int LA(unsigned int i)
{
return inputState->getInput().LA(i);
}
virtual inline RefToken LT(unsigned int i)
{
return inputState->getInput().LT(i);
}
protected:
/// the lookahead this LL(k) parser is using.
int k;
private:
void trace(const char* ee, const char* rname);
public:
virtual void traceIn(const char* rname);
virtual void traceOut(const char* rname);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_LLkParser_hpp__

156
src/antlr/LexerSharedInputState.hpp Normal file
View File

@@ -0,0 +1,156 @@
#ifndef INC_LexerSharedInputState_hpp__
#define INC_LexerSharedInputState_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: LexerSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/InputBuffer.hpp>
#include <antlr/RefCount.hpp>
#include <antlr/CharBuffer.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This object contains the data associated with an
* input stream of characters. Multiple lexers
* share a single LexerSharedInputState to lex
* the same input stream.
*/
class ANTLR_API LexerInputState {
public:
/** Construct a new LexerInputState
* @param inbuf the InputBuffer to read from. The object is deleted together
* with the LexerInputState object.
*/
LexerInputState(InputBuffer* inbuf)
: column(1)
, line(1)
, tokenStartColumn(1)
, tokenStartLine(1)
, guessing(0)
, filename("")
, input(inbuf)
, inputResponsible(true)
{
}
/** Construct a new LexerInputState
* @param inbuf the InputBuffer to read from.
*/
LexerInputState(InputBuffer& inbuf)
: column(1)
, line(1)
, tokenStartColumn(1)
, tokenStartLine(1)
, guessing(0)
, filename("")
, input(&inbuf)
, inputResponsible(false)
{
}
/** Construct a new LexerInputState
* @param in an istream to read from.
* @see antlr.CharBuffer
*/
LexerInputState(ANTLR_USE_NAMESPACE(std)istream& in)
: column(1)
, line(1)
, tokenStartColumn(1)
, tokenStartLine(1)
, guessing(0)
, filename("")
, input(new CharBuffer(in))
, inputResponsible(true)
{
}
/** Reset the LexerInputState with a specified stream and filename.
* This method is a hack, dunno what I was thinking when I added it.
* This should actually be done in a subclass.
* @deprecated
*/
virtual void initialize( ANTLR_USE_NAMESPACE(std)istream& in, const char* file = "" )
{
column = 1;
line = 1;
tokenStartColumn = 1;
tokenStartLine = 1;
guessing = 0;
filename = file;
if( input && inputResponsible )
delete input;
input = new CharBuffer(in);
inputResponsible = true;
}
/** Reset the LexerInputState to initial state.
* The underlying InputBuffer is also reset.
*/
virtual void reset( void )
{
column = 1;
line = 1;
tokenStartColumn = 1;
tokenStartLine = 1;
guessing = 0;
input->reset();
}
/** Set the file position of the SharedLexerInputState.
* @param line_ line number to be set
* @param column_ column number to be set
*/
void setPosition( int line_, int column_ )
{
line = line_;
column = column_;
}
virtual ~LexerInputState()
{
if (inputResponsible)
delete input;
}
int column;
int line;
int tokenStartColumn;
int tokenStartLine;
int guessing;
/** What file (if known) caused the problem? */
ANTLR_USE_NAMESPACE(std)string filename;
InputBuffer& getInput();
private:
/// Input buffer we use
InputBuffer* input;
/// Who is responsible for cleaning up the InputBuffer?
bool inputResponsible;
// we don't want these:
LexerInputState(const LexerInputState&);
LexerInputState& operator=(const LexerInputState&);
};
inline InputBuffer& LexerInputState::getInput()
{
return *input;
}
/// A reference counted LexerInputState object
typedef RefCount<LexerInputState> LexerSharedInputState;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_LexerSharedInputState_hpp__

120
src/antlr/MismatchedCharException.cpp Normal file
View File

@@ -0,0 +1,120 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: MismatchedCharException.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/CharScanner.hpp"
#include "antlr/MismatchedCharException.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
MismatchedCharException::MismatchedCharException()
: RecognitionException("Mismatched char")
{}
// Expected range / not range
MismatchedCharException::MismatchedCharException(
int c,
int lower,
int upper_,
bool matchNot,
CharScanner* scanner_
) : RecognitionException("Mismatched char",
scanner_->getFilename(),
scanner_->getLine(), scanner_->getColumn())
, mismatchType(matchNot ? NOT_RANGE : RANGE)
, foundChar(c)
, expecting(lower)
, upper(upper_)
, scanner(scanner_)
{
}
// Expected token / not token
MismatchedCharException::MismatchedCharException(
int c,
int expecting_,
bool matchNot,
CharScanner* scanner_
) : RecognitionException("Mismatched char",
scanner_->getFilename(),
scanner_->getLine(), scanner_->getColumn())
, mismatchType(matchNot ? NOT_CHAR : CHAR)
, foundChar(c)
, expecting(expecting_)
, scanner(scanner_)
{
}
// Expected BitSet / not BitSet
MismatchedCharException::MismatchedCharException(
int c,
BitSet set_,
bool matchNot,
CharScanner* scanner_
) : RecognitionException("Mismatched char",
scanner_->getFilename(),
scanner_->getLine(), scanner_->getColumn())
, mismatchType(matchNot ? NOT_SET : SET)
, foundChar(c)
, set(set_)
, scanner(scanner_)
{
}
ANTLR_USE_NAMESPACE(std)string MismatchedCharException::getMessage() const
{
ANTLR_USE_NAMESPACE(std)string s;
switch (mismatchType) {
case CHAR :
s += "expecting '" + charName(expecting) + "', found '" + charName(foundChar) + "'";
break;
case NOT_CHAR :
s += "expecting anything but '" + charName(expecting) + "'; got it anyway";
break;
case RANGE :
s += "expecting token in range: '" + charName(expecting) + "'..'" + charName(upper) + "', found '" + charName(foundChar) + "'";
break;
case NOT_RANGE :
s += "expecting token NOT in range: " + charName(expecting) + "'..'" + charName(upper) + "', found '" + charName(foundChar) + "'";
break;
case SET :
case NOT_SET :
{
s += ANTLR_USE_NAMESPACE(std)string("expecting ") + (mismatchType == NOT_SET ? "NOT " : "") + "one of (";
ANTLR_USE_NAMESPACE(std)vector<unsigned int> elems = set.toArray();
for ( unsigned int i = 0; i < elems.size(); i++ )
{
s += " '";
s += charName(elems[i]);
s += "'";
}
s += "), found '" + charName(foundChar) + "'";
}
break;
default :
s += RecognitionException::getMessage();
break;
}
return s;
}
#ifndef NO_STATIC_CONSTS
const int MismatchedCharException::CHAR;
const int MismatchedCharException::NOT_CHAR;
const int MismatchedCharException::RANGE;
const int MismatchedCharException::NOT_RANGE;
const int MismatchedCharException::SET;
const int MismatchedCharException::NOT_SET;
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

102
src/antlr/MismatchedCharException.hpp Normal file
View File

@@ -0,0 +1,102 @@
#ifndef INC_MismatchedCharException_hpp__
#define INC_MismatchedCharException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: MismatchedCharException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/BitSet.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class CharScanner;
class ANTLR_API MismatchedCharException : public RecognitionException {
public:
// Types of chars
#ifndef NO_STATIC_CONSTS
static const int CHAR = 1;
static const int NOT_CHAR = 2;
static const int RANGE = 3;
static const int NOT_RANGE = 4;
static const int SET = 5;
static const int NOT_SET = 6;
#else
enum {
CHAR = 1,
NOT_CHAR = 2,
RANGE = 3,
NOT_RANGE = 4,
SET = 5,
NOT_SET = 6
};
#endif
public:
// One of the above
int mismatchType;
// what was found on the input stream
int foundChar;
// For CHAR/NOT_CHAR and RANGE/NOT_RANGE
int expecting;
// For RANGE/NOT_RANGE (expecting is lower bound of range)
int upper;
// For SET/NOT_SET
BitSet set;
protected:
// who knows...they may want to ask scanner questions
CharScanner* scanner;
public:
MismatchedCharException();
// Expected range / not range
MismatchedCharException(
int c,
int lower,
int upper_,
bool matchNot,
CharScanner* scanner_
);
// Expected token / not token
MismatchedCharException(
int c,
int expecting_,
bool matchNot,
CharScanner* scanner_
);
// Expected BitSet / not BitSet
MismatchedCharException(
int c,
BitSet set_,
bool matchNot,
CharScanner* scanner_
);
~MismatchedCharException() throw() {}
/**
* Returns a clean error message (no line number/column information)
*/
ANTLR_USE_NAMESPACE(std)string getMessage() const;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_MismatchedCharException_hpp__

196
src/antlr/MismatchedTokenException.cpp Normal file
View File

@@ -0,0 +1,196 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: MismatchedTokenException.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/MismatchedTokenException.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
MismatchedTokenException::MismatchedTokenException()
: RecognitionException("Mismatched Token: expecting any AST node","<AST>",-1,-1)
, token(0)
, node(nullASTptr)
, tokenNames(0)
, numTokens(0)
{
}
// Expected range / not range
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
int lower,
int upper_,
bool matchNot
) : RecognitionException("Mismatched Token","<AST>",-1,-1)
, token(0)
, node(node_)
, tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("<empty tree>")) )
, mismatchType(matchNot ? NOT_RANGE : RANGE)
, expecting(lower)
, upper(upper_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
// Expected token / not token
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
int expecting_,
bool matchNot
) : RecognitionException("Mismatched Token","<AST>",-1,-1)
, token(0)
, node(node_)
, tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("<empty tree>")) )
, mismatchType(matchNot ? NOT_TOKEN : TOKEN)
, expecting(expecting_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
// Expected BitSet / not BitSet
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
BitSet set_,
bool matchNot
) : RecognitionException("Mismatched Token","<AST>",-1,-1)
, token(0)
, node(node_)
, tokenText( (node_ ? node_->toString(): ANTLR_USE_NAMESPACE(std)string("<empty tree>")) )
, mismatchType(matchNot ? NOT_SET : SET)
, set(set_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
// Expected range / not range
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
int lower,
int upper_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn())
, token(token_)
, node(nullASTptr)
, tokenText(token_->getText())
, mismatchType(matchNot ? NOT_RANGE : RANGE)
, expecting(lower)
, upper(upper_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
// Expected token / not token
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
int expecting_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn())
, token(token_)
, node(nullASTptr)
, tokenText(token_->getText())
, mismatchType(matchNot ? NOT_TOKEN : TOKEN)
, expecting(expecting_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
// Expected BitSet / not BitSet
MismatchedTokenException::MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
BitSet set_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
) : RecognitionException("Mismatched Token",fileName_,token_->getLine(),token_->getColumn())
, token(token_)
, node(nullASTptr)
, tokenText(token_->getText())
, mismatchType(matchNot ? NOT_SET : SET)
, set(set_)
, tokenNames(tokenNames_)
, numTokens(numTokens_)
{
}
ANTLR_USE_NAMESPACE(std)string MismatchedTokenException::getMessage() const
{
ANTLR_USE_NAMESPACE(std)string s;
switch (mismatchType) {
case TOKEN:
s += "expecting " + tokenName(expecting) + ", found '" + tokenText + "'";
break;
case NOT_TOKEN:
s += "expecting anything but " + tokenName(expecting) + "; got it anyway";
break;
case RANGE:
s += "expecting token in range: " + tokenName(expecting) + ".." + tokenName(upper) + ", found '" + tokenText + "'";
break;
case NOT_RANGE:
s += "expecting token NOT in range: " + tokenName(expecting) + ".." + tokenName(upper) + ", found '" + tokenText + "'";
break;
case SET:
case NOT_SET:
{
s += ANTLR_USE_NAMESPACE(std)string("expecting ") + (mismatchType == NOT_SET ? "NOT " : "") + "one of (";
ANTLR_USE_NAMESPACE(std)vector<unsigned int> elems = set.toArray();
for ( unsigned int i = 0; i < elems.size(); i++ )
{
s += " ";
s += tokenName(elems[i]);
}
s += "), found '" + tokenText + "'";
}
break;
default:
s = RecognitionException::getMessage();
break;
}
return s;
}
ANTLR_USE_NAMESPACE(std)string MismatchedTokenException::tokenName(int tokenType) const
{
if (tokenType == Token::INVALID_TYPE)
return "<Set of tokens>";
else if (tokenType < 0 || tokenType >= numTokens)
return ANTLR_USE_NAMESPACE(std)string("<") + tokenType + ">";
else
return tokenNames[tokenType];
}
#ifndef NO_STATIC_CONSTS
const int MismatchedTokenException::TOKEN;
const int MismatchedTokenException::NOT_TOKEN;
const int MismatchedTokenException::RANGE;
const int MismatchedTokenException::NOT_RANGE;
const int MismatchedTokenException::SET;
const int MismatchedTokenException::NOT_SET;
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

144
src/antlr/MismatchedTokenException.hpp Normal file
View File

@@ -0,0 +1,144 @@
#ifndef INC_MismatchedTokenException_hpp__
#define INC_MismatchedTokenException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: MismatchedTokenException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/BitSet.hpp>
#include <antlr/Token.hpp>
#include <antlr/AST.hpp>
#include <vector>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API MismatchedTokenException : public RecognitionException {
public:
MismatchedTokenException();
/// Expected range / not range
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
int lower,
int upper_,
bool matchNot
);
// Expected token / not token
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
int expecting_,
bool matchNot
);
// Expected BitSet / not BitSet
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefAST node_,
BitSet set_,
bool matchNot
);
// Expected range / not range
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
int lower,
int upper_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
);
// Expected token / not token
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
int expecting_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
);
// Expected BitSet / not BitSet
MismatchedTokenException(
const char* const* tokenNames_,
const int numTokens_,
RefToken token_,
BitSet set_,
bool matchNot,
const ANTLR_USE_NAMESPACE(std)string& fileName_
);
~MismatchedTokenException() throw() {}
/**
* Returns a clean error message (no line number/column information)
*/
ANTLR_USE_NAMESPACE(std)string getMessage() const;
public:
/// The token that was encountered
const RefToken token;
/// The offending AST node if tree walking
const RefAST node;
/// taken from node or token object
ANTLR_USE_NAMESPACE(std)string tokenText;
/// Types of tokens
#ifndef NO_STATIC_CONSTS
static const int TOKEN = 1;
static const int NOT_TOKEN = 2;
static const int RANGE = 3;
static const int NOT_RANGE = 4;
static const int SET = 5;
static const int NOT_SET = 6;
#else
enum {
TOKEN = 1,
NOT_TOKEN = 2,
RANGE = 3,
NOT_RANGE = 4,
SET = 5,
NOT_SET = 6
};
#endif
public:
/// One of the above
int mismatchType;
/// For TOKEN/NOT_TOKEN and RANGE/NOT_RANGE
int expecting;
/// For RANGE/NOT_RANGE (expecting is lower bound of range)
int upper;
/// For SET/NOT_SET
BitSet set;
private:
/// Token names array for formatting
const char* const* tokenNames;
/// Max number of tokens in tokenNames
const int numTokens;
/// Return token name for tokenType
ANTLR_USE_NAMESPACE(std)string tokenName(int tokenType) const;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_MismatchedTokenException_hpp__

52
src/antlr/NoViableAltException.cpp Normal file
View File

@@ -0,0 +1,52 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: NoViableAltException.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/NoViableAltException.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
ANTLR_USING_NAMESPACE(std)
NoViableAltException::NoViableAltException(RefAST t)
: RecognitionException("NoViableAlt","<AST>",-1,-1),
token(0), node(t)
{
}
NoViableAltException::NoViableAltException(
RefToken t,
const ANTLR_USE_NAMESPACE(std)string& fileName_
) : RecognitionException("NoViableAlt",fileName_,t->getLine(),t->getColumn()),
token(t), node(nullASTptr)
{
}
ANTLR_USE_NAMESPACE(std)string NoViableAltException::getMessage() const
{
if (token)
{
if( token->getType() == Token::EOF_TYPE )
return string("unexpected end of file");
else if( token->getType() == Token::NULL_TREE_LOOKAHEAD )
return string("unexpected end of tree");
else
return string("unexpected token: ")+token->getText();
}
// must a tree parser error if token==null
if (!node)
return "unexpected end of subtree";
return string("unexpected AST node: ")+node->toString();
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

40
src/antlr/NoViableAltException.hpp Normal file
View File

@@ -0,0 +1,40 @@
#ifndef INC_NoViableAltException_hpp__
#define INC_NoViableAltException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: NoViableAltException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/Token.hpp>
#include <antlr/AST.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API NoViableAltException : public RecognitionException {
public:
const RefToken token;
const RefAST node; // handles parsing and treeparsing
NoViableAltException(RefAST t);
NoViableAltException(RefToken t,const ANTLR_USE_NAMESPACE(std)string& fileName_);
~NoViableAltException() throw() {}
/**
* Returns a clean error message (no line number/column information)
*/
ANTLR_USE_NAMESPACE(std)string getMessage() const;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_NoViableAltException_hpp__

39
src/antlr/NoViableAltForCharException.cpp Normal file
View File

@@ -0,0 +1,39 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: NoViableAltForCharException.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/NoViableAltForCharException.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
NoViableAltForCharException::NoViableAltForCharException(int c, CharScanner* scanner)
: RecognitionException("NoViableAlt",
scanner->getFilename(),
scanner->getLine(),scanner->getColumn()),
foundChar(c)
{
}
NoViableAltForCharException::NoViableAltForCharException(
int c,
const ANTLR_USE_NAMESPACE(std)string& fileName_,
int line_, int column_)
: RecognitionException("NoViableAlt",fileName_,line_,column_),
foundChar(c)
{
}
ANTLR_USE_NAMESPACE(std)string NoViableAltForCharException::getMessage() const
{
return ANTLR_USE_NAMESPACE(std)string("unexpected char: ")+charName(foundChar);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

41
src/antlr/NoViableAltForCharException.hpp Normal file
View File

@@ -0,0 +1,41 @@
#ifndef INC_NoViableAltForCharException_hpp__
# define INC_NoViableAltForCharException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: NoViableAltForCharException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
# include <antlr/config.hpp>
# include <antlr/RecognitionException.hpp>
# include <antlr/CharScanner.hpp>
# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr
{
# endif
class ANTLR_API NoViableAltForCharException : public RecognitionException
{
public:
NoViableAltForCharException(int c, CharScanner* scanner);
NoViableAltForCharException(int c, const ANTLR_USE_NAMESPACE(std)string& fileName_,
int line_, int column_);
virtual ~NoViableAltForCharException() throw()
{
}
/// Returns a clean error message (no line number/column information)
ANTLR_USE_NAMESPACE(std)string getMessage() const;
protected:
int foundChar;
};
# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
# endif
#endif //INC_NoViableAltForCharException_hpp__

113
src/antlr/Parser.cpp Normal file
View File

@@ -0,0 +1,113 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: Parser.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/Parser.hpp"
#include <iostream>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A generic ANTLR parser (LL(k) for k>=1) containing a bunch of
* utility routines useful at any lookahead depth. We distinguish between
* the LL(1) and LL(k) parsers because of efficiency. This may not be
* necessary in the near future.
*
* Each parser object contains the state of the parse including a lookahead
* cache (the form of which is determined by the subclass), whether or
* not the parser is in guess mode, where tokens come from, etc...
*
* <p>
* During <b>guess</b> mode, the current lookahead token(s) and token type(s)
* cache must be saved because the token stream may not have been informed
* to save the token (via <tt>mark</tt>) before the <tt>try</tt> block.
* Guessing is started by:
* <ol>
* <li>saving the lookahead cache.
* <li>marking the current position in the TokenBuffer.
* <li>increasing the guessing level.
* </ol>
*
* After guessing, the parser state is restored by:
* <ol>
* <li>restoring the lookahead cache.
* <li>rewinding the TokenBuffer.
* <li>decreasing the guessing level.
* </ol>
*
* @see antlr.Token
* @see antlr.TokenBuffer
* @see antlr.TokenStream
* @see antlr.LL1Parser
* @see antlr.LLkParser
*/
bool DEBUG_PARSER = false;
/** Parser error-reporting function can be overridden in subclass */
void Parser::reportError(const RecognitionException& ex)
{
ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser error-reporting function can be overridden in subclass */
void Parser::reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
if ( getFilename()=="" )
ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
else
ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser warning-reporting function can be overridden in subclass */
void Parser::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
if ( getFilename()=="" )
ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
else
ANTLR_USE_NAMESPACE(std)cerr << getFilename().c_str() << ": warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Set or change the input token buffer */
// void setTokenBuffer(TokenBuffer<Token>* t);
void Parser::traceIndent()
{
for( int i = 0; i < traceDepth; i++ )
ANTLR_USE_NAMESPACE(std)cout << " ";
}
void Parser::traceIn(const char* rname)
{
traceDepth++;
for( int i = 0; i < traceDepth; i++ )
ANTLR_USE_NAMESPACE(std)cout << " ";
ANTLR_USE_NAMESPACE(std)cout << "> " << rname
<< "; LA(1)==" << LT(1)->getText().c_str()
<< ((inputState->guessing>0)?" [guessing]":"")
<< ANTLR_USE_NAMESPACE(std)endl;
}
void Parser::traceOut(const char* rname)
{
for( int i = 0; i < traceDepth; i++ )
ANTLR_USE_NAMESPACE(std)cout << " ";
ANTLR_USE_NAMESPACE(std)cout << "< " << rname
<< "; LA(1)==" << LT(1)->getText().c_str()
<< ((inputState->guessing>0)?" [guessing]":"")
<< ANTLR_USE_NAMESPACE(std)endl;
traceDepth--;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

319
src/antlr/Parser.hpp Normal file
View File

@@ -0,0 +1,319 @@
#ifndef INC_Parser_hpp__
#define INC_Parser_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: Parser.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <iostream>
#include <exception>
#include <antlr/BitSet.hpp>
#include <antlr/TokenBuffer.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/MismatchedTokenException.hpp>
#include <antlr/ASTFactory.hpp>
#include <antlr/ParserSharedInputState.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
extern bool DEBUG_PARSER;
/** A generic ANTLR parser (LL(k) for k>=1) containing a bunch of
* utility routines useful at any lookahead depth. We distinguish between
* the LL(1) and LL(k) parsers because of efficiency. This may not be
* necessary in the near future.
*
* Each parser object contains the state of the parse including a lookahead
* cache (the form of which is determined by the subclass), whether or
* not the parser is in guess mode, where tokens come from, etc...
*
* <p>
* During <b>guess</b> mode, the current lookahead token(s) and token type(s)
* cache must be saved because the token stream may not have been informed
* to save the token (via <tt>mark</tt>) before the <tt>try</tt> block.
* Guessing is started by:
* <ol>
* <li>saving the lookahead cache.
* <li>marking the current position in the TokenBuffer.
* <li>increasing the guessing level.
* </ol>
*
* After guessing, the parser state is restored by:
* <ol>
* <li>restoring the lookahead cache.
* <li>rewinding the TokenBuffer.
* <li>decreasing the guessing level.
* </ol>
*
* @see antlr.Token
* @see antlr.TokenBuffer
* @see antlr.TokenStream
* @see antlr.LL1Parser
* @see antlr.LLkParser
*
* @todo add constructors with ASTFactory.
*/
class ANTLR_API Parser {
protected:
Parser(TokenBuffer& input)
: inputState(new ParserInputState(input)), astFactory(0), traceDepth(0)
{
}
Parser(TokenBuffer* input)
: inputState(new ParserInputState(input)), astFactory(0), traceDepth(0)
{
}
Parser(const ParserSharedInputState& state)
: inputState(state), astFactory(0), traceDepth(0)
{
}
public:
virtual ~Parser()
{
}
/** Return the token type of the ith token of lookahead where i=1
* is the current token being examined by the parser (i.e., it
* has not been matched yet).
*/
virtual int LA(unsigned int i)=0;
/// Return the i-th token of lookahead
virtual RefToken LT(unsigned int i)=0;
/** DEPRECATED! Specify the factory to be used during tree building. (Compulsory)
* Setting the factory is nowadays compulsory.
* @see setASTFactory
*/
virtual void setASTNodeFactory( ASTFactory *factory )
{
astFactory = factory;
}
/** Specify the factory to be used during tree building. (Compulsory)
* Setting the factory is nowadays compulsory.
*/
virtual void setASTFactory( ASTFactory *factory )
{
astFactory = factory;
}
/** Return a pointer to the ASTFactory used.
* So you might use it in subsequent treewalkers or to reload AST's
* from disk.
*/
virtual ASTFactory* getASTFactory()
{
return astFactory;
}
/** Get the root AST node of the generated AST. When using a custom AST type
* or heterogenous AST's, you'll have to convert it to the right type
* yourself.
*/
virtual RefAST getAST() = 0;
/// Return the filename of the input file.
virtual inline ANTLR_USE_NAMESPACE(std)string getFilename() const
{
return inputState->filename;
}
/// Set the filename of the input file (used for error reporting).
virtual void setFilename(const ANTLR_USE_NAMESPACE(std)string& f)
{
inputState->filename = f;
}
virtual void setInputState(ParserSharedInputState state)
{
inputState = state;
}
virtual inline ParserSharedInputState getInputState() const
{
return inputState;
}
/// Get another token object from the token stream
virtual void consume()=0;
/// Consume tokens until one matches the given token
virtual void consumeUntil(int tokenType)
{
while (LA(1) != Token::EOF_TYPE && LA(1) != tokenType)
consume();
}
/// Consume tokens until one matches the given token set
virtual void consumeUntil(const BitSet& set)
{
while (LA(1) != Token::EOF_TYPE && !set.member(LA(1)))
consume();
}
/** Make sure current lookahead symbol matches token type <tt>t</tt>.
* Throw an exception upon mismatch, which is catch by either the
* error handler or by the syntactic predicate.
*/
virtual void match(int t)
{
if ( DEBUG_PARSER )
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "enter match(" << t << ") with LA(1)=" << LA(1) << ANTLR_USE_NAMESPACE(std)endl;
}
if ( LA(1) != t )
{
if ( DEBUG_PARSER )
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "token mismatch: " << LA(1) << "!=" << t << ANTLR_USE_NAMESPACE(std)endl;
}
throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), t, false, getFilename());
}
else
{
// mark token as consumed -- fetch next token deferred until LA/LT
consume();
}
}
virtual void matchNot(int t)
{
if ( LA(1)==t )
{
// Throws inverted-sense exception
throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), t, true, getFilename());
}
else
{
// mark token as consumed -- fetch next token deferred until LA/LT
consume();
}
}
/** Make sure current lookahead symbol matches the given set
* Throw an exception upon mismatch, which is catch by either the
* error handler or by the syntactic predicate.
*/
virtual void match(const BitSet& b)
{
if ( DEBUG_PARSER )
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "enter match(" << "bitset" /*b.toString()*/
<< ") with LA(1)=" << LA(1) << ANTLR_USE_NAMESPACE(std)endl;
}
if ( !b.member(LA(1)) )
{
if ( DEBUG_PARSER )
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "token mismatch: " << LA(1) << " not member of "
<< "bitset" /*b.toString()*/ << ANTLR_USE_NAMESPACE(std)endl;
}
throw MismatchedTokenException(getTokenNames(), getNumTokens(), LT(1), b, false, getFilename());
}
else
{
// mark token as consumed -- fetch next token deferred until LA/LT
consume();
}
}
/** Mark a spot in the input and return the position.
* Forwarded to TokenBuffer.
*/
virtual inline unsigned int mark()
{
return inputState->getInput().mark();
}
/// rewind to a previously marked position
virtual inline void rewind(unsigned int pos)
{
inputState->getInput().rewind(pos);
}
/** called by the generated parser to do error recovery, override to
* customize the behaviour.
*/
virtual void recover(const RecognitionException& ex, const BitSet& tokenSet)
{
consume();
consumeUntil(tokenSet);
}
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const RecognitionException& ex);
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s);
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s);
/// get the token name for the token number 'num'
virtual const char* getTokenName(int num) const = 0;
/// get a vector with all token names
virtual const char* const* getTokenNames() const = 0;
/** Get the number of tokens defined.
* This one should be overridden in subclasses.
*/
virtual int getNumTokens(void) const = 0;
/** Set or change the input token buffer */
// void setTokenBuffer(TokenBuffer<Token>* t);
virtual void traceIndent();
virtual void traceIn(const char* rname);
virtual void traceOut(const char* rname);
protected:
// void setTokenNames(const char** tokenNames_);
ParserSharedInputState inputState;
// /// AST return value for a rule is squirreled away here
// RefAST returnAST;
/// AST support code; parser and treeparser delegate to this object
ASTFactory *astFactory;
// used to keep track of the indentation for the trace
int traceDepth;
/** Utility class which allows tracing to work even when exceptions are
* thrown.
*/
class Tracer { /*{{{*/
private:
Parser* parser;
const char* text;
public:
Tracer(Parser* p,const char * t)
: parser(p), text(t)
{
parser->traceIn(text);
}
~Tracer()
{
#ifdef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION
// Only give trace if there's no uncaught exception..
if(!ANTLR_USE_NAMESPACE(std)uncaught_exception())
#endif
parser->traceOut(text);
}
private:
Tracer(const Tracer&); // undefined
const Tracer& operator=(const Tracer&); // undefined
/*}}}*/
};
private:
Parser(const Parser&); // undefined
const Parser& operator=(const Parser&); // undefined
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_Parser_hpp__

92
src/antlr/ParserSharedInputState.hpp Normal file
View File

@@ -0,0 +1,92 @@
#ifndef INC_ParserSharedInputState_hpp__
#define INC_ParserSharedInputState_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: ParserSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenBuffer.hpp>
#include <antlr/RefCount.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This object contains the data associated with an
* input stream of tokens. Multiple parsers
* share a single ParserSharedInputState to parse
* the same stream of tokens.
*/
class ANTLR_API ParserInputState {
public:
/** Construct a new ParserInputState
* @param in the TokenBuffer to read from. The object is deleted together
* with the ParserInputState object.
*/
ParserInputState( TokenBuffer* in )
: guessing(0)
, filename()
, input(in)
, inputResponsible(true)
{
}
/** Construct a new ParserInputState
* @param in the TokenBuffer to read from.
*/
ParserInputState( TokenBuffer& in )
: guessing(0)
, filename("")
, input(&in)
, inputResponsible(false)
{
}
virtual ~ParserInputState()
{
if (inputResponsible)
delete input;
}
TokenBuffer& getInput( void )
{
return *input;
}
/// Reset the ParserInputState and the underlying TokenBuffer
void reset( void )
{
input->reset();
guessing = 0;
}
public:
/** Are we guessing (guessing>0)? */
int guessing;
/** What file (if known) caused the problem?
* @todo wrap this one..
*/
ANTLR_USE_NAMESPACE(std)string filename;
private:
/** Where to get token objects */
TokenBuffer* input;
/// Do we need to free the TokenBuffer or is it owned by another..
bool inputResponsible;
// we don't want these:
ParserInputState(const ParserInputState&);
ParserInputState& operator=(const ParserInputState&);
};
/// A reference counted ParserInputState
typedef RefCount<ParserInputState> ParserSharedInputState;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_ParserSharedInputState_hpp__

71
src/antlr/RecognitionException.cpp Normal file
View File

@@ -0,0 +1,71 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: RecognitionException.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/RecognitionException.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
RecognitionException::RecognitionException()
: ANTLRException("parsing error")
, line(-1)
, column(-1)
{
}
RecognitionException::RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s)
: ANTLRException(s)
, line(-1)
, column(-1)
{
}
RecognitionException::RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s,
const ANTLR_USE_NAMESPACE(std)string& fileName_,
int line_,int column_)
: ANTLRException(s)
, fileName(fileName_)
, line(line_)
, column(column_)
{
}
ANTLR_USE_NAMESPACE(std)string RecognitionException::getFileLineColumnString() const
{
ANTLR_USE_NAMESPACE(std)string fileLineColumnString;
if ( fileName.length() > 0 )
fileLineColumnString = fileName + ":";
if ( line != -1 )
{
if ( fileName.length() == 0 )
fileLineColumnString = fileLineColumnString + "line ";
fileLineColumnString = fileLineColumnString + line;
if ( column != -1 )
fileLineColumnString = fileLineColumnString + ":" + column;
fileLineColumnString = fileLineColumnString + ":";
}
fileLineColumnString = fileLineColumnString + " ";
return fileLineColumnString;
}
ANTLR_USE_NAMESPACE(std)string RecognitionException::toString() const
{
return getFileLineColumnString()+getMessage();
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

66
src/antlr/RecognitionException.hpp Normal file
View File

@@ -0,0 +1,66 @@
#ifndef INC_RecognitionException_hpp__
# define INC_RecognitionException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: RecognitionException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
# include <antlr/config.hpp>
# include <antlr/ANTLRException.hpp>
# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr
{
# endif
class ANTLR_API RecognitionException : public ANTLRException
{
public:
RecognitionException();
RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s);
RecognitionException(const ANTLR_USE_NAMESPACE(std)string& s,
const ANTLR_USE_NAMESPACE(std)string& fileName,
int line, int column );
virtual ~RecognitionException() throw()
{
}
/// Return file where mishap occurred.
virtual ANTLR_USE_NAMESPACE(std)string getFilename() const throw()
{
return fileName;
}
/**
* @return the line number that this exception happened on.
*/
virtual int getLine() const throw()
{
return line;
}
/**
* @return the column number that this exception happened on.
*/
virtual int getColumn() const throw()
{
return column;
}
/// Return complete error message with line/column number info (if present)
virtual ANTLR_USE_NAMESPACE(std)string toString() const;
/// See what file/line/column info is present and return it as a string
virtual ANTLR_USE_NAMESPACE(std)string getFileLineColumnString() const;
protected:
ANTLR_USE_NAMESPACE(std)string fileName; // not used by treeparsers
int line; // not used by treeparsers
int column; // not used by treeparsers
};
# ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
# endif
#endif //INC_RecognitionException_hpp__

80
src/antlr/RefCount.hpp Normal file
View File

@@ -0,0 +1,80 @@
#ifndef INC_RefCount_hpp__
#define INC_RefCount_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: RefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
template<class T>
class ANTLR_API RefCount {
private:
struct Ref {
T* const ptr;
unsigned int count;
Ref(T* p) : ptr(p), count(1) {}
~Ref() {delete ptr;}
Ref* increment() {++count;return this;}
bool decrement() {return (--count==0);}
private:
Ref(const Ref&);
Ref& operator=(const Ref&);
}* ref;
public:
explicit RefCount(T* p = 0)
: ref(p ? new Ref(p) : 0)
{
}
RefCount(const RefCount<T>& other)
: ref(other.ref ? other.ref->increment() : 0)
{
}
~RefCount()
{
if (ref && ref->decrement())
delete ref;
}
RefCount<T>& operator=(const RefCount<T>& other)
{
Ref* tmp = other.ref ? other.ref->increment() : 0;
if (ref && ref->decrement())
delete ref;
ref = tmp;
return *this;
}
operator T* () const
{
return ref ? ref->ptr : 0;
}
T* operator->() const
{
return ref ? ref->ptr : 0;
}
T* get() const
{
return ref ? ref->ptr : 0;
}
template<class newType> operator RefCount<newType>()
{
return RefCount<newType>(ref);
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_RefCount_hpp__

40
src/antlr/SemanticException.hpp Normal file
View File

@@ -0,0 +1,40 @@
#ifndef INC_SemanticException_hpp__
#define INC_SemanticException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: SemanticException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/RecognitionException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API SemanticException : public RecognitionException {
public:
SemanticException(const ANTLR_USE_NAMESPACE(std)string& s)
: RecognitionException(s)
{
}
SemanticException(const ANTLR_USE_NAMESPACE(std)string& s,
const ANTLR_USE_NAMESPACE(std)string& fileName_,
int line_,int column_)
: RecognitionException(s,fileName_,line_,column_)
{
}
~SemanticException() throw()
{
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_SemanticException_hpp__

90
src/antlr/String.cpp Normal file
View File

@@ -0,0 +1,90 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: String.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/String.hpp"
#include <cctype>
#ifdef HAS_NOT_CSTDIO_H
#include <stdio.h>
#else
#include <cstdio>
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
// wh: hack for Borland C++ 5.6
#if __BORLANDC__
using std::sprintf;
#endif
// RK: should be using snprintf actually... (or stringstream)
ANTLR_C_USING(sprintf)
ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, const int rhs )
{
char tmp[100];
sprintf(tmp,"%d",rhs);
return lhs+tmp;
}
ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, size_t rhs )
{
char tmp[100];
sprintf(tmp,"%u",rhs);
return lhs+tmp;
}
/** Convert character to readable string
*/
ANTLR_USE_NAMESPACE(std)string charName(int ch)
{
if (ch == EOF)
return "EOF";
else
{
ANTLR_USE_NAMESPACE(std)string s;
// when you think you've seen it all.. an isprint that crashes...
ch = ch & 0xFF;
#ifdef ANTLR_CCTYPE_NEEDS_STD
if( ANTLR_USE_NAMESPACE(std)isprint( ch ) )
#else
if( isprint( ch ) )
#endif
{
s.append("'");
s += ch;
s.append("'");
// s += "'"+ch+"'";
}
else
{
s += "0x";
unsigned int t = ch >> 4;
if( t < 10 )
s += t | 0x30;
else
s += t + 0x37;
t = ch & 0xF;
if( t < 10 )
s += t | 0x30;
else
s += t + 0x37;
}
return s;
}
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

27
src/antlr/String.hpp Normal file
View File

@@ -0,0 +1,27 @@
#ifndef INC_String_hpp__
#define INC_String_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: String.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
ANTLR_API ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, const int rhs );
ANTLR_API ANTLR_USE_NAMESPACE(std)string operator+( const ANTLR_USE_NAMESPACE(std)string& lhs, size_t rhs );
ANTLR_API ANTLR_USE_NAMESPACE(std)string charName( int ch );
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_String_hpp__

80
src/antlr/Token.cpp Normal file
View File

@@ -0,0 +1,80 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: Token.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/Token.hpp"
#include "antlr/String.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
int Token::getColumn() const
{
return 0;
}
int Token::getLine() const
{
return 0;
}
ANTLR_USE_NAMESPACE(std)string Token::getText() const
{
return "<no text>";
}
int Token::getType() const
{
return type;
}
void Token::setColumn(int)
{
}
void Token::setLine(int)
{
}
void Token::setText(const ANTLR_USE_NAMESPACE(std)string&)
{
}
void Token::setType(int t)
{
type = t;
}
void Token::setFilename(const ANTLR_USE_NAMESPACE(std)string&)
{
}
ANTLR_USE_NAMESPACE(std)string emptyString("");
const ANTLR_USE_NAMESPACE(std)string& Token::getFilename() const
{
return emptyString;
}
ANTLR_USE_NAMESPACE(std)string Token::toString() const
{
return "[\""+getText()+"\",<"+type+">]";
}
ANTLR_API RefToken nullToken;
#ifndef NO_STATIC_CONSTS
const int Token::MIN_USER_TYPE;
const int Token::NULL_TREE_LOOKAHEAD;
const int Token::INVALID_TYPE;
const int Token::EOF_TYPE;
const int Token::SKIP;
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

108
src/antlr/Token.hpp Normal file
View File

@@ -0,0 +1,108 @@
#ifndef INC_Token_hpp__
#define INC_Token_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: Token.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenRefCount.hpp>
#include <string>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
struct TokenRef;
/** A token is minimally a token type. Subclasses can add the text matched
* for the token and line info.
*/
class ANTLR_API Token
{
public:
// constants
#ifndef NO_STATIC_CONSTS
static const int MIN_USER_TYPE = 4;
static const int NULL_TREE_LOOKAHEAD = 3;
static const int INVALID_TYPE = 0;
static const int EOF_TYPE = 1;
static const int SKIP = -1;
#else
enum {
MIN_USER_TYPE = 4,
NULL_TREE_LOOKAHEAD = 3,
INVALID_TYPE = 0,
EOF_TYPE = 1,
SKIP = -1
};
#endif
Token()
: ref(0)
, type(INVALID_TYPE)
{
}
Token(int t)
: ref(0)
, type(t)
{
}
Token(int t, const ANTLR_USE_NAMESPACE(std)string& txt)
: ref(0)
, type(t)
{
setText(txt);
}
virtual ~Token()
{
}
virtual int getColumn() const;
virtual int getLine() const;
virtual ANTLR_USE_NAMESPACE(std)string getText() const;
virtual const ANTLR_USE_NAMESPACE(std)string& getFilename() const;
virtual int getType() const;
virtual void setColumn(int c);
virtual void setLine(int l);
virtual void setText(const ANTLR_USE_NAMESPACE(std)string& t);
virtual void setType(int t);
virtual void setFilename( const std::string& file );
virtual ANTLR_USE_NAMESPACE(std)string toString() const;
private:
friend struct TokenRef;
TokenRef* ref;
int type; ///< the type of the token
Token(RefToken other);
Token& operator=(const Token& other);
Token& operator=(RefToken other);
Token(const Token&);
};
extern ANTLR_API RefToken nullToken;
#ifdef NEEDS_OPERATOR_LESS_THAN
// RK: Added after 2.7.2 previously it was undefined.
// AL: what to return if l and/or r point to nullToken???
inline bool operator<( RefToken l, RefToken r )
{
return nullToken == l ? ( nullToken == r ? false : true ) : l->getType() < r->getType();
}
#endif
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_Token_hpp__

96
src/antlr/TokenBuffer.cpp Normal file
View File

@@ -0,0 +1,96 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenBuffer.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TokenBuffer.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**A Stream of Token objects fed to the parser from a TokenStream that can
* be rewound via mark()/rewind() methods.
* <p>
* A dynamic array is used to buffer up all the input tokens. Normally,
* "k" tokens are stored in the buffer. More tokens may be stored during
* guess mode (testing syntactic predicate), or when LT(i>k) is referenced.
* Consumption of tokens is deferred. In other words, reading the next
* token is not done by conume(), but deferred until needed by LA or LT.
* <p>
*
* @see antlr.Token
* @see antlr.TokenStream
* @see antlr.TokenQueue
*/
/** Create a token buffer */
TokenBuffer::TokenBuffer( TokenStream& inp )
: input(inp)
, nMarkers(0)
, markerOffset(0)
, numToConsume(0)
{
}
TokenBuffer::~TokenBuffer( void )
{
}
/** Ensure that the token buffer is sufficiently full */
void TokenBuffer::fill(unsigned int amount)
{
syncConsume();
// Fill the buffer sufficiently to hold needed tokens
while (queue.entries() < (amount + markerOffset))
{
// Append the next token
queue.append(input.nextToken());
}
}
/** Get a lookahead token value */
int TokenBuffer::LA(unsigned int i)
{
fill(i);
return queue.elementAt(markerOffset+i-1)->getType();
}
/** Get a lookahead token */
RefToken TokenBuffer::LT(unsigned int i)
{
fill(i);
return queue.elementAt(markerOffset+i-1);
}
/** Return an integer marker that can be used to rewind the buffer to
* its current state.
*/
unsigned int TokenBuffer::mark()
{
syncConsume();
nMarkers++;
return markerOffset;
}
/**Rewind the token buffer to a marker.
* @param mark Marker returned previously from mark()
*/
void TokenBuffer::rewind(unsigned int mark)
{
syncConsume();
markerOffset=mark;
nMarkers--;
}
/// Get number of non-consumed tokens
unsigned int TokenBuffer::entries() const
{
return queue.entries() - markerOffset;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

121
src/antlr/TokenBuffer.hpp Normal file
View File

@@ -0,0 +1,121 @@
#ifndef INC_TokenBuffer_hpp__
#define INC_TokenBuffer_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenBuffer.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStream.hpp>
#include <antlr/CircularQueue.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**A Stream of Token objects fed to the parser from a TokenStream that can
* be rewound via mark()/rewind() methods.
* <p>
* A dynamic array is used to buffer up all the input tokens. Normally,
* "k" tokens are stored in the buffer. More tokens may be stored during
* guess mode (testing syntactic predicate), or when LT(i>k) is referenced.
* Consumption of tokens is deferred. In other words, reading the next
* token is not done by conume(), but deferred until needed by LA or LT.
* <p>
*
* @todo: see if we can integrate this one with InputBuffer into one template
* or so.
*
* @see antlr.Token
* @see antlr.TokenStream
* @see antlr.TokenQueue
*/
class ANTLR_API TokenBuffer {
public:
/** Create a token buffer */
TokenBuffer(TokenStream& input_);
virtual ~TokenBuffer();
/// Reset the input buffer to empty state
inline void reset( void )
{
nMarkers = 0;
markerOffset = 0;
numToConsume = 0;
queue.clear();
}
/** Get a lookahead token value */
int LA( unsigned int i );
/** Get a lookahead token */
RefToken LT( unsigned int i );
/** Return an integer marker that can be used to rewind the buffer to
* its current state.
*/
unsigned int mark();
/**Rewind the token buffer to a marker.
* @param mark Marker returned previously from mark()
*/
void rewind(unsigned int mark);
/** Mark another token for deferred consumption */
inline void consume()
{
numToConsume++;
}
/// Return the number of entries in the TokenBuffer
virtual unsigned int entries() const;
private:
/** Ensure that the token buffer is sufficiently full */
void fill(unsigned int amount);
/** Sync up deferred consumption */
void syncConsume();
protected:
/// Token source
TokenStream& input;
/// Number of active markers
unsigned int nMarkers;
/// Additional offset used when markers are active
unsigned int markerOffset;
/// Number of calls to consume() since last LA() or LT() call
unsigned int numToConsume;
/// Circular queue with Tokens
CircularQueue<RefToken> queue;
private:
TokenBuffer(const TokenBuffer& other);
const TokenBuffer& operator=(const TokenBuffer& other);
};
/** Sync up deferred consumption */
inline void TokenBuffer::syncConsume()
{
if (numToConsume > 0)
{
if (nMarkers > 0)
markerOffset += numToConsume;
else
queue.removeItems( numToConsume );
numToConsume = 0;
}
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenBuffer_hpp__

41
src/antlr/TokenRefCount.cpp Normal file
View File

@@ -0,0 +1,41 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenRefCount.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TokenRefCount.hpp"
#include "antlr/Token.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
TokenRef::TokenRef(Token* p)
: ptr(p), count(1)
{
if (p && !p->ref)
p->ref = this;
}
TokenRef::~TokenRef()
{
delete ptr;
}
TokenRef* TokenRef::getRef(const Token* p)
{
if (p) {
Token* pp = const_cast<Token*>(p);
if (pp->ref)
return pp->ref->increment();
else
return new TokenRef(pp);
} else
return 0;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

98
src/antlr/TokenRefCount.hpp Normal file
View File

@@ -0,0 +1,98 @@
#ifndef INC_TokenRefCount_hpp__
# define INC_TokenRefCount_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenRefCount.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
# include <antlr/config.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class Token;
struct ANTLR_API TokenRef
{
Token* const ptr;
unsigned int count;
TokenRef(Token* p);
~TokenRef();
TokenRef* increment()
{
++count;
return this;
}
bool decrement()
{
return (--count==0);
}
static TokenRef* getRef(const Token* p);
private:
TokenRef( const TokenRef& );
TokenRef& operator=( const TokenRef& );
};
template<class T>
class ANTLR_API TokenRefCount
{
private:
TokenRef* ref;
public:
TokenRefCount(const Token* p=0)
: ref(p ? TokenRef::getRef(p) : 0)
{
}
TokenRefCount(const TokenRefCount<T>& other)
: ref(other.ref ? other.ref->increment() : 0)
{
}
~TokenRefCount()
{
if (ref && ref->decrement())
delete ref;
}
TokenRefCount<T>& operator=(Token* other)
{
TokenRef* tmp = TokenRef::getRef(other);
if (ref && ref->decrement())
delete ref;
ref=tmp;
return *this;
}
TokenRefCount<T>& operator=(const TokenRefCount<T>& other)
{
if( other.ref != ref )
{
TokenRef* tmp = other.ref ? other.ref->increment() : 0;
if (ref && ref->decrement())
delete ref;
ref=tmp;
}
return *this;
}
operator T* () const { return ref ? static_cast<T*>(ref->ptr) : 0; }
T* operator->() const { return ref ? static_cast<T*>(ref->ptr) : 0; }
T* get() const { return ref ? static_cast<T*>(ref->ptr) : 0; }
};
typedef TokenRefCount<Token> RefToken;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenRefCount_hpp__

34
src/antlr/TokenStream.hpp Normal file
View File

@@ -0,0 +1,34 @@
#ifndef INC_TokenStream_hpp__
#define INC_TokenStream_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStream.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/Token.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This interface allows any object to pretend it is a stream
* of tokens.
* @author Terence Parr, MageLang Institute
*/
class ANTLR_API TokenStream {
public:
virtual RefToken nextToken()=0;
virtual ~TokenStream()
{
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStream_hpp__

44
src/antlr/TokenStreamBasicFilter.cpp Normal file
View File

@@ -0,0 +1,44 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamBasicFilter.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TokenStreamBasicFilter.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This object is a TokenStream that passes through all
* tokens except for those that you tell it to discard.
* There is no buffering of the tokens.
*/
TokenStreamBasicFilter::TokenStreamBasicFilter(TokenStream& input_)
: input(&input_)
{
}
void TokenStreamBasicFilter::discard(int ttype)
{
discardMask.add(ttype);
}
void TokenStreamBasicFilter::discard(const BitSet& mask)
{
discardMask = mask;
}
RefToken TokenStreamBasicFilter::nextToken()
{
RefToken tok = input->nextToken();
while ( tok && discardMask.member(tok->getType()) ) {
tok = input->nextToken();
}
return tok;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

46
src/antlr/TokenStreamBasicFilter.hpp Normal file
View File

@@ -0,0 +1,46 @@
#ifndef INC_TokenStreamBasicFilter_hpp__
#define INC_TokenStreamBasicFilter_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamBasicFilter.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/BitSet.hpp>
#include <antlr/TokenStream.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This object is a TokenStream that passes through all
* tokens except for those that you tell it to discard.
* There is no buffering of the tokens.
*/
class ANTLR_API TokenStreamBasicFilter : public TokenStream {
/** The set of token types to discard */
protected:
BitSet discardMask;
/** The input stream */
protected:
TokenStream* input;
public:
TokenStreamBasicFilter(TokenStream& input_);
void discard(int ttype);
void discard(const BitSet& mask);
RefToken nextToken();
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamBasicFilter_hpp__

41
src/antlr/TokenStreamException.hpp Normal file
View File

@@ -0,0 +1,41 @@
#ifndef INC_TokenStreamException_hpp__
#define INC_TokenStreamException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/ANTLRException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Baseclass for exceptions thrown by classes implementing the TokenStream
* interface.
* @see TokenStream
*/
class ANTLR_API TokenStreamException : public ANTLRException {
public:
TokenStreamException()
: ANTLRException()
{
}
TokenStreamException(const ANTLR_USE_NAMESPACE(std)string& s)
: ANTLRException(s)
{
}
virtual ~TokenStreamException() throw()
{
}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamException_hpp__

156
src/antlr/TokenStreamHiddenTokenFilter.cpp Normal file
View File

@@ -0,0 +1,156 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamHiddenTokenFilter.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TokenStreamHiddenTokenFilter.hpp"
#include "antlr/CommonHiddenStreamToken.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**This object filters a token stream coming from a lexer
* or another TokenStream so that only certain token channels
* get transmitted to the parser.
*
* Any of the channels can be filtered off as "hidden" channels whose
* tokens can be accessed from the parser.
*/
TokenStreamHiddenTokenFilter::TokenStreamHiddenTokenFilter(TokenStream& input)
: TokenStreamBasicFilter(input)
{
}
void TokenStreamHiddenTokenFilter::consume()
{
nextMonitoredToken = input->nextToken();
}
void TokenStreamHiddenTokenFilter::consumeFirst()
{
consume();
// Handle situation where hidden or discarded tokens
// appear first in input stream
RefToken p;
// while hidden or discarded scarf tokens
while ( hideMask.member(LA(1)->getType()) || discardMask.member(LA(1)->getType()) ) {
if ( hideMask.member(LA(1)->getType()) ) {
if ( !p ) {
p = LA(1);
}
else {
static_cast<CommonHiddenStreamToken*>(p.get())->setHiddenAfter(LA(1));
static_cast<CommonHiddenStreamToken*>(LA(1).get())->setHiddenBefore(p); // double-link
p = LA(1);
}
lastHiddenToken = p;
if (!firstHidden)
firstHidden = p; // record hidden token if first
}
consume();
}
}
BitSet TokenStreamHiddenTokenFilter::getDiscardMask() const
{
return discardMask;
}
/** Return a ptr to the hidden token appearing immediately after
* token t in the input stream.
*/
RefToken TokenStreamHiddenTokenFilter::getHiddenAfter(RefToken t)
{
return static_cast<CommonHiddenStreamToken*>(t.get())->getHiddenAfter();
}
/** Return a ptr to the hidden token appearing immediately before
* token t in the input stream.
*/
RefToken TokenStreamHiddenTokenFilter::getHiddenBefore(RefToken t)
{
return static_cast<CommonHiddenStreamToken*>(t.get())->getHiddenBefore();
}
BitSet TokenStreamHiddenTokenFilter::getHideMask() const
{
return hideMask;
}
/** Return the first hidden token if one appears
* before any monitored token.
*/
RefToken TokenStreamHiddenTokenFilter::getInitialHiddenToken()
{
return firstHidden;
}
void TokenStreamHiddenTokenFilter::hide(int m)
{
hideMask.add(m);
}
void TokenStreamHiddenTokenFilter::hide(const BitSet& mask)
{
hideMask = mask;
}
RefToken TokenStreamHiddenTokenFilter::LA(int)
{
return nextMonitoredToken;
}
/** Return the next monitored token.
* Test the token following the monitored token.
* If following is another monitored token, save it
* for the next invocation of nextToken (like a single
* lookahead token) and return it then.
* If following is unmonitored, nondiscarded (hidden)
* channel token, add it to the monitored token.
*
* Note: EOF must be a monitored Token.
*/
RefToken TokenStreamHiddenTokenFilter::nextToken()
{
// handle an initial condition; don't want to get lookahead
// token of this splitter until first call to nextToken
if ( !LA(1) ) {
consumeFirst();
}
// we always consume hidden tokens after monitored, thus,
// upon entry LA(1) is a monitored token.
RefToken monitored = LA(1);
// point to hidden tokens found during last invocation
static_cast<CommonHiddenStreamToken*>(monitored.get())->setHiddenBefore(lastHiddenToken);
lastHiddenToken = nullToken;
// Look for hidden tokens, hook them into list emanating
// from the monitored tokens.
consume();
RefToken p = monitored;
// while hidden or discarded scarf tokens
while ( hideMask.member(LA(1)->getType()) || discardMask.member(LA(1)->getType()) ) {
if ( hideMask.member(LA(1)->getType()) ) {
// attach the hidden token to the monitored in a chain
// link forwards
static_cast<CommonHiddenStreamToken*>(p.get())->setHiddenAfter(LA(1));
// link backwards
if (p != monitored) { //hidden cannot point to monitored tokens
static_cast<CommonHiddenStreamToken*>(LA(1).get())->setHiddenBefore(p);
}
p = lastHiddenToken = LA(1);
}
consume();
}
return monitored;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

95
src/antlr/TokenStreamHiddenTokenFilter.hpp Normal file
View File

@@ -0,0 +1,95 @@
#ifndef INC_TokenStreamHiddenTokenFilter_hpp__
#define INC_TokenStreamHiddenTokenFilter_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamHiddenTokenFilter.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStreamBasicFilter.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/**This object filters a token stream coming from a lexer
* or another TokenStream so that only certain token channels
* get transmitted to the parser.
*
* Any of the channels can be filtered off as "hidden" channels whose
* tokens can be accessed from the parser.
*/
class ANTLR_API TokenStreamHiddenTokenFilter : public TokenStreamBasicFilter {
// protected BitSet discardMask;
protected:
BitSet hideMask;
private:
RefToken nextMonitoredToken;
protected:
/** track tail of hidden list emanating from previous
* monitored token
*/
RefToken lastHiddenToken;
RefToken firstHidden; // = null;
public:
TokenStreamHiddenTokenFilter(TokenStream& input);
protected:
void consume();
private:
void consumeFirst();
public:
BitSet getDiscardMask() const;
/** Return a ptr to the hidden token appearing immediately after
* token t in the input stream.
*/
RefToken getHiddenAfter(RefToken t);
/** Return a ptr to the hidden token appearing immediately before
* token t in the input stream.
*/
RefToken getHiddenBefore(RefToken t);
BitSet getHideMask() const;
/** Return the first hidden token if one appears
* before any monitored token.
*/
RefToken getInitialHiddenToken();
void hide(int m);
void hide(const BitSet& mask);
protected:
RefToken LA(int i);
public:
/** Return the next monitored token.
* Test the token following the monitored token.
* If following is another monitored token, save it
* for the next invocation of nextToken (like a single
* lookahead token) and return it then.
* If following is unmonitored, nondiscarded (hidden)
* channel token, add it to the monitored token.
*
* Note: EOF must be a monitored Token.
*/
RefToken nextToken();
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamHiddenTokenFilter_hpp__

40
src/antlr/TokenStreamIOException.hpp Normal file
View File

@@ -0,0 +1,40 @@
#ifndef INC_TokenStreamIOException_hpp__
#define INC_TokenStreamIOException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamIOException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStreamException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class TokenStreamIOException : public TokenStreamException {
public:
TokenStreamIOException()
: TokenStreamException()
{
}
TokenStreamIOException(const ANTLR_USE_NAMESPACE(std)exception& e)
: TokenStreamException(e.what())
, io(e)
{
}
~TokenStreamIOException() throw()
{
}
private:
ANTLR_USE_NAMESPACE(std)exception io;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamIOException_hpp__

57
src/antlr/TokenStreamRecognitionException.hpp Normal file
View File

@@ -0,0 +1,57 @@
#ifndef INC_TokenStreamRecognitionException_hpp__
#define INC_TokenStreamRecognitionException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamRecognitionException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStreamException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** Exception thrown from generated lexers when there's no default error
* handler specified.
* @see TokenStream
*/
class TokenStreamRecognitionException : public TokenStreamException {
public:
TokenStreamRecognitionException(RecognitionException& re)
: TokenStreamException(re.getMessage())
, recog(re)
{
}
virtual ~TokenStreamRecognitionException() throw()
{
}
virtual ANTLR_USE_NAMESPACE(std)string toString() const
{
return recog.getFileLineColumnString()+getMessage();
}
virtual ANTLR_USE_NAMESPACE(std)string getFilename() const throw()
{
return recog.getFilename();
}
virtual int getLine() const throw()
{
return recog.getLine();
}
virtual int getColumn() const throw()
{
return recog.getColumn();
}
private:
RecognitionException recog;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamRecognitionException_hpp__

28
src/antlr/TokenStreamRetryException.hpp Normal file
View File

@@ -0,0 +1,28 @@
#ifndef INC_TokenStreamRetryException_hpp__
#define INC_TokenStreamRetryException_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamRetryException.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStreamException.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class TokenStreamRetryException : public TokenStreamException {
public:
TokenStreamRetryException() {}
~TokenStreamRetryException() throw() {}
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamRetryException_hpp__

214
src/antlr/TokenStreamRewriteEngine.cpp Normal file
View File

@@ -0,0 +1,214 @@
#include <antlr/config.hpp>
#include <string>
#include <list>
#include <vector>
#include <map>
#include <utility>
#include <iostream>
#include <iterator>
#include <sstream>
#include <cassert>
#include <antlr/TokenStream.hpp>
#include <antlr/TokenWithIndex.hpp>
#include <antlr/BitSet.hpp>
#include <antlr/TokenStreamRewriteEngine.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
#ifndef NO_STATIC_CONSTS
const size_t TokenStreamRewriteEngine::MIN_TOKEN_INDEX = 0;
const int TokenStreamRewriteEngine::PROGRAM_INIT_SIZE = 100;
#endif
const char* TokenStreamRewriteEngine::DEFAULT_PROGRAM_NAME = "default";
namespace {
struct compareOperationIndex {
typedef TokenStreamRewriteEngine::RewriteOperation RewriteOperation;
bool operator() ( const RewriteOperation* a, const RewriteOperation* b ) const
{
return a->getIndex() < b->getIndex();
}
};
struct dumpTokenWithIndex {
dumpTokenWithIndex( ANTLR_USE_NAMESPACE(std)ostream& o ) : out(o) {}
void operator() ( const RefTokenWithIndex& t ) {
out << "[txt='" << t->getText() << "' tp=" << t->getType() << " idx=" << t->getIndex() << "]\n";
}
ANTLR_USE_NAMESPACE(std)ostream& out;
};
}
TokenStreamRewriteEngine::TokenStreamRewriteEngine(TokenStream& upstream)
: stream(upstream)
, index(MIN_TOKEN_INDEX)
, tokens()
, programs()
, discardMask()
{
}
TokenStreamRewriteEngine::TokenStreamRewriteEngine(TokenStream& upstream, size_t initialSize )
: stream(upstream)
, index(MIN_TOKEN_INDEX)
, tokens(initialSize)
, programs()
, discardMask()
{
}
RefToken TokenStreamRewriteEngine::nextToken( void )
{
RefTokenWithIndex t;
// suck tokens until end of stream or we find a non-discarded token
do {
t = RefTokenWithIndex(stream.nextToken());
if ( t )
{
t->setIndex(index); // what is t's index in list?
if ( t->getType() != Token::EOF_TYPE ) {
tokens.push_back(t); // track all tokens except EOF
}
index++; // move to next position
}
} while ( t && discardMask.member(t->getType()) );
return RefToken(t);
}
void TokenStreamRewriteEngine::rollback( const std::string& programName,
size_t instructionIndex )
{
program_map::iterator rewrite = programs.find(programName);
if( rewrite != programs.end() )
{
operation_list& prog = rewrite->second;
operation_list::iterator
j = prog.begin(),
end = prog.end();
std::advance(j,instructionIndex);
if( j != end )
prog.erase(j, end);
}
}
void TokenStreamRewriteEngine::originalToStream( std::ostream& out,
size_t start,
size_t end ) const
{
token_list::const_iterator s = tokens.begin();
std::advance( s, start );
token_list::const_iterator e = s;
std::advance( e, end-start );
std::for_each( s, e, tokenToStream(out) );
}
void TokenStreamRewriteEngine::toStream( std::ostream& out,
const std::string& programName,
size_t firstToken,
size_t lastToken ) const
{
if( tokens.size() == 0 )
return;
program_map::const_iterator rewriter = programs.find(programName);
if ( rewriter == programs.end() )
return;
// get the prog and some iterators in it...
const operation_list& prog = rewriter->second;
operation_list::const_iterator
rewriteOpIndex = prog.begin(),
rewriteOpEnd = prog.end();
size_t tokenCursor = firstToken;
// make sure we don't run out of the tokens we have...
if( lastToken > (tokens.size() - 1) )
lastToken = tokens.size() - 1;
while ( tokenCursor <= lastToken )
{
// std::cout << "tokenCursor = " << tokenCursor << " first prog index = " << (*rewriteOpIndex)->getIndex() << std::endl;
if( rewriteOpIndex != rewriteOpEnd )
{
size_t up_to_here = std::min(lastToken,(*rewriteOpIndex)->getIndex());
while( tokenCursor < up_to_here )
out << tokens[tokenCursor++]->getText();
}
while ( rewriteOpIndex != rewriteOpEnd &&
tokenCursor == (*rewriteOpIndex)->getIndex() &&
tokenCursor <= lastToken )
{
tokenCursor = (*rewriteOpIndex)->execute(out);
++rewriteOpIndex;
}
if( tokenCursor <= lastToken )
out << tokens[tokenCursor++]->getText();
}
// std::cout << "Handling tail operations # left = " << std::distance(rewriteOpIndex,rewriteOpEnd) << std::endl;
// now see if there are operations (append) beyond last token index
std::for_each( rewriteOpIndex, rewriteOpEnd, executeOperation(out) );
rewriteOpIndex = rewriteOpEnd;
}
void TokenStreamRewriteEngine::toDebugStream( std::ostream& out,
size_t start,
size_t end ) const
{
token_list::const_iterator s = tokens.begin();
std::advance( s, start );
token_list::const_iterator e = s;
std::advance( e, end-start );
std::for_each( s, e, dumpTokenWithIndex(out) );
}
void TokenStreamRewriteEngine::addToSortedRewriteList( const std::string& programName,
RewriteOperation* op )
{
program_map::iterator rewrites = programs.find(programName);
// check if we got the program already..
if ( rewrites == programs.end() )
{
// no prog make a new one...
operation_list ops;
ops.push_back(op);
programs.insert(std::make_pair(programName,ops));
return;
}
operation_list& prog = rewrites->second;
if( prog.empty() )
{
prog.push_back(op);
return;
}
operation_list::iterator i, end = prog.end();
i = end;
--i;
// if at or beyond last op's index, just append
if ( op->getIndex() >= (*i)->getIndex() ) {
prog.push_back(op); // append to list of operations
return;
}
i = prog.begin();
if( i != end )
{
operation_list::iterator pos = std::upper_bound( i, end, op, compareOperationIndex() );
prog.insert(pos,op);
}
else
prog.push_back(op);
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

439
src/antlr/TokenStreamRewriteEngine.hpp Normal file
View File

@@ -0,0 +1,439 @@
#ifndef INC_TokenStreamRewriteEngine_hpp__
#define INC_TokenStreamRewriteEngine_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*/
#include <string>
#include <list>
#include <vector>
#include <map>
#include <utility>
#include <iostream>
#include <iterator>
#include <cassert>
#include <algorithm>
#include <antlr/config.hpp>
#include <antlr/TokenStream.hpp>
#include <antlr/TokenWithIndex.hpp>
#include <antlr/BitSet.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This token stream tracks the *entire* token stream coming from
* a lexer, but does not pass on the whitespace (or whatever else
* you want to discard) to the parser.
*
* This class can then be asked for the ith token in the input stream.
* Useful for dumping out the input stream exactly after doing some
* augmentation or other manipulations. Tokens are index from 0..n-1
*
* You can insert stuff, replace, and delete chunks. Note that the
* operations are done lazily--only if you convert the buffer to a
* String. This is very efficient because you are not moving data around
* all the time. As the buffer of tokens is converted to strings, the
* toString() method(s) check to see if there is an operation at the
* current index. If so, the operation is done and then normal String
* rendering continues on the buffer. This is like having multiple Turing
* machine instruction streams (programs) operating on a single input tape. :)
*
* Since the operations are done lazily at toString-time, operations do not
* screw up the token index values. That is, an insert operation at token
* index i does not change the index values for tokens i+1..n-1.
*
* Because operations never actually alter the buffer, you may always get
* the original token stream back without undoing anything. Since
* the instructions are queued up, you can easily simulate transactions and
* roll back any changes if there is an error just by removing instructions.
* For example,
*
* TokenStreamRewriteEngine rewriteEngine =
* new TokenStreamRewriteEngine(lexer);
* JavaRecognizer parser = new JavaRecognizer(rewriteEngine);
* ...
* rewriteEngine.insertAfter("pass1", t, "foobar");}
* rewriteEngine.insertAfter("pass2", u, "start");}
* System.out.println(rewriteEngine.toString("pass1"));
* System.out.println(rewriteEngine.toString("pass2"));
*
* You can also have multiple "instruction streams" and get multiple
* rewrites from a single pass over the input. Just name the instruction
* streams and use that name again when printing the buffer. This could be
* useful for generating a C file and also its header file--all from the
* same buffer.
*
* If you don't use named rewrite streams, a "default" stream is used.
*
* Terence Parr, parrt@cs.usfca.edu
* University of San Francisco
* February 2004
*/
class TokenStreamRewriteEngine : public TokenStream
{
public:
typedef ANTLR_USE_NAMESPACE(std)vector<antlr::RefTokenWithIndex> token_list;
static const char* DEFAULT_PROGRAM_NAME;
#ifndef NO_STATIC_CONSTS
static const size_t MIN_TOKEN_INDEX;
static const int PROGRAM_INIT_SIZE;
#else
enum {
MIN_TOKEN_INDEX = 0,
PROGRAM_INIT_SIZE = 100
};
#endif
struct tokenToStream {
tokenToStream( ANTLR_USE_NAMESPACE(std)ostream& o ) : out(o) {}
template <typename T> void operator() ( const T& t ) {
out << t->getText();
}
ANTLR_USE_NAMESPACE(std)ostream& out;
};
class RewriteOperation {
protected:
RewriteOperation( size_t idx, const ANTLR_USE_NAMESPACE(std)string& txt )
: index(idx), text(txt)
{
}
public:
virtual ~RewriteOperation()
{
}
/** Execute the rewrite operation by possibly adding to the buffer.
* Return the index of the next token to operate on.
*/
virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& /* out */ ) {
return index;
}
virtual size_t getIndex() const {
return index;
}
virtual const char* type() const {
return "RewriteOperation";
}
protected:
size_t index;
ANTLR_USE_NAMESPACE(std)string text;
};
struct executeOperation {
ANTLR_USE_NAMESPACE(std)ostream& out;
executeOperation( ANTLR_USE_NAMESPACE(std)ostream& s ) : out(s) {}
void operator () ( RewriteOperation* t ) {
t->execute(out);
}
};
/// list of rewrite operations
typedef ANTLR_USE_NAMESPACE(std)list<RewriteOperation*> operation_list;
/// map program name to <program counter,program> tuple
typedef ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,operation_list> program_map;
class InsertBeforeOp : public RewriteOperation
{
public:
InsertBeforeOp( size_t index, const ANTLR_USE_NAMESPACE(std)string& text )
: RewriteOperation(index, text)
{
}
virtual ~InsertBeforeOp() {}
virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& out )
{
out << text;
return index;
}
virtual const char* type() const {
return "InsertBeforeOp";
}
};
class ReplaceOp : public RewriteOperation
{
public:
ReplaceOp(size_t from, size_t to, ANTLR_USE_NAMESPACE(std)string text)
: RewriteOperation(from,text)
, lastIndex(to)
{
}
virtual ~ReplaceOp() {}
virtual size_t execute( ANTLR_USE_NAMESPACE(std)ostream& out ) {
out << text;
return lastIndex+1;
}
virtual const char* type() const {
return "ReplaceOp";
}
protected:
size_t lastIndex;
};
class DeleteOp : public ReplaceOp {
public:
DeleteOp(size_t from, size_t to)
: ReplaceOp(from,to,"")
{
}
virtual const char* type() const {
return "DeleteOp";
}
};
TokenStreamRewriteEngine(TokenStream& upstream);
TokenStreamRewriteEngine(TokenStream& upstream, size_t initialSize);
RefToken nextToken( void );
void rollback(size_t instructionIndex) {
rollback(DEFAULT_PROGRAM_NAME, instructionIndex);
}
/** Rollback the instruction stream for a program so that
* the indicated instruction (via instructionIndex) is no
* longer in the stream. UNTESTED!
*/
void rollback(const ANTLR_USE_NAMESPACE(std)string& programName,
size_t instructionIndex );
void deleteProgram() {
deleteProgram(DEFAULT_PROGRAM_NAME);
}
/** Reset the program so that no instructions exist */
void deleteProgram(const ANTLR_USE_NAMESPACE(std)string& programName) {
rollback(programName, MIN_TOKEN_INDEX);
}
void insertAfter( RefTokenWithIndex t,
const ANTLR_USE_NAMESPACE(std)string& text )
{
insertAfter(DEFAULT_PROGRAM_NAME, t, text);
}
void insertAfter(size_t index, const ANTLR_USE_NAMESPACE(std)string& text) {
insertAfter(DEFAULT_PROGRAM_NAME, index, text);
}
void insertAfter( const ANTLR_USE_NAMESPACE(std)string& programName,
RefTokenWithIndex t,
const ANTLR_USE_NAMESPACE(std)string& text )
{
insertAfter(programName, t->getIndex(), text);
}
void insertAfter( const ANTLR_USE_NAMESPACE(std)string& programName,
size_t index,
const ANTLR_USE_NAMESPACE(std)string& text )
{
// to insert after, just insert before next index (even if past end)
insertBefore(programName,index+1, text);
}
void insertBefore( RefTokenWithIndex t,
const ANTLR_USE_NAMESPACE(std)string& text )
{
// std::cout << "insertBefore index " << t->getIndex() << " " << text << std::endl;
insertBefore(DEFAULT_PROGRAM_NAME, t, text);
}
void insertBefore(size_t index, const ANTLR_USE_NAMESPACE(std)string& text) {
insertBefore(DEFAULT_PROGRAM_NAME, index, text);
}
void insertBefore( const ANTLR_USE_NAMESPACE(std)string& programName,
RefTokenWithIndex t,
const ANTLR_USE_NAMESPACE(std)string& text )
{
insertBefore(programName, t->getIndex(), text);
}
void insertBefore( const ANTLR_USE_NAMESPACE(std)string& programName,
size_t index,
const ANTLR_USE_NAMESPACE(std)string& text )
{
addToSortedRewriteList(programName, new InsertBeforeOp(index,text));
}
void replace(size_t index, const ANTLR_USE_NAMESPACE(std)string& text)
{
replace(DEFAULT_PROGRAM_NAME, index, index, text);
}
void replace( size_t from, size_t to,
const ANTLR_USE_NAMESPACE(std)string& text)
{
replace(DEFAULT_PROGRAM_NAME, from, to, text);
}
void replace( RefTokenWithIndex indexT,
const ANTLR_USE_NAMESPACE(std)string& text )
{
replace(DEFAULT_PROGRAM_NAME, indexT->getIndex(), indexT->getIndex(), text);
}
void replace( RefTokenWithIndex from,
RefTokenWithIndex to,
const ANTLR_USE_NAMESPACE(std)string& text )
{
replace(DEFAULT_PROGRAM_NAME, from, to, text);
}
void replace(const ANTLR_USE_NAMESPACE(std)string& programName,
size_t from, size_t to,
const ANTLR_USE_NAMESPACE(std)string& text )
{
addToSortedRewriteList(programName,new ReplaceOp(from, to, text));
}
void replace( const ANTLR_USE_NAMESPACE(std)string& programName,
RefTokenWithIndex from,
RefTokenWithIndex to,
const ANTLR_USE_NAMESPACE(std)string& text )
{
replace(programName,
from->getIndex(),
to->getIndex(),
text);
}
void remove(size_t index) {
remove(DEFAULT_PROGRAM_NAME, index, index);
}
void remove(size_t from, size_t to) {
remove(DEFAULT_PROGRAM_NAME, from, to);
}
void remove(RefTokenWithIndex indexT) {
remove(DEFAULT_PROGRAM_NAME, indexT, indexT);
}
void remove(RefTokenWithIndex from, RefTokenWithIndex to) {
remove(DEFAULT_PROGRAM_NAME, from, to);
}
void remove( const ANTLR_USE_NAMESPACE(std)string& programName,
size_t from, size_t to)
{
replace(programName,from,to,"");
}
void remove( const ANTLR_USE_NAMESPACE(std)string& programName,
RefTokenWithIndex from, RefTokenWithIndex to )
{
replace(programName,from,to,"");
}
void discard(int ttype) {
discardMask.add(ttype);
}
RefToken getToken( size_t i )
{
return RefToken(tokens.at(i));
}
size_t getTokenStreamSize() const {
return tokens.size();
}
void originalToStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const {
ANTLR_USE_NAMESPACE(std)for_each( tokens.begin(), tokens.end(), tokenToStream(out) );
}
void originalToStream( ANTLR_USE_NAMESPACE(std)ostream& out,
size_t start, size_t end ) const;
void toStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const {
toStream( out, MIN_TOKEN_INDEX, getTokenStreamSize());
}
void toStream( ANTLR_USE_NAMESPACE(std)ostream& out,
const ANTLR_USE_NAMESPACE(std)string& programName ) const
{
toStream( out, programName, MIN_TOKEN_INDEX, getTokenStreamSize());
}
void toStream( ANTLR_USE_NAMESPACE(std)ostream& out,
size_t start, size_t end ) const
{
toStream(out, DEFAULT_PROGRAM_NAME, start, end);
}
void toStream( ANTLR_USE_NAMESPACE(std)ostream& out,
const ANTLR_USE_NAMESPACE(std)string& programName,
size_t firstToken, size_t lastToken ) const;
void toDebugStream( ANTLR_USE_NAMESPACE(std)ostream& out ) const {
toDebugStream( out, MIN_TOKEN_INDEX, getTokenStreamSize());
}
void toDebugStream( ANTLR_USE_NAMESPACE(std)ostream& out,
size_t start, size_t end ) const;
size_t getLastRewriteTokenIndex() const {
return getLastRewriteTokenIndex(DEFAULT_PROGRAM_NAME);
}
/** Return the last index for the program named programName
* return 0 if the program does not exist or the program is empty.
* (Note this is different from the java implementation that returns -1)
*/
size_t getLastRewriteTokenIndex(const ANTLR_USE_NAMESPACE(std)string& programName) const {
program_map::const_iterator rewrites = programs.find(programName);
if( rewrites == programs.end() )
return 0;
const operation_list& prog = rewrites->second;
if( !prog.empty() )
{
operation_list::const_iterator last = prog.end();
--last;
return (*last)->getIndex();
}
return 0;
}
protected:
/** If op.index > lastRewriteTokenIndexes, just add to the end.
* Otherwise, do linear */
void addToSortedRewriteList(RewriteOperation* op) {
addToSortedRewriteList(DEFAULT_PROGRAM_NAME, op);
}
void addToSortedRewriteList( const ANTLR_USE_NAMESPACE(std)string& programName,
RewriteOperation* op );
protected:
/** Who do we suck tokens from? */
TokenStream& stream;
/** track index of tokens */
size_t index;
/** Track the incoming list of tokens */
token_list tokens;
/** You may have multiple, named streams of rewrite operations.
* I'm calling these things "programs."
* Maps String (name) -> rewrite (List)
*/
program_map programs;
/** Which (whitespace) token(s) to throw out */
BitSet discardMask;
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif

107
src/antlr/TokenStreamSelector.cpp Normal file
View File

@@ -0,0 +1,107 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamSelector.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TokenStreamSelector.hpp"
#include "antlr/TokenStreamRetryException.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A token stream MUX (multiplexor) knows about n token streams
* and can multiplex them onto the same channel for use by token
* stream consumer like a parser. This is a way to have multiple
* lexers break up the same input stream for a single parser.
* Or, you can have multiple instances of the same lexer handle
* multiple input streams; this works great for includes.
*/
TokenStreamSelector::TokenStreamSelector()
: input(0)
{
}
TokenStreamSelector::~TokenStreamSelector()
{
}
void TokenStreamSelector::addInputStream(TokenStream* stream, const ANTLR_USE_NAMESPACE(std)string& key)
{
inputStreamNames[key] = stream;
}
TokenStream* TokenStreamSelector::getCurrentStream() const
{
return input;
}
TokenStream* TokenStreamSelector::getStream(const ANTLR_USE_NAMESPACE(std)string& sname) const
{
inputStreamNames_coll::const_iterator i = inputStreamNames.find(sname);
if (i == inputStreamNames.end()) {
throw ANTLR_USE_NAMESPACE(std)string("TokenStream ")+sname+" not found";
}
return (*i).second;
}
RefToken TokenStreamSelector::nextToken()
{
// keep looking for a token until you don't
// get a retry exception
for (;;) {
try {
return input->nextToken();
}
catch (TokenStreamRetryException&) {
// just retry "forever"
}
}
}
TokenStream* TokenStreamSelector::pop()
{
TokenStream* stream = streamStack.top();
streamStack.pop();
select(stream);
return stream;
}
void TokenStreamSelector::push(TokenStream* stream)
{
streamStack.push(input);
select(stream);
}
void TokenStreamSelector::push(const ANTLR_USE_NAMESPACE(std)string& sname)
{
streamStack.push(input);
select(sname);
}
void TokenStreamSelector::retry()
{
throw TokenStreamRetryException();
}
/** Set the stream without pushing old stream */
void TokenStreamSelector::select(TokenStream* stream)
{
input = stream;
}
void TokenStreamSelector::select(const ANTLR_USE_NAMESPACE(std)string& sname)
{
inputStreamNames_coll::const_iterator i = inputStreamNames.find(sname);
if (i == inputStreamNames.end()) {
throw ANTLR_USE_NAMESPACE(std)string("TokenStream ")+sname+" not found";
}
input = (*i).second;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

87
src/antlr/TokenStreamSelector.hpp Normal file
View File

@@ -0,0 +1,87 @@
#ifndef INC_TokenStreamSelector_hpp__
#define INC_TokenStreamSelector_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenStreamSelector.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/TokenStream.hpp>
#include <map>
#include <stack>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** A token stream MUX (multiplexor) knows about n token streams
* and can multiplex them onto the same channel for use by token
* stream consumer like a parser. This is a way to have multiple
* lexers break up the same input stream for a single parser.
* Or, you can have multiple instances of the same lexer handle
* multiple input streams; this works great for includes.
*/
class ANTLR_API TokenStreamSelector : public TokenStream {
protected:
/** The set of inputs to the MUX */
#ifdef OS_NO_ALLOCATOR
typedef ANTLR_USE_NAMESPACE(std)less<ANTLR_USE_NAMESPACE(std)string> lessp;
typedef ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,TokenStream*,lessp> inputStreamNames_coll;
#else
typedef ANTLR_USE_NAMESPACE(std)map<ANTLR_USE_NAMESPACE(std)string,TokenStream*> inputStreamNames_coll;
#endif
inputStreamNames_coll inputStreamNames;
/** The currently-selected token stream input */
TokenStream* input;
/** Used to track stack of input streams */
#ifdef OS_NO_ALLOCATOR
typedef ANTLR_USE_NAMESPACE(std)stack<TokenStream*, ANTLR_USE_NAMESPACE(std)deque<TokenStream*> > streamStack_coll;
#else
typedef ANTLR_USE_NAMESPACE(std)stack<TokenStream*> streamStack_coll;
#endif
streamStack_coll streamStack;
public:
TokenStreamSelector();
~TokenStreamSelector();
void addInputStream(TokenStream* stream, const ANTLR_USE_NAMESPACE(std)string& key);
/// Return the stream from which tokens are being pulled at the moment.
TokenStream* getCurrentStream() const;
TokenStream* getStream(const ANTLR_USE_NAMESPACE(std)string& sname) const;
RefToken nextToken();
TokenStream* pop();
void push(TokenStream* stream);
void push(const ANTLR_USE_NAMESPACE(std)string& sname);
/** Abort recognition of current Token and try again.
* A stream can push a new stream (for include files
* for example, and then retry(), which will cause
* the current stream to abort back to this.nextToken().
* this.nextToken() then asks for a token from the
* current stream, which is the new "substream."
*/
void retry();
/** Set the stream without pushing old stream */
void select(TokenStream* stream);
void select(const ANTLR_USE_NAMESPACE(std)string& sname);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TokenStreamSelector_hpp__

84
src/antlr/TokenWithIndex.hpp Normal file
View File

@@ -0,0 +1,84 @@
#ifndef INC_TokenWithIndex_hpp__
#define INC_TokenWithIndex_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TokenWithIndex.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/CommonToken.hpp>
#include <antlr/String.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API TokenWithIndex : public ANTLR_USE_NAMESPACE(antlr)CommonToken {
public:
// static size_t count;
TokenWithIndex() : CommonToken(), index(0)
{
// std::cout << __PRETTY_FUNCTION__ << std::endl;
// count++;
}
TokenWithIndex(int t, const ANTLR_USE_NAMESPACE(std)string& txt)
: CommonToken(t,txt)
, index(0)
{
// std::cout << __PRETTY_FUNCTION__ << std::endl;
// count++;
}
TokenWithIndex(const ANTLR_USE_NAMESPACE(std)string& s)
: CommonToken(s)
, index(0)
{
// std::cout << __PRETTY_FUNCTION__ << std::endl;
// count++;
}
~TokenWithIndex()
{
// count--;
}
void setIndex( size_t idx )
{
index = idx;
}
size_t getIndex( void ) const
{
return index;
}
ANTLR_USE_NAMESPACE(std)string toString() const
{
return ANTLR_USE_NAMESPACE(std)string("[")+
index+
":\""+
getText()+"\",<"+
getType()+">,line="+
getLine()+",column="+
getColumn()+"]";
}
static RefToken factory()
{
return RefToken(new TokenWithIndex());
}
protected:
size_t index;
private:
TokenWithIndex(const TokenWithIndex&);
const TokenWithIndex& operator=(const TokenWithIndex&);
};
typedef TokenRefCount<TokenWithIndex> RefTokenWithIndex;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_CommonToken_hpp__

72
src/antlr/TreeParser.cpp Normal file
View File

@@ -0,0 +1,72 @@
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TreeParser.cpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include "antlr/TreeParser.hpp"
#include "antlr/ASTNULLType.hpp"
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** The AST Null object; the parsing cursor is set to this when
* it is found to be null. This way, we can test the
* token type of a node without having to have tests for null
* everywhere.
*/
RefAST TreeParser::ASTNULL(new ASTNULLType);
/** Parser error-reporting function can be overridden in subclass */
void TreeParser::reportError(const RecognitionException& ex)
{
ANTLR_USE_NAMESPACE(std)cerr << ex.toString().c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser error-reporting function can be overridden in subclass */
void TreeParser::reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
ANTLR_USE_NAMESPACE(std)cerr << "error: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Parser warning-reporting function can be overridden in subclass */
void TreeParser::reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
ANTLR_USE_NAMESPACE(std)cerr << "warning: " << s.c_str() << ANTLR_USE_NAMESPACE(std)endl;
}
/** Procedure to write out an indent for traceIn and traceOut */
void TreeParser::traceIndent()
{
for( int i = 0; i < traceDepth; i++ )
ANTLR_USE_NAMESPACE(std)cout << " ";
}
void TreeParser::traceIn(const char* rname, RefAST t)
{
traceDepth++;
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "> " << rname
<< "(" << (t ? t->toString().c_str() : "null") << ")"
<< ((inputState->guessing>0)?" [guessing]":"")
<< ANTLR_USE_NAMESPACE(std)endl;
}
void TreeParser::traceOut(const char* rname, RefAST t)
{
traceIndent();
ANTLR_USE_NAMESPACE(std)cout << "< " << rname
<< "(" << (t ? t->toString().c_str() : "null") << ")"
<< ((inputState->guessing>0)?" [guessing]":"")
<< ANTLR_USE_NAMESPACE(std)endl;
traceDepth--;
}
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif

155
src/antlr/TreeParser.hpp Normal file
View File

@@ -0,0 +1,155 @@
#ifndef INC_TreeParser_hpp__
#define INC_TreeParser_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TreeParser.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/AST.hpp>
#include <antlr/ASTFactory.hpp>
#include <antlr/BitSet.hpp>
#include <antlr/RecognitionException.hpp>
#include <antlr/MismatchedTokenException.hpp>
#include <antlr/TreeParserSharedInputState.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
class ANTLR_API TreeParser {
public:
TreeParser()
: astFactory(0)
, inputState(new TreeParserInputState())
, traceDepth(0)
{
}
TreeParser(const TreeParserSharedInputState& state)
: astFactory(0)
, inputState(state)
, traceDepth(0)
{
}
virtual ~TreeParser()
{
}
/// Get the AST return value squirreled away in the parser
virtual RefAST getAST() = 0;
/** Make sure current lookahead symbol matches the given set
* Throw an exception upon mismatch, which is caught by either the
* error handler or by a syntactic predicate.
*/
virtual void match(RefAST t, const BitSet& b)
{
if ( !t || t==ASTNULL || !b.member(t->getType()) )
throw MismatchedTokenException( getTokenNames(), getNumTokens(),
t, b, false );
}
/** Specify the AST factory to be used during tree building. (Compulsory)
* Setting the factory is compulsory (if you intend to modify
* the tree in the treeparser). The AST Factory is shared between
* parser (who builds the initial AST) and treeparser.
* @see Parser::getASTFactory()
*/
virtual void setASTFactory(ASTFactory* factory)
{
astFactory = factory;
}
/// Return pointer to ASTFactory
virtual ASTFactory* getASTFactory() const
{
return astFactory;
}
/// Get the name for token 'num'
virtual const char* getTokenName(int num) const = 0;
/// Return the number of tokens defined
virtual int getNumTokens() const = 0;
/// Return an array of getNumTokens() token names
virtual const char* const* getTokenNames() const = 0;
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const RecognitionException& ex);
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s);
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s);
/// These are used during when traceTreeParser commandline option is passed.
virtual void traceIndent();
virtual void traceIn(const char* rname, RefAST t);
virtual void traceOut(const char* rname, RefAST t);
/** The AST Null object; the parsing cursor is set to this when
* it is found to be null. This way, we can test the
* token type of a node without having to have tests for 0
* everywhere.
*/
static RefAST ASTNULL;
protected:
virtual void match(RefAST t, int ttype)
{
if (!t || t == ASTNULL || t->getType() != ttype )
throw MismatchedTokenException( getTokenNames(), getNumTokens(),
t, ttype, false );
}
virtual void matchNot(RefAST t, int ttype)
{
if ( !t || t == ASTNULL || t->getType() == ttype )
throw MismatchedTokenException( getTokenNames(), getNumTokens(),
t, ttype, true );
}
/** AST support code; parser and treeparser delegate to this object */
ASTFactory* astFactory;
/// The input state of this tree parser.
TreeParserSharedInputState inputState;
/** Used to keep track of indent depth with -traceTreeParser */
int traceDepth;
/** Utility class which allows tracing to work even when exceptions are
* thrown.
*/
class Tracer {
private:
TreeParser* parser;
const char* text;
RefAST tree;
public:
Tracer(TreeParser* p, const char* t, RefAST a)
: parser(p), text(t), tree(a)
{
parser->traceIn(text,tree);
}
~Tracer()
{
parser->traceOut(text,tree);
}
private:
Tracer(const Tracer&); // undefined
const Tracer& operator=(const Tracer&); // undefined
};
private:
// no copying of treeparser instantiations...
TreeParser(const TreeParser& other);
TreeParser& operator=(const TreeParser& other);
};
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TreeParser_hpp__

45
src/antlr/TreeParserSharedInputState.hpp Normal file
View File

@@ -0,0 +1,45 @@
#ifndef INC_TreeParserSharedInputState_hpp__
#define INC_TreeParserSharedInputState_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: TreeParserSharedInputState.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
#include <antlr/config.hpp>
#include <antlr/RefCount.hpp>
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
namespace antlr {
#endif
/** This object contains the data associated with an
* input AST. Multiple parsers
* share a single TreeParserSharedInputState to parse
* the same tree or to have the parser walk multiple
* trees.
*/
class ANTLR_API TreeParserInputState {
public:
TreeParserInputState() : guessing(0) {}
virtual ~TreeParserInputState() {}
public:
/** Are we guessing (guessing>0)? */
int guessing; //= 0;
private:
// we don't want these:
TreeParserInputState(const TreeParserInputState&);
TreeParserInputState& operator=(const TreeParserInputState&);
};
typedef RefCount<TreeParserInputState> TreeParserSharedInputState;
#ifdef ANTLR_CXX_SUPPORTS_NAMESPACE
}
#endif
#endif //INC_TreeParserSharedInputState_hpp__

98
src/antlr/antlr.pro Normal file
View File

@@ -0,0 +1,98 @@
#-*- mode: makefile; tab-width: 4; -*-
#
include(../../qmake.inc)
#
TEMPLATE = lib
#
SOURCES = ANTLRUtil.cpp \
ASTFactory.cpp \
ASTNULLType.cpp \
ASTRefCount.cpp \
BaseAST.cpp \
BitSet.cpp \
CharBuffer.cpp \
CharScanner.cpp \
CommonAST.cpp \
CommonASTWithHiddenTokens.cpp \
CommonHiddenStreamToken.cpp \
CommonToken.cpp \
InputBuffer.cpp \
LLkParser.cpp \
MismatchedCharException.cpp \
MismatchedTokenException.cpp \
NoViableAltException.cpp \
NoViableAltForCharException.cpp \
Parser.cpp \
RecognitionException.cpp \
String.cpp \
TokenBuffer.cpp \
Token.cpp \
TokenRefCount.cpp \
TokenStreamBasicFilter.cpp \
TokenStreamHiddenTokenFilter.cpp \
TokenStreamRewriteEngine.cpp \
TokenStreamSelector.cpp \
TreeParser.cpp
# dll.cpp \
HEADERS = ANTLRException.hpp \
ANTLRUtil.hpp \
ASTArray.hpp \
ASTFactory.hpp \
AST.hpp \
ASTNULLType.hpp \
ASTPair.hpp \
ASTRefCount.hpp \
BaseAST.hpp \
BitSet.hpp \
CharBuffer.hpp \
CharInputBuffer.hpp \
CharScanner.hpp \
CharStreamException.hpp \
CharStreamIOException.hpp \
CircularQueue.hpp \
CommonAST.hpp \
CommonASTWithHiddenTokens.hpp \
CommonHiddenStreamToken.hpp \
CommonToken.hpp \
config.hpp \
InputBuffer.hpp \
IOException.hpp \
LexerSharedInputState.hpp \
LLkParser.hpp \
MismatchedCharException.hpp \
MismatchedTokenException.hpp \
NoViableAltException.hpp \
NoViableAltForCharException.hpp \
Parser.hpp \
ParserSharedInputState.hpp \
RecognitionException.hpp \
RefCount.hpp \
SemanticException.hpp \
String.hpp \
TokenBuffer.hpp \
Token.hpp \
TokenRefCount.hpp \
TokenStreamBasicFilter.hpp \
TokenStreamException.hpp \
TokenStreamHiddenTokenFilter.hpp \
TokenStream.hpp \
TokenStreamIOException.hpp \
TokenStreamRecognitionException.hpp \
TokenStreamRetryException.hpp \
TokenStreamRewriteEngine.hpp \
TokenStreamSelector.hpp \
TokenWithIndex.hpp \
TreeParser.hpp \
TreeParserSharedInputState.hpp
CONFIG += staticlib
INCLUDEPATH += $$ANTLR_INCLUDEPATH
DEFINES += $$ANTLR_DEFINES
TARGET = antlr
INSTALLS -= target

290
src/antlr/config.hpp Normal file
View File

@@ -0,0 +1,290 @@
#ifndef INC_config_hpp__
#define INC_config_hpp__
/* ANTLR Translator Generator
* Project led by Terence Parr at http://www.jGuru.com
* Software rights: http://www.antlr.org/license.html
*
* $Id: config.hpp 1361 2007-06-07 02:34:05Z vkurland $
*/
/*
* Just a simple configuration file to differentiate between the
* various compilers used and reconfigure stuff for any oddities of the
* compiler in question.
*
* These are the defaults. Per compiler these are amended.
*/
#define ANTLR_USE_NAMESPACE(_x_) _x_::
#define ANTLR_USING_NAMESPACE(_x_) using namespace _x_;
#define ANTLR_CXX_SUPPORTS_NAMESPACE 1
#define ANTLR_C_USING(_x_)
#define ANTLR_API
#ifndef CUSTOM_API
# define CUSTOM_API
#endif
#define ANTLR_IOS_BASE ios_base
/** define if cctype functions/macros need a std:: prefix. A lot of compilers
* define these as macros, in which case something barfs.
*/
#define ANTLR_CCTYPE_NEEDS_STD
/// Define if C++ compiler supports std::uncaught_exception
#define ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION
#define ANTLR_ATOI_IN_STD
/******************************************************************************/
/*{{{ Microsoft Visual C++ */
// NOTE: If you provide patches for a specific MSVC version guard them for
// the specific version!!!!
// _MSC_VER == 1100 for Microsoft Visual C++ 5.0
// _MSC_VER == 1200 for Microsoft Visual C++ 6.0
// _MSC_VER == 1300 for Microsoft Visual C++ 7.0
#if defined(_MSC_VER)
# if _MSC_VER < 1300
# define NOMINMAX
# pragma warning(disable : 4786)
# define min _cpp_min
# endif
// This warning really gets on my nerves.
// It's the one about symbol longer than 256 chars, and it happens
// all the time with STL.
# pragma warning( disable : 4786 4231 )
// this shuts up some DLL interface warnings for STL
# pragma warning( disable : 4251 )
# ifdef ANTLR_CXX_USE_STLPORT
# undef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION
# endif
# if ( _MSC_VER < 1300 ) && ( defined(ANTLR_EXPORTS) || defined(ANTLR_IMPORTS) )
# error "DLL Build not supported on these MSVC versions."
// see comment in lib/cpp/src/dll.cpp
# endif
// For the DLL support originally contributed by Stephen Naughton
// If you are building statically leave ANTLR_EXPORTS/ANTLR_IMPORTS undefined
// If you are building the DLL define ANTLR_EXPORTS
// If you are compiling code to be used with the DLL define ANTLR_IMPORTS
# ifdef ANTLR_EXPORTS
# undef ANTLR_API
# define ANTLR_API __declspec(dllexport)
# endif
# ifdef ANTLR_IMPORTS
# undef ANTLR_API
# define ANTLR_API __declspec(dllimport)
# endif
# if ( _MSC_VER < 1200 )
// supposedly only for MSVC5 and before...
// Using vector<XXX> requires operator<(X,X) to be defined
# define NEEDS_OPERATOR_LESS_THAN
# endif
// VC6
# if ( _MSC_VER == 1200 )
# undef ANTLR_ATOI_IN_STD
# endif
# if ( _MSC_VER < 1310 )
// Supposedly only for MSVC7 and before...
// Not allowed to put 'static const int XXX=20;' in a class definition
# define NO_STATIC_CONSTS
# define NO_TEMPLATE_PARTS
# endif
// No strcasecmp in the C library (so use stricmp instead)
// - Anyone know which is in which standard?
# define NO_STRCASECMP
# undef ANTLR_CCTYPE_NEEDS_STD
# define NO_STATIC_CONSTS
#endif // End of Microsoft Visual C++
/*}}}*/
/******************************************************************************/
/*{{{ SunPro Compiler (Using OBJECTSPACE STL)
*****************************************************************************/
#ifdef __SUNPRO_CC
# if (__SUNPRO_CC >= 0x500)
# define NEEDS_OPERATOR_LESS_THAN
# define NO_TEMPLATE_PARTS
# else
# undef namespace
# define namespace
# if (__SUNPRO_CC == 0x420)
/* This code is specif to SunWspro Compiler 4.2, and will compile with
the objectspace 2.1 toolkit for Solaris2.6 */
# define HAS_NOT_CASSERT_H
# define HAS_NOT_CSTRING_H
# define HAS_NOT_CCTYPE_H
# define HAS_NOT_CSTDIO_H
# define HAS_OSTREAM_H
/* #define OS_SOLARIS_2_6
#define OS_NO_WSTRING
#define OS_NO_ALLOCATORS
#define OS_MULTI_THREADED
#define OS_SOLARIS_NATIVE
#define OS_REALTIME
#define __OSVERSION__=5
#define SVR4
*/
// ObjectSpace + some specific templates constructions with stl.
/* #define OS_NO_ALLOCATOR */
// This great compiler does not have the namespace feature.
# undef ANTLR_USE_NAMESPACE
# define ANTLR_USE_NAMESPACE(_x_)
# undef ANTLR_USING_NAMESPACE
# define ANTLR_USING_NAMESPACE(_x_)
# undef ANTLR_CXX_SUPPORTS_NAMESPACE
# endif // End __SUNPRO_CC == 0x420
# undef explicit
# define explicit
# define exception os_exception
# define bad_exception os_bad_exception
// Not allowed to put 'static const int XXX=20;' in a class definition
# define NO_STATIC_CONSTS
// Using vector<XXX> requires operator<(X,X) to be defined
# define NEEDS_OPERATOR_LESS_THAN
# endif
# undef ANTLR_CCTYPE_NEEDS_STD
#endif // end __SUNPRO_CC
/*}}}*/
/*****************************************************************************/
/*{{{ Inprise C++ Builder 3.0
*****************************************************************************/
#ifdef __BCPLUSPLUS__
# define NO_TEMPLATE_PARTS
# define NO_STRCASECMP
# undef ANTLR_CCTYPE_NEEDS_STD
#endif // End of C++ Builder 3.0
/*}}}*/
/*****************************************************************************/
/*{{{ IBM VisualAge C++ ( which includes the Dinkumware C++ Library )
*****************************************************************************/
#ifdef __IBMCPP__
// No strcasecmp in the C library (so use stricmp instead)
// - Anyone know which is in which standard?
#if (defined(_AIX) && (__IBMCPP__ >= 600))
# define NO_STATIC_CONSTS
#else
# define NO_STRCASECMP
# undef ANTLR_CCTYPE_NEEDS_STD
#endif
#endif // end IBM VisualAge C++
/*}}}*/
/*****************************************************************************/
/*{{{ Metrowerks Codewarrior
*****************************************************************************/
#ifdef __MWERKS__
# if (__MWERKS__ <= 0x2201)
# define NO_TEMPLATE_PARTS
# endif
// CW 6.0 and 7.0 still do not have it.
# define ANTLR_REALLY_NO_STRCASECMP
# undef ANTLR_C_USING
# define ANTLR_C_USING(_x_) using std:: ## _x_;
# define ANTLR_CCTYPE_NEEDS_STD
# undef ANTLR_CXX_SUPPORTS_UNCAUGHT_EXCEPTION
#endif // End of Metrowerks Codewarrior
/*}}}*/
/*****************************************************************************/
/*{{{ SGI Irix 6.5.10 MIPSPro compiler
*****************************************************************************/
// (contributed by Anna Winkler)
// Note: you can't compile ANTLR with the MIPSPro compiler on
// anything < 6.5.10 because SGI just fixed a big bug dealing with
// namespaces in that release.
#ifdef __sgi
# define HAS_NOT_CCTYPE_H
# define HAS_NOT_CSTRING_H
# define HAS_NOT_CSTDIO_H
# undef ANTLR_CCTYPE_NEEDS_STD
#endif // End IRIX MIPSPro
/*}}}*/
/*****************************************************************************/
/*{{{ G++ in various incarnations
*****************************************************************************/
// With the gcc-2.95 and 3.0 being in the near future we should start handling
// incompatabilities between the various libstdc++'s.
#if defined(__GNUC__) || defined(__GNUG__)
// gcc 2 branch..
# if (__GNUC__ == 2 )
# if (__GNUC_MINOR__ <= 8 )
# undef ANTLR_USE_NAMESPACE
# define ANTLR_USE_NAMESPACE(_x_)
# undef ANTLR_USING_NAMESPACE
# define ANTLR_USING_NAMESPACE(_x_)
# undef ANTLR_CXX_SUPPORTS_NAMESPACE
# endif
# if (__GNUC_MINOR__ > 8 && __GNUC_MINOR__ <= 95 )
# undef ANTLR_IOS_BASE
# define ANTLR_IOS_BASE ios
# undef ANTLR_CCTYPE_NEEDS_STD
// compiling with -ansi ?
# ifdef __STRICT_ANSI__
# undef ANTLR_REALLY_NO_STRCASECMP
# define ANTLR_REALLY_NO_STRCASECMP
# endif
# else
// experimental .96 .97 branches..
# undef ANTLR_CCTYPE_NEEDS_STD
# endif
# endif
#endif // ! __GNUC__
/*}}}*/
/*****************************************************************************/
/*{{{ Digital CXX (Tru64)
*****************************************************************************/
#ifdef __DECCXX
#define __USE_STD_IOSTREAM
#endif
/*}}}*/
/*****************************************************************************/
#ifdef __BORLANDC__
# if __BORLANDC__ >= 560
# include <ctype>
# include <stdlib>
# define ANTLR_CCTYPE_NEEDS_STD
# else
# error "sorry, compiler is too old - consider an update."
# endif
#endif
// Redefine these for backwards compatability..
#undef ANTLR_BEGIN_NAMESPACE
#undef ANTLR_END_NAMESPACE
#if ANTLR_CXX_SUPPORTS_NAMESPACE == 1
# define ANTLR_BEGIN_NAMESPACE(_x_) namespace _x_ {
# define ANTLR_END_NAMESPACE }
#else
# define ANTLR_BEGIN_NAMESPACE(_x_)
# define ANTLR_END_NAMESPACE
#endif
#endif //INC_config_hpp__

Some files were not shown because too many files have changed in this diff Show More