Re: [Fwbuilder-discussion] Bug introduced between 2.1.11 and 2.1.15: Default Policy rule options do
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Bug introduced between 2.1.11 and 2.1.15: Default Policy rule options don't agree
|
From: Tom J. <to...@to...> - 2007-12-13 22:36:54
|
I have submitted a bug report about this (#1850346).
Tom
Tom Judge wrote:
> Hi,
>
> I have just been looking at some problems with FWBuilder 2.1.15 and
> found that getStatelessFlagForAction and isDefaultPolicyRuleOptions (in
> platforms.cpp) do not agree on whether PolicyRule::Route should be
> stateful or stateless.
>
> Please find attached a diff that fixes this inconsistency in
> fwbuilder/src/gui/platform.cpp. I guess that there is still a bug in
> one of the migration xslt's that sets stateless by default on
> PolicyRule::Route.
>
> I cam across this problem when I migrated from 2.1.10 to 2.1.15 as the
> base version for our local changes.
>
> In our environment it is required for PolicyRule::Route to be stateful
> by default because we use these rules for load balancing our application
> servers (load balancing options for pf to follow as a patch soon).
>
>
> Please see the offending code bellow.
>
> Tom Judge
>
> snippets from src/gui/platforms.cpp:
>
> bool getStatelessFlagForAction(PolicyRule *rule)
> {
> PolicyRule::Action act = rule->getAction();
> if (act==PolicyRule::Accept ||
> act==PolicyRule::Tag ||
> act==PolicyRule::Route) return false;
> else
> return true;
> }
>
> bool isDefaultPolicyRuleOptions(FWOptions *opt)
> {
>
> <SNIP>
> if (rule!=NULL)
> {
> PolicyRule::Action act=rule->getAction();
> if (act==PolicyRule::Accept || act==PolicyRule::Tag)
> {
> // by default, these actions are not stateless
> res = res && (!opt->getBool("stateless"));
> } else
> {
> // other actions are stateless by default
> res = res && opt->getBool("stateless");
> }
> }
>
> // all rules are stateless for IOS ACL
> if (platform=="iosacl")
> {
> res = true; // ignore "stateless" option
> }
>
> }
> return res;
> }
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Index: platforms.cpp
> ===================================================================
> --- platforms.cpp (.../vendor/fwbuilder/current/src/gui/platforms.cpp) (revision 70826)
> +++ platforms.cpp (.../fwbuilder/trunk/src/gui/platforms.cpp) (revision 70826)
> @@ -285,7 +295,7 @@
> if (rule!=NULL)
> {
> PolicyRule::Action act=rule->getAction();
> - if (act==PolicyRule::Accept || act==PolicyRule::Tag)
> + if (act==PolicyRule::Accept || act==PolicyRule::Tag || act==PolicyRule::Route)
> {
> // by default, these actions are not stateless
> res = res && (!opt->getBool("stateless"));
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by:
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services
> for just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwb...@li...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
|