[fwbuilder-commits] [SCM] Firewall Builder GUI and Policy Compilers Open Source Code branch, develo
Brought to you by:
mikehorn
From: <gi...@ir...> - 2011-03-25 22:51:02
|
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Firewall Builder GUI and Policy Compilers Open Source Code". The branch, development has been updated via 5bfcc226cb15cff7e3371c29ec1ee6b65566ece5 (commit) from b89afcc87a7a8feaa7ceebbd10f5defcfe3fd687 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5bfcc226cb15cff7e3371c29ec1ee6b65566ece5 Author: Vadim Kurland <va...@sl...> Date: Fri Mar 25 16:02:15 2011 -0700 * PIXImporter.cpp (finalize): see #2277 "Create policy objects for ASA access-lists that are not applied in an access-group". Policy rule set will be created and populated with rules found in the corresponding access-list even if this access-list is not applied to an interface with access-group command. diff --git a/doc/ChangeLog b/doc/ChangeLog index 03639d5..27384eb 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,11 @@ 2011-03-25 vadim <va...@ne...> + * PIXImporter.cpp (finalize): see #2277 "Create policy objects for + ASA access-lists that are not applied in an access-group". Policy + rule set will be created and populated with rules found in the + corresponding access-list even if this access-list is not applied + to an interface with access-group command. + * parsers/pix.g (tcp_udp_rule_extended): see #2273 Improvements in the parser for PIX/ASA configs to make it recognize object-group and named object names used to define source port, destination diff --git a/src/import/IOSImporter.cpp b/src/import/IOSImporter.cpp index ae6a168..4b7b645 100644 --- a/src/import/IOSImporter.cpp +++ b/src/import/IOSImporter.cpp @@ -264,8 +264,13 @@ void IOSImporter::MergeRules::move(FWObject* r) target_ruleset->reparent(rule); - RuleElementItf* re =rule->getItf(); - re->addRef(intf); + if (intf) + { + RuleElementItf* re =rule->getItf(); + assert(re); + re->addRef(intf); + } + rule->setDirection(dir); std::string prev_comment = rule->getComment(); diff --git a/src/import/PIXImporter.cpp b/src/import/PIXImporter.cpp index 1b58e70..cd1c94b 100644 --- a/src/import/PIXImporter.cpp +++ b/src/import/PIXImporter.cpp @@ -35,6 +35,7 @@ #include "interfaceProperties.h" #include "interfacePropertiesObjectFactory.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/AddressRange.h" #include "fwbuilder/Resources.h" #include "fwbuilder/Network.h" @@ -290,7 +291,26 @@ Firewall* PIXImporter::finalize() { qDebug() << " irs->name=" << irs->name.c_str(); qDebug() << " irs->intf_dir.size()=" << irs->intf_dir.size(); + qDebug() << " irs->ruleset->getName()=" + << irs->ruleset->getName().c_str(); qDebug() << " irs->ruleset->size()=" << irs->ruleset->size(); + FWObject *p = irs->ruleset->getParent(); + qDebug() << " irs->ruleset->getParent()=" << p; + if (p) + qDebug() << " " << p->getName().c_str(); + qDebug() << " fw=" << fw; + qDebug() << " policy=" << policy; + } + + if (irs->intf_dir.size() == 0) + { + // no interface and direction information for this rule set + // Perhaps no access-group command ? + FWObjectDatabase *dbroot = fw->getRoot(); + FWObject *new_ruleset = dbroot->create( + irs->ruleset->getTypeName()); + fw->add(new_ruleset); + new_ruleset->duplicate(irs->ruleset); } // optimization: If we have several interfaces for @@ -304,6 +324,7 @@ Firewall* PIXImporter::finalize() // to the same interface both in and out (although in // this case we have already switched direction to "both") // + if (irs->intf_dir.size()>1) { std::list<std::string> all_in; @@ -311,15 +332,11 @@ Firewall* PIXImporter::finalize() std::list<std::string> all_both; std::map<std::string,std::string>::iterator i; - for (i = irs->intf_dir.begin(); - i != irs->intf_dir.end(); ++i) + for (i = irs->intf_dir.begin(); i != irs->intf_dir.end(); ++i) { - if ( (*i).second=="in") - all_in.push_back( (*i).first ); - if ( (*i).second=="out") - all_out.push_back( (*i).first ); - if ( (*i).second=="both") - all_both.push_back( (*i).first ); + if ( (*i).second=="in") all_in.push_back( (*i).first ); + if ( (*i).second=="out") all_out.push_back( (*i).first ); + if ( (*i).second=="both") all_both.push_back( (*i).first ); } FWObject *og; @@ -399,7 +416,7 @@ Firewall* PIXImporter::finalize() rs->renumberRules(); } - return getFirewallObject(); + return fw; } else { ----------------------------------------------------------------------- Summary of changes: doc/ChangeLog | 6 ++++++ src/import/IOSImporter.cpp | 9 +++++++-- src/import/PIXImporter.cpp | 35 ++++++++++++++++++++++++++--------- 3 files changed, 39 insertions(+), 11 deletions(-) hooks/post-receive -- Firewall Builder GUI and Policy Compilers Open Source Code |