|
|
This class contains all user policy configuration. It updates the relevant configuration portions based on user changes. Also, it does some sanity checking by (dis)allowing the user to do certain actions [such as delete sets which are referenced in policies].
typedef map<string,Code*> CodeMap | CodeMap |
typedef set<uint32_t> TagSet | TagSet |
typedef map<string,TagSet*> TagMap | TagMap |
ConfError (class) | ConfError |
Configuration (ProcessWatchBase& pw)
| Configuration |
Parameters:
a | process watcher used to initialize the VarMap. |
~Configuration ()
| ~Configuration |
void delete_term (const string& policy, const string& term)
| delete_term |
Throws an exception on failure. Checks for non-existant policy/term conditions.
Parameters:
policy | policy in which term should be deleted. |
term | term to delete. |
void update_term_block (const string& policy,
const string& term,
const uint32_t& block,
const ConfigNodeId& order,
const string& statement)
| update_term_block |
Update the source/dest/action block of a term.
Throws an exception on failure. Checks for non-existent policy/term conditions. Also tries to parse the configuration. No compilation / semantic check is performed now.
Parameters:
policy | the name of the policy. |
term | the name of the term. |
block | the block to update (0:source, 1:dest, 2:action). |
order | node ID with position of term. |
statement | the statement to insert. |
void create_term (const string& policy, const ConfigNodeId& order,
const string& term)
| create_term |
Append a term to a policy.
Throws an exception on failure. Checks if term already exists.
Parameters:
policy | policy in which term should be created. |
order | node ID with position of term. |
term | term name which should be created. |
void create_policy (const string& policy)
| create_policy |
Throws an exception on failure. Checks if policy already exists.
Parameters:
policy | policy which should be created. |
void delete_policy (const string& policy)
| delete_policy |
Throws an exception on failure. Checks if policy is in use [instantiated by an export/import directive.]
Parameters:
policy | policy which should be deleted. |
void create_set (const string& set)
| create_set |
Throws an exception on failure. Checks if set already exists.
Parameters:
set | name of the set to be created. |
void update_set (const string& type, const string& set,
const string& elements)
| update_set |
Throws an exception on failure. Checks if set exists.
Parameters:
type | the type of the set. |
set | name of the set to be updated. |
elements | comma separated elements to be replaced in set. |
void delete_set (const string& set)
| delete_set |
Throws an exception on failure. Checks if set is in use.
Parameters:
set | name of set to delete. |
void add_to_set (const string& type, const string& name,
const string& element)
| add_to_set |
Add an element to a set.
Throws an exception on failure. Checks if set exists.
Parameters:
type | the type of the set. |
name | name of the set. |
element | the element to add. |
void delete_from_set (const string& type, const string& name,
const string& element)
| delete_from_set |
Delete an element from a set.
Throws an exception on failure. Checks if set exists.
Parameters:
type | the type of the set. |
name | name of the set. |
element | the element to delete. |
void update_imports (const string& protocol, const list<string>& imports)
| update_imports |
Throws an exception on failure. Checks if policies exist.
Parameters:
protocol | name of protocol which should have imports updated. |
imports | list of policy-names. |
void update_exports (const string& protocol, const list<string>& exports)
| update_exports |
Throws an exception on failure. Checks if policies exist.
Parameters:
protocol | name of protocol which should have exports updated. |
exports | list of policy-names. |
string str ()
| str |
Returns: string representation of configuration
void commit (uint32_t msec)
| commit |
Commit all configuration changes. This will compile all needed policies and link them. It will then commit changes to the actual policy filters. Commits are optionally delayed in order to aggregate configuration changes. For example, at boot-up many small changes are done in small time intervals. It would be more efficient to configure the filters only after all changes have been made. Thus delaying a commit will help.
The delay will only be imposed on sending the configuration to the filters -- all semantic checks and compile is done immediately.
Parameters:
msec | milliseconds after which code should be sent to filters. |
void add_varmap (const string& protocol, const string& name,
const string& type, const string& access,
const VarRW::Id& id)
| add_varmap |
Add a variable to the VarMap, needed for semantic checking.
Parameters:
protocol | the protocol this variable is available to. |
variable | name of the variable. |
type | the type of the variable. |
access | the permissions on the variable (r/rw). |
id | the id used for VarRW interaction. |
void set_filter_manager (FilterManagerBase&)
| set_filter_manager |
This method should be called once at initialization to set the FilterManager. It should not be deleted by the Configuration class -- it does not own it.
CodeMap& import_filters ()
| import_filters |
A CodeMap is a map relating protocols to code. All the code for a protocol will be found in its entry. The code however will normally be for a specific filter.
Returns: the CodeMap for import filters.
CodeMap& sourcematch_filters ()
| sourcematch_filters |
Returns: the CodeMap for source match filters.
CodeMap& export_filters ()
| export_filters |
Returns: the CodeMap for export filters.
SetMap& sets ()
| sets |
Returns: the SetMap relating set-name to the actual set.
TagMap& tagmap ()
| tagmap |
Returns: the policy tag map relating policytags to destination protocols.
string dump_state (uint32_t id)
| dump_state |
Dump internal state. Debugging only.
Parameters:
id | specifies which aspect of state to dump. |
Returns: human readable state information.