/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("virtual-router name not found\n");
}
$node = DH::findFirstElementOrCreate('interface', $xml);
$this->attachedInterfaces->load_from_domxml($node);
$node = DH::findXPath('/routing-table/ip/static-route/entry', $xml);
if ($node !== false) {
for ($i = 0; $i < $node->length; $i++) {
$newRoute = new StaticRoute('***tmp**', $this);
$newRoute->load_from_xml($node->item($i));
$this->_staticRoutes[] = $newRoute;
}
}
}
derr("error while reading xml config file");
}
} elseif ($configInput['type'] == 'api') {
if ($debugAPI) {
$configInput['connector']->setShowApiCalls(true);
}
print " - Downloading config from API... ";
$xmlDoc = $configInput['connector']->getCandidateConfig();
print "OK!\n";
} else {
derr('not supported yet');
}
//
// Determine if PANOS or Panorama
//
$xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc);
if ($xpathResult === FALSE) {
derr('XPath error happened');
}
if ($xpathResult->length < 1) {
$configType = 'panorama';
} else {
$configType = 'panos';
}
unset($xpathResult);
if ($configType == 'panos') {
$pan = new PANConf();
} else {
$pan = new PanoramaConf();
}
print " - Detected platform type is '{$configType}'\n";
/**
* @param string $xpathString
* @param DOMDocument|DOMNode $contextNode
* @return DOMNode
*/
public static function findXPathSingleEntryOrDie($xpathString, $contextNode)
{
$nodes = DH::findXPath($xpathString, $contextNode);
if ($nodes === FALSE) {
derr("XPath query evaluation error for '{$xpathString}'");
}
if ($nodes->length == 0) {
derr("no matching node found for xpath '{$xpathString}'", $contextNode);
}
if ($nodes->length > 1) {
derr("more than 1 matching node found for xpath '{$xpathString}'");
}
return $nodes->item(0);
}
derr("this is filter is only supported on firewall/vsys based, Panorama is not allowed." . $object->toString());
}
$connector = findConnector($vsys);
if ($connector === null) {
derr("this filter is available only from API enabled PANConf objects");
}
if (!isset($vsys->apiCache)) {
$vsys->apiCache = array();
}
// caching results for speed improvements
if (!isset($vsys->apiCache['unusedSecurity'])) {
$vsys->apiCache['unusedSecurity'] = array();
$apiCmd = '<show><running><rule-use><rule-base>security</rule-base><type>unused</type><vsys>' . $vsys->name() . '</vsys></rule-use></running></show>';
$apiResult = $connector->sendCmdRequest($apiCmd);
DH::dom_to_xml($apiResult);
$rulesXml = DH::findXPath('/result/rules/entry', $apiResult);
for ($i = 0; $i < $rulesXml->length; $i++) {
$ruleName = $rulesXml->item($i)->textContent;
$vsys->apiCache['unusedSecurity'][$ruleName] = $ruleName;
}
}
if (isset($vsys->apiCache['unusedSecurity'][$object->name()])) {
return true;
}
return false;
}, 'arg' => false);
RQuery::$defaultFilters['rule']['name']['operators']['eq'] = array('eval' => function ($object, &$nestedQueries, $value) {
/** @var $object Rule|SecurityRule|NatRule|DecryptionRule */
return $object->name() == $value;
}, 'arg' => true);
RQuery::$defaultFilters['rule']['name']['operators']['regex'] = array('eval' => function ($object, &$nestedQueries, $value) {