public function publish($subject, $body, $channels = [])
{
$structured = ['default' => $body];
foreach ($channels as $channel) {
$is_supported = true;
switch ($channel) {
case self::CHANNEL_EMAIL:
case self::CHANNEL_SQS:
case self::CHANNEL_LAMBDA:
case self::CHANNEL_HTTP:
case self::CHANNEL_HTTPS:
case self::CHANNEL_SMS:
// don't touch body
break;
case self::CHANNEL_APNS:
case self::CHANNEL_APNS_SANDBOX:
case self::CHANNEL_APNS_VOIP:
case self::CHANNEL_APNS_VOIP_SANDBOX:
case self::CHANNEL_MACOS:
case self::CHANNEL_MACOS_SANDBOX:
$body = ["aps" => ["alert" => $body]];
break;
case self::CHANNEL_GCM:
case self::CHANNEL_ADM:
$body = ["data" => ["message" => $body]];
break;
case self::CHANNEL_BAIDU:
$body = ["title" => $body, "description" => $body];
break;
case self::CHANNEL_MPNS:
$body = htmlentities($body, ENT_XML1);
$body = <<<XML
<?xml version="1.0" encoding="utf-8"?><wp:Notification xmlns:wp="WPNotification"><wp:Tile><wp:Count>ENTER COUNT</wp:Count><wp:Title>{$body}</wp:Title></wp:Tile></wp:Notification>
XML;
break;
default:
mwarning("Channel [%s] is not supported by %s", $channels, static::class);
$is_supported = false;
break;
}
if ($is_supported) {
$structured[$channel] = $body;
}
}
$json = json_encode($structured);
$this->client->publish(["Subject" => $subject, "Message" => $json, "MessageStructure" => "json", "TopicArn" => $this->topic_arn]);
}
public function onProcessExit($exitStatus, $pid)
{
if ($exitStatus != 0) {
if ($this->alert) {
malert("Daemon command %s failed with exit code = %d", $this->name, $exitStatus);
} else {
mwarning("Daemon command %s failed with exit code = %d", $this->name, $exitStatus);
}
}
if ($this->once) {
$this->stopped = true;
} else {
$this->nextRun = time();
if ($this->interval) {
$this->nextRun = $this->nextRun + $this->interval;
}
if ($this->frequency) {
if ($this->nextRun - $this->lastRun < $this->frequency) {
$this->nextRun = $this->lastRun + $this->frequency;
}
}
}
if ($this->traceEnabled) {
mdebug("Process [%d] exits for command %s, exit code = %d, last run = %d, next run = %d", $pid, $this->name, $exitStatus, $this->lastRun, $this->nextRun);
}
}
public function setThroughput($read, $write, $indexName = self::PRIMARY_INDEX)
{
$requestArgs = ["TableName" => $this->tableName];
$updateObject = ['ReadCapacityUnits' => $read, 'WriteCapacityUnits' => $write];
if ($indexName == self::PRIMARY_INDEX) {
$requestArgs['ProvisionedThroughput'] = $updateObject;
} else {
$requestArgs['GlobalSecondaryIndexUpdates'] = [['Update' => ['IndexName' => $indexName, 'ProvisionedThroughput' => $updateObject]]];
}
try {
$this->dbClient->updateTable($requestArgs);
} catch (DynamoDbException $e) {
if ($e->getAwsErrorCode() == "ValidationException" && $e->getAwsErrorType() == "client" && !$e->isConnectionError()) {
mwarning("Throughput not updated, because new value is identical to old value!");
} else {
throw $e;
}
}
}
/**
* should only be called from a Rule constructor
* @ignore
*/
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
foreach ($this->xmlroot->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($this->skipEmptyXmlObjects && !$node->hasChildNodes()) {
mwarning('XML element had no child, it was skipped', $node);
continue;
}
//print $this->toString()."\n";
$newObj = new $this->classn('**tmp**', $this);
$newObj->load_from_domxml($node);
//print $this->toString()." : new Tag '".$newTag->name()."' found\n";
$this->o[] = $newObj;
}
}
/**
* @param DOMElement $xml
* * should only be called from a Rule constructor
* @ignore
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$toBeCleaned = array();
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if (strlen($node->textContent) < 1) {
mwarning('invalid (empty) tag name found in rule "' . $this->owner->toString() . '", IT WILL BE CLEANED', $node);
$toBeCleaned[] = $node;
} else {
$f = $this->parentCentralStore->findOrCreate($node->textContent, $this);
$this->o[] = $f;
}
}
foreach ($toBeCleaned as $cleanMe) {
$xml->removeChild($cleanMe);
}
}
protected function onChildProcessExit($pid, $exitStatus, InputInterface $input, OutputInterface $output)
{
if (($key = array_search($pid, $this->pids)) !== false) {
//mdebug("Child process $pid exit with code: %x", $exitStatus);
array_splice($this->pids, $key, 1);
switch ($exitStatus) {
case self::EXIT_CODE_RESTART:
//mdebug("Child process $pid requires restart");
$newPid = $this->doFork($input, $output);
$this->pids[] = $newPid;
mdebug("Child process {$pid} restarted, new pid = {$newPid}");
break;
case self::EXIT_CODE_OK:
break;
default:
$this->isFailed = true;
}
} else {
mwarning("Un-managed child process {$pid} exit with code: %d", $exitStatus);
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
//print "found rule name '".$this->name."'\n";
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_tags();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
// //
// Destination NAT properties Extraction //
// //
$this->dnatroot = DH::findFirstElement('destination-translation', $xml);
if ($this->dnatroot !== FALSE) {
//print "rule '".$this->name."' has destination-translation\n";
if ($this->dnatroot->hasChildNodes()) {
$this->subdnatTAroot = DH::findFirstElement('translated-address', $this->dnatroot);
if ($this->subdnatTAroot !== FALSE) {
$f = $this->parentAddressStore->findOrCreate($this->subdnatTAroot->textContent, $this);
$this->dnathost = $f;
$this->subdnatTProot = DH::findFirstElement('translated-port', $this->dnatroot);
if ($this->subdnatTProot !== FALSE) {
$this->subdnatport = $this->subdnatTProot->textContent;
}
}
}
}
// end of destination translation extraction
// //
// Source NAT properties Extraction //
// //
$this->snatroot = DH::findFirstElement('source-translation', $xml);
if ($this->snatroot !== FALSE) {
//print "we have found a source NAT\n";
// next <tag> will determine NAT type
$firstE = DH::firstChildElement($this->snatroot);
$this->snattype = $firstE->nodeName;
// Do we support this type of NAT ?
if ($this->snattype != "static-ip" && $this->snattype != "dynamic-ip-and-port" && $this->snattype != "dynamic-ip") {
derr("SNAT type '" . $this->snattype . "' for rule '" . $this->name . "' is not supported, EXIT\n");
}
//print "Determined NAT type ".$tcur['name']."\n";
if ($this->snattype == "static-ip") {
$isbidrx = DH::findFirstElement('bi-directional', $firstE);
if ($isbidrx !== FALSE) {
$this->snatbidir = $isbidrx->textContent;
}
$transladx = DH::findFirstElement('translated-address', $firstE);
$fad = $this->parentAddressStore->findOrCreate($transladx->textContent, $this);
$this->snathosts->addObject($fad);
$this->snathosts->xmlroot = $transladx;
} else {
if ($this->snattype == "dynamic-ip-and-port") {
// Is it <translated-address> type ?
$subtype = DH::findFirstElement('translated-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
// this rule has no address specified
} else {
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
}
$this->snathosts->xmlroot = $subtype;
}
} else {
$subtype = DH::findFirstElement('interface-address', $firstE);
if ($subtype !== FALSE) {
if (DH::firstChildElement($subtype) === FALSE) {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
foreach ($subtype->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->nodeName == 'interface') {
$this->snatinterface = $node->textContent;
} else {
if ($node->nodeName == 'ip') {
$translad = $this->parentAddressStore->findOrCreate($node->textContent, $this);
$this->snathosts->addObject($translad);
} else {
derr("Cannot understand dynmaic NAT for rule '" . $this->name . "'\n");
}
}
}
} else {
mwarning("Unknown dynamic SNAT type on rule '" . $this->name . " don't mess too much with this rule or face unpredictable results");
}
}
}
}
}
//
// End of Source NAT properties extraction //
// //
// Begin of <service> extraction //
// //
$this->serviceroot = DH::findFirstElementOrCreate('service', $xml, 'any');
if ($this->serviceroot !== FALSE) {
$lname = $this->serviceroot->textContent;
if (strtolower($lname) != 'any') {
//print "found service named $lname in NAT rule '".$this->name."'\n";
$f = $this->parentServiceStore->findOrCreate($lname, $this, true);
if (!$f) {
derr("Error: service object named '{$lname}' not found in NAT rule '" . $this->name . "'\n");
}
$this->service = $f;
}
} else {
derr('unexpected error');
}
// End of <service> extraction //
}
public function load_from_domxml($xml)
{
$this->xmldoc = $xml;
$this->configroot = DH::findFirstElementOrDie('config', $this->xmldoc);
$this->xmlroot = $this->configroot;
$versionAttr = DH::findAttribute('version', $this->configroot);
if ($versionAttr !== false) {
$this->version = PH::versionFromString($versionAttr);
} else {
if (isset($this->connector) && $this->connector !== null) {
$version = $this->connector->getSoftwareVersion();
} else {
derr('cannot find PANOS version used for make this config');
}
$this->version = $version['version'];
}
$tmp = DH::findFirstElementOrCreate('mgt-config', $this->configroot);
$tmp = DH::findFirstElementOrCreate('devices', $tmp);
foreach ($tmp->childNodes as $serial) {
if ($serial->nodeType != 1) {
continue;
}
$s = DH::findAttribute('name', $serial);
if ($s === FALSE) {
derr('no serial found');
}
$this->managedFirewallsSerials[] = $s;
}
$this->sharedroot = DH::findFirstElementOrDie('shared', $this->configroot);
$this->devicesroot = DH::findFirstElementOrDie('devices', $this->configroot);
$this->localhostroot = DH::findFirstElementByNameAttrOrDie('entry', 'localhost.localdomain', $this->devicesroot);
$this->devicegrouproot = DH::findFirstElementOrDie('device-group', $this->localhostroot);
$this->templateroot = DH::findFirstElementOrDie('template', $this->localhostroot);
//
// Extract Tag objects
//
if ($this->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $this->sharedroot);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Shared address objects extraction
//
$tmp = DH::findFirstElementOrCreate('address', $this->sharedroot);
$this->addressStore->load_addresses_from_domxml($tmp);
// end of address extraction
//
// Extract address groups
//
$tmp = DH::findFirstElementOrCreate('address-group', $this->sharedroot);
$this->addressStore->load_addressgroups_from_domxml($tmp);
// End of address groups extraction
//
// Extract services
//
$tmp = DH::findFirstElementOrCreate('service', $this->sharedroot);
$this->serviceStore->load_services_from_domxml($tmp);
// End of address groups extraction
//
// Extract service groups
//
$tmp = DH::findFirstElementOrCreate('service-group', $this->sharedroot);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
// End of address groups extraction
$prerulebase = DH::findFirstElementOrCreate('pre-rulebase', $this->sharedroot);
$postrulebase = DH::findFirstElementOrCreate('post-rulebase', $this->sharedroot);
$tmp = DH::findFirstElementOrCreate('security', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('security', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->securityRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('nat', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('nat', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->natRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('decryption', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('decryption', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->decryptionRules->load_from_domxml($tmp, $tmpPost);
$tmp = DH::findFirstElementOrCreate('application-override', $prerulebase);
$tmp = DH::findFirstElementOrCreate('rules', $tmp);
$tmpPost = DH::findFirstElementOrCreate('application-override', $postrulebase);
$tmpPost = DH::findFirstElementOrCreate('rules', $tmpPost);
$this->appOverrideRules->load_from_domxml($tmp, $tmpPost);
//
// loading templates
//
foreach ($this->templateroot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$ldv = new Template('*tmp*', $this);
$ldv->load_from_domxml($node);
$this->templates[] = $ldv;
//print "Template '{$ldv->name()}' found\n";
}
//
// end of Templates
//
//
// loading Device Groups now
//
if ($this->version < 70) {
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$lvname = $node->nodeName;
//print "Device Group '$lvname' found\n";
$ldv = new DeviceGroup($this);
$ldv->load_from_domxml($node);
$this->deviceGroups[] = $ldv;
}
} else {
$dgMetaDataNode = DH::findXPathSingleEntryOrDie('/config/readonly/dg-meta-data/dginfo', $this->xmlroot);
$dgToParent = array();
$parentToDG = array();
foreach ($dgMetaDataNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$dgName = DH::findAttribute('name', $node);
if ($dgName === false) {
derr("DeviceGroup name attribute not found in dg-meta-data", $node);
}
$parentDG = DH::findFirstElement('parent-dg', $node);
if ($parentDG === false) {
$dgToParent[$dgName] = 'shared';
$parentToDG['shared'][] = $dgName;
} else {
$dgToParent[$dgName] = $parentDG->textContent;
$parentToDG[$parentDG->textContent][] = $dgName;
}
}
$dgLoadOrder = array('shared');
while (count($parentToDG) > 0) {
$dgLoadOrderCount = count($dgLoadOrder);
foreach ($dgLoadOrder as &$dgName) {
if (isset($parentToDG[$dgName])) {
foreach ($parentToDG[$dgName] as &$newDGName) {
$dgLoadOrder[] = $newDGName;
}
unset($parentToDG[$dgName]);
}
}
if (count($dgLoadOrder) <= $dgLoadOrderCount) {
derr('dg-meta-data seems to be corrupted, parent.child template cannot be calculated ', $dgMetaDataNode);
}
$dgLoadOrderCount = count($dgLoadOrder);
}
/*print "DG loading order:\n";
foreach( $dgLoadOrder as &$dgName )
print " - {$dgName}\n";*/
$deviceGroupNodes = array();
foreach ($this->devicegrouproot->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
$nodeNameAttr = DH::findAttribute('name', $node);
if ($nodeNameAttr === false) {
derr("DeviceGroup 'name' attribute was not found", $node);
}
if (!is_string($nodeNameAttr) || $nodeNameAttr == '') {
derr("DeviceGroup 'name' attribute has invalid value", $node);
}
$deviceGroupNodes[$nodeNameAttr] = $node;
}
foreach ($dgLoadOrder as $dgIndex => &$dgName) {
if ($dgName == 'shared') {
continue;
}
if (!isset($deviceGroupNodes[$dgName])) {
mwarning("DeviceGroup '{$dgName}' is listed in dg-meta-data but doesn't exist in XML");
//unset($dgLoadOrder[$dgIndex]);
continue;
}
$ldv = new DeviceGroup($this);
if (!isset($dgToParent[$dgName])) {
mwarning("DeviceGroup '{$dgName}' has not parent associated, assuming SHARED");
} elseif ($dgToParent[$dgName] == 'shared') {
// do nothing
} else {
$parentDG = $this->findDeviceGroup($dgToParent[$dgName]);
if ($parentDG === null) {
mwarning("DeviceGroup '{$dgName}' has DG '{$dgToParent[$dgName]}' listed as parent but it cannot be found in XML");
} else {
$parentDG->childDeviceGroups[$dgName] = $ldv;
$ldv->parentDeviceGroup = $parentDG;
}
}
$ldv->load_from_domxml($deviceGroupNodes[$dgName]);
$this->deviceGroups[] = $ldv;
}
}
//
// End of DeviceGroup loading
//
}
protected function sendMessageBatch(array $payrolls, array $attributes, $delay)
{
$entries = [];
foreach ($payrolls as $idx => $payroll) {
$entry = ["Id" => "buf_{$idx}", "MessageBody" => $payroll];
if ($delay) {
$entry['DelaySeconds'] = $delay;
}
if ($attributes) {
$entry['MessageAttributes'] = $attributes[$idx];
}
$entries[] = $entry;
}
$args = ["QueueUrl" => $this->getQueueUrl(), "Entries" => $entries];
$result = $this->client->sendMessageBatch($args);
if ($result['Failed']) {
foreach ($result['Failed'] as $failed) {
mwarning(sprintf("Batch sending message failed, code = %s, id = %s, msg = %s, senderfault = %s", $failed['Code'], $failed['Id'], $failed['Message'], $failed['SenderFault']));
}
throw new \RuntimeException("Cannot send some messages, consult log for more info!");
}
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
//print "found rule name '".$this->name."'\n";
// //
// Begin of <disabled> extraction //
// //
$this->extract_disabled_from_domxml();
// End of <disabled> properties extraction //
// //
// Begin of <description> extraction //
// //
$this->extract_description_from_domxml();
// End of <description> extraction //
$this->load_source();
$this->load_destination();
$this->load_tags();
$this->load_from();
$this->load_to();
// //
// Begin <application> application extraction //
// //
$tmp = DH::findFirstElementOrCreate('application', $xml);
$this->apps->load_from_domxml($tmp);
// end of <application> application extraction
// //
// Begin <service> extraction //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->services->load_from_domxml($tmp);
// end of <service> zone extraction
//
// Begin <log-setting> extraction
//
$tmp = $this->logstartroot = DH::findFirstElement('log-setting', $xml);
if ($tmp === false) {
$this->logSetting = false;
} else {
$this->logSetting = $tmp->textContent;
}
// End of <log-setting>
//
// Begin <log-start> extraction
//
$this->logstartroot = DH::findFirstElementOrCreate('log-start', $xml, 'no');
$this->logstart = yesNoBool($this->logstartroot->textContent);
// End of <log-start>
//
// Begin <log-end> extraction
//
$this->logendroot = DH::findFirstElementOrCreate('log-end', $xml, 'yes');
$this->logend = yesNoBool($this->logendroot->textContent);
// End of <log-start>
//
// Begin <profile-setting> extraction
//
$this->secprofroot = DH::findFirstElement('profile-setting', $xml);
if ($this->secprofroot === false) {
$this->secprofroot = null;
}
$this->extract_security_profile_from_domxml();
// End of <profile-setting>
//
// Begin <negate-source> extraction
//
$negatedSourceRoot = DH::findFirstElement('negate-source', $xml);
if ($negatedSourceRoot !== false) {
$this->negatedSource = yesNoBool($negatedSourceRoot->textContent);
} else {
$this->negatedSource = false;
}
// End of <negate-source>
//
// Begin <negate-destination> extraction
//
$negatedDestinationRoot = DH::findFirstElement('negate-destination', $xml);
if ($negatedDestinationRoot !== false) {
$this->negatedDestination = yesNoBool($negatedDestinationRoot->textContent);
} else {
$this->negatedDestination = false;
}
// End of <negate-destination>
//
// Begin <action> extraction
//
$tmp = DH::findFirstElement('action', $xml);
if ($tmp !== false) {
$actionFound = array_search($tmp->textContent, self::$RuleActions);
if ($actionFound === false) {
mwarning("unsupported action '{$tmp->textContent}' found, allow assumed", $tmp);
} else {
$this->action = $actionFound;
}
} else {
mwarning("'<action> not found, assuming 'allow'", $xml);
}
// End of <rule-type>
//
// Begin <rule-type> extraction
//
if ($this->owner->version >= 61) {
$tmp = DH::findFirstElement('rule-type', $xml);
if ($tmp !== false) {
$typefound = array_search($tmp->textContent, self::$RuleTypes);
if ($typefound === false) {
mwarning("unsupported rule-type '{$tmp->textContent}', universal assumed", $tmp);
} else {
$this->ruleType = $typefound;
}
}
}
// End of <rule-type>
}
/**
*
* @ignore
*/
function removeReference($o, $ref)
{
if (is_null($ref)) {
return;
}
$serial = spl_object_hash($ref);
if (array_key_exists($serial, $o->refrules)) {
unset($o->refrules[$serial]);
} else {
mwarning('tried to unreference an object from a store that does not reference it:' . $o->toString() . ' against ' . $ref->toString());
}
}
/**
* !!OBSOLETE!!
* @obsolete
* @param string $name
* @return VirtualSystem|null
*/
public function findVSYS_by_Name($name)
{
mwarning('use of obsolete function, please use findVirtualSystem() instead!');
return $this->findVirtualSystem($name);
}
public function API_setName($newname)
{
if (!$this->isTmp()) {
$c = findConnectorOrDie($this);
$path = $this->getXPath();
$c->sendRenameRequest($path, $newname);
} else {
mwarning('this is a temporary object, cannot be renamed from API');
}
$this->setName($newname);
}
/**
* For developper use only
* @param DOMElement $xml
* @param DOMElement $xmlPost
*/
public function load_from_domxml($xml, $xmlPost = null)
{
global $PANC_DEBUG;
$this->xmlroot = $xml;
$count = 0;
foreach ($xml->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
if ($node->tagName != 'entry') {
mwarning("A rule entry with tag '{$node->tagName}' was found and ignored");
continue;
}
$count++;
if ($PANC_DEBUG && $count % 1000 == 0) {
print "Parsed {$count} rules so far\n";
}
/** @var SecurityRule|NatRule|DecryptionRule|Rule $nr */
$nr = new $this->type($this);
$nr->load_from_domxml($node);
$this->rules[] = $nr;
}
// print $count." prerules found\n";
if ($this->isPreOrPost) {
if ($xmlPost === null) {
derr('no <post-rulebase> xml root provided !');
}
$this->postRulesRoot = $xmlPost;
$count = 0;
foreach ($xmlPost->childNodes as $node) {
if ($node->nodeType != 1) {
continue;
}
$count++;
if ($PANC_DEBUG && $count % 1000 == 0) {
print "Parsed {$count} rules so far\n";
}
$nr = new $this->type($this);
$nr->load_from_domxml($node);
$this->postRules[] = $nr;
}
//print $count." postrules found\n";
}
$this->regen_Indexes();
}
/**
* @param $contextVSYS VirtualSystem
* @param $orderByNarrowest bool
* @return array
*/
public function getIPtoZoneRouteMapping($contextVSYS, $orderByNarrowest = true)
{
$ipv4 = array();
$ipv6 = array();
$ipv4sort = array();
foreach ($this->staticRoutes() as $route) {
$ipv4Mapping = $route->destinationIP4Mapping();
$nexthopIf = $route->nexthopInterface();
if ($nexthopIf !== null) {
if (!$this->attachedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface does not belong to this virtual router'");
continue;
}
if ($contextVSYS->importedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($nexthopIf->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
} else {
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
$findVsys = $contextVSYS->owner->network->findVsysInterfaceOwner($nexthopIf->name());
if ($findVsys === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to no VSYS");
continue;
}
$externalZone = $contextVSYS->zoneStore->findZoneWithExternalVsys($findVsys);
if ($externalZone == null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to wrong vsys '{$findVsys->name()}' and no external zone could be found");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $externalZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
if ($route->nexthopType() == 'ip-address') {
$nextHopType = $route->nexthopType();
$nexthopIP = $route->nexthopIP();
$findZone = null;
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3' || $if->isLoopbackType()) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if ($if->isLoopbackType()) {
$ips = $if->getIPv4Addresses();
} else {
$ips = $if->getLayer3IPv4Addresses();
}
foreach ($ips as &$interfaceIP) {
if (cidr::netMatch($nexthopIP, $interfaceIP) > 0) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$if->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
}
break;
}
}
if ($findZone !== null) {
break;
}
} else {
continue;
}
}
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because no matching interface was found for nexthop={$nexthopIP}");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
} else {
mwarning("route {$route->name()}/{$route->destination()} ignored because of unknown type '{$nextHopType}'");
continue;
}
}
}
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3') {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getLayer3IPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} elseif ($if->isLoopbackType()) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getIPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
}
}
ksort($ipv4sort);
foreach ($ipv4sort as &$record) {
ksort($record);
foreach ($record as &$subRecord) {
foreach ($subRecord as &$subSubRecord) {
$ipv4[] =& $subSubRecord;
}
}
}
$result = array('ipv4' => &$ipv4, 'ipv6' => &$ipv6);
return $result;
}
/**
*
* @ignore
*/
protected function findParentCentralStore()
{
$this->parentCentralStore = null;
if ($this->owner) {
$currentObject = $this;
while (isset($currentObject->owner) && !is_null($currentObject->owner)) {
if (isset($currentObject->owner->addressStore) && !is_null($currentObject->owner->addressStore)) {
$this->parentCentralStore = $currentObject->owner->addressStore;
//print $this->toString()." : found a parent central store: ".$parentCentralStore->toString()."\n";
return;
}
$currentObject = $currentObject->owner;
}
}
mwarning('no parent store found!');
}
