public function load_from_domxml(DOMElement $xml) { $this->xmlroot = $xml; $this->isTmp = false; $this->name = DH::findAttribute('name', $xml); if ($this->name === FALSE) { derr("zone name not found\n", $xml); } if (strlen($this->name) < 1) { derr("Zone name '" . $this->name . "' is not valid", $xml); } $networkNode = DH::findFirstElement('network', $xml); if ($networkNode === false) { return; } foreach ($networkNode->childNodes as $node) { if ($node->nodeType != XML_ELEMENT_NODE) { continue; } if ($node->tagName == 'layer3') { $this->_type = 'layer3'; $this->attachedInterfaces->load_from_domxml($node); } else { if ($node->tagName == 'external') { $this->_type = 'external'; foreach ($node->childNodes as $memberNode) { if ($memberNode->nodeType != XML_ELEMENT_NODE) { continue; } $this->externalVsys[$memberNode->textContent] = $memberNode->textContent; } $this->attachedInterfaces->load_from_domxml($node); } } } }
/** * !! Should not be used outside of a PANConf constructor. !! * */ public function load_from_domxml($xml) { $this->xmlroot = $xml; // this VSYS has a name ? $this->name = DH::findAttribute('name', $xml); if ($this->name === FALSE) { derr("VirtualSystem name not found\n", $xml); } //print "VSYS '".$this->name."' found\n"; // this VSYS has a display-name ? $displayNameNode = DH::findFirstElement('display-name', $xml); if ($displayNameNode !== FALSE) { $this->_alternativeName = $displayNameNode->textContent; } // // loading the imported objects list // $this->importroot = DH::findFirstElementOrCreate('import', $xml); $networkRoot = DH::findFirstElementOrCreate('network', $this->importroot); $tmp = DH::findFirstElementOrCreate('interface', $networkRoot); $this->importedInterfaces->load_from_domxml($tmp); // $this->rulebaseroot = DH::findFirstElementOrCreate('rulebase', $xml); if ($this->owner->owner === null) { // // Extract Tag objects // if ($this->owner->version >= 60) { $tmp = DH::findFirstElementOrCreate('tag', $xml); $this->tagStore->load_from_domxml($tmp); } // End of Tag objects extraction // // Extract address objects // $tmp = DH::findFirstElementOrCreate('address', $xml); $this->addressStore->load_addresses_from_domxml($tmp); //print "VSYS '".$this->name."' address objectsloaded\n" ; // End of address objects extraction // // Extract address groups in this DV // $tmp = DH::findFirstElementOrCreate('address-group', $xml); $this->addressStore->load_addressgroups_from_domxml($tmp); //print "VSYS '".$this->name."' address groups loaded\n" ; // End of address groups extraction // // // Extract service objects in this VSYS // // // $tmp = DH::findFirstElementOrCreate('service', $xml); $this->serviceStore->load_services_from_domxml($tmp); //print "VSYS '".$this->name."' service objects\n" ; // End of <service> extraction // // // Extract service groups in this VSYS // // // $tmp = DH::findFirstElementOrCreate('service-group', $xml); $this->serviceStore->load_servicegroups_from_domxml($tmp); //print "VSYS '".$this->name."' service groups loaded\n" ; // End of <service-group> extraction } // // Extract Zone objects // $tmp = DH::findFirstElementOrCreate('zone', $xml); $this->zoneStore->load_from_domxml($tmp); // End of Zone objects extraction if ($this->owner->owner === null) { // // Security Rules extraction // $tmproot = DH::findFirstElementOrCreate('security', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->securityRules->load_from_domxml($tmprulesroot); // // Nat Rules extraction // $tmproot = DH::findFirstElementOrCreate('nat', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->natRules->load_from_domxml($tmprulesroot); // // Decryption Rules extraction // $tmproot = DH::findFirstElementOrCreate('decryption', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->decryptionRules->load_from_domxml($tmprulesroot); // // Decryption Rules extraction // $tmproot = DH::findFirstElementOrCreate('application-override', $this->rulebaseroot); $tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot); $this->appOverrideRules->load_from_domxml($tmprulesroot); } }
/** * @param $contextVSYS VirtualSystem * @param $orderByNarrowest bool * @return array */ public function getIPtoZoneRouteMapping($contextVSYS, $orderByNarrowest = true) { $ipv4 = array(); $ipv6 = array(); $ipv4sort = array(); foreach ($this->staticRoutes() as $route) { $ipv4Mapping = $route->destinationIP4Mapping(); $nexthopIf = $route->nexthopInterface(); if ($nexthopIf !== null) { if (!$this->attachedInterfaces->hasInterfaceNamed($nexthopIf->name())) { mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface does not belong to this virtual router'"); continue; } if ($contextVSYS->importedInterfaces->hasInterfaceNamed($nexthopIf->name())) { $findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($nexthopIf->name()); if ($findZone === null) { mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'"); continue; } else { $record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2); $ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record; unset($record); } } else { $findVsys = $contextVSYS->owner->network->findVsysInterfaceOwner($nexthopIf->name()); if ($findVsys === null) { mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to no VSYS"); continue; } $externalZone = $contextVSYS->zoneStore->findZoneWithExternalVsys($findVsys); if ($externalZone == null) { mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to wrong vsys '{$findVsys->name()}' and no external zone could be found"); continue; } $record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $externalZone->name(), 'origin' => 'static', 'priority' => 2); $ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record; unset($record); } } else { if ($route->nexthopType() == 'ip-address') { $nextHopType = $route->nexthopType(); $nexthopIP = $route->nexthopIP(); $findZone = null; foreach ($this->attachedInterfaces->interfaces() as $if) { if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3' || $if->isLoopbackType()) { if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) { continue; } if ($if->isLoopbackType()) { $ips = $if->getIPv4Addresses(); } else { $ips = $if->getLayer3IPv4Addresses(); } foreach ($ips as &$interfaceIP) { if (cidr::netMatch($nexthopIP, $interfaceIP) > 0) { $findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name()); if ($findZone === null) { mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$if->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'"); continue; } break; } } if ($findZone !== null) { break; } } else { continue; } } if ($findZone === null) { mwarning("route {$route->name()}/{$route->destination()} ignored because no matching interface was found for nexthop={$nexthopIP}"); continue; } $record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2); $ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record; unset($record); } else { mwarning("route {$route->name()}/{$route->destination()} ignored because of unknown type '{$nextHopType}'"); continue; } } } foreach ($this->attachedInterfaces->interfaces() as $if) { if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) { continue; } if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3') { $findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name()); if ($findZone === null) { continue; } $ipAddresses = $if->getLayer3IPv4Addresses(); foreach ($ipAddresses as $interfaceIP) { $ipv4Mapping = cidr::stringToStartEnd($interfaceIP); $record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1); $ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record; unset($record); } } elseif ($if->isLoopbackType()) { $findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name()); if ($findZone === null) { continue; } $ipAddresses = $if->getIPv4Addresses(); foreach ($ipAddresses as $interfaceIP) { $ipv4Mapping = cidr::stringToStartEnd($interfaceIP); $record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1); $ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record; unset($record); } } } ksort($ipv4sort); foreach ($ipv4sort as &$record) { ksort($record); foreach ($record as &$subRecord) { foreach ($subRecord as &$subSubRecord) { $ipv4[] =& $subSubRecord; } } } $result = array('ipv4' => &$ipv4, 'ipv6' => &$ipv6); return $result; }