public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->isTmp = false;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
if (strlen($this->name) < 1) {
derr("Zone name '" . $this->name . "' is not valid", $xml);
}
$networkNode = DH::findFirstElement('network', $xml);
if ($networkNode === false) {
return;
}
foreach ($networkNode->childNodes as $node) {
if ($node->nodeType != XML_ELEMENT_NODE) {
continue;
}
if ($node->tagName == 'layer3') {
$this->_type = 'layer3';
$this->attachedInterfaces->load_from_domxml($node);
} else {
if ($node->tagName == 'external') {
$this->_type = 'external';
foreach ($node->childNodes as $memberNode) {
if ($memberNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->externalVsys[$memberNode->textContent] = $memberNode->textContent;
}
$this->attachedInterfaces->load_from_domxml($node);
}
}
}
}
/**
* !! Should not be used outside of a PANConf constructor. !!
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
// this VSYS has a name ?
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("VirtualSystem name not found\n", $xml);
}
//print "VSYS '".$this->name."' found\n";
// this VSYS has a display-name ?
$displayNameNode = DH::findFirstElement('display-name', $xml);
if ($displayNameNode !== FALSE) {
$this->_alternativeName = $displayNameNode->textContent;
}
//
// loading the imported objects list
//
$this->importroot = DH::findFirstElementOrCreate('import', $xml);
$networkRoot = DH::findFirstElementOrCreate('network', $this->importroot);
$tmp = DH::findFirstElementOrCreate('interface', $networkRoot);
$this->importedInterfaces->load_from_domxml($tmp);
//
$this->rulebaseroot = DH::findFirstElementOrCreate('rulebase', $xml);
if ($this->owner->owner === null) {
//
// Extract Tag objects
//
if ($this->owner->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $xml);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Extract address objects
//
$tmp = DH::findFirstElementOrCreate('address', $xml);
$this->addressStore->load_addresses_from_domxml($tmp);
//print "VSYS '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
//
// Extract address groups in this DV
//
$tmp = DH::findFirstElementOrCreate('address-group', $xml);
$this->addressStore->load_addressgroups_from_domxml($tmp);
//print "VSYS '".$this->name."' address groups loaded\n" ;
// End of address groups extraction
// //
// Extract service objects in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->serviceStore->load_services_from_domxml($tmp);
//print "VSYS '".$this->name."' service objects\n" ;
// End of <service> extraction
// //
// Extract service groups in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service-group', $xml);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VSYS '".$this->name."' service groups loaded\n" ;
// End of <service-group> extraction
}
//
// Extract Zone objects
//
$tmp = DH::findFirstElementOrCreate('zone', $xml);
$this->zoneStore->load_from_domxml($tmp);
// End of Zone objects extraction
if ($this->owner->owner === null) {
//
// Security Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('security', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->securityRules->load_from_domxml($tmprulesroot);
//
// Nat Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('nat', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->natRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('decryption', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->decryptionRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('application-override', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->appOverrideRules->load_from_domxml($tmprulesroot);
}
}
/**
* @param $contextVSYS VirtualSystem
* @param $orderByNarrowest bool
* @return array
*/
public function getIPtoZoneRouteMapping($contextVSYS, $orderByNarrowest = true)
{
$ipv4 = array();
$ipv6 = array();
$ipv4sort = array();
foreach ($this->staticRoutes() as $route) {
$ipv4Mapping = $route->destinationIP4Mapping();
$nexthopIf = $route->nexthopInterface();
if ($nexthopIf !== null) {
if (!$this->attachedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface does not belong to this virtual router'");
continue;
}
if ($contextVSYS->importedInterfaces->hasInterfaceNamed($nexthopIf->name())) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($nexthopIf->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
} else {
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
$findVsys = $contextVSYS->owner->network->findVsysInterfaceOwner($nexthopIf->name());
if ($findVsys === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to no VSYS");
continue;
}
$externalZone = $contextVSYS->zoneStore->findZoneWithExternalVsys($findVsys);
if ($externalZone == null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$nexthopIf->name()} but this interface is attached to wrong vsys '{$findVsys->name()}' and no external zone could be found");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $externalZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} else {
if ($route->nexthopType() == 'ip-address') {
$nextHopType = $route->nexthopType();
$nexthopIP = $route->nexthopIP();
$findZone = null;
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3' || $if->isLoopbackType()) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if ($if->isLoopbackType()) {
$ips = $if->getIPv4Addresses();
} else {
$ips = $if->getLayer3IPv4Addresses();
}
foreach ($ips as &$interfaceIP) {
if (cidr::netMatch($nexthopIP, $interfaceIP) > 0) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because its attached to interface {$if->name()} but this interface is not attached to a Zone in vsys {$contextVSYS->name()}'");
continue;
}
break;
}
}
if ($findZone !== null) {
break;
}
} else {
continue;
}
}
if ($findZone === null) {
mwarning("route {$route->name()}/{$route->destination()} ignored because no matching interface was found for nexthop={$nexthopIP}");
continue;
}
$record = array('network' => $route->destination(), 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'static', 'priority' => 2);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
} else {
mwarning("route {$route->name()}/{$route->destination()} ignored because of unknown type '{$nextHopType}'");
continue;
}
}
}
foreach ($this->attachedInterfaces->interfaces() as $if) {
if (!$contextVSYS->importedInterfaces->hasInterfaceNamed($if->name())) {
continue;
}
if (($if->isEthernetType() || $if->isAggregateType()) && $if->type() == 'layer3') {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getLayer3IPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
} elseif ($if->isLoopbackType()) {
$findZone = $contextVSYS->zoneStore->findZoneMatchingInterfaceName($if->name());
if ($findZone === null) {
continue;
}
$ipAddresses = $if->getIPv4Addresses();
foreach ($ipAddresses as $interfaceIP) {
$ipv4Mapping = cidr::stringToStartEnd($interfaceIP);
$record = array('network' => $interfaceIP, 'start' => $ipv4Mapping['start'], 'end' => $ipv4Mapping['end'], 'zone' => $findZone->name(), 'origin' => 'connected', 'priority' => 1);
$ipv4sort[$record['end'] - $record['start']][$record['start']][] =& $record;
unset($record);
}
}
}
ksort($ipv4sort);
foreach ($ipv4sort as &$record) {
ksort($record);
foreach ($record as &$subRecord) {
foreach ($subRecord as &$subSubRecord) {
$ipv4[] =& $subSubRecord;
}
}
}
$result = array('ipv4' => &$ipv4, 'ipv6' => &$ipv6);
return $result;
}
