|
| ||||||||||||||||
|
| ||||||||||||||||
This class contains all user policy configuration. It updates the relevant configuration portions based on user changes. Also, it does some sanity checking by (dis)allowing the user to do certain actions [such as delete sets which are referenced in policies].
| typedef map<string,Code*> CodeMap | CodeMap |
| typedef set<uint32_t> TagSet | TagSet |
| typedef map<string,TagSet*> TagMap | TagMap |
| ConfError (class) | ConfError |
| Configuration (ProcessWatchBase& pw)
| Configuration |
Parameters:
| a | process watcher used to initialize the VarMap. |
| ~Configuration ()
| ~Configuration |
| void delete_term (const string& policy, const string& term)
| delete_term |
Throws an exception on failure. Checks for non-existant policy/term conditions.
Parameters:
| policy | policy in which term should be deleted. |
| term | term to delete. |
| void update_term_source (const string& policy, const string& term,
const string& source)
| update_term_source |
Throws an exception on failure. Checks for non-existant policy/term conditions. Also tries to parse the configuration. No compilation / semantic check is performed now.
Parameters:
| policy | policy in which term should be updated. |
| term | term which should be updated. |
| source | un-parsed user configuration of the source {} block. |
| void update_term_dest (const string& policy, const string& term,
const string& dest)
| update_term_dest |
Throws an exception on failure. Checks for non-existant policy/term conditions. Also tries to parse the configuration. No compilation / semantic check is performed now.
Parameters:
| policy | policy in which term should be updated. |
| term | term which should be updated. |
| dest | un-parsed user configuration of the dest {} block. |
| void update_term_action (const string& policy, const string& term,
const string& action)
| update_term_action |
Throws an exception on failure. Checks for non-existant policy/term conditions. Also tries to parse the configuration. No compilation / semantic check is performed now.
Parameters:
| policy | policy in which term should be updated. |
| term | term which should be updated. |
| action | un-parsed user configuration of the action {} block. |
| void create_term (const string& policy, const string& term)
| create_term |
Append a term to a policy.
Throws an exception on failure. Checks if term already exists.
Parameters:
| policy | policy in which term should be created. |
| term | term name which should be created. |
| void create_policy (const string& policy)
| create_policy |
Throws an exception on failure. Checks if policy already exists.
Parameters:
| policy | policy which should be created. |
| void delete_policy (const string& policy)
| delete_policy |
Throws an exception on failure. Checks if policy is in use [instantiated by an export/import directive.]
Parameters:
| policy | policy which should be deleted. |
| void create_set (const string& set)
| create_set |
Throws an exception on failure. Checks if set already exists.
Parameters:
| set | name of the set to be created. |
| void update_set (const string& set, const string& elements)
| update_set |
Throws an exception on failure. Checks if set exists.
Parameters:
| set | name of the set to be updated. |
| elements | comma separated elements to be replaced in set. |
| void delete_set (const string& set)
| delete_set |
Throws an exception on failure. Checks if set is in use.
Parameters:
| set | name of set to delete. |
| void update_imports (const string& protocol, const list<string>& imports)
| update_imports |
Throws an exception on failure. Checks if policies exist.
Parameters:
| protocol | name of protocol which should have imports updated. |
| imports | list of policy-names. |
| void update_exports (const string& protocol, const list<string>& exports)
| update_exports |
Throws an exception on failure. Checks if policies exist.
Parameters:
| protocol | name of protocol which should have exports updated. |
| exports | list of policy-names. |
| string str ()
| str |
Returns: string representation of configuration
| void commit (uint32_t msec)
| commit |
Commit all configuration changes. This will compile all needed policies and link them. It will then commit changes to the actual policy filters. Commits are optionally delayed in order to aggregate configuration changes. For example, at boot-up many small changes are done in small time intervals. It would be more efficient to configure the filters only after all changes have been made. Thus delaying a commit will help.
The delay will only be imposed on sending the configuration to the filters -- all semantic checks and compile is done immediately.
Parameters:
| msec | milliseconds after which code should be sent to filters. |
| void configure_varmap (const string& conf)
| configure_varmap |
Initialize the VarMap needed for semantic checking.
Parameters:
| conf | un-parsed user configuration of varmap. |
| void set_filter_manager (FilterManagerBase&)
| set_filter_manager |
This method should be called once at initialization to set the FilterManager. It should not be deleted by the Configuration class -- it does not own it.
| CodeMap& import_filters ()
| import_filters |
A CodeMap is a map relating protocols to code. All the code for a protocol will be found in its entry. The code however will normally be for a specific filter.
Returns: the CodeMap for import filters.
| CodeMap& sourcematch_filters ()
| sourcematch_filters |
Returns: the CodeMap for source match filters.
| CodeMap& export_filters ()
| export_filters |
Returns: the CodeMap for export filters.
| SetMap& sets ()
| sets |
Returns: the SetMap relating set-name to the actual set.
| TagMap& tagmap ()
| tagmap |
Returns: the policy tag map relating policytags to destination protocols.
