Re: C++ OO design question

From:

=?ISO-8859-1?Q?Erik_Wikstr=F6m?= <Erik-wikstrom@telia.com>

Newsgroups:

comp.lang.c++

Date:

Mon, 17 Sep 2007 08:30:07 GMT

Message-ID:

<jWqHi.8971$ZA.4700@newsb.telia.net>

On 2007-09-17 09:24, indrawati.yahya@gmail.com wrote:

In a recent job interview, the interviewer asked me how I'd design
classes for the following problem: let's consider a hypothetical
firewall, which filters network packets by either IP address, port
number, or both. How should we design the classes to represent these
filters?

This is really a question for a group discussing object-oriented design
so you should ask in comp.object or perhaps comp.programming.

My answer was:

class FilterRule
{
public:
     virtual bool Accept(const Packet&) const = 0; //Packet is a
representation of a network packet
};
class FilterByIP: public FilterRule { /* members here */ };
class FilterByPort: public FilterRule { /* members here */ };

class Filter
{
public:
     bool Accept(const Packet&) const; //returns true if ALL
filterRules Accept() the Packet
private:
     std::vector<FilterRule> filterRules;

Slicing, you cannot store derived types in a vector parametrised by the
base type, you have to use pointers instead:

std::vector<FilterRule> filterRules;

};

However, the interviewer said that he preferred this solution instead:

class Filter
{
public:
virtual bool Accept(const Packet&) const = 0;
};
class FilterByIP: public Filter { /* members here */ }
class FilterByPort: public Filter { /* members here */ }
class FilterByIPAndPort: public Filter

I assume you forgot
class Filter

{
protected:
FilterByIP ipFilter;
FilterByPort portFilter;
/* other members */
};

This assumes that you can filter multiple IP addresses or ports with a
single FilterByIP object, which might allow some optimisations that are
not possible when you have more than one FilterByIP object (which your
solution allows). However it is also less flexible for the same reasons.

I reasoned that with his solution, there may be too many class numbers
if down the road we decide to filter packets by methods other than IP
address and Port, but somehow he was not convinced. Oh well, I didn't
get the job, but this question continues to haunt me to this day. What
do you C++ experts think? Or is there another better solution that I
did not consider? Thank you.

Yes, I also prefer your design, it is more flexible and more easily
extended, however I've never thought much about firewall design and
there might be some other reasons to use his design.

--
Erik Wikstr?m