"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/pkg/pass1/check-supernet.go" between
Netspoc-6.025.tar.gz and Netspoc-6.026.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

check-supernet.go  (Netspoc-6.025):check-supernet.go  (Netspoc-6.026)
skipping to change at line 85 skipping to change at line 85
// Find aggregate in zone with address equal to ip/mask // Find aggregate in zone with address equal to ip/mask
// or find networks in zone with address in subnet or supernet relation // or find networks in zone with address in subnet or supernet relation
// to ip/mask. // to ip/mask.
// Leave out // Leave out
// - invible aggregates, only used intermediately in automatic groups, // - invible aggregates, only used intermediately in automatic groups,
// - small networks which are subnet of a matching network, // - small networks which are subnet of a matching network,
// - objects that are // - objects that are
// - element of net_hash or // - element of net_hash or
// - subnet of element of net_hash. // - subnet of element of net_hash.
// Result: List of found networks or aggregates or undef. // Result: List of found networks or aggregates or undef.
func findZoneNetworks(zone *zone, ip net.IP, mask net.IPMask, natSet natSet, net func findZoneNetworks(
Map map[*network]bool) netList { zone *zone, isAgg bool, ip net.IP, mask net.IPMask, natSet natSet,
netMap map[*network]bool) netList {
// Check if argument or some supernet of argument is member of netMap. // Check if argument or some supernet of argument is member of netMap.
inNetHash := func(netOrAgg *network) bool { inNetHash := func(netOrAgg *network) bool {
for { for {
if _, found := netMap[netOrAgg]; found { if _, found := netMap[netOrAgg]; found {
return true return true
} }
netOrAgg = netOrAgg.up netOrAgg = netOrAgg.up
if netOrAgg == nil { if netOrAgg == nil {
return false return false
skipping to change at line 115 skipping to change at line 117
return netList{aggregate} return netList{aggregate}
} }
// Use cached result. // Use cached result.
if net, found := zone.ipmask2net[key]; found { if net, found := zone.ipmask2net[key]; found {
return net return net
} }
// Real networks in zone without aggregates and without subnets. // Real networks in zone without aggregates and without subnets.
var result netList var result netList
prefix, _ := mask.Size() prefix, _ := mask.Size()
for _, net := range zone.networks { for _, net := range zone.networks {
if inNetHash(net) { if inNetHash(net) {
continue continue
} }
natNet := getNatNetwork(net, natSet) natNet := getNatNetwork(net, natSet)
if natNet.hidden { if natNet.hidden {
continue continue
} }
i, m := natNet.ip, natNet.mask i, m := natNet.ip, natNet.mask
p, _ := m.Size() p, _ := m.Size()
if p >= prefix && matchIp(i, ip, mask) || p < prefix && matchIp(i if p >= prefix && matchIp(i, ip, mask) ||
p, i, m) { isAgg && p < prefix && matchIp(ip, i, m) {
result = append(result, net) result = append(result, net)
} }
} }
if zone.ipmask2net == nil { if zone.ipmask2net == nil {
zone.ipmask2net = make(map[ipmask]netList) zone.ipmask2net = make(map[ipmask]netList)
} }
zone.ipmask2net[key] = result zone.ipmask2net[key] = result
return result return result
} }
skipping to change at line 171 skipping to change at line 176
} else { } else {
supernet = rule.dst[0].(*network) supernet = rule.dst[0].(*network)
} }
natSet := intf.natSet natSet := intf.natSet
natSuper := getNatNetwork(supernet, natSet) natSuper := getNatNetwork(supernet, natSet)
if natSuper.hidden { if natSuper.hidden {
return return
} }
ip, mask := natSuper.ip, natSuper.mask ip, mask := natSuper.ip, natSuper.mask
netMap := rule.zone2netMap[zone] netMap := rule.zone2netMap[zone]
networks := findZoneNetworks(zone, ip, mask, natSet, netMap) networks :=
findZoneNetworks(zone, supernet.isAggregate, ip, mask, natSet, ne
tMap)
if len(networks) == 0 { if len(networks) == 0 {
return return
} }
orAgg := "" orAgg := ""
net0 := networks[0] net0 := networks[0]
if len(networks) > 2 { if len(networks) > 2 {
 End of changes. 4 change blocks. 
5 lines changed or deleted 10 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)