"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/pkg/pass1/check-redundant.go" between
Netspoc-6.026.tar.gz and Netspoc-6.027.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

check-redundant.go  (Netspoc-6.026):check-redundant.go  (Netspoc-6.027)
skipping to change at line 156 skipping to change at line 156
return true return true
} }
} }
return false return false
} }
if overlapsUsed() { if overlapsUsed() {
service.overlapsUsed[oservice] = true service.overlapsUsed[oservice] = true
if srcAttr == restrictVal && dstAttr == restrictVal { if srcAttr == restrictVal && dstAttr == restrictVal {
if !service.overlapsRestricted { if !service.overlapsRestricted {
service.overlapsRestricted = true service.overlapsRestricted = true
c.warn("Must not use attribute 'overlaps' at %s", service.name) c.warn("Must not use attribute 'overlaps' at %s", service)
} }
return false return false
} }
return true return true
} }
if srcAttr == okVal || dstAttr == okVal { if srcAttr == okVal || dstAttr == okVal {
return true return true
} }
return false return false
} }
skipping to change at line 285 skipping to change at line 285
msg += strings.Join(list, "\n ") msg += strings.Join(list, "\n ")
c.warnOrErr(action, msg) c.warnOrErr(action, msg)
} }
} }
func (c *spoc) showFullyRedundantRules() { func (c *spoc) showFullyRedundantRules() {
action := conf.Conf.CheckFullyRedundantRules action := conf.Conf.CheckFullyRedundantRules
if action == "" { if action == "" {
return return
} }
sNames := make([]string, 0, len(symTable.service)) sNames := make(stringList, 0, len(symTable.service))
for name := range symTable.service { for name := range symTable.service {
sNames = append(sNames, name) sNames.push(name)
} }
sort.Strings(sNames) sort.Strings(sNames)
keep := make(map[*service]bool) keep := make(map[*service]bool)
for _, name := range sNames { for _, name := range sNames {
service := symTable.service[name] service := symTable.service[name]
if keep[service] { if keep[service] {
continue continue
} }
ruleCount := service.ruleCount ruleCount := service.ruleCount
if ruleCount == 0 { if ruleCount == 0 {
skipping to change at line 311 skipping to change at line 311
continue continue
} }
for service := range service.hasSameDupl { for service := range service.hasSameDupl {
keep[service] = true keep[service] = true
} }
c.warnOrErr(action, service.name+" is fully redundant") c.warnOrErr(action, service.name+" is fully redundant")
} }
} }
func (c *spoc) warnUnusedOverlaps() { func (c *spoc) warnUnusedOverlaps() {
var errList []string var errList stringList
for _, service := range symTable.service { for _, service := range symTable.service {
if service.disabled { if service.disabled {
continue continue
} }
if overlaps := service.overlaps; overlaps != nil { if overlaps := service.overlaps; overlaps != nil {
used := service.overlapsUsed used := service.overlapsUsed
for _, overlap := range overlaps { for _, overlap := range overlaps {
if overlap.disabled || used[overlap] { if overlap.disabled || used[overlap] {
continue continue
} }
errList = append(errList, errList.push(
fmt.Sprintf("Useless 'overlaps = %s' in % fmt.Sprintf("Useless 'overlaps = %s' in %
s", s", overlap, service))
overlap.name, service.name))
} }
} }
} }
sort.Strings(errList) sort.Strings(errList)
for _, msg := range errList { for _, msg := range errList {
c.warn(msg) c.warn(msg)
} }
} }
// Expand path_rules to elementary rules. // Expand path_rules to elementary rules.
 End of changes. 5 change blocks. 
8 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)