"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/pkg/pass1/expand-group.go" between
Netspoc-6.026.tar.gz and Netspoc-6.027.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

expand-group.go  (Netspoc-6.026):expand-group.go  (Netspoc-6.027)
package pass1 package pass1
import ( import (
"github.com/hknutzen/Netspoc/go/pkg/ast" "github.com/hknutzen/Netspoc/go/pkg/ast"
"net" "inet.af/netaddr"
"strings" "strings"
) )
func cond(t bool, s1, s2 string) string { func cond(t bool, s1, s2 string) string {
if t { if t {
return s1 return s1
} }
return s2 return s2
} }
skipping to change at line 254 skipping to change at line 254
for _, obj := range subObjects { for _, obj := range subObjects {
obj.setUsed() obj.setUsed()
switch x := obj.(type) { switch x := obj.(type) {
case *network: case *network:
if selector == "all" { if selector == "all" {
if x.isAggregate { if x.isAggregate {
// We can't simply take // We can't simply take
// aggregate -> networks -> interfaces, // aggregate -> networks -> interfaces,
// because subnets may be missing. // because subnets may be missing.
if size, _ := x.mask.Size (); size != 0 { if x.ipp.Bits != 0 {
c.err("Must not u se interface:[..].[all]\n"+ c.err("Must not u se interface:[..].[all]\n"+
" with %s having ip/mask\n"+ " with %s having ip/mask\n"+
" in %s", x.name, ctx) " in %s", x, ctx)
} }
for _, intf := range x.zo ne.interfaces { for _, intf := range x.zo ne.interfaces {
r := intf.router r := intf.router
if (r.managed != "" || r.routingOnly) && check(intf) { if (r.managed != "" || r.routingOnly) && check(intf) {
result.pu sh(intf) result.pu sh(intf)
} }
} }
} else if managed { } else if managed {
// Find managed interface s of non aggregate network. // Find managed interface s of non aggregate network.
skipping to change at line 442 skipping to change at line 442
c.err("Can't resolve %s:%s in %s", x.Type , name, ctx) c.err("Can't resolve %s:%s in %s", x.Type , name, ctx)
} }
} }
case ast.AutoElem: case ast.AutoElem:
subObjects := c.expandGroup1(x.GetElements(), subObjects := c.expandGroup1(x.GetElements(),
x.GetType()+":[..] of "+ctx, ipv6, false, false) x.GetType()+":[..] of "+ctx, ipv6, false, false)
for _, obj := range subObjects { for _, obj := range subObjects {
obj.setUsed() obj.setUsed()
} }
getAggregates := getAggregates := func(obj groupObj, ipp netaddr.IPPrefix)
func(obj groupObj, ip net.IP, mask net.IPMask) ne netList {
tList { var zones []*zone
switch x := obj.(type) {
var zones []*zone case *area:
switch x := obj.(type) { seen := make(map[*zone]bool)
case *area: for _, z := range x.zones {
seen := make(map[*zone]bool) if c := z.cluster; len(c) > 1 {
for _, z := range x.zones { z = c[0]
if c := z.cluster; len(c) if seen[z] {
> 1 { continue
z = c[0] } else {
if seen[z] { seen[z] = true
continue
} else {
seen[z] =
true
}
} }
zones = append(zones, z)
}
case *network:
if x.isAggregate {
zones = append(zones, x.z
one)
} }
zones = append(zones, z)
} }
if zones == nil { case *network:
return nil if x.isAggregate {
zones = append(zones, x.zone)
} }
result := netList{} }
for _, z := range zones { if zones == nil {
return nil
}
result := netList{}
for _, z := range zones {
// Silently ignore loopback aggre // Silently ignore loopback aggregate.
gate. if len(z.networks) == 1 {
if z.loopback { n := z.networks[0]
if n.loopback && n.interfaces[0].
router.managed != "" {
continue continue
} }
result = append(result, c.getAny( z, ip, mask, visible)...)
} }
return result result = append(result, c.getAny(z, ipp, visible)...)
} }
return result
}
getNetworks := func(obj groupObj, withSubnets bool) netLi st { getNetworks := func(obj groupObj, withSubnets bool) netLi st {
result := netList{} result := netList{}
switch x := obj.(type) { switch x := obj.(type) {
case *host: case *host:
return netList{x.network} return netList{x.network}
case *routerIntf: case *routerIntf:
// Ignore network at managed loopback int erface. // Ignore network at managed loopback int erface.
if x.loopback && x.router.managed != "" { if x.loopback && x.router.managed != "" {
return netList{} return netList{}
skipping to change at line 503 skipping to change at line 504
if !x.isAggregate { if !x.isAggregate {
result.push(x) result.push(x)
} else { } else {
// Take aggregate directly. Don't use next "case" // Take aggregate directly. Don't use next "case"
// below, where it would be chang ed to non matching // below, where it would be chang ed to non matching
// aggregate with IP 0/0. // aggregate with IP 0/0.
result = append(result, x.network s...) result = append(result, x.network s...)
} }
default: default:
if list := getAggregates(obj, nil, nil); list := getAggregates(obj, getNetwork00(i
len(list) > 0 { pv6).ipp)
if len(list) > 0 {
for _, agg := range list { for _, agg := range list {
// Check type, because ge tAggregates // Check type, because ge tAggregates
// eventually returns non aggregate network if // eventually returns non aggregate network if
// one matches 0/0. // one matches 0/0.
if agg.isAggregate { if agg.isAggregate {
result = append(r esult, agg.networks...) result = append(r esult, agg.networks...)
} else { } else {
result.push(agg) result.push(agg)
} }
skipping to change at line 581 skipping to change at line 583
result.pu sh(n) result.pu sh(n)
} }
} }
} }
} else { } else {
c.err("Unexpected '%s' in network :[..] of %s", obj, ctx) c.err("Unexpected '%s' in network :[..] of %s", obj, ctx)
} }
} }
case "any": case "any":
x := x.(*ast.AggAuto) x := x.(*ast.AggAuto)
var ip net.IP var ipp netaddr.IPPrefix
var mask net.IPMask if tok := x.Net; tok != "" {
if n := x.Net; n != nil { var err error
ip = c.getVxIP(n.IP, ipv6, "any:[..]", ct ipp, err = netaddr.ParseIPPrefix(tok)
x) if err != nil {
mask = n.Mask c.err("Invalid CIDR address: %s i
n any:[ip = ...] of %s",
tok, ctx)
} else if ipp.IP != ipp.Masked().IP {
c.err("IP and mask don't match in
any:[ip = ...] of %s", ctx)
}
c.checkVxIP(ipp.IP, ipv6, "any:[..]", ctx
)
} else {
ipp = getNetwork00(ipv6).ipp
} }
// Ignore duplicate aggregates resulting // Ignore duplicate aggregates resulting
// - from different interfaces connected to the s ame aggregate, // - from different interfaces connected to the s ame aggregate,
// - group of aggregates. // - group of aggregates.
seen := make(map[*network]bool) seen := make(map[*network]bool)
for _, obj := range subObjects { for _, obj := range subObjects {
if l := getAggregates(obj, ip, mask); l ! = nil { if l := getAggregates(obj, ipp); l != nil {
for _, agg := range l { for _, agg := range l {
if !seen[agg] { if !seen[agg] {
seen[agg] = true seen[agg] = true
result.push(agg) result.push(agg)
} }
} }
} else if l := getNetworks(obj, false); l != nil { } else if l := getNetworks(obj, false); l != nil {
for _, n := range l { for _, n := range l {
for _, a := range c.getAn y(n.zone, ip, mask, visible) { for _, a := range c.getAn y(n.zone, ipp, visible) {
if !seen[a] { if !seen[a] {
seen[a] = true seen[a] = true
result.pu sh(a) result.pu sh(a)
} }
} }
} }
} else { } else {
c.err("Unexpected '%s' in any:[.. ] of %s", obj, ctx) c.err("Unexpected '%s' in any:[.. ] of %s", obj, ctx)
} }
} }
skipping to change at line 683 skipping to change at line 693
// in same visible context. // in same visible context.
*elPtr = elements *elPtr = elements
result = append(result, elements...) result = append(result, elements...)
} else { } else {
n, ok := obj.(*network) n, ok := obj.(*network)
if ok && n.isAggregate { if ok && n.isAggregate {
// Substitute aggregate by aggregate set of zone cluster. // Substitute aggregate by aggregate set of zone cluster.
// Ignore zone having no aggregate from u nnumbered network. // Ignore zone having no aggregate from u nnumbered network.
if cluster := n.zone.cluster; len(cluster ) > 1 { if cluster := n.zone.cluster; len(cluster ) > 1 {
key := ipmask{string(n.ip), strin g(n.mask)} ipp := n.ipp
for _, z := range cluster { for _, z := range cluster {
if agg2 := z.ipmask2aggre gate[key]; agg2 != nil { if agg2 := z.ipPrefix2agg regate[ipp]; agg2 != nil {
result.push(agg2) result.push(agg2)
} }
} }
} else { } else {
result.push(n) result.push(n)
} }
} else { } else {
result.push(obj) result.push(obj)
} }
} }
 End of changes. 18 change blocks. 
48 lines changed or deleted 57 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)