"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/pkg/pass1/export.go" between
Netspoc-6.026.tar.gz and Netspoc-6.027.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

export.go  (Netspoc-6.026):export.go  (Netspoc-6.027)
skipping to change at line 72 skipping to change at line 72
enc.SetIndent("", " ") enc.SetIndent("", " ")
if err := enc.Encode(data); err != nil { if err := enc.Encode(data); err != nil {
c.abort("%v", err) c.abort("%v", err)
} }
if err := fd.Close(); err != nil { if err := fd.Close(); err != nil {
c.abort("Can't %v", err) c.abort("Can't %v", err)
} }
} }
func printNetworkIp(n *network) string { func printNetworkIp(n *network) string {
pIP := n.ip.String() pIP := n.ipp.IP.String()
var pMask string var pMask string
if n.ipV6 { if n.ipV6 {
size, _ := n.mask.Size() size := n.ipp.Bits
pMask = strconv.Itoa(size) pMask = strconv.Itoa(int(size))
} else { } else {
pMask = net.IP(n.mask).String() pMask = net.IP(n.ipp.IPNet().Mask).String()
} }
return pIP + "/" + pMask return pIP + "/" + pMask
} }
type jsonMap map[string]interface{} type jsonMap map[string]interface{}
// Add attributes ip and nat to dst object. // Add attributes ip and nat to dst object.
func ipNatForObject(obj srvObj, dst jsonMap) { func ipNatForObject(obj srvObj, dst jsonMap) {
var ip string var ip string
natMap := make(map[string]string) natMap := make(map[string]string)
skipping to change at line 103 skipping to change at line 103
switch x := obj.(type) { switch x := obj.(type) {
case *network: case *network:
getIp := func(n *network) string { getIp := func(n *network) string {
if n.hidden { if n.hidden {
return "hidden" return "hidden"
} }
// Don't print mask for loopback network. It needs to hav e // Don't print mask for loopback network. It needs to hav e
// exactly the same address as the corresponding loopback interface. // exactly the same address as the corresponding loopback interface.
if n.loopback { if n.loopback {
return n.ip.String() return n.ipp.IP.String()
} }
return printNetworkIp(n) return printNetworkIp(n)
} }
ip = getIp(x) ip = getIp(x)
for tag, natNet := range x.nat { for tag, natNet := range x.nat {
natMap[tag] = getIp(natNet) natMap[tag] = getIp(natNet)
} }
case *host: case *host:
getIp := func(h *host, n *network) string { getIp := func(h *host, n *network) string {
skipping to change at line 128 skipping to change at line 128
// Single static NAT IP for this host. // Single static NAT IP for this host.
return ip.String() return ip.String()
} }
if n.hidden { if n.hidden {
return "hidden" return "hidden"
} }
// Dynamic NAT, take whole network. // Dynamic NAT, take whole network.
return printNetworkIp(n) return printNetworkIp(n)
} }
if ip := h.ip; ip != nil { if ip := h.ip; !ip.IsZero() {
return mergeIP(ip, n).String() return mergeIP(ip, n).String()
} }
r := h.ipRange return h.ipRange.String()
return mergeIP(r[0], n).String() + "-" + mergeIP(r[1], n)
.String()
} }
n := x.network n := x.network
ip = getIp(x, n) ip = getIp(x, n)
for tag, natNet := range n.nat { for tag, natNet := range n.nat {
natMap[tag] = getIp(x, natNet) natMap[tag] = getIp(x, natNet)
} }
case *routerIntf: case *routerIntf:
getIp := func(intf *routerIntf, n *network) string { getIp := func(intf *routerIntf, n *network) string {
if n.dynamic { if n.dynamic {
skipping to change at line 184 skipping to change at line 183
} }
} }
dst["ip"] = ip dst["ip"] = ip
if len(natMap) != 0 { if len(natMap) != 0 {
dst["nat"] = natMap dst["nat"] = natMap
} }
} }
// Zone with network 0/0 doesn't have an aggregate 0/0. // Zone with network 0/0 doesn't have an aggregate 0/0.
func getZoneName(z *zone) string { func getZoneName(z *zone) string {
ip := getZeroIp(z.ipV6) ipp := getNetwork00(z.ipV6).ipp
mask := getZeroMask(z.ipV6) if any := z.ipPrefix2aggregate[ipp]; any != nil {
if any := z.ipmask2aggregate[ipmask{string(ip), string(mask)}]; any != ni
l {
return any.name return any.name
} else { } else {
return z.name return z.name
} }
} }
//##################################################################### //#####################################################################
// Setup services // Setup services
//##################################################################### //#####################################################################
skipping to change at line 876 skipping to change at line 874
outerForObj := make(map[*owner]bool) outerForObj := make(map[*owner]bool)
for ow, _ := range outerOwners { for ow, _ := range outerOwners {
outerForObj[ow] = true outerForObj[ow] = true
} }
setOuterOwners(obj, ow, outerForObj) setOuterOwners(obj, ow, outerForObj)
} }
} }
for _, n := range addSubnetworks(z.networks) { for _, n := range addSubnetworks(z.networks) {
process(n) process(n)
} }
for _, n := range z.ipmask2aggregate { for _, n := range z.ipPrefix2aggregate {
process(n) process(n)
} }
} }
// Intersection of all outer owners of one owner is allowed to take // Intersection of all outer owners of one owner is allowed to take
// role of corresponding inner owner. // role of corresponding inner owner.
eInfo := make(map[*owner][]*owner) eInfo := make(map[*owner][]*owner)
for _, ow := range symTable.owner { for _, ow := range symTable.owner {
outerOwners := owner2outerOwners[ow] outerOwners := owner2outerOwners[ow]
if masterOwner != nil { if masterOwner != nil {
skipping to change at line 918 skipping to change at line 916
// Otherwise multiple nat-sets need to be combined. // Otherwise multiple nat-sets need to be combined.
// Analyze each network X with multiple NAT tags. // Analyze each network X with multiple NAT tags.
// - If all nat-sets map to the same IP, use this mapping. // - If all nat-sets map to the same IP, use this mapping.
// - If some nat-sets map to different IPs, use original IP. // - If some nat-sets map to different IPs, use original IP.
// - If some nat-sets map to the same IP and all other nat-sets // - If some nat-sets map to the same IP and all other nat-sets
// map to 'hidden' then ignore hidden in combined nat-set. // map to 'hidden' then ignore hidden in combined nat-set.
// This way, a real NAT tag will not be disabled, // This way, a real NAT tag will not be disabled,
// if it is combined with a hidden NAT tag from same multi-NAT. // if it is combined with a hidden NAT tag from same multi-NAT.
//##################################################################### //#####################################################################
func (c *spoc) exportNatSet(dir string, func (c *spoc) exportNatSet(dir string,
natTag2multinatDef map[string][]natMap, natTag2natType map[string]string, natTag2multinatDef map[string][]natTagMap, natTag2natType map[string]stri ng,
pInfo, oInfo xOwner) { pInfo, oInfo xOwner) {
c.progress("Export NAT-sets") c.progress("Export NAT-sets")
owner2domains := make(map[string]map[*natDomain]bool) owner2domains := make(map[string]map[*natDomain]bool)
for _, n := range c.allNetworks { for _, n := range c.allNetworks {
if n.isAggregate { if n.isAggregate {
continue continue
} }
// Ignore IPv6 networks where typically no NAT is active. // Ignore IPv6 networks where typically no NAT is active.
skipping to change at line 958 skipping to change at line 956
for ownerName, _ := range symTable.owner { for ownerName, _ := range symTable.owner {
natList := make(stringList, 0) natList := make(stringList, 0)
if doms := owner2domains[ownerName]; doms != nil { if doms := owner2domains[ownerName]; doms != nil {
// Build union of all natSets of found NAT domains. // Build union of all natSets of found NAT domains.
var natSets []natSet var natSets []natSet
for d, _ := range doms { for d, _ := range doms {
natSets = append(natSets, d.natSet) natSets = append(natSets, d.natSet)
} }
combined := combineNatSets(natSets, natTag2multinatDef, n atTag2natType) combined := combineNatSets(natSets, natTag2multinatDef, n atTag2natType)
for tag, _ := range *combined { for tag, _ := range combined {
natList.push(tag) natList.push(tag)
} }
} }
sort.Strings(natList) sort.Strings(natList)
c.createDirs(dir, "owner/"+ownerName) c.createDirs(dir, "owner/"+ownerName)
c.exportJson(dir, "owner/"+ownerName+"/nat_set", natList) c.exportJson(dir, "owner/"+ownerName+"/nat_set", natList)
} }
} }
skipping to change at line 1073 skipping to change at line 1071
} }
m4 := m3["networks"].(jsonMap) m4 := m3["networks"].(jsonMap)
for k, v := range add { for k, v := range add {
m4[k] = v m4[k] = v
} }
} }
for _, z := range c.allZones { for _, z := range c.allZones {
// All aggregates can be used in rules. // All aggregates can be used in rules.
for _, agg := range z.ipmask2aggregate { for _, agg := range z.ipPrefix2aggregate {
allObjects[agg] = true allObjects[agg] = true
} }
// Ignore empty zone with only tunnel or unnumbered networks. // Ignore empty zone with only tunnel or unnumbered networks.
if len(z.networks) == 0 { if len(z.networks) == 0 {
continue continue
} }
zoneName := getZoneName(z) zoneName := getZoneName(z)
networks := addSubnetworks(z.networks) networks := addSubnetworks(z.networks)
 End of changes. 11 change blocks. 
17 lines changed or deleted 13 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)