"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "go/pkg/pass1/set-zone.go" between
Netspoc-6.032.tar.gz and Netspoc-6.033.tar.gz

About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.

set-zone.go  (Netspoc-6.032):set-zone.go  (Netspoc-6.033)
skipping to change at line 743 skipping to change at line 743
func (c *spoc) inheritAttributes() { func (c *spoc) inheritAttributes() {
natSeen := make(map[*network]bool) natSeen := make(map[*network]bool)
c.inheritAttributesFromArea(natSeen) c.inheritAttributesFromArea(natSeen)
c.inheritNatInZone(natSeen) c.inheritNatInZone(natSeen)
c.checkAttrNoCheckSupernetRules() c.checkAttrNoCheckSupernetRules()
c.cleanupAfterInheritance(natSeen) c.cleanupAfterInheritance(natSeen)
} }
//############################################################################## //##############################################################################
// Purpose : Assure that areas are processed in the right order and distribute // Purpose : Distribute area attributes to zones and managed routers.
// area attributes to zones and managed routers.
func (c *spoc) inheritAttributesFromArea(natSeen map[*network]bool) { func (c *spoc) inheritAttributesFromArea(natSeen map[*network]bool) {
// Areas can be nested. Proceed from small to larger ones. // Areas can be nested. Proceed from small to larger ones.
for _, a := range c.ascendingAreas { for _, a := range c.ascendingAreas {
c.inheritRouterAttributes(a) c.inheritRouterAttributes(a)
c.inheritAreaNat(a, natSeen) c.inheritAreaNat(a, natSeen)
} }
} }
//############################################################################## //##############################################################################
skipping to change at line 1005 skipping to change at line 1004
if n.nat == nil { if n.nat == nil {
n.nat = make(map[string]*network) n.nat = make(map[string]*network)
} }
n.nat[tag] = &subNat n.nat[tag] = &subNat
} }
} }
} }
} }
func (c *spoc) checkAttrNoCheckSupernetRules() { func (c *spoc) checkAttrNoCheckSupernetRules() {
var checkSubnets func(l netList) netList
checkSubnets = func(l netList) netList {
var errList netList
for _, n := range l {
if len(n.hosts) > 0 {
errList.push(n)
}
if subErr := checkSubnets(n.networks); subErr != nil {
errList = append(errList, subErr...)
}
}
return errList
}
for _, z := range c.allZones { for _, z := range c.allZones {
if z.noCheckSupernetRules { if z.noCheckSupernetRules {
if bugList := checkSubnets(z.networks); bugList != nil { var errList netList
// z.networks currently contains all networks of zone,
// subnets are discared later in findSubnetsInZone.
for _, n := range z.networks {
if len(n.hosts) > 0 {
errList.push(n)
}
}
if errList != nil {
c.err("Must not use attribute 'no_check_supernet_ rules' at %s\n"+ c.err("Must not use attribute 'no_check_supernet_ rules' at %s\n"+
" with networks having host definitions:\ n%s", " with networks having host definitions:\ n%s",
z, bugList.nameList()) z, errList.nameList())
} }
} }
} }
} }
// 1. Remove NAT entries from aggregates. // 1. Remove NAT entries from aggregates.
// These are only used during NAT inheritance. // These are only used during NAT inheritance.
// 2. Remove identity NAT entries. // 2. Remove identity NAT entries.
// These are only needed during NAT inheritance. // These are only needed during NAT inheritance.
// 3. Check for useless identity NAT. // 3. Check for useless identity NAT.
 End of changes. 4 change blocks. 
17 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)