Hi,
Ran into a user error situation that perhaps the pf ruleset parser could help with. I was working on rules and using tag/tagged and the rule that should have 'applied' a tag used 'tagged value' instead of 'tag value'. Thus the tag was never set and the subsequent 'pass .... tagged value' rule never fired. It seems that tag references are not dynamically defined [ unless perhaps they are used in authpf scenarios? ]. Would it make sense for the parser to issue a warning if a 'tagged value' references appear but no defining 'tag value' is found in a ruleset? Scott Donaldson Saskatoon, SK Canada |
On Tue, Jan 30, 2018 at 3:20 PM, S. Donaldson <[hidden email]> wrote:
> It seems that tag references are not dynamically defined [ unless perhaps they are used in authpf scenarios? ]. Would it make sense for the parser to issue a warning if a 'tagged value' references appear but no defining 'tag value' is found in a ruleset? A warning would make sense. Definitely not an error though, since the 'tag value' rule might be added later in an anchor. I wonder how many people have gotten the bright idea of adding 'tagged xyz' to comment out a rule without disturbing the rule numbering... -ken |
In reply to this post by S. Donaldson
Actually I think the problem is not with the tag/tagged. It comes from the rule that If it is a quick one or not. When the rule is not quick it won't be matched with the tagged one for updating the tag value.If it is quick it will never see the next rule which is going to check the new tag value. It will be very hard for the parser to fire an accurate alarm in these cases. On Jan 31, 2018 09:01, "S. Donaldson" <[hidden email]> wrote: Hi, |
Well,
I don't expect the parser to be able to fix rulesets but if it can help identify situations that may be an error. The situation I was describing was a human error in defining the tag (using tagged instead of tag). Which causes the tag to never be defined and thus the rules with 'tagged' for that value ..never execute. Seemed like a standard "parsing is that constant variable ever defined" scenario? except as Kenneth G. pointed out if the defining tag directive appears in an anchor ...(I hinted at that by referencing authpf)... Scott
Scott Donaldson Manager of MIS Special Projects SED Systems a division of Calian Ltd. Saskatoon, SK Canada Office Phone: 306-933-1577 |
Free forum by Nabble | Edit this page |