Find new anchor if it is subnet

hknutzen · Apr 11, 2024 · 3164ccc · 3164ccc
1 parent c7ee784
commit 3164ccc
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 10 deletions.
diff --git a/go/pkg/pass1/cut-netspoc.go b/go/pkg/pass1/cut-netspoc.go
@@ -669,15 +669,15 @@ func (c *spoc) cutNetspoc(
 			if anchor := a.anchor; anchor != nil {
 				// Change anchor to some used network
 				if !isUsed[anchor.name] {
-				ZONE:
+					found := false
 					for _, z := range a.zones {
-						for _, n := range z.networks {
-							if isUsed[n.name] {
+						processWithSubnetworks(z.networks, func(n *network) {
+							if !found && isUsed[n.name] {
 								aTop.GetAttr("anchor").ValueList =
 									[]*ast.Value{{Value: n.name}}
-								break ZONE
+								found = true
 							}
-						}
+						})
 					}
 				}
 			} else {
@@ -711,18 +711,18 @@ func (c *spoc) cutNetspoc(
 				cleanup(&aTop.InclusiveBorder)
 				// Add anchor, if all interfaces have been removed.
 				if aTop.Border == nil && aTop.InclusiveBorder == nil {
-				Z2:
+					found := false
 					for _, z := range a.zones {
-						for _, n := range z.networks {
-							if isUsed[n.name] {
+						processWithSubnetworks(z.networks, func(n *network) {
+							if !found && isUsed[n.name] {
 								aTop.Attributes = append(aTop.Attributes,
 									&ast.Attribute{
 										Name:      "anchor",
 										ValueList: []*ast.Value{{Value: n.name}},
 									})
-								break Z2
+								found = true
 							}
-						}
+						})
 					}
 				}
 			}

diff --git a/go/testdata/cut-netspoc/cut-netspoc.t b/go/testdata/cut-netspoc/cut-netspoc.t
@@ -1108,6 +1108,60 @@ service:test = {
 }
 =END=
 
+############################################################
+=TITLE=Area with border outside of path, new anchor is subnet
+=INPUT=
+network:n1 = { ip = 10.1.1.16/28; }
+network:n2 = { ip = 10.1.1.32/28; }
+network:n3 = { ip = 10.1.1.0/24; has_subnets; }
+network:n4 = { ip = 10.1.2.0/24; }
+router:r1 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = 10.1.1.17; hardware = n1; }
+}
+router:r2 = {
+ interface:n1 = { ip = 10.1.1.18; }
+ interface:n3;
+ interface:n2 = { ip = 10.1.1.33; hardware = n2; }
+}
+router:r3 = {
+ managed;
+ model = ASA;
+ interface:n2 = { ip = 10.1.1.33; hardware = n2; }
+ interface:n4 = { ip = 10.1.2.1;  hardware = n4; }
+}
+owner:o1 = { admins = o1@example.com; }
+area:a1 = {
+ owner = o1;
+ inclusive_border = interface:r3.n4;
+}
+service:s1 = {
+ user = network:n1;
+ permit src = user; dst = interface:r1.n1; prt = tcp 22;
+}
+=OUTPUT=
+network:n1 = { ip = 10.1.1.16/28; }
+router:r1 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = 10.1.1.17; hardware = n1; }
+}
+owner:o1 = {
+ admins = o1@example.com;
+}
+area:a1 = {
+ owner = o1;
+ anchor = network:n1;
+}
+service:s1 = {
+ user = network:n1;
+ permit src = user;
+        dst = interface:r1.n1;
+        prt = tcp 22;
+}
+=OPTIONS=--owner
+
 ############################################################
 =TITLE=Network in name of zone is located outside of path
 =TEMPL=input