Skip to content

Commit

Permalink
Cleanup unused subnet_of from NAT
Browse files Browse the repository at this point in the history
  • Loading branch information
@hknutzen
hknutzen committed Apr 17, 2024
1 parent b13b287 commit 8d0544b
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 1 deletion.
10 changes: 10 additions & 0 deletions go/pkg/pass1/cut-netspoc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -977,6 +977,13 @@ func (c *spoc) cutNetspoc(
}
*ref = l
}
selectSubnetOfInNAT := func(ref []*ast.Attribute) {
for _, a := range ref {
if strings.HasPrefix(a.Name, "nat:") {
selectSubnetOf(&a.ComplexValue)
}
}
}

selectBindNat := func(l []*ast.Value) []*ast.Value {
var result []*ast.Value
Expand Down Expand Up @@ -1093,13 +1100,15 @@ func (c *spoc) cutNetspoc(
case *ast.Network:
removeOwner(&x.Attributes)
selectSubnetOf(&x.Attributes)
selectSubnetOfInNAT(x.Attributes)
selectHosts(x)
case *ast.Router:
removeOwner(&x.Attributes)
removeAttr(&x.Attributes, "policy_distribution_point")
selectInterfaces(x)
case *ast.Area:
removeOwner(&x.Attributes)
selectSubnetOfInNAT(x.Attributes)
removeSubAttr(&x.Attributes,
"router_attributes", "policy_distribution_point")
if !keepOwner {
Expand All @@ -1108,6 +1117,7 @@ func (c *spoc) cutNetspoc(
case *ast.TopStruct:
if typ == "any" {
removeOwner(&x.Attributes)
selectSubnetOfInNAT(x.Attributes)
}
case *ast.TopList:
switch typ {
Expand Down
92 changes: 91 additions & 1 deletion go/testdata/cut-netspoc/cut-netspoc.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3959,4 +3959,94 @@ service:s1 = {
dst = network:n4;
prt = tcp 80;
}
=END=
=END=

############################################################
=TITLE=Cleanup subnet_of in NAT
=INPUT=
network:n1 = {
ip = 10.1.1.0/24;
nat:m = { ip = 10.1.3.16/28; dynamic; subnet_of = network:n3; }
}
network:n2 = { ip = 10.1.2.0/24; }
network:n3 = { ip = 10.1.3.0/24; }
router:r1 = {
managed;
model = ASA;
interface:n1 = { ip = 10.1.1.1; hardware = n1;}
interface:n2 = { ip = 10.1.2.1; hardware = n2; }
interface:n3 = { ip = 10.1.3.1; hardware = n3; bind_nat = m; }
}
service:s1 = {
user = network:n1;
permit src = user; dst = network:n2; prt = tcp 80;
}
=OUTPUT=
network:n1 = {
ip = 10.1.1.0/24;
nat:m = { ip = 10.1.3.16/28; dynamic; }
}
network:n2 = { ip = 10.1.2.0/24; }
router:r1 = {
managed;
model = ASA;
interface:n1 = { ip = 10.1.1.1; hardware = n1; }
interface:n2 = { ip = 10.1.2.1; hardware = n2; }
}
service:s1 = {
user = network:n1;
permit src = user;
dst = network:n2;
prt = tcp 80;
}
=END=
############################################################
=TITLE=Cleanup subnet_of in Area
=INPUT=
area:n1 = {
nat:m2 = { ip = 10.1.2.16/28; dynamic; subnet_of = network:n2; }
nat:m3 = { ip = 10.1.3.16/28; dynamic; subnet_of = network:n3; }
border = interface:r1.n1;
}
network:n1 = { ip = 10.1.1.0/24; }
network:n2 = { ip = 10.1.2.0/24; }
network:n3 = { ip = 10.1.3.0/24; }
router:r1 = {
managed;
model = ASA;
interface:n1 = { ip = 10.1.1.1; hardware = n1; }
interface:n2 = { ip = 10.1.2.1; hardware = n2; bind_nat = m2; }
interface:n3 = { ip = 10.1.3.1; hardware = n3; bind_nat = m3; }
}
service:s1 = {
user = network:n1;
permit src = user;
dst = network:n2;
prt = tcp 80;
}
=OUTPUT=
area:n1 = {
nat:m2 = { ip = 10.1.2.16/28; dynamic; subnet_of = network:n2; }
nat:m3 = { ip = 10.1.3.16/28; dynamic; }
border = interface:r1.n1;
}
network:n1 = { ip = 10.1.1.0/24; }
network:n2 = { ip = 10.1.2.0/24; }
router:r1 = {
managed;
model = ASA;
interface:n1 = { ip = 10.1.1.1; hardware = n1; }
interface:n2 = {
ip = 10.1.2.1;
hardware = n2;
bind_nat = m2;
}
}
service:s1 = {
user = network:n1;
permit src = user;
dst = network:n2;
prt = tcp 80;
}
=END=

0 comments on commit 8d0544b

Please sign in to comment.