diff --git a/go/pkg/pass1/print-code.go b/go/pkg/pass1/print-code.go
index 52abf8d8..2d664811 100644
--- a/go/pkg/pass1/print-code.go
+++ b/go/pkg/pass1/print-code.go
@@ -2391,27 +2391,8 @@ func (c *spoc) getCodeInfo(vrfMembers []*router) *codeInfo {
}
}
-func (c *spoc) printPanOS(fd *os.File, vrfMembers []*router, info *codeInfo) {
- pdP := ""
- if pdp := info.PolicyDistributionPoint; pdp != "" {
- pdP = "\n[ Policy_distribution_point = " + pdp + " ]"
- }
- fmt.Fprintf(fd,
- `
-
-`,
- program, version,
- strings.Join(info.NameList, ", "),
- info.Model,
- strings.Join(info.IPList, ", "),
- pdP)
-
+func (c *spoc) printPanOS(fd *os.File, vrfMembers []*router) {
+ fmt.Fprintln(fd, ``)
fmt.Fprintln(fd, "")
for _, r := range vrfMembers {
fmt.Fprintln(fd, "#insert", r.vrf)
@@ -2419,23 +2400,7 @@ Generated by %s, version %s
fmt.Fprintln(fd, "")
}
-func (c *spoc) printNSX(fd *os.File, vrfMembers []*router, info *codeInfo) {
- pdP := ""
- if pdp := info.PolicyDistributionPoint; pdp != "" {
- pdP = "\n#[ Policy_distribution_point = " + pdp + " ]"
- }
- fmt.Fprintf(fd,
- `#Generated by %s, version %s
-#
-#[ BEGIN %s ]
-#[ Model = %s ]
-#[ IP = %s ]%s
-`,
- program, version,
- strings.Join(info.NameList, ", "),
- info.Model,
- strings.Join(info.IPList, ", "),
- pdP)
+func (c *spoc) printNSX(fd *os.File, vrfMembers []*router) {
fmt.Fprintln(fd, "#insert JSON")
}
@@ -2473,35 +2438,16 @@ func (c *spoc) printRouter(r *router, dir string) string {
defer fd.Close()
if model.filter == "PAN-OS" {
- c.printPanOS(fd, vrfMembers, infoData)
+ c.printPanOS(fd, vrfMembers)
for _, vrouter := range vrfMembers {
collectAclsFromIORules(vrouter)
}
} else if model.filter == "NSX" {
- c.printNSX(fd, vrfMembers, infoData)
+ c.printNSX(fd, vrfMembers)
for _, vrouter := range vrfMembers {
c.printCiscoAcls(fd, vrouter)
}
} else {
-
- // Print version header.
- commentChar := model.commentChar
- fmt.Fprintf(fd, "%s Generated by %s, %s", commentChar, program, version)
- fmt.Fprintln(fd)
-
- header := func(key, val string) {
- fmt.Fprintf(fd, "%s [ %s %s ]\n", commentChar, key, val)
- }
- header("BEGIN", deviceName)
- header("Model =", infoData.Model)
- ips := infoData.IPList
- if len(ips) != 0 {
- header("IP =", strings.Join(ips, ","))
- }
- if pdp := infoData.PolicyDistributionPoint; pdp != "" {
- header("Policy_distribution_point =", pdp)
- }
-
for _, vrouter := range vrfMembers {
c.printRoutes(fd, vrouter)
if vrouter.managed == "" {
@@ -2513,9 +2459,6 @@ func (c *spoc) printRouter(r *router, dir string) string {
printAclSuffix(fd, vrouter)
printRouterIntf(fd, vrouter)
}
-
- header("END", deviceName)
- fmt.Fprintln(fd)
}
// Print ACLs in machine independent format into separate file.
diff --git a/go/testdata/area.t b/go/testdata/area.t
index 0f90168c..ee759307 100644
--- a/go/testdata/area.t
+++ b/go/testdata/area.t
@@ -117,10 +117,10 @@ service:pdp3 = {
permit src = host:h3; dst = user; prt = ip;
}
=OUTPUT=
---asa1
-! [ IP = 10.1.1.1 ]
---asa2
-! [ IP = 10.1.3.2 ]
+--asa1.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.1.1"],"policy_distribution_point":"10.1.1.10"}
+--asa2.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.3.2"],"policy_distribution_point":"10.1.3.10"}
=OPTIONS=--check_policy_distribution_point=warn
############################################################
diff --git a/go/testdata/auto_intf.t b/go/testdata/auto_intf.t
index 9cb06a84..8aff9ee3 100644
--- a/go/testdata/auto_intf.t
+++ b/go/testdata/auto_intf.t
@@ -1211,8 +1211,8 @@ service:test = {
permit src = network:a; dst = user; prt = tcp 22;
}
=OUTPUT=
---r1
-! [ IP = 10.0.0.1,10.1.1.1 ]
+--r1.info
+{"generated_by":"devel","model":"IOS","ip_list":["10.0.0.1","10.1.1.1"],"policy_distribution_point":"10.0.0.10"}
=END=
############################################################
@@ -1258,8 +1258,8 @@ service:s1 = {
permit src = user; dst = interface:r2.n5; prt = tcp 80;
}
=OUTPUT=
---r2
-! [ IP = 10.1.3.2,10.1.4.1 ]
+--r2.info
+{"generated_by":"devel","model":"IOS","ip_list":["10.1.3.2","10.1.4.1"],"policy_distribution_point":"10.1.1.111"}
=END=
############################################################
@@ -1285,8 +1285,8 @@ service:s1 = {
prt = tcp 22;
}
=OUTPUT=
---r1
-! [ IP = 10.1.2.1,10.1.3.1 ]
+--r1.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.1","10.1.3.1"],"policy_distribution_point":"10.1.1.111"}
=OPTIONS=--check_policy_distribution_point=1
############################################################
@@ -1320,10 +1320,10 @@ service:s = {
permit src = network:n3; dst = user; prt = tcp 22;
}
=OUTPUT=
---r1
-! [ IP = 10.1.2.3 ]
---r2
-! [ IP = 10.1.2.2 ]
+--r1.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.3"],"policy_distribution_point":"10.1.3.9"}
+--r2.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.2"],"policy_distribution_point":"10.1.3.9"}
=END=
############################################################
diff --git a/go/testdata/bridged.t b/go/testdata/bridged.t
index f9e7f198..d06c970a 100644
--- a/go/testdata/bridged.t
+++ b/go/testdata/bridged.t
@@ -404,8 +404,8 @@ service:admin = {
permit src = network:n1; dst = user; prt = tcp 22;
}
=OUTPUT=
---bridge
-! [ IP = 10.1.2.9 ]
+--bridge.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.9"],"policy_distribution_point":"10.1.1.111"}
=END=
############################################################
@@ -417,8 +417,8 @@ service:admin = {
permit src = network:n1; dst = user; prt = tcp 22;
}
=OUTPUT=
---bridge
-! [ IP = 10.1.2.9 ]
+--bridge.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.9"],"policy_distribution_point":"10.1.1.111"}
=END=
############################################################
@@ -430,8 +430,8 @@ service:admin = {
permit src = network:n1; dst = user; prt = tcp 22;
}
=OUTPUT=
---bridge
-! [ IP = 10.1.2.9 ]
+--bridge.info
+{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.9"],"policy_distribution_point":"10.1.1.111"}
=END=
############################################################
diff --git a/go/testdata/iptables.t b/go/testdata/iptables.t
index 5ff119e0..43738481 100644
--- a/go/testdata/iptables.t
+++ b/go/testdata/iptables.t
@@ -21,10 +21,6 @@ service:s1 = {
--r1.info
{"generated_by":"devel","model":"Linux"}
--r1
-# [ BEGIN r1 ]
---
-# [ Model = Linux ]
---
# [ PREFIX ]
--
#!/sbin/iptables-restore <
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
--ipv6/r1.info
{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
=END=
############################################################
@@ -424,10 +348,6 @@ router:r1@vsys1 = {
interface:n1 = { ip = ::a01:102; hardware = IN; }
interface:n2 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6/ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -442,79 +362,11 @@ router:r1@vsys1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
---ipv6/ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
+--ipv6/ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
=END=
############################################################
@@ -536,10 +388,6 @@ router:r1@vsys1 = {
interface:n1 = { ip = ::a01:102; hardware = IN; }
interface:n2 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6/ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -554,79 +402,11 @@ router:r1@vsys1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
---ipv6/ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
+--ipv6/ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
=END=
############################################################
@@ -782,15 +562,10 @@ service:s4 = {
permit src = user; dst = network:n3; prt = tcp 81;
}
=OUTPUT=
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101","::a01:109"],"name_list":["r1","r2"]}
--ipv6/r1
-
--
@@ -995,15 +770,10 @@ service:s4 = {
permit src = user; dst = host:h50, host:h60; prt = ip;
}
=OUTPUT=
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
--ipv6/r1
-
--
@@ -1411,7 +1181,7 @@ service:s1 = {
=END=
############################################################
-=TITLE=Add Policy Distribution Point To Header
+=TITLE=Add policy distribution point to info file
=PARAMS=--ipv6
=INPUT=
network:n1 = { ip = ::a01:100/120; }
@@ -1442,13 +1212,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- ipv6/r1
-[ BEGIN r1 ]
-[ Model = PAN-OS ]
-[ IP = ::a01:101 ]
-[ Policy_distribution_point = ::a01:309 ]
--->
-
+-- ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"],"policy_distribution_point":"::a01:309"}
=END=
############################################################
\ No newline at end of file
diff --git a/go/testdata/ipv6/reuse-previous_ipv6.t b/go/testdata/ipv6/reuse-previous_ipv6.t
index 45f9d48f..740e863f 100644
--- a/go/testdata/ipv6/reuse-previous_ipv6.t
+++ b/go/testdata/ipv6/reuse-previous_ipv6.t
@@ -133,11 +133,10 @@ network:n1 = { ip = ::a01:100/120; }
mkdir old
mkdir out
ln -s ../old out/.prev
+cat < old/r1.info
+{"generated_by":"devel","model":"ASA","name_list":["r1"]}
+END
cat < old/r1.config
-! Generated by Netspoc, devel
-! [ BEGIN r1 ]
-! [ Model = ASA ]
-! [ END r1 ]
END
cat < old/r1.rules
diff --git a/go/testdata/ipv6/routing_only_ipv6.t b/go/testdata/ipv6/routing_only_ipv6.t
index 6301acdc..6a7c3946 100644
--- a/go/testdata/ipv6/routing_only_ipv6.t
+++ b/go/testdata/ipv6/routing_only_ipv6.t
@@ -27,8 +27,6 @@ service:test = {
--ipv6/r.info
{"generated_by":"devel","model":"ASA","ip_list":["::a01:201"],"policy_distribution_point":"::a01:30a"}
--ipv6/r
-! [ IP = ::a01:201 ]
---
! [ Routing ]
ipv6 route n2 ::a01:300/120 ::a01:202
=END=
diff --git a/go/testdata/ipv6/vrf_ipv6.t b/go/testdata/ipv6/vrf_ipv6.t
index 0999c456..dbc33b56 100644
--- a/go/testdata/ipv6/vrf_ipv6.t
+++ b/go/testdata/ipv6/vrf_ipv6.t
@@ -265,8 +265,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- ipv6/r1
-! [ IP = ::a01:102 ]
+-- ipv6/r1.info
+{"generated_by":"devel","model":"NX-OS","ip_list":["::a01:102"]}
=END=
############################################################
@@ -293,8 +293,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- ipv6/r1
-! [ IP = ::a01:101,::a01:102 ]
+-- ipv6/r1.info
+{"generated_by":"devel","model":"NX-OS","ip_list":["::a01:101","::a01:102"],"policy_distribution_point":"::a01:109"}
=END=
############################################################
@@ -405,8 +405,8 @@ service:admin = {
permit src = host:h1; dst = user; prt = tcp 22;
}
=OUTPUT=
--- ipv6/r1
-! [ IP = ::a01:201,::a01:302 ]
+-- ipv6/r1.info
+{"generated_by":"devel","model":"IOS","ip_list":["::a01:201","::a01:302"],"policy_distribution_point":"::a01:10a"}
=OPTIONS=--check_policy_distribution_point=1
############################################################
@@ -429,28 +429,4 @@ Error: Must not use VRF at router:r1@v1 of model ASA
Error: Must not use VRF at router:r1@v2 of model ASA
=END=
-############################################################
-=TITLE=Add Policy Distribution Point To Header
-=PARAMS=--ipv6
-=INPUT=
-network:n1 = { ip = ::a01:100/120;
- host:netspoc = { ip = ::a01:109; }
-}
-router:r1 = {
- managed;
- policy_distribution_point = host:netspoc;
- model = NX-OS;
- interface:n1 = { ip = ::a01:101; hardware = v1; }
-}
-service:admin = {
- user = interface:r1.n1;
- permit src = host:netspoc; dst = user; prt = tcp 22;
-}
-=OUTPUT=
--- ipv6/r1
-! [ IP = ::a01:101 ]
---
-! [ Policy_distribution_point = ::a01:109 ]
-=END=
-
############################################################
\ No newline at end of file
diff --git a/go/testdata/nsx.t b/go/testdata/nsx.t
index 4388eac6..575a239c 100644
--- a/go/testdata/nsx.t
+++ b/go/testdata/nsx.t
@@ -85,490 +85,54 @@ router:r1@v1 = {
interface:n1 = { ip = 10.1.1.2; hardware = IN; }
interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
--- ipv6
-network:n1v6 = { ip = ::a01:100/120; }
-network:n2v6 = { ip = ::a01:200/120; }
-router:r1@v1 = {
- model = NSX, T0;
- managed;
- interface:n1v6 = { ip = ::a01:102; hardware = IN; }
- interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
-}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
-=OUTPUT=
---ipv6/r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = 10.1.1.1 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "::a01:200/120"
- ],
- "direction": "OUT",
- "id": "v6r1",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "::a01:100/120"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "v6r2",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "v6r3",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
-}
---r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = 10.1.1.1 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "10.1.2.0/24"
- ],
- "direction": "OUT",
- "id": "r1",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "10.1.1.0/24"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "r2",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "r3",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
-}
-=END=
-
-############################################################
-=TITLE=Only one IPv6 management_instance
-# No IPv6
-=INPUT=
--- z_sort_after_ipv6
-network:n1 = { ip = 10.1.1.0/24; }
-network:n2 = { ip = 10.1.2.0/24; }
-router:r1@v1 = {
- model = NSX, T0;
- managed;
- interface:n1 = { ip = 10.1.1.2; hardware = IN; }
- interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
-}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
--- ipv6
-network:n1v6 = { ip = ::a01:100/120; }
-network:n2v6 = { ip = ::a01:200/120; }
-router:r1 = {
- model = NSX;
- management_instance;
- interface:n1v6 = { ip = ::a01:101; }
-}
-router:r1@v1 = {
- model = NSX, T0;
- managed;
- interface:n1v6 = { ip = ::a01:102; hardware = IN; }
- interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
-}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
-=OUTPUT=
---ipv6/r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = ::a01:101 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "::a01:200/120"
- ],
- "direction": "OUT",
- "id": "v6r1",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "::a01:100/120"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "v6r2",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "v6r3",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
-}
---r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = ::a01:101 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "10.1.2.0/24"
- ],
- "direction": "OUT",
- "id": "r1",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "10.1.1.0/24"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "r2",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "r3",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
+-- ipv6
+network:n1v6 = { ip = ::a01:100/120; }
+network:n2v6 = { ip = ::a01:200/120; }
+router:r1@v1 = {
+ model = NSX, T0;
+ managed;
+ interface:n1v6 = { ip = ::a01:102; hardware = IN; }
+ interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
+}
+=OUTPUT=
+--ipv6/r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1"],"name_list":["r1"]}
+--r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1"],"name_list":["r1"]}
+=END=
+
+############################################################
+=TITLE=Only one IPv6 management_instance
+# No IPv6
+=INPUT=
+-- z_sort_after_ipv6
+network:n1 = { ip = 10.1.1.0/24; }
+network:n2 = { ip = 10.1.2.0/24; }
+router:r1@v1 = {
+ model = NSX, T0;
+ managed;
+ interface:n1 = { ip = 10.1.1.2; hardware = IN; }
+ interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
+}
+-- ipv6
+network:n1v6 = { ip = ::a01:100/120; }
+network:n2v6 = { ip = ::a01:200/120; }
+router:r1 = {
+ model = NSX;
+ management_instance;
+ interface:n1v6 = { ip = ::a01:101; }
+}
+router:r1@v1 = {
+ model = NSX, T0;
+ managed;
+ interface:n1v6 = { ip = ::a01:102; hardware = IN; }
+ interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
+=OUTPUT=
+--ipv6/r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["::a01:101"],"name_list":["r1"]}
+--r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["::a01:101"],"name_list":["r1"]}
=END=
############################################################
@@ -589,10 +153,6 @@ router:r1@v1 = {
interface:n1 = { ip = 10.1.1.2; hardware = IN; }
interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -607,227 +167,11 @@ router:r1@v1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
---ipv6/r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = 10.1.1.1 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "::a01:200/120"
- ],
- "direction": "OUT",
- "id": "v6r1",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "::a01:100/120"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "v6r2",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "v6r3",
- "ip_protocol": "IPV6",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
-}
+--ipv6/r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1"],"name_list":["r1"]}
--r1.info
{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1"],"name_list":["r1"]}
---r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1 ]
---
-#[ Model = NSX ]
---
-#[ IP = 10.1.1.1 ]
---
-{
- "groups": null,
- "policies": [
- {
- "id": "Netspoc-v1",
- "resource_type": "GatewayPolicy",
- "rules": [
- {
- "action": "ALLOW",
- "destination_groups": [
- "10.1.2.0/24"
- ],
- "direction": "OUT",
- "id": "r1",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 20,
- "services": [
- "/infra/services/Netspoc-tcp_80"
- ],
- "source_groups": [
- "10.1.1.0/24"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "OUT",
- "id": "r2",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- },
- {
- "action": "DROP",
- "destination_groups": [
- "ANY"
- ],
- "direction": "IN",
- "id": "r3",
- "ip_protocol": "IPV4",
- "profiles": [
- "ANY"
- ],
- "resource_type": "Rule",
- "scope": [
- "/infra/tier-0s/v1"
- ],
- "sequence_number": 30,
- "services": [
- "ANY"
- ],
- "source_groups": [
- "ANY"
- ]
- }
- ]
- }
- ],
- "services": [
- {
- "id": "Netspoc-tcp_80",
- "service_entries": [
- {
- "destination_ports": [
- "80"
- ],
- "id": "id",
- "l4_protocol": "TCP",
- "resource_type": "L4PortSetServiceEntry",
- "source_ports": []
- }
- ]
- }
- ]
-}
=END=
############################################################
@@ -1005,16 +349,6 @@ service:s4 = {
--r1.info
{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1","10.1.1.9"],"name_list":["r1","r2"]}
--r1
-#Generated by Netspoc, version devel
---
-#
---
-#[ BEGIN r1, r2 ]
---
-#[ Model = NSX ]
---
-#[ IP = 10.1.1.1, 10.1.1.9 ]
---
{
"groups": [
{
@@ -2119,7 +1453,7 @@ service:s1 = {
=END=
############################################################
-=TITLE=Add Policy Distribution Point To Header
+=TITLE=Add policy distribution point to info file
=INPUT=
network:n1 = { ip = 10.1.1.0/24; }
network:n2 = { ip = 10.1.2.0/24; }
@@ -2149,10 +1483,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- r1
-#[ IP = 10.1.1.1 ]
---
-#[ Policy_distribution_point = 10.1.3.9 ]
+-- r1.info
+{"generated_by":"devel","model":"NSX","ip_list":["10.1.1.1"],"name_list":["r1"],"policy_distribution_point":"10.1.3.9"}
=END=
-############################################################
\ No newline at end of file
+############################################################
diff --git a/go/testdata/pan-os.t b/go/testdata/pan-os.t
index a4cca3f8..4d1c7f35 100644
--- a/go/testdata/pan-os.t
+++ b/go/testdata/pan-os.t
@@ -300,10 +300,6 @@ router:r1@vsys1 = {
interface:n1 = { ip = 10.1.1.2; hardware = IN; }
interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -313,83 +309,11 @@ router:r1@vsys1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
--ipv6/r1.info
{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"]}
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
--r1.info
{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"]}
---r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET_10.1.1.0_24
-NET_10.1.2.0_24
-tcp 80
-any
-interzone
-
-
-
-
-
-10.1.1.0/24
-10.1.2.0/24
-
-
-80
-
-
=END=
############################################################
@@ -405,10 +329,6 @@ router:r1@vsys1 = {
interface:n1 = { ip = 10.1.1.2; hardware = IN; }
interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -423,79 +343,11 @@ router:r1@vsys1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
---r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET_10.1.1.0_24
-NET_10.1.2.0_24
-tcp 80
-any
-interzone
-
-
-
-
-
-10.1.1.0/24
-10.1.2.0/24
-
-
-80
-
-
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
+--r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["::a01:101"],"name_list":["r1"]}
=END=
############################################################
@@ -516,10 +368,6 @@ router:r1@vsys1 = {
interface:n1 = { ip = 10.1.1.2; hardware = IN; }
interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
}
-service:s1 = {
- user = network:n1;
- permit src = user; dst = network:n2; prt = tcp 80;
-}
-- ipv6
network:n1v6 = { ip = ::a01:100/120; }
network:n2v6 = { ip = ::a01:200/120; }
@@ -534,79 +382,11 @@ router:r1@vsys1 = {
interface:n1v6 = { ip = ::a01:102; hardware = IN; }
interface:n2v6 = { ip = ::a01:201; hardware = OUT; }
}
-service:s1v6 = {
- user = network:n1v6;
- permit src = user; dst = network:n2v6; prt = tcp 80;
-}
=OUTPUT=
---ipv6/r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET___a01_100_120
-NET___a01_200_120
-tcp 80
-any
-interzone
-
-
-
-
-
-::a01:100/120
-::a01:200/120
-
-
-80
-
-
---r1
-
-
-
---
-
-
-
-allow
-IN
-OUT
-NET_10.1.1.0_24
-NET_10.1.2.0_24
-tcp 80
-any
-interzone
-
-
-
-
-
-10.1.1.0/24
-10.1.2.0/24
-
-
-80
-
-
+--ipv6/r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"]}
+--r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"]}
=END=
############################################################
@@ -757,15 +537,10 @@ service:s4 = {
permit src = user; dst = network:n3; prt = tcp 81;
}
=OUTPUT=
+--r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1","10.1.1.9"],"name_list":["r1","r2"]}
--r1
-
--
@@ -969,15 +744,10 @@ service:s4 = {
permit src = user; dst = host:h50, host:h60; prt = ip;
}
=OUTPUT=
+--r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"]}
--r1
-
--
@@ -1380,7 +1150,7 @@ service:s1 = {
=END=
############################################################
-=TITLE=Add Policy Distribution Point To Header
+=TITLE=Add policy distribution point to info file
=INPUT=
network:n1 = { ip = 10.1.1.0/24; }
network:n2 = { ip = 10.1.2.0/24; }
@@ -1410,13 +1180,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- r1
-[ BEGIN r1 ]
-[ Model = PAN-OS ]
-[ IP = 10.1.1.1 ]
-[ Policy_distribution_point = 10.1.3.9 ]
--->
-
+-- r1.info
+{"generated_by":"devel","model":"PAN-OS","ip_list":["10.1.1.1"],"name_list":["r1"],"policy_distribution_point":"10.1.3.9"}
=END=
############################################################
\ No newline at end of file
diff --git a/go/testdata/reuse-previous.t b/go/testdata/reuse-previous.t
index f5676d47..75cbe666 100644
--- a/go/testdata/reuse-previous.t
+++ b/go/testdata/reuse-previous.t
@@ -129,12 +129,10 @@ network:n1 = { ip = 10.1.1.0/24; }
mkdir old
mkdir out
ln -s ../old out/.prev
+cat < old/r1.info
+{"generated_by":"devel","model":"ASA","name_list":["r1"]}
+END
cat < old/r1.config
-! Generated by Netspoc, devel
-! [ BEGIN r1 ]
-! [ Model = ASA ]
-! [ END r1 ]
-
END
cat < old/r1.rules
{"model":"ASA","acls":null,"do_objectgroup":true}
diff --git a/go/testdata/routing_only.t b/go/testdata/routing_only.t
index 7c76f4c6..48e198f2 100644
--- a/go/testdata/routing_only.t
+++ b/go/testdata/routing_only.t
@@ -26,8 +26,6 @@ service:test = {
--r.info
{"generated_by":"devel","model":"ASA","ip_list":["10.1.2.1"],"policy_distribution_point":"10.1.3.10"}
--r
-! [ IP = 10.1.2.1 ]
---
! [ Routing ]
route n2 10.1.3.0 255.255.255.0 10.1.2.2
=END=
diff --git a/go/testdata/vrf.t b/go/testdata/vrf.t
index 23b9741f..8120363b 100644
--- a/go/testdata/vrf.t
+++ b/go/testdata/vrf.t
@@ -258,8 +258,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- r1
-! [ IP = 10.1.1.2 ]
+-- r1.info
+{"generated_by":"devel","model":"NX-OS","ip_list":["10.1.1.2"]}
=END=
############################################################
@@ -285,8 +285,8 @@ service:admin = {
permit src = host:netspoc; dst = user; prt = tcp 22;
}
=OUTPUT=
--- r1
-! [ IP = 10.1.1.1,10.1.1.2 ]
+-- r1.info
+{"generated_by":"devel","model":"NX-OS","ip_list":["10.1.1.1","10.1.1.2"],"policy_distribution_point":"10.1.1.9"}
=END=
############################################################
@@ -393,8 +393,8 @@ service:admin = {
permit src = host:h1; dst = user; prt = tcp 22;
}
=OUTPUT=
--- r1
-! [ IP = 10.1.2.1,10.1.3.2 ]
+-- r1.info
+{"generated_by":"devel","model":"IOS","ip_list":["10.1.2.1","10.1.3.2"],"policy_distribution_point":"10.1.1.10"}
=OPTIONS=--check_policy_distribution_point=1
############################################################
@@ -416,27 +416,4 @@ Error: Must not use VRF at router:r1@v1 of model ASA
Error: Must not use VRF at router:r1@v2 of model ASA
=END=
-############################################################
-=TITLE=Add Policy Distribution Point To Header
-=INPUT=
-network:n1 = { ip = 10.1.1.0/24;
- host:netspoc = { ip = 10.1.1.9; }
-}
-router:r1 = {
- managed;
- policy_distribution_point = host:netspoc;
- model = NX-OS;
- interface:n1 = { ip = 10.1.1.1; hardware = v1; }
-}
-service:admin = {
- user = interface:r1.n1;
- permit src = host:netspoc; dst = user; prt = tcp 22;
-}
-=OUTPUT=
--- r1
-! [ IP = 10.1.1.1 ]
---
-! [ Policy_distribution_point = 10.1.1.9 ]
-=END=
-
############################################################
\ No newline at end of file