Build results of f2733aa (on master)

hknutzen · Aug 12, 2016 · 77b3a9c · 77b3a9c
1 parent 464e91f
commit 77b3a9c
Show file tree

Hide file tree

Showing 16 changed files with 198 additions and 24 deletions.
diff --git a/Changes b/Changes
@@ -1,3 +1,8 @@
+5.015     2016-08-12 14:27:52+02:00 Europe/Berlin
+
+ - Fixed export host / interface with static NAT of network with
+   dynamic NAT to NetspocWeb.
+
 5.014     2016-08-10 15:05:06+02:00 Europe/Berlin
 
  - Fixed wrong ACL, generated for linear path starting at interface

diff --git a/META.yml b/META.yml
@@ -37,5 +37,5 @@ requires:
   open: '0'
   strict: '0'
   warnings: '0'
-version: '5.014'
+version: '5.015'
 x_serialization_backend: 'YAML::Tiny version 1.69'
diff --git a/Makefile.PL b/Makefile.PL
@@ -55,7 +55,7 @@ my %WriteMakefileArgs = (
     "Test::More" => 0,
     "lib" => 0
   },
-  "VERSION" => "5.014",
+  "VERSION" => "5.015",
   "test" => {
     "TESTS" => "t/*.t"
   }

diff --git a/README b/README
@@ -1,7 +1,7 @@
 
 
 This archive contains the distribution Netspoc,
-version 5.014:
+version 5.015:
 
   Generates rules for many firewalls from a central ruleset.
 

diff --git a/bin/add-to-netspoc b/bin/add-to-netspoc
@@ -80,7 +80,7 @@ use Getopt::Long;
 use Pod::Usage;
 use Encode;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $filename_encode = 'UTF-8';
 
 my $ignore_files = '^(raw|config|CVS|RCS|\.#.*|.*~)$';

diff --git a/bin/cut-netspoc b/bin/cut-netspoc
@@ -63,7 +63,7 @@ use Netspoc::Compiler::Common;
 use Netspoc::Compiler::Pass1;
 use Encode qw(decode_utf8);
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 
 ####################################################################
 # Argument processing

diff --git a/bin/export-netspoc b/bin/export-netspoc
@@ -139,7 +139,8 @@ sub ip_nat_for_object {
     elsif ($type eq 'Host') {
         my $get_ip = sub {
             my ($obj, $network) = @_;
-            if (my $nat_tag = $network->{dynamic}) {
+            if ($network->{dynamic}) {
+                my $nat_tag = $network->{nat_tag};
                 if ($obj->{nat} and (my $ip = $obj->{nat}->{$nat_tag})) {
 
                     # Single static NAT IP for this host.
@@ -176,7 +177,8 @@ sub ip_nat_for_object {
     elsif ($type eq 'Interface') {
         my $get_ip = sub {
             my ($obj, $network) = @_;
-            if (my $nat_tag = $network->{dynamic}) {
+            if ($network->{dynamic}) {
+                my $nat_tag = $network->{nat_tag};
                 if (my $ip = $obj->{nat}->{$nat_tag}) {
 
                     # Single static NAT IP for this interface.
@@ -192,13 +194,6 @@ sub ip_nat_for_object {
                          print_ip($network->{ip}), print_ip($network->{mask}));
                 }
             }
-            elsif ($network->{isolated}) {
-
-                # NAT not allowed for isolated ports. 
-                # Take no bits from network, because secondary isolated ports 
-                # don't match network.
-                print_ip($obj->{ip});
-            }
             elsif ($obj->{ip} =~ /unnumbered|short|bridged/) {
                 $obj->{ip};
             }

diff --git a/bin/print-group b/bin/print-group
@@ -87,7 +87,7 @@ use Netspoc::Compiler::Pass1;
 use Getopt::Long;
 use Pod::Usage;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 
 # Take higher bits from network NAT, lower bits from original IP.
 # This works with and without NAT.

diff --git a/bin/print-service b/bin/print-service
@@ -71,7 +71,7 @@ use Netspoc::Compiler::Pass1;
 use Getopt::Long;
 use Pod::Usage;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 
 ####################################################################
 # Argument processing

diff --git a/bin/remove-from-netspoc b/bin/remove-from-netspoc
@@ -78,7 +78,7 @@ use Getopt::Long;
 use Pod::Usage;
 use Encode;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $filename_encode = 'UTF-8';
 
 my $ignore_files = '^(raw|config|CVS|RCS|\.#.*|.*~)$';

diff --git a/bin/rename-netspoc b/bin/rename-netspoc
@@ -84,7 +84,7 @@ use Getopt::Long;
 use Pod::Usage;
 use Encode;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $filename_encode = 'UTF-8';
 
 my $ignore_files = '^(raw|config|CVS|RCS|\.#.*|.*~)$';

diff --git a/bin/spoc1 b/bin/spoc1
@@ -46,7 +46,7 @@ use strict;
 use warnings;
 use Netspoc::Compiler::Pass1;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $version = __PACKAGE__->VERSION || 'devel';
 
 Netspoc::Compiler::Pass1::compile(\@ARGV);
diff --git a/bin/spoc2 b/bin/spoc2
@@ -52,7 +52,7 @@ use strict;
 use warnings;
 use Netspoc::Compiler::Pass2;
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $program = 'Netspoc';
 my $version = __PACKAGE__->VERSION || 'devel';
 

diff --git a/lib/Netspoc/Compiler/Pass1.pm b/lib/Netspoc/Compiler/Pass1.pm
@@ -37,7 +37,7 @@ use Encode;
 use IO::Pipe;
 my $filename_encode = 'UTF-8';
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $program = 'Netspoc';
 my $version = __PACKAGE__->VERSION || 'devel';
 

diff --git a/lib/Netspoc/Compiler/Pass2.pm b/lib/Netspoc/Compiler/Pass2.pm
@@ -35,7 +35,7 @@ use Netspoc::Compiler::File;
 use Netspoc::Compiler::Common;
 use open qw(:std :utf8);
 
-our $VERSION = '5.014'; # VERSION: inserted by DZP::OurPkgVersion
+our $VERSION = '5.015'; # VERSION: inserted by DZP::OurPkgVersion
 my $program = 'Netspoc';
 my $version = __PACKAGE__->VERSION || 'devel';
 

diff --git a/t/export.t b/t/export.t
@@ -31,11 +31,11 @@ sub test_run {
     }
 
     # Blocks of expected output are split by single lines of dashes,
-    # followed by a device name.
+    # followed by a file name.
     my @expected = split(/^-+[ ]*(\S+)[ ]*\n/m, $expected);
     my $first = shift @expected;
     if ($first) {
-        diag("Missing device name in first line of code specification");
+        diag("Missing file name in first line of output specification");
         fail($title);
         return;
     }
@@ -1582,5 +1582,179 @@ END
 
 test_run($title, $in, $out);
 
+############################################################
+$title = 'Dynamic NAT';
+############################################################
+
+$in = <<'END';
+network:n1 = {
+ ip = 10.1.1.0/24;
+ nat:D1 = { ip = 10.9.9.0/26; dynamic; }
+ nat:D2 = { ip = 10.9.9.0/26; dynamic; }
+ nat:H = { hidden; }
+ nat:S = { ip = 10.8.8.0/24; }
+ host:h1 = { ip = 10.1.1.10; nat:D1 = { ip = 10.9.9.10; } }
+ host:h2 = { ip = 10.1.1.11; }
+}
+network:n2 = { ip = 10.1.2.0/24; }
+network:n3 = { ip = 10.1.3.0/24; }
+network:n4 = { ip = 10.1.4.0/24; }
+network:n5 = { ip = 10.1.5.0/24; }
+
+router:r1 = {
+ managed;
+ model = ASA;
+ interface:n1 = { ip = 10.1.1.1; hardware = n1; nat:D1 = { ip = 10.9.9.1; } }
+ interface:n2 = { ip = 10.1.2.1; hardware = n2; bind_nat = D1; }
+ interface:n3 = { ip = 10.1.3.1; hardware = n3; bind_nat = D2; }
+ interface:n4 = { ip = 10.1.4.1; hardware = n4; bind_nat = H; }
+ interface:n5 = { ip = 10.1.5.1; hardware = n5; bind_nat = S; }
+}
+
+
+service:s1 = {
+ user = host:h1, host:h2;
+ permit src = user; dst = network:n2; prt = tcp 80;
+}
+service:s2 = {
+ user = network:n2;
+ permit src = user; dst = interface:r1.n1; prt = tcp 22;
+}
+service:s3 = {
+ user = network:n1;
+ permit src = user; dst = network:n2; prt = tcp 81;
+}
+END
+
+$out = <<END;
+--objects 
+{
+   "host:h1" : {
+      "ip" : "10.1.1.10",
+      "nat" : {
+         "D1" : "10.9.9.10",
+         "D2" : "10.9.9.0/255.255.255.192",
+         "H" : "hidden",
+         "S" : "10.8.8.10"
+      },
+      "owner" : null
+   },
+   "host:h2" : {
+      "ip" : "10.1.1.11",
+      "nat" : {
+         "D1" : "10.9.9.0/255.255.255.192",
+         "D2" : "10.9.9.0/255.255.255.192",
+         "H" : "hidden",
+         "S" : "10.8.8.11"
+      },
+      "owner" : null
+   },
+   "interface:r1.n1" : {
+      "ip" : "10.1.1.1",
+      "nat" : {
+         "D1" : "10.9.9.1",
+         "D2" : "10.9.9.0/255.255.255.192",
+         "H" : "hidden",
+         "S" : "10.8.8.1"
+      },
+      "owner" : null
+   },
+   "network:n1" : {
+      "ip" : "10.1.1.0/255.255.255.0",
+      "nat" : {
+         "D1" : "10.9.9.0/255.255.255.192",
+         "D2" : "10.9.9.0/255.255.255.192",
+         "H" : "hidden",
+         "S" : "10.8.8.0/255.255.255.0"
+      },
+      "owner" : null,
+      "zone" : "any:[network:n1]"
+   },
+   "network:n2" : {
+      "ip" : "10.1.2.0/255.255.255.0",
+      "owner" : null,
+      "zone" : "any:[network:n2]"
+   }
+}
+END
+
+test_run($title, $in, $out);
+
+############################################################
+$title = 'Negotiated interface';
+############################################################
+
+$in = <<'END';
+network:n1 = { ip = 10.1.1.0/24; }
+network:n2 = { ip = 10.1.2.0/24; }
+
+router:r1 = {
+ managed;
+ model = IOS;
+ interface:n1 = { negotiated; hardware = n1; }
+ interface:n2 = { ip = 10.1.2.1; hardware = n2; }
+}
+
+service:s1 = {
+ user = interface:r1.n1;
+ permit src = user; dst = network:n2; prt = tcp 80;
+}
+END
+
+$out = <<END;
+--objects
+{
+   "interface:r1.n1" : {
+      "ip" : "10.1.1.0/255.255.255.0",
+      "owner" : null
+   },
+   "network:n2" : {
+      "ip" : "10.1.2.0/255.255.255.0",
+      "owner" : null,
+      "zone" : "any:[network:n2]"
+   }
+}
+END
+
+test_run($title, $in, $out);
+
+############################################################
+$title = 'Host range';
+############################################################
+
+$in = <<'END';
+network:n1 = { ip = 10.1.1.0/24; host:h1 = { range = 10.1.1.10-10.1.1.17; } }
+network:n2 = { ip = 10.1.2.0/24; }
+
+router:r1 = {
+ managed;
+ model = IOS;
+ interface:n1 = { negotiated; hardware = n1; }
+ interface:n2 = { ip = 10.1.2.1; hardware = n2; }
+}
+
+service:s1 = {
+ user = host:h1;
+ permit src = user; dst = network:n2; prt = tcp 80;
+}
+END
+
+$out = <<END;
+--objects
+{
+   "host:h1" : {
+      "ip" : "10.1.1.10-10.1.1.17",
+      "owner" : null
+   },
+   "network:n2" : {
+      "ip" : "10.1.2.0/255.255.255.0",
+      "owner" : null,
+      "zone" : "any:[network:n2]"
+   }
+}
+END
+
+test_run($title, $in, $out);
+
 ############################################################
 done_testing;