Fixed path to management_instance

hknutzen · Sep 10, 2024 · f544fd5 · f544fd5
1 parent 52a674c
commit f544fd5
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 24 deletions.
diff --git a/Changes b/Changes
@@ -1,5 +1,8 @@
 {{$NEXT}}
 
+ - Fixed command 'cut-netspoc':
+   Full path to management_instance is marked now.
+
 6.072     2024-09-05 10:22:13+02:00 Europe/Berlin
 
  - Fixed command 'remove-from-netspoc'.

diff --git a/go/pkg/pass1/cut-netspoc.go b/go/pkg/pass1/cut-netspoc.go
@@ -281,7 +281,7 @@ func markUnconnectedObj(n *network, isUsed map[string]bool) {
 	mark(n, nil)
 }
 
-func (c *spoc) markCryptoPath(src, dst *routerIntf, isUsed map[string]bool) {
+func (c *spoc) markPath(src, dst *routerIntf, isUsed map[string]bool) {
 	isUsed[src.name] = true
 	isUsed[dst.name] = true
 	//debug("Path %s %s", src, dst)
@@ -628,11 +628,8 @@ func (c *spoc) cutNetspoc(
 		if isUsed[r.name] && r.model.needManagementInstance {
 			if mr := c.getRouter(r.deviceName, r.ipV6); mr != nil {
 				for _, intf := range getIntf(mr) {
-					setIntfUsed(intf, isUsed)
-					n := intf.network
-					markUnconnectedObj(n, isUsed)
+					c.markPath(intf, r.interfaces[0], isUsed)
 				}
-				setRouterUsed(mr, isUsed)
 			}
 		}
 	}
@@ -785,11 +782,7 @@ func (c *spoc) cutNetspoc(
 
 		// Mark split router, if some split part is marked.
 		for _, intf := range getIntf(r) {
-			fragment := intf.router
-			if fragment == r {
-				continue
-			}
-			if isRouterUsed(fragment, isUsed) {
+			if frag := intf.router; frag != r && isRouterUsed(frag, isUsed) {
 				// debug("From split: %s", r)
 				setRouterUsed(r, isUsed)
 			}
@@ -801,24 +794,16 @@ func (c *spoc) cutNetspoc(
 
 		// Mark fragments of marked crypto routers.
 		for _, intf := range getIntf(r) {
-			fragment := intf.router
-			if fragment == r {
-				continue
+			if frag := intf.router; frag != r {
+				// debug("Fragment: %s", fragment)
+				setRouterUsed(frag, isUsed)
 			}
-			// debug("Fragment: %s", fragment)
-			setRouterUsed(fragment, isUsed)
 		}
 
+		// Mark path of crypto tunnel.
 		for _, intf := range getIntf(r) {
-			if !isUsed[intf.name] {
-				continue
-			}
-
-			// Mark path of crypto tunnel.
-			if intf.ipType == tunnelIP {
-				peer := intf.peer
-				real := intf.realIntf
-				c.markCryptoPath(real, peer.realIntf, isUsed)
+			if isUsed[intf.name] && intf.ipType == tunnelIP {
+				c.markPath(intf.realIntf, intf.peer.realIntf, isUsed)
 			}
 		}
 	}

diff --git a/go/testdata/cut-netspoc/cut-netspoc.t b/go/testdata/cut-netspoc/cut-netspoc.t
@@ -3902,6 +3902,50 @@ network:n4 = { ip = 10.1.4.0/24; }
 [[input]]
 =END=
 
+############################################################
+=TITLE=management_instance in separate zone
+=TEMPL=input
+network:n1 = { ip = 10.1.1.0/24; }
+network:n2 = { ip = 10.1.2.0/24; }
+network:n3 = { ip = 10.1.3.0/24; }
+network:n4 = { ip = 10.1.4.0/24; }
+network:n5 = { ip = 10.1.5.0/24; }
+router:r1@v1 = {
+ model = NSX, T0;
+ managed;
+ routing = manual;
+ interface:n1 = { ip = 10.1.1.2; hardware = IN; }
+ interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
+}
+router:u = {
+ interface:n2;
+ interface:n3;
+ interface:n4;
+}
+router:r2 = {
+ managed;
+ model = ASA;
+ routing = manual;
+ interface:n4 = { ip = 10.1.4.1; hardware = n4; }
+ interface:n5 = { ip = 10.1.5.1; hardware = n5; }
+}
+router:r1 = {
+ model = NSX;
+ management_instance;
+ interface:n5 = { ip = 10.1.5.2; }
+}
+service:s1 = {
+ user = network:n1;
+ permit src = user;
+        dst = network:n3;
+        prt = tcp 80;
+}
+=INPUT=
+[[input]]
+=OUTPUT=
+[[input]]
+=END=
+
 ############################################################
 =TITLE=Cleanup unused subnet_of
 =INPUT=