tac_plus-ng nas and device vars behavior

[Petr Issakov]

Hello, Marc!

According docs nas variable mark as deprecated

But I found that new var device behaviour is differrent comparing nas:

example:

we have nets:
######### Nets #############
net all {
address = 10.0.0.0/8
net mbh {
net test_zone { address = 10.87.177.17  }
net dummy { address = 11.87.177.17  }
}


}

rule:

rule mbh_spans {
enabled = yes
script {
if (!
(
(member == span_mbh && nas == mbh)
|| (member == span_test && nas == test_zone)
)
) deny
}
}

with nas variable work as expected (condition nas == mbh is true)

but if I use device variable:

rule mbh_spans {
enabled = yes
script {
if (!
(
(member == span_mbh && device== mbh)
|| (member == span_test && device == test_zone)
)
) deny
}
}

condition does not work.

tactrace evaluating:

.....

10.87.177.17 evaluating ACL mbh_spans
10.87.177.17  line 316: [member] member 'span_mbh' => true
10.87.177.17  line 316: [device] net 'mbh' => false
10.87.177.17  line 316: [&&] => false
......

[Marc Huber]

Hi Petr,

thanks for reporting! I've just pushed a fix, please git pull and retry.

Cheers,

Marc

On 01.03.2024 03:42, Petr Issakov wrote:
> Hello, Marc!
> According docs *nas *variable mark as deprecated
> But I found that new var *device *behaviour is differrent comparing nas:

[Petr Issakov]

Hi Marc!

many thanks! now it's working as expected

пятница, 1 марта 2024 г. в 19:06:02 UTC+6, Marc Huber: