hosts.lisp, distorted.lisp: Fix static/DHCP subnet arrangements.

The `unsafe' network was bizarrely named `wired', with the low 32
addresses tagged `unsafe', the next 32 addresses as `dhcp', and the
remaining 64 addresses floating free.  This is obviously daft.

Similarly, the `safe' network is actually split into 12 static addresses
and 20 dynamically allocated addresses, but this is not reflected in the
definitions here.

We can't represent `networks' which aren't described by a netmask, so
split the various ranges into power-of-two portions which add up to the
right regions.  The names aren't super-helpful but do explain what's
going on.

diff --git a/distorted.lisp b/distorted.lisp
index 30a2b249f1d3f0c9d935d06507e338652f216e58..d32bba5e400f7b78def8f33610e67996b3e237a2 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -450,7 +450,8 @@ (defrevzone trusted
             precision.distorted.org.uk.
             telecaster.distorted.org.uk.
             national.distorted.org.uk.))
-  :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
+  :multi (((unsafe-dhcp01 unsafe-dhcp1x safe-dhcp011 safe-dhcp1xx)
+          :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
 
 #+view/outside
 (defzone dhcp.199.29.172.in-addr.arpa
@@ -516,7 +517,14 @@ (defrevzone jump-ipv6
        eggle.distorted.org.uk.)
   :reverse ((((:ipv6 jump-ipv6)))))
 
-(defrevzone (dhcp :family :ipv6)
+(defrevzone (unsafe-dhcp :family :ipv6)
+  :ns (radius.distorted.org.uk.
+       precision.distorted.org.uk.
+       telecaster.distorted.org.uk.
+       national.distorted.org.uk.
+       eggle.distorted.org.uk.))
+
+(defrevzone (safe-dhcp :family :ipv6)
   :ns (radius.distorted.org.uk.
        precision.distorted.org.uk.
        telecaster.distorted.org.uk.

diff --git a/hosts.lisp b/hosts.lisp
index 107e2d62d1b92ecf8d0c94bf1a8d7ea72c0e4330..71931615066100369a5c1febe0675e992aae4771 100644 (file)
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -28,12 +28,17 @@ (defnet distorted.org.uk "172.29.198/23"
     (hippo "144/28")
     (upn "160/27"))
   (trusted "199.0/24"
-    (wired "0/25"
-      (unsafe "0/27")
-      (dhcp "32/27"))
+    (unsafe "0/25"
+      (unsafe-static00 "0/27")
+      (unsafe-dhcp01 "32/27")
+      (unsafe-dhcp1x "64/26"))
     (vpn "128/27")
     (its "160/30")
-    (safe "192/27")
+    (safe "192/27"
+      (safe-static00x "192/29")
+      (safe-static010 "200/30")
+      (safe-dhcp011 "204/30")
+      (safe-dhcp1xx "208/28"))
     (any "224/27")))
 
 ;; Externally routable DMZ from Andrews and Arnold.
@@ -42,10 +47,11 @@ (defnet dmz "81.187.238.128/28")
 (defnet dmz1 "217.169.12.64/28")
 (defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
   (unsafe "1/64"
-    (dhcp "6468:6370/96"))
+    (unsafe-dhcp "6468:6370/96"))
   (any "0/64")
   (dmz "fff/64")
-  (safe "4001/64")
+  (safe "4001/64"
+    (safe-dhcp "6468:6370/96"))
   (vpn "6000/64")
   (untrusted "8001/64")
   (upn "a000/64"))