From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 31 May 2024 17:36:19 +0000 (+0100)
Subject: hosts.lisp, distorted.lisp: Fix static/DHCP subnet arrangements.
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/commitdiff_plain/cc30fb507626c4893cd87424030ae70a0369eeaf?ds=sidebyside

hosts.lisp, distorted.lisp: Fix static/DHCP subnet arrangements.

The `unsafe' network was bizarrely named `wired', with the low 32
addresses tagged `unsafe', the next 32 addresses as `dhcp', and the
remaining 64 addresses floating free.  This is obviously daft.

Similarly, the `safe' network is actually split into 12 static addresses
and 20 dynamically allocated addresses, but this is not reflected in the
definitions here.

We can't represent `networks' which aren't described by a netmask, so
split the various ranges into power-of-two portions which add up to the
right regions.  The names aren't super-helpful but do explain what's
going on.
---

diff --git a/distorted.lisp b/distorted.lisp
index 30a2b24..d32bba5 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -450,7 +450,8 @@ (defrevzone trusted
 	     precision.distorted.org.uk.
 	     telecaster.distorted.org.uk.
 	     national.distorted.org.uk.))
-  :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
+  :multi (((unsafe-dhcp01 unsafe-dhcp1x safe-dhcp011 safe-dhcp1xx)
+	   :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
 
 #+view/outside
 (defzone dhcp.199.29.172.in-addr.arpa
@@ -516,7 +517,14 @@ (defrevzone jump-ipv6
        eggle.distorted.org.uk.)
   :reverse ((((:ipv6 jump-ipv6)))))
 
-(defrevzone (dhcp :family :ipv6)
+(defrevzone (unsafe-dhcp :family :ipv6)
+  :ns (radius.distorted.org.uk.
+       precision.distorted.org.uk.
+       telecaster.distorted.org.uk.
+       national.distorted.org.uk.
+       eggle.distorted.org.uk.))
+
+(defrevzone (safe-dhcp :family :ipv6)
   :ns (radius.distorted.org.uk.
        precision.distorted.org.uk.
        telecaster.distorted.org.uk.
diff --git a/hosts.lisp b/hosts.lisp
index 107e2d6..7193161 100644
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -28,12 +28,17 @@ (defnet distorted.org.uk "172.29.198/23"
     (hippo "144/28")
     (upn "160/27"))
   (trusted "199.0/24"
-    (wired "0/25"
-      (unsafe "0/27")
-      (dhcp "32/27"))
+    (unsafe "0/25"
+      (unsafe-static00 "0/27")
+      (unsafe-dhcp01 "32/27")
+      (unsafe-dhcp1x "64/26"))
     (vpn "128/27")
     (its "160/30")
-    (safe "192/27")
+    (safe "192/27"
+      (safe-static00x "192/29")
+      (safe-static010 "200/30")
+      (safe-dhcp011 "204/30")
+      (safe-dhcp1xx "208/28"))
     (any "224/27")))
 
 ;; Externally routable DMZ from Andrews and Arnold.
@@ -42,10 +47,11 @@ (defnet dmz "81.187.238.128/28")
 (defnet dmz1 "217.169.12.64/28")
 (defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
   (unsafe "1/64"
-    (dhcp "6468:6370/96"))
+    (unsafe-dhcp "6468:6370/96"))
   (any "0/64")
   (dmz "fff/64")
-  (safe "4001/64")
+  (safe "4001/64"
+    (safe-dhcp "6468:6370/96"))
   (vpn "6000/64")
   (untrusted "8001/64")
   (upn "a000/64"))