From 4ae434d50337b6a1543176b0b86e938fc0663626 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 3 Nov 2022 17:39:19 +0100 Subject: xml: T4795: provide common and re-usable XML definitions for policy Remove duplicated code and move to single-source of truth. --- .../include/firewall/mac-address.xml.i | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 interface-definitions/include/firewall/mac-address.xml.i (limited to 'interface-definitions/include/firewall/mac-address.xml.i') diff --git a/interface-definitions/include/firewall/mac-address.xml.i b/interface-definitions/include/firewall/mac-address.xml.i new file mode 100644 index 000000000..83aaf1ce1 --- /dev/null +++ b/interface-definitions/include/firewall/mac-address.xml.i @@ -0,0 +1,18 @@ + + + + MAC address + + macaddr; + MAC address to match + + + !macaddr + Match everything except the specified MAC address + + + + + + + -- cgit v1.2.3 From 3f5464d0ee857d204dc58867065380340008f79b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 3 Nov 2022 17:47:55 +0100 Subject: validators: T4795: migrate mac-address python validator to validate-value Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. --- .../include/firewall/mac-address.xml.i | 5 ++-- src/validators/mac-address | 29 ++-------------------- src/validators/mac-address-exclude | 2 ++ src/validators/mac-address-firewall | 27 -------------------- 4 files changed, 7 insertions(+), 56 deletions(-) create mode 100755 src/validators/mac-address-exclude delete mode 100755 src/validators/mac-address-firewall (limited to 'interface-definitions/include/firewall/mac-address.xml.i') diff --git a/interface-definitions/include/firewall/mac-address.xml.i b/interface-definitions/include/firewall/mac-address.xml.i index 83aaf1ce1..db3e1e312 100644 --- a/interface-definitions/include/firewall/mac-address.xml.i +++ b/interface-definitions/include/firewall/mac-address.xml.i @@ -3,7 +3,7 @@ MAC address - macaddr; + macaddr MAC address to match @@ -11,7 +11,8 @@ Match everything except the specified MAC address - + + diff --git a/src/validators/mac-address b/src/validators/mac-address index 7d020f387..bb859a603 100755 --- a/src/validators/mac-address +++ b/src/validators/mac-address @@ -1,27 +1,2 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import re -import sys - -pattern = "^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$" - -if __name__ == '__main__': - if len(sys.argv) != 2: - sys.exit(1) - if not re.match(pattern, sys.argv[1]): - sys.exit(1) - sys.exit(0) +#!/usr/bin/env sh +${vyos_libexec_dir}/validate-value --regex "([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})" --value "$1" diff --git a/src/validators/mac-address-exclude b/src/validators/mac-address-exclude new file mode 100755 index 000000000..c44913023 --- /dev/null +++ b/src/validators/mac-address-exclude @@ -0,0 +1,2 @@ +#!/usr/bin/env sh +${vyos_libexec_dir}/validate-value --regex "!([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})" --value "$1" diff --git a/src/validators/mac-address-firewall b/src/validators/mac-address-firewall deleted file mode 100755 index 70551f86d..000000000 --- a/src/validators/mac-address-firewall +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018-2022 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import re -import sys - -pattern = "^!?([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$" - -if __name__ == '__main__': - if len(sys.argv) != 2: - sys.exit(1) - if not re.match(pattern, sys.argv[1]): - sys.exit(1) - sys.exit(0) -- cgit v1.2.3