diff options
| -rwxr-xr-x | scripts/bgp/vyatta-bgp.pl | 88 | ||||
| -rwxr-xr-x | scripts/policy/vyatta-check-as-prepend.pl | 15 | ||||
| -rwxr-xr-x | scripts/policy/vyatta-policy.pl | 348 | ||||
| -rw-r--r-- | scripts/vyatta_quagga_utils.pl | 45 |
4 files changed, 228 insertions, 268 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 6ca3480e..931069c2 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1,46 +1,35 @@ #!/usr/bin/perl +use strict; use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; use Getopt::Long; -GetOptions("check-peer-name=s" => \$peername, - "check-as" => \$checkas, - "check-peer-groups" => \$checkpeergroups, - "check-if-peer-group" => \$checkifpeergroup, - "peergroup=s" => \$pg, - "as=s" => \$as, - "neighbor=s" => \$neighbor, +my $pg = -1; +my ($as, $neighbor); + +GetOptions( + "peergroup=s" => \$pg, + "as=s" => \$as, + "neighbor=s" => \$neighbor, + "check-peer-name=s" => sub { check_peer_name( $_[1] ) }, + "check-as" => sub { check_as($pg, $neighbor, $as); }, + "check-peer-groups" => sub { check_for_peer_groups($pg, $as); }, + "check-if-peer-group" => sub { check_if_peer_group($pg); }, ); -if (defined $peername) { check_peer_name($peername); } -elsif (defined $checkpeergroups && - defined $pg && - defined $as) { check_for_peer_groups($pg, $as); } -elsif (defined $neighbor && - defined $as && - defined $checkas && - defined $pg) { check_as($pg, $neighbor, $as); } -elsif (defined $neighbor && - defined $as && - defined $checkas) { check_as(-1, $neighbor, $as); } -elsif (defined $pg && - defined $checkifpeergroup) { check_if_peer_group($pg); } - - exit 0; sub check_if_peer_group { my $neighbor = shift; - - my $version = is_ip_v4_or_v6($neighbor); - exit 1 if defined $version; + + exit 1 if is_ip_v4_or_v6($neighbor); exit 0; } # Make sure the neighbor is a proper IP or name -sub check_peer_name() { +sub check_peer_name { my $neighbor = shift; $_ = $neighbor; @@ -60,22 +49,20 @@ sub check_peer_name() { # Make sure we aren't deleteing a peer-group that has # neighbors configured to us it -sub check_for_peer_groups() { +sub check_for_peer_groups { my $config = new Vyatta::Config; my $pg = shift; my $as = shift; - my $node = $pg; - my @peers, @neighbors; + my @peers; # short circuit if the neighbor is an IP rather than name - my $version = is_ip_v4_or_v6($node); - return if defined $version; + return if is_ip_v4_or_v6($pg); # get the list of neighbors and see if they have a peer-group set $config->setLevel("protocols bgp $as neighbor"); my @neighbors = $config->listNodes(); - foreach $node (@neighbors) { + foreach my $node (@neighbors) { my $peergroup = $config->returnValue("$node peer-group"); if ($peergroup eq $pg) { push @peers, $node; } } @@ -83,7 +70,7 @@ sub check_for_peer_groups() { # if we found peers in the previous statements # notify an return errors if (@peers) { - foreach $node (@peers) { + foreach my $node (@peers) { print "neighbor $node uses peer-group $pg\n"; } @@ -96,7 +83,7 @@ sub check_for_peer_groups() { # make sure nodes are either in a peer group of have # a remote AS assigned to them. -sub check_as() { +sub check_as { my $pg = shift; my $neighbor = shift; my $as = shift; @@ -104,32 +91,21 @@ sub check_as() { my $pgtest = $neighbor; # if this is peer-group then short circuit this - my $version = is_ip_v4_or_v6($node); - return if ! defined $version; + return unless is_ip_v4_or_v6($pg); $config->setLevel("protocols bgp $as neighbor $neighbor"); - $remoteas = $config->returnValue("remote-as"); + my $remoteas = $config->returnValue("remote-as"); - if (! defined $remoteas) { - if ($pg > 0) { - $peergroup = 1; - $peergroupas = 1; - } - else { - $peergroup = $config->returnValue("peer-group"); - $peergroupas = $config->returnValue(" .. $peergroup remote-as"); - } + return unless $remoteas; - if (! defined $peergroup) { - print "protocols bgp $as neighbor $neighbor: you must define a remote-as or peer-group\n"; - exit 1; - } + return if ($pg > 0); - if (! defined $peergroupas) { - print "protocols bgp $as neighbor $neighbor: you must define a remote-as in this neighbor or in peer-group $peergroup\n"; - exit 1; - } - } + my $peergroup = $config->returnValue("peer-group"); + my $peergroupas = $config->returnValue(" .. $peergroup remote-as"); - return; + die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n" + unless $peergroup; + + die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" + unless $peergroupas; } diff --git a/scripts/policy/vyatta-check-as-prepend.pl b/scripts/policy/vyatta-check-as-prepend.pl index a34ca0a7..ba2c4f3e 100755 --- a/scripts/policy/vyatta-check-as-prepend.pl +++ b/scripts/policy/vyatta-check-as-prepend.pl @@ -1,10 +1,11 @@ #!/usr/bin/perl -@as_list = split(' ',$ARGV[0]); -foreach $as (@as_list) { - if ($as =~ /[^\d\s]/ || $as < 1 || $as > 4294967294) { exit 1;} -} -if (scalar(@as_list) > 24) { - print "Error: max 24 as paths"; - exit 1; +use strict; + +my @as_list = split( ' ', $ARGV[0] ); +foreach my $as (@as_list) { + exit 1 if ( $as =~ /[^\d\s]/ || $as < 1 || $as > 4294967294 ); } + +die "Error: max 24 as path\n" if ( scalar(@as_list) > 24 ); + exit 0; diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index 4a1ea4d8..91a73d0f 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -1,217 +1,216 @@ #!/usr/bin/perl +use strict; use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; use Getopt::Long; -my $VTYSH='/usr/bin/vyatta-vtysh'; +my $VTYSH = '/usr/bin/vyatta-vtysh'; -GetOptions("update-access-list=s" => \$accesslist, - "update-aspath-list=s" => \$aspathlist, - "update-community-list=s" => \$communitylist, - "check-peer-syntax=s" => \$peer, - "check-routemap-action=s" => \$routemap, - "check-delete-routemap-action=s" => \$deleteroutemap, +GetOptions( + "update-access-list=s" => sub { update_access_list( $_[1] ); }, + "update-aspath-list=s" => sub { update_as_path( $_[1] ); }, + "update-community-list=s" => sub { update_community_list( $_[1] ); }, + "check-peer-syntax=s" => sub { check_peer_syntax( $_[1] ); }, + "check-routemap-action=s" => sub { check_routemap_action( $_[1] ); }, + "check-delete-routemap-action=s" => + sub { check_delete_routemap_action( $_[1] ); }, ); -if (defined $accesslist) { update_access_list($accesslist); } -if (defined $aspathlist) { update_as_path($aspathlist); } -if (defined $communitylist) { update_community_list($communitylist); } -if (defined $peer) { check_peer_syntax($peer); } -if (defined $routemap) { check_routemap_action($routemap); } -if (defined $deleteroutemap) { check_delete_routemap_action($deleteroutemap); } - exit 0; sub numerically { $a <=> $b; } -sub check_peer_syntax() { - my $peer = shift; - - $_ = $peer; - if (/^local$/) { exit 0; } - if (isIpAddress("$peer")) { exit 0; } - exit 1; +sub check_peer_syntax { + my $peer = shift; + + $_ = $peer; + if (/^local$/) { exit 0; } + if ( isIpAddress("$peer") ) { exit 0; } + exit 1; } sub is_community_list { my $list = shift; - my $count = `$VTYSH -c \"show ip community-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; + my $count = + `$VTYSH -c \"show ip community-list $list\" | grep $list | wc -l`; + if ( $count > 0 ) { + return 1; + } + else { + return 0; } } -sub update_community_list() { - my $num = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_community_list { + my $num = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule - if (is_community_list($num)) { - system("$VTYSH -c \"configure terminal\" -c \"no ip community-list $num\" "); - } + # remove the old rule + if ( is_community_list($num) ) { + system( + "$VTYSH -c \"configure terminal\" -c \"no ip community-list $num\" " + ); + } - $config->setLevel("policy community-list $num rule"); - @rules = $config->listNodes(); + $config->setLevel("policy community-list $num rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my $action, $regex = ''; + foreach my $rule ( sort numerically @rules ) { - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy community-list $list rule $rule: You must specify an action\n"; - exit 1; - } + # set the action + my $action = $config->returnValue("$rule action"); + die + "policy community-list $num rule $rule: You must specify an action\n" + unless $action; - # grab the regex - if (defined $config->returnValue("$rule regex")) { - $regex = $config->returnValue("$rule regex"); - } - else { - print "policy community-list $list rule $rule: You must specify a regex\n"; - exit 1; - } + # grab the regex + my $regex = $config->returnValue("$rule regex"); + die "policy community-list $num rule $rule: You must specify a regex\n" + unless $regex; - system ("$VTYSH -c \"configure terminal\" -c \"ip community-list $num $action $regex\" "); - } + system( +"$VTYSH -c \"configure terminal\" -c \"ip community-list $num $action $regex\" " + ); + } - exit 0; + exit 0; } sub is_as_path_list { my $list = shift; - my $count = `$VTYSH -c \"show ip as-path-access-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; + my $count = + `$VTYSH -c \"show ip as-path-access-list $list\" | grep $list | wc -l`; + if ( $count > 0 ) { + return 1; + } + else { + return 0; } } -sub update_as_path() { - my $word = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_as_path { + my $word = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule - if (is_as_path_list($word)) { - system("$VTYSH -c \"configure terminal\" -c \"no ip as-path access-list $word\" "); - } + # remove the old rule + if ( is_as_path_list($word) ) { + system( +"$VTYSH -c \"configure terminal\" -c \"no ip as-path access-list $word\" " + ); + } - $config->setLevel("policy as-path-list $word rule"); - @rules = $config->listNodes(); + $config->setLevel("policy as-path-list $word rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my ($action, $regex) = ''; + foreach my $rule ( sort numerically @rules ) { - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy as-path-list $list rule $rule: You must specify an action\n"; - exit 1; - } + # set the action + my $action = $config->returnValue("$rule action"); + die "policy as-path-list $word rule $rule: You must specify an action\n" + unless $action; - # grab the regex - if (defined $config->returnValue("$rule regex")) { - $regex = $config->returnValue("$rule regex"); - } - else { - print "policy as-path-list $list rule $rule: You must specify a regex\n"; - exit 1; - } + # grab the regex + my $regex = $config->returnValue("$rule regex"); + die "policy as-path-list $word rule $rule: You must specify a regex\n" + unless $regex; - system ("$VTYSH -c \"configure terminal\" -c \"ip as-path access-list $word $action $regex\" "); - } + system( +"$VTYSH -c \"configure terminal\" -c \"ip as-path access-list $word $action $regex\" " + ); + } - exit 0; + exit 0; } sub is_access_list { - my $list = shift; - + my $list = shift; my $count = `$VTYSH -c \"show ip access-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; - } + return ( $count > 0 ); } -sub update_access_list() { - my $list = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_access_list { + my $list = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule if it already exists - if (is_access_list($list)) { - system ("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); - } + # remove the old rule if it already exists + if ( is_access_list($list) ) { + system("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); + } - $config->setLevel("policy access-list $list rule"); - @rules = $config->listNodes(); + $config->setLevel("policy access-list $list rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my ($ip, $action, $src, $dst, $srcmsk, $dstmsk) = ''; + foreach my $rule ( sort numerically @rules ) { + my ( $ip, $action, $src, $dst, $srcmsk, $dstmsk ) = ''; - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy access-list $list rule $rule: You must specify an action\n"; - exit 1; - } - - # TODO: ask someone why config->exists() is returning !0? - # set the source filter - if (defined $config->returnValue("$rule source host")) { - $src = $config->returnValue("$rule source host"); - $src = "host " . $src; - } - elsif (defined $config->returnValue("$rule source network")) { - $src = $config->returnValue("$rule source network"); - $srcmsk = $config->returnValue("$rule source inverse-mask"); - } - else { - if ($config->exists("$rule source any")) { $src = "any"; } - else { - print "policy access-list $list rule $rule source: incorrect source filter\n"; - exit 1; - } - } + # set the action + $action = $config->returnValue("$rule action"); + if ( !defined $action ) { + print +"policy access-list $list rule $rule: You must specify an action\n"; + exit 1; + } - # set the destination filter if extended list - if ((($list >= 100) && ($list <= 199)) || (($list >= 2000) && ($list <= 2699))) { - $ip = 'ip '; - # TODO: ask someone why config->exists() is returning !0? - if (defined $config->returnValue("$rule destination host")) { - $dst = $config->returnValue("$rule destination host"); - $dst = "host " . $dst; - } - elsif (defined $config->returnValue("$rule destination network")) { - $dst = $config->returnValue("$rule destination network"); - $dstmsk = $config->returnValue("$rule destination inverse-mask"); - } - else { - if ($config->exists("$rule destination any")) { $dst = "any"; } + # TODO: ask someone why config->exists() is returning !0? + # set the source filter + if ( defined $config->returnValue("$rule source host") ) { + $src = $config->returnValue("$rule source host"); + $src = "host " . $src; + } + elsif ( defined $config->returnValue("$rule source network") ) { + $src = $config->returnValue("$rule source network"); + $srcmsk = $config->returnValue("$rule source inverse-mask"); + } else { - print "policy access-list $list rule $rule destination: incorrect destination filter\n"; - exit 1; + if ( $config->exists("$rule source any") ) { $src = "any"; } + else { + print +"policy access-list $list rule $rule source: incorrect source filter\n"; + exit 1; + } } - } - } - system ("$VTYSH -c \"configure terminal\" -c \"access-list $list $action $ip $src $srcmsk $dst $dstmsk\" "); - } + # set the destination filter if extended list + if ( ( ( $list >= 100 ) && ( $list <= 199 ) ) + || ( ( $list >= 2000 ) && ( $list <= 2699 ) ) ) + { + $ip = 'ip '; + + # TODO: ask someone why config->exists() is returning !0? + if ( defined $config->returnValue("$rule destination host") ) { + $dst = $config->returnValue("$rule destination host"); + $dst = "host " . $dst; + } + elsif ( defined $config->returnValue("$rule destination network") ) + { + $dst = $config->returnValue("$rule destination network"); + $dstmsk = + $config->returnValue("$rule destination inverse-mask"); + } + else { + if ( $config->exists("$rule destination any") ) { + $dst = "any"; + } + else { + print +"policy access-list $list rule $rule destination: incorrect destination filter\n"; + exit 1; + } + } + } + + system( +"$VTYSH -c \"configure terminal\" -c \"access-list $list $action $ip $src $srcmsk $dst $dstmsk\" " + ); + } - exit 0; + exit 0; } ## check_routemap_action @@ -219,34 +218,31 @@ sub update_access_list() { # we need to do this because quagga will wipe the entire config if # the action is changed. # $1 = policy route-map <name> rule <num> action -sub check_routemap_action() { - my $routemap = shift; - my $config = new Vyatta::Config; - - my $action = $config->setLevel("$routemap"); - my $origvalue = $config->returnOrigValue(); - if ($origvalue) { - my $value = $config->returnValue(); - if ("$value" ne "$origvalue") { - exit 1; +sub check_routemap_action { + my $routemap = shift; + my $config = new Vyatta::Config; + + my $action = $config->setLevel("$routemap"); + my $origvalue = $config->returnOrigValue(); + if ($origvalue) { + my $value = $config->returnValue(); + if ( "$value" ne "$origvalue" ) { + exit 1; + } } - } - exit 0; + exit 0; } ## check_delete_routemap_action # don't allow deleteing the route-map action if other sibling nodes exist. # action is required for all other route-map definitions # $1 = policy route-map <name> rule <num> -sub check_delete_routemap_action() { - my $routemap = shift; - my $config = new Vyatta::Config; +sub check_delete_routemap_action { + my $routemap = shift; + my $config = new Vyatta::Config; - my @nodes = $config->listNodes("$routemap"); - if (defined @nodes) { - exit 1 - } + my @nodes = $config->listNodes("$routemap"); - exit 0; + exit(@nodes) ? 1 : 0; } diff --git a/scripts/vyatta_quagga_utils.pl b/scripts/vyatta_quagga_utils.pl index eaf83649..c0087ea6 100644 --- a/scripts/vyatta_quagga_utils.pl +++ b/scripts/vyatta_quagga_utils.pl @@ -1,62 +1,49 @@ #!/usr/bin/perl +use strict; use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; use NetAddr::IP; use Getopt::Long; -GetOptions("check-prefix-boundry=s" => \$prefix, - "not-exists=s" => \$notexists, - "exists=s" => \$exists, - "check-ospf-area=s" => \$area, +GetOptions("check-prefix-boundry=s" => sub { check_prefix_boundry( $_[1] ); }, + "not-exists=s" => sub { check_not_exists($_[1]); }, + "exists=s" => sub { check_exists($_[1]); }, + "check-ospf-area=s" => sub { check_ospf_area($_[1]); }, ); -if (defined $prefix) { check_prefix_boundry($prefix); } -if (defined $notexists) { check_not_exists($notexists); } -if (defined $exists) { check_exists($exists); } -if (defined $area) { check_ospf_area($area); } - exit 0; -sub check_prefix_boundry() { +sub check_prefix_boundry { my $prefix = shift; my ($net, $network, $cidr); $net = new NetAddr::IP $prefix; $network = $net->network(); $cidr = $net->cidr(); - if ("$cidr" ne "$network") { - print "Your prefix must fall on a natural network boundry. ", - "Did you mean $network?\n"; - exit 1; - } + + die "Your prefix must fall on a natural network boundry. ", + "Did you mean $network?\n" + if ($cidr ne $network); exit 0; } -sub check_exists() { +sub check_exists { my $node = shift; my $config = new Vyatta::Config; - if ( $config->exists("$node") ) { - exit 0; - } - - exit 1; + exit $config->exists($node) ? 0 : 1; } -sub check_not_exists() { +sub check_not_exists { my $node = shift; my $config = new Vyatta::Config; - if (! $config->exists("$node") ) { - exit 0; - } - - exit 1; + exit $config->exists($node) ? 1 : 0; } -sub check_ospf_area() { +sub check_ospf_area { my $area = shift; # @@ -68,7 +55,7 @@ sub check_ospf_area() { } } if ($area =~ m/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) { - foreach $octet ($1, $2, $3, $4) { + foreach my $octet ($1, $2, $3, $4) { if (($octet < 0) || ($octet > 255)) { exit 1; } } exit 0 |