diff options
4 files changed, 59 insertions, 35 deletions
diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index b47d9c96..e840271e 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -10,6 +10,7 @@ GetOptions("update-access-list=s" => \$accesslist, "update-community-list=s" => \$communitylist, "check-peer-syntax=s" => \$peer, "check-routemap-action=s" => \$routemap, + "check-delete-routemap-action=s" => \$deleteroutemap, ); if (defined $accesslist) { update_access_list($accesslist); } @@ -17,6 +18,7 @@ if (defined $aspathlist) { update_as_path($aspathlist); } if (defined $communitylist) { update_community_list($communitylist); } if (defined $peer) { check_peer_syntax($peer); } if (defined $routemap) { check_routemap_action($routemap); } +if (defined $deleteroutemap) { check_delete_routemap_action($deleteroutemap); } exit 0; @@ -215,7 +217,7 @@ sub update_access_list() { # check if the action has been changed since the last commit. # we need to do this because quagga will wipe the entire config if # the action is changed. -# $1 = policy route-map <name> rule <num> +# $1 = policy route-map <name> rule <num> action sub check_routemap_action() { my $routemap = shift; my $config = new VyattaConfig; @@ -225,11 +227,25 @@ sub check_routemap_action() { if ($origvalue) { my $value = $config->returnValue(); if ("$value" ne "$origvalue") { - print "You can not change the action for $routemap.\n"; - print "To change the action you must first delete the rule and commit it.\n\n"; exit 1; } } exit 0; } + +## check_delete_routemap_action +# don't allow deleteing the route-map action if other sibling nodes exist. +# action is required for all other route-map definitions +# $1 = policy route-map <name> rule <num> +sub check_delete_routemap_action() { + my $routemap = shift; + my $config = new VyattaConfig; + + my @nodes = $config->listNodes("$routemap"); + if (defined @nodes) { + exit 1 + } + + exit 0; +} diff --git a/templates/policy/route-map/node.tag/rule/node.def b/templates/policy/route-map/node.tag/rule/node.def index 7b96dd0d..b5a8e367 100644 --- a/templates/policy/route-map/node.tag/rule/node.def +++ b/templates/policy/route-map/node.tag/rule/node.def @@ -2,8 +2,7 @@ tag: type: u32 help: Specify route-map rule number syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "route-map $VAR(../@): rule number $VAR(@) must be between 1 and 65535" -delete:expression: "if [ -f /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@) ]; then \ - ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" \ - -c \"no route-map $VAR(../@) $VAR(./@/action/@) $VAR(@)\"; \ - rm -f /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@); \ - fi" +delete: if [ -f /tmp/route-map-$VAR(../@)-rule-$VAR(@)-action.$PPID ]; then + ${vyatta_sbindir}/vyatta-vtysh.pl -c "configure terminal" -c "no route-map $VAR(../@) $VAR(./@/action/@) $VAR(@)"; + rm -f /tmp/route-map-$VAR(../@)-rule-$VAR(@)-action.$PPID; + fi; diff --git a/templates/policy/route-map/node.tag/rule/node.tag/action/node.def b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def index 2c6557eb..3967558c 100644 --- a/templates/policy/route-map/node.tag/rule/node.tag/action/node.def +++ b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def @@ -1,12 +1,20 @@ type: txt help: Action to take on prefixes matching this rule syntax:expression: $VAR(@) in "permit", "deny"; "route-map $VAR(../../@) $VAR(@) $VAR(../@) action: must be permit or deny" -# we need to check if the action has been changed since the previous commit -update:expression: "/opt/vyatta/sbin/vyatta-policy.pl --check-routemap-action \"policy route-map $VAR(../../@) rule $VAR(../@) action\"; \ - if [ \"$?\" -eq \"0\" ]; then \ - ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" -c \"route-map $VAR(../../@) $VAR(@) $VAR(../@)\"; \ - else \ - exit 1; \ - fi ; " -# note: delete is handled by parent 'rule' node because the action is required for a route-map in quagga -delete:expression: exec "sudo echo $VAR(@) > /tmp/delete-policy-route-map-$VAR(../../@)-rule-$VAR(../@)" +update: /opt/vyatta/sbin/vyatta-policy.pl --check-routemap-action "policy route-map $VAR(../../@) rule $VAR(../@) action"; + if [ $? -eq 0 ]; then + ${vyatta_sbindir}/vyatta-vtysh.pl -c "configure terminal" -c "route-map $VAR(../../@) $VAR(@) $VAR(../@)"; + else + echo " You can not change the action for \"route-map $VAR(../../@) rule $VAR(../@)\"."; + echo " To change the action you must first delete the rule "; + echo -e " \"delete route-map $VAR(../../@) rule $VAR(../@)\" and commit it. \\n"; + exit 1; + fi; +delete: /opt/vyatta/sbin/vyatta-policy.pl --check-delete-routemap-action "policy route-map $VAR(../../@) rule $VAR(../@)"; + if [ $? -eq 0 ]; then + touch /tmp/route-map-$VAR(../../@)-rule-$VAR(../@)-action.$PPID ; + else + echo " Action is a required node for \"route-map $VAR(../../@) rule $VAR(../@)\". "; + echo -e " To delete that node you must delete \"route-map $VAR(../../@) rule $VAR(../@)\". \\n"; + exit 1; + fi; diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def index e7ff7a0f..84c2ca62 100644 --- a/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def @@ -1,20 +1,21 @@ help: Match BGP community list -delete:expression: "touch /tmp/policy-route-map-$VAR(../../../@)-$VAR(../../action/@)-$VAR(../../@)-match-community.$PPID" +delete: echo route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@) >> /tmp/delete-policy-route-map-$VAR(../../../@)-$VAR(../../@)-match-community.$PPID ## this will always return exact-match pending bug 2525 being fixed -end:expression: "if [ -z \"$VAR(./community-list/)\" ]; then \ - echo You must configure a community-list ; \ - exit 1 ; \ - fi ; \ - ${vyatta_sbindir}/vyatta-vtysh.pl -noerr -c \"configure terminal\" \ - -c \"route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)\" \ - -c \"no match community \" ; \ - if [ -f \"/tmp/policy-route-map-$VAR(../../../@)-$VAR(../../action/@)-$VAR(../../@)-match-community.$PPID\" ]; then \ - rm -rf /tmp/policy-route-map-$VAR(../../../@)-$VAR(../../action/@)-$VAR(../../@)-match-community.$PPID; \ - else \ - if [ -n \"$VAR(./exact-match/)\" ]; then \ - cond=\"exact-match \"; \ - fi ; \ - ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" \ - -c \"route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)\" \ - -c \"match community $VAR(./community-list/@) $cond\" ; \ - fi; " +end: if [ -z "$VAR(./community-list/)" ]; then + echo You must configure a community-list ; + exit 1 ; + fi ; + if [ -f /tmp/delete-policy-route-map-$VAR(../../../@)-$VAR(../../@)-match-community.$PPID ]; then + routemap=`cat /tmp/delete-policy-route-map-$VAR(../../../@)-$VAR(../../@)-match-community.$PPID` + rm -f /tmp/delete-policy-route-map-$VAR(../../../@)-$VAR(../../@)-match-community.$PPID; + ${vyatta_sbindir}/vyatta-vtysh.pl -noerr -c "configure terminal" -c "$routemap " -c "no match community " ; + exit 0; + else + routemap='route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)'; + + if [ -n "$VAR(./exact-match/)" ]; then + cond="exact-match "; + fi ; + ${vyatta_sbindir}/vyatta-vtysh.pl -noerr -c "configure terminal" -c "$routemap " -c "no match community " ; + ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" -c "$routemap " -c "match community $VAR(./community-list/@) $cond" ; + fi |