summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/policy/vyatta-policy.pl24
-rw-r--r--templates/policy/route-map/node.tag/rule/node.def9
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/action/node.def10
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def1
5 files changed, 38 insertions, 7 deletions
diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl
index 51aa163a..b47d9c96 100755
--- a/scripts/policy/vyatta-policy.pl
+++ b/scripts/policy/vyatta-policy.pl
@@ -9,12 +9,14 @@ GetOptions("update-access-list=s" => \$accesslist,
"update-aspath-list=s" => \$aspathlist,
"update-community-list=s" => \$communitylist,
"check-peer-syntax=s" => \$peer,
+ "check-routemap-action=s" => \$routemap,
);
if (defined $accesslist) { update_access_list($accesslist); }
if (defined $aspathlist) { update_as_path($aspathlist); }
if (defined $communitylist) { update_community_list($communitylist); }
if (defined $peer) { check_peer_syntax($peer); }
+if (defined $routemap) { check_routemap_action($routemap); }
exit 0;
@@ -209,3 +211,25 @@ sub update_access_list() {
exit 0;
}
+## check_routemap_action
+# check if the action has been changed since the last commit.
+# we need to do this because quagga will wipe the entire config if
+# the action is changed.
+# $1 = policy route-map <name> rule <num>
+sub check_routemap_action() {
+ my $routemap = shift;
+ my $config = new VyattaConfig;
+
+ my $action = $config->setLevel("$routemap");
+ my $origvalue = $config->returnOrigValue();
+ if ($origvalue) {
+ my $value = $config->returnValue();
+ if ("$value" ne "$origvalue") {
+ print "You can not change the action for $routemap.\n";
+ print "To change the action you must first delete the rule and commit it.\n\n";
+ exit 1;
+ }
+ }
+
+ exit 0;
+}
diff --git a/templates/policy/route-map/node.tag/rule/node.def b/templates/policy/route-map/node.tag/rule/node.def
index c3079f54..7b96dd0d 100644
--- a/templates/policy/route-map/node.tag/rule/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.def
@@ -2,7 +2,8 @@ tag:
type: u32
help: Specify route-map rule number
syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "route-map $VAR(../@): rule number $VAR(@) must be between 1 and 65535"
-end:expression: "if [ -f /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@) ]; then \
- ${vyatta_sbindir}/vyatta-policy-action-verify.pl $VAR(../@) $VAR(@) $( cat /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@) ); \
- fi"
-
+delete:expression: "if [ -f /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@) ]; then \
+ ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" \
+ -c \"no route-map $VAR(../@) $VAR(./@/action/@) $VAR(@)\"; \
+ rm -f /tmp/delete-policy-route-map-$VAR(../@)-rule-$VAR(@); \
+ fi"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/action/node.def b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def
index 83e092e8..1fcc4a8c 100644
--- a/templates/policy/route-map/node.tag/rule/node.tag/action/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def
@@ -1,7 +1,11 @@
type: txt
help: Action to take on prefixes matching this rule
syntax:expression: $VAR(@) in "permit", "deny"; "route-map $VAR(../../@) $VAR(@) $VAR(../@) action: must be permit or deny"
-update:expression: "${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" -c \"route-map $VAR(../../@) $VAR(@) $VAR(../@)\" "
-update:expression: exec "sudo rm -f /tmp/delete-policy-route-map-$VAR(../../@)-rule-$VAR(../@) 2>/dev/null"
+update:expression: "/opt/vyatta/sbin/vyatta-policy.pl --check-routemap-action \"policy route-map $VAR(../../@) rule $VAR(../@) action\"; \
+ if [ \"$?\" -eq \"0\" ]; then \
+ ${vyatta_sbindir}/vyatta-vtysh.pl -c \"configure terminal\" -c \"route-map $VAR(../../@) $VAR(@) $VAR(../@)\"; \
+ else \
+ exit 1; \
+ fi ; "
delete:expression: exec "sudo echo $VAR(@) > /tmp/delete-policy-route-map-$VAR(../../@)-rule-$VAR(../@)"
-
+# note: delete is handled by parent 'rule' node because the action is required for a route-map in quagga
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def
index 29298fac..e7ff7a0f 100644
--- a/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def
@@ -1,5 +1,6 @@
help: Match BGP community list
delete:expression: "touch /tmp/policy-route-map-$VAR(../../../@)-$VAR(../../action/@)-$VAR(../../@)-match-community.$PPID"
+## this will always return exact-match pending bug 2525 being fixed
end:expression: "if [ -z \"$VAR(./community-list/)\" ]; then \
echo You must configure a community-list ; \
exit 1 ; \
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def
index f1e98001..0dea5ab1 100644
--- a/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def
@@ -1,5 +1,6 @@
help: Set BGP community list
delete:expression: "touch /tmp/policy-route-map-$VAR(../../../@)-$VAR(../../action/@)-$VAR(../../@)-set-comm-list.$PPID"
+## this will always return delete pending bug 2525 being fixed
end:expression: "if [ -z \"$VAR(./comm-list/)\" ]; then \
echo You must configure a comm-list ; \
exit 1 ; \