diff options
14 files changed, 22 insertions, 80 deletions
diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index 9ca97036..c5e781ba 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -27,7 +27,7 @@ update_access_list($accesslist) if ($accesslist); update_access_list6($accesslist6) if ($accesslist6); update_as_path($aspathlist) if ($aspathlist); update_community_list($communitylist) if ($communitylist); -update_ext_community_list($extcommunitylist) if ($extcommunitylist); +update_ext_community_list($extcommunitylist) if ($extcommunitylist); check_peer_syntax($peer) if ($peer); check_routemap_action($routemap) if ($routemap); check_delete_routemap_action($deleteroutemap) if ($deleteroutemap); @@ -72,59 +72,40 @@ sub is_extcommunity_list { sub update_ext_community_list { - my $variant= shift; my $name = shift; my $config = new Vyatta::Config; my @rules = (); - if($variant !~ /^standard|expanded$/ ) { - die -"set policy route extcommunity-list [ standard | expanded ] list-name rule rule-num action { deny | permit } - ^^^^^^^^^^^^^^^^^^^^^^^\n"; - }; - - # remove the old rule - if ( is_extcommunity_list($num) ) { - my $clist = `$VTYSH -c \"show ip extcommunity-list $num\" | grep -v \"access list $num\"`; + # remove the old rules + if ( is_extcommunity_list($name) ) { + my $clist = `$VTYSH -c \"show ip extcommunity-list $name\" | grep -v \"expanded list $name\"`; my @oldrules = split(/\n/, $clist); foreach my $oldrule (@oldrules) { - print "$oldrule\n"; - system("$VTYSH -c \"conf t\" -c \"no ip extcommunity-list $num $oldrule\""); + system("$VTYSH -c \"conf t\" -c \"no ip extcommunity-list expanded $name $oldrule\""); } - } + } - $config->setLevel("policy route extcommunity-list $variant $name "); + $config->setLevel("policy extcommunity-list $name rule"); @rules = $config->listNodes(); foreach my $rule ( sort numerically @rules ) { - # set the action my $action = $config->returnValue("$rule action"); die - "policy route extcommunity-list $variant $name rule $rule: You must specify an action\n" + "extcommunity-list $name rule $rule: You must specify an action\n" unless $action; # grab the regex my $regex = $config->returnValue("$rule regex"); - die "policy route extcommunity-list $variant $name rule $rule: You must specify a regex\n" - unless $regex; - if($variant eq 'standard') { - unless (($regex =~ /(.*):(.*)/) and (isIpAddress($1)or($1=~/^\d+$/) ) and ($2=~/^\d+$/)) { - die "for standard extcommunity-list regex should be either: - -AS:VAL - - This is a format to define AS based Extended Community value. AS part is 2 octets Global Administrator subfield in Extended Community value. VAL part is 4 octets Local Administrator subfield. 7675:100 represents AS 7675 policy value 100. - -IP-Address:VAL + if(!defined($regex)) { + die "extcommunity-list $name rule $rule: You must specify a regex\n"; + } + if (!($regex =~ /(.*):(.*)/) and (isIpAddress($1)or($1=~/^\d+$/) ) and ($2=~/^\d+$/)) { + die "extcommunity-list $name rule $rule: Malformed extcommunity-list regex"; + } + system("$VTYSH -c \"conf t\" -c \"ip extcommunity-list expanded $name $action $regex\""); + } - This is a format to define IP address based Extended Community value. IP-Address part is 4 octets Global Administrator subfield. VAL part is 2 octets Local Administrator subfield. 10.0.0.1:100 represents IP 10.0.0.1 policy value 100. -"; - - }; - }; - $cmdline.="-c \"ip extcommunity-list $name $action $regex\" "; - }; - exit system($cmdline); + exit(0); } @@ -138,7 +119,6 @@ sub update_community_list { my $clist = `$VTYSH -c \"show ip community-list $num\" | grep -v \"access list $num\"`; my @oldrules = split(/\n/, $clist); foreach my $oldrule (@oldrules) { - print "$oldrule\n"; system("$VTYSH -c \"conf t\" -c \"no ip community-list $num $oldrule\""); } } diff --git a/templates/policy/extcommunity-list/expanded/node.def b/templates/policy/extcommunity-list/expanded/node.def deleted file mode 100644 index 95f6f003..00000000 --- a/templates/policy/extcommunity-list/expanded/node.def +++ /dev/null @@ -1,8 +0,0 @@ -tag: -priority: 490 -type: txt -help: Border Gateway Protocol (BGP) extended community-list filter - -syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9]+$" ; "Should be alphanumeric name" - -end: /opt/vyatta/sbin/vyatta-policy.pl --update-community-list expanded $VAR(@) diff --git a/templates/policy/extcommunity-list/node.def b/templates/policy/extcommunity-list/node.def index 9676146c..fee4c402 100644 --- a/templates/policy/extcommunity-list/node.def +++ b/templates/policy/extcommunity-list/node.def @@ -1,7 +1,8 @@ tag: -priority: 480 +priority: 490 type: txt -help: Border Gateway Protocol (BGP) extended communities attribute. Usefull for implementing network policy for MPLS VPN/BGP by restricting routes according to their Route Target or Site of Origin. -val_help: Type of extended community. standard or expanded. +help: Border Gateway Protocol (BGP) extended community-list filter -syntax:expression: pattern $VAR(@) "^standard|expanded$" ; "Should be either standard or expanded" +syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9]+$" ; "Should be alphanumeric name" + +end: /opt/vyatta/sbin/vyatta-policy.pl --update-extcommunity-list $VAR(@) diff --git a/templates/policy/extcommunity-list/expanded/description/node.def b/templates/policy/extcommunity-list/node.tag/description/node.def index 7a660be4..7a660be4 100644 --- a/templates/policy/extcommunity-list/expanded/description/node.def +++ b/templates/policy/extcommunity-list/node.tag/description/node.def diff --git a/templates/policy/extcommunity-list/expanded/rule/node.def b/templates/policy/extcommunity-list/node.tag/rule/node.def index 7826f33d..7826f33d 100644 --- a/templates/policy/extcommunity-list/expanded/rule/node.def +++ b/templates/policy/extcommunity-list/node.tag/rule/node.def diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/action/node.def b/templates/policy/extcommunity-list/node.tag/rule/node.tag/action/node.def index db4bdbc6..db4bdbc6 100644 --- a/templates/policy/extcommunity-list/expanded/rule/node.tag/action/node.def +++ b/templates/policy/extcommunity-list/node.tag/rule/node.tag/action/node.def diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/description/node.def b/templates/policy/extcommunity-list/node.tag/rule/node.tag/description/node.def index b8e3095b..b8e3095b 100644 --- a/templates/policy/extcommunity-list/expanded/rule/node.tag/description/node.def +++ b/templates/policy/extcommunity-list/node.tag/rule/node.tag/description/node.def diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/regex/node.def b/templates/policy/extcommunity-list/node.tag/rule/node.tag/regex/node.def index fae3784c..fae3784c 100644 --- a/templates/policy/extcommunity-list/expanded/rule/node.tag/regex/node.def +++ b/templates/policy/extcommunity-list/node.tag/rule/node.tag/regex/node.def diff --git a/templates/policy/extcommunity-list/standard/description/node.def b/templates/policy/extcommunity-list/standard/description/node.def deleted file mode 100644 index 7a660be4..00000000 --- a/templates/policy/extcommunity-list/standard/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Description for this community list diff --git a/templates/policy/extcommunity-list/standard/node.def b/templates/policy/extcommunity-list/standard/node.def deleted file mode 100644 index aec1edcd..00000000 --- a/templates/policy/extcommunity-list/standard/node.def +++ /dev/null @@ -1,8 +0,0 @@ -tag: -priority: 485 -type: txt -help: Border Gateway Protocol (BGP) extended community-list filter - -syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9]+$" ; "Should be alphanumeric name" - -end: /opt/vyatta/sbin/vyatta-policy.pl --update-community-list standard $VAR(@) diff --git a/templates/policy/extcommunity-list/standard/rule/node.def b/templates/policy/extcommunity-list/standard/rule/node.def deleted file mode 100644 index 7826f33d..00000000 --- a/templates/policy/extcommunity-list/standard/rule/node.def +++ /dev/null @@ -1,6 +0,0 @@ -tag: -type: u32 -help: create a rule for this BGP extended community list -val_help: u32:1-65535; Extended community-list rule number - -syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535" diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def deleted file mode 100644 index db4bdbc6..00000000 --- a/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Action to take on routes matching this rule [REQUIRED] -val_help: permit; Permit matching routes -val_help: deny; Deny matching routes - -syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny" diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def deleted file mode 100644 index b8e3095b..00000000 --- a/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Description for this rule diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def deleted file mode 100644 index 36dd9954..00000000 --- a/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -help: Extended community value. Should be either AS:VAL or IP-Address:VAL -val_help: Community list regular expression - -syntax:expression: pattern $VAR(@) "^([0-9]*)|([0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}):[0-9]*$" - -commit:expression: $VAR(../action/@) != ""; "You must specify an action" |