diff options
Diffstat (limited to 'scripts/policy/vyatta-policy.pl')
-rwxr-xr-x | scripts/policy/vyatta-policy.pl | 348 |
1 files changed, 172 insertions, 176 deletions
diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index 4a1ea4d8..91a73d0f 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -1,217 +1,216 @@ #!/usr/bin/perl +use strict; use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; use Getopt::Long; -my $VTYSH='/usr/bin/vyatta-vtysh'; +my $VTYSH = '/usr/bin/vyatta-vtysh'; -GetOptions("update-access-list=s" => \$accesslist, - "update-aspath-list=s" => \$aspathlist, - "update-community-list=s" => \$communitylist, - "check-peer-syntax=s" => \$peer, - "check-routemap-action=s" => \$routemap, - "check-delete-routemap-action=s" => \$deleteroutemap, +GetOptions( + "update-access-list=s" => sub { update_access_list( $_[1] ); }, + "update-aspath-list=s" => sub { update_as_path( $_[1] ); }, + "update-community-list=s" => sub { update_community_list( $_[1] ); }, + "check-peer-syntax=s" => sub { check_peer_syntax( $_[1] ); }, + "check-routemap-action=s" => sub { check_routemap_action( $_[1] ); }, + "check-delete-routemap-action=s" => + sub { check_delete_routemap_action( $_[1] ); }, ); -if (defined $accesslist) { update_access_list($accesslist); } -if (defined $aspathlist) { update_as_path($aspathlist); } -if (defined $communitylist) { update_community_list($communitylist); } -if (defined $peer) { check_peer_syntax($peer); } -if (defined $routemap) { check_routemap_action($routemap); } -if (defined $deleteroutemap) { check_delete_routemap_action($deleteroutemap); } - exit 0; sub numerically { $a <=> $b; } -sub check_peer_syntax() { - my $peer = shift; - - $_ = $peer; - if (/^local$/) { exit 0; } - if (isIpAddress("$peer")) { exit 0; } - exit 1; +sub check_peer_syntax { + my $peer = shift; + + $_ = $peer; + if (/^local$/) { exit 0; } + if ( isIpAddress("$peer") ) { exit 0; } + exit 1; } sub is_community_list { my $list = shift; - my $count = `$VTYSH -c \"show ip community-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; + my $count = + `$VTYSH -c \"show ip community-list $list\" | grep $list | wc -l`; + if ( $count > 0 ) { + return 1; + } + else { + return 0; } } -sub update_community_list() { - my $num = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_community_list { + my $num = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule - if (is_community_list($num)) { - system("$VTYSH -c \"configure terminal\" -c \"no ip community-list $num\" "); - } + # remove the old rule + if ( is_community_list($num) ) { + system( + "$VTYSH -c \"configure terminal\" -c \"no ip community-list $num\" " + ); + } - $config->setLevel("policy community-list $num rule"); - @rules = $config->listNodes(); + $config->setLevel("policy community-list $num rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my $action, $regex = ''; + foreach my $rule ( sort numerically @rules ) { - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy community-list $list rule $rule: You must specify an action\n"; - exit 1; - } + # set the action + my $action = $config->returnValue("$rule action"); + die + "policy community-list $num rule $rule: You must specify an action\n" + unless $action; - # grab the regex - if (defined $config->returnValue("$rule regex")) { - $regex = $config->returnValue("$rule regex"); - } - else { - print "policy community-list $list rule $rule: You must specify a regex\n"; - exit 1; - } + # grab the regex + my $regex = $config->returnValue("$rule regex"); + die "policy community-list $num rule $rule: You must specify a regex\n" + unless $regex; - system ("$VTYSH -c \"configure terminal\" -c \"ip community-list $num $action $regex\" "); - } + system( +"$VTYSH -c \"configure terminal\" -c \"ip community-list $num $action $regex\" " + ); + } - exit 0; + exit 0; } sub is_as_path_list { my $list = shift; - my $count = `$VTYSH -c \"show ip as-path-access-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; + my $count = + `$VTYSH -c \"show ip as-path-access-list $list\" | grep $list | wc -l`; + if ( $count > 0 ) { + return 1; + } + else { + return 0; } } -sub update_as_path() { - my $word = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_as_path { + my $word = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule - if (is_as_path_list($word)) { - system("$VTYSH -c \"configure terminal\" -c \"no ip as-path access-list $word\" "); - } + # remove the old rule + if ( is_as_path_list($word) ) { + system( +"$VTYSH -c \"configure terminal\" -c \"no ip as-path access-list $word\" " + ); + } - $config->setLevel("policy as-path-list $word rule"); - @rules = $config->listNodes(); + $config->setLevel("policy as-path-list $word rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my ($action, $regex) = ''; + foreach my $rule ( sort numerically @rules ) { - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy as-path-list $list rule $rule: You must specify an action\n"; - exit 1; - } + # set the action + my $action = $config->returnValue("$rule action"); + die "policy as-path-list $word rule $rule: You must specify an action\n" + unless $action; - # grab the regex - if (defined $config->returnValue("$rule regex")) { - $regex = $config->returnValue("$rule regex"); - } - else { - print "policy as-path-list $list rule $rule: You must specify a regex\n"; - exit 1; - } + # grab the regex + my $regex = $config->returnValue("$rule regex"); + die "policy as-path-list $word rule $rule: You must specify a regex\n" + unless $regex; - system ("$VTYSH -c \"configure terminal\" -c \"ip as-path access-list $word $action $regex\" "); - } + system( +"$VTYSH -c \"configure terminal\" -c \"ip as-path access-list $word $action $regex\" " + ); + } - exit 0; + exit 0; } sub is_access_list { - my $list = shift; - + my $list = shift; my $count = `$VTYSH -c \"show ip access-list $list\" | grep $list | wc -l`; - if ($count > 0) { - return 1; - } else { - return 0; - } + return ( $count > 0 ); } -sub update_access_list() { - my $list = shift; - my $config = new Vyatta::Config; - my @rules = (); - my $rule; +sub update_access_list { + my $list = shift; + my $config = new Vyatta::Config; + my @rules = (); - # remove the old rule if it already exists - if (is_access_list($list)) { - system ("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); - } + # remove the old rule if it already exists + if ( is_access_list($list) ) { + system("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); + } - $config->setLevel("policy access-list $list rule"); - @rules = $config->listNodes(); + $config->setLevel("policy access-list $list rule"); + @rules = $config->listNodes(); - foreach $rule (sort numerically @rules) { - my ($ip, $action, $src, $dst, $srcmsk, $dstmsk) = ''; + foreach my $rule ( sort numerically @rules ) { + my ( $ip, $action, $src, $dst, $srcmsk, $dstmsk ) = ''; - # set the action - $action = $config->returnValue("$rule action"); - if (! defined $action) { - print "policy access-list $list rule $rule: You must specify an action\n"; - exit 1; - } - - # TODO: ask someone why config->exists() is returning !0? - # set the source filter - if (defined $config->returnValue("$rule source host")) { - $src = $config->returnValue("$rule source host"); - $src = "host " . $src; - } - elsif (defined $config->returnValue("$rule source network")) { - $src = $config->returnValue("$rule source network"); - $srcmsk = $config->returnValue("$rule source inverse-mask"); - } - else { - if ($config->exists("$rule source any")) { $src = "any"; } - else { - print "policy access-list $list rule $rule source: incorrect source filter\n"; - exit 1; - } - } + # set the action + $action = $config->returnValue("$rule action"); + if ( !defined $action ) { + print +"policy access-list $list rule $rule: You must specify an action\n"; + exit 1; + } - # set the destination filter if extended list - if ((($list >= 100) && ($list <= 199)) || (($list >= 2000) && ($list <= 2699))) { - $ip = 'ip '; - # TODO: ask someone why config->exists() is returning !0? - if (defined $config->returnValue("$rule destination host")) { - $dst = $config->returnValue("$rule destination host"); - $dst = "host " . $dst; - } - elsif (defined $config->returnValue("$rule destination network")) { - $dst = $config->returnValue("$rule destination network"); - $dstmsk = $config->returnValue("$rule destination inverse-mask"); - } - else { - if ($config->exists("$rule destination any")) { $dst = "any"; } + # TODO: ask someone why config->exists() is returning !0? + # set the source filter + if ( defined $config->returnValue("$rule source host") ) { + $src = $config->returnValue("$rule source host"); + $src = "host " . $src; + } + elsif ( defined $config->returnValue("$rule source network") ) { + $src = $config->returnValue("$rule source network"); + $srcmsk = $config->returnValue("$rule source inverse-mask"); + } else { - print "policy access-list $list rule $rule destination: incorrect destination filter\n"; - exit 1; + if ( $config->exists("$rule source any") ) { $src = "any"; } + else { + print +"policy access-list $list rule $rule source: incorrect source filter\n"; + exit 1; + } } - } - } - system ("$VTYSH -c \"configure terminal\" -c \"access-list $list $action $ip $src $srcmsk $dst $dstmsk\" "); - } + # set the destination filter if extended list + if ( ( ( $list >= 100 ) && ( $list <= 199 ) ) + || ( ( $list >= 2000 ) && ( $list <= 2699 ) ) ) + { + $ip = 'ip '; + + # TODO: ask someone why config->exists() is returning !0? + if ( defined $config->returnValue("$rule destination host") ) { + $dst = $config->returnValue("$rule destination host"); + $dst = "host " . $dst; + } + elsif ( defined $config->returnValue("$rule destination network") ) + { + $dst = $config->returnValue("$rule destination network"); + $dstmsk = + $config->returnValue("$rule destination inverse-mask"); + } + else { + if ( $config->exists("$rule destination any") ) { + $dst = "any"; + } + else { + print +"policy access-list $list rule $rule destination: incorrect destination filter\n"; + exit 1; + } + } + } + + system( +"$VTYSH -c \"configure terminal\" -c \"access-list $list $action $ip $src $srcmsk $dst $dstmsk\" " + ); + } - exit 0; + exit 0; } ## check_routemap_action @@ -219,34 +218,31 @@ sub update_access_list() { # we need to do this because quagga will wipe the entire config if # the action is changed. # $1 = policy route-map <name> rule <num> action -sub check_routemap_action() { - my $routemap = shift; - my $config = new Vyatta::Config; - - my $action = $config->setLevel("$routemap"); - my $origvalue = $config->returnOrigValue(); - if ($origvalue) { - my $value = $config->returnValue(); - if ("$value" ne "$origvalue") { - exit 1; +sub check_routemap_action { + my $routemap = shift; + my $config = new Vyatta::Config; + + my $action = $config->setLevel("$routemap"); + my $origvalue = $config->returnOrigValue(); + if ($origvalue) { + my $value = $config->returnValue(); + if ( "$value" ne "$origvalue" ) { + exit 1; + } } - } - exit 0; + exit 0; } ## check_delete_routemap_action # don't allow deleteing the route-map action if other sibling nodes exist. # action is required for all other route-map definitions # $1 = policy route-map <name> rule <num> -sub check_delete_routemap_action() { - my $routemap = shift; - my $config = new Vyatta::Config; +sub check_delete_routemap_action { + my $routemap = shift; + my $config = new Vyatta::Config; - my @nodes = $config->listNodes("$routemap"); - if (defined @nodes) { - exit 1 - } + my @nodes = $config->listNodes("$routemap"); - exit 0; + exit(@nodes) ? 1 : 0; } |