From 722b77390b977f4ff67c63afcdc4dde61408cb8f Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 30 Oct 2009 12:19:25 -0700 Subject: First pass of IPv6 policy. --- templates/policy/prefix-list6/node.def | 8 ++++ .../prefix-list6/node.tag/description/node.def | 3 ++ .../policy/prefix-list6/node.tag/rule/node.def | 44 ++++++++++++++++++++++ .../node.tag/rule/node.tag/action/node.def | 8 ++++ .../node.tag/rule/node.tag/description/node.def | 2 + .../node.tag/rule/node.tag/ge/node.def | 7 ++++ .../node.tag/rule/node.tag/le/node.def | 7 ++++ .../node.tag/rule/node.tag/prefix/node.def | 5 +++ .../match/ipv6/address/access-list/node.def | 22 +++++++++++ .../rule/node.tag/match/ipv6/address/node.def | 1 + .../match/ipv6/address/prefix-list/node.def | 19 ++++++++++ .../match/ipv6/nexthop/access-list/node.def | 22 +++++++++++ .../rule/node.tag/match/ipv6/nexthop/node.def | 1 + .../match/ipv6/nexthop/prefix-list/node.def | 19 ++++++++++ .../node.tag/rule/node.tag/match/ipv6/node.def | 1 + 15 files changed, 169 insertions(+) create mode 100644 templates/policy/prefix-list6/node.def create mode 100644 templates/policy/prefix-list6/node.tag/description/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.tag/action/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.tag/description/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.tag/ge/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.tag/le/node.def create mode 100644 templates/policy/prefix-list6/node.tag/rule/node.tag/prefix/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/prefix-list/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/prefix-list/node.def create mode 100644 templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/node.def diff --git a/templates/policy/prefix-list6/node.def b/templates/policy/prefix-list6/node.def new file mode 100644 index 00000000..07796eae --- /dev/null +++ b/templates/policy/prefix-list6/node.def @@ -0,0 +1,8 @@ +tag: +type: txt +help: Set IPv6 prefix-list filter + +syntax:expression: pattern $VAR(@) "^[-a-zA-Z0-9.]+$" ; "prefix-list6 name must be alpha-numeric" + +comp_help: possible completions: + prefix-list list name diff --git a/templates/policy/prefix-list6/node.tag/description/node.def b/templates/policy/prefix-list6/node.tag/description/node.def new file mode 100644 index 00000000..7617ee52 --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/description/node.def @@ -0,0 +1,3 @@ +type: txt +help: Set a description for this prefix-list6 + diff --git a/templates/policy/prefix-list6/node.tag/rule/node.def b/templates/policy/prefix-list6/node.tag/rule/node.def new file mode 100644 index 00000000..644f09c1 --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.def @@ -0,0 +1,44 @@ +tag: +type: u32 +help: Set a rule for this prefix-list6 + +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535" + +commit:expression: $VAR(./prefix/) != ""; "policy prefix-list6 $VAR(../@) rule $VAR(@): You must specify a prefix" + +commit:expression: $VAR(./action/) != ""; "policy prefix-list6 $VAR(../@) rule $VAR(@): You must specify an action" + +delete: len=`echo $VAR(@) | awk -F/ '{ print $2 }'` ; + if [ -n "$VAR(./ge/@)" ]; then + cond="ge $VAR(./ge/@) "; + fi; + if [ -n "$VAR(./le/@)" ]; then + cond="$cond le $VAR(./le/@) "; + fi; + vyatta-vtysh -c "configure terminal" \ + -c "no ipv6 prefix-list $VAR(../@) seq $VAR(@) $VAR(./action/@) $VAR(./prefix/@) $cond " + +end: len=`echo $VAR(./prefix/@) | awk -F/ '{ print $2 }'` ; + if [ -n "$VAR(./ge/@)" ]; then + if [ $len -ge $VAR(./ge/@) ]; then + echo "policy prefix-list $VAR(../@) rule $VAR(@): ge must be greater than prefix length"; + exit 1 ; + fi ; + cond="ge $VAR(./ge/@) "; + fi; + if [ -n "$VAR(./le/@)" ]; then + if [ $VAR(./le/@) -ne 128 ] && [ -n "$VAR(./ge/@)" ] && [ $VAR(./le/@) -le $VAR(./ge/@) ]; then + echo "policy prefix-list $VAR(../@) rule $VAR(@): le must be greater than or equal to ge"; + exit 1 ; + fi ; + cond="$cond le $VAR(./le/@) "; + fi; + + if [ ${COMMIT_ACTION} = 'SET' ]; then + vyatta-vtysh -c "configure terminal" \ + -c "ipv6 prefix-list $VAR(../@) seq $VAR(@) $VAR(./action/@) $VAR(./prefix/@) $cond " ; + fi; + exit 0 ; + +comp_help: possible completions: + <1-65535> prefix-list rule number \ No newline at end of file diff --git a/templates/policy/prefix-list6/node.tag/rule/node.tag/action/node.def b/templates/policy/prefix-list6/node.tag/rule/node.tag/action/node.def new file mode 100644 index 00000000..479c8100 --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.tag/action/node.def @@ -0,0 +1,8 @@ +type: txt +help: Set action to take on prefixes matching this rule + +syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny" + +comp_help: possible completions: + permit permit matching prefixes + deny deny matching prefixes diff --git a/templates/policy/prefix-list6/node.tag/rule/node.tag/description/node.def b/templates/policy/prefix-list6/node.tag/rule/node.tag/description/node.def new file mode 100644 index 00000000..8b6dc54a --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Set a description for this rule diff --git a/templates/policy/prefix-list6/node.tag/rule/node.tag/ge/node.def b/templates/policy/prefix-list6/node.tag/rule/node.tag/ge/node.def new file mode 100644 index 00000000..729089a3 --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.tag/ge/node.def @@ -0,0 +1,7 @@ +type: u32 +help: Set prefix length to match a netmask greater than or equal to it + +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 128; "ge must be between 0 and 128" + +comp_help: possible completions: + <0-128> netmask greater than length diff --git a/templates/policy/prefix-list6/node.tag/rule/node.tag/le/node.def b/templates/policy/prefix-list6/node.tag/rule/node.tag/le/node.def new file mode 100644 index 00000000..1bb344b9 --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.tag/le/node.def @@ -0,0 +1,7 @@ +type: u32 +help: Set prefix length to match a netmask less than or equal to it + +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 128; "le must be between 0 and 128" + +comp_help: possible completions: + <0-128> netmask less than length diff --git a/templates/policy/prefix-list6/node.tag/rule/node.tag/prefix/node.def b/templates/policy/prefix-list6/node.tag/rule/node.tag/prefix/node.def new file mode 100644 index 00000000..ff9875dc --- /dev/null +++ b/templates/policy/prefix-list6/node.tag/rule/node.tag/prefix/node.def @@ -0,0 +1,5 @@ +type: ipv6net +help: Set a prefix to match + +comp_help: possible completions: + Set the IPv6 prefix diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def new file mode 100644 index 00000000..2cb8ca32 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def @@ -0,0 +1,22 @@ +type: u32 +help: Set an IP access-list to match + +commit:expression: $VAR(../prefix-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ip address access-list: you may only specify a prefix-list or access-list" + +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 address access-list: access-list $VAR(@) does not exist" + +commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action" + +update: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "match ipv6 address $VAR(@) " + +delete: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "no match ipv6 address $VAR(@) " + +comp_help: possible completions: + <1-99> IP standard access list number + <100-199> IP extended access list number + <1300-1999> IP standard access list number (expanded range) + <2000-2699> IP extended access list number (expanded range) \ No newline at end of file diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/node.def new file mode 100644 index 00000000..0b32b653 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/node.def @@ -0,0 +1 @@ +help: Set IPv6 address of route to match diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/prefix-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/prefix-list/node.def new file mode 100644 index 00000000..5b544c6f --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/prefix-list/node.def @@ -0,0 +1,19 @@ +type: txt +help: Set an IPv6 prefix-list to match + +commit:expression: $VAR(../access-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 address prefix-list: you may only specify a prefix-list or access-list" + +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list6 $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 address prefix-list: prefix-list6 $VAR(@) does not exist" + +commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action" + +update: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "match ipv6 address prefix-list $VAR(@)" + +delete: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "no match ipv6 address prefix-list $VAR(@)" + +comp_help: possible completions: + prefix-list6 name diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def new file mode 100644 index 00000000..03b8c244 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def @@ -0,0 +1,22 @@ +type: u32 +help: Set an IP access-list to match + +commit:expression: $VAR(../prefix-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop access-list: you may only specify a prefix-list or access-list" + +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop access-list: access-list $VAR(@) does not exist" + +commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action" + +update: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "match ipv6 next-hop $VAR(@)" + +delete: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "no match ipv6 next-hop $VAR(@)" + +comp_help: possible completions: + <1-99> IP standard access list number + <100-199> IP extended access list number + <1300-1999> IP standard access list number (expanded range) + <2000-2699> IP extended access list number (expanded range) diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/node.def new file mode 100644 index 00000000..aeba3cb4 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/node.def @@ -0,0 +1 @@ +help: Set IP next-hop of route to match diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/prefix-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/prefix-list/node.def new file mode 100644 index 00000000..d5b68037 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/prefix-list/node.def @@ -0,0 +1,19 @@ +type: txt +help: Set an IPv6 prefix-list to match + +commit:expression: $VAR(../access-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop prefix-list: you can only specify a prefix-list or access-list" + +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop prefix-list: prefix-list $VAR(@) does not exist" + +commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action" + +update: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "match ipv6 next-hop prefix-list $VAR(@)" + +delete: vyatta-vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../../../@) $VAR(../../../../action/@) $VAR(../../../../@)" \ + -c "no match ipv6 next-hop prefix-list $VAR(@)" + +comp_help: possible completions: + prefix-list6 name diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/node.def new file mode 100644 index 00000000..2281146d --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/node.def @@ -0,0 +1 @@ +help: Set IPv6 prefix parameters to match -- cgit v1.2.3