diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-04-07 20:43:39 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-04-07 20:43:39 +0200 |
| commit | 44c67e54ef6ecdf4d7b62e765ccfa4e724c14316 (patch) | |
| tree | 7bdf260ef533c7319882b0f836143f18179b65fb | |
| parent | 440a7a1c965be39ca0b13b4ea5985dd9c95fabef (diff) | |
| download | vyos-1x-44c67e54ef6ecdf4d7b62e765ccfa4e724c14316.tar.gz vyos-1x-44c67e54ef6ecdf4d7b62e765ccfa4e724c14316.zip | |
policy: T4194: simplify prefix-list duplication checks
Commit 5dafe255d ("policy: T4194: Add prefix-list duplication checks") added
first support for FRR prefix-list duplication checks. FRR does not allow to
specify the same profix list rule multiple times.
vyos(config)# ip prefix-list foo seq 10 permit 192.0.2.0/24
vyos(config)# ip prefix-list foo seq 20 permit 192.0.2.0/24
% Configuration failed.
Error type: validation
Error description: duplicated prefix list value: 192.0.2.0/24
There is a VyOS verify() function which simply probed for the prefix, action,
le and ge settings - but as Python has excellent support when comparing data,
this can be as simple as a dictionary comparison using "==".
| -rwxr-xr-x | smoketest/scripts/cli/test_policy.py | 34 | ||||
| -rwxr-xr-x | src/conf_mode/policy.py | 9 |
2 files changed, 38 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index 0acd41903..b232a2241 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -665,6 +665,40 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.assertIn(tmp, config) + def test_prefix_list_duplicates(self): + # FRR does not allow to specify the same profix list rule multiple times + # + # vyos(config)# ip prefix-list foo seq 10 permit 192.0.2.0/24 + # vyos(config)# ip prefix-list foo seq 20 permit 192.0.2.0/24 + # % Configuration failed. + # Error type: validation + # Error description: duplicated prefix list value: 192.0.2.0/24 + + # There is also a VyOS verify() function to test this + + prefix = '100.64.0.0/10' + prefix_list = 'duplicates' + test_range = range(20, 25) + path = base_path + ['prefix-list', prefix_list] + + for rule in test_range: + self.cli_set(path + ['rule', str(rule), 'action', 'permit']) + self.cli_set(path + ['rule', str(rule), 'prefix', prefix]) + + # Duplicate prefixes + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + for rule in test_range: + self.cli_set(path + ['rule', str(rule), 'le', str(rule)]) + + self.cli_commit() + + config = self.getFRRconfig('ip prefix-list', end='') + for rule in test_range: + tmp = f'ip prefix-list {prefix_list} seq {rule} permit {prefix} le {rule}' + self.assertIn(tmp, config) + def test_route_map(self): access_list = '50' as_path_list = '100' diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index 6b1d3bf1a..9d8fcfa36 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -114,10 +114,9 @@ def verify(policy): if 'prefix' not in rule_config: raise ConfigError(f'A prefix {mandatory_error}') - # Check prefix duplicates - if rule_config['prefix'] in entries and ('ge' not in rule_config and 'le' not in rule_config): - raise ConfigError(f'Prefix {rule_config["prefix"]} is duplicated!') - entries.append(rule_config['prefix']) + if rule_config in entries: + raise ConfigError(f'Rule "{rule}" contains a duplicate prefix definition!') + entries.append(rule_config) # route-maps tend to be a bit more complex so they get their own verify() section |