summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNataliia Solomko <natalirs1985@gmail.com>2024-09-11 12:22:25 +0300
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-09-12 19:14:29 +0000
commit6f657367e6ac5aeac0d71d75ba5e67f2d977412b (patch)
treef72a85dd053144b6ddabe176469fc42f3c447d5e
parent205d957d092ade5708cc2182381864c04e4c0aff (diff)
downloadvyos-1x-6f657367e6ac5aeac0d71d75ba5e67f2d977412b.tar.gz
vyos-1x-6f657367e6ac5aeac0d71d75ba5e67f2d977412b.zip
policy: T6676: Invalid route-map caused bgpd to crashmergify/bp/circinus/pr-4047
(cherry picked from commit 595f35bbdda732883ce0b8b0721061bb3a40a715)
-rwxr-xr-xsrc/conf_mode/policy.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py
index 4df893ebf..a5963e72c 100755
--- a/src/conf_mode/policy.py
+++ b/src/conf_mode/policy.py
@@ -167,10 +167,10 @@ def verify(policy):
continue
for rule, rule_config in route_map_config['rule'].items():
- # Action 'deny' cannot be used with "continue"
- # FRR does not validate it T4827
- if rule_config['action'] == 'deny' and 'continue' in rule_config:
- raise ConfigError(f'rule {rule} "continue" cannot be used with action deny!')
+ # Action 'deny' cannot be used with "continue" or "on-match"
+ # FRR does not validate it T4827, T6676
+ if rule_config['action'] == 'deny' and ('continue' in rule_config or 'on_match' in rule_config):
+ raise ConfigError(f'rule {rule} "continue" or "on-match" cannot be used with action deny!')
# Specified community-list must exist
tmp = dict_search('match.community.community_list',