[rancid] Re: 2.3.2.a5: Make ACL sorting configurable
john heasley
heas at shrubbery.net
Tue Sep 26 04:55:08 UTC 2006
Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc:
> Hello,
>
> the attached patch makes the ACL sorting configurable. Default is to
> still sort the ACLs but this rancid "feature" can now be disabled
> easily. The patch implements this only for "cisco" type devices as this
> is what i cared most for now.
>
> Copyright and license is whatever it is needed to make this patch go in
> into the main rancid package.
I do not see what is wrong with the sorting? David LaPorte pointed out that
if the order of statements on the router changed, he would not receive the
diffs, but the order should not matter and the end result be same. The
sorting should only affect lines with the same name (ACL name or number) and
action (permit/deny/remark).
So, is this just distaste or am I being dense and missing the problem? An
example of the problem, please.
> --- ./bin/rancid.in.aclsort 2006-08-12 04:34:22.000000000 +0200
> +++ ./bin/rancid.in 2006-09-13 20:40:36.000000000 +0200
> @@ -35,6 +35,7 @@
> $found_env = 0;
> $found_diag = 0;
> $timeo = 90; # clogin timeout in seconds
> +$aclsort = "ipsort";
>
> my(@commandtable, %commands, @commands);# command lists
> my(%filter_pwds); # password filtering mode
> @@ -1593,14 +1594,14 @@
> s/\$(Revision|Id):/ $1:/;
> # order access-lists
> /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ &&
> - ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next;
> + ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next;
> # order extended access-lists
> /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ &&
> - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next;
> + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next;
> /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ &&
> - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next;
> + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next;
> /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ &&
> - ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next;
> + ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next;
> # order arp lists
> /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ &&
> ProcessHistory("ARP","ipsort","$1","$_") && next;
> @@ -1819,6 +1820,11 @@
> $filter_pwds = 1;
> }
>
> +# check ACL sorting mode
> +if (defined($ENV{"ACLSORT"}) && $ENV{"ACLSORT"} =~ /no/i) {
> + $aclsort = "";
> +}
> +
> ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco\n!\n");
> ProcessHistory("COMMENTS","keysort","B0","!\n");
> ProcessHistory("COMMENTS","keysort","D0","!\n");
> --- ./etc/rancid.conf.sample.in.aclsort 2005-08-15 02:42:50.000000000 +0200
> +++ ./etc/rancid.conf.sample.in 2006-09-13 20:47:08.000000000 +0200
> @@ -41,6 +41,9 @@
> # if NOCOMMSTR is set, snmp community strings will be stripped from the configs
> #NOCOMMSTR=YES; export NOCOMMSTR
> #
> +# Set ACLSORT to NO to disable the sorting of the ACLs.
> +#ACLSORT=YES
> +#
> # How many times failed collections are retried (for each run) before
> # giving up. Minimum: 1
> #MAX_ROUNDS=4; export MAX_ROUNDS
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list