[rancid] xrrancid destroys ipv[46] ACLs
Josh Ward
jward at nero.net
Thu Jan 19 21:30:22 UTC 2012
Hey Erik,
I just subscribed to the list here. I already fixed the problem in xrrancid
where it clobbers ACLs. I haven't tested it with v6 yet but I know that it works
for ipv4 ACLs.
My patch also adds an option in rancid.conf that looks for an option
STRIPACLSEQ=yes or no. If this is set to yes it will remove the ACL sequence
numbers on IOS XR.
I'm still working on the ACL sorting with this. The way I want it to work is
to sort the ACLs in blocks based on remarks in the ACL if they present.
I don't have that working yet (and would love a hand on that if anyone is
willing!). I'll post another patch when I have that working.
-Josh
Here is a patch to rancid 2.3.6 that will fix what you were seeing.
diff --git a/bin/xrrancid.in b/bin/xrrancid.in
index 8481828..031e014 100644
--- a/bin/xrrancid.in
+++ b/bin/xrrancid.in
@@ -67,6 +67,7 @@ my($aclsort) = ("ipsort"); # ACL sorting mode
my($config_register); # configuration register value
my($filter_commstr); # SNMP community string filtering
my($filter_pwds); # password filtering mode
+my ($aclstripseq); # Strip ACL sequence numbers
# This routine is used to print out the router configuration
sub ProcessHistory {
@@ -1026,11 +1027,21 @@ sub WriteTerm {
while (<INPUT>) {
tr/\015//d;
last if (/^$prompt/ || /^\S/);
- if (/^\s+(\d+) (permit|deny) /) {
- ProcessHistory("ACL $nlri $key","keysort","$2"," $2 $'");
- } else {
- ProcessHistory("ACL $nlri $key","keysort","$key","$_");
- }
+ if (/^\s+(\d+) (permit|deny)/ || /^\s(\d+) (remark.*)$/) {
+ if ($aclstripseq == 0) {
+ ProcessHistory("ACL $1 $nlri $key","$aclsort","$2"," $1 $2 $'")
+ }
+ if ($aclstripseq == 1) {
+ ProcessHistory("ACL $nlri $key","$aclsort","$2"," $2 $'");
+ }
+ } else {
+ if ($aclstripseq == 0) {
+ ProcessHistory("ACL $1 $nlri $key","$aclsort","$key","$1 $_");
+ }
+ if ($aclstripseq == 1) {
+ ProcessHistory("ACL $nlri $key","$aclsort","$key"," $_");
+ }
+ }
}
}
# order arp lists
@@ -1245,6 +1256,17 @@ if ($file) {
if ($ENV{"ACLSORT"} =~ /no/i) {
$aclsort = "";
}
+# determine if we want to strip ACL sequence numbers
+if ($ENV{"ACLSTRIPSEQ"} =~ /yes/i) {
+ $aclstripseq = 1;
+}
+else {
+ # If you are not stripping ACL sequence numbers
+ # you cannot sort ACLs
+ $aclstripseq = 0;
+ $aclsort = "";
+}
+
# determine community string filtering mode
if (defined($ENV{"NOCOMMSTR"}) &&
($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) {
More information about the Rancid-discuss
mailing list