[rancid] xrrancid destroys ipv[46] ACLs

Josh Ward jward at nero.net
Thu Jan 19 21:30:22 UTC 2012


Hey Erik,

I just subscribed to the list here.  I already fixed the problem in xrrancid
where it clobbers ACLs.  I haven't tested it with v6 yet but I know that it works
for ipv4 ACLs.

My patch also adds an option in rancid.conf that looks for an option 
STRIPACLSEQ=yes or no.  If this is set to yes it will remove the ACL sequence 
numbers on IOS XR.  

I'm still working on the ACL sorting with this.  The way I want it to work is 
to sort the ACLs in blocks based on remarks in the ACL if they present.  
I don't have that working yet (and would love a hand on that if anyone is 
willing!).  I'll post another patch when I have that working.

-Josh

Here is a patch to rancid 2.3.6 that will fix what you were seeing.

diff --git a/bin/xrrancid.in b/bin/xrrancid.in
index 8481828..031e014 100644
--- a/bin/xrrancid.in
+++ b/bin/xrrancid.in
@@ -67,6 +67,7 @@ my($aclsort) = ("ipsort");            # ACL sorting mode
 my($config_register);                  # configuration register value
 my($filter_commstr);                   # SNMP community string filtering
 my($filter_pwds);                      # password filtering mode
+my ($aclstripseq);          # Strip ACL sequence numbers
 
 # This routine is used to print out the router configuration
 sub ProcessHistory {
@@ -1026,11 +1027,21 @@ sub WriteTerm {
            while (<INPUT>) {
                tr/\015//d;
                last if (/^$prompt/ || /^\S/);
-           if (/^\s+(\d+) (permit|deny) /) {
-               ProcessHistory("ACL $nlri $key","keysort","$2"," $2 $'");
-           } else  {
-               ProcessHistory("ACL $nlri $key","keysort","$key","$_");
-           }
+        if (/^\s+(\d+) (permit|deny)/ || /^\s(\d+) (remark.*)$/) {
+            if ($aclstripseq == 0) {
+                ProcessHistory("ACL $1 $nlri $key","$aclsort","$2"," $1 $2 $'")
+            }
+            if ($aclstripseq == 1) {
+                ProcessHistory("ACL $nlri $key","$aclsort","$2"," $2 $'");
+            }
+        } else  {
+            if ($aclstripseq == 0) {
+                ProcessHistory("ACL $1 $nlri $key","$aclsort","$key","$1 $_");
+            }
+            if ($aclstripseq == 1) {
+                ProcessHistory("ACL $nlri $key","$aclsort","$key"," $_");
+            }
+        }
            }
        }
        # order arp lists
@@ -1245,6 +1256,17 @@ if ($file) {
 if ($ENV{"ACLSORT"} =~ /no/i) {
     $aclsort = "";
 }
+# determine if we want to strip ACL sequence numbers
+if ($ENV{"ACLSTRIPSEQ"} =~ /yes/i) {
+    $aclstripseq = 1;
+}
+else {
+    # If you are not stripping ACL sequence numbers
+    #  you cannot sort ACLs
+    $aclstripseq = 0;
+    $aclsort = "";
+}
+
 # determine community string filtering mode
 if (defined($ENV{"NOCOMMSTR"}) &&
     ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) {


More information about the Rancid-discuss mailing list