Remove of policy route throws CLI error
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	c-po
	Feb 10 2019, 2:57 PM

Description

With the following configuration:

[email protected]# show policy route
 route pppoe-out {
     description "PPPoE TCPMSS clamping"
     enable-default-log
     rule 100 {
         protocol tcp
         set {
             tcp-mss 1448
         }
         tcp {
             flags SYN
         }
     }
 }

[email protected]# show interfaces ethernet eth1 pppoe 0 policy
 route pppoe-out

[email protected]# delete policy route
[edit]

[email protected]# commit
[ policy route pppoe-out ]
rm: cannot remove ‘/var/run/vyatta_policy_ref’: No such file or directory

Details

Difficulty level: Easy (less than an hour)
Version: VyOS 1.2.0-EPA3
Why the issue appeared?: Implementation mistake
Is it a breaking change?: Perfectly compatible
Issue type: Unspecified (please specify)

Related Objects

Mentioned In: T2301: Cannot delete PBR

Event Timeline

c-po claimed this task.Feb 10 2019, 2:57 PM

c-po removed c-po as the assignee of this task.

c-po created this task.

c-po updated the task description. (Show Details)Feb 10 2019, 2:59 PM

pasik added a subscriber: pasik.Mar 12 2019, 6:06 PM

/opt/vyatta/sbin/vyatta-firewall.pl contains lines

my $fw_stateful_file = '/var/run/vyatta_fw_stateful';
my $fw_tree_file     = '/var/run/vyatta_fw_trees';
my $policy_ref_file  = '/var/run/vyatta_policy_ref';

After creating policy route. And check files

[email protected]# file /var/run/vyatta_fw_stateful
/var/run/vyatta_fw_stateful: cannot open `/var/run/vyatta_fw_stateful' (No such file or directory)
[edit]
[email protected]# file /var/run/vyatta_policy_ref
/var/run/vyatta_policy_ref: cannot open `/var/run/vyatta_policy_ref' (No such file or directory)
[edit]
[email protected]#

$policy_ref_file figured in sub (add_route_table, remove_route_table, flush_route_table)

No file, nothing to delete

So we can use "key -f" in command rm, line 296

system("rm $refcnt_file"); <== line 296

sub write_refcnt_file {
    my ($refcnt_file, @lines) = @_;

    if (scalar(@lines) > 0) {
        open(my $FILE, '>', $refcnt_file) or die "Error: write $!";
        print $FILE join("\n", @lines), "\n";
        close($FILE);
    } else {
        system("rm -f $refcnt_file");
    }
}

We need to check how safe this option is.

[email protected]# delete policy
[edit]
[email protected]# commit
[email protected]#
[edit]

Could you make a pull request?

@dmbaturin sure, PR https://github.com/vyos/vyatta-cfg-firewall/pull/17

PR https://github.com/vyos/vyatta-cfg-firewall/pull/18

set policy route pppoe-out rule 100 protocol 'tcp'
set policy route pppoe-out rule 100 set tcp-mss '1448'
set policy route pppoe-out rule 100 tcp flags 'SYN'
commit

[email protected]# delete policy 
[edit]
[email protected]# commit
[edit]
[email protected]#

dmbaturin closed this task as Resolved.Jul 29 2020, 10:18 AM

dmbaturin assigned this task to Viacheslav.

dmbaturin added a project: VyOS 1.2 Crux (VyOS 1.2.6).

dmbaturin changed Why the issue appeared? from Will be filled on close to Implementation mistake.

dmbaturin set Is it a breaking change? to Perfectly compatible.

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 3 2020, 3:33 PM

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.6) board.Sep 7 2020, 9:43 PM

Viacheslav mentioned this in T2301: Cannot delete PBR.Sep 14 2020, 2:01 PM

dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.Sep 11 2021, 1:51 AM

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.Sep 19 2021, 10:06 AM

c-po moved this task from Finished to Need Triage on the VyOS 1.3 Equuleus (1.3.0-epa1) board.

dmbaturin removed a project: VyOS 1.3 Equuleus (1.3.0-epa1).Sep 29 2021, 1:38 PM