Page MenuHomeVyOS Platform

Prefix list with rule containing only action is not detected as error during parse
Closed, ResolvedPublicBUG

Description

prefix-list foo {
    rule 100 {
        action permit
        prefix 10.0.0.0/8
    }
    rule 65000 {
        deny
    }
}

Is a perfectly valid looking structure to anyone used to working with other hierarchical configuration routers (e.g. J).

However, it is not valid in VyOS because rule 65000 results in the following underlying translation to:

commit_configuration: new_config  20 ip prefix-list foo seq 65000 deny

However, instead of detecting this during the parse phase of the commit and reporting the particular rule in question as a problem to the user, it breaks during the apply() phase:

VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your 
  business policy requires it)
- and include all the information presented below

Report Time:      2021-04-24 20:25:03
Image Version:    VyOS 1.4-rolling-202104221210
Release Train:    sagitta

Built by:         [email protected]
Built on:         Fri 23 Apr 2021 01:17 UTC
Build UUID:       a3f1da87-ba70-496d-b171-557a95990038
Build Commit ID:  f038647e8e8a4e

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Default string
Hardware model:   Default string
Hardware S/N:     Default string
Hardware UUID:    03000200-0400-0500-0006-000700080009

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/policy.py", line 157, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/policy.py", line 129, in apply
    frr_cfg.commit_configuration(bgp_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 455, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 206, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs')
vyos.frr.CommitError: Configuration FRR failed while commiting code, please enabling debugging to examine logs

Providing the user with no actionable information about the nature of his/her configuration error other than to look somewhere within the policy stanza and to "enable debugging".

Suggested resolutions:

  • Detect this error during the parse phase and report that a prefix-list rule without a prefix is not valid. (This alone resolves the bug)
  • Correct the "please enabling[sic] debugging" message to "please enable debugging"

Below are more "feature request", but related.

Add the following to the end of the traceback message above:

  • "To enable debugging: 1. touch /tmp/vyos.frr.debug and 2. sudo systemctl stop vyos-configd"
  • "To resume normal (non-debugging) operations: 1. sudo systemctl start vos-configd and 2. rm /tmp/vyos.frr.debug"

Details

Difficulty level
Normal (likely a few hours)
Version
VyOS 1.4-rolling-202104221210
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

How were you be able to set this on the CLI?

[email protected]# set policy prefix-list foo rule 65000 deny

  Configuration path: policy prefix-list foo rule 65000 [deny] is not valid
  Set failed
c-po changed the task status from Open to In progress.EditedApr 25 2021, 3:49 PM
c-po claimed this task.
c-po triaged this task as Normal priority.

Turns out the example config has a typo. Issue is reproducible by:

set policy prefix-list foo rule 100 action permit
commit
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/policy.py", line 218, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/policy.py", line 190, in apply
    frr_cfg.commit_configuration(bgp_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 455, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 206, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs')
vyos.frr.CommitError: Configuration FRR failed while commiting code, please enabling debugging to examine logs
frr-reload output:   2 2021-04-25 17:50:53,553   ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4:
frr-reload output:   3 b'line 16: % Command incomplete: ip prefix-list foo seq 100 permit   \n\n'