Page MenuHomeVyOS Platform
Create Task
Maniphest T3497

Prefix list with rule containing only action is not detected as error during parse
Closed, ResolvedPublicBUG
Actions

Description

prefix-list foo {
    rule 100 {
        action permit
        prefix 10.0.0.0/8
    }
    rule 65000 {
        deny
    }
}

Is a perfectly valid looking structure to anyone used to working with other hierarchical configuration routers (e.g. J).

However, it is not valid in VyOS because rule 65000 results in the following underlying translation to:

commit_configuration: new_config  20 ip prefix-list foo seq 65000 deny

However, instead of detecting this during the parse phase of the commit and reporting the particular rule in question as a problem to the user, it breaks during the apply() phase:

VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your 
  business policy requires it)
- and include all the information presented below

Report Time:      2021-04-24 20:25:03
Image Version:    VyOS 1.4-rolling-202104221210
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Fri 23 Apr 2021 01:17 UTC
Build UUID:       a3f1da87-ba70-496d-b171-557a95990038
Build Commit ID:  f038647e8e8a4e

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Default string
Hardware model:   Default string
Hardware S/N:     Default string
Hardware UUID:    03000200-0400-0500-0006-000700080009

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/policy.py", line 157, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/policy.py", line 129, in apply
    frr_cfg.commit_configuration(bgp_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 455, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 206, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs')
vyos.frr.CommitError: Configuration FRR failed while commiting code, please enabling debugging to examine logs

Providing the user with no actionable information about the nature of his/her configuration error other than to look somewhere within the policy stanza and to "enable debugging".

Suggested resolutions:

  • Detect this error during the parse phase and report that a prefix-list rule without a prefix is not valid. (This alone resolves the bug)
  • Correct the "please enabling[sic] debugging" message to "please enable debugging"

Below are more "feature request", but related.

Add the following to the end of the traceback message above:

  • "To enable debugging: 1. touch /tmp/vyos.frr.debug and 2. sudo systemctl stop vyos-configd"
  • "To resume normal (non-debugging) operations: 1. sudo systemctl start vos-configd and 2. rm /tmp/vyos.frr.debug"

Details

Version
VyOS 1.4-rolling-202104221210
Is it a breaking change?
Perfectly compatible

Related Objects
Search...

Event Timeline

owen created this task.Apr 24 2021, 8:44 PM
c-po subscribed.Apr 25 2021, 7:48 AM

How were you be able to set this on the CLI?

cpo@LR1.wue3# set policy prefix-list foo rule 65000 deny

  Configuration path: policy prefix-list foo rule 65000 [deny] is not valid
  Set failed
c-po changed the task status from Open to In progress.EditedApr 25 2021, 3:49 PM
c-po claimed this task.
c-po triaged this task as Normal priority.

Turns out the example config has a typo. Issue is reproducible by:

set policy prefix-list foo rule 100 action permit
commit
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/policy.py", line 218, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/policy.py", line 190, in apply
    frr_cfg.commit_configuration(bgp_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 455, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 206, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs')
vyos.frr.CommitError: Configuration FRR failed while commiting code, please enabling debugging to examine logs
frr-reload output:   2 2021-04-25 17:50:53,553   ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4:
frr-reload output:   3 b'line 16: % Command incomplete: ip prefix-list foo seq 100 permit   \n\n'
c-po mentioned this in rVYOSONEX9b44fb16ee2a: policy: T3497: add verify() that prefix-lists must carry a defined prefix.Apr 25 2021, 4:32 PM
c-po closed this task as Resolved.Apr 25 2021, 4:33 PM
c-po added a parent task: T2425: Rewrite all policy zebra filters to XML/Python style.
c-po moved this task from Open to Finished on the VyOS 1.4 Sagitta board.May 24 2021, 7:38 PM