From ad2d90dce1bbad84e3c3f7cbdba3ee0c36051e8d Mon Sep 17 00:00:00 2001 From: Andrew Topp Date: Wed, 26 Feb 2025 22:16:03 +1000 Subject: [PATCH 1/2] policy: T7116: remove completions & constraints for unsupported community "internet" --- .../include/policy/community-value-list.xml.i | 7 +------ interface-definitions/policy.xml.in | 6 +----- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/interface-definitions/include/policy/community-value-list.xml.i b/interface-definitions/include/policy/community-value-list.xml.i index 8c665c5f03..b1499440a4 100644 --- a/interface-definitions/include/policy/community-value-list.xml.i +++ b/interface-definitions/include/policy/community-value-list.xml.i @@ -4,7 +4,6 @@ local-as no-advertise no-export - internet graceful-shutdown accept-own route-filter-translated-v4 @@ -34,10 +33,6 @@ no-export Well-known communities value NO_EXPORT 0xFFFFFF01 - - internet - Well-known communities value 0 - graceful-shutdown Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000 @@ -84,7 +79,7 @@ - local-as|no-advertise|no-export|internet|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer + local-as|no-advertise|no-export|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index cbab6173f6..fde121f72e 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -202,7 +202,7 @@ Regular expression to match against a community-list - local-AS no-advertise no-export internet graceful-shutdown accept-own-nexthop accept-own route-filter-translated-v4 route-filter-v4 route-filter-translated-v6 route-filter-v6 llgr-stale no-llgr blackhole no-peer additive + local-AS no-advertise no-export graceful-shutdown accept-own-nexthop accept-own route-filter-translated-v4 route-filter-v4 route-filter-translated-v6 route-filter-v6 llgr-stale no-llgr blackhole no-peer additive <aa:nn> @@ -220,10 +220,6 @@ no-export Well-known communities value NO_EXPORT 0xFFFFFF01 - - internet - Well-known communities value 0 - graceful-shutdown Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000 From ab9213910aef95161d365e046d13cdf1b79738d9 Mon Sep 17 00:00:00 2001 From: Andrew Topp Date: Wed, 26 Feb 2025 22:20:41 +1000 Subject: [PATCH 2/2] policy: T7116: migrate legacy use of "internet" as a well-known community name This has been split into a separate commit in case this is overkill for the fix. 1.2 and 1.3 installs predate the change to FRR that removed support, but "internet" is already broken on 1.4. --- .../include/version/policy-version.xml.i | 2 +- src/migration-scripts/policy/8-to-9 | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 src/migration-scripts/policy/8-to-9 diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index db727fea98..5c53a40321 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ - + diff --git a/src/migration-scripts/policy/8-to-9 b/src/migration-scripts/policy/8-to-9 new file mode 100644 index 0000000000..355e48e00d --- /dev/null +++ b/src/migration-scripts/policy/8-to-9 @@ -0,0 +1,49 @@ +# Copyright (C) 2025 VyOS maintainers and contributors +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see . + +# T7116: Remove unsupported "internet" community following FRR removal +# From + # set policy route-map rule set community [add | replace] internet + # set policy community-list rule regex internet +# To + # set policy route-map rule set community [add | replace] 0:0 + # set policy community-list rule regex _0:0_ + +# NOTE: In FRR expanded community-lists, without the '_' delimiters, a regex of +# "0:0" will match "65000:0" as well as "0:0". This doesn't line up with what +# we want when replacing "internet". + +from vyos.configtree import ConfigTree + +rm_base = ['policy', 'route-map'] +cl_base = ['policy', 'community-list'] + +def migrate(config: ConfigTree) -> None: + if config.exists(rm_base): + for policy_name in config.list_nodes(rm_base): + for rule_ord in config.list_nodes(rm_base + [policy_name, 'rule'], path_must_exist=False): + tmp_path = rm_base + [policy_name, 'rule', rule_ord, 'set', 'community'] + if config.exists(tmp_path + ['add']) and config.return_value(tmp_path + ['add']) == 'internet': + config.set(tmp_path + ['add'], '0:0') + if config.exists(tmp_path + ['replace']) and config.return_value(tmp_path + ['replace']) == 'internet': + config.set(tmp_path + ['replace'], '0:0') + + if config.exists(cl_base): + for policy_name in config.list_nodes(cl_base): + for rule_ord in config.list_nodes(cl_base + [policy_name, 'rule'], path_must_exist=False): + tmp_path = cl_base + [policy_name, 'rule', rule_ord, 'regex'] + if config.exists(tmp_path) and config.return_value(tmp_path) == 'internet': + config.set(tmp_path, '_0:0_') +