Page MenuHomePhabricator

Remove of policy route throws CLI error
Open, Requires assessmentPublicBUG

Description

With the following configuration:

cpo@BR1# show policy route
 route pppoe-out {
     description "PPPoE TCPMSS clamping"
     enable-default-log
     rule 100 {
         protocol tcp
         set {
             tcp-mss 1448
         }
         tcp {
             flags SYN
         }
     }
 }

cpo@BR1# show interfaces ethernet eth1 pppoe 0 policy
 route pppoe-out
cpo@BR1# delete policy route
[edit]

cpo@BR1# commit
[ policy route pppoe-out ]
rm: cannot remove ‘/var/run/vyatta_policy_ref’: No such file or directory

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.2.0-EPA3
Why the issue appeared?
Will be filled on close

Event Timeline

c-po claimed this task.Feb 10 2019, 2:57 PM
c-po removed c-po as the assignee of this task.
c-po created this task.
c-po updated the task description. (Show Details)Feb 10 2019, 2:59 PM
pasik added a subscriber: pasik.Mar 12 2019, 6:06 PM
Viacheslav added a subscriber: Viacheslav.EditedMon, Dec 9, 8:02 PM

/opt/vyatta/sbin/vyatta-firewall.pl contains lines

my $fw_stateful_file = '/var/run/vyatta_fw_stateful';
my $fw_tree_file     = '/var/run/vyatta_fw_trees';
my $policy_ref_file  = '/var/run/vyatta_policy_ref';

After creating policy route. And check files

vyos@1.3-roll# file /var/run/vyatta_fw_stateful
/var/run/vyatta_fw_stateful: cannot open `/var/run/vyatta_fw_stateful' (No such file or directory)
[edit]
vyos@1.3-roll# file /var/run/vyatta_policy_ref
/var/run/vyatta_policy_ref: cannot open `/var/run/vyatta_policy_ref' (No such file or directory)
[edit]
vyos@1.3-roll#

$policy_ref_file figured in sub (add_route_table, remove_route_table, flush_route_table)

No file, nothing to delete

So we can use "key -f" in command rm, line 296

system("rm $refcnt_file"); <== line 296

sub write_refcnt_file {
    my ($refcnt_file, @lines) = @_;

    if (scalar(@lines) > 0) {
        open(my $FILE, '>', $refcnt_file) or die "Error: write $!";
        print $FILE join("\n", @lines), "\n";
        close($FILE);
    } else {
        system("rm -f $refcnt_file");
    }
}

We need to check how safe this option is.

vyos@1.3-roll# delete policy
[edit]
vyos@1.3-roll# commit
vyos@1.3-roll#
[edit]