[quagga-dev 4419] Re: Problem using undefined access-list in distrbute lists

Paul Jakma paul at clubi.ie
Thu Sep 28 16:23:54 BST 2006


Hi Alain,

On Thu, 28 Sep 2006, Alain Ritoux wrote:

> Within ABR context, if an acces-list is used but not defined, then the result
> is somehow PERMIT. The same behaviour can be seen with distribute-lists as 
> well.
>
> But if take a look at route-map management, this is the opposite behaviour,
> i.e. when an acces-list is used in a a test, but not defined, the result is
> NOMATCH.
>
> I think the second behaviour is better.

Is this a bug or an intentional compatibility behaviour though?

> Here after the suggested modifs, relying on the fact that 
> access_list_apply() result is FILTER_DENY when the access-list ptr 
> is NULL

Hmm.

> This will change behaviour for what I think is a mis-configured thing, but
> in my opinion it will be safer.

It sounds like unintentional behaviour alright. But I'm not sure.

> Your opinions ?
>
> Note: From a first view, the same kind of pb exists in ripd (but needs
> more modifs, as ri->list should be keep the ACL name to be able
> to differantiat no acl used from no acl found), and maube others ...

Yeah, very likely. We have a class problem here, as well as in how 
delete/update of lists is managed, see, e.g.:

   http://bugzilla.quagga.net/show_bug.cgi?id=292

Which suggests the interfaces to these needs improving.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
Live Free or Live in Massachusettes.



More information about the Quagga-dev mailing list