[quagga-dev 4419] Re: Problem using undefined access-list in distrbute lists

Paul Jakma paul at clubi.ie
Thu Sep 28 16:23:54 BST 2006

Hi Alain,

On Thu, 28 Sep 2006, Alain Ritoux wrote:

> Within ABR context, if an acces-list is used but not defined, then the result
> is somehow PERMIT. The same behaviour can be seen with distribute-lists as 
> well.
> But if take a look at route-map management, this is the opposite behaviour,
> i.e. when an acces-list is used in a a test, but not defined, the result is
> I think the second behaviour is better.

Is this a bug or an intentional compatibility behaviour though?

> Here after the suggested modifs, relying on the fact that 
> access_list_apply() result is FILTER_DENY when the access-list ptr 
> is NULL


> This will change behaviour for what I think is a mis-configured thing, but
> in my opinion it will be safer.

It sounds like unintentional behaviour alright. But I'm not sure.

> Your opinions ?
> Note: From a first view, the same kind of pb exists in ripd (but needs
> more modifs, as ri->list should be keep the ACL name to be able
> to differantiat no acl used from no acl found), and maube others ...

Yeah, very likely. We have a class problem here, as well as in how 
delete/update of lists is managed, see, e.g.:


Which suggests the interfaces to these needs improving.

Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Live Free or Live in Massachusettes.

More information about the Quagga-dev mailing list