diff --git a/capirca/lib/juniper.py b/capirca/lib/juniper.py index c1c29913..9a87d27d 100644 --- a/capirca/lib/juniper.py +++ b/capirca/lib/juniper.py @@ -269,9 +269,14 @@ def __str__(self): else: from_str.append('%s;' % opt) - # term name - config.Append('term %s {' % self.term.name) + # if the term is inactive we have to set the prefix + if self.term.inactive: + term_prefix = 'inactive:' + else: + term_prefix = '' + # term name + config.Append('%s term %s {' %(term_prefix, self.term.name)) # a default action term doesn't have any from { clause has_match_criteria = (self.term.address or self.term.dscp_except or @@ -845,7 +850,8 @@ def _BuildTokens(self): '.*', # make ArbitraryOptions work, yolo. 'sample', 'tcp-established', - 'tcp-initial'} + 'tcp-initial', + 'inactive'} }) return supported_tokens, supported_sub_tokens @@ -867,6 +873,7 @@ def _TranslatePolicy(self, pol, exp_info): enable_dsmo = 'enable_dsmo' in filter_options[1:] noverbose = 'noverbose' in filter_options[1:] + if not interface_specific: filter_options.remove('not-interface-specific') if enable_dsmo: @@ -880,7 +887,14 @@ def _TranslatePolicy(self, pol, exp_info): term_names = set() new_terms = [] for term in terms: + + # if the inactive option is set, we should deactivate the term and remove the option + if 'inactive' in term.option: + term.inactive = True + term.option.remove('inactive') + term.name = self.FixTermLength(term.name) + if term.name in term_names: raise JuniperDuplicateTermError('You have multiple terms named: %s' % term.name) diff --git a/capirca/lib/policy.py b/capirca/lib/policy.py index 80b39df1..9db3a3f1 100644 --- a/capirca/lib/policy.py +++ b/capirca/lib/policy.py @@ -456,6 +456,7 @@ def __init__(self, obj): self.flexible_match_range = [] self.source_prefix_except = [] self.destination_prefix_except = [] + self.inactive = False # srx specific self.vpn = None # gce specific diff --git a/tests/lib/juniper_test.py b/tests/lib/juniper_test.py index 4199636a..35b7a2cb 100644 --- a/tests/lib/juniper_test.py +++ b/tests/lib/juniper_test.py @@ -375,6 +375,15 @@ action:: accept } """ +GOOD_TERM_36 = """ +term good-term-36 { + protocol:: tcp + destination-address:: SOME_HOST + destination-address:: SOME_HOST + option:: inactive + action:: accept +} +""" GOOD_TERM_COMMENT = """ term good-term-comment { comment:: "This is a COMMENT" @@ -606,6 +615,7 @@ }, 'option': {'established', 'first-fragment', + 'inactive', 'is-fragment', '.*', # not actually a lex token! 'sample', @@ -719,6 +729,14 @@ def testIcmpCode(self): output = str(jcl) self.failUnless('icmp-code [ 3 4 ];' in output, output) + def testInactiveTerm(self): + self.naming.GetNetAddr.return_value = [nacaddr.IP('10.0.0.0/8')] + jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_36, + self.naming), EXP_INFO) + output = str(jcl) + self.failUnless('inactive: term good-term-36 {' in output, output) + + def testInet6(self): self.naming.GetNetAddr.return_value = [nacaddr.IP('2001::/33')] self.naming.GetServiceByProto.return_value = ['25'] diff --git a/tests/lib/srxlo_test.py b/tests/lib/srxlo_test.py index 96c2f63e..a644d621 100644 --- a/tests/lib/srxlo_test.py +++ b/tests/lib/srxlo_test.py @@ -47,6 +47,13 @@ action:: accept } """ +GOOD_TERM_3 = """ +term good-term-3 { + protocol:: icmpv6 + action:: accept + option:: inactive +} +""" SUPPORTED_TOKENS = { 'action', @@ -146,6 +153,7 @@ }, 'option': {'established', 'first-fragment', + 'inactive', 'is-fragment', '.*', # not actually a lex token! 'sample', @@ -193,6 +201,10 @@ def testBuildWarningTokens(self): self.assertEquals(st, SUPPORTED_TOKENS) self.assertEquals(sst, SUPPORTED_SUB_TOKENS) + def testInactiveTerm(self): + output = str(srxlo.SRXlo(policy.ParsePolicy(GOOD_HEADER_1 + GOOD_TERM_3, + self.naming), EXP_INFO)) + self.failUnless('inactive: term good-term-3 {' in output, output) if __name__ == '__main__': unittest.main()