Skip to content

Commit

Permalink
Cisco: Change ip protocol to be ipv4 not ip if using object-groups in…
Browse files Browse the repository at this point in the history 
… the cisco generator.

CiscoXR started supporting only:
  permit ipv4 ....

no longer do they supoprt:
  permit ip ....

past version 7.5 (probably? data on when this stopped working is murky.)

PiperOrigin-RevId: 584962959
  • Loading branch information
Capirca Team committed Nov 24, 2023
1 parent b694390 commit be62241
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
7 changes: 6 additions & 1 deletion capirca/lib/cisco.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -832,7 +832,12 @@ def __str__(self):

# protocol
if not self.term.protocol:
protocol = ['ip']
if self.af == 6:
protocol = ['ipv6']
elif self.platform == 'ciscoxr':
protocol = ['ipv4']
else:
protocol = ['ip']

else:
protocol = [proto if proto in self.ALLOWED_PROTO_STRINGS
Expand Down
6 changes: 6 additions & 0 deletions tests/lib/ciscoxr_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,12 @@ def testVerbatimObjectGroup(self):
acl = ciscoxr.CiscoXR(pol, EXP_INFO)
self.assertIn('permit tcp any', str(acl))

def testObjectGroup(self):
self.naming.GetNetAddr.return_value = [nacaddr.IP('10.1.1.1/32')]
pol = policy.ParsePolicy(OBJECT_GROUP_HEADER + GOOD_TERM_4, self.naming)
acl = ciscoxr.CiscoXR(pol, EXP_INFO)
self.assertIn('permit ipv4 any', str(acl))


if __name__ == '__main__':
absltest.main()

0 comments on commit be62241

Please sign in to comment.