[Xorp-hackers] AW: [Xorp-users] Does xorp latest CVS have some problem with the export command?

Patrick Marc Preuss deathdealer@gmx.net
Sat, 05 Nov 2005 03:03:30 +0100 

Kristian Larsson wrote:

>On Fri, Nov 04, 2005 at 04:35:13PM +0100, Patrick Marc Preuss wrote:
>  
>
>>>I still think it's dangerous.
>>>What if you just wanna try out a new version, you
>>>find out it sucks. You switch back. But the new
>>>xorp has rearranged your configuration file so now
>>>the old version won't accept it.
>>>Warning is enough ;)
>>>      
>>>
>>Oh, well what i meant was no to save the config automaticly, 
>>only the running config should be affected. and if you have as 
>>system like Juniper where you have up to 50 Versions it might also 
>>be possible to go back.
>>
>>Normaly you wouldn't jump from: 10.1 -> 12.4 on all routers you would check
>>this with some routers nearby. Normaly you would go from 12.4.1 -> 12.4.1a
>>or 12.4.3 some minor steps where such big changes normaly would not made. 
>>
>>This is a thing how the lifecycle of the versions is. 
>>    
>>
>Still, I don't see why stuff should change
>automagically?
>You test the new software on one system, you'll
>notice ospf4 has changed name to ospf, you change
>your configs and voila it works ;)
>
>Perhaps this should be an option in that
>alternative configuraion we've discussed (you know
>the one with a second config file or compile time
>options).
>  
>
Yes seams to be a good idea ;-)

>>>>>I don't really understand what you mean with the
>>>>>AAA system?
>>>>>          
>>>>>
>>>>aaa stands usualy for autentication, authorisation and accounting. 
>>>>With this you can say user a can do all things on the router, user b can
>>>>        
>>>>
>>>not
>>>      
>>>
>>>>or can only edit interface config or can change the state of interfaces
>>>>        
>>>>
>>>but
>>>      
>>>
>>>>is not allowed to edit routing processes. You can use this subsystem for
>>>>Dial-In, ipsec and so on.
>>>>        
>>>>
>>>I am aware of what it is. I've setup a numerous
>>>TACACS solutions ;)
>>>What I don't understand is how this automagic
>>>check of configuration files will affect AAA?
>>>      
>>>
>>From my point of view the same function in the code can check if the command
>>is valid for the actual system and for the user who whants to do this.
>>    
>>
>Aha!
>Although it is a good idea I don't beleive that
>these functions would share very much code-wise.
>Though I'm probably wrong ;)
>  
>
I have tought of a routine witch simply might look like, but if have not 
found the time to dig into the code yet ;-( :

void check_fup  (cfgvars, etc. ) {
    if ( cfgvars == "regex_rewrite_var") {
          do_rewrite(vars);
          return;
    }
    if ( cfgvars != "regex_valid_cmds_user") {
        print_err ("This is not valid for user pmp");
   }
} 

Patrick