[Xorp-hackers] show commands

Pavlin Radoslavov pavlin@icir.org
Sun, 16 Oct 2005 14:20:16 -0700 

> Is there a way to combine the "hardcoded" commands
> withing cli.cc with the template files?

If there is a way, it will probably require a major rewrite of the
rtrmgr/xorpsh.

> I would like to have a "show configuration"
> command available from the operational mode, but
> as it is right now it seems I must write a
> separate program and call it with a few lines in a
> template file, right?
> It would be much easier if one could just call
> show_func...

I would argue that the users shouldn't be allowed to see the running
configuration when they are in operational mode. Think of the
security implications it may have if, say, the running configuration
contains sensitive information (e.g., passwords).
Remember that sometimes you may want to give "visitors" access to
your router so people can run operational commands only, but you
don't want to allow them to mess with your configuration (or even
look at it).

> Another thing on my mind; I know this has been
> brought up before, I even think there is a
> BugZilla entry for it, but shouldn't show commands
> be available all the time?
> If you start rtrmgr with a clean configuration
> there are almost no show commands at all. This
> confused me and I know it has others as well. If
> the "%module bgp" line is removed, the bgp
> commands appear and if run when bgp isn't started
> you simply get a "No BGP exists" which IMHO is
> much better than not seing the show command at
> all.
> 
> Other opinions?

Why a command should be in the tree if it cannot do anything?
This is a feature that was explicitly added to XORP, and my personal
preference is to keep it.

Simply removing the "%module foo" line is not the right thing
because without that line the external command will be executed
anyway, and the result may be unpredictable.

If many other users also prefer to always have all commands in the
tree and to see the "No foo exists" message, then ideally this
feature should be configurable. Unfortunately, we don't have a
mechanism (yet) to configure things like this.

Pavlin