Arista traffic policy uses space-separated ports in match conditions …

…only when named well-known ports are used. However, capirca uses numbers even for well known ports (say 53 for DNS) resulting in commit failures. As per the TP syntax, port number defintions are comma separated. PiperOrigin-RevId: 690683235
google · Oct 28, 2024 · c96ac9a · c96ac9a
1 parent a230c93
commit c96ac9a
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/capirca/lib/arista_tp.py b/capirca/lib/arista_tp.py
@@ -433,11 +433,11 @@ def _processPorts(self, term):
 
     # source port generation
     if term.source_port:
-      port_str += " source port %s" % self._Group(term.source_port)
+      port_str += " source port %s" % self._Group(term.source_port, separator=", ")
 
     # destination port
     if term.destination_port:
-      port_str += (" destination port %s" % self._Group(term.destination_port))
+      port_str += (" destination port %s" % self._Group(term.destination_port, separator=", "))
 
     return port_str
 
@@ -589,13 +589,14 @@ def _processTermOptions(self, term, options):
 
     return flags, misc_options
 
-  def _Group(self, group, lc=True):
+  def _Group(self, group, lc=True, separator=" "):
     """If 1 item return it, else return [item1 item2].
 
     Args:
       group: a list.  could be a list of strings(protocols) or a list of
              tuples(ports)
       lc: return a lower cased result for text.  Default is True.
+      separator: default space for protocols and icmp codes. comma for ports.
 
     Returns:
       string: surrounded by '[' and '];' if len(group) > 1, or with
@@ -627,7 +628,7 @@ def _FormattedGroup(el, lc=True):
         return "%d-%d" % (el[0], el[1])
 
     if len(group) > 1:
-      rval = " ".join([_FormattedGroup(x, lc) for x in group])
+      rval = separator.join([_FormattedGroup(x, lc) for x in group])
     else:
       rval = _FormattedGroup(group[0])
     return rval

diff --git a/tests/lib/arista_tp_test.py b/tests/lib/arista_tp_test.py
@@ -227,6 +227,20 @@
   action:: accept
 }
 """
+GOOD_TERM_36 = """
+term good_term_36 {
+  protocol:: tcp
+  source-port:: SSH DNS HTTP
+  action:: accept
+}
+"""
+GOOD_TERM_37 = """
+term good_term_37 {
+  protocol:: tcp
+  destination-port:: SSH DNS HTTP
+  action:: accept
+}
+"""
 GOOD_TERM_COMMENT = """
 term good-term-comment {
   protocol:: udp
@@ -682,6 +696,18 @@ def testHopLimit(self):
     output = str(atp)
     self.assertIn("ttl 25", output, output)
 
+  def testPortsSrc(self):
+    self.naming.GetServiceByProto.return_value = ['22', '53', '80']
+    ports = arista_tp.AristaTrafficPolicy(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_36, self.naming), EXP_INFO)
+    output = str(ports)
+    self.assertIn("source port 22, 53, 80", output, output)
+
+  def testPortsDst(self):
+    self.naming.GetServiceByProto.return_value = ['22', '53', '80']
+    ports = arista_tp.AristaTrafficPolicy(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_37, self.naming), EXP_INFO)
+    output = str(ports)
+    self.assertIn("destination port 22, 53, 80", output, output)
+
   def testProtocol(self):
     atp = arista_tp.AristaTrafficPolicy(
         policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_5, self.naming), EXP_INFO)