Community discussions

MikroTik App
 
jaydabi
just joined
Topic Author
Posts: 7
Joined: Thu Aug 12, 2021 4:24 pm

Unintuitive behavior of place-before when using system/reset-configuration

Tue Apr 11, 2023 9:57 pm

Hi Folks,

we use RB4011 and RB3011, for which we dynamically generate our configuration. We load new configs by using
/system/reset-configuration no-defaults=yes run-after-reset=some-config-file.conf
The example config-section looks something like below
[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=172.31.255.2/32 table=lte
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.178.27/32 table=uplink
add action=lookup disabled=no dst-address=172.31.255.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.178.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.253.0/24 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.0/24 table=wireguard
[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.230 table=main place-before=0
[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard place-before=0
[...]
Which I expect to produce an (export-)output like
[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.230 table=main
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=172.31.255.2/32 table=lte
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.178.27/32 table=uplink
add action=lookup disabled=no dst-address=172.31.255.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.178.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.253.0/24 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.0/24 table=wireguard
[...]
But actually it outputs
[code][...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.230 table=main
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=172.31.255.2/32 table=lte
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.178.27/32 table=uplink
add action=lookup disabled=no dst-address=172.31.255.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.178.1 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=192.168.253.0/24 src-address=192.168.253.0/24 table=main
add action=lookup disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.0/24 table=wireguard
[...]
The first two lines are what makes me wonder. When I add all the config lines to a "clean" router by hand, I get the expected result. As soon as I use system/reset-configuration , the order changes.

Sure you could mention, "just change the output order in whatever generates your config", but changing that will be pain in the a** and I'd like to avoid that. I guess this "issue" is caused by how the config import with reset-configuration is implemented and it may not be considered a bug at all. But maybe someone has a helpful idea how I can get my expected result without doing too much magic in the config generator.

Thanks in advance.

Best regards
Jay
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Unintuitive behavior of place-before when using system/reset-configuration

Tue Apr 11, 2023 10:57 pm

Does seem like a potential bug. Your approach looks right to me...

One hack I suppose you can try adding is adding "/routing/rule/print" in your config before the line with place-before=0. The print won't show up, but maybe refreshes some cache to know there are rules. e.g. maybe in the context of defconf, it's doesn't know there are rules add yet... Or perhaps some ":delay 2s" also be worth a shot. Kinda thinking it just happen quick in defconf, so it may have fully committed the rules or whatnot when it comes to the place-before=0...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unintuitive behavior of place-before when using system/reset-configuration

Tue Apr 11, 2023 11:58 pm

Any use of numerical id IS WRONG because you do not PRINT and do not read on terminal the number.
Any other use of the number IS WRONG.

Is not a bug, the OS do exactly what the user write...

If on place-before=0 the first line is "[...]=lte",why on the 2nd place-before=0 "0" must be another record?
is not written "place-before=first"...
The number not change if you do not "print" again....
Butt a print is a termial command.
The ID of the line never change, simply are indexed on database, so internally you have after the commands *7,*8,*0,*1,*2,*3,*4,*5,*6
For have everytime the correct place-before on top, you must find everytime, and select the first on the list.
On 1st time is *0, but 2nd time is *7 and *8 is putted first, so at the end you have in the right order *8,*7,*0,*1,*2,*3,*4,*5,*6

example code

[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 src-address=192.168.253.230 table=main place-before=([find]->0)
[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard place-before=([find]->0)
[...]
Last edited by rextended on Wed Apr 12, 2023 12:13 am, edited 1 time in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:12 am

Cleaver.

But now I just don't get why the CLI work, and the defconf context won't. In theory, both or neither should work the same.
Last edited by Amm0 on Wed Apr 12, 2023 12:15 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:13 am

The script is not one interactive session ;)
Each line on terminal is one new session, is why :local on script is keeped and on terminal disappear on new prompt....

try this, the ID are not consecutive, and not ordered, the route order are managed on another database table...

terminal code

[] /routing rule> :put [find]    
*1d;*16;*17;*18;*19;*1a;*1b;*1e;*1f;*20;*21;*22;*23;*24;*25
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:40 am

Only problem in your logic is that a "print" isn't needed in CLI for it work. "/routing/rule/add place-before=0" works as expect (e.g. placing first) in CLI WITHOUT ever using print – just tried rebooting, opening a terminal, and place-before=0 with a routing rule.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:46 am

I never write to write... print....
On new prompt every time you use one "number" the print often is implicit....
Is why everytime on new prompt place-before=0 is recalculated and is (often) the right value....

try on terminal to use two place-before=0 on same line with two ";" separate commands...
(or two commands between { } )
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:58 am

I never write to write... print....
On new prompt every time you use one "number" the print often is implicit....
It's the "often" part that why I think this a minor bug. In an ideal world, this all be consistent. ;)

Haven't tested recently, but I want to say the place-before=0 work fine for a firewall rule in a non-interactive script...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 1:04 am

Haven't tested recently, but I want to say the place-before=0 work fine for a firewall rule in a non-interactive script...
Only for the first time you use it on the script.... the OP has problems on 2nd use.... because is the same session... simply ([find]->0) solve.
 
jaydabi
just joined
Topic Author
Posts: 7
Joined: Thu Aug 12, 2021 4:24 pm

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:00 pm

Thanks for your time!

I tried to use

place-before=([find]->0)

instead of

place-before=0

and now it works as expected! I successfully tested with this snippet:

[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="FIRST" place-before=([find]->0)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="SECOND" place-before=([find]->0)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="THIRD" place-before=([find]->0)
[...]

Which outputs

 0   ;;; THIRD
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 

 1   ;;; SECOND
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 

 2   ;;; FIRST
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 
     
[...]

Just for the case someone wants to maintain the order (like named in the comments), it could either look like

[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="THIRD" place-before=([find]->0)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="SECOND" place-before=([find]->0)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="FIRST" place-before=([find]->0)
[...]

Or - the more straight forward approach in my opinion

[...]
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="FIRST" place-before=([find]->0)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="SECOND" place-before=([find]->1)
add action=lookup-only-in-table disabled=no dst-address=192.168.252.0/24 src-address=192.168.253.230 table=wireguard comment="THIRD" place-before=([find]->2)
[...]

Which both will lead to the same outcome:

 0   ;;; FIRST
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 

 1   ;;; SECOND
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 

 2   ;;; THIRD
     src-address=192.168.253.230 dst-address=192.168.252.0/24 action=lookup-only-in-table table=wireguard 

[...]

Thanks so much! I learned something new and you saved my a** from having a lot pain :-D
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 12:02 pm

Welldone ;)
([find]->0) / ([find]->1) / ([find]->2)
I see you learned quickly...

Or....

also for keep rules on order without hardly change the number on ([find]->x)
add useless rule with "placeholder" as comment on place-before=([find]->0)
then
"FIRST" place-before=[find where comment~"placeholder"]
"SECOND" place-before=[find where comment~"placeholder"]
"THIRD" place-before=[find where comment~"placeholder"]
"4" place-before=[find where comment~"placeholder"]
"5" place-before=[find where comment~"placeholder"]
"6" place-before=[find where comment~"placeholder"]
"7" place-before=[find where comment~"placeholder"]
.....
and at the end
remove [find where comment~"placeholder"]


If your scripting skill is enough, after creation of the "placeholder", for not recalc everytime the .id :
:local ph [find where comment~"placeholder"]
then
"FIRST" place-before=$ph
"SECOND" place-before=$ph
"THIRD" place-before=$ph
"4" place-before=$ph
"5" place-before=$ph
"6" place-before=$ph
"7" place-before=$ph
 
jaydabi
just joined
Topic Author
Posts: 7
Joined: Thu Aug 12, 2021 4:24 pm

Re: Unintuitive behavior of place-before when using system/reset-configuration

Wed Apr 12, 2023 1:57 pm

That's a very nice approach. Will think about using that instead :)

Again, thanks a lot!

Who is online

Users browsing this forum: No registered users and 16 guests