limit number of terms with counters in junipersrx

maddychan · Capirca Team · commit d55e1d8d2f7a · 2026-03-06T10:33:46.000-08:00
PiperOrigin-RevId: 879703357
diff --git a/capirca/lib/junipersrx.py b/capirca/lib/junipersrx.py
@@ -70,6 +70,9 @@ class ConflictingTargetOptionsError(Error):
 class ConflictingApplicationSetsError(Error):
   pass
 
+class SRXTooManyCountersError(Error):
+  pass
+
 
 class IndentList(list):
 
@@ -363,6 +366,7 @@ def _TranslatePolicy(self, pol, exp_info):
       MixedAddrBookTypesError: Global and Zone address books in the same policy
       ConflictingApplicationSetsError: When two duplicate named terms have
                                        conflicting application entries
+      SRXTooManyCountersError: More than 256 terms with counters found
     """
     current_date = datetime.datetime.utcnow().date()
     exp_info_date = current_date + datetime.timedelta(weeks=exp_info)
@@ -407,6 +411,15 @@ def _TranslatePolicy(self, pol, exp_info):
                                          'destination-zone which can only be '
                                          'used with global policy' % term.name)
 
+      num_counters = 0
+      for term in terms:
+        if term.counter:
+          num_counters += 1
+      if num_counters > 256:
+        raise SRXTooManyCountersError(
+            f'The policy has {num_counters} terms with counters, limit is 256.'
+        )
+
       # variables used to collect target-options and set defaults
       filter_type = ''
 
diff --git a/tests/lib/junipersrx_test.py b/tests/lib/junipersrx_test.py
@@ -553,6 +553,14 @@
   action:: accept
 }
 """
+COUNTER_GOOD_TERM = """
+term counter-term-{counter_num} {{
+  platform:: srx juniper
+  protocol:: tcp
+  counter:: count-name
+  action:: accept
+}}
+"""
 
 SUPPORTED_TOKENS = frozenset({
     'action',
@@ -1966,6 +1974,14 @@ def testEmptyApplications(self):
     pattern = re.compile(r'delete: applications;')
     self.assertTrue(pattern.search(str(''.join(output))), ''.join(output))
 
+  def testTooManyCounters(self):
+    policy_text = GOOD_HEADER
+    for i in range(270):
+      policy_text += COUNTER_GOOD_TERM.format(counter_num=i)
+    pol = policy.ParsePolicy(policy_text, self.naming)
+    self.assertRaises(
+        junipersrx.SRXTooManyCountersError, junipersrx.JuniperSRX, pol, EXP_INFO
+    )
 
 if __name__ == '__main__':
   absltest.main()
