]> git.proxmox.com Git - mirror_frr.git/blame - lib/filter.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #4785 from mjstapp/fix_notif_queued_flag
[mirror_frr.git] / lib / filter.c
CommitLineData
718e3744 1/* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
896014f4
DL		 16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 19 */
20
21#include <zebra.h>
22
23#include "prefix.h"
24#include "filter.h"
25#include "memory.h"
26#include "command.h"
27#include "sockunion.h"
28#include "buffer.h"
fbf5d033 29#include "log.h"
518f0eb1 30#include "routemap.h"
b85120bc 31#include "libfrr.h"
718e3744 32
d62a17ae 33DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
4a1ab8e4 34DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
d62a17ae 35DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
37struct filter_cisco {
38 /* Cisco access-list */
39 int extended;
40 struct in_addr addr;
41 struct in_addr addr_mask;
42 struct in_addr mask;
43 struct in_addr mask_mask;
718e3744 44};
45
d62a17ae 46struct filter_zebra {
47 /* If this filter is "exact" match then this flag is set. */
48 int exact;
718e3744 49
d62a17ae 50 /* Prefix information. */
51 struct prefix prefix;
718e3744 52};
53
54/* Filter element of access list */
d62a17ae 55struct filter {
56 /* For doubly linked list. */
57 struct filter *next;
58 struct filter *prev;
718e3744 59
d62a17ae 60 /* Filter type information. */
61 enum filter_type type;
718e3744 62
358189ad
DA		 63 /* Sequence number */
64 int64_t seq;
65
d62a17ae 66 /* Cisco access-list */
67 int cisco;
718e3744 68
d62a17ae 69 union {
70 struct filter_cisco cfilter;
71 struct filter_zebra zfilter;
72 } u;
718e3744 73};
74
75/* List of access_list. */
d62a17ae 76struct access_list_list {
77 struct access_list *head;
78 struct access_list *tail;
718e3744 79};
80
81/* Master structure of access_list. */
d62a17ae 82struct access_master {
83 /* List of access_list which name is number. */
84 struct access_list_list num;
718e3744 85
d62a17ae 86 /* List of access_list which name is string. */
87 struct access_list_list str;
718e3744 88
d62a17ae 89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook)(struct access_list *);
718e3744 91
d62a17ae 92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook)(struct access_list *);
718e3744 94};
95
b34fd35d 96/* Static structure for mac access_list's master. */
d37ba549
MK		 97static struct access_master access_master_mac = {
98 {NULL, NULL},
99 {NULL, NULL},
100 NULL,
101 NULL,
102};
103
718e3744 104/* Static structure for IPv4 access_list's master. */
d62a17ae 105static struct access_master access_master_ipv4 = {
106 {NULL, NULL},
107 {NULL, NULL},
108 NULL,
109 NULL,
718e3744 110};
111
718e3744 112/* Static structure for IPv6 access_list's master. */
d62a17ae 113static struct access_master access_master_ipv6 = {
114 {NULL, NULL},
115 {NULL, NULL},
116 NULL,
117 NULL,
718e3744 118};
6b0655a2 119
d62a17ae 120static struct access_master *access_master_get(afi_t afi)
718e3744 121{
d62a17ae 122 if (afi == AFI_IP)
123 return &access_master_ipv4;
124 else if (afi == AFI_IP6)
125 return &access_master_ipv6;
d37ba549
MK		 126 else if (afi == AFI_L2VPN)
127 return &access_master_mac;
d62a17ae 128 return NULL;
718e3744 129}
130
131/* Allocate new filter structure. */
d62a17ae 132static struct filter *filter_new(void)
718e3744 133{
9f5dc319 134 return XCALLOC(MTYPE_ACCESS_FILTER, sizeof(struct filter));
718e3744 135}
136
d62a17ae 137static void filter_free(struct filter *filter)
718e3744 138{
d62a17ae 139 XFREE(MTYPE_ACCESS_FILTER, filter);
718e3744 140}
141
142/* Return string of filter_type. */
d62a17ae 143static const char *filter_type_str(struct filter *filter)
144{
145 switch (filter->type) {
146 case FILTER_PERMIT:
147 return "permit";
148 break;
149 case FILTER_DENY:
150 return "deny";
151 break;
152 case FILTER_DYNAMIC:
153 return "dynamic";
154 break;
155 default:
156 return "";
157 break;
158 }
718e3744 159}
160
161/* If filter match to the prefix then return 1. */
123214ef 162static int filter_match_cisco(struct filter *mfilter, const struct prefix *p)
718e3744 163{
d62a17ae 164 struct filter_cisco *filter;
165 struct in_addr mask;
d7c0a89a
QY		 166 uint32_t check_addr;
167 uint32_t check_mask;
718e3744 168
d62a17ae 169 filter = &mfilter->u.cfilter;
170 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
718e3744 171
d62a17ae 172 if (filter->extended) {
173 masklen2ip(p->prefixlen, &mask);
174 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
718e3744 175
d62a17ae 176 if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0
177 && memcmp(&check_mask, &filter->mask.s_addr, 4) == 0)
178 return 1;
179 } else if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0)
180 return 1;
718e3744 181
d62a17ae 182 return 0;
718e3744 183}
184
185/* If filter match to the prefix then return 1. */
123214ef 186static int filter_match_zebra(struct filter *mfilter, const struct prefix *p)
718e3744 187{
d37ba549 188 struct filter_zebra *filter = NULL;
718e3744 189
d62a17ae 190 filter = &mfilter->u.zfilter;
718e3744 191
3b0f6068
DL		 192 if (filter->prefix.family == p->family) {
193 if (filter->exact) {
194 if (filter->prefix.prefixlen == p->prefixlen)
d62a17ae 195 return prefix_match(&filter->prefix, p);
3b0f6068
DL		 196 else
197 return 0;
d62a17ae 198 } else
3b0f6068
DL		 199 return prefix_match(&filter->prefix, p);
200 } else
201 return 0;
718e3744 202}
6b0655a2 203
718e3744 204/* Allocate new access list structure. */
d62a17ae 205static struct access_list *access_list_new(void)
718e3744 206{
9f5dc319 207 return XCALLOC(MTYPE_ACCESS_LIST, sizeof(struct access_list));
718e3744 208}
209
210/* Free allocated access_list. */
d62a17ae 211static void access_list_free(struct access_list *access)
718e3744 212{
d62a17ae 213 XFREE(MTYPE_ACCESS_LIST, access);
718e3744 214}
215
216/* Delete access_list from access_master and free it. */
d62a17ae 217static void access_list_delete(struct access_list *access)
718e3744 218{
d62a17ae 219 struct filter *filter;
220 struct filter *next;
221 struct access_list_list *list;
222 struct access_master *master;
718e3744 223
d62a17ae 224 for (filter = access->head; filter; filter = next) {
225 next = filter->next;
226 filter_free(filter);
227 }
718e3744 228
d62a17ae 229 master = access->master;
718e3744 230
d62a17ae 231 if (access->type == ACCESS_TYPE_NUMBER)
232 list = &master->num;
233 else
234 list = &master->str;
718e3744 235
d62a17ae 236 if (access->next)
237 access->next->prev = access->prev;
238 else
239 list->tail = access->prev;
718e3744 240
d62a17ae 241 if (access->prev)
242 access->prev->next = access->next;
243 else
244 list->head = access->next;
718e3744 245
0a22ddfb 246 XFREE(MTYPE_ACCESS_LIST_STR, access->name);
718e3744 247
0a22ddfb 248 XFREE(MTYPE_TMP, access->remark);
718e3744 249
d62a17ae 250 access_list_free(access);
718e3744 251}
252
253/* Insert new access list to list of access_list. Each acceess_list
254 is sorted by the name. */
d62a17ae 255static struct access_list *access_list_insert(afi_t afi, const char *name)
256{
257 unsigned int i;
258 long number;
259 struct access_list *access;
260 struct access_list *point;
261 struct access_list_list *alist;
262 struct access_master *master;
263
264 master = access_master_get(afi);
265 if (master == NULL)
266 return NULL;
267
268 /* Allocate new access_list and copy given name. */
269 access = access_list_new();
270 access->name = XSTRDUP(MTYPE_ACCESS_LIST_STR, name);
271 access->master = master;
272
273 /* If name is made by all digit character. We treat it as
274 number. */
275 for (number = 0, i = 0; i < strlen(name); i++) {
276 if (isdigit((int)name[i]))
277 number = (number * 10) + (name[i] - '0');
278 else
279 break;
280 }
281
282 /* In case of name is all digit character */
283 if (i == strlen(name)) {
284 access->type = ACCESS_TYPE_NUMBER;
285
286 /* Set access_list to number list. */
287 alist = &master->num;
288
289 for (point = alist->head; point; point = point->next)
290 if (atol(point->name) >= number)
291 break;
292 } else {
293 access->type = ACCESS_TYPE_STRING;
294
295 /* Set access_list to string list. */
296 alist = &master->str;
297
298 /* Set point to insertion point. */
299 for (point = alist->head; point; point = point->next)
300 if (strcmp(point->name, name) >= 0)
301 break;
302 }
303
304 /* In case of this is the first element of master. */
305 if (alist->head == NULL) {
306 alist->head = alist->tail = access;
307 return access;
308 }
309
310 /* In case of insertion is made at the tail of access_list. */
311 if (point == NULL) {
312 access->prev = alist->tail;
313 alist->tail->next = access;
314 alist->tail = access;
315 return access;
316 }
317
318 /* In case of insertion is made at the head of access_list. */
319 if (point == alist->head) {
320 access->next = alist->head;
321 alist->head->prev = access;
322 alist->head = access;
323 return access;
324 }
325
326 /* Insertion is made at middle of the access_list. */
327 access->next = point;
328 access->prev = point->prev;
329
330 if (point->prev)
331 point->prev->next = access;
332 point->prev = access;
333
334 return access;
718e3744 335}
336
337/* Lookup access_list from list of access_list by name. */
d62a17ae 338struct access_list *access_list_lookup(afi_t afi, const char *name)
718e3744 339{
d62a17ae 340 struct access_list *access;
341 struct access_master *master;
718e3744 342
d62a17ae 343 if (name == NULL)
344 return NULL;
718e3744 345
d62a17ae 346 master = access_master_get(afi);
347 if (master == NULL)
348 return NULL;
718e3744 349
d62a17ae 350 for (access = master->num.head; access; access = access->next)
351 if (strcmp(access->name, name) == 0)
352 return access;
718e3744 353
d62a17ae 354 for (access = master->str.head; access; access = access->next)
355 if (strcmp(access->name, name) == 0)
356 return access;
718e3744 357
d62a17ae 358 return NULL;
718e3744 359}
360
361/* Get access list from list of access_list. If there isn't matched
362 access_list create new one and return it. */
d62a17ae 363static struct access_list *access_list_get(afi_t afi, const char *name)
718e3744 364{
d62a17ae 365 struct access_list *access;
718e3744 366
d62a17ae 367 access = access_list_lookup(afi, name);
368 if (access == NULL)
369 access = access_list_insert(afi, name);
370 return access;
718e3744 371}
372
373/* Apply access list to object (which should be struct prefix *). */
123214ef
MS		 374enum filter_type access_list_apply(struct access_list *access,
375 const void *object)
718e3744 376{
d62a17ae 377 struct filter *filter;
123214ef 378 const struct prefix *p = (const struct prefix *)object;
718e3744 379
d62a17ae 380 if (access == NULL)
381 return FILTER_DENY;
718e3744 382
d62a17ae 383 for (filter = access->head; filter; filter = filter->next) {
384 if (filter->cisco) {
385 if (filter_match_cisco(filter, p))
386 return filter->type;
387 } else {
0f6476cc 388 if (filter_match_zebra(filter, p))
d62a17ae 389 return filter->type;
390 }
718e3744 391 }
718e3744 392
d62a17ae 393 return FILTER_DENY;
718e3744 394}
395
396/* Add hook function. */
d62a17ae 397void access_list_add_hook(void (*func)(struct access_list *access))
718e3744 398{
d62a17ae 399 access_master_ipv4.add_hook = func;
400 access_master_ipv6.add_hook = func;
d37ba549 401 access_master_mac.add_hook = func;
718e3744 402}
403
404/* Delete hook function. */
d62a17ae 405void access_list_delete_hook(void (*func)(struct access_list *access))
718e3744 406{
d62a17ae 407 access_master_ipv4.delete_hook = func;
408 access_master_ipv6.delete_hook = func;
d37ba549 409 access_master_mac.delete_hook = func;
718e3744 410}
411
358189ad
DA		 412/* Calculate new sequential number. */
413static int64_t filter_new_seq_get(struct access_list *access)
718e3744 414{
358189ad
DA		 415 int64_t maxseq;
416 int64_t newseq;
417 struct filter *filter;
718e3744 418
358189ad 419 maxseq = newseq = 0;
718e3744 420
358189ad
DA		 421 for (filter = access->head; filter; filter = filter->next) {
422 if (maxseq < filter->seq)
423 maxseq = filter->seq;
424 }
425
426 newseq = ((maxseq / 5) * 5) + 5;
427
428 return (newseq > UINT_MAX) ? UINT_MAX : newseq;
429}
430
431/* Return access list entry which has same seq number. */
432static struct filter *filter_seq_check(struct access_list *access,
433 int64_t seq)
434{
435 struct filter *filter;
436
437 for (filter = access->head; filter; filter = filter->next)
438 if (filter->seq == seq)
439 return filter;
440 return NULL;
718e3744 441}
442
443/* If access_list has no filter then return 1. */
d62a17ae 444static int access_list_empty(struct access_list *access)
718e3744 445{
d62a17ae 446 if (access->head == NULL && access->tail == NULL)
447 return 1;
448 else
449 return 0;
718e3744 450}
451
452/* Delete filter from specified access_list. If there is hook
453 function execute it. */
d62a17ae 454static void access_list_filter_delete(struct access_list *access,
455 struct filter *filter)
718e3744 456{
d62a17ae 457 struct access_master *master;
718e3744 458
d62a17ae 459 master = access->master;
718e3744 460
d62a17ae 461 if (filter->next)
462 filter->next->prev = filter->prev;
463 else
464 access->tail = filter->prev;
718e3744 465
d62a17ae 466 if (filter->prev)
467 filter->prev->next = filter->next;
468 else
469 access->head = filter->next;
718e3744 470
d62a17ae 471 filter_free(filter);
718e3744 472
d62a17ae 473 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
474 /* Run hook function. */
475 if (master->delete_hook)
476 (*master->delete_hook)(access);
683de05f 477
d62a17ae 478 /* If access_list becomes empty delete it from access_master. */
479 if (access_list_empty(access))
480 access_list_delete(access);
718e3744 481}
6b0655a2 482
358189ad
DA		 483/* Add new filter to the end of specified access_list. */
484static void access_list_filter_add(struct access_list *access,
485 struct filter *filter)
486{
487 struct filter *replace;
488 struct filter *point;
489
490 /* Automatic asignment of seq no. */
491 if (filter->seq == -1)
492 filter->seq = filter_new_seq_get(access);
493
494 if (access->tail && filter->seq > access->tail->seq)
495 point = NULL;
496 else {
497 /* Is there any same seq access list filter? */
498 replace = filter_seq_check(access, filter->seq);
499 if (replace)
500 access_list_filter_delete(access, replace);
501
502 /* Check insert point. */
503 for (point = access->head; point; point = point->next)
504 if (point->seq >= filter->seq)
505 break;
506 }
507
508 /* In case of this is the first element of the list. */
509 filter->next = point;
510
511 if (point) {
512 if (point->prev)
513 point->prev->next = filter;
514 else
515 access->head = filter;
516
517 filter->prev = point->prev;
518 point->prev = filter;
519 } else {
520 if (access->tail)
521 access->tail->next = filter;
522 else
523 access->head = filter;
524
525 filter->prev = access->tail;
526 access->tail = filter;
527 }
528
529 /* Run hook function. */
530 if (access->master->add_hook)
531 (*access->master->add_hook)(access);
532 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
533}
534
718e3744 535/*
536 deny Specify packets to reject
537 permit Specify packets to forward
538 dynamic ?
539*/
540
541/*
542 Hostname or A.B.C.D Address to match
543 any Any source host
544 host A single host address
545*/
546
d62a17ae 547static struct filter *filter_lookup_cisco(struct access_list *access,
548 struct filter *mnew)
549{
550 struct filter *mfilter;
551 struct filter_cisco *filter;
552 struct filter_cisco *new;
553
554 new = &mnew->u.cfilter;
555
556 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
557 filter = &mfilter->u.cfilter;
558
559 if (filter->extended) {
560 if (mfilter->type == mnew->type
561 && filter->addr.s_addr == new->addr.s_addr
562 && filter->addr_mask.s_addr == new->addr_mask.s_addr
563 && filter->mask.s_addr == new->mask.s_addr
564 && filter->mask_mask.s_addr
565 == new->mask_mask.s_addr)
566 return mfilter;
567 } else {
568 if (mfilter->type == mnew->type
569 && filter->addr.s_addr == new->addr.s_addr
570 && filter->addr_mask.s_addr
571 == new->addr_mask.s_addr)
572 return mfilter;
573 }
574 }
575
576 return NULL;
577}
578
579static struct filter *filter_lookup_zebra(struct access_list *access,
580 struct filter *mnew)
718e3744 581{
d62a17ae 582 struct filter *mfilter;
583 struct filter_zebra *filter;
584 struct filter_zebra *new;
718e3744 585
d62a17ae 586 new = &mnew->u.zfilter;
718e3744 587
d62a17ae 588 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
589 filter = &mfilter->u.zfilter;
718e3744 590
d62a17ae 591 if (filter->exact == new->exact
d37ba549 592 && mfilter->type == mnew->type) {
0f6476cc
DS		 593 if (prefix_same(&filter->prefix, &new->prefix))
594 return mfilter;
d37ba549 595 }
718e3744 596 }
d62a17ae 597 return NULL;
598}
599
600static int vty_access_list_remark_unset(struct vty *vty, afi_t afi,
601 const char *name)
602{
603 struct access_list *access;
604
605 access = access_list_lookup(afi, name);
606 if (!access) {
607 vty_out(vty, "%% access-list %s doesn't exist\n", name);
608 return CMD_WARNING_CONFIG_FAILED;
609 }
610
611 if (access->remark) {
612 XFREE(MTYPE_TMP, access->remark);
613 access->remark = NULL;
718e3744 614 }
d62a17ae 615
2e1cc436 616 if (access->head == NULL && access->tail == NULL)
d62a17ae 617 access_list_delete(access);
618
619 return CMD_SUCCESS;
620}
621
622static int filter_set_cisco(struct vty *vty, const char *name_str,
358189ad
DA		 623 const char *seq, const char *type_str,
624 const char *addr_str, const char *addr_mask_str,
625 const char *mask_str, const char *mask_mask_str,
626 int extended, int set)
d62a17ae 627{
628 int ret;
358189ad 629 enum filter_type type = FILTER_DENY;
d62a17ae 630 struct filter *mfilter;
631 struct filter_cisco *filter;
632 struct access_list *access;
633 struct in_addr addr;
634 struct in_addr addr_mask;
635 struct in_addr mask;
636 struct in_addr mask_mask;
358189ad
DA		 637 int64_t seqnum = -1;
638
639 if (seq)
640 seqnum = (int64_t)atol(seq);
d62a17ae 641
642 /* Check of filter type. */
358189ad
DA		 643 if (type_str) {
644 if (strncmp(type_str, "p", 1) == 0)
645 type = FILTER_PERMIT;
646 else if (strncmp(type_str, "d", 1) == 0)
647 type = FILTER_DENY;
648 else {
649 vty_out(vty, "%% filter type must be permit or deny\n");
650 return CMD_WARNING_CONFIG_FAILED;
651 }
d62a17ae 652 }
653
654 ret = inet_aton(addr_str, &addr);
655 if (ret <= 0) {
656 vty_out(vty, "%%Inconsistent address and mask\n");
657 return CMD_WARNING_CONFIG_FAILED;
658 }
659
660 ret = inet_aton(addr_mask_str, &addr_mask);
661 if (ret <= 0) {
662 vty_out(vty, "%%Inconsistent address and mask\n");
663 return CMD_WARNING_CONFIG_FAILED;
664 }
665
666 if (extended) {
667 ret = inet_aton(mask_str, &mask);
668 if (ret <= 0) {
669 vty_out(vty, "%%Inconsistent address and mask\n");
670 return CMD_WARNING_CONFIG_FAILED;
671 }
672
673 ret = inet_aton(mask_mask_str, &mask_mask);
674 if (ret <= 0) {
675 vty_out(vty, "%%Inconsistent address and mask\n");
676 return CMD_WARNING_CONFIG_FAILED;
677 }
678 }
679
680 mfilter = filter_new();
681 mfilter->type = type;
682 mfilter->cisco = 1;
358189ad 683 mfilter->seq = seqnum;
d62a17ae 684 filter = &mfilter->u.cfilter;
685 filter->extended = extended;
686 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
687 filter->addr_mask.s_addr = addr_mask.s_addr;
688
689 if (extended) {
690 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
691 filter->mask_mask.s_addr = mask_mask.s_addr;
718e3744 692 }
693
d62a17ae 694 /* Install new filter to the access_list. */
695 access = access_list_get(AFI_IP, name_str);
696
697 if (set) {
698 if (filter_lookup_cisco(access, mfilter))
699 filter_free(mfilter);
700 else
701 access_list_filter_add(access, mfilter);
702 } else {
703 struct filter *delete_filter;
704
705 delete_filter = filter_lookup_cisco(access, mfilter);
706 if (delete_filter)
707 access_list_filter_delete(access, delete_filter);
708
709 filter_free(mfilter);
718e3744 710 }
d62a17ae 711
712 return CMD_SUCCESS;
718e3744 713}
714
715/* Standard access-list */
716DEFUN (access_list_standard,
717 access_list_standard_cmd,
358189ad 718 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 719 "Add an access list entry\n"
720 "IP standard access list\n"
721 "IP standard access list (expanded range)\n"
358189ad
DA		 722 "Sequence number of an entry\n"
723 "Sequence number\n"
718e3744 724 "Specify packets to reject\n"
725 "Specify packets to forward\n"
726 "Address to match\n"
727 "Wildcard bits\n")
728{
d62a17ae 729 int idx_acl = 1;
358189ad
DA		 730 int idx = 0;
731 char *seq = NULL;
732 char *permit_deny = NULL;
733 char *address = NULL;
734 char *wildcard = NULL;
735
736 argv_find(argv, argc, "(1-4294967295)", &idx);
737 if (idx)
738 seq = argv[idx]->arg;
739
740 idx = 0;
741 argv_find(argv, argc, "permit", &idx);
742 argv_find(argv, argc, "deny", &idx);
743 if (idx)
744 permit_deny = argv[idx]->arg;
745
746 idx = 0;
747 argv_find(argv, argc, "A.B.C.D", &idx);
748 if (idx) {
749 address = argv[idx]->arg;
750 wildcard = argv[idx + 1]->arg;
751 }
752
753 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
754 address, wildcard, NULL, NULL, 0, 1);
718e3744 755}
756
757DEFUN (access_list_standard_nomask,
758 access_list_standard_nomask_cmd,
358189ad 759 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 760 "Add an access list entry\n"
761 "IP standard access list\n"
762 "IP standard access list (expanded range)\n"
358189ad
DA		 763 "Sequence number of an entry\n"
764 "Sequence number\n"
718e3744 765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
767 "Address to match\n")
768{
d62a17ae 769 int idx_acl = 1;
358189ad
DA		 770 int idx = 0;
771 char *seq = NULL;
772 char *permit_deny = NULL;
773 char *address = NULL;
774
775 argv_find(argv, argc, "(1-4294967295)", &idx);
776 if (idx)
777 seq = argv[idx]->arg;
778
779 idx = 0;
780 argv_find(argv, argc, "permit", &idx);
781 argv_find(argv, argc, "deny", &idx);
782 if (idx)
783 permit_deny = argv[idx]->arg;
784
785 idx = 0;
786 argv_find(argv, argc, "A.B.C.D", &idx);
787 if (idx)
788 address = argv[idx]->arg;
789
790 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
791 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 792}
793
794DEFUN (access_list_standard_host,
795 access_list_standard_host_cmd,
358189ad 796 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 797 "Add an access list entry\n"
798 "IP standard access list\n"
799 "IP standard access list (expanded range)\n"
358189ad
DA		 800 "Sequence number of an entry\n"
801 "Sequence number\n"
718e3744 802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "A single host address\n"
805 "Address to match\n")
806{
d62a17ae 807 int idx_acl = 1;
358189ad
DA		 808 int idx = 0;
809 char *seq = NULL;
810 char *permit_deny = NULL;
811 char *address = NULL;
812
813 argv_find(argv, argc, "(1-4294967295)", &idx);
814 if (idx)
815 seq = argv[idx]->arg;
816
817 idx = 0;
818 argv_find(argv, argc, "permit", &idx);
819 argv_find(argv, argc, "deny", &idx);
820 if (idx)
821 permit_deny = argv[idx]->arg;
822
823 idx = 0;
824 argv_find(argv, argc, "A.B.C.D", &idx);
825 if (idx)
826 address = argv[idx]->arg;
827
828 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
829 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 830}
831
832DEFUN (access_list_standard_any,
833 access_list_standard_any_cmd,
358189ad 834 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 835 "Add an access list entry\n"
836 "IP standard access list\n"
837 "IP standard access list (expanded range)\n"
358189ad
DA		 838 "Sequence number of an entry\n"
839 "Sequence number\n"
718e3744 840 "Specify packets to reject\n"
841 "Specify packets to forward\n"
842 "Any source host\n")
843{
d62a17ae 844 int idx_acl = 1;
358189ad
DA		 845 int idx = 0;
846 char *seq = NULL;
847 char *permit_deny = NULL;
848
849 argv_find(argv, argc, "(1-4294967295)", &idx);
850 if (idx)
851 seq = argv[idx]->arg;
852
853 idx = 0;
854 argv_find(argv, argc, "permit", &idx);
855 argv_find(argv, argc, "deny", &idx);
856 if (idx)
857 permit_deny = argv[idx]->arg;
858
859 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
860 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 1);
718e3744 861}
862
863DEFUN (no_access_list_standard,
864 no_access_list_standard_cmd,
358189ad 865 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 866 NO_STR
867 "Add an access list entry\n"
868 "IP standard access list\n"
869 "IP standard access list (expanded range)\n"
358189ad
DA		 870 "Sequence number of an entry\n"
871 "Sequence number\n"
718e3744 872 "Specify packets to reject\n"
873 "Specify packets to forward\n"
874 "Address to match\n"
875 "Wildcard bits\n")
876{
358189ad
DA		 877 int idx_acl = 1;
878 int idx = 0;
879 char *seq = NULL;
880 char *permit_deny = NULL;
881 char *address = NULL;
882 char *wildcard = NULL;
883
884 argv_find(argv, argc, "(1-4294967295)", &idx);
885 if (idx)
886 seq = argv[idx]->arg;
887
888 idx = 0;
889 argv_find(argv, argc, "permit", &idx);
890 argv_find(argv, argc, "deny", &idx);
891 if (idx)
892 permit_deny = argv[idx]->arg;
893
894 idx = 0;
895 argv_find(argv, argc, "A.B.C.D", &idx);
896 if (idx) {
897 address = argv[idx]->arg;
898 wildcard = argv[idx + 1]->arg;
899 }
900
901 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
902 address, wildcard, NULL, NULL, 0, 0);
718e3744 903}
904
905DEFUN (no_access_list_standard_nomask,
906 no_access_list_standard_nomask_cmd,
358189ad 907 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 908 NO_STR
909 "Add an access list entry\n"
910 "IP standard access list\n"
911 "IP standard access list (expanded range)\n"
358189ad
DA		 912 "Sequence number of an entry\n"
913 "Sequence number\n"
718e3744 914 "Specify packets to reject\n"
915 "Specify packets to forward\n"
916 "Address to match\n")
917{
d62a17ae 918 int idx_acl = 2;
358189ad
DA		 919 int idx = 0;
920 char *seq = NULL;
921 char *permit_deny = NULL;
922 char *address = NULL;
923
924 argv_find(argv, argc, "(1-4294967295)", &idx);
925 if (idx)
926 seq = argv[idx]->arg;
927
928 idx = 0;
929 argv_find(argv, argc, "permit", &idx);
930 argv_find(argv, argc, "deny", &idx);
931 if (idx)
932 permit_deny = argv[idx]->arg;
933
934 idx = 0;
935 argv_find(argv, argc, "A.B.C.D", &idx);
936 if (idx)
937 address = argv[idx]->arg;
938
939 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
940 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 941}
942
943DEFUN (no_access_list_standard_host,
944 no_access_list_standard_host_cmd,
358189ad 945 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 946 NO_STR
947 "Add an access list entry\n"
948 "IP standard access list\n"
949 "IP standard access list (expanded range)\n"
358189ad
DA		 950 "Sequence number of an entry\n"
951 "Sequence number\n"
718e3744 952 "Specify packets to reject\n"
953 "Specify packets to forward\n"
954 "A single host address\n"
955 "Address to match\n")
956{
d62a17ae 957 int idx_acl = 2;
358189ad
DA		 958 int idx = 0;
959 char *seq = NULL;
960 char *permit_deny = NULL;
961 char *address = NULL;
962
963 argv_find(argv, argc, "(1-4294967295)", &idx);
964 if (idx)
965 seq = argv[idx]->arg;
966
967 idx = 0;
968 argv_find(argv, argc, "permit", &idx);
969 argv_find(argv, argc, "deny", &idx);
970 if (idx)
971 permit_deny = argv[idx]->arg;
972
973 idx = 0;
974 argv_find(argv, argc, "A.B.C.D", &idx);
975 if (idx)
976 address = argv[idx]->arg;
977
978 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
979 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 980}
981
982DEFUN (no_access_list_standard_any,
983 no_access_list_standard_any_cmd,
358189ad 984 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 985 NO_STR
986 "Add an access list entry\n"
987 "IP standard access list\n"
988 "IP standard access list (expanded range)\n"
358189ad
DA		 989 "Sequence number of an entry\n"
990 "Sequence number\n"
718e3744 991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any source host\n")
994{
d62a17ae 995 int idx_acl = 2;
358189ad
DA		 996 int idx = 0;
997 char *seq = NULL;
998 char *permit_deny = NULL;
999
1000 argv_find(argv, argc, "(1-4294967295)", &idx);
1001 if (idx)
1002 seq = argv[idx]->arg;
1003
1004 idx = 0;
1005 argv_find(argv, argc, "permit", &idx);
1006 argv_find(argv, argc, "deny", &idx);
1007 if (idx)
1008 permit_deny = argv[idx]->arg;
1009
1010 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1011 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 0);
718e3744 1012}
1013
1014/* Extended access-list */
1015DEFUN (access_list_extended,
1016 access_list_extended_cmd,
358189ad 1017 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1018 "Add an access list entry\n"
1019 "IP extended access list\n"
1020 "IP extended access list (expanded range)\n"
358189ad
DA		 1021 "Sequence number of an entry\n"
1022 "Sequence number\n"
718e3744 1023 "Specify packets to reject\n"
1024 "Specify packets to forward\n"
1025 "Any Internet Protocol\n"
1026 "Source address\n"
1027 "Source wildcard bits\n"
1028 "Destination address\n"
1029 "Destination Wildcard bits\n")
1030{
d62a17ae 1031 int idx_acl = 1;
358189ad
DA		 1032 int idx = 0;
1033 char *seq = NULL;
1034 char *permit_deny = NULL;
1035 char *src = NULL;
1036 char *dst = NULL;
1037 char *src_wildcard = NULL;
1038 char *dst_wildcard = NULL;
1039
1040 argv_find(argv, argc, "(1-4294967295)", &idx);
1041 if (idx)
1042 seq = argv[idx]->arg;
1043
1044 idx = 0;
1045 argv_find(argv, argc, "permit", &idx);
1046 argv_find(argv, argc, "deny", &idx);
1047 if (idx)
1048 permit_deny = argv[idx]->arg;
1049
1050 idx = 0;
1051 argv_find(argv, argc, "A.B.C.D", &idx);
1052 if (idx) {
1053 src = argv[idx]->arg;
1054 src_wildcard = argv[idx + 1]->arg;
1055 dst = argv[idx + 2]->arg;
1056 dst_wildcard = argv[idx + 3]->arg;
1057 }
1058
1059 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1060 src_wildcard, dst, dst_wildcard, 1, 1);
718e3744 1061}
1062
1063DEFUN (access_list_extended_mask_any,
1064 access_list_extended_mask_any_cmd,
358189ad 1065 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1066 "Add an access list entry\n"
1067 "IP extended access list\n"
1068 "IP extended access list (expanded range)\n"
358189ad
DA		 1069 "Sequence number of an entry\n"
1070 "Sequence number\n"
718e3744 1071 "Specify packets to reject\n"
1072 "Specify packets to forward\n"
1073 "Any Internet Protocol\n"
1074 "Source address\n"
1075 "Source wildcard bits\n"
1076 "Any destination host\n")
1077{
d62a17ae 1078 int idx_acl = 1;
358189ad
DA		 1079 int idx = 0;
1080 char *seq = NULL;
1081 char *permit_deny = NULL;
1082 char *src = NULL;
1083 char *src_wildcard = NULL;
1084
1085 argv_find(argv, argc, "(1-4294967295)", &idx);
1086 if (idx)
1087 seq = argv[idx]->arg;
1088
1089 idx = 0;
1090 argv_find(argv, argc, "permit", &idx);
1091 argv_find(argv, argc, "deny", &idx);
1092 if (idx)
1093 permit_deny = argv[idx]->arg;
1094
1095 idx = 0;
1096 argv_find(argv, argc, "A.B.C.D", &idx);
1097 if (idx) {
1098 src = argv[idx]->arg;
1099 src_wildcard = argv[idx + 1]->arg;
1100 }
1101
1102 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1103 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1104 1);
718e3744 1105}
1106
1107DEFUN (access_list_extended_any_mask,
1108 access_list_extended_any_mask_cmd,
358189ad 1109 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1110 "Add an access list entry\n"
1111 "IP extended access list\n"
1112 "IP extended access list (expanded range)\n"
358189ad
DA		 1113 "Sequence number of an entry\n"
1114 "Sequence number\n"
718e3744 1115 "Specify packets to reject\n"
1116 "Specify packets to forward\n"
1117 "Any Internet Protocol\n"
1118 "Any source host\n"
1119 "Destination address\n"
1120 "Destination Wildcard bits\n")
1121{
d62a17ae 1122 int idx_acl = 1;
358189ad
DA		 1123 int idx = 0;
1124 char *seq = NULL;
1125 char *permit_deny = NULL;
1126 char *dst = NULL;
1127 char *dst_wildcard = NULL;
1128
1129 argv_find(argv, argc, "(1-4294967295)", &idx);
1130 if (idx)
1131 seq = argv[idx]->arg;
1132
1133 idx = 0;
1134 argv_find(argv, argc, "permit", &idx);
1135 argv_find(argv, argc, "deny", &idx);
1136 if (idx)
1137 permit_deny = argv[idx]->arg;
1138
1139 idx = 0;
1140 argv_find(argv, argc, "A.B.C.D", &idx);
1141 if (idx) {
1142 dst = argv[idx]->arg;
1143 dst_wildcard = argv[idx + 1]->arg;
1144 }
1145
1146 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1147 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1148 1, 1);
718e3744 1149}
1150
1151DEFUN (access_list_extended_any_any,
1152 access_list_extended_any_any_cmd,
358189ad 1153 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1154 "Add an access list entry\n"
1155 "IP extended access list\n"
1156 "IP extended access list (expanded range)\n"
358189ad
DA		 1157 "Sequence number of an entry\n"
1158 "Sequence number\n"
718e3744 1159 "Specify packets to reject\n"
1160 "Specify packets to forward\n"
1161 "Any Internet Protocol\n"
1162 "Any source host\n"
1163 "Any destination host\n")
1164{
d62a17ae 1165 int idx_acl = 1;
358189ad
DA		 1166 int idx = 0;
1167 char *seq = NULL;
1168 char *permit_deny = NULL;
1169
1170 argv_find(argv, argc, "(1-4294967295)", &idx);
1171 if (idx)
1172 seq = argv[idx]->arg;
1173
1174 idx = 0;
1175 argv_find(argv, argc, "permit", &idx);
1176 argv_find(argv, argc, "deny", &idx);
1177 if (idx)
1178 permit_deny = argv[idx]->arg;
1179
1180 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1181 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1182 "255.255.255.255", 1, 1);
718e3744 1183}
1184
1185DEFUN (access_list_extended_mask_host,
1186 access_list_extended_mask_host_cmd,
358189ad 1187 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1188 "Add an access list entry\n"
1189 "IP extended access list\n"
1190 "IP extended access list (expanded range)\n"
358189ad
DA		 1191 "Sequence number of an entry\n"
1192 "Sequence number\n"
718e3744 1193 "Specify packets to reject\n"
1194 "Specify packets to forward\n"
1195 "Any Internet Protocol\n"
1196 "Source address\n"
1197 "Source wildcard bits\n"
1198 "A single destination host\n"
1199 "Destination address\n")
1200{
d62a17ae 1201 int idx_acl = 1;
358189ad
DA		 1202 int idx = 0;
1203 char *seq = NULL;
1204 char *permit_deny = NULL;
1205 char *src = NULL;
1206 char *dst = NULL;
1207 char *src_wildcard = NULL;
1208
1209 argv_find(argv, argc, "(1-4294967295)", &idx);
1210 if (idx)
1211 seq = argv[idx]->arg;
1212
1213 idx = 0;
1214 argv_find(argv, argc, "permit", &idx);
1215 argv_find(argv, argc, "deny", &idx);
1216 if (idx)
1217 permit_deny = argv[idx]->arg;
1218
1219 idx = 0;
1220 argv_find(argv, argc, "A.B.C.D", &idx);
1221 if (idx) {
1222 src = argv[idx]->arg;
1223 src_wildcard = argv[idx + 1]->arg;
1224 dst = argv[idx + 3]->arg;
1225 }
1226
1227 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1228 src_wildcard, dst, "0.0.0.0", 1, 1);
718e3744 1229}
1230
1231DEFUN (access_list_extended_host_mask,
1232 access_list_extended_host_mask_cmd,
358189ad 1233 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1234 "Add an access list entry\n"
1235 "IP extended access list\n"
1236 "IP extended access list (expanded range)\n"
358189ad
DA		 1237 "Sequence number of an entry\n"
1238 "Sequence number\n"
718e3744 1239 "Specify packets to reject\n"
1240 "Specify packets to forward\n"
1241 "Any Internet Protocol\n"
1242 "A single source host\n"
1243 "Source address\n"
1244 "Destination address\n"
1245 "Destination Wildcard bits\n")
1246{
d62a17ae 1247 int idx_acl = 1;
358189ad
DA		 1248 int idx = 0;
1249 char *seq = NULL;
1250 char *permit_deny = NULL;
1251 char *src = NULL;
1252 char *dst = NULL;
1253 char *dst_wildcard = NULL;
1254
1255 argv_find(argv, argc, "(1-4294967295)", &idx);
1256 if (idx)
1257 seq = argv[idx]->arg;
1258
1259 idx = 0;
1260 argv_find(argv, argc, "permit", &idx);
1261 argv_find(argv, argc, "deny", &idx);
1262 if (idx)
1263 permit_deny = argv[idx]->arg;
1264
1265 idx = 0;
1266 argv_find(argv, argc, "A.B.C.D", &idx);
1267 if (idx) {
1268 src = argv[idx]->arg;
1269 dst = argv[idx + 1]->arg;
1270 dst_wildcard = argv[idx + 2]->arg;
1271 }
1272
1273 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1274 "0.0.0.0", dst, dst_wildcard, 1, 1);
718e3744 1275}
1276
1277DEFUN (access_list_extended_host_host,
1278 access_list_extended_host_host_cmd,
358189ad 1279 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1280 "Add an access list entry\n"
1281 "IP extended access list\n"
1282 "IP extended access list (expanded range)\n"
358189ad
DA		 1283 "Sequence number of an entry\n"
1284 "Sequence number\n"
718e3744 1285 "Specify packets to reject\n"
1286 "Specify packets to forward\n"
1287 "Any Internet Protocol\n"
1288 "A single source host\n"
1289 "Source address\n"
1290 "A single destination host\n"
1291 "Destination address\n")
1292{
d62a17ae 1293 int idx_acl = 1;
358189ad
DA		 1294 int idx = 0;
1295 char *seq = NULL;
1296 char *permit_deny = NULL;
1297 char *src = NULL;
1298 char *dst = NULL;
1299
1300 argv_find(argv, argc, "(1-4294967295)", &idx);
1301 if (idx)
1302 seq = argv[idx]->arg;
1303
1304 idx = 0;
1305 argv_find(argv, argc, "permit", &idx);
1306 argv_find(argv, argc, "deny", &idx);
1307 if (idx)
1308 permit_deny = argv[idx]->arg;
1309
1310 idx = 0;
1311 argv_find(argv, argc, "A.B.C.D", &idx);
1312 if (idx) {
1313 src = argv[idx]->arg;
1314 dst = argv[idx + 2]->arg;
1315 }
1316
1317 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1318 "0.0.0.0", dst, "0.0.0.0", 1, 1);
718e3744 1319}
1320
1321DEFUN (access_list_extended_any_host,
1322 access_list_extended_any_host_cmd,
358189ad 1323 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1324 "Add an access list entry\n"
1325 "IP extended access list\n"
1326 "IP extended access list (expanded range)\n"
358189ad
DA		 1327 "Sequence number of an entry\n"
1328 "Sequence number\n"
718e3744 1329 "Specify packets to reject\n"
1330 "Specify packets to forward\n"
1331 "Any Internet Protocol\n"
1332 "Any source host\n"
1333 "A single destination host\n"
1334 "Destination address\n")
1335{
d62a17ae 1336 int idx_acl = 1;
358189ad
DA		 1337 int idx = 0;
1338 char *seq = NULL;
1339 char *permit_deny = NULL;
1340 char *dst = NULL;
1341
1342 argv_find(argv, argc, "(1-4294967295)", &idx);
1343 if (idx)
1344 seq = argv[idx]->arg;
1345
1346 idx = 0;
1347 argv_find(argv, argc, "permit", &idx);
1348 argv_find(argv, argc, "deny", &idx);
1349 if (idx)
1350 permit_deny = argv[idx]->arg;
1351
1352 idx = 0;
1353 argv_find(argv, argc, "A.B.C.D", &idx);
1354 if (idx)
1355 dst = argv[idx]->arg;
1356
1357 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1358 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1359 1);
718e3744 1360}
1361
1362DEFUN (access_list_extended_host_any,
1363 access_list_extended_host_any_cmd,
358189ad 1364 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1365 "Add an access list entry\n"
1366 "IP extended access list\n"
1367 "IP extended access list (expanded range)\n"
358189ad
DA		 1368 "Sequence number of an entry\n"
1369 "Sequence number\n"
718e3744 1370 "Specify packets to reject\n"
1371 "Specify packets to forward\n"
1372 "Any Internet Protocol\n"
1373 "A single source host\n"
1374 "Source address\n"
1375 "Any destination host\n")
1376{
d62a17ae 1377 int idx_acl = 1;
358189ad
DA		 1378 int idx = 0;
1379 char *seq = NULL;
1380 char *permit_deny = NULL;
1381 char *src = NULL;
1382
1383 argv_find(argv, argc, "(1-4294967295)", &idx);
1384 if (idx)
1385 seq = argv[idx]->arg;
1386
1387 idx = 0;
1388 argv_find(argv, argc, "permit", &idx);
1389 argv_find(argv, argc, "deny", &idx);
1390 if (idx)
1391 permit_deny = argv[idx]->arg;
1392
1393 idx = 0;
1394 argv_find(argv, argc, "A.B.C.D", &idx);
1395 if (idx)
1396 src = argv[idx]->arg;
1397
1398 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1399 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
718e3744 1400}
1401
1402DEFUN (no_access_list_extended,
1403 no_access_list_extended_cmd,
358189ad 1404 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1405 NO_STR
1406 "Add an access list entry\n"
1407 "IP extended access list\n"
1408 "IP extended access list (expanded range)\n"
358189ad
DA		 1409 "Sequence number of an entry\n"
1410 "Sequence number\n"
718e3744 1411 "Specify packets to reject\n"
1412 "Specify packets to forward\n"
1413 "Any Internet Protocol\n"
1414 "Source address\n"
1415 "Source wildcard bits\n"
1416 "Destination address\n"
1417 "Destination Wildcard bits\n")
1418{
d62a17ae 1419 int idx_acl = 2;
358189ad
DA		 1420 int idx = 0;
1421 char *seq = NULL;
1422 char *permit_deny = NULL;
1423 char *src = NULL;
1424 char *dst = NULL;
1425 char *src_wildcard = NULL;
1426 char *dst_wildcard = NULL;
1427
1428 argv_find(argv, argc, "(1-4294967295)", &idx);
1429 if (idx)
1430 seq = argv[idx]->arg;
1431
1432 idx = 0;
1433 argv_find(argv, argc, "permit", &idx);
1434 argv_find(argv, argc, "deny", &idx);
1435 if (idx)
1436 permit_deny = argv[idx]->arg;
1437
1438 idx = 0;
1439 argv_find(argv, argc, "A.B.C.D", &idx);
1440 if (idx) {
1441 src = argv[idx]->arg;
1442 src_wildcard = argv[idx + 1]->arg;
1443 dst = argv[idx + 2]->arg;
1444 dst_wildcard = argv[idx + 3]->arg;
1445 }
1446
1447 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1448 src_wildcard, dst, dst_wildcard, 1, 0);
718e3744 1449}
1450
1451DEFUN (no_access_list_extended_mask_any,
1452 no_access_list_extended_mask_any_cmd,
358189ad 1453 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1454 NO_STR
1455 "Add an access list entry\n"
1456 "IP extended access list\n"
1457 "IP extended access list (expanded range)\n"
358189ad
DA		 1458 "Sequence number of an entry\n"
1459 "Sequence number\n"
718e3744 1460 "Specify packets to reject\n"
1461 "Specify packets to forward\n"
1462 "Any Internet Protocol\n"
1463 "Source address\n"
1464 "Source wildcard bits\n"
1465 "Any destination host\n")
1466{
d62a17ae 1467 int idx_acl = 2;
358189ad
DA		 1468 int idx = 0;
1469 char *seq = NULL;
1470 char *permit_deny = NULL;
1471 char *src = NULL;
1472 char *src_wildcard = NULL;
1473
1474 argv_find(argv, argc, "(1-4294967295)", &idx);
1475 if (idx)
1476 seq = argv[idx]->arg;
1477
1478 idx = 0;
1479 argv_find(argv, argc, "permit", &idx);
1480 argv_find(argv, argc, "deny", &idx);
1481 if (idx)
1482 permit_deny = argv[idx]->arg;
1483
1484 idx = 0;
1485 argv_find(argv, argc, "A.B.C.D", &idx);
1486 if (idx) {
1487 src = argv[idx]->arg;
1488 src_wildcard = argv[idx + 1]->arg;
1489 }
1490
1491 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1492 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1493 0);
718e3744 1494}
1495
1496DEFUN (no_access_list_extended_any_mask,
1497 no_access_list_extended_any_mask_cmd,
358189ad 1498 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1499 NO_STR
1500 "Add an access list entry\n"
1501 "IP extended access list\n"
1502 "IP extended access list (expanded range)\n"
358189ad
DA		 1503 "Sequence number of an entry\n"
1504 "Sequence number\n"
718e3744 1505 "Specify packets to reject\n"
1506 "Specify packets to forward\n"
1507 "Any Internet Protocol\n"
1508 "Any source host\n"
1509 "Destination address\n"
1510 "Destination Wildcard bits\n")
1511{
d62a17ae 1512 int idx_acl = 2;
358189ad
DA		 1513 int idx = 0;
1514 char *seq = NULL;
1515 char *permit_deny = NULL;
1516 char *dst = NULL;
1517 char *dst_wildcard = NULL;
1518
1519 argv_find(argv, argc, "(1-4294967295)", &idx);
1520 if (idx)
1521 seq = argv[idx]->arg;
1522
1523 idx = 0;
1524 argv_find(argv, argc, "permit", &idx);
1525 argv_find(argv, argc, "deny", &idx);
1526 if (idx)
1527 permit_deny = argv[idx]->arg;
1528
1529 idx = 0;
1530 argv_find(argv, argc, "A.B.C.D", &idx);
1531 if (idx) {
1532 dst = argv[idx]->arg;
1533 dst_wildcard = argv[idx + 1]->arg;
1534 }
1535
1536 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1537 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1538 1, 0);
718e3744 1539}
1540
1541DEFUN (no_access_list_extended_any_any,
1542 no_access_list_extended_any_any_cmd,
358189ad 1543 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1544 NO_STR
1545 "Add an access list entry\n"
1546 "IP extended access list\n"
1547 "IP extended access list (expanded range)\n"
358189ad
DA		 1548 "Sequence number of an entry\n"
1549 "Sequence number\n"
718e3744 1550 "Specify packets to reject\n"
1551 "Specify packets to forward\n"
1552 "Any Internet Protocol\n"
1553 "Any source host\n"
1554 "Any destination host\n")
1555{
d62a17ae 1556 int idx_acl = 2;
358189ad
DA		 1557 int idx = 0;
1558 char *seq = NULL;
1559 char *permit_deny = NULL;
1560
1561 argv_find(argv, argc, "(1-4294967295)", &idx);
1562 if (idx)
1563 seq = argv[idx]->arg;
1564
1565 idx = 0;
1566 argv_find(argv, argc, "permit", &idx);
1567 argv_find(argv, argc, "deny", &idx);
1568 if (idx)
1569 permit_deny = argv[idx]->arg;
1570
1571 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1572 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1573 "255.255.255.255", 1, 0);
718e3744 1574}
1575
1576DEFUN (no_access_list_extended_mask_host,
1577 no_access_list_extended_mask_host_cmd,
358189ad 1578 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1579 NO_STR
1580 "Add an access list entry\n"
1581 "IP extended access list\n"
1582 "IP extended access list (expanded range)\n"
358189ad
DA		 1583 "Sequence number of an entry\n"
1584 "Sequence number\n"
718e3744 1585 "Specify packets to reject\n"
1586 "Specify packets to forward\n"
1587 "Any Internet Protocol\n"
1588 "Source address\n"
1589 "Source wildcard bits\n"
1590 "A single destination host\n"
1591 "Destination address\n")
1592{
d62a17ae 1593 int idx_acl = 2;
358189ad
DA		 1594 int idx = 0;
1595 char *seq = NULL;
1596 char *permit_deny = NULL;
1597 char *src = NULL;
1598 char *dst = NULL;
1599 char *src_wildcard = NULL;
1600
1601 argv_find(argv, argc, "(1-4294967295)", &idx);
1602 if (idx)
1603 seq = argv[idx]->arg;
1604
1605 idx = 0;
1606 argv_find(argv, argc, "permit", &idx);
1607 argv_find(argv, argc, "deny", &idx);
1608 if (idx)
1609 permit_deny = argv[idx]->arg;
1610
1611 idx = 0;
1612 argv_find(argv, argc, "A.B.C.D", &idx);
1613 if (idx) {
1614 src = argv[idx]->arg;
1615 src_wildcard = argv[idx + 1]->arg;
1616 dst = argv[idx + 3]->arg;
1617 }
1618
1619 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1620 src_wildcard, dst, "0.0.0.0", 1, 0);
718e3744 1621}
1622
1623DEFUN (no_access_list_extended_host_mask,
1624 no_access_list_extended_host_mask_cmd,
358189ad 1625 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1626 NO_STR
1627 "Add an access list entry\n"
1628 "IP extended access list\n"
1629 "IP extended access list (expanded range)\n"
358189ad
DA		 1630 "Sequence number of an entry\n"
1631 "Sequence number\n"
718e3744 1632 "Specify packets to reject\n"
1633 "Specify packets to forward\n"
1634 "Any Internet Protocol\n"
1635 "A single source host\n"
1636 "Source address\n"
1637 "Destination address\n"
1638 "Destination Wildcard bits\n")
1639{
d62a17ae 1640 int idx_acl = 2;
358189ad
DA		 1641 int idx = 0;
1642 char *seq = NULL;
1643 char *permit_deny = NULL;
1644 char *src = NULL;
1645 char *dst = NULL;
1646 char *dst_wildcard = NULL;
1647
1648 argv_find(argv, argc, "(1-4294967295)", &idx);
1649 if (idx)
1650 seq = argv[idx]->arg;
1651
1652 idx = 0;
1653 argv_find(argv, argc, "permit", &idx);
1654 argv_find(argv, argc, "deny", &idx);
1655 if (idx)
1656 permit_deny = argv[idx]->arg;
1657
1658 idx = 0;
1659 argv_find(argv, argc, "A.B.C.D", &idx);
1660 if (idx) {
1661 src = argv[idx]->arg;
1662 dst = argv[idx + 1]->arg;
1663 dst_wildcard = argv[idx + 2]->arg;
1664 }
1665
1666 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1667 "0.0.0.0", dst, dst_wildcard, 1, 0);
718e3744 1668}
1669
1670DEFUN (no_access_list_extended_host_host,
1671 no_access_list_extended_host_host_cmd,
358189ad 1672 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1673 NO_STR
1674 "Add an access list entry\n"
1675 "IP extended access list\n"
1676 "IP extended access list (expanded range)\n"
358189ad
DA		 1677 "Sequence number of an entry\n"
1678 "Sequence number\n"
718e3744 1679 "Specify packets to reject\n"
1680 "Specify packets to forward\n"
1681 "Any Internet Protocol\n"
1682 "A single source host\n"
1683 "Source address\n"
1684 "A single destination host\n"
1685 "Destination address\n")
1686{
d62a17ae 1687 int idx_acl = 2;
358189ad
DA		 1688 int idx = 0;
1689 char *seq = NULL;
1690 char *permit_deny = NULL;
1691 char *src = NULL;
1692 char *dst = NULL;
1693
1694 argv_find(argv, argc, "(1-4294967295)", &idx);
1695 if (idx)
1696 seq = argv[idx]->arg;
1697
1698 idx = 0;
1699 argv_find(argv, argc, "permit", &idx);
1700 argv_find(argv, argc, "deny", &idx);
1701 if (idx)
1702 permit_deny = argv[idx]->arg;
1703
1704 idx = 0;
1705 argv_find(argv, argc, "A.B.C.D", &idx);
1706 if (idx) {
1707 src = argv[idx]->arg;
1708 dst = argv[idx + 2]->arg;
1709 }
1710
1711 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1712 "0.0.0.0", dst, "0.0.0.0", 1, 0);
718e3744 1713}
1714
1715DEFUN (no_access_list_extended_any_host,
1716 no_access_list_extended_any_host_cmd,
358189ad 1717 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1718 NO_STR
1719 "Add an access list entry\n"
1720 "IP extended access list\n"
1721 "IP extended access list (expanded range)\n"
358189ad
DA		 1722 "Sequence number of an entry\n"
1723 "Sequence number\n"
718e3744 1724 "Specify packets to reject\n"
1725 "Specify packets to forward\n"
1726 "Any Internet Protocol\n"
1727 "Any source host\n"
1728 "A single destination host\n"
1729 "Destination address\n")
1730{
d62a17ae 1731 int idx_acl = 2;
358189ad
DA		 1732 int idx = 0;
1733 char *seq = NULL;
1734 char *permit_deny = NULL;
1735 char *dst = NULL;
1736
1737 argv_find(argv, argc, "(1-4294967295)", &idx);
1738 if (idx)
1739 seq = argv[idx]->arg;
1740
1741 idx = 0;
1742 argv_find(argv, argc, "permit", &idx);
1743 argv_find(argv, argc, "deny", &idx);
1744 if (idx)
1745 permit_deny = argv[idx]->arg;
1746
1747 idx = 0;
1748 argv_find(argv, argc, "A.B.C.D", &idx);
1749 if (idx)
1750 dst = argv[idx]->arg;
1751
1752 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1753 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1754 0);
718e3744 1755}
1756
1757DEFUN (no_access_list_extended_host_any,
1758 no_access_list_extended_host_any_cmd,
358189ad 1759 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1760 NO_STR
1761 "Add an access list entry\n"
1762 "IP extended access list\n"
1763 "IP extended access list (expanded range)\n"
358189ad
DA		 1764 "Sequence number of an entry\n"
1765 "Sequence number\n"
718e3744 1766 "Specify packets to reject\n"
1767 "Specify packets to forward\n"
1768 "Any Internet Protocol\n"
1769 "A single source host\n"
1770 "Source address\n"
1771 "Any destination host\n")
1772{
d62a17ae 1773 int idx_acl = 2;
358189ad
DA		 1774 int idx = 0;
1775 char *seq = NULL;
1776 char *permit_deny = NULL;
1777 char *src = NULL;
1778
1779 argv_find(argv, argc, "(1-4294967295)", &idx);
1780 if (idx)
1781 seq = argv[idx]->arg;
1782
1783 idx = 0;
1784 argv_find(argv, argc, "permit", &idx);
1785 argv_find(argv, argc, "deny", &idx);
1786 if (idx)
1787 permit_deny = argv[idx]->arg;
1788
1789 idx = 0;
1790 argv_find(argv, argc, "A.B.C.D", &idx);
1791 if (idx)
1792 src = argv[idx]->arg;
1793
1794 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1795 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1796}
1797
1798static int filter_set_zebra(struct vty *vty, const char *name_str,
358189ad 1799 const char *seq, const char *type_str, afi_t afi,
d62a17ae 1800 const char *prefix_str, int exact, int set)
1801{
1802 int ret;
358189ad 1803 enum filter_type type = FILTER_DENY;
d62a17ae 1804 struct filter *mfilter;
1805 struct filter_zebra *filter;
1806 struct access_list *access;
1807 struct prefix p;
358189ad 1808 int64_t seqnum = -1;
d62a17ae 1809
1810 if (strlen(name_str) > ACL_NAMSIZ) {
1811 vty_out(vty,
1812 "%% ACL name %s is invalid: length exceeds "
1813 "%d characters\n",
1814 name_str, ACL_NAMSIZ);
1815 return CMD_WARNING_CONFIG_FAILED;
718e3744 1816 }
718e3744 1817
358189ad
DA		 1818 if (seq)
1819 seqnum = (int64_t)atol(seq);
1820
d62a17ae 1821 /* Check of filter type. */
358189ad
DA		 1822 if (type_str) {
1823 if (strncmp(type_str, "p", 1) == 0)
1824 type = FILTER_PERMIT;
1825 else if (strncmp(type_str, "d", 1) == 0)
1826 type = FILTER_DENY;
1827 else {
1828 vty_out(vty, "filter type must be [permit|deny]\n");
1829 return CMD_WARNING_CONFIG_FAILED;
1830 }
d62a17ae 1831 }
718e3744 1832
d62a17ae 1833 /* Check string format of prefix and prefixlen. */
1834 if (afi == AFI_IP) {
1835 ret = str2prefix_ipv4(prefix_str, (struct prefix_ipv4 *)&p);
1836 if (ret <= 0) {
1837 vty_out(vty,
1838 "IP address prefix/prefixlen is malformed\n");
1839 return CMD_WARNING_CONFIG_FAILED;
1840 }
1841 } else if (afi == AFI_IP6) {
1842 ret = str2prefix_ipv6(prefix_str, (struct prefix_ipv6 *)&p);
1843 if (ret <= 0) {
1844 vty_out(vty,
1845 "IPv6 address prefix/prefixlen is malformed\n");
1846 return CMD_WARNING_CONFIG_FAILED;
1847 }
d37ba549
MK		 1848 } else if (afi == AFI_L2VPN) {
1849 ret = str2prefix_eth(prefix_str, (struct prefix_eth *)&p);
1850 if (ret <= 0) {
1851 vty_out(vty, "MAC address is malformed\n");
1852 return CMD_WARNING;
1853 }
d62a17ae 1854 } else
1855 return CMD_WARNING_CONFIG_FAILED;
1856
1857 mfilter = filter_new();
1858 mfilter->type = type;
358189ad 1859 mfilter->seq = seqnum;
d62a17ae 1860 filter = &mfilter->u.zfilter;
1861 prefix_copy(&filter->prefix, &p);
1862
1863 /* "exact-match" */
1864 if (exact)
1865 filter->exact = 1;
1866
1867 /* Install new filter to the access_list. */
1868 access = access_list_get(afi, name_str);
1869
1870 if (set) {
1871 if (filter_lookup_zebra(access, mfilter))
1872 filter_free(mfilter);
1873 else
1874 access_list_filter_add(access, mfilter);
1875 } else {
1876 struct filter *delete_filter;
d62a17ae 1877 delete_filter = filter_lookup_zebra(access, mfilter);
1878 if (delete_filter)
1879 access_list_filter_delete(access, delete_filter);
1880
1881 filter_free(mfilter);
1882 }
718e3744 1883
d62a17ae 1884 return CMD_SUCCESS;
718e3744 1885}
1886
d37ba549
MK		 1887DEFUN (mac_access_list,
1888 mac_access_list_cmd,
358189ad 1889 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1890 "Add a mac access-list\n"
1891 "Add an access list entry\n"
1892 "MAC zebra access-list name\n"
358189ad
DA		 1893 "Sequence number of an entry\n"
1894 "Sequence number\n"
d37ba549
MK		 1895 "Specify packets to reject\n"
1896 "Specify packets to forward\n"
1897 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1898{
358189ad
DA		 1899 int idx = 0;
1900 char *seq = NULL;
1901 char *permit_deny = NULL;
1902 char *mac = NULL;
1903
1904 argv_find(argv, argc, "(1-4294967295)", &idx);
1905 if (idx)
1906 seq = argv[idx]->arg;
1907
1908 idx = 0;
1909 argv_find(argv, argc, "permit", &idx);
1910 argv_find(argv, argc, "deny", &idx);
1911 if (idx)
1912 permit_deny = argv[idx]->arg;
1913
1914 idx = 0;
1915 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1916 if (idx)
1917 mac = argv[idx]->arg;
1918
1919 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1920 mac, 0, 1);
d37ba549
MK		 1921}
1922
1923DEFUN (no_mac_access_list,
1924 no_mac_access_list_cmd,
358189ad 1925 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1926 NO_STR
1927 "Remove a mac access-list\n"
1928 "Remove an access list entry\n"
1929 "MAC zebra access-list name\n"
358189ad
DA		 1930 "Sequence number of an entry\n"
1931 "Sequence number\n"
d37ba549
MK		 1932 "Specify packets to reject\n"
1933 "Specify packets to forward\n"
1934 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1935{
358189ad
DA		 1936 int idx = 0;
1937 char *seq = NULL;
1938 char *permit_deny = NULL;
1939 char *mac = NULL;
1940
1941 argv_find(argv, argc, "(1-4294967295)", &idx);
1942 if (idx)
1943 seq = argv[idx]->arg;
1944
1945 idx = 0;
1946 argv_find(argv, argc, "permit", &idx);
1947 argv_find(argv, argc, "deny", &idx);
1948 if (idx)
1949 permit_deny = argv[idx]->arg;
1950
1951 idx = 0;
1952 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1953 if (idx)
1954 mac = argv[idx]->arg;
1955
1956 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1957 mac, 0, 0);
d37ba549
MK		 1958}
1959
1960DEFUN (mac_access_list_any,
1961 mac_access_list_any_cmd,
358189ad 1962 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1963 "Add a mac access-list\n"
1964 "Add an access list entry\n"
1965 "MAC zebra access-list name\n"
358189ad
DA		 1966 "Sequence number of an entry\n"
1967 "Sequence number\n"
d37ba549
MK		 1968 "Specify packets to reject\n"
1969 "Specify packets to forward\n"
1970 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1971{
358189ad
DA		 1972 int idx = 0;
1973 char *seq = NULL;
1974 char *permit_deny = NULL;
1975
1976 argv_find(argv, argc, "(1-4294967295)", &idx);
1977 if (idx)
1978 seq = argv[idx]->arg;
1979
1980 idx = 0;
1981 argv_find(argv, argc, "permit", &idx);
1982 argv_find(argv, argc, "deny", &idx);
1983 if (idx)
1984 permit_deny = argv[idx]->arg;
1985
1986 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 1987 "00:00:00:00:00:00", 0, 1);
1988}
1989
1990DEFUN (no_mac_access_list_any,
1991 no_mac_access_list_any_cmd,
358189ad 1992 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1993 NO_STR
1994 "Remove a mac access-list\n"
1995 "Remove an access list entry\n"
1996 "MAC zebra access-list name\n"
358189ad
DA		 1997 "Sequence number of an entry\n"
1998 "Sequence number\n"
d37ba549
MK		 1999 "Specify packets to reject\n"
2000 "Specify packets to forward\n"
2001 "MAC address to match. e.g. 00:01:00:01:00:01\n")
2002{
358189ad
DA		 2003 int idx = 0;
2004 char *seq = NULL;
2005 char *permit_deny = NULL;
2006
2007 argv_find(argv, argc, "(1-4294967295)", &idx);
2008 if (idx)
2009 seq = argv[idx]->arg;
2010
2011 idx = 0;
2012 argv_find(argv, argc, "permit", &idx);
2013 argv_find(argv, argc, "deny", &idx);
2014 if (idx)
2015 permit_deny = argv[idx]->arg;
2016
2017 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 2018 "00:00:00:00:00:00", 0, 0);
2019}
2020
718e3744 2021DEFUN (access_list_exact,
2022 access_list_exact_cmd,
358189ad 2023 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2024 "Add an access list entry\n"
2025 "IP zebra access-list name\n"
358189ad
DA		 2026 "Sequence number of an entry\n"
2027 "Sequence number\n"
718e3744 2028 "Specify packets to reject\n"
2029 "Specify packets to forward\n"
2030 "Prefix to match. e.g. 10.0.0.0/8\n"
2031 "Exact match of the prefixes\n")
2032{
8367c327 2033 int idx = 0;
d62a17ae 2034 int exact = 0;
358189ad
DA		 2035 char *seq = NULL;
2036 char *permit_deny = NULL;
2037 char *prefix = NULL;
2038
2039 argv_find(argv, argc, "(1-4294967295)", &idx);
2040 if (idx)
2041 seq = argv[idx]->arg;
2042
2043 idx = 0;
2044 argv_find(argv, argc, "permit", &idx);
2045 argv_find(argv, argc, "deny", &idx);
2046 if (idx)
2047 permit_deny = argv[idx]->arg;
2048
2049 idx = 0;
2050 argv_find(argv, argc, "A.B.C.D/M", &idx);
2051 if (idx)
2052 prefix = argv[idx]->arg;
2053
2054 idx = 0;
d62a17ae 2055 if (argv_find(argv, argc, "exact-match", &idx))
2056 exact = 1;
a1198921 2057
358189ad
DA		 2058 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2059 AFI_IP, prefix, exact, 1);
718e3744 2060}
2061
2062DEFUN (access_list_any,
2063 access_list_any_cmd,
358189ad 2064 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2065 "Add an access list entry\n"
2066 "IP zebra access-list name\n"
358189ad
DA		 2067 "Sequence number of an entry\n"
2068 "Sequence number\n"
718e3744 2069 "Specify packets to reject\n"
2070 "Specify packets to forward\n"
2071 "Prefix to match. e.g. 10.0.0.0/8\n")
2072{
d62a17ae 2073 int idx_word = 1;
358189ad
DA		 2074 int idx = 0;
2075 char *seq = NULL;
2076 char *permit_deny = NULL;
2077
2078 argv_find(argv, argc, "(1-4294967295)", &idx);
2079 if (idx)
2080 seq = argv[idx]->arg;
2081
2082 idx = 0;
2083 argv_find(argv, argc, "permit", &idx);
2084 argv_find(argv, argc, "deny", &idx);
2085 if (idx)
2086 permit_deny = argv[idx]->arg;
2087
2088 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2089 AFI_IP, "0.0.0.0/0", 0, 1);
718e3744 2090}
2091
718e3744 2092DEFUN (no_access_list_exact,
2093 no_access_list_exact_cmd,
358189ad 2094 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2095 NO_STR
2096 "Add an access list entry\n"
2097 "IP zebra access-list name\n"
358189ad
DA		 2098 "Sequence number of an entry\n"
2099 "Sequence number\n"
718e3744 2100 "Specify packets to reject\n"
2101 "Specify packets to forward\n"
2102 "Prefix to match. e.g. 10.0.0.0/8\n"
2103 "Exact match of the prefixes\n")
2104{
8367c327 2105 int idx = 0;
d62a17ae 2106 int exact = 0;
358189ad
DA		 2107 char *seq = NULL;
2108 char *permit_deny = NULL;
2109 char *prefix = NULL;
2110
2111 argv_find(argv, argc, "(1-4294967295)", &idx);
2112 if (idx)
2113 seq = argv[idx]->arg;
2114
2115 idx = 0;
2116 argv_find(argv, argc, "permit", &idx);
2117 argv_find(argv, argc, "deny", &idx);
2118 if (idx)
2119 permit_deny = argv[idx]->arg;
2120
2121 idx = 0;
2122 argv_find(argv, argc, "A.B.C.D/M", &idx);
2123 if (idx)
2124 prefix = argv[idx]->arg;
2125
2126 idx = 0;
d62a17ae 2127 if (argv_find(argv, argc, "exact-match", &idx))
2128 exact = 1;
a1198921 2129
358189ad
DA		 2130 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2131 AFI_IP, prefix, exact, 0);
718e3744 2132}
2133
2134DEFUN (no_access_list_any,
2135 no_access_list_any_cmd,
358189ad 2136 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2137 NO_STR
2138 "Add an access list entry\n"
2139 "IP zebra access-list name\n"
358189ad
DA		 2140 "Sequence number of an entry\n"
2141 "Sequence number\n"
718e3744 2142 "Specify packets to reject\n"
2143 "Specify packets to forward\n"
2144 "Prefix to match. e.g. 10.0.0.0/8\n")
2145{
358189ad
DA		 2146 int idx_word = 1;
2147 int idx = 0;
2148 char *seq = NULL;
2149 char *permit_deny = NULL;
2150
2151 argv_find(argv, argc, "(1-4294967295)", &idx);
2152 if (idx)
2153 seq = argv[idx]->arg;
2154
2155 idx = 0;
2156 argv_find(argv, argc, "permit", &idx);
2157 argv_find(argv, argc, "deny", &idx);
2158 if (idx)
2159 permit_deny = argv[idx]->arg;
2160
2161 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2162 AFI_IP, "0.0.0.0/0", 0, 0);
718e3744 2163}
2164
2165DEFUN (no_access_list_all,
2166 no_access_list_all_cmd,
6147e2c6 2167 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2168 NO_STR
2169 "Add an access list entry\n"
2170 "IP standard access list\n"
2171 "IP extended access list\n"
2172 "IP standard access list (expanded range)\n"
2173 "IP extended access list (expanded range)\n"
2174 "IP zebra access-list name\n")
2175{
d62a17ae 2176 int idx_acl = 2;
2177 struct access_list *access;
2178 struct access_master *master;
718e3744 2179
d62a17ae 2180 /* Looking up access_list. */
2181 access = access_list_lookup(AFI_IP, argv[idx_acl]->arg);
2182 if (access == NULL) {
2183 vty_out(vty, "%% access-list %s doesn't exist\n",
2184 argv[idx_acl]->arg);
2185 return CMD_WARNING_CONFIG_FAILED;
2186 }
2187
2188 master = access->master;
718e3744 2189
d62a17ae 2190 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2191 /* Run hook function. */
2192 if (master->delete_hook)
2193 (*master->delete_hook)(access);
718e3744 2194
d62a17ae 2195 /* Delete all filter from access-list. */
2196 access_list_delete(access);
6a2e0f36 2197
d62a17ae 2198 return CMD_SUCCESS;
718e3744 2199}
2200
2201DEFUN (access_list_remark,
2202 access_list_remark_cmd,
e961923c 2203 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
718e3744 2204 "Add an access list entry\n"
2205 "IP standard access list\n"
2206 "IP extended access list\n"
2207 "IP standard access list (expanded range)\n"
2208 "IP extended access list (expanded range)\n"
2209 "IP zebra access-list\n"
2210 "Access list entry comment\n"
2211 "Comment up to 100 characters\n")
2212{
d62a17ae 2213 int idx_acl = 1;
2214 int idx_remark = 3;
2215 struct access_list *access;
718e3744 2216
d62a17ae 2217 access = access_list_get(AFI_IP, argv[idx_acl]->arg);
718e3744 2218
d62a17ae 2219 if (access->remark) {
2220 XFREE(MTYPE_TMP, access->remark);
2221 access->remark = NULL;
2222 }
2223 access->remark = argv_concat(argv, argc, idx_remark);
718e3744 2224
d62a17ae 2225 return CMD_SUCCESS;
718e3744 2226}
2227
2228DEFUN (no_access_list_remark,
2229 no_access_list_remark_cmd,
6147e2c6 2230 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
718e3744 2231 NO_STR
2232 "Add an access list entry\n"
2233 "IP standard access list\n"
2234 "IP extended access list\n"
2235 "IP standard access list (expanded range)\n"
2236 "IP extended access list (expanded range)\n"
2237 "IP zebra access-list\n"
2238 "Access list entry comment\n")
2239{
d62a17ae 2240 int idx_acl = 2;
2241 return vty_access_list_remark_unset(vty, AFI_IP, argv[idx_acl]->arg);
718e3744 2242}
f667a580
QY		 2243
2244/* ALIAS_FIXME */
2245DEFUN (no_access_list_remark_comment,
2246 no_access_list_remark_comment_cmd,
2247 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2248 NO_STR
2249 "Add an access list entry\n"
2250 "IP standard access list\n"
2251 "IP extended access list\n"
2252 "IP standard access list (expanded range)\n"
2253 "IP extended access list (expanded range)\n"
2254 "IP zebra access-list\n"
2255 "Access list entry comment\n"
2256 "Comment up to 100 characters\n")
2257{
d62a17ae 2258 return no_access_list_remark(self, vty, argc, argv);
f667a580 2259}
718e3744 2260
2261DEFUN (ipv6_access_list_exact,
2262 ipv6_access_list_exact_cmd,
358189ad 2263 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2264 IPV6_STR
2265 "Add an access list entry\n"
2266 "IPv6 zebra access-list\n"
358189ad
DA		 2267 "Sequence number of an entry\n"
2268 "Sequence number\n"
718e3744 2269 "Specify packets to reject\n"
2270 "Specify packets to forward\n"
5435e6e8 2271 "IPv6 prefix\n"
718e3744 2272 "Exact match of the prefixes\n")
2273{
8367c327 2274 int idx = 0;
d62a17ae 2275 int exact = 0;
2276 int idx_word = 2;
358189ad
DA		 2277 char *seq = NULL;
2278 char *permit_deny = NULL;
2279 char *prefix = NULL;
2280
2281 argv_find(argv, argc, "(1-4294967295)", &idx);
2282 if (idx)
2283 seq = argv[idx]->arg;
2284
2285 idx = 0;
2286 argv_find(argv, argc, "permit", &idx);
2287 argv_find(argv, argc, "deny", &idx);
2288 if (idx)
2289 permit_deny = argv[idx]->arg;
2290
2291 idx = 0;
2292 argv_find(argv, argc, "X:X::X:X/M", &idx);
2293 if (idx)
2294 prefix = argv[idx]->arg;
2295
2296 idx = 0;
d62a17ae 2297 if (argv_find(argv, argc, "exact-match", &idx))
2298 exact = 1;
a1198921 2299
358189ad
DA		 2300 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2301 AFI_IP6, prefix, exact, 1);
718e3744 2302}
2303
2304DEFUN (ipv6_access_list_any,
2305 ipv6_access_list_any_cmd,
358189ad 2306 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2307 IPV6_STR
2308 "Add an access list entry\n"
2309 "IPv6 zebra access-list\n"
358189ad
DA		 2310 "Sequence number of an entry\n"
2311 "Sequence number\n"
718e3744 2312 "Specify packets to reject\n"
2313 "Specify packets to forward\n"
2314 "Any prefixi to match\n")
2315{
d62a17ae 2316 int idx_word = 2;
358189ad
DA		 2317 int idx = 0;
2318 char *seq = NULL;
2319 char *permit_deny = NULL;
2320
2321 argv_find(argv, argc, "(1-4294967295)", &idx);
2322 if (idx)
2323 seq = argv[idx]->arg;
2324
2325 idx = 0;
2326 argv_find(argv, argc, "permit", &idx);
2327 argv_find(argv, argc, "deny", &idx);
2328 if (idx)
2329 permit_deny = argv[idx]->arg;
2330
2331 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2332 AFI_IP6, "::/0", 0, 1);
718e3744 2333}
2334
718e3744 2335DEFUN (no_ipv6_access_list_exact,
2336 no_ipv6_access_list_exact_cmd,
358189ad 2337 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2338 NO_STR
2339 IPV6_STR
2340 "Add an access list entry\n"
2341 "IPv6 zebra access-list\n"
358189ad
DA		 2342 "Sequence number of an entry\n"
2343 "Sequence number\n"
718e3744 2344 "Specify packets to reject\n"
2345 "Specify packets to forward\n"
2346 "Prefix to match. e.g. 3ffe:506::/32\n"
2347 "Exact match of the prefixes\n")
2348{
8367c327 2349 int idx = 0;
d62a17ae 2350 int exact = 0;
358189ad
DA		 2351 int idx_word = 2;
2352 char *seq = NULL;
2353 char *permit_deny = NULL;
2354 char *prefix = NULL;
2355
2356 argv_find(argv, argc, "(1-4294967295)", &idx);
2357 if (idx)
2358 seq = argv[idx]->arg;
2359
2360 idx = 0;
2361 argv_find(argv, argc, "permit", &idx);
2362 argv_find(argv, argc, "deny", &idx);
2363 if (idx)
2364 permit_deny = argv[idx]->arg;
2365
2366 idx = 0;
2367 argv_find(argv, argc, "X:X::X:X/M", &idx);
2368 if (idx)
2369 prefix = argv[idx]->arg;
2370
2371 idx = 0;
d62a17ae 2372 if (argv_find(argv, argc, "exact-match", &idx))
2373 exact = 1;
a1198921 2374
358189ad
DA		 2375 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2376 AFI_IP6, prefix, exact, 0);
718e3744 2377}
2378
2379DEFUN (no_ipv6_access_list_any,
2380 no_ipv6_access_list_any_cmd,
358189ad 2381 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2382 NO_STR
2383 IPV6_STR
2384 "Add an access list entry\n"
2385 "IPv6 zebra access-list\n"
358189ad
DA		 2386 "Sequence number of an entry\n"
2387 "Sequence number\n"
718e3744 2388 "Specify packets to reject\n"
2389 "Specify packets to forward\n"
2390 "Any prefixi to match\n")
2391{
358189ad
DA		 2392 int idx_word = 2;
2393 int idx = 0;
2394 char *seq = NULL;
2395 char *permit_deny = NULL;
2396
2397 argv_find(argv, argc, "(1-4294967295)", &idx);
2398 if (idx)
2399 seq = argv[idx]->arg;
2400
2401 idx = 0;
2402 argv_find(argv, argc, "permit", &idx);
2403 argv_find(argv, argc, "deny", &idx);
2404 if (idx)
2405 permit_deny = argv[idx]->arg;
2406
2407 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2408 AFI_IP6, "::/0", 0, 0);
718e3744 2409}
2410
2411
2412DEFUN (no_ipv6_access_list_all,
2413 no_ipv6_access_list_all_cmd,
2414 "no ipv6 access-list WORD",
2415 NO_STR
2416 IPV6_STR
2417 "Add an access list entry\n"
2418 "IPv6 zebra access-list\n")
2419{
d62a17ae 2420 int idx_word = 3;
2421 struct access_list *access;
2422 struct access_master *master;
718e3744 2423
d62a17ae 2424 /* Looking up access_list. */
2425 access = access_list_lookup(AFI_IP6, argv[idx_word]->arg);
2426 if (access == NULL) {
2427 vty_out(vty, "%% access-list %s doesn't exist\n",
2428 argv[idx_word]->arg);
2429 return CMD_WARNING_CONFIG_FAILED;
2430 }
718e3744 2431
d62a17ae 2432 master = access->master;
718e3744 2433
d62a17ae 2434 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2435 /* Run hook function. */
2436 if (master->delete_hook)
2437 (*master->delete_hook)(access);
718e3744 2438
d62a17ae 2439 /* Delete all filter from access-list. */
2440 access_list_delete(access);
6a2e0f36 2441
d62a17ae 2442 return CMD_SUCCESS;
718e3744 2443}
2444
2445DEFUN (ipv6_access_list_remark,
2446 ipv6_access_list_remark_cmd,
e961923c 2447 "ipv6 access-list WORD remark LINE...",
718e3744 2448 IPV6_STR
2449 "Add an access list entry\n"
2450 "IPv6 zebra access-list\n"
2451 "Access list entry comment\n"
2452 "Comment up to 100 characters\n")
2453{
d62a17ae 2454 int idx_word = 2;
2455 int idx_line = 4;
2456 struct access_list *access;
718e3744 2457
d62a17ae 2458 access = access_list_get(AFI_IP6, argv[idx_word]->arg);
718e3744 2459
d62a17ae 2460 if (access->remark) {
2461 XFREE(MTYPE_TMP, access->remark);
2462 access->remark = NULL;
2463 }
2464 access->remark = argv_concat(argv, argc, idx_line);
718e3744 2465
d62a17ae 2466 return CMD_SUCCESS;
718e3744 2467}
2468
2469DEFUN (no_ipv6_access_list_remark,
2470 no_ipv6_access_list_remark_cmd,
2471 "no ipv6 access-list WORD remark",
2472 NO_STR
2473 IPV6_STR
2474 "Add an access list entry\n"
2475 "IPv6 zebra access-list\n"
2476 "Access list entry comment\n")
2477{
d62a17ae 2478 int idx_word = 3;
2479 return vty_access_list_remark_unset(vty, AFI_IP6, argv[idx_word]->arg);
718e3744 2480}
f667a580
QY		 2481
2482/* ALIAS_FIXME */
2483DEFUN (no_ipv6_access_list_remark_comment,
2484 no_ipv6_access_list_remark_comment_cmd,
2485 "no ipv6 access-list WORD remark LINE...",
2486 NO_STR
2487 IPV6_STR
2488 "Add an access list entry\n"
2489 "IPv6 zebra access-list\n"
2490 "Access list entry comment\n"
2491 "Comment up to 100 characters\n")
2492{
d62a17ae 2493 return no_ipv6_access_list_remark(self, vty, argc, argv);
f667a580 2494}
718e3744 2495
d62a17ae 2496void config_write_access_zebra(struct vty *, struct filter *);
2497void config_write_access_cisco(struct vty *, struct filter *);
718e3744 2498
2499/* show access-list command. */
d62a17ae 2500static int filter_show(struct vty *vty, const char *name, afi_t afi)
2501{
2502 struct access_list *access;
2503 struct access_master *master;
2504 struct filter *mfilter;
2505 struct filter_cisco *filter;
2506 int write = 0;
2507
2508 master = access_master_get(afi);
2509 if (master == NULL)
2510 return 0;
2511
2512 /* Print the name of the protocol */
2513 vty_out(vty, "%s:\n", frr_protoname);
2514
2515 for (access = master->num.head; access; access = access->next) {
2516 if (name && strcmp(access->name, name) != 0)
2517 continue;
2518
2519 write = 1;
2520
2521 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2522 filter = &mfilter->u.cfilter;
2523
2524 if (write) {
d37ba549 2525 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2526 mfilter->cisco ? (filter->extended
2527 ? "Extended"
2528 : "Standard")
2529 : "Zebra",
d37ba549 2530 (afi == AFI_IP)
3b0f6068
DL		 2531 ? ("IP")
2532 : ((afi == AFI_IP6) ? ("IPv6 ")
2533 : ("MAC ")),
d62a17ae 2534 access->name);
2535 write = 0;
2536 }
2537
358189ad
DA		 2538 vty_out(vty, " seq %" PRId64, mfilter->seq);
2539 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2540 mfilter->type == FILTER_DENY ? " " : "");
2541
2542 if (!mfilter->cisco)
2543 config_write_access_zebra(vty, mfilter);
2544 else if (filter->extended)
2545 config_write_access_cisco(vty, mfilter);
2546 else {
2547 if (filter->addr_mask.s_addr == 0xffffffff)
2548 vty_out(vty, " any\n");
2549 else {
2550 vty_out(vty, " %s",
2551 inet_ntoa(filter->addr));
2552 if (filter->addr_mask.s_addr != 0)
2553 vty_out(vty,
2554 ", wildcard bits %s",
2555 inet_ntoa(
2556 filter->addr_mask));
2557 vty_out(vty, "\n");
2558 }
2559 }
718e3744 2560 }
718e3744 2561 }
d62a17ae 2562
2563 for (access = master->str.head; access; access = access->next) {
2564 if (name && strcmp(access->name, name) != 0)
2565 continue;
2566
2567 write = 1;
2568
2569 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2570 filter = &mfilter->u.cfilter;
2571
2572 if (write) {
d37ba549 2573 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2574 mfilter->cisco ? (filter->extended
2575 ? "Extended"
2576 : "Standard")
2577 : "Zebra",
d37ba549 2578 (afi == AFI_IP)
3b0f6068
DL		 2579 ? ("IP")
2580 : ((afi == AFI_IP6) ? ("IPv6 ")
2581 : ("MAC ")),
d62a17ae 2582 access->name);
2583 write = 0;
2584 }
2585
358189ad
DA		 2586 vty_out(vty, " seq %" PRId64, mfilter->seq);
2587 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2588 mfilter->type == FILTER_DENY ? " " : "");
2589
2590 if (!mfilter->cisco)
2591 config_write_access_zebra(vty, mfilter);
2592 else if (filter->extended)
2593 config_write_access_cisco(vty, mfilter);
2594 else {
2595 if (filter->addr_mask.s_addr == 0xffffffff)
2596 vty_out(vty, " any\n");
2597 else {
2598 vty_out(vty, " %s",
2599 inet_ntoa(filter->addr));
2600 if (filter->addr_mask.s_addr != 0)
2601 vty_out(vty,
2602 ", wildcard bits %s",
2603 inet_ntoa(
2604 filter->addr_mask));
2605 vty_out(vty, "\n");
2606 }
2607 }
718e3744 2608 }
718e3744 2609 }
d62a17ae 2610 return CMD_SUCCESS;
718e3744 2611}
2612
d37ba549
MK		 2613/* show MAC access list - this only has MAC filters for now*/
2614DEFUN (show_mac_access_list,
2615 show_mac_access_list_cmd,
2616 "show mac access-list",
2617 SHOW_STR
2618 "mac access lists\n"
2619 "List mac access lists\n")
2620{
2621 return filter_show(vty, NULL, AFI_L2VPN);
2622}
2623
2624DEFUN (show_mac_access_list_name,
2625 show_mac_access_list_name_cmd,
2626 "show mac access-list WORD",
2627 SHOW_STR
1667fc40 2628 "mac access lists\n"
d37ba549 2629 "List mac access lists\n"
1667fc40 2630 "mac address\n")
d37ba549
MK		 2631{
2632 return filter_show(vty, argv[3]->arg, AFI_L2VPN);
2633}
2634
718e3744 2635DEFUN (show_ip_access_list,
2636 show_ip_access_list_cmd,
2637 "show ip access-list",
2638 SHOW_STR
2639 IP_STR
2640 "List IP access lists\n")
2641{
d62a17ae 2642 return filter_show(vty, NULL, AFI_IP);
718e3744 2643}
2644
2645DEFUN (show_ip_access_list_name,
2646 show_ip_access_list_name_cmd,
6147e2c6 2647 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2648 SHOW_STR
2649 IP_STR
2650 "List IP access lists\n"
2651 "IP standard access list\n"
2652 "IP extended access list\n"
2653 "IP standard access list (expanded range)\n"
2654 "IP extended access list (expanded range)\n"
2655 "IP zebra access-list\n")
2656{
d62a17ae 2657 int idx_acl = 3;
2658 return filter_show(vty, argv[idx_acl]->arg, AFI_IP);
718e3744 2659}
2660
718e3744 2661DEFUN (show_ipv6_access_list,
2662 show_ipv6_access_list_cmd,
2663 "show ipv6 access-list",
2664 SHOW_STR
2665 IPV6_STR
2666 "List IPv6 access lists\n")
2667{
d62a17ae 2668 return filter_show(vty, NULL, AFI_IP6);
718e3744 2669}
2670
2671DEFUN (show_ipv6_access_list_name,
2672 show_ipv6_access_list_name_cmd,
2673 "show ipv6 access-list WORD",
2674 SHOW_STR
2675 IPV6_STR
2676 "List IPv6 access lists\n"
2677 "IPv6 zebra access-list\n")
2678{
d62a17ae 2679 int idx_word = 3;
2680 return filter_show(vty, argv[idx_word]->arg, AFI_IP6);
2681}
2682
2683void config_write_access_cisco(struct vty *vty, struct filter *mfilter)
2684{
2685 struct filter_cisco *filter;
2686
2687 filter = &mfilter->u.cfilter;
2688
2689 if (filter->extended) {
2690 vty_out(vty, " ip");
2691 if (filter->addr_mask.s_addr == 0xffffffff)
2692 vty_out(vty, " any");
2693 else if (filter->addr_mask.s_addr == 0)
2694 vty_out(vty, " host %s", inet_ntoa(filter->addr));
2695 else {
2696 vty_out(vty, " %s", inet_ntoa(filter->addr));
2697 vty_out(vty, " %s", inet_ntoa(filter->addr_mask));
2698 }
2699
2700 if (filter->mask_mask.s_addr == 0xffffffff)
2701 vty_out(vty, " any");
2702 else if (filter->mask_mask.s_addr == 0)
2703 vty_out(vty, " host %s", inet_ntoa(filter->mask));
2704 else {
2705 vty_out(vty, " %s", inet_ntoa(filter->mask));
2706 vty_out(vty, " %s", inet_ntoa(filter->mask_mask));
2707 }
2708 vty_out(vty, "\n");
2709 } else {
2710 if (filter->addr_mask.s_addr == 0xffffffff)
2711 vty_out(vty, " any\n");
2712 else {
2713 vty_out(vty, " %s", inet_ntoa(filter->addr));
2714 if (filter->addr_mask.s_addr != 0)
2715 vty_out(vty, " %s",
2716 inet_ntoa(filter->addr_mask));
2717 vty_out(vty, "\n");
2718 }
718e3744 2719 }
718e3744 2720}
2721
d62a17ae 2722void config_write_access_zebra(struct vty *vty, struct filter *mfilter)
718e3744 2723{
d62a17ae 2724 struct filter_zebra *filter;
2725 struct prefix *p;
2726 char buf[BUFSIZ];
718e3744 2727
d62a17ae 2728 filter = &mfilter->u.zfilter;
2729 p = &filter->prefix;
718e3744 2730
d62a17ae 2731 if (p->prefixlen == 0 && !filter->exact)
2732 vty_out(vty, " any");
d37ba549 2733 else if (p->family == AF_INET6 || p->family == AF_INET)
d62a17ae 2734 vty_out(vty, " %s/%d%s",
2735 inet_ntop(p->family, &p->u.prefix, buf, BUFSIZ),
2736 p->prefixlen, filter->exact ? " exact-match" : "");
69b61704 2737 else if (p->family == AF_ETHERNET) {
3b0f6068 2738 if (p->prefixlen == 0)
69b61704
MK		 2739 vty_out(vty, " any");
2740 else
2741 vty_out(vty, " %s", prefix_mac2str(&(p->u.prefix_eth),
2742 buf, sizeof(buf)));
2743 }
718e3744 2744
d62a17ae 2745 vty_out(vty, "\n");
718e3744 2746}
2747
d62a17ae 2748static int config_write_access(struct vty *vty, afi_t afi)
718e3744 2749{
d62a17ae 2750 struct access_list *access;
2751 struct access_master *master;
2752 struct filter *mfilter;
2753 int write = 0;
718e3744 2754
d62a17ae 2755 master = access_master_get(afi);
2756 if (master == NULL)
2757 return 0;
718e3744 2758
d62a17ae 2759 for (access = master->num.head; access; access = access->next) {
2760 if (access->remark) {
2761 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2762 (afi == AFI_IP) ? ("")
2763 : ((afi == AFI_IP6) ? ("ipv6 ")
2764 : ("mac ")),
2765 access->name, access->remark);
d62a17ae 2766 write++;
2767 }
718e3744 2768
d62a17ae 2769 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2770 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2771 (afi == AFI_IP) ? ("")
2772 : ((afi == AFI_IP6) ? ("ipv6 ")
2773 : ("mac ")),
358189ad
DA		 2774 access->name, mfilter->seq,
2775 filter_type_str(mfilter));
718e3744 2776
d62a17ae 2777 if (mfilter->cisco)
2778 config_write_access_cisco(vty, mfilter);
2779 else
2780 config_write_access_zebra(vty, mfilter);
718e3744 2781
d62a17ae 2782 write++;
2783 }
718e3744 2784 }
2785
d62a17ae 2786 for (access = master->str.head; access; access = access->next) {
2787 if (access->remark) {
2788 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2789 (afi == AFI_IP) ? ("")
2790 : ((afi == AFI_IP6) ? ("ipv6 ")
2791 : ("mac ")),
2792 access->name, access->remark);
d62a17ae 2793 write++;
2794 }
2795
2796 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2797 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2798 (afi == AFI_IP) ? ("")
2799 : ((afi == AFI_IP6) ? ("ipv6 ")
2800 : ("mac ")),
358189ad
DA		 2801 access->name, mfilter->seq,
2802 filter_type_str(mfilter));
718e3744 2803
d62a17ae 2804 if (mfilter->cisco)
2805 config_write_access_cisco(vty, mfilter);
2806 else
2807 config_write_access_zebra(vty, mfilter);
718e3744 2808
d62a17ae 2809 write++;
2810 }
718e3744 2811 }
d62a17ae 2812 return write;
718e3744 2813}
2814
d37ba549
MK		 2815static struct cmd_node access_mac_node = {
2816 ACCESS_MAC_NODE, "", /* Access list has no interface. */
2817 1};
2818
2819static int config_write_access_mac(struct vty *vty)
2820{
2821 return config_write_access(vty, AFI_L2VPN);
2822}
2823
2824static void access_list_reset_mac(void)
2825{
2826 struct access_list *access;
2827 struct access_list *next;
2828 struct access_master *master;
2829
2830 master = access_master_get(AFI_L2VPN);
2831 if (master == NULL)
2832 return;
2833
2834 for (access = master->num.head; access; access = next) {
2835 next = access->next;
2836 access_list_delete(access);
2837 }
2838 for (access = master->str.head; access; access = next) {
2839 next = access->next;
2840 access_list_delete(access);
2841 }
2842
2843 assert(master->num.head == NULL);
2844 assert(master->num.tail == NULL);
2845
2846 assert(master->str.head == NULL);
2847 assert(master->str.tail == NULL);
2848}
2849
2850/* Install vty related command. */
2851static void access_list_init_mac(void)
2852{
2853 install_node(&access_mac_node, config_write_access_mac);
2854
2855 install_element(ENABLE_NODE, &show_mac_access_list_cmd);
2856 install_element(ENABLE_NODE, &show_mac_access_list_name_cmd);
2857
2858 /* Zebra access-list */
2859 install_element(CONFIG_NODE, &mac_access_list_cmd);
2860 install_element(CONFIG_NODE, &no_mac_access_list_cmd);
2861 install_element(CONFIG_NODE, &mac_access_list_any_cmd);
2862 install_element(CONFIG_NODE, &no_mac_access_list_any_cmd);
2863}
2864
718e3744 2865/* Access-list node. */
d62a17ae 2866static struct cmd_node access_node = {ACCESS_NODE,
2867 "", /* Access list has no interface. */
2868 1};
718e3744 2869
d62a17ae 2870static int config_write_access_ipv4(struct vty *vty)
718e3744 2871{
d62a17ae 2872 return config_write_access(vty, AFI_IP);
718e3744 2873}
2874
d62a17ae 2875static void access_list_reset_ipv4(void)
718e3744 2876{
d62a17ae 2877 struct access_list *access;
2878 struct access_list *next;
2879 struct access_master *master;
718e3744 2880
d62a17ae 2881 master = access_master_get(AFI_IP);
2882 if (master == NULL)
2883 return;
718e3744 2884
d62a17ae 2885 for (access = master->num.head; access; access = next) {
2886 next = access->next;
2887 access_list_delete(access);
2888 }
2889 for (access = master->str.head; access; access = next) {
2890 next = access->next;
2891 access_list_delete(access);
2892 }
718e3744 2893
d62a17ae 2894 assert(master->num.head == NULL);
2895 assert(master->num.tail == NULL);
718e3744 2896
d62a17ae 2897 assert(master->str.head == NULL);
2898 assert(master->str.tail == NULL);
718e3744 2899}
2900
2901/* Install vty related command. */
d62a17ae 2902static void access_list_init_ipv4(void)
2903{
2904 install_node(&access_node, config_write_access_ipv4);
2905
2906 install_element(ENABLE_NODE, &show_ip_access_list_cmd);
2907 install_element(ENABLE_NODE, &show_ip_access_list_name_cmd);
2908
2909 /* Zebra access-list */
2910 install_element(CONFIG_NODE, &access_list_exact_cmd);
2911 install_element(CONFIG_NODE, &access_list_any_cmd);
2912 install_element(CONFIG_NODE, &no_access_list_exact_cmd);
2913 install_element(CONFIG_NODE, &no_access_list_any_cmd);
2914
2915 /* Standard access-list */
2916 install_element(CONFIG_NODE, &access_list_standard_cmd);
2917 install_element(CONFIG_NODE, &access_list_standard_nomask_cmd);
2918 install_element(CONFIG_NODE, &access_list_standard_host_cmd);
2919 install_element(CONFIG_NODE, &access_list_standard_any_cmd);
2920 install_element(CONFIG_NODE, &no_access_list_standard_cmd);
2921 install_element(CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2922 install_element(CONFIG_NODE, &no_access_list_standard_host_cmd);
2923 install_element(CONFIG_NODE, &no_access_list_standard_any_cmd);
2924
2925 /* Extended access-list */
2926 install_element(CONFIG_NODE, &access_list_extended_cmd);
2927 install_element(CONFIG_NODE, &access_list_extended_any_mask_cmd);
2928 install_element(CONFIG_NODE, &access_list_extended_mask_any_cmd);
2929 install_element(CONFIG_NODE, &access_list_extended_any_any_cmd);
2930 install_element(CONFIG_NODE, &access_list_extended_host_mask_cmd);
2931 install_element(CONFIG_NODE, &access_list_extended_mask_host_cmd);
2932 install_element(CONFIG_NODE, &access_list_extended_host_host_cmd);
2933 install_element(CONFIG_NODE, &access_list_extended_any_host_cmd);
2934 install_element(CONFIG_NODE, &access_list_extended_host_any_cmd);
2935 install_element(CONFIG_NODE, &no_access_list_extended_cmd);
2936 install_element(CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2937 install_element(CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2938 install_element(CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2939 install_element(CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2940 install_element(CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2941 install_element(CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2942 install_element(CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2943 install_element(CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2944
2945 install_element(CONFIG_NODE, &access_list_remark_cmd);
2946 install_element(CONFIG_NODE, &no_access_list_all_cmd);
2947 install_element(CONFIG_NODE, &no_access_list_remark_cmd);
2948 install_element(CONFIG_NODE, &no_access_list_remark_comment_cmd);
2949}
2950
2951static struct cmd_node access_ipv6_node = {ACCESS_IPV6_NODE, "", 1};
2952
2953static int config_write_access_ipv6(struct vty *vty)
2954{
2955 return config_write_access(vty, AFI_IP6);
2956}
2957
2958static void access_list_reset_ipv6(void)
2959{
2960 struct access_list *access;
2961 struct access_list *next;
2962 struct access_master *master;
2963
2964 master = access_master_get(AFI_IP6);
2965 if (master == NULL)
2966 return;
2967
2968 for (access = master->num.head; access; access = next) {
2969 next = access->next;
2970 access_list_delete(access);
2971 }
2972 for (access = master->str.head; access; access = next) {
2973 next = access->next;
2974 access_list_delete(access);
2975 }
718e3744 2976
d62a17ae 2977 assert(master->num.head == NULL);
2978 assert(master->num.tail == NULL);
718e3744 2979
d62a17ae 2980 assert(master->str.head == NULL);
2981 assert(master->str.tail == NULL);
718e3744 2982}
2983
d62a17ae 2984static void access_list_init_ipv6(void)
718e3744 2985{
d62a17ae 2986 install_node(&access_ipv6_node, config_write_access_ipv6);
718e3744 2987
d62a17ae 2988 install_element(ENABLE_NODE, &show_ipv6_access_list_cmd);
2989 install_element(ENABLE_NODE, &show_ipv6_access_list_name_cmd);
718e3744 2990
d62a17ae 2991 install_element(CONFIG_NODE, &ipv6_access_list_exact_cmd);
2992 install_element(CONFIG_NODE, &ipv6_access_list_any_cmd);
2993 install_element(CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2994 install_element(CONFIG_NODE, &no_ipv6_access_list_any_cmd);
718e3744 2995
d62a17ae 2996 install_element(CONFIG_NODE, &no_ipv6_access_list_all_cmd);
2997 install_element(CONFIG_NODE, &ipv6_access_list_remark_cmd);
2998 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
2999 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
718e3744 3000}
718e3744 3001
4d762f26 3002void access_list_init(void)
718e3744 3003{
d62a17ae 3004 access_list_init_ipv4();
3005 access_list_init_ipv6();
d37ba549 3006 access_list_init_mac();
718e3744 3007}
3008
4d762f26 3009void access_list_reset(void)
718e3744 3010{
d62a17ae 3011 access_list_reset_ipv4();
3012 access_list_reset_ipv6();
d37ba549 3013 access_list_reset_mac();
718e3744 3014}
FRRouting mirror