]> git.proxmox.com Git - mirror_frr.git/blame - lib/filter.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5590 from qlyoung/fix-nhrp-underflow
[mirror_frr.git] / lib / filter.c
CommitLineData
718e3744 1/* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
896014f4
DL		 16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 19 */
20
21#include <zebra.h>
22
23#include "prefix.h"
24#include "filter.h"
25#include "memory.h"
26#include "command.h"
27#include "sockunion.h"
28#include "buffer.h"
fbf5d033 29#include "log.h"
518f0eb1 30#include "routemap.h"
b85120bc 31#include "libfrr.h"
718e3744 32
d62a17ae 33DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
4a1ab8e4 34DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
d62a17ae 35DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
37struct filter_cisco {
38 /* Cisco access-list */
39 int extended;
40 struct in_addr addr;
41 struct in_addr addr_mask;
42 struct in_addr mask;
43 struct in_addr mask_mask;
718e3744 44};
45
d62a17ae 46struct filter_zebra {
47 /* If this filter is "exact" match then this flag is set. */
48 int exact;
718e3744 49
d62a17ae 50 /* Prefix information. */
51 struct prefix prefix;
718e3744 52};
53
54/* Filter element of access list */
d62a17ae 55struct filter {
56 /* For doubly linked list. */
57 struct filter *next;
58 struct filter *prev;
718e3744 59
d62a17ae 60 /* Filter type information. */
61 enum filter_type type;
718e3744 62
358189ad
DA		 63 /* Sequence number */
64 int64_t seq;
65
d62a17ae 66 /* Cisco access-list */
67 int cisco;
718e3744 68
d62a17ae 69 union {
70 struct filter_cisco cfilter;
71 struct filter_zebra zfilter;
72 } u;
718e3744 73};
74
75/* List of access_list. */
d62a17ae 76struct access_list_list {
77 struct access_list *head;
78 struct access_list *tail;
718e3744 79};
80
81/* Master structure of access_list. */
d62a17ae 82struct access_master {
83 /* List of access_list which name is number. */
84 struct access_list_list num;
718e3744 85
d62a17ae 86 /* List of access_list which name is string. */
87 struct access_list_list str;
718e3744 88
d62a17ae 89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook)(struct access_list *);
718e3744 91
d62a17ae 92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook)(struct access_list *);
718e3744 94};
95
b34fd35d 96/* Static structure for mac access_list's master. */
d37ba549
MK		 97static struct access_master access_master_mac = {
98 {NULL, NULL},
99 {NULL, NULL},
100 NULL,
101 NULL,
102};
103
718e3744 104/* Static structure for IPv4 access_list's master. */
d62a17ae 105static struct access_master access_master_ipv4 = {
106 {NULL, NULL},
107 {NULL, NULL},
108 NULL,
109 NULL,
718e3744 110};
111
718e3744 112/* Static structure for IPv6 access_list's master. */
d62a17ae 113static struct access_master access_master_ipv6 = {
114 {NULL, NULL},
115 {NULL, NULL},
116 NULL,
117 NULL,
718e3744 118};
6b0655a2 119
d62a17ae 120static struct access_master *access_master_get(afi_t afi)
718e3744 121{
d62a17ae 122 if (afi == AFI_IP)
123 return &access_master_ipv4;
124 else if (afi == AFI_IP6)
125 return &access_master_ipv6;
d37ba549
MK		 126 else if (afi == AFI_L2VPN)
127 return &access_master_mac;
d62a17ae 128 return NULL;
718e3744 129}
130
131/* Allocate new filter structure. */
d62a17ae 132static struct filter *filter_new(void)
718e3744 133{
9f5dc319 134 return XCALLOC(MTYPE_ACCESS_FILTER, sizeof(struct filter));
718e3744 135}
136
d62a17ae 137static void filter_free(struct filter *filter)
718e3744 138{
d62a17ae 139 XFREE(MTYPE_ACCESS_FILTER, filter);
718e3744 140}
141
142/* Return string of filter_type. */
d62a17ae 143static const char *filter_type_str(struct filter *filter)
144{
145 switch (filter->type) {
146 case FILTER_PERMIT:
147 return "permit";
148 break;
149 case FILTER_DENY:
150 return "deny";
151 break;
152 case FILTER_DYNAMIC:
153 return "dynamic";
154 break;
155 default:
156 return "";
157 break;
158 }
718e3744 159}
160
161/* If filter match to the prefix then return 1. */
123214ef 162static int filter_match_cisco(struct filter *mfilter, const struct prefix *p)
718e3744 163{
d62a17ae 164 struct filter_cisco *filter;
165 struct in_addr mask;
d7c0a89a
QY		 166 uint32_t check_addr;
167 uint32_t check_mask;
718e3744 168
d62a17ae 169 filter = &mfilter->u.cfilter;
170 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
718e3744 171
d62a17ae 172 if (filter->extended) {
173 masklen2ip(p->prefixlen, &mask);
174 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
718e3744 175
d62a17ae 176 if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0
177 && memcmp(&check_mask, &filter->mask.s_addr, 4) == 0)
178 return 1;
179 } else if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0)
180 return 1;
718e3744 181
d62a17ae 182 return 0;
718e3744 183}
184
185/* If filter match to the prefix then return 1. */
123214ef 186static int filter_match_zebra(struct filter *mfilter, const struct prefix *p)
718e3744 187{
d37ba549 188 struct filter_zebra *filter = NULL;
718e3744 189
d62a17ae 190 filter = &mfilter->u.zfilter;
718e3744 191
3b0f6068
DL		 192 if (filter->prefix.family == p->family) {
193 if (filter->exact) {
194 if (filter->prefix.prefixlen == p->prefixlen)
d62a17ae 195 return prefix_match(&filter->prefix, p);
3b0f6068
DL		 196 else
197 return 0;
d62a17ae 198 } else
3b0f6068
DL		 199 return prefix_match(&filter->prefix, p);
200 } else
201 return 0;
718e3744 202}
6b0655a2 203
718e3744 204/* Allocate new access list structure. */
d62a17ae 205static struct access_list *access_list_new(void)
718e3744 206{
9f5dc319 207 return XCALLOC(MTYPE_ACCESS_LIST, sizeof(struct access_list));
718e3744 208}
209
210/* Free allocated access_list. */
d62a17ae 211static void access_list_free(struct access_list *access)
718e3744 212{
d62a17ae 213 XFREE(MTYPE_ACCESS_LIST, access);
718e3744 214}
215
216/* Delete access_list from access_master and free it. */
d62a17ae 217static void access_list_delete(struct access_list *access)
718e3744 218{
d62a17ae 219 struct filter *filter;
220 struct filter *next;
221 struct access_list_list *list;
222 struct access_master *master;
718e3744 223
d62a17ae 224 for (filter = access->head; filter; filter = next) {
225 next = filter->next;
226 filter_free(filter);
227 }
718e3744 228
d62a17ae 229 master = access->master;
718e3744 230
d62a17ae 231 if (access->type == ACCESS_TYPE_NUMBER)
232 list = &master->num;
233 else
234 list = &master->str;
718e3744 235
d62a17ae 236 if (access->next)
237 access->next->prev = access->prev;
238 else
239 list->tail = access->prev;
718e3744 240
d62a17ae 241 if (access->prev)
242 access->prev->next = access->next;
243 else
244 list->head = access->next;
718e3744 245
0a22ddfb 246 XFREE(MTYPE_ACCESS_LIST_STR, access->name);
718e3744 247
0a22ddfb 248 XFREE(MTYPE_TMP, access->remark);
718e3744 249
d62a17ae 250 access_list_free(access);
718e3744 251}
252
253/* Insert new access list to list of access_list. Each acceess_list
254 is sorted by the name. */
d62a17ae 255static struct access_list *access_list_insert(afi_t afi, const char *name)
256{
257 unsigned int i;
258 long number;
259 struct access_list *access;
260 struct access_list *point;
261 struct access_list_list *alist;
262 struct access_master *master;
263
264 master = access_master_get(afi);
265 if (master == NULL)
266 return NULL;
267
268 /* Allocate new access_list and copy given name. */
269 access = access_list_new();
270 access->name = XSTRDUP(MTYPE_ACCESS_LIST_STR, name);
271 access->master = master;
272
273 /* If name is made by all digit character. We treat it as
274 number. */
275 for (number = 0, i = 0; i < strlen(name); i++) {
fefa5e0f 276 if (isdigit((unsigned char)name[i]))
d62a17ae 277 number = (number * 10) + (name[i] - '0');
278 else
279 break;
280 }
281
282 /* In case of name is all digit character */
283 if (i == strlen(name)) {
284 access->type = ACCESS_TYPE_NUMBER;
285
286 /* Set access_list to number list. */
287 alist = &master->num;
288
289 for (point = alist->head; point; point = point->next)
290 if (atol(point->name) >= number)
291 break;
292 } else {
293 access->type = ACCESS_TYPE_STRING;
294
295 /* Set access_list to string list. */
296 alist = &master->str;
297
298 /* Set point to insertion point. */
299 for (point = alist->head; point; point = point->next)
300 if (strcmp(point->name, name) >= 0)
301 break;
302 }
303
304 /* In case of this is the first element of master. */
305 if (alist->head == NULL) {
306 alist->head = alist->tail = access;
307 return access;
308 }
309
310 /* In case of insertion is made at the tail of access_list. */
311 if (point == NULL) {
312 access->prev = alist->tail;
313 alist->tail->next = access;
314 alist->tail = access;
315 return access;
316 }
317
318 /* In case of insertion is made at the head of access_list. */
319 if (point == alist->head) {
320 access->next = alist->head;
321 alist->head->prev = access;
322 alist->head = access;
323 return access;
324 }
325
326 /* Insertion is made at middle of the access_list. */
327 access->next = point;
328 access->prev = point->prev;
329
330 if (point->prev)
331 point->prev->next = access;
332 point->prev = access;
333
334 return access;
718e3744 335}
336
337/* Lookup access_list from list of access_list by name. */
d62a17ae 338struct access_list *access_list_lookup(afi_t afi, const char *name)
718e3744 339{
d62a17ae 340 struct access_list *access;
341 struct access_master *master;
718e3744 342
d62a17ae 343 if (name == NULL)
344 return NULL;
718e3744 345
d62a17ae 346 master = access_master_get(afi);
347 if (master == NULL)
348 return NULL;
718e3744 349
d62a17ae 350 for (access = master->num.head; access; access = access->next)
351 if (strcmp(access->name, name) == 0)
352 return access;
718e3744 353
d62a17ae 354 for (access = master->str.head; access; access = access->next)
355 if (strcmp(access->name, name) == 0)
356 return access;
718e3744 357
d62a17ae 358 return NULL;
718e3744 359}
360
361/* Get access list from list of access_list. If there isn't matched
362 access_list create new one and return it. */
d62a17ae 363static struct access_list *access_list_get(afi_t afi, const char *name)
718e3744 364{
d62a17ae 365 struct access_list *access;
718e3744 366
d62a17ae 367 access = access_list_lookup(afi, name);
368 if (access == NULL)
369 access = access_list_insert(afi, name);
370 return access;
718e3744 371}
372
373/* Apply access list to object (which should be struct prefix *). */
123214ef
MS		 374enum filter_type access_list_apply(struct access_list *access,
375 const void *object)
718e3744 376{
d62a17ae 377 struct filter *filter;
123214ef 378 const struct prefix *p = (const struct prefix *)object;
718e3744 379
d62a17ae 380 if (access == NULL)
381 return FILTER_DENY;
718e3744 382
d62a17ae 383 for (filter = access->head; filter; filter = filter->next) {
384 if (filter->cisco) {
385 if (filter_match_cisco(filter, p))
386 return filter->type;
387 } else {
0f6476cc 388 if (filter_match_zebra(filter, p))
d62a17ae 389 return filter->type;
390 }
718e3744 391 }
718e3744 392
d62a17ae 393 return FILTER_DENY;
718e3744 394}
395
396/* Add hook function. */
d62a17ae 397void access_list_add_hook(void (*func)(struct access_list *access))
718e3744 398{
d62a17ae 399 access_master_ipv4.add_hook = func;
400 access_master_ipv6.add_hook = func;
d37ba549 401 access_master_mac.add_hook = func;
718e3744 402}
403
404/* Delete hook function. */
d62a17ae 405void access_list_delete_hook(void (*func)(struct access_list *access))
718e3744 406{
d62a17ae 407 access_master_ipv4.delete_hook = func;
408 access_master_ipv6.delete_hook = func;
d37ba549 409 access_master_mac.delete_hook = func;
718e3744 410}
411
358189ad
DA		 412/* Calculate new sequential number. */
413static int64_t filter_new_seq_get(struct access_list *access)
718e3744 414{
358189ad
DA		 415 int64_t maxseq;
416 int64_t newseq;
417 struct filter *filter;
718e3744 418
358189ad 419 maxseq = newseq = 0;
718e3744 420
358189ad
DA		 421 for (filter = access->head; filter; filter = filter->next) {
422 if (maxseq < filter->seq)
423 maxseq = filter->seq;
424 }
425
426 newseq = ((maxseq / 5) * 5) + 5;
427
428 return (newseq > UINT_MAX) ? UINT_MAX : newseq;
429}
430
431/* Return access list entry which has same seq number. */
432static struct filter *filter_seq_check(struct access_list *access,
433 int64_t seq)
434{
435 struct filter *filter;
436
437 for (filter = access->head; filter; filter = filter->next)
438 if (filter->seq == seq)
439 return filter;
440 return NULL;
718e3744 441}
442
443/* If access_list has no filter then return 1. */
d62a17ae 444static int access_list_empty(struct access_list *access)
718e3744 445{
d62a17ae 446 if (access->head == NULL && access->tail == NULL)
447 return 1;
448 else
449 return 0;
718e3744 450}
451
452/* Delete filter from specified access_list. If there is hook
453 function execute it. */
d62a17ae 454static void access_list_filter_delete(struct access_list *access,
455 struct filter *filter)
718e3744 456{
d62a17ae 457 struct access_master *master;
718e3744 458
d62a17ae 459 master = access->master;
718e3744 460
d62a17ae 461 if (filter->next)
462 filter->next->prev = filter->prev;
463 else
464 access->tail = filter->prev;
718e3744 465
d62a17ae 466 if (filter->prev)
467 filter->prev->next = filter->next;
468 else
469 access->head = filter->next;
718e3744 470
d62a17ae 471 filter_free(filter);
718e3744 472
d62a17ae 473 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
474 /* Run hook function. */
475 if (master->delete_hook)
476 (*master->delete_hook)(access);
683de05f 477
d62a17ae 478 /* If access_list becomes empty delete it from access_master. */
479 if (access_list_empty(access))
480 access_list_delete(access);
718e3744 481}
6b0655a2 482
358189ad
DA		 483/* Add new filter to the end of specified access_list. */
484static void access_list_filter_add(struct access_list *access,
485 struct filter *filter)
486{
487 struct filter *replace;
488 struct filter *point;
489
490 /* Automatic asignment of seq no. */
491 if (filter->seq == -1)
492 filter->seq = filter_new_seq_get(access);
493
494 if (access->tail && filter->seq > access->tail->seq)
495 point = NULL;
496 else {
497 /* Is there any same seq access list filter? */
498 replace = filter_seq_check(access, filter->seq);
499 if (replace)
500 access_list_filter_delete(access, replace);
501
502 /* Check insert point. */
503 for (point = access->head; point; point = point->next)
504 if (point->seq >= filter->seq)
505 break;
506 }
507
508 /* In case of this is the first element of the list. */
509 filter->next = point;
510
511 if (point) {
512 if (point->prev)
513 point->prev->next = filter;
514 else
515 access->head = filter;
516
517 filter->prev = point->prev;
518 point->prev = filter;
519 } else {
520 if (access->tail)
521 access->tail->next = filter;
522 else
523 access->head = filter;
524
525 filter->prev = access->tail;
526 access->tail = filter;
527 }
528
529 /* Run hook function. */
530 if (access->master->add_hook)
531 (*access->master->add_hook)(access);
532 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
533}
534
718e3744 535/*
536 deny Specify packets to reject
537 permit Specify packets to forward
538 dynamic ?
539*/
540
541/*
542 Hostname or A.B.C.D Address to match
543 any Any source host
544 host A single host address
545*/
546
d62a17ae 547static struct filter *filter_lookup_cisco(struct access_list *access,
548 struct filter *mnew)
549{
550 struct filter *mfilter;
551 struct filter_cisco *filter;
552 struct filter_cisco *new;
553
554 new = &mnew->u.cfilter;
555
556 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
557 filter = &mfilter->u.cfilter;
558
559 if (filter->extended) {
560 if (mfilter->type == mnew->type
561 && filter->addr.s_addr == new->addr.s_addr
562 && filter->addr_mask.s_addr == new->addr_mask.s_addr
563 && filter->mask.s_addr == new->mask.s_addr
564 && filter->mask_mask.s_addr
565 == new->mask_mask.s_addr)
566 return mfilter;
567 } else {
568 if (mfilter->type == mnew->type
569 && filter->addr.s_addr == new->addr.s_addr
570 && filter->addr_mask.s_addr
571 == new->addr_mask.s_addr)
572 return mfilter;
573 }
574 }
575
576 return NULL;
577}
578
579static struct filter *filter_lookup_zebra(struct access_list *access,
580 struct filter *mnew)
718e3744 581{
d62a17ae 582 struct filter *mfilter;
583 struct filter_zebra *filter;
584 struct filter_zebra *new;
718e3744 585
d62a17ae 586 new = &mnew->u.zfilter;
718e3744 587
d62a17ae 588 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
589 filter = &mfilter->u.zfilter;
718e3744 590
d62a17ae 591 if (filter->exact == new->exact
d37ba549 592 && mfilter->type == mnew->type) {
0f6476cc
DS		 593 if (prefix_same(&filter->prefix, &new->prefix))
594 return mfilter;
d37ba549 595 }
718e3744 596 }
d62a17ae 597 return NULL;
598}
599
600static int vty_access_list_remark_unset(struct vty *vty, afi_t afi,
601 const char *name)
602{
603 struct access_list *access;
604
605 access = access_list_lookup(afi, name);
606 if (!access) {
607 vty_out(vty, "%% access-list %s doesn't exist\n", name);
608 return CMD_WARNING_CONFIG_FAILED;
609 }
610
611 if (access->remark) {
612 XFREE(MTYPE_TMP, access->remark);
613 access->remark = NULL;
718e3744 614 }
d62a17ae 615
2e1cc436 616 if (access->head == NULL && access->tail == NULL)
d62a17ae 617 access_list_delete(access);
618
619 return CMD_SUCCESS;
620}
621
622static int filter_set_cisco(struct vty *vty, const char *name_str,
358189ad
DA		 623 const char *seq, const char *type_str,
624 const char *addr_str, const char *addr_mask_str,
625 const char *mask_str, const char *mask_mask_str,
626 int extended, int set)
d62a17ae 627{
628 int ret;
358189ad 629 enum filter_type type = FILTER_DENY;
d62a17ae 630 struct filter *mfilter;
631 struct filter_cisco *filter;
632 struct access_list *access;
633 struct in_addr addr;
634 struct in_addr addr_mask;
635 struct in_addr mask;
636 struct in_addr mask_mask;
358189ad
DA		 637 int64_t seqnum = -1;
638
639 if (seq)
640 seqnum = (int64_t)atol(seq);
d62a17ae 641
642 /* Check of filter type. */
358189ad
DA		 643 if (type_str) {
644 if (strncmp(type_str, "p", 1) == 0)
645 type = FILTER_PERMIT;
646 else if (strncmp(type_str, "d", 1) == 0)
647 type = FILTER_DENY;
648 else {
649 vty_out(vty, "%% filter type must be permit or deny\n");
650 return CMD_WARNING_CONFIG_FAILED;
651 }
d62a17ae 652 }
653
654 ret = inet_aton(addr_str, &addr);
655 if (ret <= 0) {
656 vty_out(vty, "%%Inconsistent address and mask\n");
657 return CMD_WARNING_CONFIG_FAILED;
658 }
659
660 ret = inet_aton(addr_mask_str, &addr_mask);
661 if (ret <= 0) {
662 vty_out(vty, "%%Inconsistent address and mask\n");
663 return CMD_WARNING_CONFIG_FAILED;
664 }
665
666 if (extended) {
667 ret = inet_aton(mask_str, &mask);
668 if (ret <= 0) {
669 vty_out(vty, "%%Inconsistent address and mask\n");
670 return CMD_WARNING_CONFIG_FAILED;
671 }
672
673 ret = inet_aton(mask_mask_str, &mask_mask);
674 if (ret <= 0) {
675 vty_out(vty, "%%Inconsistent address and mask\n");
676 return CMD_WARNING_CONFIG_FAILED;
677 }
678 }
679
680 mfilter = filter_new();
681 mfilter->type = type;
682 mfilter->cisco = 1;
358189ad 683 mfilter->seq = seqnum;
d62a17ae 684 filter = &mfilter->u.cfilter;
685 filter->extended = extended;
686 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
687 filter->addr_mask.s_addr = addr_mask.s_addr;
688
689 if (extended) {
690 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
691 filter->mask_mask.s_addr = mask_mask.s_addr;
718e3744 692 }
693
d62a17ae 694 /* Install new filter to the access_list. */
695 access = access_list_get(AFI_IP, name_str);
696
697 if (set) {
698 if (filter_lookup_cisco(access, mfilter))
699 filter_free(mfilter);
700 else
701 access_list_filter_add(access, mfilter);
702 } else {
703 struct filter *delete_filter;
704
705 delete_filter = filter_lookup_cisco(access, mfilter);
706 if (delete_filter)
707 access_list_filter_delete(access, delete_filter);
708
709 filter_free(mfilter);
718e3744 710 }
d62a17ae 711
712 return CMD_SUCCESS;
718e3744 713}
714
715/* Standard access-list */
716DEFUN (access_list_standard,
717 access_list_standard_cmd,
358189ad 718 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 719 "Add an access list entry\n"
720 "IP standard access list\n"
721 "IP standard access list (expanded range)\n"
358189ad
DA		 722 "Sequence number of an entry\n"
723 "Sequence number\n"
718e3744 724 "Specify packets to reject\n"
725 "Specify packets to forward\n"
726 "Address to match\n"
727 "Wildcard bits\n")
728{
d62a17ae 729 int idx_acl = 1;
358189ad
DA		 730 int idx = 0;
731 char *seq = NULL;
732 char *permit_deny = NULL;
733 char *address = NULL;
734 char *wildcard = NULL;
735
736 argv_find(argv, argc, "(1-4294967295)", &idx);
737 if (idx)
738 seq = argv[idx]->arg;
739
740 idx = 0;
741 argv_find(argv, argc, "permit", &idx);
742 argv_find(argv, argc, "deny", &idx);
743 if (idx)
744 permit_deny = argv[idx]->arg;
745
746 idx = 0;
747 argv_find(argv, argc, "A.B.C.D", &idx);
748 if (idx) {
749 address = argv[idx]->arg;
750 wildcard = argv[idx + 1]->arg;
751 }
752
753 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
754 address, wildcard, NULL, NULL, 0, 1);
718e3744 755}
756
757DEFUN (access_list_standard_nomask,
758 access_list_standard_nomask_cmd,
358189ad 759 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 760 "Add an access list entry\n"
761 "IP standard access list\n"
762 "IP standard access list (expanded range)\n"
358189ad
DA		 763 "Sequence number of an entry\n"
764 "Sequence number\n"
718e3744 765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
767 "Address to match\n")
768{
d62a17ae 769 int idx_acl = 1;
358189ad
DA		 770 int idx = 0;
771 char *seq = NULL;
772 char *permit_deny = NULL;
773 char *address = NULL;
774
775 argv_find(argv, argc, "(1-4294967295)", &idx);
776 if (idx)
777 seq = argv[idx]->arg;
778
779 idx = 0;
780 argv_find(argv, argc, "permit", &idx);
781 argv_find(argv, argc, "deny", &idx);
782 if (idx)
783 permit_deny = argv[idx]->arg;
784
785 idx = 0;
786 argv_find(argv, argc, "A.B.C.D", &idx);
787 if (idx)
788 address = argv[idx]->arg;
789
790 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
791 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 792}
793
794DEFUN (access_list_standard_host,
795 access_list_standard_host_cmd,
358189ad 796 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 797 "Add an access list entry\n"
798 "IP standard access list\n"
799 "IP standard access list (expanded range)\n"
358189ad
DA		 800 "Sequence number of an entry\n"
801 "Sequence number\n"
718e3744 802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "A single host address\n"
805 "Address to match\n")
806{
d62a17ae 807 int idx_acl = 1;
358189ad
DA		 808 int idx = 0;
809 char *seq = NULL;
810 char *permit_deny = NULL;
811 char *address = NULL;
812
813 argv_find(argv, argc, "(1-4294967295)", &idx);
814 if (idx)
815 seq = argv[idx]->arg;
816
817 idx = 0;
818 argv_find(argv, argc, "permit", &idx);
819 argv_find(argv, argc, "deny", &idx);
820 if (idx)
821 permit_deny = argv[idx]->arg;
822
823 idx = 0;
824 argv_find(argv, argc, "A.B.C.D", &idx);
825 if (idx)
826 address = argv[idx]->arg;
827
828 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
829 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 830}
831
832DEFUN (access_list_standard_any,
833 access_list_standard_any_cmd,
358189ad 834 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 835 "Add an access list entry\n"
836 "IP standard access list\n"
837 "IP standard access list (expanded range)\n"
358189ad
DA		 838 "Sequence number of an entry\n"
839 "Sequence number\n"
718e3744 840 "Specify packets to reject\n"
841 "Specify packets to forward\n"
842 "Any source host\n")
843{
d62a17ae 844 int idx_acl = 1;
358189ad
DA		 845 int idx = 0;
846 char *seq = NULL;
847 char *permit_deny = NULL;
848
849 argv_find(argv, argc, "(1-4294967295)", &idx);
850 if (idx)
851 seq = argv[idx]->arg;
852
853 idx = 0;
854 argv_find(argv, argc, "permit", &idx);
855 argv_find(argv, argc, "deny", &idx);
856 if (idx)
857 permit_deny = argv[idx]->arg;
858
859 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
860 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 1);
718e3744 861}
862
863DEFUN (no_access_list_standard,
864 no_access_list_standard_cmd,
358189ad 865 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 866 NO_STR
867 "Add an access list entry\n"
868 "IP standard access list\n"
869 "IP standard access list (expanded range)\n"
358189ad
DA		 870 "Sequence number of an entry\n"
871 "Sequence number\n"
718e3744 872 "Specify packets to reject\n"
873 "Specify packets to forward\n"
874 "Address to match\n"
875 "Wildcard bits\n")
876{
358189ad
DA		 877 int idx_acl = 1;
878 int idx = 0;
879 char *seq = NULL;
880 char *permit_deny = NULL;
881 char *address = NULL;
882 char *wildcard = NULL;
883
884 argv_find(argv, argc, "(1-4294967295)", &idx);
885 if (idx)
886 seq = argv[idx]->arg;
887
888 idx = 0;
889 argv_find(argv, argc, "permit", &idx);
890 argv_find(argv, argc, "deny", &idx);
891 if (idx)
892 permit_deny = argv[idx]->arg;
893
894 idx = 0;
895 argv_find(argv, argc, "A.B.C.D", &idx);
896 if (idx) {
897 address = argv[idx]->arg;
898 wildcard = argv[idx + 1]->arg;
899 }
900
901 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
902 address, wildcard, NULL, NULL, 0, 0);
718e3744 903}
904
905DEFUN (no_access_list_standard_nomask,
906 no_access_list_standard_nomask_cmd,
358189ad 907 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 908 NO_STR
909 "Add an access list entry\n"
910 "IP standard access list\n"
911 "IP standard access list (expanded range)\n"
358189ad
DA		 912 "Sequence number of an entry\n"
913 "Sequence number\n"
718e3744 914 "Specify packets to reject\n"
915 "Specify packets to forward\n"
916 "Address to match\n")
917{
d62a17ae 918 int idx_acl = 2;
358189ad
DA		 919 int idx = 0;
920 char *seq = NULL;
921 char *permit_deny = NULL;
922 char *address = NULL;
923
924 argv_find(argv, argc, "(1-4294967295)", &idx);
925 if (idx)
926 seq = argv[idx]->arg;
927
928 idx = 0;
929 argv_find(argv, argc, "permit", &idx);
930 argv_find(argv, argc, "deny", &idx);
931 if (idx)
932 permit_deny = argv[idx]->arg;
933
934 idx = 0;
935 argv_find(argv, argc, "A.B.C.D", &idx);
936 if (idx)
937 address = argv[idx]->arg;
938
939 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
940 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 941}
942
943DEFUN (no_access_list_standard_host,
944 no_access_list_standard_host_cmd,
358189ad 945 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 946 NO_STR
947 "Add an access list entry\n"
948 "IP standard access list\n"
949 "IP standard access list (expanded range)\n"
358189ad
DA		 950 "Sequence number of an entry\n"
951 "Sequence number\n"
718e3744 952 "Specify packets to reject\n"
953 "Specify packets to forward\n"
954 "A single host address\n"
955 "Address to match\n")
956{
d62a17ae 957 int idx_acl = 2;
358189ad
DA		 958 int idx = 0;
959 char *seq = NULL;
960 char *permit_deny = NULL;
961 char *address = NULL;
962
963 argv_find(argv, argc, "(1-4294967295)", &idx);
964 if (idx)
965 seq = argv[idx]->arg;
966
967 idx = 0;
968 argv_find(argv, argc, "permit", &idx);
969 argv_find(argv, argc, "deny", &idx);
970 if (idx)
971 permit_deny = argv[idx]->arg;
972
973 idx = 0;
974 argv_find(argv, argc, "A.B.C.D", &idx);
975 if (idx)
976 address = argv[idx]->arg;
977
978 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
979 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 980}
981
982DEFUN (no_access_list_standard_any,
983 no_access_list_standard_any_cmd,
358189ad 984 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 985 NO_STR
986 "Add an access list entry\n"
987 "IP standard access list\n"
988 "IP standard access list (expanded range)\n"
358189ad
DA		 989 "Sequence number of an entry\n"
990 "Sequence number\n"
718e3744 991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any source host\n")
994{
d62a17ae 995 int idx_acl = 2;
358189ad
DA		 996 int idx = 0;
997 char *seq = NULL;
998 char *permit_deny = NULL;
999
1000 argv_find(argv, argc, "(1-4294967295)", &idx);
1001 if (idx)
1002 seq = argv[idx]->arg;
1003
1004 idx = 0;
1005 argv_find(argv, argc, "permit", &idx);
1006 argv_find(argv, argc, "deny", &idx);
1007 if (idx)
1008 permit_deny = argv[idx]->arg;
1009
1010 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1011 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 0);
718e3744 1012}
1013
1014/* Extended access-list */
1015DEFUN (access_list_extended,
1016 access_list_extended_cmd,
358189ad 1017 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1018 "Add an access list entry\n"
1019 "IP extended access list\n"
1020 "IP extended access list (expanded range)\n"
358189ad
DA		 1021 "Sequence number of an entry\n"
1022 "Sequence number\n"
718e3744 1023 "Specify packets to reject\n"
1024 "Specify packets to forward\n"
1025 "Any Internet Protocol\n"
1026 "Source address\n"
1027 "Source wildcard bits\n"
1028 "Destination address\n"
1029 "Destination Wildcard bits\n")
1030{
d62a17ae 1031 int idx_acl = 1;
358189ad
DA		 1032 int idx = 0;
1033 char *seq = NULL;
1034 char *permit_deny = NULL;
1035 char *src = NULL;
1036 char *dst = NULL;
1037 char *src_wildcard = NULL;
1038 char *dst_wildcard = NULL;
1039
1040 argv_find(argv, argc, "(1-4294967295)", &idx);
1041 if (idx)
1042 seq = argv[idx]->arg;
1043
1044 idx = 0;
1045 argv_find(argv, argc, "permit", &idx);
1046 argv_find(argv, argc, "deny", &idx);
1047 if (idx)
1048 permit_deny = argv[idx]->arg;
1049
1050 idx = 0;
1051 argv_find(argv, argc, "A.B.C.D", &idx);
1052 if (idx) {
1053 src = argv[idx]->arg;
1054 src_wildcard = argv[idx + 1]->arg;
1055 dst = argv[idx + 2]->arg;
1056 dst_wildcard = argv[idx + 3]->arg;
1057 }
1058
1059 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1060 src_wildcard, dst, dst_wildcard, 1, 1);
718e3744 1061}
1062
1063DEFUN (access_list_extended_mask_any,
1064 access_list_extended_mask_any_cmd,
358189ad 1065 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1066 "Add an access list entry\n"
1067 "IP extended access list\n"
1068 "IP extended access list (expanded range)\n"
358189ad
DA		 1069 "Sequence number of an entry\n"
1070 "Sequence number\n"
718e3744 1071 "Specify packets to reject\n"
1072 "Specify packets to forward\n"
1073 "Any Internet Protocol\n"
1074 "Source address\n"
1075 "Source wildcard bits\n"
1076 "Any destination host\n")
1077{
d62a17ae 1078 int idx_acl = 1;
358189ad
DA		 1079 int idx = 0;
1080 char *seq = NULL;
1081 char *permit_deny = NULL;
1082 char *src = NULL;
1083 char *src_wildcard = NULL;
1084
1085 argv_find(argv, argc, "(1-4294967295)", &idx);
1086 if (idx)
1087 seq = argv[idx]->arg;
1088
1089 idx = 0;
1090 argv_find(argv, argc, "permit", &idx);
1091 argv_find(argv, argc, "deny", &idx);
1092 if (idx)
1093 permit_deny = argv[idx]->arg;
1094
1095 idx = 0;
1096 argv_find(argv, argc, "A.B.C.D", &idx);
1097 if (idx) {
1098 src = argv[idx]->arg;
1099 src_wildcard = argv[idx + 1]->arg;
1100 }
1101
1102 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1103 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1104 1);
718e3744 1105}
1106
1107DEFUN (access_list_extended_any_mask,
1108 access_list_extended_any_mask_cmd,
358189ad 1109 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1110 "Add an access list entry\n"
1111 "IP extended access list\n"
1112 "IP extended access list (expanded range)\n"
358189ad
DA		 1113 "Sequence number of an entry\n"
1114 "Sequence number\n"
718e3744 1115 "Specify packets to reject\n"
1116 "Specify packets to forward\n"
1117 "Any Internet Protocol\n"
1118 "Any source host\n"
1119 "Destination address\n"
1120 "Destination Wildcard bits\n")
1121{
d62a17ae 1122 int idx_acl = 1;
358189ad
DA		 1123 int idx = 0;
1124 char *seq = NULL;
1125 char *permit_deny = NULL;
1126 char *dst = NULL;
1127 char *dst_wildcard = NULL;
1128
1129 argv_find(argv, argc, "(1-4294967295)", &idx);
1130 if (idx)
1131 seq = argv[idx]->arg;
1132
1133 idx = 0;
1134 argv_find(argv, argc, "permit", &idx);
1135 argv_find(argv, argc, "deny", &idx);
1136 if (idx)
1137 permit_deny = argv[idx]->arg;
1138
1139 idx = 0;
1140 argv_find(argv, argc, "A.B.C.D", &idx);
1141 if (idx) {
1142 dst = argv[idx]->arg;
1143 dst_wildcard = argv[idx + 1]->arg;
1144 }
1145
1146 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1147 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1148 1, 1);
718e3744 1149}
1150
1151DEFUN (access_list_extended_any_any,
1152 access_list_extended_any_any_cmd,
358189ad 1153 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1154 "Add an access list entry\n"
1155 "IP extended access list\n"
1156 "IP extended access list (expanded range)\n"
358189ad
DA		 1157 "Sequence number of an entry\n"
1158 "Sequence number\n"
718e3744 1159 "Specify packets to reject\n"
1160 "Specify packets to forward\n"
1161 "Any Internet Protocol\n"
1162 "Any source host\n"
1163 "Any destination host\n")
1164{
d62a17ae 1165 int idx_acl = 1;
358189ad
DA		 1166 int idx = 0;
1167 char *seq = NULL;
1168 char *permit_deny = NULL;
1169
1170 argv_find(argv, argc, "(1-4294967295)", &idx);
1171 if (idx)
1172 seq = argv[idx]->arg;
1173
1174 idx = 0;
1175 argv_find(argv, argc, "permit", &idx);
1176 argv_find(argv, argc, "deny", &idx);
1177 if (idx)
1178 permit_deny = argv[idx]->arg;
1179
1180 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1181 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1182 "255.255.255.255", 1, 1);
718e3744 1183}
1184
1185DEFUN (access_list_extended_mask_host,
1186 access_list_extended_mask_host_cmd,
358189ad 1187 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1188 "Add an access list entry\n"
1189 "IP extended access list\n"
1190 "IP extended access list (expanded range)\n"
358189ad
DA		 1191 "Sequence number of an entry\n"
1192 "Sequence number\n"
718e3744 1193 "Specify packets to reject\n"
1194 "Specify packets to forward\n"
1195 "Any Internet Protocol\n"
1196 "Source address\n"
1197 "Source wildcard bits\n"
1198 "A single destination host\n"
1199 "Destination address\n")
1200{
d62a17ae 1201 int idx_acl = 1;
358189ad
DA		 1202 int idx = 0;
1203 char *seq = NULL;
1204 char *permit_deny = NULL;
1205 char *src = NULL;
1206 char *dst = NULL;
1207 char *src_wildcard = NULL;
1208
1209 argv_find(argv, argc, "(1-4294967295)", &idx);
1210 if (idx)
1211 seq = argv[idx]->arg;
1212
1213 idx = 0;
1214 argv_find(argv, argc, "permit", &idx);
1215 argv_find(argv, argc, "deny", &idx);
1216 if (idx)
1217 permit_deny = argv[idx]->arg;
1218
1219 idx = 0;
1220 argv_find(argv, argc, "A.B.C.D", &idx);
1221 if (idx) {
1222 src = argv[idx]->arg;
1223 src_wildcard = argv[idx + 1]->arg;
1224 dst = argv[idx + 3]->arg;
1225 }
1226
1227 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1228 src_wildcard, dst, "0.0.0.0", 1, 1);
718e3744 1229}
1230
1231DEFUN (access_list_extended_host_mask,
1232 access_list_extended_host_mask_cmd,
358189ad 1233 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1234 "Add an access list entry\n"
1235 "IP extended access list\n"
1236 "IP extended access list (expanded range)\n"
358189ad
DA		 1237 "Sequence number of an entry\n"
1238 "Sequence number\n"
718e3744 1239 "Specify packets to reject\n"
1240 "Specify packets to forward\n"
1241 "Any Internet Protocol\n"
1242 "A single source host\n"
1243 "Source address\n"
1244 "Destination address\n"
1245 "Destination Wildcard bits\n")
1246{
d62a17ae 1247 int idx_acl = 1;
358189ad
DA		 1248 int idx = 0;
1249 char *seq = NULL;
1250 char *permit_deny = NULL;
1251 char *src = NULL;
1252 char *dst = NULL;
1253 char *dst_wildcard = NULL;
1254
1255 argv_find(argv, argc, "(1-4294967295)", &idx);
1256 if (idx)
1257 seq = argv[idx]->arg;
1258
1259 idx = 0;
1260 argv_find(argv, argc, "permit", &idx);
1261 argv_find(argv, argc, "deny", &idx);
1262 if (idx)
1263 permit_deny = argv[idx]->arg;
1264
1265 idx = 0;
1266 argv_find(argv, argc, "A.B.C.D", &idx);
1267 if (idx) {
1268 src = argv[idx]->arg;
1269 dst = argv[idx + 1]->arg;
1270 dst_wildcard = argv[idx + 2]->arg;
1271 }
1272
1273 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1274 "0.0.0.0", dst, dst_wildcard, 1, 1);
718e3744 1275}
1276
1277DEFUN (access_list_extended_host_host,
1278 access_list_extended_host_host_cmd,
358189ad 1279 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1280 "Add an access list entry\n"
1281 "IP extended access list\n"
1282 "IP extended access list (expanded range)\n"
358189ad
DA		 1283 "Sequence number of an entry\n"
1284 "Sequence number\n"
718e3744 1285 "Specify packets to reject\n"
1286 "Specify packets to forward\n"
1287 "Any Internet Protocol\n"
1288 "A single source host\n"
1289 "Source address\n"
1290 "A single destination host\n"
1291 "Destination address\n")
1292{
d62a17ae 1293 int idx_acl = 1;
358189ad
DA		 1294 int idx = 0;
1295 char *seq = NULL;
1296 char *permit_deny = NULL;
1297 char *src = NULL;
1298 char *dst = NULL;
1299
1300 argv_find(argv, argc, "(1-4294967295)", &idx);
1301 if (idx)
1302 seq = argv[idx]->arg;
1303
1304 idx = 0;
1305 argv_find(argv, argc, "permit", &idx);
1306 argv_find(argv, argc, "deny", &idx);
1307 if (idx)
1308 permit_deny = argv[idx]->arg;
1309
1310 idx = 0;
1311 argv_find(argv, argc, "A.B.C.D", &idx);
1312 if (idx) {
1313 src = argv[idx]->arg;
1314 dst = argv[idx + 2]->arg;
1315 }
1316
1317 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1318 "0.0.0.0", dst, "0.0.0.0", 1, 1);
718e3744 1319}
1320
1321DEFUN (access_list_extended_any_host,
1322 access_list_extended_any_host_cmd,
358189ad 1323 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1324 "Add an access list entry\n"
1325 "IP extended access list\n"
1326 "IP extended access list (expanded range)\n"
358189ad
DA		 1327 "Sequence number of an entry\n"
1328 "Sequence number\n"
718e3744 1329 "Specify packets to reject\n"
1330 "Specify packets to forward\n"
1331 "Any Internet Protocol\n"
1332 "Any source host\n"
1333 "A single destination host\n"
1334 "Destination address\n")
1335{
d62a17ae 1336 int idx_acl = 1;
358189ad
DA		 1337 int idx = 0;
1338 char *seq = NULL;
1339 char *permit_deny = NULL;
1340 char *dst = NULL;
1341
1342 argv_find(argv, argc, "(1-4294967295)", &idx);
1343 if (idx)
1344 seq = argv[idx]->arg;
1345
1346 idx = 0;
1347 argv_find(argv, argc, "permit", &idx);
1348 argv_find(argv, argc, "deny", &idx);
1349 if (idx)
1350 permit_deny = argv[idx]->arg;
1351
1352 idx = 0;
1353 argv_find(argv, argc, "A.B.C.D", &idx);
1354 if (idx)
1355 dst = argv[idx]->arg;
1356
1357 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1358 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1359 1);
718e3744 1360}
1361
1362DEFUN (access_list_extended_host_any,
1363 access_list_extended_host_any_cmd,
358189ad 1364 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1365 "Add an access list entry\n"
1366 "IP extended access list\n"
1367 "IP extended access list (expanded range)\n"
358189ad
DA		 1368 "Sequence number of an entry\n"
1369 "Sequence number\n"
718e3744 1370 "Specify packets to reject\n"
1371 "Specify packets to forward\n"
1372 "Any Internet Protocol\n"
1373 "A single source host\n"
1374 "Source address\n"
1375 "Any destination host\n")
1376{
d62a17ae 1377 int idx_acl = 1;
358189ad
DA		 1378 int idx = 0;
1379 char *seq = NULL;
1380 char *permit_deny = NULL;
1381 char *src = NULL;
1382
1383 argv_find(argv, argc, "(1-4294967295)", &idx);
1384 if (idx)
1385 seq = argv[idx]->arg;
1386
1387 idx = 0;
1388 argv_find(argv, argc, "permit", &idx);
1389 argv_find(argv, argc, "deny", &idx);
1390 if (idx)
1391 permit_deny = argv[idx]->arg;
1392
1393 idx = 0;
1394 argv_find(argv, argc, "A.B.C.D", &idx);
1395 if (idx)
1396 src = argv[idx]->arg;
1397
1398 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1399 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
718e3744 1400}
1401
1402DEFUN (no_access_list_extended,
1403 no_access_list_extended_cmd,
358189ad 1404 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1405 NO_STR
1406 "Add an access list entry\n"
1407 "IP extended access list\n"
1408 "IP extended access list (expanded range)\n"
358189ad
DA		 1409 "Sequence number of an entry\n"
1410 "Sequence number\n"
718e3744 1411 "Specify packets to reject\n"
1412 "Specify packets to forward\n"
1413 "Any Internet Protocol\n"
1414 "Source address\n"
1415 "Source wildcard bits\n"
1416 "Destination address\n"
1417 "Destination Wildcard bits\n")
1418{
d62a17ae 1419 int idx_acl = 2;
358189ad
DA		 1420 int idx = 0;
1421 char *seq = NULL;
1422 char *permit_deny = NULL;
1423 char *src = NULL;
1424 char *dst = NULL;
1425 char *src_wildcard = NULL;
1426 char *dst_wildcard = NULL;
1427
1428 argv_find(argv, argc, "(1-4294967295)", &idx);
1429 if (idx)
1430 seq = argv[idx]->arg;
1431
1432 idx = 0;
1433 argv_find(argv, argc, "permit", &idx);
1434 argv_find(argv, argc, "deny", &idx);
1435 if (idx)
1436 permit_deny = argv[idx]->arg;
1437
1438 idx = 0;
1439 argv_find(argv, argc, "A.B.C.D", &idx);
1440 if (idx) {
1441 src = argv[idx]->arg;
1442 src_wildcard = argv[idx + 1]->arg;
1443 dst = argv[idx + 2]->arg;
1444 dst_wildcard = argv[idx + 3]->arg;
1445 }
1446
1447 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1448 src_wildcard, dst, dst_wildcard, 1, 0);
718e3744 1449}
1450
1451DEFUN (no_access_list_extended_mask_any,
1452 no_access_list_extended_mask_any_cmd,
358189ad 1453 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1454 NO_STR
1455 "Add an access list entry\n"
1456 "IP extended access list\n"
1457 "IP extended access list (expanded range)\n"
358189ad
DA		 1458 "Sequence number of an entry\n"
1459 "Sequence number\n"
718e3744 1460 "Specify packets to reject\n"
1461 "Specify packets to forward\n"
1462 "Any Internet Protocol\n"
1463 "Source address\n"
1464 "Source wildcard bits\n"
1465 "Any destination host\n")
1466{
d62a17ae 1467 int idx_acl = 2;
358189ad
DA		 1468 int idx = 0;
1469 char *seq = NULL;
1470 char *permit_deny = NULL;
1471 char *src = NULL;
1472 char *src_wildcard = NULL;
1473
1474 argv_find(argv, argc, "(1-4294967295)", &idx);
1475 if (idx)
1476 seq = argv[idx]->arg;
1477
1478 idx = 0;
1479 argv_find(argv, argc, "permit", &idx);
1480 argv_find(argv, argc, "deny", &idx);
1481 if (idx)
1482 permit_deny = argv[idx]->arg;
1483
1484 idx = 0;
1485 argv_find(argv, argc, "A.B.C.D", &idx);
1486 if (idx) {
1487 src = argv[idx]->arg;
1488 src_wildcard = argv[idx + 1]->arg;
1489 }
1490
1491 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1492 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1493 0);
718e3744 1494}
1495
1496DEFUN (no_access_list_extended_any_mask,
1497 no_access_list_extended_any_mask_cmd,
358189ad 1498 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1499 NO_STR
1500 "Add an access list entry\n"
1501 "IP extended access list\n"
1502 "IP extended access list (expanded range)\n"
358189ad
DA		 1503 "Sequence number of an entry\n"
1504 "Sequence number\n"
718e3744 1505 "Specify packets to reject\n"
1506 "Specify packets to forward\n"
1507 "Any Internet Protocol\n"
1508 "Any source host\n"
1509 "Destination address\n"
1510 "Destination Wildcard bits\n")
1511{
d62a17ae 1512 int idx_acl = 2;
358189ad
DA		 1513 int idx = 0;
1514 char *seq = NULL;
1515 char *permit_deny = NULL;
1516 char *dst = NULL;
1517 char *dst_wildcard = NULL;
1518
1519 argv_find(argv, argc, "(1-4294967295)", &idx);
1520 if (idx)
1521 seq = argv[idx]->arg;
1522
1523 idx = 0;
1524 argv_find(argv, argc, "permit", &idx);
1525 argv_find(argv, argc, "deny", &idx);
1526 if (idx)
1527 permit_deny = argv[idx]->arg;
1528
1529 idx = 0;
1530 argv_find(argv, argc, "A.B.C.D", &idx);
1531 if (idx) {
1532 dst = argv[idx]->arg;
1533 dst_wildcard = argv[idx + 1]->arg;
1534 }
1535
1536 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1537 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1538 1, 0);
718e3744 1539}
1540
1541DEFUN (no_access_list_extended_any_any,
1542 no_access_list_extended_any_any_cmd,
358189ad 1543 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1544 NO_STR
1545 "Add an access list entry\n"
1546 "IP extended access list\n"
1547 "IP extended access list (expanded range)\n"
358189ad
DA		 1548 "Sequence number of an entry\n"
1549 "Sequence number\n"
718e3744 1550 "Specify packets to reject\n"
1551 "Specify packets to forward\n"
1552 "Any Internet Protocol\n"
1553 "Any source host\n"
1554 "Any destination host\n")
1555{
d62a17ae 1556 int idx_acl = 2;
358189ad
DA		 1557 int idx = 0;
1558 char *seq = NULL;
1559 char *permit_deny = NULL;
1560
1561 argv_find(argv, argc, "(1-4294967295)", &idx);
1562 if (idx)
1563 seq = argv[idx]->arg;
1564
1565 idx = 0;
1566 argv_find(argv, argc, "permit", &idx);
1567 argv_find(argv, argc, "deny", &idx);
1568 if (idx)
1569 permit_deny = argv[idx]->arg;
1570
1571 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1572 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1573 "255.255.255.255", 1, 0);
718e3744 1574}
1575
1576DEFUN (no_access_list_extended_mask_host,
1577 no_access_list_extended_mask_host_cmd,
358189ad 1578 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1579 NO_STR
1580 "Add an access list entry\n"
1581 "IP extended access list\n"
1582 "IP extended access list (expanded range)\n"
358189ad
DA		 1583 "Sequence number of an entry\n"
1584 "Sequence number\n"
718e3744 1585 "Specify packets to reject\n"
1586 "Specify packets to forward\n"
1587 "Any Internet Protocol\n"
1588 "Source address\n"
1589 "Source wildcard bits\n"
1590 "A single destination host\n"
1591 "Destination address\n")
1592{
d62a17ae 1593 int idx_acl = 2;
358189ad
DA		 1594 int idx = 0;
1595 char *seq = NULL;
1596 char *permit_deny = NULL;
1597 char *src = NULL;
1598 char *dst = NULL;
1599 char *src_wildcard = NULL;
1600
1601 argv_find(argv, argc, "(1-4294967295)", &idx);
1602 if (idx)
1603 seq = argv[idx]->arg;
1604
1605 idx = 0;
1606 argv_find(argv, argc, "permit", &idx);
1607 argv_find(argv, argc, "deny", &idx);
1608 if (idx)
1609 permit_deny = argv[idx]->arg;
1610
1611 idx = 0;
1612 argv_find(argv, argc, "A.B.C.D", &idx);
1613 if (idx) {
1614 src = argv[idx]->arg;
1615 src_wildcard = argv[idx + 1]->arg;
1616 dst = argv[idx + 3]->arg;
1617 }
1618
1619 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1620 src_wildcard, dst, "0.0.0.0", 1, 0);
718e3744 1621}
1622
1623DEFUN (no_access_list_extended_host_mask,
1624 no_access_list_extended_host_mask_cmd,
358189ad 1625 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1626 NO_STR
1627 "Add an access list entry\n"
1628 "IP extended access list\n"
1629 "IP extended access list (expanded range)\n"
358189ad
DA		 1630 "Sequence number of an entry\n"
1631 "Sequence number\n"
718e3744 1632 "Specify packets to reject\n"
1633 "Specify packets to forward\n"
1634 "Any Internet Protocol\n"
1635 "A single source host\n"
1636 "Source address\n"
1637 "Destination address\n"
1638 "Destination Wildcard bits\n")
1639{
d62a17ae 1640 int idx_acl = 2;
358189ad
DA		 1641 int idx = 0;
1642 char *seq = NULL;
1643 char *permit_deny = NULL;
1644 char *src = NULL;
1645 char *dst = NULL;
1646 char *dst_wildcard = NULL;
1647
1648 argv_find(argv, argc, "(1-4294967295)", &idx);
1649 if (idx)
1650 seq = argv[idx]->arg;
1651
1652 idx = 0;
1653 argv_find(argv, argc, "permit", &idx);
1654 argv_find(argv, argc, "deny", &idx);
1655 if (idx)
1656 permit_deny = argv[idx]->arg;
1657
1658 idx = 0;
1659 argv_find(argv, argc, "A.B.C.D", &idx);
1660 if (idx) {
1661 src = argv[idx]->arg;
1662 dst = argv[idx + 1]->arg;
1663 dst_wildcard = argv[idx + 2]->arg;
1664 }
1665
1666 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1667 "0.0.0.0", dst, dst_wildcard, 1, 0);
718e3744 1668}
1669
1670DEFUN (no_access_list_extended_host_host,
1671 no_access_list_extended_host_host_cmd,
358189ad 1672 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1673 NO_STR
1674 "Add an access list entry\n"
1675 "IP extended access list\n"
1676 "IP extended access list (expanded range)\n"
358189ad
DA		 1677 "Sequence number of an entry\n"
1678 "Sequence number\n"
718e3744 1679 "Specify packets to reject\n"
1680 "Specify packets to forward\n"
1681 "Any Internet Protocol\n"
1682 "A single source host\n"
1683 "Source address\n"
1684 "A single destination host\n"
1685 "Destination address\n")
1686{
d62a17ae 1687 int idx_acl = 2;
358189ad
DA		 1688 int idx = 0;
1689 char *seq = NULL;
1690 char *permit_deny = NULL;
1691 char *src = NULL;
1692 char *dst = NULL;
1693
1694 argv_find(argv, argc, "(1-4294967295)", &idx);
1695 if (idx)
1696 seq = argv[idx]->arg;
1697
1698 idx = 0;
1699 argv_find(argv, argc, "permit", &idx);
1700 argv_find(argv, argc, "deny", &idx);
1701 if (idx)
1702 permit_deny = argv[idx]->arg;
1703
1704 idx = 0;
1705 argv_find(argv, argc, "A.B.C.D", &idx);
1706 if (idx) {
1707 src = argv[idx]->arg;
1708 dst = argv[idx + 2]->arg;
1709 }
1710
1711 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1712 "0.0.0.0", dst, "0.0.0.0", 1, 0);
718e3744 1713}
1714
1715DEFUN (no_access_list_extended_any_host,
1716 no_access_list_extended_any_host_cmd,
358189ad 1717 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1718 NO_STR
1719 "Add an access list entry\n"
1720 "IP extended access list\n"
1721 "IP extended access list (expanded range)\n"
358189ad
DA		 1722 "Sequence number of an entry\n"
1723 "Sequence number\n"
718e3744 1724 "Specify packets to reject\n"
1725 "Specify packets to forward\n"
1726 "Any Internet Protocol\n"
1727 "Any source host\n"
1728 "A single destination host\n"
1729 "Destination address\n")
1730{
d62a17ae 1731 int idx_acl = 2;
358189ad
DA		 1732 int idx = 0;
1733 char *seq = NULL;
1734 char *permit_deny = NULL;
1735 char *dst = NULL;
1736
1737 argv_find(argv, argc, "(1-4294967295)", &idx);
1738 if (idx)
1739 seq = argv[idx]->arg;
1740
1741 idx = 0;
1742 argv_find(argv, argc, "permit", &idx);
1743 argv_find(argv, argc, "deny", &idx);
1744 if (idx)
1745 permit_deny = argv[idx]->arg;
1746
1747 idx = 0;
1748 argv_find(argv, argc, "A.B.C.D", &idx);
1749 if (idx)
1750 dst = argv[idx]->arg;
1751
1752 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1753 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1754 0);
718e3744 1755}
1756
1757DEFUN (no_access_list_extended_host_any,
1758 no_access_list_extended_host_any_cmd,
358189ad 1759 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1760 NO_STR
1761 "Add an access list entry\n"
1762 "IP extended access list\n"
1763 "IP extended access list (expanded range)\n"
358189ad
DA		 1764 "Sequence number of an entry\n"
1765 "Sequence number\n"
718e3744 1766 "Specify packets to reject\n"
1767 "Specify packets to forward\n"
1768 "Any Internet Protocol\n"
1769 "A single source host\n"
1770 "Source address\n"
1771 "Any destination host\n")
1772{
d62a17ae 1773 int idx_acl = 2;
358189ad
DA		 1774 int idx = 0;
1775 char *seq = NULL;
1776 char *permit_deny = NULL;
1777 char *src = NULL;
1778
1779 argv_find(argv, argc, "(1-4294967295)", &idx);
1780 if (idx)
1781 seq = argv[idx]->arg;
1782
1783 idx = 0;
1784 argv_find(argv, argc, "permit", &idx);
1785 argv_find(argv, argc, "deny", &idx);
1786 if (idx)
1787 permit_deny = argv[idx]->arg;
1788
1789 idx = 0;
1790 argv_find(argv, argc, "A.B.C.D", &idx);
1791 if (idx)
1792 src = argv[idx]->arg;
1793
1794 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1795 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1796}
1797
1798static int filter_set_zebra(struct vty *vty, const char *name_str,
358189ad 1799 const char *seq, const char *type_str, afi_t afi,
d62a17ae 1800 const char *prefix_str, int exact, int set)
1801{
1802 int ret;
358189ad 1803 enum filter_type type = FILTER_DENY;
d62a17ae 1804 struct filter *mfilter;
1805 struct filter_zebra *filter;
1806 struct access_list *access;
1807 struct prefix p;
358189ad 1808 int64_t seqnum = -1;
d62a17ae 1809
1810 if (strlen(name_str) > ACL_NAMSIZ) {
1811 vty_out(vty,
1812 "%% ACL name %s is invalid: length exceeds "
1813 "%d characters\n",
1814 name_str, ACL_NAMSIZ);
1815 return CMD_WARNING_CONFIG_FAILED;
718e3744 1816 }
718e3744 1817
358189ad
DA		 1818 if (seq)
1819 seqnum = (int64_t)atol(seq);
1820
d62a17ae 1821 /* Check of filter type. */
358189ad
DA		 1822 if (type_str) {
1823 if (strncmp(type_str, "p", 1) == 0)
1824 type = FILTER_PERMIT;
1825 else if (strncmp(type_str, "d", 1) == 0)
1826 type = FILTER_DENY;
1827 else {
1828 vty_out(vty, "filter type must be [permit|deny]\n");
1829 return CMD_WARNING_CONFIG_FAILED;
1830 }
d62a17ae 1831 }
718e3744 1832
d62a17ae 1833 /* Check string format of prefix and prefixlen. */
1834 if (afi == AFI_IP) {
1835 ret = str2prefix_ipv4(prefix_str, (struct prefix_ipv4 *)&p);
1836 if (ret <= 0) {
1837 vty_out(vty,
1838 "IP address prefix/prefixlen is malformed\n");
1839 return CMD_WARNING_CONFIG_FAILED;
1840 }
1841 } else if (afi == AFI_IP6) {
1842 ret = str2prefix_ipv6(prefix_str, (struct prefix_ipv6 *)&p);
1843 if (ret <= 0) {
1844 vty_out(vty,
1845 "IPv6 address prefix/prefixlen is malformed\n");
1846 return CMD_WARNING_CONFIG_FAILED;
1847 }
d37ba549
MK		 1848 } else if (afi == AFI_L2VPN) {
1849 ret = str2prefix_eth(prefix_str, (struct prefix_eth *)&p);
1850 if (ret <= 0) {
1851 vty_out(vty, "MAC address is malformed\n");
1852 return CMD_WARNING;
1853 }
d62a17ae 1854 } else
1855 return CMD_WARNING_CONFIG_FAILED;
1856
1857 mfilter = filter_new();
1858 mfilter->type = type;
358189ad 1859 mfilter->seq = seqnum;
d62a17ae 1860 filter = &mfilter->u.zfilter;
1861 prefix_copy(&filter->prefix, &p);
1862
1863 /* "exact-match" */
1864 if (exact)
1865 filter->exact = 1;
1866
1867 /* Install new filter to the access_list. */
1868 access = access_list_get(afi, name_str);
1869
1870 if (set) {
1871 if (filter_lookup_zebra(access, mfilter))
1872 filter_free(mfilter);
1873 else
1874 access_list_filter_add(access, mfilter);
1875 } else {
1876 struct filter *delete_filter;
d62a17ae 1877 delete_filter = filter_lookup_zebra(access, mfilter);
1878 if (delete_filter)
1879 access_list_filter_delete(access, delete_filter);
1880
1881 filter_free(mfilter);
1882 }
718e3744 1883
d62a17ae 1884 return CMD_SUCCESS;
718e3744 1885}
1886
d37ba549
MK		 1887DEFUN (mac_access_list,
1888 mac_access_list_cmd,
358189ad 1889 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1890 "Add a mac access-list\n"
1891 "Add an access list entry\n"
1892 "MAC zebra access-list name\n"
358189ad
DA		 1893 "Sequence number of an entry\n"
1894 "Sequence number\n"
d37ba549
MK		 1895 "Specify packets to reject\n"
1896 "Specify packets to forward\n"
1897 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1898{
358189ad
DA		 1899 int idx = 0;
1900 char *seq = NULL;
1901 char *permit_deny = NULL;
1902 char *mac = NULL;
1903
1904 argv_find(argv, argc, "(1-4294967295)", &idx);
1905 if (idx)
1906 seq = argv[idx]->arg;
1907
1908 idx = 0;
1909 argv_find(argv, argc, "permit", &idx);
1910 argv_find(argv, argc, "deny", &idx);
1911 if (idx)
1912 permit_deny = argv[idx]->arg;
1913
1914 idx = 0;
1915 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1916 if (idx)
1917 mac = argv[idx]->arg;
d06244b7 1918 assert(mac);
358189ad
DA		 1919
1920 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1921 mac, 0, 1);
d37ba549
MK		 1922}
1923
1924DEFUN (no_mac_access_list,
1925 no_mac_access_list_cmd,
358189ad 1926 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1927 NO_STR
1928 "Remove a mac access-list\n"
1929 "Remove an access list entry\n"
1930 "MAC zebra access-list name\n"
358189ad
DA		 1931 "Sequence number of an entry\n"
1932 "Sequence number\n"
d37ba549
MK		 1933 "Specify packets to reject\n"
1934 "Specify packets to forward\n"
1935 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1936{
358189ad
DA		 1937 int idx = 0;
1938 char *seq = NULL;
1939 char *permit_deny = NULL;
1940 char *mac = NULL;
1941
1942 argv_find(argv, argc, "(1-4294967295)", &idx);
1943 if (idx)
1944 seq = argv[idx]->arg;
1945
1946 idx = 0;
1947 argv_find(argv, argc, "permit", &idx);
1948 argv_find(argv, argc, "deny", &idx);
1949 if (idx)
1950 permit_deny = argv[idx]->arg;
1951
1952 idx = 0;
1953 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1954 if (idx)
1955 mac = argv[idx]->arg;
d06244b7 1956 assert(mac);
358189ad
DA		 1957
1958 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1959 mac, 0, 0);
d37ba549
MK		 1960}
1961
1962DEFUN (mac_access_list_any,
1963 mac_access_list_any_cmd,
358189ad 1964 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1965 "Add a mac access-list\n"
1966 "Add an access list entry\n"
1967 "MAC zebra access-list name\n"
358189ad
DA		 1968 "Sequence number of an entry\n"
1969 "Sequence number\n"
d37ba549
MK		 1970 "Specify packets to reject\n"
1971 "Specify packets to forward\n"
1972 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1973{
358189ad
DA		 1974 int idx = 0;
1975 char *seq = NULL;
1976 char *permit_deny = NULL;
1977
1978 argv_find(argv, argc, "(1-4294967295)", &idx);
1979 if (idx)
1980 seq = argv[idx]->arg;
1981
1982 idx = 0;
1983 argv_find(argv, argc, "permit", &idx);
1984 argv_find(argv, argc, "deny", &idx);
1985 if (idx)
1986 permit_deny = argv[idx]->arg;
1987
1988 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 1989 "00:00:00:00:00:00", 0, 1);
1990}
1991
1992DEFUN (no_mac_access_list_any,
1993 no_mac_access_list_any_cmd,
358189ad 1994 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1995 NO_STR
1996 "Remove a mac access-list\n"
1997 "Remove an access list entry\n"
1998 "MAC zebra access-list name\n"
358189ad
DA		 1999 "Sequence number of an entry\n"
2000 "Sequence number\n"
d37ba549
MK		 2001 "Specify packets to reject\n"
2002 "Specify packets to forward\n"
2003 "MAC address to match. e.g. 00:01:00:01:00:01\n")
2004{
358189ad
DA		 2005 int idx = 0;
2006 char *seq = NULL;
2007 char *permit_deny = NULL;
2008
2009 argv_find(argv, argc, "(1-4294967295)", &idx);
2010 if (idx)
2011 seq = argv[idx]->arg;
2012
2013 idx = 0;
2014 argv_find(argv, argc, "permit", &idx);
2015 argv_find(argv, argc, "deny", &idx);
2016 if (idx)
2017 permit_deny = argv[idx]->arg;
2018
2019 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 2020 "00:00:00:00:00:00", 0, 0);
2021}
2022
718e3744 2023DEFUN (access_list_exact,
2024 access_list_exact_cmd,
358189ad 2025 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2026 "Add an access list entry\n"
2027 "IP zebra access-list name\n"
358189ad
DA		 2028 "Sequence number of an entry\n"
2029 "Sequence number\n"
718e3744 2030 "Specify packets to reject\n"
2031 "Specify packets to forward\n"
2032 "Prefix to match. e.g. 10.0.0.0/8\n"
2033 "Exact match of the prefixes\n")
2034{
8367c327 2035 int idx = 0;
d62a17ae 2036 int exact = 0;
358189ad
DA		 2037 char *seq = NULL;
2038 char *permit_deny = NULL;
2039 char *prefix = NULL;
2040
2041 argv_find(argv, argc, "(1-4294967295)", &idx);
2042 if (idx)
2043 seq = argv[idx]->arg;
2044
2045 idx = 0;
2046 argv_find(argv, argc, "permit", &idx);
2047 argv_find(argv, argc, "deny", &idx);
2048 if (idx)
2049 permit_deny = argv[idx]->arg;
2050
2051 idx = 0;
2052 argv_find(argv, argc, "A.B.C.D/M", &idx);
2053 if (idx)
2054 prefix = argv[idx]->arg;
d06244b7 2055 assert(prefix);
358189ad
DA		 2056
2057 idx = 0;
d62a17ae 2058 if (argv_find(argv, argc, "exact-match", &idx))
2059 exact = 1;
a1198921 2060
358189ad
DA		 2061 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2062 AFI_IP, prefix, exact, 1);
718e3744 2063}
2064
2065DEFUN (access_list_any,
2066 access_list_any_cmd,
358189ad 2067 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2068 "Add an access list entry\n"
2069 "IP zebra access-list name\n"
358189ad
DA		 2070 "Sequence number of an entry\n"
2071 "Sequence number\n"
718e3744 2072 "Specify packets to reject\n"
2073 "Specify packets to forward\n"
2074 "Prefix to match. e.g. 10.0.0.0/8\n")
2075{
d62a17ae 2076 int idx_word = 1;
358189ad
DA		 2077 int idx = 0;
2078 char *seq = NULL;
2079 char *permit_deny = NULL;
2080
2081 argv_find(argv, argc, "(1-4294967295)", &idx);
2082 if (idx)
2083 seq = argv[idx]->arg;
2084
2085 idx = 0;
2086 argv_find(argv, argc, "permit", &idx);
2087 argv_find(argv, argc, "deny", &idx);
2088 if (idx)
2089 permit_deny = argv[idx]->arg;
2090
2091 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2092 AFI_IP, "0.0.0.0/0", 0, 1);
718e3744 2093}
2094
718e3744 2095DEFUN (no_access_list_exact,
2096 no_access_list_exact_cmd,
358189ad 2097 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2098 NO_STR
2099 "Add an access list entry\n"
2100 "IP zebra access-list name\n"
358189ad
DA		 2101 "Sequence number of an entry\n"
2102 "Sequence number\n"
718e3744 2103 "Specify packets to reject\n"
2104 "Specify packets to forward\n"
2105 "Prefix to match. e.g. 10.0.0.0/8\n"
2106 "Exact match of the prefixes\n")
2107{
8367c327 2108 int idx = 0;
d62a17ae 2109 int exact = 0;
358189ad
DA		 2110 char *seq = NULL;
2111 char *permit_deny = NULL;
2112 char *prefix = NULL;
2113
2114 argv_find(argv, argc, "(1-4294967295)", &idx);
2115 if (idx)
2116 seq = argv[idx]->arg;
2117
2118 idx = 0;
2119 argv_find(argv, argc, "permit", &idx);
2120 argv_find(argv, argc, "deny", &idx);
2121 if (idx)
2122 permit_deny = argv[idx]->arg;
2123
2124 idx = 0;
2125 argv_find(argv, argc, "A.B.C.D/M", &idx);
2126 if (idx)
2127 prefix = argv[idx]->arg;
d06244b7 2128 assert(prefix);
358189ad
DA		 2129
2130 idx = 0;
d62a17ae 2131 if (argv_find(argv, argc, "exact-match", &idx))
2132 exact = 1;
a1198921 2133
358189ad
DA		 2134 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2135 AFI_IP, prefix, exact, 0);
718e3744 2136}
2137
2138DEFUN (no_access_list_any,
2139 no_access_list_any_cmd,
358189ad 2140 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2141 NO_STR
2142 "Add an access list entry\n"
2143 "IP zebra access-list name\n"
358189ad
DA		 2144 "Sequence number of an entry\n"
2145 "Sequence number\n"
718e3744 2146 "Specify packets to reject\n"
2147 "Specify packets to forward\n"
2148 "Prefix to match. e.g. 10.0.0.0/8\n")
2149{
2bf92084 2150 int idx_word = 2;
358189ad
DA		 2151 int idx = 0;
2152 char *seq = NULL;
2153 char *permit_deny = NULL;
2154
2155 argv_find(argv, argc, "(1-4294967295)", &idx);
2156 if (idx)
2157 seq = argv[idx]->arg;
2158
2159 idx = 0;
2160 argv_find(argv, argc, "permit", &idx);
2161 argv_find(argv, argc, "deny", &idx);
2162 if (idx)
2163 permit_deny = argv[idx]->arg;
2164
2165 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2166 AFI_IP, "0.0.0.0/0", 0, 0);
718e3744 2167}
2168
2169DEFUN (no_access_list_all,
2170 no_access_list_all_cmd,
6147e2c6 2171 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2172 NO_STR
2173 "Add an access list entry\n"
2174 "IP standard access list\n"
2175 "IP extended access list\n"
2176 "IP standard access list (expanded range)\n"
2177 "IP extended access list (expanded range)\n"
2178 "IP zebra access-list name\n")
2179{
d62a17ae 2180 int idx_acl = 2;
2181 struct access_list *access;
2182 struct access_master *master;
718e3744 2183
d62a17ae 2184 /* Looking up access_list. */
2185 access = access_list_lookup(AFI_IP, argv[idx_acl]->arg);
2186 if (access == NULL) {
2187 vty_out(vty, "%% access-list %s doesn't exist\n",
2188 argv[idx_acl]->arg);
2189 return CMD_WARNING_CONFIG_FAILED;
2190 }
2191
2192 master = access->master;
718e3744 2193
d62a17ae 2194 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2195 /* Run hook function. */
2196 if (master->delete_hook)
2197 (*master->delete_hook)(access);
718e3744 2198
d62a17ae 2199 /* Delete all filter from access-list. */
2200 access_list_delete(access);
6a2e0f36 2201
d62a17ae 2202 return CMD_SUCCESS;
718e3744 2203}
2204
2205DEFUN (access_list_remark,
2206 access_list_remark_cmd,
e961923c 2207 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
718e3744 2208 "Add an access list entry\n"
2209 "IP standard access list\n"
2210 "IP extended access list\n"
2211 "IP standard access list (expanded range)\n"
2212 "IP extended access list (expanded range)\n"
2213 "IP zebra access-list\n"
2214 "Access list entry comment\n"
2215 "Comment up to 100 characters\n")
2216{
d62a17ae 2217 int idx_acl = 1;
2218 int idx_remark = 3;
2219 struct access_list *access;
718e3744 2220
d62a17ae 2221 access = access_list_get(AFI_IP, argv[idx_acl]->arg);
718e3744 2222
d62a17ae 2223 if (access->remark) {
2224 XFREE(MTYPE_TMP, access->remark);
2225 access->remark = NULL;
2226 }
2227 access->remark = argv_concat(argv, argc, idx_remark);
718e3744 2228
d62a17ae 2229 return CMD_SUCCESS;
718e3744 2230}
2231
2232DEFUN (no_access_list_remark,
2233 no_access_list_remark_cmd,
6147e2c6 2234 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
718e3744 2235 NO_STR
2236 "Add an access list entry\n"
2237 "IP standard access list\n"
2238 "IP extended access list\n"
2239 "IP standard access list (expanded range)\n"
2240 "IP extended access list (expanded range)\n"
2241 "IP zebra access-list\n"
2242 "Access list entry comment\n")
2243{
d62a17ae 2244 int idx_acl = 2;
2245 return vty_access_list_remark_unset(vty, AFI_IP, argv[idx_acl]->arg);
718e3744 2246}
f667a580
QY		 2247
2248/* ALIAS_FIXME */
2249DEFUN (no_access_list_remark_comment,
2250 no_access_list_remark_comment_cmd,
2251 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2252 NO_STR
2253 "Add an access list entry\n"
2254 "IP standard access list\n"
2255 "IP extended access list\n"
2256 "IP standard access list (expanded range)\n"
2257 "IP extended access list (expanded range)\n"
2258 "IP zebra access-list\n"
2259 "Access list entry comment\n"
2260 "Comment up to 100 characters\n")
2261{
d62a17ae 2262 return no_access_list_remark(self, vty, argc, argv);
f667a580 2263}
718e3744 2264
2265DEFUN (ipv6_access_list_exact,
2266 ipv6_access_list_exact_cmd,
358189ad 2267 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2268 IPV6_STR
2269 "Add an access list entry\n"
2270 "IPv6 zebra access-list\n"
358189ad
DA		 2271 "Sequence number of an entry\n"
2272 "Sequence number\n"
718e3744 2273 "Specify packets to reject\n"
2274 "Specify packets to forward\n"
5435e6e8 2275 "IPv6 prefix\n"
718e3744 2276 "Exact match of the prefixes\n")
2277{
8367c327 2278 int idx = 0;
d62a17ae 2279 int exact = 0;
2280 int idx_word = 2;
358189ad
DA		 2281 char *seq = NULL;
2282 char *permit_deny = NULL;
2283 char *prefix = NULL;
2284
2285 argv_find(argv, argc, "(1-4294967295)", &idx);
2286 if (idx)
2287 seq = argv[idx]->arg;
2288
2289 idx = 0;
2290 argv_find(argv, argc, "permit", &idx);
2291 argv_find(argv, argc, "deny", &idx);
2292 if (idx)
2293 permit_deny = argv[idx]->arg;
2294
2295 idx = 0;
2296 argv_find(argv, argc, "X:X::X:X/M", &idx);
2297 if (idx)
2298 prefix = argv[idx]->arg;
2299
2300 idx = 0;
d62a17ae 2301 if (argv_find(argv, argc, "exact-match", &idx))
2302 exact = 1;
a1198921 2303
358189ad
DA		 2304 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2305 AFI_IP6, prefix, exact, 1);
718e3744 2306}
2307
2308DEFUN (ipv6_access_list_any,
2309 ipv6_access_list_any_cmd,
358189ad 2310 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2311 IPV6_STR
2312 "Add an access list entry\n"
2313 "IPv6 zebra access-list\n"
358189ad
DA		 2314 "Sequence number of an entry\n"
2315 "Sequence number\n"
718e3744 2316 "Specify packets to reject\n"
2317 "Specify packets to forward\n"
2318 "Any prefixi to match\n")
2319{
d62a17ae 2320 int idx_word = 2;
358189ad
DA		 2321 int idx = 0;
2322 char *seq = NULL;
2323 char *permit_deny = NULL;
2324
2325 argv_find(argv, argc, "(1-4294967295)", &idx);
2326 if (idx)
2327 seq = argv[idx]->arg;
2328
2329 idx = 0;
2330 argv_find(argv, argc, "permit", &idx);
2331 argv_find(argv, argc, "deny", &idx);
2332 if (idx)
2333 permit_deny = argv[idx]->arg;
2334
2335 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2336 AFI_IP6, "::/0", 0, 1);
718e3744 2337}
2338
718e3744 2339DEFUN (no_ipv6_access_list_exact,
2340 no_ipv6_access_list_exact_cmd,
358189ad 2341 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2342 NO_STR
2343 IPV6_STR
2344 "Add an access list entry\n"
2345 "IPv6 zebra access-list\n"
358189ad
DA		 2346 "Sequence number of an entry\n"
2347 "Sequence number\n"
718e3744 2348 "Specify packets to reject\n"
2349 "Specify packets to forward\n"
2350 "Prefix to match. e.g. 3ffe:506::/32\n"
2351 "Exact match of the prefixes\n")
2352{
8367c327 2353 int idx = 0;
d62a17ae 2354 int exact = 0;
2bf92084 2355 int idx_word = 3;
358189ad
DA		 2356 char *seq = NULL;
2357 char *permit_deny = NULL;
2358 char *prefix = NULL;
2359
2360 argv_find(argv, argc, "(1-4294967295)", &idx);
2361 if (idx)
2362 seq = argv[idx]->arg;
2363
2364 idx = 0;
2365 argv_find(argv, argc, "permit", &idx);
2366 argv_find(argv, argc, "deny", &idx);
2367 if (idx)
2368 permit_deny = argv[idx]->arg;
2369
2370 idx = 0;
2371 argv_find(argv, argc, "X:X::X:X/M", &idx);
2372 if (idx)
2373 prefix = argv[idx]->arg;
d06244b7 2374 assert(prefix);
358189ad
DA		 2375
2376 idx = 0;
d62a17ae 2377 if (argv_find(argv, argc, "exact-match", &idx))
2378 exact = 1;
a1198921 2379
358189ad
DA		 2380 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2381 AFI_IP6, prefix, exact, 0);
718e3744 2382}
2383
2384DEFUN (no_ipv6_access_list_any,
2385 no_ipv6_access_list_any_cmd,
358189ad 2386 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2387 NO_STR
2388 IPV6_STR
2389 "Add an access list entry\n"
2390 "IPv6 zebra access-list\n"
358189ad
DA		 2391 "Sequence number of an entry\n"
2392 "Sequence number\n"
718e3744 2393 "Specify packets to reject\n"
2394 "Specify packets to forward\n"
2395 "Any prefixi to match\n")
2396{
2bf92084 2397 int idx_word = 3;
358189ad
DA		 2398 int idx = 0;
2399 char *seq = NULL;
2400 char *permit_deny = NULL;
2401
2402 argv_find(argv, argc, "(1-4294967295)", &idx);
2403 if (idx)
2404 seq = argv[idx]->arg;
2405
2406 idx = 0;
2407 argv_find(argv, argc, "permit", &idx);
2408 argv_find(argv, argc, "deny", &idx);
2409 if (idx)
2410 permit_deny = argv[idx]->arg;
2411
2412 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2413 AFI_IP6, "::/0", 0, 0);
718e3744 2414}
2415
2416
2417DEFUN (no_ipv6_access_list_all,
2418 no_ipv6_access_list_all_cmd,
2419 "no ipv6 access-list WORD",
2420 NO_STR
2421 IPV6_STR
2422 "Add an access list entry\n"
2423 "IPv6 zebra access-list\n")
2424{
d62a17ae 2425 int idx_word = 3;
2426 struct access_list *access;
2427 struct access_master *master;
718e3744 2428
d62a17ae 2429 /* Looking up access_list. */
2430 access = access_list_lookup(AFI_IP6, argv[idx_word]->arg);
2431 if (access == NULL) {
2432 vty_out(vty, "%% access-list %s doesn't exist\n",
2433 argv[idx_word]->arg);
2434 return CMD_WARNING_CONFIG_FAILED;
2435 }
718e3744 2436
d62a17ae 2437 master = access->master;
718e3744 2438
d62a17ae 2439 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2440 /* Run hook function. */
2441 if (master->delete_hook)
2442 (*master->delete_hook)(access);
718e3744 2443
d62a17ae 2444 /* Delete all filter from access-list. */
2445 access_list_delete(access);
6a2e0f36 2446
d62a17ae 2447 return CMD_SUCCESS;
718e3744 2448}
2449
2450DEFUN (ipv6_access_list_remark,
2451 ipv6_access_list_remark_cmd,
e961923c 2452 "ipv6 access-list WORD remark LINE...",
718e3744 2453 IPV6_STR
2454 "Add an access list entry\n"
2455 "IPv6 zebra access-list\n"
2456 "Access list entry comment\n"
2457 "Comment up to 100 characters\n")
2458{
d62a17ae 2459 int idx_word = 2;
2460 int idx_line = 4;
2461 struct access_list *access;
718e3744 2462
d62a17ae 2463 access = access_list_get(AFI_IP6, argv[idx_word]->arg);
718e3744 2464
d62a17ae 2465 if (access->remark) {
2466 XFREE(MTYPE_TMP, access->remark);
2467 access->remark = NULL;
2468 }
2469 access->remark = argv_concat(argv, argc, idx_line);
718e3744 2470
d62a17ae 2471 return CMD_SUCCESS;
718e3744 2472}
2473
2474DEFUN (no_ipv6_access_list_remark,
2475 no_ipv6_access_list_remark_cmd,
2476 "no ipv6 access-list WORD remark",
2477 NO_STR
2478 IPV6_STR
2479 "Add an access list entry\n"
2480 "IPv6 zebra access-list\n"
2481 "Access list entry comment\n")
2482{
d62a17ae 2483 int idx_word = 3;
2484 return vty_access_list_remark_unset(vty, AFI_IP6, argv[idx_word]->arg);
718e3744 2485}
f667a580
QY		 2486
2487/* ALIAS_FIXME */
2488DEFUN (no_ipv6_access_list_remark_comment,
2489 no_ipv6_access_list_remark_comment_cmd,
2490 "no ipv6 access-list WORD remark LINE...",
2491 NO_STR
2492 IPV6_STR
2493 "Add an access list entry\n"
2494 "IPv6 zebra access-list\n"
2495 "Access list entry comment\n"
2496 "Comment up to 100 characters\n")
2497{
d62a17ae 2498 return no_ipv6_access_list_remark(self, vty, argc, argv);
f667a580 2499}
718e3744 2500
eb51bb9b
DL		 2501static void config_write_access_zebra(struct vty *, struct filter *);
2502static void config_write_access_cisco(struct vty *, struct filter *);
718e3744 2503
2504/* show access-list command. */
d62a17ae 2505static int filter_show(struct vty *vty, const char *name, afi_t afi)
2506{
2507 struct access_list *access;
2508 struct access_master *master;
2509 struct filter *mfilter;
2510 struct filter_cisco *filter;
2511 int write = 0;
2512
2513 master = access_master_get(afi);
2514 if (master == NULL)
2515 return 0;
2516
2517 /* Print the name of the protocol */
2518 vty_out(vty, "%s:\n", frr_protoname);
2519
2520 for (access = master->num.head; access; access = access->next) {
2521 if (name && strcmp(access->name, name) != 0)
2522 continue;
2523
2524 write = 1;
2525
2526 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2527 filter = &mfilter->u.cfilter;
2528
2529 if (write) {
d37ba549 2530 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2531 mfilter->cisco ? (filter->extended
2532 ? "Extended"
2533 : "Standard")
2534 : "Zebra",
d37ba549 2535 (afi == AFI_IP)
3b0f6068
DL		 2536 ? ("IP")
2537 : ((afi == AFI_IP6) ? ("IPv6 ")
2538 : ("MAC ")),
d62a17ae 2539 access->name);
2540 write = 0;
2541 }
2542
358189ad
DA		 2543 vty_out(vty, " seq %" PRId64, mfilter->seq);
2544 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2545 mfilter->type == FILTER_DENY ? " " : "");
2546
2547 if (!mfilter->cisco)
2548 config_write_access_zebra(vty, mfilter);
2549 else if (filter->extended)
2550 config_write_access_cisco(vty, mfilter);
2551 else {
2552 if (filter->addr_mask.s_addr == 0xffffffff)
2553 vty_out(vty, " any\n");
2554 else {
2555 vty_out(vty, " %s",
2556 inet_ntoa(filter->addr));
2557 if (filter->addr_mask.s_addr != 0)
2558 vty_out(vty,
2559 ", wildcard bits %s",
2560 inet_ntoa(
2561 filter->addr_mask));
2562 vty_out(vty, "\n");
2563 }
2564 }
718e3744 2565 }
718e3744 2566 }
d62a17ae 2567
2568 for (access = master->str.head; access; access = access->next) {
2569 if (name && strcmp(access->name, name) != 0)
2570 continue;
2571
2572 write = 1;
2573
2574 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2575 filter = &mfilter->u.cfilter;
2576
2577 if (write) {
d37ba549 2578 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2579 mfilter->cisco ? (filter->extended
2580 ? "Extended"
2581 : "Standard")
2582 : "Zebra",
d37ba549 2583 (afi == AFI_IP)
3b0f6068
DL		 2584 ? ("IP")
2585 : ((afi == AFI_IP6) ? ("IPv6 ")
2586 : ("MAC ")),
d62a17ae 2587 access->name);
2588 write = 0;
2589 }
2590
358189ad
DA		 2591 vty_out(vty, " seq %" PRId64, mfilter->seq);
2592 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2593 mfilter->type == FILTER_DENY ? " " : "");
2594
2595 if (!mfilter->cisco)
2596 config_write_access_zebra(vty, mfilter);
2597 else if (filter->extended)
2598 config_write_access_cisco(vty, mfilter);
2599 else {
2600 if (filter->addr_mask.s_addr == 0xffffffff)
2601 vty_out(vty, " any\n");
2602 else {
2603 vty_out(vty, " %s",
2604 inet_ntoa(filter->addr));
2605 if (filter->addr_mask.s_addr != 0)
2606 vty_out(vty,
2607 ", wildcard bits %s",
2608 inet_ntoa(
2609 filter->addr_mask));
2610 vty_out(vty, "\n");
2611 }
2612 }
718e3744 2613 }
718e3744 2614 }
d62a17ae 2615 return CMD_SUCCESS;
718e3744 2616}
2617
d37ba549
MK		 2618/* show MAC access list - this only has MAC filters for now*/
2619DEFUN (show_mac_access_list,
2620 show_mac_access_list_cmd,
2621 "show mac access-list",
2622 SHOW_STR
2623 "mac access lists\n"
2624 "List mac access lists\n")
2625{
2626 return filter_show(vty, NULL, AFI_L2VPN);
2627}
2628
2629DEFUN (show_mac_access_list_name,
2630 show_mac_access_list_name_cmd,
2631 "show mac access-list WORD",
2632 SHOW_STR
1667fc40 2633 "mac access lists\n"
d37ba549 2634 "List mac access lists\n"
1667fc40 2635 "mac address\n")
d37ba549
MK		 2636{
2637 return filter_show(vty, argv[3]->arg, AFI_L2VPN);
2638}
2639
718e3744 2640DEFUN (show_ip_access_list,
2641 show_ip_access_list_cmd,
2642 "show ip access-list",
2643 SHOW_STR
2644 IP_STR
2645 "List IP access lists\n")
2646{
d62a17ae 2647 return filter_show(vty, NULL, AFI_IP);
718e3744 2648}
2649
2650DEFUN (show_ip_access_list_name,
2651 show_ip_access_list_name_cmd,
6147e2c6 2652 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2653 SHOW_STR
2654 IP_STR
2655 "List IP access lists\n"
2656 "IP standard access list\n"
2657 "IP extended access list\n"
2658 "IP standard access list (expanded range)\n"
2659 "IP extended access list (expanded range)\n"
2660 "IP zebra access-list\n")
2661{
d62a17ae 2662 int idx_acl = 3;
2663 return filter_show(vty, argv[idx_acl]->arg, AFI_IP);
718e3744 2664}
2665
718e3744 2666DEFUN (show_ipv6_access_list,
2667 show_ipv6_access_list_cmd,
2668 "show ipv6 access-list",
2669 SHOW_STR
2670 IPV6_STR
2671 "List IPv6 access lists\n")
2672{
d62a17ae 2673 return filter_show(vty, NULL, AFI_IP6);
718e3744 2674}
2675
2676DEFUN (show_ipv6_access_list_name,
2677 show_ipv6_access_list_name_cmd,
2678 "show ipv6 access-list WORD",
2679 SHOW_STR
2680 IPV6_STR
2681 "List IPv6 access lists\n"
2682 "IPv6 zebra access-list\n")
2683{
d62a17ae 2684 int idx_word = 3;
2685 return filter_show(vty, argv[idx_word]->arg, AFI_IP6);
2686}
2687
eb51bb9b 2688static void config_write_access_cisco(struct vty *vty, struct filter *mfilter)
d62a17ae 2689{
2690 struct filter_cisco *filter;
2691
2692 filter = &mfilter->u.cfilter;
2693
2694 if (filter->extended) {
2695 vty_out(vty, " ip");
2696 if (filter->addr_mask.s_addr == 0xffffffff)
2697 vty_out(vty, " any");
2698 else if (filter->addr_mask.s_addr == 0)
2699 vty_out(vty, " host %s", inet_ntoa(filter->addr));
2700 else {
2701 vty_out(vty, " %s", inet_ntoa(filter->addr));
2702 vty_out(vty, " %s", inet_ntoa(filter->addr_mask));
2703 }
2704
2705 if (filter->mask_mask.s_addr == 0xffffffff)
2706 vty_out(vty, " any");
2707 else if (filter->mask_mask.s_addr == 0)
2708 vty_out(vty, " host %s", inet_ntoa(filter->mask));
2709 else {
2710 vty_out(vty, " %s", inet_ntoa(filter->mask));
2711 vty_out(vty, " %s", inet_ntoa(filter->mask_mask));
2712 }
2713 vty_out(vty, "\n");
2714 } else {
2715 if (filter->addr_mask.s_addr == 0xffffffff)
2716 vty_out(vty, " any\n");
2717 else {
2718 vty_out(vty, " %s", inet_ntoa(filter->addr));
2719 if (filter->addr_mask.s_addr != 0)
2720 vty_out(vty, " %s",
2721 inet_ntoa(filter->addr_mask));
2722 vty_out(vty, "\n");
2723 }
718e3744 2724 }
718e3744 2725}
2726
eb51bb9b 2727static void config_write_access_zebra(struct vty *vty, struct filter *mfilter)
718e3744 2728{
d62a17ae 2729 struct filter_zebra *filter;
2730 struct prefix *p;
2731 char buf[BUFSIZ];
718e3744 2732
d62a17ae 2733 filter = &mfilter->u.zfilter;
2734 p = &filter->prefix;
718e3744 2735
d62a17ae 2736 if (p->prefixlen == 0 && !filter->exact)
2737 vty_out(vty, " any");
d37ba549 2738 else if (p->family == AF_INET6 || p->family == AF_INET)
d62a17ae 2739 vty_out(vty, " %s/%d%s",
2740 inet_ntop(p->family, &p->u.prefix, buf, BUFSIZ),
2741 p->prefixlen, filter->exact ? " exact-match" : "");
69b61704 2742 else if (p->family == AF_ETHERNET) {
3b0f6068 2743 if (p->prefixlen == 0)
69b61704
MK		 2744 vty_out(vty, " any");
2745 else
2746 vty_out(vty, " %s", prefix_mac2str(&(p->u.prefix_eth),
2747 buf, sizeof(buf)));
2748 }
718e3744 2749
d62a17ae 2750 vty_out(vty, "\n");
718e3744 2751}
2752
d62a17ae 2753static int config_write_access(struct vty *vty, afi_t afi)
718e3744 2754{
d62a17ae 2755 struct access_list *access;
2756 struct access_master *master;
2757 struct filter *mfilter;
2758 int write = 0;
718e3744 2759
d62a17ae 2760 master = access_master_get(afi);
2761 if (master == NULL)
2762 return 0;
718e3744 2763
d62a17ae 2764 for (access = master->num.head; access; access = access->next) {
2765 if (access->remark) {
2766 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2767 (afi == AFI_IP) ? ("")
2768 : ((afi == AFI_IP6) ? ("ipv6 ")
2769 : ("mac ")),
2770 access->name, access->remark);
d62a17ae 2771 write++;
2772 }
718e3744 2773
d62a17ae 2774 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2775 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2776 (afi == AFI_IP) ? ("")
2777 : ((afi == AFI_IP6) ? ("ipv6 ")
2778 : ("mac ")),
358189ad
DA		 2779 access->name, mfilter->seq,
2780 filter_type_str(mfilter));
718e3744 2781
d62a17ae 2782 if (mfilter->cisco)
2783 config_write_access_cisco(vty, mfilter);
2784 else
2785 config_write_access_zebra(vty, mfilter);
718e3744 2786
d62a17ae 2787 write++;
2788 }
718e3744 2789 }
2790
d62a17ae 2791 for (access = master->str.head; access; access = access->next) {
2792 if (access->remark) {
2793 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2794 (afi == AFI_IP) ? ("")
2795 : ((afi == AFI_IP6) ? ("ipv6 ")
2796 : ("mac ")),
2797 access->name, access->remark);
d62a17ae 2798 write++;
2799 }
2800
2801 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2802 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2803 (afi == AFI_IP) ? ("")
2804 : ((afi == AFI_IP6) ? ("ipv6 ")
2805 : ("mac ")),
358189ad
DA		 2806 access->name, mfilter->seq,
2807 filter_type_str(mfilter));
718e3744 2808
d62a17ae 2809 if (mfilter->cisco)
2810 config_write_access_cisco(vty, mfilter);
2811 else
2812 config_write_access_zebra(vty, mfilter);
718e3744 2813
d62a17ae 2814 write++;
2815 }
718e3744 2816 }
d62a17ae 2817 return write;
718e3744 2818}
2819
d37ba549
MK		 2820static struct cmd_node access_mac_node = {
2821 ACCESS_MAC_NODE, "", /* Access list has no interface. */
2822 1};
2823
2824static int config_write_access_mac(struct vty *vty)
2825{
2826 return config_write_access(vty, AFI_L2VPN);
2827}
2828
2829static void access_list_reset_mac(void)
2830{
2831 struct access_list *access;
2832 struct access_list *next;
2833 struct access_master *master;
2834
2835 master = access_master_get(AFI_L2VPN);
2836 if (master == NULL)
2837 return;
2838
2839 for (access = master->num.head; access; access = next) {
2840 next = access->next;
2841 access_list_delete(access);
2842 }
2843 for (access = master->str.head; access; access = next) {
2844 next = access->next;
2845 access_list_delete(access);
2846 }
2847
2848 assert(master->num.head == NULL);
2849 assert(master->num.tail == NULL);
2850
2851 assert(master->str.head == NULL);
2852 assert(master->str.tail == NULL);
2853}
2854
2855/* Install vty related command. */
2856static void access_list_init_mac(void)
2857{
2858 install_node(&access_mac_node, config_write_access_mac);
2859
2860 install_element(ENABLE_NODE, &show_mac_access_list_cmd);
2861 install_element(ENABLE_NODE, &show_mac_access_list_name_cmd);
2862
2863 /* Zebra access-list */
2864 install_element(CONFIG_NODE, &mac_access_list_cmd);
2865 install_element(CONFIG_NODE, &no_mac_access_list_cmd);
2866 install_element(CONFIG_NODE, &mac_access_list_any_cmd);
2867 install_element(CONFIG_NODE, &no_mac_access_list_any_cmd);
2868}
2869
718e3744 2870/* Access-list node. */
d62a17ae 2871static struct cmd_node access_node = {ACCESS_NODE,
2872 "", /* Access list has no interface. */
2873 1};
718e3744 2874
d62a17ae 2875static int config_write_access_ipv4(struct vty *vty)
718e3744 2876{
d62a17ae 2877 return config_write_access(vty, AFI_IP);
718e3744 2878}
2879
d62a17ae 2880static void access_list_reset_ipv4(void)
718e3744 2881{
d62a17ae 2882 struct access_list *access;
2883 struct access_list *next;
2884 struct access_master *master;
718e3744 2885
d62a17ae 2886 master = access_master_get(AFI_IP);
2887 if (master == NULL)
2888 return;
718e3744 2889
d62a17ae 2890 for (access = master->num.head; access; access = next) {
2891 next = access->next;
2892 access_list_delete(access);
2893 }
2894 for (access = master->str.head; access; access = next) {
2895 next = access->next;
2896 access_list_delete(access);
2897 }
718e3744 2898
d62a17ae 2899 assert(master->num.head == NULL);
2900 assert(master->num.tail == NULL);
718e3744 2901
d62a17ae 2902 assert(master->str.head == NULL);
2903 assert(master->str.tail == NULL);
718e3744 2904}
2905
2906/* Install vty related command. */
d62a17ae 2907static void access_list_init_ipv4(void)
2908{
2909 install_node(&access_node, config_write_access_ipv4);
2910
2911 install_element(ENABLE_NODE, &show_ip_access_list_cmd);
2912 install_element(ENABLE_NODE, &show_ip_access_list_name_cmd);
2913
2914 /* Zebra access-list */
2915 install_element(CONFIG_NODE, &access_list_exact_cmd);
2916 install_element(CONFIG_NODE, &access_list_any_cmd);
2917 install_element(CONFIG_NODE, &no_access_list_exact_cmd);
2918 install_element(CONFIG_NODE, &no_access_list_any_cmd);
2919
2920 /* Standard access-list */
2921 install_element(CONFIG_NODE, &access_list_standard_cmd);
2922 install_element(CONFIG_NODE, &access_list_standard_nomask_cmd);
2923 install_element(CONFIG_NODE, &access_list_standard_host_cmd);
2924 install_element(CONFIG_NODE, &access_list_standard_any_cmd);
2925 install_element(CONFIG_NODE, &no_access_list_standard_cmd);
2926 install_element(CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2927 install_element(CONFIG_NODE, &no_access_list_standard_host_cmd);
2928 install_element(CONFIG_NODE, &no_access_list_standard_any_cmd);
2929
2930 /* Extended access-list */
2931 install_element(CONFIG_NODE, &access_list_extended_cmd);
2932 install_element(CONFIG_NODE, &access_list_extended_any_mask_cmd);
2933 install_element(CONFIG_NODE, &access_list_extended_mask_any_cmd);
2934 install_element(CONFIG_NODE, &access_list_extended_any_any_cmd);
2935 install_element(CONFIG_NODE, &access_list_extended_host_mask_cmd);
2936 install_element(CONFIG_NODE, &access_list_extended_mask_host_cmd);
2937 install_element(CONFIG_NODE, &access_list_extended_host_host_cmd);
2938 install_element(CONFIG_NODE, &access_list_extended_any_host_cmd);
2939 install_element(CONFIG_NODE, &access_list_extended_host_any_cmd);
2940 install_element(CONFIG_NODE, &no_access_list_extended_cmd);
2941 install_element(CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2942 install_element(CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2943 install_element(CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2944 install_element(CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2945 install_element(CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2946 install_element(CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2947 install_element(CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2948 install_element(CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2949
2950 install_element(CONFIG_NODE, &access_list_remark_cmd);
2951 install_element(CONFIG_NODE, &no_access_list_all_cmd);
2952 install_element(CONFIG_NODE, &no_access_list_remark_cmd);
2953 install_element(CONFIG_NODE, &no_access_list_remark_comment_cmd);
2954}
2955
2956static struct cmd_node access_ipv6_node = {ACCESS_IPV6_NODE, "", 1};
2957
2958static int config_write_access_ipv6(struct vty *vty)
2959{
2960 return config_write_access(vty, AFI_IP6);
2961}
2962
2963static void access_list_reset_ipv6(void)
2964{
2965 struct access_list *access;
2966 struct access_list *next;
2967 struct access_master *master;
2968
2969 master = access_master_get(AFI_IP6);
2970 if (master == NULL)
2971 return;
2972
2973 for (access = master->num.head; access; access = next) {
2974 next = access->next;
2975 access_list_delete(access);
2976 }
2977 for (access = master->str.head; access; access = next) {
2978 next = access->next;
2979 access_list_delete(access);
2980 }
718e3744 2981
d62a17ae 2982 assert(master->num.head == NULL);
2983 assert(master->num.tail == NULL);
718e3744 2984
d62a17ae 2985 assert(master->str.head == NULL);
2986 assert(master->str.tail == NULL);
718e3744 2987}
2988
d62a17ae 2989static void access_list_init_ipv6(void)
718e3744 2990{
d62a17ae 2991 install_node(&access_ipv6_node, config_write_access_ipv6);
718e3744 2992
d62a17ae 2993 install_element(ENABLE_NODE, &show_ipv6_access_list_cmd);
2994 install_element(ENABLE_NODE, &show_ipv6_access_list_name_cmd);
718e3744 2995
d62a17ae 2996 install_element(CONFIG_NODE, &ipv6_access_list_exact_cmd);
2997 install_element(CONFIG_NODE, &ipv6_access_list_any_cmd);
2998 install_element(CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2999 install_element(CONFIG_NODE, &no_ipv6_access_list_any_cmd);
718e3744 3000
d62a17ae 3001 install_element(CONFIG_NODE, &no_ipv6_access_list_all_cmd);
3002 install_element(CONFIG_NODE, &ipv6_access_list_remark_cmd);
3003 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
3004 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
718e3744 3005}
718e3744 3006
4d762f26 3007void access_list_init(void)
718e3744 3008{
d62a17ae 3009 access_list_init_ipv4();
3010 access_list_init_ipv6();
d37ba549 3011 access_list_init_mac();
718e3744 3012}
3013
4d762f26 3014void access_list_reset(void)
718e3744 3015{
d62a17ae 3016 access_list_reset_ipv4();
3017 access_list_reset_ipv6();
d37ba549 3018 access_list_reset_mac();
718e3744 3019}
FRRouting mirror