]> git.proxmox.com Git - mirror_frr.git/blame - lib/filter.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
yang: update filter yang model
[mirror_frr.git] / lib / filter.c
CommitLineData
718e3744 1/* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
896014f4
DL		 16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 19 */
20
21#include <zebra.h>
22
23#include "prefix.h"
24#include "filter.h"
25#include "memory.h"
26#include "command.h"
27#include "sockunion.h"
28#include "buffer.h"
fbf5d033 29#include "log.h"
518f0eb1 30#include "routemap.h"
b85120bc 31#include "libfrr.h"
718e3744 32
d62a17ae 33DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
4a1ab8e4 34DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
d62a17ae 35DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
37struct filter_cisco {
38 /* Cisco access-list */
39 int extended;
40 struct in_addr addr;
41 struct in_addr addr_mask;
42 struct in_addr mask;
43 struct in_addr mask_mask;
718e3744 44};
45
d62a17ae 46struct filter_zebra {
47 /* If this filter is "exact" match then this flag is set. */
48 int exact;
718e3744 49
d62a17ae 50 /* Prefix information. */
51 struct prefix prefix;
718e3744 52};
53
54/* Filter element of access list */
d62a17ae 55struct filter {
56 /* For doubly linked list. */
57 struct filter *next;
58 struct filter *prev;
718e3744 59
d62a17ae 60 /* Filter type information. */
61 enum filter_type type;
718e3744 62
358189ad
DA		 63 /* Sequence number */
64 int64_t seq;
65
d62a17ae 66 /* Cisco access-list */
67 int cisco;
718e3744 68
d62a17ae 69 union {
70 struct filter_cisco cfilter;
71 struct filter_zebra zfilter;
72 } u;
718e3744 73};
74
75/* List of access_list. */
d62a17ae 76struct access_list_list {
77 struct access_list *head;
78 struct access_list *tail;
718e3744 79};
80
81/* Master structure of access_list. */
d62a17ae 82struct access_master {
83 /* List of access_list which name is number. */
84 struct access_list_list num;
718e3744 85
d62a17ae 86 /* List of access_list which name is string. */
87 struct access_list_list str;
718e3744 88
d62a17ae 89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook)(struct access_list *);
718e3744 91
d62a17ae 92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook)(struct access_list *);
718e3744 94};
95
b34fd35d 96/* Static structure for mac access_list's master. */
d37ba549
MK		 97static struct access_master access_master_mac = {
98 {NULL, NULL},
99 {NULL, NULL},
100 NULL,
101 NULL,
102};
103
718e3744 104/* Static structure for IPv4 access_list's master. */
d62a17ae 105static struct access_master access_master_ipv4 = {
106 {NULL, NULL},
107 {NULL, NULL},
108 NULL,
109 NULL,
718e3744 110};
111
718e3744 112/* Static structure for IPv6 access_list's master. */
d62a17ae 113static struct access_master access_master_ipv6 = {
114 {NULL, NULL},
115 {NULL, NULL},
116 NULL,
117 NULL,
718e3744 118};
6b0655a2 119
d62a17ae 120static struct access_master *access_master_get(afi_t afi)
718e3744 121{
d62a17ae 122 if (afi == AFI_IP)
123 return &access_master_ipv4;
124 else if (afi == AFI_IP6)
125 return &access_master_ipv6;
d37ba549
MK		 126 else if (afi == AFI_L2VPN)
127 return &access_master_mac;
d62a17ae 128 return NULL;
718e3744 129}
130
131/* Allocate new filter structure. */
d62a17ae 132static struct filter *filter_new(void)
718e3744 133{
9f5dc319 134 return XCALLOC(MTYPE_ACCESS_FILTER, sizeof(struct filter));
718e3744 135}
136
d62a17ae 137static void filter_free(struct filter *filter)
718e3744 138{
d62a17ae 139 XFREE(MTYPE_ACCESS_FILTER, filter);
718e3744 140}
141
142/* Return string of filter_type. */
d62a17ae 143static const char *filter_type_str(struct filter *filter)
144{
145 switch (filter->type) {
146 case FILTER_PERMIT:
147 return "permit";
d62a17ae 148 case FILTER_DENY:
149 return "deny";
d62a17ae 150 case FILTER_DYNAMIC:
151 return "dynamic";
d62a17ae 152 default:
153 return "";
d62a17ae 154 }
718e3744 155}
156
157/* If filter match to the prefix then return 1. */
123214ef 158static int filter_match_cisco(struct filter *mfilter, const struct prefix *p)
718e3744 159{
d62a17ae 160 struct filter_cisco *filter;
161 struct in_addr mask;
d7c0a89a
QY		 162 uint32_t check_addr;
163 uint32_t check_mask;
718e3744 164
d62a17ae 165 filter = &mfilter->u.cfilter;
166 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
718e3744 167
d62a17ae 168 if (filter->extended) {
169 masklen2ip(p->prefixlen, &mask);
170 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
718e3744 171
d62a17ae 172 if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0
173 && memcmp(&check_mask, &filter->mask.s_addr, 4) == 0)
174 return 1;
175 } else if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0)
176 return 1;
718e3744 177
d62a17ae 178 return 0;
718e3744 179}
180
181/* If filter match to the prefix then return 1. */
123214ef 182static int filter_match_zebra(struct filter *mfilter, const struct prefix *p)
718e3744 183{
d37ba549 184 struct filter_zebra *filter = NULL;
718e3744 185
d62a17ae 186 filter = &mfilter->u.zfilter;
718e3744 187
3b0f6068
DL		 188 if (filter->prefix.family == p->family) {
189 if (filter->exact) {
190 if (filter->prefix.prefixlen == p->prefixlen)
d62a17ae 191 return prefix_match(&filter->prefix, p);
3b0f6068
DL		 192 else
193 return 0;
d62a17ae 194 } else
3b0f6068
DL		 195 return prefix_match(&filter->prefix, p);
196 } else
197 return 0;
718e3744 198}
6b0655a2 199
718e3744 200/* Allocate new access list structure. */
d62a17ae 201static struct access_list *access_list_new(void)
718e3744 202{
9f5dc319 203 return XCALLOC(MTYPE_ACCESS_LIST, sizeof(struct access_list));
718e3744 204}
205
206/* Free allocated access_list. */
d62a17ae 207static void access_list_free(struct access_list *access)
718e3744 208{
d62a17ae 209 XFREE(MTYPE_ACCESS_LIST, access);
718e3744 210}
211
212/* Delete access_list from access_master and free it. */
d62a17ae 213static void access_list_delete(struct access_list *access)
718e3744 214{
d62a17ae 215 struct filter *filter;
216 struct filter *next;
217 struct access_list_list *list;
218 struct access_master *master;
718e3744 219
d62a17ae 220 for (filter = access->head; filter; filter = next) {
221 next = filter->next;
222 filter_free(filter);
223 }
718e3744 224
d62a17ae 225 master = access->master;
718e3744 226
d62a17ae 227 if (access->type == ACCESS_TYPE_NUMBER)
228 list = &master->num;
229 else
230 list = &master->str;
718e3744 231
d62a17ae 232 if (access->next)
233 access->next->prev = access->prev;
234 else
235 list->tail = access->prev;
718e3744 236
d62a17ae 237 if (access->prev)
238 access->prev->next = access->next;
239 else
240 list->head = access->next;
718e3744 241
0a22ddfb 242 XFREE(MTYPE_ACCESS_LIST_STR, access->name);
718e3744 243
0a22ddfb 244 XFREE(MTYPE_TMP, access->remark);
718e3744 245
d62a17ae 246 access_list_free(access);
718e3744 247}
248
249/* Insert new access list to list of access_list. Each acceess_list
250 is sorted by the name. */
d62a17ae 251static struct access_list *access_list_insert(afi_t afi, const char *name)
252{
253 unsigned int i;
254 long number;
255 struct access_list *access;
256 struct access_list *point;
257 struct access_list_list *alist;
258 struct access_master *master;
259
260 master = access_master_get(afi);
261 if (master == NULL)
262 return NULL;
263
264 /* Allocate new access_list and copy given name. */
265 access = access_list_new();
266 access->name = XSTRDUP(MTYPE_ACCESS_LIST_STR, name);
267 access->master = master;
268
269 /* If name is made by all digit character. We treat it as
270 number. */
271 for (number = 0, i = 0; i < strlen(name); i++) {
fefa5e0f 272 if (isdigit((unsigned char)name[i]))
d62a17ae 273 number = (number * 10) + (name[i] - '0');
274 else
275 break;
276 }
277
278 /* In case of name is all digit character */
279 if (i == strlen(name)) {
280 access->type = ACCESS_TYPE_NUMBER;
281
282 /* Set access_list to number list. */
283 alist = &master->num;
284
285 for (point = alist->head; point; point = point->next)
286 if (atol(point->name) >= number)
287 break;
288 } else {
289 access->type = ACCESS_TYPE_STRING;
290
291 /* Set access_list to string list. */
292 alist = &master->str;
293
294 /* Set point to insertion point. */
295 for (point = alist->head; point; point = point->next)
296 if (strcmp(point->name, name) >= 0)
297 break;
298 }
299
300 /* In case of this is the first element of master. */
301 if (alist->head == NULL) {
302 alist->head = alist->tail = access;
303 return access;
304 }
305
306 /* In case of insertion is made at the tail of access_list. */
307 if (point == NULL) {
308 access->prev = alist->tail;
309 alist->tail->next = access;
310 alist->tail = access;
311 return access;
312 }
313
314 /* In case of insertion is made at the head of access_list. */
315 if (point == alist->head) {
316 access->next = alist->head;
317 alist->head->prev = access;
318 alist->head = access;
319 return access;
320 }
321
322 /* Insertion is made at middle of the access_list. */
323 access->next = point;
324 access->prev = point->prev;
325
326 if (point->prev)
327 point->prev->next = access;
328 point->prev = access;
329
330 return access;
718e3744 331}
332
333/* Lookup access_list from list of access_list by name. */
d62a17ae 334struct access_list *access_list_lookup(afi_t afi, const char *name)
718e3744 335{
d62a17ae 336 struct access_list *access;
337 struct access_master *master;
718e3744 338
d62a17ae 339 if (name == NULL)
340 return NULL;
718e3744 341
d62a17ae 342 master = access_master_get(afi);
343 if (master == NULL)
344 return NULL;
718e3744 345
d62a17ae 346 for (access = master->num.head; access; access = access->next)
347 if (strcmp(access->name, name) == 0)
348 return access;
718e3744 349
d62a17ae 350 for (access = master->str.head; access; access = access->next)
351 if (strcmp(access->name, name) == 0)
352 return access;
718e3744 353
d62a17ae 354 return NULL;
718e3744 355}
356
357/* Get access list from list of access_list. If there isn't matched
358 access_list create new one and return it. */
d62a17ae 359static struct access_list *access_list_get(afi_t afi, const char *name)
718e3744 360{
d62a17ae 361 struct access_list *access;
718e3744 362
d62a17ae 363 access = access_list_lookup(afi, name);
364 if (access == NULL)
365 access = access_list_insert(afi, name);
366 return access;
718e3744 367}
368
369/* Apply access list to object (which should be struct prefix *). */
123214ef
MS		 370enum filter_type access_list_apply(struct access_list *access,
371 const void *object)
718e3744 372{
d62a17ae 373 struct filter *filter;
123214ef 374 const struct prefix *p = (const struct prefix *)object;
718e3744 375
d62a17ae 376 if (access == NULL)
377 return FILTER_DENY;
718e3744 378
d62a17ae 379 for (filter = access->head; filter; filter = filter->next) {
380 if (filter->cisco) {
381 if (filter_match_cisco(filter, p))
382 return filter->type;
383 } else {
0f6476cc 384 if (filter_match_zebra(filter, p))
d62a17ae 385 return filter->type;
386 }
718e3744 387 }
718e3744 388
d62a17ae 389 return FILTER_DENY;
718e3744 390}
391
392/* Add hook function. */
d62a17ae 393void access_list_add_hook(void (*func)(struct access_list *access))
718e3744 394{
d62a17ae 395 access_master_ipv4.add_hook = func;
396 access_master_ipv6.add_hook = func;
d37ba549 397 access_master_mac.add_hook = func;
718e3744 398}
399
400/* Delete hook function. */
d62a17ae 401void access_list_delete_hook(void (*func)(struct access_list *access))
718e3744 402{
d62a17ae 403 access_master_ipv4.delete_hook = func;
404 access_master_ipv6.delete_hook = func;
d37ba549 405 access_master_mac.delete_hook = func;
718e3744 406}
407
358189ad
DA		 408/* Calculate new sequential number. */
409static int64_t filter_new_seq_get(struct access_list *access)
718e3744 410{
358189ad
DA		 411 int64_t maxseq;
412 int64_t newseq;
413 struct filter *filter;
718e3744 414
5037cc3e 415 maxseq = 0;
718e3744 416
358189ad
DA		 417 for (filter = access->head; filter; filter = filter->next) {
418 if (maxseq < filter->seq)
419 maxseq = filter->seq;
420 }
421
422 newseq = ((maxseq / 5) * 5) + 5;
423
424 return (newseq > UINT_MAX) ? UINT_MAX : newseq;
425}
426
427/* Return access list entry which has same seq number. */
428static struct filter *filter_seq_check(struct access_list *access,
429 int64_t seq)
430{
431 struct filter *filter;
432
433 for (filter = access->head; filter; filter = filter->next)
434 if (filter->seq == seq)
435 return filter;
436 return NULL;
718e3744 437}
438
439/* If access_list has no filter then return 1. */
7351b957 440static bool access_list_empty(struct access_list *access)
718e3744 441{
d62a17ae 442 if (access->head == NULL && access->tail == NULL)
7351b957 443 return true;
d62a17ae 444 else
7351b957 445 return false;
718e3744 446}
447
448/* Delete filter from specified access_list. If there is hook
449 function execute it. */
d62a17ae 450static void access_list_filter_delete(struct access_list *access,
451 struct filter *filter)
718e3744 452{
d62a17ae 453 struct access_master *master;
7d16d76f 454 struct filter *replace = filter;
718e3744 455
d62a17ae 456 master = access->master;
718e3744 457
d62a17ae 458 if (filter->next)
459 filter->next->prev = filter->prev;
460 else
461 access->tail = filter->prev;
718e3744 462
d62a17ae 463 if (filter->prev)
464 filter->prev->next = filter->next;
465 else
466 access->head = filter->next;
718e3744 467
d62a17ae 468 filter_free(filter);
718e3744 469
d62a17ae 470 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
471 /* Run hook function. */
472 if (master->delete_hook)
473 (*master->delete_hook)(access);
683de05f 474
d62a17ae 475 /* If access_list becomes empty delete it from access_master. */
7d16d76f 476 if (access_list_empty(access) && !replace)
d62a17ae 477 access_list_delete(access);
718e3744 478}
6b0655a2 479
358189ad
DA		 480/* Add new filter to the end of specified access_list. */
481static void access_list_filter_add(struct access_list *access,
482 struct filter *filter)
483{
484 struct filter *replace;
485 struct filter *point;
486
487 /* Automatic asignment of seq no. */
488 if (filter->seq == -1)
489 filter->seq = filter_new_seq_get(access);
490
491 if (access->tail && filter->seq > access->tail->seq)
492 point = NULL;
493 else {
494 /* Is there any same seq access list filter? */
495 replace = filter_seq_check(access, filter->seq);
496 if (replace)
497 access_list_filter_delete(access, replace);
498
499 /* Check insert point. */
500 for (point = access->head; point; point = point->next)
501 if (point->seq >= filter->seq)
502 break;
503 }
504
505 /* In case of this is the first element of the list. */
506 filter->next = point;
507
508 if (point) {
509 if (point->prev)
510 point->prev->next = filter;
511 else
512 access->head = filter;
513
514 filter->prev = point->prev;
515 point->prev = filter;
516 } else {
517 if (access->tail)
518 access->tail->next = filter;
519 else
520 access->head = filter;
521
522 filter->prev = access->tail;
523 access->tail = filter;
524 }
525
526 /* Run hook function. */
527 if (access->master->add_hook)
528 (*access->master->add_hook)(access);
529 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
530}
531
718e3744 532/*
533 deny Specify packets to reject
534 permit Specify packets to forward
535 dynamic ?
536*/
537
538/*
539 Hostname or A.B.C.D Address to match
540 any Any source host
541 host A single host address
542*/
543
d62a17ae 544static struct filter *filter_lookup_cisco(struct access_list *access,
545 struct filter *mnew)
546{
547 struct filter *mfilter;
548 struct filter_cisco *filter;
549 struct filter_cisco *new;
550
551 new = &mnew->u.cfilter;
552
553 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
554 filter = &mfilter->u.cfilter;
555
556 if (filter->extended) {
557 if (mfilter->type == mnew->type
558 && filter->addr.s_addr == new->addr.s_addr
559 && filter->addr_mask.s_addr == new->addr_mask.s_addr
560 && filter->mask.s_addr == new->mask.s_addr
561 && filter->mask_mask.s_addr
562 == new->mask_mask.s_addr)
563 return mfilter;
564 } else {
565 if (mfilter->type == mnew->type
566 && filter->addr.s_addr == new->addr.s_addr
567 && filter->addr_mask.s_addr
568 == new->addr_mask.s_addr)
569 return mfilter;
570 }
571 }
572
573 return NULL;
574}
575
576static struct filter *filter_lookup_zebra(struct access_list *access,
577 struct filter *mnew)
718e3744 578{
d62a17ae 579 struct filter *mfilter;
580 struct filter_zebra *filter;
581 struct filter_zebra *new;
718e3744 582
d62a17ae 583 new = &mnew->u.zfilter;
718e3744 584
d62a17ae 585 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
586 filter = &mfilter->u.zfilter;
718e3744 587
d62a17ae 588 if (filter->exact == new->exact
d37ba549 589 && mfilter->type == mnew->type) {
0f6476cc
DS		 590 if (prefix_same(&filter->prefix, &new->prefix))
591 return mfilter;
d37ba549 592 }
718e3744 593 }
d62a17ae 594 return NULL;
595}
596
597static int vty_access_list_remark_unset(struct vty *vty, afi_t afi,
598 const char *name)
599{
600 struct access_list *access;
601
602 access = access_list_lookup(afi, name);
603 if (!access) {
604 vty_out(vty, "%% access-list %s doesn't exist\n", name);
605 return CMD_WARNING_CONFIG_FAILED;
606 }
607
e1b36e13 608 XFREE(MTYPE_TMP, access->remark);
d62a17ae 609
2e1cc436 610 if (access->head == NULL && access->tail == NULL)
d62a17ae 611 access_list_delete(access);
612
613 return CMD_SUCCESS;
614}
615
616static int filter_set_cisco(struct vty *vty, const char *name_str,
358189ad
DA		 617 const char *seq, const char *type_str,
618 const char *addr_str, const char *addr_mask_str,
619 const char *mask_str, const char *mask_mask_str,
620 int extended, int set)
d62a17ae 621{
622 int ret;
358189ad 623 enum filter_type type = FILTER_DENY;
d62a17ae 624 struct filter *mfilter;
625 struct filter_cisco *filter;
626 struct access_list *access;
627 struct in_addr addr;
628 struct in_addr addr_mask;
629 struct in_addr mask;
630 struct in_addr mask_mask;
358189ad
DA		 631 int64_t seqnum = -1;
632
633 if (seq)
634 seqnum = (int64_t)atol(seq);
d62a17ae 635
636 /* Check of filter type. */
358189ad
DA		 637 if (type_str) {
638 if (strncmp(type_str, "p", 1) == 0)
639 type = FILTER_PERMIT;
640 else if (strncmp(type_str, "d", 1) == 0)
641 type = FILTER_DENY;
642 else {
643 vty_out(vty, "%% filter type must be permit or deny\n");
644 return CMD_WARNING_CONFIG_FAILED;
645 }
d62a17ae 646 }
647
648 ret = inet_aton(addr_str, &addr);
649 if (ret <= 0) {
650 vty_out(vty, "%%Inconsistent address and mask\n");
651 return CMD_WARNING_CONFIG_FAILED;
652 }
653
654 ret = inet_aton(addr_mask_str, &addr_mask);
655 if (ret <= 0) {
656 vty_out(vty, "%%Inconsistent address and mask\n");
657 return CMD_WARNING_CONFIG_FAILED;
658 }
659
660 if (extended) {
661 ret = inet_aton(mask_str, &mask);
662 if (ret <= 0) {
663 vty_out(vty, "%%Inconsistent address and mask\n");
664 return CMD_WARNING_CONFIG_FAILED;
665 }
666
667 ret = inet_aton(mask_mask_str, &mask_mask);
668 if (ret <= 0) {
669 vty_out(vty, "%%Inconsistent address and mask\n");
670 return CMD_WARNING_CONFIG_FAILED;
671 }
672 }
673
674 mfilter = filter_new();
675 mfilter->type = type;
676 mfilter->cisco = 1;
358189ad 677 mfilter->seq = seqnum;
d62a17ae 678 filter = &mfilter->u.cfilter;
679 filter->extended = extended;
680 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
681 filter->addr_mask.s_addr = addr_mask.s_addr;
682
683 if (extended) {
684 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
685 filter->mask_mask.s_addr = mask_mask.s_addr;
718e3744 686 }
687
d62a17ae 688 /* Install new filter to the access_list. */
689 access = access_list_get(AFI_IP, name_str);
690
691 if (set) {
692 if (filter_lookup_cisco(access, mfilter))
693 filter_free(mfilter);
694 else
695 access_list_filter_add(access, mfilter);
696 } else {
697 struct filter *delete_filter;
698
699 delete_filter = filter_lookup_cisco(access, mfilter);
700 if (delete_filter)
701 access_list_filter_delete(access, delete_filter);
702
703 filter_free(mfilter);
718e3744 704 }
d62a17ae 705
706 return CMD_SUCCESS;
718e3744 707}
708
709/* Standard access-list */
710DEFUN (access_list_standard,
711 access_list_standard_cmd,
358189ad 712 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 713 "Add an access list entry\n"
714 "IP standard access list\n"
715 "IP standard access list (expanded range)\n"
358189ad
DA		 716 "Sequence number of an entry\n"
717 "Sequence number\n"
718e3744 718 "Specify packets to reject\n"
719 "Specify packets to forward\n"
720 "Address to match\n"
721 "Wildcard bits\n")
722{
d62a17ae 723 int idx_acl = 1;
358189ad
DA		 724 int idx = 0;
725 char *seq = NULL;
726 char *permit_deny = NULL;
727 char *address = NULL;
728 char *wildcard = NULL;
729
730 argv_find(argv, argc, "(1-4294967295)", &idx);
731 if (idx)
732 seq = argv[idx]->arg;
733
734 idx = 0;
735 argv_find(argv, argc, "permit", &idx);
736 argv_find(argv, argc, "deny", &idx);
737 if (idx)
738 permit_deny = argv[idx]->arg;
739
740 idx = 0;
741 argv_find(argv, argc, "A.B.C.D", &idx);
742 if (idx) {
743 address = argv[idx]->arg;
744 wildcard = argv[idx + 1]->arg;
745 }
746
747 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
748 address, wildcard, NULL, NULL, 0, 1);
718e3744 749}
750
751DEFUN (access_list_standard_nomask,
752 access_list_standard_nomask_cmd,
358189ad 753 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 754 "Add an access list entry\n"
755 "IP standard access list\n"
756 "IP standard access list (expanded range)\n"
358189ad
DA		 757 "Sequence number of an entry\n"
758 "Sequence number\n"
718e3744 759 "Specify packets to reject\n"
760 "Specify packets to forward\n"
761 "Address to match\n")
762{
d62a17ae 763 int idx_acl = 1;
358189ad
DA		 764 int idx = 0;
765 char *seq = NULL;
766 char *permit_deny = NULL;
767 char *address = NULL;
768
769 argv_find(argv, argc, "(1-4294967295)", &idx);
770 if (idx)
771 seq = argv[idx]->arg;
772
773 idx = 0;
774 argv_find(argv, argc, "permit", &idx);
775 argv_find(argv, argc, "deny", &idx);
776 if (idx)
777 permit_deny = argv[idx]->arg;
778
779 idx = 0;
780 argv_find(argv, argc, "A.B.C.D", &idx);
781 if (idx)
782 address = argv[idx]->arg;
783
784 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
785 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 786}
787
788DEFUN (access_list_standard_host,
789 access_list_standard_host_cmd,
358189ad 790 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 791 "Add an access list entry\n"
792 "IP standard access list\n"
793 "IP standard access list (expanded range)\n"
358189ad
DA		 794 "Sequence number of an entry\n"
795 "Sequence number\n"
718e3744 796 "Specify packets to reject\n"
797 "Specify packets to forward\n"
798 "A single host address\n"
799 "Address to match\n")
800{
d62a17ae 801 int idx_acl = 1;
358189ad
DA		 802 int idx = 0;
803 char *seq = NULL;
804 char *permit_deny = NULL;
805 char *address = NULL;
806
807 argv_find(argv, argc, "(1-4294967295)", &idx);
808 if (idx)
809 seq = argv[idx]->arg;
810
811 idx = 0;
812 argv_find(argv, argc, "permit", &idx);
813 argv_find(argv, argc, "deny", &idx);
814 if (idx)
815 permit_deny = argv[idx]->arg;
816
817 idx = 0;
818 argv_find(argv, argc, "A.B.C.D", &idx);
819 if (idx)
820 address = argv[idx]->arg;
821
822 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
823 address, "0.0.0.0", NULL, NULL, 0, 1);
718e3744 824}
825
826DEFUN (access_list_standard_any,
827 access_list_standard_any_cmd,
358189ad 828 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 829 "Add an access list entry\n"
830 "IP standard access list\n"
831 "IP standard access list (expanded range)\n"
358189ad
DA		 832 "Sequence number of an entry\n"
833 "Sequence number\n"
718e3744 834 "Specify packets to reject\n"
835 "Specify packets to forward\n"
836 "Any source host\n")
837{
d62a17ae 838 int idx_acl = 1;
358189ad
DA		 839 int idx = 0;
840 char *seq = NULL;
841 char *permit_deny = NULL;
842
843 argv_find(argv, argc, "(1-4294967295)", &idx);
844 if (idx)
845 seq = argv[idx]->arg;
846
847 idx = 0;
848 argv_find(argv, argc, "permit", &idx);
849 argv_find(argv, argc, "deny", &idx);
850 if (idx)
851 permit_deny = argv[idx]->arg;
852
853 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
854 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 1);
718e3744 855}
856
857DEFUN (no_access_list_standard,
858 no_access_list_standard_cmd,
358189ad 859 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
718e3744 860 NO_STR
861 "Add an access list entry\n"
862 "IP standard access list\n"
863 "IP standard access list (expanded range)\n"
358189ad
DA		 864 "Sequence number of an entry\n"
865 "Sequence number\n"
718e3744 866 "Specify packets to reject\n"
867 "Specify packets to forward\n"
868 "Address to match\n"
869 "Wildcard bits\n")
870{
4eeb00b0 871 int idx_acl = 2;
358189ad
DA		 872 int idx = 0;
873 char *seq = NULL;
874 char *permit_deny = NULL;
875 char *address = NULL;
876 char *wildcard = NULL;
877
878 argv_find(argv, argc, "(1-4294967295)", &idx);
879 if (idx)
880 seq = argv[idx]->arg;
881
882 idx = 0;
883 argv_find(argv, argc, "permit", &idx);
884 argv_find(argv, argc, "deny", &idx);
885 if (idx)
886 permit_deny = argv[idx]->arg;
887
888 idx = 0;
889 argv_find(argv, argc, "A.B.C.D", &idx);
890 if (idx) {
891 address = argv[idx]->arg;
892 wildcard = argv[idx + 1]->arg;
893 }
894
895 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
896 address, wildcard, NULL, NULL, 0, 0);
718e3744 897}
898
899DEFUN (no_access_list_standard_nomask,
900 no_access_list_standard_nomask_cmd,
358189ad 901 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
718e3744 902 NO_STR
903 "Add an access list entry\n"
904 "IP standard access list\n"
905 "IP standard access list (expanded range)\n"
358189ad
DA		 906 "Sequence number of an entry\n"
907 "Sequence number\n"
718e3744 908 "Specify packets to reject\n"
909 "Specify packets to forward\n"
910 "Address to match\n")
911{
d62a17ae 912 int idx_acl = 2;
358189ad
DA		 913 int idx = 0;
914 char *seq = NULL;
915 char *permit_deny = NULL;
916 char *address = NULL;
917
918 argv_find(argv, argc, "(1-4294967295)", &idx);
919 if (idx)
920 seq = argv[idx]->arg;
921
922 idx = 0;
923 argv_find(argv, argc, "permit", &idx);
924 argv_find(argv, argc, "deny", &idx);
925 if (idx)
926 permit_deny = argv[idx]->arg;
927
928 idx = 0;
929 argv_find(argv, argc, "A.B.C.D", &idx);
930 if (idx)
931 address = argv[idx]->arg;
932
933 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
934 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 935}
936
937DEFUN (no_access_list_standard_host,
938 no_access_list_standard_host_cmd,
358189ad 939 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
718e3744 940 NO_STR
941 "Add an access list entry\n"
942 "IP standard access list\n"
943 "IP standard access list (expanded range)\n"
358189ad
DA		 944 "Sequence number of an entry\n"
945 "Sequence number\n"
718e3744 946 "Specify packets to reject\n"
947 "Specify packets to forward\n"
948 "A single host address\n"
949 "Address to match\n")
950{
d62a17ae 951 int idx_acl = 2;
358189ad
DA		 952 int idx = 0;
953 char *seq = NULL;
954 char *permit_deny = NULL;
955 char *address = NULL;
956
957 argv_find(argv, argc, "(1-4294967295)", &idx);
958 if (idx)
959 seq = argv[idx]->arg;
960
961 idx = 0;
962 argv_find(argv, argc, "permit", &idx);
963 argv_find(argv, argc, "deny", &idx);
964 if (idx)
965 permit_deny = argv[idx]->arg;
966
967 idx = 0;
968 argv_find(argv, argc, "A.B.C.D", &idx);
969 if (idx)
970 address = argv[idx]->arg;
971
972 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
973 address, "0.0.0.0", NULL, NULL, 0, 0);
718e3744 974}
975
976DEFUN (no_access_list_standard_any,
977 no_access_list_standard_any_cmd,
358189ad 978 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
718e3744 979 NO_STR
980 "Add an access list entry\n"
981 "IP standard access list\n"
982 "IP standard access list (expanded range)\n"
358189ad
DA		 983 "Sequence number of an entry\n"
984 "Sequence number\n"
718e3744 985 "Specify packets to reject\n"
986 "Specify packets to forward\n"
987 "Any source host\n")
988{
d62a17ae 989 int idx_acl = 2;
358189ad
DA		 990 int idx = 0;
991 char *seq = NULL;
992 char *permit_deny = NULL;
993
994 argv_find(argv, argc, "(1-4294967295)", &idx);
995 if (idx)
996 seq = argv[idx]->arg;
997
998 idx = 0;
999 argv_find(argv, argc, "permit", &idx);
1000 argv_find(argv, argc, "deny", &idx);
1001 if (idx)
1002 permit_deny = argv[idx]->arg;
1003
1004 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1005 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 0);
718e3744 1006}
1007
1008/* Extended access-list */
1009DEFUN (access_list_extended,
1010 access_list_extended_cmd,
358189ad 1011 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1012 "Add an access list entry\n"
1013 "IP extended access list\n"
1014 "IP extended access list (expanded range)\n"
358189ad
DA		 1015 "Sequence number of an entry\n"
1016 "Sequence number\n"
718e3744 1017 "Specify packets to reject\n"
1018 "Specify packets to forward\n"
1019 "Any Internet Protocol\n"
1020 "Source address\n"
1021 "Source wildcard bits\n"
1022 "Destination address\n"
1023 "Destination Wildcard bits\n")
1024{
d62a17ae 1025 int idx_acl = 1;
358189ad
DA		 1026 int idx = 0;
1027 char *seq = NULL;
1028 char *permit_deny = NULL;
1029 char *src = NULL;
1030 char *dst = NULL;
1031 char *src_wildcard = NULL;
1032 char *dst_wildcard = NULL;
1033
1034 argv_find(argv, argc, "(1-4294967295)", &idx);
1035 if (idx)
1036 seq = argv[idx]->arg;
1037
1038 idx = 0;
1039 argv_find(argv, argc, "permit", &idx);
1040 argv_find(argv, argc, "deny", &idx);
1041 if (idx)
1042 permit_deny = argv[idx]->arg;
1043
1044 idx = 0;
1045 argv_find(argv, argc, "A.B.C.D", &idx);
1046 if (idx) {
1047 src = argv[idx]->arg;
1048 src_wildcard = argv[idx + 1]->arg;
1049 dst = argv[idx + 2]->arg;
1050 dst_wildcard = argv[idx + 3]->arg;
1051 }
1052
1053 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1054 src_wildcard, dst, dst_wildcard, 1, 1);
718e3744 1055}
1056
1057DEFUN (access_list_extended_mask_any,
1058 access_list_extended_mask_any_cmd,
358189ad 1059 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1060 "Add an access list entry\n"
1061 "IP extended access list\n"
1062 "IP extended access list (expanded range)\n"
358189ad
DA		 1063 "Sequence number of an entry\n"
1064 "Sequence number\n"
718e3744 1065 "Specify packets to reject\n"
1066 "Specify packets to forward\n"
1067 "Any Internet Protocol\n"
1068 "Source address\n"
1069 "Source wildcard bits\n"
1070 "Any destination host\n")
1071{
d62a17ae 1072 int idx_acl = 1;
358189ad
DA		 1073 int idx = 0;
1074 char *seq = NULL;
1075 char *permit_deny = NULL;
1076 char *src = NULL;
1077 char *src_wildcard = NULL;
1078
1079 argv_find(argv, argc, "(1-4294967295)", &idx);
1080 if (idx)
1081 seq = argv[idx]->arg;
1082
1083 idx = 0;
1084 argv_find(argv, argc, "permit", &idx);
1085 argv_find(argv, argc, "deny", &idx);
1086 if (idx)
1087 permit_deny = argv[idx]->arg;
1088
1089 idx = 0;
1090 argv_find(argv, argc, "A.B.C.D", &idx);
1091 if (idx) {
1092 src = argv[idx]->arg;
1093 src_wildcard = argv[idx + 1]->arg;
1094 }
1095
1096 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1097 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1098 1);
718e3744 1099}
1100
1101DEFUN (access_list_extended_any_mask,
1102 access_list_extended_any_mask_cmd,
358189ad 1103 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1104 "Add an access list entry\n"
1105 "IP extended access list\n"
1106 "IP extended access list (expanded range)\n"
358189ad
DA		 1107 "Sequence number of an entry\n"
1108 "Sequence number\n"
718e3744 1109 "Specify packets to reject\n"
1110 "Specify packets to forward\n"
1111 "Any Internet Protocol\n"
1112 "Any source host\n"
1113 "Destination address\n"
1114 "Destination Wildcard bits\n")
1115{
d62a17ae 1116 int idx_acl = 1;
358189ad
DA		 1117 int idx = 0;
1118 char *seq = NULL;
1119 char *permit_deny = NULL;
1120 char *dst = NULL;
1121 char *dst_wildcard = NULL;
1122
1123 argv_find(argv, argc, "(1-4294967295)", &idx);
1124 if (idx)
1125 seq = argv[idx]->arg;
1126
1127 idx = 0;
1128 argv_find(argv, argc, "permit", &idx);
1129 argv_find(argv, argc, "deny", &idx);
1130 if (idx)
1131 permit_deny = argv[idx]->arg;
1132
1133 idx = 0;
1134 argv_find(argv, argc, "A.B.C.D", &idx);
1135 if (idx) {
1136 dst = argv[idx]->arg;
1137 dst_wildcard = argv[idx + 1]->arg;
1138 }
1139
1140 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1141 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1142 1, 1);
718e3744 1143}
1144
1145DEFUN (access_list_extended_any_any,
1146 access_list_extended_any_any_cmd,
358189ad 1147 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1148 "Add an access list entry\n"
1149 "IP extended access list\n"
1150 "IP extended access list (expanded range)\n"
358189ad
DA		 1151 "Sequence number of an entry\n"
1152 "Sequence number\n"
718e3744 1153 "Specify packets to reject\n"
1154 "Specify packets to forward\n"
1155 "Any Internet Protocol\n"
1156 "Any source host\n"
1157 "Any destination host\n")
1158{
d62a17ae 1159 int idx_acl = 1;
358189ad
DA		 1160 int idx = 0;
1161 char *seq = NULL;
1162 char *permit_deny = NULL;
1163
1164 argv_find(argv, argc, "(1-4294967295)", &idx);
1165 if (idx)
1166 seq = argv[idx]->arg;
1167
1168 idx = 0;
1169 argv_find(argv, argc, "permit", &idx);
1170 argv_find(argv, argc, "deny", &idx);
1171 if (idx)
1172 permit_deny = argv[idx]->arg;
1173
1174 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1175 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1176 "255.255.255.255", 1, 1);
718e3744 1177}
1178
1179DEFUN (access_list_extended_mask_host,
1180 access_list_extended_mask_host_cmd,
358189ad 1181 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1182 "Add an access list entry\n"
1183 "IP extended access list\n"
1184 "IP extended access list (expanded range)\n"
358189ad
DA		 1185 "Sequence number of an entry\n"
1186 "Sequence number\n"
718e3744 1187 "Specify packets to reject\n"
1188 "Specify packets to forward\n"
1189 "Any Internet Protocol\n"
1190 "Source address\n"
1191 "Source wildcard bits\n"
1192 "A single destination host\n"
1193 "Destination address\n")
1194{
d62a17ae 1195 int idx_acl = 1;
358189ad
DA		 1196 int idx = 0;
1197 char *seq = NULL;
1198 char *permit_deny = NULL;
1199 char *src = NULL;
1200 char *dst = NULL;
1201 char *src_wildcard = NULL;
1202
1203 argv_find(argv, argc, "(1-4294967295)", &idx);
1204 if (idx)
1205 seq = argv[idx]->arg;
1206
1207 idx = 0;
1208 argv_find(argv, argc, "permit", &idx);
1209 argv_find(argv, argc, "deny", &idx);
1210 if (idx)
1211 permit_deny = argv[idx]->arg;
1212
1213 idx = 0;
1214 argv_find(argv, argc, "A.B.C.D", &idx);
1215 if (idx) {
1216 src = argv[idx]->arg;
1217 src_wildcard = argv[idx + 1]->arg;
1218 dst = argv[idx + 3]->arg;
1219 }
1220
1221 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1222 src_wildcard, dst, "0.0.0.0", 1, 1);
718e3744 1223}
1224
1225DEFUN (access_list_extended_host_mask,
1226 access_list_extended_host_mask_cmd,
358189ad 1227 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1228 "Add an access list entry\n"
1229 "IP extended access list\n"
1230 "IP extended access list (expanded range)\n"
358189ad
DA		 1231 "Sequence number of an entry\n"
1232 "Sequence number\n"
718e3744 1233 "Specify packets to reject\n"
1234 "Specify packets to forward\n"
1235 "Any Internet Protocol\n"
1236 "A single source host\n"
1237 "Source address\n"
1238 "Destination address\n"
1239 "Destination Wildcard bits\n")
1240{
d62a17ae 1241 int idx_acl = 1;
358189ad
DA		 1242 int idx = 0;
1243 char *seq = NULL;
1244 char *permit_deny = NULL;
1245 char *src = NULL;
1246 char *dst = NULL;
1247 char *dst_wildcard = NULL;
1248
1249 argv_find(argv, argc, "(1-4294967295)", &idx);
1250 if (idx)
1251 seq = argv[idx]->arg;
1252
1253 idx = 0;
1254 argv_find(argv, argc, "permit", &idx);
1255 argv_find(argv, argc, "deny", &idx);
1256 if (idx)
1257 permit_deny = argv[idx]->arg;
1258
1259 idx = 0;
1260 argv_find(argv, argc, "A.B.C.D", &idx);
1261 if (idx) {
1262 src = argv[idx]->arg;
1263 dst = argv[idx + 1]->arg;
1264 dst_wildcard = argv[idx + 2]->arg;
1265 }
1266
1267 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1268 "0.0.0.0", dst, dst_wildcard, 1, 1);
718e3744 1269}
1270
1271DEFUN (access_list_extended_host_host,
1272 access_list_extended_host_host_cmd,
358189ad 1273 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1274 "Add an access list entry\n"
1275 "IP extended access list\n"
1276 "IP extended access list (expanded range)\n"
358189ad
DA		 1277 "Sequence number of an entry\n"
1278 "Sequence number\n"
718e3744 1279 "Specify packets to reject\n"
1280 "Specify packets to forward\n"
1281 "Any Internet Protocol\n"
1282 "A single source host\n"
1283 "Source address\n"
1284 "A single destination host\n"
1285 "Destination address\n")
1286{
d62a17ae 1287 int idx_acl = 1;
358189ad
DA		 1288 int idx = 0;
1289 char *seq = NULL;
1290 char *permit_deny = NULL;
1291 char *src = NULL;
1292 char *dst = NULL;
1293
1294 argv_find(argv, argc, "(1-4294967295)", &idx);
1295 if (idx)
1296 seq = argv[idx]->arg;
1297
1298 idx = 0;
1299 argv_find(argv, argc, "permit", &idx);
1300 argv_find(argv, argc, "deny", &idx);
1301 if (idx)
1302 permit_deny = argv[idx]->arg;
1303
1304 idx = 0;
1305 argv_find(argv, argc, "A.B.C.D", &idx);
1306 if (idx) {
1307 src = argv[idx]->arg;
1308 dst = argv[idx + 2]->arg;
1309 }
1310
1311 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1312 "0.0.0.0", dst, "0.0.0.0", 1, 1);
718e3744 1313}
1314
1315DEFUN (access_list_extended_any_host,
1316 access_list_extended_any_host_cmd,
358189ad 1317 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1318 "Add an access list entry\n"
1319 "IP extended access list\n"
1320 "IP extended access list (expanded range)\n"
358189ad
DA		 1321 "Sequence number of an entry\n"
1322 "Sequence number\n"
718e3744 1323 "Specify packets to reject\n"
1324 "Specify packets to forward\n"
1325 "Any Internet Protocol\n"
1326 "Any source host\n"
1327 "A single destination host\n"
1328 "Destination address\n")
1329{
d62a17ae 1330 int idx_acl = 1;
358189ad
DA		 1331 int idx = 0;
1332 char *seq = NULL;
1333 char *permit_deny = NULL;
1334 char *dst = NULL;
1335
1336 argv_find(argv, argc, "(1-4294967295)", &idx);
1337 if (idx)
1338 seq = argv[idx]->arg;
1339
1340 idx = 0;
1341 argv_find(argv, argc, "permit", &idx);
1342 argv_find(argv, argc, "deny", &idx);
1343 if (idx)
1344 permit_deny = argv[idx]->arg;
1345
1346 idx = 0;
1347 argv_find(argv, argc, "A.B.C.D", &idx);
1348 if (idx)
1349 dst = argv[idx]->arg;
1350
1351 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1352 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1353 1);
718e3744 1354}
1355
1356DEFUN (access_list_extended_host_any,
1357 access_list_extended_host_any_cmd,
358189ad 1358 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1359 "Add an access list entry\n"
1360 "IP extended access list\n"
1361 "IP extended access list (expanded range)\n"
358189ad
DA		 1362 "Sequence number of an entry\n"
1363 "Sequence number\n"
718e3744 1364 "Specify packets to reject\n"
1365 "Specify packets to forward\n"
1366 "Any Internet Protocol\n"
1367 "A single source host\n"
1368 "Source address\n"
1369 "Any destination host\n")
1370{
d62a17ae 1371 int idx_acl = 1;
358189ad
DA		 1372 int idx = 0;
1373 char *seq = NULL;
1374 char *permit_deny = NULL;
1375 char *src = NULL;
1376
1377 argv_find(argv, argc, "(1-4294967295)", &idx);
1378 if (idx)
1379 seq = argv[idx]->arg;
1380
1381 idx = 0;
1382 argv_find(argv, argc, "permit", &idx);
1383 argv_find(argv, argc, "deny", &idx);
1384 if (idx)
1385 permit_deny = argv[idx]->arg;
1386
1387 idx = 0;
1388 argv_find(argv, argc, "A.B.C.D", &idx);
1389 if (idx)
1390 src = argv[idx]->arg;
1391
1392 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1393 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
718e3744 1394}
1395
1396DEFUN (no_access_list_extended,
1397 no_access_list_extended_cmd,
358189ad 1398 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1399 NO_STR
1400 "Add an access list entry\n"
1401 "IP extended access list\n"
1402 "IP extended access list (expanded range)\n"
358189ad
DA		 1403 "Sequence number of an entry\n"
1404 "Sequence number\n"
718e3744 1405 "Specify packets to reject\n"
1406 "Specify packets to forward\n"
1407 "Any Internet Protocol\n"
1408 "Source address\n"
1409 "Source wildcard bits\n"
1410 "Destination address\n"
1411 "Destination Wildcard bits\n")
1412{
d62a17ae 1413 int idx_acl = 2;
358189ad
DA		 1414 int idx = 0;
1415 char *seq = NULL;
1416 char *permit_deny = NULL;
1417 char *src = NULL;
1418 char *dst = NULL;
1419 char *src_wildcard = NULL;
1420 char *dst_wildcard = NULL;
1421
1422 argv_find(argv, argc, "(1-4294967295)", &idx);
1423 if (idx)
1424 seq = argv[idx]->arg;
1425
1426 idx = 0;
1427 argv_find(argv, argc, "permit", &idx);
1428 argv_find(argv, argc, "deny", &idx);
1429 if (idx)
1430 permit_deny = argv[idx]->arg;
1431
1432 idx = 0;
1433 argv_find(argv, argc, "A.B.C.D", &idx);
1434 if (idx) {
1435 src = argv[idx]->arg;
1436 src_wildcard = argv[idx + 1]->arg;
1437 dst = argv[idx + 2]->arg;
1438 dst_wildcard = argv[idx + 3]->arg;
1439 }
1440
1441 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1442 src_wildcard, dst, dst_wildcard, 1, 0);
718e3744 1443}
1444
1445DEFUN (no_access_list_extended_mask_any,
1446 no_access_list_extended_mask_any_cmd,
358189ad 1447 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1448 NO_STR
1449 "Add an access list entry\n"
1450 "IP extended access list\n"
1451 "IP extended access list (expanded range)\n"
358189ad
DA		 1452 "Sequence number of an entry\n"
1453 "Sequence number\n"
718e3744 1454 "Specify packets to reject\n"
1455 "Specify packets to forward\n"
1456 "Any Internet Protocol\n"
1457 "Source address\n"
1458 "Source wildcard bits\n"
1459 "Any destination host\n")
1460{
d62a17ae 1461 int idx_acl = 2;
358189ad
DA		 1462 int idx = 0;
1463 char *seq = NULL;
1464 char *permit_deny = NULL;
1465 char *src = NULL;
1466 char *src_wildcard = NULL;
1467
1468 argv_find(argv, argc, "(1-4294967295)", &idx);
1469 if (idx)
1470 seq = argv[idx]->arg;
1471
1472 idx = 0;
1473 argv_find(argv, argc, "permit", &idx);
1474 argv_find(argv, argc, "deny", &idx);
1475 if (idx)
1476 permit_deny = argv[idx]->arg;
1477
1478 idx = 0;
1479 argv_find(argv, argc, "A.B.C.D", &idx);
1480 if (idx) {
1481 src = argv[idx]->arg;
1482 src_wildcard = argv[idx + 1]->arg;
1483 }
1484
1485 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1486 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1487 0);
718e3744 1488}
1489
1490DEFUN (no_access_list_extended_any_mask,
1491 no_access_list_extended_any_mask_cmd,
358189ad 1492 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1493 NO_STR
1494 "Add an access list entry\n"
1495 "IP extended access list\n"
1496 "IP extended access list (expanded range)\n"
358189ad
DA		 1497 "Sequence number of an entry\n"
1498 "Sequence number\n"
718e3744 1499 "Specify packets to reject\n"
1500 "Specify packets to forward\n"
1501 "Any Internet Protocol\n"
1502 "Any source host\n"
1503 "Destination address\n"
1504 "Destination Wildcard bits\n")
1505{
d62a17ae 1506 int idx_acl = 2;
358189ad
DA		 1507 int idx = 0;
1508 char *seq = NULL;
1509 char *permit_deny = NULL;
1510 char *dst = NULL;
1511 char *dst_wildcard = NULL;
1512
1513 argv_find(argv, argc, "(1-4294967295)", &idx);
1514 if (idx)
1515 seq = argv[idx]->arg;
1516
1517 idx = 0;
1518 argv_find(argv, argc, "permit", &idx);
1519 argv_find(argv, argc, "deny", &idx);
1520 if (idx)
1521 permit_deny = argv[idx]->arg;
1522
1523 idx = 0;
1524 argv_find(argv, argc, "A.B.C.D", &idx);
1525 if (idx) {
1526 dst = argv[idx]->arg;
1527 dst_wildcard = argv[idx + 1]->arg;
1528 }
1529
1530 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1531 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1532 1, 0);
718e3744 1533}
1534
1535DEFUN (no_access_list_extended_any_any,
1536 no_access_list_extended_any_any_cmd,
358189ad 1537 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
718e3744 1538 NO_STR
1539 "Add an access list entry\n"
1540 "IP extended access list\n"
1541 "IP extended access list (expanded range)\n"
358189ad
DA		 1542 "Sequence number of an entry\n"
1543 "Sequence number\n"
718e3744 1544 "Specify packets to reject\n"
1545 "Specify packets to forward\n"
1546 "Any Internet Protocol\n"
1547 "Any source host\n"
1548 "Any destination host\n")
1549{
d62a17ae 1550 int idx_acl = 2;
358189ad
DA		 1551 int idx = 0;
1552 char *seq = NULL;
1553 char *permit_deny = NULL;
1554
1555 argv_find(argv, argc, "(1-4294967295)", &idx);
1556 if (idx)
1557 seq = argv[idx]->arg;
1558
1559 idx = 0;
1560 argv_find(argv, argc, "permit", &idx);
1561 argv_find(argv, argc, "deny", &idx);
1562 if (idx)
1563 permit_deny = argv[idx]->arg;
1564
1565 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1566 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1567 "255.255.255.255", 1, 0);
718e3744 1568}
1569
1570DEFUN (no_access_list_extended_mask_host,
1571 no_access_list_extended_mask_host_cmd,
358189ad 1572 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1573 NO_STR
1574 "Add an access list entry\n"
1575 "IP extended access list\n"
1576 "IP extended access list (expanded range)\n"
358189ad
DA		 1577 "Sequence number of an entry\n"
1578 "Sequence number\n"
718e3744 1579 "Specify packets to reject\n"
1580 "Specify packets to forward\n"
1581 "Any Internet Protocol\n"
1582 "Source address\n"
1583 "Source wildcard bits\n"
1584 "A single destination host\n"
1585 "Destination address\n")
1586{
d62a17ae 1587 int idx_acl = 2;
358189ad
DA		 1588 int idx = 0;
1589 char *seq = NULL;
1590 char *permit_deny = NULL;
1591 char *src = NULL;
1592 char *dst = NULL;
1593 char *src_wildcard = NULL;
1594
1595 argv_find(argv, argc, "(1-4294967295)", &idx);
1596 if (idx)
1597 seq = argv[idx]->arg;
1598
1599 idx = 0;
1600 argv_find(argv, argc, "permit", &idx);
1601 argv_find(argv, argc, "deny", &idx);
1602 if (idx)
1603 permit_deny = argv[idx]->arg;
1604
1605 idx = 0;
1606 argv_find(argv, argc, "A.B.C.D", &idx);
1607 if (idx) {
1608 src = argv[idx]->arg;
1609 src_wildcard = argv[idx + 1]->arg;
1610 dst = argv[idx + 3]->arg;
1611 }
1612
1613 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1614 src_wildcard, dst, "0.0.0.0", 1, 0);
718e3744 1615}
1616
1617DEFUN (no_access_list_extended_host_mask,
1618 no_access_list_extended_host_mask_cmd,
358189ad 1619 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1620 NO_STR
1621 "Add an access list entry\n"
1622 "IP extended access list\n"
1623 "IP extended access list (expanded range)\n"
358189ad
DA		 1624 "Sequence number of an entry\n"
1625 "Sequence number\n"
718e3744 1626 "Specify packets to reject\n"
1627 "Specify packets to forward\n"
1628 "Any Internet Protocol\n"
1629 "A single source host\n"
1630 "Source address\n"
1631 "Destination address\n"
1632 "Destination Wildcard bits\n")
1633{
d62a17ae 1634 int idx_acl = 2;
358189ad
DA		 1635 int idx = 0;
1636 char *seq = NULL;
1637 char *permit_deny = NULL;
1638 char *src = NULL;
1639 char *dst = NULL;
1640 char *dst_wildcard = NULL;
1641
1642 argv_find(argv, argc, "(1-4294967295)", &idx);
1643 if (idx)
1644 seq = argv[idx]->arg;
1645
1646 idx = 0;
1647 argv_find(argv, argc, "permit", &idx);
1648 argv_find(argv, argc, "deny", &idx);
1649 if (idx)
1650 permit_deny = argv[idx]->arg;
1651
1652 idx = 0;
1653 argv_find(argv, argc, "A.B.C.D", &idx);
1654 if (idx) {
1655 src = argv[idx]->arg;
1656 dst = argv[idx + 1]->arg;
1657 dst_wildcard = argv[idx + 2]->arg;
1658 }
1659
1660 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1661 "0.0.0.0", dst, dst_wildcard, 1, 0);
718e3744 1662}
1663
1664DEFUN (no_access_list_extended_host_host,
1665 no_access_list_extended_host_host_cmd,
358189ad 1666 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1667 NO_STR
1668 "Add an access list entry\n"
1669 "IP extended access list\n"
1670 "IP extended access list (expanded range)\n"
358189ad
DA		 1671 "Sequence number of an entry\n"
1672 "Sequence number\n"
718e3744 1673 "Specify packets to reject\n"
1674 "Specify packets to forward\n"
1675 "Any Internet Protocol\n"
1676 "A single source host\n"
1677 "Source address\n"
1678 "A single destination host\n"
1679 "Destination address\n")
1680{
d62a17ae 1681 int idx_acl = 2;
358189ad
DA		 1682 int idx = 0;
1683 char *seq = NULL;
1684 char *permit_deny = NULL;
1685 char *src = NULL;
1686 char *dst = NULL;
1687
1688 argv_find(argv, argc, "(1-4294967295)", &idx);
1689 if (idx)
1690 seq = argv[idx]->arg;
1691
1692 idx = 0;
1693 argv_find(argv, argc, "permit", &idx);
1694 argv_find(argv, argc, "deny", &idx);
1695 if (idx)
1696 permit_deny = argv[idx]->arg;
1697
1698 idx = 0;
1699 argv_find(argv, argc, "A.B.C.D", &idx);
1700 if (idx) {
1701 src = argv[idx]->arg;
1702 dst = argv[idx + 2]->arg;
1703 }
1704
1705 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1706 "0.0.0.0", dst, "0.0.0.0", 1, 0);
718e3744 1707}
1708
1709DEFUN (no_access_list_extended_any_host,
1710 no_access_list_extended_any_host_cmd,
358189ad 1711 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
718e3744 1712 NO_STR
1713 "Add an access list entry\n"
1714 "IP extended access list\n"
1715 "IP extended access list (expanded range)\n"
358189ad
DA		 1716 "Sequence number of an entry\n"
1717 "Sequence number\n"
718e3744 1718 "Specify packets to reject\n"
1719 "Specify packets to forward\n"
1720 "Any Internet Protocol\n"
1721 "Any source host\n"
1722 "A single destination host\n"
1723 "Destination address\n")
1724{
d62a17ae 1725 int idx_acl = 2;
358189ad
DA		 1726 int idx = 0;
1727 char *seq = NULL;
1728 char *permit_deny = NULL;
1729 char *dst = NULL;
1730
1731 argv_find(argv, argc, "(1-4294967295)", &idx);
1732 if (idx)
1733 seq = argv[idx]->arg;
1734
1735 idx = 0;
1736 argv_find(argv, argc, "permit", &idx);
1737 argv_find(argv, argc, "deny", &idx);
1738 if (idx)
1739 permit_deny = argv[idx]->arg;
1740
1741 idx = 0;
1742 argv_find(argv, argc, "A.B.C.D", &idx);
1743 if (idx)
1744 dst = argv[idx]->arg;
1745
1746 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1747 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1748 0);
718e3744 1749}
1750
1751DEFUN (no_access_list_extended_host_any,
1752 no_access_list_extended_host_any_cmd,
358189ad 1753 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
718e3744 1754 NO_STR
1755 "Add an access list entry\n"
1756 "IP extended access list\n"
1757 "IP extended access list (expanded range)\n"
358189ad
DA		 1758 "Sequence number of an entry\n"
1759 "Sequence number\n"
718e3744 1760 "Specify packets to reject\n"
1761 "Specify packets to forward\n"
1762 "Any Internet Protocol\n"
1763 "A single source host\n"
1764 "Source address\n"
1765 "Any destination host\n")
1766{
d62a17ae 1767 int idx_acl = 2;
358189ad
DA		 1768 int idx = 0;
1769 char *seq = NULL;
1770 char *permit_deny = NULL;
1771 char *src = NULL;
1772
1773 argv_find(argv, argc, "(1-4294967295)", &idx);
1774 if (idx)
1775 seq = argv[idx]->arg;
1776
1777 idx = 0;
1778 argv_find(argv, argc, "permit", &idx);
1779 argv_find(argv, argc, "deny", &idx);
1780 if (idx)
1781 permit_deny = argv[idx]->arg;
1782
1783 idx = 0;
1784 argv_find(argv, argc, "A.B.C.D", &idx);
1785 if (idx)
1786 src = argv[idx]->arg;
1787
1788 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
d62a17ae 1789 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1790}
1791
1792static int filter_set_zebra(struct vty *vty, const char *name_str,
358189ad 1793 const char *seq, const char *type_str, afi_t afi,
d62a17ae 1794 const char *prefix_str, int exact, int set)
1795{
1796 int ret;
358189ad 1797 enum filter_type type = FILTER_DENY;
d62a17ae 1798 struct filter *mfilter;
1799 struct filter_zebra *filter;
1800 struct access_list *access;
1801 struct prefix p;
358189ad 1802 int64_t seqnum = -1;
d62a17ae 1803
1804 if (strlen(name_str) > ACL_NAMSIZ) {
1805 vty_out(vty,
1806 "%% ACL name %s is invalid: length exceeds "
1807 "%d characters\n",
1808 name_str, ACL_NAMSIZ);
1809 return CMD_WARNING_CONFIG_FAILED;
718e3744 1810 }
718e3744 1811
358189ad
DA		 1812 if (seq)
1813 seqnum = (int64_t)atol(seq);
1814
d62a17ae 1815 /* Check of filter type. */
358189ad
DA		 1816 if (type_str) {
1817 if (strncmp(type_str, "p", 1) == 0)
1818 type = FILTER_PERMIT;
1819 else if (strncmp(type_str, "d", 1) == 0)
1820 type = FILTER_DENY;
1821 else {
1822 vty_out(vty, "filter type must be [permit|deny]\n");
1823 return CMD_WARNING_CONFIG_FAILED;
1824 }
d62a17ae 1825 }
718e3744 1826
d62a17ae 1827 /* Check string format of prefix and prefixlen. */
1828 if (afi == AFI_IP) {
1829 ret = str2prefix_ipv4(prefix_str, (struct prefix_ipv4 *)&p);
1830 if (ret <= 0) {
1831 vty_out(vty,
1832 "IP address prefix/prefixlen is malformed\n");
1833 return CMD_WARNING_CONFIG_FAILED;
1834 }
1835 } else if (afi == AFI_IP6) {
1836 ret = str2prefix_ipv6(prefix_str, (struct prefix_ipv6 *)&p);
1837 if (ret <= 0) {
1838 vty_out(vty,
1839 "IPv6 address prefix/prefixlen is malformed\n");
1840 return CMD_WARNING_CONFIG_FAILED;
1841 }
d37ba549
MK		 1842 } else if (afi == AFI_L2VPN) {
1843 ret = str2prefix_eth(prefix_str, (struct prefix_eth *)&p);
1844 if (ret <= 0) {
1845 vty_out(vty, "MAC address is malformed\n");
1846 return CMD_WARNING;
1847 }
d62a17ae 1848 } else
1849 return CMD_WARNING_CONFIG_FAILED;
1850
1851 mfilter = filter_new();
1852 mfilter->type = type;
358189ad 1853 mfilter->seq = seqnum;
d62a17ae 1854 filter = &mfilter->u.zfilter;
1855 prefix_copy(&filter->prefix, &p);
1856
1857 /* "exact-match" */
1858 if (exact)
1859 filter->exact = 1;
1860
1861 /* Install new filter to the access_list. */
1862 access = access_list_get(afi, name_str);
1863
1864 if (set) {
1865 if (filter_lookup_zebra(access, mfilter))
1866 filter_free(mfilter);
1867 else
1868 access_list_filter_add(access, mfilter);
1869 } else {
1870 struct filter *delete_filter;
d62a17ae 1871 delete_filter = filter_lookup_zebra(access, mfilter);
1872 if (delete_filter)
1873 access_list_filter_delete(access, delete_filter);
1874
1875 filter_free(mfilter);
1876 }
718e3744 1877
d62a17ae 1878 return CMD_SUCCESS;
718e3744 1879}
1880
d37ba549
MK		 1881DEFUN (mac_access_list,
1882 mac_access_list_cmd,
358189ad 1883 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1884 "Add a mac access-list\n"
1885 "Add an access list entry\n"
1886 "MAC zebra access-list name\n"
358189ad
DA		 1887 "Sequence number of an entry\n"
1888 "Sequence number\n"
d37ba549
MK		 1889 "Specify packets to reject\n"
1890 "Specify packets to forward\n"
1891 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1892{
358189ad
DA		 1893 int idx = 0;
1894 char *seq = NULL;
1895 char *permit_deny = NULL;
1896 char *mac = NULL;
1897
1898 argv_find(argv, argc, "(1-4294967295)", &idx);
1899 if (idx)
1900 seq = argv[idx]->arg;
1901
1902 idx = 0;
1903 argv_find(argv, argc, "permit", &idx);
1904 argv_find(argv, argc, "deny", &idx);
1905 if (idx)
1906 permit_deny = argv[idx]->arg;
1907
1908 idx = 0;
1909 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1910 if (idx)
1911 mac = argv[idx]->arg;
d06244b7 1912 assert(mac);
358189ad
DA		 1913
1914 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1915 mac, 0, 1);
d37ba549
MK		 1916}
1917
1918DEFUN (no_mac_access_list,
1919 no_mac_access_list_cmd,
358189ad 1920 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
d37ba549
MK		 1921 NO_STR
1922 "Remove a mac access-list\n"
1923 "Remove an access list entry\n"
1924 "MAC zebra access-list name\n"
358189ad
DA		 1925 "Sequence number of an entry\n"
1926 "Sequence number\n"
d37ba549
MK		 1927 "Specify packets to reject\n"
1928 "Specify packets to forward\n"
1929 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1930{
358189ad
DA		 1931 int idx = 0;
1932 char *seq = NULL;
1933 char *permit_deny = NULL;
1934 char *mac = NULL;
1935
1936 argv_find(argv, argc, "(1-4294967295)", &idx);
1937 if (idx)
1938 seq = argv[idx]->arg;
1939
1940 idx = 0;
1941 argv_find(argv, argc, "permit", &idx);
1942 argv_find(argv, argc, "deny", &idx);
1943 if (idx)
1944 permit_deny = argv[idx]->arg;
1945
1946 idx = 0;
1947 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1948 if (idx)
1949 mac = argv[idx]->arg;
d06244b7 1950 assert(mac);
358189ad 1951
4eeb00b0 1952 return filter_set_zebra(vty, argv[3]->arg, seq, permit_deny, AFI_L2VPN,
358189ad 1953 mac, 0, 0);
d37ba549
MK		 1954}
1955
1956DEFUN (mac_access_list_any,
1957 mac_access_list_any_cmd,
358189ad 1958 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1959 "Add a mac access-list\n"
1960 "Add an access list entry\n"
1961 "MAC zebra access-list name\n"
358189ad
DA		 1962 "Sequence number of an entry\n"
1963 "Sequence number\n"
d37ba549
MK		 1964 "Specify packets to reject\n"
1965 "Specify packets to forward\n"
1966 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1967{
358189ad
DA		 1968 int idx = 0;
1969 char *seq = NULL;
1970 char *permit_deny = NULL;
1971
1972 argv_find(argv, argc, "(1-4294967295)", &idx);
1973 if (idx)
1974 seq = argv[idx]->arg;
1975
1976 idx = 0;
1977 argv_find(argv, argc, "permit", &idx);
1978 argv_find(argv, argc, "deny", &idx);
1979 if (idx)
1980 permit_deny = argv[idx]->arg;
1981
1982 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 1983 "00:00:00:00:00:00", 0, 1);
1984}
1985
1986DEFUN (no_mac_access_list_any,
1987 no_mac_access_list_any_cmd,
358189ad 1988 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
d37ba549
MK		 1989 NO_STR
1990 "Remove a mac access-list\n"
1991 "Remove an access list entry\n"
1992 "MAC zebra access-list name\n"
358189ad
DA		 1993 "Sequence number of an entry\n"
1994 "Sequence number\n"
d37ba549
MK		 1995 "Specify packets to reject\n"
1996 "Specify packets to forward\n"
1997 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1998{
358189ad
DA		 1999 int idx = 0;
2000 char *seq = NULL;
2001 char *permit_deny = NULL;
2002
2003 argv_find(argv, argc, "(1-4294967295)", &idx);
2004 if (idx)
2005 seq = argv[idx]->arg;
2006
2007 idx = 0;
2008 argv_find(argv, argc, "permit", &idx);
2009 argv_find(argv, argc, "deny", &idx);
2010 if (idx)
2011 permit_deny = argv[idx]->arg;
2012
2013 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
d37ba549
MK		 2014 "00:00:00:00:00:00", 0, 0);
2015}
2016
718e3744 2017DEFUN (access_list_exact,
2018 access_list_exact_cmd,
358189ad 2019 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2020 "Add an access list entry\n"
2021 "IP zebra access-list name\n"
358189ad
DA		 2022 "Sequence number of an entry\n"
2023 "Sequence number\n"
718e3744 2024 "Specify packets to reject\n"
2025 "Specify packets to forward\n"
2026 "Prefix to match. e.g. 10.0.0.0/8\n"
2027 "Exact match of the prefixes\n")
2028{
8367c327 2029 int idx = 0;
d62a17ae 2030 int exact = 0;
358189ad
DA		 2031 char *seq = NULL;
2032 char *permit_deny = NULL;
2033 char *prefix = NULL;
2034
2035 argv_find(argv, argc, "(1-4294967295)", &idx);
2036 if (idx)
2037 seq = argv[idx]->arg;
2038
2039 idx = 0;
2040 argv_find(argv, argc, "permit", &idx);
2041 argv_find(argv, argc, "deny", &idx);
2042 if (idx)
2043 permit_deny = argv[idx]->arg;
2044
2045 idx = 0;
2046 argv_find(argv, argc, "A.B.C.D/M", &idx);
2047 if (idx)
2048 prefix = argv[idx]->arg;
d06244b7 2049 assert(prefix);
358189ad
DA		 2050
2051 idx = 0;
d62a17ae 2052 if (argv_find(argv, argc, "exact-match", &idx))
2053 exact = 1;
a1198921 2054
358189ad
DA		 2055 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2056 AFI_IP, prefix, exact, 1);
718e3744 2057}
2058
2059DEFUN (access_list_any,
2060 access_list_any_cmd,
358189ad 2061 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2062 "Add an access list entry\n"
2063 "IP zebra access-list name\n"
358189ad
DA		 2064 "Sequence number of an entry\n"
2065 "Sequence number\n"
718e3744 2066 "Specify packets to reject\n"
2067 "Specify packets to forward\n"
2068 "Prefix to match. e.g. 10.0.0.0/8\n")
2069{
d62a17ae 2070 int idx_word = 1;
358189ad
DA		 2071 int idx = 0;
2072 char *seq = NULL;
2073 char *permit_deny = NULL;
2074
2075 argv_find(argv, argc, "(1-4294967295)", &idx);
2076 if (idx)
2077 seq = argv[idx]->arg;
2078
2079 idx = 0;
2080 argv_find(argv, argc, "permit", &idx);
2081 argv_find(argv, argc, "deny", &idx);
2082 if (idx)
2083 permit_deny = argv[idx]->arg;
2084
2085 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2086 AFI_IP, "0.0.0.0/0", 0, 1);
718e3744 2087}
2088
718e3744 2089DEFUN (no_access_list_exact,
2090 no_access_list_exact_cmd,
358189ad 2091 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
718e3744 2092 NO_STR
2093 "Add an access list entry\n"
2094 "IP zebra access-list name\n"
358189ad
DA		 2095 "Sequence number of an entry\n"
2096 "Sequence number\n"
718e3744 2097 "Specify packets to reject\n"
2098 "Specify packets to forward\n"
2099 "Prefix to match. e.g. 10.0.0.0/8\n"
2100 "Exact match of the prefixes\n")
2101{
8367c327 2102 int idx = 0;
d62a17ae 2103 int exact = 0;
358189ad
DA		 2104 char *seq = NULL;
2105 char *permit_deny = NULL;
2106 char *prefix = NULL;
2107
2108 argv_find(argv, argc, "(1-4294967295)", &idx);
2109 if (idx)
2110 seq = argv[idx]->arg;
2111
2112 idx = 0;
2113 argv_find(argv, argc, "permit", &idx);
2114 argv_find(argv, argc, "deny", &idx);
2115 if (idx)
2116 permit_deny = argv[idx]->arg;
2117
2118 idx = 0;
2119 argv_find(argv, argc, "A.B.C.D/M", &idx);
2120 if (idx)
2121 prefix = argv[idx]->arg;
d06244b7 2122 assert(prefix);
358189ad
DA		 2123
2124 idx = 0;
d62a17ae 2125 if (argv_find(argv, argc, "exact-match", &idx))
2126 exact = 1;
a1198921 2127
358189ad
DA		 2128 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2129 AFI_IP, prefix, exact, 0);
718e3744 2130}
2131
2132DEFUN (no_access_list_any,
2133 no_access_list_any_cmd,
358189ad 2134 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2135 NO_STR
2136 "Add an access list entry\n"
2137 "IP zebra access-list name\n"
358189ad
DA		 2138 "Sequence number of an entry\n"
2139 "Sequence number\n"
718e3744 2140 "Specify packets to reject\n"
2141 "Specify packets to forward\n"
2142 "Prefix to match. e.g. 10.0.0.0/8\n")
2143{
2bf92084 2144 int idx_word = 2;
358189ad
DA		 2145 int idx = 0;
2146 char *seq = NULL;
2147 char *permit_deny = NULL;
2148
2149 argv_find(argv, argc, "(1-4294967295)", &idx);
2150 if (idx)
2151 seq = argv[idx]->arg;
2152
2153 idx = 0;
2154 argv_find(argv, argc, "permit", &idx);
2155 argv_find(argv, argc, "deny", &idx);
2156 if (idx)
2157 permit_deny = argv[idx]->arg;
2158
2159 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2160 AFI_IP, "0.0.0.0/0", 0, 0);
718e3744 2161}
2162
2163DEFUN (no_access_list_all,
2164 no_access_list_all_cmd,
6147e2c6 2165 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2166 NO_STR
2167 "Add an access list entry\n"
2168 "IP standard access list\n"
2169 "IP extended access list\n"
2170 "IP standard access list (expanded range)\n"
2171 "IP extended access list (expanded range)\n"
2172 "IP zebra access-list name\n")
2173{
d62a17ae 2174 int idx_acl = 2;
2175 struct access_list *access;
2176 struct access_master *master;
718e3744 2177
d62a17ae 2178 /* Looking up access_list. */
2179 access = access_list_lookup(AFI_IP, argv[idx_acl]->arg);
2180 if (access == NULL) {
2181 vty_out(vty, "%% access-list %s doesn't exist\n",
2182 argv[idx_acl]->arg);
2183 return CMD_WARNING_CONFIG_FAILED;
2184 }
2185
2186 master = access->master;
718e3744 2187
d62a17ae 2188 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2189 /* Run hook function. */
2190 if (master->delete_hook)
2191 (*master->delete_hook)(access);
718e3744 2192
d62a17ae 2193 /* Delete all filter from access-list. */
2194 access_list_delete(access);
6a2e0f36 2195
d62a17ae 2196 return CMD_SUCCESS;
718e3744 2197}
2198
2199DEFUN (access_list_remark,
2200 access_list_remark_cmd,
e961923c 2201 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
718e3744 2202 "Add an access list entry\n"
2203 "IP standard access list\n"
2204 "IP extended access list\n"
2205 "IP standard access list (expanded range)\n"
2206 "IP extended access list (expanded range)\n"
2207 "IP zebra access-list\n"
2208 "Access list entry comment\n"
2209 "Comment up to 100 characters\n")
2210{
d62a17ae 2211 int idx_acl = 1;
2212 int idx_remark = 3;
2213 struct access_list *access;
718e3744 2214
d62a17ae 2215 access = access_list_get(AFI_IP, argv[idx_acl]->arg);
718e3744 2216
d62a17ae 2217 if (access->remark) {
2218 XFREE(MTYPE_TMP, access->remark);
2219 access->remark = NULL;
2220 }
2221 access->remark = argv_concat(argv, argc, idx_remark);
718e3744 2222
d62a17ae 2223 return CMD_SUCCESS;
718e3744 2224}
2225
2226DEFUN (no_access_list_remark,
2227 no_access_list_remark_cmd,
6147e2c6 2228 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
718e3744 2229 NO_STR
2230 "Add an access list entry\n"
2231 "IP standard access list\n"
2232 "IP extended access list\n"
2233 "IP standard access list (expanded range)\n"
2234 "IP extended access list (expanded range)\n"
2235 "IP zebra access-list\n"
2236 "Access list entry comment\n")
2237{
d62a17ae 2238 int idx_acl = 2;
2239 return vty_access_list_remark_unset(vty, AFI_IP, argv[idx_acl]->arg);
718e3744 2240}
f667a580
QY		 2241
2242/* ALIAS_FIXME */
2243DEFUN (no_access_list_remark_comment,
2244 no_access_list_remark_comment_cmd,
2245 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2246 NO_STR
2247 "Add an access list entry\n"
2248 "IP standard access list\n"
2249 "IP extended access list\n"
2250 "IP standard access list (expanded range)\n"
2251 "IP extended access list (expanded range)\n"
2252 "IP zebra access-list\n"
2253 "Access list entry comment\n"
2254 "Comment up to 100 characters\n")
2255{
d62a17ae 2256 return no_access_list_remark(self, vty, argc, argv);
f667a580 2257}
718e3744 2258
2259DEFUN (ipv6_access_list_exact,
2260 ipv6_access_list_exact_cmd,
358189ad 2261 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2262 IPV6_STR
2263 "Add an access list entry\n"
2264 "IPv6 zebra access-list\n"
358189ad
DA		 2265 "Sequence number of an entry\n"
2266 "Sequence number\n"
718e3744 2267 "Specify packets to reject\n"
2268 "Specify packets to forward\n"
5435e6e8 2269 "IPv6 prefix\n"
718e3744 2270 "Exact match of the prefixes\n")
2271{
8367c327 2272 int idx = 0;
d62a17ae 2273 int exact = 0;
2274 int idx_word = 2;
358189ad
DA		 2275 char *seq = NULL;
2276 char *permit_deny = NULL;
2277 char *prefix = NULL;
2278
2279 argv_find(argv, argc, "(1-4294967295)", &idx);
2280 if (idx)
2281 seq = argv[idx]->arg;
2282
2283 idx = 0;
2284 argv_find(argv, argc, "permit", &idx);
2285 argv_find(argv, argc, "deny", &idx);
2286 if (idx)
2287 permit_deny = argv[idx]->arg;
2288
2289 idx = 0;
2290 argv_find(argv, argc, "X:X::X:X/M", &idx);
2291 if (idx)
2292 prefix = argv[idx]->arg;
2293
2294 idx = 0;
d62a17ae 2295 if (argv_find(argv, argc, "exact-match", &idx))
2296 exact = 1;
a1198921 2297
50cf5243 2298 assert(prefix);
358189ad
DA		 2299 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2300 AFI_IP6, prefix, exact, 1);
718e3744 2301}
2302
2303DEFUN (ipv6_access_list_any,
2304 ipv6_access_list_any_cmd,
358189ad 2305 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2306 IPV6_STR
2307 "Add an access list entry\n"
2308 "IPv6 zebra access-list\n"
358189ad
DA		 2309 "Sequence number of an entry\n"
2310 "Sequence number\n"
718e3744 2311 "Specify packets to reject\n"
2312 "Specify packets to forward\n"
2313 "Any prefixi to match\n")
2314{
d62a17ae 2315 int idx_word = 2;
358189ad
DA		 2316 int idx = 0;
2317 char *seq = NULL;
2318 char *permit_deny = NULL;
2319
2320 argv_find(argv, argc, "(1-4294967295)", &idx);
2321 if (idx)
2322 seq = argv[idx]->arg;
2323
2324 idx = 0;
2325 argv_find(argv, argc, "permit", &idx);
2326 argv_find(argv, argc, "deny", &idx);
2327 if (idx)
2328 permit_deny = argv[idx]->arg;
2329
2330 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2331 AFI_IP6, "::/0", 0, 1);
718e3744 2332}
2333
718e3744 2334DEFUN (no_ipv6_access_list_exact,
2335 no_ipv6_access_list_exact_cmd,
358189ad 2336 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
718e3744 2337 NO_STR
2338 IPV6_STR
2339 "Add an access list entry\n"
2340 "IPv6 zebra access-list\n"
358189ad
DA		 2341 "Sequence number of an entry\n"
2342 "Sequence number\n"
718e3744 2343 "Specify packets to reject\n"
2344 "Specify packets to forward\n"
2345 "Prefix to match. e.g. 3ffe:506::/32\n"
2346 "Exact match of the prefixes\n")
2347{
8367c327 2348 int idx = 0;
d62a17ae 2349 int exact = 0;
2bf92084 2350 int idx_word = 3;
358189ad
DA		 2351 char *seq = NULL;
2352 char *permit_deny = NULL;
2353 char *prefix = NULL;
2354
2355 argv_find(argv, argc, "(1-4294967295)", &idx);
2356 if (idx)
2357 seq = argv[idx]->arg;
2358
2359 idx = 0;
2360 argv_find(argv, argc, "permit", &idx);
2361 argv_find(argv, argc, "deny", &idx);
2362 if (idx)
2363 permit_deny = argv[idx]->arg;
2364
2365 idx = 0;
2366 argv_find(argv, argc, "X:X::X:X/M", &idx);
2367 if (idx)
2368 prefix = argv[idx]->arg;
d06244b7 2369 assert(prefix);
358189ad
DA		 2370
2371 idx = 0;
d62a17ae 2372 if (argv_find(argv, argc, "exact-match", &idx))
2373 exact = 1;
a1198921 2374
358189ad
DA		 2375 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2376 AFI_IP6, prefix, exact, 0);
718e3744 2377}
2378
2379DEFUN (no_ipv6_access_list_any,
2380 no_ipv6_access_list_any_cmd,
358189ad 2381 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
718e3744 2382 NO_STR
2383 IPV6_STR
2384 "Add an access list entry\n"
2385 "IPv6 zebra access-list\n"
358189ad
DA		 2386 "Sequence number of an entry\n"
2387 "Sequence number\n"
718e3744 2388 "Specify packets to reject\n"
2389 "Specify packets to forward\n"
2390 "Any prefixi to match\n")
2391{
2bf92084 2392 int idx_word = 3;
358189ad
DA		 2393 int idx = 0;
2394 char *seq = NULL;
2395 char *permit_deny = NULL;
2396
2397 argv_find(argv, argc, "(1-4294967295)", &idx);
2398 if (idx)
2399 seq = argv[idx]->arg;
2400
2401 idx = 0;
2402 argv_find(argv, argc, "permit", &idx);
2403 argv_find(argv, argc, "deny", &idx);
2404 if (idx)
2405 permit_deny = argv[idx]->arg;
2406
2407 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2408 AFI_IP6, "::/0", 0, 0);
718e3744 2409}
2410
2411
2412DEFUN (no_ipv6_access_list_all,
2413 no_ipv6_access_list_all_cmd,
2414 "no ipv6 access-list WORD",
2415 NO_STR
2416 IPV6_STR
2417 "Add an access list entry\n"
2418 "IPv6 zebra access-list\n")
2419{
d62a17ae 2420 int idx_word = 3;
2421 struct access_list *access;
2422 struct access_master *master;
718e3744 2423
d62a17ae 2424 /* Looking up access_list. */
2425 access = access_list_lookup(AFI_IP6, argv[idx_word]->arg);
2426 if (access == NULL) {
2427 vty_out(vty, "%% access-list %s doesn't exist\n",
2428 argv[idx_word]->arg);
2429 return CMD_WARNING_CONFIG_FAILED;
2430 }
718e3744 2431
d62a17ae 2432 master = access->master;
718e3744 2433
d62a17ae 2434 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2435 /* Run hook function. */
2436 if (master->delete_hook)
2437 (*master->delete_hook)(access);
718e3744 2438
d62a17ae 2439 /* Delete all filter from access-list. */
2440 access_list_delete(access);
6a2e0f36 2441
d62a17ae 2442 return CMD_SUCCESS;
718e3744 2443}
2444
2445DEFUN (ipv6_access_list_remark,
2446 ipv6_access_list_remark_cmd,
e961923c 2447 "ipv6 access-list WORD remark LINE...",
718e3744 2448 IPV6_STR
2449 "Add an access list entry\n"
2450 "IPv6 zebra access-list\n"
2451 "Access list entry comment\n"
2452 "Comment up to 100 characters\n")
2453{
d62a17ae 2454 int idx_word = 2;
2455 int idx_line = 4;
2456 struct access_list *access;
718e3744 2457
d62a17ae 2458 access = access_list_get(AFI_IP6, argv[idx_word]->arg);
718e3744 2459
d62a17ae 2460 if (access->remark) {
2461 XFREE(MTYPE_TMP, access->remark);
2462 access->remark = NULL;
2463 }
2464 access->remark = argv_concat(argv, argc, idx_line);
718e3744 2465
d62a17ae 2466 return CMD_SUCCESS;
718e3744 2467}
2468
2469DEFUN (no_ipv6_access_list_remark,
2470 no_ipv6_access_list_remark_cmd,
2471 "no ipv6 access-list WORD remark",
2472 NO_STR
2473 IPV6_STR
2474 "Add an access list entry\n"
2475 "IPv6 zebra access-list\n"
2476 "Access list entry comment\n")
2477{
d62a17ae 2478 int idx_word = 3;
2479 return vty_access_list_remark_unset(vty, AFI_IP6, argv[idx_word]->arg);
718e3744 2480}
f667a580
QY		 2481
2482/* ALIAS_FIXME */
2483DEFUN (no_ipv6_access_list_remark_comment,
2484 no_ipv6_access_list_remark_comment_cmd,
2485 "no ipv6 access-list WORD remark LINE...",
2486 NO_STR
2487 IPV6_STR
2488 "Add an access list entry\n"
2489 "IPv6 zebra access-list\n"
2490 "Access list entry comment\n"
2491 "Comment up to 100 characters\n")
2492{
d62a17ae 2493 return no_ipv6_access_list_remark(self, vty, argc, argv);
f667a580 2494}
718e3744 2495
eb51bb9b
DL		 2496static void config_write_access_zebra(struct vty *, struct filter *);
2497static void config_write_access_cisco(struct vty *, struct filter *);
718e3744 2498
2499/* show access-list command. */
d62a17ae 2500static int filter_show(struct vty *vty, const char *name, afi_t afi)
2501{
2502 struct access_list *access;
2503 struct access_master *master;
2504 struct filter *mfilter;
2505 struct filter_cisco *filter;
2506 int write = 0;
2507
2508 master = access_master_get(afi);
2509 if (master == NULL)
2510 return 0;
2511
2512 /* Print the name of the protocol */
2513 vty_out(vty, "%s:\n", frr_protoname);
2514
2515 for (access = master->num.head; access; access = access->next) {
2516 if (name && strcmp(access->name, name) != 0)
2517 continue;
2518
2519 write = 1;
2520
2521 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2522 filter = &mfilter->u.cfilter;
2523
2524 if (write) {
d37ba549 2525 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2526 mfilter->cisco ? (filter->extended
2527 ? "Extended"
2528 : "Standard")
2529 : "Zebra",
d37ba549 2530 (afi == AFI_IP)
3b0f6068
DL		 2531 ? ("IP")
2532 : ((afi == AFI_IP6) ? ("IPv6 ")
2533 : ("MAC ")),
d62a17ae 2534 access->name);
2535 write = 0;
2536 }
2537
358189ad
DA		 2538 vty_out(vty, " seq %" PRId64, mfilter->seq);
2539 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2540 mfilter->type == FILTER_DENY ? " " : "");
2541
2542 if (!mfilter->cisco)
2543 config_write_access_zebra(vty, mfilter);
2544 else if (filter->extended)
2545 config_write_access_cisco(vty, mfilter);
2546 else {
2547 if (filter->addr_mask.s_addr == 0xffffffff)
2548 vty_out(vty, " any\n");
2549 else {
2550 vty_out(vty, " %s",
2551 inet_ntoa(filter->addr));
975a328e
DA		 2552 if (filter->addr_mask.s_addr
2553 != INADDR_ANY)
d62a17ae 2554 vty_out(vty,
2555 ", wildcard bits %s",
2556 inet_ntoa(
2557 filter->addr_mask));
2558 vty_out(vty, "\n");
2559 }
2560 }
718e3744 2561 }
718e3744 2562 }
d62a17ae 2563
2564 for (access = master->str.head; access; access = access->next) {
2565 if (name && strcmp(access->name, name) != 0)
2566 continue;
2567
2568 write = 1;
2569
2570 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2571 filter = &mfilter->u.cfilter;
2572
2573 if (write) {
d37ba549 2574 vty_out(vty, "%s %s access list %s\n",
d62a17ae 2575 mfilter->cisco ? (filter->extended
2576 ? "Extended"
2577 : "Standard")
2578 : "Zebra",
d37ba549 2579 (afi == AFI_IP)
3b0f6068
DL		 2580 ? ("IP")
2581 : ((afi == AFI_IP6) ? ("IPv6 ")
2582 : ("MAC ")),
d62a17ae 2583 access->name);
2584 write = 0;
2585 }
2586
358189ad
DA		 2587 vty_out(vty, " seq %" PRId64, mfilter->seq);
2588 vty_out(vty, " %s%s", filter_type_str(mfilter),
d62a17ae 2589 mfilter->type == FILTER_DENY ? " " : "");
2590
2591 if (!mfilter->cisco)
2592 config_write_access_zebra(vty, mfilter);
2593 else if (filter->extended)
2594 config_write_access_cisco(vty, mfilter);
2595 else {
2596 if (filter->addr_mask.s_addr == 0xffffffff)
2597 vty_out(vty, " any\n");
2598 else {
2599 vty_out(vty, " %s",
2600 inet_ntoa(filter->addr));
975a328e
DA		 2601 if (filter->addr_mask.s_addr
2602 != INADDR_ANY)
d62a17ae 2603 vty_out(vty,
2604 ", wildcard bits %s",
2605 inet_ntoa(
2606 filter->addr_mask));
2607 vty_out(vty, "\n");
2608 }
2609 }
718e3744 2610 }
718e3744 2611 }
d62a17ae 2612 return CMD_SUCCESS;
718e3744 2613}
2614
d37ba549
MK		 2615/* show MAC access list - this only has MAC filters for now*/
2616DEFUN (show_mac_access_list,
2617 show_mac_access_list_cmd,
2618 "show mac access-list",
2619 SHOW_STR
2620 "mac access lists\n"
2621 "List mac access lists\n")
2622{
2623 return filter_show(vty, NULL, AFI_L2VPN);
2624}
2625
2626DEFUN (show_mac_access_list_name,
2627 show_mac_access_list_name_cmd,
2628 "show mac access-list WORD",
2629 SHOW_STR
1667fc40 2630 "mac access lists\n"
d37ba549 2631 "List mac access lists\n"
1667fc40 2632 "mac address\n")
d37ba549
MK		 2633{
2634 return filter_show(vty, argv[3]->arg, AFI_L2VPN);
2635}
2636
718e3744 2637DEFUN (show_ip_access_list,
2638 show_ip_access_list_cmd,
2639 "show ip access-list",
2640 SHOW_STR
2641 IP_STR
2642 "List IP access lists\n")
2643{
d62a17ae 2644 return filter_show(vty, NULL, AFI_IP);
718e3744 2645}
2646
2647DEFUN (show_ip_access_list_name,
2648 show_ip_access_list_name_cmd,
6147e2c6 2649 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 2650 SHOW_STR
2651 IP_STR
2652 "List IP access lists\n"
2653 "IP standard access list\n"
2654 "IP extended access list\n"
2655 "IP standard access list (expanded range)\n"
2656 "IP extended access list (expanded range)\n"
2657 "IP zebra access-list\n")
2658{
d62a17ae 2659 int idx_acl = 3;
2660 return filter_show(vty, argv[idx_acl]->arg, AFI_IP);
718e3744 2661}
2662
718e3744 2663DEFUN (show_ipv6_access_list,
2664 show_ipv6_access_list_cmd,
2665 "show ipv6 access-list",
2666 SHOW_STR
2667 IPV6_STR
2668 "List IPv6 access lists\n")
2669{
d62a17ae 2670 return filter_show(vty, NULL, AFI_IP6);
718e3744 2671}
2672
2673DEFUN (show_ipv6_access_list_name,
2674 show_ipv6_access_list_name_cmd,
2675 "show ipv6 access-list WORD",
2676 SHOW_STR
2677 IPV6_STR
2678 "List IPv6 access lists\n"
2679 "IPv6 zebra access-list\n")
2680{
d62a17ae 2681 int idx_word = 3;
2682 return filter_show(vty, argv[idx_word]->arg, AFI_IP6);
2683}
2684
eb51bb9b 2685static void config_write_access_cisco(struct vty *vty, struct filter *mfilter)
d62a17ae 2686{
2687 struct filter_cisco *filter;
2688
2689 filter = &mfilter->u.cfilter;
2690
2691 if (filter->extended) {
2692 vty_out(vty, " ip");
2693 if (filter->addr_mask.s_addr == 0xffffffff)
2694 vty_out(vty, " any");
975a328e 2695 else if (filter->addr_mask.s_addr == INADDR_ANY)
d62a17ae 2696 vty_out(vty, " host %s", inet_ntoa(filter->addr));
2697 else {
2698 vty_out(vty, " %s", inet_ntoa(filter->addr));
2699 vty_out(vty, " %s", inet_ntoa(filter->addr_mask));
2700 }
2701
2702 if (filter->mask_mask.s_addr == 0xffffffff)
2703 vty_out(vty, " any");
975a328e 2704 else if (filter->mask_mask.s_addr == INADDR_ANY)
d62a17ae 2705 vty_out(vty, " host %s", inet_ntoa(filter->mask));
2706 else {
2707 vty_out(vty, " %s", inet_ntoa(filter->mask));
2708 vty_out(vty, " %s", inet_ntoa(filter->mask_mask));
2709 }
2710 vty_out(vty, "\n");
2711 } else {
2712 if (filter->addr_mask.s_addr == 0xffffffff)
2713 vty_out(vty, " any\n");
2714 else {
2715 vty_out(vty, " %s", inet_ntoa(filter->addr));
975a328e 2716 if (filter->addr_mask.s_addr != INADDR_ANY)
d62a17ae 2717 vty_out(vty, " %s",
2718 inet_ntoa(filter->addr_mask));
2719 vty_out(vty, "\n");
2720 }
718e3744 2721 }
718e3744 2722}
2723
eb51bb9b 2724static void config_write_access_zebra(struct vty *vty, struct filter *mfilter)
718e3744 2725{
d62a17ae 2726 struct filter_zebra *filter;
2727 struct prefix *p;
2728 char buf[BUFSIZ];
718e3744 2729
d62a17ae 2730 filter = &mfilter->u.zfilter;
2731 p = &filter->prefix;
718e3744 2732
d62a17ae 2733 if (p->prefixlen == 0 && !filter->exact)
2734 vty_out(vty, " any");
d37ba549 2735 else if (p->family == AF_INET6 || p->family == AF_INET)
d62a17ae 2736 vty_out(vty, " %s/%d%s",
2737 inet_ntop(p->family, &p->u.prefix, buf, BUFSIZ),
2738 p->prefixlen, filter->exact ? " exact-match" : "");
69b61704 2739 else if (p->family == AF_ETHERNET) {
3b0f6068 2740 if (p->prefixlen == 0)
69b61704
MK		 2741 vty_out(vty, " any");
2742 else
2743 vty_out(vty, " %s", prefix_mac2str(&(p->u.prefix_eth),
2744 buf, sizeof(buf)));
2745 }
718e3744 2746
d62a17ae 2747 vty_out(vty, "\n");
718e3744 2748}
2749
d62a17ae 2750static int config_write_access(struct vty *vty, afi_t afi)
718e3744 2751{
d62a17ae 2752 struct access_list *access;
2753 struct access_master *master;
2754 struct filter *mfilter;
2755 int write = 0;
718e3744 2756
d62a17ae 2757 master = access_master_get(afi);
2758 if (master == NULL)
2759 return 0;
718e3744 2760
d62a17ae 2761 for (access = master->num.head; access; access = access->next) {
2762 if (access->remark) {
2763 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2764 (afi == AFI_IP) ? ("")
2765 : ((afi == AFI_IP6) ? ("ipv6 ")
2766 : ("mac ")),
2767 access->name, access->remark);
d62a17ae 2768 write++;
2769 }
718e3744 2770
d62a17ae 2771 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2772 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2773 (afi == AFI_IP) ? ("")
2774 : ((afi == AFI_IP6) ? ("ipv6 ")
2775 : ("mac ")),
358189ad
DA		 2776 access->name, mfilter->seq,
2777 filter_type_str(mfilter));
718e3744 2778
d62a17ae 2779 if (mfilter->cisco)
2780 config_write_access_cisco(vty, mfilter);
2781 else
2782 config_write_access_zebra(vty, mfilter);
718e3744 2783
d62a17ae 2784 write++;
2785 }
718e3744 2786 }
2787
d62a17ae 2788 for (access = master->str.head; access; access = access->next) {
2789 if (access->remark) {
2790 vty_out(vty, "%saccess-list %s remark %s\n",
d37ba549
MK		 2791 (afi == AFI_IP) ? ("")
2792 : ((afi == AFI_IP6) ? ("ipv6 ")
2793 : ("mac ")),
2794 access->name, access->remark);
d62a17ae 2795 write++;
2796 }
2797
2798 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
358189ad 2799 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
d37ba549
MK		 2800 (afi == AFI_IP) ? ("")
2801 : ((afi == AFI_IP6) ? ("ipv6 ")
2802 : ("mac ")),
358189ad
DA		 2803 access->name, mfilter->seq,
2804 filter_type_str(mfilter));
718e3744 2805
d62a17ae 2806 if (mfilter->cisco)
2807 config_write_access_cisco(vty, mfilter);
2808 else
2809 config_write_access_zebra(vty, mfilter);
718e3744 2810
d62a17ae 2811 write++;
2812 }
718e3744 2813 }
d62a17ae 2814 return write;
718e3744 2815}
2816
612c2c15 2817static int config_write_access_mac(struct vty *vty);
d37ba549 2818static struct cmd_node access_mac_node = {
f4b8291f 2819 .name = "MAC access list",
62b346ee
DL		 2820 .node = ACCESS_MAC_NODE,
2821 .prompt = "",
612c2c15 2822 .config_write = config_write_access_mac,
62b346ee 2823};
d37ba549
MK		 2824
2825static int config_write_access_mac(struct vty *vty)
2826{
2827 return config_write_access(vty, AFI_L2VPN);
2828}
2829
2830static void access_list_reset_mac(void)
2831{
2832 struct access_list *access;
2833 struct access_list *next;
2834 struct access_master *master;
2835
2836 master = access_master_get(AFI_L2VPN);
2837 if (master == NULL)
2838 return;
2839
2840 for (access = master->num.head; access; access = next) {
2841 next = access->next;
2842 access_list_delete(access);
2843 }
2844 for (access = master->str.head; access; access = next) {
2845 next = access->next;
2846 access_list_delete(access);
2847 }
2848
2849 assert(master->num.head == NULL);
2850 assert(master->num.tail == NULL);
2851
2852 assert(master->str.head == NULL);
2853 assert(master->str.tail == NULL);
2854}
2855
2856/* Install vty related command. */
2857static void access_list_init_mac(void)
2858{
612c2c15 2859 install_node(&access_mac_node);
d37ba549
MK		 2860
2861 install_element(ENABLE_NODE, &show_mac_access_list_cmd);
2862 install_element(ENABLE_NODE, &show_mac_access_list_name_cmd);
2863
2864 /* Zebra access-list */
2865 install_element(CONFIG_NODE, &mac_access_list_cmd);
2866 install_element(CONFIG_NODE, &no_mac_access_list_cmd);
2867 install_element(CONFIG_NODE, &mac_access_list_any_cmd);
2868 install_element(CONFIG_NODE, &no_mac_access_list_any_cmd);
2869}
2870
718e3744 2871/* Access-list node. */
612c2c15 2872static int config_write_access_ipv4(struct vty *vty);
62b346ee 2873static struct cmd_node access_node = {
f4b8291f 2874 .name = "ipv4 access list",
62b346ee
DL		 2875 .node = ACCESS_NODE,
2876 .prompt = "",
612c2c15 2877 .config_write = config_write_access_ipv4,
62b346ee 2878};
718e3744 2879
d62a17ae 2880static int config_write_access_ipv4(struct vty *vty)
718e3744 2881{
d62a17ae 2882 return config_write_access(vty, AFI_IP);
718e3744 2883}
2884
d62a17ae 2885static void access_list_reset_ipv4(void)
718e3744 2886{
d62a17ae 2887 struct access_list *access;
2888 struct access_list *next;
2889 struct access_master *master;
718e3744 2890
d62a17ae 2891 master = access_master_get(AFI_IP);
2892 if (master == NULL)
2893 return;
718e3744 2894
d62a17ae 2895 for (access = master->num.head; access; access = next) {
2896 next = access->next;
2897 access_list_delete(access);
2898 }
2899 for (access = master->str.head; access; access = next) {
2900 next = access->next;
2901 access_list_delete(access);
2902 }
718e3744 2903
d62a17ae 2904 assert(master->num.head == NULL);
2905 assert(master->num.tail == NULL);
718e3744 2906
d62a17ae 2907 assert(master->str.head == NULL);
2908 assert(master->str.tail == NULL);
718e3744 2909}
2910
2911/* Install vty related command. */
d62a17ae 2912static void access_list_init_ipv4(void)
2913{
612c2c15 2914 install_node(&access_node);
d62a17ae 2915
2916 install_element(ENABLE_NODE, &show_ip_access_list_cmd);
2917 install_element(ENABLE_NODE, &show_ip_access_list_name_cmd);
2918
2919 /* Zebra access-list */
2920 install_element(CONFIG_NODE, &access_list_exact_cmd);
2921 install_element(CONFIG_NODE, &access_list_any_cmd);
2922 install_element(CONFIG_NODE, &no_access_list_exact_cmd);
2923 install_element(CONFIG_NODE, &no_access_list_any_cmd);
2924
2925 /* Standard access-list */
2926 install_element(CONFIG_NODE, &access_list_standard_cmd);
2927 install_element(CONFIG_NODE, &access_list_standard_nomask_cmd);
2928 install_element(CONFIG_NODE, &access_list_standard_host_cmd);
2929 install_element(CONFIG_NODE, &access_list_standard_any_cmd);
2930 install_element(CONFIG_NODE, &no_access_list_standard_cmd);
2931 install_element(CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2932 install_element(CONFIG_NODE, &no_access_list_standard_host_cmd);
2933 install_element(CONFIG_NODE, &no_access_list_standard_any_cmd);
2934
2935 /* Extended access-list */
2936 install_element(CONFIG_NODE, &access_list_extended_cmd);
2937 install_element(CONFIG_NODE, &access_list_extended_any_mask_cmd);
2938 install_element(CONFIG_NODE, &access_list_extended_mask_any_cmd);
2939 install_element(CONFIG_NODE, &access_list_extended_any_any_cmd);
2940 install_element(CONFIG_NODE, &access_list_extended_host_mask_cmd);
2941 install_element(CONFIG_NODE, &access_list_extended_mask_host_cmd);
2942 install_element(CONFIG_NODE, &access_list_extended_host_host_cmd);
2943 install_element(CONFIG_NODE, &access_list_extended_any_host_cmd);
2944 install_element(CONFIG_NODE, &access_list_extended_host_any_cmd);
2945 install_element(CONFIG_NODE, &no_access_list_extended_cmd);
2946 install_element(CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2947 install_element(CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2948 install_element(CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2949 install_element(CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2950 install_element(CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2951 install_element(CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2952 install_element(CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2953 install_element(CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2954
2955 install_element(CONFIG_NODE, &access_list_remark_cmd);
2956 install_element(CONFIG_NODE, &no_access_list_all_cmd);
2957 install_element(CONFIG_NODE, &no_access_list_remark_cmd);
2958 install_element(CONFIG_NODE, &no_access_list_remark_comment_cmd);
2959}
2960
612c2c15 2961static int config_write_access_ipv6(struct vty *vty);
62b346ee 2962static struct cmd_node access_ipv6_node = {
f4b8291f 2963 .name = "ipv6 access list",
62b346ee
DL		 2964 .node = ACCESS_IPV6_NODE,
2965 .prompt = "",
612c2c15 2966 .config_write = config_write_access_ipv6,
62b346ee 2967};
d62a17ae 2968
2969static int config_write_access_ipv6(struct vty *vty)
2970{
2971 return config_write_access(vty, AFI_IP6);
2972}
2973
2974static void access_list_reset_ipv6(void)
2975{
2976 struct access_list *access;
2977 struct access_list *next;
2978 struct access_master *master;
2979
2980 master = access_master_get(AFI_IP6);
2981 if (master == NULL)
2982 return;
2983
2984 for (access = master->num.head; access; access = next) {
2985 next = access->next;
2986 access_list_delete(access);
2987 }
2988 for (access = master->str.head; access; access = next) {
2989 next = access->next;
2990 access_list_delete(access);
2991 }
718e3744 2992
d62a17ae 2993 assert(master->num.head == NULL);
2994 assert(master->num.tail == NULL);
718e3744 2995
d62a17ae 2996 assert(master->str.head == NULL);
2997 assert(master->str.tail == NULL);
718e3744 2998}
2999
d62a17ae 3000static void access_list_init_ipv6(void)
718e3744 3001{
612c2c15 3002 install_node(&access_ipv6_node);
718e3744 3003
d62a17ae 3004 install_element(ENABLE_NODE, &show_ipv6_access_list_cmd);
3005 install_element(ENABLE_NODE, &show_ipv6_access_list_name_cmd);
718e3744 3006
d62a17ae 3007 install_element(CONFIG_NODE, &ipv6_access_list_exact_cmd);
3008 install_element(CONFIG_NODE, &ipv6_access_list_any_cmd);
3009 install_element(CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
3010 install_element(CONFIG_NODE, &no_ipv6_access_list_any_cmd);
718e3744 3011
d62a17ae 3012 install_element(CONFIG_NODE, &no_ipv6_access_list_all_cmd);
3013 install_element(CONFIG_NODE, &ipv6_access_list_remark_cmd);
3014 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
3015 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
718e3744 3016}
718e3744 3017
4d762f26 3018void access_list_init(void)
718e3744 3019{
d62a17ae 3020 access_list_init_ipv4();
3021 access_list_init_ipv6();
d37ba549 3022 access_list_init_mac();
718e3744 3023}
3024
4d762f26 3025void access_list_reset(void)
718e3744 3026{
d62a17ae 3027 access_list_reset_ipv4();
3028 access_list_reset_ipv6();
d37ba549 3029 access_list_reset_mac();
718e3744 3030}
FRRouting mirror