]> git.proxmox.com Git - mirror_frr.git/blame - lib/filter.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lib: Fix SA issue with stream s read
[mirror_frr.git] / lib / filter.c
CommitLineData
718e3744 1/* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
20 */
21
22#include <zebra.h>
23
24#include "prefix.h"
25#include "filter.h"
26#include "memory.h"
27#include "command.h"
28#include "sockunion.h"
29#include "buffer.h"
fbf5d033 30#include "log.h"
518f0eb1 31#include "routemap.h"
718e3744 32
4a1ab8e4
DL		 33DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
34DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
35DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
718e3744 37struct filter_cisco
38{
39 /* Cisco access-list */
40 int extended;
41 struct in_addr addr;
42 struct in_addr addr_mask;
43 struct in_addr mask;
44 struct in_addr mask_mask;
45};
46
47struct filter_zebra
48{
49 /* If this filter is "exact" match then this flag is set. */
50 int exact;
51
52 /* Prefix information. */
53 struct prefix prefix;
54};
55
56/* Filter element of access list */
57struct filter
58{
59 /* For doubly linked list. */
60 struct filter *next;
61 struct filter *prev;
62
63 /* Filter type information. */
64 enum filter_type type;
65
66 /* Cisco access-list */
67 int cisco;
68
69 union
70 {
71 struct filter_cisco cfilter;
72 struct filter_zebra zfilter;
73 } u;
74};
75
76/* List of access_list. */
77struct access_list_list
78{
79 struct access_list *head;
80 struct access_list *tail;
81};
82
83/* Master structure of access_list. */
84struct access_master
85{
86 /* List of access_list which name is number. */
87 struct access_list_list num;
88
89 /* List of access_list which name is string. */
90 struct access_list_list str;
91
92 /* Hook function which is executed when new access_list is added. */
8cc4198f 93 void (*add_hook) (struct access_list *);
718e3744 94
95 /* Hook function which is executed when access_list is deleted. */
8cc4198f 96 void (*delete_hook) (struct access_list *);
718e3744 97};
98
99/* Static structure for IPv4 access_list's master. */
100static struct access_master access_master_ipv4 =
101{
102 {NULL, NULL},
103 {NULL, NULL},
104 NULL,
105 NULL,
106};
107
718e3744 108/* Static structure for IPv6 access_list's master. */
109static struct access_master access_master_ipv6 =
110{
111 {NULL, NULL},
112 {NULL, NULL},
113 NULL,
114 NULL,
115};
6b0655a2 116
8cc4198f 117static struct access_master *
718e3744 118access_master_get (afi_t afi)
119{
120 if (afi == AFI_IP)
121 return &access_master_ipv4;
718e3744 122 else if (afi == AFI_IP6)
123 return &access_master_ipv6;
718e3744 124 return NULL;
125}
126
127/* Allocate new filter structure. */
8cc4198f 128static struct filter *
129filter_new (void)
718e3744 130{
131 return (struct filter *) XCALLOC (MTYPE_ACCESS_FILTER,
132 sizeof (struct filter));
133}
134
8cc4198f 135static void
718e3744 136filter_free (struct filter *filter)
137{
138 XFREE (MTYPE_ACCESS_FILTER, filter);
139}
140
141/* Return string of filter_type. */
30a2231a 142static const char *
718e3744 143filter_type_str (struct filter *filter)
144{
145 switch (filter->type)
146 {
147 case FILTER_PERMIT:
148 return "permit";
149 break;
150 case FILTER_DENY:
151 return "deny";
152 break;
153 case FILTER_DYNAMIC:
154 return "dynamic";
155 break;
156 default:
157 return "";
158 break;
159 }
160}
161
162/* If filter match to the prefix then return 1. */
163static int
164filter_match_cisco (struct filter *mfilter, struct prefix *p)
165{
166 struct filter_cisco *filter;
167 struct in_addr mask;
168 u_int32_t check_addr;
169 u_int32_t check_mask;
170
171 filter = &mfilter->u.cfilter;
172 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
173
174 if (filter->extended)
175 {
176 masklen2ip (p->prefixlen, &mask);
177 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
178
179 if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0
180 && memcmp (&check_mask, &filter->mask.s_addr, 4) == 0)
181 return 1;
182 }
183 else if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0)
184 return 1;
185
186 return 0;
187}
188
189/* If filter match to the prefix then return 1. */
190static int
191filter_match_zebra (struct filter *mfilter, struct prefix *p)
192{
193 struct filter_zebra *filter;
194
195 filter = &mfilter->u.zfilter;
196
197 if (filter->prefix.family == p->family)
198 {
199 if (filter->exact)
200 {
201 if (filter->prefix.prefixlen == p->prefixlen)
202 return prefix_match (&filter->prefix, p);
203 else
204 return 0;
205 }
206 else
207 return prefix_match (&filter->prefix, p);
208 }
209 else
210 return 0;
211}
6b0655a2 212
718e3744 213/* Allocate new access list structure. */
8cc4198f 214static struct access_list *
215access_list_new (void)
718e3744 216{
217 return (struct access_list *) XCALLOC (MTYPE_ACCESS_LIST,
218 sizeof (struct access_list));
219}
220
221/* Free allocated access_list. */
8cc4198f 222static void
718e3744 223access_list_free (struct access_list *access)
224{
225 XFREE (MTYPE_ACCESS_LIST, access);
226}
227
228/* Delete access_list from access_master and free it. */
8cc4198f 229static void
718e3744 230access_list_delete (struct access_list *access)
231{
232 struct filter *filter;
233 struct filter *next;
234 struct access_list_list *list;
235 struct access_master *master;
236
237 for (filter = access->head; filter; filter = next)
238 {
239 next = filter->next;
240 filter_free (filter);
241 }
242
243 master = access->master;
244
245 if (access->type == ACCESS_TYPE_NUMBER)
246 list = &master->num;
247 else
248 list = &master->str;
249
250 if (access->next)
251 access->next->prev = access->prev;
252 else
253 list->tail = access->prev;
254
255 if (access->prev)
256 access->prev->next = access->next;
257 else
258 list->head = access->next;
259
260 if (access->name)
261 XFREE (MTYPE_ACCESS_LIST_STR, access->name);
262
263 if (access->remark)
264 XFREE (MTYPE_TMP, access->remark);
265
266 access_list_free (access);
267}
268
269/* Insert new access list to list of access_list. Each acceess_list
270 is sorted by the name. */
8cc4198f 271static struct access_list *
8c328f11 272access_list_insert (afi_t afi, const char *name)
718e3744 273{
8c328f11 274 unsigned int i;
718e3744 275 long number;
276 struct access_list *access;
277 struct access_list *point;
278 struct access_list_list *alist;
279 struct access_master *master;
280
281 master = access_master_get (afi);
282 if (master == NULL)
283 return NULL;
284
285 /* Allocate new access_list and copy given name. */
286 access = access_list_new ();
287 access->name = XSTRDUP (MTYPE_ACCESS_LIST_STR, name);
288 access->master = master;
289
290 /* If name is made by all digit character. We treat it as
291 number. */
292 for (number = 0, i = 0; i < strlen (name); i++)
293 {
294 if (isdigit ((int) name[i]))
295 number = (number * 10) + (name[i] - '0');
296 else
297 break;
298 }
299
300 /* In case of name is all digit character */
301 if (i == strlen (name))
302 {
303 access->type = ACCESS_TYPE_NUMBER;
304
305 /* Set access_list to number list. */
306 alist = &master->num;
307
308 for (point = alist->head; point; point = point->next)
309 if (atol (point->name) >= number)
310 break;
311 }
312 else
313 {
314 access->type = ACCESS_TYPE_STRING;
315
316 /* Set access_list to string list. */
317 alist = &master->str;
318
319 /* Set point to insertion point. */
320 for (point = alist->head; point; point = point->next)
321 if (strcmp (point->name, name) >= 0)
322 break;
323 }
324
325 /* In case of this is the first element of master. */
326 if (alist->head == NULL)
327 {
328 alist->head = alist->tail = access;
329 return access;
330 }
331
332 /* In case of insertion is made at the tail of access_list. */
333 if (point == NULL)
334 {
335 access->prev = alist->tail;
336 alist->tail->next = access;
337 alist->tail = access;
338 return access;
339 }
340
341 /* In case of insertion is made at the head of access_list. */
342 if (point == alist->head)
343 {
344 access->next = alist->head;
345 alist->head->prev = access;
346 alist->head = access;
347 return access;
348 }
349
350 /* Insertion is made at middle of the access_list. */
351 access->next = point;
352 access->prev = point->prev;
353
354 if (point->prev)
355 point->prev->next = access;
356 point->prev = access;
357
358 return access;
359}
360
361/* Lookup access_list from list of access_list by name. */
362struct access_list *
8c328f11 363access_list_lookup (afi_t afi, const char *name)
718e3744 364{
365 struct access_list *access;
366 struct access_master *master;
367
368 if (name == NULL)
369 return NULL;
370
371 master = access_master_get (afi);
372 if (master == NULL)
373 return NULL;
374
375 for (access = master->num.head; access; access = access->next)
376 if (strcmp (access->name, name) == 0)
377 return access;
378
379 for (access = master->str.head; access; access = access->next)
380 if (strcmp (access->name, name) == 0)
381 return access;
382
383 return NULL;
384}
385
386/* Get access list from list of access_list. If there isn't matched
387 access_list create new one and return it. */
8cc4198f 388static struct access_list *
8c328f11 389access_list_get (afi_t afi, const char *name)
718e3744 390{
391 struct access_list *access;
392
393 access = access_list_lookup (afi, name);
394 if (access == NULL)
395 access = access_list_insert (afi, name);
396 return access;
397}
398
399/* Apply access list to object (which should be struct prefix *). */
400enum filter_type
401access_list_apply (struct access_list *access, void *object)
402{
403 struct filter *filter;
404 struct prefix *p;
405
406 p = (struct prefix *) object;
407
408 if (access == NULL)
409 return FILTER_DENY;
410
411 for (filter = access->head; filter; filter = filter->next)
412 {
413 if (filter->cisco)
414 {
415 if (filter_match_cisco (filter, p))
416 return filter->type;
417 }
418 else
419 {
420 if (filter_match_zebra (filter, p))
421 return filter->type;
422 }
423 }
424
425 return FILTER_DENY;
426}
427
428/* Add hook function. */
429void
430access_list_add_hook (void (*func) (struct access_list *access))
431{
432 access_master_ipv4.add_hook = func;
718e3744 433 access_master_ipv6.add_hook = func;
718e3744 434}
435
436/* Delete hook function. */
437void
438access_list_delete_hook (void (*func) (struct access_list *access))
439{
440 access_master_ipv4.delete_hook = func;
718e3744 441 access_master_ipv6.delete_hook = func;
718e3744 442}
443
444/* Add new filter to the end of specified access_list. */
8cc4198f 445static void
718e3744 446access_list_filter_add (struct access_list *access, struct filter *filter)
447{
448 filter->next = NULL;
449 filter->prev = access->tail;
450
451 if (access->tail)
452 access->tail->next = filter;
453 else
454 access->head = filter;
455 access->tail = filter;
456
457 /* Run hook function. */
458 if (access->master->add_hook)
459 (*access->master->add_hook) (access);
518f0eb1 460 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
718e3744 461}
462
463/* If access_list has no filter then return 1. */
464static int
465access_list_empty (struct access_list *access)
466{
467 if (access->head == NULL && access->tail == NULL)
468 return 1;
469 else
470 return 0;
471}
472
473/* Delete filter from specified access_list. If there is hook
474 function execute it. */
8cc4198f 475static void
718e3744 476access_list_filter_delete (struct access_list *access, struct filter *filter)
477{
478 struct access_master *master;
479
480 master = access->master;
481
482 if (filter->next)
483 filter->next->prev = filter->prev;
484 else
485 access->tail = filter->prev;
486
487 if (filter->prev)
488 filter->prev->next = filter->next;
489 else
490 access->head = filter->next;
491
492 filter_free (filter);
493
518f0eb1 494 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
718e3744 495 /* Run hook function. */
496 if (master->delete_hook)
497 (*master->delete_hook) (access);
683de05f
DV		 498
499 /* If access_list becomes empty delete it from access_master. */
500 if (access_list_empty (access))
501 access_list_delete (access);
718e3744 502}
6b0655a2 503
718e3744 504/*
505 deny Specify packets to reject
506 permit Specify packets to forward
507 dynamic ?
508*/
509
510/*
511 Hostname or A.B.C.D Address to match
512 any Any source host
513 host A single host address
514*/
515
8cc4198f 516static struct filter *
718e3744 517filter_lookup_cisco (struct access_list *access, struct filter *mnew)
518{
519 struct filter *mfilter;
520 struct filter_cisco *filter;
521 struct filter_cisco *new;
522
523 new = &mnew->u.cfilter;
524
525 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
526 {
527 filter = &mfilter->u.cfilter;
528
529 if (filter->extended)
530 {
531 if (mfilter->type == mnew->type
532 && filter->addr.s_addr == new->addr.s_addr
533 && filter->addr_mask.s_addr == new->addr_mask.s_addr
534 && filter->mask.s_addr == new->mask.s_addr
535 && filter->mask_mask.s_addr == new->mask_mask.s_addr)
536 return mfilter;
537 }
538 else
539 {
540 if (mfilter->type == mnew->type
541 && filter->addr.s_addr == new->addr.s_addr
542 && filter->addr_mask.s_addr == new->addr_mask.s_addr)
543 return mfilter;
544 }
545 }
546
547 return NULL;
548}
549
8cc4198f 550static struct filter *
718e3744 551filter_lookup_zebra (struct access_list *access, struct filter *mnew)
552{
553 struct filter *mfilter;
554 struct filter_zebra *filter;
555 struct filter_zebra *new;
556
557 new = &mnew->u.zfilter;
558
559 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
560 {
561 filter = &mfilter->u.zfilter;
562
563 if (filter->exact == new->exact
564 && mfilter->type == mnew->type
565 && prefix_same (&filter->prefix, &new->prefix))
566 return mfilter;
567 }
568 return NULL;
569}
570
8cc4198f 571static int
9035efaa 572vty_access_list_remark_unset (struct vty *vty, afi_t afi, const char *name)
718e3744 573{
574 struct access_list *access;
575
576 access = access_list_lookup (afi, name);
577 if (! access)
578 {
579 vty_out (vty, "%% access-list %s doesn't exist%s", name,
580 VTY_NEWLINE);
581 return CMD_WARNING;
582 }
583
584 if (access->remark)
585 {
586 XFREE (MTYPE_TMP, access->remark);
587 access->remark = NULL;
588 }
589
590 if (access->head == NULL && access->tail == NULL && access->remark == NULL)
591 access_list_delete (access);
592
593 return CMD_SUCCESS;
594}
595
8cc4198f 596static int
9035efaa 597filter_set_cisco (struct vty *vty, const char *name_str, const char *type_str,
8c328f11 598 const char *addr_str, const char *addr_mask_str,
599 const char *mask_str, const char *mask_mask_str,
718e3744 600 int extended, int set)
601{
602 int ret;
603 enum filter_type type;
604 struct filter *mfilter;
605 struct filter_cisco *filter;
606 struct access_list *access;
607 struct in_addr addr;
608 struct in_addr addr_mask;
609 struct in_addr mask;
610 struct in_addr mask_mask;
611
612 /* Check of filter type. */
613 if (strncmp (type_str, "p", 1) == 0)
614 type = FILTER_PERMIT;
615 else if (strncmp (type_str, "d", 1) == 0)
616 type = FILTER_DENY;
617 else
618 {
619 vty_out (vty, "%% filter type must be permit or deny%s", VTY_NEWLINE);
620 return CMD_WARNING;
621 }
622
623 ret = inet_aton (addr_str, &addr);
624 if (ret <= 0)
625 {
626 vty_out (vty, "%%Inconsistent address and mask%s",
627 VTY_NEWLINE);
628 return CMD_WARNING;
629 }
630
631 ret = inet_aton (addr_mask_str, &addr_mask);
632 if (ret <= 0)
633 {
634 vty_out (vty, "%%Inconsistent address and mask%s",
635 VTY_NEWLINE);
636 return CMD_WARNING;
637 }
638
639 if (extended)
640 {
641 ret = inet_aton (mask_str, &mask);
642 if (ret <= 0)
643 {
644 vty_out (vty, "%%Inconsistent address and mask%s",
645 VTY_NEWLINE);
646 return CMD_WARNING;
647 }
648
649 ret = inet_aton (mask_mask_str, &mask_mask);
650 if (ret <= 0)
651 {
652 vty_out (vty, "%%Inconsistent address and mask%s",
653 VTY_NEWLINE);
654 return CMD_WARNING;
655 }
656 }
657
658 mfilter = filter_new();
659 mfilter->type = type;
660 mfilter->cisco = 1;
661 filter = &mfilter->u.cfilter;
662 filter->extended = extended;
663 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
664 filter->addr_mask.s_addr = addr_mask.s_addr;
665
666 if (extended)
667 {
668 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
669 filter->mask_mask.s_addr = mask_mask.s_addr;
670 }
671
672 /* Install new filter to the access_list. */
673 access = access_list_get (AFI_IP, name_str);
674
675 if (set)
676 {
677 if (filter_lookup_cisco (access, mfilter))
678 filter_free (mfilter);
679 else
680 access_list_filter_add (access, mfilter);
681 }
682 else
683 {
684 struct filter *delete_filter;
685
686 delete_filter = filter_lookup_cisco (access, mfilter);
687 if (delete_filter)
688 access_list_filter_delete (access, delete_filter);
689
690 filter_free (mfilter);
691 }
692
693 return CMD_SUCCESS;
694}
695
696/* Standard access-list */
697DEFUN (access_list_standard,
698 access_list_standard_cmd,
6147e2c6 699 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
718e3744 700 "Add an access list entry\n"
701 "IP standard access list\n"
702 "IP standard access list (expanded range)\n"
703 "Specify packets to reject\n"
704 "Specify packets to forward\n"
705 "Address to match\n"
706 "Wildcard bits\n")
707{
c349116d
DW		 708 int idx_acl = 1;
709 int idx_permit_deny = 2;
710 int idx_ipv4 = 3;
711 int idx_ipv4_2 = 4;
712 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg,
718e3744 713 NULL, NULL, 0, 1);
714}
715
716DEFUN (access_list_standard_nomask,
717 access_list_standard_nomask_cmd,
6147e2c6 718 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
718e3744 719 "Add an access list entry\n"
720 "IP standard access list\n"
721 "IP standard access list (expanded range)\n"
722 "Specify packets to reject\n"
723 "Specify packets to forward\n"
724 "Address to match\n")
725{
c349116d
DW		 726 int idx_acl = 1;
727 int idx_permit_deny = 2;
728 int idx_ipv4 = 3;
729 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
718e3744 730 NULL, NULL, 0, 1);
731}
732
733DEFUN (access_list_standard_host,
734 access_list_standard_host_cmd,
6147e2c6 735 "access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
718e3744 736 "Add an access list entry\n"
737 "IP standard access list\n"
738 "IP standard access list (expanded range)\n"
739 "Specify packets to reject\n"
740 "Specify packets to forward\n"
741 "A single host address\n"
742 "Address to match\n")
743{
c349116d
DW		 744 int idx_acl = 1;
745 int idx_permit_deny = 2;
746 int idx_ipv4 = 4;
747 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
718e3744 748 NULL, NULL, 0, 1);
749}
750
751DEFUN (access_list_standard_any,
752 access_list_standard_any_cmd,
6147e2c6 753 "access-list <(1-99)|(1300-1999)> <deny|permit> any",
718e3744 754 "Add an access list entry\n"
755 "IP standard access list\n"
756 "IP standard access list (expanded range)\n"
757 "Specify packets to reject\n"
758 "Specify packets to forward\n"
759 "Any source host\n")
760{
c349116d
DW		 761 int idx_acl = 1;
762 int idx_permit_deny = 2;
763 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
718e3744 764 "255.255.255.255", NULL, NULL, 0, 1);
765}
766
767DEFUN (no_access_list_standard,
768 no_access_list_standard_cmd,
6147e2c6 769 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
718e3744 770 NO_STR
771 "Add an access list entry\n"
772 "IP standard access list\n"
773 "IP standard access list (expanded range)\n"
774 "Specify packets to reject\n"
775 "Specify packets to forward\n"
776 "Address to match\n"
777 "Wildcard bits\n")
778{
c349116d
DW		 779 int idx_acl = 2;
780 int idx_permit_deny = 3;
781 int idx_ipv4 = 4;
782 int idx_ipv4_2 = 5;
783 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg,
718e3744 784 NULL, NULL, 0, 0);
785}
786
787DEFUN (no_access_list_standard_nomask,
788 no_access_list_standard_nomask_cmd,
6147e2c6 789 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
718e3744 790 NO_STR
791 "Add an access list entry\n"
792 "IP standard access list\n"
793 "IP standard access list (expanded range)\n"
794 "Specify packets to reject\n"
795 "Specify packets to forward\n"
796 "Address to match\n")
797{
c349116d
DW		 798 int idx_acl = 2;
799 int idx_permit_deny = 3;
800 int idx_ipv4 = 4;
801 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
718e3744 802 NULL, NULL, 0, 0);
803}
804
805DEFUN (no_access_list_standard_host,
806 no_access_list_standard_host_cmd,
6147e2c6 807 "no access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
718e3744 808 NO_STR
809 "Add an access list entry\n"
810 "IP standard access list\n"
811 "IP standard access list (expanded range)\n"
812 "Specify packets to reject\n"
813 "Specify packets to forward\n"
814 "A single host address\n"
815 "Address to match\n")
816{
c349116d
DW		 817 int idx_acl = 2;
818 int idx_permit_deny = 3;
819 int idx_ipv4 = 5;
820 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
718e3744 821 NULL, NULL, 0, 0);
822}
823
824DEFUN (no_access_list_standard_any,
825 no_access_list_standard_any_cmd,
6147e2c6 826 "no access-list <(1-99)|(1300-1999)> <deny|permit> any",
718e3744 827 NO_STR
828 "Add an access list entry\n"
829 "IP standard access list\n"
830 "IP standard access list (expanded range)\n"
831 "Specify packets to reject\n"
832 "Specify packets to forward\n"
833 "Any source host\n")
834{
c349116d
DW		 835 int idx_acl = 2;
836 int idx_permit_deny = 3;
837 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
718e3744 838 "255.255.255.255", NULL, NULL, 0, 0);
839}
840
841/* Extended access-list */
842DEFUN (access_list_extended,
843 access_list_extended_cmd,
6147e2c6 844 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 845 "Add an access list entry\n"
846 "IP extended access list\n"
847 "IP extended access list (expanded range)\n"
848 "Specify packets to reject\n"
849 "Specify packets to forward\n"
850 "Any Internet Protocol\n"
851 "Source address\n"
852 "Source wildcard bits\n"
853 "Destination address\n"
854 "Destination Wildcard bits\n")
855{
c349116d
DW		 856 int idx_acl = 1;
857 int idx_permit_deny = 2;
858 int idx_ipv4 = 4;
859 int idx_ipv4_2 = 5;
860 int idx_ipv4_3 = 6;
861 int idx_ipv4_4 = 7;
862 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
863 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1 ,1);
718e3744 864}
865
866DEFUN (access_list_extended_mask_any,
867 access_list_extended_mask_any_cmd,
6147e2c6 868 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 869 "Add an access list entry\n"
870 "IP extended access list\n"
871 "IP extended access list (expanded range)\n"
872 "Specify packets to reject\n"
873 "Specify packets to forward\n"
874 "Any Internet Protocol\n"
875 "Source address\n"
876 "Source wildcard bits\n"
877 "Any destination host\n")
878{
c349116d
DW		 879 int idx_acl = 1;
880 int idx_permit_deny = 2;
881 int idx_ipv4 = 4;
882 int idx_ipv4_2 = 5;
883 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
884 argv[idx_ipv4_2]->arg, "0.0.0.0",
718e3744 885 "255.255.255.255", 1, 1);
886}
887
888DEFUN (access_list_extended_any_mask,
889 access_list_extended_any_mask_cmd,
6147e2c6 890 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 891 "Add an access list entry\n"
892 "IP extended access list\n"
893 "IP extended access list (expanded range)\n"
894 "Specify packets to reject\n"
895 "Specify packets to forward\n"
896 "Any Internet Protocol\n"
897 "Any source host\n"
898 "Destination address\n"
899 "Destination Wildcard bits\n")
900{
c349116d
DW		 901 int idx_acl = 1;
902 int idx_permit_deny = 2;
903 int idx_ipv4 = 5;
904 int idx_ipv4_2 = 6;
905 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
906 "255.255.255.255", argv[idx_ipv4]->arg,
907 argv[idx_ipv4_2]->arg, 1, 1);
718e3744 908}
909
910DEFUN (access_list_extended_any_any,
911 access_list_extended_any_any_cmd,
6147e2c6 912 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
718e3744 913 "Add an access list entry\n"
914 "IP extended access list\n"
915 "IP extended access list (expanded range)\n"
916 "Specify packets to reject\n"
917 "Specify packets to forward\n"
918 "Any Internet Protocol\n"
919 "Any source host\n"
920 "Any destination host\n")
921{
c349116d
DW		 922 int idx_acl = 1;
923 int idx_permit_deny = 2;
924 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
718e3744 925 "255.255.255.255", "0.0.0.0",
926 "255.255.255.255", 1, 1);
927}
928
929DEFUN (access_list_extended_mask_host,
930 access_list_extended_mask_host_cmd,
6147e2c6 931 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 932 "Add an access list entry\n"
933 "IP extended access list\n"
934 "IP extended access list (expanded range)\n"
935 "Specify packets to reject\n"
936 "Specify packets to forward\n"
937 "Any Internet Protocol\n"
938 "Source address\n"
939 "Source wildcard bits\n"
940 "A single destination host\n"
941 "Destination address\n")
942{
c349116d
DW		 943 int idx_acl = 1;
944 int idx_permit_deny = 2;
945 int idx_ipv4 = 4;
946 int idx_ipv4_2 = 5;
947 int idx_ipv4_3 = 7;
948 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
949 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg,
718e3744 950 "0.0.0.0", 1, 1);
951}
952
953DEFUN (access_list_extended_host_mask,
954 access_list_extended_host_mask_cmd,
6147e2c6 955 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 956 "Add an access list entry\n"
957 "IP extended access list\n"
958 "IP extended access list (expanded range)\n"
959 "Specify packets to reject\n"
960 "Specify packets to forward\n"
961 "Any Internet Protocol\n"
962 "A single source host\n"
963 "Source address\n"
964 "Destination address\n"
965 "Destination Wildcard bits\n")
966{
c349116d
DW		 967 int idx_acl = 1;
968 int idx_permit_deny = 2;
969 int idx_ipv4 = 5;
970 int idx_ipv4_2 = 6;
971 int idx_ipv4_3 = 7;
972 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
973 "0.0.0.0", argv[idx_ipv4_2]->arg,
974 argv[idx_ipv4_3]->arg, 1, 1);
718e3744 975}
976
977DEFUN (access_list_extended_host_host,
978 access_list_extended_host_host_cmd,
6147e2c6 979 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 980 "Add an access list entry\n"
981 "IP extended access list\n"
982 "IP extended access list (expanded range)\n"
983 "Specify packets to reject\n"
984 "Specify packets to forward\n"
985 "Any Internet Protocol\n"
986 "A single source host\n"
987 "Source address\n"
988 "A single destination host\n"
989 "Destination address\n")
990{
c349116d
DW		 991 int idx_acl = 1;
992 int idx_permit_deny = 2;
993 int idx_ipv4 = 5;
994 int idx_ipv4_2 = 7;
995 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
996 "0.0.0.0", argv[idx_ipv4_2]->arg,
718e3744 997 "0.0.0.0", 1, 1);
998}
999
1000DEFUN (access_list_extended_any_host,
1001 access_list_extended_any_host_cmd,
6147e2c6 1002 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
718e3744 1003 "Add an access list entry\n"
1004 "IP extended access list\n"
1005 "IP extended access list (expanded range)\n"
1006 "Specify packets to reject\n"
1007 "Specify packets to forward\n"
1008 "Any Internet Protocol\n"
1009 "Any source host\n"
1010 "A single destination host\n"
1011 "Destination address\n")
1012{
c349116d
DW		 1013 int idx_acl = 1;
1014 int idx_permit_deny = 2;
1015 int idx_ipv4 = 6;
1016 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1017 "255.255.255.255", argv[idx_ipv4]->arg,
718e3744 1018 "0.0.0.0", 1, 1);
1019}
1020
1021DEFUN (access_list_extended_host_any,
1022 access_list_extended_host_any_cmd,
6147e2c6 1023 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
718e3744 1024 "Add an access list entry\n"
1025 "IP extended access list\n"
1026 "IP extended access list (expanded range)\n"
1027 "Specify packets to reject\n"
1028 "Specify packets to forward\n"
1029 "Any Internet Protocol\n"
1030 "A single source host\n"
1031 "Source address\n"
1032 "Any destination host\n")
1033{
c349116d
DW		 1034 int idx_acl = 1;
1035 int idx_permit_deny = 2;
1036 int idx_ipv4 = 5;
1037 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
718e3744 1038 "0.0.0.0", "0.0.0.0",
1039 "255.255.255.255", 1, 1);
1040}
1041
1042DEFUN (no_access_list_extended,
1043 no_access_list_extended_cmd,
6147e2c6 1044 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
718e3744 1045 NO_STR
1046 "Add an access list entry\n"
1047 "IP extended access list\n"
1048 "IP extended access list (expanded range)\n"
1049 "Specify packets to reject\n"
1050 "Specify packets to forward\n"
1051 "Any Internet Protocol\n"
1052 "Source address\n"
1053 "Source wildcard bits\n"
1054 "Destination address\n"
1055 "Destination Wildcard bits\n")
1056{
c349116d
DW		 1057 int idx_acl = 2;
1058 int idx_permit_deny = 3;
1059 int idx_ipv4 = 5;
1060 int idx_ipv4_2 = 6;
1061 int idx_ipv4_3 = 7;
1062 int idx_ipv4_4 = 8;
1063 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1064 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1, 0);
718e3744 1065}
1066
1067DEFUN (no_access_list_extended_mask_any,
1068 no_access_list_extended_mask_any_cmd,
6147e2c6 1069 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
718e3744 1070 NO_STR
1071 "Add an access list entry\n"
1072 "IP extended access list\n"
1073 "IP extended access list (expanded range)\n"
1074 "Specify packets to reject\n"
1075 "Specify packets to forward\n"
1076 "Any Internet Protocol\n"
1077 "Source address\n"
1078 "Source wildcard bits\n"
1079 "Any destination host\n")
1080{
c349116d
DW		 1081 int idx_acl = 2;
1082 int idx_permit_deny = 3;
1083 int idx_ipv4 = 5;
1084 int idx_ipv4_2 = 6;
1085 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1086 argv[idx_ipv4_2]->arg, "0.0.0.0",
718e3744 1087 "255.255.255.255", 1, 0);
1088}
1089
1090DEFUN (no_access_list_extended_any_mask,
1091 no_access_list_extended_any_mask_cmd,
6147e2c6 1092 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
718e3744 1093 NO_STR
1094 "Add an access list entry\n"
1095 "IP extended access list\n"
1096 "IP extended access list (expanded range)\n"
1097 "Specify packets to reject\n"
1098 "Specify packets to forward\n"
1099 "Any Internet Protocol\n"
1100 "Any source host\n"
1101 "Destination address\n"
1102 "Destination Wildcard bits\n")
1103{
c349116d
DW		 1104 int idx_acl = 2;
1105 int idx_permit_deny = 3;
1106 int idx_ipv4 = 6;
1107 int idx_ipv4_2 = 7;
1108 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1109 "255.255.255.255", argv[idx_ipv4]->arg,
1110 argv[idx_ipv4_2]->arg, 1, 0);
718e3744 1111}
1112
1113DEFUN (no_access_list_extended_any_any,
1114 no_access_list_extended_any_any_cmd,
6147e2c6 1115 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
718e3744 1116 NO_STR
1117 "Add an access list entry\n"
1118 "IP extended access list\n"
1119 "IP extended access list (expanded range)\n"
1120 "Specify packets to reject\n"
1121 "Specify packets to forward\n"
1122 "Any Internet Protocol\n"
1123 "Any source host\n"
1124 "Any destination host\n")
1125{
c349116d
DW		 1126 int idx_acl = 2;
1127 int idx_permit_deny = 3;
1128 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
718e3744 1129 "255.255.255.255", "0.0.0.0",
1130 "255.255.255.255", 1, 0);
1131}
1132
1133DEFUN (no_access_list_extended_mask_host,
1134 no_access_list_extended_mask_host_cmd,
6147e2c6 1135 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
718e3744 1136 NO_STR
1137 "Add an access list entry\n"
1138 "IP extended access list\n"
1139 "IP extended access list (expanded range)\n"
1140 "Specify packets to reject\n"
1141 "Specify packets to forward\n"
1142 "Any Internet Protocol\n"
1143 "Source address\n"
1144 "Source wildcard bits\n"
1145 "A single destination host\n"
1146 "Destination address\n")
1147{
c349116d
DW		 1148 int idx_acl = 2;
1149 int idx_permit_deny = 3;
1150 int idx_ipv4 = 5;
1151 int idx_ipv4_2 = 6;
1152 int idx_ipv4_3 = 8;
1153 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1154 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg,
718e3744 1155 "0.0.0.0", 1, 0);
1156}
1157
1158DEFUN (no_access_list_extended_host_mask,
1159 no_access_list_extended_host_mask_cmd,
6147e2c6 1160 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
718e3744 1161 NO_STR
1162 "Add an access list entry\n"
1163 "IP extended access list\n"
1164 "IP extended access list (expanded range)\n"
1165 "Specify packets to reject\n"
1166 "Specify packets to forward\n"
1167 "Any Internet Protocol\n"
1168 "A single source host\n"
1169 "Source address\n"
1170 "Destination address\n"
1171 "Destination Wildcard bits\n")
1172{
c349116d
DW		 1173 int idx_acl = 2;
1174 int idx_permit_deny = 3;
1175 int idx_ipv4 = 6;
1176 int idx_ipv4_2 = 7;
1177 int idx_ipv4_3 = 8;
1178 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1179 "0.0.0.0", argv[idx_ipv4_2]->arg,
1180 argv[idx_ipv4_3]->arg, 1, 0);
718e3744 1181}
1182
1183DEFUN (no_access_list_extended_host_host,
1184 no_access_list_extended_host_host_cmd,
6147e2c6 1185 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
718e3744 1186 NO_STR
1187 "Add an access list entry\n"
1188 "IP extended access list\n"
1189 "IP extended access list (expanded range)\n"
1190 "Specify packets to reject\n"
1191 "Specify packets to forward\n"
1192 "Any Internet Protocol\n"
1193 "A single source host\n"
1194 "Source address\n"
1195 "A single destination host\n"
1196 "Destination address\n")
1197{
c349116d
DW		 1198 int idx_acl = 2;
1199 int idx_permit_deny = 3;
1200 int idx_ipv4 = 6;
1201 int idx_ipv4_2 = 8;
1202 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1203 "0.0.0.0", argv[idx_ipv4_2]->arg,
718e3744 1204 "0.0.0.0", 1, 0);
1205}
1206
1207DEFUN (no_access_list_extended_any_host,
1208 no_access_list_extended_any_host_cmd,
6147e2c6 1209 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
718e3744 1210 NO_STR
1211 "Add an access list entry\n"
1212 "IP extended access list\n"
1213 "IP extended access list (expanded range)\n"
1214 "Specify packets to reject\n"
1215 "Specify packets to forward\n"
1216 "Any Internet Protocol\n"
1217 "Any source host\n"
1218 "A single destination host\n"
1219 "Destination address\n")
1220{
c349116d
DW		 1221 int idx_acl = 2;
1222 int idx_permit_deny = 3;
1223 int idx_ipv4 = 7;
1224 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1225 "255.255.255.255", argv[idx_ipv4]->arg,
718e3744 1226 "0.0.0.0", 1, 0);
1227}
1228
1229DEFUN (no_access_list_extended_host_any,
1230 no_access_list_extended_host_any_cmd,
6147e2c6 1231 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
718e3744 1232 NO_STR
1233 "Add an access list entry\n"
1234 "IP extended access list\n"
1235 "IP extended access list (expanded range)\n"
1236 "Specify packets to reject\n"
1237 "Specify packets to forward\n"
1238 "Any Internet Protocol\n"
1239 "A single source host\n"
1240 "Source address\n"
1241 "Any destination host\n")
1242{
c349116d
DW		 1243 int idx_acl = 2;
1244 int idx_permit_deny = 3;
1245 int idx_ipv4 = 6;
1246 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
718e3744 1247 "0.0.0.0", "0.0.0.0",
1248 "255.255.255.255", 1, 0);
1249}
1250
8cc4198f 1251static int
8c328f11 1252filter_set_zebra (struct vty *vty, const char *name_str, const char *type_str,
1253 afi_t afi, const char *prefix_str, int exact, int set)
718e3744 1254{
1255 int ret;
1256 enum filter_type type;
1257 struct filter *mfilter;
1258 struct filter_zebra *filter;
1259 struct access_list *access;
1260 struct prefix p;
1261
1262 /* Check of filter type. */
1263 if (strncmp (type_str, "p", 1) == 0)
1264 type = FILTER_PERMIT;
1265 else if (strncmp (type_str, "d", 1) == 0)
1266 type = FILTER_DENY;
1267 else
1268 {
1269 vty_out (vty, "filter type must be [permit|deny]%s", VTY_NEWLINE);
1270 return CMD_WARNING;
1271 }
1272
1273 /* Check string format of prefix and prefixlen. */
1274 if (afi == AFI_IP)
1275 {
1276 ret = str2prefix_ipv4 (prefix_str, (struct prefix_ipv4 *)&p);
1277 if (ret <= 0)
1278 {
1279 vty_out (vty, "IP address prefix/prefixlen is malformed%s",
1280 VTY_NEWLINE);
1281 return CMD_WARNING;
1282 }
1283 }
718e3744 1284 else if (afi == AFI_IP6)
1285 {
1286 ret = str2prefix_ipv6 (prefix_str, (struct prefix_ipv6 *) &p);
1287 if (ret <= 0)
1288 {
1289 vty_out (vty, "IPv6 address prefix/prefixlen is malformed%s",
1290 VTY_NEWLINE);
1291 return CMD_WARNING;
1292 }
1293 }
718e3744 1294 else
1295 return CMD_WARNING;
1296
1297 mfilter = filter_new ();
1298 mfilter->type = type;
1299 filter = &mfilter->u.zfilter;
1300 prefix_copy (&filter->prefix, &p);
1301
1302 /* "exact-match" */
1303 if (exact)
1304 filter->exact = 1;
1305
1306 /* Install new filter to the access_list. */
1307 access = access_list_get (afi, name_str);
1308
1309 if (set)
1310 {
1311 if (filter_lookup_zebra (access, mfilter))
1312 filter_free (mfilter);
1313 else
1314 access_list_filter_add (access, mfilter);
1315 }
1316 else
1317 {
1318 struct filter *delete_filter;
1319
1320 delete_filter = filter_lookup_zebra (access, mfilter);
1321 if (delete_filter)
1322 access_list_filter_delete (access, delete_filter);
1323
1324 filter_free (mfilter);
1325 }
1326
1327 return CMD_SUCCESS;
1328}
1329
1330/* Zebra access-list */
1331DEFUN (access_list,
1332 access_list_cmd,
6147e2c6 1333 "access-list WORD <deny|permit> A.B.C.D/M",
718e3744 1334 "Add an access list entry\n"
1335 "IP zebra access-list name\n"
1336 "Specify packets to reject\n"
1337 "Specify packets to forward\n"
1338 "Prefix to match. e.g. 10.0.0.0/8\n")
1339{
c349116d
DW		 1340 int idx_word = 1;
1341 int idx_permit_deny = 2;
1342 int idx_ipv4_prefixlen = 3;
1343 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 1);
718e3744 1344}
1345
1346DEFUN (access_list_exact,
1347 access_list_exact_cmd,
6147e2c6 1348 "access-list WORD <deny|permit> A.B.C.D/M exact-match",
718e3744 1349 "Add an access list entry\n"
1350 "IP zebra access-list name\n"
1351 "Specify packets to reject\n"
1352 "Specify packets to forward\n"
1353 "Prefix to match. e.g. 10.0.0.0/8\n"
1354 "Exact match of the prefixes\n")
1355{
c349116d
DW		 1356 int idx_word = 1;
1357 int idx_permit_deny = 2;
1358 int idx_ipv4_prefixlen = 3;
1359 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 1);
718e3744 1360}
1361
1362DEFUN (access_list_any,
1363 access_list_any_cmd,
6147e2c6 1364 "access-list WORD <deny|permit> any",
718e3744 1365 "Add an access list entry\n"
1366 "IP zebra access-list name\n"
1367 "Specify packets to reject\n"
1368 "Specify packets to forward\n"
1369 "Prefix to match. e.g. 10.0.0.0/8\n")
1370{
c349116d
DW		 1371 int idx_word = 1;
1372 int idx_permit_deny = 2;
1373 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 1);
718e3744 1374}
1375
1376DEFUN (no_access_list,
1377 no_access_list_cmd,
6147e2c6 1378 "no access-list WORD <deny|permit> A.B.C.D/M",
718e3744 1379 NO_STR
1380 "Add an access list entry\n"
1381 "IP zebra access-list name\n"
1382 "Specify packets to reject\n"
1383 "Specify packets to forward\n"
1384 "Prefix to match. e.g. 10.0.0.0/8\n")
1385{
c349116d
DW		 1386 int idx_word = 2;
1387 int idx_permit_deny = 3;
1388 int idx_ipv4_prefixlen = 4;
1389 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 0);
718e3744 1390}
1391
1392DEFUN (no_access_list_exact,
1393 no_access_list_exact_cmd,
6147e2c6 1394 "no access-list WORD <deny|permit> A.B.C.D/M exact-match",
718e3744 1395 NO_STR
1396 "Add an access list entry\n"
1397 "IP zebra access-list name\n"
1398 "Specify packets to reject\n"
1399 "Specify packets to forward\n"
1400 "Prefix to match. e.g. 10.0.0.0/8\n"
1401 "Exact match of the prefixes\n")
1402{
c349116d
DW		 1403 int idx_word = 2;
1404 int idx_permit_deny = 3;
1405 int idx_ipv4_prefixlen = 4;
1406 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 0);
718e3744 1407}
1408
1409DEFUN (no_access_list_any,
1410 no_access_list_any_cmd,
6147e2c6 1411 "no access-list WORD <deny|permit> any",
718e3744 1412 NO_STR
1413 "Add an access list entry\n"
1414 "IP zebra access-list name\n"
1415 "Specify packets to reject\n"
1416 "Specify packets to forward\n"
1417 "Prefix to match. e.g. 10.0.0.0/8\n")
1418{
c349116d
DW		 1419 int idx_word = 2;
1420 int idx_permit_deny = 3;
1421 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 0);
718e3744 1422}
1423
1424DEFUN (no_access_list_all,
1425 no_access_list_all_cmd,
6147e2c6 1426 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 1427 NO_STR
1428 "Add an access list entry\n"
1429 "IP standard access list\n"
1430 "IP extended access list\n"
1431 "IP standard access list (expanded range)\n"
1432 "IP extended access list (expanded range)\n"
1433 "IP zebra access-list name\n")
1434{
c349116d 1435 int idx_acl = 2;
718e3744 1436 struct access_list *access;
1437 struct access_master *master;
1438
1439 /* Looking up access_list. */
c349116d 1440 access = access_list_lookup (AFI_IP, argv[idx_acl]->arg);
718e3744 1441 if (access == NULL)
1442 {
c349116d 1443 vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_acl]->arg,
718e3744 1444 VTY_NEWLINE);
1445 return CMD_WARNING;
1446 }
1447
1448 master = access->master;
1449
518f0eb1 1450 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
718e3744 1451 /* Run hook function. */
1452 if (master->delete_hook)
1453 (*master->delete_hook) (access);
1454
6a2e0f36
SH		 1455 /* Delete all filter from access-list. */
1456 access_list_delete (access);
1457
718e3744 1458 return CMD_SUCCESS;
1459}
1460
1461DEFUN (access_list_remark,
1462 access_list_remark_cmd,
e961923c 1463 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
718e3744 1464 "Add an access list entry\n"
1465 "IP standard access list\n"
1466 "IP extended access list\n"
1467 "IP standard access list (expanded range)\n"
1468 "IP extended access list (expanded range)\n"
1469 "IP zebra access-list\n"
1470 "Access list entry comment\n"
1471 "Comment up to 100 characters\n")
1472{
c349116d 1473 int idx_acl = 1;
58749582 1474 int idx_remark = 3;
718e3744 1475 struct access_list *access;
718e3744 1476
c349116d 1477 access = access_list_get (AFI_IP, argv[idx_acl]->arg);
718e3744 1478
1479 if (access->remark)
1480 {
1481 XFREE (MTYPE_TMP, access->remark);
1482 access->remark = NULL;
1483 }
58749582 1484 access->remark = argv_concat(argv, argc, idx_remark);
718e3744 1485
1486 return CMD_SUCCESS;
1487}
1488
1489DEFUN (no_access_list_remark,
1490 no_access_list_remark_cmd,
6147e2c6 1491 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
718e3744 1492 NO_STR
1493 "Add an access list entry\n"
1494 "IP standard access list\n"
1495 "IP extended access list\n"
1496 "IP standard access list (expanded range)\n"
1497 "IP extended access list (expanded range)\n"
1498 "IP zebra access-list\n"
1499 "Access list entry comment\n")
1500{
c349116d
DW		 1501 int idx_acl = 2;
1502 return vty_access_list_remark_unset (vty, AFI_IP, argv[idx_acl]->arg);
718e3744 1503}
f667a580
QY		 1504
1505/* ALIAS_FIXME */
1506DEFUN (no_access_list_remark_comment,
1507 no_access_list_remark_comment_cmd,
1508 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1509 NO_STR
1510 "Add an access list entry\n"
1511 "IP standard access list\n"
1512 "IP extended access list\n"
1513 "IP standard access list (expanded range)\n"
1514 "IP extended access list (expanded range)\n"
1515 "IP zebra access-list\n"
1516 "Access list entry comment\n"
1517 "Comment up to 100 characters\n")
1518{
1519 return no_access_list_remark (self, vty, argc, argv);
1520}
718e3744 1521
718e3744 1522
718e3744 1523DEFUN (ipv6_access_list,
1524 ipv6_access_list_cmd,
6147e2c6 1525 "ipv6 access-list WORD <deny|permit> X:X::X:X/M",
718e3744 1526 IPV6_STR
1527 "Add an access list entry\n"
1528 "IPv6 zebra access-list\n"
1529 "Specify packets to reject\n"
1530 "Specify packets to forward\n"
5435e6e8 1531 "IPv6 prefix\n")
718e3744 1532{
5435e6e8
QY		 1533 int idx = 0;
1534 char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL;
1535 char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL;
1536 return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 0, 1);
718e3744 1537}
1538
1539DEFUN (ipv6_access_list_exact,
1540 ipv6_access_list_exact_cmd,
6147e2c6 1541 "ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
718e3744 1542 IPV6_STR
1543 "Add an access list entry\n"
1544 "IPv6 zebra access-list\n"
1545 "Specify packets to reject\n"
1546 "Specify packets to forward\n"
5435e6e8 1547 "IPv6 prefix\n"
718e3744 1548 "Exact match of the prefixes\n")
1549{
5435e6e8
QY		 1550 int idx = 0;
1551 char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL;
1552 char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL;
1553 return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 1, 1);
718e3744 1554}
1555
1556DEFUN (ipv6_access_list_any,
1557 ipv6_access_list_any_cmd,
6147e2c6 1558 "ipv6 access-list WORD <deny|permit> any",
718e3744 1559 IPV6_STR
1560 "Add an access list entry\n"
1561 "IPv6 zebra access-list\n"
1562 "Specify packets to reject\n"
1563 "Specify packets to forward\n"
1564 "Any prefixi to match\n")
1565{
c349116d
DW		 1566 int idx_word = 2;
1567 int idx_permit_deny = 3;
1568 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 1);
718e3744 1569}
1570
1571DEFUN (no_ipv6_access_list,
1572 no_ipv6_access_list_cmd,
6147e2c6 1573 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M",
718e3744 1574 NO_STR
1575 IPV6_STR
1576 "Add an access list entry\n"
1577 "IPv6 zebra access-list\n"
1578 "Specify packets to reject\n"
1579 "Specify packets to forward\n"
1580 "Prefix to match. e.g. 3ffe:506::/32\n")
1581{
c349116d
DW		 1582 int idx_word = 3;
1583 int idx_permit_deny = 4;
1584 int idx_ipv6_prefixlen = 5;
1585 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 0, 0);
718e3744 1586}
1587
1588DEFUN (no_ipv6_access_list_exact,
1589 no_ipv6_access_list_exact_cmd,
6147e2c6 1590 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
718e3744 1591 NO_STR
1592 IPV6_STR
1593 "Add an access list entry\n"
1594 "IPv6 zebra access-list\n"
1595 "Specify packets to reject\n"
1596 "Specify packets to forward\n"
1597 "Prefix to match. e.g. 3ffe:506::/32\n"
1598 "Exact match of the prefixes\n")
1599{
c349116d
DW		 1600 int idx_word = 3;
1601 int idx_permit_deny = 4;
1602 int idx_ipv6_prefixlen = 5;
1603 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 1, 0);
718e3744 1604}
1605
1606DEFUN (no_ipv6_access_list_any,
1607 no_ipv6_access_list_any_cmd,
6147e2c6 1608 "no ipv6 access-list WORD <deny|permit> any",
718e3744 1609 NO_STR
1610 IPV6_STR
1611 "Add an access list entry\n"
1612 "IPv6 zebra access-list\n"
1613 "Specify packets to reject\n"
1614 "Specify packets to forward\n"
1615 "Any prefixi to match\n")
1616{
c349116d
DW		 1617 int idx_word = 3;
1618 int idx_permit_deny = 4;
1619 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 0);
718e3744 1620}
1621
1622
1623DEFUN (no_ipv6_access_list_all,
1624 no_ipv6_access_list_all_cmd,
1625 "no ipv6 access-list WORD",
1626 NO_STR
1627 IPV6_STR
1628 "Add an access list entry\n"
1629 "IPv6 zebra access-list\n")
1630{
c349116d 1631 int idx_word = 3;
718e3744 1632 struct access_list *access;
1633 struct access_master *master;
1634
1635 /* Looking up access_list. */
c349116d 1636 access = access_list_lookup (AFI_IP6, argv[idx_word]->arg);
718e3744 1637 if (access == NULL)
1638 {
c349116d 1639 vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_word]->arg,
718e3744 1640 VTY_NEWLINE);
1641 return CMD_WARNING;
1642 }
1643
1644 master = access->master;
1645
518f0eb1 1646 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
718e3744 1647 /* Run hook function. */
1648 if (master->delete_hook)
1649 (*master->delete_hook) (access);
1650
6a2e0f36
SH		 1651 /* Delete all filter from access-list. */
1652 access_list_delete (access);
1653
718e3744 1654 return CMD_SUCCESS;
1655}
1656
1657DEFUN (ipv6_access_list_remark,
1658 ipv6_access_list_remark_cmd,
e961923c 1659 "ipv6 access-list WORD remark LINE...",
718e3744 1660 IPV6_STR
1661 "Add an access list entry\n"
1662 "IPv6 zebra access-list\n"
1663 "Access list entry comment\n"
1664 "Comment up to 100 characters\n")
1665{
c349116d 1666 int idx_word = 2;
58749582 1667 int idx_line = 4;
718e3744 1668 struct access_list *access;
718e3744 1669
c349116d 1670 access = access_list_get (AFI_IP6, argv[idx_word]->arg);
718e3744 1671
1672 if (access->remark)
1673 {
1674 XFREE (MTYPE_TMP, access->remark);
1675 access->remark = NULL;
1676 }
58749582 1677 access->remark = argv_concat(argv, argc, idx_line);
718e3744 1678
1679 return CMD_SUCCESS;
1680}
1681
1682DEFUN (no_ipv6_access_list_remark,
1683 no_ipv6_access_list_remark_cmd,
1684 "no ipv6 access-list WORD remark",
1685 NO_STR
1686 IPV6_STR
1687 "Add an access list entry\n"
1688 "IPv6 zebra access-list\n"
1689 "Access list entry comment\n")
1690{
c349116d
DW		 1691 int idx_word = 3;
1692 return vty_access_list_remark_unset (vty, AFI_IP6, argv[idx_word]->arg);
718e3744 1693}
f667a580
QY		 1694
1695/* ALIAS_FIXME */
1696DEFUN (no_ipv6_access_list_remark_comment,
1697 no_ipv6_access_list_remark_comment_cmd,
1698 "no ipv6 access-list WORD remark LINE...",
1699 NO_STR
1700 IPV6_STR
1701 "Add an access list entry\n"
1702 "IPv6 zebra access-list\n"
1703 "Access list entry comment\n"
1704 "Comment up to 100 characters\n")
1705{
1706 return no_ipv6_access_list_remark (self, vty, argc, argv);
1707}
718e3744 1708
1709void config_write_access_zebra (struct vty *, struct filter *);
1710void config_write_access_cisco (struct vty *, struct filter *);
1711
1712/* show access-list command. */
8cc4198f 1713static int
9035efaa 1714filter_show (struct vty *vty, const char *name, afi_t afi)
718e3744 1715{
1716 struct access_list *access;
1717 struct access_master *master;
1718 struct filter *mfilter;
1719 struct filter_cisco *filter;
1720 int write = 0;
1721
1722 master = access_master_get (afi);
1723 if (master == NULL)
1724 return 0;
1725
fbf5d033 1726 /* Print the name of the protocol */
1727 if (zlog_default)
1728 vty_out (vty, "%s:%s",
1729 zlog_proto_names[zlog_default->protocol], VTY_NEWLINE);
1730
718e3744 1731 for (access = master->num.head; access; access = access->next)
1732 {
1733 if (name && strcmp (access->name, name) != 0)
1734 continue;
1735
1736 write = 1;
1737
1738 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1739 {
1740 filter = &mfilter->u.cfilter;
1741
1742 if (write)
1743 {
1744 vty_out (vty, "%s IP%s access list %s%s",
1745 mfilter->cisco ?
1746 (filter->extended ? "Extended" : "Standard") : "Zebra",
1747 afi == AFI_IP6 ? "v6" : "",
1748 access->name, VTY_NEWLINE);
1749 write = 0;
1750 }
1751
1752 vty_out (vty, " %s%s", filter_type_str (mfilter),
1753 mfilter->type == FILTER_DENY ? " " : "");
1754
1755 if (! mfilter->cisco)
1756 config_write_access_zebra (vty, mfilter);
1757 else if (filter->extended)
1758 config_write_access_cisco (vty, mfilter);
1759 else
1760 {
1761 if (filter->addr_mask.s_addr == 0xffffffff)
1762 vty_out (vty, " any%s", VTY_NEWLINE);
1763 else
1764 {
1765 vty_out (vty, " %s", inet_ntoa (filter->addr));
1766 if (filter->addr_mask.s_addr != 0)
1767 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1768 vty_out (vty, "%s", VTY_NEWLINE);
1769 }
1770 }
1771 }
1772 }
1773
1774 for (access = master->str.head; access; access = access->next)
1775 {
1776 if (name && strcmp (access->name, name) != 0)
1777 continue;
1778
1779 write = 1;
1780
1781 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1782 {
1783 filter = &mfilter->u.cfilter;
1784
1785 if (write)
1786 {
1787 vty_out (vty, "%s IP%s access list %s%s",
1788 mfilter->cisco ?
1789 (filter->extended ? "Extended" : "Standard") : "Zebra",
1790 afi == AFI_IP6 ? "v6" : "",
1791 access->name, VTY_NEWLINE);
1792 write = 0;
1793 }
1794
1795 vty_out (vty, " %s%s", filter_type_str (mfilter),
1796 mfilter->type == FILTER_DENY ? " " : "");
1797
1798 if (! mfilter->cisco)
1799 config_write_access_zebra (vty, mfilter);
1800 else if (filter->extended)
1801 config_write_access_cisco (vty, mfilter);
1802 else
1803 {
1804 if (filter->addr_mask.s_addr == 0xffffffff)
1805 vty_out (vty, " any%s", VTY_NEWLINE);
1806 else
1807 {
1808 vty_out (vty, " %s", inet_ntoa (filter->addr));
1809 if (filter->addr_mask.s_addr != 0)
1810 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1811 vty_out (vty, "%s", VTY_NEWLINE);
1812 }
1813 }
1814 }
1815 }
1816 return CMD_SUCCESS;
1817}
1818
1819DEFUN (show_ip_access_list,
1820 show_ip_access_list_cmd,
1821 "show ip access-list",
1822 SHOW_STR
1823 IP_STR
1824 "List IP access lists\n")
1825{
1826 return filter_show (vty, NULL, AFI_IP);
1827}
1828
1829DEFUN (show_ip_access_list_name,
1830 show_ip_access_list_name_cmd,
6147e2c6 1831 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
718e3744 1832 SHOW_STR
1833 IP_STR
1834 "List IP access lists\n"
1835 "IP standard access list\n"
1836 "IP extended access list\n"
1837 "IP standard access list (expanded range)\n"
1838 "IP extended access list (expanded range)\n"
1839 "IP zebra access-list\n")
1840{
c349116d
DW		 1841 int idx_acl = 3;
1842 return filter_show (vty, argv[idx_acl]->arg, AFI_IP);
718e3744 1843}
1844
718e3744 1845DEFUN (show_ipv6_access_list,
1846 show_ipv6_access_list_cmd,
1847 "show ipv6 access-list",
1848 SHOW_STR
1849 IPV6_STR
1850 "List IPv6 access lists\n")
1851{
1852 return filter_show (vty, NULL, AFI_IP6);
1853}
1854
1855DEFUN (show_ipv6_access_list_name,
1856 show_ipv6_access_list_name_cmd,
1857 "show ipv6 access-list WORD",
1858 SHOW_STR
1859 IPV6_STR
1860 "List IPv6 access lists\n"
1861 "IPv6 zebra access-list\n")
1862{
c349116d
DW		 1863 int idx_word = 3;
1864 return filter_show (vty, argv[idx_word]->arg, AFI_IP6);
718e3744 1865}
718e3744 1866
1867void
1868config_write_access_cisco (struct vty *vty, struct filter *mfilter)
1869{
1870 struct filter_cisco *filter;
1871
1872 filter = &mfilter->u.cfilter;
1873
1874 if (filter->extended)
1875 {
1876 vty_out (vty, " ip");
1877 if (filter->addr_mask.s_addr == 0xffffffff)
1878 vty_out (vty, " any");
1879 else if (filter->addr_mask.s_addr == 0)
1880 vty_out (vty, " host %s", inet_ntoa (filter->addr));
1881 else
1882 {
1883 vty_out (vty, " %s", inet_ntoa (filter->addr));
1884 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1885 }
1886
1887 if (filter->mask_mask.s_addr == 0xffffffff)
1888 vty_out (vty, " any");
1889 else if (filter->mask_mask.s_addr == 0)
1890 vty_out (vty, " host %s", inet_ntoa (filter->mask));
1891 else
1892 {
1893 vty_out (vty, " %s", inet_ntoa (filter->mask));
1894 vty_out (vty, " %s", inet_ntoa (filter->mask_mask));
1895 }
1896 vty_out (vty, "%s", VTY_NEWLINE);
1897 }
1898 else
1899 {
1900 if (filter->addr_mask.s_addr == 0xffffffff)
1901 vty_out (vty, " any%s", VTY_NEWLINE);
1902 else
1903 {
1904 vty_out (vty, " %s", inet_ntoa (filter->addr));
1905 if (filter->addr_mask.s_addr != 0)
1906 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1907 vty_out (vty, "%s", VTY_NEWLINE);
1908 }
1909 }
1910}
1911
1912void
1913config_write_access_zebra (struct vty *vty, struct filter *mfilter)
1914{
1915 struct filter_zebra *filter;
1916 struct prefix *p;
1917 char buf[BUFSIZ];
1918
1919 filter = &mfilter->u.zfilter;
1920 p = &filter->prefix;
1921
1922 if (p->prefixlen == 0 && ! filter->exact)
1923 vty_out (vty, " any");
1924 else
1925 vty_out (vty, " %s/%d%s",
1926 inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
1927 p->prefixlen,
1928 filter->exact ? " exact-match" : "");
1929
1930 vty_out (vty, "%s", VTY_NEWLINE);
1931}
1932
8cc4198f 1933static int
718e3744 1934config_write_access (struct vty *vty, afi_t afi)
1935{
1936 struct access_list *access;
1937 struct access_master *master;
1938 struct filter *mfilter;
1939 int write = 0;
1940
1941 master = access_master_get (afi);
1942 if (master == NULL)
1943 return 0;
1944
1945 for (access = master->num.head; access; access = access->next)
1946 {
1947 if (access->remark)
1948 {
1949 vty_out (vty, "%saccess-list %s remark %s%s",
1950 afi == AFI_IP ? "" : "ipv6 ",
1951 access->name, access->remark,
1952 VTY_NEWLINE);
1953 write++;
1954 }
1955
1956 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1957 {
1958 vty_out (vty, "%saccess-list %s %s",
1959 afi == AFI_IP ? "" : "ipv6 ",
1960 access->name,
1961 filter_type_str (mfilter));
1962
1963 if (mfilter->cisco)
1964 config_write_access_cisco (vty, mfilter);
1965 else
1966 config_write_access_zebra (vty, mfilter);
1967
1968 write++;
1969 }
1970 }
1971
1972 for (access = master->str.head; access; access = access->next)
1973 {
1974 if (access->remark)
1975 {
1976 vty_out (vty, "%saccess-list %s remark %s%s",
1977 afi == AFI_IP ? "" : "ipv6 ",
1978 access->name, access->remark,
1979 VTY_NEWLINE);
1980 write++;
1981 }
1982
1983 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1984 {
1985 vty_out (vty, "%saccess-list %s %s",
1986 afi == AFI_IP ? "" : "ipv6 ",
1987 access->name,
1988 filter_type_str (mfilter));
1989
1990 if (mfilter->cisco)
1991 config_write_access_cisco (vty, mfilter);
1992 else
1993 config_write_access_zebra (vty, mfilter);
1994
1995 write++;
1996 }
1997 }
1998 return write;
1999}
2000
2001/* Access-list node. */
7fc626de 2002static struct cmd_node access_node =
718e3744 2003{
2004 ACCESS_NODE,
2005 "", /* Access list has no interface. */
2006 1
2007};
2008
8cc4198f 2009static int
718e3744 2010config_write_access_ipv4 (struct vty *vty)
2011{
2012 return config_write_access (vty, AFI_IP);
2013}
2014
8cc4198f 2015static void
2016access_list_reset_ipv4 (void)
718e3744 2017{
2018 struct access_list *access;
2019 struct access_list *next;
2020 struct access_master *master;
2021
2022 master = access_master_get (AFI_IP);
2023 if (master == NULL)
2024 return;
2025
2026 for (access = master->num.head; access; access = next)
2027 {
2028 next = access->next;
2029 access_list_delete (access);
2030 }
2031 for (access = master->str.head; access; access = next)
2032 {
2033 next = access->next;
2034 access_list_delete (access);
2035 }
2036
2037 assert (master->num.head == NULL);
2038 assert (master->num.tail == NULL);
2039
2040 assert (master->str.head == NULL);
2041 assert (master->str.tail == NULL);
2042}
2043
2044/* Install vty related command. */
8cc4198f 2045static void
2046access_list_init_ipv4 (void)
718e3744 2047{
2048 install_node (&access_node, config_write_access_ipv4);
2049
2050 install_element (ENABLE_NODE, &show_ip_access_list_cmd);
2051 install_element (ENABLE_NODE, &show_ip_access_list_name_cmd);
2052
2053 /* Zebra access-list */
2054 install_element (CONFIG_NODE, &access_list_cmd);
2055 install_element (CONFIG_NODE, &access_list_exact_cmd);
2056 install_element (CONFIG_NODE, &access_list_any_cmd);
2057 install_element (CONFIG_NODE, &no_access_list_cmd);
2058 install_element (CONFIG_NODE, &no_access_list_exact_cmd);
2059 install_element (CONFIG_NODE, &no_access_list_any_cmd);
2060
2061 /* Standard access-list */
2062 install_element (CONFIG_NODE, &access_list_standard_cmd);
2063 install_element (CONFIG_NODE, &access_list_standard_nomask_cmd);
2064 install_element (CONFIG_NODE, &access_list_standard_host_cmd);
2065 install_element (CONFIG_NODE, &access_list_standard_any_cmd);
2066 install_element (CONFIG_NODE, &no_access_list_standard_cmd);
2067 install_element (CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2068 install_element (CONFIG_NODE, &no_access_list_standard_host_cmd);
2069 install_element (CONFIG_NODE, &no_access_list_standard_any_cmd);
2070
2071 /* Extended access-list */
2072 install_element (CONFIG_NODE, &access_list_extended_cmd);
2073 install_element (CONFIG_NODE, &access_list_extended_any_mask_cmd);
2074 install_element (CONFIG_NODE, &access_list_extended_mask_any_cmd);
2075 install_element (CONFIG_NODE, &access_list_extended_any_any_cmd);
2076 install_element (CONFIG_NODE, &access_list_extended_host_mask_cmd);
2077 install_element (CONFIG_NODE, &access_list_extended_mask_host_cmd);
2078 install_element (CONFIG_NODE, &access_list_extended_host_host_cmd);
2079 install_element (CONFIG_NODE, &access_list_extended_any_host_cmd);
2080 install_element (CONFIG_NODE, &access_list_extended_host_any_cmd);
2081 install_element (CONFIG_NODE, &no_access_list_extended_cmd);
2082 install_element (CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2083 install_element (CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2084 install_element (CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2085 install_element (CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2086 install_element (CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2087 install_element (CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2088 install_element (CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2089 install_element (CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2090
2091 install_element (CONFIG_NODE, &access_list_remark_cmd);
2092 install_element (CONFIG_NODE, &no_access_list_all_cmd);
2093 install_element (CONFIG_NODE, &no_access_list_remark_cmd);
f667a580 2094 install_element (CONFIG_NODE, &no_access_list_remark_comment_cmd);
718e3744 2095}
2096
7fc626de 2097static struct cmd_node access_ipv6_node =
718e3744 2098{
2099 ACCESS_IPV6_NODE,
2100 "",
2101 1
2102};
2103
8cc4198f 2104static int
718e3744 2105config_write_access_ipv6 (struct vty *vty)
2106{
2107 return config_write_access (vty, AFI_IP6);
2108}
2109
8cc4198f 2110static void
2111access_list_reset_ipv6 (void)
718e3744 2112{
2113 struct access_list *access;
2114 struct access_list *next;
2115 struct access_master *master;
2116
2117 master = access_master_get (AFI_IP6);
2118 if (master == NULL)
2119 return;
2120
2121 for (access = master->num.head; access; access = next)
2122 {
2123 next = access->next;
2124 access_list_delete (access);
2125 }
2126 for (access = master->str.head; access; access = next)
2127 {
2128 next = access->next;
2129 access_list_delete (access);
2130 }
2131
2132 assert (master->num.head == NULL);
2133 assert (master->num.tail == NULL);
2134
2135 assert (master->str.head == NULL);
2136 assert (master->str.tail == NULL);
2137}
2138
8cc4198f 2139static void
2140access_list_init_ipv6 (void)
718e3744 2141{
2142 install_node (&access_ipv6_node, config_write_access_ipv6);
2143
2144 install_element (ENABLE_NODE, &show_ipv6_access_list_cmd);
2145 install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd);
2146
2147 install_element (CONFIG_NODE, &ipv6_access_list_cmd);
2148 install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd);
2149 install_element (CONFIG_NODE, &ipv6_access_list_any_cmd);
2150 install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2151 install_element (CONFIG_NODE, &no_ipv6_access_list_cmd);
2152 install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd);
2153
2154 install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd);
2155 install_element (CONFIG_NODE, &ipv6_access_list_remark_cmd);
2156 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
f667a580 2157 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
718e3744 2158}
718e3744 2159
2160void
2161access_list_init ()
2162{
2163 access_list_init_ipv4 ();
718e3744 2164 access_list_init_ipv6();
718e3744 2165}
2166
2167void
2168access_list_reset ()
2169{
2170 access_list_reset_ipv4 ();
718e3744 2171 access_list_reset_ipv6();
718e3744 2172}
FRRouting mirror