]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* Route filtering function. |
2 | * Copyright (C) 1998, 1999 Kunihiro Ishiguro | |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published | |
8 | * by the Free Software Foundation; either version 2, or (at your | |
9 | * option) any later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with GNU Zebra; see the file COPYING. If not, write to the | |
18 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, | |
19 | * Boston, MA 02111-1307, USA. | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
23 | ||
24 | #include "prefix.h" | |
25 | #include "filter.h" | |
26 | #include "memory.h" | |
27 | #include "command.h" | |
28 | #include "sockunion.h" | |
29 | #include "buffer.h" | |
fbf5d033 | 30 | #include "log.h" |
518f0eb1 | 31 | #include "routemap.h" |
718e3744 | 32 | |
4a1ab8e4 DL |
33 | DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List") |
34 | DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str") | |
35 | DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter") | |
36 | ||
718e3744 | 37 | struct filter_cisco |
38 | { | |
39 | /* Cisco access-list */ | |
40 | int extended; | |
41 | struct in_addr addr; | |
42 | struct in_addr addr_mask; | |
43 | struct in_addr mask; | |
44 | struct in_addr mask_mask; | |
45 | }; | |
46 | ||
47 | struct filter_zebra | |
48 | { | |
49 | /* If this filter is "exact" match then this flag is set. */ | |
50 | int exact; | |
51 | ||
52 | /* Prefix information. */ | |
53 | struct prefix prefix; | |
54 | }; | |
55 | ||
56 | /* Filter element of access list */ | |
57 | struct filter | |
58 | { | |
59 | /* For doubly linked list. */ | |
60 | struct filter *next; | |
61 | struct filter *prev; | |
62 | ||
63 | /* Filter type information. */ | |
64 | enum filter_type type; | |
65 | ||
66 | /* Cisco access-list */ | |
67 | int cisco; | |
68 | ||
69 | union | |
70 | { | |
71 | struct filter_cisco cfilter; | |
72 | struct filter_zebra zfilter; | |
73 | } u; | |
74 | }; | |
75 | ||
76 | /* List of access_list. */ | |
77 | struct access_list_list | |
78 | { | |
79 | struct access_list *head; | |
80 | struct access_list *tail; | |
81 | }; | |
82 | ||
83 | /* Master structure of access_list. */ | |
84 | struct access_master | |
85 | { | |
86 | /* List of access_list which name is number. */ | |
87 | struct access_list_list num; | |
88 | ||
89 | /* List of access_list which name is string. */ | |
90 | struct access_list_list str; | |
91 | ||
92 | /* Hook function which is executed when new access_list is added. */ | |
8cc4198f | 93 | void (*add_hook) (struct access_list *); |
718e3744 | 94 | |
95 | /* Hook function which is executed when access_list is deleted. */ | |
8cc4198f | 96 | void (*delete_hook) (struct access_list *); |
718e3744 | 97 | }; |
98 | ||
99 | /* Static structure for IPv4 access_list's master. */ | |
100 | static struct access_master access_master_ipv4 = | |
101 | { | |
102 | {NULL, NULL}, | |
103 | {NULL, NULL}, | |
104 | NULL, | |
105 | NULL, | |
106 | }; | |
107 | ||
718e3744 | 108 | /* Static structure for IPv6 access_list's master. */ |
109 | static struct access_master access_master_ipv6 = | |
110 | { | |
111 | {NULL, NULL}, | |
112 | {NULL, NULL}, | |
113 | NULL, | |
114 | NULL, | |
115 | }; | |
6b0655a2 | 116 | |
8cc4198f | 117 | static struct access_master * |
718e3744 | 118 | access_master_get (afi_t afi) |
119 | { | |
120 | if (afi == AFI_IP) | |
121 | return &access_master_ipv4; | |
718e3744 | 122 | else if (afi == AFI_IP6) |
123 | return &access_master_ipv6; | |
718e3744 | 124 | return NULL; |
125 | } | |
126 | ||
127 | /* Allocate new filter structure. */ | |
8cc4198f | 128 | static struct filter * |
129 | filter_new (void) | |
718e3744 | 130 | { |
131 | return (struct filter *) XCALLOC (MTYPE_ACCESS_FILTER, | |
132 | sizeof (struct filter)); | |
133 | } | |
134 | ||
8cc4198f | 135 | static void |
718e3744 | 136 | filter_free (struct filter *filter) |
137 | { | |
138 | XFREE (MTYPE_ACCESS_FILTER, filter); | |
139 | } | |
140 | ||
141 | /* Return string of filter_type. */ | |
30a2231a | 142 | static const char * |
718e3744 | 143 | filter_type_str (struct filter *filter) |
144 | { | |
145 | switch (filter->type) | |
146 | { | |
147 | case FILTER_PERMIT: | |
148 | return "permit"; | |
149 | break; | |
150 | case FILTER_DENY: | |
151 | return "deny"; | |
152 | break; | |
153 | case FILTER_DYNAMIC: | |
154 | return "dynamic"; | |
155 | break; | |
156 | default: | |
157 | return ""; | |
158 | break; | |
159 | } | |
160 | } | |
161 | ||
162 | /* If filter match to the prefix then return 1. */ | |
163 | static int | |
164 | filter_match_cisco (struct filter *mfilter, struct prefix *p) | |
165 | { | |
166 | struct filter_cisco *filter; | |
167 | struct in_addr mask; | |
168 | u_int32_t check_addr; | |
169 | u_int32_t check_mask; | |
170 | ||
171 | filter = &mfilter->u.cfilter; | |
172 | check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr; | |
173 | ||
174 | if (filter->extended) | |
175 | { | |
176 | masklen2ip (p->prefixlen, &mask); | |
177 | check_mask = mask.s_addr & ~filter->mask_mask.s_addr; | |
178 | ||
179 | if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0 | |
180 | && memcmp (&check_mask, &filter->mask.s_addr, 4) == 0) | |
181 | return 1; | |
182 | } | |
183 | else if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0) | |
184 | return 1; | |
185 | ||
186 | return 0; | |
187 | } | |
188 | ||
189 | /* If filter match to the prefix then return 1. */ | |
190 | static int | |
191 | filter_match_zebra (struct filter *mfilter, struct prefix *p) | |
192 | { | |
193 | struct filter_zebra *filter; | |
194 | ||
195 | filter = &mfilter->u.zfilter; | |
196 | ||
197 | if (filter->prefix.family == p->family) | |
198 | { | |
199 | if (filter->exact) | |
200 | { | |
201 | if (filter->prefix.prefixlen == p->prefixlen) | |
202 | return prefix_match (&filter->prefix, p); | |
203 | else | |
204 | return 0; | |
205 | } | |
206 | else | |
207 | return prefix_match (&filter->prefix, p); | |
208 | } | |
209 | else | |
210 | return 0; | |
211 | } | |
6b0655a2 | 212 | |
718e3744 | 213 | /* Allocate new access list structure. */ |
8cc4198f | 214 | static struct access_list * |
215 | access_list_new (void) | |
718e3744 | 216 | { |
217 | return (struct access_list *) XCALLOC (MTYPE_ACCESS_LIST, | |
218 | sizeof (struct access_list)); | |
219 | } | |
220 | ||
221 | /* Free allocated access_list. */ | |
8cc4198f | 222 | static void |
718e3744 | 223 | access_list_free (struct access_list *access) |
224 | { | |
225 | XFREE (MTYPE_ACCESS_LIST, access); | |
226 | } | |
227 | ||
228 | /* Delete access_list from access_master and free it. */ | |
8cc4198f | 229 | static void |
718e3744 | 230 | access_list_delete (struct access_list *access) |
231 | { | |
232 | struct filter *filter; | |
233 | struct filter *next; | |
234 | struct access_list_list *list; | |
235 | struct access_master *master; | |
236 | ||
237 | for (filter = access->head; filter; filter = next) | |
238 | { | |
239 | next = filter->next; | |
240 | filter_free (filter); | |
241 | } | |
242 | ||
243 | master = access->master; | |
244 | ||
245 | if (access->type == ACCESS_TYPE_NUMBER) | |
246 | list = &master->num; | |
247 | else | |
248 | list = &master->str; | |
249 | ||
250 | if (access->next) | |
251 | access->next->prev = access->prev; | |
252 | else | |
253 | list->tail = access->prev; | |
254 | ||
255 | if (access->prev) | |
256 | access->prev->next = access->next; | |
257 | else | |
258 | list->head = access->next; | |
259 | ||
260 | if (access->name) | |
261 | XFREE (MTYPE_ACCESS_LIST_STR, access->name); | |
262 | ||
263 | if (access->remark) | |
264 | XFREE (MTYPE_TMP, access->remark); | |
265 | ||
266 | access_list_free (access); | |
267 | } | |
268 | ||
269 | /* Insert new access list to list of access_list. Each acceess_list | |
270 | is sorted by the name. */ | |
8cc4198f | 271 | static struct access_list * |
8c328f11 | 272 | access_list_insert (afi_t afi, const char *name) |
718e3744 | 273 | { |
8c328f11 | 274 | unsigned int i; |
718e3744 | 275 | long number; |
276 | struct access_list *access; | |
277 | struct access_list *point; | |
278 | struct access_list_list *alist; | |
279 | struct access_master *master; | |
280 | ||
281 | master = access_master_get (afi); | |
282 | if (master == NULL) | |
283 | return NULL; | |
284 | ||
285 | /* Allocate new access_list and copy given name. */ | |
286 | access = access_list_new (); | |
287 | access->name = XSTRDUP (MTYPE_ACCESS_LIST_STR, name); | |
288 | access->master = master; | |
289 | ||
290 | /* If name is made by all digit character. We treat it as | |
291 | number. */ | |
292 | for (number = 0, i = 0; i < strlen (name); i++) | |
293 | { | |
294 | if (isdigit ((int) name[i])) | |
295 | number = (number * 10) + (name[i] - '0'); | |
296 | else | |
297 | break; | |
298 | } | |
299 | ||
300 | /* In case of name is all digit character */ | |
301 | if (i == strlen (name)) | |
302 | { | |
303 | access->type = ACCESS_TYPE_NUMBER; | |
304 | ||
305 | /* Set access_list to number list. */ | |
306 | alist = &master->num; | |
307 | ||
308 | for (point = alist->head; point; point = point->next) | |
309 | if (atol (point->name) >= number) | |
310 | break; | |
311 | } | |
312 | else | |
313 | { | |
314 | access->type = ACCESS_TYPE_STRING; | |
315 | ||
316 | /* Set access_list to string list. */ | |
317 | alist = &master->str; | |
318 | ||
319 | /* Set point to insertion point. */ | |
320 | for (point = alist->head; point; point = point->next) | |
321 | if (strcmp (point->name, name) >= 0) | |
322 | break; | |
323 | } | |
324 | ||
325 | /* In case of this is the first element of master. */ | |
326 | if (alist->head == NULL) | |
327 | { | |
328 | alist->head = alist->tail = access; | |
329 | return access; | |
330 | } | |
331 | ||
332 | /* In case of insertion is made at the tail of access_list. */ | |
333 | if (point == NULL) | |
334 | { | |
335 | access->prev = alist->tail; | |
336 | alist->tail->next = access; | |
337 | alist->tail = access; | |
338 | return access; | |
339 | } | |
340 | ||
341 | /* In case of insertion is made at the head of access_list. */ | |
342 | if (point == alist->head) | |
343 | { | |
344 | access->next = alist->head; | |
345 | alist->head->prev = access; | |
346 | alist->head = access; | |
347 | return access; | |
348 | } | |
349 | ||
350 | /* Insertion is made at middle of the access_list. */ | |
351 | access->next = point; | |
352 | access->prev = point->prev; | |
353 | ||
354 | if (point->prev) | |
355 | point->prev->next = access; | |
356 | point->prev = access; | |
357 | ||
358 | return access; | |
359 | } | |
360 | ||
361 | /* Lookup access_list from list of access_list by name. */ | |
362 | struct access_list * | |
8c328f11 | 363 | access_list_lookup (afi_t afi, const char *name) |
718e3744 | 364 | { |
365 | struct access_list *access; | |
366 | struct access_master *master; | |
367 | ||
368 | if (name == NULL) | |
369 | return NULL; | |
370 | ||
371 | master = access_master_get (afi); | |
372 | if (master == NULL) | |
373 | return NULL; | |
374 | ||
375 | for (access = master->num.head; access; access = access->next) | |
376 | if (strcmp (access->name, name) == 0) | |
377 | return access; | |
378 | ||
379 | for (access = master->str.head; access; access = access->next) | |
380 | if (strcmp (access->name, name) == 0) | |
381 | return access; | |
382 | ||
383 | return NULL; | |
384 | } | |
385 | ||
386 | /* Get access list from list of access_list. If there isn't matched | |
387 | access_list create new one and return it. */ | |
8cc4198f | 388 | static struct access_list * |
8c328f11 | 389 | access_list_get (afi_t afi, const char *name) |
718e3744 | 390 | { |
391 | struct access_list *access; | |
392 | ||
393 | access = access_list_lookup (afi, name); | |
394 | if (access == NULL) | |
395 | access = access_list_insert (afi, name); | |
396 | return access; | |
397 | } | |
398 | ||
399 | /* Apply access list to object (which should be struct prefix *). */ | |
400 | enum filter_type | |
401 | access_list_apply (struct access_list *access, void *object) | |
402 | { | |
403 | struct filter *filter; | |
404 | struct prefix *p; | |
405 | ||
406 | p = (struct prefix *) object; | |
407 | ||
408 | if (access == NULL) | |
409 | return FILTER_DENY; | |
410 | ||
411 | for (filter = access->head; filter; filter = filter->next) | |
412 | { | |
413 | if (filter->cisco) | |
414 | { | |
415 | if (filter_match_cisco (filter, p)) | |
416 | return filter->type; | |
417 | } | |
418 | else | |
419 | { | |
420 | if (filter_match_zebra (filter, p)) | |
421 | return filter->type; | |
422 | } | |
423 | } | |
424 | ||
425 | return FILTER_DENY; | |
426 | } | |
427 | ||
428 | /* Add hook function. */ | |
429 | void | |
430 | access_list_add_hook (void (*func) (struct access_list *access)) | |
431 | { | |
432 | access_master_ipv4.add_hook = func; | |
718e3744 | 433 | access_master_ipv6.add_hook = func; |
718e3744 | 434 | } |
435 | ||
436 | /* Delete hook function. */ | |
437 | void | |
438 | access_list_delete_hook (void (*func) (struct access_list *access)) | |
439 | { | |
440 | access_master_ipv4.delete_hook = func; | |
718e3744 | 441 | access_master_ipv6.delete_hook = func; |
718e3744 | 442 | } |
443 | ||
444 | /* Add new filter to the end of specified access_list. */ | |
8cc4198f | 445 | static void |
718e3744 | 446 | access_list_filter_add (struct access_list *access, struct filter *filter) |
447 | { | |
448 | filter->next = NULL; | |
449 | filter->prev = access->tail; | |
450 | ||
451 | if (access->tail) | |
452 | access->tail->next = filter; | |
453 | else | |
454 | access->head = filter; | |
455 | access->tail = filter; | |
456 | ||
457 | /* Run hook function. */ | |
458 | if (access->master->add_hook) | |
459 | (*access->master->add_hook) (access); | |
518f0eb1 | 460 | route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED); |
718e3744 | 461 | } |
462 | ||
463 | /* If access_list has no filter then return 1. */ | |
464 | static int | |
465 | access_list_empty (struct access_list *access) | |
466 | { | |
467 | if (access->head == NULL && access->tail == NULL) | |
468 | return 1; | |
469 | else | |
470 | return 0; | |
471 | } | |
472 | ||
473 | /* Delete filter from specified access_list. If there is hook | |
474 | function execute it. */ | |
8cc4198f | 475 | static void |
718e3744 | 476 | access_list_filter_delete (struct access_list *access, struct filter *filter) |
477 | { | |
478 | struct access_master *master; | |
479 | ||
480 | master = access->master; | |
481 | ||
482 | if (filter->next) | |
483 | filter->next->prev = filter->prev; | |
484 | else | |
485 | access->tail = filter->prev; | |
486 | ||
487 | if (filter->prev) | |
488 | filter->prev->next = filter->next; | |
489 | else | |
490 | access->head = filter->next; | |
491 | ||
492 | filter_free (filter); | |
493 | ||
518f0eb1 | 494 | route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED); |
718e3744 | 495 | /* Run hook function. */ |
496 | if (master->delete_hook) | |
497 | (*master->delete_hook) (access); | |
683de05f DV |
498 | |
499 | /* If access_list becomes empty delete it from access_master. */ | |
500 | if (access_list_empty (access)) | |
501 | access_list_delete (access); | |
718e3744 | 502 | } |
6b0655a2 | 503 | |
718e3744 | 504 | /* |
505 | deny Specify packets to reject | |
506 | permit Specify packets to forward | |
507 | dynamic ? | |
508 | */ | |
509 | ||
510 | /* | |
511 | Hostname or A.B.C.D Address to match | |
512 | any Any source host | |
513 | host A single host address | |
514 | */ | |
515 | ||
8cc4198f | 516 | static struct filter * |
718e3744 | 517 | filter_lookup_cisco (struct access_list *access, struct filter *mnew) |
518 | { | |
519 | struct filter *mfilter; | |
520 | struct filter_cisco *filter; | |
521 | struct filter_cisco *new; | |
522 | ||
523 | new = &mnew->u.cfilter; | |
524 | ||
525 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
526 | { | |
527 | filter = &mfilter->u.cfilter; | |
528 | ||
529 | if (filter->extended) | |
530 | { | |
531 | if (mfilter->type == mnew->type | |
532 | && filter->addr.s_addr == new->addr.s_addr | |
533 | && filter->addr_mask.s_addr == new->addr_mask.s_addr | |
534 | && filter->mask.s_addr == new->mask.s_addr | |
535 | && filter->mask_mask.s_addr == new->mask_mask.s_addr) | |
536 | return mfilter; | |
537 | } | |
538 | else | |
539 | { | |
540 | if (mfilter->type == mnew->type | |
541 | && filter->addr.s_addr == new->addr.s_addr | |
542 | && filter->addr_mask.s_addr == new->addr_mask.s_addr) | |
543 | return mfilter; | |
544 | } | |
545 | } | |
546 | ||
547 | return NULL; | |
548 | } | |
549 | ||
8cc4198f | 550 | static struct filter * |
718e3744 | 551 | filter_lookup_zebra (struct access_list *access, struct filter *mnew) |
552 | { | |
553 | struct filter *mfilter; | |
554 | struct filter_zebra *filter; | |
555 | struct filter_zebra *new; | |
556 | ||
557 | new = &mnew->u.zfilter; | |
558 | ||
559 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
560 | { | |
561 | filter = &mfilter->u.zfilter; | |
562 | ||
563 | if (filter->exact == new->exact | |
564 | && mfilter->type == mnew->type | |
565 | && prefix_same (&filter->prefix, &new->prefix)) | |
566 | return mfilter; | |
567 | } | |
568 | return NULL; | |
569 | } | |
570 | ||
8cc4198f | 571 | static int |
9035efaa | 572 | vty_access_list_remark_unset (struct vty *vty, afi_t afi, const char *name) |
718e3744 | 573 | { |
574 | struct access_list *access; | |
575 | ||
576 | access = access_list_lookup (afi, name); | |
577 | if (! access) | |
578 | { | |
579 | vty_out (vty, "%% access-list %s doesn't exist%s", name, | |
580 | VTY_NEWLINE); | |
581 | return CMD_WARNING; | |
582 | } | |
583 | ||
584 | if (access->remark) | |
585 | { | |
586 | XFREE (MTYPE_TMP, access->remark); | |
587 | access->remark = NULL; | |
588 | } | |
589 | ||
590 | if (access->head == NULL && access->tail == NULL && access->remark == NULL) | |
591 | access_list_delete (access); | |
592 | ||
593 | return CMD_SUCCESS; | |
594 | } | |
595 | ||
8cc4198f | 596 | static int |
9035efaa | 597 | filter_set_cisco (struct vty *vty, const char *name_str, const char *type_str, |
8c328f11 | 598 | const char *addr_str, const char *addr_mask_str, |
599 | const char *mask_str, const char *mask_mask_str, | |
718e3744 | 600 | int extended, int set) |
601 | { | |
602 | int ret; | |
603 | enum filter_type type; | |
604 | struct filter *mfilter; | |
605 | struct filter_cisco *filter; | |
606 | struct access_list *access; | |
607 | struct in_addr addr; | |
608 | struct in_addr addr_mask; | |
609 | struct in_addr mask; | |
610 | struct in_addr mask_mask; | |
611 | ||
612 | /* Check of filter type. */ | |
613 | if (strncmp (type_str, "p", 1) == 0) | |
614 | type = FILTER_PERMIT; | |
615 | else if (strncmp (type_str, "d", 1) == 0) | |
616 | type = FILTER_DENY; | |
617 | else | |
618 | { | |
619 | vty_out (vty, "%% filter type must be permit or deny%s", VTY_NEWLINE); | |
620 | return CMD_WARNING; | |
621 | } | |
622 | ||
623 | ret = inet_aton (addr_str, &addr); | |
624 | if (ret <= 0) | |
625 | { | |
626 | vty_out (vty, "%%Inconsistent address and mask%s", | |
627 | VTY_NEWLINE); | |
628 | return CMD_WARNING; | |
629 | } | |
630 | ||
631 | ret = inet_aton (addr_mask_str, &addr_mask); | |
632 | if (ret <= 0) | |
633 | { | |
634 | vty_out (vty, "%%Inconsistent address and mask%s", | |
635 | VTY_NEWLINE); | |
636 | return CMD_WARNING; | |
637 | } | |
638 | ||
639 | if (extended) | |
640 | { | |
641 | ret = inet_aton (mask_str, &mask); | |
642 | if (ret <= 0) | |
643 | { | |
644 | vty_out (vty, "%%Inconsistent address and mask%s", | |
645 | VTY_NEWLINE); | |
646 | return CMD_WARNING; | |
647 | } | |
648 | ||
649 | ret = inet_aton (mask_mask_str, &mask_mask); | |
650 | if (ret <= 0) | |
651 | { | |
652 | vty_out (vty, "%%Inconsistent address and mask%s", | |
653 | VTY_NEWLINE); | |
654 | return CMD_WARNING; | |
655 | } | |
656 | } | |
657 | ||
658 | mfilter = filter_new(); | |
659 | mfilter->type = type; | |
660 | mfilter->cisco = 1; | |
661 | filter = &mfilter->u.cfilter; | |
662 | filter->extended = extended; | |
663 | filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr; | |
664 | filter->addr_mask.s_addr = addr_mask.s_addr; | |
665 | ||
666 | if (extended) | |
667 | { | |
668 | filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr; | |
669 | filter->mask_mask.s_addr = mask_mask.s_addr; | |
670 | } | |
671 | ||
672 | /* Install new filter to the access_list. */ | |
673 | access = access_list_get (AFI_IP, name_str); | |
674 | ||
675 | if (set) | |
676 | { | |
677 | if (filter_lookup_cisco (access, mfilter)) | |
678 | filter_free (mfilter); | |
679 | else | |
680 | access_list_filter_add (access, mfilter); | |
681 | } | |
682 | else | |
683 | { | |
684 | struct filter *delete_filter; | |
685 | ||
686 | delete_filter = filter_lookup_cisco (access, mfilter); | |
687 | if (delete_filter) | |
688 | access_list_filter_delete (access, delete_filter); | |
689 | ||
690 | filter_free (mfilter); | |
691 | } | |
692 | ||
693 | return CMD_SUCCESS; | |
694 | } | |
695 | ||
696 | /* Standard access-list */ | |
697 | DEFUN (access_list_standard, | |
698 | access_list_standard_cmd, | |
6147e2c6 | 699 | "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D", |
718e3744 | 700 | "Add an access list entry\n" |
701 | "IP standard access list\n" | |
702 | "IP standard access list (expanded range)\n" | |
703 | "Specify packets to reject\n" | |
704 | "Specify packets to forward\n" | |
705 | "Address to match\n" | |
706 | "Wildcard bits\n") | |
707 | { | |
c349116d DW |
708 | int idx_acl = 1; |
709 | int idx_permit_deny = 2; | |
710 | int idx_ipv4 = 3; | |
711 | int idx_ipv4_2 = 4; | |
712 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg, | |
718e3744 | 713 | NULL, NULL, 0, 1); |
714 | } | |
715 | ||
716 | DEFUN (access_list_standard_nomask, | |
717 | access_list_standard_nomask_cmd, | |
6147e2c6 | 718 | "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D", |
718e3744 | 719 | "Add an access list entry\n" |
720 | "IP standard access list\n" | |
721 | "IP standard access list (expanded range)\n" | |
722 | "Specify packets to reject\n" | |
723 | "Specify packets to forward\n" | |
724 | "Address to match\n") | |
725 | { | |
c349116d DW |
726 | int idx_acl = 1; |
727 | int idx_permit_deny = 2; | |
728 | int idx_ipv4 = 3; | |
729 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0", | |
718e3744 | 730 | NULL, NULL, 0, 1); |
731 | } | |
732 | ||
733 | DEFUN (access_list_standard_host, | |
734 | access_list_standard_host_cmd, | |
6147e2c6 | 735 | "access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D", |
718e3744 | 736 | "Add an access list entry\n" |
737 | "IP standard access list\n" | |
738 | "IP standard access list (expanded range)\n" | |
739 | "Specify packets to reject\n" | |
740 | "Specify packets to forward\n" | |
741 | "A single host address\n" | |
742 | "Address to match\n") | |
743 | { | |
c349116d DW |
744 | int idx_acl = 1; |
745 | int idx_permit_deny = 2; | |
746 | int idx_ipv4 = 4; | |
747 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0", | |
718e3744 | 748 | NULL, NULL, 0, 1); |
749 | } | |
750 | ||
751 | DEFUN (access_list_standard_any, | |
752 | access_list_standard_any_cmd, | |
6147e2c6 | 753 | "access-list <(1-99)|(1300-1999)> <deny|permit> any", |
718e3744 | 754 | "Add an access list entry\n" |
755 | "IP standard access list\n" | |
756 | "IP standard access list (expanded range)\n" | |
757 | "Specify packets to reject\n" | |
758 | "Specify packets to forward\n" | |
759 | "Any source host\n") | |
760 | { | |
c349116d DW |
761 | int idx_acl = 1; |
762 | int idx_permit_deny = 2; | |
763 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
718e3744 | 764 | "255.255.255.255", NULL, NULL, 0, 1); |
765 | } | |
766 | ||
767 | DEFUN (no_access_list_standard, | |
768 | no_access_list_standard_cmd, | |
6147e2c6 | 769 | "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D", |
718e3744 | 770 | NO_STR |
771 | "Add an access list entry\n" | |
772 | "IP standard access list\n" | |
773 | "IP standard access list (expanded range)\n" | |
774 | "Specify packets to reject\n" | |
775 | "Specify packets to forward\n" | |
776 | "Address to match\n" | |
777 | "Wildcard bits\n") | |
778 | { | |
c349116d DW |
779 | int idx_acl = 2; |
780 | int idx_permit_deny = 3; | |
781 | int idx_ipv4 = 4; | |
782 | int idx_ipv4_2 = 5; | |
783 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg, | |
718e3744 | 784 | NULL, NULL, 0, 0); |
785 | } | |
786 | ||
787 | DEFUN (no_access_list_standard_nomask, | |
788 | no_access_list_standard_nomask_cmd, | |
6147e2c6 | 789 | "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D", |
718e3744 | 790 | NO_STR |
791 | "Add an access list entry\n" | |
792 | "IP standard access list\n" | |
793 | "IP standard access list (expanded range)\n" | |
794 | "Specify packets to reject\n" | |
795 | "Specify packets to forward\n" | |
796 | "Address to match\n") | |
797 | { | |
c349116d DW |
798 | int idx_acl = 2; |
799 | int idx_permit_deny = 3; | |
800 | int idx_ipv4 = 4; | |
801 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0", | |
718e3744 | 802 | NULL, NULL, 0, 0); |
803 | } | |
804 | ||
805 | DEFUN (no_access_list_standard_host, | |
806 | no_access_list_standard_host_cmd, | |
6147e2c6 | 807 | "no access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D", |
718e3744 | 808 | NO_STR |
809 | "Add an access list entry\n" | |
810 | "IP standard access list\n" | |
811 | "IP standard access list (expanded range)\n" | |
812 | "Specify packets to reject\n" | |
813 | "Specify packets to forward\n" | |
814 | "A single host address\n" | |
815 | "Address to match\n") | |
816 | { | |
c349116d DW |
817 | int idx_acl = 2; |
818 | int idx_permit_deny = 3; | |
819 | int idx_ipv4 = 5; | |
820 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0", | |
718e3744 | 821 | NULL, NULL, 0, 0); |
822 | } | |
823 | ||
824 | DEFUN (no_access_list_standard_any, | |
825 | no_access_list_standard_any_cmd, | |
6147e2c6 | 826 | "no access-list <(1-99)|(1300-1999)> <deny|permit> any", |
718e3744 | 827 | NO_STR |
828 | "Add an access list entry\n" | |
829 | "IP standard access list\n" | |
830 | "IP standard access list (expanded range)\n" | |
831 | "Specify packets to reject\n" | |
832 | "Specify packets to forward\n" | |
833 | "Any source host\n") | |
834 | { | |
c349116d DW |
835 | int idx_acl = 2; |
836 | int idx_permit_deny = 3; | |
837 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
718e3744 | 838 | "255.255.255.255", NULL, NULL, 0, 0); |
839 | } | |
840 | ||
841 | /* Extended access-list */ | |
842 | DEFUN (access_list_extended, | |
843 | access_list_extended_cmd, | |
6147e2c6 | 844 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D", |
718e3744 | 845 | "Add an access list entry\n" |
846 | "IP extended access list\n" | |
847 | "IP extended access list (expanded range)\n" | |
848 | "Specify packets to reject\n" | |
849 | "Specify packets to forward\n" | |
850 | "Any Internet Protocol\n" | |
851 | "Source address\n" | |
852 | "Source wildcard bits\n" | |
853 | "Destination address\n" | |
854 | "Destination Wildcard bits\n") | |
855 | { | |
c349116d DW |
856 | int idx_acl = 1; |
857 | int idx_permit_deny = 2; | |
858 | int idx_ipv4 = 4; | |
859 | int idx_ipv4_2 = 5; | |
860 | int idx_ipv4_3 = 6; | |
861 | int idx_ipv4_4 = 7; | |
862 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
863 | argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1 ,1); | |
718e3744 | 864 | } |
865 | ||
866 | DEFUN (access_list_extended_mask_any, | |
867 | access_list_extended_mask_any_cmd, | |
6147e2c6 | 868 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any", |
718e3744 | 869 | "Add an access list entry\n" |
870 | "IP extended access list\n" | |
871 | "IP extended access list (expanded range)\n" | |
872 | "Specify packets to reject\n" | |
873 | "Specify packets to forward\n" | |
874 | "Any Internet Protocol\n" | |
875 | "Source address\n" | |
876 | "Source wildcard bits\n" | |
877 | "Any destination host\n") | |
878 | { | |
c349116d DW |
879 | int idx_acl = 1; |
880 | int idx_permit_deny = 2; | |
881 | int idx_ipv4 = 4; | |
882 | int idx_ipv4_2 = 5; | |
883 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
884 | argv[idx_ipv4_2]->arg, "0.0.0.0", | |
718e3744 | 885 | "255.255.255.255", 1, 1); |
886 | } | |
887 | ||
888 | DEFUN (access_list_extended_any_mask, | |
889 | access_list_extended_any_mask_cmd, | |
6147e2c6 | 890 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D", |
718e3744 | 891 | "Add an access list entry\n" |
892 | "IP extended access list\n" | |
893 | "IP extended access list (expanded range)\n" | |
894 | "Specify packets to reject\n" | |
895 | "Specify packets to forward\n" | |
896 | "Any Internet Protocol\n" | |
897 | "Any source host\n" | |
898 | "Destination address\n" | |
899 | "Destination Wildcard bits\n") | |
900 | { | |
c349116d DW |
901 | int idx_acl = 1; |
902 | int idx_permit_deny = 2; | |
903 | int idx_ipv4 = 5; | |
904 | int idx_ipv4_2 = 6; | |
905 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
906 | "255.255.255.255", argv[idx_ipv4]->arg, | |
907 | argv[idx_ipv4_2]->arg, 1, 1); | |
718e3744 | 908 | } |
909 | ||
910 | DEFUN (access_list_extended_any_any, | |
911 | access_list_extended_any_any_cmd, | |
6147e2c6 | 912 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip any any", |
718e3744 | 913 | "Add an access list entry\n" |
914 | "IP extended access list\n" | |
915 | "IP extended access list (expanded range)\n" | |
916 | "Specify packets to reject\n" | |
917 | "Specify packets to forward\n" | |
918 | "Any Internet Protocol\n" | |
919 | "Any source host\n" | |
920 | "Any destination host\n") | |
921 | { | |
c349116d DW |
922 | int idx_acl = 1; |
923 | int idx_permit_deny = 2; | |
924 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
718e3744 | 925 | "255.255.255.255", "0.0.0.0", |
926 | "255.255.255.255", 1, 1); | |
927 | } | |
928 | ||
929 | DEFUN (access_list_extended_mask_host, | |
930 | access_list_extended_mask_host_cmd, | |
6147e2c6 | 931 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D", |
718e3744 | 932 | "Add an access list entry\n" |
933 | "IP extended access list\n" | |
934 | "IP extended access list (expanded range)\n" | |
935 | "Specify packets to reject\n" | |
936 | "Specify packets to forward\n" | |
937 | "Any Internet Protocol\n" | |
938 | "Source address\n" | |
939 | "Source wildcard bits\n" | |
940 | "A single destination host\n" | |
941 | "Destination address\n") | |
942 | { | |
c349116d DW |
943 | int idx_acl = 1; |
944 | int idx_permit_deny = 2; | |
945 | int idx_ipv4 = 4; | |
946 | int idx_ipv4_2 = 5; | |
947 | int idx_ipv4_3 = 7; | |
948 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
949 | argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, | |
718e3744 | 950 | "0.0.0.0", 1, 1); |
951 | } | |
952 | ||
953 | DEFUN (access_list_extended_host_mask, | |
954 | access_list_extended_host_mask_cmd, | |
6147e2c6 | 955 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D", |
718e3744 | 956 | "Add an access list entry\n" |
957 | "IP extended access list\n" | |
958 | "IP extended access list (expanded range)\n" | |
959 | "Specify packets to reject\n" | |
960 | "Specify packets to forward\n" | |
961 | "Any Internet Protocol\n" | |
962 | "A single source host\n" | |
963 | "Source address\n" | |
964 | "Destination address\n" | |
965 | "Destination Wildcard bits\n") | |
966 | { | |
c349116d DW |
967 | int idx_acl = 1; |
968 | int idx_permit_deny = 2; | |
969 | int idx_ipv4 = 5; | |
970 | int idx_ipv4_2 = 6; | |
971 | int idx_ipv4_3 = 7; | |
972 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
973 | "0.0.0.0", argv[idx_ipv4_2]->arg, | |
974 | argv[idx_ipv4_3]->arg, 1, 1); | |
718e3744 | 975 | } |
976 | ||
977 | DEFUN (access_list_extended_host_host, | |
978 | access_list_extended_host_host_cmd, | |
6147e2c6 | 979 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D", |
718e3744 | 980 | "Add an access list entry\n" |
981 | "IP extended access list\n" | |
982 | "IP extended access list (expanded range)\n" | |
983 | "Specify packets to reject\n" | |
984 | "Specify packets to forward\n" | |
985 | "Any Internet Protocol\n" | |
986 | "A single source host\n" | |
987 | "Source address\n" | |
988 | "A single destination host\n" | |
989 | "Destination address\n") | |
990 | { | |
c349116d DW |
991 | int idx_acl = 1; |
992 | int idx_permit_deny = 2; | |
993 | int idx_ipv4 = 5; | |
994 | int idx_ipv4_2 = 7; | |
995 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
996 | "0.0.0.0", argv[idx_ipv4_2]->arg, | |
718e3744 | 997 | "0.0.0.0", 1, 1); |
998 | } | |
999 | ||
1000 | DEFUN (access_list_extended_any_host, | |
1001 | access_list_extended_any_host_cmd, | |
6147e2c6 | 1002 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D", |
718e3744 | 1003 | "Add an access list entry\n" |
1004 | "IP extended access list\n" | |
1005 | "IP extended access list (expanded range)\n" | |
1006 | "Specify packets to reject\n" | |
1007 | "Specify packets to forward\n" | |
1008 | "Any Internet Protocol\n" | |
1009 | "Any source host\n" | |
1010 | "A single destination host\n" | |
1011 | "Destination address\n") | |
1012 | { | |
c349116d DW |
1013 | int idx_acl = 1; |
1014 | int idx_permit_deny = 2; | |
1015 | int idx_ipv4 = 6; | |
1016 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
1017 | "255.255.255.255", argv[idx_ipv4]->arg, | |
718e3744 | 1018 | "0.0.0.0", 1, 1); |
1019 | } | |
1020 | ||
1021 | DEFUN (access_list_extended_host_any, | |
1022 | access_list_extended_host_any_cmd, | |
6147e2c6 | 1023 | "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any", |
718e3744 | 1024 | "Add an access list entry\n" |
1025 | "IP extended access list\n" | |
1026 | "IP extended access list (expanded range)\n" | |
1027 | "Specify packets to reject\n" | |
1028 | "Specify packets to forward\n" | |
1029 | "Any Internet Protocol\n" | |
1030 | "A single source host\n" | |
1031 | "Source address\n" | |
1032 | "Any destination host\n") | |
1033 | { | |
c349116d DW |
1034 | int idx_acl = 1; |
1035 | int idx_permit_deny = 2; | |
1036 | int idx_ipv4 = 5; | |
1037 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
718e3744 | 1038 | "0.0.0.0", "0.0.0.0", |
1039 | "255.255.255.255", 1, 1); | |
1040 | } | |
1041 | ||
1042 | DEFUN (no_access_list_extended, | |
1043 | no_access_list_extended_cmd, | |
6147e2c6 | 1044 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D", |
718e3744 | 1045 | NO_STR |
1046 | "Add an access list entry\n" | |
1047 | "IP extended access list\n" | |
1048 | "IP extended access list (expanded range)\n" | |
1049 | "Specify packets to reject\n" | |
1050 | "Specify packets to forward\n" | |
1051 | "Any Internet Protocol\n" | |
1052 | "Source address\n" | |
1053 | "Source wildcard bits\n" | |
1054 | "Destination address\n" | |
1055 | "Destination Wildcard bits\n") | |
1056 | { | |
c349116d DW |
1057 | int idx_acl = 2; |
1058 | int idx_permit_deny = 3; | |
1059 | int idx_ipv4 = 5; | |
1060 | int idx_ipv4_2 = 6; | |
1061 | int idx_ipv4_3 = 7; | |
1062 | int idx_ipv4_4 = 8; | |
1063 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
1064 | argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1, 0); | |
718e3744 | 1065 | } |
1066 | ||
1067 | DEFUN (no_access_list_extended_mask_any, | |
1068 | no_access_list_extended_mask_any_cmd, | |
6147e2c6 | 1069 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any", |
718e3744 | 1070 | NO_STR |
1071 | "Add an access list entry\n" | |
1072 | "IP extended access list\n" | |
1073 | "IP extended access list (expanded range)\n" | |
1074 | "Specify packets to reject\n" | |
1075 | "Specify packets to forward\n" | |
1076 | "Any Internet Protocol\n" | |
1077 | "Source address\n" | |
1078 | "Source wildcard bits\n" | |
1079 | "Any destination host\n") | |
1080 | { | |
c349116d DW |
1081 | int idx_acl = 2; |
1082 | int idx_permit_deny = 3; | |
1083 | int idx_ipv4 = 5; | |
1084 | int idx_ipv4_2 = 6; | |
1085 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
1086 | argv[idx_ipv4_2]->arg, "0.0.0.0", | |
718e3744 | 1087 | "255.255.255.255", 1, 0); |
1088 | } | |
1089 | ||
1090 | DEFUN (no_access_list_extended_any_mask, | |
1091 | no_access_list_extended_any_mask_cmd, | |
6147e2c6 | 1092 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D", |
718e3744 | 1093 | NO_STR |
1094 | "Add an access list entry\n" | |
1095 | "IP extended access list\n" | |
1096 | "IP extended access list (expanded range)\n" | |
1097 | "Specify packets to reject\n" | |
1098 | "Specify packets to forward\n" | |
1099 | "Any Internet Protocol\n" | |
1100 | "Any source host\n" | |
1101 | "Destination address\n" | |
1102 | "Destination Wildcard bits\n") | |
1103 | { | |
c349116d DW |
1104 | int idx_acl = 2; |
1105 | int idx_permit_deny = 3; | |
1106 | int idx_ipv4 = 6; | |
1107 | int idx_ipv4_2 = 7; | |
1108 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
1109 | "255.255.255.255", argv[idx_ipv4]->arg, | |
1110 | argv[idx_ipv4_2]->arg, 1, 0); | |
718e3744 | 1111 | } |
1112 | ||
1113 | DEFUN (no_access_list_extended_any_any, | |
1114 | no_access_list_extended_any_any_cmd, | |
6147e2c6 | 1115 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any any", |
718e3744 | 1116 | NO_STR |
1117 | "Add an access list entry\n" | |
1118 | "IP extended access list\n" | |
1119 | "IP extended access list (expanded range)\n" | |
1120 | "Specify packets to reject\n" | |
1121 | "Specify packets to forward\n" | |
1122 | "Any Internet Protocol\n" | |
1123 | "Any source host\n" | |
1124 | "Any destination host\n") | |
1125 | { | |
c349116d DW |
1126 | int idx_acl = 2; |
1127 | int idx_permit_deny = 3; | |
1128 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
718e3744 | 1129 | "255.255.255.255", "0.0.0.0", |
1130 | "255.255.255.255", 1, 0); | |
1131 | } | |
1132 | ||
1133 | DEFUN (no_access_list_extended_mask_host, | |
1134 | no_access_list_extended_mask_host_cmd, | |
6147e2c6 | 1135 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D", |
718e3744 | 1136 | NO_STR |
1137 | "Add an access list entry\n" | |
1138 | "IP extended access list\n" | |
1139 | "IP extended access list (expanded range)\n" | |
1140 | "Specify packets to reject\n" | |
1141 | "Specify packets to forward\n" | |
1142 | "Any Internet Protocol\n" | |
1143 | "Source address\n" | |
1144 | "Source wildcard bits\n" | |
1145 | "A single destination host\n" | |
1146 | "Destination address\n") | |
1147 | { | |
c349116d DW |
1148 | int idx_acl = 2; |
1149 | int idx_permit_deny = 3; | |
1150 | int idx_ipv4 = 5; | |
1151 | int idx_ipv4_2 = 6; | |
1152 | int idx_ipv4_3 = 8; | |
1153 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
1154 | argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, | |
718e3744 | 1155 | "0.0.0.0", 1, 0); |
1156 | } | |
1157 | ||
1158 | DEFUN (no_access_list_extended_host_mask, | |
1159 | no_access_list_extended_host_mask_cmd, | |
6147e2c6 | 1160 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D", |
718e3744 | 1161 | NO_STR |
1162 | "Add an access list entry\n" | |
1163 | "IP extended access list\n" | |
1164 | "IP extended access list (expanded range)\n" | |
1165 | "Specify packets to reject\n" | |
1166 | "Specify packets to forward\n" | |
1167 | "Any Internet Protocol\n" | |
1168 | "A single source host\n" | |
1169 | "Source address\n" | |
1170 | "Destination address\n" | |
1171 | "Destination Wildcard bits\n") | |
1172 | { | |
c349116d DW |
1173 | int idx_acl = 2; |
1174 | int idx_permit_deny = 3; | |
1175 | int idx_ipv4 = 6; | |
1176 | int idx_ipv4_2 = 7; | |
1177 | int idx_ipv4_3 = 8; | |
1178 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
1179 | "0.0.0.0", argv[idx_ipv4_2]->arg, | |
1180 | argv[idx_ipv4_3]->arg, 1, 0); | |
718e3744 | 1181 | } |
1182 | ||
1183 | DEFUN (no_access_list_extended_host_host, | |
1184 | no_access_list_extended_host_host_cmd, | |
6147e2c6 | 1185 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D", |
718e3744 | 1186 | NO_STR |
1187 | "Add an access list entry\n" | |
1188 | "IP extended access list\n" | |
1189 | "IP extended access list (expanded range)\n" | |
1190 | "Specify packets to reject\n" | |
1191 | "Specify packets to forward\n" | |
1192 | "Any Internet Protocol\n" | |
1193 | "A single source host\n" | |
1194 | "Source address\n" | |
1195 | "A single destination host\n" | |
1196 | "Destination address\n") | |
1197 | { | |
c349116d DW |
1198 | int idx_acl = 2; |
1199 | int idx_permit_deny = 3; | |
1200 | int idx_ipv4 = 6; | |
1201 | int idx_ipv4_2 = 8; | |
1202 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
1203 | "0.0.0.0", argv[idx_ipv4_2]->arg, | |
718e3744 | 1204 | "0.0.0.0", 1, 0); |
1205 | } | |
1206 | ||
1207 | DEFUN (no_access_list_extended_any_host, | |
1208 | no_access_list_extended_any_host_cmd, | |
6147e2c6 | 1209 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D", |
718e3744 | 1210 | NO_STR |
1211 | "Add an access list entry\n" | |
1212 | "IP extended access list\n" | |
1213 | "IP extended access list (expanded range)\n" | |
1214 | "Specify packets to reject\n" | |
1215 | "Specify packets to forward\n" | |
1216 | "Any Internet Protocol\n" | |
1217 | "Any source host\n" | |
1218 | "A single destination host\n" | |
1219 | "Destination address\n") | |
1220 | { | |
c349116d DW |
1221 | int idx_acl = 2; |
1222 | int idx_permit_deny = 3; | |
1223 | int idx_ipv4 = 7; | |
1224 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0", | |
1225 | "255.255.255.255", argv[idx_ipv4]->arg, | |
718e3744 | 1226 | "0.0.0.0", 1, 0); |
1227 | } | |
1228 | ||
1229 | DEFUN (no_access_list_extended_host_any, | |
1230 | no_access_list_extended_host_any_cmd, | |
6147e2c6 | 1231 | "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any", |
718e3744 | 1232 | NO_STR |
1233 | "Add an access list entry\n" | |
1234 | "IP extended access list\n" | |
1235 | "IP extended access list (expanded range)\n" | |
1236 | "Specify packets to reject\n" | |
1237 | "Specify packets to forward\n" | |
1238 | "Any Internet Protocol\n" | |
1239 | "A single source host\n" | |
1240 | "Source address\n" | |
1241 | "Any destination host\n") | |
1242 | { | |
c349116d DW |
1243 | int idx_acl = 2; |
1244 | int idx_permit_deny = 3; | |
1245 | int idx_ipv4 = 6; | |
1246 | return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, | |
718e3744 | 1247 | "0.0.0.0", "0.0.0.0", |
1248 | "255.255.255.255", 1, 0); | |
1249 | } | |
1250 | ||
8cc4198f | 1251 | static int |
8c328f11 | 1252 | filter_set_zebra (struct vty *vty, const char *name_str, const char *type_str, |
1253 | afi_t afi, const char *prefix_str, int exact, int set) | |
718e3744 | 1254 | { |
1255 | int ret; | |
1256 | enum filter_type type; | |
1257 | struct filter *mfilter; | |
1258 | struct filter_zebra *filter; | |
1259 | struct access_list *access; | |
1260 | struct prefix p; | |
1261 | ||
1262 | /* Check of filter type. */ | |
1263 | if (strncmp (type_str, "p", 1) == 0) | |
1264 | type = FILTER_PERMIT; | |
1265 | else if (strncmp (type_str, "d", 1) == 0) | |
1266 | type = FILTER_DENY; | |
1267 | else | |
1268 | { | |
1269 | vty_out (vty, "filter type must be [permit|deny]%s", VTY_NEWLINE); | |
1270 | return CMD_WARNING; | |
1271 | } | |
1272 | ||
1273 | /* Check string format of prefix and prefixlen. */ | |
1274 | if (afi == AFI_IP) | |
1275 | { | |
1276 | ret = str2prefix_ipv4 (prefix_str, (struct prefix_ipv4 *)&p); | |
1277 | if (ret <= 0) | |
1278 | { | |
1279 | vty_out (vty, "IP address prefix/prefixlen is malformed%s", | |
1280 | VTY_NEWLINE); | |
1281 | return CMD_WARNING; | |
1282 | } | |
1283 | } | |
718e3744 | 1284 | else if (afi == AFI_IP6) |
1285 | { | |
1286 | ret = str2prefix_ipv6 (prefix_str, (struct prefix_ipv6 *) &p); | |
1287 | if (ret <= 0) | |
1288 | { | |
1289 | vty_out (vty, "IPv6 address prefix/prefixlen is malformed%s", | |
1290 | VTY_NEWLINE); | |
1291 | return CMD_WARNING; | |
1292 | } | |
1293 | } | |
718e3744 | 1294 | else |
1295 | return CMD_WARNING; | |
1296 | ||
1297 | mfilter = filter_new (); | |
1298 | mfilter->type = type; | |
1299 | filter = &mfilter->u.zfilter; | |
1300 | prefix_copy (&filter->prefix, &p); | |
1301 | ||
1302 | /* "exact-match" */ | |
1303 | if (exact) | |
1304 | filter->exact = 1; | |
1305 | ||
1306 | /* Install new filter to the access_list. */ | |
1307 | access = access_list_get (afi, name_str); | |
1308 | ||
1309 | if (set) | |
1310 | { | |
1311 | if (filter_lookup_zebra (access, mfilter)) | |
1312 | filter_free (mfilter); | |
1313 | else | |
1314 | access_list_filter_add (access, mfilter); | |
1315 | } | |
1316 | else | |
1317 | { | |
1318 | struct filter *delete_filter; | |
1319 | ||
1320 | delete_filter = filter_lookup_zebra (access, mfilter); | |
1321 | if (delete_filter) | |
1322 | access_list_filter_delete (access, delete_filter); | |
1323 | ||
1324 | filter_free (mfilter); | |
1325 | } | |
1326 | ||
1327 | return CMD_SUCCESS; | |
1328 | } | |
1329 | ||
1330 | /* Zebra access-list */ | |
1331 | DEFUN (access_list, | |
1332 | access_list_cmd, | |
6147e2c6 | 1333 | "access-list WORD <deny|permit> A.B.C.D/M", |
718e3744 | 1334 | "Add an access list entry\n" |
1335 | "IP zebra access-list name\n" | |
1336 | "Specify packets to reject\n" | |
1337 | "Specify packets to forward\n" | |
1338 | "Prefix to match. e.g. 10.0.0.0/8\n") | |
1339 | { | |
c349116d DW |
1340 | int idx_word = 1; |
1341 | int idx_permit_deny = 2; | |
1342 | int idx_ipv4_prefixlen = 3; | |
1343 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 1); | |
718e3744 | 1344 | } |
1345 | ||
1346 | DEFUN (access_list_exact, | |
1347 | access_list_exact_cmd, | |
6147e2c6 | 1348 | "access-list WORD <deny|permit> A.B.C.D/M exact-match", |
718e3744 | 1349 | "Add an access list entry\n" |
1350 | "IP zebra access-list name\n" | |
1351 | "Specify packets to reject\n" | |
1352 | "Specify packets to forward\n" | |
1353 | "Prefix to match. e.g. 10.0.0.0/8\n" | |
1354 | "Exact match of the prefixes\n") | |
1355 | { | |
c349116d DW |
1356 | int idx_word = 1; |
1357 | int idx_permit_deny = 2; | |
1358 | int idx_ipv4_prefixlen = 3; | |
1359 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 1); | |
718e3744 | 1360 | } |
1361 | ||
1362 | DEFUN (access_list_any, | |
1363 | access_list_any_cmd, | |
6147e2c6 | 1364 | "access-list WORD <deny|permit> any", |
718e3744 | 1365 | "Add an access list entry\n" |
1366 | "IP zebra access-list name\n" | |
1367 | "Specify packets to reject\n" | |
1368 | "Specify packets to forward\n" | |
1369 | "Prefix to match. e.g. 10.0.0.0/8\n") | |
1370 | { | |
c349116d DW |
1371 | int idx_word = 1; |
1372 | int idx_permit_deny = 2; | |
1373 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 1); | |
718e3744 | 1374 | } |
1375 | ||
1376 | DEFUN (no_access_list, | |
1377 | no_access_list_cmd, | |
6147e2c6 | 1378 | "no access-list WORD <deny|permit> A.B.C.D/M", |
718e3744 | 1379 | NO_STR |
1380 | "Add an access list entry\n" | |
1381 | "IP zebra access-list name\n" | |
1382 | "Specify packets to reject\n" | |
1383 | "Specify packets to forward\n" | |
1384 | "Prefix to match. e.g. 10.0.0.0/8\n") | |
1385 | { | |
c349116d DW |
1386 | int idx_word = 2; |
1387 | int idx_permit_deny = 3; | |
1388 | int idx_ipv4_prefixlen = 4; | |
1389 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 0); | |
718e3744 | 1390 | } |
1391 | ||
1392 | DEFUN (no_access_list_exact, | |
1393 | no_access_list_exact_cmd, | |
6147e2c6 | 1394 | "no access-list WORD <deny|permit> A.B.C.D/M exact-match", |
718e3744 | 1395 | NO_STR |
1396 | "Add an access list entry\n" | |
1397 | "IP zebra access-list name\n" | |
1398 | "Specify packets to reject\n" | |
1399 | "Specify packets to forward\n" | |
1400 | "Prefix to match. e.g. 10.0.0.0/8\n" | |
1401 | "Exact match of the prefixes\n") | |
1402 | { | |
c349116d DW |
1403 | int idx_word = 2; |
1404 | int idx_permit_deny = 3; | |
1405 | int idx_ipv4_prefixlen = 4; | |
1406 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 0); | |
718e3744 | 1407 | } |
1408 | ||
1409 | DEFUN (no_access_list_any, | |
1410 | no_access_list_any_cmd, | |
6147e2c6 | 1411 | "no access-list WORD <deny|permit> any", |
718e3744 | 1412 | NO_STR |
1413 | "Add an access list entry\n" | |
1414 | "IP zebra access-list name\n" | |
1415 | "Specify packets to reject\n" | |
1416 | "Specify packets to forward\n" | |
1417 | "Prefix to match. e.g. 10.0.0.0/8\n") | |
1418 | { | |
c349116d DW |
1419 | int idx_word = 2; |
1420 | int idx_permit_deny = 3; | |
1421 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 0); | |
718e3744 | 1422 | } |
1423 | ||
1424 | DEFUN (no_access_list_all, | |
1425 | no_access_list_all_cmd, | |
6147e2c6 | 1426 | "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>", |
718e3744 | 1427 | NO_STR |
1428 | "Add an access list entry\n" | |
1429 | "IP standard access list\n" | |
1430 | "IP extended access list\n" | |
1431 | "IP standard access list (expanded range)\n" | |
1432 | "IP extended access list (expanded range)\n" | |
1433 | "IP zebra access-list name\n") | |
1434 | { | |
c349116d | 1435 | int idx_acl = 2; |
718e3744 | 1436 | struct access_list *access; |
1437 | struct access_master *master; | |
1438 | ||
1439 | /* Looking up access_list. */ | |
c349116d | 1440 | access = access_list_lookup (AFI_IP, argv[idx_acl]->arg); |
718e3744 | 1441 | if (access == NULL) |
1442 | { | |
c349116d | 1443 | vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_acl]->arg, |
718e3744 | 1444 | VTY_NEWLINE); |
1445 | return CMD_WARNING; | |
1446 | } | |
1447 | ||
1448 | master = access->master; | |
1449 | ||
518f0eb1 | 1450 | route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED); |
718e3744 | 1451 | /* Run hook function. */ |
1452 | if (master->delete_hook) | |
1453 | (*master->delete_hook) (access); | |
1454 | ||
6a2e0f36 SH |
1455 | /* Delete all filter from access-list. */ |
1456 | access_list_delete (access); | |
1457 | ||
718e3744 | 1458 | return CMD_SUCCESS; |
1459 | } | |
1460 | ||
1461 | DEFUN (access_list_remark, | |
1462 | access_list_remark_cmd, | |
e961923c | 1463 | "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...", |
718e3744 | 1464 | "Add an access list entry\n" |
1465 | "IP standard access list\n" | |
1466 | "IP extended access list\n" | |
1467 | "IP standard access list (expanded range)\n" | |
1468 | "IP extended access list (expanded range)\n" | |
1469 | "IP zebra access-list\n" | |
1470 | "Access list entry comment\n" | |
1471 | "Comment up to 100 characters\n") | |
1472 | { | |
c349116d | 1473 | int idx_acl = 1; |
58749582 | 1474 | int idx_remark = 3; |
718e3744 | 1475 | struct access_list *access; |
718e3744 | 1476 | |
c349116d | 1477 | access = access_list_get (AFI_IP, argv[idx_acl]->arg); |
718e3744 | 1478 | |
1479 | if (access->remark) | |
1480 | { | |
1481 | XFREE (MTYPE_TMP, access->remark); | |
1482 | access->remark = NULL; | |
1483 | } | |
58749582 | 1484 | access->remark = argv_concat(argv, argc, idx_remark); |
718e3744 | 1485 | |
1486 | return CMD_SUCCESS; | |
1487 | } | |
1488 | ||
1489 | DEFUN (no_access_list_remark, | |
1490 | no_access_list_remark_cmd, | |
6147e2c6 | 1491 | "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark", |
718e3744 | 1492 | NO_STR |
1493 | "Add an access list entry\n" | |
1494 | "IP standard access list\n" | |
1495 | "IP extended access list\n" | |
1496 | "IP standard access list (expanded range)\n" | |
1497 | "IP extended access list (expanded range)\n" | |
1498 | "IP zebra access-list\n" | |
1499 | "Access list entry comment\n") | |
1500 | { | |
c349116d DW |
1501 | int idx_acl = 2; |
1502 | return vty_access_list_remark_unset (vty, AFI_IP, argv[idx_acl]->arg); | |
718e3744 | 1503 | } |
f667a580 QY |
1504 | |
1505 | /* ALIAS_FIXME */ | |
1506 | DEFUN (no_access_list_remark_comment, | |
1507 | no_access_list_remark_comment_cmd, | |
1508 | "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...", | |
1509 | NO_STR | |
1510 | "Add an access list entry\n" | |
1511 | "IP standard access list\n" | |
1512 | "IP extended access list\n" | |
1513 | "IP standard access list (expanded range)\n" | |
1514 | "IP extended access list (expanded range)\n" | |
1515 | "IP zebra access-list\n" | |
1516 | "Access list entry comment\n" | |
1517 | "Comment up to 100 characters\n") | |
1518 | { | |
1519 | return no_access_list_remark (self, vty, argc, argv); | |
1520 | } | |
718e3744 | 1521 | |
718e3744 | 1522 | |
718e3744 | 1523 | DEFUN (ipv6_access_list, |
1524 | ipv6_access_list_cmd, | |
6147e2c6 | 1525 | "ipv6 access-list WORD <deny|permit> X:X::X:X/M", |
718e3744 | 1526 | IPV6_STR |
1527 | "Add an access list entry\n" | |
1528 | "IPv6 zebra access-list\n" | |
1529 | "Specify packets to reject\n" | |
1530 | "Specify packets to forward\n" | |
5435e6e8 | 1531 | "IPv6 prefix\n") |
718e3744 | 1532 | { |
5435e6e8 QY |
1533 | int idx = 0; |
1534 | char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL; | |
1535 | char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL; | |
1536 | return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 0, 1); | |
718e3744 | 1537 | } |
1538 | ||
1539 | DEFUN (ipv6_access_list_exact, | |
1540 | ipv6_access_list_exact_cmd, | |
6147e2c6 | 1541 | "ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match", |
718e3744 | 1542 | IPV6_STR |
1543 | "Add an access list entry\n" | |
1544 | "IPv6 zebra access-list\n" | |
1545 | "Specify packets to reject\n" | |
1546 | "Specify packets to forward\n" | |
5435e6e8 | 1547 | "IPv6 prefix\n" |
718e3744 | 1548 | "Exact match of the prefixes\n") |
1549 | { | |
5435e6e8 QY |
1550 | int idx = 0; |
1551 | char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL; | |
1552 | char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL; | |
1553 | return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 1, 1); | |
718e3744 | 1554 | } |
1555 | ||
1556 | DEFUN (ipv6_access_list_any, | |
1557 | ipv6_access_list_any_cmd, | |
6147e2c6 | 1558 | "ipv6 access-list WORD <deny|permit> any", |
718e3744 | 1559 | IPV6_STR |
1560 | "Add an access list entry\n" | |
1561 | "IPv6 zebra access-list\n" | |
1562 | "Specify packets to reject\n" | |
1563 | "Specify packets to forward\n" | |
1564 | "Any prefixi to match\n") | |
1565 | { | |
c349116d DW |
1566 | int idx_word = 2; |
1567 | int idx_permit_deny = 3; | |
1568 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 1); | |
718e3744 | 1569 | } |
1570 | ||
1571 | DEFUN (no_ipv6_access_list, | |
1572 | no_ipv6_access_list_cmd, | |
6147e2c6 | 1573 | "no ipv6 access-list WORD <deny|permit> X:X::X:X/M", |
718e3744 | 1574 | NO_STR |
1575 | IPV6_STR | |
1576 | "Add an access list entry\n" | |
1577 | "IPv6 zebra access-list\n" | |
1578 | "Specify packets to reject\n" | |
1579 | "Specify packets to forward\n" | |
1580 | "Prefix to match. e.g. 3ffe:506::/32\n") | |
1581 | { | |
c349116d DW |
1582 | int idx_word = 3; |
1583 | int idx_permit_deny = 4; | |
1584 | int idx_ipv6_prefixlen = 5; | |
1585 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 0, 0); | |
718e3744 | 1586 | } |
1587 | ||
1588 | DEFUN (no_ipv6_access_list_exact, | |
1589 | no_ipv6_access_list_exact_cmd, | |
6147e2c6 | 1590 | "no ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match", |
718e3744 | 1591 | NO_STR |
1592 | IPV6_STR | |
1593 | "Add an access list entry\n" | |
1594 | "IPv6 zebra access-list\n" | |
1595 | "Specify packets to reject\n" | |
1596 | "Specify packets to forward\n" | |
1597 | "Prefix to match. e.g. 3ffe:506::/32\n" | |
1598 | "Exact match of the prefixes\n") | |
1599 | { | |
c349116d DW |
1600 | int idx_word = 3; |
1601 | int idx_permit_deny = 4; | |
1602 | int idx_ipv6_prefixlen = 5; | |
1603 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 1, 0); | |
718e3744 | 1604 | } |
1605 | ||
1606 | DEFUN (no_ipv6_access_list_any, | |
1607 | no_ipv6_access_list_any_cmd, | |
6147e2c6 | 1608 | "no ipv6 access-list WORD <deny|permit> any", |
718e3744 | 1609 | NO_STR |
1610 | IPV6_STR | |
1611 | "Add an access list entry\n" | |
1612 | "IPv6 zebra access-list\n" | |
1613 | "Specify packets to reject\n" | |
1614 | "Specify packets to forward\n" | |
1615 | "Any prefixi to match\n") | |
1616 | { | |
c349116d DW |
1617 | int idx_word = 3; |
1618 | int idx_permit_deny = 4; | |
1619 | return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 0); | |
718e3744 | 1620 | } |
1621 | ||
1622 | ||
1623 | DEFUN (no_ipv6_access_list_all, | |
1624 | no_ipv6_access_list_all_cmd, | |
1625 | "no ipv6 access-list WORD", | |
1626 | NO_STR | |
1627 | IPV6_STR | |
1628 | "Add an access list entry\n" | |
1629 | "IPv6 zebra access-list\n") | |
1630 | { | |
c349116d | 1631 | int idx_word = 3; |
718e3744 | 1632 | struct access_list *access; |
1633 | struct access_master *master; | |
1634 | ||
1635 | /* Looking up access_list. */ | |
c349116d | 1636 | access = access_list_lookup (AFI_IP6, argv[idx_word]->arg); |
718e3744 | 1637 | if (access == NULL) |
1638 | { | |
c349116d | 1639 | vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_word]->arg, |
718e3744 | 1640 | VTY_NEWLINE); |
1641 | return CMD_WARNING; | |
1642 | } | |
1643 | ||
1644 | master = access->master; | |
1645 | ||
518f0eb1 | 1646 | route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED); |
718e3744 | 1647 | /* Run hook function. */ |
1648 | if (master->delete_hook) | |
1649 | (*master->delete_hook) (access); | |
1650 | ||
6a2e0f36 SH |
1651 | /* Delete all filter from access-list. */ |
1652 | access_list_delete (access); | |
1653 | ||
718e3744 | 1654 | return CMD_SUCCESS; |
1655 | } | |
1656 | ||
1657 | DEFUN (ipv6_access_list_remark, | |
1658 | ipv6_access_list_remark_cmd, | |
e961923c | 1659 | "ipv6 access-list WORD remark LINE...", |
718e3744 | 1660 | IPV6_STR |
1661 | "Add an access list entry\n" | |
1662 | "IPv6 zebra access-list\n" | |
1663 | "Access list entry comment\n" | |
1664 | "Comment up to 100 characters\n") | |
1665 | { | |
c349116d | 1666 | int idx_word = 2; |
58749582 | 1667 | int idx_line = 4; |
718e3744 | 1668 | struct access_list *access; |
718e3744 | 1669 | |
c349116d | 1670 | access = access_list_get (AFI_IP6, argv[idx_word]->arg); |
718e3744 | 1671 | |
1672 | if (access->remark) | |
1673 | { | |
1674 | XFREE (MTYPE_TMP, access->remark); | |
1675 | access->remark = NULL; | |
1676 | } | |
58749582 | 1677 | access->remark = argv_concat(argv, argc, idx_line); |
718e3744 | 1678 | |
1679 | return CMD_SUCCESS; | |
1680 | } | |
1681 | ||
1682 | DEFUN (no_ipv6_access_list_remark, | |
1683 | no_ipv6_access_list_remark_cmd, | |
1684 | "no ipv6 access-list WORD remark", | |
1685 | NO_STR | |
1686 | IPV6_STR | |
1687 | "Add an access list entry\n" | |
1688 | "IPv6 zebra access-list\n" | |
1689 | "Access list entry comment\n") | |
1690 | { | |
c349116d DW |
1691 | int idx_word = 3; |
1692 | return vty_access_list_remark_unset (vty, AFI_IP6, argv[idx_word]->arg); | |
718e3744 | 1693 | } |
f667a580 QY |
1694 | |
1695 | /* ALIAS_FIXME */ | |
1696 | DEFUN (no_ipv6_access_list_remark_comment, | |
1697 | no_ipv6_access_list_remark_comment_cmd, | |
1698 | "no ipv6 access-list WORD remark LINE...", | |
1699 | NO_STR | |
1700 | IPV6_STR | |
1701 | "Add an access list entry\n" | |
1702 | "IPv6 zebra access-list\n" | |
1703 | "Access list entry comment\n" | |
1704 | "Comment up to 100 characters\n") | |
1705 | { | |
1706 | return no_ipv6_access_list_remark (self, vty, argc, argv); | |
1707 | } | |
718e3744 | 1708 | |
1709 | void config_write_access_zebra (struct vty *, struct filter *); | |
1710 | void config_write_access_cisco (struct vty *, struct filter *); | |
1711 | ||
1712 | /* show access-list command. */ | |
8cc4198f | 1713 | static int |
9035efaa | 1714 | filter_show (struct vty *vty, const char *name, afi_t afi) |
718e3744 | 1715 | { |
1716 | struct access_list *access; | |
1717 | struct access_master *master; | |
1718 | struct filter *mfilter; | |
1719 | struct filter_cisco *filter; | |
1720 | int write = 0; | |
1721 | ||
1722 | master = access_master_get (afi); | |
1723 | if (master == NULL) | |
1724 | return 0; | |
1725 | ||
fbf5d033 | 1726 | /* Print the name of the protocol */ |
1727 | if (zlog_default) | |
1728 | vty_out (vty, "%s:%s", | |
1729 | zlog_proto_names[zlog_default->protocol], VTY_NEWLINE); | |
1730 | ||
718e3744 | 1731 | for (access = master->num.head; access; access = access->next) |
1732 | { | |
1733 | if (name && strcmp (access->name, name) != 0) | |
1734 | continue; | |
1735 | ||
1736 | write = 1; | |
1737 | ||
1738 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
1739 | { | |
1740 | filter = &mfilter->u.cfilter; | |
1741 | ||
1742 | if (write) | |
1743 | { | |
1744 | vty_out (vty, "%s IP%s access list %s%s", | |
1745 | mfilter->cisco ? | |
1746 | (filter->extended ? "Extended" : "Standard") : "Zebra", | |
1747 | afi == AFI_IP6 ? "v6" : "", | |
1748 | access->name, VTY_NEWLINE); | |
1749 | write = 0; | |
1750 | } | |
1751 | ||
1752 | vty_out (vty, " %s%s", filter_type_str (mfilter), | |
1753 | mfilter->type == FILTER_DENY ? " " : ""); | |
1754 | ||
1755 | if (! mfilter->cisco) | |
1756 | config_write_access_zebra (vty, mfilter); | |
1757 | else if (filter->extended) | |
1758 | config_write_access_cisco (vty, mfilter); | |
1759 | else | |
1760 | { | |
1761 | if (filter->addr_mask.s_addr == 0xffffffff) | |
1762 | vty_out (vty, " any%s", VTY_NEWLINE); | |
1763 | else | |
1764 | { | |
1765 | vty_out (vty, " %s", inet_ntoa (filter->addr)); | |
1766 | if (filter->addr_mask.s_addr != 0) | |
1767 | vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask)); | |
1768 | vty_out (vty, "%s", VTY_NEWLINE); | |
1769 | } | |
1770 | } | |
1771 | } | |
1772 | } | |
1773 | ||
1774 | for (access = master->str.head; access; access = access->next) | |
1775 | { | |
1776 | if (name && strcmp (access->name, name) != 0) | |
1777 | continue; | |
1778 | ||
1779 | write = 1; | |
1780 | ||
1781 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
1782 | { | |
1783 | filter = &mfilter->u.cfilter; | |
1784 | ||
1785 | if (write) | |
1786 | { | |
1787 | vty_out (vty, "%s IP%s access list %s%s", | |
1788 | mfilter->cisco ? | |
1789 | (filter->extended ? "Extended" : "Standard") : "Zebra", | |
1790 | afi == AFI_IP6 ? "v6" : "", | |
1791 | access->name, VTY_NEWLINE); | |
1792 | write = 0; | |
1793 | } | |
1794 | ||
1795 | vty_out (vty, " %s%s", filter_type_str (mfilter), | |
1796 | mfilter->type == FILTER_DENY ? " " : ""); | |
1797 | ||
1798 | if (! mfilter->cisco) | |
1799 | config_write_access_zebra (vty, mfilter); | |
1800 | else if (filter->extended) | |
1801 | config_write_access_cisco (vty, mfilter); | |
1802 | else | |
1803 | { | |
1804 | if (filter->addr_mask.s_addr == 0xffffffff) | |
1805 | vty_out (vty, " any%s", VTY_NEWLINE); | |
1806 | else | |
1807 | { | |
1808 | vty_out (vty, " %s", inet_ntoa (filter->addr)); | |
1809 | if (filter->addr_mask.s_addr != 0) | |
1810 | vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask)); | |
1811 | vty_out (vty, "%s", VTY_NEWLINE); | |
1812 | } | |
1813 | } | |
1814 | } | |
1815 | } | |
1816 | return CMD_SUCCESS; | |
1817 | } | |
1818 | ||
1819 | DEFUN (show_ip_access_list, | |
1820 | show_ip_access_list_cmd, | |
1821 | "show ip access-list", | |
1822 | SHOW_STR | |
1823 | IP_STR | |
1824 | "List IP access lists\n") | |
1825 | { | |
1826 | return filter_show (vty, NULL, AFI_IP); | |
1827 | } | |
1828 | ||
1829 | DEFUN (show_ip_access_list_name, | |
1830 | show_ip_access_list_name_cmd, | |
6147e2c6 | 1831 | "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>", |
718e3744 | 1832 | SHOW_STR |
1833 | IP_STR | |
1834 | "List IP access lists\n" | |
1835 | "IP standard access list\n" | |
1836 | "IP extended access list\n" | |
1837 | "IP standard access list (expanded range)\n" | |
1838 | "IP extended access list (expanded range)\n" | |
1839 | "IP zebra access-list\n") | |
1840 | { | |
c349116d DW |
1841 | int idx_acl = 3; |
1842 | return filter_show (vty, argv[idx_acl]->arg, AFI_IP); | |
718e3744 | 1843 | } |
1844 | ||
718e3744 | 1845 | DEFUN (show_ipv6_access_list, |
1846 | show_ipv6_access_list_cmd, | |
1847 | "show ipv6 access-list", | |
1848 | SHOW_STR | |
1849 | IPV6_STR | |
1850 | "List IPv6 access lists\n") | |
1851 | { | |
1852 | return filter_show (vty, NULL, AFI_IP6); | |
1853 | } | |
1854 | ||
1855 | DEFUN (show_ipv6_access_list_name, | |
1856 | show_ipv6_access_list_name_cmd, | |
1857 | "show ipv6 access-list WORD", | |
1858 | SHOW_STR | |
1859 | IPV6_STR | |
1860 | "List IPv6 access lists\n" | |
1861 | "IPv6 zebra access-list\n") | |
1862 | { | |
c349116d DW |
1863 | int idx_word = 3; |
1864 | return filter_show (vty, argv[idx_word]->arg, AFI_IP6); | |
718e3744 | 1865 | } |
718e3744 | 1866 | |
1867 | void | |
1868 | config_write_access_cisco (struct vty *vty, struct filter *mfilter) | |
1869 | { | |
1870 | struct filter_cisco *filter; | |
1871 | ||
1872 | filter = &mfilter->u.cfilter; | |
1873 | ||
1874 | if (filter->extended) | |
1875 | { | |
1876 | vty_out (vty, " ip"); | |
1877 | if (filter->addr_mask.s_addr == 0xffffffff) | |
1878 | vty_out (vty, " any"); | |
1879 | else if (filter->addr_mask.s_addr == 0) | |
1880 | vty_out (vty, " host %s", inet_ntoa (filter->addr)); | |
1881 | else | |
1882 | { | |
1883 | vty_out (vty, " %s", inet_ntoa (filter->addr)); | |
1884 | vty_out (vty, " %s", inet_ntoa (filter->addr_mask)); | |
1885 | } | |
1886 | ||
1887 | if (filter->mask_mask.s_addr == 0xffffffff) | |
1888 | vty_out (vty, " any"); | |
1889 | else if (filter->mask_mask.s_addr == 0) | |
1890 | vty_out (vty, " host %s", inet_ntoa (filter->mask)); | |
1891 | else | |
1892 | { | |
1893 | vty_out (vty, " %s", inet_ntoa (filter->mask)); | |
1894 | vty_out (vty, " %s", inet_ntoa (filter->mask_mask)); | |
1895 | } | |
1896 | vty_out (vty, "%s", VTY_NEWLINE); | |
1897 | } | |
1898 | else | |
1899 | { | |
1900 | if (filter->addr_mask.s_addr == 0xffffffff) | |
1901 | vty_out (vty, " any%s", VTY_NEWLINE); | |
1902 | else | |
1903 | { | |
1904 | vty_out (vty, " %s", inet_ntoa (filter->addr)); | |
1905 | if (filter->addr_mask.s_addr != 0) | |
1906 | vty_out (vty, " %s", inet_ntoa (filter->addr_mask)); | |
1907 | vty_out (vty, "%s", VTY_NEWLINE); | |
1908 | } | |
1909 | } | |
1910 | } | |
1911 | ||
1912 | void | |
1913 | config_write_access_zebra (struct vty *vty, struct filter *mfilter) | |
1914 | { | |
1915 | struct filter_zebra *filter; | |
1916 | struct prefix *p; | |
1917 | char buf[BUFSIZ]; | |
1918 | ||
1919 | filter = &mfilter->u.zfilter; | |
1920 | p = &filter->prefix; | |
1921 | ||
1922 | if (p->prefixlen == 0 && ! filter->exact) | |
1923 | vty_out (vty, " any"); | |
1924 | else | |
1925 | vty_out (vty, " %s/%d%s", | |
1926 | inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ), | |
1927 | p->prefixlen, | |
1928 | filter->exact ? " exact-match" : ""); | |
1929 | ||
1930 | vty_out (vty, "%s", VTY_NEWLINE); | |
1931 | } | |
1932 | ||
8cc4198f | 1933 | static int |
718e3744 | 1934 | config_write_access (struct vty *vty, afi_t afi) |
1935 | { | |
1936 | struct access_list *access; | |
1937 | struct access_master *master; | |
1938 | struct filter *mfilter; | |
1939 | int write = 0; | |
1940 | ||
1941 | master = access_master_get (afi); | |
1942 | if (master == NULL) | |
1943 | return 0; | |
1944 | ||
1945 | for (access = master->num.head; access; access = access->next) | |
1946 | { | |
1947 | if (access->remark) | |
1948 | { | |
1949 | vty_out (vty, "%saccess-list %s remark %s%s", | |
1950 | afi == AFI_IP ? "" : "ipv6 ", | |
1951 | access->name, access->remark, | |
1952 | VTY_NEWLINE); | |
1953 | write++; | |
1954 | } | |
1955 | ||
1956 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
1957 | { | |
1958 | vty_out (vty, "%saccess-list %s %s", | |
1959 | afi == AFI_IP ? "" : "ipv6 ", | |
1960 | access->name, | |
1961 | filter_type_str (mfilter)); | |
1962 | ||
1963 | if (mfilter->cisco) | |
1964 | config_write_access_cisco (vty, mfilter); | |
1965 | else | |
1966 | config_write_access_zebra (vty, mfilter); | |
1967 | ||
1968 | write++; | |
1969 | } | |
1970 | } | |
1971 | ||
1972 | for (access = master->str.head; access; access = access->next) | |
1973 | { | |
1974 | if (access->remark) | |
1975 | { | |
1976 | vty_out (vty, "%saccess-list %s remark %s%s", | |
1977 | afi == AFI_IP ? "" : "ipv6 ", | |
1978 | access->name, access->remark, | |
1979 | VTY_NEWLINE); | |
1980 | write++; | |
1981 | } | |
1982 | ||
1983 | for (mfilter = access->head; mfilter; mfilter = mfilter->next) | |
1984 | { | |
1985 | vty_out (vty, "%saccess-list %s %s", | |
1986 | afi == AFI_IP ? "" : "ipv6 ", | |
1987 | access->name, | |
1988 | filter_type_str (mfilter)); | |
1989 | ||
1990 | if (mfilter->cisco) | |
1991 | config_write_access_cisco (vty, mfilter); | |
1992 | else | |
1993 | config_write_access_zebra (vty, mfilter); | |
1994 | ||
1995 | write++; | |
1996 | } | |
1997 | } | |
1998 | return write; | |
1999 | } | |
2000 | ||
2001 | /* Access-list node. */ | |
7fc626de | 2002 | static struct cmd_node access_node = |
718e3744 | 2003 | { |
2004 | ACCESS_NODE, | |
2005 | "", /* Access list has no interface. */ | |
2006 | 1 | |
2007 | }; | |
2008 | ||
8cc4198f | 2009 | static int |
718e3744 | 2010 | config_write_access_ipv4 (struct vty *vty) |
2011 | { | |
2012 | return config_write_access (vty, AFI_IP); | |
2013 | } | |
2014 | ||
8cc4198f | 2015 | static void |
2016 | access_list_reset_ipv4 (void) | |
718e3744 | 2017 | { |
2018 | struct access_list *access; | |
2019 | struct access_list *next; | |
2020 | struct access_master *master; | |
2021 | ||
2022 | master = access_master_get (AFI_IP); | |
2023 | if (master == NULL) | |
2024 | return; | |
2025 | ||
2026 | for (access = master->num.head; access; access = next) | |
2027 | { | |
2028 | next = access->next; | |
2029 | access_list_delete (access); | |
2030 | } | |
2031 | for (access = master->str.head; access; access = next) | |
2032 | { | |
2033 | next = access->next; | |
2034 | access_list_delete (access); | |
2035 | } | |
2036 | ||
2037 | assert (master->num.head == NULL); | |
2038 | assert (master->num.tail == NULL); | |
2039 | ||
2040 | assert (master->str.head == NULL); | |
2041 | assert (master->str.tail == NULL); | |
2042 | } | |
2043 | ||
2044 | /* Install vty related command. */ | |
8cc4198f | 2045 | static void |
2046 | access_list_init_ipv4 (void) | |
718e3744 | 2047 | { |
2048 | install_node (&access_node, config_write_access_ipv4); | |
2049 | ||
2050 | install_element (ENABLE_NODE, &show_ip_access_list_cmd); | |
2051 | install_element (ENABLE_NODE, &show_ip_access_list_name_cmd); | |
2052 | ||
2053 | /* Zebra access-list */ | |
2054 | install_element (CONFIG_NODE, &access_list_cmd); | |
2055 | install_element (CONFIG_NODE, &access_list_exact_cmd); | |
2056 | install_element (CONFIG_NODE, &access_list_any_cmd); | |
2057 | install_element (CONFIG_NODE, &no_access_list_cmd); | |
2058 | install_element (CONFIG_NODE, &no_access_list_exact_cmd); | |
2059 | install_element (CONFIG_NODE, &no_access_list_any_cmd); | |
2060 | ||
2061 | /* Standard access-list */ | |
2062 | install_element (CONFIG_NODE, &access_list_standard_cmd); | |
2063 | install_element (CONFIG_NODE, &access_list_standard_nomask_cmd); | |
2064 | install_element (CONFIG_NODE, &access_list_standard_host_cmd); | |
2065 | install_element (CONFIG_NODE, &access_list_standard_any_cmd); | |
2066 | install_element (CONFIG_NODE, &no_access_list_standard_cmd); | |
2067 | install_element (CONFIG_NODE, &no_access_list_standard_nomask_cmd); | |
2068 | install_element (CONFIG_NODE, &no_access_list_standard_host_cmd); | |
2069 | install_element (CONFIG_NODE, &no_access_list_standard_any_cmd); | |
2070 | ||
2071 | /* Extended access-list */ | |
2072 | install_element (CONFIG_NODE, &access_list_extended_cmd); | |
2073 | install_element (CONFIG_NODE, &access_list_extended_any_mask_cmd); | |
2074 | install_element (CONFIG_NODE, &access_list_extended_mask_any_cmd); | |
2075 | install_element (CONFIG_NODE, &access_list_extended_any_any_cmd); | |
2076 | install_element (CONFIG_NODE, &access_list_extended_host_mask_cmd); | |
2077 | install_element (CONFIG_NODE, &access_list_extended_mask_host_cmd); | |
2078 | install_element (CONFIG_NODE, &access_list_extended_host_host_cmd); | |
2079 | install_element (CONFIG_NODE, &access_list_extended_any_host_cmd); | |
2080 | install_element (CONFIG_NODE, &access_list_extended_host_any_cmd); | |
2081 | install_element (CONFIG_NODE, &no_access_list_extended_cmd); | |
2082 | install_element (CONFIG_NODE, &no_access_list_extended_any_mask_cmd); | |
2083 | install_element (CONFIG_NODE, &no_access_list_extended_mask_any_cmd); | |
2084 | install_element (CONFIG_NODE, &no_access_list_extended_any_any_cmd); | |
2085 | install_element (CONFIG_NODE, &no_access_list_extended_host_mask_cmd); | |
2086 | install_element (CONFIG_NODE, &no_access_list_extended_mask_host_cmd); | |
2087 | install_element (CONFIG_NODE, &no_access_list_extended_host_host_cmd); | |
2088 | install_element (CONFIG_NODE, &no_access_list_extended_any_host_cmd); | |
2089 | install_element (CONFIG_NODE, &no_access_list_extended_host_any_cmd); | |
2090 | ||
2091 | install_element (CONFIG_NODE, &access_list_remark_cmd); | |
2092 | install_element (CONFIG_NODE, &no_access_list_all_cmd); | |
2093 | install_element (CONFIG_NODE, &no_access_list_remark_cmd); | |
f667a580 | 2094 | install_element (CONFIG_NODE, &no_access_list_remark_comment_cmd); |
718e3744 | 2095 | } |
2096 | ||
7fc626de | 2097 | static struct cmd_node access_ipv6_node = |
718e3744 | 2098 | { |
2099 | ACCESS_IPV6_NODE, | |
2100 | "", | |
2101 | 1 | |
2102 | }; | |
2103 | ||
8cc4198f | 2104 | static int |
718e3744 | 2105 | config_write_access_ipv6 (struct vty *vty) |
2106 | { | |
2107 | return config_write_access (vty, AFI_IP6); | |
2108 | } | |
2109 | ||
8cc4198f | 2110 | static void |
2111 | access_list_reset_ipv6 (void) | |
718e3744 | 2112 | { |
2113 | struct access_list *access; | |
2114 | struct access_list *next; | |
2115 | struct access_master *master; | |
2116 | ||
2117 | master = access_master_get (AFI_IP6); | |
2118 | if (master == NULL) | |
2119 | return; | |
2120 | ||
2121 | for (access = master->num.head; access; access = next) | |
2122 | { | |
2123 | next = access->next; | |
2124 | access_list_delete (access); | |
2125 | } | |
2126 | for (access = master->str.head; access; access = next) | |
2127 | { | |
2128 | next = access->next; | |
2129 | access_list_delete (access); | |
2130 | } | |
2131 | ||
2132 | assert (master->num.head == NULL); | |
2133 | assert (master->num.tail == NULL); | |
2134 | ||
2135 | assert (master->str.head == NULL); | |
2136 | assert (master->str.tail == NULL); | |
2137 | } | |
2138 | ||
8cc4198f | 2139 | static void |
2140 | access_list_init_ipv6 (void) | |
718e3744 | 2141 | { |
2142 | install_node (&access_ipv6_node, config_write_access_ipv6); | |
2143 | ||
2144 | install_element (ENABLE_NODE, &show_ipv6_access_list_cmd); | |
2145 | install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd); | |
2146 | ||
2147 | install_element (CONFIG_NODE, &ipv6_access_list_cmd); | |
2148 | install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd); | |
2149 | install_element (CONFIG_NODE, &ipv6_access_list_any_cmd); | |
2150 | install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd); | |
2151 | install_element (CONFIG_NODE, &no_ipv6_access_list_cmd); | |
2152 | install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd); | |
2153 | ||
2154 | install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd); | |
2155 | install_element (CONFIG_NODE, &ipv6_access_list_remark_cmd); | |
2156 | install_element (CONFIG_NODE, &no_ipv6_access_list_remark_cmd); | |
f667a580 | 2157 | install_element (CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd); |
718e3744 | 2158 | } |
718e3744 | 2159 | |
2160 | void | |
2161 | access_list_init () | |
2162 | { | |
2163 | access_list_init_ipv4 (); | |
718e3744 | 2164 | access_list_init_ipv6(); |
718e3744 | 2165 | } |
2166 | ||
2167 | void | |
2168 | access_list_reset () | |
2169 | { | |
2170 | access_list_reset_ipv4 (); | |
718e3744 | 2171 | access_list_reset_ipv6(); |
718e3744 | 2172 | } |