]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* |
2 | * Route filtering function. | |
3 | * Copyright (C) 1998 Kunihiro Ishiguro | |
4 | * | |
5 | * This file is part of GNU Zebra. | |
6 | * | |
7 | * GNU Zebra is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published | |
9 | * by the Free Software Foundation; either version 2, or (at your | |
10 | * option) any later version. | |
11 | * | |
12 | * GNU Zebra is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * General Public License for more details. | |
16 | * | |
896014f4 DL |
17 | * You should have received a copy of the GNU General Public License along |
18 | * with this program; see the file COPYING; if not, write to the Free Software | |
19 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
718e3744 | 20 | */ |
21 | ||
22 | #ifndef _ZEBRA_FILTER_H | |
23 | #define _ZEBRA_FILTER_H | |
24 | ||
25 | #include "if.h" | |
4cf24501 | 26 | #include "prefix.h" |
718e3744 | 27 | |
5e244469 RW |
28 | #ifdef __cplusplus |
29 | extern "C" { | |
30 | #endif | |
31 | ||
45a8eba9 RW |
32 | /* Maximum ACL name length */ |
33 | #define ACL_NAMSIZ 128 | |
34 | ||
0ed507dd RZ |
35 | /** Cisco host wildcard mask. */ |
36 | #define CISCO_HOST_WILDCARD_MASK "0.0.0.0" | |
37 | /** Cisco host wildcard binary mask. */ | |
38 | #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY | |
39 | ||
40 | /** Cisco any wildcard mask. */ | |
41 | #define CISCO_ANY_WILDCARD_MASK "255.255.255.255" | |
42 | /** Cisco binary any wildcard mask. */ | |
43 | #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE | |
44 | ||
039f3a34 DS |
45 | /* Filter direction. */ |
46 | #define FILTER_IN 0 | |
47 | #define FILTER_OUT 1 | |
48 | #define FILTER_MAX 2 | |
49 | ||
718e3744 | 50 | /* Filter type is made by `permit', `deny' and `dynamic'. */ |
d62a17ae | 51 | enum filter_type { FILTER_DENY, FILTER_PERMIT, FILTER_DYNAMIC }; |
718e3744 | 52 | |
d62a17ae | 53 | enum access_type { ACCESS_TYPE_STRING, ACCESS_TYPE_NUMBER }; |
718e3744 | 54 | |
4cf24501 RZ |
55 | struct filter_cisco { |
56 | /* Cisco access-list */ | |
57 | int extended; | |
58 | struct in_addr addr; | |
59 | struct in_addr addr_mask; | |
60 | struct in_addr mask; | |
61 | struct in_addr mask_mask; | |
62 | }; | |
63 | ||
64 | struct filter_zebra { | |
65 | /* If this filter is "exact" match then this flag is set. */ | |
66 | int exact; | |
67 | ||
68 | /* Prefix information. */ | |
69 | struct prefix prefix; | |
70 | }; | |
71 | ||
72 | /* Forward declaration of access-list struct. */ | |
73 | struct access_list; | |
74 | ||
75 | /* Filter element of access list */ | |
76 | struct filter { | |
77 | /* For doubly linked list. */ | |
78 | struct filter *next; | |
79 | struct filter *prev; | |
80 | ||
81 | /* Parent access-list pointer. */ | |
82 | struct access_list *acl; | |
83 | ||
84 | /* Filter type information. */ | |
85 | enum filter_type type; | |
86 | ||
87 | /* Sequence number */ | |
88 | int64_t seq; | |
89 | ||
90 | /* Cisco access-list */ | |
91 | int cisco; | |
92 | ||
93 | union { | |
94 | struct filter_cisco cfilter; | |
95 | struct filter_zebra zfilter; | |
96 | } u; | |
97 | }; | |
98 | ||
718e3744 | 99 | /* Access list */ |
d62a17ae | 100 | struct access_list { |
101 | char *name; | |
102 | char *remark; | |
718e3744 | 103 | |
d62a17ae | 104 | struct access_master *master; |
718e3744 | 105 | |
d62a17ae | 106 | enum access_type type; |
718e3744 | 107 | |
d62a17ae | 108 | struct access_list *next; |
109 | struct access_list *prev; | |
718e3744 | 110 | |
d62a17ae | 111 | struct filter *head; |
112 | struct filter *tail; | |
718e3744 | 113 | }; |
114 | ||
4cf24501 RZ |
115 | /* List of access_list. */ |
116 | struct access_list_list { | |
117 | struct access_list *head; | |
118 | struct access_list *tail; | |
119 | }; | |
120 | ||
121 | /* Master structure of access_list. */ | |
122 | struct access_master { | |
123 | /* List of access_list which name is number. */ | |
124 | struct access_list_list num; | |
125 | ||
126 | /* List of access_list which name is string. */ | |
127 | struct access_list_list str; | |
128 | ||
129 | /* Hook function which is executed when new access_list is added. */ | |
130 | void (*add_hook)(struct access_list *); | |
131 | ||
132 | /* Hook function which is executed when access_list is deleted. */ | |
133 | void (*delete_hook)(struct access_list *); | |
134 | }; | |
135 | ||
136 | ||
718e3744 | 137 | /* Prototypes for access-list. */ |
d62a17ae | 138 | extern void access_list_init(void); |
139 | extern void access_list_reset(void); | |
140 | extern void access_list_add_hook(void (*func)(struct access_list *)); | |
141 | extern void access_list_delete_hook(void (*func)(struct access_list *)); | |
142 | extern struct access_list *access_list_lookup(afi_t, const char *); | |
123214ef MS |
143 | extern enum filter_type access_list_apply(struct access_list *access, |
144 | const void *object); | |
718e3744 | 145 | |
4cf24501 RZ |
146 | struct access_list *access_list_get(afi_t afi, const char *name); |
147 | void access_list_delete(struct access_list *access); | |
148 | struct filter *filter_new(void); | |
149 | void access_list_filter_add(struct access_list *access, | |
150 | struct filter *filter); | |
151 | void access_list_filter_delete(struct access_list *access, | |
152 | struct filter *filter); | |
153 | int64_t filter_new_seq_get(struct access_list *access); | |
154 | struct filter *filter_lookup_cisco(struct access_list *access, | |
155 | struct filter *mnew); | |
156 | struct filter *filter_lookup_zebra(struct access_list *access, | |
157 | struct filter *mnew); | |
158 | ||
c2aab693 RZ |
159 | extern const struct frr_yang_module_info frr_filter_info; |
160 | ||
be96651c RZ |
161 | |
162 | /* filter_nb.c */ | |
163 | enum yang_access_list_type { | |
164 | YALT_IPV4 = 0, | |
165 | YALT_IPV6 = 1, | |
166 | YALT_MAC = 2, | |
167 | }; | |
168 | ||
169 | enum yang_prefix_list_type { | |
170 | YPLT_IPV4 = 0, | |
171 | YPLT_IPV6 = 1, | |
172 | }; | |
173 | ||
174 | enum yang_prefix_list_action { | |
175 | YPLA_DENY = 0, | |
176 | YPLA_PERMIT = 1, | |
177 | }; | |
178 | ||
f414129b RZ |
179 | struct acl_dup_args { |
180 | /** Access list type ("ipv4", "ipv6" or "mac"). */ | |
181 | const char *ada_type; | |
182 | /** Access list name. */ | |
183 | const char *ada_name; | |
184 | ||
18abe2b9 IR |
185 | /** Entry action. */ |
186 | const char *ada_action; | |
187 | ||
f414129b RZ |
188 | #define ADA_MAX_VALUES 4 |
189 | /** Entry XPath for value. */ | |
190 | const char *ada_xpath[ADA_MAX_VALUES]; | |
191 | /** Entry value to match. */ | |
192 | const char *ada_value[ADA_MAX_VALUES]; | |
193 | ||
194 | /** Duplicated entry found in list? */ | |
195 | bool ada_found; | |
196 | ||
197 | /** (Optional) Already existing `dnode`. */ | |
198 | const struct lyd_node *ada_entry_dnode; | |
199 | }; | |
200 | ||
201 | /** | |
202 | * Check for duplicated entries using the candidate configuration. | |
203 | * | |
204 | * \param vty so we can get the candidate config. | |
205 | * \param ada the arguments to check. | |
206 | */ | |
207 | bool acl_is_dup(const struct lyd_node *dnode, struct acl_dup_args *ada); | |
208 | ||
54d153f7 RZ |
209 | struct plist_dup_args { |
210 | /** Access list type ("ipv4" or "ipv6"). */ | |
211 | const char *pda_type; | |
212 | /** Access list name. */ | |
213 | const char *pda_name; | |
214 | ||
215 | #define PDA_MAX_VALUES 4 | |
216 | /** Entry XPath for value. */ | |
217 | const char *pda_xpath[PDA_MAX_VALUES]; | |
218 | /** Entry value to match. */ | |
219 | const char *pda_value[PDA_MAX_VALUES]; | |
220 | ||
221 | /** Duplicated entry found in list? */ | |
222 | bool pda_found; | |
223 | ||
224 | /** (Optional) Already existing `dnode`. */ | |
225 | const struct lyd_node *pda_entry_dnode; | |
226 | }; | |
227 | ||
228 | /** | |
229 | * Check for duplicated entries using the candidate configuration. | |
230 | * | |
231 | * \param vty so we can get the candidate config. | |
232 | * \param pda the arguments to check. | |
233 | */ | |
234 | bool plist_is_dup(const struct lyd_node *dnode, struct plist_dup_args *pda); | |
235 | ||
1d3c4b66 RZ |
236 | /* filter_cli.c */ |
237 | struct lyd_node; | |
238 | struct vty; | |
239 | ||
1d3c4b66 RZ |
240 | extern void access_list_show(struct vty *vty, struct lyd_node *dnode, |
241 | bool show_defaults); | |
242 | extern void access_list_remark_show(struct vty *vty, struct lyd_node *dnode, | |
243 | bool show_defaults); | |
244 | extern void prefix_list_show(struct vty *vty, struct lyd_node *dnode, | |
245 | bool show_defaults); | |
246 | extern void prefix_list_remark_show(struct vty *vty, struct lyd_node *dnode, | |
247 | bool show_defaults); | |
248 | ||
b62578bd RZ |
249 | void filter_cli_init(void); |
250 | ||
5e244469 RW |
251 | #ifdef __cplusplus |
252 | } | |
253 | #endif | |
254 | ||
718e3744 | 255 | #endif /* _ZEBRA_FILTER_H */ |