]> git.proxmox.com Git - mirror_frr.git/blob - lib/filter.c
projects / mirror_frr.git / blob
? search:


072d3ddc2ede0d391000d381961596e6dce3c832
[mirror_frr.git] / lib / filter.c
1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
20 */
21
22 #include <zebra.h>
23
24 #include "prefix.h"
25 #include "filter.h"
26 #include "memory.h"
27 #include "command.h"
28 #include "sockunion.h"
29 #include "buffer.h"
30 #include "log.h"
31 #include "routemap.h"
32
33 DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
34 DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
37 struct filter_cisco
38 {
39 /* Cisco access-list */
40 int extended;
41 struct in_addr addr;
42 struct in_addr addr_mask;
43 struct in_addr mask;
44 struct in_addr mask_mask;
45 };
46
47 struct filter_zebra
48 {
49 /* If this filter is "exact" match then this flag is set. */
50 int exact;
51
52 /* Prefix information. */
53 struct prefix prefix;
54 };
55
56 /* Filter element of access list */
57 struct filter
58 {
59 /* For doubly linked list. */
60 struct filter *next;
61 struct filter *prev;
62
63 /* Filter type information. */
64 enum filter_type type;
65
66 /* Cisco access-list */
67 int cisco;
68
69 union
70 {
71 struct filter_cisco cfilter;
72 struct filter_zebra zfilter;
73 } u;
74 };
75
76 /* List of access_list. */
77 struct access_list_list
78 {
79 struct access_list *head;
80 struct access_list *tail;
81 };
82
83 /* Master structure of access_list. */
84 struct access_master
85 {
86 /* List of access_list which name is number. */
87 struct access_list_list num;
88
89 /* List of access_list which name is string. */
90 struct access_list_list str;
91
92 /* Hook function which is executed when new access_list is added. */
93 void (*add_hook) (struct access_list *);
94
95 /* Hook function which is executed when access_list is deleted. */
96 void (*delete_hook) (struct access_list *);
97 };
98
99 /* Static structure for IPv4 access_list's master. */
100 static struct access_master access_master_ipv4 =
101 {
102 {NULL, NULL},
103 {NULL, NULL},
104 NULL,
105 NULL,
106 };
107
108 #ifdef HAVE_IPV6
109 /* Static structure for IPv6 access_list's master. */
110 static struct access_master access_master_ipv6 =
111 {
112 {NULL, NULL},
113 {NULL, NULL},
114 NULL,
115 NULL,
116 };
117 #endif /* HAVE_IPV6 */
118
119 static struct access_master *
120 access_master_get (afi_t afi)
121 {
122 if (afi == AFI_IP)
123 return &access_master_ipv4;
124 #ifdef HAVE_IPV6
125 else if (afi == AFI_IP6)
126 return &access_master_ipv6;
127 #endif /* HAVE_IPV6 */
128 return NULL;
129 }
130
131 /* Allocate new filter structure. */
132 static struct filter *
133 filter_new (void)
134 {
135 return (struct filter *) XCALLOC (MTYPE_ACCESS_FILTER,
136 sizeof (struct filter));
137 }
138
139 static void
140 filter_free (struct filter *filter)
141 {
142 XFREE (MTYPE_ACCESS_FILTER, filter);
143 }
144
145 /* Return string of filter_type. */
146 static const char *
147 filter_type_str (struct filter *filter)
148 {
149 switch (filter->type)
150 {
151 case FILTER_PERMIT:
152 return "permit";
153 break;
154 case FILTER_DENY:
155 return "deny";
156 break;
157 case FILTER_DYNAMIC:
158 return "dynamic";
159 break;
160 default:
161 return "";
162 break;
163 }
164 }
165
166 /* If filter match to the prefix then return 1. */
167 static int
168 filter_match_cisco (struct filter *mfilter, struct prefix *p)
169 {
170 struct filter_cisco *filter;
171 struct in_addr mask;
172 u_int32_t check_addr;
173 u_int32_t check_mask;
174
175 filter = &mfilter->u.cfilter;
176 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
177
178 if (filter->extended)
179 {
180 masklen2ip (p->prefixlen, &mask);
181 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
182
183 if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0
184 && memcmp (&check_mask, &filter->mask.s_addr, 4) == 0)
185 return 1;
186 }
187 else if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0)
188 return 1;
189
190 return 0;
191 }
192
193 /* If filter match to the prefix then return 1. */
194 static int
195 filter_match_zebra (struct filter *mfilter, struct prefix *p)
196 {
197 struct filter_zebra *filter;
198
199 filter = &mfilter->u.zfilter;
200
201 if (filter->prefix.family == p->family)
202 {
203 if (filter->exact)
204 {
205 if (filter->prefix.prefixlen == p->prefixlen)
206 return prefix_match (&filter->prefix, p);
207 else
208 return 0;
209 }
210 else
211 return prefix_match (&filter->prefix, p);
212 }
213 else
214 return 0;
215 }
216
217 /* Allocate new access list structure. */
218 static struct access_list *
219 access_list_new (void)
220 {
221 return (struct access_list *) XCALLOC (MTYPE_ACCESS_LIST,
222 sizeof (struct access_list));
223 }
224
225 /* Free allocated access_list. */
226 static void
227 access_list_free (struct access_list *access)
228 {
229 XFREE (MTYPE_ACCESS_LIST, access);
230 }
231
232 /* Delete access_list from access_master and free it. */
233 static void
234 access_list_delete (struct access_list *access)
235 {
236 struct filter *filter;
237 struct filter *next;
238 struct access_list_list *list;
239 struct access_master *master;
240
241 for (filter = access->head; filter; filter = next)
242 {
243 next = filter->next;
244 filter_free (filter);
245 }
246
247 master = access->master;
248
249 if (access->type == ACCESS_TYPE_NUMBER)
250 list = &master->num;
251 else
252 list = &master->str;
253
254 if (access->next)
255 access->next->prev = access->prev;
256 else
257 list->tail = access->prev;
258
259 if (access->prev)
260 access->prev->next = access->next;
261 else
262 list->head = access->next;
263
264 if (access->name)
265 XFREE (MTYPE_ACCESS_LIST_STR, access->name);
266
267 if (access->remark)
268 XFREE (MTYPE_TMP, access->remark);
269
270 access_list_free (access);
271 }
272
273 /* Insert new access list to list of access_list. Each acceess_list
274 is sorted by the name. */
275 static struct access_list *
276 access_list_insert (afi_t afi, const char *name)
277 {
278 unsigned int i;
279 long number;
280 struct access_list *access;
281 struct access_list *point;
282 struct access_list_list *alist;
283 struct access_master *master;
284
285 master = access_master_get (afi);
286 if (master == NULL)
287 return NULL;
288
289 /* Allocate new access_list and copy given name. */
290 access = access_list_new ();
291 access->name = XSTRDUP (MTYPE_ACCESS_LIST_STR, name);
292 access->master = master;
293
294 /* If name is made by all digit character. We treat it as
295 number. */
296 for (number = 0, i = 0; i < strlen (name); i++)
297 {
298 if (isdigit ((int) name[i]))
299 number = (number * 10) + (name[i] - '0');
300 else
301 break;
302 }
303
304 /* In case of name is all digit character */
305 if (i == strlen (name))
306 {
307 access->type = ACCESS_TYPE_NUMBER;
308
309 /* Set access_list to number list. */
310 alist = &master->num;
311
312 for (point = alist->head; point; point = point->next)
313 if (atol (point->name) >= number)
314 break;
315 }
316 else
317 {
318 access->type = ACCESS_TYPE_STRING;
319
320 /* Set access_list to string list. */
321 alist = &master->str;
322
323 /* Set point to insertion point. */
324 for (point = alist->head; point; point = point->next)
325 if (strcmp (point->name, name) >= 0)
326 break;
327 }
328
329 /* In case of this is the first element of master. */
330 if (alist->head == NULL)
331 {
332 alist->head = alist->tail = access;
333 return access;
334 }
335
336 /* In case of insertion is made at the tail of access_list. */
337 if (point == NULL)
338 {
339 access->prev = alist->tail;
340 alist->tail->next = access;
341 alist->tail = access;
342 return access;
343 }
344
345 /* In case of insertion is made at the head of access_list. */
346 if (point == alist->head)
347 {
348 access->next = alist->head;
349 alist->head->prev = access;
350 alist->head = access;
351 return access;
352 }
353
354 /* Insertion is made at middle of the access_list. */
355 access->next = point;
356 access->prev = point->prev;
357
358 if (point->prev)
359 point->prev->next = access;
360 point->prev = access;
361
362 return access;
363 }
364
365 /* Lookup access_list from list of access_list by name. */
366 struct access_list *
367 access_list_lookup (afi_t afi, const char *name)
368 {
369 struct access_list *access;
370 struct access_master *master;
371
372 if (name == NULL)
373 return NULL;
374
375 master = access_master_get (afi);
376 if (master == NULL)
377 return NULL;
378
379 for (access = master->num.head; access; access = access->next)
380 if (strcmp (access->name, name) == 0)
381 return access;
382
383 for (access = master->str.head; access; access = access->next)
384 if (strcmp (access->name, name) == 0)
385 return access;
386
387 return NULL;
388 }
389
390 /* Get access list from list of access_list. If there isn't matched
391 access_list create new one and return it. */
392 static struct access_list *
393 access_list_get (afi_t afi, const char *name)
394 {
395 struct access_list *access;
396
397 access = access_list_lookup (afi, name);
398 if (access == NULL)
399 access = access_list_insert (afi, name);
400 return access;
401 }
402
403 /* Apply access list to object (which should be struct prefix *). */
404 enum filter_type
405 access_list_apply (struct access_list *access, void *object)
406 {
407 struct filter *filter;
408 struct prefix *p;
409
410 p = (struct prefix *) object;
411
412 if (access == NULL)
413 return FILTER_DENY;
414
415 for (filter = access->head; filter; filter = filter->next)
416 {
417 if (filter->cisco)
418 {
419 if (filter_match_cisco (filter, p))
420 return filter->type;
421 }
422 else
423 {
424 if (filter_match_zebra (filter, p))
425 return filter->type;
426 }
427 }
428
429 return FILTER_DENY;
430 }
431
432 /* Add hook function. */
433 void
434 access_list_add_hook (void (*func) (struct access_list *access))
435 {
436 access_master_ipv4.add_hook = func;
437 #ifdef HAVE_IPV6
438 access_master_ipv6.add_hook = func;
439 #endif /* HAVE_IPV6 */
440 }
441
442 /* Delete hook function. */
443 void
444 access_list_delete_hook (void (*func) (struct access_list *access))
445 {
446 access_master_ipv4.delete_hook = func;
447 #ifdef HAVE_IPV6
448 access_master_ipv6.delete_hook = func;
449 #endif /* HAVE_IPV6 */
450 }
451
452 /* Add new filter to the end of specified access_list. */
453 static void
454 access_list_filter_add (struct access_list *access, struct filter *filter)
455 {
456 filter->next = NULL;
457 filter->prev = access->tail;
458
459 if (access->tail)
460 access->tail->next = filter;
461 else
462 access->head = filter;
463 access->tail = filter;
464
465 /* Run hook function. */
466 if (access->master->add_hook)
467 (*access->master->add_hook) (access);
468 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
469 }
470
471 /* If access_list has no filter then return 1. */
472 static int
473 access_list_empty (struct access_list *access)
474 {
475 if (access->head == NULL && access->tail == NULL)
476 return 1;
477 else
478 return 0;
479 }
480
481 /* Delete filter from specified access_list. If there is hook
482 function execute it. */
483 static void
484 access_list_filter_delete (struct access_list *access, struct filter *filter)
485 {
486 struct access_master *master;
487
488 master = access->master;
489
490 if (filter->next)
491 filter->next->prev = filter->prev;
492 else
493 access->tail = filter->prev;
494
495 if (filter->prev)
496 filter->prev->next = filter->next;
497 else
498 access->head = filter->next;
499
500 filter_free (filter);
501
502 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
503 /* Run hook function. */
504 if (master->delete_hook)
505 (*master->delete_hook) (access);
506
507 /* If access_list becomes empty delete it from access_master. */
508 if (access_list_empty (access))
509 access_list_delete (access);
510 }
511
512 /*
513 deny Specify packets to reject
514 permit Specify packets to forward
515 dynamic ?
516 */
517
518 /*
519 Hostname or A.B.C.D Address to match
520 any Any source host
521 host A single host address
522 */
523
524 static struct filter *
525 filter_lookup_cisco (struct access_list *access, struct filter *mnew)
526 {
527 struct filter *mfilter;
528 struct filter_cisco *filter;
529 struct filter_cisco *new;
530
531 new = &mnew->u.cfilter;
532
533 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
534 {
535 filter = &mfilter->u.cfilter;
536
537 if (filter->extended)
538 {
539 if (mfilter->type == mnew->type
540 && filter->addr.s_addr == new->addr.s_addr
541 && filter->addr_mask.s_addr == new->addr_mask.s_addr
542 && filter->mask.s_addr == new->mask.s_addr
543 && filter->mask_mask.s_addr == new->mask_mask.s_addr)
544 return mfilter;
545 }
546 else
547 {
548 if (mfilter->type == mnew->type
549 && filter->addr.s_addr == new->addr.s_addr
550 && filter->addr_mask.s_addr == new->addr_mask.s_addr)
551 return mfilter;
552 }
553 }
554
555 return NULL;
556 }
557
558 static struct filter *
559 filter_lookup_zebra (struct access_list *access, struct filter *mnew)
560 {
561 struct filter *mfilter;
562 struct filter_zebra *filter;
563 struct filter_zebra *new;
564
565 new = &mnew->u.zfilter;
566
567 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
568 {
569 filter = &mfilter->u.zfilter;
570
571 if (filter->exact == new->exact
572 && mfilter->type == mnew->type
573 && prefix_same (&filter->prefix, &new->prefix))
574 return mfilter;
575 }
576 return NULL;
577 }
578
579 static int
580 vty_access_list_remark_unset (struct vty *vty, afi_t afi, const char *name)
581 {
582 struct access_list *access;
583
584 access = access_list_lookup (afi, name);
585 if (! access)
586 {
587 vty_out (vty, "%% access-list %s doesn't exist%s", name,
588 VTY_NEWLINE);
589 return CMD_WARNING;
590 }
591
592 if (access->remark)
593 {
594 XFREE (MTYPE_TMP, access->remark);
595 access->remark = NULL;
596 }
597
598 if (access->head == NULL && access->tail == NULL && access->remark == NULL)
599 access_list_delete (access);
600
601 return CMD_SUCCESS;
602 }
603
604 static int
605 filter_set_cisco (struct vty *vty, const char *name_str, const char *type_str,
606 const char *addr_str, const char *addr_mask_str,
607 const char *mask_str, const char *mask_mask_str,
608 int extended, int set)
609 {
610 int ret;
611 enum filter_type type;
612 struct filter *mfilter;
613 struct filter_cisco *filter;
614 struct access_list *access;
615 struct in_addr addr;
616 struct in_addr addr_mask;
617 struct in_addr mask;
618 struct in_addr mask_mask;
619
620 /* Check of filter type. */
621 if (strncmp (type_str, "p", 1) == 0)
622 type = FILTER_PERMIT;
623 else if (strncmp (type_str, "d", 1) == 0)
624 type = FILTER_DENY;
625 else
626 {
627 vty_out (vty, "%% filter type must be permit or deny%s", VTY_NEWLINE);
628 return CMD_WARNING;
629 }
630
631 ret = inet_aton (addr_str, &addr);
632 if (ret <= 0)
633 {
634 vty_out (vty, "%%Inconsistent address and mask%s",
635 VTY_NEWLINE);
636 return CMD_WARNING;
637 }
638
639 ret = inet_aton (addr_mask_str, &addr_mask);
640 if (ret <= 0)
641 {
642 vty_out (vty, "%%Inconsistent address and mask%s",
643 VTY_NEWLINE);
644 return CMD_WARNING;
645 }
646
647 if (extended)
648 {
649 ret = inet_aton (mask_str, &mask);
650 if (ret <= 0)
651 {
652 vty_out (vty, "%%Inconsistent address and mask%s",
653 VTY_NEWLINE);
654 return CMD_WARNING;
655 }
656
657 ret = inet_aton (mask_mask_str, &mask_mask);
658 if (ret <= 0)
659 {
660 vty_out (vty, "%%Inconsistent address and mask%s",
661 VTY_NEWLINE);
662 return CMD_WARNING;
663 }
664 }
665
666 mfilter = filter_new();
667 mfilter->type = type;
668 mfilter->cisco = 1;
669 filter = &mfilter->u.cfilter;
670 filter->extended = extended;
671 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
672 filter->addr_mask.s_addr = addr_mask.s_addr;
673
674 if (extended)
675 {
676 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
677 filter->mask_mask.s_addr = mask_mask.s_addr;
678 }
679
680 /* Install new filter to the access_list. */
681 access = access_list_get (AFI_IP, name_str);
682
683 if (set)
684 {
685 if (filter_lookup_cisco (access, mfilter))
686 filter_free (mfilter);
687 else
688 access_list_filter_add (access, mfilter);
689 }
690 else
691 {
692 struct filter *delete_filter;
693
694 delete_filter = filter_lookup_cisco (access, mfilter);
695 if (delete_filter)
696 access_list_filter_delete (access, delete_filter);
697
698 filter_free (mfilter);
699 }
700
701 return CMD_SUCCESS;
702 }
703
704 /* Standard access-list */
705 DEFUN (access_list_standard,
706 access_list_standard_cmd,
707 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
708 "Add an access list entry\n"
709 "IP standard access list\n"
710 "IP standard access list (expanded range)\n"
711 "Specify packets to reject\n"
712 "Specify packets to forward\n"
713 "Address to match\n"
714 "Wildcard bits\n")
715 {
716 int idx_acl = 1;
717 int idx_permit_deny = 2;
718 int idx_ipv4 = 3;
719 int idx_ipv4_2 = 4;
720 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg,
721 NULL, NULL, 0, 1);
722 }
723
724 DEFUN (access_list_standard_nomask,
725 access_list_standard_nomask_cmd,
726 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
727 "Add an access list entry\n"
728 "IP standard access list\n"
729 "IP standard access list (expanded range)\n"
730 "Specify packets to reject\n"
731 "Specify packets to forward\n"
732 "Address to match\n")
733 {
734 int idx_acl = 1;
735 int idx_permit_deny = 2;
736 int idx_ipv4 = 3;
737 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
738 NULL, NULL, 0, 1);
739 }
740
741 DEFUN (access_list_standard_host,
742 access_list_standard_host_cmd,
743 "access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
744 "Add an access list entry\n"
745 "IP standard access list\n"
746 "IP standard access list (expanded range)\n"
747 "Specify packets to reject\n"
748 "Specify packets to forward\n"
749 "A single host address\n"
750 "Address to match\n")
751 {
752 int idx_acl = 1;
753 int idx_permit_deny = 2;
754 int idx_ipv4 = 4;
755 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
756 NULL, NULL, 0, 1);
757 }
758
759 DEFUN (access_list_standard_any,
760 access_list_standard_any_cmd,
761 "access-list <(1-99)|(1300-1999)> <deny|permit> any",
762 "Add an access list entry\n"
763 "IP standard access list\n"
764 "IP standard access list (expanded range)\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
767 "Any source host\n")
768 {
769 int idx_acl = 1;
770 int idx_permit_deny = 2;
771 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
772 "255.255.255.255", NULL, NULL, 0, 1);
773 }
774
775 DEFUN (no_access_list_standard,
776 no_access_list_standard_cmd,
777 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
778 NO_STR
779 "Add an access list entry\n"
780 "IP standard access list\n"
781 "IP standard access list (expanded range)\n"
782 "Specify packets to reject\n"
783 "Specify packets to forward\n"
784 "Address to match\n"
785 "Wildcard bits\n")
786 {
787 int idx_acl = 2;
788 int idx_permit_deny = 3;
789 int idx_ipv4 = 4;
790 int idx_ipv4_2 = 5;
791 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, argv[idx_ipv4_2]->arg,
792 NULL, NULL, 0, 0);
793 }
794
795 DEFUN (no_access_list_standard_nomask,
796 no_access_list_standard_nomask_cmd,
797 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
798 NO_STR
799 "Add an access list entry\n"
800 "IP standard access list\n"
801 "IP standard access list (expanded range)\n"
802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "Address to match\n")
805 {
806 int idx_acl = 2;
807 int idx_permit_deny = 3;
808 int idx_ipv4 = 4;
809 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
810 NULL, NULL, 0, 0);
811 }
812
813 DEFUN (no_access_list_standard_host,
814 no_access_list_standard_host_cmd,
815 "no access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
816 NO_STR
817 "Add an access list entry\n"
818 "IP standard access list\n"
819 "IP standard access list (expanded range)\n"
820 "Specify packets to reject\n"
821 "Specify packets to forward\n"
822 "A single host address\n"
823 "Address to match\n")
824 {
825 int idx_acl = 2;
826 int idx_permit_deny = 3;
827 int idx_ipv4 = 5;
828 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg, "0.0.0.0",
829 NULL, NULL, 0, 0);
830 }
831
832 DEFUN (no_access_list_standard_any,
833 no_access_list_standard_any_cmd,
834 "no access-list <(1-99)|(1300-1999)> <deny|permit> any",
835 NO_STR
836 "Add an access list entry\n"
837 "IP standard access list\n"
838 "IP standard access list (expanded range)\n"
839 "Specify packets to reject\n"
840 "Specify packets to forward\n"
841 "Any source host\n")
842 {
843 int idx_acl = 2;
844 int idx_permit_deny = 3;
845 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
846 "255.255.255.255", NULL, NULL, 0, 0);
847 }
848
849 /* Extended access-list */
850 DEFUN (access_list_extended,
851 access_list_extended_cmd,
852 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
853 "Add an access list entry\n"
854 "IP extended access list\n"
855 "IP extended access list (expanded range)\n"
856 "Specify packets to reject\n"
857 "Specify packets to forward\n"
858 "Any Internet Protocol\n"
859 "Source address\n"
860 "Source wildcard bits\n"
861 "Destination address\n"
862 "Destination Wildcard bits\n")
863 {
864 int idx_acl = 1;
865 int idx_permit_deny = 2;
866 int idx_ipv4 = 4;
867 int idx_ipv4_2 = 5;
868 int idx_ipv4_3 = 6;
869 int idx_ipv4_4 = 7;
870 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
871 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1 ,1);
872 }
873
874 DEFUN (access_list_extended_mask_any,
875 access_list_extended_mask_any_cmd,
876 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
877 "Add an access list entry\n"
878 "IP extended access list\n"
879 "IP extended access list (expanded range)\n"
880 "Specify packets to reject\n"
881 "Specify packets to forward\n"
882 "Any Internet Protocol\n"
883 "Source address\n"
884 "Source wildcard bits\n"
885 "Any destination host\n")
886 {
887 int idx_acl = 1;
888 int idx_permit_deny = 2;
889 int idx_ipv4 = 4;
890 int idx_ipv4_2 = 5;
891 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
892 argv[idx_ipv4_2]->arg, "0.0.0.0",
893 "255.255.255.255", 1, 1);
894 }
895
896 DEFUN (access_list_extended_any_mask,
897 access_list_extended_any_mask_cmd,
898 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
899 "Add an access list entry\n"
900 "IP extended access list\n"
901 "IP extended access list (expanded range)\n"
902 "Specify packets to reject\n"
903 "Specify packets to forward\n"
904 "Any Internet Protocol\n"
905 "Any source host\n"
906 "Destination address\n"
907 "Destination Wildcard bits\n")
908 {
909 int idx_acl = 1;
910 int idx_permit_deny = 2;
911 int idx_ipv4 = 5;
912 int idx_ipv4_2 = 6;
913 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
914 "255.255.255.255", argv[idx_ipv4]->arg,
915 argv[idx_ipv4_2]->arg, 1, 1);
916 }
917
918 DEFUN (access_list_extended_any_any,
919 access_list_extended_any_any_cmd,
920 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
921 "Add an access list entry\n"
922 "IP extended access list\n"
923 "IP extended access list (expanded range)\n"
924 "Specify packets to reject\n"
925 "Specify packets to forward\n"
926 "Any Internet Protocol\n"
927 "Any source host\n"
928 "Any destination host\n")
929 {
930 int idx_acl = 1;
931 int idx_permit_deny = 2;
932 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
933 "255.255.255.255", "0.0.0.0",
934 "255.255.255.255", 1, 1);
935 }
936
937 DEFUN (access_list_extended_mask_host,
938 access_list_extended_mask_host_cmd,
939 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
940 "Add an access list entry\n"
941 "IP extended access list\n"
942 "IP extended access list (expanded range)\n"
943 "Specify packets to reject\n"
944 "Specify packets to forward\n"
945 "Any Internet Protocol\n"
946 "Source address\n"
947 "Source wildcard bits\n"
948 "A single destination host\n"
949 "Destination address\n")
950 {
951 int idx_acl = 1;
952 int idx_permit_deny = 2;
953 int idx_ipv4 = 4;
954 int idx_ipv4_2 = 5;
955 int idx_ipv4_3 = 7;
956 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
957 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg,
958 "0.0.0.0", 1, 1);
959 }
960
961 DEFUN (access_list_extended_host_mask,
962 access_list_extended_host_mask_cmd,
963 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
964 "Add an access list entry\n"
965 "IP extended access list\n"
966 "IP extended access list (expanded range)\n"
967 "Specify packets to reject\n"
968 "Specify packets to forward\n"
969 "Any Internet Protocol\n"
970 "A single source host\n"
971 "Source address\n"
972 "Destination address\n"
973 "Destination Wildcard bits\n")
974 {
975 int idx_acl = 1;
976 int idx_permit_deny = 2;
977 int idx_ipv4 = 5;
978 int idx_ipv4_2 = 6;
979 int idx_ipv4_3 = 7;
980 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
981 "0.0.0.0", argv[idx_ipv4_2]->arg,
982 argv[idx_ipv4_3]->arg, 1, 1);
983 }
984
985 DEFUN (access_list_extended_host_host,
986 access_list_extended_host_host_cmd,
987 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
988 "Add an access list entry\n"
989 "IP extended access list\n"
990 "IP extended access list (expanded range)\n"
991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any Internet Protocol\n"
994 "A single source host\n"
995 "Source address\n"
996 "A single destination host\n"
997 "Destination address\n")
998 {
999 int idx_acl = 1;
1000 int idx_permit_deny = 2;
1001 int idx_ipv4 = 5;
1002 int idx_ipv4_2 = 7;
1003 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1004 "0.0.0.0", argv[idx_ipv4_2]->arg,
1005 "0.0.0.0", 1, 1);
1006 }
1007
1008 DEFUN (access_list_extended_any_host,
1009 access_list_extended_any_host_cmd,
1010 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1011 "Add an access list entry\n"
1012 "IP extended access list\n"
1013 "IP extended access list (expanded range)\n"
1014 "Specify packets to reject\n"
1015 "Specify packets to forward\n"
1016 "Any Internet Protocol\n"
1017 "Any source host\n"
1018 "A single destination host\n"
1019 "Destination address\n")
1020 {
1021 int idx_acl = 1;
1022 int idx_permit_deny = 2;
1023 int idx_ipv4 = 6;
1024 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1025 "255.255.255.255", argv[idx_ipv4]->arg,
1026 "0.0.0.0", 1, 1);
1027 }
1028
1029 DEFUN (access_list_extended_host_any,
1030 access_list_extended_host_any_cmd,
1031 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1032 "Add an access list entry\n"
1033 "IP extended access list\n"
1034 "IP extended access list (expanded range)\n"
1035 "Specify packets to reject\n"
1036 "Specify packets to forward\n"
1037 "Any Internet Protocol\n"
1038 "A single source host\n"
1039 "Source address\n"
1040 "Any destination host\n")
1041 {
1042 int idx_acl = 1;
1043 int idx_permit_deny = 2;
1044 int idx_ipv4 = 5;
1045 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1046 "0.0.0.0", "0.0.0.0",
1047 "255.255.255.255", 1, 1);
1048 }
1049
1050 DEFUN (no_access_list_extended,
1051 no_access_list_extended_cmd,
1052 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1053 NO_STR
1054 "Add an access list entry\n"
1055 "IP extended access list\n"
1056 "IP extended access list (expanded range)\n"
1057 "Specify packets to reject\n"
1058 "Specify packets to forward\n"
1059 "Any Internet Protocol\n"
1060 "Source address\n"
1061 "Source wildcard bits\n"
1062 "Destination address\n"
1063 "Destination Wildcard bits\n")
1064 {
1065 int idx_acl = 2;
1066 int idx_permit_deny = 3;
1067 int idx_ipv4 = 5;
1068 int idx_ipv4_2 = 6;
1069 int idx_ipv4_3 = 7;
1070 int idx_ipv4_4 = 8;
1071 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1072 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg, argv[idx_ipv4_4]->arg, 1, 0);
1073 }
1074
1075 DEFUN (no_access_list_extended_mask_any,
1076 no_access_list_extended_mask_any_cmd,
1077 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
1078 NO_STR
1079 "Add an access list entry\n"
1080 "IP extended access list\n"
1081 "IP extended access list (expanded range)\n"
1082 "Specify packets to reject\n"
1083 "Specify packets to forward\n"
1084 "Any Internet Protocol\n"
1085 "Source address\n"
1086 "Source wildcard bits\n"
1087 "Any destination host\n")
1088 {
1089 int idx_acl = 2;
1090 int idx_permit_deny = 3;
1091 int idx_ipv4 = 5;
1092 int idx_ipv4_2 = 6;
1093 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1094 argv[idx_ipv4_2]->arg, "0.0.0.0",
1095 "255.255.255.255", 1, 0);
1096 }
1097
1098 DEFUN (no_access_list_extended_any_mask,
1099 no_access_list_extended_any_mask_cmd,
1100 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
1101 NO_STR
1102 "Add an access list entry\n"
1103 "IP extended access list\n"
1104 "IP extended access list (expanded range)\n"
1105 "Specify packets to reject\n"
1106 "Specify packets to forward\n"
1107 "Any Internet Protocol\n"
1108 "Any source host\n"
1109 "Destination address\n"
1110 "Destination Wildcard bits\n")
1111 {
1112 int idx_acl = 2;
1113 int idx_permit_deny = 3;
1114 int idx_ipv4 = 6;
1115 int idx_ipv4_2 = 7;
1116 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1117 "255.255.255.255", argv[idx_ipv4]->arg,
1118 argv[idx_ipv4_2]->arg, 1, 0);
1119 }
1120
1121 DEFUN (no_access_list_extended_any_any,
1122 no_access_list_extended_any_any_cmd,
1123 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
1124 NO_STR
1125 "Add an access list entry\n"
1126 "IP extended access list\n"
1127 "IP extended access list (expanded range)\n"
1128 "Specify packets to reject\n"
1129 "Specify packets to forward\n"
1130 "Any Internet Protocol\n"
1131 "Any source host\n"
1132 "Any destination host\n")
1133 {
1134 int idx_acl = 2;
1135 int idx_permit_deny = 3;
1136 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1137 "255.255.255.255", "0.0.0.0",
1138 "255.255.255.255", 1, 0);
1139 }
1140
1141 DEFUN (no_access_list_extended_mask_host,
1142 no_access_list_extended_mask_host_cmd,
1143 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1144 NO_STR
1145 "Add an access list entry\n"
1146 "IP extended access list\n"
1147 "IP extended access list (expanded range)\n"
1148 "Specify packets to reject\n"
1149 "Specify packets to forward\n"
1150 "Any Internet Protocol\n"
1151 "Source address\n"
1152 "Source wildcard bits\n"
1153 "A single destination host\n"
1154 "Destination address\n")
1155 {
1156 int idx_acl = 2;
1157 int idx_permit_deny = 3;
1158 int idx_ipv4 = 5;
1159 int idx_ipv4_2 = 6;
1160 int idx_ipv4_3 = 8;
1161 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1162 argv[idx_ipv4_2]->arg, argv[idx_ipv4_3]->arg,
1163 "0.0.0.0", 1, 0);
1164 }
1165
1166 DEFUN (no_access_list_extended_host_mask,
1167 no_access_list_extended_host_mask_cmd,
1168 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1169 NO_STR
1170 "Add an access list entry\n"
1171 "IP extended access list\n"
1172 "IP extended access list (expanded range)\n"
1173 "Specify packets to reject\n"
1174 "Specify packets to forward\n"
1175 "Any Internet Protocol\n"
1176 "A single source host\n"
1177 "Source address\n"
1178 "Destination address\n"
1179 "Destination Wildcard bits\n")
1180 {
1181 int idx_acl = 2;
1182 int idx_permit_deny = 3;
1183 int idx_ipv4 = 6;
1184 int idx_ipv4_2 = 7;
1185 int idx_ipv4_3 = 8;
1186 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1187 "0.0.0.0", argv[idx_ipv4_2]->arg,
1188 argv[idx_ipv4_3]->arg, 1, 0);
1189 }
1190
1191 DEFUN (no_access_list_extended_host_host,
1192 no_access_list_extended_host_host_cmd,
1193 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
1194 NO_STR
1195 "Add an access list entry\n"
1196 "IP extended access list\n"
1197 "IP extended access list (expanded range)\n"
1198 "Specify packets to reject\n"
1199 "Specify packets to forward\n"
1200 "Any Internet Protocol\n"
1201 "A single source host\n"
1202 "Source address\n"
1203 "A single destination host\n"
1204 "Destination address\n")
1205 {
1206 int idx_acl = 2;
1207 int idx_permit_deny = 3;
1208 int idx_ipv4 = 6;
1209 int idx_ipv4_2 = 8;
1210 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1211 "0.0.0.0", argv[idx_ipv4_2]->arg,
1212 "0.0.0.0", 1, 0);
1213 }
1214
1215 DEFUN (no_access_list_extended_any_host,
1216 no_access_list_extended_any_host_cmd,
1217 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1218 NO_STR
1219 "Add an access list entry\n"
1220 "IP extended access list\n"
1221 "IP extended access list (expanded range)\n"
1222 "Specify packets to reject\n"
1223 "Specify packets to forward\n"
1224 "Any Internet Protocol\n"
1225 "Any source host\n"
1226 "A single destination host\n"
1227 "Destination address\n")
1228 {
1229 int idx_acl = 2;
1230 int idx_permit_deny = 3;
1231 int idx_ipv4 = 7;
1232 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, "0.0.0.0",
1233 "255.255.255.255", argv[idx_ipv4]->arg,
1234 "0.0.0.0", 1, 0);
1235 }
1236
1237 DEFUN (no_access_list_extended_host_any,
1238 no_access_list_extended_host_any_cmd,
1239 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1240 NO_STR
1241 "Add an access list entry\n"
1242 "IP extended access list\n"
1243 "IP extended access list (expanded range)\n"
1244 "Specify packets to reject\n"
1245 "Specify packets to forward\n"
1246 "Any Internet Protocol\n"
1247 "A single source host\n"
1248 "Source address\n"
1249 "Any destination host\n")
1250 {
1251 int idx_acl = 2;
1252 int idx_permit_deny = 3;
1253 int idx_ipv4 = 6;
1254 return filter_set_cisco (vty, argv[idx_acl]->arg, argv[idx_permit_deny]->arg, argv[idx_ipv4]->arg,
1255 "0.0.0.0", "0.0.0.0",
1256 "255.255.255.255", 1, 0);
1257 }
1258
1259 static int
1260 filter_set_zebra (struct vty *vty, const char *name_str, const char *type_str,
1261 afi_t afi, const char *prefix_str, int exact, int set)
1262 {
1263 int ret;
1264 enum filter_type type;
1265 struct filter *mfilter;
1266 struct filter_zebra *filter;
1267 struct access_list *access;
1268 struct prefix p;
1269
1270 /* Check of filter type. */
1271 if (strncmp (type_str, "p", 1) == 0)
1272 type = FILTER_PERMIT;
1273 else if (strncmp (type_str, "d", 1) == 0)
1274 type = FILTER_DENY;
1275 else
1276 {
1277 vty_out (vty, "filter type must be [permit|deny]%s", VTY_NEWLINE);
1278 return CMD_WARNING;
1279 }
1280
1281 /* Check string format of prefix and prefixlen. */
1282 if (afi == AFI_IP)
1283 {
1284 ret = str2prefix_ipv4 (prefix_str, (struct prefix_ipv4 *)&p);
1285 if (ret <= 0)
1286 {
1287 vty_out (vty, "IP address prefix/prefixlen is malformed%s",
1288 VTY_NEWLINE);
1289 return CMD_WARNING;
1290 }
1291 }
1292 #ifdef HAVE_IPV6
1293 else if (afi == AFI_IP6)
1294 {
1295 ret = str2prefix_ipv6 (prefix_str, (struct prefix_ipv6 *) &p);
1296 if (ret <= 0)
1297 {
1298 vty_out (vty, "IPv6 address prefix/prefixlen is malformed%s",
1299 VTY_NEWLINE);
1300 return CMD_WARNING;
1301 }
1302 }
1303 #endif /* HAVE_IPV6 */
1304 else
1305 return CMD_WARNING;
1306
1307 mfilter = filter_new ();
1308 mfilter->type = type;
1309 filter = &mfilter->u.zfilter;
1310 prefix_copy (&filter->prefix, &p);
1311
1312 /* "exact-match" */
1313 if (exact)
1314 filter->exact = 1;
1315
1316 /* Install new filter to the access_list. */
1317 access = access_list_get (afi, name_str);
1318
1319 if (set)
1320 {
1321 if (filter_lookup_zebra (access, mfilter))
1322 filter_free (mfilter);
1323 else
1324 access_list_filter_add (access, mfilter);
1325 }
1326 else
1327 {
1328 struct filter *delete_filter;
1329
1330 delete_filter = filter_lookup_zebra (access, mfilter);
1331 if (delete_filter)
1332 access_list_filter_delete (access, delete_filter);
1333
1334 filter_free (mfilter);
1335 }
1336
1337 return CMD_SUCCESS;
1338 }
1339
1340 /* Zebra access-list */
1341 DEFUN (access_list,
1342 access_list_cmd,
1343 "access-list WORD <deny|permit> A.B.C.D/M",
1344 "Add an access list entry\n"
1345 "IP zebra access-list name\n"
1346 "Specify packets to reject\n"
1347 "Specify packets to forward\n"
1348 "Prefix to match. e.g. 10.0.0.0/8\n")
1349 {
1350 int idx_word = 1;
1351 int idx_permit_deny = 2;
1352 int idx_ipv4_prefixlen = 3;
1353 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 1);
1354 }
1355
1356 DEFUN (access_list_exact,
1357 access_list_exact_cmd,
1358 "access-list WORD <deny|permit> A.B.C.D/M exact-match",
1359 "Add an access list entry\n"
1360 "IP zebra access-list name\n"
1361 "Specify packets to reject\n"
1362 "Specify packets to forward\n"
1363 "Prefix to match. e.g. 10.0.0.0/8\n"
1364 "Exact match of the prefixes\n")
1365 {
1366 int idx_word = 1;
1367 int idx_permit_deny = 2;
1368 int idx_ipv4_prefixlen = 3;
1369 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 1);
1370 }
1371
1372 DEFUN (access_list_any,
1373 access_list_any_cmd,
1374 "access-list WORD <deny|permit> any",
1375 "Add an access list entry\n"
1376 "IP zebra access-list name\n"
1377 "Specify packets to reject\n"
1378 "Specify packets to forward\n"
1379 "Prefix to match. e.g. 10.0.0.0/8\n")
1380 {
1381 int idx_word = 1;
1382 int idx_permit_deny = 2;
1383 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 1);
1384 }
1385
1386 DEFUN (no_access_list,
1387 no_access_list_cmd,
1388 "no access-list WORD <deny|permit> A.B.C.D/M",
1389 NO_STR
1390 "Add an access list entry\n"
1391 "IP zebra access-list name\n"
1392 "Specify packets to reject\n"
1393 "Specify packets to forward\n"
1394 "Prefix to match. e.g. 10.0.0.0/8\n")
1395 {
1396 int idx_word = 2;
1397 int idx_permit_deny = 3;
1398 int idx_ipv4_prefixlen = 4;
1399 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 0);
1400 }
1401
1402 DEFUN (no_access_list_exact,
1403 no_access_list_exact_cmd,
1404 "no access-list WORD <deny|permit> A.B.C.D/M exact-match",
1405 NO_STR
1406 "Add an access list entry\n"
1407 "IP zebra access-list name\n"
1408 "Specify packets to reject\n"
1409 "Specify packets to forward\n"
1410 "Prefix to match. e.g. 10.0.0.0/8\n"
1411 "Exact match of the prefixes\n")
1412 {
1413 int idx_word = 2;
1414 int idx_permit_deny = 3;
1415 int idx_ipv4_prefixlen = 4;
1416 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 0);
1417 }
1418
1419 DEFUN (no_access_list_any,
1420 no_access_list_any_cmd,
1421 "no access-list WORD <deny|permit> any",
1422 NO_STR
1423 "Add an access list entry\n"
1424 "IP zebra access-list name\n"
1425 "Specify packets to reject\n"
1426 "Specify packets to forward\n"
1427 "Prefix to match. e.g. 10.0.0.0/8\n")
1428 {
1429 int idx_word = 2;
1430 int idx_permit_deny = 3;
1431 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 0);
1432 }
1433
1434 DEFUN (no_access_list_all,
1435 no_access_list_all_cmd,
1436 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1437 NO_STR
1438 "Add an access list entry\n"
1439 "IP standard access list\n"
1440 "IP extended access list\n"
1441 "IP standard access list (expanded range)\n"
1442 "IP extended access list (expanded range)\n"
1443 "IP zebra access-list name\n")
1444 {
1445 int idx_acl = 2;
1446 struct access_list *access;
1447 struct access_master *master;
1448
1449 /* Looking up access_list. */
1450 access = access_list_lookup (AFI_IP, argv[idx_acl]->arg);
1451 if (access == NULL)
1452 {
1453 vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_acl]->arg,
1454 VTY_NEWLINE);
1455 return CMD_WARNING;
1456 }
1457
1458 master = access->master;
1459
1460 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
1461 /* Run hook function. */
1462 if (master->delete_hook)
1463 (*master->delete_hook) (access);
1464
1465 /* Delete all filter from access-list. */
1466 access_list_delete (access);
1467
1468 return CMD_SUCCESS;
1469 }
1470
1471 DEFUN (access_list_remark,
1472 access_list_remark_cmd,
1473 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1474 "Add an access list entry\n"
1475 "IP standard access list\n"
1476 "IP extended access list\n"
1477 "IP standard access list (expanded range)\n"
1478 "IP extended access list (expanded range)\n"
1479 "IP zebra access-list\n"
1480 "Access list entry comment\n"
1481 "Comment up to 100 characters\n")
1482 {
1483 int idx_acl = 1;
1484 int idx_remark = 3;
1485 struct access_list *access;
1486
1487 access = access_list_get (AFI_IP, argv[idx_acl]->arg);
1488
1489 if (access->remark)
1490 {
1491 XFREE (MTYPE_TMP, access->remark);
1492 access->remark = NULL;
1493 }
1494 access->remark = argv_concat(argv, argc, idx_remark);
1495
1496 return CMD_SUCCESS;
1497 }
1498
1499 DEFUN (no_access_list_remark,
1500 no_access_list_remark_cmd,
1501 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
1502 NO_STR
1503 "Add an access list entry\n"
1504 "IP standard access list\n"
1505 "IP extended access list\n"
1506 "IP standard access list (expanded range)\n"
1507 "IP extended access list (expanded range)\n"
1508 "IP zebra access-list\n"
1509 "Access list entry comment\n")
1510 {
1511 int idx_acl = 2;
1512 return vty_access_list_remark_unset (vty, AFI_IP, argv[idx_acl]->arg);
1513 }
1514
1515 /* ALIAS_FIXME */
1516 DEFUN (no_access_list_remark_comment,
1517 no_access_list_remark_comment_cmd,
1518 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1519 NO_STR
1520 "Add an access list entry\n"
1521 "IP standard access list\n"
1522 "IP extended access list\n"
1523 "IP standard access list (expanded range)\n"
1524 "IP extended access list (expanded range)\n"
1525 "IP zebra access-list\n"
1526 "Access list entry comment\n"
1527 "Comment up to 100 characters\n")
1528 {
1529 return no_access_list_remark (self, vty, argc, argv);
1530 }
1531
1532
1533 #ifdef HAVE_IPV6
1534 DEFUN (ipv6_access_list,
1535 ipv6_access_list_cmd,
1536 "ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1537 IPV6_STR
1538 "Add an access list entry\n"
1539 "IPv6 zebra access-list\n"
1540 "Specify packets to reject\n"
1541 "Specify packets to forward\n"
1542 "IPv6 prefix\n")
1543 {
1544 int idx = 0;
1545 char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL;
1546 char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL;
1547 return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 0, 1);
1548 }
1549
1550 DEFUN (ipv6_access_list_exact,
1551 ipv6_access_list_exact_cmd,
1552 "ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1553 IPV6_STR
1554 "Add an access list entry\n"
1555 "IPv6 zebra access-list\n"
1556 "Specify packets to reject\n"
1557 "Specify packets to forward\n"
1558 "IPv6 prefix\n"
1559 "Exact match of the prefixes\n")
1560 {
1561 int idx = 0;
1562 char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL;
1563 char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL;
1564 return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 1, 1);
1565 }
1566
1567 DEFUN (ipv6_access_list_any,
1568 ipv6_access_list_any_cmd,
1569 "ipv6 access-list WORD <deny|permit> any",
1570 IPV6_STR
1571 "Add an access list entry\n"
1572 "IPv6 zebra access-list\n"
1573 "Specify packets to reject\n"
1574 "Specify packets to forward\n"
1575 "Any prefixi to match\n")
1576 {
1577 int idx_word = 2;
1578 int idx_permit_deny = 3;
1579 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 1);
1580 }
1581
1582 DEFUN (no_ipv6_access_list,
1583 no_ipv6_access_list_cmd,
1584 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1585 NO_STR
1586 IPV6_STR
1587 "Add an access list entry\n"
1588 "IPv6 zebra access-list\n"
1589 "Specify packets to reject\n"
1590 "Specify packets to forward\n"
1591 "Prefix to match. e.g. 3ffe:506::/32\n")
1592 {
1593 int idx_word = 3;
1594 int idx_permit_deny = 4;
1595 int idx_ipv6_prefixlen = 5;
1596 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 0, 0);
1597 }
1598
1599 DEFUN (no_ipv6_access_list_exact,
1600 no_ipv6_access_list_exact_cmd,
1601 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1602 NO_STR
1603 IPV6_STR
1604 "Add an access list entry\n"
1605 "IPv6 zebra access-list\n"
1606 "Specify packets to reject\n"
1607 "Specify packets to forward\n"
1608 "Prefix to match. e.g. 3ffe:506::/32\n"
1609 "Exact match of the prefixes\n")
1610 {
1611 int idx_word = 3;
1612 int idx_permit_deny = 4;
1613 int idx_ipv6_prefixlen = 5;
1614 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 1, 0);
1615 }
1616
1617 DEFUN (no_ipv6_access_list_any,
1618 no_ipv6_access_list_any_cmd,
1619 "no ipv6 access-list WORD <deny|permit> any",
1620 NO_STR
1621 IPV6_STR
1622 "Add an access list entry\n"
1623 "IPv6 zebra access-list\n"
1624 "Specify packets to reject\n"
1625 "Specify packets to forward\n"
1626 "Any prefixi to match\n")
1627 {
1628 int idx_word = 3;
1629 int idx_permit_deny = 4;
1630 return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 0);
1631 }
1632
1633
1634 DEFUN (no_ipv6_access_list_all,
1635 no_ipv6_access_list_all_cmd,
1636 "no ipv6 access-list WORD",
1637 NO_STR
1638 IPV6_STR
1639 "Add an access list entry\n"
1640 "IPv6 zebra access-list\n")
1641 {
1642 int idx_word = 3;
1643 struct access_list *access;
1644 struct access_master *master;
1645
1646 /* Looking up access_list. */
1647 access = access_list_lookup (AFI_IP6, argv[idx_word]->arg);
1648 if (access == NULL)
1649 {
1650 vty_out (vty, "%% access-list %s doesn't exist%s", argv[idx_word]->arg,
1651 VTY_NEWLINE);
1652 return CMD_WARNING;
1653 }
1654
1655 master = access->master;
1656
1657 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
1658 /* Run hook function. */
1659 if (master->delete_hook)
1660 (*master->delete_hook) (access);
1661
1662 /* Delete all filter from access-list. */
1663 access_list_delete (access);
1664
1665 return CMD_SUCCESS;
1666 }
1667
1668 DEFUN (ipv6_access_list_remark,
1669 ipv6_access_list_remark_cmd,
1670 "ipv6 access-list WORD remark LINE...",
1671 IPV6_STR
1672 "Add an access list entry\n"
1673 "IPv6 zebra access-list\n"
1674 "Access list entry comment\n"
1675 "Comment up to 100 characters\n")
1676 {
1677 int idx_word = 2;
1678 int idx_line = 4;
1679 struct access_list *access;
1680
1681 access = access_list_get (AFI_IP6, argv[idx_word]->arg);
1682
1683 if (access->remark)
1684 {
1685 XFREE (MTYPE_TMP, access->remark);
1686 access->remark = NULL;
1687 }
1688 access->remark = argv_concat(argv, argc, idx_line);
1689
1690 return CMD_SUCCESS;
1691 }
1692
1693 DEFUN (no_ipv6_access_list_remark,
1694 no_ipv6_access_list_remark_cmd,
1695 "no ipv6 access-list WORD remark",
1696 NO_STR
1697 IPV6_STR
1698 "Add an access list entry\n"
1699 "IPv6 zebra access-list\n"
1700 "Access list entry comment\n")
1701 {
1702 int idx_word = 3;
1703 return vty_access_list_remark_unset (vty, AFI_IP6, argv[idx_word]->arg);
1704 }
1705
1706 /* ALIAS_FIXME */
1707 DEFUN (no_ipv6_access_list_remark_comment,
1708 no_ipv6_access_list_remark_comment_cmd,
1709 "no ipv6 access-list WORD remark LINE...",
1710 NO_STR
1711 IPV6_STR
1712 "Add an access list entry\n"
1713 "IPv6 zebra access-list\n"
1714 "Access list entry comment\n"
1715 "Comment up to 100 characters\n")
1716 {
1717 return no_ipv6_access_list_remark (self, vty, argc, argv);
1718 }
1719
1720 #endif /* HAVE_IPV6 */
1721
1722 void config_write_access_zebra (struct vty *, struct filter *);
1723 void config_write_access_cisco (struct vty *, struct filter *);
1724
1725 /* show access-list command. */
1726 static int
1727 filter_show (struct vty *vty, const char *name, afi_t afi)
1728 {
1729 struct access_list *access;
1730 struct access_master *master;
1731 struct filter *mfilter;
1732 struct filter_cisco *filter;
1733 int write = 0;
1734
1735 master = access_master_get (afi);
1736 if (master == NULL)
1737 return 0;
1738
1739 /* Print the name of the protocol */
1740 if (zlog_default)
1741 vty_out (vty, "%s:%s",
1742 zlog_proto_names[zlog_default->protocol], VTY_NEWLINE);
1743
1744 for (access = master->num.head; access; access = access->next)
1745 {
1746 if (name && strcmp (access->name, name) != 0)
1747 continue;
1748
1749 write = 1;
1750
1751 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1752 {
1753 filter = &mfilter->u.cfilter;
1754
1755 if (write)
1756 {
1757 vty_out (vty, "%s IP%s access list %s%s",
1758 mfilter->cisco ?
1759 (filter->extended ? "Extended" : "Standard") : "Zebra",
1760 afi == AFI_IP6 ? "v6" : "",
1761 access->name, VTY_NEWLINE);
1762 write = 0;
1763 }
1764
1765 vty_out (vty, " %s%s", filter_type_str (mfilter),
1766 mfilter->type == FILTER_DENY ? " " : "");
1767
1768 if (! mfilter->cisco)
1769 config_write_access_zebra (vty, mfilter);
1770 else if (filter->extended)
1771 config_write_access_cisco (vty, mfilter);
1772 else
1773 {
1774 if (filter->addr_mask.s_addr == 0xffffffff)
1775 vty_out (vty, " any%s", VTY_NEWLINE);
1776 else
1777 {
1778 vty_out (vty, " %s", inet_ntoa (filter->addr));
1779 if (filter->addr_mask.s_addr != 0)
1780 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1781 vty_out (vty, "%s", VTY_NEWLINE);
1782 }
1783 }
1784 }
1785 }
1786
1787 for (access = master->str.head; access; access = access->next)
1788 {
1789 if (name && strcmp (access->name, name) != 0)
1790 continue;
1791
1792 write = 1;
1793
1794 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1795 {
1796 filter = &mfilter->u.cfilter;
1797
1798 if (write)
1799 {
1800 vty_out (vty, "%s IP%s access list %s%s",
1801 mfilter->cisco ?
1802 (filter->extended ? "Extended" : "Standard") : "Zebra",
1803 afi == AFI_IP6 ? "v6" : "",
1804 access->name, VTY_NEWLINE);
1805 write = 0;
1806 }
1807
1808 vty_out (vty, " %s%s", filter_type_str (mfilter),
1809 mfilter->type == FILTER_DENY ? " " : "");
1810
1811 if (! mfilter->cisco)
1812 config_write_access_zebra (vty, mfilter);
1813 else if (filter->extended)
1814 config_write_access_cisco (vty, mfilter);
1815 else
1816 {
1817 if (filter->addr_mask.s_addr == 0xffffffff)
1818 vty_out (vty, " any%s", VTY_NEWLINE);
1819 else
1820 {
1821 vty_out (vty, " %s", inet_ntoa (filter->addr));
1822 if (filter->addr_mask.s_addr != 0)
1823 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1824 vty_out (vty, "%s", VTY_NEWLINE);
1825 }
1826 }
1827 }
1828 }
1829 return CMD_SUCCESS;
1830 }
1831
1832 DEFUN (show_ip_access_list,
1833 show_ip_access_list_cmd,
1834 "show ip access-list",
1835 SHOW_STR
1836 IP_STR
1837 "List IP access lists\n")
1838 {
1839 return filter_show (vty, NULL, AFI_IP);
1840 }
1841
1842 DEFUN (show_ip_access_list_name,
1843 show_ip_access_list_name_cmd,
1844 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1845 SHOW_STR
1846 IP_STR
1847 "List IP access lists\n"
1848 "IP standard access list\n"
1849 "IP extended access list\n"
1850 "IP standard access list (expanded range)\n"
1851 "IP extended access list (expanded range)\n"
1852 "IP zebra access-list\n")
1853 {
1854 int idx_acl = 3;
1855 return filter_show (vty, argv[idx_acl]->arg, AFI_IP);
1856 }
1857
1858 #ifdef HAVE_IPV6
1859 DEFUN (show_ipv6_access_list,
1860 show_ipv6_access_list_cmd,
1861 "show ipv6 access-list",
1862 SHOW_STR
1863 IPV6_STR
1864 "List IPv6 access lists\n")
1865 {
1866 return filter_show (vty, NULL, AFI_IP6);
1867 }
1868
1869 DEFUN (show_ipv6_access_list_name,
1870 show_ipv6_access_list_name_cmd,
1871 "show ipv6 access-list WORD",
1872 SHOW_STR
1873 IPV6_STR
1874 "List IPv6 access lists\n"
1875 "IPv6 zebra access-list\n")
1876 {
1877 int idx_word = 3;
1878 return filter_show (vty, argv[idx_word]->arg, AFI_IP6);
1879 }
1880 #endif /* HAVE_IPV6 */
1881
1882 void
1883 config_write_access_cisco (struct vty *vty, struct filter *mfilter)
1884 {
1885 struct filter_cisco *filter;
1886
1887 filter = &mfilter->u.cfilter;
1888
1889 if (filter->extended)
1890 {
1891 vty_out (vty, " ip");
1892 if (filter->addr_mask.s_addr == 0xffffffff)
1893 vty_out (vty, " any");
1894 else if (filter->addr_mask.s_addr == 0)
1895 vty_out (vty, " host %s", inet_ntoa (filter->addr));
1896 else
1897 {
1898 vty_out (vty, " %s", inet_ntoa (filter->addr));
1899 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1900 }
1901
1902 if (filter->mask_mask.s_addr == 0xffffffff)
1903 vty_out (vty, " any");
1904 else if (filter->mask_mask.s_addr == 0)
1905 vty_out (vty, " host %s", inet_ntoa (filter->mask));
1906 else
1907 {
1908 vty_out (vty, " %s", inet_ntoa (filter->mask));
1909 vty_out (vty, " %s", inet_ntoa (filter->mask_mask));
1910 }
1911 vty_out (vty, "%s", VTY_NEWLINE);
1912 }
1913 else
1914 {
1915 if (filter->addr_mask.s_addr == 0xffffffff)
1916 vty_out (vty, " any%s", VTY_NEWLINE);
1917 else
1918 {
1919 vty_out (vty, " %s", inet_ntoa (filter->addr));
1920 if (filter->addr_mask.s_addr != 0)
1921 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1922 vty_out (vty, "%s", VTY_NEWLINE);
1923 }
1924 }
1925 }
1926
1927 void
1928 config_write_access_zebra (struct vty *vty, struct filter *mfilter)
1929 {
1930 struct filter_zebra *filter;
1931 struct prefix *p;
1932 char buf[BUFSIZ];
1933
1934 filter = &mfilter->u.zfilter;
1935 p = &filter->prefix;
1936
1937 if (p->prefixlen == 0 && ! filter->exact)
1938 vty_out (vty, " any");
1939 else
1940 vty_out (vty, " %s/%d%s",
1941 inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
1942 p->prefixlen,
1943 filter->exact ? " exact-match" : "");
1944
1945 vty_out (vty, "%s", VTY_NEWLINE);
1946 }
1947
1948 static int
1949 config_write_access (struct vty *vty, afi_t afi)
1950 {
1951 struct access_list *access;
1952 struct access_master *master;
1953 struct filter *mfilter;
1954 int write = 0;
1955
1956 master = access_master_get (afi);
1957 if (master == NULL)
1958 return 0;
1959
1960 for (access = master->num.head; access; access = access->next)
1961 {
1962 if (access->remark)
1963 {
1964 vty_out (vty, "%saccess-list %s remark %s%s",
1965 afi == AFI_IP ? "" : "ipv6 ",
1966 access->name, access->remark,
1967 VTY_NEWLINE);
1968 write++;
1969 }
1970
1971 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1972 {
1973 vty_out (vty, "%saccess-list %s %s",
1974 afi == AFI_IP ? "" : "ipv6 ",
1975 access->name,
1976 filter_type_str (mfilter));
1977
1978 if (mfilter->cisco)
1979 config_write_access_cisco (vty, mfilter);
1980 else
1981 config_write_access_zebra (vty, mfilter);
1982
1983 write++;
1984 }
1985 }
1986
1987 for (access = master->str.head; access; access = access->next)
1988 {
1989 if (access->remark)
1990 {
1991 vty_out (vty, "%saccess-list %s remark %s%s",
1992 afi == AFI_IP ? "" : "ipv6 ",
1993 access->name, access->remark,
1994 VTY_NEWLINE);
1995 write++;
1996 }
1997
1998 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1999 {
2000 vty_out (vty, "%saccess-list %s %s",
2001 afi == AFI_IP ? "" : "ipv6 ",
2002 access->name,
2003 filter_type_str (mfilter));
2004
2005 if (mfilter->cisco)
2006 config_write_access_cisco (vty, mfilter);
2007 else
2008 config_write_access_zebra (vty, mfilter);
2009
2010 write++;
2011 }
2012 }
2013 return write;
2014 }
2015
2016 /* Access-list node. */
2017 static struct cmd_node access_node =
2018 {
2019 ACCESS_NODE,
2020 "", /* Access list has no interface. */
2021 1
2022 };
2023
2024 static int
2025 config_write_access_ipv4 (struct vty *vty)
2026 {
2027 return config_write_access (vty, AFI_IP);
2028 }
2029
2030 static void
2031 access_list_reset_ipv4 (void)
2032 {
2033 struct access_list *access;
2034 struct access_list *next;
2035 struct access_master *master;
2036
2037 master = access_master_get (AFI_IP);
2038 if (master == NULL)
2039 return;
2040
2041 for (access = master->num.head; access; access = next)
2042 {
2043 next = access->next;
2044 access_list_delete (access);
2045 }
2046 for (access = master->str.head; access; access = next)
2047 {
2048 next = access->next;
2049 access_list_delete (access);
2050 }
2051
2052 assert (master->num.head == NULL);
2053 assert (master->num.tail == NULL);
2054
2055 assert (master->str.head == NULL);
2056 assert (master->str.tail == NULL);
2057 }
2058
2059 /* Install vty related command. */
2060 static void
2061 access_list_init_ipv4 (void)
2062 {
2063 install_node (&access_node, config_write_access_ipv4);
2064
2065 install_element (ENABLE_NODE, &show_ip_access_list_cmd);
2066 install_element (ENABLE_NODE, &show_ip_access_list_name_cmd);
2067
2068 /* Zebra access-list */
2069 install_element (CONFIG_NODE, &access_list_cmd);
2070 install_element (CONFIG_NODE, &access_list_exact_cmd);
2071 install_element (CONFIG_NODE, &access_list_any_cmd);
2072 install_element (CONFIG_NODE, &no_access_list_cmd);
2073 install_element (CONFIG_NODE, &no_access_list_exact_cmd);
2074 install_element (CONFIG_NODE, &no_access_list_any_cmd);
2075
2076 /* Standard access-list */
2077 install_element (CONFIG_NODE, &access_list_standard_cmd);
2078 install_element (CONFIG_NODE, &access_list_standard_nomask_cmd);
2079 install_element (CONFIG_NODE, &access_list_standard_host_cmd);
2080 install_element (CONFIG_NODE, &access_list_standard_any_cmd);
2081 install_element (CONFIG_NODE, &no_access_list_standard_cmd);
2082 install_element (CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2083 install_element (CONFIG_NODE, &no_access_list_standard_host_cmd);
2084 install_element (CONFIG_NODE, &no_access_list_standard_any_cmd);
2085
2086 /* Extended access-list */
2087 install_element (CONFIG_NODE, &access_list_extended_cmd);
2088 install_element (CONFIG_NODE, &access_list_extended_any_mask_cmd);
2089 install_element (CONFIG_NODE, &access_list_extended_mask_any_cmd);
2090 install_element (CONFIG_NODE, &access_list_extended_any_any_cmd);
2091 install_element (CONFIG_NODE, &access_list_extended_host_mask_cmd);
2092 install_element (CONFIG_NODE, &access_list_extended_mask_host_cmd);
2093 install_element (CONFIG_NODE, &access_list_extended_host_host_cmd);
2094 install_element (CONFIG_NODE, &access_list_extended_any_host_cmd);
2095 install_element (CONFIG_NODE, &access_list_extended_host_any_cmd);
2096 install_element (CONFIG_NODE, &no_access_list_extended_cmd);
2097 install_element (CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2098 install_element (CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2099 install_element (CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2100 install_element (CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2101 install_element (CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2102 install_element (CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2103 install_element (CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2104 install_element (CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2105
2106 install_element (CONFIG_NODE, &access_list_remark_cmd);
2107 install_element (CONFIG_NODE, &no_access_list_all_cmd);
2108 install_element (CONFIG_NODE, &no_access_list_remark_cmd);
2109 install_element (CONFIG_NODE, &no_access_list_remark_comment_cmd);
2110 }
2111
2112 #ifdef HAVE_IPV6
2113 static struct cmd_node access_ipv6_node =
2114 {
2115 ACCESS_IPV6_NODE,
2116 "",
2117 1
2118 };
2119
2120 static int
2121 config_write_access_ipv6 (struct vty *vty)
2122 {
2123 return config_write_access (vty, AFI_IP6);
2124 }
2125
2126 static void
2127 access_list_reset_ipv6 (void)
2128 {
2129 struct access_list *access;
2130 struct access_list *next;
2131 struct access_master *master;
2132
2133 master = access_master_get (AFI_IP6);
2134 if (master == NULL)
2135 return;
2136
2137 for (access = master->num.head; access; access = next)
2138 {
2139 next = access->next;
2140 access_list_delete (access);
2141 }
2142 for (access = master->str.head; access; access = next)
2143 {
2144 next = access->next;
2145 access_list_delete (access);
2146 }
2147
2148 assert (master->num.head == NULL);
2149 assert (master->num.tail == NULL);
2150
2151 assert (master->str.head == NULL);
2152 assert (master->str.tail == NULL);
2153 }
2154
2155 static void
2156 access_list_init_ipv6 (void)
2157 {
2158 install_node (&access_ipv6_node, config_write_access_ipv6);
2159
2160 install_element (ENABLE_NODE, &show_ipv6_access_list_cmd);
2161 install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd);
2162
2163 install_element (CONFIG_NODE, &ipv6_access_list_cmd);
2164 install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd);
2165 install_element (CONFIG_NODE, &ipv6_access_list_any_cmd);
2166 install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2167 install_element (CONFIG_NODE, &no_ipv6_access_list_cmd);
2168 install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd);
2169
2170 install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd);
2171 install_element (CONFIG_NODE, &ipv6_access_list_remark_cmd);
2172 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
2173 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
2174 }
2175 #endif /* HAVE_IPV6 */
2176
2177 void
2178 access_list_init ()
2179 {
2180 access_list_init_ipv4 ();
2181 #ifdef HAVE_IPV6
2182 access_list_init_ipv6();
2183 #endif /* HAVE_IPV6 */
2184 }
2185
2186 void
2187 access_list_reset ()
2188 {
2189 access_list_reset_ipv4 ();
2190 #ifdef HAVE_IPV6
2191 access_list_reset_ipv6();
2192 #endif /* HAVE_IPV6 */
2193 }
FRRouting mirror