1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
28 #include "sockunion.h"
33 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST
, "Access List")
34 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST_STR
, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB
, ACCESS_FILTER
, "Access Filter")
39 /* Cisco access-list */
42 struct in_addr addr_mask
;
44 struct in_addr mask_mask
;
49 /* If this filter is "exact" match then this flag is set. */
52 /* Prefix information. */
56 /* Filter element of access list */
59 /* For doubly linked list. */
63 /* Filter type information. */
64 enum filter_type type
;
66 /* Cisco access-list */
71 struct filter_cisco cfilter
;
72 struct filter_zebra zfilter
;
76 /* List of access_list. */
77 struct access_list_list
79 struct access_list
*head
;
80 struct access_list
*tail
;
83 /* Master structure of access_list. */
86 /* List of access_list which name is number. */
87 struct access_list_list num
;
89 /* List of access_list which name is string. */
90 struct access_list_list str
;
92 /* Hook function which is executed when new access_list is added. */
93 void (*add_hook
) (struct access_list
*);
95 /* Hook function which is executed when access_list is deleted. */
96 void (*delete_hook
) (struct access_list
*);
99 /* Static structure for IPv4 access_list's master. */
100 static struct access_master access_master_ipv4
=
109 /* Static structure for IPv6 access_list's master. */
110 static struct access_master access_master_ipv6
=
117 #endif /* HAVE_IPV6 */
119 static struct access_master
*
120 access_master_get (afi_t afi
)
123 return &access_master_ipv4
;
125 else if (afi
== AFI_IP6
)
126 return &access_master_ipv6
;
127 #endif /* HAVE_IPV6 */
131 /* Allocate new filter structure. */
132 static struct filter
*
135 return (struct filter
*) XCALLOC (MTYPE_ACCESS_FILTER
,
136 sizeof (struct filter
));
140 filter_free (struct filter
*filter
)
142 XFREE (MTYPE_ACCESS_FILTER
, filter
);
145 /* Return string of filter_type. */
147 filter_type_str (struct filter
*filter
)
149 switch (filter
->type
)
166 /* If filter match to the prefix then return 1. */
168 filter_match_cisco (struct filter
*mfilter
, struct prefix
*p
)
170 struct filter_cisco
*filter
;
172 u_int32_t check_addr
;
173 u_int32_t check_mask
;
175 filter
= &mfilter
->u
.cfilter
;
176 check_addr
= p
->u
.prefix4
.s_addr
& ~filter
->addr_mask
.s_addr
;
178 if (filter
->extended
)
180 masklen2ip (p
->prefixlen
, &mask
);
181 check_mask
= mask
.s_addr
& ~filter
->mask_mask
.s_addr
;
183 if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0
184 && memcmp (&check_mask
, &filter
->mask
.s_addr
, 4) == 0)
187 else if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0)
193 /* If filter match to the prefix then return 1. */
195 filter_match_zebra (struct filter
*mfilter
, struct prefix
*p
)
197 struct filter_zebra
*filter
;
199 filter
= &mfilter
->u
.zfilter
;
201 if (filter
->prefix
.family
== p
->family
)
205 if (filter
->prefix
.prefixlen
== p
->prefixlen
)
206 return prefix_match (&filter
->prefix
, p
);
211 return prefix_match (&filter
->prefix
, p
);
217 /* Allocate new access list structure. */
218 static struct access_list
*
219 access_list_new (void)
221 return (struct access_list
*) XCALLOC (MTYPE_ACCESS_LIST
,
222 sizeof (struct access_list
));
225 /* Free allocated access_list. */
227 access_list_free (struct access_list
*access
)
229 XFREE (MTYPE_ACCESS_LIST
, access
);
232 /* Delete access_list from access_master and free it. */
234 access_list_delete (struct access_list
*access
)
236 struct filter
*filter
;
238 struct access_list_list
*list
;
239 struct access_master
*master
;
241 for (filter
= access
->head
; filter
; filter
= next
)
244 filter_free (filter
);
247 master
= access
->master
;
249 if (access
->type
== ACCESS_TYPE_NUMBER
)
255 access
->next
->prev
= access
->prev
;
257 list
->tail
= access
->prev
;
260 access
->prev
->next
= access
->next
;
262 list
->head
= access
->next
;
265 XFREE (MTYPE_ACCESS_LIST_STR
, access
->name
);
268 XFREE (MTYPE_TMP
, access
->remark
);
270 access_list_free (access
);
273 /* Insert new access list to list of access_list. Each acceess_list
274 is sorted by the name. */
275 static struct access_list
*
276 access_list_insert (afi_t afi
, const char *name
)
280 struct access_list
*access
;
281 struct access_list
*point
;
282 struct access_list_list
*alist
;
283 struct access_master
*master
;
285 master
= access_master_get (afi
);
289 /* Allocate new access_list and copy given name. */
290 access
= access_list_new ();
291 access
->name
= XSTRDUP (MTYPE_ACCESS_LIST_STR
, name
);
292 access
->master
= master
;
294 /* If name is made by all digit character. We treat it as
296 for (number
= 0, i
= 0; i
< strlen (name
); i
++)
298 if (isdigit ((int) name
[i
]))
299 number
= (number
* 10) + (name
[i
] - '0');
304 /* In case of name is all digit character */
305 if (i
== strlen (name
))
307 access
->type
= ACCESS_TYPE_NUMBER
;
309 /* Set access_list to number list. */
310 alist
= &master
->num
;
312 for (point
= alist
->head
; point
; point
= point
->next
)
313 if (atol (point
->name
) >= number
)
318 access
->type
= ACCESS_TYPE_STRING
;
320 /* Set access_list to string list. */
321 alist
= &master
->str
;
323 /* Set point to insertion point. */
324 for (point
= alist
->head
; point
; point
= point
->next
)
325 if (strcmp (point
->name
, name
) >= 0)
329 /* In case of this is the first element of master. */
330 if (alist
->head
== NULL
)
332 alist
->head
= alist
->tail
= access
;
336 /* In case of insertion is made at the tail of access_list. */
339 access
->prev
= alist
->tail
;
340 alist
->tail
->next
= access
;
341 alist
->tail
= access
;
345 /* In case of insertion is made at the head of access_list. */
346 if (point
== alist
->head
)
348 access
->next
= alist
->head
;
349 alist
->head
->prev
= access
;
350 alist
->head
= access
;
354 /* Insertion is made at middle of the access_list. */
355 access
->next
= point
;
356 access
->prev
= point
->prev
;
359 point
->prev
->next
= access
;
360 point
->prev
= access
;
365 /* Lookup access_list from list of access_list by name. */
367 access_list_lookup (afi_t afi
, const char *name
)
369 struct access_list
*access
;
370 struct access_master
*master
;
375 master
= access_master_get (afi
);
379 for (access
= master
->num
.head
; access
; access
= access
->next
)
380 if (strcmp (access
->name
, name
) == 0)
383 for (access
= master
->str
.head
; access
; access
= access
->next
)
384 if (strcmp (access
->name
, name
) == 0)
390 /* Get access list from list of access_list. If there isn't matched
391 access_list create new one and return it. */
392 static struct access_list
*
393 access_list_get (afi_t afi
, const char *name
)
395 struct access_list
*access
;
397 access
= access_list_lookup (afi
, name
);
399 access
= access_list_insert (afi
, name
);
403 /* Apply access list to object (which should be struct prefix *). */
405 access_list_apply (struct access_list
*access
, void *object
)
407 struct filter
*filter
;
410 p
= (struct prefix
*) object
;
415 for (filter
= access
->head
; filter
; filter
= filter
->next
)
419 if (filter_match_cisco (filter
, p
))
424 if (filter_match_zebra (filter
, p
))
432 /* Add hook function. */
434 access_list_add_hook (void (*func
) (struct access_list
*access
))
436 access_master_ipv4
.add_hook
= func
;
438 access_master_ipv6
.add_hook
= func
;
439 #endif /* HAVE_IPV6 */
442 /* Delete hook function. */
444 access_list_delete_hook (void (*func
) (struct access_list
*access
))
446 access_master_ipv4
.delete_hook
= func
;
448 access_master_ipv6
.delete_hook
= func
;
449 #endif /* HAVE_IPV6 */
452 /* Add new filter to the end of specified access_list. */
454 access_list_filter_add (struct access_list
*access
, struct filter
*filter
)
457 filter
->prev
= access
->tail
;
460 access
->tail
->next
= filter
;
462 access
->head
= filter
;
463 access
->tail
= filter
;
465 /* Run hook function. */
466 if (access
->master
->add_hook
)
467 (*access
->master
->add_hook
) (access
);
468 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_ADDED
);
471 /* If access_list has no filter then return 1. */
473 access_list_empty (struct access_list
*access
)
475 if (access
->head
== NULL
&& access
->tail
== NULL
)
481 /* Delete filter from specified access_list. If there is hook
482 function execute it. */
484 access_list_filter_delete (struct access_list
*access
, struct filter
*filter
)
486 struct access_master
*master
;
488 master
= access
->master
;
491 filter
->next
->prev
= filter
->prev
;
493 access
->tail
= filter
->prev
;
496 filter
->prev
->next
= filter
->next
;
498 access
->head
= filter
->next
;
500 filter_free (filter
);
502 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
503 /* Run hook function. */
504 if (master
->delete_hook
)
505 (*master
->delete_hook
) (access
);
507 /* If access_list becomes empty delete it from access_master. */
508 if (access_list_empty (access
))
509 access_list_delete (access
);
513 deny Specify packets to reject
514 permit Specify packets to forward
519 Hostname or A.B.C.D Address to match
521 host A single host address
524 static struct filter
*
525 filter_lookup_cisco (struct access_list
*access
, struct filter
*mnew
)
527 struct filter
*mfilter
;
528 struct filter_cisco
*filter
;
529 struct filter_cisco
*new;
531 new = &mnew
->u
.cfilter
;
533 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
535 filter
= &mfilter
->u
.cfilter
;
537 if (filter
->extended
)
539 if (mfilter
->type
== mnew
->type
540 && filter
->addr
.s_addr
== new->addr
.s_addr
541 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
542 && filter
->mask
.s_addr
== new->mask
.s_addr
543 && filter
->mask_mask
.s_addr
== new->mask_mask
.s_addr
)
548 if (mfilter
->type
== mnew
->type
549 && filter
->addr
.s_addr
== new->addr
.s_addr
550 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
)
558 static struct filter
*
559 filter_lookup_zebra (struct access_list
*access
, struct filter
*mnew
)
561 struct filter
*mfilter
;
562 struct filter_zebra
*filter
;
563 struct filter_zebra
*new;
565 new = &mnew
->u
.zfilter
;
567 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
569 filter
= &mfilter
->u
.zfilter
;
571 if (filter
->exact
== new->exact
572 && mfilter
->type
== mnew
->type
573 && prefix_same (&filter
->prefix
, &new->prefix
))
580 vty_access_list_remark_unset (struct vty
*vty
, afi_t afi
, const char *name
)
582 struct access_list
*access
;
584 access
= access_list_lookup (afi
, name
);
587 vty_out (vty
, "%% access-list %s doesn't exist%s", name
,
594 XFREE (MTYPE_TMP
, access
->remark
);
595 access
->remark
= NULL
;
598 if (access
->head
== NULL
&& access
->tail
== NULL
&& access
->remark
== NULL
)
599 access_list_delete (access
);
605 filter_set_cisco (struct vty
*vty
, const char *name_str
, const char *type_str
,
606 const char *addr_str
, const char *addr_mask_str
,
607 const char *mask_str
, const char *mask_mask_str
,
608 int extended
, int set
)
611 enum filter_type type
;
612 struct filter
*mfilter
;
613 struct filter_cisco
*filter
;
614 struct access_list
*access
;
616 struct in_addr addr_mask
;
618 struct in_addr mask_mask
;
620 /* Check of filter type. */
621 if (strncmp (type_str
, "p", 1) == 0)
622 type
= FILTER_PERMIT
;
623 else if (strncmp (type_str
, "d", 1) == 0)
627 vty_out (vty
, "%% filter type must be permit or deny%s", VTY_NEWLINE
);
631 ret
= inet_aton (addr_str
, &addr
);
634 vty_out (vty
, "%%Inconsistent address and mask%s",
639 ret
= inet_aton (addr_mask_str
, &addr_mask
);
642 vty_out (vty
, "%%Inconsistent address and mask%s",
649 ret
= inet_aton (mask_str
, &mask
);
652 vty_out (vty
, "%%Inconsistent address and mask%s",
657 ret
= inet_aton (mask_mask_str
, &mask_mask
);
660 vty_out (vty
, "%%Inconsistent address and mask%s",
666 mfilter
= filter_new();
667 mfilter
->type
= type
;
669 filter
= &mfilter
->u
.cfilter
;
670 filter
->extended
= extended
;
671 filter
->addr
.s_addr
= addr
.s_addr
& ~addr_mask
.s_addr
;
672 filter
->addr_mask
.s_addr
= addr_mask
.s_addr
;
676 filter
->mask
.s_addr
= mask
.s_addr
& ~mask_mask
.s_addr
;
677 filter
->mask_mask
.s_addr
= mask_mask
.s_addr
;
680 /* Install new filter to the access_list. */
681 access
= access_list_get (AFI_IP
, name_str
);
685 if (filter_lookup_cisco (access
, mfilter
))
686 filter_free (mfilter
);
688 access_list_filter_add (access
, mfilter
);
692 struct filter
*delete_filter
;
694 delete_filter
= filter_lookup_cisco (access
, mfilter
);
696 access_list_filter_delete (access
, delete_filter
);
698 filter_free (mfilter
);
704 /* Standard access-list */
705 DEFUN (access_list_standard
,
706 access_list_standard_cmd
,
707 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
708 "Add an access list entry\n"
709 "IP standard access list\n"
710 "IP standard access list (expanded range)\n"
711 "Specify packets to reject\n"
712 "Specify packets to forward\n"
717 int idx_permit_deny
= 2;
720 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, argv
[idx_ipv4_2
]->arg
,
724 DEFUN (access_list_standard_nomask
,
725 access_list_standard_nomask_cmd
,
726 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
727 "Add an access list entry\n"
728 "IP standard access list\n"
729 "IP standard access list (expanded range)\n"
730 "Specify packets to reject\n"
731 "Specify packets to forward\n"
732 "Address to match\n")
735 int idx_permit_deny
= 2;
737 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
741 DEFUN (access_list_standard_host
,
742 access_list_standard_host_cmd
,
743 "access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
744 "Add an access list entry\n"
745 "IP standard access list\n"
746 "IP standard access list (expanded range)\n"
747 "Specify packets to reject\n"
748 "Specify packets to forward\n"
749 "A single host address\n"
750 "Address to match\n")
753 int idx_permit_deny
= 2;
755 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
759 DEFUN (access_list_standard_any
,
760 access_list_standard_any_cmd
,
761 "access-list <(1-99)|(1300-1999)> <deny|permit> any",
762 "Add an access list entry\n"
763 "IP standard access list\n"
764 "IP standard access list (expanded range)\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
770 int idx_permit_deny
= 2;
771 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
772 "255.255.255.255", NULL
, NULL
, 0, 1);
775 DEFUN (no_access_list_standard
,
776 no_access_list_standard_cmd
,
777 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
779 "Add an access list entry\n"
780 "IP standard access list\n"
781 "IP standard access list (expanded range)\n"
782 "Specify packets to reject\n"
783 "Specify packets to forward\n"
788 int idx_permit_deny
= 3;
791 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, argv
[idx_ipv4_2
]->arg
,
795 DEFUN (no_access_list_standard_nomask
,
796 no_access_list_standard_nomask_cmd
,
797 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
799 "Add an access list entry\n"
800 "IP standard access list\n"
801 "IP standard access list (expanded range)\n"
802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "Address to match\n")
807 int idx_permit_deny
= 3;
809 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
813 DEFUN (no_access_list_standard_host
,
814 no_access_list_standard_host_cmd
,
815 "no access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
817 "Add an access list entry\n"
818 "IP standard access list\n"
819 "IP standard access list (expanded range)\n"
820 "Specify packets to reject\n"
821 "Specify packets to forward\n"
822 "A single host address\n"
823 "Address to match\n")
826 int idx_permit_deny
= 3;
828 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
832 DEFUN (no_access_list_standard_any
,
833 no_access_list_standard_any_cmd
,
834 "no access-list <(1-99)|(1300-1999)> <deny|permit> any",
836 "Add an access list entry\n"
837 "IP standard access list\n"
838 "IP standard access list (expanded range)\n"
839 "Specify packets to reject\n"
840 "Specify packets to forward\n"
844 int idx_permit_deny
= 3;
845 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
846 "255.255.255.255", NULL
, NULL
, 0, 0);
849 /* Extended access-list */
850 DEFUN (access_list_extended
,
851 access_list_extended_cmd
,
852 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
853 "Add an access list entry\n"
854 "IP extended access list\n"
855 "IP extended access list (expanded range)\n"
856 "Specify packets to reject\n"
857 "Specify packets to forward\n"
858 "Any Internet Protocol\n"
860 "Source wildcard bits\n"
861 "Destination address\n"
862 "Destination Wildcard bits\n")
865 int idx_permit_deny
= 2;
870 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
871 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
, argv
[idx_ipv4_4
]->arg
, 1 ,1);
874 DEFUN (access_list_extended_mask_any
,
875 access_list_extended_mask_any_cmd
,
876 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
877 "Add an access list entry\n"
878 "IP extended access list\n"
879 "IP extended access list (expanded range)\n"
880 "Specify packets to reject\n"
881 "Specify packets to forward\n"
882 "Any Internet Protocol\n"
884 "Source wildcard bits\n"
885 "Any destination host\n")
888 int idx_permit_deny
= 2;
891 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
892 argv
[idx_ipv4_2
]->arg
, "0.0.0.0",
893 "255.255.255.255", 1, 1);
896 DEFUN (access_list_extended_any_mask
,
897 access_list_extended_any_mask_cmd
,
898 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
899 "Add an access list entry\n"
900 "IP extended access list\n"
901 "IP extended access list (expanded range)\n"
902 "Specify packets to reject\n"
903 "Specify packets to forward\n"
904 "Any Internet Protocol\n"
906 "Destination address\n"
907 "Destination Wildcard bits\n")
910 int idx_permit_deny
= 2;
913 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
914 "255.255.255.255", argv
[idx_ipv4
]->arg
,
915 argv
[idx_ipv4_2
]->arg
, 1, 1);
918 DEFUN (access_list_extended_any_any
,
919 access_list_extended_any_any_cmd
,
920 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
921 "Add an access list entry\n"
922 "IP extended access list\n"
923 "IP extended access list (expanded range)\n"
924 "Specify packets to reject\n"
925 "Specify packets to forward\n"
926 "Any Internet Protocol\n"
928 "Any destination host\n")
931 int idx_permit_deny
= 2;
932 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
933 "255.255.255.255", "0.0.0.0",
934 "255.255.255.255", 1, 1);
937 DEFUN (access_list_extended_mask_host
,
938 access_list_extended_mask_host_cmd
,
939 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
940 "Add an access list entry\n"
941 "IP extended access list\n"
942 "IP extended access list (expanded range)\n"
943 "Specify packets to reject\n"
944 "Specify packets to forward\n"
945 "Any Internet Protocol\n"
947 "Source wildcard bits\n"
948 "A single destination host\n"
949 "Destination address\n")
952 int idx_permit_deny
= 2;
956 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
957 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
,
961 DEFUN (access_list_extended_host_mask
,
962 access_list_extended_host_mask_cmd
,
963 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
964 "Add an access list entry\n"
965 "IP extended access list\n"
966 "IP extended access list (expanded range)\n"
967 "Specify packets to reject\n"
968 "Specify packets to forward\n"
969 "Any Internet Protocol\n"
970 "A single source host\n"
972 "Destination address\n"
973 "Destination Wildcard bits\n")
976 int idx_permit_deny
= 2;
980 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
981 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
982 argv
[idx_ipv4_3
]->arg
, 1, 1);
985 DEFUN (access_list_extended_host_host
,
986 access_list_extended_host_host_cmd
,
987 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
988 "Add an access list entry\n"
989 "IP extended access list\n"
990 "IP extended access list (expanded range)\n"
991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any Internet Protocol\n"
994 "A single source host\n"
996 "A single destination host\n"
997 "Destination address\n")
1000 int idx_permit_deny
= 2;
1003 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1004 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1008 DEFUN (access_list_extended_any_host
,
1009 access_list_extended_any_host_cmd
,
1010 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1011 "Add an access list entry\n"
1012 "IP extended access list\n"
1013 "IP extended access list (expanded range)\n"
1014 "Specify packets to reject\n"
1015 "Specify packets to forward\n"
1016 "Any Internet Protocol\n"
1018 "A single destination host\n"
1019 "Destination address\n")
1022 int idx_permit_deny
= 2;
1024 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1025 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1029 DEFUN (access_list_extended_host_any
,
1030 access_list_extended_host_any_cmd
,
1031 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1032 "Add an access list entry\n"
1033 "IP extended access list\n"
1034 "IP extended access list (expanded range)\n"
1035 "Specify packets to reject\n"
1036 "Specify packets to forward\n"
1037 "Any Internet Protocol\n"
1038 "A single source host\n"
1040 "Any destination host\n")
1043 int idx_permit_deny
= 2;
1045 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1046 "0.0.0.0", "0.0.0.0",
1047 "255.255.255.255", 1, 1);
1050 DEFUN (no_access_list_extended
,
1051 no_access_list_extended_cmd
,
1052 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1054 "Add an access list entry\n"
1055 "IP extended access list\n"
1056 "IP extended access list (expanded range)\n"
1057 "Specify packets to reject\n"
1058 "Specify packets to forward\n"
1059 "Any Internet Protocol\n"
1061 "Source wildcard bits\n"
1062 "Destination address\n"
1063 "Destination Wildcard bits\n")
1066 int idx_permit_deny
= 3;
1071 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1072 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
, argv
[idx_ipv4_4
]->arg
, 1, 0);
1075 DEFUN (no_access_list_extended_mask_any
,
1076 no_access_list_extended_mask_any_cmd
,
1077 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
1079 "Add an access list entry\n"
1080 "IP extended access list\n"
1081 "IP extended access list (expanded range)\n"
1082 "Specify packets to reject\n"
1083 "Specify packets to forward\n"
1084 "Any Internet Protocol\n"
1086 "Source wildcard bits\n"
1087 "Any destination host\n")
1090 int idx_permit_deny
= 3;
1093 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1094 argv
[idx_ipv4_2
]->arg
, "0.0.0.0",
1095 "255.255.255.255", 1, 0);
1098 DEFUN (no_access_list_extended_any_mask
,
1099 no_access_list_extended_any_mask_cmd
,
1100 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
1102 "Add an access list entry\n"
1103 "IP extended access list\n"
1104 "IP extended access list (expanded range)\n"
1105 "Specify packets to reject\n"
1106 "Specify packets to forward\n"
1107 "Any Internet Protocol\n"
1109 "Destination address\n"
1110 "Destination Wildcard bits\n")
1113 int idx_permit_deny
= 3;
1116 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1117 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1118 argv
[idx_ipv4_2
]->arg
, 1, 0);
1121 DEFUN (no_access_list_extended_any_any
,
1122 no_access_list_extended_any_any_cmd
,
1123 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
1125 "Add an access list entry\n"
1126 "IP extended access list\n"
1127 "IP extended access list (expanded range)\n"
1128 "Specify packets to reject\n"
1129 "Specify packets to forward\n"
1130 "Any Internet Protocol\n"
1132 "Any destination host\n")
1135 int idx_permit_deny
= 3;
1136 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1137 "255.255.255.255", "0.0.0.0",
1138 "255.255.255.255", 1, 0);
1141 DEFUN (no_access_list_extended_mask_host
,
1142 no_access_list_extended_mask_host_cmd
,
1143 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1145 "Add an access list entry\n"
1146 "IP extended access list\n"
1147 "IP extended access list (expanded range)\n"
1148 "Specify packets to reject\n"
1149 "Specify packets to forward\n"
1150 "Any Internet Protocol\n"
1152 "Source wildcard bits\n"
1153 "A single destination host\n"
1154 "Destination address\n")
1157 int idx_permit_deny
= 3;
1161 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1162 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
,
1166 DEFUN (no_access_list_extended_host_mask
,
1167 no_access_list_extended_host_mask_cmd
,
1168 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1170 "Add an access list entry\n"
1171 "IP extended access list\n"
1172 "IP extended access list (expanded range)\n"
1173 "Specify packets to reject\n"
1174 "Specify packets to forward\n"
1175 "Any Internet Protocol\n"
1176 "A single source host\n"
1178 "Destination address\n"
1179 "Destination Wildcard bits\n")
1182 int idx_permit_deny
= 3;
1186 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1187 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1188 argv
[idx_ipv4_3
]->arg
, 1, 0);
1191 DEFUN (no_access_list_extended_host_host
,
1192 no_access_list_extended_host_host_cmd
,
1193 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
1195 "Add an access list entry\n"
1196 "IP extended access list\n"
1197 "IP extended access list (expanded range)\n"
1198 "Specify packets to reject\n"
1199 "Specify packets to forward\n"
1200 "Any Internet Protocol\n"
1201 "A single source host\n"
1203 "A single destination host\n"
1204 "Destination address\n")
1207 int idx_permit_deny
= 3;
1210 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1211 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1215 DEFUN (no_access_list_extended_any_host
,
1216 no_access_list_extended_any_host_cmd
,
1217 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1219 "Add an access list entry\n"
1220 "IP extended access list\n"
1221 "IP extended access list (expanded range)\n"
1222 "Specify packets to reject\n"
1223 "Specify packets to forward\n"
1224 "Any Internet Protocol\n"
1226 "A single destination host\n"
1227 "Destination address\n")
1230 int idx_permit_deny
= 3;
1232 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1233 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1237 DEFUN (no_access_list_extended_host_any
,
1238 no_access_list_extended_host_any_cmd
,
1239 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1241 "Add an access list entry\n"
1242 "IP extended access list\n"
1243 "IP extended access list (expanded range)\n"
1244 "Specify packets to reject\n"
1245 "Specify packets to forward\n"
1246 "Any Internet Protocol\n"
1247 "A single source host\n"
1249 "Any destination host\n")
1252 int idx_permit_deny
= 3;
1254 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1255 "0.0.0.0", "0.0.0.0",
1256 "255.255.255.255", 1, 0);
1260 filter_set_zebra (struct vty
*vty
, const char *name_str
, const char *type_str
,
1261 afi_t afi
, const char *prefix_str
, int exact
, int set
)
1264 enum filter_type type
;
1265 struct filter
*mfilter
;
1266 struct filter_zebra
*filter
;
1267 struct access_list
*access
;
1270 /* Check of filter type. */
1271 if (strncmp (type_str
, "p", 1) == 0)
1272 type
= FILTER_PERMIT
;
1273 else if (strncmp (type_str
, "d", 1) == 0)
1277 vty_out (vty
, "filter type must be [permit|deny]%s", VTY_NEWLINE
);
1281 /* Check string format of prefix and prefixlen. */
1284 ret
= str2prefix_ipv4 (prefix_str
, (struct prefix_ipv4
*)&p
);
1287 vty_out (vty
, "IP address prefix/prefixlen is malformed%s",
1293 else if (afi
== AFI_IP6
)
1295 ret
= str2prefix_ipv6 (prefix_str
, (struct prefix_ipv6
*) &p
);
1298 vty_out (vty
, "IPv6 address prefix/prefixlen is malformed%s",
1303 #endif /* HAVE_IPV6 */
1307 mfilter
= filter_new ();
1308 mfilter
->type
= type
;
1309 filter
= &mfilter
->u
.zfilter
;
1310 prefix_copy (&filter
->prefix
, &p
);
1316 /* Install new filter to the access_list. */
1317 access
= access_list_get (afi
, name_str
);
1321 if (filter_lookup_zebra (access
, mfilter
))
1322 filter_free (mfilter
);
1324 access_list_filter_add (access
, mfilter
);
1328 struct filter
*delete_filter
;
1330 delete_filter
= filter_lookup_zebra (access
, mfilter
);
1332 access_list_filter_delete (access
, delete_filter
);
1334 filter_free (mfilter
);
1340 /* Zebra access-list */
1343 "access-list WORD <deny|permit> A.B.C.D/M",
1344 "Add an access list entry\n"
1345 "IP zebra access-list name\n"
1346 "Specify packets to reject\n"
1347 "Specify packets to forward\n"
1348 "Prefix to match. e.g. 10.0.0.0/8\n")
1351 int idx_permit_deny
= 2;
1352 int idx_ipv4_prefixlen
= 3;
1353 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 0, 1);
1356 DEFUN (access_list_exact
,
1357 access_list_exact_cmd
,
1358 "access-list WORD <deny|permit> A.B.C.D/M exact-match",
1359 "Add an access list entry\n"
1360 "IP zebra access-list name\n"
1361 "Specify packets to reject\n"
1362 "Specify packets to forward\n"
1363 "Prefix to match. e.g. 10.0.0.0/8\n"
1364 "Exact match of the prefixes\n")
1367 int idx_permit_deny
= 2;
1368 int idx_ipv4_prefixlen
= 3;
1369 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 1, 1);
1372 DEFUN (access_list_any
,
1373 access_list_any_cmd
,
1374 "access-list WORD <deny|permit> any",
1375 "Add an access list entry\n"
1376 "IP zebra access-list name\n"
1377 "Specify packets to reject\n"
1378 "Specify packets to forward\n"
1379 "Prefix to match. e.g. 10.0.0.0/8\n")
1382 int idx_permit_deny
= 2;
1383 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, "0.0.0.0/0", 0, 1);
1386 DEFUN (no_access_list
,
1388 "no access-list WORD <deny|permit> A.B.C.D/M",
1390 "Add an access list entry\n"
1391 "IP zebra access-list name\n"
1392 "Specify packets to reject\n"
1393 "Specify packets to forward\n"
1394 "Prefix to match. e.g. 10.0.0.0/8\n")
1397 int idx_permit_deny
= 3;
1398 int idx_ipv4_prefixlen
= 4;
1399 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 0, 0);
1402 DEFUN (no_access_list_exact
,
1403 no_access_list_exact_cmd
,
1404 "no access-list WORD <deny|permit> A.B.C.D/M exact-match",
1406 "Add an access list entry\n"
1407 "IP zebra access-list name\n"
1408 "Specify packets to reject\n"
1409 "Specify packets to forward\n"
1410 "Prefix to match. e.g. 10.0.0.0/8\n"
1411 "Exact match of the prefixes\n")
1414 int idx_permit_deny
= 3;
1415 int idx_ipv4_prefixlen
= 4;
1416 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 1, 0);
1419 DEFUN (no_access_list_any
,
1420 no_access_list_any_cmd
,
1421 "no access-list WORD <deny|permit> any",
1423 "Add an access list entry\n"
1424 "IP zebra access-list name\n"
1425 "Specify packets to reject\n"
1426 "Specify packets to forward\n"
1427 "Prefix to match. e.g. 10.0.0.0/8\n")
1430 int idx_permit_deny
= 3;
1431 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, "0.0.0.0/0", 0, 0);
1434 DEFUN (no_access_list_all
,
1435 no_access_list_all_cmd
,
1436 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1438 "Add an access list entry\n"
1439 "IP standard access list\n"
1440 "IP extended access list\n"
1441 "IP standard access list (expanded range)\n"
1442 "IP extended access list (expanded range)\n"
1443 "IP zebra access-list name\n")
1446 struct access_list
*access
;
1447 struct access_master
*master
;
1449 /* Looking up access_list. */
1450 access
= access_list_lookup (AFI_IP
, argv
[idx_acl
]->arg
);
1453 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[idx_acl
]->arg
,
1458 master
= access
->master
;
1460 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
1461 /* Run hook function. */
1462 if (master
->delete_hook
)
1463 (*master
->delete_hook
) (access
);
1465 /* Delete all filter from access-list. */
1466 access_list_delete (access
);
1471 DEFUN (access_list_remark
,
1472 access_list_remark_cmd
,
1473 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1474 "Add an access list entry\n"
1475 "IP standard access list\n"
1476 "IP extended access list\n"
1477 "IP standard access list (expanded range)\n"
1478 "IP extended access list (expanded range)\n"
1479 "IP zebra access-list\n"
1480 "Access list entry comment\n"
1481 "Comment up to 100 characters\n")
1485 struct access_list
*access
;
1487 access
= access_list_get (AFI_IP
, argv
[idx_acl
]->arg
);
1491 XFREE (MTYPE_TMP
, access
->remark
);
1492 access
->remark
= NULL
;
1494 access
->remark
= argv_concat(argv
, argc
, idx_remark
);
1499 DEFUN (no_access_list_remark
,
1500 no_access_list_remark_cmd
,
1501 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
1503 "Add an access list entry\n"
1504 "IP standard access list\n"
1505 "IP extended access list\n"
1506 "IP standard access list (expanded range)\n"
1507 "IP extended access list (expanded range)\n"
1508 "IP zebra access-list\n"
1509 "Access list entry comment\n")
1512 return vty_access_list_remark_unset (vty
, AFI_IP
, argv
[idx_acl
]->arg
);
1516 DEFUN (no_access_list_remark_comment
,
1517 no_access_list_remark_comment_cmd
,
1518 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1520 "Add an access list entry\n"
1521 "IP standard access list\n"
1522 "IP extended access list\n"
1523 "IP standard access list (expanded range)\n"
1524 "IP extended access list (expanded range)\n"
1525 "IP zebra access-list\n"
1526 "Access list entry comment\n"
1527 "Comment up to 100 characters\n")
1529 return no_access_list_remark (self
, vty
, argc
, argv
);
1534 DEFUN (ipv6_access_list
,
1535 ipv6_access_list_cmd
,
1536 "ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1538 "Add an access list entry\n"
1539 "IPv6 zebra access-list\n"
1540 "Specify packets to reject\n"
1541 "Specify packets to forward\n"
1545 char *alname
= argv_find (argv
, argc
, "WORD", &idx
) ? argv
[idx
]->arg
: NULL
;
1546 char *prefix
= argv_find (argv
, argc
, "X:X::X:X/M", &idx
) ? argv
[idx
]->arg
: NULL
;
1547 return filter_set_zebra (vty
, alname
, argv
[3]->text
, AFI_IP6
, prefix
, 0, 1);
1550 DEFUN (ipv6_access_list_exact
,
1551 ipv6_access_list_exact_cmd
,
1552 "ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1554 "Add an access list entry\n"
1555 "IPv6 zebra access-list\n"
1556 "Specify packets to reject\n"
1557 "Specify packets to forward\n"
1559 "Exact match of the prefixes\n")
1562 char *alname
= argv_find (argv
, argc
, "WORD", &idx
) ? argv
[idx
]->arg
: NULL
;
1563 char *prefix
= argv_find (argv
, argc
, "X:X::X:X/M", &idx
) ? argv
[idx
]->arg
: NULL
;
1564 return filter_set_zebra (vty
, alname
, argv
[3]->text
, AFI_IP6
, prefix
, 1, 1);
1567 DEFUN (ipv6_access_list_any
,
1568 ipv6_access_list_any_cmd
,
1569 "ipv6 access-list WORD <deny|permit> any",
1571 "Add an access list entry\n"
1572 "IPv6 zebra access-list\n"
1573 "Specify packets to reject\n"
1574 "Specify packets to forward\n"
1575 "Any prefixi to match\n")
1578 int idx_permit_deny
= 3;
1579 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, "::/0", 0, 1);
1582 DEFUN (no_ipv6_access_list
,
1583 no_ipv6_access_list_cmd
,
1584 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1587 "Add an access list entry\n"
1588 "IPv6 zebra access-list\n"
1589 "Specify packets to reject\n"
1590 "Specify packets to forward\n"
1591 "Prefix to match. e.g. 3ffe:506::/32\n")
1594 int idx_permit_deny
= 4;
1595 int idx_ipv6_prefixlen
= 5;
1596 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 0, 0);
1599 DEFUN (no_ipv6_access_list_exact
,
1600 no_ipv6_access_list_exact_cmd
,
1601 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1604 "Add an access list entry\n"
1605 "IPv6 zebra access-list\n"
1606 "Specify packets to reject\n"
1607 "Specify packets to forward\n"
1608 "Prefix to match. e.g. 3ffe:506::/32\n"
1609 "Exact match of the prefixes\n")
1612 int idx_permit_deny
= 4;
1613 int idx_ipv6_prefixlen
= 5;
1614 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 1, 0);
1617 DEFUN (no_ipv6_access_list_any
,
1618 no_ipv6_access_list_any_cmd
,
1619 "no ipv6 access-list WORD <deny|permit> any",
1622 "Add an access list entry\n"
1623 "IPv6 zebra access-list\n"
1624 "Specify packets to reject\n"
1625 "Specify packets to forward\n"
1626 "Any prefixi to match\n")
1629 int idx_permit_deny
= 4;
1630 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, "::/0", 0, 0);
1634 DEFUN (no_ipv6_access_list_all
,
1635 no_ipv6_access_list_all_cmd
,
1636 "no ipv6 access-list WORD",
1639 "Add an access list entry\n"
1640 "IPv6 zebra access-list\n")
1643 struct access_list
*access
;
1644 struct access_master
*master
;
1646 /* Looking up access_list. */
1647 access
= access_list_lookup (AFI_IP6
, argv
[idx_word
]->arg
);
1650 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[idx_word
]->arg
,
1655 master
= access
->master
;
1657 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
1658 /* Run hook function. */
1659 if (master
->delete_hook
)
1660 (*master
->delete_hook
) (access
);
1662 /* Delete all filter from access-list. */
1663 access_list_delete (access
);
1668 DEFUN (ipv6_access_list_remark
,
1669 ipv6_access_list_remark_cmd
,
1670 "ipv6 access-list WORD remark LINE...",
1672 "Add an access list entry\n"
1673 "IPv6 zebra access-list\n"
1674 "Access list entry comment\n"
1675 "Comment up to 100 characters\n")
1679 struct access_list
*access
;
1681 access
= access_list_get (AFI_IP6
, argv
[idx_word
]->arg
);
1685 XFREE (MTYPE_TMP
, access
->remark
);
1686 access
->remark
= NULL
;
1688 access
->remark
= argv_concat(argv
, argc
, idx_line
);
1693 DEFUN (no_ipv6_access_list_remark
,
1694 no_ipv6_access_list_remark_cmd
,
1695 "no ipv6 access-list WORD remark",
1698 "Add an access list entry\n"
1699 "IPv6 zebra access-list\n"
1700 "Access list entry comment\n")
1703 return vty_access_list_remark_unset (vty
, AFI_IP6
, argv
[idx_word
]->arg
);
1707 DEFUN (no_ipv6_access_list_remark_comment
,
1708 no_ipv6_access_list_remark_comment_cmd
,
1709 "no ipv6 access-list WORD remark LINE...",
1712 "Add an access list entry\n"
1713 "IPv6 zebra access-list\n"
1714 "Access list entry comment\n"
1715 "Comment up to 100 characters\n")
1717 return no_ipv6_access_list_remark (self
, vty
, argc
, argv
);
1720 #endif /* HAVE_IPV6 */
1722 void config_write_access_zebra (struct vty
*, struct filter
*);
1723 void config_write_access_cisco (struct vty
*, struct filter
*);
1725 /* show access-list command. */
1727 filter_show (struct vty
*vty
, const char *name
, afi_t afi
)
1729 struct access_list
*access
;
1730 struct access_master
*master
;
1731 struct filter
*mfilter
;
1732 struct filter_cisco
*filter
;
1735 master
= access_master_get (afi
);
1739 /* Print the name of the protocol */
1741 vty_out (vty
, "%s:%s",
1742 zlog_proto_names
[zlog_default
->protocol
], VTY_NEWLINE
);
1744 for (access
= master
->num
.head
; access
; access
= access
->next
)
1746 if (name
&& strcmp (access
->name
, name
) != 0)
1751 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1753 filter
= &mfilter
->u
.cfilter
;
1757 vty_out (vty
, "%s IP%s access list %s%s",
1759 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1760 afi
== AFI_IP6
? "v6" : "",
1761 access
->name
, VTY_NEWLINE
);
1765 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1766 mfilter
->type
== FILTER_DENY
? " " : "");
1768 if (! mfilter
->cisco
)
1769 config_write_access_zebra (vty
, mfilter
);
1770 else if (filter
->extended
)
1771 config_write_access_cisco (vty
, mfilter
);
1774 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1775 vty_out (vty
, " any%s", VTY_NEWLINE
);
1778 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1779 if (filter
->addr_mask
.s_addr
!= 0)
1780 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1781 vty_out (vty
, "%s", VTY_NEWLINE
);
1787 for (access
= master
->str
.head
; access
; access
= access
->next
)
1789 if (name
&& strcmp (access
->name
, name
) != 0)
1794 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1796 filter
= &mfilter
->u
.cfilter
;
1800 vty_out (vty
, "%s IP%s access list %s%s",
1802 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1803 afi
== AFI_IP6
? "v6" : "",
1804 access
->name
, VTY_NEWLINE
);
1808 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1809 mfilter
->type
== FILTER_DENY
? " " : "");
1811 if (! mfilter
->cisco
)
1812 config_write_access_zebra (vty
, mfilter
);
1813 else if (filter
->extended
)
1814 config_write_access_cisco (vty
, mfilter
);
1817 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1818 vty_out (vty
, " any%s", VTY_NEWLINE
);
1821 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1822 if (filter
->addr_mask
.s_addr
!= 0)
1823 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1824 vty_out (vty
, "%s", VTY_NEWLINE
);
1832 DEFUN (show_ip_access_list
,
1833 show_ip_access_list_cmd
,
1834 "show ip access-list",
1837 "List IP access lists\n")
1839 return filter_show (vty
, NULL
, AFI_IP
);
1842 DEFUN (show_ip_access_list_name
,
1843 show_ip_access_list_name_cmd
,
1844 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1847 "List IP access lists\n"
1848 "IP standard access list\n"
1849 "IP extended access list\n"
1850 "IP standard access list (expanded range)\n"
1851 "IP extended access list (expanded range)\n"
1852 "IP zebra access-list\n")
1855 return filter_show (vty
, argv
[idx_acl
]->arg
, AFI_IP
);
1859 DEFUN (show_ipv6_access_list
,
1860 show_ipv6_access_list_cmd
,
1861 "show ipv6 access-list",
1864 "List IPv6 access lists\n")
1866 return filter_show (vty
, NULL
, AFI_IP6
);
1869 DEFUN (show_ipv6_access_list_name
,
1870 show_ipv6_access_list_name_cmd
,
1871 "show ipv6 access-list WORD",
1874 "List IPv6 access lists\n"
1875 "IPv6 zebra access-list\n")
1878 return filter_show (vty
, argv
[idx_word
]->arg
, AFI_IP6
);
1880 #endif /* HAVE_IPV6 */
1883 config_write_access_cisco (struct vty
*vty
, struct filter
*mfilter
)
1885 struct filter_cisco
*filter
;
1887 filter
= &mfilter
->u
.cfilter
;
1889 if (filter
->extended
)
1891 vty_out (vty
, " ip");
1892 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1893 vty_out (vty
, " any");
1894 else if (filter
->addr_mask
.s_addr
== 0)
1895 vty_out (vty
, " host %s", inet_ntoa (filter
->addr
));
1898 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1899 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1902 if (filter
->mask_mask
.s_addr
== 0xffffffff)
1903 vty_out (vty
, " any");
1904 else if (filter
->mask_mask
.s_addr
== 0)
1905 vty_out (vty
, " host %s", inet_ntoa (filter
->mask
));
1908 vty_out (vty
, " %s", inet_ntoa (filter
->mask
));
1909 vty_out (vty
, " %s", inet_ntoa (filter
->mask_mask
));
1911 vty_out (vty
, "%s", VTY_NEWLINE
);
1915 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1916 vty_out (vty
, " any%s", VTY_NEWLINE
);
1919 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1920 if (filter
->addr_mask
.s_addr
!= 0)
1921 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1922 vty_out (vty
, "%s", VTY_NEWLINE
);
1928 config_write_access_zebra (struct vty
*vty
, struct filter
*mfilter
)
1930 struct filter_zebra
*filter
;
1934 filter
= &mfilter
->u
.zfilter
;
1935 p
= &filter
->prefix
;
1937 if (p
->prefixlen
== 0 && ! filter
->exact
)
1938 vty_out (vty
, " any");
1940 vty_out (vty
, " %s/%d%s",
1941 inet_ntop (p
->family
, &p
->u
.prefix
, buf
, BUFSIZ
),
1943 filter
->exact
? " exact-match" : "");
1945 vty_out (vty
, "%s", VTY_NEWLINE
);
1949 config_write_access (struct vty
*vty
, afi_t afi
)
1951 struct access_list
*access
;
1952 struct access_master
*master
;
1953 struct filter
*mfilter
;
1956 master
= access_master_get (afi
);
1960 for (access
= master
->num
.head
; access
; access
= access
->next
)
1964 vty_out (vty
, "%saccess-list %s remark %s%s",
1965 afi
== AFI_IP
? "" : "ipv6 ",
1966 access
->name
, access
->remark
,
1971 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1973 vty_out (vty
, "%saccess-list %s %s",
1974 afi
== AFI_IP
? "" : "ipv6 ",
1976 filter_type_str (mfilter
));
1979 config_write_access_cisco (vty
, mfilter
);
1981 config_write_access_zebra (vty
, mfilter
);
1987 for (access
= master
->str
.head
; access
; access
= access
->next
)
1991 vty_out (vty
, "%saccess-list %s remark %s%s",
1992 afi
== AFI_IP
? "" : "ipv6 ",
1993 access
->name
, access
->remark
,
1998 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
2000 vty_out (vty
, "%saccess-list %s %s",
2001 afi
== AFI_IP
? "" : "ipv6 ",
2003 filter_type_str (mfilter
));
2006 config_write_access_cisco (vty
, mfilter
);
2008 config_write_access_zebra (vty
, mfilter
);
2016 /* Access-list node. */
2017 static struct cmd_node access_node
=
2020 "", /* Access list has no interface. */
2025 config_write_access_ipv4 (struct vty
*vty
)
2027 return config_write_access (vty
, AFI_IP
);
2031 access_list_reset_ipv4 (void)
2033 struct access_list
*access
;
2034 struct access_list
*next
;
2035 struct access_master
*master
;
2037 master
= access_master_get (AFI_IP
);
2041 for (access
= master
->num
.head
; access
; access
= next
)
2043 next
= access
->next
;
2044 access_list_delete (access
);
2046 for (access
= master
->str
.head
; access
; access
= next
)
2048 next
= access
->next
;
2049 access_list_delete (access
);
2052 assert (master
->num
.head
== NULL
);
2053 assert (master
->num
.tail
== NULL
);
2055 assert (master
->str
.head
== NULL
);
2056 assert (master
->str
.tail
== NULL
);
2059 /* Install vty related command. */
2061 access_list_init_ipv4 (void)
2063 install_node (&access_node
, config_write_access_ipv4
);
2065 install_element (ENABLE_NODE
, &show_ip_access_list_cmd
);
2066 install_element (ENABLE_NODE
, &show_ip_access_list_name_cmd
);
2068 /* Zebra access-list */
2069 install_element (CONFIG_NODE
, &access_list_cmd
);
2070 install_element (CONFIG_NODE
, &access_list_exact_cmd
);
2071 install_element (CONFIG_NODE
, &access_list_any_cmd
);
2072 install_element (CONFIG_NODE
, &no_access_list_cmd
);
2073 install_element (CONFIG_NODE
, &no_access_list_exact_cmd
);
2074 install_element (CONFIG_NODE
, &no_access_list_any_cmd
);
2076 /* Standard access-list */
2077 install_element (CONFIG_NODE
, &access_list_standard_cmd
);
2078 install_element (CONFIG_NODE
, &access_list_standard_nomask_cmd
);
2079 install_element (CONFIG_NODE
, &access_list_standard_host_cmd
);
2080 install_element (CONFIG_NODE
, &access_list_standard_any_cmd
);
2081 install_element (CONFIG_NODE
, &no_access_list_standard_cmd
);
2082 install_element (CONFIG_NODE
, &no_access_list_standard_nomask_cmd
);
2083 install_element (CONFIG_NODE
, &no_access_list_standard_host_cmd
);
2084 install_element (CONFIG_NODE
, &no_access_list_standard_any_cmd
);
2086 /* Extended access-list */
2087 install_element (CONFIG_NODE
, &access_list_extended_cmd
);
2088 install_element (CONFIG_NODE
, &access_list_extended_any_mask_cmd
);
2089 install_element (CONFIG_NODE
, &access_list_extended_mask_any_cmd
);
2090 install_element (CONFIG_NODE
, &access_list_extended_any_any_cmd
);
2091 install_element (CONFIG_NODE
, &access_list_extended_host_mask_cmd
);
2092 install_element (CONFIG_NODE
, &access_list_extended_mask_host_cmd
);
2093 install_element (CONFIG_NODE
, &access_list_extended_host_host_cmd
);
2094 install_element (CONFIG_NODE
, &access_list_extended_any_host_cmd
);
2095 install_element (CONFIG_NODE
, &access_list_extended_host_any_cmd
);
2096 install_element (CONFIG_NODE
, &no_access_list_extended_cmd
);
2097 install_element (CONFIG_NODE
, &no_access_list_extended_any_mask_cmd
);
2098 install_element (CONFIG_NODE
, &no_access_list_extended_mask_any_cmd
);
2099 install_element (CONFIG_NODE
, &no_access_list_extended_any_any_cmd
);
2100 install_element (CONFIG_NODE
, &no_access_list_extended_host_mask_cmd
);
2101 install_element (CONFIG_NODE
, &no_access_list_extended_mask_host_cmd
);
2102 install_element (CONFIG_NODE
, &no_access_list_extended_host_host_cmd
);
2103 install_element (CONFIG_NODE
, &no_access_list_extended_any_host_cmd
);
2104 install_element (CONFIG_NODE
, &no_access_list_extended_host_any_cmd
);
2106 install_element (CONFIG_NODE
, &access_list_remark_cmd
);
2107 install_element (CONFIG_NODE
, &no_access_list_all_cmd
);
2108 install_element (CONFIG_NODE
, &no_access_list_remark_cmd
);
2109 install_element (CONFIG_NODE
, &no_access_list_remark_comment_cmd
);
2113 static struct cmd_node access_ipv6_node
=
2121 config_write_access_ipv6 (struct vty
*vty
)
2123 return config_write_access (vty
, AFI_IP6
);
2127 access_list_reset_ipv6 (void)
2129 struct access_list
*access
;
2130 struct access_list
*next
;
2131 struct access_master
*master
;
2133 master
= access_master_get (AFI_IP6
);
2137 for (access
= master
->num
.head
; access
; access
= next
)
2139 next
= access
->next
;
2140 access_list_delete (access
);
2142 for (access
= master
->str
.head
; access
; access
= next
)
2144 next
= access
->next
;
2145 access_list_delete (access
);
2148 assert (master
->num
.head
== NULL
);
2149 assert (master
->num
.tail
== NULL
);
2151 assert (master
->str
.head
== NULL
);
2152 assert (master
->str
.tail
== NULL
);
2156 access_list_init_ipv6 (void)
2158 install_node (&access_ipv6_node
, config_write_access_ipv6
);
2160 install_element (ENABLE_NODE
, &show_ipv6_access_list_cmd
);
2161 install_element (ENABLE_NODE
, &show_ipv6_access_list_name_cmd
);
2163 install_element (CONFIG_NODE
, &ipv6_access_list_cmd
);
2164 install_element (CONFIG_NODE
, &ipv6_access_list_exact_cmd
);
2165 install_element (CONFIG_NODE
, &ipv6_access_list_any_cmd
);
2166 install_element (CONFIG_NODE
, &no_ipv6_access_list_exact_cmd
);
2167 install_element (CONFIG_NODE
, &no_ipv6_access_list_cmd
);
2168 install_element (CONFIG_NODE
, &no_ipv6_access_list_any_cmd
);
2170 install_element (CONFIG_NODE
, &no_ipv6_access_list_all_cmd
);
2171 install_element (CONFIG_NODE
, &ipv6_access_list_remark_cmd
);
2172 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_cmd
);
2173 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_comment_cmd
);
2175 #endif /* HAVE_IPV6 */
2180 access_list_init_ipv4 ();
2182 access_list_init_ipv6();
2183 #endif /* HAVE_IPV6 */
2187 access_list_reset ()
2189 access_list_reset_ipv4 ();
2191 access_list_reset_ipv6();
2192 #endif /* HAVE_IPV6 */