1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27 #include "sockunion.h"
33 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST
, "Access List")
34 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST_STR
, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB
, ACCESS_FILTER
, "Access Filter")
38 /* Cisco access-list */
41 struct in_addr addr_mask
;
43 struct in_addr mask_mask
;
47 /* If this filter is "exact" match then this flag is set. */
50 /* Prefix information. */
54 /* Filter element of access list */
56 /* For doubly linked list. */
60 /* Filter type information. */
61 enum filter_type type
;
66 /* Cisco access-list */
70 struct filter_cisco cfilter
;
71 struct filter_zebra zfilter
;
75 /* List of access_list. */
76 struct access_list_list
{
77 struct access_list
*head
;
78 struct access_list
*tail
;
81 /* Master structure of access_list. */
82 struct access_master
{
83 /* List of access_list which name is number. */
84 struct access_list_list num
;
86 /* List of access_list which name is string. */
87 struct access_list_list str
;
89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook
)(struct access_list
*);
92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook
)(struct access_list
*);
96 /* Static structure for mac access_list's master. */
97 static struct access_master access_master_mac
= {
104 /* Static structure for IPv4 access_list's master. */
105 static struct access_master access_master_ipv4
= {
112 /* Static structure for IPv6 access_list's master. */
113 static struct access_master access_master_ipv6
= {
120 static struct access_master
*access_master_get(afi_t afi
)
123 return &access_master_ipv4
;
124 else if (afi
== AFI_IP6
)
125 return &access_master_ipv6
;
126 else if (afi
== AFI_L2VPN
)
127 return &access_master_mac
;
131 /* Allocate new filter structure. */
132 static struct filter
*filter_new(void)
134 return XCALLOC(MTYPE_ACCESS_FILTER
, sizeof(struct filter
));
137 static void filter_free(struct filter
*filter
)
139 XFREE(MTYPE_ACCESS_FILTER
, filter
);
142 /* Return string of filter_type. */
143 static const char *filter_type_str(struct filter
*filter
)
145 switch (filter
->type
) {
161 /* If filter match to the prefix then return 1. */
162 static int filter_match_cisco(struct filter
*mfilter
, const struct prefix
*p
)
164 struct filter_cisco
*filter
;
169 filter
= &mfilter
->u
.cfilter
;
170 check_addr
= p
->u
.prefix4
.s_addr
& ~filter
->addr_mask
.s_addr
;
172 if (filter
->extended
) {
173 masklen2ip(p
->prefixlen
, &mask
);
174 check_mask
= mask
.s_addr
& ~filter
->mask_mask
.s_addr
;
176 if (memcmp(&check_addr
, &filter
->addr
.s_addr
, 4) == 0
177 && memcmp(&check_mask
, &filter
->mask
.s_addr
, 4) == 0)
179 } else if (memcmp(&check_addr
, &filter
->addr
.s_addr
, 4) == 0)
185 /* If filter match to the prefix then return 1. */
186 static int filter_match_zebra(struct filter
*mfilter
, const struct prefix
*p
)
188 struct filter_zebra
*filter
= NULL
;
190 filter
= &mfilter
->u
.zfilter
;
192 if (filter
->prefix
.family
== p
->family
) {
194 if (filter
->prefix
.prefixlen
== p
->prefixlen
)
195 return prefix_match(&filter
->prefix
, p
);
199 return prefix_match(&filter
->prefix
, p
);
204 /* Allocate new access list structure. */
205 static struct access_list
*access_list_new(void)
207 return XCALLOC(MTYPE_ACCESS_LIST
, sizeof(struct access_list
));
210 /* Free allocated access_list. */
211 static void access_list_free(struct access_list
*access
)
213 XFREE(MTYPE_ACCESS_LIST
, access
);
216 /* Delete access_list from access_master and free it. */
217 static void access_list_delete(struct access_list
*access
)
219 struct filter
*filter
;
221 struct access_list_list
*list
;
222 struct access_master
*master
;
224 for (filter
= access
->head
; filter
; filter
= next
) {
229 master
= access
->master
;
231 if (access
->type
== ACCESS_TYPE_NUMBER
)
237 access
->next
->prev
= access
->prev
;
239 list
->tail
= access
->prev
;
242 access
->prev
->next
= access
->next
;
244 list
->head
= access
->next
;
246 XFREE(MTYPE_ACCESS_LIST_STR
, access
->name
);
248 XFREE(MTYPE_TMP
, access
->remark
);
250 access_list_free(access
);
253 /* Insert new access list to list of access_list. Each acceess_list
254 is sorted by the name. */
255 static struct access_list
*access_list_insert(afi_t afi
, const char *name
)
259 struct access_list
*access
;
260 struct access_list
*point
;
261 struct access_list_list
*alist
;
262 struct access_master
*master
;
264 master
= access_master_get(afi
);
268 /* Allocate new access_list and copy given name. */
269 access
= access_list_new();
270 access
->name
= XSTRDUP(MTYPE_ACCESS_LIST_STR
, name
);
271 access
->master
= master
;
273 /* If name is made by all digit character. We treat it as
275 for (number
= 0, i
= 0; i
< strlen(name
); i
++) {
276 if (isdigit((int)name
[i
]))
277 number
= (number
* 10) + (name
[i
] - '0');
282 /* In case of name is all digit character */
283 if (i
== strlen(name
)) {
284 access
->type
= ACCESS_TYPE_NUMBER
;
286 /* Set access_list to number list. */
287 alist
= &master
->num
;
289 for (point
= alist
->head
; point
; point
= point
->next
)
290 if (atol(point
->name
) >= number
)
293 access
->type
= ACCESS_TYPE_STRING
;
295 /* Set access_list to string list. */
296 alist
= &master
->str
;
298 /* Set point to insertion point. */
299 for (point
= alist
->head
; point
; point
= point
->next
)
300 if (strcmp(point
->name
, name
) >= 0)
304 /* In case of this is the first element of master. */
305 if (alist
->head
== NULL
) {
306 alist
->head
= alist
->tail
= access
;
310 /* In case of insertion is made at the tail of access_list. */
312 access
->prev
= alist
->tail
;
313 alist
->tail
->next
= access
;
314 alist
->tail
= access
;
318 /* In case of insertion is made at the head of access_list. */
319 if (point
== alist
->head
) {
320 access
->next
= alist
->head
;
321 alist
->head
->prev
= access
;
322 alist
->head
= access
;
326 /* Insertion is made at middle of the access_list. */
327 access
->next
= point
;
328 access
->prev
= point
->prev
;
331 point
->prev
->next
= access
;
332 point
->prev
= access
;
337 /* Lookup access_list from list of access_list by name. */
338 struct access_list
*access_list_lookup(afi_t afi
, const char *name
)
340 struct access_list
*access
;
341 struct access_master
*master
;
346 master
= access_master_get(afi
);
350 for (access
= master
->num
.head
; access
; access
= access
->next
)
351 if (strcmp(access
->name
, name
) == 0)
354 for (access
= master
->str
.head
; access
; access
= access
->next
)
355 if (strcmp(access
->name
, name
) == 0)
361 /* Get access list from list of access_list. If there isn't matched
362 access_list create new one and return it. */
363 static struct access_list
*access_list_get(afi_t afi
, const char *name
)
365 struct access_list
*access
;
367 access
= access_list_lookup(afi
, name
);
369 access
= access_list_insert(afi
, name
);
373 /* Apply access list to object (which should be struct prefix *). */
374 enum filter_type
access_list_apply(struct access_list
*access
,
377 struct filter
*filter
;
378 const struct prefix
*p
= (const struct prefix
*)object
;
383 for (filter
= access
->head
; filter
; filter
= filter
->next
) {
385 if (filter_match_cisco(filter
, p
))
388 if (filter_match_zebra(filter
, p
))
396 /* Add hook function. */
397 void access_list_add_hook(void (*func
)(struct access_list
*access
))
399 access_master_ipv4
.add_hook
= func
;
400 access_master_ipv6
.add_hook
= func
;
401 access_master_mac
.add_hook
= func
;
404 /* Delete hook function. */
405 void access_list_delete_hook(void (*func
)(struct access_list
*access
))
407 access_master_ipv4
.delete_hook
= func
;
408 access_master_ipv6
.delete_hook
= func
;
409 access_master_mac
.delete_hook
= func
;
412 /* Calculate new sequential number. */
413 static int64_t filter_new_seq_get(struct access_list
*access
)
417 struct filter
*filter
;
421 for (filter
= access
->head
; filter
; filter
= filter
->next
) {
422 if (maxseq
< filter
->seq
)
423 maxseq
= filter
->seq
;
426 newseq
= ((maxseq
/ 5) * 5) + 5;
428 return (newseq
> UINT_MAX
) ? UINT_MAX
: newseq
;
431 /* Return access list entry which has same seq number. */
432 static struct filter
*filter_seq_check(struct access_list
*access
,
435 struct filter
*filter
;
437 for (filter
= access
->head
; filter
; filter
= filter
->next
)
438 if (filter
->seq
== seq
)
443 /* If access_list has no filter then return 1. */
444 static int access_list_empty(struct access_list
*access
)
446 if (access
->head
== NULL
&& access
->tail
== NULL
)
452 /* Delete filter from specified access_list. If there is hook
453 function execute it. */
454 static void access_list_filter_delete(struct access_list
*access
,
455 struct filter
*filter
)
457 struct access_master
*master
;
459 master
= access
->master
;
462 filter
->next
->prev
= filter
->prev
;
464 access
->tail
= filter
->prev
;
467 filter
->prev
->next
= filter
->next
;
469 access
->head
= filter
->next
;
473 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
474 /* Run hook function. */
475 if (master
->delete_hook
)
476 (*master
->delete_hook
)(access
);
478 /* If access_list becomes empty delete it from access_master. */
479 if (access_list_empty(access
))
480 access_list_delete(access
);
483 /* Add new filter to the end of specified access_list. */
484 static void access_list_filter_add(struct access_list
*access
,
485 struct filter
*filter
)
487 struct filter
*replace
;
488 struct filter
*point
;
490 /* Automatic asignment of seq no. */
491 if (filter
->seq
== -1)
492 filter
->seq
= filter_new_seq_get(access
);
494 if (access
->tail
&& filter
->seq
> access
->tail
->seq
)
497 /* Is there any same seq access list filter? */
498 replace
= filter_seq_check(access
, filter
->seq
);
500 access_list_filter_delete(access
, replace
);
502 /* Check insert point. */
503 for (point
= access
->head
; point
; point
= point
->next
)
504 if (point
->seq
>= filter
->seq
)
508 /* In case of this is the first element of the list. */
509 filter
->next
= point
;
513 point
->prev
->next
= filter
;
515 access
->head
= filter
;
517 filter
->prev
= point
->prev
;
518 point
->prev
= filter
;
521 access
->tail
->next
= filter
;
523 access
->head
= filter
;
525 filter
->prev
= access
->tail
;
526 access
->tail
= filter
;
529 /* Run hook function. */
530 if (access
->master
->add_hook
)
531 (*access
->master
->add_hook
)(access
);
532 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_ADDED
);
536 deny Specify packets to reject
537 permit Specify packets to forward
542 Hostname or A.B.C.D Address to match
544 host A single host address
547 static struct filter
*filter_lookup_cisco(struct access_list
*access
,
550 struct filter
*mfilter
;
551 struct filter_cisco
*filter
;
552 struct filter_cisco
*new;
554 new = &mnew
->u
.cfilter
;
556 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
557 filter
= &mfilter
->u
.cfilter
;
559 if (filter
->extended
) {
560 if (mfilter
->type
== mnew
->type
561 && filter
->addr
.s_addr
== new->addr
.s_addr
562 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
563 && filter
->mask
.s_addr
== new->mask
.s_addr
564 && filter
->mask_mask
.s_addr
565 == new->mask_mask
.s_addr
)
568 if (mfilter
->type
== mnew
->type
569 && filter
->addr
.s_addr
== new->addr
.s_addr
570 && filter
->addr_mask
.s_addr
571 == new->addr_mask
.s_addr
)
579 static struct filter
*filter_lookup_zebra(struct access_list
*access
,
582 struct filter
*mfilter
;
583 struct filter_zebra
*filter
;
584 struct filter_zebra
*new;
586 new = &mnew
->u
.zfilter
;
588 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
589 filter
= &mfilter
->u
.zfilter
;
591 if (filter
->exact
== new->exact
592 && mfilter
->type
== mnew
->type
) {
593 if (prefix_same(&filter
->prefix
, &new->prefix
))
600 static int vty_access_list_remark_unset(struct vty
*vty
, afi_t afi
,
603 struct access_list
*access
;
605 access
= access_list_lookup(afi
, name
);
607 vty_out(vty
, "%% access-list %s doesn't exist\n", name
);
608 return CMD_WARNING_CONFIG_FAILED
;
611 if (access
->remark
) {
612 XFREE(MTYPE_TMP
, access
->remark
);
613 access
->remark
= NULL
;
616 if (access
->head
== NULL
&& access
->tail
== NULL
)
617 access_list_delete(access
);
622 static int filter_set_cisco(struct vty
*vty
, const char *name_str
,
623 const char *seq
, const char *type_str
,
624 const char *addr_str
, const char *addr_mask_str
,
625 const char *mask_str
, const char *mask_mask_str
,
626 int extended
, int set
)
629 enum filter_type type
= FILTER_DENY
;
630 struct filter
*mfilter
;
631 struct filter_cisco
*filter
;
632 struct access_list
*access
;
634 struct in_addr addr_mask
;
636 struct in_addr mask_mask
;
640 seqnum
= (int64_t)atol(seq
);
642 /* Check of filter type. */
644 if (strncmp(type_str
, "p", 1) == 0)
645 type
= FILTER_PERMIT
;
646 else if (strncmp(type_str
, "d", 1) == 0)
649 vty_out(vty
, "%% filter type must be permit or deny\n");
650 return CMD_WARNING_CONFIG_FAILED
;
654 ret
= inet_aton(addr_str
, &addr
);
656 vty_out(vty
, "%%Inconsistent address and mask\n");
657 return CMD_WARNING_CONFIG_FAILED
;
660 ret
= inet_aton(addr_mask_str
, &addr_mask
);
662 vty_out(vty
, "%%Inconsistent address and mask\n");
663 return CMD_WARNING_CONFIG_FAILED
;
667 ret
= inet_aton(mask_str
, &mask
);
669 vty_out(vty
, "%%Inconsistent address and mask\n");
670 return CMD_WARNING_CONFIG_FAILED
;
673 ret
= inet_aton(mask_mask_str
, &mask_mask
);
675 vty_out(vty
, "%%Inconsistent address and mask\n");
676 return CMD_WARNING_CONFIG_FAILED
;
680 mfilter
= filter_new();
681 mfilter
->type
= type
;
683 mfilter
->seq
= seqnum
;
684 filter
= &mfilter
->u
.cfilter
;
685 filter
->extended
= extended
;
686 filter
->addr
.s_addr
= addr
.s_addr
& ~addr_mask
.s_addr
;
687 filter
->addr_mask
.s_addr
= addr_mask
.s_addr
;
690 filter
->mask
.s_addr
= mask
.s_addr
& ~mask_mask
.s_addr
;
691 filter
->mask_mask
.s_addr
= mask_mask
.s_addr
;
694 /* Install new filter to the access_list. */
695 access
= access_list_get(AFI_IP
, name_str
);
698 if (filter_lookup_cisco(access
, mfilter
))
699 filter_free(mfilter
);
701 access_list_filter_add(access
, mfilter
);
703 struct filter
*delete_filter
;
705 delete_filter
= filter_lookup_cisco(access
, mfilter
);
707 access_list_filter_delete(access
, delete_filter
);
709 filter_free(mfilter
);
715 /* Standard access-list */
716 DEFUN (access_list_standard
,
717 access_list_standard_cmd
,
718 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
719 "Add an access list entry\n"
720 "IP standard access list\n"
721 "IP standard access list (expanded range)\n"
722 "Sequence number of an entry\n"
724 "Specify packets to reject\n"
725 "Specify packets to forward\n"
732 char *permit_deny
= NULL
;
733 char *address
= NULL
;
734 char *wildcard
= NULL
;
736 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
738 seq
= argv
[idx
]->arg
;
741 argv_find(argv
, argc
, "permit", &idx
);
742 argv_find(argv
, argc
, "deny", &idx
);
744 permit_deny
= argv
[idx
]->arg
;
747 argv_find(argv
, argc
, "A.B.C.D", &idx
);
749 address
= argv
[idx
]->arg
;
750 wildcard
= argv
[idx
+ 1]->arg
;
753 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
754 address
, wildcard
, NULL
, NULL
, 0, 1);
757 DEFUN (access_list_standard_nomask
,
758 access_list_standard_nomask_cmd
,
759 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
760 "Add an access list entry\n"
761 "IP standard access list\n"
762 "IP standard access list (expanded range)\n"
763 "Sequence number of an entry\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
767 "Address to match\n")
772 char *permit_deny
= NULL
;
773 char *address
= NULL
;
775 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
777 seq
= argv
[idx
]->arg
;
780 argv_find(argv
, argc
, "permit", &idx
);
781 argv_find(argv
, argc
, "deny", &idx
);
783 permit_deny
= argv
[idx
]->arg
;
786 argv_find(argv
, argc
, "A.B.C.D", &idx
);
788 address
= argv
[idx
]->arg
;
790 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
791 address
, "0.0.0.0", NULL
, NULL
, 0, 1);
794 DEFUN (access_list_standard_host
,
795 access_list_standard_host_cmd
,
796 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
797 "Add an access list entry\n"
798 "IP standard access list\n"
799 "IP standard access list (expanded range)\n"
800 "Sequence number of an entry\n"
802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "A single host address\n"
805 "Address to match\n")
810 char *permit_deny
= NULL
;
811 char *address
= NULL
;
813 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
815 seq
= argv
[idx
]->arg
;
818 argv_find(argv
, argc
, "permit", &idx
);
819 argv_find(argv
, argc
, "deny", &idx
);
821 permit_deny
= argv
[idx
]->arg
;
824 argv_find(argv
, argc
, "A.B.C.D", &idx
);
826 address
= argv
[idx
]->arg
;
828 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
829 address
, "0.0.0.0", NULL
, NULL
, 0, 1);
832 DEFUN (access_list_standard_any
,
833 access_list_standard_any_cmd
,
834 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
835 "Add an access list entry\n"
836 "IP standard access list\n"
837 "IP standard access list (expanded range)\n"
838 "Sequence number of an entry\n"
840 "Specify packets to reject\n"
841 "Specify packets to forward\n"
847 char *permit_deny
= NULL
;
849 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
851 seq
= argv
[idx
]->arg
;
854 argv_find(argv
, argc
, "permit", &idx
);
855 argv_find(argv
, argc
, "deny", &idx
);
857 permit_deny
= argv
[idx
]->arg
;
859 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
860 "0.0.0.0", "255.255.255.255", NULL
, NULL
, 0, 1);
863 DEFUN (no_access_list_standard
,
864 no_access_list_standard_cmd
,
865 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
867 "Add an access list entry\n"
868 "IP standard access list\n"
869 "IP standard access list (expanded range)\n"
870 "Sequence number of an entry\n"
872 "Specify packets to reject\n"
873 "Specify packets to forward\n"
880 char *permit_deny
= NULL
;
881 char *address
= NULL
;
882 char *wildcard
= NULL
;
884 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
886 seq
= argv
[idx
]->arg
;
889 argv_find(argv
, argc
, "permit", &idx
);
890 argv_find(argv
, argc
, "deny", &idx
);
892 permit_deny
= argv
[idx
]->arg
;
895 argv_find(argv
, argc
, "A.B.C.D", &idx
);
897 address
= argv
[idx
]->arg
;
898 wildcard
= argv
[idx
+ 1]->arg
;
901 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
902 address
, wildcard
, NULL
, NULL
, 0, 0);
905 DEFUN (no_access_list_standard_nomask
,
906 no_access_list_standard_nomask_cmd
,
907 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
909 "Add an access list entry\n"
910 "IP standard access list\n"
911 "IP standard access list (expanded range)\n"
912 "Sequence number of an entry\n"
914 "Specify packets to reject\n"
915 "Specify packets to forward\n"
916 "Address to match\n")
921 char *permit_deny
= NULL
;
922 char *address
= NULL
;
924 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
926 seq
= argv
[idx
]->arg
;
929 argv_find(argv
, argc
, "permit", &idx
);
930 argv_find(argv
, argc
, "deny", &idx
);
932 permit_deny
= argv
[idx
]->arg
;
935 argv_find(argv
, argc
, "A.B.C.D", &idx
);
937 address
= argv
[idx
]->arg
;
939 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
940 address
, "0.0.0.0", NULL
, NULL
, 0, 0);
943 DEFUN (no_access_list_standard_host
,
944 no_access_list_standard_host_cmd
,
945 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
947 "Add an access list entry\n"
948 "IP standard access list\n"
949 "IP standard access list (expanded range)\n"
950 "Sequence number of an entry\n"
952 "Specify packets to reject\n"
953 "Specify packets to forward\n"
954 "A single host address\n"
955 "Address to match\n")
960 char *permit_deny
= NULL
;
961 char *address
= NULL
;
963 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
965 seq
= argv
[idx
]->arg
;
968 argv_find(argv
, argc
, "permit", &idx
);
969 argv_find(argv
, argc
, "deny", &idx
);
971 permit_deny
= argv
[idx
]->arg
;
974 argv_find(argv
, argc
, "A.B.C.D", &idx
);
976 address
= argv
[idx
]->arg
;
978 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
979 address
, "0.0.0.0", NULL
, NULL
, 0, 0);
982 DEFUN (no_access_list_standard_any
,
983 no_access_list_standard_any_cmd
,
984 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
986 "Add an access list entry\n"
987 "IP standard access list\n"
988 "IP standard access list (expanded range)\n"
989 "Sequence number of an entry\n"
991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
998 char *permit_deny
= NULL
;
1000 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1002 seq
= argv
[idx
]->arg
;
1005 argv_find(argv
, argc
, "permit", &idx
);
1006 argv_find(argv
, argc
, "deny", &idx
);
1008 permit_deny
= argv
[idx
]->arg
;
1010 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1011 "0.0.0.0", "255.255.255.255", NULL
, NULL
, 0, 0);
1014 /* Extended access-list */
1015 DEFUN (access_list_extended
,
1016 access_list_extended_cmd
,
1017 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1018 "Add an access list entry\n"
1019 "IP extended access list\n"
1020 "IP extended access list (expanded range)\n"
1021 "Sequence number of an entry\n"
1023 "Specify packets to reject\n"
1024 "Specify packets to forward\n"
1025 "Any Internet Protocol\n"
1027 "Source wildcard bits\n"
1028 "Destination address\n"
1029 "Destination Wildcard bits\n")
1034 char *permit_deny
= NULL
;
1037 char *src_wildcard
= NULL
;
1038 char *dst_wildcard
= NULL
;
1040 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1042 seq
= argv
[idx
]->arg
;
1045 argv_find(argv
, argc
, "permit", &idx
);
1046 argv_find(argv
, argc
, "deny", &idx
);
1048 permit_deny
= argv
[idx
]->arg
;
1051 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1053 src
= argv
[idx
]->arg
;
1054 src_wildcard
= argv
[idx
+ 1]->arg
;
1055 dst
= argv
[idx
+ 2]->arg
;
1056 dst_wildcard
= argv
[idx
+ 3]->arg
;
1059 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1060 src_wildcard
, dst
, dst_wildcard
, 1, 1);
1063 DEFUN (access_list_extended_mask_any
,
1064 access_list_extended_mask_any_cmd
,
1065 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1066 "Add an access list entry\n"
1067 "IP extended access list\n"
1068 "IP extended access list (expanded range)\n"
1069 "Sequence number of an entry\n"
1071 "Specify packets to reject\n"
1072 "Specify packets to forward\n"
1073 "Any Internet Protocol\n"
1075 "Source wildcard bits\n"
1076 "Any destination host\n")
1081 char *permit_deny
= NULL
;
1083 char *src_wildcard
= NULL
;
1085 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1087 seq
= argv
[idx
]->arg
;
1090 argv_find(argv
, argc
, "permit", &idx
);
1091 argv_find(argv
, argc
, "deny", &idx
);
1093 permit_deny
= argv
[idx
]->arg
;
1096 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1098 src
= argv
[idx
]->arg
;
1099 src_wildcard
= argv
[idx
+ 1]->arg
;
1102 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1103 src_wildcard
, "0.0.0.0", "255.255.255.255", 1,
1107 DEFUN (access_list_extended_any_mask
,
1108 access_list_extended_any_mask_cmd
,
1109 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1110 "Add an access list entry\n"
1111 "IP extended access list\n"
1112 "IP extended access list (expanded range)\n"
1113 "Sequence number of an entry\n"
1115 "Specify packets to reject\n"
1116 "Specify packets to forward\n"
1117 "Any Internet Protocol\n"
1119 "Destination address\n"
1120 "Destination Wildcard bits\n")
1125 char *permit_deny
= NULL
;
1127 char *dst_wildcard
= NULL
;
1129 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1131 seq
= argv
[idx
]->arg
;
1134 argv_find(argv
, argc
, "permit", &idx
);
1135 argv_find(argv
, argc
, "deny", &idx
);
1137 permit_deny
= argv
[idx
]->arg
;
1140 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1142 dst
= argv
[idx
]->arg
;
1143 dst_wildcard
= argv
[idx
+ 1]->arg
;
1146 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1147 "0.0.0.0", "255.255.255.255", dst
, dst_wildcard
,
1151 DEFUN (access_list_extended_any_any
,
1152 access_list_extended_any_any_cmd
,
1153 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1154 "Add an access list entry\n"
1155 "IP extended access list\n"
1156 "IP extended access list (expanded range)\n"
1157 "Sequence number of an entry\n"
1159 "Specify packets to reject\n"
1160 "Specify packets to forward\n"
1161 "Any Internet Protocol\n"
1163 "Any destination host\n")
1168 char *permit_deny
= NULL
;
1170 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1172 seq
= argv
[idx
]->arg
;
1175 argv_find(argv
, argc
, "permit", &idx
);
1176 argv_find(argv
, argc
, "deny", &idx
);
1178 permit_deny
= argv
[idx
]->arg
;
1180 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1181 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1182 "255.255.255.255", 1, 1);
1185 DEFUN (access_list_extended_mask_host
,
1186 access_list_extended_mask_host_cmd
,
1187 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1188 "Add an access list entry\n"
1189 "IP extended access list\n"
1190 "IP extended access list (expanded range)\n"
1191 "Sequence number of an entry\n"
1193 "Specify packets to reject\n"
1194 "Specify packets to forward\n"
1195 "Any Internet Protocol\n"
1197 "Source wildcard bits\n"
1198 "A single destination host\n"
1199 "Destination address\n")
1204 char *permit_deny
= NULL
;
1207 char *src_wildcard
= NULL
;
1209 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1211 seq
= argv
[idx
]->arg
;
1214 argv_find(argv
, argc
, "permit", &idx
);
1215 argv_find(argv
, argc
, "deny", &idx
);
1217 permit_deny
= argv
[idx
]->arg
;
1220 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1222 src
= argv
[idx
]->arg
;
1223 src_wildcard
= argv
[idx
+ 1]->arg
;
1224 dst
= argv
[idx
+ 3]->arg
;
1227 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1228 src_wildcard
, dst
, "0.0.0.0", 1, 1);
1231 DEFUN (access_list_extended_host_mask
,
1232 access_list_extended_host_mask_cmd
,
1233 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1234 "Add an access list entry\n"
1235 "IP extended access list\n"
1236 "IP extended access list (expanded range)\n"
1237 "Sequence number of an entry\n"
1239 "Specify packets to reject\n"
1240 "Specify packets to forward\n"
1241 "Any Internet Protocol\n"
1242 "A single source host\n"
1244 "Destination address\n"
1245 "Destination Wildcard bits\n")
1250 char *permit_deny
= NULL
;
1253 char *dst_wildcard
= NULL
;
1255 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1257 seq
= argv
[idx
]->arg
;
1260 argv_find(argv
, argc
, "permit", &idx
);
1261 argv_find(argv
, argc
, "deny", &idx
);
1263 permit_deny
= argv
[idx
]->arg
;
1266 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1268 src
= argv
[idx
]->arg
;
1269 dst
= argv
[idx
+ 1]->arg
;
1270 dst_wildcard
= argv
[idx
+ 2]->arg
;
1273 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1274 "0.0.0.0", dst
, dst_wildcard
, 1, 1);
1277 DEFUN (access_list_extended_host_host
,
1278 access_list_extended_host_host_cmd
,
1279 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1280 "Add an access list entry\n"
1281 "IP extended access list\n"
1282 "IP extended access list (expanded range)\n"
1283 "Sequence number of an entry\n"
1285 "Specify packets to reject\n"
1286 "Specify packets to forward\n"
1287 "Any Internet Protocol\n"
1288 "A single source host\n"
1290 "A single destination host\n"
1291 "Destination address\n")
1296 char *permit_deny
= NULL
;
1300 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1302 seq
= argv
[idx
]->arg
;
1305 argv_find(argv
, argc
, "permit", &idx
);
1306 argv_find(argv
, argc
, "deny", &idx
);
1308 permit_deny
= argv
[idx
]->arg
;
1311 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1313 src
= argv
[idx
]->arg
;
1314 dst
= argv
[idx
+ 2]->arg
;
1317 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1318 "0.0.0.0", dst
, "0.0.0.0", 1, 1);
1321 DEFUN (access_list_extended_any_host
,
1322 access_list_extended_any_host_cmd
,
1323 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1324 "Add an access list entry\n"
1325 "IP extended access list\n"
1326 "IP extended access list (expanded range)\n"
1327 "Sequence number of an entry\n"
1329 "Specify packets to reject\n"
1330 "Specify packets to forward\n"
1331 "Any Internet Protocol\n"
1333 "A single destination host\n"
1334 "Destination address\n")
1339 char *permit_deny
= NULL
;
1342 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1344 seq
= argv
[idx
]->arg
;
1347 argv_find(argv
, argc
, "permit", &idx
);
1348 argv_find(argv
, argc
, "deny", &idx
);
1350 permit_deny
= argv
[idx
]->arg
;
1353 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1355 dst
= argv
[idx
]->arg
;
1357 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1358 "0.0.0.0", "255.255.255.255", dst
, "0.0.0.0", 1,
1362 DEFUN (access_list_extended_host_any
,
1363 access_list_extended_host_any_cmd
,
1364 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1365 "Add an access list entry\n"
1366 "IP extended access list\n"
1367 "IP extended access list (expanded range)\n"
1368 "Sequence number of an entry\n"
1370 "Specify packets to reject\n"
1371 "Specify packets to forward\n"
1372 "Any Internet Protocol\n"
1373 "A single source host\n"
1375 "Any destination host\n")
1380 char *permit_deny
= NULL
;
1383 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1385 seq
= argv
[idx
]->arg
;
1388 argv_find(argv
, argc
, "permit", &idx
);
1389 argv_find(argv
, argc
, "deny", &idx
);
1391 permit_deny
= argv
[idx
]->arg
;
1394 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1396 src
= argv
[idx
]->arg
;
1398 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1399 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
1402 DEFUN (no_access_list_extended
,
1403 no_access_list_extended_cmd
,
1404 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1406 "Add an access list entry\n"
1407 "IP extended access list\n"
1408 "IP extended access list (expanded range)\n"
1409 "Sequence number of an entry\n"
1411 "Specify packets to reject\n"
1412 "Specify packets to forward\n"
1413 "Any Internet Protocol\n"
1415 "Source wildcard bits\n"
1416 "Destination address\n"
1417 "Destination Wildcard bits\n")
1422 char *permit_deny
= NULL
;
1425 char *src_wildcard
= NULL
;
1426 char *dst_wildcard
= NULL
;
1428 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1430 seq
= argv
[idx
]->arg
;
1433 argv_find(argv
, argc
, "permit", &idx
);
1434 argv_find(argv
, argc
, "deny", &idx
);
1436 permit_deny
= argv
[idx
]->arg
;
1439 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1441 src
= argv
[idx
]->arg
;
1442 src_wildcard
= argv
[idx
+ 1]->arg
;
1443 dst
= argv
[idx
+ 2]->arg
;
1444 dst_wildcard
= argv
[idx
+ 3]->arg
;
1447 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1448 src_wildcard
, dst
, dst_wildcard
, 1, 0);
1451 DEFUN (no_access_list_extended_mask_any
,
1452 no_access_list_extended_mask_any_cmd
,
1453 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1455 "Add an access list entry\n"
1456 "IP extended access list\n"
1457 "IP extended access list (expanded range)\n"
1458 "Sequence number of an entry\n"
1460 "Specify packets to reject\n"
1461 "Specify packets to forward\n"
1462 "Any Internet Protocol\n"
1464 "Source wildcard bits\n"
1465 "Any destination host\n")
1470 char *permit_deny
= NULL
;
1472 char *src_wildcard
= NULL
;
1474 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1476 seq
= argv
[idx
]->arg
;
1479 argv_find(argv
, argc
, "permit", &idx
);
1480 argv_find(argv
, argc
, "deny", &idx
);
1482 permit_deny
= argv
[idx
]->arg
;
1485 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1487 src
= argv
[idx
]->arg
;
1488 src_wildcard
= argv
[idx
+ 1]->arg
;
1491 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1492 src_wildcard
, "0.0.0.0", "255.255.255.255", 1,
1496 DEFUN (no_access_list_extended_any_mask
,
1497 no_access_list_extended_any_mask_cmd
,
1498 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1500 "Add an access list entry\n"
1501 "IP extended access list\n"
1502 "IP extended access list (expanded range)\n"
1503 "Sequence number of an entry\n"
1505 "Specify packets to reject\n"
1506 "Specify packets to forward\n"
1507 "Any Internet Protocol\n"
1509 "Destination address\n"
1510 "Destination Wildcard bits\n")
1515 char *permit_deny
= NULL
;
1517 char *dst_wildcard
= NULL
;
1519 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1521 seq
= argv
[idx
]->arg
;
1524 argv_find(argv
, argc
, "permit", &idx
);
1525 argv_find(argv
, argc
, "deny", &idx
);
1527 permit_deny
= argv
[idx
]->arg
;
1530 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1532 dst
= argv
[idx
]->arg
;
1533 dst_wildcard
= argv
[idx
+ 1]->arg
;
1536 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1537 "0.0.0.0", "255.255.255.255", dst
, dst_wildcard
,
1541 DEFUN (no_access_list_extended_any_any
,
1542 no_access_list_extended_any_any_cmd
,
1543 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1545 "Add an access list entry\n"
1546 "IP extended access list\n"
1547 "IP extended access list (expanded range)\n"
1548 "Sequence number of an entry\n"
1550 "Specify packets to reject\n"
1551 "Specify packets to forward\n"
1552 "Any Internet Protocol\n"
1554 "Any destination host\n")
1559 char *permit_deny
= NULL
;
1561 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1563 seq
= argv
[idx
]->arg
;
1566 argv_find(argv
, argc
, "permit", &idx
);
1567 argv_find(argv
, argc
, "deny", &idx
);
1569 permit_deny
= argv
[idx
]->arg
;
1571 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1572 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1573 "255.255.255.255", 1, 0);
1576 DEFUN (no_access_list_extended_mask_host
,
1577 no_access_list_extended_mask_host_cmd
,
1578 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1580 "Add an access list entry\n"
1581 "IP extended access list\n"
1582 "IP extended access list (expanded range)\n"
1583 "Sequence number of an entry\n"
1585 "Specify packets to reject\n"
1586 "Specify packets to forward\n"
1587 "Any Internet Protocol\n"
1589 "Source wildcard bits\n"
1590 "A single destination host\n"
1591 "Destination address\n")
1596 char *permit_deny
= NULL
;
1599 char *src_wildcard
= NULL
;
1601 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1603 seq
= argv
[idx
]->arg
;
1606 argv_find(argv
, argc
, "permit", &idx
);
1607 argv_find(argv
, argc
, "deny", &idx
);
1609 permit_deny
= argv
[idx
]->arg
;
1612 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1614 src
= argv
[idx
]->arg
;
1615 src_wildcard
= argv
[idx
+ 1]->arg
;
1616 dst
= argv
[idx
+ 3]->arg
;
1619 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1620 src_wildcard
, dst
, "0.0.0.0", 1, 0);
1623 DEFUN (no_access_list_extended_host_mask
,
1624 no_access_list_extended_host_mask_cmd
,
1625 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1627 "Add an access list entry\n"
1628 "IP extended access list\n"
1629 "IP extended access list (expanded range)\n"
1630 "Sequence number of an entry\n"
1632 "Specify packets to reject\n"
1633 "Specify packets to forward\n"
1634 "Any Internet Protocol\n"
1635 "A single source host\n"
1637 "Destination address\n"
1638 "Destination Wildcard bits\n")
1643 char *permit_deny
= NULL
;
1646 char *dst_wildcard
= NULL
;
1648 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1650 seq
= argv
[idx
]->arg
;
1653 argv_find(argv
, argc
, "permit", &idx
);
1654 argv_find(argv
, argc
, "deny", &idx
);
1656 permit_deny
= argv
[idx
]->arg
;
1659 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1661 src
= argv
[idx
]->arg
;
1662 dst
= argv
[idx
+ 1]->arg
;
1663 dst_wildcard
= argv
[idx
+ 2]->arg
;
1666 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1667 "0.0.0.0", dst
, dst_wildcard
, 1, 0);
1670 DEFUN (no_access_list_extended_host_host
,
1671 no_access_list_extended_host_host_cmd
,
1672 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1674 "Add an access list entry\n"
1675 "IP extended access list\n"
1676 "IP extended access list (expanded range)\n"
1677 "Sequence number of an entry\n"
1679 "Specify packets to reject\n"
1680 "Specify packets to forward\n"
1681 "Any Internet Protocol\n"
1682 "A single source host\n"
1684 "A single destination host\n"
1685 "Destination address\n")
1690 char *permit_deny
= NULL
;
1694 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1696 seq
= argv
[idx
]->arg
;
1699 argv_find(argv
, argc
, "permit", &idx
);
1700 argv_find(argv
, argc
, "deny", &idx
);
1702 permit_deny
= argv
[idx
]->arg
;
1705 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1707 src
= argv
[idx
]->arg
;
1708 dst
= argv
[idx
+ 2]->arg
;
1711 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1712 "0.0.0.0", dst
, "0.0.0.0", 1, 0);
1715 DEFUN (no_access_list_extended_any_host
,
1716 no_access_list_extended_any_host_cmd
,
1717 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1719 "Add an access list entry\n"
1720 "IP extended access list\n"
1721 "IP extended access list (expanded range)\n"
1722 "Sequence number of an entry\n"
1724 "Specify packets to reject\n"
1725 "Specify packets to forward\n"
1726 "Any Internet Protocol\n"
1728 "A single destination host\n"
1729 "Destination address\n")
1734 char *permit_deny
= NULL
;
1737 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1739 seq
= argv
[idx
]->arg
;
1742 argv_find(argv
, argc
, "permit", &idx
);
1743 argv_find(argv
, argc
, "deny", &idx
);
1745 permit_deny
= argv
[idx
]->arg
;
1748 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1750 dst
= argv
[idx
]->arg
;
1752 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1753 "0.0.0.0", "255.255.255.255", dst
, "0.0.0.0", 1,
1757 DEFUN (no_access_list_extended_host_any
,
1758 no_access_list_extended_host_any_cmd
,
1759 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1761 "Add an access list entry\n"
1762 "IP extended access list\n"
1763 "IP extended access list (expanded range)\n"
1764 "Sequence number of an entry\n"
1766 "Specify packets to reject\n"
1767 "Specify packets to forward\n"
1768 "Any Internet Protocol\n"
1769 "A single source host\n"
1771 "Any destination host\n")
1776 char *permit_deny
= NULL
;
1779 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1781 seq
= argv
[idx
]->arg
;
1784 argv_find(argv
, argc
, "permit", &idx
);
1785 argv_find(argv
, argc
, "deny", &idx
);
1787 permit_deny
= argv
[idx
]->arg
;
1790 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1792 src
= argv
[idx
]->arg
;
1794 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1795 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1798 static int filter_set_zebra(struct vty
*vty
, const char *name_str
,
1799 const char *seq
, const char *type_str
, afi_t afi
,
1800 const char *prefix_str
, int exact
, int set
)
1803 enum filter_type type
= FILTER_DENY
;
1804 struct filter
*mfilter
;
1805 struct filter_zebra
*filter
;
1806 struct access_list
*access
;
1808 int64_t seqnum
= -1;
1810 if (strlen(name_str
) > ACL_NAMSIZ
) {
1812 "%% ACL name %s is invalid: length exceeds "
1814 name_str
, ACL_NAMSIZ
);
1815 return CMD_WARNING_CONFIG_FAILED
;
1819 seqnum
= (int64_t)atol(seq
);
1821 /* Check of filter type. */
1823 if (strncmp(type_str
, "p", 1) == 0)
1824 type
= FILTER_PERMIT
;
1825 else if (strncmp(type_str
, "d", 1) == 0)
1828 vty_out(vty
, "filter type must be [permit|deny]\n");
1829 return CMD_WARNING_CONFIG_FAILED
;
1833 /* Check string format of prefix and prefixlen. */
1834 if (afi
== AFI_IP
) {
1835 ret
= str2prefix_ipv4(prefix_str
, (struct prefix_ipv4
*)&p
);
1838 "IP address prefix/prefixlen is malformed\n");
1839 return CMD_WARNING_CONFIG_FAILED
;
1841 } else if (afi
== AFI_IP6
) {
1842 ret
= str2prefix_ipv6(prefix_str
, (struct prefix_ipv6
*)&p
);
1845 "IPv6 address prefix/prefixlen is malformed\n");
1846 return CMD_WARNING_CONFIG_FAILED
;
1848 } else if (afi
== AFI_L2VPN
) {
1849 ret
= str2prefix_eth(prefix_str
, (struct prefix_eth
*)&p
);
1851 vty_out(vty
, "MAC address is malformed\n");
1855 return CMD_WARNING_CONFIG_FAILED
;
1857 mfilter
= filter_new();
1858 mfilter
->type
= type
;
1859 mfilter
->seq
= seqnum
;
1860 filter
= &mfilter
->u
.zfilter
;
1861 prefix_copy(&filter
->prefix
, &p
);
1867 /* Install new filter to the access_list. */
1868 access
= access_list_get(afi
, name_str
);
1871 if (filter_lookup_zebra(access
, mfilter
))
1872 filter_free(mfilter
);
1874 access_list_filter_add(access
, mfilter
);
1876 struct filter
*delete_filter
;
1877 delete_filter
= filter_lookup_zebra(access
, mfilter
);
1879 access_list_filter_delete(access
, delete_filter
);
1881 filter_free(mfilter
);
1887 DEFUN (mac_access_list
,
1888 mac_access_list_cmd
,
1889 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1890 "Add a mac access-list\n"
1891 "Add an access list entry\n"
1892 "MAC zebra access-list name\n"
1893 "Sequence number of an entry\n"
1895 "Specify packets to reject\n"
1896 "Specify packets to forward\n"
1897 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1901 char *permit_deny
= NULL
;
1904 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1906 seq
= argv
[idx
]->arg
;
1909 argv_find(argv
, argc
, "permit", &idx
);
1910 argv_find(argv
, argc
, "deny", &idx
);
1912 permit_deny
= argv
[idx
]->arg
;
1915 argv_find(argv
, argc
, "X:X:X:X:X:X", &idx
);
1917 mac
= argv
[idx
]->arg
;
1919 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1923 DEFUN (no_mac_access_list
,
1924 no_mac_access_list_cmd
,
1925 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1927 "Remove a mac access-list\n"
1928 "Remove an access list entry\n"
1929 "MAC zebra access-list name\n"
1930 "Sequence number of an entry\n"
1932 "Specify packets to reject\n"
1933 "Specify packets to forward\n"
1934 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1938 char *permit_deny
= NULL
;
1941 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1943 seq
= argv
[idx
]->arg
;
1946 argv_find(argv
, argc
, "permit", &idx
);
1947 argv_find(argv
, argc
, "deny", &idx
);
1949 permit_deny
= argv
[idx
]->arg
;
1952 argv_find(argv
, argc
, "X:X:X:X:X:X", &idx
);
1954 mac
= argv
[idx
]->arg
;
1956 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1960 DEFUN (mac_access_list_any
,
1961 mac_access_list_any_cmd
,
1962 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1963 "Add a mac access-list\n"
1964 "Add an access list entry\n"
1965 "MAC zebra access-list name\n"
1966 "Sequence number of an entry\n"
1968 "Specify packets to reject\n"
1969 "Specify packets to forward\n"
1970 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1974 char *permit_deny
= NULL
;
1976 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1978 seq
= argv
[idx
]->arg
;
1981 argv_find(argv
, argc
, "permit", &idx
);
1982 argv_find(argv
, argc
, "deny", &idx
);
1984 permit_deny
= argv
[idx
]->arg
;
1986 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1987 "00:00:00:00:00:00", 0, 1);
1990 DEFUN (no_mac_access_list_any
,
1991 no_mac_access_list_any_cmd
,
1992 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1994 "Remove a mac access-list\n"
1995 "Remove an access list entry\n"
1996 "MAC zebra access-list name\n"
1997 "Sequence number of an entry\n"
1999 "Specify packets to reject\n"
2000 "Specify packets to forward\n"
2001 "MAC address to match. e.g. 00:01:00:01:00:01\n")
2005 char *permit_deny
= NULL
;
2007 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2009 seq
= argv
[idx
]->arg
;
2012 argv_find(argv
, argc
, "permit", &idx
);
2013 argv_find(argv
, argc
, "deny", &idx
);
2015 permit_deny
= argv
[idx
]->arg
;
2017 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
2018 "00:00:00:00:00:00", 0, 0);
2021 DEFUN (access_list_exact
,
2022 access_list_exact_cmd
,
2023 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2024 "Add an access list entry\n"
2025 "IP zebra access-list name\n"
2026 "Sequence number of an entry\n"
2028 "Specify packets to reject\n"
2029 "Specify packets to forward\n"
2030 "Prefix to match. e.g. 10.0.0.0/8\n"
2031 "Exact match of the prefixes\n")
2036 char *permit_deny
= NULL
;
2037 char *prefix
= NULL
;
2039 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2041 seq
= argv
[idx
]->arg
;
2044 argv_find(argv
, argc
, "permit", &idx
);
2045 argv_find(argv
, argc
, "deny", &idx
);
2047 permit_deny
= argv
[idx
]->arg
;
2050 argv_find(argv
, argc
, "A.B.C.D/M", &idx
);
2052 prefix
= argv
[idx
]->arg
;
2055 if (argv_find(argv
, argc
, "exact-match", &idx
))
2058 return filter_set_zebra(vty
, argv
[1]->arg
, seq
, permit_deny
,
2059 AFI_IP
, prefix
, exact
, 1);
2062 DEFUN (access_list_any
,
2063 access_list_any_cmd
,
2064 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
2065 "Add an access list entry\n"
2066 "IP zebra access-list name\n"
2067 "Sequence number of an entry\n"
2069 "Specify packets to reject\n"
2070 "Specify packets to forward\n"
2071 "Prefix to match. e.g. 10.0.0.0/8\n")
2076 char *permit_deny
= NULL
;
2078 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2080 seq
= argv
[idx
]->arg
;
2083 argv_find(argv
, argc
, "permit", &idx
);
2084 argv_find(argv
, argc
, "deny", &idx
);
2086 permit_deny
= argv
[idx
]->arg
;
2088 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2089 AFI_IP
, "0.0.0.0/0", 0, 1);
2092 DEFUN (no_access_list_exact
,
2093 no_access_list_exact_cmd
,
2094 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2096 "Add an access list entry\n"
2097 "IP zebra access-list name\n"
2098 "Sequence number of an entry\n"
2100 "Specify packets to reject\n"
2101 "Specify packets to forward\n"
2102 "Prefix to match. e.g. 10.0.0.0/8\n"
2103 "Exact match of the prefixes\n")
2108 char *permit_deny
= NULL
;
2109 char *prefix
= NULL
;
2111 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2113 seq
= argv
[idx
]->arg
;
2116 argv_find(argv
, argc
, "permit", &idx
);
2117 argv_find(argv
, argc
, "deny", &idx
);
2119 permit_deny
= argv
[idx
]->arg
;
2122 argv_find(argv
, argc
, "A.B.C.D/M", &idx
);
2124 prefix
= argv
[idx
]->arg
;
2127 if (argv_find(argv
, argc
, "exact-match", &idx
))
2130 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
,
2131 AFI_IP
, prefix
, exact
, 0);
2134 DEFUN (no_access_list_any
,
2135 no_access_list_any_cmd
,
2136 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
2138 "Add an access list entry\n"
2139 "IP zebra access-list name\n"
2140 "Sequence number of an entry\n"
2142 "Specify packets to reject\n"
2143 "Specify packets to forward\n"
2144 "Prefix to match. e.g. 10.0.0.0/8\n")
2149 char *permit_deny
= NULL
;
2151 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2153 seq
= argv
[idx
]->arg
;
2156 argv_find(argv
, argc
, "permit", &idx
);
2157 argv_find(argv
, argc
, "deny", &idx
);
2159 permit_deny
= argv
[idx
]->arg
;
2161 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2162 AFI_IP
, "0.0.0.0/0", 0, 0);
2165 DEFUN (no_access_list_all
,
2166 no_access_list_all_cmd
,
2167 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2169 "Add an access list entry\n"
2170 "IP standard access list\n"
2171 "IP extended access list\n"
2172 "IP standard access list (expanded range)\n"
2173 "IP extended access list (expanded range)\n"
2174 "IP zebra access-list name\n")
2177 struct access_list
*access
;
2178 struct access_master
*master
;
2180 /* Looking up access_list. */
2181 access
= access_list_lookup(AFI_IP
, argv
[idx_acl
]->arg
);
2182 if (access
== NULL
) {
2183 vty_out(vty
, "%% access-list %s doesn't exist\n",
2184 argv
[idx_acl
]->arg
);
2185 return CMD_WARNING_CONFIG_FAILED
;
2188 master
= access
->master
;
2190 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
2191 /* Run hook function. */
2192 if (master
->delete_hook
)
2193 (*master
->delete_hook
)(access
);
2195 /* Delete all filter from access-list. */
2196 access_list_delete(access
);
2201 DEFUN (access_list_remark
,
2202 access_list_remark_cmd
,
2203 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2204 "Add an access list entry\n"
2205 "IP standard access list\n"
2206 "IP extended access list\n"
2207 "IP standard access list (expanded range)\n"
2208 "IP extended access list (expanded range)\n"
2209 "IP zebra access-list\n"
2210 "Access list entry comment\n"
2211 "Comment up to 100 characters\n")
2215 struct access_list
*access
;
2217 access
= access_list_get(AFI_IP
, argv
[idx_acl
]->arg
);
2219 if (access
->remark
) {
2220 XFREE(MTYPE_TMP
, access
->remark
);
2221 access
->remark
= NULL
;
2223 access
->remark
= argv_concat(argv
, argc
, idx_remark
);
2228 DEFUN (no_access_list_remark
,
2229 no_access_list_remark_cmd
,
2230 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
2232 "Add an access list entry\n"
2233 "IP standard access list\n"
2234 "IP extended access list\n"
2235 "IP standard access list (expanded range)\n"
2236 "IP extended access list (expanded range)\n"
2237 "IP zebra access-list\n"
2238 "Access list entry comment\n")
2241 return vty_access_list_remark_unset(vty
, AFI_IP
, argv
[idx_acl
]->arg
);
2245 DEFUN (no_access_list_remark_comment
,
2246 no_access_list_remark_comment_cmd
,
2247 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2249 "Add an access list entry\n"
2250 "IP standard access list\n"
2251 "IP extended access list\n"
2252 "IP standard access list (expanded range)\n"
2253 "IP extended access list (expanded range)\n"
2254 "IP zebra access-list\n"
2255 "Access list entry comment\n"
2256 "Comment up to 100 characters\n")
2258 return no_access_list_remark(self
, vty
, argc
, argv
);
2261 DEFUN (ipv6_access_list_exact
,
2262 ipv6_access_list_exact_cmd
,
2263 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2265 "Add an access list entry\n"
2266 "IPv6 zebra access-list\n"
2267 "Sequence number of an entry\n"
2269 "Specify packets to reject\n"
2270 "Specify packets to forward\n"
2272 "Exact match of the prefixes\n")
2278 char *permit_deny
= NULL
;
2279 char *prefix
= NULL
;
2281 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2283 seq
= argv
[idx
]->arg
;
2286 argv_find(argv
, argc
, "permit", &idx
);
2287 argv_find(argv
, argc
, "deny", &idx
);
2289 permit_deny
= argv
[idx
]->arg
;
2292 argv_find(argv
, argc
, "X:X::X:X/M", &idx
);
2294 prefix
= argv
[idx
]->arg
;
2297 if (argv_find(argv
, argc
, "exact-match", &idx
))
2300 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2301 AFI_IP6
, prefix
, exact
, 1);
2304 DEFUN (ipv6_access_list_any
,
2305 ipv6_access_list_any_cmd
,
2306 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2308 "Add an access list entry\n"
2309 "IPv6 zebra access-list\n"
2310 "Sequence number of an entry\n"
2312 "Specify packets to reject\n"
2313 "Specify packets to forward\n"
2314 "Any prefixi to match\n")
2319 char *permit_deny
= NULL
;
2321 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2323 seq
= argv
[idx
]->arg
;
2326 argv_find(argv
, argc
, "permit", &idx
);
2327 argv_find(argv
, argc
, "deny", &idx
);
2329 permit_deny
= argv
[idx
]->arg
;
2331 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2332 AFI_IP6
, "::/0", 0, 1);
2335 DEFUN (no_ipv6_access_list_exact
,
2336 no_ipv6_access_list_exact_cmd
,
2337 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2340 "Add an access list entry\n"
2341 "IPv6 zebra access-list\n"
2342 "Sequence number of an entry\n"
2344 "Specify packets to reject\n"
2345 "Specify packets to forward\n"
2346 "Prefix to match. e.g. 3ffe:506::/32\n"
2347 "Exact match of the prefixes\n")
2353 char *permit_deny
= NULL
;
2354 char *prefix
= NULL
;
2356 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2358 seq
= argv
[idx
]->arg
;
2361 argv_find(argv
, argc
, "permit", &idx
);
2362 argv_find(argv
, argc
, "deny", &idx
);
2364 permit_deny
= argv
[idx
]->arg
;
2367 argv_find(argv
, argc
, "X:X::X:X/M", &idx
);
2369 prefix
= argv
[idx
]->arg
;
2372 if (argv_find(argv
, argc
, "exact-match", &idx
))
2375 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2376 AFI_IP6
, prefix
, exact
, 0);
2379 DEFUN (no_ipv6_access_list_any
,
2380 no_ipv6_access_list_any_cmd
,
2381 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2384 "Add an access list entry\n"
2385 "IPv6 zebra access-list\n"
2386 "Sequence number of an entry\n"
2388 "Specify packets to reject\n"
2389 "Specify packets to forward\n"
2390 "Any prefixi to match\n")
2395 char *permit_deny
= NULL
;
2397 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2399 seq
= argv
[idx
]->arg
;
2402 argv_find(argv
, argc
, "permit", &idx
);
2403 argv_find(argv
, argc
, "deny", &idx
);
2405 permit_deny
= argv
[idx
]->arg
;
2407 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2408 AFI_IP6
, "::/0", 0, 0);
2412 DEFUN (no_ipv6_access_list_all
,
2413 no_ipv6_access_list_all_cmd
,
2414 "no ipv6 access-list WORD",
2417 "Add an access list entry\n"
2418 "IPv6 zebra access-list\n")
2421 struct access_list
*access
;
2422 struct access_master
*master
;
2424 /* Looking up access_list. */
2425 access
= access_list_lookup(AFI_IP6
, argv
[idx_word
]->arg
);
2426 if (access
== NULL
) {
2427 vty_out(vty
, "%% access-list %s doesn't exist\n",
2428 argv
[idx_word
]->arg
);
2429 return CMD_WARNING_CONFIG_FAILED
;
2432 master
= access
->master
;
2434 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
2435 /* Run hook function. */
2436 if (master
->delete_hook
)
2437 (*master
->delete_hook
)(access
);
2439 /* Delete all filter from access-list. */
2440 access_list_delete(access
);
2445 DEFUN (ipv6_access_list_remark
,
2446 ipv6_access_list_remark_cmd
,
2447 "ipv6 access-list WORD remark LINE...",
2449 "Add an access list entry\n"
2450 "IPv6 zebra access-list\n"
2451 "Access list entry comment\n"
2452 "Comment up to 100 characters\n")
2456 struct access_list
*access
;
2458 access
= access_list_get(AFI_IP6
, argv
[idx_word
]->arg
);
2460 if (access
->remark
) {
2461 XFREE(MTYPE_TMP
, access
->remark
);
2462 access
->remark
= NULL
;
2464 access
->remark
= argv_concat(argv
, argc
, idx_line
);
2469 DEFUN (no_ipv6_access_list_remark
,
2470 no_ipv6_access_list_remark_cmd
,
2471 "no ipv6 access-list WORD remark",
2474 "Add an access list entry\n"
2475 "IPv6 zebra access-list\n"
2476 "Access list entry comment\n")
2479 return vty_access_list_remark_unset(vty
, AFI_IP6
, argv
[idx_word
]->arg
);
2483 DEFUN (no_ipv6_access_list_remark_comment
,
2484 no_ipv6_access_list_remark_comment_cmd
,
2485 "no ipv6 access-list WORD remark LINE...",
2488 "Add an access list entry\n"
2489 "IPv6 zebra access-list\n"
2490 "Access list entry comment\n"
2491 "Comment up to 100 characters\n")
2493 return no_ipv6_access_list_remark(self
, vty
, argc
, argv
);
2496 void config_write_access_zebra(struct vty
*, struct filter
*);
2497 void config_write_access_cisco(struct vty
*, struct filter
*);
2499 /* show access-list command. */
2500 static int filter_show(struct vty
*vty
, const char *name
, afi_t afi
)
2502 struct access_list
*access
;
2503 struct access_master
*master
;
2504 struct filter
*mfilter
;
2505 struct filter_cisco
*filter
;
2508 master
= access_master_get(afi
);
2512 /* Print the name of the protocol */
2513 vty_out(vty
, "%s:\n", frr_protoname
);
2515 for (access
= master
->num
.head
; access
; access
= access
->next
) {
2516 if (name
&& strcmp(access
->name
, name
) != 0)
2521 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2522 filter
= &mfilter
->u
.cfilter
;
2525 vty_out(vty
, "%s %s access list %s\n",
2526 mfilter
->cisco
? (filter
->extended
2532 : ((afi
== AFI_IP6
) ? ("IPv6 ")
2538 vty_out(vty
, " seq %" PRId64
, mfilter
->seq
);
2539 vty_out(vty
, " %s%s", filter_type_str(mfilter
),
2540 mfilter
->type
== FILTER_DENY
? " " : "");
2542 if (!mfilter
->cisco
)
2543 config_write_access_zebra(vty
, mfilter
);
2544 else if (filter
->extended
)
2545 config_write_access_cisco(vty
, mfilter
);
2547 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2548 vty_out(vty
, " any\n");
2551 inet_ntoa(filter
->addr
));
2552 if (filter
->addr_mask
.s_addr
!= 0)
2554 ", wildcard bits %s",
2556 filter
->addr_mask
));
2563 for (access
= master
->str
.head
; access
; access
= access
->next
) {
2564 if (name
&& strcmp(access
->name
, name
) != 0)
2569 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2570 filter
= &mfilter
->u
.cfilter
;
2573 vty_out(vty
, "%s %s access list %s\n",
2574 mfilter
->cisco
? (filter
->extended
2580 : ((afi
== AFI_IP6
) ? ("IPv6 ")
2586 vty_out(vty
, " seq %" PRId64
, mfilter
->seq
);
2587 vty_out(vty
, " %s%s", filter_type_str(mfilter
),
2588 mfilter
->type
== FILTER_DENY
? " " : "");
2590 if (!mfilter
->cisco
)
2591 config_write_access_zebra(vty
, mfilter
);
2592 else if (filter
->extended
)
2593 config_write_access_cisco(vty
, mfilter
);
2595 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2596 vty_out(vty
, " any\n");
2599 inet_ntoa(filter
->addr
));
2600 if (filter
->addr_mask
.s_addr
!= 0)
2602 ", wildcard bits %s",
2604 filter
->addr_mask
));
2613 /* show MAC access list - this only has MAC filters for now*/
2614 DEFUN (show_mac_access_list
,
2615 show_mac_access_list_cmd
,
2616 "show mac access-list",
2618 "mac access lists\n"
2619 "List mac access lists\n")
2621 return filter_show(vty
, NULL
, AFI_L2VPN
);
2624 DEFUN (show_mac_access_list_name
,
2625 show_mac_access_list_name_cmd
,
2626 "show mac access-list WORD",
2628 "mac access lists\n"
2629 "List mac access lists\n"
2632 return filter_show(vty
, argv
[3]->arg
, AFI_L2VPN
);
2635 DEFUN (show_ip_access_list
,
2636 show_ip_access_list_cmd
,
2637 "show ip access-list",
2640 "List IP access lists\n")
2642 return filter_show(vty
, NULL
, AFI_IP
);
2645 DEFUN (show_ip_access_list_name
,
2646 show_ip_access_list_name_cmd
,
2647 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2650 "List IP access lists\n"
2651 "IP standard access list\n"
2652 "IP extended access list\n"
2653 "IP standard access list (expanded range)\n"
2654 "IP extended access list (expanded range)\n"
2655 "IP zebra access-list\n")
2658 return filter_show(vty
, argv
[idx_acl
]->arg
, AFI_IP
);
2661 DEFUN (show_ipv6_access_list
,
2662 show_ipv6_access_list_cmd
,
2663 "show ipv6 access-list",
2666 "List IPv6 access lists\n")
2668 return filter_show(vty
, NULL
, AFI_IP6
);
2671 DEFUN (show_ipv6_access_list_name
,
2672 show_ipv6_access_list_name_cmd
,
2673 "show ipv6 access-list WORD",
2676 "List IPv6 access lists\n"
2677 "IPv6 zebra access-list\n")
2680 return filter_show(vty
, argv
[idx_word
]->arg
, AFI_IP6
);
2683 void config_write_access_cisco(struct vty
*vty
, struct filter
*mfilter
)
2685 struct filter_cisco
*filter
;
2687 filter
= &mfilter
->u
.cfilter
;
2689 if (filter
->extended
) {
2690 vty_out(vty
, " ip");
2691 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2692 vty_out(vty
, " any");
2693 else if (filter
->addr_mask
.s_addr
== 0)
2694 vty_out(vty
, " host %s", inet_ntoa(filter
->addr
));
2696 vty_out(vty
, " %s", inet_ntoa(filter
->addr
));
2697 vty_out(vty
, " %s", inet_ntoa(filter
->addr_mask
));
2700 if (filter
->mask_mask
.s_addr
== 0xffffffff)
2701 vty_out(vty
, " any");
2702 else if (filter
->mask_mask
.s_addr
== 0)
2703 vty_out(vty
, " host %s", inet_ntoa(filter
->mask
));
2705 vty_out(vty
, " %s", inet_ntoa(filter
->mask
));
2706 vty_out(vty
, " %s", inet_ntoa(filter
->mask_mask
));
2710 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2711 vty_out(vty
, " any\n");
2713 vty_out(vty
, " %s", inet_ntoa(filter
->addr
));
2714 if (filter
->addr_mask
.s_addr
!= 0)
2716 inet_ntoa(filter
->addr_mask
));
2722 void config_write_access_zebra(struct vty
*vty
, struct filter
*mfilter
)
2724 struct filter_zebra
*filter
;
2728 filter
= &mfilter
->u
.zfilter
;
2729 p
= &filter
->prefix
;
2731 if (p
->prefixlen
== 0 && !filter
->exact
)
2732 vty_out(vty
, " any");
2733 else if (p
->family
== AF_INET6
|| p
->family
== AF_INET
)
2734 vty_out(vty
, " %s/%d%s",
2735 inet_ntop(p
->family
, &p
->u
.prefix
, buf
, BUFSIZ
),
2736 p
->prefixlen
, filter
->exact
? " exact-match" : "");
2737 else if (p
->family
== AF_ETHERNET
) {
2738 if (p
->prefixlen
== 0)
2739 vty_out(vty
, " any");
2741 vty_out(vty
, " %s", prefix_mac2str(&(p
->u
.prefix_eth
),
2748 static int config_write_access(struct vty
*vty
, afi_t afi
)
2750 struct access_list
*access
;
2751 struct access_master
*master
;
2752 struct filter
*mfilter
;
2755 master
= access_master_get(afi
);
2759 for (access
= master
->num
.head
; access
; access
= access
->next
) {
2760 if (access
->remark
) {
2761 vty_out(vty
, "%saccess-list %s remark %s\n",
2762 (afi
== AFI_IP
) ? ("")
2763 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2765 access
->name
, access
->remark
);
2769 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2770 vty_out(vty
, "%saccess-list %s seq %" PRId64
" %s",
2771 (afi
== AFI_IP
) ? ("")
2772 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2774 access
->name
, mfilter
->seq
,
2775 filter_type_str(mfilter
));
2778 config_write_access_cisco(vty
, mfilter
);
2780 config_write_access_zebra(vty
, mfilter
);
2786 for (access
= master
->str
.head
; access
; access
= access
->next
) {
2787 if (access
->remark
) {
2788 vty_out(vty
, "%saccess-list %s remark %s\n",
2789 (afi
== AFI_IP
) ? ("")
2790 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2792 access
->name
, access
->remark
);
2796 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2797 vty_out(vty
, "%saccess-list %s seq %" PRId64
" %s",
2798 (afi
== AFI_IP
) ? ("")
2799 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2801 access
->name
, mfilter
->seq
,
2802 filter_type_str(mfilter
));
2805 config_write_access_cisco(vty
, mfilter
);
2807 config_write_access_zebra(vty
, mfilter
);
2815 static struct cmd_node access_mac_node
= {
2816 ACCESS_MAC_NODE
, "", /* Access list has no interface. */
2819 static int config_write_access_mac(struct vty
*vty
)
2821 return config_write_access(vty
, AFI_L2VPN
);
2824 static void access_list_reset_mac(void)
2826 struct access_list
*access
;
2827 struct access_list
*next
;
2828 struct access_master
*master
;
2830 master
= access_master_get(AFI_L2VPN
);
2834 for (access
= master
->num
.head
; access
; access
= next
) {
2835 next
= access
->next
;
2836 access_list_delete(access
);
2838 for (access
= master
->str
.head
; access
; access
= next
) {
2839 next
= access
->next
;
2840 access_list_delete(access
);
2843 assert(master
->num
.head
== NULL
);
2844 assert(master
->num
.tail
== NULL
);
2846 assert(master
->str
.head
== NULL
);
2847 assert(master
->str
.tail
== NULL
);
2850 /* Install vty related command. */
2851 static void access_list_init_mac(void)
2853 install_node(&access_mac_node
, config_write_access_mac
);
2855 install_element(ENABLE_NODE
, &show_mac_access_list_cmd
);
2856 install_element(ENABLE_NODE
, &show_mac_access_list_name_cmd
);
2858 /* Zebra access-list */
2859 install_element(CONFIG_NODE
, &mac_access_list_cmd
);
2860 install_element(CONFIG_NODE
, &no_mac_access_list_cmd
);
2861 install_element(CONFIG_NODE
, &mac_access_list_any_cmd
);
2862 install_element(CONFIG_NODE
, &no_mac_access_list_any_cmd
);
2865 /* Access-list node. */
2866 static struct cmd_node access_node
= {ACCESS_NODE
,
2867 "", /* Access list has no interface. */
2870 static int config_write_access_ipv4(struct vty
*vty
)
2872 return config_write_access(vty
, AFI_IP
);
2875 static void access_list_reset_ipv4(void)
2877 struct access_list
*access
;
2878 struct access_list
*next
;
2879 struct access_master
*master
;
2881 master
= access_master_get(AFI_IP
);
2885 for (access
= master
->num
.head
; access
; access
= next
) {
2886 next
= access
->next
;
2887 access_list_delete(access
);
2889 for (access
= master
->str
.head
; access
; access
= next
) {
2890 next
= access
->next
;
2891 access_list_delete(access
);
2894 assert(master
->num
.head
== NULL
);
2895 assert(master
->num
.tail
== NULL
);
2897 assert(master
->str
.head
== NULL
);
2898 assert(master
->str
.tail
== NULL
);
2901 /* Install vty related command. */
2902 static void access_list_init_ipv4(void)
2904 install_node(&access_node
, config_write_access_ipv4
);
2906 install_element(ENABLE_NODE
, &show_ip_access_list_cmd
);
2907 install_element(ENABLE_NODE
, &show_ip_access_list_name_cmd
);
2909 /* Zebra access-list */
2910 install_element(CONFIG_NODE
, &access_list_exact_cmd
);
2911 install_element(CONFIG_NODE
, &access_list_any_cmd
);
2912 install_element(CONFIG_NODE
, &no_access_list_exact_cmd
);
2913 install_element(CONFIG_NODE
, &no_access_list_any_cmd
);
2915 /* Standard access-list */
2916 install_element(CONFIG_NODE
, &access_list_standard_cmd
);
2917 install_element(CONFIG_NODE
, &access_list_standard_nomask_cmd
);
2918 install_element(CONFIG_NODE
, &access_list_standard_host_cmd
);
2919 install_element(CONFIG_NODE
, &access_list_standard_any_cmd
);
2920 install_element(CONFIG_NODE
, &no_access_list_standard_cmd
);
2921 install_element(CONFIG_NODE
, &no_access_list_standard_nomask_cmd
);
2922 install_element(CONFIG_NODE
, &no_access_list_standard_host_cmd
);
2923 install_element(CONFIG_NODE
, &no_access_list_standard_any_cmd
);
2925 /* Extended access-list */
2926 install_element(CONFIG_NODE
, &access_list_extended_cmd
);
2927 install_element(CONFIG_NODE
, &access_list_extended_any_mask_cmd
);
2928 install_element(CONFIG_NODE
, &access_list_extended_mask_any_cmd
);
2929 install_element(CONFIG_NODE
, &access_list_extended_any_any_cmd
);
2930 install_element(CONFIG_NODE
, &access_list_extended_host_mask_cmd
);
2931 install_element(CONFIG_NODE
, &access_list_extended_mask_host_cmd
);
2932 install_element(CONFIG_NODE
, &access_list_extended_host_host_cmd
);
2933 install_element(CONFIG_NODE
, &access_list_extended_any_host_cmd
);
2934 install_element(CONFIG_NODE
, &access_list_extended_host_any_cmd
);
2935 install_element(CONFIG_NODE
, &no_access_list_extended_cmd
);
2936 install_element(CONFIG_NODE
, &no_access_list_extended_any_mask_cmd
);
2937 install_element(CONFIG_NODE
, &no_access_list_extended_mask_any_cmd
);
2938 install_element(CONFIG_NODE
, &no_access_list_extended_any_any_cmd
);
2939 install_element(CONFIG_NODE
, &no_access_list_extended_host_mask_cmd
);
2940 install_element(CONFIG_NODE
, &no_access_list_extended_mask_host_cmd
);
2941 install_element(CONFIG_NODE
, &no_access_list_extended_host_host_cmd
);
2942 install_element(CONFIG_NODE
, &no_access_list_extended_any_host_cmd
);
2943 install_element(CONFIG_NODE
, &no_access_list_extended_host_any_cmd
);
2945 install_element(CONFIG_NODE
, &access_list_remark_cmd
);
2946 install_element(CONFIG_NODE
, &no_access_list_all_cmd
);
2947 install_element(CONFIG_NODE
, &no_access_list_remark_cmd
);
2948 install_element(CONFIG_NODE
, &no_access_list_remark_comment_cmd
);
2951 static struct cmd_node access_ipv6_node
= {ACCESS_IPV6_NODE
, "", 1};
2953 static int config_write_access_ipv6(struct vty
*vty
)
2955 return config_write_access(vty
, AFI_IP6
);
2958 static void access_list_reset_ipv6(void)
2960 struct access_list
*access
;
2961 struct access_list
*next
;
2962 struct access_master
*master
;
2964 master
= access_master_get(AFI_IP6
);
2968 for (access
= master
->num
.head
; access
; access
= next
) {
2969 next
= access
->next
;
2970 access_list_delete(access
);
2972 for (access
= master
->str
.head
; access
; access
= next
) {
2973 next
= access
->next
;
2974 access_list_delete(access
);
2977 assert(master
->num
.head
== NULL
);
2978 assert(master
->num
.tail
== NULL
);
2980 assert(master
->str
.head
== NULL
);
2981 assert(master
->str
.tail
== NULL
);
2984 static void access_list_init_ipv6(void)
2986 install_node(&access_ipv6_node
, config_write_access_ipv6
);
2988 install_element(ENABLE_NODE
, &show_ipv6_access_list_cmd
);
2989 install_element(ENABLE_NODE
, &show_ipv6_access_list_name_cmd
);
2991 install_element(CONFIG_NODE
, &ipv6_access_list_exact_cmd
);
2992 install_element(CONFIG_NODE
, &ipv6_access_list_any_cmd
);
2993 install_element(CONFIG_NODE
, &no_ipv6_access_list_exact_cmd
);
2994 install_element(CONFIG_NODE
, &no_ipv6_access_list_any_cmd
);
2996 install_element(CONFIG_NODE
, &no_ipv6_access_list_all_cmd
);
2997 install_element(CONFIG_NODE
, &ipv6_access_list_remark_cmd
);
2998 install_element(CONFIG_NODE
, &no_ipv6_access_list_remark_cmd
);
2999 install_element(CONFIG_NODE
, &no_ipv6_access_list_remark_comment_cmd
);
3002 void access_list_init(void)
3004 access_list_init_ipv4();
3005 access_list_init_ipv6();
3006 access_list_init_mac();
3009 void access_list_reset(void)
3011 access_list_reset_ipv4();
3012 access_list_reset_ipv6();
3013 access_list_reset_mac();