]> git.proxmox.com Git - mirror_frr.git/blob - lib/filter.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
lib: Add const to _count() in new list APIs
[mirror_frr.git] / lib / filter.c
1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "prefix.h"
24 #include "filter.h"
25 #include "memory.h"
26 #include "command.h"
27 #include "sockunion.h"
28 #include "buffer.h"
29 #include "log.h"
30 #include "routemap.h"
31 #include "libfrr.h"
32
33 DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST, "Access List")
34 DEFINE_MTYPE_STATIC(LIB, ACCESS_LIST_STR, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB, ACCESS_FILTER, "Access Filter")
36
37 struct filter_cisco {
38 /* Cisco access-list */
39 int extended;
40 struct in_addr addr;
41 struct in_addr addr_mask;
42 struct in_addr mask;
43 struct in_addr mask_mask;
44 };
45
46 struct filter_zebra {
47 /* If this filter is "exact" match then this flag is set. */
48 int exact;
49
50 /* Prefix information. */
51 struct prefix prefix;
52 };
53
54 /* Filter element of access list */
55 struct filter {
56 /* For doubly linked list. */
57 struct filter *next;
58 struct filter *prev;
59
60 /* Filter type information. */
61 enum filter_type type;
62
63 /* Sequence number */
64 int64_t seq;
65
66 /* Cisco access-list */
67 int cisco;
68
69 union {
70 struct filter_cisco cfilter;
71 struct filter_zebra zfilter;
72 } u;
73 };
74
75 /* List of access_list. */
76 struct access_list_list {
77 struct access_list *head;
78 struct access_list *tail;
79 };
80
81 /* Master structure of access_list. */
82 struct access_master {
83 /* List of access_list which name is number. */
84 struct access_list_list num;
85
86 /* List of access_list which name is string. */
87 struct access_list_list str;
88
89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook)(struct access_list *);
91
92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook)(struct access_list *);
94 };
95
96 /* Static structure for mac access_list's master. */
97 static struct access_master access_master_mac = {
98 {NULL, NULL},
99 {NULL, NULL},
100 NULL,
101 NULL,
102 };
103
104 /* Static structure for IPv4 access_list's master. */
105 static struct access_master access_master_ipv4 = {
106 {NULL, NULL},
107 {NULL, NULL},
108 NULL,
109 NULL,
110 };
111
112 /* Static structure for IPv6 access_list's master. */
113 static struct access_master access_master_ipv6 = {
114 {NULL, NULL},
115 {NULL, NULL},
116 NULL,
117 NULL,
118 };
119
120 static struct access_master *access_master_get(afi_t afi)
121 {
122 if (afi == AFI_IP)
123 return &access_master_ipv4;
124 else if (afi == AFI_IP6)
125 return &access_master_ipv6;
126 else if (afi == AFI_L2VPN)
127 return &access_master_mac;
128 return NULL;
129 }
130
131 /* Allocate new filter structure. */
132 static struct filter *filter_new(void)
133 {
134 return XCALLOC(MTYPE_ACCESS_FILTER, sizeof(struct filter));
135 }
136
137 static void filter_free(struct filter *filter)
138 {
139 XFREE(MTYPE_ACCESS_FILTER, filter);
140 }
141
142 /* Return string of filter_type. */
143 static const char *filter_type_str(struct filter *filter)
144 {
145 switch (filter->type) {
146 case FILTER_PERMIT:
147 return "permit";
148 break;
149 case FILTER_DENY:
150 return "deny";
151 break;
152 case FILTER_DYNAMIC:
153 return "dynamic";
154 break;
155 default:
156 return "";
157 break;
158 }
159 }
160
161 /* If filter match to the prefix then return 1. */
162 static int filter_match_cisco(struct filter *mfilter, const struct prefix *p)
163 {
164 struct filter_cisco *filter;
165 struct in_addr mask;
166 uint32_t check_addr;
167 uint32_t check_mask;
168
169 filter = &mfilter->u.cfilter;
170 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
171
172 if (filter->extended) {
173 masklen2ip(p->prefixlen, &mask);
174 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
175
176 if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0
177 && memcmp(&check_mask, &filter->mask.s_addr, 4) == 0)
178 return 1;
179 } else if (memcmp(&check_addr, &filter->addr.s_addr, 4) == 0)
180 return 1;
181
182 return 0;
183 }
184
185 /* If filter match to the prefix then return 1. */
186 static int filter_match_zebra(struct filter *mfilter, const struct prefix *p)
187 {
188 struct filter_zebra *filter = NULL;
189
190 filter = &mfilter->u.zfilter;
191
192 if (filter->prefix.family == p->family) {
193 if (filter->exact) {
194 if (filter->prefix.prefixlen == p->prefixlen)
195 return prefix_match(&filter->prefix, p);
196 else
197 return 0;
198 } else
199 return prefix_match(&filter->prefix, p);
200 } else
201 return 0;
202 }
203
204 /* Allocate new access list structure. */
205 static struct access_list *access_list_new(void)
206 {
207 return XCALLOC(MTYPE_ACCESS_LIST, sizeof(struct access_list));
208 }
209
210 /* Free allocated access_list. */
211 static void access_list_free(struct access_list *access)
212 {
213 XFREE(MTYPE_ACCESS_LIST, access);
214 }
215
216 /* Delete access_list from access_master and free it. */
217 static void access_list_delete(struct access_list *access)
218 {
219 struct filter *filter;
220 struct filter *next;
221 struct access_list_list *list;
222 struct access_master *master;
223
224 for (filter = access->head; filter; filter = next) {
225 next = filter->next;
226 filter_free(filter);
227 }
228
229 master = access->master;
230
231 if (access->type == ACCESS_TYPE_NUMBER)
232 list = &master->num;
233 else
234 list = &master->str;
235
236 if (access->next)
237 access->next->prev = access->prev;
238 else
239 list->tail = access->prev;
240
241 if (access->prev)
242 access->prev->next = access->next;
243 else
244 list->head = access->next;
245
246 XFREE(MTYPE_ACCESS_LIST_STR, access->name);
247
248 XFREE(MTYPE_TMP, access->remark);
249
250 access_list_free(access);
251 }
252
253 /* Insert new access list to list of access_list. Each acceess_list
254 is sorted by the name. */
255 static struct access_list *access_list_insert(afi_t afi, const char *name)
256 {
257 unsigned int i;
258 long number;
259 struct access_list *access;
260 struct access_list *point;
261 struct access_list_list *alist;
262 struct access_master *master;
263
264 master = access_master_get(afi);
265 if (master == NULL)
266 return NULL;
267
268 /* Allocate new access_list and copy given name. */
269 access = access_list_new();
270 access->name = XSTRDUP(MTYPE_ACCESS_LIST_STR, name);
271 access->master = master;
272
273 /* If name is made by all digit character. We treat it as
274 number. */
275 for (number = 0, i = 0; i < strlen(name); i++) {
276 if (isdigit((int)name[i]))
277 number = (number * 10) + (name[i] - '0');
278 else
279 break;
280 }
281
282 /* In case of name is all digit character */
283 if (i == strlen(name)) {
284 access->type = ACCESS_TYPE_NUMBER;
285
286 /* Set access_list to number list. */
287 alist = &master->num;
288
289 for (point = alist->head; point; point = point->next)
290 if (atol(point->name) >= number)
291 break;
292 } else {
293 access->type = ACCESS_TYPE_STRING;
294
295 /* Set access_list to string list. */
296 alist = &master->str;
297
298 /* Set point to insertion point. */
299 for (point = alist->head; point; point = point->next)
300 if (strcmp(point->name, name) >= 0)
301 break;
302 }
303
304 /* In case of this is the first element of master. */
305 if (alist->head == NULL) {
306 alist->head = alist->tail = access;
307 return access;
308 }
309
310 /* In case of insertion is made at the tail of access_list. */
311 if (point == NULL) {
312 access->prev = alist->tail;
313 alist->tail->next = access;
314 alist->tail = access;
315 return access;
316 }
317
318 /* In case of insertion is made at the head of access_list. */
319 if (point == alist->head) {
320 access->next = alist->head;
321 alist->head->prev = access;
322 alist->head = access;
323 return access;
324 }
325
326 /* Insertion is made at middle of the access_list. */
327 access->next = point;
328 access->prev = point->prev;
329
330 if (point->prev)
331 point->prev->next = access;
332 point->prev = access;
333
334 return access;
335 }
336
337 /* Lookup access_list from list of access_list by name. */
338 struct access_list *access_list_lookup(afi_t afi, const char *name)
339 {
340 struct access_list *access;
341 struct access_master *master;
342
343 if (name == NULL)
344 return NULL;
345
346 master = access_master_get(afi);
347 if (master == NULL)
348 return NULL;
349
350 for (access = master->num.head; access; access = access->next)
351 if (strcmp(access->name, name) == 0)
352 return access;
353
354 for (access = master->str.head; access; access = access->next)
355 if (strcmp(access->name, name) == 0)
356 return access;
357
358 return NULL;
359 }
360
361 /* Get access list from list of access_list. If there isn't matched
362 access_list create new one and return it. */
363 static struct access_list *access_list_get(afi_t afi, const char *name)
364 {
365 struct access_list *access;
366
367 access = access_list_lookup(afi, name);
368 if (access == NULL)
369 access = access_list_insert(afi, name);
370 return access;
371 }
372
373 /* Apply access list to object (which should be struct prefix *). */
374 enum filter_type access_list_apply(struct access_list *access,
375 const void *object)
376 {
377 struct filter *filter;
378 const struct prefix *p = (const struct prefix *)object;
379
380 if (access == NULL)
381 return FILTER_DENY;
382
383 for (filter = access->head; filter; filter = filter->next) {
384 if (filter->cisco) {
385 if (filter_match_cisco(filter, p))
386 return filter->type;
387 } else {
388 if (filter_match_zebra(filter, p))
389 return filter->type;
390 }
391 }
392
393 return FILTER_DENY;
394 }
395
396 /* Add hook function. */
397 void access_list_add_hook(void (*func)(struct access_list *access))
398 {
399 access_master_ipv4.add_hook = func;
400 access_master_ipv6.add_hook = func;
401 access_master_mac.add_hook = func;
402 }
403
404 /* Delete hook function. */
405 void access_list_delete_hook(void (*func)(struct access_list *access))
406 {
407 access_master_ipv4.delete_hook = func;
408 access_master_ipv6.delete_hook = func;
409 access_master_mac.delete_hook = func;
410 }
411
412 /* Calculate new sequential number. */
413 static int64_t filter_new_seq_get(struct access_list *access)
414 {
415 int64_t maxseq;
416 int64_t newseq;
417 struct filter *filter;
418
419 maxseq = newseq = 0;
420
421 for (filter = access->head; filter; filter = filter->next) {
422 if (maxseq < filter->seq)
423 maxseq = filter->seq;
424 }
425
426 newseq = ((maxseq / 5) * 5) + 5;
427
428 return (newseq > UINT_MAX) ? UINT_MAX : newseq;
429 }
430
431 /* Return access list entry which has same seq number. */
432 static struct filter *filter_seq_check(struct access_list *access,
433 int64_t seq)
434 {
435 struct filter *filter;
436
437 for (filter = access->head; filter; filter = filter->next)
438 if (filter->seq == seq)
439 return filter;
440 return NULL;
441 }
442
443 /* If access_list has no filter then return 1. */
444 static int access_list_empty(struct access_list *access)
445 {
446 if (access->head == NULL && access->tail == NULL)
447 return 1;
448 else
449 return 0;
450 }
451
452 /* Delete filter from specified access_list. If there is hook
453 function execute it. */
454 static void access_list_filter_delete(struct access_list *access,
455 struct filter *filter)
456 {
457 struct access_master *master;
458
459 master = access->master;
460
461 if (filter->next)
462 filter->next->prev = filter->prev;
463 else
464 access->tail = filter->prev;
465
466 if (filter->prev)
467 filter->prev->next = filter->next;
468 else
469 access->head = filter->next;
470
471 filter_free(filter);
472
473 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
474 /* Run hook function. */
475 if (master->delete_hook)
476 (*master->delete_hook)(access);
477
478 /* If access_list becomes empty delete it from access_master. */
479 if (access_list_empty(access))
480 access_list_delete(access);
481 }
482
483 /* Add new filter to the end of specified access_list. */
484 static void access_list_filter_add(struct access_list *access,
485 struct filter *filter)
486 {
487 struct filter *replace;
488 struct filter *point;
489
490 /* Automatic asignment of seq no. */
491 if (filter->seq == -1)
492 filter->seq = filter_new_seq_get(access);
493
494 if (access->tail && filter->seq > access->tail->seq)
495 point = NULL;
496 else {
497 /* Is there any same seq access list filter? */
498 replace = filter_seq_check(access, filter->seq);
499 if (replace)
500 access_list_filter_delete(access, replace);
501
502 /* Check insert point. */
503 for (point = access->head; point; point = point->next)
504 if (point->seq >= filter->seq)
505 break;
506 }
507
508 /* In case of this is the first element of the list. */
509 filter->next = point;
510
511 if (point) {
512 if (point->prev)
513 point->prev->next = filter;
514 else
515 access->head = filter;
516
517 filter->prev = point->prev;
518 point->prev = filter;
519 } else {
520 if (access->tail)
521 access->tail->next = filter;
522 else
523 access->head = filter;
524
525 filter->prev = access->tail;
526 access->tail = filter;
527 }
528
529 /* Run hook function. */
530 if (access->master->add_hook)
531 (*access->master->add_hook)(access);
532 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_ADDED);
533 }
534
535 /*
536 deny Specify packets to reject
537 permit Specify packets to forward
538 dynamic ?
539 */
540
541 /*
542 Hostname or A.B.C.D Address to match
543 any Any source host
544 host A single host address
545 */
546
547 static struct filter *filter_lookup_cisco(struct access_list *access,
548 struct filter *mnew)
549 {
550 struct filter *mfilter;
551 struct filter_cisco *filter;
552 struct filter_cisco *new;
553
554 new = &mnew->u.cfilter;
555
556 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
557 filter = &mfilter->u.cfilter;
558
559 if (filter->extended) {
560 if (mfilter->type == mnew->type
561 && filter->addr.s_addr == new->addr.s_addr
562 && filter->addr_mask.s_addr == new->addr_mask.s_addr
563 && filter->mask.s_addr == new->mask.s_addr
564 && filter->mask_mask.s_addr
565 == new->mask_mask.s_addr)
566 return mfilter;
567 } else {
568 if (mfilter->type == mnew->type
569 && filter->addr.s_addr == new->addr.s_addr
570 && filter->addr_mask.s_addr
571 == new->addr_mask.s_addr)
572 return mfilter;
573 }
574 }
575
576 return NULL;
577 }
578
579 static struct filter *filter_lookup_zebra(struct access_list *access,
580 struct filter *mnew)
581 {
582 struct filter *mfilter;
583 struct filter_zebra *filter;
584 struct filter_zebra *new;
585
586 new = &mnew->u.zfilter;
587
588 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
589 filter = &mfilter->u.zfilter;
590
591 if (filter->exact == new->exact
592 && mfilter->type == mnew->type) {
593 if (prefix_same(&filter->prefix, &new->prefix))
594 return mfilter;
595 }
596 }
597 return NULL;
598 }
599
600 static int vty_access_list_remark_unset(struct vty *vty, afi_t afi,
601 const char *name)
602 {
603 struct access_list *access;
604
605 access = access_list_lookup(afi, name);
606 if (!access) {
607 vty_out(vty, "%% access-list %s doesn't exist\n", name);
608 return CMD_WARNING_CONFIG_FAILED;
609 }
610
611 if (access->remark) {
612 XFREE(MTYPE_TMP, access->remark);
613 access->remark = NULL;
614 }
615
616 if (access->head == NULL && access->tail == NULL)
617 access_list_delete(access);
618
619 return CMD_SUCCESS;
620 }
621
622 static int filter_set_cisco(struct vty *vty, const char *name_str,
623 const char *seq, const char *type_str,
624 const char *addr_str, const char *addr_mask_str,
625 const char *mask_str, const char *mask_mask_str,
626 int extended, int set)
627 {
628 int ret;
629 enum filter_type type = FILTER_DENY;
630 struct filter *mfilter;
631 struct filter_cisco *filter;
632 struct access_list *access;
633 struct in_addr addr;
634 struct in_addr addr_mask;
635 struct in_addr mask;
636 struct in_addr mask_mask;
637 int64_t seqnum = -1;
638
639 if (seq)
640 seqnum = (int64_t)atol(seq);
641
642 /* Check of filter type. */
643 if (type_str) {
644 if (strncmp(type_str, "p", 1) == 0)
645 type = FILTER_PERMIT;
646 else if (strncmp(type_str, "d", 1) == 0)
647 type = FILTER_DENY;
648 else {
649 vty_out(vty, "%% filter type must be permit or deny\n");
650 return CMD_WARNING_CONFIG_FAILED;
651 }
652 }
653
654 ret = inet_aton(addr_str, &addr);
655 if (ret <= 0) {
656 vty_out(vty, "%%Inconsistent address and mask\n");
657 return CMD_WARNING_CONFIG_FAILED;
658 }
659
660 ret = inet_aton(addr_mask_str, &addr_mask);
661 if (ret <= 0) {
662 vty_out(vty, "%%Inconsistent address and mask\n");
663 return CMD_WARNING_CONFIG_FAILED;
664 }
665
666 if (extended) {
667 ret = inet_aton(mask_str, &mask);
668 if (ret <= 0) {
669 vty_out(vty, "%%Inconsistent address and mask\n");
670 return CMD_WARNING_CONFIG_FAILED;
671 }
672
673 ret = inet_aton(mask_mask_str, &mask_mask);
674 if (ret <= 0) {
675 vty_out(vty, "%%Inconsistent address and mask\n");
676 return CMD_WARNING_CONFIG_FAILED;
677 }
678 }
679
680 mfilter = filter_new();
681 mfilter->type = type;
682 mfilter->cisco = 1;
683 mfilter->seq = seqnum;
684 filter = &mfilter->u.cfilter;
685 filter->extended = extended;
686 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
687 filter->addr_mask.s_addr = addr_mask.s_addr;
688
689 if (extended) {
690 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
691 filter->mask_mask.s_addr = mask_mask.s_addr;
692 }
693
694 /* Install new filter to the access_list. */
695 access = access_list_get(AFI_IP, name_str);
696
697 if (set) {
698 if (filter_lookup_cisco(access, mfilter))
699 filter_free(mfilter);
700 else
701 access_list_filter_add(access, mfilter);
702 } else {
703 struct filter *delete_filter;
704
705 delete_filter = filter_lookup_cisco(access, mfilter);
706 if (delete_filter)
707 access_list_filter_delete(access, delete_filter);
708
709 filter_free(mfilter);
710 }
711
712 return CMD_SUCCESS;
713 }
714
715 /* Standard access-list */
716 DEFUN (access_list_standard,
717 access_list_standard_cmd,
718 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
719 "Add an access list entry\n"
720 "IP standard access list\n"
721 "IP standard access list (expanded range)\n"
722 "Sequence number of an entry\n"
723 "Sequence number\n"
724 "Specify packets to reject\n"
725 "Specify packets to forward\n"
726 "Address to match\n"
727 "Wildcard bits\n")
728 {
729 int idx_acl = 1;
730 int idx = 0;
731 char *seq = NULL;
732 char *permit_deny = NULL;
733 char *address = NULL;
734 char *wildcard = NULL;
735
736 argv_find(argv, argc, "(1-4294967295)", &idx);
737 if (idx)
738 seq = argv[idx]->arg;
739
740 idx = 0;
741 argv_find(argv, argc, "permit", &idx);
742 argv_find(argv, argc, "deny", &idx);
743 if (idx)
744 permit_deny = argv[idx]->arg;
745
746 idx = 0;
747 argv_find(argv, argc, "A.B.C.D", &idx);
748 if (idx) {
749 address = argv[idx]->arg;
750 wildcard = argv[idx + 1]->arg;
751 }
752
753 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
754 address, wildcard, NULL, NULL, 0, 1);
755 }
756
757 DEFUN (access_list_standard_nomask,
758 access_list_standard_nomask_cmd,
759 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
760 "Add an access list entry\n"
761 "IP standard access list\n"
762 "IP standard access list (expanded range)\n"
763 "Sequence number of an entry\n"
764 "Sequence number\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
767 "Address to match\n")
768 {
769 int idx_acl = 1;
770 int idx = 0;
771 char *seq = NULL;
772 char *permit_deny = NULL;
773 char *address = NULL;
774
775 argv_find(argv, argc, "(1-4294967295)", &idx);
776 if (idx)
777 seq = argv[idx]->arg;
778
779 idx = 0;
780 argv_find(argv, argc, "permit", &idx);
781 argv_find(argv, argc, "deny", &idx);
782 if (idx)
783 permit_deny = argv[idx]->arg;
784
785 idx = 0;
786 argv_find(argv, argc, "A.B.C.D", &idx);
787 if (idx)
788 address = argv[idx]->arg;
789
790 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
791 address, "0.0.0.0", NULL, NULL, 0, 1);
792 }
793
794 DEFUN (access_list_standard_host,
795 access_list_standard_host_cmd,
796 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
797 "Add an access list entry\n"
798 "IP standard access list\n"
799 "IP standard access list (expanded range)\n"
800 "Sequence number of an entry\n"
801 "Sequence number\n"
802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "A single host address\n"
805 "Address to match\n")
806 {
807 int idx_acl = 1;
808 int idx = 0;
809 char *seq = NULL;
810 char *permit_deny = NULL;
811 char *address = NULL;
812
813 argv_find(argv, argc, "(1-4294967295)", &idx);
814 if (idx)
815 seq = argv[idx]->arg;
816
817 idx = 0;
818 argv_find(argv, argc, "permit", &idx);
819 argv_find(argv, argc, "deny", &idx);
820 if (idx)
821 permit_deny = argv[idx]->arg;
822
823 idx = 0;
824 argv_find(argv, argc, "A.B.C.D", &idx);
825 if (idx)
826 address = argv[idx]->arg;
827
828 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
829 address, "0.0.0.0", NULL, NULL, 0, 1);
830 }
831
832 DEFUN (access_list_standard_any,
833 access_list_standard_any_cmd,
834 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
835 "Add an access list entry\n"
836 "IP standard access list\n"
837 "IP standard access list (expanded range)\n"
838 "Sequence number of an entry\n"
839 "Sequence number\n"
840 "Specify packets to reject\n"
841 "Specify packets to forward\n"
842 "Any source host\n")
843 {
844 int idx_acl = 1;
845 int idx = 0;
846 char *seq = NULL;
847 char *permit_deny = NULL;
848
849 argv_find(argv, argc, "(1-4294967295)", &idx);
850 if (idx)
851 seq = argv[idx]->arg;
852
853 idx = 0;
854 argv_find(argv, argc, "permit", &idx);
855 argv_find(argv, argc, "deny", &idx);
856 if (idx)
857 permit_deny = argv[idx]->arg;
858
859 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
860 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 1);
861 }
862
863 DEFUN (no_access_list_standard,
864 no_access_list_standard_cmd,
865 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
866 NO_STR
867 "Add an access list entry\n"
868 "IP standard access list\n"
869 "IP standard access list (expanded range)\n"
870 "Sequence number of an entry\n"
871 "Sequence number\n"
872 "Specify packets to reject\n"
873 "Specify packets to forward\n"
874 "Address to match\n"
875 "Wildcard bits\n")
876 {
877 int idx_acl = 1;
878 int idx = 0;
879 char *seq = NULL;
880 char *permit_deny = NULL;
881 char *address = NULL;
882 char *wildcard = NULL;
883
884 argv_find(argv, argc, "(1-4294967295)", &idx);
885 if (idx)
886 seq = argv[idx]->arg;
887
888 idx = 0;
889 argv_find(argv, argc, "permit", &idx);
890 argv_find(argv, argc, "deny", &idx);
891 if (idx)
892 permit_deny = argv[idx]->arg;
893
894 idx = 0;
895 argv_find(argv, argc, "A.B.C.D", &idx);
896 if (idx) {
897 address = argv[idx]->arg;
898 wildcard = argv[idx + 1]->arg;
899 }
900
901 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
902 address, wildcard, NULL, NULL, 0, 0);
903 }
904
905 DEFUN (no_access_list_standard_nomask,
906 no_access_list_standard_nomask_cmd,
907 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
908 NO_STR
909 "Add an access list entry\n"
910 "IP standard access list\n"
911 "IP standard access list (expanded range)\n"
912 "Sequence number of an entry\n"
913 "Sequence number\n"
914 "Specify packets to reject\n"
915 "Specify packets to forward\n"
916 "Address to match\n")
917 {
918 int idx_acl = 2;
919 int idx = 0;
920 char *seq = NULL;
921 char *permit_deny = NULL;
922 char *address = NULL;
923
924 argv_find(argv, argc, "(1-4294967295)", &idx);
925 if (idx)
926 seq = argv[idx]->arg;
927
928 idx = 0;
929 argv_find(argv, argc, "permit", &idx);
930 argv_find(argv, argc, "deny", &idx);
931 if (idx)
932 permit_deny = argv[idx]->arg;
933
934 idx = 0;
935 argv_find(argv, argc, "A.B.C.D", &idx);
936 if (idx)
937 address = argv[idx]->arg;
938
939 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
940 address, "0.0.0.0", NULL, NULL, 0, 0);
941 }
942
943 DEFUN (no_access_list_standard_host,
944 no_access_list_standard_host_cmd,
945 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
946 NO_STR
947 "Add an access list entry\n"
948 "IP standard access list\n"
949 "IP standard access list (expanded range)\n"
950 "Sequence number of an entry\n"
951 "Sequence number\n"
952 "Specify packets to reject\n"
953 "Specify packets to forward\n"
954 "A single host address\n"
955 "Address to match\n")
956 {
957 int idx_acl = 2;
958 int idx = 0;
959 char *seq = NULL;
960 char *permit_deny = NULL;
961 char *address = NULL;
962
963 argv_find(argv, argc, "(1-4294967295)", &idx);
964 if (idx)
965 seq = argv[idx]->arg;
966
967 idx = 0;
968 argv_find(argv, argc, "permit", &idx);
969 argv_find(argv, argc, "deny", &idx);
970 if (idx)
971 permit_deny = argv[idx]->arg;
972
973 idx = 0;
974 argv_find(argv, argc, "A.B.C.D", &idx);
975 if (idx)
976 address = argv[idx]->arg;
977
978 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
979 address, "0.0.0.0", NULL, NULL, 0, 0);
980 }
981
982 DEFUN (no_access_list_standard_any,
983 no_access_list_standard_any_cmd,
984 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
985 NO_STR
986 "Add an access list entry\n"
987 "IP standard access list\n"
988 "IP standard access list (expanded range)\n"
989 "Sequence number of an entry\n"
990 "Sequence number\n"
991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any source host\n")
994 {
995 int idx_acl = 2;
996 int idx = 0;
997 char *seq = NULL;
998 char *permit_deny = NULL;
999
1000 argv_find(argv, argc, "(1-4294967295)", &idx);
1001 if (idx)
1002 seq = argv[idx]->arg;
1003
1004 idx = 0;
1005 argv_find(argv, argc, "permit", &idx);
1006 argv_find(argv, argc, "deny", &idx);
1007 if (idx)
1008 permit_deny = argv[idx]->arg;
1009
1010 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1011 "0.0.0.0", "255.255.255.255", NULL, NULL, 0, 0);
1012 }
1013
1014 /* Extended access-list */
1015 DEFUN (access_list_extended,
1016 access_list_extended_cmd,
1017 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1018 "Add an access list entry\n"
1019 "IP extended access list\n"
1020 "IP extended access list (expanded range)\n"
1021 "Sequence number of an entry\n"
1022 "Sequence number\n"
1023 "Specify packets to reject\n"
1024 "Specify packets to forward\n"
1025 "Any Internet Protocol\n"
1026 "Source address\n"
1027 "Source wildcard bits\n"
1028 "Destination address\n"
1029 "Destination Wildcard bits\n")
1030 {
1031 int idx_acl = 1;
1032 int idx = 0;
1033 char *seq = NULL;
1034 char *permit_deny = NULL;
1035 char *src = NULL;
1036 char *dst = NULL;
1037 char *src_wildcard = NULL;
1038 char *dst_wildcard = NULL;
1039
1040 argv_find(argv, argc, "(1-4294967295)", &idx);
1041 if (idx)
1042 seq = argv[idx]->arg;
1043
1044 idx = 0;
1045 argv_find(argv, argc, "permit", &idx);
1046 argv_find(argv, argc, "deny", &idx);
1047 if (idx)
1048 permit_deny = argv[idx]->arg;
1049
1050 idx = 0;
1051 argv_find(argv, argc, "A.B.C.D", &idx);
1052 if (idx) {
1053 src = argv[idx]->arg;
1054 src_wildcard = argv[idx + 1]->arg;
1055 dst = argv[idx + 2]->arg;
1056 dst_wildcard = argv[idx + 3]->arg;
1057 }
1058
1059 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1060 src_wildcard, dst, dst_wildcard, 1, 1);
1061 }
1062
1063 DEFUN (access_list_extended_mask_any,
1064 access_list_extended_mask_any_cmd,
1065 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1066 "Add an access list entry\n"
1067 "IP extended access list\n"
1068 "IP extended access list (expanded range)\n"
1069 "Sequence number of an entry\n"
1070 "Sequence number\n"
1071 "Specify packets to reject\n"
1072 "Specify packets to forward\n"
1073 "Any Internet Protocol\n"
1074 "Source address\n"
1075 "Source wildcard bits\n"
1076 "Any destination host\n")
1077 {
1078 int idx_acl = 1;
1079 int idx = 0;
1080 char *seq = NULL;
1081 char *permit_deny = NULL;
1082 char *src = NULL;
1083 char *src_wildcard = NULL;
1084
1085 argv_find(argv, argc, "(1-4294967295)", &idx);
1086 if (idx)
1087 seq = argv[idx]->arg;
1088
1089 idx = 0;
1090 argv_find(argv, argc, "permit", &idx);
1091 argv_find(argv, argc, "deny", &idx);
1092 if (idx)
1093 permit_deny = argv[idx]->arg;
1094
1095 idx = 0;
1096 argv_find(argv, argc, "A.B.C.D", &idx);
1097 if (idx) {
1098 src = argv[idx]->arg;
1099 src_wildcard = argv[idx + 1]->arg;
1100 }
1101
1102 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1103 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1104 1);
1105 }
1106
1107 DEFUN (access_list_extended_any_mask,
1108 access_list_extended_any_mask_cmd,
1109 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1110 "Add an access list entry\n"
1111 "IP extended access list\n"
1112 "IP extended access list (expanded range)\n"
1113 "Sequence number of an entry\n"
1114 "Sequence number\n"
1115 "Specify packets to reject\n"
1116 "Specify packets to forward\n"
1117 "Any Internet Protocol\n"
1118 "Any source host\n"
1119 "Destination address\n"
1120 "Destination Wildcard bits\n")
1121 {
1122 int idx_acl = 1;
1123 int idx = 0;
1124 char *seq = NULL;
1125 char *permit_deny = NULL;
1126 char *dst = NULL;
1127 char *dst_wildcard = NULL;
1128
1129 argv_find(argv, argc, "(1-4294967295)", &idx);
1130 if (idx)
1131 seq = argv[idx]->arg;
1132
1133 idx = 0;
1134 argv_find(argv, argc, "permit", &idx);
1135 argv_find(argv, argc, "deny", &idx);
1136 if (idx)
1137 permit_deny = argv[idx]->arg;
1138
1139 idx = 0;
1140 argv_find(argv, argc, "A.B.C.D", &idx);
1141 if (idx) {
1142 dst = argv[idx]->arg;
1143 dst_wildcard = argv[idx + 1]->arg;
1144 }
1145
1146 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1147 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1148 1, 1);
1149 }
1150
1151 DEFUN (access_list_extended_any_any,
1152 access_list_extended_any_any_cmd,
1153 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1154 "Add an access list entry\n"
1155 "IP extended access list\n"
1156 "IP extended access list (expanded range)\n"
1157 "Sequence number of an entry\n"
1158 "Sequence number\n"
1159 "Specify packets to reject\n"
1160 "Specify packets to forward\n"
1161 "Any Internet Protocol\n"
1162 "Any source host\n"
1163 "Any destination host\n")
1164 {
1165 int idx_acl = 1;
1166 int idx = 0;
1167 char *seq = NULL;
1168 char *permit_deny = NULL;
1169
1170 argv_find(argv, argc, "(1-4294967295)", &idx);
1171 if (idx)
1172 seq = argv[idx]->arg;
1173
1174 idx = 0;
1175 argv_find(argv, argc, "permit", &idx);
1176 argv_find(argv, argc, "deny", &idx);
1177 if (idx)
1178 permit_deny = argv[idx]->arg;
1179
1180 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1181 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1182 "255.255.255.255", 1, 1);
1183 }
1184
1185 DEFUN (access_list_extended_mask_host,
1186 access_list_extended_mask_host_cmd,
1187 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1188 "Add an access list entry\n"
1189 "IP extended access list\n"
1190 "IP extended access list (expanded range)\n"
1191 "Sequence number of an entry\n"
1192 "Sequence number\n"
1193 "Specify packets to reject\n"
1194 "Specify packets to forward\n"
1195 "Any Internet Protocol\n"
1196 "Source address\n"
1197 "Source wildcard bits\n"
1198 "A single destination host\n"
1199 "Destination address\n")
1200 {
1201 int idx_acl = 1;
1202 int idx = 0;
1203 char *seq = NULL;
1204 char *permit_deny = NULL;
1205 char *src = NULL;
1206 char *dst = NULL;
1207 char *src_wildcard = NULL;
1208
1209 argv_find(argv, argc, "(1-4294967295)", &idx);
1210 if (idx)
1211 seq = argv[idx]->arg;
1212
1213 idx = 0;
1214 argv_find(argv, argc, "permit", &idx);
1215 argv_find(argv, argc, "deny", &idx);
1216 if (idx)
1217 permit_deny = argv[idx]->arg;
1218
1219 idx = 0;
1220 argv_find(argv, argc, "A.B.C.D", &idx);
1221 if (idx) {
1222 src = argv[idx]->arg;
1223 src_wildcard = argv[idx + 1]->arg;
1224 dst = argv[idx + 3]->arg;
1225 }
1226
1227 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1228 src_wildcard, dst, "0.0.0.0", 1, 1);
1229 }
1230
1231 DEFUN (access_list_extended_host_mask,
1232 access_list_extended_host_mask_cmd,
1233 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1234 "Add an access list entry\n"
1235 "IP extended access list\n"
1236 "IP extended access list (expanded range)\n"
1237 "Sequence number of an entry\n"
1238 "Sequence number\n"
1239 "Specify packets to reject\n"
1240 "Specify packets to forward\n"
1241 "Any Internet Protocol\n"
1242 "A single source host\n"
1243 "Source address\n"
1244 "Destination address\n"
1245 "Destination Wildcard bits\n")
1246 {
1247 int idx_acl = 1;
1248 int idx = 0;
1249 char *seq = NULL;
1250 char *permit_deny = NULL;
1251 char *src = NULL;
1252 char *dst = NULL;
1253 char *dst_wildcard = NULL;
1254
1255 argv_find(argv, argc, "(1-4294967295)", &idx);
1256 if (idx)
1257 seq = argv[idx]->arg;
1258
1259 idx = 0;
1260 argv_find(argv, argc, "permit", &idx);
1261 argv_find(argv, argc, "deny", &idx);
1262 if (idx)
1263 permit_deny = argv[idx]->arg;
1264
1265 idx = 0;
1266 argv_find(argv, argc, "A.B.C.D", &idx);
1267 if (idx) {
1268 src = argv[idx]->arg;
1269 dst = argv[idx + 1]->arg;
1270 dst_wildcard = argv[idx + 2]->arg;
1271 }
1272
1273 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1274 "0.0.0.0", dst, dst_wildcard, 1, 1);
1275 }
1276
1277 DEFUN (access_list_extended_host_host,
1278 access_list_extended_host_host_cmd,
1279 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1280 "Add an access list entry\n"
1281 "IP extended access list\n"
1282 "IP extended access list (expanded range)\n"
1283 "Sequence number of an entry\n"
1284 "Sequence number\n"
1285 "Specify packets to reject\n"
1286 "Specify packets to forward\n"
1287 "Any Internet Protocol\n"
1288 "A single source host\n"
1289 "Source address\n"
1290 "A single destination host\n"
1291 "Destination address\n")
1292 {
1293 int idx_acl = 1;
1294 int idx = 0;
1295 char *seq = NULL;
1296 char *permit_deny = NULL;
1297 char *src = NULL;
1298 char *dst = NULL;
1299
1300 argv_find(argv, argc, "(1-4294967295)", &idx);
1301 if (idx)
1302 seq = argv[idx]->arg;
1303
1304 idx = 0;
1305 argv_find(argv, argc, "permit", &idx);
1306 argv_find(argv, argc, "deny", &idx);
1307 if (idx)
1308 permit_deny = argv[idx]->arg;
1309
1310 idx = 0;
1311 argv_find(argv, argc, "A.B.C.D", &idx);
1312 if (idx) {
1313 src = argv[idx]->arg;
1314 dst = argv[idx + 2]->arg;
1315 }
1316
1317 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1318 "0.0.0.0", dst, "0.0.0.0", 1, 1);
1319 }
1320
1321 DEFUN (access_list_extended_any_host,
1322 access_list_extended_any_host_cmd,
1323 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1324 "Add an access list entry\n"
1325 "IP extended access list\n"
1326 "IP extended access list (expanded range)\n"
1327 "Sequence number of an entry\n"
1328 "Sequence number\n"
1329 "Specify packets to reject\n"
1330 "Specify packets to forward\n"
1331 "Any Internet Protocol\n"
1332 "Any source host\n"
1333 "A single destination host\n"
1334 "Destination address\n")
1335 {
1336 int idx_acl = 1;
1337 int idx = 0;
1338 char *seq = NULL;
1339 char *permit_deny = NULL;
1340 char *dst = NULL;
1341
1342 argv_find(argv, argc, "(1-4294967295)", &idx);
1343 if (idx)
1344 seq = argv[idx]->arg;
1345
1346 idx = 0;
1347 argv_find(argv, argc, "permit", &idx);
1348 argv_find(argv, argc, "deny", &idx);
1349 if (idx)
1350 permit_deny = argv[idx]->arg;
1351
1352 idx = 0;
1353 argv_find(argv, argc, "A.B.C.D", &idx);
1354 if (idx)
1355 dst = argv[idx]->arg;
1356
1357 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1358 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1359 1);
1360 }
1361
1362 DEFUN (access_list_extended_host_any,
1363 access_list_extended_host_any_cmd,
1364 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1365 "Add an access list entry\n"
1366 "IP extended access list\n"
1367 "IP extended access list (expanded range)\n"
1368 "Sequence number of an entry\n"
1369 "Sequence number\n"
1370 "Specify packets to reject\n"
1371 "Specify packets to forward\n"
1372 "Any Internet Protocol\n"
1373 "A single source host\n"
1374 "Source address\n"
1375 "Any destination host\n")
1376 {
1377 int idx_acl = 1;
1378 int idx = 0;
1379 char *seq = NULL;
1380 char *permit_deny = NULL;
1381 char *src = NULL;
1382
1383 argv_find(argv, argc, "(1-4294967295)", &idx);
1384 if (idx)
1385 seq = argv[idx]->arg;
1386
1387 idx = 0;
1388 argv_find(argv, argc, "permit", &idx);
1389 argv_find(argv, argc, "deny", &idx);
1390 if (idx)
1391 permit_deny = argv[idx]->arg;
1392
1393 idx = 0;
1394 argv_find(argv, argc, "A.B.C.D", &idx);
1395 if (idx)
1396 src = argv[idx]->arg;
1397
1398 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1399 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
1400 }
1401
1402 DEFUN (no_access_list_extended,
1403 no_access_list_extended_cmd,
1404 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1405 NO_STR
1406 "Add an access list entry\n"
1407 "IP extended access list\n"
1408 "IP extended access list (expanded range)\n"
1409 "Sequence number of an entry\n"
1410 "Sequence number\n"
1411 "Specify packets to reject\n"
1412 "Specify packets to forward\n"
1413 "Any Internet Protocol\n"
1414 "Source address\n"
1415 "Source wildcard bits\n"
1416 "Destination address\n"
1417 "Destination Wildcard bits\n")
1418 {
1419 int idx_acl = 2;
1420 int idx = 0;
1421 char *seq = NULL;
1422 char *permit_deny = NULL;
1423 char *src = NULL;
1424 char *dst = NULL;
1425 char *src_wildcard = NULL;
1426 char *dst_wildcard = NULL;
1427
1428 argv_find(argv, argc, "(1-4294967295)", &idx);
1429 if (idx)
1430 seq = argv[idx]->arg;
1431
1432 idx = 0;
1433 argv_find(argv, argc, "permit", &idx);
1434 argv_find(argv, argc, "deny", &idx);
1435 if (idx)
1436 permit_deny = argv[idx]->arg;
1437
1438 idx = 0;
1439 argv_find(argv, argc, "A.B.C.D", &idx);
1440 if (idx) {
1441 src = argv[idx]->arg;
1442 src_wildcard = argv[idx + 1]->arg;
1443 dst = argv[idx + 2]->arg;
1444 dst_wildcard = argv[idx + 3]->arg;
1445 }
1446
1447 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1448 src_wildcard, dst, dst_wildcard, 1, 0);
1449 }
1450
1451 DEFUN (no_access_list_extended_mask_any,
1452 no_access_list_extended_mask_any_cmd,
1453 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1454 NO_STR
1455 "Add an access list entry\n"
1456 "IP extended access list\n"
1457 "IP extended access list (expanded range)\n"
1458 "Sequence number of an entry\n"
1459 "Sequence number\n"
1460 "Specify packets to reject\n"
1461 "Specify packets to forward\n"
1462 "Any Internet Protocol\n"
1463 "Source address\n"
1464 "Source wildcard bits\n"
1465 "Any destination host\n")
1466 {
1467 int idx_acl = 2;
1468 int idx = 0;
1469 char *seq = NULL;
1470 char *permit_deny = NULL;
1471 char *src = NULL;
1472 char *src_wildcard = NULL;
1473
1474 argv_find(argv, argc, "(1-4294967295)", &idx);
1475 if (idx)
1476 seq = argv[idx]->arg;
1477
1478 idx = 0;
1479 argv_find(argv, argc, "permit", &idx);
1480 argv_find(argv, argc, "deny", &idx);
1481 if (idx)
1482 permit_deny = argv[idx]->arg;
1483
1484 idx = 0;
1485 argv_find(argv, argc, "A.B.C.D", &idx);
1486 if (idx) {
1487 src = argv[idx]->arg;
1488 src_wildcard = argv[idx + 1]->arg;
1489 }
1490
1491 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1492 src_wildcard, "0.0.0.0", "255.255.255.255", 1,
1493 0);
1494 }
1495
1496 DEFUN (no_access_list_extended_any_mask,
1497 no_access_list_extended_any_mask_cmd,
1498 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1499 NO_STR
1500 "Add an access list entry\n"
1501 "IP extended access list\n"
1502 "IP extended access list (expanded range)\n"
1503 "Sequence number of an entry\n"
1504 "Sequence number\n"
1505 "Specify packets to reject\n"
1506 "Specify packets to forward\n"
1507 "Any Internet Protocol\n"
1508 "Any source host\n"
1509 "Destination address\n"
1510 "Destination Wildcard bits\n")
1511 {
1512 int idx_acl = 2;
1513 int idx = 0;
1514 char *seq = NULL;
1515 char *permit_deny = NULL;
1516 char *dst = NULL;
1517 char *dst_wildcard = NULL;
1518
1519 argv_find(argv, argc, "(1-4294967295)", &idx);
1520 if (idx)
1521 seq = argv[idx]->arg;
1522
1523 idx = 0;
1524 argv_find(argv, argc, "permit", &idx);
1525 argv_find(argv, argc, "deny", &idx);
1526 if (idx)
1527 permit_deny = argv[idx]->arg;
1528
1529 idx = 0;
1530 argv_find(argv, argc, "A.B.C.D", &idx);
1531 if (idx) {
1532 dst = argv[idx]->arg;
1533 dst_wildcard = argv[idx + 1]->arg;
1534 }
1535
1536 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1537 "0.0.0.0", "255.255.255.255", dst, dst_wildcard,
1538 1, 0);
1539 }
1540
1541 DEFUN (no_access_list_extended_any_any,
1542 no_access_list_extended_any_any_cmd,
1543 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1544 NO_STR
1545 "Add an access list entry\n"
1546 "IP extended access list\n"
1547 "IP extended access list (expanded range)\n"
1548 "Sequence number of an entry\n"
1549 "Sequence number\n"
1550 "Specify packets to reject\n"
1551 "Specify packets to forward\n"
1552 "Any Internet Protocol\n"
1553 "Any source host\n"
1554 "Any destination host\n")
1555 {
1556 int idx_acl = 2;
1557 int idx = 0;
1558 char *seq = NULL;
1559 char *permit_deny = NULL;
1560
1561 argv_find(argv, argc, "(1-4294967295)", &idx);
1562 if (idx)
1563 seq = argv[idx]->arg;
1564
1565 idx = 0;
1566 argv_find(argv, argc, "permit", &idx);
1567 argv_find(argv, argc, "deny", &idx);
1568 if (idx)
1569 permit_deny = argv[idx]->arg;
1570
1571 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1572 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1573 "255.255.255.255", 1, 0);
1574 }
1575
1576 DEFUN (no_access_list_extended_mask_host,
1577 no_access_list_extended_mask_host_cmd,
1578 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1579 NO_STR
1580 "Add an access list entry\n"
1581 "IP extended access list\n"
1582 "IP extended access list (expanded range)\n"
1583 "Sequence number of an entry\n"
1584 "Sequence number\n"
1585 "Specify packets to reject\n"
1586 "Specify packets to forward\n"
1587 "Any Internet Protocol\n"
1588 "Source address\n"
1589 "Source wildcard bits\n"
1590 "A single destination host\n"
1591 "Destination address\n")
1592 {
1593 int idx_acl = 2;
1594 int idx = 0;
1595 char *seq = NULL;
1596 char *permit_deny = NULL;
1597 char *src = NULL;
1598 char *dst = NULL;
1599 char *src_wildcard = NULL;
1600
1601 argv_find(argv, argc, "(1-4294967295)", &idx);
1602 if (idx)
1603 seq = argv[idx]->arg;
1604
1605 idx = 0;
1606 argv_find(argv, argc, "permit", &idx);
1607 argv_find(argv, argc, "deny", &idx);
1608 if (idx)
1609 permit_deny = argv[idx]->arg;
1610
1611 idx = 0;
1612 argv_find(argv, argc, "A.B.C.D", &idx);
1613 if (idx) {
1614 src = argv[idx]->arg;
1615 src_wildcard = argv[idx + 1]->arg;
1616 dst = argv[idx + 3]->arg;
1617 }
1618
1619 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1620 src_wildcard, dst, "0.0.0.0", 1, 0);
1621 }
1622
1623 DEFUN (no_access_list_extended_host_mask,
1624 no_access_list_extended_host_mask_cmd,
1625 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1626 NO_STR
1627 "Add an access list entry\n"
1628 "IP extended access list\n"
1629 "IP extended access list (expanded range)\n"
1630 "Sequence number of an entry\n"
1631 "Sequence number\n"
1632 "Specify packets to reject\n"
1633 "Specify packets to forward\n"
1634 "Any Internet Protocol\n"
1635 "A single source host\n"
1636 "Source address\n"
1637 "Destination address\n"
1638 "Destination Wildcard bits\n")
1639 {
1640 int idx_acl = 2;
1641 int idx = 0;
1642 char *seq = NULL;
1643 char *permit_deny = NULL;
1644 char *src = NULL;
1645 char *dst = NULL;
1646 char *dst_wildcard = NULL;
1647
1648 argv_find(argv, argc, "(1-4294967295)", &idx);
1649 if (idx)
1650 seq = argv[idx]->arg;
1651
1652 idx = 0;
1653 argv_find(argv, argc, "permit", &idx);
1654 argv_find(argv, argc, "deny", &idx);
1655 if (idx)
1656 permit_deny = argv[idx]->arg;
1657
1658 idx = 0;
1659 argv_find(argv, argc, "A.B.C.D", &idx);
1660 if (idx) {
1661 src = argv[idx]->arg;
1662 dst = argv[idx + 1]->arg;
1663 dst_wildcard = argv[idx + 2]->arg;
1664 }
1665
1666 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1667 "0.0.0.0", dst, dst_wildcard, 1, 0);
1668 }
1669
1670 DEFUN (no_access_list_extended_host_host,
1671 no_access_list_extended_host_host_cmd,
1672 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1673 NO_STR
1674 "Add an access list entry\n"
1675 "IP extended access list\n"
1676 "IP extended access list (expanded range)\n"
1677 "Sequence number of an entry\n"
1678 "Sequence number\n"
1679 "Specify packets to reject\n"
1680 "Specify packets to forward\n"
1681 "Any Internet Protocol\n"
1682 "A single source host\n"
1683 "Source address\n"
1684 "A single destination host\n"
1685 "Destination address\n")
1686 {
1687 int idx_acl = 2;
1688 int idx = 0;
1689 char *seq = NULL;
1690 char *permit_deny = NULL;
1691 char *src = NULL;
1692 char *dst = NULL;
1693
1694 argv_find(argv, argc, "(1-4294967295)", &idx);
1695 if (idx)
1696 seq = argv[idx]->arg;
1697
1698 idx = 0;
1699 argv_find(argv, argc, "permit", &idx);
1700 argv_find(argv, argc, "deny", &idx);
1701 if (idx)
1702 permit_deny = argv[idx]->arg;
1703
1704 idx = 0;
1705 argv_find(argv, argc, "A.B.C.D", &idx);
1706 if (idx) {
1707 src = argv[idx]->arg;
1708 dst = argv[idx + 2]->arg;
1709 }
1710
1711 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1712 "0.0.0.0", dst, "0.0.0.0", 1, 0);
1713 }
1714
1715 DEFUN (no_access_list_extended_any_host,
1716 no_access_list_extended_any_host_cmd,
1717 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1718 NO_STR
1719 "Add an access list entry\n"
1720 "IP extended access list\n"
1721 "IP extended access list (expanded range)\n"
1722 "Sequence number of an entry\n"
1723 "Sequence number\n"
1724 "Specify packets to reject\n"
1725 "Specify packets to forward\n"
1726 "Any Internet Protocol\n"
1727 "Any source host\n"
1728 "A single destination host\n"
1729 "Destination address\n")
1730 {
1731 int idx_acl = 2;
1732 int idx = 0;
1733 char *seq = NULL;
1734 char *permit_deny = NULL;
1735 char *dst = NULL;
1736
1737 argv_find(argv, argc, "(1-4294967295)", &idx);
1738 if (idx)
1739 seq = argv[idx]->arg;
1740
1741 idx = 0;
1742 argv_find(argv, argc, "permit", &idx);
1743 argv_find(argv, argc, "deny", &idx);
1744 if (idx)
1745 permit_deny = argv[idx]->arg;
1746
1747 idx = 0;
1748 argv_find(argv, argc, "A.B.C.D", &idx);
1749 if (idx)
1750 dst = argv[idx]->arg;
1751
1752 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny,
1753 "0.0.0.0", "255.255.255.255", dst, "0.0.0.0", 1,
1754 0);
1755 }
1756
1757 DEFUN (no_access_list_extended_host_any,
1758 no_access_list_extended_host_any_cmd,
1759 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1760 NO_STR
1761 "Add an access list entry\n"
1762 "IP extended access list\n"
1763 "IP extended access list (expanded range)\n"
1764 "Sequence number of an entry\n"
1765 "Sequence number\n"
1766 "Specify packets to reject\n"
1767 "Specify packets to forward\n"
1768 "Any Internet Protocol\n"
1769 "A single source host\n"
1770 "Source address\n"
1771 "Any destination host\n")
1772 {
1773 int idx_acl = 2;
1774 int idx = 0;
1775 char *seq = NULL;
1776 char *permit_deny = NULL;
1777 char *src = NULL;
1778
1779 argv_find(argv, argc, "(1-4294967295)", &idx);
1780 if (idx)
1781 seq = argv[idx]->arg;
1782
1783 idx = 0;
1784 argv_find(argv, argc, "permit", &idx);
1785 argv_find(argv, argc, "deny", &idx);
1786 if (idx)
1787 permit_deny = argv[idx]->arg;
1788
1789 idx = 0;
1790 argv_find(argv, argc, "A.B.C.D", &idx);
1791 if (idx)
1792 src = argv[idx]->arg;
1793
1794 return filter_set_cisco(vty, argv[idx_acl]->arg, seq, permit_deny, src,
1795 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1796 }
1797
1798 static int filter_set_zebra(struct vty *vty, const char *name_str,
1799 const char *seq, const char *type_str, afi_t afi,
1800 const char *prefix_str, int exact, int set)
1801 {
1802 int ret;
1803 enum filter_type type = FILTER_DENY;
1804 struct filter *mfilter;
1805 struct filter_zebra *filter;
1806 struct access_list *access;
1807 struct prefix p;
1808 int64_t seqnum = -1;
1809
1810 if (strlen(name_str) > ACL_NAMSIZ) {
1811 vty_out(vty,
1812 "%% ACL name %s is invalid: length exceeds "
1813 "%d characters\n",
1814 name_str, ACL_NAMSIZ);
1815 return CMD_WARNING_CONFIG_FAILED;
1816 }
1817
1818 if (seq)
1819 seqnum = (int64_t)atol(seq);
1820
1821 /* Check of filter type. */
1822 if (type_str) {
1823 if (strncmp(type_str, "p", 1) == 0)
1824 type = FILTER_PERMIT;
1825 else if (strncmp(type_str, "d", 1) == 0)
1826 type = FILTER_DENY;
1827 else {
1828 vty_out(vty, "filter type must be [permit|deny]\n");
1829 return CMD_WARNING_CONFIG_FAILED;
1830 }
1831 }
1832
1833 /* Check string format of prefix and prefixlen. */
1834 if (afi == AFI_IP) {
1835 ret = str2prefix_ipv4(prefix_str, (struct prefix_ipv4 *)&p);
1836 if (ret <= 0) {
1837 vty_out(vty,
1838 "IP address prefix/prefixlen is malformed\n");
1839 return CMD_WARNING_CONFIG_FAILED;
1840 }
1841 } else if (afi == AFI_IP6) {
1842 ret = str2prefix_ipv6(prefix_str, (struct prefix_ipv6 *)&p);
1843 if (ret <= 0) {
1844 vty_out(vty,
1845 "IPv6 address prefix/prefixlen is malformed\n");
1846 return CMD_WARNING_CONFIG_FAILED;
1847 }
1848 } else if (afi == AFI_L2VPN) {
1849 ret = str2prefix_eth(prefix_str, (struct prefix_eth *)&p);
1850 if (ret <= 0) {
1851 vty_out(vty, "MAC address is malformed\n");
1852 return CMD_WARNING;
1853 }
1854 } else
1855 return CMD_WARNING_CONFIG_FAILED;
1856
1857 mfilter = filter_new();
1858 mfilter->type = type;
1859 mfilter->seq = seqnum;
1860 filter = &mfilter->u.zfilter;
1861 prefix_copy(&filter->prefix, &p);
1862
1863 /* "exact-match" */
1864 if (exact)
1865 filter->exact = 1;
1866
1867 /* Install new filter to the access_list. */
1868 access = access_list_get(afi, name_str);
1869
1870 if (set) {
1871 if (filter_lookup_zebra(access, mfilter))
1872 filter_free(mfilter);
1873 else
1874 access_list_filter_add(access, mfilter);
1875 } else {
1876 struct filter *delete_filter;
1877 delete_filter = filter_lookup_zebra(access, mfilter);
1878 if (delete_filter)
1879 access_list_filter_delete(access, delete_filter);
1880
1881 filter_free(mfilter);
1882 }
1883
1884 return CMD_SUCCESS;
1885 }
1886
1887 DEFUN (mac_access_list,
1888 mac_access_list_cmd,
1889 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1890 "Add a mac access-list\n"
1891 "Add an access list entry\n"
1892 "MAC zebra access-list name\n"
1893 "Sequence number of an entry\n"
1894 "Sequence number\n"
1895 "Specify packets to reject\n"
1896 "Specify packets to forward\n"
1897 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1898 {
1899 int idx = 0;
1900 char *seq = NULL;
1901 char *permit_deny = NULL;
1902 char *mac = NULL;
1903
1904 argv_find(argv, argc, "(1-4294967295)", &idx);
1905 if (idx)
1906 seq = argv[idx]->arg;
1907
1908 idx = 0;
1909 argv_find(argv, argc, "permit", &idx);
1910 argv_find(argv, argc, "deny", &idx);
1911 if (idx)
1912 permit_deny = argv[idx]->arg;
1913
1914 idx = 0;
1915 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1916 if (idx)
1917 mac = argv[idx]->arg;
1918
1919 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1920 mac, 0, 1);
1921 }
1922
1923 DEFUN (no_mac_access_list,
1924 no_mac_access_list_cmd,
1925 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1926 NO_STR
1927 "Remove a mac access-list\n"
1928 "Remove an access list entry\n"
1929 "MAC zebra access-list name\n"
1930 "Sequence number of an entry\n"
1931 "Sequence number\n"
1932 "Specify packets to reject\n"
1933 "Specify packets to forward\n"
1934 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1935 {
1936 int idx = 0;
1937 char *seq = NULL;
1938 char *permit_deny = NULL;
1939 char *mac = NULL;
1940
1941 argv_find(argv, argc, "(1-4294967295)", &idx);
1942 if (idx)
1943 seq = argv[idx]->arg;
1944
1945 idx = 0;
1946 argv_find(argv, argc, "permit", &idx);
1947 argv_find(argv, argc, "deny", &idx);
1948 if (idx)
1949 permit_deny = argv[idx]->arg;
1950
1951 idx = 0;
1952 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1953 if (idx)
1954 mac = argv[idx]->arg;
1955
1956 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1957 mac, 0, 0);
1958 }
1959
1960 DEFUN (mac_access_list_any,
1961 mac_access_list_any_cmd,
1962 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1963 "Add a mac access-list\n"
1964 "Add an access list entry\n"
1965 "MAC zebra access-list name\n"
1966 "Sequence number of an entry\n"
1967 "Sequence number\n"
1968 "Specify packets to reject\n"
1969 "Specify packets to forward\n"
1970 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1971 {
1972 int idx = 0;
1973 char *seq = NULL;
1974 char *permit_deny = NULL;
1975
1976 argv_find(argv, argc, "(1-4294967295)", &idx);
1977 if (idx)
1978 seq = argv[idx]->arg;
1979
1980 idx = 0;
1981 argv_find(argv, argc, "permit", &idx);
1982 argv_find(argv, argc, "deny", &idx);
1983 if (idx)
1984 permit_deny = argv[idx]->arg;
1985
1986 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1987 "00:00:00:00:00:00", 0, 1);
1988 }
1989
1990 DEFUN (no_mac_access_list_any,
1991 no_mac_access_list_any_cmd,
1992 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1993 NO_STR
1994 "Remove a mac access-list\n"
1995 "Remove an access list entry\n"
1996 "MAC zebra access-list name\n"
1997 "Sequence number of an entry\n"
1998 "Sequence number\n"
1999 "Specify packets to reject\n"
2000 "Specify packets to forward\n"
2001 "MAC address to match. e.g. 00:01:00:01:00:01\n")
2002 {
2003 int idx = 0;
2004 char *seq = NULL;
2005 char *permit_deny = NULL;
2006
2007 argv_find(argv, argc, "(1-4294967295)", &idx);
2008 if (idx)
2009 seq = argv[idx]->arg;
2010
2011 idx = 0;
2012 argv_find(argv, argc, "permit", &idx);
2013 argv_find(argv, argc, "deny", &idx);
2014 if (idx)
2015 permit_deny = argv[idx]->arg;
2016
2017 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
2018 "00:00:00:00:00:00", 0, 0);
2019 }
2020
2021 DEFUN (access_list_exact,
2022 access_list_exact_cmd,
2023 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2024 "Add an access list entry\n"
2025 "IP zebra access-list name\n"
2026 "Sequence number of an entry\n"
2027 "Sequence number\n"
2028 "Specify packets to reject\n"
2029 "Specify packets to forward\n"
2030 "Prefix to match. e.g. 10.0.0.0/8\n"
2031 "Exact match of the prefixes\n")
2032 {
2033 int idx = 0;
2034 int exact = 0;
2035 char *seq = NULL;
2036 char *permit_deny = NULL;
2037 char *prefix = NULL;
2038
2039 argv_find(argv, argc, "(1-4294967295)", &idx);
2040 if (idx)
2041 seq = argv[idx]->arg;
2042
2043 idx = 0;
2044 argv_find(argv, argc, "permit", &idx);
2045 argv_find(argv, argc, "deny", &idx);
2046 if (idx)
2047 permit_deny = argv[idx]->arg;
2048
2049 idx = 0;
2050 argv_find(argv, argc, "A.B.C.D/M", &idx);
2051 if (idx)
2052 prefix = argv[idx]->arg;
2053
2054 idx = 0;
2055 if (argv_find(argv, argc, "exact-match", &idx))
2056 exact = 1;
2057
2058 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2059 AFI_IP, prefix, exact, 1);
2060 }
2061
2062 DEFUN (access_list_any,
2063 access_list_any_cmd,
2064 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
2065 "Add an access list entry\n"
2066 "IP zebra access-list name\n"
2067 "Sequence number of an entry\n"
2068 "Sequence number\n"
2069 "Specify packets to reject\n"
2070 "Specify packets to forward\n"
2071 "Prefix to match. e.g. 10.0.0.0/8\n")
2072 {
2073 int idx_word = 1;
2074 int idx = 0;
2075 char *seq = NULL;
2076 char *permit_deny = NULL;
2077
2078 argv_find(argv, argc, "(1-4294967295)", &idx);
2079 if (idx)
2080 seq = argv[idx]->arg;
2081
2082 idx = 0;
2083 argv_find(argv, argc, "permit", &idx);
2084 argv_find(argv, argc, "deny", &idx);
2085 if (idx)
2086 permit_deny = argv[idx]->arg;
2087
2088 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2089 AFI_IP, "0.0.0.0/0", 0, 1);
2090 }
2091
2092 DEFUN (no_access_list_exact,
2093 no_access_list_exact_cmd,
2094 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2095 NO_STR
2096 "Add an access list entry\n"
2097 "IP zebra access-list name\n"
2098 "Sequence number of an entry\n"
2099 "Sequence number\n"
2100 "Specify packets to reject\n"
2101 "Specify packets to forward\n"
2102 "Prefix to match. e.g. 10.0.0.0/8\n"
2103 "Exact match of the prefixes\n")
2104 {
2105 int idx = 0;
2106 int exact = 0;
2107 char *seq = NULL;
2108 char *permit_deny = NULL;
2109 char *prefix = NULL;
2110
2111 argv_find(argv, argc, "(1-4294967295)", &idx);
2112 if (idx)
2113 seq = argv[idx]->arg;
2114
2115 idx = 0;
2116 argv_find(argv, argc, "permit", &idx);
2117 argv_find(argv, argc, "deny", &idx);
2118 if (idx)
2119 permit_deny = argv[idx]->arg;
2120
2121 idx = 0;
2122 argv_find(argv, argc, "A.B.C.D/M", &idx);
2123 if (idx)
2124 prefix = argv[idx]->arg;
2125
2126 idx = 0;
2127 if (argv_find(argv, argc, "exact-match", &idx))
2128 exact = 1;
2129
2130 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2131 AFI_IP, prefix, exact, 0);
2132 }
2133
2134 DEFUN (no_access_list_any,
2135 no_access_list_any_cmd,
2136 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
2137 NO_STR
2138 "Add an access list entry\n"
2139 "IP zebra access-list name\n"
2140 "Sequence number of an entry\n"
2141 "Sequence number\n"
2142 "Specify packets to reject\n"
2143 "Specify packets to forward\n"
2144 "Prefix to match. e.g. 10.0.0.0/8\n")
2145 {
2146 int idx_word = 1;
2147 int idx = 0;
2148 char *seq = NULL;
2149 char *permit_deny = NULL;
2150
2151 argv_find(argv, argc, "(1-4294967295)", &idx);
2152 if (idx)
2153 seq = argv[idx]->arg;
2154
2155 idx = 0;
2156 argv_find(argv, argc, "permit", &idx);
2157 argv_find(argv, argc, "deny", &idx);
2158 if (idx)
2159 permit_deny = argv[idx]->arg;
2160
2161 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2162 AFI_IP, "0.0.0.0/0", 0, 0);
2163 }
2164
2165 DEFUN (no_access_list_all,
2166 no_access_list_all_cmd,
2167 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2168 NO_STR
2169 "Add an access list entry\n"
2170 "IP standard access list\n"
2171 "IP extended access list\n"
2172 "IP standard access list (expanded range)\n"
2173 "IP extended access list (expanded range)\n"
2174 "IP zebra access-list name\n")
2175 {
2176 int idx_acl = 2;
2177 struct access_list *access;
2178 struct access_master *master;
2179
2180 /* Looking up access_list. */
2181 access = access_list_lookup(AFI_IP, argv[idx_acl]->arg);
2182 if (access == NULL) {
2183 vty_out(vty, "%% access-list %s doesn't exist\n",
2184 argv[idx_acl]->arg);
2185 return CMD_WARNING_CONFIG_FAILED;
2186 }
2187
2188 master = access->master;
2189
2190 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2191 /* Run hook function. */
2192 if (master->delete_hook)
2193 (*master->delete_hook)(access);
2194
2195 /* Delete all filter from access-list. */
2196 access_list_delete(access);
2197
2198 return CMD_SUCCESS;
2199 }
2200
2201 DEFUN (access_list_remark,
2202 access_list_remark_cmd,
2203 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2204 "Add an access list entry\n"
2205 "IP standard access list\n"
2206 "IP extended access list\n"
2207 "IP standard access list (expanded range)\n"
2208 "IP extended access list (expanded range)\n"
2209 "IP zebra access-list\n"
2210 "Access list entry comment\n"
2211 "Comment up to 100 characters\n")
2212 {
2213 int idx_acl = 1;
2214 int idx_remark = 3;
2215 struct access_list *access;
2216
2217 access = access_list_get(AFI_IP, argv[idx_acl]->arg);
2218
2219 if (access->remark) {
2220 XFREE(MTYPE_TMP, access->remark);
2221 access->remark = NULL;
2222 }
2223 access->remark = argv_concat(argv, argc, idx_remark);
2224
2225 return CMD_SUCCESS;
2226 }
2227
2228 DEFUN (no_access_list_remark,
2229 no_access_list_remark_cmd,
2230 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
2231 NO_STR
2232 "Add an access list entry\n"
2233 "IP standard access list\n"
2234 "IP extended access list\n"
2235 "IP standard access list (expanded range)\n"
2236 "IP extended access list (expanded range)\n"
2237 "IP zebra access-list\n"
2238 "Access list entry comment\n")
2239 {
2240 int idx_acl = 2;
2241 return vty_access_list_remark_unset(vty, AFI_IP, argv[idx_acl]->arg);
2242 }
2243
2244 /* ALIAS_FIXME */
2245 DEFUN (no_access_list_remark_comment,
2246 no_access_list_remark_comment_cmd,
2247 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2248 NO_STR
2249 "Add an access list entry\n"
2250 "IP standard access list\n"
2251 "IP extended access list\n"
2252 "IP standard access list (expanded range)\n"
2253 "IP extended access list (expanded range)\n"
2254 "IP zebra access-list\n"
2255 "Access list entry comment\n"
2256 "Comment up to 100 characters\n")
2257 {
2258 return no_access_list_remark(self, vty, argc, argv);
2259 }
2260
2261 DEFUN (ipv6_access_list_exact,
2262 ipv6_access_list_exact_cmd,
2263 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2264 IPV6_STR
2265 "Add an access list entry\n"
2266 "IPv6 zebra access-list\n"
2267 "Sequence number of an entry\n"
2268 "Sequence number\n"
2269 "Specify packets to reject\n"
2270 "Specify packets to forward\n"
2271 "IPv6 prefix\n"
2272 "Exact match of the prefixes\n")
2273 {
2274 int idx = 0;
2275 int exact = 0;
2276 int idx_word = 2;
2277 char *seq = NULL;
2278 char *permit_deny = NULL;
2279 char *prefix = NULL;
2280
2281 argv_find(argv, argc, "(1-4294967295)", &idx);
2282 if (idx)
2283 seq = argv[idx]->arg;
2284
2285 idx = 0;
2286 argv_find(argv, argc, "permit", &idx);
2287 argv_find(argv, argc, "deny", &idx);
2288 if (idx)
2289 permit_deny = argv[idx]->arg;
2290
2291 idx = 0;
2292 argv_find(argv, argc, "X:X::X:X/M", &idx);
2293 if (idx)
2294 prefix = argv[idx]->arg;
2295
2296 idx = 0;
2297 if (argv_find(argv, argc, "exact-match", &idx))
2298 exact = 1;
2299
2300 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2301 AFI_IP6, prefix, exact, 1);
2302 }
2303
2304 DEFUN (ipv6_access_list_any,
2305 ipv6_access_list_any_cmd,
2306 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2307 IPV6_STR
2308 "Add an access list entry\n"
2309 "IPv6 zebra access-list\n"
2310 "Sequence number of an entry\n"
2311 "Sequence number\n"
2312 "Specify packets to reject\n"
2313 "Specify packets to forward\n"
2314 "Any prefixi to match\n")
2315 {
2316 int idx_word = 2;
2317 int idx = 0;
2318 char *seq = NULL;
2319 char *permit_deny = NULL;
2320
2321 argv_find(argv, argc, "(1-4294967295)", &idx);
2322 if (idx)
2323 seq = argv[idx]->arg;
2324
2325 idx = 0;
2326 argv_find(argv, argc, "permit", &idx);
2327 argv_find(argv, argc, "deny", &idx);
2328 if (idx)
2329 permit_deny = argv[idx]->arg;
2330
2331 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2332 AFI_IP6, "::/0", 0, 1);
2333 }
2334
2335 DEFUN (no_ipv6_access_list_exact,
2336 no_ipv6_access_list_exact_cmd,
2337 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2338 NO_STR
2339 IPV6_STR
2340 "Add an access list entry\n"
2341 "IPv6 zebra access-list\n"
2342 "Sequence number of an entry\n"
2343 "Sequence number\n"
2344 "Specify packets to reject\n"
2345 "Specify packets to forward\n"
2346 "Prefix to match. e.g. 3ffe:506::/32\n"
2347 "Exact match of the prefixes\n")
2348 {
2349 int idx = 0;
2350 int exact = 0;
2351 int idx_word = 2;
2352 char *seq = NULL;
2353 char *permit_deny = NULL;
2354 char *prefix = NULL;
2355
2356 argv_find(argv, argc, "(1-4294967295)", &idx);
2357 if (idx)
2358 seq = argv[idx]->arg;
2359
2360 idx = 0;
2361 argv_find(argv, argc, "permit", &idx);
2362 argv_find(argv, argc, "deny", &idx);
2363 if (idx)
2364 permit_deny = argv[idx]->arg;
2365
2366 idx = 0;
2367 argv_find(argv, argc, "X:X::X:X/M", &idx);
2368 if (idx)
2369 prefix = argv[idx]->arg;
2370
2371 idx = 0;
2372 if (argv_find(argv, argc, "exact-match", &idx))
2373 exact = 1;
2374
2375 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2376 AFI_IP6, prefix, exact, 0);
2377 }
2378
2379 DEFUN (no_ipv6_access_list_any,
2380 no_ipv6_access_list_any_cmd,
2381 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2382 NO_STR
2383 IPV6_STR
2384 "Add an access list entry\n"
2385 "IPv6 zebra access-list\n"
2386 "Sequence number of an entry\n"
2387 "Sequence number\n"
2388 "Specify packets to reject\n"
2389 "Specify packets to forward\n"
2390 "Any prefixi to match\n")
2391 {
2392 int idx_word = 2;
2393 int idx = 0;
2394 char *seq = NULL;
2395 char *permit_deny = NULL;
2396
2397 argv_find(argv, argc, "(1-4294967295)", &idx);
2398 if (idx)
2399 seq = argv[idx]->arg;
2400
2401 idx = 0;
2402 argv_find(argv, argc, "permit", &idx);
2403 argv_find(argv, argc, "deny", &idx);
2404 if (idx)
2405 permit_deny = argv[idx]->arg;
2406
2407 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2408 AFI_IP6, "::/0", 0, 0);
2409 }
2410
2411
2412 DEFUN (no_ipv6_access_list_all,
2413 no_ipv6_access_list_all_cmd,
2414 "no ipv6 access-list WORD",
2415 NO_STR
2416 IPV6_STR
2417 "Add an access list entry\n"
2418 "IPv6 zebra access-list\n")
2419 {
2420 int idx_word = 3;
2421 struct access_list *access;
2422 struct access_master *master;
2423
2424 /* Looking up access_list. */
2425 access = access_list_lookup(AFI_IP6, argv[idx_word]->arg);
2426 if (access == NULL) {
2427 vty_out(vty, "%% access-list %s doesn't exist\n",
2428 argv[idx_word]->arg);
2429 return CMD_WARNING_CONFIG_FAILED;
2430 }
2431
2432 master = access->master;
2433
2434 route_map_notify_dependencies(access->name, RMAP_EVENT_FILTER_DELETED);
2435 /* Run hook function. */
2436 if (master->delete_hook)
2437 (*master->delete_hook)(access);
2438
2439 /* Delete all filter from access-list. */
2440 access_list_delete(access);
2441
2442 return CMD_SUCCESS;
2443 }
2444
2445 DEFUN (ipv6_access_list_remark,
2446 ipv6_access_list_remark_cmd,
2447 "ipv6 access-list WORD remark LINE...",
2448 IPV6_STR
2449 "Add an access list entry\n"
2450 "IPv6 zebra access-list\n"
2451 "Access list entry comment\n"
2452 "Comment up to 100 characters\n")
2453 {
2454 int idx_word = 2;
2455 int idx_line = 4;
2456 struct access_list *access;
2457
2458 access = access_list_get(AFI_IP6, argv[idx_word]->arg);
2459
2460 if (access->remark) {
2461 XFREE(MTYPE_TMP, access->remark);
2462 access->remark = NULL;
2463 }
2464 access->remark = argv_concat(argv, argc, idx_line);
2465
2466 return CMD_SUCCESS;
2467 }
2468
2469 DEFUN (no_ipv6_access_list_remark,
2470 no_ipv6_access_list_remark_cmd,
2471 "no ipv6 access-list WORD remark",
2472 NO_STR
2473 IPV6_STR
2474 "Add an access list entry\n"
2475 "IPv6 zebra access-list\n"
2476 "Access list entry comment\n")
2477 {
2478 int idx_word = 3;
2479 return vty_access_list_remark_unset(vty, AFI_IP6, argv[idx_word]->arg);
2480 }
2481
2482 /* ALIAS_FIXME */
2483 DEFUN (no_ipv6_access_list_remark_comment,
2484 no_ipv6_access_list_remark_comment_cmd,
2485 "no ipv6 access-list WORD remark LINE...",
2486 NO_STR
2487 IPV6_STR
2488 "Add an access list entry\n"
2489 "IPv6 zebra access-list\n"
2490 "Access list entry comment\n"
2491 "Comment up to 100 characters\n")
2492 {
2493 return no_ipv6_access_list_remark(self, vty, argc, argv);
2494 }
2495
2496 void config_write_access_zebra(struct vty *, struct filter *);
2497 void config_write_access_cisco(struct vty *, struct filter *);
2498
2499 /* show access-list command. */
2500 static int filter_show(struct vty *vty, const char *name, afi_t afi)
2501 {
2502 struct access_list *access;
2503 struct access_master *master;
2504 struct filter *mfilter;
2505 struct filter_cisco *filter;
2506 int write = 0;
2507
2508 master = access_master_get(afi);
2509 if (master == NULL)
2510 return 0;
2511
2512 /* Print the name of the protocol */
2513 vty_out(vty, "%s:\n", frr_protoname);
2514
2515 for (access = master->num.head; access; access = access->next) {
2516 if (name && strcmp(access->name, name) != 0)
2517 continue;
2518
2519 write = 1;
2520
2521 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2522 filter = &mfilter->u.cfilter;
2523
2524 if (write) {
2525 vty_out(vty, "%s %s access list %s\n",
2526 mfilter->cisco ? (filter->extended
2527 ? "Extended"
2528 : "Standard")
2529 : "Zebra",
2530 (afi == AFI_IP)
2531 ? ("IP")
2532 : ((afi == AFI_IP6) ? ("IPv6 ")
2533 : ("MAC ")),
2534 access->name);
2535 write = 0;
2536 }
2537
2538 vty_out(vty, " seq %" PRId64, mfilter->seq);
2539 vty_out(vty, " %s%s", filter_type_str(mfilter),
2540 mfilter->type == FILTER_DENY ? " " : "");
2541
2542 if (!mfilter->cisco)
2543 config_write_access_zebra(vty, mfilter);
2544 else if (filter->extended)
2545 config_write_access_cisco(vty, mfilter);
2546 else {
2547 if (filter->addr_mask.s_addr == 0xffffffff)
2548 vty_out(vty, " any\n");
2549 else {
2550 vty_out(vty, " %s",
2551 inet_ntoa(filter->addr));
2552 if (filter->addr_mask.s_addr != 0)
2553 vty_out(vty,
2554 ", wildcard bits %s",
2555 inet_ntoa(
2556 filter->addr_mask));
2557 vty_out(vty, "\n");
2558 }
2559 }
2560 }
2561 }
2562
2563 for (access = master->str.head; access; access = access->next) {
2564 if (name && strcmp(access->name, name) != 0)
2565 continue;
2566
2567 write = 1;
2568
2569 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2570 filter = &mfilter->u.cfilter;
2571
2572 if (write) {
2573 vty_out(vty, "%s %s access list %s\n",
2574 mfilter->cisco ? (filter->extended
2575 ? "Extended"
2576 : "Standard")
2577 : "Zebra",
2578 (afi == AFI_IP)
2579 ? ("IP")
2580 : ((afi == AFI_IP6) ? ("IPv6 ")
2581 : ("MAC ")),
2582 access->name);
2583 write = 0;
2584 }
2585
2586 vty_out(vty, " seq %" PRId64, mfilter->seq);
2587 vty_out(vty, " %s%s", filter_type_str(mfilter),
2588 mfilter->type == FILTER_DENY ? " " : "");
2589
2590 if (!mfilter->cisco)
2591 config_write_access_zebra(vty, mfilter);
2592 else if (filter->extended)
2593 config_write_access_cisco(vty, mfilter);
2594 else {
2595 if (filter->addr_mask.s_addr == 0xffffffff)
2596 vty_out(vty, " any\n");
2597 else {
2598 vty_out(vty, " %s",
2599 inet_ntoa(filter->addr));
2600 if (filter->addr_mask.s_addr != 0)
2601 vty_out(vty,
2602 ", wildcard bits %s",
2603 inet_ntoa(
2604 filter->addr_mask));
2605 vty_out(vty, "\n");
2606 }
2607 }
2608 }
2609 }
2610 return CMD_SUCCESS;
2611 }
2612
2613 /* show MAC access list - this only has MAC filters for now*/
2614 DEFUN (show_mac_access_list,
2615 show_mac_access_list_cmd,
2616 "show mac access-list",
2617 SHOW_STR
2618 "mac access lists\n"
2619 "List mac access lists\n")
2620 {
2621 return filter_show(vty, NULL, AFI_L2VPN);
2622 }
2623
2624 DEFUN (show_mac_access_list_name,
2625 show_mac_access_list_name_cmd,
2626 "show mac access-list WORD",
2627 SHOW_STR
2628 "mac access lists\n"
2629 "List mac access lists\n"
2630 "mac address\n")
2631 {
2632 return filter_show(vty, argv[3]->arg, AFI_L2VPN);
2633 }
2634
2635 DEFUN (show_ip_access_list,
2636 show_ip_access_list_cmd,
2637 "show ip access-list",
2638 SHOW_STR
2639 IP_STR
2640 "List IP access lists\n")
2641 {
2642 return filter_show(vty, NULL, AFI_IP);
2643 }
2644
2645 DEFUN (show_ip_access_list_name,
2646 show_ip_access_list_name_cmd,
2647 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2648 SHOW_STR
2649 IP_STR
2650 "List IP access lists\n"
2651 "IP standard access list\n"
2652 "IP extended access list\n"
2653 "IP standard access list (expanded range)\n"
2654 "IP extended access list (expanded range)\n"
2655 "IP zebra access-list\n")
2656 {
2657 int idx_acl = 3;
2658 return filter_show(vty, argv[idx_acl]->arg, AFI_IP);
2659 }
2660
2661 DEFUN (show_ipv6_access_list,
2662 show_ipv6_access_list_cmd,
2663 "show ipv6 access-list",
2664 SHOW_STR
2665 IPV6_STR
2666 "List IPv6 access lists\n")
2667 {
2668 return filter_show(vty, NULL, AFI_IP6);
2669 }
2670
2671 DEFUN (show_ipv6_access_list_name,
2672 show_ipv6_access_list_name_cmd,
2673 "show ipv6 access-list WORD",
2674 SHOW_STR
2675 IPV6_STR
2676 "List IPv6 access lists\n"
2677 "IPv6 zebra access-list\n")
2678 {
2679 int idx_word = 3;
2680 return filter_show(vty, argv[idx_word]->arg, AFI_IP6);
2681 }
2682
2683 void config_write_access_cisco(struct vty *vty, struct filter *mfilter)
2684 {
2685 struct filter_cisco *filter;
2686
2687 filter = &mfilter->u.cfilter;
2688
2689 if (filter->extended) {
2690 vty_out(vty, " ip");
2691 if (filter->addr_mask.s_addr == 0xffffffff)
2692 vty_out(vty, " any");
2693 else if (filter->addr_mask.s_addr == 0)
2694 vty_out(vty, " host %s", inet_ntoa(filter->addr));
2695 else {
2696 vty_out(vty, " %s", inet_ntoa(filter->addr));
2697 vty_out(vty, " %s", inet_ntoa(filter->addr_mask));
2698 }
2699
2700 if (filter->mask_mask.s_addr == 0xffffffff)
2701 vty_out(vty, " any");
2702 else if (filter->mask_mask.s_addr == 0)
2703 vty_out(vty, " host %s", inet_ntoa(filter->mask));
2704 else {
2705 vty_out(vty, " %s", inet_ntoa(filter->mask));
2706 vty_out(vty, " %s", inet_ntoa(filter->mask_mask));
2707 }
2708 vty_out(vty, "\n");
2709 } else {
2710 if (filter->addr_mask.s_addr == 0xffffffff)
2711 vty_out(vty, " any\n");
2712 else {
2713 vty_out(vty, " %s", inet_ntoa(filter->addr));
2714 if (filter->addr_mask.s_addr != 0)
2715 vty_out(vty, " %s",
2716 inet_ntoa(filter->addr_mask));
2717 vty_out(vty, "\n");
2718 }
2719 }
2720 }
2721
2722 void config_write_access_zebra(struct vty *vty, struct filter *mfilter)
2723 {
2724 struct filter_zebra *filter;
2725 struct prefix *p;
2726 char buf[BUFSIZ];
2727
2728 filter = &mfilter->u.zfilter;
2729 p = &filter->prefix;
2730
2731 if (p->prefixlen == 0 && !filter->exact)
2732 vty_out(vty, " any");
2733 else if (p->family == AF_INET6 || p->family == AF_INET)
2734 vty_out(vty, " %s/%d%s",
2735 inet_ntop(p->family, &p->u.prefix, buf, BUFSIZ),
2736 p->prefixlen, filter->exact ? " exact-match" : "");
2737 else if (p->family == AF_ETHERNET) {
2738 if (p->prefixlen == 0)
2739 vty_out(vty, " any");
2740 else
2741 vty_out(vty, " %s", prefix_mac2str(&(p->u.prefix_eth),
2742 buf, sizeof(buf)));
2743 }
2744
2745 vty_out(vty, "\n");
2746 }
2747
2748 static int config_write_access(struct vty *vty, afi_t afi)
2749 {
2750 struct access_list *access;
2751 struct access_master *master;
2752 struct filter *mfilter;
2753 int write = 0;
2754
2755 master = access_master_get(afi);
2756 if (master == NULL)
2757 return 0;
2758
2759 for (access = master->num.head; access; access = access->next) {
2760 if (access->remark) {
2761 vty_out(vty, "%saccess-list %s remark %s\n",
2762 (afi == AFI_IP) ? ("")
2763 : ((afi == AFI_IP6) ? ("ipv6 ")
2764 : ("mac ")),
2765 access->name, access->remark);
2766 write++;
2767 }
2768
2769 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2770 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
2771 (afi == AFI_IP) ? ("")
2772 : ((afi == AFI_IP6) ? ("ipv6 ")
2773 : ("mac ")),
2774 access->name, mfilter->seq,
2775 filter_type_str(mfilter));
2776
2777 if (mfilter->cisco)
2778 config_write_access_cisco(vty, mfilter);
2779 else
2780 config_write_access_zebra(vty, mfilter);
2781
2782 write++;
2783 }
2784 }
2785
2786 for (access = master->str.head; access; access = access->next) {
2787 if (access->remark) {
2788 vty_out(vty, "%saccess-list %s remark %s\n",
2789 (afi == AFI_IP) ? ("")
2790 : ((afi == AFI_IP6) ? ("ipv6 ")
2791 : ("mac ")),
2792 access->name, access->remark);
2793 write++;
2794 }
2795
2796 for (mfilter = access->head; mfilter; mfilter = mfilter->next) {
2797 vty_out(vty, "%saccess-list %s seq %" PRId64 " %s",
2798 (afi == AFI_IP) ? ("")
2799 : ((afi == AFI_IP6) ? ("ipv6 ")
2800 : ("mac ")),
2801 access->name, mfilter->seq,
2802 filter_type_str(mfilter));
2803
2804 if (mfilter->cisco)
2805 config_write_access_cisco(vty, mfilter);
2806 else
2807 config_write_access_zebra(vty, mfilter);
2808
2809 write++;
2810 }
2811 }
2812 return write;
2813 }
2814
2815 static struct cmd_node access_mac_node = {
2816 ACCESS_MAC_NODE, "", /* Access list has no interface. */
2817 1};
2818
2819 static int config_write_access_mac(struct vty *vty)
2820 {
2821 return config_write_access(vty, AFI_L2VPN);
2822 }
2823
2824 static void access_list_reset_mac(void)
2825 {
2826 struct access_list *access;
2827 struct access_list *next;
2828 struct access_master *master;
2829
2830 master = access_master_get(AFI_L2VPN);
2831 if (master == NULL)
2832 return;
2833
2834 for (access = master->num.head; access; access = next) {
2835 next = access->next;
2836 access_list_delete(access);
2837 }
2838 for (access = master->str.head; access; access = next) {
2839 next = access->next;
2840 access_list_delete(access);
2841 }
2842
2843 assert(master->num.head == NULL);
2844 assert(master->num.tail == NULL);
2845
2846 assert(master->str.head == NULL);
2847 assert(master->str.tail == NULL);
2848 }
2849
2850 /* Install vty related command. */
2851 static void access_list_init_mac(void)
2852 {
2853 install_node(&access_mac_node, config_write_access_mac);
2854
2855 install_element(ENABLE_NODE, &show_mac_access_list_cmd);
2856 install_element(ENABLE_NODE, &show_mac_access_list_name_cmd);
2857
2858 /* Zebra access-list */
2859 install_element(CONFIG_NODE, &mac_access_list_cmd);
2860 install_element(CONFIG_NODE, &no_mac_access_list_cmd);
2861 install_element(CONFIG_NODE, &mac_access_list_any_cmd);
2862 install_element(CONFIG_NODE, &no_mac_access_list_any_cmd);
2863 }
2864
2865 /* Access-list node. */
2866 static struct cmd_node access_node = {ACCESS_NODE,
2867 "", /* Access list has no interface. */
2868 1};
2869
2870 static int config_write_access_ipv4(struct vty *vty)
2871 {
2872 return config_write_access(vty, AFI_IP);
2873 }
2874
2875 static void access_list_reset_ipv4(void)
2876 {
2877 struct access_list *access;
2878 struct access_list *next;
2879 struct access_master *master;
2880
2881 master = access_master_get(AFI_IP);
2882 if (master == NULL)
2883 return;
2884
2885 for (access = master->num.head; access; access = next) {
2886 next = access->next;
2887 access_list_delete(access);
2888 }
2889 for (access = master->str.head; access; access = next) {
2890 next = access->next;
2891 access_list_delete(access);
2892 }
2893
2894 assert(master->num.head == NULL);
2895 assert(master->num.tail == NULL);
2896
2897 assert(master->str.head == NULL);
2898 assert(master->str.tail == NULL);
2899 }
2900
2901 /* Install vty related command. */
2902 static void access_list_init_ipv4(void)
2903 {
2904 install_node(&access_node, config_write_access_ipv4);
2905
2906 install_element(ENABLE_NODE, &show_ip_access_list_cmd);
2907 install_element(ENABLE_NODE, &show_ip_access_list_name_cmd);
2908
2909 /* Zebra access-list */
2910 install_element(CONFIG_NODE, &access_list_exact_cmd);
2911 install_element(CONFIG_NODE, &access_list_any_cmd);
2912 install_element(CONFIG_NODE, &no_access_list_exact_cmd);
2913 install_element(CONFIG_NODE, &no_access_list_any_cmd);
2914
2915 /* Standard access-list */
2916 install_element(CONFIG_NODE, &access_list_standard_cmd);
2917 install_element(CONFIG_NODE, &access_list_standard_nomask_cmd);
2918 install_element(CONFIG_NODE, &access_list_standard_host_cmd);
2919 install_element(CONFIG_NODE, &access_list_standard_any_cmd);
2920 install_element(CONFIG_NODE, &no_access_list_standard_cmd);
2921 install_element(CONFIG_NODE, &no_access_list_standard_nomask_cmd);
2922 install_element(CONFIG_NODE, &no_access_list_standard_host_cmd);
2923 install_element(CONFIG_NODE, &no_access_list_standard_any_cmd);
2924
2925 /* Extended access-list */
2926 install_element(CONFIG_NODE, &access_list_extended_cmd);
2927 install_element(CONFIG_NODE, &access_list_extended_any_mask_cmd);
2928 install_element(CONFIG_NODE, &access_list_extended_mask_any_cmd);
2929 install_element(CONFIG_NODE, &access_list_extended_any_any_cmd);
2930 install_element(CONFIG_NODE, &access_list_extended_host_mask_cmd);
2931 install_element(CONFIG_NODE, &access_list_extended_mask_host_cmd);
2932 install_element(CONFIG_NODE, &access_list_extended_host_host_cmd);
2933 install_element(CONFIG_NODE, &access_list_extended_any_host_cmd);
2934 install_element(CONFIG_NODE, &access_list_extended_host_any_cmd);
2935 install_element(CONFIG_NODE, &no_access_list_extended_cmd);
2936 install_element(CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
2937 install_element(CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
2938 install_element(CONFIG_NODE, &no_access_list_extended_any_any_cmd);
2939 install_element(CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
2940 install_element(CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
2941 install_element(CONFIG_NODE, &no_access_list_extended_host_host_cmd);
2942 install_element(CONFIG_NODE, &no_access_list_extended_any_host_cmd);
2943 install_element(CONFIG_NODE, &no_access_list_extended_host_any_cmd);
2944
2945 install_element(CONFIG_NODE, &access_list_remark_cmd);
2946 install_element(CONFIG_NODE, &no_access_list_all_cmd);
2947 install_element(CONFIG_NODE, &no_access_list_remark_cmd);
2948 install_element(CONFIG_NODE, &no_access_list_remark_comment_cmd);
2949 }
2950
2951 static struct cmd_node access_ipv6_node = {ACCESS_IPV6_NODE, "", 1};
2952
2953 static int config_write_access_ipv6(struct vty *vty)
2954 {
2955 return config_write_access(vty, AFI_IP6);
2956 }
2957
2958 static void access_list_reset_ipv6(void)
2959 {
2960 struct access_list *access;
2961 struct access_list *next;
2962 struct access_master *master;
2963
2964 master = access_master_get(AFI_IP6);
2965 if (master == NULL)
2966 return;
2967
2968 for (access = master->num.head; access; access = next) {
2969 next = access->next;
2970 access_list_delete(access);
2971 }
2972 for (access = master->str.head; access; access = next) {
2973 next = access->next;
2974 access_list_delete(access);
2975 }
2976
2977 assert(master->num.head == NULL);
2978 assert(master->num.tail == NULL);
2979
2980 assert(master->str.head == NULL);
2981 assert(master->str.tail == NULL);
2982 }
2983
2984 static void access_list_init_ipv6(void)
2985 {
2986 install_node(&access_ipv6_node, config_write_access_ipv6);
2987
2988 install_element(ENABLE_NODE, &show_ipv6_access_list_cmd);
2989 install_element(ENABLE_NODE, &show_ipv6_access_list_name_cmd);
2990
2991 install_element(CONFIG_NODE, &ipv6_access_list_exact_cmd);
2992 install_element(CONFIG_NODE, &ipv6_access_list_any_cmd);
2993 install_element(CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2994 install_element(CONFIG_NODE, &no_ipv6_access_list_any_cmd);
2995
2996 install_element(CONFIG_NODE, &no_ipv6_access_list_all_cmd);
2997 install_element(CONFIG_NODE, &ipv6_access_list_remark_cmd);
2998 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
2999 install_element(CONFIG_NODE, &no_ipv6_access_list_remark_comment_cmd);
3000 }
3001
3002 void access_list_init(void)
3003 {
3004 access_list_init_ipv4();
3005 access_list_init_ipv6();
3006 access_list_init_mac();
3007 }
3008
3009 void access_list_reset(void)
3010 {
3011 access_list_reset_ipv4();
3012 access_list_reset_ipv6();
3013 access_list_reset_mac();
3014 }
FRRouting mirror