1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27 #include "sockunion.h"
33 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST
, "Access List")
34 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST_STR
, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB
, ACCESS_FILTER
, "Access Filter")
38 /* Cisco access-list */
41 struct in_addr addr_mask
;
43 struct in_addr mask_mask
;
47 /* If this filter is "exact" match then this flag is set. */
50 /* Prefix information. */
54 /* Filter element of access list */
56 /* For doubly linked list. */
60 /* Filter type information. */
61 enum filter_type type
;
66 /* Cisco access-list */
70 struct filter_cisco cfilter
;
71 struct filter_zebra zfilter
;
75 /* List of access_list. */
76 struct access_list_list
{
77 struct access_list
*head
;
78 struct access_list
*tail
;
81 /* Master structure of access_list. */
82 struct access_master
{
83 /* List of access_list which name is number. */
84 struct access_list_list num
;
86 /* List of access_list which name is string. */
87 struct access_list_list str
;
89 /* Hook function which is executed when new access_list is added. */
90 void (*add_hook
)(struct access_list
*);
92 /* Hook function which is executed when access_list is deleted. */
93 void (*delete_hook
)(struct access_list
*);
96 /* Static structure for mac access_list's master. */
97 static struct access_master access_master_mac
= {
104 /* Static structure for IPv4 access_list's master. */
105 static struct access_master access_master_ipv4
= {
112 /* Static structure for IPv6 access_list's master. */
113 static struct access_master access_master_ipv6
= {
120 static struct access_master
*access_master_get(afi_t afi
)
123 return &access_master_ipv4
;
124 else if (afi
== AFI_IP6
)
125 return &access_master_ipv6
;
126 else if (afi
== AFI_L2VPN
)
127 return &access_master_mac
;
131 /* Allocate new filter structure. */
132 static struct filter
*filter_new(void)
134 return XCALLOC(MTYPE_ACCESS_FILTER
, sizeof(struct filter
));
137 static void filter_free(struct filter
*filter
)
139 XFREE(MTYPE_ACCESS_FILTER
, filter
);
142 /* Return string of filter_type. */
143 static const char *filter_type_str(struct filter
*filter
)
145 switch (filter
->type
) {
161 /* If filter match to the prefix then return 1. */
162 static int filter_match_cisco(struct filter
*mfilter
, const struct prefix
*p
)
164 struct filter_cisco
*filter
;
169 filter
= &mfilter
->u
.cfilter
;
170 check_addr
= p
->u
.prefix4
.s_addr
& ~filter
->addr_mask
.s_addr
;
172 if (filter
->extended
) {
173 masklen2ip(p
->prefixlen
, &mask
);
174 check_mask
= mask
.s_addr
& ~filter
->mask_mask
.s_addr
;
176 if (memcmp(&check_addr
, &filter
->addr
.s_addr
, 4) == 0
177 && memcmp(&check_mask
, &filter
->mask
.s_addr
, 4) == 0)
179 } else if (memcmp(&check_addr
, &filter
->addr
.s_addr
, 4) == 0)
185 /* If filter match to the prefix then return 1. */
186 static int filter_match_zebra(struct filter
*mfilter
, const struct prefix
*p
)
188 struct filter_zebra
*filter
= NULL
;
190 filter
= &mfilter
->u
.zfilter
;
192 if (filter
->prefix
.family
== p
->family
) {
194 if (filter
->prefix
.prefixlen
== p
->prefixlen
)
195 return prefix_match(&filter
->prefix
, p
);
199 return prefix_match(&filter
->prefix
, p
);
204 /* Allocate new access list structure. */
205 static struct access_list
*access_list_new(void)
207 return XCALLOC(MTYPE_ACCESS_LIST
, sizeof(struct access_list
));
210 /* Free allocated access_list. */
211 static void access_list_free(struct access_list
*access
)
213 XFREE(MTYPE_ACCESS_LIST
, access
);
216 /* Delete access_list from access_master and free it. */
217 static void access_list_delete(struct access_list
*access
)
219 struct filter
*filter
;
221 struct access_list_list
*list
;
222 struct access_master
*master
;
224 for (filter
= access
->head
; filter
; filter
= next
) {
229 master
= access
->master
;
231 if (access
->type
== ACCESS_TYPE_NUMBER
)
237 access
->next
->prev
= access
->prev
;
239 list
->tail
= access
->prev
;
242 access
->prev
->next
= access
->next
;
244 list
->head
= access
->next
;
246 XFREE(MTYPE_ACCESS_LIST_STR
, access
->name
);
248 XFREE(MTYPE_TMP
, access
->remark
);
250 access_list_free(access
);
253 /* Insert new access list to list of access_list. Each acceess_list
254 is sorted by the name. */
255 static struct access_list
*access_list_insert(afi_t afi
, const char *name
)
259 struct access_list
*access
;
260 struct access_list
*point
;
261 struct access_list_list
*alist
;
262 struct access_master
*master
;
264 master
= access_master_get(afi
);
268 /* Allocate new access_list and copy given name. */
269 access
= access_list_new();
270 access
->name
= XSTRDUP(MTYPE_ACCESS_LIST_STR
, name
);
271 access
->master
= master
;
273 /* If name is made by all digit character. We treat it as
275 for (number
= 0, i
= 0; i
< strlen(name
); i
++) {
276 if (isdigit((unsigned char)name
[i
]))
277 number
= (number
* 10) + (name
[i
] - '0');
282 /* In case of name is all digit character */
283 if (i
== strlen(name
)) {
284 access
->type
= ACCESS_TYPE_NUMBER
;
286 /* Set access_list to number list. */
287 alist
= &master
->num
;
289 for (point
= alist
->head
; point
; point
= point
->next
)
290 if (atol(point
->name
) >= number
)
293 access
->type
= ACCESS_TYPE_STRING
;
295 /* Set access_list to string list. */
296 alist
= &master
->str
;
298 /* Set point to insertion point. */
299 for (point
= alist
->head
; point
; point
= point
->next
)
300 if (strcmp(point
->name
, name
) >= 0)
304 /* In case of this is the first element of master. */
305 if (alist
->head
== NULL
) {
306 alist
->head
= alist
->tail
= access
;
310 /* In case of insertion is made at the tail of access_list. */
312 access
->prev
= alist
->tail
;
313 alist
->tail
->next
= access
;
314 alist
->tail
= access
;
318 /* In case of insertion is made at the head of access_list. */
319 if (point
== alist
->head
) {
320 access
->next
= alist
->head
;
321 alist
->head
->prev
= access
;
322 alist
->head
= access
;
326 /* Insertion is made at middle of the access_list. */
327 access
->next
= point
;
328 access
->prev
= point
->prev
;
331 point
->prev
->next
= access
;
332 point
->prev
= access
;
337 /* Lookup access_list from list of access_list by name. */
338 struct access_list
*access_list_lookup(afi_t afi
, const char *name
)
340 struct access_list
*access
;
341 struct access_master
*master
;
346 master
= access_master_get(afi
);
350 for (access
= master
->num
.head
; access
; access
= access
->next
)
351 if (strcmp(access
->name
, name
) == 0)
354 for (access
= master
->str
.head
; access
; access
= access
->next
)
355 if (strcmp(access
->name
, name
) == 0)
361 /* Get access list from list of access_list. If there isn't matched
362 access_list create new one and return it. */
363 static struct access_list
*access_list_get(afi_t afi
, const char *name
)
365 struct access_list
*access
;
367 access
= access_list_lookup(afi
, name
);
369 access
= access_list_insert(afi
, name
);
373 /* Apply access list to object (which should be struct prefix *). */
374 enum filter_type
access_list_apply(struct access_list
*access
,
377 struct filter
*filter
;
378 const struct prefix
*p
= (const struct prefix
*)object
;
383 for (filter
= access
->head
; filter
; filter
= filter
->next
) {
385 if (filter_match_cisco(filter
, p
))
388 if (filter_match_zebra(filter
, p
))
396 /* Add hook function. */
397 void access_list_add_hook(void (*func
)(struct access_list
*access
))
399 access_master_ipv4
.add_hook
= func
;
400 access_master_ipv6
.add_hook
= func
;
401 access_master_mac
.add_hook
= func
;
404 /* Delete hook function. */
405 void access_list_delete_hook(void (*func
)(struct access_list
*access
))
407 access_master_ipv4
.delete_hook
= func
;
408 access_master_ipv6
.delete_hook
= func
;
409 access_master_mac
.delete_hook
= func
;
412 /* Calculate new sequential number. */
413 static int64_t filter_new_seq_get(struct access_list
*access
)
417 struct filter
*filter
;
421 for (filter
= access
->head
; filter
; filter
= filter
->next
) {
422 if (maxseq
< filter
->seq
)
423 maxseq
= filter
->seq
;
426 newseq
= ((maxseq
/ 5) * 5) + 5;
428 return (newseq
> UINT_MAX
) ? UINT_MAX
: newseq
;
431 /* Return access list entry which has same seq number. */
432 static struct filter
*filter_seq_check(struct access_list
*access
,
435 struct filter
*filter
;
437 for (filter
= access
->head
; filter
; filter
= filter
->next
)
438 if (filter
->seq
== seq
)
443 /* If access_list has no filter then return 1. */
444 static int access_list_empty(struct access_list
*access
)
446 if (access
->head
== NULL
&& access
->tail
== NULL
)
452 /* Delete filter from specified access_list. If there is hook
453 function execute it. */
454 static void access_list_filter_delete(struct access_list
*access
,
455 struct filter
*filter
)
457 struct access_master
*master
;
459 master
= access
->master
;
462 filter
->next
->prev
= filter
->prev
;
464 access
->tail
= filter
->prev
;
467 filter
->prev
->next
= filter
->next
;
469 access
->head
= filter
->next
;
473 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
474 /* Run hook function. */
475 if (master
->delete_hook
)
476 (*master
->delete_hook
)(access
);
478 /* If access_list becomes empty delete it from access_master. */
479 if (access_list_empty(access
))
480 access_list_delete(access
);
483 /* Add new filter to the end of specified access_list. */
484 static void access_list_filter_add(struct access_list
*access
,
485 struct filter
*filter
)
487 struct filter
*replace
;
488 struct filter
*point
;
490 /* Automatic asignment of seq no. */
491 if (filter
->seq
== -1)
492 filter
->seq
= filter_new_seq_get(access
);
494 if (access
->tail
&& filter
->seq
> access
->tail
->seq
)
497 /* Is there any same seq access list filter? */
498 replace
= filter_seq_check(access
, filter
->seq
);
500 access_list_filter_delete(access
, replace
);
502 /* Check insert point. */
503 for (point
= access
->head
; point
; point
= point
->next
)
504 if (point
->seq
>= filter
->seq
)
508 /* In case of this is the first element of the list. */
509 filter
->next
= point
;
513 point
->prev
->next
= filter
;
515 access
->head
= filter
;
517 filter
->prev
= point
->prev
;
518 point
->prev
= filter
;
521 access
->tail
->next
= filter
;
523 access
->head
= filter
;
525 filter
->prev
= access
->tail
;
526 access
->tail
= filter
;
529 /* Run hook function. */
530 if (access
->master
->add_hook
)
531 (*access
->master
->add_hook
)(access
);
532 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_ADDED
);
536 deny Specify packets to reject
537 permit Specify packets to forward
542 Hostname or A.B.C.D Address to match
544 host A single host address
547 static struct filter
*filter_lookup_cisco(struct access_list
*access
,
550 struct filter
*mfilter
;
551 struct filter_cisco
*filter
;
552 struct filter_cisco
*new;
554 new = &mnew
->u
.cfilter
;
556 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
557 filter
= &mfilter
->u
.cfilter
;
559 if (filter
->extended
) {
560 if (mfilter
->type
== mnew
->type
561 && filter
->addr
.s_addr
== new->addr
.s_addr
562 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
563 && filter
->mask
.s_addr
== new->mask
.s_addr
564 && filter
->mask_mask
.s_addr
565 == new->mask_mask
.s_addr
)
568 if (mfilter
->type
== mnew
->type
569 && filter
->addr
.s_addr
== new->addr
.s_addr
570 && filter
->addr_mask
.s_addr
571 == new->addr_mask
.s_addr
)
579 static struct filter
*filter_lookup_zebra(struct access_list
*access
,
582 struct filter
*mfilter
;
583 struct filter_zebra
*filter
;
584 struct filter_zebra
*new;
586 new = &mnew
->u
.zfilter
;
588 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
589 filter
= &mfilter
->u
.zfilter
;
591 if (filter
->exact
== new->exact
592 && mfilter
->type
== mnew
->type
) {
593 if (prefix_same(&filter
->prefix
, &new->prefix
))
600 static int vty_access_list_remark_unset(struct vty
*vty
, afi_t afi
,
603 struct access_list
*access
;
605 access
= access_list_lookup(afi
, name
);
607 vty_out(vty
, "%% access-list %s doesn't exist\n", name
);
608 return CMD_WARNING_CONFIG_FAILED
;
611 XFREE(MTYPE_TMP
, access
->remark
);
613 if (access
->head
== NULL
&& access
->tail
== NULL
)
614 access_list_delete(access
);
619 static int filter_set_cisco(struct vty
*vty
, const char *name_str
,
620 const char *seq
, const char *type_str
,
621 const char *addr_str
, const char *addr_mask_str
,
622 const char *mask_str
, const char *mask_mask_str
,
623 int extended
, int set
)
626 enum filter_type type
= FILTER_DENY
;
627 struct filter
*mfilter
;
628 struct filter_cisco
*filter
;
629 struct access_list
*access
;
631 struct in_addr addr_mask
;
633 struct in_addr mask_mask
;
637 seqnum
= (int64_t)atol(seq
);
639 /* Check of filter type. */
641 if (strncmp(type_str
, "p", 1) == 0)
642 type
= FILTER_PERMIT
;
643 else if (strncmp(type_str
, "d", 1) == 0)
646 vty_out(vty
, "%% filter type must be permit or deny\n");
647 return CMD_WARNING_CONFIG_FAILED
;
651 ret
= inet_aton(addr_str
, &addr
);
653 vty_out(vty
, "%%Inconsistent address and mask\n");
654 return CMD_WARNING_CONFIG_FAILED
;
657 ret
= inet_aton(addr_mask_str
, &addr_mask
);
659 vty_out(vty
, "%%Inconsistent address and mask\n");
660 return CMD_WARNING_CONFIG_FAILED
;
664 ret
= inet_aton(mask_str
, &mask
);
666 vty_out(vty
, "%%Inconsistent address and mask\n");
667 return CMD_WARNING_CONFIG_FAILED
;
670 ret
= inet_aton(mask_mask_str
, &mask_mask
);
672 vty_out(vty
, "%%Inconsistent address and mask\n");
673 return CMD_WARNING_CONFIG_FAILED
;
677 mfilter
= filter_new();
678 mfilter
->type
= type
;
680 mfilter
->seq
= seqnum
;
681 filter
= &mfilter
->u
.cfilter
;
682 filter
->extended
= extended
;
683 filter
->addr
.s_addr
= addr
.s_addr
& ~addr_mask
.s_addr
;
684 filter
->addr_mask
.s_addr
= addr_mask
.s_addr
;
687 filter
->mask
.s_addr
= mask
.s_addr
& ~mask_mask
.s_addr
;
688 filter
->mask_mask
.s_addr
= mask_mask
.s_addr
;
691 /* Install new filter to the access_list. */
692 access
= access_list_get(AFI_IP
, name_str
);
695 if (filter_lookup_cisco(access
, mfilter
))
696 filter_free(mfilter
);
698 access_list_filter_add(access
, mfilter
);
700 struct filter
*delete_filter
;
702 delete_filter
= filter_lookup_cisco(access
, mfilter
);
704 access_list_filter_delete(access
, delete_filter
);
706 filter_free(mfilter
);
712 /* Standard access-list */
713 DEFUN (access_list_standard
,
714 access_list_standard_cmd
,
715 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
716 "Add an access list entry\n"
717 "IP standard access list\n"
718 "IP standard access list (expanded range)\n"
719 "Sequence number of an entry\n"
721 "Specify packets to reject\n"
722 "Specify packets to forward\n"
729 char *permit_deny
= NULL
;
730 char *address
= NULL
;
731 char *wildcard
= NULL
;
733 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
735 seq
= argv
[idx
]->arg
;
738 argv_find(argv
, argc
, "permit", &idx
);
739 argv_find(argv
, argc
, "deny", &idx
);
741 permit_deny
= argv
[idx
]->arg
;
744 argv_find(argv
, argc
, "A.B.C.D", &idx
);
746 address
= argv
[idx
]->arg
;
747 wildcard
= argv
[idx
+ 1]->arg
;
750 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
751 address
, wildcard
, NULL
, NULL
, 0, 1);
754 DEFUN (access_list_standard_nomask
,
755 access_list_standard_nomask_cmd
,
756 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
757 "Add an access list entry\n"
758 "IP standard access list\n"
759 "IP standard access list (expanded range)\n"
760 "Sequence number of an entry\n"
762 "Specify packets to reject\n"
763 "Specify packets to forward\n"
764 "Address to match\n")
769 char *permit_deny
= NULL
;
770 char *address
= NULL
;
772 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
774 seq
= argv
[idx
]->arg
;
777 argv_find(argv
, argc
, "permit", &idx
);
778 argv_find(argv
, argc
, "deny", &idx
);
780 permit_deny
= argv
[idx
]->arg
;
783 argv_find(argv
, argc
, "A.B.C.D", &idx
);
785 address
= argv
[idx
]->arg
;
787 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
788 address
, "0.0.0.0", NULL
, NULL
, 0, 1);
791 DEFUN (access_list_standard_host
,
792 access_list_standard_host_cmd
,
793 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
794 "Add an access list entry\n"
795 "IP standard access list\n"
796 "IP standard access list (expanded range)\n"
797 "Sequence number of an entry\n"
799 "Specify packets to reject\n"
800 "Specify packets to forward\n"
801 "A single host address\n"
802 "Address to match\n")
807 char *permit_deny
= NULL
;
808 char *address
= NULL
;
810 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
812 seq
= argv
[idx
]->arg
;
815 argv_find(argv
, argc
, "permit", &idx
);
816 argv_find(argv
, argc
, "deny", &idx
);
818 permit_deny
= argv
[idx
]->arg
;
821 argv_find(argv
, argc
, "A.B.C.D", &idx
);
823 address
= argv
[idx
]->arg
;
825 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
826 address
, "0.0.0.0", NULL
, NULL
, 0, 1);
829 DEFUN (access_list_standard_any
,
830 access_list_standard_any_cmd
,
831 "access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
832 "Add an access list entry\n"
833 "IP standard access list\n"
834 "IP standard access list (expanded range)\n"
835 "Sequence number of an entry\n"
837 "Specify packets to reject\n"
838 "Specify packets to forward\n"
844 char *permit_deny
= NULL
;
846 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
848 seq
= argv
[idx
]->arg
;
851 argv_find(argv
, argc
, "permit", &idx
);
852 argv_find(argv
, argc
, "deny", &idx
);
854 permit_deny
= argv
[idx
]->arg
;
856 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
857 "0.0.0.0", "255.255.255.255", NULL
, NULL
, 0, 1);
860 DEFUN (no_access_list_standard
,
861 no_access_list_standard_cmd
,
862 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D A.B.C.D",
864 "Add an access list entry\n"
865 "IP standard access list\n"
866 "IP standard access list (expanded range)\n"
867 "Sequence number of an entry\n"
869 "Specify packets to reject\n"
870 "Specify packets to forward\n"
877 char *permit_deny
= NULL
;
878 char *address
= NULL
;
879 char *wildcard
= NULL
;
881 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
883 seq
= argv
[idx
]->arg
;
886 argv_find(argv
, argc
, "permit", &idx
);
887 argv_find(argv
, argc
, "deny", &idx
);
889 permit_deny
= argv
[idx
]->arg
;
892 argv_find(argv
, argc
, "A.B.C.D", &idx
);
894 address
= argv
[idx
]->arg
;
895 wildcard
= argv
[idx
+ 1]->arg
;
898 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
899 address
, wildcard
, NULL
, NULL
, 0, 0);
902 DEFUN (no_access_list_standard_nomask
,
903 no_access_list_standard_nomask_cmd
,
904 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> A.B.C.D",
906 "Add an access list entry\n"
907 "IP standard access list\n"
908 "IP standard access list (expanded range)\n"
909 "Sequence number of an entry\n"
911 "Specify packets to reject\n"
912 "Specify packets to forward\n"
913 "Address to match\n")
918 char *permit_deny
= NULL
;
919 char *address
= NULL
;
921 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
923 seq
= argv
[idx
]->arg
;
926 argv_find(argv
, argc
, "permit", &idx
);
927 argv_find(argv
, argc
, "deny", &idx
);
929 permit_deny
= argv
[idx
]->arg
;
932 argv_find(argv
, argc
, "A.B.C.D", &idx
);
934 address
= argv
[idx
]->arg
;
936 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
937 address
, "0.0.0.0", NULL
, NULL
, 0, 0);
940 DEFUN (no_access_list_standard_host
,
941 no_access_list_standard_host_cmd
,
942 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> host A.B.C.D",
944 "Add an access list entry\n"
945 "IP standard access list\n"
946 "IP standard access list (expanded range)\n"
947 "Sequence number of an entry\n"
949 "Specify packets to reject\n"
950 "Specify packets to forward\n"
951 "A single host address\n"
952 "Address to match\n")
957 char *permit_deny
= NULL
;
958 char *address
= NULL
;
960 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
962 seq
= argv
[idx
]->arg
;
965 argv_find(argv
, argc
, "permit", &idx
);
966 argv_find(argv
, argc
, "deny", &idx
);
968 permit_deny
= argv
[idx
]->arg
;
971 argv_find(argv
, argc
, "A.B.C.D", &idx
);
973 address
= argv
[idx
]->arg
;
975 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
976 address
, "0.0.0.0", NULL
, NULL
, 0, 0);
979 DEFUN (no_access_list_standard_any
,
980 no_access_list_standard_any_cmd
,
981 "no access-list <(1-99)|(1300-1999)> [seq (1-4294967295)] <deny|permit> any",
983 "Add an access list entry\n"
984 "IP standard access list\n"
985 "IP standard access list (expanded range)\n"
986 "Sequence number of an entry\n"
988 "Specify packets to reject\n"
989 "Specify packets to forward\n"
995 char *permit_deny
= NULL
;
997 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
999 seq
= argv
[idx
]->arg
;
1002 argv_find(argv
, argc
, "permit", &idx
);
1003 argv_find(argv
, argc
, "deny", &idx
);
1005 permit_deny
= argv
[idx
]->arg
;
1007 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1008 "0.0.0.0", "255.255.255.255", NULL
, NULL
, 0, 0);
1011 /* Extended access-list */
1012 DEFUN (access_list_extended
,
1013 access_list_extended_cmd
,
1014 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1015 "Add an access list entry\n"
1016 "IP extended access list\n"
1017 "IP extended access list (expanded range)\n"
1018 "Sequence number of an entry\n"
1020 "Specify packets to reject\n"
1021 "Specify packets to forward\n"
1022 "Any Internet Protocol\n"
1024 "Source wildcard bits\n"
1025 "Destination address\n"
1026 "Destination Wildcard bits\n")
1031 char *permit_deny
= NULL
;
1034 char *src_wildcard
= NULL
;
1035 char *dst_wildcard
= NULL
;
1037 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1039 seq
= argv
[idx
]->arg
;
1042 argv_find(argv
, argc
, "permit", &idx
);
1043 argv_find(argv
, argc
, "deny", &idx
);
1045 permit_deny
= argv
[idx
]->arg
;
1048 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1050 src
= argv
[idx
]->arg
;
1051 src_wildcard
= argv
[idx
+ 1]->arg
;
1052 dst
= argv
[idx
+ 2]->arg
;
1053 dst_wildcard
= argv
[idx
+ 3]->arg
;
1056 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1057 src_wildcard
, dst
, dst_wildcard
, 1, 1);
1060 DEFUN (access_list_extended_mask_any
,
1061 access_list_extended_mask_any_cmd
,
1062 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1063 "Add an access list entry\n"
1064 "IP extended access list\n"
1065 "IP extended access list (expanded range)\n"
1066 "Sequence number of an entry\n"
1068 "Specify packets to reject\n"
1069 "Specify packets to forward\n"
1070 "Any Internet Protocol\n"
1072 "Source wildcard bits\n"
1073 "Any destination host\n")
1078 char *permit_deny
= NULL
;
1080 char *src_wildcard
= NULL
;
1082 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1084 seq
= argv
[idx
]->arg
;
1087 argv_find(argv
, argc
, "permit", &idx
);
1088 argv_find(argv
, argc
, "deny", &idx
);
1090 permit_deny
= argv
[idx
]->arg
;
1093 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1095 src
= argv
[idx
]->arg
;
1096 src_wildcard
= argv
[idx
+ 1]->arg
;
1099 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1100 src_wildcard
, "0.0.0.0", "255.255.255.255", 1,
1104 DEFUN (access_list_extended_any_mask
,
1105 access_list_extended_any_mask_cmd
,
1106 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1107 "Add an access list entry\n"
1108 "IP extended access list\n"
1109 "IP extended access list (expanded range)\n"
1110 "Sequence number of an entry\n"
1112 "Specify packets to reject\n"
1113 "Specify packets to forward\n"
1114 "Any Internet Protocol\n"
1116 "Destination address\n"
1117 "Destination Wildcard bits\n")
1122 char *permit_deny
= NULL
;
1124 char *dst_wildcard
= NULL
;
1126 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1128 seq
= argv
[idx
]->arg
;
1131 argv_find(argv
, argc
, "permit", &idx
);
1132 argv_find(argv
, argc
, "deny", &idx
);
1134 permit_deny
= argv
[idx
]->arg
;
1137 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1139 dst
= argv
[idx
]->arg
;
1140 dst_wildcard
= argv
[idx
+ 1]->arg
;
1143 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1144 "0.0.0.0", "255.255.255.255", dst
, dst_wildcard
,
1148 DEFUN (access_list_extended_any_any
,
1149 access_list_extended_any_any_cmd
,
1150 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1151 "Add an access list entry\n"
1152 "IP extended access list\n"
1153 "IP extended access list (expanded range)\n"
1154 "Sequence number of an entry\n"
1156 "Specify packets to reject\n"
1157 "Specify packets to forward\n"
1158 "Any Internet Protocol\n"
1160 "Any destination host\n")
1165 char *permit_deny
= NULL
;
1167 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1169 seq
= argv
[idx
]->arg
;
1172 argv_find(argv
, argc
, "permit", &idx
);
1173 argv_find(argv
, argc
, "deny", &idx
);
1175 permit_deny
= argv
[idx
]->arg
;
1177 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1178 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1179 "255.255.255.255", 1, 1);
1182 DEFUN (access_list_extended_mask_host
,
1183 access_list_extended_mask_host_cmd
,
1184 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1185 "Add an access list entry\n"
1186 "IP extended access list\n"
1187 "IP extended access list (expanded range)\n"
1188 "Sequence number of an entry\n"
1190 "Specify packets to reject\n"
1191 "Specify packets to forward\n"
1192 "Any Internet Protocol\n"
1194 "Source wildcard bits\n"
1195 "A single destination host\n"
1196 "Destination address\n")
1201 char *permit_deny
= NULL
;
1204 char *src_wildcard
= NULL
;
1206 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1208 seq
= argv
[idx
]->arg
;
1211 argv_find(argv
, argc
, "permit", &idx
);
1212 argv_find(argv
, argc
, "deny", &idx
);
1214 permit_deny
= argv
[idx
]->arg
;
1217 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1219 src
= argv
[idx
]->arg
;
1220 src_wildcard
= argv
[idx
+ 1]->arg
;
1221 dst
= argv
[idx
+ 3]->arg
;
1224 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1225 src_wildcard
, dst
, "0.0.0.0", 1, 1);
1228 DEFUN (access_list_extended_host_mask
,
1229 access_list_extended_host_mask_cmd
,
1230 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1231 "Add an access list entry\n"
1232 "IP extended access list\n"
1233 "IP extended access list (expanded range)\n"
1234 "Sequence number of an entry\n"
1236 "Specify packets to reject\n"
1237 "Specify packets to forward\n"
1238 "Any Internet Protocol\n"
1239 "A single source host\n"
1241 "Destination address\n"
1242 "Destination Wildcard bits\n")
1247 char *permit_deny
= NULL
;
1250 char *dst_wildcard
= NULL
;
1252 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1254 seq
= argv
[idx
]->arg
;
1257 argv_find(argv
, argc
, "permit", &idx
);
1258 argv_find(argv
, argc
, "deny", &idx
);
1260 permit_deny
= argv
[idx
]->arg
;
1263 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1265 src
= argv
[idx
]->arg
;
1266 dst
= argv
[idx
+ 1]->arg
;
1267 dst_wildcard
= argv
[idx
+ 2]->arg
;
1270 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1271 "0.0.0.0", dst
, dst_wildcard
, 1, 1);
1274 DEFUN (access_list_extended_host_host
,
1275 access_list_extended_host_host_cmd
,
1276 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1277 "Add an access list entry\n"
1278 "IP extended access list\n"
1279 "IP extended access list (expanded range)\n"
1280 "Sequence number of an entry\n"
1282 "Specify packets to reject\n"
1283 "Specify packets to forward\n"
1284 "Any Internet Protocol\n"
1285 "A single source host\n"
1287 "A single destination host\n"
1288 "Destination address\n")
1293 char *permit_deny
= NULL
;
1297 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1299 seq
= argv
[idx
]->arg
;
1302 argv_find(argv
, argc
, "permit", &idx
);
1303 argv_find(argv
, argc
, "deny", &idx
);
1305 permit_deny
= argv
[idx
]->arg
;
1308 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1310 src
= argv
[idx
]->arg
;
1311 dst
= argv
[idx
+ 2]->arg
;
1314 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1315 "0.0.0.0", dst
, "0.0.0.0", 1, 1);
1318 DEFUN (access_list_extended_any_host
,
1319 access_list_extended_any_host_cmd
,
1320 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1321 "Add an access list entry\n"
1322 "IP extended access list\n"
1323 "IP extended access list (expanded range)\n"
1324 "Sequence number of an entry\n"
1326 "Specify packets to reject\n"
1327 "Specify packets to forward\n"
1328 "Any Internet Protocol\n"
1330 "A single destination host\n"
1331 "Destination address\n")
1336 char *permit_deny
= NULL
;
1339 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1341 seq
= argv
[idx
]->arg
;
1344 argv_find(argv
, argc
, "permit", &idx
);
1345 argv_find(argv
, argc
, "deny", &idx
);
1347 permit_deny
= argv
[idx
]->arg
;
1350 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1352 dst
= argv
[idx
]->arg
;
1354 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1355 "0.0.0.0", "255.255.255.255", dst
, "0.0.0.0", 1,
1359 DEFUN (access_list_extended_host_any
,
1360 access_list_extended_host_any_cmd
,
1361 "access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1362 "Add an access list entry\n"
1363 "IP extended access list\n"
1364 "IP extended access list (expanded range)\n"
1365 "Sequence number of an entry\n"
1367 "Specify packets to reject\n"
1368 "Specify packets to forward\n"
1369 "Any Internet Protocol\n"
1370 "A single source host\n"
1372 "Any destination host\n")
1377 char *permit_deny
= NULL
;
1380 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1382 seq
= argv
[idx
]->arg
;
1385 argv_find(argv
, argc
, "permit", &idx
);
1386 argv_find(argv
, argc
, "deny", &idx
);
1388 permit_deny
= argv
[idx
]->arg
;
1391 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1393 src
= argv
[idx
]->arg
;
1395 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1396 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 1);
1399 DEFUN (no_access_list_extended
,
1400 no_access_list_extended_cmd
,
1401 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1403 "Add an access list entry\n"
1404 "IP extended access list\n"
1405 "IP extended access list (expanded range)\n"
1406 "Sequence number of an entry\n"
1408 "Specify packets to reject\n"
1409 "Specify packets to forward\n"
1410 "Any Internet Protocol\n"
1412 "Source wildcard bits\n"
1413 "Destination address\n"
1414 "Destination Wildcard bits\n")
1419 char *permit_deny
= NULL
;
1422 char *src_wildcard
= NULL
;
1423 char *dst_wildcard
= NULL
;
1425 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1427 seq
= argv
[idx
]->arg
;
1430 argv_find(argv
, argc
, "permit", &idx
);
1431 argv_find(argv
, argc
, "deny", &idx
);
1433 permit_deny
= argv
[idx
]->arg
;
1436 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1438 src
= argv
[idx
]->arg
;
1439 src_wildcard
= argv
[idx
+ 1]->arg
;
1440 dst
= argv
[idx
+ 2]->arg
;
1441 dst_wildcard
= argv
[idx
+ 3]->arg
;
1444 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1445 src_wildcard
, dst
, dst_wildcard
, 1, 0);
1448 DEFUN (no_access_list_extended_mask_any
,
1449 no_access_list_extended_mask_any_cmd
,
1450 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D any",
1452 "Add an access list entry\n"
1453 "IP extended access list\n"
1454 "IP extended access list (expanded range)\n"
1455 "Sequence number of an entry\n"
1457 "Specify packets to reject\n"
1458 "Specify packets to forward\n"
1459 "Any Internet Protocol\n"
1461 "Source wildcard bits\n"
1462 "Any destination host\n")
1467 char *permit_deny
= NULL
;
1469 char *src_wildcard
= NULL
;
1471 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1473 seq
= argv
[idx
]->arg
;
1476 argv_find(argv
, argc
, "permit", &idx
);
1477 argv_find(argv
, argc
, "deny", &idx
);
1479 permit_deny
= argv
[idx
]->arg
;
1482 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1484 src
= argv
[idx
]->arg
;
1485 src_wildcard
= argv
[idx
+ 1]->arg
;
1488 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1489 src_wildcard
, "0.0.0.0", "255.255.255.255", 1,
1493 DEFUN (no_access_list_extended_any_mask
,
1494 no_access_list_extended_any_mask_cmd
,
1495 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any A.B.C.D A.B.C.D",
1497 "Add an access list entry\n"
1498 "IP extended access list\n"
1499 "IP extended access list (expanded range)\n"
1500 "Sequence number of an entry\n"
1502 "Specify packets to reject\n"
1503 "Specify packets to forward\n"
1504 "Any Internet Protocol\n"
1506 "Destination address\n"
1507 "Destination Wildcard bits\n")
1512 char *permit_deny
= NULL
;
1514 char *dst_wildcard
= NULL
;
1516 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1518 seq
= argv
[idx
]->arg
;
1521 argv_find(argv
, argc
, "permit", &idx
);
1522 argv_find(argv
, argc
, "deny", &idx
);
1524 permit_deny
= argv
[idx
]->arg
;
1527 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1529 dst
= argv
[idx
]->arg
;
1530 dst_wildcard
= argv
[idx
+ 1]->arg
;
1533 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1534 "0.0.0.0", "255.255.255.255", dst
, dst_wildcard
,
1538 DEFUN (no_access_list_extended_any_any
,
1539 no_access_list_extended_any_any_cmd
,
1540 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any any",
1542 "Add an access list entry\n"
1543 "IP extended access list\n"
1544 "IP extended access list (expanded range)\n"
1545 "Sequence number of an entry\n"
1547 "Specify packets to reject\n"
1548 "Specify packets to forward\n"
1549 "Any Internet Protocol\n"
1551 "Any destination host\n")
1556 char *permit_deny
= NULL
;
1558 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1560 seq
= argv
[idx
]->arg
;
1563 argv_find(argv
, argc
, "permit", &idx
);
1564 argv_find(argv
, argc
, "deny", &idx
);
1566 permit_deny
= argv
[idx
]->arg
;
1568 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1569 "0.0.0.0", "255.255.255.255", "0.0.0.0",
1570 "255.255.255.255", 1, 0);
1573 DEFUN (no_access_list_extended_mask_host
,
1574 no_access_list_extended_mask_host_cmd
,
1575 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1577 "Add an access list entry\n"
1578 "IP extended access list\n"
1579 "IP extended access list (expanded range)\n"
1580 "Sequence number of an entry\n"
1582 "Specify packets to reject\n"
1583 "Specify packets to forward\n"
1584 "Any Internet Protocol\n"
1586 "Source wildcard bits\n"
1587 "A single destination host\n"
1588 "Destination address\n")
1593 char *permit_deny
= NULL
;
1596 char *src_wildcard
= NULL
;
1598 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1600 seq
= argv
[idx
]->arg
;
1603 argv_find(argv
, argc
, "permit", &idx
);
1604 argv_find(argv
, argc
, "deny", &idx
);
1606 permit_deny
= argv
[idx
]->arg
;
1609 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1611 src
= argv
[idx
]->arg
;
1612 src_wildcard
= argv
[idx
+ 1]->arg
;
1613 dst
= argv
[idx
+ 3]->arg
;
1616 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1617 src_wildcard
, dst
, "0.0.0.0", 1, 0);
1620 DEFUN (no_access_list_extended_host_mask
,
1621 no_access_list_extended_host_mask_cmd
,
1622 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1624 "Add an access list entry\n"
1625 "IP extended access list\n"
1626 "IP extended access list (expanded range)\n"
1627 "Sequence number of an entry\n"
1629 "Specify packets to reject\n"
1630 "Specify packets to forward\n"
1631 "Any Internet Protocol\n"
1632 "A single source host\n"
1634 "Destination address\n"
1635 "Destination Wildcard bits\n")
1640 char *permit_deny
= NULL
;
1643 char *dst_wildcard
= NULL
;
1645 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1647 seq
= argv
[idx
]->arg
;
1650 argv_find(argv
, argc
, "permit", &idx
);
1651 argv_find(argv
, argc
, "deny", &idx
);
1653 permit_deny
= argv
[idx
]->arg
;
1656 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1658 src
= argv
[idx
]->arg
;
1659 dst
= argv
[idx
+ 1]->arg
;
1660 dst_wildcard
= argv
[idx
+ 2]->arg
;
1663 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1664 "0.0.0.0", dst
, dst_wildcard
, 1, 0);
1667 DEFUN (no_access_list_extended_host_host
,
1668 no_access_list_extended_host_host_cmd
,
1669 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D host A.B.C.D",
1671 "Add an access list entry\n"
1672 "IP extended access list\n"
1673 "IP extended access list (expanded range)\n"
1674 "Sequence number of an entry\n"
1676 "Specify packets to reject\n"
1677 "Specify packets to forward\n"
1678 "Any Internet Protocol\n"
1679 "A single source host\n"
1681 "A single destination host\n"
1682 "Destination address\n")
1687 char *permit_deny
= NULL
;
1691 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1693 seq
= argv
[idx
]->arg
;
1696 argv_find(argv
, argc
, "permit", &idx
);
1697 argv_find(argv
, argc
, "deny", &idx
);
1699 permit_deny
= argv
[idx
]->arg
;
1702 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1704 src
= argv
[idx
]->arg
;
1705 dst
= argv
[idx
+ 2]->arg
;
1708 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1709 "0.0.0.0", dst
, "0.0.0.0", 1, 0);
1712 DEFUN (no_access_list_extended_any_host
,
1713 no_access_list_extended_any_host_cmd
,
1714 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip any host A.B.C.D",
1716 "Add an access list entry\n"
1717 "IP extended access list\n"
1718 "IP extended access list (expanded range)\n"
1719 "Sequence number of an entry\n"
1721 "Specify packets to reject\n"
1722 "Specify packets to forward\n"
1723 "Any Internet Protocol\n"
1725 "A single destination host\n"
1726 "Destination address\n")
1731 char *permit_deny
= NULL
;
1734 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1736 seq
= argv
[idx
]->arg
;
1739 argv_find(argv
, argc
, "permit", &idx
);
1740 argv_find(argv
, argc
, "deny", &idx
);
1742 permit_deny
= argv
[idx
]->arg
;
1745 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1747 dst
= argv
[idx
]->arg
;
1749 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
,
1750 "0.0.0.0", "255.255.255.255", dst
, "0.0.0.0", 1,
1754 DEFUN (no_access_list_extended_host_any
,
1755 no_access_list_extended_host_any_cmd
,
1756 "no access-list <(100-199)|(2000-2699)> [seq (1-4294967295)] <deny|permit> ip host A.B.C.D any",
1758 "Add an access list entry\n"
1759 "IP extended access list\n"
1760 "IP extended access list (expanded range)\n"
1761 "Sequence number of an entry\n"
1763 "Specify packets to reject\n"
1764 "Specify packets to forward\n"
1765 "Any Internet Protocol\n"
1766 "A single source host\n"
1768 "Any destination host\n")
1773 char *permit_deny
= NULL
;
1776 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1778 seq
= argv
[idx
]->arg
;
1781 argv_find(argv
, argc
, "permit", &idx
);
1782 argv_find(argv
, argc
, "deny", &idx
);
1784 permit_deny
= argv
[idx
]->arg
;
1787 argv_find(argv
, argc
, "A.B.C.D", &idx
);
1789 src
= argv
[idx
]->arg
;
1791 return filter_set_cisco(vty
, argv
[idx_acl
]->arg
, seq
, permit_deny
, src
,
1792 "0.0.0.0", "0.0.0.0", "255.255.255.255", 1, 0);
1795 static int filter_set_zebra(struct vty
*vty
, const char *name_str
,
1796 const char *seq
, const char *type_str
, afi_t afi
,
1797 const char *prefix_str
, int exact
, int set
)
1800 enum filter_type type
= FILTER_DENY
;
1801 struct filter
*mfilter
;
1802 struct filter_zebra
*filter
;
1803 struct access_list
*access
;
1805 int64_t seqnum
= -1;
1807 if (strlen(name_str
) > ACL_NAMSIZ
) {
1809 "%% ACL name %s is invalid: length exceeds "
1811 name_str
, ACL_NAMSIZ
);
1812 return CMD_WARNING_CONFIG_FAILED
;
1816 seqnum
= (int64_t)atol(seq
);
1818 /* Check of filter type. */
1820 if (strncmp(type_str
, "p", 1) == 0)
1821 type
= FILTER_PERMIT
;
1822 else if (strncmp(type_str
, "d", 1) == 0)
1825 vty_out(vty
, "filter type must be [permit|deny]\n");
1826 return CMD_WARNING_CONFIG_FAILED
;
1830 /* Check string format of prefix and prefixlen. */
1831 if (afi
== AFI_IP
) {
1832 ret
= str2prefix_ipv4(prefix_str
, (struct prefix_ipv4
*)&p
);
1835 "IP address prefix/prefixlen is malformed\n");
1836 return CMD_WARNING_CONFIG_FAILED
;
1838 } else if (afi
== AFI_IP6
) {
1839 ret
= str2prefix_ipv6(prefix_str
, (struct prefix_ipv6
*)&p
);
1842 "IPv6 address prefix/prefixlen is malformed\n");
1843 return CMD_WARNING_CONFIG_FAILED
;
1845 } else if (afi
== AFI_L2VPN
) {
1846 ret
= str2prefix_eth(prefix_str
, (struct prefix_eth
*)&p
);
1848 vty_out(vty
, "MAC address is malformed\n");
1852 return CMD_WARNING_CONFIG_FAILED
;
1854 mfilter
= filter_new();
1855 mfilter
->type
= type
;
1856 mfilter
->seq
= seqnum
;
1857 filter
= &mfilter
->u
.zfilter
;
1858 prefix_copy(&filter
->prefix
, &p
);
1864 /* Install new filter to the access_list. */
1865 access
= access_list_get(afi
, name_str
);
1868 if (filter_lookup_zebra(access
, mfilter
))
1869 filter_free(mfilter
);
1871 access_list_filter_add(access
, mfilter
);
1873 struct filter
*delete_filter
;
1874 delete_filter
= filter_lookup_zebra(access
, mfilter
);
1876 access_list_filter_delete(access
, delete_filter
);
1878 filter_free(mfilter
);
1884 DEFUN (mac_access_list
,
1885 mac_access_list_cmd
,
1886 "mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1887 "Add a mac access-list\n"
1888 "Add an access list entry\n"
1889 "MAC zebra access-list name\n"
1890 "Sequence number of an entry\n"
1892 "Specify packets to reject\n"
1893 "Specify packets to forward\n"
1894 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1898 char *permit_deny
= NULL
;
1901 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1903 seq
= argv
[idx
]->arg
;
1906 argv_find(argv
, argc
, "permit", &idx
);
1907 argv_find(argv
, argc
, "deny", &idx
);
1909 permit_deny
= argv
[idx
]->arg
;
1912 argv_find(argv
, argc
, "X:X:X:X:X:X", &idx
);
1914 mac
= argv
[idx
]->arg
;
1917 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1921 DEFUN (no_mac_access_list
,
1922 no_mac_access_list_cmd
,
1923 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> X:X:X:X:X:X",
1925 "Remove a mac access-list\n"
1926 "Remove an access list entry\n"
1927 "MAC zebra access-list name\n"
1928 "Sequence number of an entry\n"
1930 "Specify packets to reject\n"
1931 "Specify packets to forward\n"
1932 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1936 char *permit_deny
= NULL
;
1939 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1941 seq
= argv
[idx
]->arg
;
1944 argv_find(argv
, argc
, "permit", &idx
);
1945 argv_find(argv
, argc
, "deny", &idx
);
1947 permit_deny
= argv
[idx
]->arg
;
1950 argv_find(argv
, argc
, "X:X:X:X:X:X", &idx
);
1952 mac
= argv
[idx
]->arg
;
1955 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1959 DEFUN (mac_access_list_any
,
1960 mac_access_list_any_cmd
,
1961 "mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1962 "Add a mac access-list\n"
1963 "Add an access list entry\n"
1964 "MAC zebra access-list name\n"
1965 "Sequence number of an entry\n"
1967 "Specify packets to reject\n"
1968 "Specify packets to forward\n"
1969 "MAC address to match. e.g. 00:01:00:01:00:01\n")
1973 char *permit_deny
= NULL
;
1975 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
1977 seq
= argv
[idx
]->arg
;
1980 argv_find(argv
, argc
, "permit", &idx
);
1981 argv_find(argv
, argc
, "deny", &idx
);
1983 permit_deny
= argv
[idx
]->arg
;
1985 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
1986 "00:00:00:00:00:00", 0, 1);
1989 DEFUN (no_mac_access_list_any
,
1990 no_mac_access_list_any_cmd
,
1991 "no mac access-list WORD [seq (1-4294967295)] <deny|permit> any",
1993 "Remove a mac access-list\n"
1994 "Remove an access list entry\n"
1995 "MAC zebra access-list name\n"
1996 "Sequence number of an entry\n"
1998 "Specify packets to reject\n"
1999 "Specify packets to forward\n"
2000 "MAC address to match. e.g. 00:01:00:01:00:01\n")
2004 char *permit_deny
= NULL
;
2006 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2008 seq
= argv
[idx
]->arg
;
2011 argv_find(argv
, argc
, "permit", &idx
);
2012 argv_find(argv
, argc
, "deny", &idx
);
2014 permit_deny
= argv
[idx
]->arg
;
2016 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
, AFI_L2VPN
,
2017 "00:00:00:00:00:00", 0, 0);
2020 DEFUN (access_list_exact
,
2021 access_list_exact_cmd
,
2022 "access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2023 "Add an access list entry\n"
2024 "IP zebra access-list name\n"
2025 "Sequence number of an entry\n"
2027 "Specify packets to reject\n"
2028 "Specify packets to forward\n"
2029 "Prefix to match. e.g. 10.0.0.0/8\n"
2030 "Exact match of the prefixes\n")
2035 char *permit_deny
= NULL
;
2036 char *prefix
= NULL
;
2038 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2040 seq
= argv
[idx
]->arg
;
2043 argv_find(argv
, argc
, "permit", &idx
);
2044 argv_find(argv
, argc
, "deny", &idx
);
2046 permit_deny
= argv
[idx
]->arg
;
2049 argv_find(argv
, argc
, "A.B.C.D/M", &idx
);
2051 prefix
= argv
[idx
]->arg
;
2055 if (argv_find(argv
, argc
, "exact-match", &idx
))
2058 return filter_set_zebra(vty
, argv
[1]->arg
, seq
, permit_deny
,
2059 AFI_IP
, prefix
, exact
, 1);
2062 DEFUN (access_list_any
,
2063 access_list_any_cmd
,
2064 "access-list WORD [seq (1-4294967295)] <deny|permit> any",
2065 "Add an access list entry\n"
2066 "IP zebra access-list name\n"
2067 "Sequence number of an entry\n"
2069 "Specify packets to reject\n"
2070 "Specify packets to forward\n"
2071 "Prefix to match. e.g. 10.0.0.0/8\n")
2076 char *permit_deny
= NULL
;
2078 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2080 seq
= argv
[idx
]->arg
;
2083 argv_find(argv
, argc
, "permit", &idx
);
2084 argv_find(argv
, argc
, "deny", &idx
);
2086 permit_deny
= argv
[idx
]->arg
;
2088 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2089 AFI_IP
, "0.0.0.0/0", 0, 1);
2092 DEFUN (no_access_list_exact
,
2093 no_access_list_exact_cmd
,
2094 "no access-list WORD [seq (1-4294967295)] <deny|permit> A.B.C.D/M [exact-match]",
2096 "Add an access list entry\n"
2097 "IP zebra access-list name\n"
2098 "Sequence number of an entry\n"
2100 "Specify packets to reject\n"
2101 "Specify packets to forward\n"
2102 "Prefix to match. e.g. 10.0.0.0/8\n"
2103 "Exact match of the prefixes\n")
2108 char *permit_deny
= NULL
;
2109 char *prefix
= NULL
;
2111 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2113 seq
= argv
[idx
]->arg
;
2116 argv_find(argv
, argc
, "permit", &idx
);
2117 argv_find(argv
, argc
, "deny", &idx
);
2119 permit_deny
= argv
[idx
]->arg
;
2122 argv_find(argv
, argc
, "A.B.C.D/M", &idx
);
2124 prefix
= argv
[idx
]->arg
;
2128 if (argv_find(argv
, argc
, "exact-match", &idx
))
2131 return filter_set_zebra(vty
, argv
[2]->arg
, seq
, permit_deny
,
2132 AFI_IP
, prefix
, exact
, 0);
2135 DEFUN (no_access_list_any
,
2136 no_access_list_any_cmd
,
2137 "no access-list WORD [seq (1-4294967295)] <deny|permit> any",
2139 "Add an access list entry\n"
2140 "IP zebra access-list name\n"
2141 "Sequence number of an entry\n"
2143 "Specify packets to reject\n"
2144 "Specify packets to forward\n"
2145 "Prefix to match. e.g. 10.0.0.0/8\n")
2150 char *permit_deny
= NULL
;
2152 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2154 seq
= argv
[idx
]->arg
;
2157 argv_find(argv
, argc
, "permit", &idx
);
2158 argv_find(argv
, argc
, "deny", &idx
);
2160 permit_deny
= argv
[idx
]->arg
;
2162 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2163 AFI_IP
, "0.0.0.0/0", 0, 0);
2166 DEFUN (no_access_list_all
,
2167 no_access_list_all_cmd
,
2168 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2170 "Add an access list entry\n"
2171 "IP standard access list\n"
2172 "IP extended access list\n"
2173 "IP standard access list (expanded range)\n"
2174 "IP extended access list (expanded range)\n"
2175 "IP zebra access-list name\n")
2178 struct access_list
*access
;
2179 struct access_master
*master
;
2181 /* Looking up access_list. */
2182 access
= access_list_lookup(AFI_IP
, argv
[idx_acl
]->arg
);
2183 if (access
== NULL
) {
2184 vty_out(vty
, "%% access-list %s doesn't exist\n",
2185 argv
[idx_acl
]->arg
);
2186 return CMD_WARNING_CONFIG_FAILED
;
2189 master
= access
->master
;
2191 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
2192 /* Run hook function. */
2193 if (master
->delete_hook
)
2194 (*master
->delete_hook
)(access
);
2196 /* Delete all filter from access-list. */
2197 access_list_delete(access
);
2202 DEFUN (access_list_remark
,
2203 access_list_remark_cmd
,
2204 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2205 "Add an access list entry\n"
2206 "IP standard access list\n"
2207 "IP extended access list\n"
2208 "IP standard access list (expanded range)\n"
2209 "IP extended access list (expanded range)\n"
2210 "IP zebra access-list\n"
2211 "Access list entry comment\n"
2212 "Comment up to 100 characters\n")
2216 struct access_list
*access
;
2218 access
= access_list_get(AFI_IP
, argv
[idx_acl
]->arg
);
2220 if (access
->remark
) {
2221 XFREE(MTYPE_TMP
, access
->remark
);
2222 access
->remark
= NULL
;
2224 access
->remark
= argv_concat(argv
, argc
, idx_remark
);
2229 DEFUN (no_access_list_remark
,
2230 no_access_list_remark_cmd
,
2231 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
2233 "Add an access list entry\n"
2234 "IP standard access list\n"
2235 "IP extended access list\n"
2236 "IP standard access list (expanded range)\n"
2237 "IP extended access list (expanded range)\n"
2238 "IP zebra access-list\n"
2239 "Access list entry comment\n")
2242 return vty_access_list_remark_unset(vty
, AFI_IP
, argv
[idx_acl
]->arg
);
2246 DEFUN (no_access_list_remark_comment
,
2247 no_access_list_remark_comment_cmd
,
2248 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
2250 "Add an access list entry\n"
2251 "IP standard access list\n"
2252 "IP extended access list\n"
2253 "IP standard access list (expanded range)\n"
2254 "IP extended access list (expanded range)\n"
2255 "IP zebra access-list\n"
2256 "Access list entry comment\n"
2257 "Comment up to 100 characters\n")
2259 return no_access_list_remark(self
, vty
, argc
, argv
);
2262 DEFUN (ipv6_access_list_exact
,
2263 ipv6_access_list_exact_cmd
,
2264 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2266 "Add an access list entry\n"
2267 "IPv6 zebra access-list\n"
2268 "Sequence number of an entry\n"
2270 "Specify packets to reject\n"
2271 "Specify packets to forward\n"
2273 "Exact match of the prefixes\n")
2279 char *permit_deny
= NULL
;
2280 char *prefix
= NULL
;
2282 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2284 seq
= argv
[idx
]->arg
;
2287 argv_find(argv
, argc
, "permit", &idx
);
2288 argv_find(argv
, argc
, "deny", &idx
);
2290 permit_deny
= argv
[idx
]->arg
;
2293 argv_find(argv
, argc
, "X:X::X:X/M", &idx
);
2295 prefix
= argv
[idx
]->arg
;
2298 if (argv_find(argv
, argc
, "exact-match", &idx
))
2301 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2302 AFI_IP6
, prefix
, exact
, 1);
2305 DEFUN (ipv6_access_list_any
,
2306 ipv6_access_list_any_cmd
,
2307 "ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2309 "Add an access list entry\n"
2310 "IPv6 zebra access-list\n"
2311 "Sequence number of an entry\n"
2313 "Specify packets to reject\n"
2314 "Specify packets to forward\n"
2315 "Any prefixi to match\n")
2320 char *permit_deny
= NULL
;
2322 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2324 seq
= argv
[idx
]->arg
;
2327 argv_find(argv
, argc
, "permit", &idx
);
2328 argv_find(argv
, argc
, "deny", &idx
);
2330 permit_deny
= argv
[idx
]->arg
;
2332 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2333 AFI_IP6
, "::/0", 0, 1);
2336 DEFUN (no_ipv6_access_list_exact
,
2337 no_ipv6_access_list_exact_cmd
,
2338 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> X:X::X:X/M [exact-match]",
2341 "Add an access list entry\n"
2342 "IPv6 zebra access-list\n"
2343 "Sequence number of an entry\n"
2345 "Specify packets to reject\n"
2346 "Specify packets to forward\n"
2347 "Prefix to match. e.g. 3ffe:506::/32\n"
2348 "Exact match of the prefixes\n")
2354 char *permit_deny
= NULL
;
2355 char *prefix
= NULL
;
2357 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2359 seq
= argv
[idx
]->arg
;
2362 argv_find(argv
, argc
, "permit", &idx
);
2363 argv_find(argv
, argc
, "deny", &idx
);
2365 permit_deny
= argv
[idx
]->arg
;
2368 argv_find(argv
, argc
, "X:X::X:X/M", &idx
);
2370 prefix
= argv
[idx
]->arg
;
2374 if (argv_find(argv
, argc
, "exact-match", &idx
))
2377 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2378 AFI_IP6
, prefix
, exact
, 0);
2381 DEFUN (no_ipv6_access_list_any
,
2382 no_ipv6_access_list_any_cmd
,
2383 "no ipv6 access-list WORD [seq (1-4294967295)] <deny|permit> any",
2386 "Add an access list entry\n"
2387 "IPv6 zebra access-list\n"
2388 "Sequence number of an entry\n"
2390 "Specify packets to reject\n"
2391 "Specify packets to forward\n"
2392 "Any prefixi to match\n")
2397 char *permit_deny
= NULL
;
2399 argv_find(argv
, argc
, "(1-4294967295)", &idx
);
2401 seq
= argv
[idx
]->arg
;
2404 argv_find(argv
, argc
, "permit", &idx
);
2405 argv_find(argv
, argc
, "deny", &idx
);
2407 permit_deny
= argv
[idx
]->arg
;
2409 return filter_set_zebra(vty
, argv
[idx_word
]->arg
, seq
, permit_deny
,
2410 AFI_IP6
, "::/0", 0, 0);
2414 DEFUN (no_ipv6_access_list_all
,
2415 no_ipv6_access_list_all_cmd
,
2416 "no ipv6 access-list WORD",
2419 "Add an access list entry\n"
2420 "IPv6 zebra access-list\n")
2423 struct access_list
*access
;
2424 struct access_master
*master
;
2426 /* Looking up access_list. */
2427 access
= access_list_lookup(AFI_IP6
, argv
[idx_word
]->arg
);
2428 if (access
== NULL
) {
2429 vty_out(vty
, "%% access-list %s doesn't exist\n",
2430 argv
[idx_word
]->arg
);
2431 return CMD_WARNING_CONFIG_FAILED
;
2434 master
= access
->master
;
2436 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
2437 /* Run hook function. */
2438 if (master
->delete_hook
)
2439 (*master
->delete_hook
)(access
);
2441 /* Delete all filter from access-list. */
2442 access_list_delete(access
);
2447 DEFUN (ipv6_access_list_remark
,
2448 ipv6_access_list_remark_cmd
,
2449 "ipv6 access-list WORD remark LINE...",
2451 "Add an access list entry\n"
2452 "IPv6 zebra access-list\n"
2453 "Access list entry comment\n"
2454 "Comment up to 100 characters\n")
2458 struct access_list
*access
;
2460 access
= access_list_get(AFI_IP6
, argv
[idx_word
]->arg
);
2462 if (access
->remark
) {
2463 XFREE(MTYPE_TMP
, access
->remark
);
2464 access
->remark
= NULL
;
2466 access
->remark
= argv_concat(argv
, argc
, idx_line
);
2471 DEFUN (no_ipv6_access_list_remark
,
2472 no_ipv6_access_list_remark_cmd
,
2473 "no ipv6 access-list WORD remark",
2476 "Add an access list entry\n"
2477 "IPv6 zebra access-list\n"
2478 "Access list entry comment\n")
2481 return vty_access_list_remark_unset(vty
, AFI_IP6
, argv
[idx_word
]->arg
);
2485 DEFUN (no_ipv6_access_list_remark_comment
,
2486 no_ipv6_access_list_remark_comment_cmd
,
2487 "no ipv6 access-list WORD remark LINE...",
2490 "Add an access list entry\n"
2491 "IPv6 zebra access-list\n"
2492 "Access list entry comment\n"
2493 "Comment up to 100 characters\n")
2495 return no_ipv6_access_list_remark(self
, vty
, argc
, argv
);
2498 static void config_write_access_zebra(struct vty
*, struct filter
*);
2499 static void config_write_access_cisco(struct vty
*, struct filter
*);
2501 /* show access-list command. */
2502 static int filter_show(struct vty
*vty
, const char *name
, afi_t afi
)
2504 struct access_list
*access
;
2505 struct access_master
*master
;
2506 struct filter
*mfilter
;
2507 struct filter_cisco
*filter
;
2510 master
= access_master_get(afi
);
2514 /* Print the name of the protocol */
2515 vty_out(vty
, "%s:\n", frr_protoname
);
2517 for (access
= master
->num
.head
; access
; access
= access
->next
) {
2518 if (name
&& strcmp(access
->name
, name
) != 0)
2523 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2524 filter
= &mfilter
->u
.cfilter
;
2527 vty_out(vty
, "%s %s access list %s\n",
2528 mfilter
->cisco
? (filter
->extended
2534 : ((afi
== AFI_IP6
) ? ("IPv6 ")
2540 vty_out(vty
, " seq %" PRId64
, mfilter
->seq
);
2541 vty_out(vty
, " %s%s", filter_type_str(mfilter
),
2542 mfilter
->type
== FILTER_DENY
? " " : "");
2544 if (!mfilter
->cisco
)
2545 config_write_access_zebra(vty
, mfilter
);
2546 else if (filter
->extended
)
2547 config_write_access_cisco(vty
, mfilter
);
2549 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2550 vty_out(vty
, " any\n");
2553 inet_ntoa(filter
->addr
));
2554 if (filter
->addr_mask
.s_addr
2557 ", wildcard bits %s",
2559 filter
->addr_mask
));
2566 for (access
= master
->str
.head
; access
; access
= access
->next
) {
2567 if (name
&& strcmp(access
->name
, name
) != 0)
2572 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2573 filter
= &mfilter
->u
.cfilter
;
2576 vty_out(vty
, "%s %s access list %s\n",
2577 mfilter
->cisco
? (filter
->extended
2583 : ((afi
== AFI_IP6
) ? ("IPv6 ")
2589 vty_out(vty
, " seq %" PRId64
, mfilter
->seq
);
2590 vty_out(vty
, " %s%s", filter_type_str(mfilter
),
2591 mfilter
->type
== FILTER_DENY
? " " : "");
2593 if (!mfilter
->cisco
)
2594 config_write_access_zebra(vty
, mfilter
);
2595 else if (filter
->extended
)
2596 config_write_access_cisco(vty
, mfilter
);
2598 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2599 vty_out(vty
, " any\n");
2602 inet_ntoa(filter
->addr
));
2603 if (filter
->addr_mask
.s_addr
2606 ", wildcard bits %s",
2608 filter
->addr_mask
));
2617 /* show MAC access list - this only has MAC filters for now*/
2618 DEFUN (show_mac_access_list
,
2619 show_mac_access_list_cmd
,
2620 "show mac access-list",
2622 "mac access lists\n"
2623 "List mac access lists\n")
2625 return filter_show(vty
, NULL
, AFI_L2VPN
);
2628 DEFUN (show_mac_access_list_name
,
2629 show_mac_access_list_name_cmd
,
2630 "show mac access-list WORD",
2632 "mac access lists\n"
2633 "List mac access lists\n"
2636 return filter_show(vty
, argv
[3]->arg
, AFI_L2VPN
);
2639 DEFUN (show_ip_access_list
,
2640 show_ip_access_list_cmd
,
2641 "show ip access-list",
2644 "List IP access lists\n")
2646 return filter_show(vty
, NULL
, AFI_IP
);
2649 DEFUN (show_ip_access_list_name
,
2650 show_ip_access_list_name_cmd
,
2651 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
2654 "List IP access lists\n"
2655 "IP standard access list\n"
2656 "IP extended access list\n"
2657 "IP standard access list (expanded range)\n"
2658 "IP extended access list (expanded range)\n"
2659 "IP zebra access-list\n")
2662 return filter_show(vty
, argv
[idx_acl
]->arg
, AFI_IP
);
2665 DEFUN (show_ipv6_access_list
,
2666 show_ipv6_access_list_cmd
,
2667 "show ipv6 access-list",
2670 "List IPv6 access lists\n")
2672 return filter_show(vty
, NULL
, AFI_IP6
);
2675 DEFUN (show_ipv6_access_list_name
,
2676 show_ipv6_access_list_name_cmd
,
2677 "show ipv6 access-list WORD",
2680 "List IPv6 access lists\n"
2681 "IPv6 zebra access-list\n")
2684 return filter_show(vty
, argv
[idx_word
]->arg
, AFI_IP6
);
2687 static void config_write_access_cisco(struct vty
*vty
, struct filter
*mfilter
)
2689 struct filter_cisco
*filter
;
2691 filter
= &mfilter
->u
.cfilter
;
2693 if (filter
->extended
) {
2694 vty_out(vty
, " ip");
2695 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2696 vty_out(vty
, " any");
2697 else if (filter
->addr_mask
.s_addr
== INADDR_ANY
)
2698 vty_out(vty
, " host %s", inet_ntoa(filter
->addr
));
2700 vty_out(vty
, " %s", inet_ntoa(filter
->addr
));
2701 vty_out(vty
, " %s", inet_ntoa(filter
->addr_mask
));
2704 if (filter
->mask_mask
.s_addr
== 0xffffffff)
2705 vty_out(vty
, " any");
2706 else if (filter
->mask_mask
.s_addr
== INADDR_ANY
)
2707 vty_out(vty
, " host %s", inet_ntoa(filter
->mask
));
2709 vty_out(vty
, " %s", inet_ntoa(filter
->mask
));
2710 vty_out(vty
, " %s", inet_ntoa(filter
->mask_mask
));
2714 if (filter
->addr_mask
.s_addr
== 0xffffffff)
2715 vty_out(vty
, " any\n");
2717 vty_out(vty
, " %s", inet_ntoa(filter
->addr
));
2718 if (filter
->addr_mask
.s_addr
!= INADDR_ANY
)
2720 inet_ntoa(filter
->addr_mask
));
2726 static void config_write_access_zebra(struct vty
*vty
, struct filter
*mfilter
)
2728 struct filter_zebra
*filter
;
2732 filter
= &mfilter
->u
.zfilter
;
2733 p
= &filter
->prefix
;
2735 if (p
->prefixlen
== 0 && !filter
->exact
)
2736 vty_out(vty
, " any");
2737 else if (p
->family
== AF_INET6
|| p
->family
== AF_INET
)
2738 vty_out(vty
, " %s/%d%s",
2739 inet_ntop(p
->family
, &p
->u
.prefix
, buf
, BUFSIZ
),
2740 p
->prefixlen
, filter
->exact
? " exact-match" : "");
2741 else if (p
->family
== AF_ETHERNET
) {
2742 if (p
->prefixlen
== 0)
2743 vty_out(vty
, " any");
2745 vty_out(vty
, " %s", prefix_mac2str(&(p
->u
.prefix_eth
),
2752 static int config_write_access(struct vty
*vty
, afi_t afi
)
2754 struct access_list
*access
;
2755 struct access_master
*master
;
2756 struct filter
*mfilter
;
2759 master
= access_master_get(afi
);
2763 for (access
= master
->num
.head
; access
; access
= access
->next
) {
2764 if (access
->remark
) {
2765 vty_out(vty
, "%saccess-list %s remark %s\n",
2766 (afi
== AFI_IP
) ? ("")
2767 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2769 access
->name
, access
->remark
);
2773 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2774 vty_out(vty
, "%saccess-list %s seq %" PRId64
" %s",
2775 (afi
== AFI_IP
) ? ("")
2776 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2778 access
->name
, mfilter
->seq
,
2779 filter_type_str(mfilter
));
2782 config_write_access_cisco(vty
, mfilter
);
2784 config_write_access_zebra(vty
, mfilter
);
2790 for (access
= master
->str
.head
; access
; access
= access
->next
) {
2791 if (access
->remark
) {
2792 vty_out(vty
, "%saccess-list %s remark %s\n",
2793 (afi
== AFI_IP
) ? ("")
2794 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2796 access
->name
, access
->remark
);
2800 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
) {
2801 vty_out(vty
, "%saccess-list %s seq %" PRId64
" %s",
2802 (afi
== AFI_IP
) ? ("")
2803 : ((afi
== AFI_IP6
) ? ("ipv6 ")
2805 access
->name
, mfilter
->seq
,
2806 filter_type_str(mfilter
));
2809 config_write_access_cisco(vty
, mfilter
);
2811 config_write_access_zebra(vty
, mfilter
);
2819 static struct cmd_node access_mac_node
= {
2820 ACCESS_MAC_NODE
, "", /* Access list has no interface. */
2823 static int config_write_access_mac(struct vty
*vty
)
2825 return config_write_access(vty
, AFI_L2VPN
);
2828 static void access_list_reset_mac(void)
2830 struct access_list
*access
;
2831 struct access_list
*next
;
2832 struct access_master
*master
;
2834 master
= access_master_get(AFI_L2VPN
);
2838 for (access
= master
->num
.head
; access
; access
= next
) {
2839 next
= access
->next
;
2840 access_list_delete(access
);
2842 for (access
= master
->str
.head
; access
; access
= next
) {
2843 next
= access
->next
;
2844 access_list_delete(access
);
2847 assert(master
->num
.head
== NULL
);
2848 assert(master
->num
.tail
== NULL
);
2850 assert(master
->str
.head
== NULL
);
2851 assert(master
->str
.tail
== NULL
);
2854 /* Install vty related command. */
2855 static void access_list_init_mac(void)
2857 install_node(&access_mac_node
, config_write_access_mac
);
2859 install_element(ENABLE_NODE
, &show_mac_access_list_cmd
);
2860 install_element(ENABLE_NODE
, &show_mac_access_list_name_cmd
);
2862 /* Zebra access-list */
2863 install_element(CONFIG_NODE
, &mac_access_list_cmd
);
2864 install_element(CONFIG_NODE
, &no_mac_access_list_cmd
);
2865 install_element(CONFIG_NODE
, &mac_access_list_any_cmd
);
2866 install_element(CONFIG_NODE
, &no_mac_access_list_any_cmd
);
2869 /* Access-list node. */
2870 static struct cmd_node access_node
= {ACCESS_NODE
,
2871 "", /* Access list has no interface. */
2874 static int config_write_access_ipv4(struct vty
*vty
)
2876 return config_write_access(vty
, AFI_IP
);
2879 static void access_list_reset_ipv4(void)
2881 struct access_list
*access
;
2882 struct access_list
*next
;
2883 struct access_master
*master
;
2885 master
= access_master_get(AFI_IP
);
2889 for (access
= master
->num
.head
; access
; access
= next
) {
2890 next
= access
->next
;
2891 access_list_delete(access
);
2893 for (access
= master
->str
.head
; access
; access
= next
) {
2894 next
= access
->next
;
2895 access_list_delete(access
);
2898 assert(master
->num
.head
== NULL
);
2899 assert(master
->num
.tail
== NULL
);
2901 assert(master
->str
.head
== NULL
);
2902 assert(master
->str
.tail
== NULL
);
2905 /* Install vty related command. */
2906 static void access_list_init_ipv4(void)
2908 install_node(&access_node
, config_write_access_ipv4
);
2910 install_element(ENABLE_NODE
, &show_ip_access_list_cmd
);
2911 install_element(ENABLE_NODE
, &show_ip_access_list_name_cmd
);
2913 /* Zebra access-list */
2914 install_element(CONFIG_NODE
, &access_list_exact_cmd
);
2915 install_element(CONFIG_NODE
, &access_list_any_cmd
);
2916 install_element(CONFIG_NODE
, &no_access_list_exact_cmd
);
2917 install_element(CONFIG_NODE
, &no_access_list_any_cmd
);
2919 /* Standard access-list */
2920 install_element(CONFIG_NODE
, &access_list_standard_cmd
);
2921 install_element(CONFIG_NODE
, &access_list_standard_nomask_cmd
);
2922 install_element(CONFIG_NODE
, &access_list_standard_host_cmd
);
2923 install_element(CONFIG_NODE
, &access_list_standard_any_cmd
);
2924 install_element(CONFIG_NODE
, &no_access_list_standard_cmd
);
2925 install_element(CONFIG_NODE
, &no_access_list_standard_nomask_cmd
);
2926 install_element(CONFIG_NODE
, &no_access_list_standard_host_cmd
);
2927 install_element(CONFIG_NODE
, &no_access_list_standard_any_cmd
);
2929 /* Extended access-list */
2930 install_element(CONFIG_NODE
, &access_list_extended_cmd
);
2931 install_element(CONFIG_NODE
, &access_list_extended_any_mask_cmd
);
2932 install_element(CONFIG_NODE
, &access_list_extended_mask_any_cmd
);
2933 install_element(CONFIG_NODE
, &access_list_extended_any_any_cmd
);
2934 install_element(CONFIG_NODE
, &access_list_extended_host_mask_cmd
);
2935 install_element(CONFIG_NODE
, &access_list_extended_mask_host_cmd
);
2936 install_element(CONFIG_NODE
, &access_list_extended_host_host_cmd
);
2937 install_element(CONFIG_NODE
, &access_list_extended_any_host_cmd
);
2938 install_element(CONFIG_NODE
, &access_list_extended_host_any_cmd
);
2939 install_element(CONFIG_NODE
, &no_access_list_extended_cmd
);
2940 install_element(CONFIG_NODE
, &no_access_list_extended_any_mask_cmd
);
2941 install_element(CONFIG_NODE
, &no_access_list_extended_mask_any_cmd
);
2942 install_element(CONFIG_NODE
, &no_access_list_extended_any_any_cmd
);
2943 install_element(CONFIG_NODE
, &no_access_list_extended_host_mask_cmd
);
2944 install_element(CONFIG_NODE
, &no_access_list_extended_mask_host_cmd
);
2945 install_element(CONFIG_NODE
, &no_access_list_extended_host_host_cmd
);
2946 install_element(CONFIG_NODE
, &no_access_list_extended_any_host_cmd
);
2947 install_element(CONFIG_NODE
, &no_access_list_extended_host_any_cmd
);
2949 install_element(CONFIG_NODE
, &access_list_remark_cmd
);
2950 install_element(CONFIG_NODE
, &no_access_list_all_cmd
);
2951 install_element(CONFIG_NODE
, &no_access_list_remark_cmd
);
2952 install_element(CONFIG_NODE
, &no_access_list_remark_comment_cmd
);
2955 static struct cmd_node access_ipv6_node
= {ACCESS_IPV6_NODE
, "", 1};
2957 static int config_write_access_ipv6(struct vty
*vty
)
2959 return config_write_access(vty
, AFI_IP6
);
2962 static void access_list_reset_ipv6(void)
2964 struct access_list
*access
;
2965 struct access_list
*next
;
2966 struct access_master
*master
;
2968 master
= access_master_get(AFI_IP6
);
2972 for (access
= master
->num
.head
; access
; access
= next
) {
2973 next
= access
->next
;
2974 access_list_delete(access
);
2976 for (access
= master
->str
.head
; access
; access
= next
) {
2977 next
= access
->next
;
2978 access_list_delete(access
);
2981 assert(master
->num
.head
== NULL
);
2982 assert(master
->num
.tail
== NULL
);
2984 assert(master
->str
.head
== NULL
);
2985 assert(master
->str
.tail
== NULL
);
2988 static void access_list_init_ipv6(void)
2990 install_node(&access_ipv6_node
, config_write_access_ipv6
);
2992 install_element(ENABLE_NODE
, &show_ipv6_access_list_cmd
);
2993 install_element(ENABLE_NODE
, &show_ipv6_access_list_name_cmd
);
2995 install_element(CONFIG_NODE
, &ipv6_access_list_exact_cmd
);
2996 install_element(CONFIG_NODE
, &ipv6_access_list_any_cmd
);
2997 install_element(CONFIG_NODE
, &no_ipv6_access_list_exact_cmd
);
2998 install_element(CONFIG_NODE
, &no_ipv6_access_list_any_cmd
);
3000 install_element(CONFIG_NODE
, &no_ipv6_access_list_all_cmd
);
3001 install_element(CONFIG_NODE
, &ipv6_access_list_remark_cmd
);
3002 install_element(CONFIG_NODE
, &no_ipv6_access_list_remark_cmd
);
3003 install_element(CONFIG_NODE
, &no_ipv6_access_list_remark_comment_cmd
);
3006 void access_list_init(void)
3008 access_list_init_ipv4();
3009 access_list_init_ipv6();
3010 access_list_init_mac();
3013 void access_list_reset(void)
3015 access_list_reset_ipv4();
3016 access_list_reset_ipv6();
3017 access_list_reset_mac();