1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
28 #include "sockunion.h"
33 /* Cisco access-list */
36 struct in_addr addr_mask
;
38 struct in_addr mask_mask
;
43 /* If this filter is "exact" match then this flag is set. */
46 /* Prefix information. */
50 /* Filter element of access list */
53 /* For doubly linked list. */
57 /* Filter type information. */
58 enum filter_type type
;
60 /* Cisco access-list */
65 struct filter_cisco cfilter
;
66 struct filter_zebra zfilter
;
70 /* List of access_list. */
71 struct access_list_list
73 struct access_list
*head
;
74 struct access_list
*tail
;
77 /* Master structure of access_list. */
80 /* List of access_list which name is number. */
81 struct access_list_list num
;
83 /* List of access_list which name is string. */
84 struct access_list_list str
;
86 /* Hook function which is executed when new access_list is added. */
89 /* Hook function which is executed when access_list is deleted. */
90 void (*delete_hook
) ();
93 /* Static structure for IPv4 access_list's master. */
94 static struct access_master access_master_ipv4
=
103 /* Static structure for IPv6 access_list's master. */
104 static struct access_master access_master_ipv6
=
111 #endif /* HAVE_IPV6 */
113 struct access_master
*
114 access_master_get (afi_t afi
)
117 return &access_master_ipv4
;
119 else if (afi
== AFI_IP6
)
120 return &access_master_ipv6
;
121 #endif /* HAVE_IPV6 */
125 /* Allocate new filter structure. */
129 return (struct filter
*) XCALLOC (MTYPE_ACCESS_FILTER
,
130 sizeof (struct filter
));
134 filter_free (struct filter
*filter
)
136 XFREE (MTYPE_ACCESS_FILTER
, filter
);
139 /* Return string of filter_type. */
141 filter_type_str (struct filter
*filter
)
143 switch (filter
->type
)
160 /* If filter match to the prefix then return 1. */
162 filter_match_cisco (struct filter
*mfilter
, struct prefix
*p
)
164 struct filter_cisco
*filter
;
166 u_int32_t check_addr
;
167 u_int32_t check_mask
;
169 filter
= &mfilter
->u
.cfilter
;
170 check_addr
= p
->u
.prefix4
.s_addr
& ~filter
->addr_mask
.s_addr
;
172 if (filter
->extended
)
174 masklen2ip (p
->prefixlen
, &mask
);
175 check_mask
= mask
.s_addr
& ~filter
->mask_mask
.s_addr
;
177 if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0
178 && memcmp (&check_mask
, &filter
->mask
.s_addr
, 4) == 0)
181 else if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0)
187 /* If filter match to the prefix then return 1. */
189 filter_match_zebra (struct filter
*mfilter
, struct prefix
*p
)
191 struct filter_zebra
*filter
;
193 filter
= &mfilter
->u
.zfilter
;
195 if (filter
->prefix
.family
== p
->family
)
199 if (filter
->prefix
.prefixlen
== p
->prefixlen
)
200 return prefix_match (&filter
->prefix
, p
);
205 return prefix_match (&filter
->prefix
, p
);
211 /* Allocate new access list structure. */
215 return (struct access_list
*) XCALLOC (MTYPE_ACCESS_LIST
,
216 sizeof (struct access_list
));
219 /* Free allocated access_list. */
221 access_list_free (struct access_list
*access
)
223 XFREE (MTYPE_ACCESS_LIST
, access
);
226 /* Delete access_list from access_master and free it. */
228 access_list_delete (struct access_list
*access
)
230 struct filter
*filter
;
232 struct access_list_list
*list
;
233 struct access_master
*master
;
235 for (filter
= access
->head
; filter
; filter
= next
)
238 filter_free (filter
);
241 master
= access
->master
;
243 if (access
->type
== ACCESS_TYPE_NUMBER
)
249 access
->next
->prev
= access
->prev
;
251 list
->tail
= access
->prev
;
254 access
->prev
->next
= access
->next
;
256 list
->head
= access
->next
;
259 XFREE (MTYPE_ACCESS_LIST_STR
, access
->name
);
262 XFREE (MTYPE_TMP
, access
->remark
);
264 access_list_free (access
);
267 /* Insert new access list to list of access_list. Each acceess_list
268 is sorted by the name. */
270 access_list_insert (afi_t afi
, char *name
)
274 struct access_list
*access
;
275 struct access_list
*point
;
276 struct access_list_list
*alist
;
277 struct access_master
*master
;
279 master
= access_master_get (afi
);
283 /* Allocate new access_list and copy given name. */
284 access
= access_list_new ();
285 access
->name
= XSTRDUP (MTYPE_ACCESS_LIST_STR
, name
);
286 access
->master
= master
;
288 /* If name is made by all digit character. We treat it as
290 for (number
= 0, i
= 0; i
< strlen (name
); i
++)
292 if (isdigit ((int) name
[i
]))
293 number
= (number
* 10) + (name
[i
] - '0');
298 /* In case of name is all digit character */
299 if (i
== strlen (name
))
301 access
->type
= ACCESS_TYPE_NUMBER
;
303 /* Set access_list to number list. */
304 alist
= &master
->num
;
306 for (point
= alist
->head
; point
; point
= point
->next
)
307 if (atol (point
->name
) >= number
)
312 access
->type
= ACCESS_TYPE_STRING
;
314 /* Set access_list to string list. */
315 alist
= &master
->str
;
317 /* Set point to insertion point. */
318 for (point
= alist
->head
; point
; point
= point
->next
)
319 if (strcmp (point
->name
, name
) >= 0)
323 /* In case of this is the first element of master. */
324 if (alist
->head
== NULL
)
326 alist
->head
= alist
->tail
= access
;
330 /* In case of insertion is made at the tail of access_list. */
333 access
->prev
= alist
->tail
;
334 alist
->tail
->next
= access
;
335 alist
->tail
= access
;
339 /* In case of insertion is made at the head of access_list. */
340 if (point
== alist
->head
)
342 access
->next
= alist
->head
;
343 alist
->head
->prev
= access
;
344 alist
->head
= access
;
348 /* Insertion is made at middle of the access_list. */
349 access
->next
= point
;
350 access
->prev
= point
->prev
;
353 point
->prev
->next
= access
;
354 point
->prev
= access
;
359 /* Lookup access_list from list of access_list by name. */
361 access_list_lookup (afi_t afi
, char *name
)
363 struct access_list
*access
;
364 struct access_master
*master
;
369 master
= access_master_get (afi
);
373 for (access
= master
->num
.head
; access
; access
= access
->next
)
374 if (strcmp (access
->name
, name
) == 0)
377 for (access
= master
->str
.head
; access
; access
= access
->next
)
378 if (strcmp (access
->name
, name
) == 0)
384 /* Get access list from list of access_list. If there isn't matched
385 access_list create new one and return it. */
387 access_list_get (afi_t afi
, char *name
)
389 struct access_list
*access
;
391 access
= access_list_lookup (afi
, name
);
393 access
= access_list_insert (afi
, name
);
397 /* Apply access list to object (which should be struct prefix *). */
399 access_list_apply (struct access_list
*access
, void *object
)
401 struct filter
*filter
;
404 p
= (struct prefix
*) object
;
409 for (filter
= access
->head
; filter
; filter
= filter
->next
)
413 if (filter_match_cisco (filter
, p
))
418 if (filter_match_zebra (filter
, p
))
426 /* Add hook function. */
428 access_list_add_hook (void (*func
) (struct access_list
*access
))
430 access_master_ipv4
.add_hook
= func
;
432 access_master_ipv6
.add_hook
= func
;
433 #endif /* HAVE_IPV6 */
436 /* Delete hook function. */
438 access_list_delete_hook (void (*func
) (struct access_list
*access
))
440 access_master_ipv4
.delete_hook
= func
;
442 access_master_ipv6
.delete_hook
= func
;
443 #endif /* HAVE_IPV6 */
446 /* Add new filter to the end of specified access_list. */
448 access_list_filter_add (struct access_list
*access
, struct filter
*filter
)
451 filter
->prev
= access
->tail
;
454 access
->tail
->next
= filter
;
456 access
->head
= filter
;
457 access
->tail
= filter
;
459 /* Run hook function. */
460 if (access
->master
->add_hook
)
461 (*access
->master
->add_hook
) (access
);
464 /* If access_list has no filter then return 1. */
466 access_list_empty (struct access_list
*access
)
468 if (access
->head
== NULL
&& access
->tail
== NULL
)
474 /* Delete filter from specified access_list. If there is hook
475 function execute it. */
477 access_list_filter_delete (struct access_list
*access
, struct filter
*filter
)
479 struct access_master
*master
;
481 master
= access
->master
;
484 filter
->next
->prev
= filter
->prev
;
486 access
->tail
= filter
->prev
;
489 filter
->prev
->next
= filter
->next
;
491 access
->head
= filter
->next
;
493 filter_free (filter
);
495 /* If access_list becomes empty delete it from access_master. */
496 if (access_list_empty (access
))
497 access_list_delete (access
);
499 /* Run hook function. */
500 if (master
->delete_hook
)
501 (*master
->delete_hook
) (access
);
505 deny Specify packets to reject
506 permit Specify packets to forward
511 Hostname or A.B.C.D Address to match
513 host A single host address
517 filter_lookup_cisco (struct access_list
*access
, struct filter
*mnew
)
519 struct filter
*mfilter
;
520 struct filter_cisco
*filter
;
521 struct filter_cisco
*new;
523 new = &mnew
->u
.cfilter
;
525 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
527 filter
= &mfilter
->u
.cfilter
;
529 if (filter
->extended
)
531 if (mfilter
->type
== mnew
->type
532 && filter
->addr
.s_addr
== new->addr
.s_addr
533 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
534 && filter
->mask
.s_addr
== new->mask
.s_addr
535 && filter
->mask_mask
.s_addr
== new->mask_mask
.s_addr
)
540 if (mfilter
->type
== mnew
->type
541 && filter
->addr
.s_addr
== new->addr
.s_addr
542 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
)
551 filter_lookup_zebra (struct access_list
*access
, struct filter
*mnew
)
553 struct filter
*mfilter
;
554 struct filter_zebra
*filter
;
555 struct filter_zebra
*new;
557 new = &mnew
->u
.zfilter
;
559 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
561 filter
= &mfilter
->u
.zfilter
;
563 if (filter
->exact
== new->exact
564 && mfilter
->type
== mnew
->type
565 && prefix_same (&filter
->prefix
, &new->prefix
))
572 vty_access_list_remark_unset (struct vty
*vty
, afi_t afi
, char *name
)
574 struct access_list
*access
;
576 access
= access_list_lookup (afi
, name
);
579 vty_out (vty
, "%% access-list %s doesn't exist%s", name
,
586 XFREE (MTYPE_TMP
, access
->remark
);
587 access
->remark
= NULL
;
590 if (access
->head
== NULL
&& access
->tail
== NULL
&& access
->remark
== NULL
)
591 access_list_delete (access
);
597 filter_set_cisco (struct vty
*vty
, char *name_str
, char *type_str
,
598 char *addr_str
, char *addr_mask_str
,
599 char *mask_str
, char *mask_mask_str
,
600 int extended
, int set
)
603 enum filter_type type
;
604 struct filter
*mfilter
;
605 struct filter_cisco
*filter
;
606 struct access_list
*access
;
608 struct in_addr addr_mask
;
610 struct in_addr mask_mask
;
612 /* Check of filter type. */
613 if (strncmp (type_str
, "p", 1) == 0)
614 type
= FILTER_PERMIT
;
615 else if (strncmp (type_str
, "d", 1) == 0)
619 vty_out (vty
, "%% filter type must be permit or deny%s", VTY_NEWLINE
);
623 ret
= inet_aton (addr_str
, &addr
);
626 vty_out (vty
, "%%Inconsistent address and mask%s",
631 ret
= inet_aton (addr_mask_str
, &addr_mask
);
634 vty_out (vty
, "%%Inconsistent address and mask%s",
641 ret
= inet_aton (mask_str
, &mask
);
644 vty_out (vty
, "%%Inconsistent address and mask%s",
649 ret
= inet_aton (mask_mask_str
, &mask_mask
);
652 vty_out (vty
, "%%Inconsistent address and mask%s",
658 mfilter
= filter_new();
659 mfilter
->type
= type
;
661 filter
= &mfilter
->u
.cfilter
;
662 filter
->extended
= extended
;
663 filter
->addr
.s_addr
= addr
.s_addr
& ~addr_mask
.s_addr
;
664 filter
->addr_mask
.s_addr
= addr_mask
.s_addr
;
668 filter
->mask
.s_addr
= mask
.s_addr
& ~mask_mask
.s_addr
;
669 filter
->mask_mask
.s_addr
= mask_mask
.s_addr
;
672 /* Install new filter to the access_list. */
673 access
= access_list_get (AFI_IP
, name_str
);
677 if (filter_lookup_cisco (access
, mfilter
))
678 filter_free (mfilter
);
680 access_list_filter_add (access
, mfilter
);
684 struct filter
*delete_filter
;
686 delete_filter
= filter_lookup_cisco (access
, mfilter
);
688 access_list_filter_delete (access
, delete_filter
);
690 filter_free (mfilter
);
696 /* Standard access-list */
697 DEFUN (access_list_standard
,
698 access_list_standard_cmd
,
699 "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
700 "Add an access list entry\n"
701 "IP standard access list\n"
702 "IP standard access list (expanded range)\n"
703 "Specify packets to reject\n"
704 "Specify packets to forward\n"
708 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], argv
[3],
712 DEFUN (access_list_standard_nomask
,
713 access_list_standard_nomask_cmd
,
714 "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
715 "Add an access list entry\n"
716 "IP standard access list\n"
717 "IP standard access list (expanded range)\n"
718 "Specify packets to reject\n"
719 "Specify packets to forward\n"
720 "Address to match\n")
722 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], "0.0.0.0",
726 DEFUN (access_list_standard_host
,
727 access_list_standard_host_cmd
,
728 "access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
729 "Add an access list entry\n"
730 "IP standard access list\n"
731 "IP standard access list (expanded range)\n"
732 "Specify packets to reject\n"
733 "Specify packets to forward\n"
734 "A single host address\n"
735 "Address to match\n")
737 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], "0.0.0.0",
741 DEFUN (access_list_standard_any
,
742 access_list_standard_any_cmd
,
743 "access-list (<1-99>|<1300-1999>) (deny|permit) any",
744 "Add an access list entry\n"
745 "IP standard access list\n"
746 "IP standard access list (expanded range)\n"
747 "Specify packets to reject\n"
748 "Specify packets to forward\n"
751 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
752 "255.255.255.255", NULL
, NULL
, 0, 1);
755 DEFUN (no_access_list_standard
,
756 no_access_list_standard_cmd
,
757 "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
759 "Add an access list entry\n"
760 "IP standard access list\n"
761 "IP standard access list (expanded range)\n"
762 "Specify packets to reject\n"
763 "Specify packets to forward\n"
767 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], argv
[3],
771 DEFUN (no_access_list_standard_nomask
,
772 no_access_list_standard_nomask_cmd
,
773 "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
775 "Add an access list entry\n"
776 "IP standard access list\n"
777 "IP standard access list (expanded range)\n"
778 "Specify packets to reject\n"
779 "Specify packets to forward\n"
780 "Address to match\n")
782 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], "0.0.0.0",
786 DEFUN (no_access_list_standard_host
,
787 no_access_list_standard_host_cmd
,
788 "no access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
790 "Add an access list entry\n"
791 "IP standard access list\n"
792 "IP standard access list (expanded range)\n"
793 "Specify packets to reject\n"
794 "Specify packets to forward\n"
795 "A single host address\n"
796 "Address to match\n")
798 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2], "0.0.0.0",
802 DEFUN (no_access_list_standard_any
,
803 no_access_list_standard_any_cmd
,
804 "no access-list (<1-99>|<1300-1999>) (deny|permit) any",
806 "Add an access list entry\n"
807 "IP standard access list\n"
808 "IP standard access list (expanded range)\n"
809 "Specify packets to reject\n"
810 "Specify packets to forward\n"
813 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
814 "255.255.255.255", NULL
, NULL
, 0, 0);
817 /* Extended access-list */
818 DEFUN (access_list_extended
,
819 access_list_extended_cmd
,
820 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
821 "Add an access list entry\n"
822 "IP extended access list\n"
823 "IP extended access list (expanded range)\n"
824 "Specify packets to reject\n"
825 "Specify packets to forward\n"
826 "Any Internet Protocol\n"
828 "Source wildcard bits\n"
829 "Destination address\n"
830 "Destination Wildcard bits\n")
832 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
833 argv
[3], argv
[4], argv
[5], 1 ,1);
836 DEFUN (access_list_extended_mask_any
,
837 access_list_extended_mask_any_cmd
,
838 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
839 "Add an access list entry\n"
840 "IP extended access list\n"
841 "IP extended access list (expanded range)\n"
842 "Specify packets to reject\n"
843 "Specify packets to forward\n"
844 "Any Internet Protocol\n"
846 "Source wildcard bits\n"
847 "Any destination host\n")
849 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
851 "255.255.255.255", 1, 1);
854 DEFUN (access_list_extended_any_mask
,
855 access_list_extended_any_mask_cmd
,
856 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
857 "Add an access list entry\n"
858 "IP extended access list\n"
859 "IP extended access list (expanded range)\n"
860 "Specify packets to reject\n"
861 "Specify packets to forward\n"
862 "Any Internet Protocol\n"
864 "Destination address\n"
865 "Destination Wildcard bits\n")
867 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
868 "255.255.255.255", argv
[2],
872 DEFUN (access_list_extended_any_any
,
873 access_list_extended_any_any_cmd
,
874 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any any",
875 "Add an access list entry\n"
876 "IP extended access list\n"
877 "IP extended access list (expanded range)\n"
878 "Specify packets to reject\n"
879 "Specify packets to forward\n"
880 "Any Internet Protocol\n"
882 "Any destination host\n")
884 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
885 "255.255.255.255", "0.0.0.0",
886 "255.255.255.255", 1, 1);
889 DEFUN (access_list_extended_mask_host
,
890 access_list_extended_mask_host_cmd
,
891 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D host A.B.C.D",
892 "Add an access list entry\n"
893 "IP extended access list\n"
894 "IP extended access list (expanded range)\n"
895 "Specify packets to reject\n"
896 "Specify packets to forward\n"
897 "Any Internet Protocol\n"
899 "Source wildcard bits\n"
900 "A single destination host\n"
901 "Destination address\n")
903 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
908 DEFUN (access_list_extended_host_mask
,
909 access_list_extended_host_mask_cmd
,
910 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D A.B.C.D A.B.C.D",
911 "Add an access list entry\n"
912 "IP extended access list\n"
913 "IP extended access list (expanded range)\n"
914 "Specify packets to reject\n"
915 "Specify packets to forward\n"
916 "Any Internet Protocol\n"
917 "A single source host\n"
919 "Destination address\n"
920 "Destination Wildcard bits\n")
922 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
927 DEFUN (access_list_extended_host_host
,
928 access_list_extended_host_host_cmd
,
929 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D host A.B.C.D",
930 "Add an access list entry\n"
931 "IP extended access list\n"
932 "IP extended access list (expanded range)\n"
933 "Specify packets to reject\n"
934 "Specify packets to forward\n"
935 "Any Internet Protocol\n"
936 "A single source host\n"
938 "A single destination host\n"
939 "Destination address\n")
941 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
946 DEFUN (access_list_extended_any_host
,
947 access_list_extended_any_host_cmd
,
948 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any host A.B.C.D",
949 "Add an access list entry\n"
950 "IP extended access list\n"
951 "IP extended access list (expanded range)\n"
952 "Specify packets to reject\n"
953 "Specify packets to forward\n"
954 "Any Internet Protocol\n"
956 "A single destination host\n"
957 "Destination address\n")
959 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
960 "255.255.255.255", argv
[2],
964 DEFUN (access_list_extended_host_any
,
965 access_list_extended_host_any_cmd
,
966 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D any",
967 "Add an access list entry\n"
968 "IP extended access list\n"
969 "IP extended access list (expanded range)\n"
970 "Specify packets to reject\n"
971 "Specify packets to forward\n"
972 "Any Internet Protocol\n"
973 "A single source host\n"
975 "Any destination host\n")
977 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
978 "0.0.0.0", "0.0.0.0",
979 "255.255.255.255", 1, 1);
982 DEFUN (no_access_list_extended
,
983 no_access_list_extended_cmd
,
984 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
986 "Add an access list entry\n"
987 "IP extended access list\n"
988 "IP extended access list (expanded range)\n"
989 "Specify packets to reject\n"
990 "Specify packets to forward\n"
991 "Any Internet Protocol\n"
993 "Source wildcard bits\n"
994 "Destination address\n"
995 "Destination Wildcard bits\n")
997 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
998 argv
[3], argv
[4], argv
[5], 1, 0);
1001 DEFUN (no_access_list_extended_mask_any
,
1002 no_access_list_extended_mask_any_cmd
,
1003 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
1005 "Add an access list entry\n"
1006 "IP extended access list\n"
1007 "IP extended access list (expanded range)\n"
1008 "Specify packets to reject\n"
1009 "Specify packets to forward\n"
1010 "Any Internet Protocol\n"
1012 "Source wildcard bits\n"
1013 "Any destination host\n")
1015 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
1017 "255.255.255.255", 1, 0);
1020 DEFUN (no_access_list_extended_any_mask
,
1021 no_access_list_extended_any_mask_cmd
,
1022 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
1024 "Add an access list entry\n"
1025 "IP extended access list\n"
1026 "IP extended access list (expanded range)\n"
1027 "Specify packets to reject\n"
1028 "Specify packets to forward\n"
1029 "Any Internet Protocol\n"
1031 "Destination address\n"
1032 "Destination Wildcard bits\n")
1034 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
1035 "255.255.255.255", argv
[2],
1039 DEFUN (no_access_list_extended_any_any
,
1040 no_access_list_extended_any_any_cmd
,
1041 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any any",
1043 "Add an access list entry\n"
1044 "IP extended access list\n"
1045 "IP extended access list (expanded range)\n"
1046 "Specify packets to reject\n"
1047 "Specify packets to forward\n"
1048 "Any Internet Protocol\n"
1050 "Any destination host\n")
1052 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
1053 "255.255.255.255", "0.0.0.0",
1054 "255.255.255.255", 1, 0);
1057 DEFUN (no_access_list_extended_mask_host
,
1058 no_access_list_extended_mask_host_cmd
,
1059 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D host A.B.C.D",
1061 "Add an access list entry\n"
1062 "IP extended access list\n"
1063 "IP extended access list (expanded range)\n"
1064 "Specify packets to reject\n"
1065 "Specify packets to forward\n"
1066 "Any Internet Protocol\n"
1068 "Source wildcard bits\n"
1069 "A single destination host\n"
1070 "Destination address\n")
1072 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
1077 DEFUN (no_access_list_extended_host_mask
,
1078 no_access_list_extended_host_mask_cmd
,
1079 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D A.B.C.D A.B.C.D",
1081 "Add an access list entry\n"
1082 "IP extended access list\n"
1083 "IP extended access list (expanded range)\n"
1084 "Specify packets to reject\n"
1085 "Specify packets to forward\n"
1086 "Any Internet Protocol\n"
1087 "A single source host\n"
1089 "Destination address\n"
1090 "Destination Wildcard bits\n")
1092 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
1097 DEFUN (no_access_list_extended_host_host
,
1098 no_access_list_extended_host_host_cmd
,
1099 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D host A.B.C.D",
1101 "Add an access list entry\n"
1102 "IP extended access list\n"
1103 "IP extended access list (expanded range)\n"
1104 "Specify packets to reject\n"
1105 "Specify packets to forward\n"
1106 "Any Internet Protocol\n"
1107 "A single source host\n"
1109 "A single destination host\n"
1110 "Destination address\n")
1112 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
1117 DEFUN (no_access_list_extended_any_host
,
1118 no_access_list_extended_any_host_cmd
,
1119 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any host A.B.C.D",
1121 "Add an access list entry\n"
1122 "IP extended access list\n"
1123 "IP extended access list (expanded range)\n"
1124 "Specify packets to reject\n"
1125 "Specify packets to forward\n"
1126 "Any Internet Protocol\n"
1128 "A single destination host\n"
1129 "Destination address\n")
1131 return filter_set_cisco (vty
, argv
[0], argv
[1], "0.0.0.0",
1132 "255.255.255.255", argv
[2],
1136 DEFUN (no_access_list_extended_host_any
,
1137 no_access_list_extended_host_any_cmd
,
1138 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D any",
1140 "Add an access list entry\n"
1141 "IP extended access list\n"
1142 "IP extended access list (expanded range)\n"
1143 "Specify packets to reject\n"
1144 "Specify packets to forward\n"
1145 "Any Internet Protocol\n"
1146 "A single source host\n"
1148 "Any destination host\n")
1150 return filter_set_cisco (vty
, argv
[0], argv
[1], argv
[2],
1151 "0.0.0.0", "0.0.0.0",
1152 "255.255.255.255", 1, 0);
1156 filter_set_zebra (struct vty
*vty
, char *name_str
, char *type_str
,
1157 afi_t afi
, char *prefix_str
, int exact
, int set
)
1160 enum filter_type type
;
1161 struct filter
*mfilter
;
1162 struct filter_zebra
*filter
;
1163 struct access_list
*access
;
1166 /* Check of filter type. */
1167 if (strncmp (type_str
, "p", 1) == 0)
1168 type
= FILTER_PERMIT
;
1169 else if (strncmp (type_str
, "d", 1) == 0)
1173 vty_out (vty
, "filter type must be [permit|deny]%s", VTY_NEWLINE
);
1177 /* Check string format of prefix and prefixlen. */
1180 ret
= str2prefix_ipv4 (prefix_str
, (struct prefix_ipv4
*)&p
);
1183 vty_out (vty
, "IP address prefix/prefixlen is malformed%s",
1189 else if (afi
== AFI_IP6
)
1191 ret
= str2prefix_ipv6 (prefix_str
, (struct prefix_ipv6
*) &p
);
1194 vty_out (vty
, "IPv6 address prefix/prefixlen is malformed%s",
1199 #endif /* HAVE_IPV6 */
1203 mfilter
= filter_new ();
1204 mfilter
->type
= type
;
1205 filter
= &mfilter
->u
.zfilter
;
1206 prefix_copy (&filter
->prefix
, &p
);
1212 /* Install new filter to the access_list. */
1213 access
= access_list_get (afi
, name_str
);
1217 if (filter_lookup_zebra (access
, mfilter
))
1218 filter_free (mfilter
);
1220 access_list_filter_add (access
, mfilter
);
1224 struct filter
*delete_filter
;
1226 delete_filter
= filter_lookup_zebra (access
, mfilter
);
1228 access_list_filter_delete (access
, delete_filter
);
1230 filter_free (mfilter
);
1236 /* Zebra access-list */
1239 "access-list WORD (deny|permit) A.B.C.D/M",
1240 "Add an access list entry\n"
1241 "IP zebra access-list name\n"
1242 "Specify packets to reject\n"
1243 "Specify packets to forward\n"
1244 "Prefix to match. e.g. 10.0.0.0/8\n")
1246 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, argv
[2], 0, 1);
1249 DEFUN (access_list_exact
,
1250 access_list_exact_cmd
,
1251 "access-list WORD (deny|permit) A.B.C.D/M exact-match",
1252 "Add an access list entry\n"
1253 "IP zebra access-list name\n"
1254 "Specify packets to reject\n"
1255 "Specify packets to forward\n"
1256 "Prefix to match. e.g. 10.0.0.0/8\n"
1257 "Exact match of the prefixes\n")
1259 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, argv
[2], 1, 1);
1262 DEFUN (access_list_any
,
1263 access_list_any_cmd
,
1264 "access-list WORD (deny|permit) any",
1265 "Add an access list entry\n"
1266 "IP zebra access-list name\n"
1267 "Specify packets to reject\n"
1268 "Specify packets to forward\n"
1269 "Prefix to match. e.g. 10.0.0.0/8\n")
1271 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, "0.0.0.0/0", 0, 1);
1274 DEFUN (no_access_list
,
1276 "no access-list WORD (deny|permit) A.B.C.D/M",
1278 "Add an access list entry\n"
1279 "IP zebra access-list name\n"
1280 "Specify packets to reject\n"
1281 "Specify packets to forward\n"
1282 "Prefix to match. e.g. 10.0.0.0/8\n")
1284 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, argv
[2], 0, 0);
1287 DEFUN (no_access_list_exact
,
1288 no_access_list_exact_cmd
,
1289 "no access-list WORD (deny|permit) A.B.C.D/M exact-match",
1291 "Add an access list entry\n"
1292 "IP zebra access-list name\n"
1293 "Specify packets to reject\n"
1294 "Specify packets to forward\n"
1295 "Prefix to match. e.g. 10.0.0.0/8\n"
1296 "Exact match of the prefixes\n")
1298 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, argv
[2], 1, 0);
1301 DEFUN (no_access_list_any
,
1302 no_access_list_any_cmd
,
1303 "no access-list WORD (deny|permit) any",
1305 "Add an access list entry\n"
1306 "IP zebra access-list name\n"
1307 "Specify packets to reject\n"
1308 "Specify packets to forward\n"
1309 "Prefix to match. e.g. 10.0.0.0/8\n")
1311 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP
, "0.0.0.0/0", 0, 0);
1314 DEFUN (no_access_list_all
,
1315 no_access_list_all_cmd
,
1316 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)",
1318 "Add an access list entry\n"
1319 "IP standard access list\n"
1320 "IP extended access list\n"
1321 "IP standard access list (expanded range)\n"
1322 "IP extended access list (expanded range)\n"
1323 "IP zebra access-list name\n")
1325 struct access_list
*access
;
1326 struct access_master
*master
;
1328 /* Looking up access_list. */
1329 access
= access_list_lookup (AFI_IP
, argv
[0]);
1332 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[0],
1337 master
= access
->master
;
1339 /* Delete all filter from access-list. */
1340 access_list_delete (access
);
1342 /* Run hook function. */
1343 if (master
->delete_hook
)
1344 (*master
->delete_hook
) (access
);
1349 DEFUN (access_list_remark
,
1350 access_list_remark_cmd
,
1351 "access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark .LINE",
1352 "Add an access list entry\n"
1353 "IP standard access list\n"
1354 "IP extended access list\n"
1355 "IP standard access list (expanded range)\n"
1356 "IP extended access list (expanded range)\n"
1357 "IP zebra access-list\n"
1358 "Access list entry comment\n"
1359 "Comment up to 100 characters\n")
1361 struct access_list
*access
;
1365 access
= access_list_get (AFI_IP
, argv
[0]);
1369 XFREE (MTYPE_TMP
, access
->remark
);
1370 access
->remark
= NULL
;
1373 /* Below is remark get codes. */
1374 b
= buffer_new (1024);
1375 for (i
= 1; i
< argc
; i
++)
1377 buffer_putstr (b
, (u_char
*)argv
[i
]);
1378 buffer_putc (b
, ' ');
1380 buffer_putc (b
, '\0');
1382 access
->remark
= buffer_getstr (b
);
1389 DEFUN (no_access_list_remark
,
1390 no_access_list_remark_cmd
,
1391 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark",
1393 "Add an access list entry\n"
1394 "IP standard access list\n"
1395 "IP extended access list\n"
1396 "IP standard access list (expanded range)\n"
1397 "IP extended access list (expanded range)\n"
1398 "IP zebra access-list\n"
1399 "Access list entry comment\n")
1401 return vty_access_list_remark_unset (vty
, AFI_IP
, argv
[0]);
1404 ALIAS (no_access_list_remark
,
1405 no_access_list_remark_arg_cmd
,
1406 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark .LINE",
1408 "Add an access list entry\n"
1409 "IP standard access list\n"
1410 "IP extended access list\n"
1411 "IP standard access list (expanded range)\n"
1412 "IP extended access list (expanded range)\n"
1413 "IP zebra access-list\n"
1414 "Access list entry comment\n"
1415 "Comment up to 100 characters\n")
1418 DEFUN (ipv6_access_list
,
1419 ipv6_access_list_cmd
,
1420 "ipv6 access-list WORD (deny|permit) X:X::X:X/M",
1422 "Add an access list entry\n"
1423 "IPv6 zebra access-list\n"
1424 "Specify packets to reject\n"
1425 "Specify packets to forward\n"
1426 "Prefix to match. e.g. 3ffe:506::/32\n")
1428 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, argv
[2], 0, 1);
1431 DEFUN (ipv6_access_list_exact
,
1432 ipv6_access_list_exact_cmd
,
1433 "ipv6 access-list WORD (deny|permit) X:X::X:X/M exact-match",
1435 "Add an access list entry\n"
1436 "IPv6 zebra access-list\n"
1437 "Specify packets to reject\n"
1438 "Specify packets to forward\n"
1439 "Prefix to match. e.g. 3ffe:506::/32\n"
1440 "Exact match of the prefixes\n")
1442 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, argv
[2], 1, 1);
1445 DEFUN (ipv6_access_list_any
,
1446 ipv6_access_list_any_cmd
,
1447 "ipv6 access-list WORD (deny|permit) any",
1449 "Add an access list entry\n"
1450 "IPv6 zebra access-list\n"
1451 "Specify packets to reject\n"
1452 "Specify packets to forward\n"
1453 "Any prefixi to match\n")
1455 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, "::/0", 0, 1);
1458 DEFUN (no_ipv6_access_list
,
1459 no_ipv6_access_list_cmd
,
1460 "no ipv6 access-list WORD (deny|permit) X:X::X:X/M",
1463 "Add an access list entry\n"
1464 "IPv6 zebra access-list\n"
1465 "Specify packets to reject\n"
1466 "Specify packets to forward\n"
1467 "Prefix to match. e.g. 3ffe:506::/32\n")
1469 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, argv
[2], 0, 0);
1472 DEFUN (no_ipv6_access_list_exact
,
1473 no_ipv6_access_list_exact_cmd
,
1474 "no ipv6 access-list WORD (deny|permit) X:X::X:X/M exact-match",
1477 "Add an access list entry\n"
1478 "IPv6 zebra access-list\n"
1479 "Specify packets to reject\n"
1480 "Specify packets to forward\n"
1481 "Prefix to match. e.g. 3ffe:506::/32\n"
1482 "Exact match of the prefixes\n")
1484 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, argv
[2], 1, 0);
1487 DEFUN (no_ipv6_access_list_any
,
1488 no_ipv6_access_list_any_cmd
,
1489 "no ipv6 access-list WORD (deny|permit) any",
1492 "Add an access list entry\n"
1493 "IPv6 zebra access-list\n"
1494 "Specify packets to reject\n"
1495 "Specify packets to forward\n"
1496 "Any prefixi to match\n")
1498 return filter_set_zebra (vty
, argv
[0], argv
[1], AFI_IP6
, "::/0", 0, 0);
1502 DEFUN (no_ipv6_access_list_all
,
1503 no_ipv6_access_list_all_cmd
,
1504 "no ipv6 access-list WORD",
1507 "Add an access list entry\n"
1508 "IPv6 zebra access-list\n")
1510 struct access_list
*access
;
1511 struct access_master
*master
;
1513 /* Looking up access_list. */
1514 access
= access_list_lookup (AFI_IP6
, argv
[0]);
1517 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[0],
1522 master
= access
->master
;
1524 /* Delete all filter from access-list. */
1525 access_list_delete (access
);
1527 /* Run hook function. */
1528 if (master
->delete_hook
)
1529 (*master
->delete_hook
) (access
);
1534 DEFUN (ipv6_access_list_remark
,
1535 ipv6_access_list_remark_cmd
,
1536 "ipv6 access-list WORD remark .LINE",
1538 "Add an access list entry\n"
1539 "IPv6 zebra access-list\n"
1540 "Access list entry comment\n"
1541 "Comment up to 100 characters\n")
1543 struct access_list
*access
;
1547 access
= access_list_get (AFI_IP6
, argv
[0]);
1551 XFREE (MTYPE_TMP
, access
->remark
);
1552 access
->remark
= NULL
;
1555 /* Below is remark get codes. */
1556 b
= buffer_new (1024);
1557 for (i
= 1; i
< argc
; i
++)
1559 buffer_putstr (b
, (u_char
*)argv
[i
]);
1560 buffer_putc (b
, ' ');
1562 buffer_putc (b
, '\0');
1564 access
->remark
= buffer_getstr (b
);
1571 DEFUN (no_ipv6_access_list_remark
,
1572 no_ipv6_access_list_remark_cmd
,
1573 "no ipv6 access-list WORD remark",
1576 "Add an access list entry\n"
1577 "IPv6 zebra access-list\n"
1578 "Access list entry comment\n")
1580 return vty_access_list_remark_unset (vty
, AFI_IP6
, argv
[0]);
1583 ALIAS (no_ipv6_access_list_remark
,
1584 no_ipv6_access_list_remark_arg_cmd
,
1585 "no ipv6 access-list WORD remark .LINE",
1588 "Add an access list entry\n"
1589 "IPv6 zebra access-list\n"
1590 "Access list entry comment\n"
1591 "Comment up to 100 characters\n")
1592 #endif /* HAVE_IPV6 */
1594 void config_write_access_zebra (struct vty
*, struct filter
*);
1595 void config_write_access_cisco (struct vty
*, struct filter
*);
1597 /* show access-list command. */
1599 filter_show (struct vty
*vty
, char *name
, afi_t afi
)
1601 struct access_list
*access
;
1602 struct access_master
*master
;
1603 struct filter
*mfilter
;
1604 struct filter_cisco
*filter
;
1607 master
= access_master_get (afi
);
1611 for (access
= master
->num
.head
; access
; access
= access
->next
)
1613 if (name
&& strcmp (access
->name
, name
) != 0)
1618 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1620 filter
= &mfilter
->u
.cfilter
;
1624 vty_out (vty
, "%s IP%s access list %s%s",
1626 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1627 afi
== AFI_IP6
? "v6" : "",
1628 access
->name
, VTY_NEWLINE
);
1632 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1633 mfilter
->type
== FILTER_DENY
? " " : "");
1635 if (! mfilter
->cisco
)
1636 config_write_access_zebra (vty
, mfilter
);
1637 else if (filter
->extended
)
1638 config_write_access_cisco (vty
, mfilter
);
1641 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1642 vty_out (vty
, " any%s", VTY_NEWLINE
);
1645 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1646 if (filter
->addr_mask
.s_addr
!= 0)
1647 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1648 vty_out (vty
, "%s", VTY_NEWLINE
);
1654 for (access
= master
->str
.head
; access
; access
= access
->next
)
1656 if (name
&& strcmp (access
->name
, name
) != 0)
1661 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1663 filter
= &mfilter
->u
.cfilter
;
1667 vty_out (vty
, "%s IP%s access list %s%s",
1669 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1670 afi
== AFI_IP6
? "v6" : "",
1671 access
->name
, VTY_NEWLINE
);
1675 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1676 mfilter
->type
== FILTER_DENY
? " " : "");
1678 if (! mfilter
->cisco
)
1679 config_write_access_zebra (vty
, mfilter
);
1680 else if (filter
->extended
)
1681 config_write_access_cisco (vty
, mfilter
);
1684 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1685 vty_out (vty
, " any%s", VTY_NEWLINE
);
1688 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1689 if (filter
->addr_mask
.s_addr
!= 0)
1690 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1691 vty_out (vty
, "%s", VTY_NEWLINE
);
1699 DEFUN (show_ip_access_list
,
1700 show_ip_access_list_cmd
,
1701 "show ip access-list",
1704 "List IP access lists\n")
1706 return filter_show (vty
, NULL
, AFI_IP
);
1709 DEFUN (show_ip_access_list_name
,
1710 show_ip_access_list_name_cmd
,
1711 "show ip access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)",
1714 "List IP access lists\n"
1715 "IP standard access list\n"
1716 "IP extended access list\n"
1717 "IP standard access list (expanded range)\n"
1718 "IP extended access list (expanded range)\n"
1719 "IP zebra access-list\n")
1721 return filter_show (vty
, argv
[0], AFI_IP
);
1725 DEFUN (show_ipv6_access_list
,
1726 show_ipv6_access_list_cmd
,
1727 "show ipv6 access-list",
1730 "List IPv6 access lists\n")
1732 return filter_show (vty
, NULL
, AFI_IP6
);
1735 DEFUN (show_ipv6_access_list_name
,
1736 show_ipv6_access_list_name_cmd
,
1737 "show ipv6 access-list WORD",
1740 "List IPv6 access lists\n"
1741 "IPv6 zebra access-list\n")
1743 return filter_show (vty
, argv
[0], AFI_IP6
);
1745 #endif /* HAVE_IPV6 */
1748 config_write_access_cisco (struct vty
*vty
, struct filter
*mfilter
)
1750 struct filter_cisco
*filter
;
1752 filter
= &mfilter
->u
.cfilter
;
1754 if (filter
->extended
)
1756 vty_out (vty
, " ip");
1757 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1758 vty_out (vty
, " any");
1759 else if (filter
->addr_mask
.s_addr
== 0)
1760 vty_out (vty
, " host %s", inet_ntoa (filter
->addr
));
1763 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1764 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1767 if (filter
->mask_mask
.s_addr
== 0xffffffff)
1768 vty_out (vty
, " any");
1769 else if (filter
->mask_mask
.s_addr
== 0)
1770 vty_out (vty
, " host %s", inet_ntoa (filter
->mask
));
1773 vty_out (vty
, " %s", inet_ntoa (filter
->mask
));
1774 vty_out (vty
, " %s", inet_ntoa (filter
->mask_mask
));
1776 vty_out (vty
, "%s", VTY_NEWLINE
);
1780 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1781 vty_out (vty
, " any%s", VTY_NEWLINE
);
1784 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1785 if (filter
->addr_mask
.s_addr
!= 0)
1786 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1787 vty_out (vty
, "%s", VTY_NEWLINE
);
1793 config_write_access_zebra (struct vty
*vty
, struct filter
*mfilter
)
1795 struct filter_zebra
*filter
;
1799 filter
= &mfilter
->u
.zfilter
;
1800 p
= &filter
->prefix
;
1802 if (p
->prefixlen
== 0 && ! filter
->exact
)
1803 vty_out (vty
, " any");
1805 vty_out (vty
, " %s/%d%s",
1806 inet_ntop (p
->family
, &p
->u
.prefix
, buf
, BUFSIZ
),
1808 filter
->exact
? " exact-match" : "");
1810 vty_out (vty
, "%s", VTY_NEWLINE
);
1814 config_write_access (struct vty
*vty
, afi_t afi
)
1816 struct access_list
*access
;
1817 struct access_master
*master
;
1818 struct filter
*mfilter
;
1821 master
= access_master_get (afi
);
1825 for (access
= master
->num
.head
; access
; access
= access
->next
)
1829 vty_out (vty
, "%saccess-list %s remark %s%s",
1830 afi
== AFI_IP
? "" : "ipv6 ",
1831 access
->name
, access
->remark
,
1836 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1838 vty_out (vty
, "%saccess-list %s %s",
1839 afi
== AFI_IP
? "" : "ipv6 ",
1841 filter_type_str (mfilter
));
1844 config_write_access_cisco (vty
, mfilter
);
1846 config_write_access_zebra (vty
, mfilter
);
1852 for (access
= master
->str
.head
; access
; access
= access
->next
)
1856 vty_out (vty
, "%saccess-list %s remark %s%s",
1857 afi
== AFI_IP
? "" : "ipv6 ",
1858 access
->name
, access
->remark
,
1863 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1865 vty_out (vty
, "%saccess-list %s %s",
1866 afi
== AFI_IP
? "" : "ipv6 ",
1868 filter_type_str (mfilter
));
1871 config_write_access_cisco (vty
, mfilter
);
1873 config_write_access_zebra (vty
, mfilter
);
1881 /* Access-list node. */
1882 struct cmd_node access_node
=
1885 "", /* Access list has no interface. */
1890 config_write_access_ipv4 (struct vty
*vty
)
1892 return config_write_access (vty
, AFI_IP
);
1896 access_list_reset_ipv4 ()
1898 struct access_list
*access
;
1899 struct access_list
*next
;
1900 struct access_master
*master
;
1902 master
= access_master_get (AFI_IP
);
1906 for (access
= master
->num
.head
; access
; access
= next
)
1908 next
= access
->next
;
1909 access_list_delete (access
);
1911 for (access
= master
->str
.head
; access
; access
= next
)
1913 next
= access
->next
;
1914 access_list_delete (access
);
1917 assert (master
->num
.head
== NULL
);
1918 assert (master
->num
.tail
== NULL
);
1920 assert (master
->str
.head
== NULL
);
1921 assert (master
->str
.tail
== NULL
);
1924 /* Install vty related command. */
1926 access_list_init_ipv4 ()
1928 install_node (&access_node
, config_write_access_ipv4
);
1930 install_element (ENABLE_NODE
, &show_ip_access_list_cmd
);
1931 install_element (ENABLE_NODE
, &show_ip_access_list_name_cmd
);
1933 /* Zebra access-list */
1934 install_element (CONFIG_NODE
, &access_list_cmd
);
1935 install_element (CONFIG_NODE
, &access_list_exact_cmd
);
1936 install_element (CONFIG_NODE
, &access_list_any_cmd
);
1937 install_element (CONFIG_NODE
, &no_access_list_cmd
);
1938 install_element (CONFIG_NODE
, &no_access_list_exact_cmd
);
1939 install_element (CONFIG_NODE
, &no_access_list_any_cmd
);
1941 /* Standard access-list */
1942 install_element (CONFIG_NODE
, &access_list_standard_cmd
);
1943 install_element (CONFIG_NODE
, &access_list_standard_nomask_cmd
);
1944 install_element (CONFIG_NODE
, &access_list_standard_host_cmd
);
1945 install_element (CONFIG_NODE
, &access_list_standard_any_cmd
);
1946 install_element (CONFIG_NODE
, &no_access_list_standard_cmd
);
1947 install_element (CONFIG_NODE
, &no_access_list_standard_nomask_cmd
);
1948 install_element (CONFIG_NODE
, &no_access_list_standard_host_cmd
);
1949 install_element (CONFIG_NODE
, &no_access_list_standard_any_cmd
);
1951 /* Extended access-list */
1952 install_element (CONFIG_NODE
, &access_list_extended_cmd
);
1953 install_element (CONFIG_NODE
, &access_list_extended_any_mask_cmd
);
1954 install_element (CONFIG_NODE
, &access_list_extended_mask_any_cmd
);
1955 install_element (CONFIG_NODE
, &access_list_extended_any_any_cmd
);
1956 install_element (CONFIG_NODE
, &access_list_extended_host_mask_cmd
);
1957 install_element (CONFIG_NODE
, &access_list_extended_mask_host_cmd
);
1958 install_element (CONFIG_NODE
, &access_list_extended_host_host_cmd
);
1959 install_element (CONFIG_NODE
, &access_list_extended_any_host_cmd
);
1960 install_element (CONFIG_NODE
, &access_list_extended_host_any_cmd
);
1961 install_element (CONFIG_NODE
, &no_access_list_extended_cmd
);
1962 install_element (CONFIG_NODE
, &no_access_list_extended_any_mask_cmd
);
1963 install_element (CONFIG_NODE
, &no_access_list_extended_mask_any_cmd
);
1964 install_element (CONFIG_NODE
, &no_access_list_extended_any_any_cmd
);
1965 install_element (CONFIG_NODE
, &no_access_list_extended_host_mask_cmd
);
1966 install_element (CONFIG_NODE
, &no_access_list_extended_mask_host_cmd
);
1967 install_element (CONFIG_NODE
, &no_access_list_extended_host_host_cmd
);
1968 install_element (CONFIG_NODE
, &no_access_list_extended_any_host_cmd
);
1969 install_element (CONFIG_NODE
, &no_access_list_extended_host_any_cmd
);
1971 install_element (CONFIG_NODE
, &access_list_remark_cmd
);
1972 install_element (CONFIG_NODE
, &no_access_list_all_cmd
);
1973 install_element (CONFIG_NODE
, &no_access_list_remark_cmd
);
1974 install_element (CONFIG_NODE
, &no_access_list_remark_arg_cmd
);
1978 struct cmd_node access_ipv6_node
=
1986 config_write_access_ipv6 (struct vty
*vty
)
1988 return config_write_access (vty
, AFI_IP6
);
1992 access_list_reset_ipv6 ()
1994 struct access_list
*access
;
1995 struct access_list
*next
;
1996 struct access_master
*master
;
1998 master
= access_master_get (AFI_IP6
);
2002 for (access
= master
->num
.head
; access
; access
= next
)
2004 next
= access
->next
;
2005 access_list_delete (access
);
2007 for (access
= master
->str
.head
; access
; access
= next
)
2009 next
= access
->next
;
2010 access_list_delete (access
);
2013 assert (master
->num
.head
== NULL
);
2014 assert (master
->num
.tail
== NULL
);
2016 assert (master
->str
.head
== NULL
);
2017 assert (master
->str
.tail
== NULL
);
2021 access_list_init_ipv6 ()
2023 install_node (&access_ipv6_node
, config_write_access_ipv6
);
2025 install_element (ENABLE_NODE
, &show_ipv6_access_list_cmd
);
2026 install_element (ENABLE_NODE
, &show_ipv6_access_list_name_cmd
);
2028 install_element (CONFIG_NODE
, &ipv6_access_list_cmd
);
2029 install_element (CONFIG_NODE
, &ipv6_access_list_exact_cmd
);
2030 install_element (CONFIG_NODE
, &ipv6_access_list_any_cmd
);
2031 install_element (CONFIG_NODE
, &no_ipv6_access_list_exact_cmd
);
2032 install_element (CONFIG_NODE
, &no_ipv6_access_list_cmd
);
2033 install_element (CONFIG_NODE
, &no_ipv6_access_list_any_cmd
);
2035 install_element (CONFIG_NODE
, &no_ipv6_access_list_all_cmd
);
2036 install_element (CONFIG_NODE
, &ipv6_access_list_remark_cmd
);
2037 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_cmd
);
2038 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_arg_cmd
);
2040 #endif /* HAVE_IPV6 */
2045 access_list_init_ipv4 ();
2047 access_list_init_ipv6();
2048 #endif /* HAVE_IPV6 */
2052 access_list_reset ()
2054 access_list_reset_ipv4 ();
2056 access_list_reset_ipv6();
2057 #endif /* HAVE_IPV6 */