1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
28 #include "sockunion.h"
33 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST
, "Access List")
34 DEFINE_MTYPE_STATIC(LIB
, ACCESS_LIST_STR
, "Access List Str")
35 DEFINE_MTYPE_STATIC(LIB
, ACCESS_FILTER
, "Access Filter")
39 /* Cisco access-list */
42 struct in_addr addr_mask
;
44 struct in_addr mask_mask
;
49 /* If this filter is "exact" match then this flag is set. */
52 /* Prefix information. */
56 /* Filter element of access list */
59 /* For doubly linked list. */
63 /* Filter type information. */
64 enum filter_type type
;
66 /* Cisco access-list */
71 struct filter_cisco cfilter
;
72 struct filter_zebra zfilter
;
76 /* List of access_list. */
77 struct access_list_list
79 struct access_list
*head
;
80 struct access_list
*tail
;
83 /* Master structure of access_list. */
86 /* List of access_list which name is number. */
87 struct access_list_list num
;
89 /* List of access_list which name is string. */
90 struct access_list_list str
;
92 /* Hook function which is executed when new access_list is added. */
93 void (*add_hook
) (struct access_list
*);
95 /* Hook function which is executed when access_list is deleted. */
96 void (*delete_hook
) (struct access_list
*);
99 /* Static structure for IPv4 access_list's master. */
100 static struct access_master access_master_ipv4
=
109 /* Static structure for IPv6 access_list's master. */
110 static struct access_master access_master_ipv6
=
117 #endif /* HAVE_IPV6 */
119 static struct access_master
*
120 access_master_get (afi_t afi
)
123 return &access_master_ipv4
;
125 else if (afi
== AFI_IP6
)
126 return &access_master_ipv6
;
127 #endif /* HAVE_IPV6 */
131 /* Allocate new filter structure. */
132 static struct filter
*
135 return (struct filter
*) XCALLOC (MTYPE_ACCESS_FILTER
,
136 sizeof (struct filter
));
140 filter_free (struct filter
*filter
)
142 XFREE (MTYPE_ACCESS_FILTER
, filter
);
145 /* Return string of filter_type. */
147 filter_type_str (struct filter
*filter
)
149 switch (filter
->type
)
166 /* If filter match to the prefix then return 1. */
168 filter_match_cisco (struct filter
*mfilter
, struct prefix
*p
)
170 struct filter_cisco
*filter
;
172 u_int32_t check_addr
;
173 u_int32_t check_mask
;
175 filter
= &mfilter
->u
.cfilter
;
176 check_addr
= p
->u
.prefix4
.s_addr
& ~filter
->addr_mask
.s_addr
;
178 if (filter
->extended
)
180 masklen2ip (p
->prefixlen
, &mask
);
181 check_mask
= mask
.s_addr
& ~filter
->mask_mask
.s_addr
;
183 if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0
184 && memcmp (&check_mask
, &filter
->mask
.s_addr
, 4) == 0)
187 else if (memcmp (&check_addr
, &filter
->addr
.s_addr
, 4) == 0)
193 /* If filter match to the prefix then return 1. */
195 filter_match_zebra (struct filter
*mfilter
, struct prefix
*p
)
197 struct filter_zebra
*filter
;
199 filter
= &mfilter
->u
.zfilter
;
201 if (filter
->prefix
.family
== p
->family
)
205 if (filter
->prefix
.prefixlen
== p
->prefixlen
)
206 return prefix_match (&filter
->prefix
, p
);
211 return prefix_match (&filter
->prefix
, p
);
217 /* Allocate new access list structure. */
218 static struct access_list
*
219 access_list_new (void)
221 return (struct access_list
*) XCALLOC (MTYPE_ACCESS_LIST
,
222 sizeof (struct access_list
));
225 /* Free allocated access_list. */
227 access_list_free (struct access_list
*access
)
229 XFREE (MTYPE_ACCESS_LIST
, access
);
232 /* Delete access_list from access_master and free it. */
234 access_list_delete (struct access_list
*access
)
236 struct filter
*filter
;
238 struct access_list_list
*list
;
239 struct access_master
*master
;
241 for (filter
= access
->head
; filter
; filter
= next
)
244 filter_free (filter
);
247 master
= access
->master
;
249 if (access
->type
== ACCESS_TYPE_NUMBER
)
255 access
->next
->prev
= access
->prev
;
257 list
->tail
= access
->prev
;
260 access
->prev
->next
= access
->next
;
262 list
->head
= access
->next
;
265 XFREE (MTYPE_ACCESS_LIST_STR
, access
->name
);
268 XFREE (MTYPE_TMP
, access
->remark
);
270 access_list_free (access
);
273 /* Insert new access list to list of access_list. Each acceess_list
274 is sorted by the name. */
275 static struct access_list
*
276 access_list_insert (afi_t afi
, const char *name
)
280 struct access_list
*access
;
281 struct access_list
*point
;
282 struct access_list_list
*alist
;
283 struct access_master
*master
;
285 master
= access_master_get (afi
);
289 /* Allocate new access_list and copy given name. */
290 access
= access_list_new ();
291 access
->name
= XSTRDUP (MTYPE_ACCESS_LIST_STR
, name
);
292 access
->master
= master
;
294 /* If name is made by all digit character. We treat it as
296 for (number
= 0, i
= 0; i
< strlen (name
); i
++)
298 if (isdigit ((int) name
[i
]))
299 number
= (number
* 10) + (name
[i
] - '0');
304 /* In case of name is all digit character */
305 if (i
== strlen (name
))
307 access
->type
= ACCESS_TYPE_NUMBER
;
309 /* Set access_list to number list. */
310 alist
= &master
->num
;
312 for (point
= alist
->head
; point
; point
= point
->next
)
313 if (atol (point
->name
) >= number
)
318 access
->type
= ACCESS_TYPE_STRING
;
320 /* Set access_list to string list. */
321 alist
= &master
->str
;
323 /* Set point to insertion point. */
324 for (point
= alist
->head
; point
; point
= point
->next
)
325 if (strcmp (point
->name
, name
) >= 0)
329 /* In case of this is the first element of master. */
330 if (alist
->head
== NULL
)
332 alist
->head
= alist
->tail
= access
;
336 /* In case of insertion is made at the tail of access_list. */
339 access
->prev
= alist
->tail
;
340 alist
->tail
->next
= access
;
341 alist
->tail
= access
;
345 /* In case of insertion is made at the head of access_list. */
346 if (point
== alist
->head
)
348 access
->next
= alist
->head
;
349 alist
->head
->prev
= access
;
350 alist
->head
= access
;
354 /* Insertion is made at middle of the access_list. */
355 access
->next
= point
;
356 access
->prev
= point
->prev
;
359 point
->prev
->next
= access
;
360 point
->prev
= access
;
365 /* Lookup access_list from list of access_list by name. */
367 access_list_lookup (afi_t afi
, const char *name
)
369 struct access_list
*access
;
370 struct access_master
*master
;
375 master
= access_master_get (afi
);
379 for (access
= master
->num
.head
; access
; access
= access
->next
)
380 if (strcmp (access
->name
, name
) == 0)
383 for (access
= master
->str
.head
; access
; access
= access
->next
)
384 if (strcmp (access
->name
, name
) == 0)
390 /* Get access list from list of access_list. If there isn't matched
391 access_list create new one and return it. */
392 static struct access_list
*
393 access_list_get (afi_t afi
, const char *name
)
395 struct access_list
*access
;
397 access
= access_list_lookup (afi
, name
);
399 access
= access_list_insert (afi
, name
);
403 /* Apply access list to object (which should be struct prefix *). */
405 access_list_apply (struct access_list
*access
, void *object
)
407 struct filter
*filter
;
410 p
= (struct prefix
*) object
;
415 for (filter
= access
->head
; filter
; filter
= filter
->next
)
419 if (filter_match_cisco (filter
, p
))
424 if (filter_match_zebra (filter
, p
))
432 /* Add hook function. */
434 access_list_add_hook (void (*func
) (struct access_list
*access
))
436 access_master_ipv4
.add_hook
= func
;
438 access_master_ipv6
.add_hook
= func
;
439 #endif /* HAVE_IPV6 */
442 /* Delete hook function. */
444 access_list_delete_hook (void (*func
) (struct access_list
*access
))
446 access_master_ipv4
.delete_hook
= func
;
448 access_master_ipv6
.delete_hook
= func
;
449 #endif /* HAVE_IPV6 */
452 /* Add new filter to the end of specified access_list. */
454 access_list_filter_add (struct access_list
*access
, struct filter
*filter
)
457 filter
->prev
= access
->tail
;
460 access
->tail
->next
= filter
;
462 access
->head
= filter
;
463 access
->tail
= filter
;
465 /* Run hook function. */
466 if (access
->master
->add_hook
)
467 (*access
->master
->add_hook
) (access
);
468 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_ADDED
);
471 /* If access_list has no filter then return 1. */
473 access_list_empty (struct access_list
*access
)
475 if (access
->head
== NULL
&& access
->tail
== NULL
)
481 /* Delete filter from specified access_list. If there is hook
482 function execute it. */
484 access_list_filter_delete (struct access_list
*access
, struct filter
*filter
)
486 struct access_master
*master
;
488 master
= access
->master
;
491 filter
->next
->prev
= filter
->prev
;
493 access
->tail
= filter
->prev
;
496 filter
->prev
->next
= filter
->next
;
498 access
->head
= filter
->next
;
500 filter_free (filter
);
502 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
503 /* Run hook function. */
504 if (master
->delete_hook
)
505 (*master
->delete_hook
) (access
);
507 /* If access_list becomes empty delete it from access_master. */
508 if (access_list_empty (access
))
509 access_list_delete (access
);
513 deny Specify packets to reject
514 permit Specify packets to forward
519 Hostname or A.B.C.D Address to match
521 host A single host address
524 static struct filter
*
525 filter_lookup_cisco (struct access_list
*access
, struct filter
*mnew
)
527 struct filter
*mfilter
;
528 struct filter_cisco
*filter
;
529 struct filter_cisco
*new;
531 new = &mnew
->u
.cfilter
;
533 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
535 filter
= &mfilter
->u
.cfilter
;
537 if (filter
->extended
)
539 if (mfilter
->type
== mnew
->type
540 && filter
->addr
.s_addr
== new->addr
.s_addr
541 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
542 && filter
->mask
.s_addr
== new->mask
.s_addr
543 && filter
->mask_mask
.s_addr
== new->mask_mask
.s_addr
)
548 if (mfilter
->type
== mnew
->type
549 && filter
->addr
.s_addr
== new->addr
.s_addr
550 && filter
->addr_mask
.s_addr
== new->addr_mask
.s_addr
)
558 static struct filter
*
559 filter_lookup_zebra (struct access_list
*access
, struct filter
*mnew
)
561 struct filter
*mfilter
;
562 struct filter_zebra
*filter
;
563 struct filter_zebra
*new;
565 new = &mnew
->u
.zfilter
;
567 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
569 filter
= &mfilter
->u
.zfilter
;
571 if (filter
->exact
== new->exact
572 && mfilter
->type
== mnew
->type
573 && prefix_same (&filter
->prefix
, &new->prefix
))
580 vty_access_list_remark_unset (struct vty
*vty
, afi_t afi
, const char *name
)
582 struct access_list
*access
;
584 access
= access_list_lookup (afi
, name
);
587 vty_out (vty
, "%% access-list %s doesn't exist%s", name
,
594 XFREE (MTYPE_TMP
, access
->remark
);
595 access
->remark
= NULL
;
598 if (access
->head
== NULL
&& access
->tail
== NULL
&& access
->remark
== NULL
)
599 access_list_delete (access
);
605 filter_set_cisco (struct vty
*vty
, const char *name_str
, const char *type_str
,
606 const char *addr_str
, const char *addr_mask_str
,
607 const char *mask_str
, const char *mask_mask_str
,
608 int extended
, int set
)
611 enum filter_type type
;
612 struct filter
*mfilter
;
613 struct filter_cisco
*filter
;
614 struct access_list
*access
;
616 struct in_addr addr_mask
;
618 struct in_addr mask_mask
;
620 /* Check of filter type. */
621 if (strncmp (type_str
, "p", 1) == 0)
622 type
= FILTER_PERMIT
;
623 else if (strncmp (type_str
, "d", 1) == 0)
627 vty_out (vty
, "%% filter type must be permit or deny%s", VTY_NEWLINE
);
631 ret
= inet_aton (addr_str
, &addr
);
634 vty_out (vty
, "%%Inconsistent address and mask%s",
639 ret
= inet_aton (addr_mask_str
, &addr_mask
);
642 vty_out (vty
, "%%Inconsistent address and mask%s",
649 ret
= inet_aton (mask_str
, &mask
);
652 vty_out (vty
, "%%Inconsistent address and mask%s",
657 ret
= inet_aton (mask_mask_str
, &mask_mask
);
660 vty_out (vty
, "%%Inconsistent address and mask%s",
666 mfilter
= filter_new();
667 mfilter
->type
= type
;
669 filter
= &mfilter
->u
.cfilter
;
670 filter
->extended
= extended
;
671 filter
->addr
.s_addr
= addr
.s_addr
& ~addr_mask
.s_addr
;
672 filter
->addr_mask
.s_addr
= addr_mask
.s_addr
;
676 filter
->mask
.s_addr
= mask
.s_addr
& ~mask_mask
.s_addr
;
677 filter
->mask_mask
.s_addr
= mask_mask
.s_addr
;
680 /* Install new filter to the access_list. */
681 access
= access_list_get (AFI_IP
, name_str
);
685 if (filter_lookup_cisco (access
, mfilter
))
686 filter_free (mfilter
);
688 access_list_filter_add (access
, mfilter
);
692 struct filter
*delete_filter
;
694 delete_filter
= filter_lookup_cisco (access
, mfilter
);
696 access_list_filter_delete (access
, delete_filter
);
698 filter_free (mfilter
);
704 /* Standard access-list */
705 DEFUN (access_list_standard
,
706 access_list_standard_cmd
,
707 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
708 "Add an access list entry\n"
709 "IP standard access list\n"
710 "IP standard access list (expanded range)\n"
711 "Specify packets to reject\n"
712 "Specify packets to forward\n"
717 int idx_permit_deny
= 2;
720 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, argv
[idx_ipv4_2
]->arg
,
724 DEFUN (access_list_standard_nomask
,
725 access_list_standard_nomask_cmd
,
726 "access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
727 "Add an access list entry\n"
728 "IP standard access list\n"
729 "IP standard access list (expanded range)\n"
730 "Specify packets to reject\n"
731 "Specify packets to forward\n"
732 "Address to match\n")
735 int idx_permit_deny
= 2;
737 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
741 DEFUN (access_list_standard_host
,
742 access_list_standard_host_cmd
,
743 "access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
744 "Add an access list entry\n"
745 "IP standard access list\n"
746 "IP standard access list (expanded range)\n"
747 "Specify packets to reject\n"
748 "Specify packets to forward\n"
749 "A single host address\n"
750 "Address to match\n")
753 int idx_permit_deny
= 2;
755 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
759 DEFUN (access_list_standard_any
,
760 access_list_standard_any_cmd
,
761 "access-list <(1-99)|(1300-1999)> <deny|permit> any",
762 "Add an access list entry\n"
763 "IP standard access list\n"
764 "IP standard access list (expanded range)\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
770 int idx_permit_deny
= 2;
771 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
772 "255.255.255.255", NULL
, NULL
, 0, 1);
775 DEFUN (no_access_list_standard
,
776 no_access_list_standard_cmd
,
777 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D A.B.C.D",
779 "Add an access list entry\n"
780 "IP standard access list\n"
781 "IP standard access list (expanded range)\n"
782 "Specify packets to reject\n"
783 "Specify packets to forward\n"
788 int idx_permit_deny
= 3;
791 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, argv
[idx_ipv4_2
]->arg
,
795 DEFUN (no_access_list_standard_nomask
,
796 no_access_list_standard_nomask_cmd
,
797 "no access-list <(1-99)|(1300-1999)> <deny|permit> A.B.C.D",
799 "Add an access list entry\n"
800 "IP standard access list\n"
801 "IP standard access list (expanded range)\n"
802 "Specify packets to reject\n"
803 "Specify packets to forward\n"
804 "Address to match\n")
807 int idx_permit_deny
= 3;
809 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
813 DEFUN (no_access_list_standard_host
,
814 no_access_list_standard_host_cmd
,
815 "no access-list <(1-99)|(1300-1999)> <deny|permit> host A.B.C.D",
817 "Add an access list entry\n"
818 "IP standard access list\n"
819 "IP standard access list (expanded range)\n"
820 "Specify packets to reject\n"
821 "Specify packets to forward\n"
822 "A single host address\n"
823 "Address to match\n")
826 int idx_permit_deny
= 3;
828 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
, "0.0.0.0",
832 DEFUN (no_access_list_standard_any
,
833 no_access_list_standard_any_cmd
,
834 "no access-list <(1-99)|(1300-1999)> <deny|permit> any",
836 "Add an access list entry\n"
837 "IP standard access list\n"
838 "IP standard access list (expanded range)\n"
839 "Specify packets to reject\n"
840 "Specify packets to forward\n"
844 int idx_permit_deny
= 3;
845 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
846 "255.255.255.255", NULL
, NULL
, 0, 0);
849 /* Extended access-list */
850 DEFUN (access_list_extended
,
851 access_list_extended_cmd
,
852 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
853 "Add an access list entry\n"
854 "IP extended access list\n"
855 "IP extended access list (expanded range)\n"
856 "Specify packets to reject\n"
857 "Specify packets to forward\n"
858 "Any Internet Protocol\n"
860 "Source wildcard bits\n"
861 "Destination address\n"
862 "Destination Wildcard bits\n")
865 int idx_permit_deny
= 2;
870 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
871 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
, argv
[idx_ipv4_4
]->arg
, 1 ,1);
874 DEFUN (access_list_extended_mask_any
,
875 access_list_extended_mask_any_cmd
,
876 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
877 "Add an access list entry\n"
878 "IP extended access list\n"
879 "IP extended access list (expanded range)\n"
880 "Specify packets to reject\n"
881 "Specify packets to forward\n"
882 "Any Internet Protocol\n"
884 "Source wildcard bits\n"
885 "Any destination host\n")
888 int idx_permit_deny
= 2;
891 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
892 argv
[idx_ipv4_2
]->arg
, "0.0.0.0",
893 "255.255.255.255", 1, 1);
896 DEFUN (access_list_extended_any_mask
,
897 access_list_extended_any_mask_cmd
,
898 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
899 "Add an access list entry\n"
900 "IP extended access list\n"
901 "IP extended access list (expanded range)\n"
902 "Specify packets to reject\n"
903 "Specify packets to forward\n"
904 "Any Internet Protocol\n"
906 "Destination address\n"
907 "Destination Wildcard bits\n")
910 int idx_permit_deny
= 2;
913 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
914 "255.255.255.255", argv
[idx_ipv4
]->arg
,
915 argv
[idx_ipv4_2
]->arg
, 1, 1);
918 DEFUN (access_list_extended_any_any
,
919 access_list_extended_any_any_cmd
,
920 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
921 "Add an access list entry\n"
922 "IP extended access list\n"
923 "IP extended access list (expanded range)\n"
924 "Specify packets to reject\n"
925 "Specify packets to forward\n"
926 "Any Internet Protocol\n"
928 "Any destination host\n")
931 int idx_permit_deny
= 2;
932 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
933 "255.255.255.255", "0.0.0.0",
934 "255.255.255.255", 1, 1);
937 DEFUN (access_list_extended_mask_host
,
938 access_list_extended_mask_host_cmd
,
939 "access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
940 "Add an access list entry\n"
941 "IP extended access list\n"
942 "IP extended access list (expanded range)\n"
943 "Specify packets to reject\n"
944 "Specify packets to forward\n"
945 "Any Internet Protocol\n"
947 "Source wildcard bits\n"
948 "A single destination host\n"
949 "Destination address\n")
952 int idx_permit_deny
= 2;
956 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
957 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
,
961 DEFUN (access_list_extended_host_mask
,
962 access_list_extended_host_mask_cmd
,
963 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
964 "Add an access list entry\n"
965 "IP extended access list\n"
966 "IP extended access list (expanded range)\n"
967 "Specify packets to reject\n"
968 "Specify packets to forward\n"
969 "Any Internet Protocol\n"
970 "A single source host\n"
972 "Destination address\n"
973 "Destination Wildcard bits\n")
976 int idx_permit_deny
= 2;
980 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
981 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
982 argv
[idx_ipv4_3
]->arg
, 1, 1);
985 DEFUN (access_list_extended_host_host
,
986 access_list_extended_host_host_cmd
,
987 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
988 "Add an access list entry\n"
989 "IP extended access list\n"
990 "IP extended access list (expanded range)\n"
991 "Specify packets to reject\n"
992 "Specify packets to forward\n"
993 "Any Internet Protocol\n"
994 "A single source host\n"
996 "A single destination host\n"
997 "Destination address\n")
1000 int idx_permit_deny
= 2;
1003 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1004 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1008 DEFUN (access_list_extended_any_host
,
1009 access_list_extended_any_host_cmd
,
1010 "access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1011 "Add an access list entry\n"
1012 "IP extended access list\n"
1013 "IP extended access list (expanded range)\n"
1014 "Specify packets to reject\n"
1015 "Specify packets to forward\n"
1016 "Any Internet Protocol\n"
1018 "A single destination host\n"
1019 "Destination address\n")
1022 int idx_permit_deny
= 2;
1024 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1025 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1029 DEFUN (access_list_extended_host_any
,
1030 access_list_extended_host_any_cmd
,
1031 "access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1032 "Add an access list entry\n"
1033 "IP extended access list\n"
1034 "IP extended access list (expanded range)\n"
1035 "Specify packets to reject\n"
1036 "Specify packets to forward\n"
1037 "Any Internet Protocol\n"
1038 "A single source host\n"
1040 "Any destination host\n")
1043 int idx_permit_deny
= 2;
1045 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1046 "0.0.0.0", "0.0.0.0",
1047 "255.255.255.255", 1, 1);
1050 DEFUN (no_access_list_extended
,
1051 no_access_list_extended_cmd
,
1052 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1054 "Add an access list entry\n"
1055 "IP extended access list\n"
1056 "IP extended access list (expanded range)\n"
1057 "Specify packets to reject\n"
1058 "Specify packets to forward\n"
1059 "Any Internet Protocol\n"
1061 "Source wildcard bits\n"
1062 "Destination address\n"
1063 "Destination Wildcard bits\n")
1066 int idx_permit_deny
= 3;
1071 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1072 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
, argv
[idx_ipv4_4
]->arg
, 1, 0);
1075 DEFUN (no_access_list_extended_mask_any
,
1076 no_access_list_extended_mask_any_cmd
,
1077 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D any",
1079 "Add an access list entry\n"
1080 "IP extended access list\n"
1081 "IP extended access list (expanded range)\n"
1082 "Specify packets to reject\n"
1083 "Specify packets to forward\n"
1084 "Any Internet Protocol\n"
1086 "Source wildcard bits\n"
1087 "Any destination host\n")
1090 int idx_permit_deny
= 3;
1093 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1094 argv
[idx_ipv4_2
]->arg
, "0.0.0.0",
1095 "255.255.255.255", 1, 0);
1098 DEFUN (no_access_list_extended_any_mask
,
1099 no_access_list_extended_any_mask_cmd
,
1100 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any A.B.C.D A.B.C.D",
1102 "Add an access list entry\n"
1103 "IP extended access list\n"
1104 "IP extended access list (expanded range)\n"
1105 "Specify packets to reject\n"
1106 "Specify packets to forward\n"
1107 "Any Internet Protocol\n"
1109 "Destination address\n"
1110 "Destination Wildcard bits\n")
1113 int idx_permit_deny
= 3;
1116 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1117 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1118 argv
[idx_ipv4_2
]->arg
, 1, 0);
1121 DEFUN (no_access_list_extended_any_any
,
1122 no_access_list_extended_any_any_cmd
,
1123 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any any",
1125 "Add an access list entry\n"
1126 "IP extended access list\n"
1127 "IP extended access list (expanded range)\n"
1128 "Specify packets to reject\n"
1129 "Specify packets to forward\n"
1130 "Any Internet Protocol\n"
1132 "Any destination host\n")
1135 int idx_permit_deny
= 3;
1136 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1137 "255.255.255.255", "0.0.0.0",
1138 "255.255.255.255", 1, 0);
1141 DEFUN (no_access_list_extended_mask_host
,
1142 no_access_list_extended_mask_host_cmd
,
1143 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip A.B.C.D A.B.C.D host A.B.C.D",
1145 "Add an access list entry\n"
1146 "IP extended access list\n"
1147 "IP extended access list (expanded range)\n"
1148 "Specify packets to reject\n"
1149 "Specify packets to forward\n"
1150 "Any Internet Protocol\n"
1152 "Source wildcard bits\n"
1153 "A single destination host\n"
1154 "Destination address\n")
1157 int idx_permit_deny
= 3;
1161 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1162 argv
[idx_ipv4_2
]->arg
, argv
[idx_ipv4_3
]->arg
,
1166 DEFUN (no_access_list_extended_host_mask
,
1167 no_access_list_extended_host_mask_cmd
,
1168 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D A.B.C.D A.B.C.D",
1170 "Add an access list entry\n"
1171 "IP extended access list\n"
1172 "IP extended access list (expanded range)\n"
1173 "Specify packets to reject\n"
1174 "Specify packets to forward\n"
1175 "Any Internet Protocol\n"
1176 "A single source host\n"
1178 "Destination address\n"
1179 "Destination Wildcard bits\n")
1182 int idx_permit_deny
= 3;
1186 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1187 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1188 argv
[idx_ipv4_3
]->arg
, 1, 0);
1191 DEFUN (no_access_list_extended_host_host
,
1192 no_access_list_extended_host_host_cmd
,
1193 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D host A.B.C.D",
1195 "Add an access list entry\n"
1196 "IP extended access list\n"
1197 "IP extended access list (expanded range)\n"
1198 "Specify packets to reject\n"
1199 "Specify packets to forward\n"
1200 "Any Internet Protocol\n"
1201 "A single source host\n"
1203 "A single destination host\n"
1204 "Destination address\n")
1207 int idx_permit_deny
= 3;
1210 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1211 "0.0.0.0", argv
[idx_ipv4_2
]->arg
,
1215 DEFUN (no_access_list_extended_any_host
,
1216 no_access_list_extended_any_host_cmd
,
1217 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip any host A.B.C.D",
1219 "Add an access list entry\n"
1220 "IP extended access list\n"
1221 "IP extended access list (expanded range)\n"
1222 "Specify packets to reject\n"
1223 "Specify packets to forward\n"
1224 "Any Internet Protocol\n"
1226 "A single destination host\n"
1227 "Destination address\n")
1230 int idx_permit_deny
= 3;
1232 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, "0.0.0.0",
1233 "255.255.255.255", argv
[idx_ipv4
]->arg
,
1237 DEFUN (no_access_list_extended_host_any
,
1238 no_access_list_extended_host_any_cmd
,
1239 "no access-list <(100-199)|(2000-2699)> <deny|permit> ip host A.B.C.D any",
1241 "Add an access list entry\n"
1242 "IP extended access list\n"
1243 "IP extended access list (expanded range)\n"
1244 "Specify packets to reject\n"
1245 "Specify packets to forward\n"
1246 "Any Internet Protocol\n"
1247 "A single source host\n"
1249 "Any destination host\n")
1252 int idx_permit_deny
= 3;
1254 return filter_set_cisco (vty
, argv
[idx_acl
]->arg
, argv
[idx_permit_deny
]->arg
, argv
[idx_ipv4
]->arg
,
1255 "0.0.0.0", "0.0.0.0",
1256 "255.255.255.255", 1, 0);
1260 filter_set_zebra (struct vty
*vty
, const char *name_str
, const char *type_str
,
1261 afi_t afi
, const char *prefix_str
, int exact
, int set
)
1264 enum filter_type type
;
1265 struct filter
*mfilter
;
1266 struct filter_zebra
*filter
;
1267 struct access_list
*access
;
1270 /* Check of filter type. */
1271 if (strncmp (type_str
, "p", 1) == 0)
1272 type
= FILTER_PERMIT
;
1273 else if (strncmp (type_str
, "d", 1) == 0)
1277 vty_out (vty
, "filter type must be [permit|deny]%s", VTY_NEWLINE
);
1281 /* Check string format of prefix and prefixlen. */
1284 ret
= str2prefix_ipv4 (prefix_str
, (struct prefix_ipv4
*)&p
);
1287 vty_out (vty
, "IP address prefix/prefixlen is malformed%s",
1293 else if (afi
== AFI_IP6
)
1295 ret
= str2prefix_ipv6 (prefix_str
, (struct prefix_ipv6
*) &p
);
1298 vty_out (vty
, "IPv6 address prefix/prefixlen is malformed%s",
1303 #endif /* HAVE_IPV6 */
1307 mfilter
= filter_new ();
1308 mfilter
->type
= type
;
1309 filter
= &mfilter
->u
.zfilter
;
1310 prefix_copy (&filter
->prefix
, &p
);
1316 /* Install new filter to the access_list. */
1317 access
= access_list_get (afi
, name_str
);
1321 if (filter_lookup_zebra (access
, mfilter
))
1322 filter_free (mfilter
);
1324 access_list_filter_add (access
, mfilter
);
1328 struct filter
*delete_filter
;
1330 delete_filter
= filter_lookup_zebra (access
, mfilter
);
1332 access_list_filter_delete (access
, delete_filter
);
1334 filter_free (mfilter
);
1340 /* Zebra access-list */
1343 "access-list WORD <deny|permit> A.B.C.D/M",
1344 "Add an access list entry\n"
1345 "IP zebra access-list name\n"
1346 "Specify packets to reject\n"
1347 "Specify packets to forward\n"
1348 "Prefix to match. e.g. 10.0.0.0/8\n")
1351 int idx_permit_deny
= 2;
1352 int idx_ipv4_prefixlen
= 3;
1353 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 0, 1);
1356 DEFUN (access_list_exact
,
1357 access_list_exact_cmd
,
1358 "access-list WORD <deny|permit> A.B.C.D/M exact-match",
1359 "Add an access list entry\n"
1360 "IP zebra access-list name\n"
1361 "Specify packets to reject\n"
1362 "Specify packets to forward\n"
1363 "Prefix to match. e.g. 10.0.0.0/8\n"
1364 "Exact match of the prefixes\n")
1367 int idx_permit_deny
= 2;
1368 int idx_ipv4_prefixlen
= 3;
1369 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 1, 1);
1372 DEFUN (access_list_any
,
1373 access_list_any_cmd
,
1374 "access-list WORD <deny|permit> any",
1375 "Add an access list entry\n"
1376 "IP zebra access-list name\n"
1377 "Specify packets to reject\n"
1378 "Specify packets to forward\n"
1379 "Prefix to match. e.g. 10.0.0.0/8\n")
1382 int idx_permit_deny
= 2;
1383 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, "0.0.0.0/0", 0, 1);
1386 DEFUN (no_access_list
,
1388 "no access-list WORD <deny|permit> A.B.C.D/M",
1390 "Add an access list entry\n"
1391 "IP zebra access-list name\n"
1392 "Specify packets to reject\n"
1393 "Specify packets to forward\n"
1394 "Prefix to match. e.g. 10.0.0.0/8\n")
1397 int idx_permit_deny
= 3;
1398 int idx_ipv4_prefixlen
= 4;
1399 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 0, 0);
1402 DEFUN (no_access_list_exact
,
1403 no_access_list_exact_cmd
,
1404 "no access-list WORD <deny|permit> A.B.C.D/M exact-match",
1406 "Add an access list entry\n"
1407 "IP zebra access-list name\n"
1408 "Specify packets to reject\n"
1409 "Specify packets to forward\n"
1410 "Prefix to match. e.g. 10.0.0.0/8\n"
1411 "Exact match of the prefixes\n")
1414 int idx_permit_deny
= 3;
1415 int idx_ipv4_prefixlen
= 4;
1416 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, argv
[idx_ipv4_prefixlen
]->arg
, 1, 0);
1419 DEFUN (no_access_list_any
,
1420 no_access_list_any_cmd
,
1421 "no access-list WORD <deny|permit> any",
1423 "Add an access list entry\n"
1424 "IP zebra access-list name\n"
1425 "Specify packets to reject\n"
1426 "Specify packets to forward\n"
1427 "Prefix to match. e.g. 10.0.0.0/8\n")
1430 int idx_permit_deny
= 3;
1431 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP
, "0.0.0.0/0", 0, 0);
1434 DEFUN (no_access_list_all
,
1435 no_access_list_all_cmd
,
1436 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1438 "Add an access list entry\n"
1439 "IP standard access list\n"
1440 "IP extended access list\n"
1441 "IP standard access list (expanded range)\n"
1442 "IP extended access list (expanded range)\n"
1443 "IP zebra access-list name\n")
1446 struct access_list
*access
;
1447 struct access_master
*master
;
1449 /* Looking up access_list. */
1450 access
= access_list_lookup (AFI_IP
, argv
[idx_acl
]->arg
);
1453 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[idx_acl
]->arg
,
1458 master
= access
->master
;
1460 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
1461 /* Run hook function. */
1462 if (master
->delete_hook
)
1463 (*master
->delete_hook
) (access
);
1465 /* Delete all filter from access-list. */
1466 access_list_delete (access
);
1471 DEFUN (access_list_remark
,
1472 access_list_remark_cmd
,
1473 "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1474 "Add an access list entry\n"
1475 "IP standard access list\n"
1476 "IP extended access list\n"
1477 "IP standard access list (expanded range)\n"
1478 "IP extended access list (expanded range)\n"
1479 "IP zebra access-list\n"
1480 "Access list entry comment\n"
1481 "Comment up to 100 characters\n")
1484 struct access_list
*access
;
1486 access
= access_list_get (AFI_IP
, argv
[idx_acl
]->arg
);
1490 XFREE (MTYPE_TMP
, access
->remark
);
1491 access
->remark
= NULL
;
1493 access
->remark
= argv_concat(argv
, argc
, 1);
1498 DEFUN (no_access_list_remark
,
1499 no_access_list_remark_cmd
,
1500 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark",
1502 "Add an access list entry\n"
1503 "IP standard access list\n"
1504 "IP extended access list\n"
1505 "IP standard access list (expanded range)\n"
1506 "IP extended access list (expanded range)\n"
1507 "IP zebra access-list\n"
1508 "Access list entry comment\n")
1511 return vty_access_list_remark_unset (vty
, AFI_IP
, argv
[idx_acl
]->arg
);
1515 DEFUN (no_access_list_remark_comment
,
1516 no_access_list_remark_comment_cmd
,
1517 "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD> remark LINE...",
1519 "Add an access list entry\n"
1520 "IP standard access list\n"
1521 "IP extended access list\n"
1522 "IP standard access list (expanded range)\n"
1523 "IP extended access list (expanded range)\n"
1524 "IP zebra access-list\n"
1525 "Access list entry comment\n"
1526 "Comment up to 100 characters\n")
1528 return no_access_list_remark (self
, vty
, argc
, argv
);
1533 DEFUN (ipv6_access_list
,
1534 ipv6_access_list_cmd
,
1535 "ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1537 "Add an access list entry\n"
1538 "IPv6 zebra access-list\n"
1539 "Specify packets to reject\n"
1540 "Specify packets to forward\n"
1541 "Prefix to match. e.g. 3ffe:506::/32\n")
1544 int idx_permit_deny
= 3;
1545 int idx_ipv6_prefixlen
= 4;
1546 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 0, 1);
1549 DEFUN (ipv6_access_list_exact
,
1550 ipv6_access_list_exact_cmd
,
1551 "ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1553 "Add an access list entry\n"
1554 "IPv6 zebra access-list\n"
1555 "Specify packets to reject\n"
1556 "Specify packets to forward\n"
1557 "Prefix to match. e.g. 3ffe:506::/32\n"
1558 "Exact match of the prefixes\n")
1561 int idx_permit_deny
= 3;
1562 int idx_ipv6_prefixlen
= 4;
1563 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 1, 1);
1566 DEFUN (ipv6_access_list_any
,
1567 ipv6_access_list_any_cmd
,
1568 "ipv6 access-list WORD <deny|permit> any",
1570 "Add an access list entry\n"
1571 "IPv6 zebra access-list\n"
1572 "Specify packets to reject\n"
1573 "Specify packets to forward\n"
1574 "Any prefixi to match\n")
1577 int idx_permit_deny
= 3;
1578 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, "::/0", 0, 1);
1581 DEFUN (no_ipv6_access_list
,
1582 no_ipv6_access_list_cmd
,
1583 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M",
1586 "Add an access list entry\n"
1587 "IPv6 zebra access-list\n"
1588 "Specify packets to reject\n"
1589 "Specify packets to forward\n"
1590 "Prefix to match. e.g. 3ffe:506::/32\n")
1593 int idx_permit_deny
= 4;
1594 int idx_ipv6_prefixlen
= 5;
1595 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 0, 0);
1598 DEFUN (no_ipv6_access_list_exact
,
1599 no_ipv6_access_list_exact_cmd
,
1600 "no ipv6 access-list WORD <deny|permit> X:X::X:X/M exact-match",
1603 "Add an access list entry\n"
1604 "IPv6 zebra access-list\n"
1605 "Specify packets to reject\n"
1606 "Specify packets to forward\n"
1607 "Prefix to match. e.g. 3ffe:506::/32\n"
1608 "Exact match of the prefixes\n")
1611 int idx_permit_deny
= 4;
1612 int idx_ipv6_prefixlen
= 5;
1613 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, argv
[idx_ipv6_prefixlen
]->arg
, 1, 0);
1616 DEFUN (no_ipv6_access_list_any
,
1617 no_ipv6_access_list_any_cmd
,
1618 "no ipv6 access-list WORD <deny|permit> any",
1621 "Add an access list entry\n"
1622 "IPv6 zebra access-list\n"
1623 "Specify packets to reject\n"
1624 "Specify packets to forward\n"
1625 "Any prefixi to match\n")
1628 int idx_permit_deny
= 4;
1629 return filter_set_zebra (vty
, argv
[idx_word
]->arg
, argv
[idx_permit_deny
]->arg
, AFI_IP6
, "::/0", 0, 0);
1633 DEFUN (no_ipv6_access_list_all
,
1634 no_ipv6_access_list_all_cmd
,
1635 "no ipv6 access-list WORD",
1638 "Add an access list entry\n"
1639 "IPv6 zebra access-list\n")
1642 struct access_list
*access
;
1643 struct access_master
*master
;
1645 /* Looking up access_list. */
1646 access
= access_list_lookup (AFI_IP6
, argv
[idx_word
]->arg
);
1649 vty_out (vty
, "%% access-list %s doesn't exist%s", argv
[idx_word
]->arg
,
1654 master
= access
->master
;
1656 route_map_notify_dependencies(access
->name
, RMAP_EVENT_FILTER_DELETED
);
1657 /* Run hook function. */
1658 if (master
->delete_hook
)
1659 (*master
->delete_hook
) (access
);
1661 /* Delete all filter from access-list. */
1662 access_list_delete (access
);
1667 DEFUN (ipv6_access_list_remark
,
1668 ipv6_access_list_remark_cmd
,
1669 "ipv6 access-list WORD remark LINE...",
1671 "Add an access list entry\n"
1672 "IPv6 zebra access-list\n"
1673 "Access list entry comment\n"
1674 "Comment up to 100 characters\n")
1677 struct access_list
*access
;
1679 access
= access_list_get (AFI_IP6
, argv
[idx_word
]->arg
);
1683 XFREE (MTYPE_TMP
, access
->remark
);
1684 access
->remark
= NULL
;
1686 access
->remark
= argv_concat(argv
, argc
, 1);
1691 DEFUN (no_ipv6_access_list_remark
,
1692 no_ipv6_access_list_remark_cmd
,
1693 "no ipv6 access-list WORD remark",
1696 "Add an access list entry\n"
1697 "IPv6 zebra access-list\n"
1698 "Access list entry comment\n")
1701 return vty_access_list_remark_unset (vty
, AFI_IP6
, argv
[idx_word
]->arg
);
1705 DEFUN (no_ipv6_access_list_remark_comment
,
1706 no_ipv6_access_list_remark_comment_cmd
,
1707 "no ipv6 access-list WORD remark LINE...",
1710 "Add an access list entry\n"
1711 "IPv6 zebra access-list\n"
1712 "Access list entry comment\n"
1713 "Comment up to 100 characters\n")
1715 return no_ipv6_access_list_remark (self
, vty
, argc
, argv
);
1718 #endif /* HAVE_IPV6 */
1720 void config_write_access_zebra (struct vty
*, struct filter
*);
1721 void config_write_access_cisco (struct vty
*, struct filter
*);
1723 /* show access-list command. */
1725 filter_show (struct vty
*vty
, const char *name
, afi_t afi
)
1727 struct access_list
*access
;
1728 struct access_master
*master
;
1729 struct filter
*mfilter
;
1730 struct filter_cisco
*filter
;
1733 master
= access_master_get (afi
);
1737 /* Print the name of the protocol */
1739 vty_out (vty
, "%s:%s",
1740 zlog_proto_names
[zlog_default
->protocol
], VTY_NEWLINE
);
1742 for (access
= master
->num
.head
; access
; access
= access
->next
)
1744 if (name
&& strcmp (access
->name
, name
) != 0)
1749 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1751 filter
= &mfilter
->u
.cfilter
;
1755 vty_out (vty
, "%s IP%s access list %s%s",
1757 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1758 afi
== AFI_IP6
? "v6" : "",
1759 access
->name
, VTY_NEWLINE
);
1763 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1764 mfilter
->type
== FILTER_DENY
? " " : "");
1766 if (! mfilter
->cisco
)
1767 config_write_access_zebra (vty
, mfilter
);
1768 else if (filter
->extended
)
1769 config_write_access_cisco (vty
, mfilter
);
1772 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1773 vty_out (vty
, " any%s", VTY_NEWLINE
);
1776 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1777 if (filter
->addr_mask
.s_addr
!= 0)
1778 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1779 vty_out (vty
, "%s", VTY_NEWLINE
);
1785 for (access
= master
->str
.head
; access
; access
= access
->next
)
1787 if (name
&& strcmp (access
->name
, name
) != 0)
1792 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1794 filter
= &mfilter
->u
.cfilter
;
1798 vty_out (vty
, "%s IP%s access list %s%s",
1800 (filter
->extended
? "Extended" : "Standard") : "Zebra",
1801 afi
== AFI_IP6
? "v6" : "",
1802 access
->name
, VTY_NEWLINE
);
1806 vty_out (vty
, " %s%s", filter_type_str (mfilter
),
1807 mfilter
->type
== FILTER_DENY
? " " : "");
1809 if (! mfilter
->cisco
)
1810 config_write_access_zebra (vty
, mfilter
);
1811 else if (filter
->extended
)
1812 config_write_access_cisco (vty
, mfilter
);
1815 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1816 vty_out (vty
, " any%s", VTY_NEWLINE
);
1819 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1820 if (filter
->addr_mask
.s_addr
!= 0)
1821 vty_out (vty
, ", wildcard bits %s", inet_ntoa (filter
->addr_mask
));
1822 vty_out (vty
, "%s", VTY_NEWLINE
);
1830 DEFUN (show_ip_access_list
,
1831 show_ip_access_list_cmd
,
1832 "show ip access-list",
1835 "List IP access lists\n")
1837 return filter_show (vty
, NULL
, AFI_IP
);
1840 DEFUN (show_ip_access_list_name
,
1841 show_ip_access_list_name_cmd
,
1842 "show ip access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)|WORD>",
1845 "List IP access lists\n"
1846 "IP standard access list\n"
1847 "IP extended access list\n"
1848 "IP standard access list (expanded range)\n"
1849 "IP extended access list (expanded range)\n"
1850 "IP zebra access-list\n")
1853 return filter_show (vty
, argv
[idx_acl
]->arg
, AFI_IP
);
1857 DEFUN (show_ipv6_access_list
,
1858 show_ipv6_access_list_cmd
,
1859 "show ipv6 access-list",
1862 "List IPv6 access lists\n")
1864 return filter_show (vty
, NULL
, AFI_IP6
);
1867 DEFUN (show_ipv6_access_list_name
,
1868 show_ipv6_access_list_name_cmd
,
1869 "show ipv6 access-list WORD",
1872 "List IPv6 access lists\n"
1873 "IPv6 zebra access-list\n")
1876 return filter_show (vty
, argv
[idx_word
]->arg
, AFI_IP6
);
1878 #endif /* HAVE_IPV6 */
1881 config_write_access_cisco (struct vty
*vty
, struct filter
*mfilter
)
1883 struct filter_cisco
*filter
;
1885 filter
= &mfilter
->u
.cfilter
;
1887 if (filter
->extended
)
1889 vty_out (vty
, " ip");
1890 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1891 vty_out (vty
, " any");
1892 else if (filter
->addr_mask
.s_addr
== 0)
1893 vty_out (vty
, " host %s", inet_ntoa (filter
->addr
));
1896 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1897 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1900 if (filter
->mask_mask
.s_addr
== 0xffffffff)
1901 vty_out (vty
, " any");
1902 else if (filter
->mask_mask
.s_addr
== 0)
1903 vty_out (vty
, " host %s", inet_ntoa (filter
->mask
));
1906 vty_out (vty
, " %s", inet_ntoa (filter
->mask
));
1907 vty_out (vty
, " %s", inet_ntoa (filter
->mask_mask
));
1909 vty_out (vty
, "%s", VTY_NEWLINE
);
1913 if (filter
->addr_mask
.s_addr
== 0xffffffff)
1914 vty_out (vty
, " any%s", VTY_NEWLINE
);
1917 vty_out (vty
, " %s", inet_ntoa (filter
->addr
));
1918 if (filter
->addr_mask
.s_addr
!= 0)
1919 vty_out (vty
, " %s", inet_ntoa (filter
->addr_mask
));
1920 vty_out (vty
, "%s", VTY_NEWLINE
);
1926 config_write_access_zebra (struct vty
*vty
, struct filter
*mfilter
)
1928 struct filter_zebra
*filter
;
1932 filter
= &mfilter
->u
.zfilter
;
1933 p
= &filter
->prefix
;
1935 if (p
->prefixlen
== 0 && ! filter
->exact
)
1936 vty_out (vty
, " any");
1938 vty_out (vty
, " %s/%d%s",
1939 inet_ntop (p
->family
, &p
->u
.prefix
, buf
, BUFSIZ
),
1941 filter
->exact
? " exact-match" : "");
1943 vty_out (vty
, "%s", VTY_NEWLINE
);
1947 config_write_access (struct vty
*vty
, afi_t afi
)
1949 struct access_list
*access
;
1950 struct access_master
*master
;
1951 struct filter
*mfilter
;
1954 master
= access_master_get (afi
);
1958 for (access
= master
->num
.head
; access
; access
= access
->next
)
1962 vty_out (vty
, "%saccess-list %s remark %s%s",
1963 afi
== AFI_IP
? "" : "ipv6 ",
1964 access
->name
, access
->remark
,
1969 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1971 vty_out (vty
, "%saccess-list %s %s",
1972 afi
== AFI_IP
? "" : "ipv6 ",
1974 filter_type_str (mfilter
));
1977 config_write_access_cisco (vty
, mfilter
);
1979 config_write_access_zebra (vty
, mfilter
);
1985 for (access
= master
->str
.head
; access
; access
= access
->next
)
1989 vty_out (vty
, "%saccess-list %s remark %s%s",
1990 afi
== AFI_IP
? "" : "ipv6 ",
1991 access
->name
, access
->remark
,
1996 for (mfilter
= access
->head
; mfilter
; mfilter
= mfilter
->next
)
1998 vty_out (vty
, "%saccess-list %s %s",
1999 afi
== AFI_IP
? "" : "ipv6 ",
2001 filter_type_str (mfilter
));
2004 config_write_access_cisco (vty
, mfilter
);
2006 config_write_access_zebra (vty
, mfilter
);
2014 /* Access-list node. */
2015 static struct cmd_node access_node
=
2018 "", /* Access list has no interface. */
2023 config_write_access_ipv4 (struct vty
*vty
)
2025 return config_write_access (vty
, AFI_IP
);
2029 access_list_reset_ipv4 (void)
2031 struct access_list
*access
;
2032 struct access_list
*next
;
2033 struct access_master
*master
;
2035 master
= access_master_get (AFI_IP
);
2039 for (access
= master
->num
.head
; access
; access
= next
)
2041 next
= access
->next
;
2042 access_list_delete (access
);
2044 for (access
= master
->str
.head
; access
; access
= next
)
2046 next
= access
->next
;
2047 access_list_delete (access
);
2050 assert (master
->num
.head
== NULL
);
2051 assert (master
->num
.tail
== NULL
);
2053 assert (master
->str
.head
== NULL
);
2054 assert (master
->str
.tail
== NULL
);
2057 /* Install vty related command. */
2059 access_list_init_ipv4 (void)
2061 install_node (&access_node
, config_write_access_ipv4
);
2063 install_element (ENABLE_NODE
, &show_ip_access_list_cmd
);
2064 install_element (ENABLE_NODE
, &show_ip_access_list_name_cmd
);
2066 /* Zebra access-list */
2067 install_element (CONFIG_NODE
, &access_list_cmd
);
2068 install_element (CONFIG_NODE
, &access_list_exact_cmd
);
2069 install_element (CONFIG_NODE
, &access_list_any_cmd
);
2070 install_element (CONFIG_NODE
, &no_access_list_cmd
);
2071 install_element (CONFIG_NODE
, &no_access_list_exact_cmd
);
2072 install_element (CONFIG_NODE
, &no_access_list_any_cmd
);
2074 /* Standard access-list */
2075 install_element (CONFIG_NODE
, &access_list_standard_cmd
);
2076 install_element (CONFIG_NODE
, &access_list_standard_nomask_cmd
);
2077 install_element (CONFIG_NODE
, &access_list_standard_host_cmd
);
2078 install_element (CONFIG_NODE
, &access_list_standard_any_cmd
);
2079 install_element (CONFIG_NODE
, &no_access_list_standard_cmd
);
2080 install_element (CONFIG_NODE
, &no_access_list_standard_nomask_cmd
);
2081 install_element (CONFIG_NODE
, &no_access_list_standard_host_cmd
);
2082 install_element (CONFIG_NODE
, &no_access_list_standard_any_cmd
);
2084 /* Extended access-list */
2085 install_element (CONFIG_NODE
, &access_list_extended_cmd
);
2086 install_element (CONFIG_NODE
, &access_list_extended_any_mask_cmd
);
2087 install_element (CONFIG_NODE
, &access_list_extended_mask_any_cmd
);
2088 install_element (CONFIG_NODE
, &access_list_extended_any_any_cmd
);
2089 install_element (CONFIG_NODE
, &access_list_extended_host_mask_cmd
);
2090 install_element (CONFIG_NODE
, &access_list_extended_mask_host_cmd
);
2091 install_element (CONFIG_NODE
, &access_list_extended_host_host_cmd
);
2092 install_element (CONFIG_NODE
, &access_list_extended_any_host_cmd
);
2093 install_element (CONFIG_NODE
, &access_list_extended_host_any_cmd
);
2094 install_element (CONFIG_NODE
, &no_access_list_extended_cmd
);
2095 install_element (CONFIG_NODE
, &no_access_list_extended_any_mask_cmd
);
2096 install_element (CONFIG_NODE
, &no_access_list_extended_mask_any_cmd
);
2097 install_element (CONFIG_NODE
, &no_access_list_extended_any_any_cmd
);
2098 install_element (CONFIG_NODE
, &no_access_list_extended_host_mask_cmd
);
2099 install_element (CONFIG_NODE
, &no_access_list_extended_mask_host_cmd
);
2100 install_element (CONFIG_NODE
, &no_access_list_extended_host_host_cmd
);
2101 install_element (CONFIG_NODE
, &no_access_list_extended_any_host_cmd
);
2102 install_element (CONFIG_NODE
, &no_access_list_extended_host_any_cmd
);
2104 install_element (CONFIG_NODE
, &access_list_remark_cmd
);
2105 install_element (CONFIG_NODE
, &no_access_list_all_cmd
);
2106 install_element (CONFIG_NODE
, &no_access_list_remark_cmd
);
2107 install_element (CONFIG_NODE
, &no_access_list_remark_comment_cmd
);
2111 static struct cmd_node access_ipv6_node
=
2119 config_write_access_ipv6 (struct vty
*vty
)
2121 return config_write_access (vty
, AFI_IP6
);
2125 access_list_reset_ipv6 (void)
2127 struct access_list
*access
;
2128 struct access_list
*next
;
2129 struct access_master
*master
;
2131 master
= access_master_get (AFI_IP6
);
2135 for (access
= master
->num
.head
; access
; access
= next
)
2137 next
= access
->next
;
2138 access_list_delete (access
);
2140 for (access
= master
->str
.head
; access
; access
= next
)
2142 next
= access
->next
;
2143 access_list_delete (access
);
2146 assert (master
->num
.head
== NULL
);
2147 assert (master
->num
.tail
== NULL
);
2149 assert (master
->str
.head
== NULL
);
2150 assert (master
->str
.tail
== NULL
);
2154 access_list_init_ipv6 (void)
2156 install_node (&access_ipv6_node
, config_write_access_ipv6
);
2158 install_element (ENABLE_NODE
, &show_ipv6_access_list_cmd
);
2159 install_element (ENABLE_NODE
, &show_ipv6_access_list_name_cmd
);
2161 install_element (CONFIG_NODE
, &ipv6_access_list_cmd
);
2162 install_element (CONFIG_NODE
, &ipv6_access_list_exact_cmd
);
2163 install_element (CONFIG_NODE
, &ipv6_access_list_any_cmd
);
2164 install_element (CONFIG_NODE
, &no_ipv6_access_list_exact_cmd
);
2165 install_element (CONFIG_NODE
, &no_ipv6_access_list_cmd
);
2166 install_element (CONFIG_NODE
, &no_ipv6_access_list_any_cmd
);
2168 install_element (CONFIG_NODE
, &no_ipv6_access_list_all_cmd
);
2169 install_element (CONFIG_NODE
, &ipv6_access_list_remark_cmd
);
2170 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_cmd
);
2171 install_element (CONFIG_NODE
, &no_ipv6_access_list_remark_comment_cmd
);
2173 #endif /* HAVE_IPV6 */
2178 access_list_init_ipv4 ();
2180 access_list_init_ipv6();
2181 #endif /* HAVE_IPV6 */
2185 access_list_reset ()
2187 access_list_reset_ipv4 ();
2189 access_list_reset_ipv6();
2190 #endif /* HAVE_IPV6 */