2 * Route filtering function.
3 * Copyright (C) 1998 Kunihiro Ishiguro
5 * This file is part of GNU Zebra.
7 * GNU Zebra is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published
9 * by the Free Software Foundation; either version 2, or (at your
10 * option) any later version.
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 #ifndef _ZEBRA_FILTER_H
23 #define _ZEBRA_FILTER_H
32 /* Maximum ACL name length */
33 #define ACL_NAMSIZ 128
35 /** Cisco host wildcard mask. */
36 #define CISCO_HOST_WILDCARD_MASK "0.0.0.0"
37 /** Cisco host wildcard binary mask. */
38 #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
40 /** Cisco any wildcard mask. */
41 #define CISCO_ANY_WILDCARD_MASK "255.255.255.255"
42 /** Cisco binary any wildcard mask. */
43 #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
45 /* Filter direction. */
50 /* Filter type is made by `permit', `deny' and `dynamic'. */
51 enum filter_type
{ FILTER_DENY
, FILTER_PERMIT
, FILTER_DYNAMIC
};
53 enum access_type
{ ACCESS_TYPE_STRING
, ACCESS_TYPE_NUMBER
};
56 /* Cisco access-list */
59 struct in_addr addr_mask
;
61 struct in_addr mask_mask
;
65 /* If this filter is "exact" match then this flag is set. */
68 /* Prefix information. */
72 /* Forward declaration of access-list struct. */
75 /* Filter element of access list */
77 /* For doubly linked list. */
81 /* Parent access-list pointer. */
82 struct access_list
*acl
;
84 /* Filter type information. */
85 enum filter_type type
;
90 /* Cisco access-list */
94 struct filter_cisco cfilter
;
95 struct filter_zebra zfilter
;
104 struct access_master
*master
;
106 enum access_type type
;
108 struct access_list
*next
;
109 struct access_list
*prev
;
115 /* List of access_list. */
116 struct access_list_list
{
117 struct access_list
*head
;
118 struct access_list
*tail
;
121 /* Master structure of access_list. */
122 struct access_master
{
123 /* List of access_list which name is number. */
124 struct access_list_list num
;
126 /* List of access_list which name is string. */
127 struct access_list_list str
;
129 /* Hook function which is executed when new access_list is added. */
130 void (*add_hook
)(struct access_list
*);
132 /* Hook function which is executed when access_list is deleted. */
133 void (*delete_hook
)(struct access_list
*);
137 /* Prototypes for access-list. */
138 extern void access_list_init(void);
139 extern void access_list_reset(void);
140 extern void access_list_add_hook(void (*func
)(struct access_list
*));
141 extern void access_list_delete_hook(void (*func
)(struct access_list
*));
142 extern struct access_list
*access_list_lookup(afi_t
, const char *);
143 extern enum filter_type
access_list_apply(struct access_list
*access
,
146 struct access_list
*access_list_get(afi_t afi
, const char *name
);
147 void access_list_delete(struct access_list
*access
);
148 struct filter
*filter_new(void);
149 void access_list_filter_add(struct access_list
*access
,
150 struct filter
*filter
);
151 void access_list_filter_delete(struct access_list
*access
,
152 struct filter
*filter
);
153 int64_t filter_new_seq_get(struct access_list
*access
);
154 struct filter
*filter_lookup_cisco(struct access_list
*access
,
155 struct filter
*mnew
);
156 struct filter
*filter_lookup_zebra(struct access_list
*access
,
157 struct filter
*mnew
);
159 extern const struct frr_yang_module_info frr_filter_info
;
163 enum yang_access_list_type
{
169 enum yang_prefix_list_type
{
174 enum yang_prefix_list_action
{
179 struct acl_dup_args
{
180 /** Access list type ("ipv4", "ipv6" or "mac"). */
181 const char *ada_type
;
182 /** Access list name. */
183 const char *ada_name
;
185 #define ADA_MAX_VALUES 4
186 /** Entry XPath for value. */
187 const char *ada_xpath
[ADA_MAX_VALUES
];
188 /** Entry value to match. */
189 const char *ada_value
[ADA_MAX_VALUES
];
191 /** Duplicated entry found in list? */
194 /** (Optional) Already existing `dnode`. */
195 const struct lyd_node
*ada_entry_dnode
;
199 * Check for duplicated entries using the candidate configuration.
201 * \param vty so we can get the candidate config.
202 * \param ada the arguments to check.
204 bool acl_is_dup(const struct lyd_node
*dnode
, struct acl_dup_args
*ada
);
206 struct plist_dup_args
{
207 /** Access list type ("ipv4" or "ipv6"). */
208 const char *pda_type
;
209 /** Access list name. */
210 const char *pda_name
;
212 #define PDA_MAX_VALUES 4
213 /** Entry XPath for value. */
214 const char *pda_xpath
[PDA_MAX_VALUES
];
215 /** Entry value to match. */
216 const char *pda_value
[PDA_MAX_VALUES
];
218 /** Duplicated entry found in list? */
221 /** (Optional) Already existing `dnode`. */
222 const struct lyd_node
*pda_entry_dnode
;
226 * Check for duplicated entries using the candidate configuration.
228 * \param vty so we can get the candidate config.
229 * \param pda the arguments to check.
231 bool plist_is_dup(const struct lyd_node
*dnode
, struct plist_dup_args
*pda
);
237 extern void access_list_show(struct vty
*vty
, struct lyd_node
*dnode
,
239 extern void access_list_remark_show(struct vty
*vty
, struct lyd_node
*dnode
,
241 extern void prefix_list_show(struct vty
*vty
, struct lyd_node
*dnode
,
243 extern void prefix_list_remark_show(struct vty
*vty
, struct lyd_node
*dnode
,
246 void filter_cli_init(void);
252 #endif /* _ZEBRA_FILTER_H */