]> git.proxmox.com Git - mirror_frr.git/blob - lib/filter.h
projects / mirror_frr.git / blob
? search:


091a5197f6af3a73422af8b44cf31c3bee5c640e
[mirror_frr.git] / lib / filter.h
1 /*
2 * Route filtering function.
3 * Copyright (C) 1998 Kunihiro Ishiguro
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published
9 * by the Free Software Foundation; either version 2, or (at your
10 * option) any later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #ifndef _ZEBRA_FILTER_H
23 #define _ZEBRA_FILTER_H
24
25 #include "if.h"
26 #include "prefix.h"
27
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31
32 /* Maximum ACL name length */
33 #define ACL_NAMSIZ 128
34
35 /** Cisco host wildcard mask. */
36 #define CISCO_HOST_WILDCARD_MASK "0.0.0.0"
37 /** Cisco host wildcard binary mask. */
38 #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
39
40 /** Cisco any wildcard mask. */
41 #define CISCO_ANY_WILDCARD_MASK "255.255.255.255"
42 /** Cisco binary any wildcard mask. */
43 #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
44
45 /* Filter direction. */
46 #define FILTER_IN 0
47 #define FILTER_OUT 1
48 #define FILTER_MAX 2
49
50 /* Filter type is made by `permit', `deny' and `dynamic'. */
51 enum filter_type { FILTER_DENY, FILTER_PERMIT, FILTER_DYNAMIC };
52
53 enum access_type { ACCESS_TYPE_STRING, ACCESS_TYPE_NUMBER };
54
55 struct filter_cisco {
56 /* Cisco access-list */
57 int extended;
58 struct in_addr addr;
59 struct in_addr addr_mask;
60 struct in_addr mask;
61 struct in_addr mask_mask;
62 };
63
64 struct filter_zebra {
65 /* If this filter is "exact" match then this flag is set. */
66 int exact;
67
68 /* Prefix information. */
69 struct prefix prefix;
70 };
71
72 /* Forward declaration of access-list struct. */
73 struct access_list;
74
75 /* Filter element of access list */
76 struct filter {
77 /* For doubly linked list. */
78 struct filter *next;
79 struct filter *prev;
80
81 /* Parent access-list pointer. */
82 struct access_list *acl;
83
84 /* Filter type information. */
85 enum filter_type type;
86
87 /* Sequence number */
88 int64_t seq;
89
90 /* Cisco access-list */
91 int cisco;
92
93 union {
94 struct filter_cisco cfilter;
95 struct filter_zebra zfilter;
96 } u;
97 };
98
99 /* Access list */
100 struct access_list {
101 char *name;
102 char *remark;
103
104 struct access_master *master;
105
106 enum access_type type;
107
108 struct access_list *next;
109 struct access_list *prev;
110
111 struct filter *head;
112 struct filter *tail;
113 };
114
115 /* List of access_list. */
116 struct access_list_list {
117 struct access_list *head;
118 struct access_list *tail;
119 };
120
121 /* Master structure of access_list. */
122 struct access_master {
123 /* List of access_list which name is number. */
124 struct access_list_list num;
125
126 /* List of access_list which name is string. */
127 struct access_list_list str;
128
129 /* Hook function which is executed when new access_list is added. */
130 void (*add_hook)(struct access_list *);
131
132 /* Hook function which is executed when access_list is deleted. */
133 void (*delete_hook)(struct access_list *);
134 };
135
136
137 /* Prototypes for access-list. */
138 extern void access_list_init(void);
139 extern void access_list_reset(void);
140 extern void access_list_add_hook(void (*func)(struct access_list *));
141 extern void access_list_delete_hook(void (*func)(struct access_list *));
142 extern struct access_list *access_list_lookup(afi_t, const char *);
143 extern enum filter_type access_list_apply(struct access_list *access,
144 const void *object);
145
146 struct access_list *access_list_get(afi_t afi, const char *name);
147 void access_list_delete(struct access_list *access);
148 struct filter *filter_new(void);
149 void access_list_filter_add(struct access_list *access,
150 struct filter *filter);
151 void access_list_filter_delete(struct access_list *access,
152 struct filter *filter);
153 int64_t filter_new_seq_get(struct access_list *access);
154 struct filter *filter_lookup_cisco(struct access_list *access,
155 struct filter *mnew);
156 struct filter *filter_lookup_zebra(struct access_list *access,
157 struct filter *mnew);
158
159 extern const struct frr_yang_module_info frr_filter_info;
160
161
162 /* filter_nb.c */
163 enum yang_access_list_type {
164 YALT_IPV4 = 0,
165 YALT_IPV6 = 1,
166 YALT_MAC = 2,
167 };
168
169 enum yang_prefix_list_type {
170 YPLT_IPV4 = 0,
171 YPLT_IPV6 = 1,
172 };
173
174 enum yang_prefix_list_action {
175 YPLA_DENY = 0,
176 YPLA_PERMIT = 1,
177 };
178
179 struct acl_dup_args {
180 /** Access list type ("ipv4", "ipv6" or "mac"). */
181 const char *ada_type;
182 /** Access list name. */
183 const char *ada_name;
184
185 #define ADA_MAX_VALUES 4
186 /** Entry XPath for value. */
187 const char *ada_xpath[ADA_MAX_VALUES];
188 /** Entry value to match. */
189 const char *ada_value[ADA_MAX_VALUES];
190
191 /** Duplicated entry found in list? */
192 bool ada_found;
193
194 /** (Optional) Already existing `dnode`. */
195 const struct lyd_node *ada_entry_dnode;
196 };
197
198 /**
199 * Check for duplicated entries using the candidate configuration.
200 *
201 * \param vty so we can get the candidate config.
202 * \param ada the arguments to check.
203 */
204 bool acl_is_dup(const struct lyd_node *dnode, struct acl_dup_args *ada);
205
206 struct plist_dup_args {
207 /** Access list type ("ipv4" or "ipv6"). */
208 const char *pda_type;
209 /** Access list name. */
210 const char *pda_name;
211
212 #define PDA_MAX_VALUES 4
213 /** Entry XPath for value. */
214 const char *pda_xpath[PDA_MAX_VALUES];
215 /** Entry value to match. */
216 const char *pda_value[PDA_MAX_VALUES];
217
218 /** Duplicated entry found in list? */
219 bool pda_found;
220
221 /** (Optional) Already existing `dnode`. */
222 const struct lyd_node *pda_entry_dnode;
223 };
224
225 /**
226 * Check for duplicated entries using the candidate configuration.
227 *
228 * \param vty so we can get the candidate config.
229 * \param pda the arguments to check.
230 */
231 bool plist_is_dup(const struct lyd_node *dnode, struct plist_dup_args *pda);
232
233 /* filter_cli.c */
234 struct lyd_node;
235 struct vty;
236
237 extern void access_list_show(struct vty *vty, struct lyd_node *dnode,
238 bool show_defaults);
239 extern void access_list_remark_show(struct vty *vty, struct lyd_node *dnode,
240 bool show_defaults);
241 extern void prefix_list_show(struct vty *vty, struct lyd_node *dnode,
242 bool show_defaults);
243 extern void prefix_list_remark_show(struct vty *vty, struct lyd_node *dnode,
244 bool show_defaults);
245
246 void filter_cli_init(void);
247
248 #ifdef __cplusplus
249 }
250 #endif
251
252 #endif /* _ZEBRA_FILTER_H */
FRRouting mirror