lib/filter.h

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * Route filtering function.
   4  * Copyright (C) 1998 Kunihiro Ishiguro
   5  */
   6
   7 #ifndef _ZEBRA_FILTER_H
   8 #define _ZEBRA_FILTER_H
   9
  10 #include "if.h"
  11 #include "prefix.h"
  12
  13 #ifdef __cplusplus
  14 extern "C" {
  15 #endif
  16
  17 /* Maximum ACL name length */
  18 #define ACL_NAMSIZ                128
  19
  20 /** Cisco host wildcard mask. */
  21 #define CISCO_HOST_WILDCARD_MASK  "0.0.0.0"
  22 /** Cisco host wildcard binary mask. */
  23 #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
  24
  25 /** Cisco any wildcard mask. */
  26 #define CISCO_ANY_WILDCARD_MASK   "255.255.255.255"
  27 /** Cisco binary any wildcard mask. */
  28 #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
  29
  30 /* Filter direction.  */
  31 #define FILTER_IN                 0
  32 #define FILTER_OUT                1
  33 #define FILTER_MAX                2
  34
  35 /* Filter type is made by `permit', `deny' and `dynamic'. */
  36 enum filter_type { FILTER_DENY, FILTER_PERMIT, FILTER_DYNAMIC };
  37
  38 struct filter_cisco {
  39         /* Cisco access-list */
  40         int extended;
  41         struct in_addr addr;
  42         struct in_addr addr_mask;
  43         struct in_addr mask;
  44         struct in_addr mask_mask;
  45 };
  46
  47 struct filter_zebra {
  48         /* If this filter is "exact" match then this flag is set. */
  49         int exact;
  50
  51         /* Prefix information. */
  52         struct prefix prefix;
  53 };
  54
  55 /* Forward declaration of access-list struct. */
  56 struct access_list;
  57
  58 /* Filter element of access list */
  59 struct filter {
  60         /* For doubly linked list. */
  61         struct filter *next;
  62         struct filter *prev;
  63
  64         /* Parent access-list pointer. */
  65         struct access_list *acl;
  66
  67         /* Filter type information. */
  68         enum filter_type type;
  69
  70         /* Sequence number */
  71         int64_t seq;
  72
  73         /* Cisco access-list */
  74         int cisco;
  75
  76         union {
  77                 struct filter_cisco cfilter;
  78                 struct filter_zebra zfilter;
  79         } u;
  80 };
  81
  82 /* Access list */
  83 struct access_list {
  84         char *name;
  85         char *remark;
  86
  87         struct access_master *master;
  88
  89         struct access_list *next;
  90         struct access_list *prev;
  91
  92         struct filter *head;
  93         struct filter *tail;
  94 };
  95
  96 /* List of access_list. */
  97 struct access_list_list {
  98         struct access_list *head;
  99         struct access_list *tail;
 100 };
 101
 102 /* Master structure of access_list. */
 103 struct access_master {
 104         /* List of access_list which name is string. */
 105         struct access_list_list str;
 106
 107         /* Hook function which is executed when new access_list is added. */
 108         void (*add_hook)(struct access_list *);
 109
 110         /* Hook function which is executed when access_list is deleted. */
 111         void (*delete_hook)(struct access_list *);
 112 };
 113
 114
 115 /* Prototypes for access-list. */
 116 extern void access_list_init(void);
 117 extern void access_list_reset(void);
 118 extern void access_list_add_hook(void (*func)(struct access_list *));
 119 extern void access_list_delete_hook(void (*func)(struct access_list *));
 120 extern struct access_list *access_list_lookup(afi_t, const char *);
 121 extern enum filter_type access_list_apply(struct access_list *access,
 122                                           const void *object);
 123
 124 struct access_list *access_list_get(afi_t afi, const char *name);
 125 void access_list_delete(struct access_list *access);
 126 struct filter *filter_new(void);
 127 void access_list_filter_add(struct access_list *access,
 128                             struct filter *filter);
 129 void access_list_filter_delete(struct access_list *access,
 130                                struct filter *filter);
 131 int64_t filter_new_seq_get(struct access_list *access);
 132
 133 extern const struct frr_yang_module_info frr_filter_info;
 134
 135
 136 /* filter_nb.c */
 137 enum yang_access_list_type {
 138         YALT_IPV4 = 0,
 139         YALT_IPV6 = 1,
 140         YALT_MAC = 2,
 141 };
 142
 143 enum yang_prefix_list_type {
 144         YPLT_IPV4 = 0,
 145         YPLT_IPV6 = 1,
 146 };
 147
 148 enum yang_prefix_list_action {
 149         YPLA_DENY = 0,
 150         YPLA_PERMIT = 1,
 151 };
 152
 153 struct acl_dup_args {
 154         /** Access list type ("ipv4", "ipv6" or "mac"). */
 155         const char *ada_type;
 156         /** Access list name. */
 157         const char *ada_name;
 158
 159         /** Entry action. */
 160         const char *ada_action;
 161
 162 #define ADA_MAX_VALUES 4
 163         /** Entry XPath for value. */
 164         const char *ada_xpath[ADA_MAX_VALUES];
 165         /** Entry value to match. */
 166         const char *ada_value[ADA_MAX_VALUES];
 167
 168         /** Duplicated entry found in list? */
 169         bool ada_found;
 170
 171         /** Sequence number of the found entry */
 172         int64_t ada_seq;
 173
 174         /** (Optional) Already existing `dnode`. */
 175         const struct lyd_node *ada_entry_dnode;
 176 };
 177
 178 /**
 179  * Check for duplicated entries using the candidate configuration.
 180  *
 181  * \param vty so we can get the candidate config.
 182  * \param ada the arguments to check.
 183  */
 184 bool acl_is_dup(const struct lyd_node *dnode, struct acl_dup_args *ada);
 185
 186 struct plist_dup_args {
 187         /** Access list type ("ipv4" or "ipv6"). */
 188         const char *pda_type;
 189         /** Access list name. */
 190         const char *pda_name;
 191
 192         /** Entry action. */
 193         const char *pda_action;
 194
 195         bool any;
 196         struct prefix prefix;
 197         int ge;
 198         int le;
 199
 200         /** Duplicated entry found in list? */
 201         bool pda_found;
 202
 203         /** Sequence number of the found entry */
 204         int64_t pda_seq;
 205
 206         /** (Optional) Already existing `dnode`. */
 207         const struct lyd_node *pda_entry_dnode;
 208 };
 209
 210 /**
 211  * Check for duplicated entries using the candidate configuration.
 212  *
 213  * \param vty so we can get the candidate config.
 214  * \param pda the arguments to check.
 215  */
 216 bool plist_is_dup(const struct lyd_node *dnode, struct plist_dup_args *pda);
 217
 218 /* filter_cli.c */
 219 struct lyd_node;
 220 struct vty;
 221
 222 extern int access_list_cmp(const struct lyd_node *dnode1,
 223                            const struct lyd_node *dnode2);
 224 extern void access_list_show(struct vty *vty, const struct lyd_node *dnode,
 225                              bool show_defaults);
 226 extern void access_list_remark_show(struct vty *vty,
 227                                     const struct lyd_node *dnode,
 228                                     bool show_defaults);
 229 extern int prefix_list_cmp(const struct lyd_node *dnode1,
 230                            const struct lyd_node *dnode2);
 231 extern void prefix_list_show(struct vty *vty, const struct lyd_node *dnode,
 232                              bool show_defaults);
 233 extern void prefix_list_remark_show(struct vty *vty,
 234                                     const struct lyd_node *dnode,
 235                                     bool show_defaults);
 236
 237 void filter_cli_init(void);
 238
 239 #ifdef __cplusplus
 240 }
 241 #endif
 242
 243 #endif /* _ZEBRA_FILTER_H */