2 * Route filtering function.
3 * Copyright (C) 1998 Kunihiro Ishiguro
5 * This file is part of GNU Zebra.
7 * GNU Zebra is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published
9 * by the Free Software Foundation; either version 2, or (at your
10 * option) any later version.
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 #ifndef _ZEBRA_FILTER_H
23 #define _ZEBRA_FILTER_H
32 /* Maximum ACL name length */
33 #define ACL_NAMSIZ 128
35 /** Cisco host wildcard mask. */
36 #define CISCO_HOST_WILDCARD_MASK "0.0.0.0"
37 /** Cisco host wildcard binary mask. */
38 #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
40 /** Cisco any wildcard mask. */
41 #define CISCO_ANY_WILDCARD_MASK "255.255.255.255"
42 /** Cisco binary any wildcard mask. */
43 #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
45 /* Filter direction. */
50 /* Filter type is made by `permit', `deny' and `dynamic'. */
51 enum filter_type
{ FILTER_DENY
, FILTER_PERMIT
, FILTER_DYNAMIC
};
54 /* Cisco access-list */
57 struct in_addr addr_mask
;
59 struct in_addr mask_mask
;
63 /* If this filter is "exact" match then this flag is set. */
66 /* Prefix information. */
70 /* Forward declaration of access-list struct. */
73 /* Filter element of access list */
75 /* For doubly linked list. */
79 /* Parent access-list pointer. */
80 struct access_list
*acl
;
82 /* Filter type information. */
83 enum filter_type type
;
88 /* Cisco access-list */
92 struct filter_cisco cfilter
;
93 struct filter_zebra zfilter
;
102 struct access_master
*master
;
104 struct access_list
*next
;
105 struct access_list
*prev
;
111 /* List of access_list. */
112 struct access_list_list
{
113 struct access_list
*head
;
114 struct access_list
*tail
;
117 /* Master structure of access_list. */
118 struct access_master
{
119 /* List of access_list which name is string. */
120 struct access_list_list str
;
122 /* Hook function which is executed when new access_list is added. */
123 void (*add_hook
)(struct access_list
*);
125 /* Hook function which is executed when access_list is deleted. */
126 void (*delete_hook
)(struct access_list
*);
130 /* Prototypes for access-list. */
131 extern void access_list_init(void);
132 extern void access_list_reset(void);
133 extern void access_list_add_hook(void (*func
)(struct access_list
*));
134 extern void access_list_delete_hook(void (*func
)(struct access_list
*));
135 extern struct access_list
*access_list_lookup(afi_t
, const char *);
136 extern enum filter_type
access_list_apply(struct access_list
*access
,
139 struct access_list
*access_list_get(afi_t afi
, const char *name
);
140 void access_list_delete(struct access_list
*access
);
141 struct filter
*filter_new(void);
142 void access_list_filter_add(struct access_list
*access
,
143 struct filter
*filter
);
144 void access_list_filter_delete(struct access_list
*access
,
145 struct filter
*filter
);
146 int64_t filter_new_seq_get(struct access_list
*access
);
148 extern const struct frr_yang_module_info frr_filter_info
;
152 enum yang_access_list_type
{
158 enum yang_prefix_list_type
{
163 enum yang_prefix_list_action
{
168 struct acl_dup_args
{
169 /** Access list type ("ipv4", "ipv6" or "mac"). */
170 const char *ada_type
;
171 /** Access list name. */
172 const char *ada_name
;
175 const char *ada_action
;
177 #define ADA_MAX_VALUES 4
178 /** Entry XPath for value. */
179 const char *ada_xpath
[ADA_MAX_VALUES
];
180 /** Entry value to match. */
181 const char *ada_value
[ADA_MAX_VALUES
];
183 /** Duplicated entry found in list? */
186 /** Sequence number of the found entry */
189 /** (Optional) Already existing `dnode`. */
190 const struct lyd_node
*ada_entry_dnode
;
194 * Check for duplicated entries using the candidate configuration.
196 * \param vty so we can get the candidate config.
197 * \param ada the arguments to check.
199 bool acl_is_dup(const struct lyd_node
*dnode
, struct acl_dup_args
*ada
);
201 struct plist_dup_args
{
202 /** Access list type ("ipv4" or "ipv6"). */
203 const char *pda_type
;
204 /** Access list name. */
205 const char *pda_name
;
208 const char *pda_action
;
211 struct prefix prefix
;
215 /** Duplicated entry found in list? */
218 /** Sequence number of the found entry */
221 /** (Optional) Already existing `dnode`. */
222 const struct lyd_node
*pda_entry_dnode
;
226 * Check for duplicated entries using the candidate configuration.
228 * \param vty so we can get the candidate config.
229 * \param pda the arguments to check.
231 bool plist_is_dup(const struct lyd_node
*dnode
, struct plist_dup_args
*pda
);
237 extern int access_list_cmp(struct lyd_node
*dnode1
, struct lyd_node
*dnode2
);
238 extern void access_list_show(struct vty
*vty
, struct lyd_node
*dnode
,
240 extern void access_list_remark_show(struct vty
*vty
, struct lyd_node
*dnode
,
242 extern int prefix_list_cmp(struct lyd_node
*dnode1
, struct lyd_node
*dnode2
);
243 extern void prefix_list_show(struct vty
*vty
, struct lyd_node
*dnode
,
245 extern void prefix_list_remark_show(struct vty
*vty
, struct lyd_node
*dnode
,
248 void filter_cli_init(void);
254 #endif /* _ZEBRA_FILTER_H */