1 /* Route filtering function.
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GNU Zebra; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
28 #include "sockunion.h"
34 /* Cisco access-list */
37 struct in_addr addr_mask;
39 struct in_addr mask_mask;
44 /* If this filter is "exact" match then this flag is set. */
47 /* Prefix information. */
51 /* Filter element of access list */
54 /* For doubly linked list. */
58 /* Filter type information. */
59 enum filter_type type;
61 /* Cisco access-list */
66 struct filter_cisco cfilter;
67 struct filter_zebra zfilter;
71 /* List of access_list. */
72 struct access_list_list
74 struct access_list *head;
75 struct access_list *tail;
78 /* Master structure of access_list. */
81 /* List of access_list which name is number. */
82 struct access_list_list num;
84 /* List of access_list which name is string. */
85 struct access_list_list str;
87 /* Hook function which is executed when new access_list is added. */
88 void (*add_hook) (const char *);
90 /* Hook function which is executed when access_list is deleted. */
91 void (*delete_hook) (const char *);
94 /* Static structure for IPv4 access_list's master. */
95 static struct access_master access_master_ipv4 =
104 /* Static structure for IPv6 access_list's master. */
105 static struct access_master access_master_ipv6 =
112 #endif /* HAVE_IPV6 */
114 static struct access_master *
115 access_master_get (afi_t afi)
118 return &access_master_ipv4;
120 else if (afi == AFI_IP6)
121 return &access_master_ipv6;
122 #endif /* HAVE_IPV6 */
126 /* Allocate new filter structure. */
127 static struct filter *
130 return (struct filter *) XCALLOC (MTYPE_ACCESS_FILTER,
131 sizeof (struct filter));
135 filter_free (struct filter *filter)
137 XFREE (MTYPE_ACCESS_FILTER, filter);
140 /* Return string of filter_type. */
142 filter_type_str (struct filter *filter)
144 switch (filter->type)
161 /* If filter match to the prefix then return 1. */
163 filter_match_cisco (struct filter *mfilter, struct prefix *p)
165 struct filter_cisco *filter;
167 u_int32_t check_addr;
168 u_int32_t check_mask;
170 filter = &mfilter->u.cfilter;
171 check_addr = p->u.prefix4.s_addr & ~filter->addr_mask.s_addr;
173 if (filter->extended)
175 masklen2ip (p->prefixlen, &mask);
176 check_mask = mask.s_addr & ~filter->mask_mask.s_addr;
178 if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0
179 && memcmp (&check_mask, &filter->mask.s_addr, 4) == 0)
182 else if (memcmp (&check_addr, &filter->addr.s_addr, 4) == 0)
188 /* If filter match to the prefix then return 1. */
190 filter_match_zebra (struct filter *mfilter, struct prefix *p)
192 struct filter_zebra *filter;
194 filter = &mfilter->u.zfilter;
196 if (filter->prefix.family == p->family)
200 if (filter->prefix.prefixlen == p->prefixlen)
201 return prefix_match (&filter->prefix, p);
206 return prefix_match (&filter->prefix, p);
212 /* Allocate new access list structure. */
213 static struct access_list *
214 access_list_new (void)
216 return (struct access_list *) XCALLOC (MTYPE_ACCESS_LIST,
217 sizeof (struct access_list));
220 /* Free allocated access_list. */
222 access_list_free (struct access_list *access)
224 XFREE (MTYPE_ACCESS_LIST, access);
227 /* Delete access_list from access_master and free it. */
229 access_list_delete (struct access_list *access)
231 struct filter *filter;
233 struct access_list_list *list;
234 struct access_master *master;
236 for (filter = access->head; filter; filter = next)
239 filter_free (filter);
242 master = access->master;
244 if (access->type == ACCESS_TYPE_NUMBER)
250 access->next->prev = access->prev;
252 list->tail = access->prev;
255 access->prev->next = access->next;
257 list->head = access->next;
260 XFREE (MTYPE_ACCESS_LIST_STR, access->name);
263 XFREE (MTYPE_TMP, access->remark);
265 access_list_free (access);
268 /* Insert new access list to list of access_list. Each acceess_list
269 is sorted by the name. */
270 static struct access_list *
271 access_list_insert (afi_t afi, const char *name)
275 struct access_list *access;
276 struct access_list *point;
277 struct access_list_list *alist;
278 struct access_master *master;
280 master = access_master_get (afi);
284 /* Allocate new access_list and copy given name. */
285 access = access_list_new ();
286 access->name = XSTRDUP (MTYPE_ACCESS_LIST_STR, name);
287 access->master = master;
289 /* If name is made by all digit character. We treat it as
291 for (number = 0, i = 0; i < strlen (name); i++)
293 if (isdigit ((int) name[i]))
294 number = (number * 10) + (name[i] - '0');
299 /* In case of name is all digit character */
300 if (i == strlen (name))
302 access->type = ACCESS_TYPE_NUMBER;
304 /* Set access_list to number list. */
305 alist = &master->num;
307 for (point = alist->head; point; point = point->next)
308 if (atol (point->name) >= number)
313 access->type = ACCESS_TYPE_STRING;
315 /* Set access_list to string list. */
316 alist = &master->str;
318 /* Set point to insertion point. */
319 for (point = alist->head; point; point = point->next)
320 if (point->name && strcmp (point->name, name) >= 0)
324 /* In case of this is the first element of master. */
325 if (alist->head == NULL)
327 alist->head = alist->tail = access;
331 /* In case of insertion is made at the tail of access_list. */
334 access->prev = alist->tail;
335 alist->tail->next = access;
336 alist->tail = access;
340 /* In case of insertion is made at the head of access_list. */
341 if (point == alist->head)
343 access->next = alist->head;
344 alist->head->prev = access;
345 alist->head = access;
349 /* Insertion is made at middle of the access_list. */
350 access->next = point;
351 access->prev = point->prev;
354 point->prev->next = access;
355 point->prev = access;
360 /* Lookup access_list from list of access_list by name. */
362 access_list_lookup (afi_t afi, const char *name)
364 struct access_list *access;
365 struct access_master *master;
370 master = access_master_get (afi);
374 for (access = master->num.head; access; access = access->next)
375 if (access->name && strcmp (access->name, name) == 0)
378 for (access = master->str.head; access; access = access->next)
379 if (access->name && strcmp (access->name, name) == 0)
385 /* Get access list from list of access_list. If there isn't matched
386 access_list create new one and return it. */
387 static struct access_list *
388 access_list_get (afi_t afi, const char *name)
390 struct access_list *access;
392 access = access_list_lookup (afi, name);
394 access = access_list_insert (afi, name);
398 /* Apply access list to object (which should be struct prefix *). */
400 access_list_apply (struct access_list *access, void *object)
402 struct filter *filter;
405 p = (struct prefix *) object;
410 for (filter = access->head; filter; filter = filter->next)
414 if (filter_match_cisco (filter, p))
419 if (filter_match_zebra (filter, p))
427 /* Add hook function. */
429 access_list_add_hook (void (*func) (const char *))
431 access_master_ipv4.add_hook = func;
433 access_master_ipv6.add_hook = func;
434 #endif /* HAVE_IPV6 */
437 /* Delete hook function. */
439 access_list_delete_hook (void (*func) (const char *))
441 access_master_ipv4.delete_hook = func;
443 access_master_ipv6.delete_hook = func;
444 #endif /* HAVE_IPV6 */
447 /* Add new filter to the end of specified access_list. */
449 access_list_filter_add (struct access_list *access, struct filter *filter)
452 filter->prev = access->tail;
455 access->tail->next = filter;
457 access->head = filter;
458 access->tail = filter;
460 /* Run hook function. */
461 if (access->master->add_hook)
462 (*access->master->add_hook) (access->name);
465 /* If access_list has no filter then return 1. */
467 access_list_empty (struct access_list *access)
469 if (access->head == NULL && access->tail == NULL)
475 /* Delete filter from specified access_list. If there is hook
476 function execute it. */
478 access_list_filter_delete (struct access_list *access, struct filter *filter)
480 struct access_master *master;
481 /* transfer ownership of access->name to a local, to retain the name
482 * to pass to a delete hook, while the access-list is deleted
484 * It is important that access-lists that are deleted, or are in process
485 * of being deleted, are not visible via access_list_lookup. This is
486 * because some (all?) users process the delete_hook callback the same
487 * as an add - they simply refresh all their access_list name references
488 * by looking up the name.
490 * If an access list can be looked up while being deleted, such users will
491 * not remove an access-list, and will keep dangling references to
492 * freed access lists.
494 char *name = access->name;
497 master = access->master;
500 filter->next->prev = filter->prev;
502 access->tail = filter->prev;
505 filter->prev->next = filter->next;
507 access->head = filter->next;
509 filter_free (filter);
511 /* If access_list becomes empty delete it from access_master. */
512 if (access_list_empty (access))
513 access_list_delete (access);
515 /* Run hook function. */
516 if (master->delete_hook)
517 (*master->delete_hook) (name);
519 XFREE (MTYPE_ACCESS_LIST_STR, name);
523 deny Specify packets to reject
524 permit Specify packets to forward
529 Hostname or A.B.C.D Address to match
531 host A single host address
534 static struct filter *
535 filter_lookup_cisco (struct access_list *access, struct filter *mnew)
537 struct filter *mfilter;
538 struct filter_cisco *filter;
539 struct filter_cisco *new;
541 new = &mnew->u.cfilter;
543 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
545 filter = &mfilter->u.cfilter;
547 if (filter->extended)
549 if (mfilter->type == mnew->type
550 && filter->addr.s_addr == new->addr.s_addr
551 && filter->addr_mask.s_addr == new->addr_mask.s_addr
552 && filter->mask.s_addr == new->mask.s_addr
553 && filter->mask_mask.s_addr == new->mask_mask.s_addr)
558 if (mfilter->type == mnew->type
559 && filter->addr.s_addr == new->addr.s_addr
560 && filter->addr_mask.s_addr == new->addr_mask.s_addr)
568 static struct filter *
569 filter_lookup_zebra (struct access_list *access, struct filter *mnew)
571 struct filter *mfilter;
572 struct filter_zebra *filter;
573 struct filter_zebra *new;
575 new = &mnew->u.zfilter;
577 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
579 filter = &mfilter->u.zfilter;
581 if (filter->exact == new->exact
582 && mfilter->type == mnew->type
583 && prefix_same (&filter->prefix, &new->prefix))
590 vty_access_list_remark_unset (struct vty *vty, afi_t afi, const char *name)
592 struct access_list *access;
594 access = access_list_lookup (afi, name);
597 vty_out (vty, "%% access-list %s doesn't exist%s", name,
604 XFREE (MTYPE_TMP, access->remark);
605 access->remark = NULL;
608 if (access->head == NULL && access->tail == NULL && access->remark == NULL)
609 access_list_delete (access);
615 filter_set_cisco (struct vty *vty, const char *name_str, const char *type_str,
616 const char *addr_str, const char *addr_mask_str,
617 const char *mask_str, const char *mask_mask_str,
618 int extended, int set)
621 enum filter_type type;
622 struct filter *mfilter;
623 struct filter_cisco *filter;
624 struct access_list *access;
626 struct in_addr addr_mask;
628 struct in_addr mask_mask;
630 /* Check of filter type. */
631 if (strncmp (type_str, "p", 1) == 0)
632 type = FILTER_PERMIT;
633 else if (strncmp (type_str, "d", 1) == 0)
637 vty_out (vty, "%% filter type must be permit or deny%s", VTY_NEWLINE);
641 ret = inet_aton (addr_str, &addr);
644 vty_out (vty, "%%Inconsistent address and mask%s",
649 ret = inet_aton (addr_mask_str, &addr_mask);
652 vty_out (vty, "%%Inconsistent address and mask%s",
659 ret = inet_aton (mask_str, &mask);
662 vty_out (vty, "%%Inconsistent address and mask%s",
667 ret = inet_aton (mask_mask_str, &mask_mask);
670 vty_out (vty, "%%Inconsistent address and mask%s",
676 mfilter = filter_new();
677 mfilter->type = type;
679 filter = &mfilter->u.cfilter;
680 filter->extended = extended;
681 filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
682 filter->addr_mask.s_addr = addr_mask.s_addr;
686 filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
687 filter->mask_mask.s_addr = mask_mask.s_addr;
690 /* Install new filter to the access_list. */
691 access = access_list_get (AFI_IP, name_str);
695 if (filter_lookup_cisco (access, mfilter))
696 filter_free (mfilter);
698 access_list_filter_add (access, mfilter);
702 struct filter *delete_filter;
704 delete_filter = filter_lookup_cisco (access, mfilter);
706 access_list_filter_delete (access, delete_filter);
708 filter_free (mfilter);
714 /* Standard access-list */
715 DEFUN (access_list_standard,
716 access_list_standard_cmd,
717 "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
718 "Add an access list entry\n"
719 "IP standard access list\n"
720 "IP standard access list (expanded range)\n"
721 "Specify packets to reject\n"
722 "Specify packets to forward\n"
726 return filter_set_cisco (vty, argv[0], argv[1], argv[2], argv[3],
730 DEFUN (access_list_standard_nomask,
731 access_list_standard_nomask_cmd,
732 "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
733 "Add an access list entry\n"
734 "IP standard access list\n"
735 "IP standard access list (expanded range)\n"
736 "Specify packets to reject\n"
737 "Specify packets to forward\n"
738 "Address to match\n")
740 return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
744 DEFUN (access_list_standard_host,
745 access_list_standard_host_cmd,
746 "access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
747 "Add an access list entry\n"
748 "IP standard access list\n"
749 "IP standard access list (expanded range)\n"
750 "Specify packets to reject\n"
751 "Specify packets to forward\n"
752 "A single host address\n"
753 "Address to match\n")
755 return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
759 DEFUN (access_list_standard_any,
760 access_list_standard_any_cmd,
761 "access-list (<1-99>|<1300-1999>) (deny|permit) any",
762 "Add an access list entry\n"
763 "IP standard access list\n"
764 "IP standard access list (expanded range)\n"
765 "Specify packets to reject\n"
766 "Specify packets to forward\n"
769 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
770 "255.255.255.255", NULL, NULL, 0, 1);
773 DEFUN (no_access_list_standard,
774 no_access_list_standard_cmd,
775 "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
777 "Add an access list entry\n"
778 "IP standard access list\n"
779 "IP standard access list (expanded range)\n"
780 "Specify packets to reject\n"
781 "Specify packets to forward\n"
785 return filter_set_cisco (vty, argv[0], argv[1], argv[2], argv[3],
789 DEFUN (no_access_list_standard_nomask,
790 no_access_list_standard_nomask_cmd,
791 "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
793 "Add an access list entry\n"
794 "IP standard access list\n"
795 "IP standard access list (expanded range)\n"
796 "Specify packets to reject\n"
797 "Specify packets to forward\n"
798 "Address to match\n")
800 return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
804 DEFUN (no_access_list_standard_host,
805 no_access_list_standard_host_cmd,
806 "no access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
808 "Add an access list entry\n"
809 "IP standard access list\n"
810 "IP standard access list (expanded range)\n"
811 "Specify packets to reject\n"
812 "Specify packets to forward\n"
813 "A single host address\n"
814 "Address to match\n")
816 return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
820 DEFUN (no_access_list_standard_any,
821 no_access_list_standard_any_cmd,
822 "no access-list (<1-99>|<1300-1999>) (deny|permit) any",
824 "Add an access list entry\n"
825 "IP standard access list\n"
826 "IP standard access list (expanded range)\n"
827 "Specify packets to reject\n"
828 "Specify packets to forward\n"
831 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
832 "255.255.255.255", NULL, NULL, 0, 0);
835 /* Extended access-list */
836 DEFUN (access_list_extended,
837 access_list_extended_cmd,
838 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
839 "Add an access list entry\n"
840 "IP extended access list\n"
841 "IP extended access list (expanded range)\n"
842 "Specify packets to reject\n"
843 "Specify packets to forward\n"
844 "Any Internet Protocol\n"
846 "Source wildcard bits\n"
847 "Destination address\n"
848 "Destination Wildcard bits\n")
850 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
851 argv[3], argv[4], argv[5], 1 ,1);
854 DEFUN (access_list_extended_mask_any,
855 access_list_extended_mask_any_cmd,
856 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
857 "Add an access list entry\n"
858 "IP extended access list\n"
859 "IP extended access list (expanded range)\n"
860 "Specify packets to reject\n"
861 "Specify packets to forward\n"
862 "Any Internet Protocol\n"
864 "Source wildcard bits\n"
865 "Any destination host\n")
867 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
869 "255.255.255.255", 1, 1);
872 DEFUN (access_list_extended_any_mask,
873 access_list_extended_any_mask_cmd,
874 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
875 "Add an access list entry\n"
876 "IP extended access list\n"
877 "IP extended access list (expanded range)\n"
878 "Specify packets to reject\n"
879 "Specify packets to forward\n"
880 "Any Internet Protocol\n"
882 "Destination address\n"
883 "Destination Wildcard bits\n")
885 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
886 "255.255.255.255", argv[2],
890 DEFUN (access_list_extended_any_any,
891 access_list_extended_any_any_cmd,
892 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any any",
893 "Add an access list entry\n"
894 "IP extended access list\n"
895 "IP extended access list (expanded range)\n"
896 "Specify packets to reject\n"
897 "Specify packets to forward\n"
898 "Any Internet Protocol\n"
900 "Any destination host\n")
902 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
903 "255.255.255.255", "0.0.0.0",
904 "255.255.255.255", 1, 1);
907 DEFUN (access_list_extended_mask_host,
908 access_list_extended_mask_host_cmd,
909 "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D host A.B.C.D",
910 "Add an access list entry\n"
911 "IP extended access list\n"
912 "IP extended access list (expanded range)\n"
913 "Specify packets to reject\n"
914 "Specify packets to forward\n"
915 "Any Internet Protocol\n"
917 "Source wildcard bits\n"
918 "A single destination host\n"
919 "Destination address\n")
921 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
926 DEFUN (access_list_extended_host_mask,
927 access_list_extended_host_mask_cmd,
928 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D A.B.C.D A.B.C.D",
929 "Add an access list entry\n"
930 "IP extended access list\n"
931 "IP extended access list (expanded range)\n"
932 "Specify packets to reject\n"
933 "Specify packets to forward\n"
934 "Any Internet Protocol\n"
935 "A single source host\n"
937 "Destination address\n"
938 "Destination Wildcard bits\n")
940 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
945 DEFUN (access_list_extended_host_host,
946 access_list_extended_host_host_cmd,
947 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D host A.B.C.D",
948 "Add an access list entry\n"
949 "IP extended access list\n"
950 "IP extended access list (expanded range)\n"
951 "Specify packets to reject\n"
952 "Specify packets to forward\n"
953 "Any Internet Protocol\n"
954 "A single source host\n"
956 "A single destination host\n"
957 "Destination address\n")
959 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
964 DEFUN (access_list_extended_any_host,
965 access_list_extended_any_host_cmd,
966 "access-list (<100-199>|<2000-2699>) (deny|permit) ip any host A.B.C.D",
967 "Add an access list entry\n"
968 "IP extended access list\n"
969 "IP extended access list (expanded range)\n"
970 "Specify packets to reject\n"
971 "Specify packets to forward\n"
972 "Any Internet Protocol\n"
974 "A single destination host\n"
975 "Destination address\n")
977 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
978 "255.255.255.255", argv[2],
982 DEFUN (access_list_extended_host_any,
983 access_list_extended_host_any_cmd,
984 "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D any",
985 "Add an access list entry\n"
986 "IP extended access list\n"
987 "IP extended access list (expanded range)\n"
988 "Specify packets to reject\n"
989 "Specify packets to forward\n"
990 "Any Internet Protocol\n"
991 "A single source host\n"
993 "Any destination host\n")
995 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
996 "0.0.0.0", "0.0.0.0",
997 "255.255.255.255", 1, 1);
1000 DEFUN (no_access_list_extended,
1001 no_access_list_extended_cmd,
1002 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
1004 "Add an access list entry\n"
1005 "IP extended access list\n"
1006 "IP extended access list (expanded range)\n"
1007 "Specify packets to reject\n"
1008 "Specify packets to forward\n"
1009 "Any Internet Protocol\n"
1011 "Source wildcard bits\n"
1012 "Destination address\n"
1013 "Destination Wildcard bits\n")
1015 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1016 argv[3], argv[4], argv[5], 1, 0);
1019 DEFUN (no_access_list_extended_mask_any,
1020 no_access_list_extended_mask_any_cmd,
1021 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
1023 "Add an access list entry\n"
1024 "IP extended access list\n"
1025 "IP extended access list (expanded range)\n"
1026 "Specify packets to reject\n"
1027 "Specify packets to forward\n"
1028 "Any Internet Protocol\n"
1030 "Source wildcard bits\n"
1031 "Any destination host\n")
1033 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1035 "255.255.255.255", 1, 0);
1038 DEFUN (no_access_list_extended_any_mask,
1039 no_access_list_extended_any_mask_cmd,
1040 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
1042 "Add an access list entry\n"
1043 "IP extended access list\n"
1044 "IP extended access list (expanded range)\n"
1045 "Specify packets to reject\n"
1046 "Specify packets to forward\n"
1047 "Any Internet Protocol\n"
1049 "Destination address\n"
1050 "Destination Wildcard bits\n")
1052 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
1053 "255.255.255.255", argv[2],
1057 DEFUN (no_access_list_extended_any_any,
1058 no_access_list_extended_any_any_cmd,
1059 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any any",
1061 "Add an access list entry\n"
1062 "IP extended access list\n"
1063 "IP extended access list (expanded range)\n"
1064 "Specify packets to reject\n"
1065 "Specify packets to forward\n"
1066 "Any Internet Protocol\n"
1068 "Any destination host\n")
1070 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
1071 "255.255.255.255", "0.0.0.0",
1072 "255.255.255.255", 1, 0);
1075 DEFUN (no_access_list_extended_mask_host,
1076 no_access_list_extended_mask_host_cmd,
1077 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D host A.B.C.D",
1079 "Add an access list entry\n"
1080 "IP extended access list\n"
1081 "IP extended access list (expanded range)\n"
1082 "Specify packets to reject\n"
1083 "Specify packets to forward\n"
1084 "Any Internet Protocol\n"
1086 "Source wildcard bits\n"
1087 "A single destination host\n"
1088 "Destination address\n")
1090 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1095 DEFUN (no_access_list_extended_host_mask,
1096 no_access_list_extended_host_mask_cmd,
1097 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D A.B.C.D A.B.C.D",
1099 "Add an access list entry\n"
1100 "IP extended access list\n"
1101 "IP extended access list (expanded range)\n"
1102 "Specify packets to reject\n"
1103 "Specify packets to forward\n"
1104 "Any Internet Protocol\n"
1105 "A single source host\n"
1107 "Destination address\n"
1108 "Destination Wildcard bits\n")
1110 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1115 DEFUN (no_access_list_extended_host_host,
1116 no_access_list_extended_host_host_cmd,
1117 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D host A.B.C.D",
1119 "Add an access list entry\n"
1120 "IP extended access list\n"
1121 "IP extended access list (expanded range)\n"
1122 "Specify packets to reject\n"
1123 "Specify packets to forward\n"
1124 "Any Internet Protocol\n"
1125 "A single source host\n"
1127 "A single destination host\n"
1128 "Destination address\n")
1130 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1135 DEFUN (no_access_list_extended_any_host,
1136 no_access_list_extended_any_host_cmd,
1137 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any host A.B.C.D",
1139 "Add an access list entry\n"
1140 "IP extended access list\n"
1141 "IP extended access list (expanded range)\n"
1142 "Specify packets to reject\n"
1143 "Specify packets to forward\n"
1144 "Any Internet Protocol\n"
1146 "A single destination host\n"
1147 "Destination address\n")
1149 return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
1150 "255.255.255.255", argv[2],
1154 DEFUN (no_access_list_extended_host_any,
1155 no_access_list_extended_host_any_cmd,
1156 "no access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D any",
1158 "Add an access list entry\n"
1159 "IP extended access list\n"
1160 "IP extended access list (expanded range)\n"
1161 "Specify packets to reject\n"
1162 "Specify packets to forward\n"
1163 "Any Internet Protocol\n"
1164 "A single source host\n"
1166 "Any destination host\n")
1168 return filter_set_cisco (vty, argv[0], argv[1], argv[2],
1169 "0.0.0.0", "0.0.0.0",
1170 "255.255.255.255", 1, 0);
1174 filter_set_zebra (struct vty *vty, const char *name_str, const char *type_str,
1175 afi_t afi, const char *prefix_str, int exact, int set)
1178 enum filter_type type;
1179 struct filter *mfilter;
1180 struct filter_zebra *filter;
1181 struct access_list *access;
1184 /* Check of filter type. */
1185 if (strncmp (type_str, "p", 1) == 0)
1186 type = FILTER_PERMIT;
1187 else if (strncmp (type_str, "d", 1) == 0)
1191 vty_out (vty, "filter type must be [permit|deny]%s", VTY_NEWLINE);
1195 /* Check string format of prefix and prefixlen. */
1198 ret = str2prefix_ipv4 (prefix_str, (struct prefix_ipv4 *)&p);
1201 vty_out (vty, "IP address prefix/prefixlen is malformed%s",
1207 else if (afi == AFI_IP6)
1209 ret = str2prefix_ipv6 (prefix_str, (struct prefix_ipv6 *) &p);
1212 vty_out (vty, "IPv6 address prefix/prefixlen is malformed%s",
1217 #endif /* HAVE_IPV6 */
1221 mfilter = filter_new ();
1222 mfilter->type = type;
1223 filter = &mfilter->u.zfilter;
1224 prefix_copy (&filter->prefix, &p);
1230 /* Install new filter to the access_list. */
1231 access = access_list_get (afi, name_str);
1235 if (filter_lookup_zebra (access, mfilter))
1236 filter_free (mfilter);
1238 access_list_filter_add (access, mfilter);
1242 struct filter *delete_filter;
1244 delete_filter = filter_lookup_zebra (access, mfilter);
1246 access_list_filter_delete (access, delete_filter);
1248 filter_free (mfilter);
1254 /* Zebra access-list */
1257 "access-list WORD (deny|permit) A.B.C.D/M",
1258 "Add an access list entry\n"
1259 "IP zebra access-list name\n"
1260 "Specify packets to reject\n"
1261 "Specify packets to forward\n"
1262 "Prefix to match. e.g. 10.0.0.0/8\n")
1264 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, argv[2], 0, 1);
1267 DEFUN (access_list_exact,
1268 access_list_exact_cmd,
1269 "access-list WORD (deny|permit) A.B.C.D/M exact-match",
1270 "Add an access list entry\n"
1271 "IP zebra access-list name\n"
1272 "Specify packets to reject\n"
1273 "Specify packets to forward\n"
1274 "Prefix to match. e.g. 10.0.0.0/8\n"
1275 "Exact match of the prefixes\n")
1277 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, argv[2], 1, 1);
1280 DEFUN (access_list_any,
1281 access_list_any_cmd,
1282 "access-list WORD (deny|permit) any",
1283 "Add an access list entry\n"
1284 "IP zebra access-list name\n"
1285 "Specify packets to reject\n"
1286 "Specify packets to forward\n"
1287 "Prefix to match. e.g. 10.0.0.0/8\n")
1289 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, "0.0.0.0/0", 0, 1);
1292 DEFUN (no_access_list,
1294 "no access-list WORD (deny|permit) A.B.C.D/M",
1296 "Add an access list entry\n"
1297 "IP zebra access-list name\n"
1298 "Specify packets to reject\n"
1299 "Specify packets to forward\n"
1300 "Prefix to match. e.g. 10.0.0.0/8\n")
1302 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, argv[2], 0, 0);
1305 DEFUN (no_access_list_exact,
1306 no_access_list_exact_cmd,
1307 "no access-list WORD (deny|permit) A.B.C.D/M exact-match",
1309 "Add an access list entry\n"
1310 "IP zebra access-list name\n"
1311 "Specify packets to reject\n"
1312 "Specify packets to forward\n"
1313 "Prefix to match. e.g. 10.0.0.0/8\n"
1314 "Exact match of the prefixes\n")
1316 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, argv[2], 1, 0);
1319 DEFUN (no_access_list_any,
1320 no_access_list_any_cmd,
1321 "no access-list WORD (deny|permit) any",
1323 "Add an access list entry\n"
1324 "IP zebra access-list name\n"
1325 "Specify packets to reject\n"
1326 "Specify packets to forward\n"
1327 "Prefix to match. e.g. 10.0.0.0/8\n")
1329 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP, "0.0.0.0/0", 0, 0);
1332 DEFUN (no_access_list_all,
1333 no_access_list_all_cmd,
1334 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)",
1336 "Add an access list entry\n"
1337 "IP standard access list\n"
1338 "IP extended access list\n"
1339 "IP standard access list (expanded range)\n"
1340 "IP extended access list (expanded range)\n"
1341 "IP zebra access-list name\n")
1343 struct access_list *access;
1344 struct access_master *master;
1347 /* Looking up access_list. */
1348 access = access_list_lookup (AFI_IP, argv[0]);
1351 vty_out (vty, "%% access-list %s doesn't exist%s", argv[0],
1356 master = access->master;
1357 /* transfer ownership of access->name to a local, to retain
1358 * a while longer, past access_list being freed */
1359 name = access->name;
1360 access->name = NULL;
1362 /* Delete all filter from access-list. */
1363 access_list_delete (access);
1365 /* Run hook function. */
1366 if (master->delete_hook)
1367 (*master->delete_hook) (name);
1369 XFREE (MTYPE_ACCESS_LIST_STR, name);
1374 DEFUN (access_list_remark,
1375 access_list_remark_cmd,
1376 "access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark .LINE",
1377 "Add an access list entry\n"
1378 "IP standard access list\n"
1379 "IP extended access list\n"
1380 "IP standard access list (expanded range)\n"
1381 "IP extended access list (expanded range)\n"
1382 "IP zebra access-list\n"
1383 "Access list entry comment\n"
1384 "Comment up to 100 characters\n")
1386 struct access_list *access;
1388 access = access_list_get (AFI_IP, argv[0]);
1392 XFREE (MTYPE_TMP, access->remark);
1393 access->remark = NULL;
1395 access->remark = argv_concat(argv, argc, 1);
1400 DEFUN (no_access_list_remark,
1401 no_access_list_remark_cmd,
1402 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark",
1404 "Add an access list entry\n"
1405 "IP standard access list\n"
1406 "IP extended access list\n"
1407 "IP standard access list (expanded range)\n"
1408 "IP extended access list (expanded range)\n"
1409 "IP zebra access-list\n"
1410 "Access list entry comment\n")
1412 return vty_access_list_remark_unset (vty, AFI_IP, argv[0]);
1415 ALIAS (no_access_list_remark,
1416 no_access_list_remark_arg_cmd,
1417 "no access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) remark .LINE",
1419 "Add an access list entry\n"
1420 "IP standard access list\n"
1421 "IP extended access list\n"
1422 "IP standard access list (expanded range)\n"
1423 "IP extended access list (expanded range)\n"
1424 "IP zebra access-list\n"
1425 "Access list entry comment\n"
1426 "Comment up to 100 characters\n")
1429 DEFUN (ipv6_access_list,
1430 ipv6_access_list_cmd,
1431 "ipv6 access-list WORD (deny|permit) X:X::X:X/M",
1433 "Add an access list entry\n"
1434 "IPv6 zebra access-list\n"
1435 "Specify packets to reject\n"
1436 "Specify packets to forward\n"
1437 "Prefix to match. e.g. 3ffe:506::/32\n")
1439 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, argv[2], 0, 1);
1442 DEFUN (ipv6_access_list_exact,
1443 ipv6_access_list_exact_cmd,
1444 "ipv6 access-list WORD (deny|permit) X:X::X:X/M exact-match",
1446 "Add an access list entry\n"
1447 "IPv6 zebra access-list\n"
1448 "Specify packets to reject\n"
1449 "Specify packets to forward\n"
1450 "Prefix to match. e.g. 3ffe:506::/32\n"
1451 "Exact match of the prefixes\n")
1453 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, argv[2], 1, 1);
1456 DEFUN (ipv6_access_list_any,
1457 ipv6_access_list_any_cmd,
1458 "ipv6 access-list WORD (deny|permit) any",
1460 "Add an access list entry\n"
1461 "IPv6 zebra access-list\n"
1462 "Specify packets to reject\n"
1463 "Specify packets to forward\n"
1464 "Any prefixi to match\n")
1466 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, "::/0", 0, 1);
1469 DEFUN (no_ipv6_access_list,
1470 no_ipv6_access_list_cmd,
1471 "no ipv6 access-list WORD (deny|permit) X:X::X:X/M",
1474 "Add an access list entry\n"
1475 "IPv6 zebra access-list\n"
1476 "Specify packets to reject\n"
1477 "Specify packets to forward\n"
1478 "Prefix to match. e.g. 3ffe:506::/32\n")
1480 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, argv[2], 0, 0);
1483 DEFUN (no_ipv6_access_list_exact,
1484 no_ipv6_access_list_exact_cmd,
1485 "no ipv6 access-list WORD (deny|permit) X:X::X:X/M exact-match",
1488 "Add an access list entry\n"
1489 "IPv6 zebra access-list\n"
1490 "Specify packets to reject\n"
1491 "Specify packets to forward\n"
1492 "Prefix to match. e.g. 3ffe:506::/32\n"
1493 "Exact match of the prefixes\n")
1495 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, argv[2], 1, 0);
1498 DEFUN (no_ipv6_access_list_any,
1499 no_ipv6_access_list_any_cmd,
1500 "no ipv6 access-list WORD (deny|permit) any",
1503 "Add an access list entry\n"
1504 "IPv6 zebra access-list\n"
1505 "Specify packets to reject\n"
1506 "Specify packets to forward\n"
1507 "Any prefixi to match\n")
1509 return filter_set_zebra (vty, argv[0], argv[1], AFI_IP6, "::/0", 0, 0);
1513 DEFUN (no_ipv6_access_list_all,
1514 no_ipv6_access_list_all_cmd,
1515 "no ipv6 access-list WORD",
1518 "Add an access list entry\n"
1519 "IPv6 zebra access-list\n")
1521 struct access_list *access;
1522 struct access_master *master;
1525 /* Looking up access_list. */
1526 access = access_list_lookup (AFI_IP6, argv[0]);
1529 vty_out (vty, "%% access-list %s doesn't exist%s", argv[0],
1534 master = access->master;
1535 name = access->name;
1536 access->name = NULL;
1538 /* Delete all filter from access-list. */
1539 access_list_delete (access);
1541 /* Run hook function. */
1542 if (master->delete_hook)
1543 (*master->delete_hook) (name);
1545 XFREE (MTYPE_ACCESS_LIST_STR, name);
1549 DEFUN (ipv6_access_list_remark,
1550 ipv6_access_list_remark_cmd,
1551 "ipv6 access-list WORD remark .LINE",
1553 "Add an access list entry\n"
1554 "IPv6 zebra access-list\n"
1555 "Access list entry comment\n"
1556 "Comment up to 100 characters\n")
1558 struct access_list *access;
1560 access = access_list_get (AFI_IP6, argv[0]);
1564 XFREE (MTYPE_TMP, access->remark);
1565 access->remark = NULL;
1567 access->remark = argv_concat(argv, argc, 1);
1572 DEFUN (no_ipv6_access_list_remark,
1573 no_ipv6_access_list_remark_cmd,
1574 "no ipv6 access-list WORD remark",
1577 "Add an access list entry\n"
1578 "IPv6 zebra access-list\n"
1579 "Access list entry comment\n")
1581 return vty_access_list_remark_unset (vty, AFI_IP6, argv[0]);
1584 ALIAS (no_ipv6_access_list_remark,
1585 no_ipv6_access_list_remark_arg_cmd,
1586 "no ipv6 access-list WORD remark .LINE",
1589 "Add an access list entry\n"
1590 "IPv6 zebra access-list\n"
1591 "Access list entry comment\n"
1592 "Comment up to 100 characters\n")
1593 #endif /* HAVE_IPV6 */
1595 void config_write_access_zebra (struct vty *, struct filter *);
1596 void config_write_access_cisco (struct vty *, struct filter *);
1598 /* show access-list command. */
1600 filter_show (struct vty *vty, const char *name, afi_t afi)
1602 struct access_list *access;
1603 struct access_master *master;
1604 struct filter *mfilter;
1605 struct filter_cisco *filter;
1608 master = access_master_get (afi);
1612 /* Print the name of the protocol */
1614 vty_out (vty, "%s:%s",
1615 zlog_proto_names[zlog_default->protocol], VTY_NEWLINE);
1617 for (access = master->num.head; access; access = access->next)
1619 if (!access->name || (name && strcmp (access->name, name) != 0))
1624 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1626 filter = &mfilter->u.cfilter;
1630 vty_out (vty, "%s IP%s access list %s%s",
1632 (filter->extended ? "Extended" : "Standard") : "Zebra",
1633 afi == AFI_IP6 ? "v6" : "",
1634 access->name, VTY_NEWLINE);
1638 vty_out (vty, " %s%s", filter_type_str (mfilter),
1639 mfilter->type == FILTER_DENY ? " " : "");
1641 if (! mfilter->cisco)
1642 config_write_access_zebra (vty, mfilter);
1643 else if (filter->extended)
1644 config_write_access_cisco (vty, mfilter);
1647 if (filter->addr_mask.s_addr == 0xffffffff)
1648 vty_out (vty, " any%s", VTY_NEWLINE);
1651 vty_out (vty, " %s", inet_ntoa (filter->addr));
1652 if (filter->addr_mask.s_addr != 0)
1653 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1654 vty_out (vty, "%s", VTY_NEWLINE);
1660 for (access = master->str.head; access; access = access->next)
1662 if (!access->name || (name && strcmp (access->name, name) != 0))
1667 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1669 filter = &mfilter->u.cfilter;
1673 vty_out (vty, "%s IP%s access list %s%s",
1675 (filter->extended ? "Extended" : "Standard") : "Zebra",
1676 afi == AFI_IP6 ? "v6" : "",
1677 access->name, VTY_NEWLINE);
1681 vty_out (vty, " %s%s", filter_type_str (mfilter),
1682 mfilter->type == FILTER_DENY ? " " : "");
1684 if (! mfilter->cisco)
1685 config_write_access_zebra (vty, mfilter);
1686 else if (filter->extended)
1687 config_write_access_cisco (vty, mfilter);
1690 if (filter->addr_mask.s_addr == 0xffffffff)
1691 vty_out (vty, " any%s", VTY_NEWLINE);
1694 vty_out (vty, " %s", inet_ntoa (filter->addr));
1695 if (filter->addr_mask.s_addr != 0)
1696 vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
1697 vty_out (vty, "%s", VTY_NEWLINE);
1705 DEFUN (show_ip_access_list,
1706 show_ip_access_list_cmd,
1707 "show ip access-list",
1710 "List IP access lists\n")
1712 return filter_show (vty, NULL, AFI_IP);
1715 DEFUN (show_ip_access_list_name,
1716 show_ip_access_list_name_cmd,
1717 "show ip access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)",
1720 "List IP access lists\n"
1721 "IP standard access list\n"
1722 "IP extended access list\n"
1723 "IP standard access list (expanded range)\n"
1724 "IP extended access list (expanded range)\n"
1725 "IP zebra access-list\n")
1727 return filter_show (vty, argv[0], AFI_IP);
1731 DEFUN (show_ipv6_access_list,
1732 show_ipv6_access_list_cmd,
1733 "show ipv6 access-list",
1736 "List IPv6 access lists\n")
1738 return filter_show (vty, NULL, AFI_IP6);
1741 DEFUN (show_ipv6_access_list_name,
1742 show_ipv6_access_list_name_cmd,
1743 "show ipv6 access-list WORD",
1746 "List IPv6 access lists\n"
1747 "IPv6 zebra access-list\n")
1749 return filter_show (vty, argv[0], AFI_IP6);
1751 #endif /* HAVE_IPV6 */
1754 config_write_access_cisco (struct vty *vty, struct filter *mfilter)
1756 struct filter_cisco *filter;
1758 filter = &mfilter->u.cfilter;
1760 if (filter->extended)
1762 vty_out (vty, " ip");
1763 if (filter->addr_mask.s_addr == 0xffffffff)
1764 vty_out (vty, " any");
1765 else if (filter->addr_mask.s_addr == 0)
1766 vty_out (vty, " host %s", inet_ntoa (filter->addr));
1769 vty_out (vty, " %s", inet_ntoa (filter->addr));
1770 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1773 if (filter->mask_mask.s_addr == 0xffffffff)
1774 vty_out (vty, " any");
1775 else if (filter->mask_mask.s_addr == 0)
1776 vty_out (vty, " host %s", inet_ntoa (filter->mask));
1779 vty_out (vty, " %s", inet_ntoa (filter->mask));
1780 vty_out (vty, " %s", inet_ntoa (filter->mask_mask));
1782 vty_out (vty, "%s", VTY_NEWLINE);
1786 if (filter->addr_mask.s_addr == 0xffffffff)
1787 vty_out (vty, " any%s", VTY_NEWLINE);
1790 vty_out (vty, " %s", inet_ntoa (filter->addr));
1791 if (filter->addr_mask.s_addr != 0)
1792 vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
1793 vty_out (vty, "%s", VTY_NEWLINE);
1799 config_write_access_zebra (struct vty *vty, struct filter *mfilter)
1801 struct filter_zebra *filter;
1805 filter = &mfilter->u.zfilter;
1806 p = &filter->prefix;
1808 if (p->prefixlen == 0 && ! filter->exact)
1809 vty_out (vty, " any");
1811 vty_out (vty, " %s/%d%s",
1812 inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
1814 filter->exact ? " exact-match" : "");
1816 vty_out (vty, "%s", VTY_NEWLINE);
1820 config_write_access (struct vty *vty, afi_t afi)
1822 struct access_list *access;
1823 struct access_master *master;
1824 struct filter *mfilter;
1827 master = access_master_get (afi);
1831 for (access = master->num.head; access; access = access->next)
1835 vty_out (vty, "%saccess-list %s remark %s%s",
1836 afi == AFI_IP ? "" : "ipv6 ",
1837 access->name, access->remark,
1842 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1844 vty_out (vty, "%saccess-list %s %s",
1845 afi == AFI_IP ? "" : "ipv6 ",
1847 filter_type_str (mfilter));
1850 config_write_access_cisco (vty, mfilter);
1852 config_write_access_zebra (vty, mfilter);
1858 for (access = master->str.head; access; access = access->next)
1862 vty_out (vty, "%saccess-list %s remark %s%s",
1863 afi == AFI_IP ? "" : "ipv6 ",
1864 access->name, access->remark,
1869 for (mfilter = access->head; mfilter; mfilter = mfilter->next)
1871 vty_out (vty, "%saccess-list %s %s",
1872 afi == AFI_IP ? "" : "ipv6 ",
1874 filter_type_str (mfilter));
1877 config_write_access_cisco (vty, mfilter);
1879 config_write_access_zebra (vty, mfilter);
1887 /* Access-list node. */
1888 static struct cmd_node access_node =
1891 "", /* Access list has no interface. */
1896 config_write_access_ipv4 (struct vty *vty)
1898 return config_write_access (vty, AFI_IP);
1902 access_list_reset_ipv4 (void)
1904 struct access_list *access;
1905 struct access_list *next;
1906 struct access_master *master;
1908 master = access_master_get (AFI_IP);
1912 for (access = master->num.head; access; access = next)
1914 next = access->next;
1915 access_list_delete (access);
1917 for (access = master->str.head; access; access = next)
1919 next = access->next;
1920 access_list_delete (access);
1923 assert (master->num.head == NULL);
1924 assert (master->num.tail == NULL);
1926 assert (master->str.head == NULL);
1927 assert (master->str.tail == NULL);
1930 /* Install vty related command. */
1932 access_list_init_ipv4 (void)
1934 install_node (&access_node, config_write_access_ipv4);
1936 install_element (ENABLE_NODE, &show_ip_access_list_cmd);
1937 install_element (ENABLE_NODE, &show_ip_access_list_name_cmd);
1939 /* Zebra access-list */
1940 install_element (CONFIG_NODE, &access_list_cmd);
1941 install_element (CONFIG_NODE, &access_list_exact_cmd);
1942 install_element (CONFIG_NODE, &access_list_any_cmd);
1943 install_element (CONFIG_NODE, &no_access_list_cmd);
1944 install_element (CONFIG_NODE, &no_access_list_exact_cmd);
1945 install_element (CONFIG_NODE, &no_access_list_any_cmd);
1947 /* Standard access-list */
1948 install_element (CONFIG_NODE, &access_list_standard_cmd);
1949 install_element (CONFIG_NODE, &access_list_standard_nomask_cmd);
1950 install_element (CONFIG_NODE, &access_list_standard_host_cmd);
1951 install_element (CONFIG_NODE, &access_list_standard_any_cmd);
1952 install_element (CONFIG_NODE, &no_access_list_standard_cmd);
1953 install_element (CONFIG_NODE, &no_access_list_standard_nomask_cmd);
1954 install_element (CONFIG_NODE, &no_access_list_standard_host_cmd);
1955 install_element (CONFIG_NODE, &no_access_list_standard_any_cmd);
1957 /* Extended access-list */
1958 install_element (CONFIG_NODE, &access_list_extended_cmd);
1959 install_element (CONFIG_NODE, &access_list_extended_any_mask_cmd);
1960 install_element (CONFIG_NODE, &access_list_extended_mask_any_cmd);
1961 install_element (CONFIG_NODE, &access_list_extended_any_any_cmd);
1962 install_element (CONFIG_NODE, &access_list_extended_host_mask_cmd);
1963 install_element (CONFIG_NODE, &access_list_extended_mask_host_cmd);
1964 install_element (CONFIG_NODE, &access_list_extended_host_host_cmd);
1965 install_element (CONFIG_NODE, &access_list_extended_any_host_cmd);
1966 install_element (CONFIG_NODE, &access_list_extended_host_any_cmd);
1967 install_element (CONFIG_NODE, &no_access_list_extended_cmd);
1968 install_element (CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
1969 install_element (CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
1970 install_element (CONFIG_NODE, &no_access_list_extended_any_any_cmd);
1971 install_element (CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
1972 install_element (CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
1973 install_element (CONFIG_NODE, &no_access_list_extended_host_host_cmd);
1974 install_element (CONFIG_NODE, &no_access_list_extended_any_host_cmd);
1975 install_element (CONFIG_NODE, &no_access_list_extended_host_any_cmd);
1977 install_element (CONFIG_NODE, &access_list_remark_cmd);
1978 install_element (CONFIG_NODE, &no_access_list_all_cmd);
1979 install_element (CONFIG_NODE, &no_access_list_remark_cmd);
1980 install_element (CONFIG_NODE, &no_access_list_remark_arg_cmd);
1984 static struct cmd_node access_ipv6_node =
1992 config_write_access_ipv6 (struct vty *vty)
1994 return config_write_access (vty, AFI_IP6);
1998 access_list_reset_ipv6 (void)
2000 struct access_list *access;
2001 struct access_list *next;
2002 struct access_master *master;
2004 master = access_master_get (AFI_IP6);
2008 for (access = master->num.head; access; access = next)
2010 next = access->next;
2011 access_list_delete (access);
2013 for (access = master->str.head; access; access = next)
2015 next = access->next;
2016 access_list_delete (access);
2019 assert (master->num.head == NULL);
2020 assert (master->num.tail == NULL);
2022 assert (master->str.head == NULL);
2023 assert (master->str.tail == NULL);
2027 access_list_init_ipv6 (void)
2029 install_node (&access_ipv6_node, config_write_access_ipv6);
2031 install_element (ENABLE_NODE, &show_ipv6_access_list_cmd);
2032 install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd);
2034 install_element (CONFIG_NODE, &ipv6_access_list_cmd);
2035 install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd);
2036 install_element (CONFIG_NODE, &ipv6_access_list_any_cmd);
2037 install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
2038 install_element (CONFIG_NODE, &no_ipv6_access_list_cmd);
2039 install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd);
2041 install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd);
2042 install_element (CONFIG_NODE, &ipv6_access_list_remark_cmd);
2043 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
2044 install_element (CONFIG_NODE, &no_ipv6_access_list_remark_arg_cmd);
2046 #endif /* HAVE_IPV6 */
2051 access_list_init_ipv4 ();
2053 access_list_init_ipv6();
2054 #endif /* HAVE_IPV6 */
2058 access_list_reset ()
2060 access_list_reset_ipv4 ();
2062 access_list_reset_ipv6();
2063 #endif /* HAVE_IPV6 */
projects / quagga-debian.git / blob