2023-02-08 13:17:09 +01:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2002-12-13 21:15:29 +01:00
|
|
|
/*
|
|
|
|
|
* Route filtering function.
|
|
|
|
|
* Copyright (C) 1998 Kunihiro Ishiguro
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _ZEBRA_FILTER_H
|
|
|
|
|
#define _ZEBRA_FILTER_H
|
|
|
|
|
|
|
|
|
|
#include "if.h"
|
2019-11-08 18:46:17 +01:00
|
|
|
#include "prefix.h"
|
2002-12-13 21:15:29 +01:00
|
|
|
|
2019-02-07 23:10:31 +01:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-01-27 17:22:47 +01:00
|
|
|
/* Maximum ACL name length */
|
|
|
|
|
#define ACL_NAMSIZ 128
|
|
|
|
|
|
2020-08-26 17:50:07 +02:00
|
|
|
/** Cisco host wildcard mask. */
|
|
|
|
|
#define CISCO_HOST_WILDCARD_MASK "0.0.0.0"
|
|
|
|
|
/** Cisco host wildcard binary mask. */
|
|
|
|
|
#define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
|
|
|
|
|
|
|
|
|
|
/** Cisco any wildcard mask. */
|
|
|
|
|
#define CISCO_ANY_WILDCARD_MASK "255.255.255.255"
|
|
|
|
|
/** Cisco binary any wildcard mask. */
|
|
|
|
|
#define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
|
|
|
|
|
|
2016-01-07 16:03:01 +01:00
|
|
|
/* Filter direction. */
|
|
|
|
|
#define FILTER_IN 0
|
|
|
|
|
#define FILTER_OUT 1
|
|
|
|
|
#define FILTER_MAX 2
|
|
|
|
|
|
2002-12-13 21:15:29 +01:00
|
|
|
/* Filter type is made by `permit', `deny' and `dynamic'. */
|
|
|
|
|
enum filter_type { FILTER_DENY, FILTER_PERMIT, FILTER_DYNAMIC };
|
|
|
|
|
|
2019-11-08 18:46:17 +01:00
|
|
|
struct filter_cisco {
|
|
|
|
|
/* Cisco access-list */
|
|
|
|
|
int extended;
|
|
|
|
|
struct in_addr addr;
|
|
|
|
|
struct in_addr addr_mask;
|
|
|
|
|
struct in_addr mask;
|
|
|
|
|
struct in_addr mask_mask;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct filter_zebra {
|
|
|
|
|
/* If this filter is "exact" match then this flag is set. */
|
|
|
|
|
int exact;
|
|
|
|
|
|
|
|
|
|
/* Prefix information. */
|
|
|
|
|
struct prefix prefix;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Forward declaration of access-list struct. */
|
|
|
|
|
struct access_list;
|
|
|
|
|
|
|
|
|
|
/* Filter element of access list */
|
|
|
|
|
struct filter {
|
|
|
|
|
/* For doubly linked list. */
|
|
|
|
|
struct filter *next;
|
|
|
|
|
struct filter *prev;
|
|
|
|
|
|
|
|
|
|
/* Parent access-list pointer. */
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
|
|
|
|
|
/* Filter type information. */
|
|
|
|
|
enum filter_type type;
|
|
|
|
|
|
|
|
|
|
/* Sequence number */
|
|
|
|
|
int64_t seq;
|
|
|
|
|
|
|
|
|
|
/* Cisco access-list */
|
|
|
|
|
int cisco;
|
|
|
|
|
|
|
|
|
|
union {
|
|
|
|
|
struct filter_cisco cfilter;
|
|
|
|
|
struct filter_zebra zfilter;
|
|
|
|
|
} u;
|
|
|
|
|
};
|
|
|
|
|
|
2002-12-13 21:15:29 +01:00
|
|
|
/* Access list */
|
|
|
|
|
struct access_list {
|
|
|
|
|
char *name;
|
|
|
|
|
char *remark;
|
|
|
|
|
|
|
|
|
|
struct access_master *master;
|
|
|
|
|
|
|
|
|
|
struct access_list *next;
|
|
|
|
|
struct access_list *prev;
|
|
|
|
|
|
|
|
|
|
struct filter *head;
|
|
|
|
|
struct filter *tail;
|
|
|
|
|
};
|
|
|
|
|
|
2019-11-08 18:46:17 +01:00
|
|
|
/* List of access_list. */
|
|
|
|
|
struct access_list_list {
|
|
|
|
|
struct access_list *head;
|
|
|
|
|
struct access_list *tail;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Master structure of access_list. */
|
|
|
|
|
struct access_master {
|
|
|
|
|
/* List of access_list which name is string. */
|
|
|
|
|
struct access_list_list str;
|
|
|
|
|
|
|
|
|
|
/* Hook function which is executed when new access_list is added. */
|
|
|
|
|
void (*add_hook)(struct access_list *);
|
|
|
|
|
|
|
|
|
|
/* Hook function which is executed when access_list is deleted. */
|
|
|
|
|
void (*delete_hook)(struct access_list *);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2002-12-13 21:15:29 +01:00
|
|
|
/* Prototypes for access-list. */
|
2005-05-06 Paul Jakma <paul@dishone.st>
* (general) extern and static'ification of functions in code and
header.
Cleanup any definitions with unspecified arguments.
Add casts for callback assignments where the callback is defined,
typically, as passing void *, but the function being assigned has
some other pointer type defined as its argument, as gcc complains
about casts from void * to X* via function arguments.
Fix some old K&R style function argument definitions.
Add noreturn gcc attribute to some functions, as appropriate.
Add unused gcc attribute to some functions (eg ones meant to help
while debugging)
Add guard defines to headers which were missing them.
* command.c: (install_node) add const qualifier, still doesnt shut
up the warning though, because of the double pointer.
(cmp_node) ditto
* keychain.c: (key_str2time) Add GET_LONG_RANGE() macro, derived
fromn vty.h ones to fix some of the (long) < 0 warnings.
* thread.c: (various) use thread_empty
(cpu_record_hash_key) should cast to uintptr_t, a stdint.h type
* vty.h: Add VTY_GET_IPV4_ADDRESS and VTY_GET_IPV4_PREFIX so they
removed from ospfd/ospf_vty.h
* zebra.h: Move definition of ZEBRA_PORT to here, to remove
dependence of lib on zebra/zserv.h
2005-05-06 23:25:49 +02:00
|
|
|
extern void access_list_init(void);
|
|
|
|
|
extern void access_list_reset(void);
|
|
|
|
|
extern void access_list_add_hook(void (*func)(struct access_list *));
|
|
|
|
|
extern void access_list_delete_hook(void (*func)(struct access_list *));
|
|
|
|
|
extern struct access_list *access_list_lookup(afi_t, const char *);
|
2018-07-12 22:05:19 +02:00
|
|
|
extern enum filter_type access_list_apply(struct access_list *access,
|
|
|
|
|
const void *object);
|
2002-12-13 21:15:29 +01:00
|
|
|
|
2019-11-08 18:46:17 +01:00
|
|
|
struct access_list *access_list_get(afi_t afi, const char *name);
|
|
|
|
|
void access_list_delete(struct access_list *access);
|
|
|
|
|
struct filter *filter_new(void);
|
|
|
|
|
void access_list_filter_add(struct access_list *access,
|
|
|
|
|
struct filter *filter);
|
|
|
|
|
void access_list_filter_delete(struct access_list *access,
|
|
|
|
|
struct filter *filter);
|
|
|
|
|
int64_t filter_new_seq_get(struct access_list *access);
|
|
|
|
|
|
2019-11-08 18:41:46 +01:00
|
|
|
extern const struct frr_yang_module_info frr_filter_info;
|
|
|
|
|
|
2020-06-05 20:05:34 +02:00
|
|
|
|
|
|
|
|
/* filter_nb.c */
|
|
|
|
|
enum yang_access_list_type {
|
|
|
|
|
YALT_IPV4 = 0,
|
|
|
|
|
YALT_IPV6 = 1,
|
|
|
|
|
YALT_MAC = 2,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum yang_prefix_list_type {
|
|
|
|
|
YPLT_IPV4 = 0,
|
|
|
|
|
YPLT_IPV6 = 1,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum yang_prefix_list_action {
|
|
|
|
|
YPLA_DENY = 0,
|
|
|
|
|
YPLA_PERMIT = 1,
|
|
|
|
|
};
|
|
|
|
|
|
2020-12-04 22:11:45 +01:00
|
|
|
struct acl_dup_args {
|
|
|
|
|
/** Access list type ("ipv4", "ipv6" or "mac"). */
|
|
|
|
|
const char *ada_type;
|
|
|
|
|
/** Access list name. */
|
|
|
|
|
const char *ada_name;
|
|
|
|
|
|
2021-03-29 20:26:28 +02:00
|
|
|
/** Entry action. */
|
|
|
|
|
const char *ada_action;
|
|
|
|
|
|
2020-12-04 22:11:45 +01:00
|
|
|
#define ADA_MAX_VALUES 4
|
|
|
|
|
/** Entry XPath for value. */
|
|
|
|
|
const char *ada_xpath[ADA_MAX_VALUES];
|
|
|
|
|
/** Entry value to match. */
|
|
|
|
|
const char *ada_value[ADA_MAX_VALUES];
|
|
|
|
|
|
|
|
|
|
/** Duplicated entry found in list? */
|
|
|
|
|
bool ada_found;
|
|
|
|
|
|
2021-04-06 20:09:50 +02:00
|
|
|
/** Sequence number of the found entry */
|
|
|
|
|
int64_t ada_seq;
|
|
|
|
|
|
2020-12-04 22:11:45 +01:00
|
|
|
/** (Optional) Already existing `dnode`. */
|
|
|
|
|
const struct lyd_node *ada_entry_dnode;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check for duplicated entries using the candidate configuration.
|
|
|
|
|
*
|
|
|
|
|
* \param vty so we can get the candidate config.
|
|
|
|
|
* \param ada the arguments to check.
|
|
|
|
|
*/
|
|
|
|
|
bool acl_is_dup(const struct lyd_node *dnode, struct acl_dup_args *ada);
|
|
|
|
|
|
2020-12-07 16:08:44 +01:00
|
|
|
struct plist_dup_args {
|
|
|
|
|
/** Access list type ("ipv4" or "ipv6"). */
|
|
|
|
|
const char *pda_type;
|
|
|
|
|
/** Access list name. */
|
|
|
|
|
const char *pda_name;
|
|
|
|
|
|
2021-03-29 23:37:52 +02:00
|
|
|
/** Entry action. */
|
|
|
|
|
const char *pda_action;
|
|
|
|
|
|
2021-08-10 20:46:37 +02:00
|
|
|
bool any;
|
|
|
|
|
struct prefix prefix;
|
|
|
|
|
int ge;
|
|
|
|
|
int le;
|
2020-12-07 16:08:44 +01:00
|
|
|
|
|
|
|
|
/** Duplicated entry found in list? */
|
|
|
|
|
bool pda_found;
|
|
|
|
|
|
2021-04-06 20:09:50 +02:00
|
|
|
/** Sequence number of the found entry */
|
|
|
|
|
int64_t pda_seq;
|
|
|
|
|
|
2020-12-07 16:08:44 +01:00
|
|
|
/** (Optional) Already existing `dnode`. */
|
|
|
|
|
const struct lyd_node *pda_entry_dnode;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check for duplicated entries using the candidate configuration.
|
|
|
|
|
*
|
|
|
|
|
* \param vty so we can get the candidate config.
|
|
|
|
|
* \param pda the arguments to check.
|
|
|
|
|
*/
|
|
|
|
|
bool plist_is_dup(const struct lyd_node *dnode, struct plist_dup_args *pda);
|
|
|
|
|
|
2020-04-30 18:56:05 +02:00
|
|
|
/* filter_cli.c */
|
|
|
|
|
struct lyd_node;
|
|
|
|
|
struct vty;
|
|
|
|
|
|
2021-10-13 19:08:37 +02:00
|
|
|
extern int access_list_cmp(const struct lyd_node *dnode1,
|
|
|
|
|
const struct lyd_node *dnode2);
|
|
|
|
|
extern void access_list_show(struct vty *vty, const struct lyd_node *dnode,
|
2020-04-30 18:56:05 +02:00
|
|
|
bool show_defaults);
|
2021-10-13 19:08:37 +02:00
|
|
|
extern void access_list_remark_show(struct vty *vty,
|
|
|
|
|
const struct lyd_node *dnode,
|
2020-04-30 18:56:05 +02:00
|
|
|
bool show_defaults);
|
2021-10-13 19:08:37 +02:00
|
|
|
extern int prefix_list_cmp(const struct lyd_node *dnode1,
|
|
|
|
|
const struct lyd_node *dnode2);
|
|
|
|
|
extern void prefix_list_show(struct vty *vty, const struct lyd_node *dnode,
|
2020-04-30 18:56:05 +02:00
|
|
|
bool show_defaults);
|
2021-10-13 19:08:37 +02:00
|
|
|
extern void prefix_list_remark_show(struct vty *vty,
|
|
|
|
|
const struct lyd_node *dnode,
|
2020-04-30 18:56:05 +02:00
|
|
|
bool show_defaults);
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
void filter_cli_init(void);
|
|
|
|
|
|
2019-02-07 23:10:31 +01:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-12-13 21:15:29 +01:00
|
|
|
#endif /* _ZEBRA_FILTER_H */
|