2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* FRR filter CLI implementation.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2019 Network Device Education Foundation, Inc. ("NetDEF")
|
|
|
|
|
* Rafael Zalamena
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
|
|
|
* 02110-1301 USA.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
#include "zebra.h"
|
2020-04-30 18:56:05 +02:00
|
|
|
#include "northbound.h"
|
|
|
|
|
#include "prefix.h"
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
#include "lib/command.h"
|
|
|
|
|
#include "lib/filter.h"
|
|
|
|
|
#include "lib/northbound_cli.h"
|
2019-11-12 00:25:20 +01:00
|
|
|
#include "lib/plist.h"
|
|
|
|
|
#include "lib/plist_int.h"
|
2020-06-19 01:09:10 +02:00
|
|
|
#include "lib/printfrr.h"
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
#ifndef VTYSH_EXTRACT_PL
|
|
|
|
|
#include "lib/filter_cli_clippy.c"
|
|
|
|
|
#endif /* VTYSH_EXTRACT_PL */
|
|
|
|
|
|
|
|
|
|
#define ACCESS_LIST_STR "Access list entry\n"
|
|
|
|
|
#define ACCESS_LIST_LEG_STR "IP standard access list\n"
|
|
|
|
|
#define ACCESS_LIST_ELEG_STR "IP extended access list\n"
|
|
|
|
|
#define ACCESS_LIST_ELEG_EXT_STR "IP extended access list (expanded range)\n"
|
|
|
|
|
#define ACCESS_LIST_ZEBRA_STR "Access list entry\n"
|
|
|
|
|
#define ACCESS_LIST_SEQ_STR \
|
|
|
|
|
"Sequence number of an entry\n" \
|
|
|
|
|
"Sequence number\n"
|
|
|
|
|
#define ACCESS_LIST_ACTION_STR \
|
|
|
|
|
"Specify packets to reject\n" \
|
|
|
|
|
"Specify packets to forward\n"
|
|
|
|
|
#define ACCESS_LIST_REMARK_STR "Access list entry comment\n"
|
|
|
|
|
#define ACCESS_LIST_REMARK_LINE_STR "Comment up to 100 characters\n"
|
|
|
|
|
|
2019-11-12 00:25:20 +01:00
|
|
|
#define PREFIX_LIST_NAME_STR "Prefix list entry name\n"
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Helper function to locate filter data structures for Cisco-style ACLs.
|
|
|
|
|
*/
|
|
|
|
|
static int64_t acl_cisco_get_seq(struct access_list *acl, const char *action,
|
|
|
|
|
const char *src, const char *src_mask,
|
|
|
|
|
const char *dst, const char *dst_mask)
|
|
|
|
|
{
|
|
|
|
|
struct filter_cisco *fc;
|
|
|
|
|
struct filter f, *fn;
|
|
|
|
|
|
|
|
|
|
memset(&f, 0, sizeof(f));
|
|
|
|
|
f.cisco = 1;
|
|
|
|
|
if (strcmp(action, "permit") == 0)
|
|
|
|
|
f.type = FILTER_PERMIT;
|
|
|
|
|
else
|
|
|
|
|
f.type = FILTER_DENY;
|
|
|
|
|
|
|
|
|
|
fc = &f.u.cfilter;
|
|
|
|
|
inet_pton(AF_INET, src, &fc->addr);
|
|
|
|
|
inet_pton(AF_INET, src_mask, &fc->addr_mask);
|
|
|
|
|
fc->addr.s_addr &= ~fc->addr_mask.s_addr;
|
|
|
|
|
if (dst != NULL) {
|
|
|
|
|
fc->extended = 1;
|
|
|
|
|
inet_pton(AF_INET, dst, &fc->mask);
|
|
|
|
|
inet_pton(AF_INET, dst_mask, &fc->mask_mask);
|
|
|
|
|
fc->mask.s_addr &= ~fc->mask_mask.s_addr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn = filter_lookup_cisco(acl, &f);
|
|
|
|
|
if (fn == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
return fn->seq;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function to locate filter data structures for zebra-style ACLs.
|
|
|
|
|
*/
|
|
|
|
|
static int64_t acl_zebra_get_seq(struct access_list *acl, const char *action,
|
|
|
|
|
const struct prefix *p, bool exact)
|
|
|
|
|
{
|
|
|
|
|
struct filter_zebra *fz;
|
|
|
|
|
struct filter f, *fn;
|
|
|
|
|
|
|
|
|
|
memset(&f, 0, sizeof(f));
|
|
|
|
|
memset(&fz, 0, sizeof(fz));
|
|
|
|
|
if (strcmp(action, "permit") == 0)
|
|
|
|
|
f.type = FILTER_PERMIT;
|
|
|
|
|
else
|
|
|
|
|
f.type = FILTER_DENY;
|
|
|
|
|
|
|
|
|
|
fz = &f.u.zfilter;
|
2020-08-25 15:26:29 +02:00
|
|
|
if (p->family)
|
|
|
|
|
prefix_copy(&fz->prefix, p);
|
2019-11-08 18:50:00 +01:00
|
|
|
fz->exact = exact;
|
|
|
|
|
|
|
|
|
|
fn = filter_lookup_zebra(acl, &f);
|
|
|
|
|
if (fn == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
return fn->seq;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-30 15:35:22 +02:00
|
|
|
/*
|
|
|
|
|
* Helper function to generate a sequence number for legacy commands.
|
|
|
|
|
*/
|
|
|
|
|
static int acl_get_seq_cb(const struct lyd_node *dnode, void *arg)
|
|
|
|
|
{
|
|
|
|
|
int64_t *seq = arg;
|
|
|
|
|
int64_t cur_seq = yang_dnode_get_uint32(dnode, "sequence");
|
|
|
|
|
|
|
|
|
|
if (cur_seq > *seq)
|
|
|
|
|
*seq = cur_seq;
|
|
|
|
|
|
|
|
|
|
return YANG_ITER_CONTINUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Helper function that iterates over the XPath `xpath` on the candidate
|
|
|
|
|
* configuration in `vty->candidate_config`.
|
|
|
|
|
*
|
|
|
|
|
* \param[in] vty shell context with the candidate configuration.
|
|
|
|
|
* \param[in] xpath the XPath to look for the sequence leaf.
|
|
|
|
|
* \returns next unused sequence number.
|
|
|
|
|
*/
|
|
|
|
|
static long acl_get_seq(struct vty *vty, const char *xpath)
|
|
|
|
|
{
|
|
|
|
|
int64_t seq = 0;
|
|
|
|
|
|
|
|
|
|
yang_dnode_iterate(acl_get_seq_cb, &seq, vty->candidate_config->dnode,
|
|
|
|
|
"%s/entry", xpath);
|
|
|
|
|
|
|
|
|
|
return seq + 5;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Cisco (legacy) access lists.
|
|
|
|
|
*/
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
access_list_std, access_list_std_cmd,
|
2020-08-25 14:29:00 +02:00
|
|
|
"access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <[host] A.B.C.D$host|A.B.C.D$host A.B.C.D$mask>",
|
2019-11-08 18:50:00 +01:00
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_LEG_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"A single host address\n"
|
|
|
|
|
"Address to match\n"
|
|
|
|
|
"Address to match\n"
|
2020-08-25 14:29:00 +02:00
|
|
|
"Wildcard bits\n")
|
2019-11-08 18:50:00 +01:00
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-04 22:12:58 +01:00
|
|
|
struct acl_dup_args ada = {};
|
2019-11-08 18:50:00 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-12-04 22:12:58 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
ada.ada_type = "ipv4";
|
|
|
|
|
ada.ada_name = name;
|
2021-03-29 20:26:28 +02:00
|
|
|
ada.ada_action = action;
|
2020-12-04 22:12:58 +01:00
|
|
|
if (host_str && mask_str == NULL) {
|
|
|
|
|
ada.ada_xpath[0] = "./host";
|
|
|
|
|
ada.ada_value[0] = host_str;
|
|
|
|
|
} else if (host_str && mask_str) {
|
|
|
|
|
ada.ada_xpath[0] = "./network/address";
|
|
|
|
|
ada.ada_value[0] = host_str;
|
|
|
|
|
ada.ada_xpath[1] = "./network/mask";
|
|
|
|
|
ada.ada_value[1] = mask_str;
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[0] = "./source-any";
|
|
|
|
|
ada.ada_value[0] = "true";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (acl_is_dup(vty->candidate_config->dnode, &ada))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Create the access-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
2020-08-25 13:57:40 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (host_str != NULL && mask_str == NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./host", NB_OP_MODIFY, host_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else if (host_str != NULL && mask_str != NULL) {
|
2020-10-02 17:47:23 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./network/address", NB_OP_MODIFY,
|
|
|
|
|
host_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, "./network/mask", NB_OP_MODIFY,
|
|
|
|
|
mask_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-07-19 20:27:56 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./source-any", NB_OP_CREATE, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_access_list_std, no_access_list_std_cmd,
|
2020-08-25 14:29:00 +02:00
|
|
|
"no access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <[host] A.B.C.D$host|A.B.C.D$host A.B.C.D$mask>",
|
2019-11-08 18:50:00 +01:00
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_LEG_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"A single host address\n"
|
|
|
|
|
"Address to match\n"
|
|
|
|
|
"Address to match\n"
|
2020-08-25 14:29:00 +02:00
|
|
|
"Wildcard bits\n")
|
2019-11-08 18:50:00 +01:00
|
|
|
{
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
int64_t sseq;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
|
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq_str != NULL) {
|
|
|
|
|
snprintf(
|
|
|
|
|
xpath, sizeof(xpath),
|
2020-07-19 20:27:56 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']/entry[sequence='%s']",
|
2020-08-25 13:57:40 +02:00
|
|
|
name, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
2020-08-25 13:57:40 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
acl = nb_running_get_entry(dnode, NULL, true);
|
2020-08-26 17:50:07 +02:00
|
|
|
sseq = acl_cisco_get_seq(acl, action, host_str,
|
|
|
|
|
mask_str ? mask_str : CISCO_HOST_WILDCARD_MASK,
|
|
|
|
|
NULL, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (sseq == -1)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
access_list_ext, access_list_ext_cmd,
|
2020-08-25 13:57:40 +02:00
|
|
|
"access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action ip <A.B.C.D$src A.B.C.D$src_mask|host A.B.C.D$src|any> <A.B.C.D$dst A.B.C.D$dst_mask|host A.B.C.D$dst|any>",
|
2019-11-08 18:50:00 +01:00
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ELEG_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"IPv4 address\n"
|
|
|
|
|
"Source address to match\n"
|
|
|
|
|
"Source address mask to apply\n"
|
|
|
|
|
"Single source host\n"
|
|
|
|
|
"Source address to match\n"
|
|
|
|
|
"Any source host\n"
|
|
|
|
|
"Destination address to match\n"
|
|
|
|
|
"Destination address mask to apply\n"
|
|
|
|
|
"Single destination host\n"
|
|
|
|
|
"Destination address to match\n"
|
|
|
|
|
"Any destination host\n")
|
|
|
|
|
{
|
2020-12-04 22:12:58 +01:00
|
|
|
int idx = 0;
|
2019-11-08 18:50:00 +01:00
|
|
|
int64_t sseq;
|
2020-12-04 22:12:58 +01:00
|
|
|
struct acl_dup_args ada = {};
|
2019-11-08 18:50:00 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-12-04 22:12:58 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
ada.ada_type = "ipv4";
|
|
|
|
|
ada.ada_name = name;
|
2021-03-29 20:26:28 +02:00
|
|
|
ada.ada_action = action;
|
2020-12-04 22:12:58 +01:00
|
|
|
if (src_str && src_mask_str == NULL) {
|
|
|
|
|
ada.ada_xpath[idx] = "./host";
|
|
|
|
|
ada.ada_value[idx] = src_str;
|
|
|
|
|
idx++;
|
|
|
|
|
} else if (src_str && src_mask_str) {
|
|
|
|
|
ada.ada_xpath[idx] = "./network/address";
|
|
|
|
|
ada.ada_value[idx] = src_str;
|
|
|
|
|
idx++;
|
|
|
|
|
ada.ada_xpath[idx] = "./network/mask";
|
|
|
|
|
ada.ada_value[idx] = src_mask_str;
|
|
|
|
|
idx++;
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[idx] = "./source-any";
|
|
|
|
|
ada.ada_value[idx] = "true";
|
|
|
|
|
idx++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dst_str && dst_mask_str == NULL) {
|
|
|
|
|
ada.ada_xpath[idx] = "./destination-host";
|
|
|
|
|
ada.ada_value[idx] = dst_str;
|
|
|
|
|
idx++;
|
|
|
|
|
} else if (dst_str && dst_mask_str) {
|
|
|
|
|
ada.ada_xpath[idx] = "./destination-network/address";
|
|
|
|
|
ada.ada_value[idx] = dst_str;
|
|
|
|
|
idx++;
|
|
|
|
|
ada.ada_xpath[idx] = "./destination-network/mask";
|
|
|
|
|
ada.ada_value[idx] = dst_mask_str;
|
|
|
|
|
idx++;
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[idx] = "./destination-any";
|
|
|
|
|
ada.ada_value[idx] = "true";
|
|
|
|
|
idx++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (acl_is_dup(vty->candidate_config->dnode, &ada))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Create the access-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
2020-08-25 13:57:40 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (src_str != NULL && src_mask_str == NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./host", NB_OP_MODIFY, src_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else if (src_str != NULL && src_mask_str != NULL) {
|
2020-10-02 17:47:23 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./network/address", NB_OP_MODIFY,
|
|
|
|
|
src_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, "./network/mask", NB_OP_MODIFY,
|
|
|
|
|
src_mask_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-07-19 20:27:56 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./source-any", NB_OP_CREATE, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dst_str != NULL && dst_mask_str == NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./destination-host", NB_OP_MODIFY,
|
2020-08-25 14:09:05 +02:00
|
|
|
dst_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else if (dst_str != NULL && dst_mask_str != NULL) {
|
2020-10-02 17:47:23 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./destination-network/address",
|
|
|
|
|
NB_OP_MODIFY, dst_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, "./destination-network/mask",
|
|
|
|
|
NB_OP_MODIFY, dst_mask_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./destination-any", NB_OP_CREATE,
|
|
|
|
|
NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_access_list_ext, no_access_list_ext_cmd,
|
2020-08-25 13:57:40 +02:00
|
|
|
"no access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action ip <A.B.C.D$src A.B.C.D$src_mask|host A.B.C.D$src|any> <A.B.C.D$dst A.B.C.D$dst_mask|host A.B.C.D$dst|any>",
|
2019-11-08 18:50:00 +01:00
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ELEG_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Any Internet Protocol\n"
|
|
|
|
|
"Source address to match\n"
|
|
|
|
|
"Source address mask to apply\n"
|
|
|
|
|
"Single source host\n"
|
|
|
|
|
"Source address to match\n"
|
|
|
|
|
"Any source host\n"
|
|
|
|
|
"Destination address to match\n"
|
|
|
|
|
"Destination address mask to apply\n"
|
|
|
|
|
"Single destination host\n"
|
|
|
|
|
"Destination address to match\n"
|
|
|
|
|
"Any destination host\n")
|
|
|
|
|
{
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
int64_t sseq;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
|
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq_str != NULL) {
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(
|
2019-11-08 18:50:00 +01:00
|
|
|
xpath, sizeof(xpath),
|
2020-07-19 20:27:56 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']/entry[sequence='%s']",
|
2020-08-25 13:57:40 +02:00
|
|
|
name, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
2020-08-25 13:57:40 +02:00
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
acl = nb_running_get_entry(dnode, NULL, true);
|
|
|
|
|
if (src_str != NULL) {
|
|
|
|
|
if (dst_str != NULL)
|
|
|
|
|
sseq = acl_cisco_get_seq(
|
|
|
|
|
acl, action, src_str,
|
2020-08-26 17:50:07 +02:00
|
|
|
src_mask_str ? src_mask_str
|
|
|
|
|
: CISCO_HOST_WILDCARD_MASK,
|
2019-11-08 18:50:00 +01:00
|
|
|
dst_str,
|
2020-08-26 17:50:07 +02:00
|
|
|
dst_mask_str ? dst_mask_str
|
|
|
|
|
: CISCO_HOST_WILDCARD_MASK);
|
2019-11-08 18:50:00 +01:00
|
|
|
else
|
2020-08-26 17:50:07 +02:00
|
|
|
sseq = acl_cisco_get_seq(
|
|
|
|
|
acl, action, src_str,
|
|
|
|
|
src_mask_str ? src_mask_str
|
|
|
|
|
: CISCO_HOST_WILDCARD_MASK,
|
|
|
|
|
"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
|
|
|
|
if (dst_str != NULL)
|
2020-08-26 17:50:07 +02:00
|
|
|
sseq = acl_cisco_get_seq(
|
|
|
|
|
acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
|
|
|
|
|
dst_str,
|
|
|
|
|
dst_mask_str ? dst_mask_str
|
|
|
|
|
: CISCO_HOST_WILDCARD_MASK);
|
2019-11-08 18:50:00 +01:00
|
|
|
else
|
2020-08-26 17:50:07 +02:00
|
|
|
sseq = acl_cisco_get_seq(
|
|
|
|
|
acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
|
|
|
|
|
"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
if (sseq == -1)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Zebra access lists.
|
|
|
|
|
*/
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
access_list, access_list_cmd,
|
|
|
|
|
"access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <A.B.C.D/M$prefix [exact-match$exact]|any>",
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Prefix to match. e.g. 10.0.0.0/8\n"
|
|
|
|
|
"Exact match of the prefixes\n"
|
|
|
|
|
"Match any IPv4\n")
|
|
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-04 22:12:58 +01:00
|
|
|
struct acl_dup_args ada = {};
|
2019-11-08 18:50:00 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-12-04 22:12:58 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
ada.ada_type = "ipv4";
|
|
|
|
|
ada.ada_name = name;
|
2021-03-29 20:26:28 +02:00
|
|
|
ada.ada_action = action;
|
2020-12-04 22:12:58 +01:00
|
|
|
|
|
|
|
|
if (prefix_str) {
|
|
|
|
|
ada.ada_xpath[0] = "./ipv4-prefix";
|
|
|
|
|
ada.ada_value[0] = prefix_str;
|
|
|
|
|
if (exact) {
|
|
|
|
|
ada.ada_xpath[1] = "./ipv4-exact-match";
|
|
|
|
|
ada.ada_value[1] = "true";
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[0] = "./any";
|
|
|
|
|
ada.ada_value[0] = "true";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (acl_is_dup(vty->candidate_config->dnode, &ada))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Create the access-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (prefix_str != NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv4-prefix", NB_OP_MODIFY,
|
2019-11-08 18:50:00 +01:00
|
|
|
prefix_str);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv4-exact-match", NB_OP_MODIFY,
|
2020-04-30 18:56:05 +02:00
|
|
|
exact ? "true" : "false");
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_access_list, no_access_list_cmd,
|
|
|
|
|
"no access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <A.B.C.D/M$prefix [exact-match$exact]|any>",
|
|
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Prefix to match. e.g. 10.0.0.0/8\n"
|
|
|
|
|
"Exact match of the prefixes\n"
|
|
|
|
|
"Match any IPv4\n")
|
|
|
|
|
{
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
int64_t sseq;
|
|
|
|
|
struct prefix pany;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
|
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq_str != NULL) {
|
|
|
|
|
snprintf(
|
|
|
|
|
xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']/entry[sequence='%s']",
|
|
|
|
|
name, seq_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
acl = nb_running_get_entry(dnode, NULL, true);
|
2020-08-26 17:50:07 +02:00
|
|
|
if (prefix_str == NULL) {
|
2019-11-08 18:50:00 +01:00
|
|
|
memset(&pany, 0, sizeof(pany));
|
|
|
|
|
pany.family = AF_INET;
|
|
|
|
|
sseq = acl_zebra_get_seq(acl, action, &pany, exact);
|
|
|
|
|
} else
|
|
|
|
|
sseq = acl_zebra_get_seq(acl, action, (struct prefix *)prefix,
|
|
|
|
|
exact);
|
|
|
|
|
if (sseq == -1)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_access_list_all, no_access_list_all_cmd,
|
|
|
|
|
"no access-list WORD$name",
|
|
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
access_list_remark, access_list_remark_cmd,
|
|
|
|
|
"access-list WORD$name remark LINE...",
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
{
|
|
|
|
|
int rv;
|
|
|
|
|
char *remark;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
|
|
|
|
|
remark = argv_concat(argv, argc, 3);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark);
|
|
|
|
|
rv = nb_cli_apply_changes(vty, xpath);
|
2019-11-08 18:50:00 +01:00
|
|
|
XFREE(MTYPE_TMP, remark);
|
|
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_access_list_remark, no_access_list_remark_cmd,
|
|
|
|
|
"no access-list WORD$name remark",
|
|
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv4'][name='%s']/remark",
|
|
|
|
|
name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-01 15:06:14 +02:00
|
|
|
ALIAS(
|
|
|
|
|
no_access_list_remark, no_access_list_remark_line_cmd,
|
|
|
|
|
"no access-list WORD$name remark LINE...",
|
|
|
|
|
NO_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
ipv6_access_list, ipv6_access_list_cmd,
|
|
|
|
|
"ipv6 access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <X:X::X:X/M$prefix [exact-match$exact]|any>",
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"IPv6 prefix\n"
|
|
|
|
|
"Exact match of the prefixes\n"
|
|
|
|
|
"Match any IPv6\n")
|
|
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-04 22:12:58 +01:00
|
|
|
struct acl_dup_args ada = {};
|
2019-11-08 18:50:00 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-12-04 22:12:58 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
ada.ada_type = "ipv6";
|
|
|
|
|
ada.ada_name = name;
|
2021-03-29 20:26:28 +02:00
|
|
|
ada.ada_action = action;
|
2020-12-04 22:12:58 +01:00
|
|
|
|
|
|
|
|
if (prefix_str) {
|
|
|
|
|
ada.ada_xpath[0] = "./ipv6-prefix";
|
|
|
|
|
ada.ada_value[0] = prefix_str;
|
|
|
|
|
if (exact) {
|
|
|
|
|
ada.ada_xpath[1] = "./ipv6-exact-match";
|
|
|
|
|
ada.ada_value[1] = "true";
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[0] = "./any";
|
|
|
|
|
ada.ada_value[0] = "true";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (acl_is_dup(vty->candidate_config->dnode, &ada))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Create the access-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (prefix_str != NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv6-prefix", NB_OP_MODIFY,
|
2019-11-08 18:50:00 +01:00
|
|
|
prefix_str);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv6-exact-match", NB_OP_MODIFY,
|
2020-04-30 18:56:05 +02:00
|
|
|
exact ? "true" : "false");
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_ipv6_access_list, no_ipv6_access_list_cmd,
|
|
|
|
|
"no ipv6 access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <X:X::X:X/M$prefix [exact-match$exact]|any>",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"IPv6 prefix\n"
|
|
|
|
|
"Exact match of the prefixes\n"
|
|
|
|
|
"Match any IPv6\n")
|
|
|
|
|
{
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
int64_t sseq;
|
|
|
|
|
struct prefix pany;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
|
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq_str != NULL) {
|
|
|
|
|
snprintf(
|
|
|
|
|
xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']/entry[sequence='%s']",
|
|
|
|
|
name, seq_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
acl = nb_running_get_entry(dnode, NULL, true);
|
|
|
|
|
if (prefix == NULL) {
|
|
|
|
|
memset(&pany, 0, sizeof(pany));
|
|
|
|
|
pany.family = AF_INET6;
|
|
|
|
|
sseq = acl_zebra_get_seq(acl, action, &pany, exact);
|
|
|
|
|
} else
|
|
|
|
|
sseq = acl_zebra_get_seq(acl, action, (struct prefix *)prefix,
|
|
|
|
|
exact);
|
|
|
|
|
if (sseq == -1)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_ipv6_access_list_all, no_ipv6_access_list_all_cmd,
|
|
|
|
|
"no ipv6 access-list WORD$name",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
ipv6_access_list_remark, ipv6_access_list_remark_cmd,
|
|
|
|
|
"ipv6 access-list WORD$name remark LINE...",
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
{
|
|
|
|
|
int rv;
|
|
|
|
|
char *remark;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-04-30 22:23:51 +02:00
|
|
|
remark = argv_concat(argv, argc, 4);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark);
|
|
|
|
|
rv = nb_cli_apply_changes(vty, xpath);
|
2019-11-08 18:50:00 +01:00
|
|
|
XFREE(MTYPE_TMP, remark);
|
|
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_ipv6_access_list_remark, no_ipv6_access_list_remark_cmd,
|
|
|
|
|
"no ipv6 access-list WORD$name remark",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='ipv6'][name='%s']/remark",
|
|
|
|
|
name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-01 15:06:14 +02:00
|
|
|
ALIAS(
|
|
|
|
|
no_ipv6_access_list_remark, no_ipv6_access_list_remark_line_cmd,
|
|
|
|
|
"no ipv6 access-list WORD$name remark LINE...",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
mac_access_list, mac_access_list_cmd,
|
|
|
|
|
"mac access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <X:X:X:X:X:X$mac|any>",
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"MAC address\n"
|
|
|
|
|
"Match any MAC address\n")
|
|
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-04 22:12:58 +01:00
|
|
|
struct acl_dup_args ada = {};
|
2019-11-08 18:50:00 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-12-04 22:12:58 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
ada.ada_type = "mac";
|
|
|
|
|
ada.ada_name = name;
|
2021-03-29 20:26:28 +02:00
|
|
|
ada.ada_action = action;
|
2020-12-04 22:12:58 +01:00
|
|
|
|
|
|
|
|
if (mac_str) {
|
|
|
|
|
ada.ada_xpath[0] = "./mac";
|
|
|
|
|
ada.ada_value[0] = mac_str;
|
|
|
|
|
} else {
|
|
|
|
|
ada.ada_xpath[0] = "./any";
|
|
|
|
|
ada.ada_value[0] = "true";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (acl_is_dup(vty->candidate_config->dnode, &ada))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
/*
|
|
|
|
|
* Create the access-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (mac_str != NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./mac", NB_OP_MODIFY, mac_str);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_mac_access_list, no_mac_access_list_cmd,
|
2020-05-01 15:10:16 +02:00
|
|
|
"no mac access-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <X:X:X:X:X:X$prefix|any>",
|
2019-11-08 18:50:00 +01:00
|
|
|
NO_STR
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"MAC address\n"
|
|
|
|
|
"Match any MAC address\n")
|
|
|
|
|
{
|
|
|
|
|
struct access_list *acl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
int64_t sseq;
|
|
|
|
|
struct prefix pany;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
|
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq_str != NULL) {
|
|
|
|
|
snprintf(
|
|
|
|
|
xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']/entry[sequence='%s']",
|
|
|
|
|
name, seq_str);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']", name);
|
|
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
acl = nb_running_get_entry(dnode, NULL, true);
|
|
|
|
|
if (prefix == NULL) {
|
|
|
|
|
memset(&pany, 0, sizeof(pany));
|
|
|
|
|
pany.family = AF_ETHERNET;
|
2020-05-01 15:10:16 +02:00
|
|
|
sseq = acl_zebra_get_seq(acl, action, &pany, false);
|
2019-11-08 18:50:00 +01:00
|
|
|
} else
|
|
|
|
|
sseq = acl_zebra_get_seq(acl, action, (struct prefix *)prefix,
|
2020-05-01 15:10:16 +02:00
|
|
|
false);
|
2019-11-08 18:50:00 +01:00
|
|
|
if (sseq == -1)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-08 18:50:00 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-08 18:50:00 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_mac_access_list_all, no_mac_access_list_all_cmd,
|
|
|
|
|
"no mac access-list WORD$name",
|
|
|
|
|
NO_STR
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
mac_access_list_remark, mac_access_list_remark_cmd,
|
|
|
|
|
"mac access-list WORD$name remark LINE...",
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
{
|
|
|
|
|
int rv;
|
|
|
|
|
char *remark;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-04-30 22:23:51 +02:00
|
|
|
remark = argv_concat(argv, argc, 4);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark);
|
|
|
|
|
rv = nb_cli_apply_changes(vty, xpath);
|
2019-11-08 18:50:00 +01:00
|
|
|
XFREE(MTYPE_TMP, remark);
|
|
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-08 18:50:00 +01:00
|
|
|
no_mac_access_list_remark, no_mac_access_list_remark_cmd,
|
|
|
|
|
"no mac access-list WORD$name remark",
|
|
|
|
|
NO_STR
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/access-list[type='mac'][name='%s']/remark",
|
|
|
|
|
name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-01 15:06:14 +02:00
|
|
|
ALIAS(
|
|
|
|
|
no_mac_access_list_remark, no_mac_access_list_remark_line_cmd,
|
|
|
|
|
"no mac access-list WORD$name remark LINE...",
|
|
|
|
|
NO_STR
|
|
|
|
|
MAC_STR
|
|
|
|
|
ACCESS_LIST_STR
|
|
|
|
|
ACCESS_LIST_ZEBRA_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
|
2020-04-30 18:56:05 +02:00
|
|
|
void access_list_show(struct vty *vty, struct lyd_node *dnode,
|
|
|
|
|
bool show_defaults)
|
|
|
|
|
{
|
|
|
|
|
int type = yang_dnode_get_enum(dnode, "../type");
|
|
|
|
|
struct prefix p;
|
|
|
|
|
bool is_any;
|
|
|
|
|
bool is_exact = false;
|
2020-07-19 20:27:56 +02:00
|
|
|
bool cisco_style = false;
|
|
|
|
|
bool cisco_extended = false;
|
2020-10-02 17:47:23 +02:00
|
|
|
struct in_addr addr, mask;
|
2020-04-30 18:56:05 +02:00
|
|
|
char macstr[PREFIX2STR_BUFFER];
|
|
|
|
|
|
|
|
|
|
is_any = yang_dnode_exists(dnode, "./any");
|
|
|
|
|
switch (type) {
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_IPV4:
|
2020-04-30 18:56:05 +02:00
|
|
|
if (is_any)
|
|
|
|
|
break;
|
|
|
|
|
|
2020-07-19 20:27:56 +02:00
|
|
|
if (yang_dnode_exists(dnode, "./host")
|
2020-10-02 17:47:23 +02:00
|
|
|
|| yang_dnode_exists(dnode, "./network/address")
|
2020-07-19 20:27:56 +02:00
|
|
|
|| yang_dnode_exists(dnode, "./source-any")) {
|
|
|
|
|
cisco_style = true;
|
|
|
|
|
if (yang_dnode_exists(dnode, "./destination-host")
|
2020-10-02 17:47:23 +02:00
|
|
|
|| yang_dnode_exists(
|
|
|
|
|
dnode, "./destination-network/address")
|
2020-07-19 20:27:56 +02:00
|
|
|
|| yang_dnode_exists(dnode, "./destination-any"))
|
|
|
|
|
cisco_extended = true;
|
|
|
|
|
} else {
|
|
|
|
|
yang_dnode_get_prefix(&p, dnode, "./ipv4-prefix");
|
|
|
|
|
is_exact = yang_dnode_get_bool(dnode,
|
|
|
|
|
"./ipv4-exact-match");
|
|
|
|
|
}
|
2020-04-30 18:56:05 +02:00
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_IPV6: /* ipv6 */
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "ipv6 ");
|
|
|
|
|
if (is_any)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
yang_dnode_get_prefix(&p, dnode, "./ipv6-prefix");
|
|
|
|
|
is_exact = yang_dnode_get_bool(dnode, "./ipv6-exact-match");
|
|
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_MAC: /* mac */
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "mac ");
|
|
|
|
|
if (is_any)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
yang_dnode_get_prefix(&p, dnode, "./mac");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "access-list %s seq %s %s",
|
|
|
|
|
yang_dnode_get_string(dnode, "../name"),
|
|
|
|
|
yang_dnode_get_string(dnode, "./sequence"),
|
|
|
|
|
yang_dnode_get_string(dnode, "./action"));
|
|
|
|
|
|
2020-07-19 20:27:56 +02:00
|
|
|
/* Handle Cisco style access lists. */
|
|
|
|
|
if (cisco_style) {
|
|
|
|
|
if (cisco_extended)
|
|
|
|
|
vty_out(vty, " ip");
|
|
|
|
|
|
|
|
|
|
if (yang_dnode_exists(dnode, "./network")) {
|
2020-10-02 17:47:23 +02:00
|
|
|
yang_dnode_get_ipv4(&addr, dnode, "./network/address");
|
|
|
|
|
yang_dnode_get_ipv4(&mask, dnode, "./network/mask");
|
|
|
|
|
vty_out(vty, " %pI4 %pI4", &addr, &mask);
|
2020-07-19 20:27:56 +02:00
|
|
|
} else if (yang_dnode_exists(dnode, "./host")) {
|
|
|
|
|
if (cisco_extended)
|
|
|
|
|
vty_out(vty, " host");
|
|
|
|
|
|
|
|
|
|
vty_out(vty, " %s",
|
|
|
|
|
yang_dnode_get_string(dnode, "./host"));
|
|
|
|
|
} else if (yang_dnode_exists(dnode, "./source-any"))
|
|
|
|
|
vty_out(vty, " any");
|
|
|
|
|
|
|
|
|
|
/* Not extended, exit earlier. */
|
|
|
|
|
if (!cisco_extended) {
|
|
|
|
|
vty_out(vty, "\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Handle destination address. */
|
|
|
|
|
if (yang_dnode_exists(dnode, "./destination-network")) {
|
2020-10-02 17:47:23 +02:00
|
|
|
yang_dnode_get_ipv4(&addr, dnode,
|
|
|
|
|
"./destination-network/address");
|
|
|
|
|
yang_dnode_get_ipv4(&mask, dnode,
|
|
|
|
|
"./destination-network/mask");
|
|
|
|
|
vty_out(vty, " %pI4 %pI4", &addr, &mask);
|
2020-07-19 20:27:56 +02:00
|
|
|
} else if (yang_dnode_exists(dnode, "./destination-host"))
|
|
|
|
|
vty_out(vty, " host %s",
|
|
|
|
|
yang_dnode_get_string(dnode,
|
|
|
|
|
"./destination-host"));
|
|
|
|
|
else if (yang_dnode_exists(dnode, "./destination-any"))
|
|
|
|
|
vty_out(vty, " any");
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Zebra style access list. */
|
2020-04-30 18:56:05 +02:00
|
|
|
if (!is_any) {
|
|
|
|
|
/* If type is MAC don't show '/mask'. */
|
|
|
|
|
if (type == 2 /* mac */) {
|
|
|
|
|
prefix_mac2str(&p.u.prefix_eth, macstr, sizeof(macstr));
|
|
|
|
|
vty_out(vty, " %s", macstr);
|
|
|
|
|
} else
|
|
|
|
|
vty_out(vty, " %pFX", &p);
|
|
|
|
|
} else
|
|
|
|
|
vty_out(vty, " any");
|
|
|
|
|
|
|
|
|
|
if (is_exact)
|
|
|
|
|
vty_out(vty, " exact-match");
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void access_list_remark_show(struct vty *vty, struct lyd_node *dnode,
|
|
|
|
|
bool show_defaults)
|
|
|
|
|
{
|
|
|
|
|
int type = yang_dnode_get_enum(dnode, "../type");
|
|
|
|
|
|
|
|
|
|
switch (type) {
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_IPV4:
|
2020-04-30 18:56:05 +02:00
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_IPV6:
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "ipv6 ");
|
|
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YALT_MAC:
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "mac ");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "access-list %s remark %s\n",
|
|
|
|
|
yang_dnode_get_string(dnode, "../name"),
|
|
|
|
|
yang_dnode_get_string(dnode, NULL));
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-12 00:25:20 +01:00
|
|
|
/*
|
|
|
|
|
* Prefix lists.
|
|
|
|
|
*/
|
2020-05-04 22:34:07 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove main data structure prefix list if there are no more entries or
|
|
|
|
|
* remark. This fixes compatibility with old CLI and tests.
|
|
|
|
|
*/
|
|
|
|
|
static int plist_remove_if_empty(struct vty *vty, const char *iptype,
|
|
|
|
|
const char *name)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='%s'][name='%s']/remark",
|
|
|
|
|
iptype, name);
|
|
|
|
|
/* List is not empty if there is a remark, check that: */
|
|
|
|
|
if (yang_dnode_exists(vty->candidate_config->dnode, xpath))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
|
|
|
|
|
/* Check if we have any entries: */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='%s'][name='%s']", iptype,
|
|
|
|
|
name);
|
|
|
|
|
/*
|
|
|
|
|
* NOTE: if the list is empty it will return the first sequence
|
|
|
|
|
* number: 5.
|
|
|
|
|
*/
|
|
|
|
|
if (acl_get_seq(vty, xpath) != 5)
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
|
|
|
|
|
/* Nobody is using this list, lets remove it. */
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-12 00:25:20 +01:00
|
|
|
static int plist_remove(struct vty *vty, const char *iptype, const char *name,
|
|
|
|
|
const char *seq, const char *action, struct prefix *p,
|
|
|
|
|
long ge, long le)
|
|
|
|
|
{
|
|
|
|
|
struct prefix_list_entry *pentry;
|
|
|
|
|
enum prefix_list_type plt;
|
|
|
|
|
struct prefix_list *pl;
|
|
|
|
|
struct lyd_node *dnode;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
char xpath_entry[XPATH_MAXLEN + 32];
|
2020-05-04 22:34:07 +02:00
|
|
|
int rv;
|
2019-11-12 00:25:20 +01:00
|
|
|
|
|
|
|
|
/* If the user provided sequence number, then just go for it. */
|
|
|
|
|
if (seq != NULL) {
|
|
|
|
|
snprintf(
|
|
|
|
|
xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='%s'][name='%s']/entry[sequence='%s']",
|
|
|
|
|
iptype, name, seq);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
2020-05-04 22:34:07 +02:00
|
|
|
|
|
|
|
|
rv = nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
if (rv == CMD_SUCCESS)
|
|
|
|
|
return plist_remove_if_empty(vty, iptype, name);
|
|
|
|
|
|
|
|
|
|
return rv;
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, to keep compatibility, we need to figure it out. */
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='%s'][name='%s']", iptype,
|
|
|
|
|
name);
|
|
|
|
|
|
|
|
|
|
/* Access-list must exist before entries. */
|
|
|
|
|
if (yang_dnode_exists(running_config->dnode, xpath) == false)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-12 00:25:20 +01:00
|
|
|
|
|
|
|
|
/* Use access-list data structure to fetch sequence. */
|
2020-05-01 16:45:45 +02:00
|
|
|
assert(action != NULL);
|
2019-11-12 00:25:20 +01:00
|
|
|
if (strcmp(action, "permit") == 0)
|
|
|
|
|
plt = PREFIX_PERMIT;
|
|
|
|
|
else
|
|
|
|
|
plt = PREFIX_DENY;
|
|
|
|
|
|
|
|
|
|
dnode = yang_dnode_get(running_config->dnode, xpath);
|
|
|
|
|
pl = nb_running_get_entry(dnode, NULL, true);
|
|
|
|
|
pentry = prefix_list_entry_lookup(pl, p, plt, -1, le, ge);
|
|
|
|
|
if (pentry == NULL)
|
2021-02-08 13:28:47 +01:00
|
|
|
return CMD_WARNING_CONFIG_FAILED;
|
2019-11-12 00:25:20 +01:00
|
|
|
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, pentry->seq);
|
2019-11-12 00:25:20 +01:00
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
2020-05-04 22:34:07 +02:00
|
|
|
rv = nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
if (rv == CMD_SUCCESS)
|
|
|
|
|
return plist_remove_if_empty(vty, iptype, name);
|
|
|
|
|
|
|
|
|
|
return rv;
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
ip_prefix_list, ip_prefix_list_cmd,
|
|
|
|
|
"ip prefix-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <any|A.B.C.D/M$prefix [{ge (0-32)$ge|le (0-32)$le}]>",
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Any prefix match. Same as \"0.0.0.0/0 le 32\"\n"
|
|
|
|
|
"IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
|
|
|
|
|
"Minimum prefix length to be matched\n"
|
|
|
|
|
"Minimum prefix length\n"
|
|
|
|
|
"Maximum prefix length to be matched\n"
|
|
|
|
|
"Maximum prefix length\n")
|
|
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-07 16:10:42 +01:00
|
|
|
int arg_idx = 0;
|
|
|
|
|
struct plist_dup_args pda = {};
|
2019-11-12 00:25:20 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-12 00:25:20 +01:00
|
|
|
|
2020-12-07 16:10:42 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
pda.pda_type = "ipv4";
|
|
|
|
|
pda.pda_name = name;
|
|
|
|
|
if (prefix_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] = "./ipv4-prefix";
|
|
|
|
|
pda.pda_value[arg_idx] = prefix_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
if (ge_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] =
|
|
|
|
|
"./ipv4-prefix-length-greater-or-equal";
|
|
|
|
|
pda.pda_value[arg_idx] = ge_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
}
|
|
|
|
|
if (le_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] =
|
|
|
|
|
"./ipv4-prefix-length-lesser-or-equal";
|
|
|
|
|
pda.pda_value[arg_idx] = le_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
pda.pda_xpath[0] = "./any";
|
|
|
|
|
pda.pda_value[0] = "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (plist_is_dup(vty->candidate_config->dnode, &pda))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-12 00:25:20 +01:00
|
|
|
/*
|
|
|
|
|
* Create the prefix-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-12 00:25:20 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-12 00:25:20 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-12 00:25:20 +01:00
|
|
|
if (prefix_str != NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv4-prefix", NB_OP_MODIFY,
|
2019-11-12 00:25:20 +01:00
|
|
|
prefix_str);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
if (ge_str)
|
|
|
|
|
nb_cli_enqueue_change(
|
|
|
|
|
vty, "./ipv4-prefix-length-greater-or-equal",
|
|
|
|
|
NB_OP_MODIFY, ge_str);
|
|
|
|
|
if (le_str)
|
|
|
|
|
nb_cli_enqueue_change(
|
|
|
|
|
vty, "./ipv4-prefix-length-lesser-or-equal",
|
|
|
|
|
NB_OP_MODIFY, le_str);
|
2019-11-12 00:25:20 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL);
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ip_prefix_list, no_ip_prefix_list_cmd,
|
|
|
|
|
"no ip prefix-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <any|A.B.C.D/M$prefix [{ge (0-32)|le (0-32)}]>",
|
|
|
|
|
NO_STR
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Any prefix match. Same as \"0.0.0.0/0 le 32\"\n"
|
|
|
|
|
"IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
|
|
|
|
|
"Minimum prefix length to be matched\n"
|
|
|
|
|
"Minimum prefix length\n"
|
|
|
|
|
"Maximum prefix length to be matched\n"
|
|
|
|
|
"Maximum prefix length\n")
|
|
|
|
|
{
|
|
|
|
|
return plist_remove(vty, "ipv4", name, seq_str, action,
|
|
|
|
|
(struct prefix *)prefix, ge, le);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ip_prefix_list_seq, no_ip_prefix_list_seq_cmd,
|
|
|
|
|
"no ip prefix-list WORD$name seq (1-4294967295)$seq",
|
|
|
|
|
NO_STR
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR)
|
|
|
|
|
{
|
|
|
|
|
return plist_remove(vty, "ipv4", name, seq_str, NULL, NULL, 0, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ip_prefix_list_all, no_ip_prefix_list_all_cmd,
|
|
|
|
|
"no ip prefix-list WORD$name",
|
|
|
|
|
NO_STR
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
ip_prefix_list_remark, ip_prefix_list_remark_cmd,
|
2020-04-30 22:23:51 +02:00
|
|
|
"ip prefix-list WORD$name description LINE...",
|
2019-11-12 00:25:20 +01:00
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
{
|
|
|
|
|
int rv;
|
|
|
|
|
char *remark;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv4'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
|
|
|
|
|
remark = argv_concat(argv, argc, 4);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark);
|
|
|
|
|
rv = nb_cli_apply_changes(vty, xpath);
|
2019-11-12 00:25:20 +01:00
|
|
|
XFREE(MTYPE_TMP, remark);
|
|
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ip_prefix_list_remark, no_ip_prefix_list_remark_cmd,
|
2020-04-30 22:23:51 +02:00
|
|
|
"no ip prefix-list WORD$name description",
|
2019-11-12 00:25:20 +01:00
|
|
|
NO_STR
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv4'][name='%s']/remark",
|
|
|
|
|
name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ALIAS(
|
|
|
|
|
no_ip_prefix_list_remark, no_ip_prefix_list_remark_line_cmd,
|
2020-05-01 15:06:14 +02:00
|
|
|
"no ip prefix-list WORD$name description LINE...",
|
2019-11-12 00:25:20 +01:00
|
|
|
NO_STR
|
|
|
|
|
IP_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
ipv6_prefix_list, ipv6_prefix_list_cmd,
|
|
|
|
|
"ipv6 prefix-list WORD$name [seq (1-4294967295)] <deny|permit>$action <any|X:X::X:X/M$prefix [{ge (0-128)$ge|le (0-128)$le}]>",
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Any prefix match. Same as \"::0/0 le 128\"\n"
|
|
|
|
|
"IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
|
|
|
|
|
"Maximum prefix length to be matched\n"
|
|
|
|
|
"Maximum prefix length\n"
|
|
|
|
|
"Minimum prefix length to be matched\n"
|
|
|
|
|
"Minimum prefix length\n")
|
|
|
|
|
{
|
|
|
|
|
int64_t sseq;
|
2020-12-07 16:10:42 +01:00
|
|
|
int arg_idx = 0;
|
|
|
|
|
struct plist_dup_args pda = {};
|
2019-11-12 00:25:20 +01:00
|
|
|
char xpath[XPATH_MAXLEN];
|
2020-04-30 23:21:12 +02:00
|
|
|
char xpath_entry[XPATH_MAXLEN + 128];
|
2019-11-12 00:25:20 +01:00
|
|
|
|
2020-12-07 16:10:42 +01:00
|
|
|
/*
|
|
|
|
|
* Backward compatibility: don't complain about duplicated values,
|
|
|
|
|
* just silently accept.
|
|
|
|
|
*/
|
|
|
|
|
if (seq_str == NULL) {
|
|
|
|
|
pda.pda_type = "ipv6";
|
|
|
|
|
pda.pda_name = name;
|
|
|
|
|
if (prefix_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] = "./ipv6-prefix";
|
|
|
|
|
pda.pda_value[arg_idx] = prefix_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
if (ge_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] =
|
|
|
|
|
"./ipv6-prefix-length-greater-or-equal";
|
|
|
|
|
pda.pda_value[arg_idx] = ge_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
}
|
|
|
|
|
if (le_str) {
|
|
|
|
|
pda.pda_xpath[arg_idx] =
|
|
|
|
|
"./ipv6-prefix-length-lesser-or-equal";
|
|
|
|
|
pda.pda_value[arg_idx] = le_str;
|
|
|
|
|
arg_idx++;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
pda.pda_xpath[0] = "./any";
|
|
|
|
|
pda.pda_value[0] = "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Duplicated entry without sequence, just quit. */
|
|
|
|
|
if (plist_is_dup(vty->candidate_config->dnode, &pda))
|
|
|
|
|
return CMD_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-12 00:25:20 +01:00
|
|
|
/*
|
|
|
|
|
* Create the prefix-list first, so we can generate sequence if
|
|
|
|
|
* none given (backward compatibility).
|
|
|
|
|
*/
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
if (seq_str == NULL) {
|
2020-04-30 15:35:22 +02:00
|
|
|
/* Use XPath to find the next sequence number. */
|
|
|
|
|
sseq = acl_get_seq(vty, xpath);
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%" PRId64 "']", xpath, sseq);
|
2019-11-12 00:25:20 +01:00
|
|
|
} else
|
2020-06-19 01:09:10 +02:00
|
|
|
snprintfrr(xpath_entry, sizeof(xpath_entry),
|
|
|
|
|
"%s/entry[sequence='%s']", xpath, seq_str);
|
2019-11-12 00:25:20 +01:00
|
|
|
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath_entry, NB_OP_CREATE, NULL);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./action", NB_OP_MODIFY, action);
|
2019-11-12 00:25:20 +01:00
|
|
|
if (prefix_str != NULL) {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./ipv6-prefix", NB_OP_MODIFY,
|
2019-11-12 00:25:20 +01:00
|
|
|
prefix_str);
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
if (ge_str)
|
|
|
|
|
nb_cli_enqueue_change(
|
|
|
|
|
vty, "./ipv6-prefix-length-greater-or-equal",
|
|
|
|
|
NB_OP_MODIFY, ge_str);
|
|
|
|
|
if (le_str)
|
|
|
|
|
nb_cli_enqueue_change(
|
|
|
|
|
vty, "./ipv6-prefix-length-lesser-or-equal",
|
|
|
|
|
NB_OP_MODIFY, le_str);
|
2019-11-12 00:25:20 +01:00
|
|
|
} else {
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL);
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-05 21:40:16 +02:00
|
|
|
return nb_cli_apply_changes(vty, xpath_entry);
|
2019-11-12 00:25:20 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ipv6_prefix_list, no_ipv6_prefix_list_cmd,
|
|
|
|
|
"no ipv6 prefix-list WORD$name [seq (1-4294967295)$seq] <deny|permit>$action <any|X:X::X:X/M$prefix [{ge (0-128)$ge|le (0-128)$le}]>",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR
|
|
|
|
|
ACCESS_LIST_ACTION_STR
|
|
|
|
|
"Any prefix match. Same as \"::0/0 le 128\"\n"
|
|
|
|
|
"IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
|
|
|
|
|
"Maximum prefix length to be matched\n"
|
|
|
|
|
"Maximum prefix length\n"
|
|
|
|
|
"Minimum prefix length to be matched\n"
|
|
|
|
|
"Minimum prefix length\n")
|
|
|
|
|
{
|
|
|
|
|
return plist_remove(vty, "ipv6", name, seq_str, action,
|
|
|
|
|
(struct prefix *)prefix, ge, le);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ipv6_prefix_list_seq, no_ipv6_prefix_list_seq_cmd,
|
|
|
|
|
"no ipv6 prefix-list WORD$name seq (1-4294967295)$seq",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_SEQ_STR)
|
|
|
|
|
{
|
|
|
|
|
return plist_remove(vty, "ipv6", name, seq_str, NULL, NULL, 0, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ipv6_prefix_list_all, no_ipv6_prefix_list_all_cmd,
|
|
|
|
|
"no ipv6 prefix-list WORD$name",
|
|
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
ipv6_prefix_list_remark, ipv6_prefix_list_remark_cmd,
|
2020-04-30 22:23:51 +02:00
|
|
|
"ipv6 prefix-list WORD$name description LINE...",
|
2019-11-12 00:25:20 +01:00
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
{
|
|
|
|
|
int rv;
|
|
|
|
|
char *remark;
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv6'][name='%s']", name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL);
|
|
|
|
|
|
|
|
|
|
remark = argv_concat(argv, argc, 4);
|
2020-06-05 21:40:16 +02:00
|
|
|
nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark);
|
|
|
|
|
rv = nb_cli_apply_changes(vty, xpath);
|
2019-11-12 00:25:20 +01:00
|
|
|
XFREE(MTYPE_TMP, remark);
|
|
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 17:47:44 +02:00
|
|
|
DEFPY_YANG(
|
2019-11-12 00:25:20 +01:00
|
|
|
no_ipv6_prefix_list_remark, no_ipv6_prefix_list_remark_cmd,
|
2020-04-30 22:23:51 +02:00
|
|
|
"no ipv6 prefix-list WORD$name description",
|
2019-11-12 00:25:20 +01:00
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR)
|
|
|
|
|
{
|
|
|
|
|
char xpath[XPATH_MAXLEN];
|
|
|
|
|
|
|
|
|
|
snprintf(xpath, sizeof(xpath),
|
|
|
|
|
"/frr-filter:lib/prefix-list[type='ipv6'][name='%s']/remark",
|
|
|
|
|
name);
|
|
|
|
|
nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
|
|
|
|
|
|
|
|
|
|
return nb_cli_apply_changes(vty, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ALIAS(
|
|
|
|
|
no_ipv6_prefix_list_remark, no_ipv6_prefix_list_remark_line_cmd,
|
2020-05-01 15:06:14 +02:00
|
|
|
"no ipv6 prefix-list WORD$name description LINE...",
|
2019-11-12 00:25:20 +01:00
|
|
|
NO_STR
|
|
|
|
|
IPV6_STR
|
|
|
|
|
PREFIX_LIST_STR
|
|
|
|
|
PREFIX_LIST_NAME_STR
|
|
|
|
|
ACCESS_LIST_REMARK_STR
|
|
|
|
|
ACCESS_LIST_REMARK_LINE_STR)
|
|
|
|
|
|
2020-04-30 18:56:05 +02:00
|
|
|
void prefix_list_show(struct vty *vty, struct lyd_node *dnode,
|
|
|
|
|
bool show_defaults)
|
|
|
|
|
{
|
|
|
|
|
int type = yang_dnode_get_enum(dnode, "../type");
|
|
|
|
|
const char *ge_str = NULL, *le_str = NULL;
|
|
|
|
|
bool is_any;
|
|
|
|
|
struct prefix p;
|
|
|
|
|
|
|
|
|
|
is_any = yang_dnode_exists(dnode, "./any");
|
|
|
|
|
switch (type) {
|
2020-06-05 20:05:34 +02:00
|
|
|
case YPLT_IPV4:
|
2020-04-30 18:56:05 +02:00
|
|
|
if (!is_any)
|
|
|
|
|
yang_dnode_get_prefix(&p, dnode, "./ipv4-prefix");
|
|
|
|
|
if (yang_dnode_exists(dnode,
|
|
|
|
|
"./ipv4-prefix-length-greater-or-equal"))
|
|
|
|
|
ge_str = yang_dnode_get_string(
|
|
|
|
|
dnode, "./ipv4-prefix-length-greater-or-equal");
|
|
|
|
|
if (yang_dnode_exists(dnode,
|
|
|
|
|
"./ipv4-prefix-length-lesser-or-equal"))
|
|
|
|
|
le_str = yang_dnode_get_string(
|
|
|
|
|
dnode, "./ipv4-prefix-length-lesser-or-equal");
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "ip ");
|
|
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YPLT_IPV6:
|
2020-04-30 18:56:05 +02:00
|
|
|
if (!is_any)
|
|
|
|
|
yang_dnode_get_prefix(&p, dnode, "ipv6-prefix");
|
|
|
|
|
if (yang_dnode_exists(dnode,
|
|
|
|
|
"./ipv6-prefix-length-greater-or-equal"))
|
|
|
|
|
ge_str = yang_dnode_get_string(
|
|
|
|
|
dnode, "./ipv6-prefix-length-greater-or-equal");
|
|
|
|
|
if (yang_dnode_exists(dnode,
|
|
|
|
|
"./ipv6-prefix-length-lesser-or-equal"))
|
|
|
|
|
le_str = yang_dnode_get_string(
|
|
|
|
|
dnode, "./ipv6-prefix-length-lesser-or-equal");
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "ipv6 ");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "prefix-list %s seq %s %s",
|
|
|
|
|
yang_dnode_get_string(dnode, "../name"),
|
|
|
|
|
yang_dnode_get_string(dnode, "./sequence"),
|
|
|
|
|
yang_dnode_get_string(dnode, "./action"));
|
|
|
|
|
|
|
|
|
|
if (is_any) {
|
|
|
|
|
vty_out(vty, " any\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vty_out(vty, " %pFX", &p);
|
|
|
|
|
if (ge_str)
|
|
|
|
|
vty_out(vty, " ge %s", ge_str);
|
|
|
|
|
if (le_str)
|
|
|
|
|
vty_out(vty, " le %s", le_str);
|
|
|
|
|
|
|
|
|
|
vty_out(vty, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void prefix_list_remark_show(struct vty *vty, struct lyd_node *dnode,
|
|
|
|
|
bool show_defaults)
|
|
|
|
|
{
|
|
|
|
|
int type = yang_dnode_get_enum(dnode, "../type");
|
|
|
|
|
|
|
|
|
|
switch (type) {
|
2020-06-05 20:05:34 +02:00
|
|
|
case YPLT_IPV4:
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "ip ");
|
|
|
|
|
break;
|
2020-06-05 20:05:34 +02:00
|
|
|
case YPLT_IPV6:
|
2020-04-30 18:56:05 +02:00
|
|
|
vty_out(vty, "ipv6 ");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-30 22:23:51 +02:00
|
|
|
vty_out(vty, "prefix-list %s description %s\n",
|
2020-04-30 18:56:05 +02:00
|
|
|
yang_dnode_get_string(dnode, "../name"),
|
|
|
|
|
yang_dnode_get_string(dnode, NULL));
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-08 18:50:00 +01:00
|
|
|
void filter_cli_init(void)
|
|
|
|
|
{
|
|
|
|
|
/* access-list cisco-style (legacy). */
|
|
|
|
|
install_element(CONFIG_NODE, &access_list_std_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_access_list_std_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &access_list_ext_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_access_list_ext_cmd);
|
|
|
|
|
|
|
|
|
|
/* access-list zebra-style. */
|
|
|
|
|
install_element(CONFIG_NODE, &access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_access_list_all_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &access_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_access_list_remark_cmd);
|
2020-05-01 15:06:14 +02:00
|
|
|
install_element(CONFIG_NODE, &no_access_list_remark_line_cmd);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
install_element(CONFIG_NODE, &ipv6_access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_access_list_all_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &ipv6_access_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
|
2020-05-01 15:06:14 +02:00
|
|
|
install_element(CONFIG_NODE, &no_ipv6_access_list_remark_line_cmd);
|
2019-11-08 18:50:00 +01:00
|
|
|
|
|
|
|
|
install_element(CONFIG_NODE, &mac_access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_mac_access_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_mac_access_list_all_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &mac_access_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_mac_access_list_remark_cmd);
|
2020-05-01 15:06:14 +02:00
|
|
|
install_element(CONFIG_NODE, &no_mac_access_list_remark_line_cmd);
|
2019-11-12 00:25:20 +01:00
|
|
|
|
|
|
|
|
/* prefix lists. */
|
|
|
|
|
install_element(CONFIG_NODE, &ip_prefix_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ip_prefix_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ip_prefix_list_seq_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ip_prefix_list_all_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &ip_prefix_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ip_prefix_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ip_prefix_list_remark_line_cmd);
|
|
|
|
|
|
|
|
|
|
install_element(CONFIG_NODE, &ipv6_prefix_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_prefix_list_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_prefix_list_seq_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_prefix_list_all_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &ipv6_prefix_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_prefix_list_remark_cmd);
|
|
|
|
|
install_element(CONFIG_NODE, &no_ipv6_prefix_list_remark_line_cmd);
|
2019-11-08 18:50:00 +01:00
|
|
|
}
|
