We should delete the access-list when the last entry and remark is
deleted. This is already done for prefix-lists.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We delete the prefix-list when its last entry is deleted, but the check
is missed when we delete the description.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
CLI must never use operational data, because this won't work in
transactional mode. Rework search for prefix-list/access-list entries
using only candidate config.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Keep the previous CLI behavior of silently ignoring access lists which
contain the same value.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Keep the previous CLI behavior of silently ignoring access lists which
contain the same value.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Don't attempt to compress the wildcard information to fit a `/M`, but
use its own full 4 byte field.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Wildcards bits have the opposite representation of a network mask,
example:
192.168.0.0/24 has the following netmask 255.255.0.0 and the wildcard
representation is 0.0.255.255.
To avoid future confusion lets put those definitions into a macro so we
know for sure which form to use.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
When removing an IPv4 prefix configuration the wrong amount of bytes
will be read from `struct prefix_ipv4` from `DEFPY`, so lets use the
proper function for this.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
When configuring a access list rule with type `any` it is now ambiguous
between cisco and zebra because both have the same syntax, so lets
remove the cisco command to avoid that.
YANG users will not notice this change.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
`nb_cli_enqueue_change` just points to the string values passed in
parameter, so we must use different strings for different function
calls (at least until `nb_cli_apply_changes`).
While here fix a variable name typo/copy paste error on destination host
case.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
The restriction was already lift at the YANG model level, now lets
unlock the CLI as well.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
DEFPY_YANG will allow the CLI to identify which commands are
YANG-modeled or not before executing them. This is going to be
useful for the upcoming configuration back-off timer work that
needs to commit pending configuration changes before executing a
command that isn't YANG-modeled.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Merge the cisco style access list with zebra's logic so we can mix both
types of rules while keeping the commands.
With this the cisco style limitation of having 'destination-*' only for
specific number ranges no longer exist for users of YANG/northbound (the
CLI still has this limitation).
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Unfortunately, the way the frr-format plugin is set up, snprintf() with
PRId64 can generate false warnings :|. Easy workaround is to use
snprintfrr().
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
We can avoid a big amount of `snprintf` by using relative XPath in
`nb_cli_apply_changes`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
`acl_get_seq` should be able to get the sequence number from candidate
configuration without needing to commit anything midway.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Some tests expect that a prefix list structure is gone after all its
entries are removed, so lets keep that behaviour.
NOTE: users using YANG/northbound directly without CLI won't be
affected.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
- Show the correct cisco style access list extended information.
- `assert` action so static analyzer doesn't complain about possible
NULL usage.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Copy & paste mistake: MAC commands need `X:X:X:X:X:X` and not
`X:X::X:X/M` types. Also, MAC access-list don't use `exact-match`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Implement the commands `no ... remark LINE` for cisco and zebra style
access lists to match `ipX prefix-list description LINE` command set.
It useful when you just want to go through the command history and
prepend a `no` to a `remark` or `description` command. Example:
```
access-list foo remark just another acl
!
! ...
!
! Suddenly we decide we no longer think that remark is useful,
! lets press up key to find that line in history and append `no`:
no access-list foo remark just another acl
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Bump the size of the buffers so the new compilers don't complain about
possible truncation:
```
lib/filter_cli.c: In function ‘ipv6_prefix_list_magic.isra.0’:
lib/filter_cli.c:1336:5: error: ‘%lld’ directive output may be truncated writing between 1 and 20 bytes into a region of size between 16 and 527 [-Werror=format-truncation=]
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
| ^~~~~~~~~~~~~~~~~~~~~~
lib/filter_cli.c:1336:25: note: format string is defined here
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
lib/filter_cli.c:1336:5: note: directive argument in the range [-9223372036854775803, 9223372036854775807]
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
| ^~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Use `description` on CLI but `remark` on YANG like access-list (also
because `description` is a reserved word).
- Rename YANG model field and northbound code.
- Fix wrong sequence type get.
- Fix wrong action XPath in action callback.
- Fix wrong concat in (ipv6|mac) access-list.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Use northbound to write the configuration from now on. While here, fix
how `exact-match` configuration is being created.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Look up next sequence number by checking XPath instead of trying to
access unallocated context data structures.
This only applies for creation, on destroy the data structures must be
there.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Remove unused variable.
- Make prototypes static like the declaration.
- Fix new compilers complaint about uninitialized values.
- Fix new compilers complaint about small buffer for `snprintf` concatenation.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
