filter.c

大名鼎鼎的路由器源码。程序分ZEBRA、OSPFRIP等3个包。程序框架采用一个路由协议一个进程的方式

struct filter *
filter_lookup_cisco (struct access_list *access, struct filter *mnew)
{
  struct filter *mfilter;
  struct filter_cisco *filter;
  struct filter_cisco *new;

  new = &mnew->u.cfilter;

  for (mfilter = access->head; mfilter; mfilter = mfilter->next)
    {
      filter = &mfilter->u.cfilter;

      if (filter->extended)
	{
	  if (mfilter->type == mnew->type
	      && filter->addr.s_addr == new->addr.s_addr
	      && filter->addr_mask.s_addr == new->addr_mask.s_addr
	      && filter->mask.s_addr == new->mask.s_addr
	      && filter->mask_mask.s_addr == new->mask_mask.s_addr)
	    return mfilter;
	}
      else
	{
	  if (mfilter->type == mnew->type
	      && filter->addr.s_addr == new->addr.s_addr
	      && filter->addr_mask.s_addr == new->addr_mask.s_addr)
	    return mfilter;
	}
    }

  return NULL;
}

struct filter *
filter_lookup_zebra (struct access_list *access, struct filter *mnew)
{
  struct filter *mfilter;
  struct filter_zebra *filter;
  struct filter_zebra *new;

  new = &mnew->u.zfilter;

  for (mfilter = access->head; mfilter; mfilter = mfilter->next)
    {
      filter = &mfilter->u.zfilter;

      if (filter->exact == new->exact
	  && mfilter->type == mnew->type
	  && prefix_same (&filter->prefix, &new->prefix))
	return mfilter;
    }
  return NULL;
}

int
vty_access_list_remark_unset (struct vty *vty, afi_t afi, char *name)
{
  struct access_list *access;

  access = access_list_lookup (afi, name);
  if (! access)
    {
      vty_out (vty, "%% access-list %s doesn't exist%s", name,
	       VTY_NEWLINE);
      return CMD_WARNING;
    }

  if (access->remark)
    {
      XFREE (MTYPE_TMP, access->remark);
      access->remark = NULL;
    }

  if (access->head == NULL && access->tail == NULL && access->remark == NULL)
    access_list_delete (access);

  return CMD_SUCCESS;
}

int
filter_set_cisco (struct vty *vty, char *name_str, char *type_str,
		  char *addr_str, char *addr_mask_str,
		  char *mask_str, char *mask_mask_str,
		  int extended, int set)
{
  int ret;
  enum filter_type type;
  struct filter *mfilter;
  struct filter_cisco *filter;
  struct access_list *access;
  struct in_addr addr;
  struct in_addr addr_mask;
  struct in_addr mask;
  struct in_addr mask_mask;

  /* Check of filter type. */
  if (strncmp (type_str, "p", 1) == 0)
    type = FILTER_PERMIT;
  else if (strncmp (type_str, "d", 1) == 0)
    type = FILTER_DENY;
  else
    {
      vty_out (vty, "%% filter type must be permit or deny%s", VTY_NEWLINE);
      return CMD_WARNING;
    }

  ret = inet_aton (addr_str, &addr);
  if (ret <= 0)
    {
      vty_out (vty, "%%Inconsistent address and mask%s",
	       VTY_NEWLINE);
      return CMD_WARNING;
    }

  ret = inet_aton (addr_mask_str, &addr_mask);
  if (ret <= 0)
    {
      vty_out (vty, "%%Inconsistent address and mask%s",
	       VTY_NEWLINE);
      return CMD_WARNING;
    }

  if (extended)
    {
      ret = inet_aton (mask_str, &mask);
      if (ret <= 0)
	{
	  vty_out (vty, "%%Inconsistent address and mask%s",
		   VTY_NEWLINE);
	  return CMD_WARNING;
	}

      ret = inet_aton (mask_mask_str, &mask_mask);
      if (ret <= 0)
	{
	  vty_out (vty, "%%Inconsistent address and mask%s",
		   VTY_NEWLINE);
	  return CMD_WARNING;
	}
    }

  mfilter = filter_new();
  mfilter->type = type;
  mfilter->cisco = 1;
  filter = &mfilter->u.cfilter;
  filter->extended = extended;
  filter->addr.s_addr = addr.s_addr & ~addr_mask.s_addr;
  filter->addr_mask.s_addr = addr_mask.s_addr;

  if (extended)
    {
      filter->mask.s_addr = mask.s_addr & ~mask_mask.s_addr;
      filter->mask_mask.s_addr = mask_mask.s_addr;
    }

  /* Install new filter to the access_list. */
  access = access_list_get (AFI_IP, name_str);

  if (set)
    {
      if (filter_lookup_cisco (access, mfilter))
	filter_free (mfilter);
      else
	access_list_filter_add (access, mfilter);
    }
  else
    {
      struct filter *delete_filter;

      delete_filter = filter_lookup_cisco (access, mfilter);
      if (delete_filter)
	access_list_filter_delete (access, delete_filter);

      filter_free (mfilter);
    }

  return CMD_SUCCESS;
}

/* Standard access-list */
DEFUN (access_list_standard,
       access_list_standard_cmd,
       "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Address to match\n"
       "Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], argv[3],
			   NULL, NULL, 0, 1);
}

DEFUN (access_list_standard_nomask,
       access_list_standard_nomask_cmd,
       "access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Address to match\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
			   NULL, NULL, 0, 1);
}

DEFUN (access_list_standard_host,
       access_list_standard_host_cmd,
       "access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "A single host address\n"
       "Address to match\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
			   NULL, NULL, 0, 1);
}

DEFUN (access_list_standard_any,
       access_list_standard_any_cmd,
       "access-list (<1-99>|<1300-1999>) (deny|permit) any",
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any source host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
			   "255.255.255.255", NULL, NULL, 0, 1);
}

DEFUN (no_access_list_standard,
       no_access_list_standard_cmd,
       "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D",
       NO_STR
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Address to match\n"
       "Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], argv[3],
			   NULL, NULL, 0, 0);
}

DEFUN (no_access_list_standard_nomask,
       no_access_list_standard_nomask_cmd,
       "no access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D",
       NO_STR
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Address to match\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
			   NULL, NULL, 0, 0);
}

DEFUN (no_access_list_standard_host,
       no_access_list_standard_host_cmd,
       "no access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D",
       NO_STR
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "A single host address\n"
       "Address to match\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2], "0.0.0.0",
			   NULL, NULL, 0, 0);
}

DEFUN (no_access_list_standard_any,
       no_access_list_standard_any_cmd,
       "no access-list (<1-99>|<1300-1999>) (deny|permit) any",
       NO_STR
       "Add an access list entry\n"
       "IP standard access list\n"
       "IP standard access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any source host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
			   "255.255.255.255", NULL, NULL, 0, 0);
}

/* Extended access-list */
DEFUN (access_list_extended,
       access_list_extended_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Source address\n"
       "Source wildcard bits\n"
       "Destination address\n"
       "Destination Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   argv[3], argv[4], argv[5], 1 ,1);
}

DEFUN (access_list_extended_mask_any,
       access_list_extended_mask_any_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Source address\n"
       "Source wildcard bits\n"
       "Any destination host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   argv[3], "0.0.0.0",
			   "255.255.255.255", 1, 1);
}

DEFUN (access_list_extended_any_mask,
       access_list_extended_any_mask_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Any source host\n"
       "Destination address\n"
       "Destination Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
			   "255.255.255.255", argv[2],
			   argv[3], 1, 1);
}

DEFUN (access_list_extended_any_any,
       access_list_extended_any_any_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip any any",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Any source host\n"
       "Any destination host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
			   "255.255.255.255", "0.0.0.0",
			   "255.255.255.255", 1, 1);
}

DEFUN (access_list_extended_mask_host,
       access_list_extended_mask_host_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D host A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Source address\n"
       "Source wildcard bits\n"
       "A single destination host\n"
       "Destination address\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   argv[3], argv[4],
			   "0.0.0.0", 1, 1);
}

DEFUN (access_list_extended_host_mask,
       access_list_extended_host_mask_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D A.B.C.D A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "A single source host\n"
       "Source address\n"
       "Destination address\n"
       "Destination Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   "0.0.0.0", argv[3],
			   argv[4], 1, 1);
}

DEFUN (access_list_extended_host_host,
       access_list_extended_host_host_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D host A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "A single source host\n"
       "Source address\n"
       "A single destination host\n"
       "Destination address\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   "0.0.0.0", argv[3],
			   "0.0.0.0", 1, 1);
}

DEFUN (access_list_extended_any_host,
       access_list_extended_any_host_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip any host A.B.C.D",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Any source host\n"
       "A single destination host\n"
       "Destination address\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], "0.0.0.0",
			   "255.255.255.255", argv[2],
			   "0.0.0.0", 1, 1);
}

DEFUN (access_list_extended_host_any,
       access_list_extended_host_any_cmd,
       "access-list (<100-199>|<2000-2699>) (deny|permit) ip host A.B.C.D any",
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "A single source host\n"
       "Source address\n"
       "Any destination host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   "0.0.0.0", "0.0.0.0",
			   "255.255.255.255", 1, 1);
}

DEFUN (no_access_list_extended,
       no_access_list_extended_cmd,
       "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D",
       NO_STR
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Source address\n"
       "Source wildcard bits\n"
       "Destination address\n"
       "Destination Wildcard bits\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   argv[3], argv[4], argv[5], 1, 0);
}

DEFUN (no_access_list_extended_mask_any,
       no_access_list_extended_mask_any_cmd,
       "no access-list (<100-199>|<2000-2699>) (deny|permit) ip A.B.C.D A.B.C.D any",
       NO_STR
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Source address\n"
       "Source wildcard bits\n"
       "Any destination host\n")
{
  return filter_set_cisco (vty, argv[0], argv[1], argv[2],
			   argv[3], "0.0.0.0",
			   "255.255.255.255", 1, 0);
}

DEFUN (no_access_list_extended_any_mask,
       no_access_list_extended_any_mask_cmd,
       "no access-list (<100-199>|<2000-2699>) (deny|permit) ip any A.B.C.D A.B.C.D",
       NO_STR
       "Add an access list entry\n"
       "IP extended access list\n"
       "IP extended access list (expanded range)\n"
       "Specify packets to reject\n"
       "Specify packets to forward\n"
       "Any Internet Protocol\n"
       "Any source host\n"