filter.c

大名鼎鼎的路由器源码。程序分ZEBRA、OSPFRIP等3个包。程序框架采用一个路由协议一个进程的方式

  access = access_list_get (AFI_IP6, argv[0]);

  if (access->remark)
    {
      XFREE (MTYPE_TMP, access->remark);
      access->remark = NULL;
    }

  /* Below is remark get codes. */
  b = buffer_new (1024);
  for (i = 1; i < argc; i++)
    {
      buffer_putstr (b, (u_char *)argv[i]);
      buffer_putc (b, ' ');
    }
  buffer_putc (b, '\0');

  access->remark = buffer_getstr (b);

  buffer_free (b);

  return CMD_SUCCESS;
}

DEFUN (no_ipv6_access_list_remark,
       no_ipv6_access_list_remark_cmd,
       "no ipv6 access-list WORD remark",
       NO_STR
       IPV6_STR
       "Add an access list entry\n"
       "IPv6 zebra access-list\n"
       "Access list entry comment\n")
{
  return vty_access_list_remark_unset (vty, AFI_IP6, argv[0]);
}
	
ALIAS (no_ipv6_access_list_remark,
       no_ipv6_access_list_remark_arg_cmd,
       "no ipv6 access-list WORD remark .LINE",
       NO_STR
       IPV6_STR
       "Add an access list entry\n"
       "IPv6 zebra access-list\n"
       "Access list entry comment\n"
       "Comment up to 100 characters\n");
#endif /* HAVE_IPV6 */

void config_write_access_zebra (struct vty *, struct filter *);
void config_write_access_cisco (struct vty *, struct filter *);

/* show access-list command. */
int
filter_show (struct vty *vty, char *name, afi_t afi)
{
  struct access_list *access;
  struct access_master *master;
  struct filter *mfilter;
  struct filter_cisco *filter;
  int write = 0;

  master = access_master_get (afi);
  if (master == NULL)
    return 0;

  for (access = master->num.head; access; access = access->next)
    {
      if (name && strcmp (access->name, name) != 0)
	continue;

      write = 1;

      for (mfilter = access->head; mfilter; mfilter = mfilter->next)
	{
	  filter = &mfilter->u.cfilter;

	  if (write)
	    {
	      vty_out (vty, "%s IP%s access list %s%s",
		       mfilter->cisco ? 
		       (filter->extended ? "Extended" : "Standard") : "Zebra",
		       afi == AFI_IP6 ? "v6" : "",
		       access->name, VTY_NEWLINE);
	      write = 0;
	    }

	  vty_out (vty, "    %s%s", filter_type_str (mfilter),
		   mfilter->type == FILTER_DENY ? "  " : "");

	  if (! mfilter->cisco)
	    config_write_access_zebra (vty, mfilter);
	  else if (filter->extended)
	    config_write_access_cisco (vty, mfilter);
	  else
	    {
	      if (filter->addr_mask.s_addr == 0xffffffff)
		vty_out (vty, " any%s", VTY_NEWLINE);
	      else
		{
		  vty_out (vty, " %s", inet_ntoa (filter->addr));
		  if (filter->addr_mask.s_addr != 0)
		    vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
		  vty_out (vty, "%s", VTY_NEWLINE);
		}
	    }
	}
    }

  for (access = master->str.head; access; access = access->next)
    {
      if (name && strcmp (access->name, name) != 0)
	continue;

      write = 1;

      for (mfilter = access->head; mfilter; mfilter = mfilter->next)
	{
	  filter = &mfilter->u.cfilter;

	  if (write)
	    {
	      vty_out (vty, "%s IP%s access list %s%s",
		       mfilter->cisco ? 
		       (filter->extended ? "Extended" : "Standard") : "Zebra",
		       afi == AFI_IP6 ? "v6" : "",
		       access->name, VTY_NEWLINE);
	      write = 0;
	    }

	  vty_out (vty, "    %s%s", filter_type_str (mfilter),
		   mfilter->type == FILTER_DENY ? "  " : "");

	  if (! mfilter->cisco)
	    config_write_access_zebra (vty, mfilter);
	  else if (filter->extended)
	    config_write_access_cisco (vty, mfilter);
	  else
	    {
	      if (filter->addr_mask.s_addr == 0xffffffff)
		vty_out (vty, " any%s", VTY_NEWLINE);
	      else
		{
		  vty_out (vty, " %s", inet_ntoa (filter->addr));
		  if (filter->addr_mask.s_addr != 0)
		    vty_out (vty, ", wildcard bits %s", inet_ntoa (filter->addr_mask));
		  vty_out (vty, "%s", VTY_NEWLINE);
		}
	    }
	}
    }
  return CMD_SUCCESS;
}

DEFUN (show_ip_access_list,
       show_ip_access_list_cmd,
       "show ip access-list",
       SHOW_STR
       IP_STR
       "List IP access lists\n")
{
  return filter_show (vty, NULL, AFI_IP);
}

DEFUN (show_ip_access_list_name,
       show_ip_access_list_name_cmd,
       "show ip access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)",
       SHOW_STR
       IP_STR
       "List IP access lists\n"
       "IP standard access list\n"
       "IP extended access list\n"
       "IP standard access list (expanded range)\n"
       "IP extended access list (expanded range)\n"
       "IP zebra access-list\n")
{
  return filter_show (vty, argv[0], AFI_IP);
}

#ifdef HAVE_IPV6
DEFUN (show_ipv6_access_list,
       show_ipv6_access_list_cmd,
       "show ipv6 access-list",
       SHOW_STR
       IPV6_STR
       "List IPv6 access lists\n")
{
  return filter_show (vty, NULL, AFI_IP6);
}

DEFUN (show_ipv6_access_list_name,
       show_ipv6_access_list_name_cmd,
       "show ipv6 access-list WORD",
       SHOW_STR
       IPV6_STR
       "List IPv6 access lists\n"
       "IPv6 zebra access-list\n")
{
  return filter_show (vty, argv[0], AFI_IP6);
}
#endif /* HAVE_IPV6 */

void
config_write_access_cisco (struct vty *vty, struct filter *mfilter)
{
  struct filter_cisco *filter;

  filter = &mfilter->u.cfilter;

  if (filter->extended)
    {
      vty_out (vty, " ip");
      if (filter->addr_mask.s_addr == 0xffffffff)
	vty_out (vty, " any");
      else if (filter->addr_mask.s_addr == 0)
	vty_out (vty, " host %s", inet_ntoa (filter->addr));
      else
	{
	  vty_out (vty, " %s", inet_ntoa (filter->addr));
	  vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
        }

      if (filter->mask_mask.s_addr == 0xffffffff)
	vty_out (vty, " any");
      else if (filter->mask_mask.s_addr == 0)
	vty_out (vty, " host %s", inet_ntoa (filter->mask));
      else
	{
	  vty_out (vty, " %s", inet_ntoa (filter->mask));
	  vty_out (vty, " %s", inet_ntoa (filter->mask_mask));
	}
      vty_out (vty, "%s", VTY_NEWLINE);
    }
  else
    {
      if (filter->addr_mask.s_addr == 0xffffffff)
	vty_out (vty, " any%s", VTY_NEWLINE);
      else
	{
	  vty_out (vty, " %s", inet_ntoa (filter->addr));
	  if (filter->addr_mask.s_addr != 0)
	    vty_out (vty, " %s", inet_ntoa (filter->addr_mask));
	  vty_out (vty, "%s", VTY_NEWLINE);
	}
    }
}

void
config_write_access_zebra (struct vty *vty, struct filter *mfilter)
{
  struct filter_zebra *filter;
  struct prefix *p;
  char buf[BUFSIZ];

  filter = &mfilter->u.zfilter;
  p = &filter->prefix;

  if (p->prefixlen == 0 && ! filter->exact)
    vty_out (vty, " any");
  else
    vty_out (vty, " %s/%d%s",
	     inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
	     p->prefixlen,
	     filter->exact ? " exact-match" : "");

  vty_out (vty, "%s", VTY_NEWLINE);
}

int
config_write_access (struct vty *vty, afi_t afi)
{
  struct access_list *access;
  struct access_master *master;
  struct filter *mfilter;
  int write = 0;

  master = access_master_get (afi);
  if (master == NULL)
    return 0;

  for (access = master->num.head; access; access = access->next)
    {
      if (access->remark)
	{
	  vty_out (vty, "%saccess-list %s remark %s%s",
		   afi == AFI_IP ? "" : "ipv6 ",
		   access->name, access->remark,
		   VTY_NEWLINE);
	  write++;
	}

      for (mfilter = access->head; mfilter; mfilter = mfilter->next)
	{
	  vty_out (vty, "%saccess-list %s %s",
	     afi == AFI_IP ? "" : "ipv6 ",
	     access->name,
	     filter_type_str (mfilter));

	  if (mfilter->cisco)
	    config_write_access_cisco (vty, mfilter);
	  else
	    config_write_access_zebra (vty, mfilter);

	  write++;
	}
    }

  for (access = master->str.head; access; access = access->next)
    {
      if (access->remark)
	{
	  vty_out (vty, "%saccess-list %s remark %s%s",
		   afi == AFI_IP ? "" : "ipv6 ",
		   access->name, access->remark,
		   VTY_NEWLINE);
	  write++;
	}

      for (mfilter = access->head; mfilter; mfilter = mfilter->next)
	{
	  vty_out (vty, "%saccess-list %s %s",
	     afi == AFI_IP ? "" : "ipv6 ",
	     access->name,
	     filter_type_str (mfilter));

	  if (mfilter->cisco)
	    config_write_access_cisco (vty, mfilter);
	  else
	    config_write_access_zebra (vty, mfilter);

	  write++;
	}
    }
  return write;
}

/* Access-list node. */
struct cmd_node access_node =
{
  ACCESS_NODE,
  "",				/* Access list has no interface. */
  1
};

int
config_write_access_ipv4 (struct vty *vty)
{
  return config_write_access (vty, AFI_IP);
}

void
access_list_reset_ipv4 ()
{
  struct access_list *access;
  struct access_list *next;
  struct access_master *master;

  master = access_master_get (AFI_IP);
  if (master == NULL)
    return;

  for (access = master->num.head; access; access = next)
    {
      next = access->next;
      access_list_delete (access);
    }
  for (access = master->str.head; access; access = next)
    {
      next = access->next;
      access_list_delete (access);
    }

  assert (master->num.head == NULL);
  assert (master->num.tail == NULL);

  assert (master->str.head == NULL);
  assert (master->str.tail == NULL);
}

/* Install vty related command. */
void
access_list_init_ipv4 ()
{
  install_node (&access_node, config_write_access_ipv4);

  install_element (ENABLE_NODE, &show_ip_access_list_cmd);
  install_element (ENABLE_NODE, &show_ip_access_list_name_cmd);

  /* Zebra access-list */
  install_element (CONFIG_NODE, &access_list_cmd);
  install_element (CONFIG_NODE, &access_list_exact_cmd);
  install_element (CONFIG_NODE, &access_list_any_cmd);
  install_element (CONFIG_NODE, &no_access_list_cmd);
  install_element (CONFIG_NODE, &no_access_list_exact_cmd);
  install_element (CONFIG_NODE, &no_access_list_any_cmd);

  /* Standard access-list */
  install_element (CONFIG_NODE, &access_list_standard_cmd);
  install_element (CONFIG_NODE, &access_list_standard_nomask_cmd);
  install_element (CONFIG_NODE, &access_list_standard_host_cmd);
  install_element (CONFIG_NODE, &access_list_standard_any_cmd);
  install_element (CONFIG_NODE, &no_access_list_standard_cmd);
  install_element (CONFIG_NODE, &no_access_list_standard_nomask_cmd);
  install_element (CONFIG_NODE, &no_access_list_standard_host_cmd);
  install_element (CONFIG_NODE, &no_access_list_standard_any_cmd);

  /* Extended access-list */
  install_element (CONFIG_NODE, &access_list_extended_cmd);
  install_element (CONFIG_NODE, &access_list_extended_any_mask_cmd);
  install_element (CONFIG_NODE, &access_list_extended_mask_any_cmd);
  install_element (CONFIG_NODE, &access_list_extended_any_any_cmd);
  install_element (CONFIG_NODE, &access_list_extended_host_mask_cmd);
  install_element (CONFIG_NODE, &access_list_extended_mask_host_cmd);
  install_element (CONFIG_NODE, &access_list_extended_host_host_cmd);
  install_element (CONFIG_NODE, &access_list_extended_any_host_cmd);
  install_element (CONFIG_NODE, &access_list_extended_host_any_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_any_mask_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_mask_any_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_any_any_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_host_mask_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_mask_host_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_host_host_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_any_host_cmd);
  install_element (CONFIG_NODE, &no_access_list_extended_host_any_cmd);

  install_element (CONFIG_NODE, &access_list_remark_cmd);
  install_element (CONFIG_NODE, &no_access_list_all_cmd);
  install_element (CONFIG_NODE, &no_access_list_remark_cmd);
  install_element (CONFIG_NODE, &no_access_list_remark_arg_cmd);
}

#ifdef HAVE_IPV6
struct cmd_node access_ipv6_node =
{
  ACCESS_IPV6_NODE,
  "",
  1
};

int
config_write_access_ipv6 (struct vty *vty)
{
  return config_write_access (vty, AFI_IP6);
}

void
access_list_reset_ipv6 ()
{
  struct access_list *access;
  struct access_list *next;
  struct access_master *master;

  master = access_master_get (AFI_IP6);
  if (master == NULL)
    return;

  for (access = master->num.head; access; access = next)
    {
      next = access->next;
      access_list_delete (access);
    }
  for (access = master->str.head; access; access = next)
    {
      next = access->next;
      access_list_delete (access);
    }

  assert (master->num.head == NULL);
  assert (master->num.tail == NULL);

  assert (master->str.head == NULL);
  assert (master->str.tail == NULL);
}

void
access_list_init_ipv6 ()
{
  install_node (&access_ipv6_node, config_write_access_ipv6);

  install_element (ENABLE_NODE, &show_ipv6_access_list_cmd);
  install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd);

  install_element (CONFIG_NODE, &ipv6_access_list_cmd);
  install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd);
  install_element (CONFIG_NODE, &ipv6_access_list_any_cmd);
  install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd);
  install_element (CONFIG_NODE, &no_ipv6_access_list_cmd);
  install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd);

  install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd);
  install_element (CONFIG_NODE, &ipv6_access_list_remark_cmd);
  install_element (CONFIG_NODE, &no_ipv6_access_list_remark_cmd);
  install_element (CONFIG_NODE, &no_ipv6_access_list_remark_arg_cmd);
}
#endif /* HAVE_IPV6 */

void
access_list_init ()
{
  access_list_init_ipv4 ();
#ifdef HAVE_IPV6
  access_list_init_ipv6();
#endif /* HAVE_IPV6 */
}

void
access_list_reset ()
{
  access_list_reset_ipv4 ();
#ifdef HAVE_IPV6
  access_list_reset_ipv6();
#endif /* HAVE_IPV6 */
}