/* Maximum ACL name length */
#define ACL_NAMSIZ 128
+/** Cisco host wildcard mask. */
+#define CISCO_HOST_WILDCARD_MASK "0.0.0.0"
+/** Cisco host wildcard binary mask. */
+#define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
+
+/** Cisco any wildcard mask. */
+#define CISCO_ANY_WILDCARD_MASK "255.255.255.255"
+/** Cisco binary any wildcard mask. */
+#define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
+
/* Filter direction. */
#define FILTER_IN 0
#define FILTER_OUT 1
struct filter f, *fn;
memset(&f, 0, sizeof(f));
- memset(&fc, 0, sizeof(fc));
f.cisco = 1;
if (strcmp(action, "permit") == 0)
f.type = FILTER_PERMIT;
int plen;
assert(inet_pton(AF_INET, mask, &ia) == 1);
+ ia.s_addr = ~ia.s_addr;
plen = ip_masklen(ia);
snprintf(dst, dstlen, "%s/%d", addr, plen);
}
/* Use access-list data structure to fetch sequence. */
dnode = yang_dnode_get(running_config->dnode, xpath);
acl = nb_running_get_entry(dnode, NULL, true);
- if (host_str != NULL)
- sseq = acl_cisco_get_seq(acl, action, host_str,
- mask_str ? mask_str : "0.0.0.0", NULL,
- NULL);
- else
- sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
- "255.255.255.255", NULL, NULL);
+ sseq = acl_cisco_get_seq(acl, action, host_str,
+ mask_str ? mask_str : CISCO_HOST_WILDCARD_MASK,
+ NULL, NULL);
if (sseq == -1)
return CMD_WARNING;
if (dst_str != NULL)
sseq = acl_cisco_get_seq(
acl, action, src_str,
- src_mask_str ? src_mask_str : "0.0.0.0",
+ src_mask_str ? src_mask_str
+ : CISCO_HOST_WILDCARD_MASK,
dst_str,
- dst_mask_str ? dst_mask_str : "0.0.0.0");
+ dst_mask_str ? dst_mask_str
+ : CISCO_HOST_WILDCARD_MASK);
else
- sseq = acl_cisco_get_seq(acl, action, src_str,
- src_mask_str ? src_mask_str
- : "0.0.0.0",
- "0.0.0.0", "255.255.255.255");
+ sseq = acl_cisco_get_seq(
+ acl, action, src_str,
+ src_mask_str ? src_mask_str
+ : CISCO_HOST_WILDCARD_MASK,
+ "0.0.0.0", CISCO_ANY_WILDCARD_MASK);
} else {
if (dst_str != NULL)
- sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
- "255.255.255.255", dst_str,
- dst_mask_str ? dst_mask_str
- : "0.0.0.0");
+ sseq = acl_cisco_get_seq(
+ acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
+ dst_str,
+ dst_mask_str ? dst_mask_str
+ : CISCO_HOST_WILDCARD_MASK);
else
- sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
- "255.255.255.255", "0.0.0.0",
- "255.255.255.255");
+ sseq = acl_cisco_get_seq(
+ acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
+ "0.0.0.0", CISCO_ANY_WILDCARD_MASK);
}
if (sseq == -1)
return CMD_WARNING;
/* Use access-list data structure to fetch sequence. */
dnode = yang_dnode_get(running_config->dnode, xpath);
acl = nb_running_get_entry(dnode, NULL, true);
- if (prefix == NULL) {
+ if (prefix_str == NULL) {
memset(&pany, 0, sizeof(pany));
pany.family = AF_INET;
sseq = acl_zebra_get_seq(acl, action, &pany, exact);
ple->le = 0;
}
+/**
+ * Unsets the cisco style rule for addresses so it becomes disabled (the
+ * equivalent of setting: `0.0.0.0/32`).
+ *
+ * \param addr address part.
+ * \param mask mask part.
+ */
+static void cisco_unset_addr_mask(struct in_addr *addr, struct in_addr *mask)
+{
+ addr->s_addr = INADDR_ANY;
+ mask->s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
+}
+
/*
* XPath: /frr-filter:lib/access-list
*/
f->cisco = 1;
fc = &f->u.cfilter;
yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL);
- fc->addr_mask.s_addr = INADDR_ANY;
+ fc->addr_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
- fc->addr.s_addr = INADDR_ANY;
- fc->addr_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
return NB_OK;
}
yang_dnode_get_prefix(&p, args->dnode, NULL);
fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
masklen2ip(p.prefixlen, &fc->addr_mask);
+ fc->addr_mask.s_addr = ~fc->addr_mask.s_addr;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
- fc->addr.s_addr = INADDR_ANY;
- fc->addr_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
return NB_OK;
}
f->cisco = 1;
fc = &f->u.cfilter;
fc->addr.s_addr = INADDR_ANY;
- fc->addr_mask.s_addr = INADDR_NONE;
+ fc->addr_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
- fc->addr.s_addr = INADDR_ANY;
- fc->addr_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
return NB_OK;
}
fc = &f->u.cfilter;
fc->extended = 1;
yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL);
- fc->mask_mask.s_addr = INADDR_ANY;
+ fc->mask_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
fc->extended = 0;
- fc->mask.s_addr = INADDR_ANY;
- fc->mask_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
return NB_OK;
}
yang_dnode_get_prefix(&p, args->dnode, NULL);
fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
masklen2ip(p.prefixlen, &fc->mask_mask);
+ fc->mask_mask.s_addr = ~fc->mask_mask.s_addr;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
fc->extended = 0;
- fc->mask.s_addr = INADDR_ANY;
- fc->mask_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
return NB_OK;
}
fc = &f->u.cfilter;
fc->extended = 1;
fc->mask.s_addr = INADDR_ANY;
- fc->mask_mask.s_addr = INADDR_NONE;
+ fc->mask_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
return NB_OK;
}
f = nb_running_get_entry(args->dnode, NULL, true);
fc = &f->u.cfilter;
fc->extended = 0;
- fc->mask.s_addr = INADDR_ANY;
- fc->mask_mask.s_addr = INADDR_NONE;
+ cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
return NB_OK;
}
projects / matthieu / frr.git / commitdiff