From: Rafael Zalamena Date: Wed, 26 Aug 2020 15:50:07 +0000 (-0300) Subject: lib: refactory cisco access list net wildcard X-Git-Tag: base_7.5~22^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=0ed507dda081856952065b5d9cb5862742b017f3;p=matthieu%2Ffrr.git lib: refactory cisco access list net wildcard Wildcards bits have the opposite representation of a network mask, example: 192.168.0.0/24 has the following netmask 255.255.0.0 and the wildcard representation is 0.0.255.255. To avoid future confusion lets put those definitions into a macro so we know for sure which form to use. Signed-off-by: Rafael Zalamena --- diff --git a/lib/filter.h b/lib/filter.h index d41f3b65cd..623fb94527 100644 --- a/lib/filter.h +++ b/lib/filter.h @@ -32,6 +32,16 @@ extern "C" { /* Maximum ACL name length */ #define ACL_NAMSIZ 128 +/** Cisco host wildcard mask. */ +#define CISCO_HOST_WILDCARD_MASK "0.0.0.0" +/** Cisco host wildcard binary mask. */ +#define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY + +/** Cisco any wildcard mask. */ +#define CISCO_ANY_WILDCARD_MASK "255.255.255.255" +/** Cisco binary any wildcard mask. */ +#define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE + /* Filter direction. */ #define FILTER_IN 0 #define FILTER_OUT 1 diff --git a/lib/filter_cli.c b/lib/filter_cli.c index 85cb8175f5..09fc3289ce 100644 --- a/lib/filter_cli.c +++ b/lib/filter_cli.c @@ -62,7 +62,6 @@ static int64_t acl_cisco_get_seq(struct access_list *acl, const char *action, struct filter f, *fn; memset(&f, 0, sizeof(f)); - memset(&fc, 0, sizeof(fc)); f.cisco = 1; if (strcmp(action, "permit") == 0) f.type = FILTER_PERMIT; @@ -125,6 +124,7 @@ static void concat_addr_mask_v4(const char *addr, const char *mask, char *dst, int plen; assert(inet_pton(AF_INET, mask, &ia) == 1); + ia.s_addr = ~ia.s_addr; plen = ip_masklen(ia); snprintf(dst, dstlen, "%s/%d", addr, plen); } @@ -252,13 +252,9 @@ DEFPY_YANG( /* Use access-list data structure to fetch sequence. */ dnode = yang_dnode_get(running_config->dnode, xpath); acl = nb_running_get_entry(dnode, NULL, true); - if (host_str != NULL) - sseq = acl_cisco_get_seq(acl, action, host_str, - mask_str ? mask_str : "0.0.0.0", NULL, - NULL); - else - sseq = acl_cisco_get_seq(acl, action, "0.0.0.0", - "255.255.255.255", NULL, NULL); + sseq = acl_cisco_get_seq(acl, action, host_str, + mask_str ? mask_str : CISCO_HOST_WILDCARD_MASK, + NULL, NULL); if (sseq == -1) return CMD_WARNING; @@ -389,24 +385,28 @@ DEFPY_YANG( if (dst_str != NULL) sseq = acl_cisco_get_seq( acl, action, src_str, - src_mask_str ? src_mask_str : "0.0.0.0", + src_mask_str ? src_mask_str + : CISCO_HOST_WILDCARD_MASK, dst_str, - dst_mask_str ? dst_mask_str : "0.0.0.0"); + dst_mask_str ? dst_mask_str + : CISCO_HOST_WILDCARD_MASK); else - sseq = acl_cisco_get_seq(acl, action, src_str, - src_mask_str ? src_mask_str - : "0.0.0.0", - "0.0.0.0", "255.255.255.255"); + sseq = acl_cisco_get_seq( + acl, action, src_str, + src_mask_str ? src_mask_str + : CISCO_HOST_WILDCARD_MASK, + "0.0.0.0", CISCO_ANY_WILDCARD_MASK); } else { if (dst_str != NULL) - sseq = acl_cisco_get_seq(acl, action, "0.0.0.0", - "255.255.255.255", dst_str, - dst_mask_str ? dst_mask_str - : "0.0.0.0"); + sseq = acl_cisco_get_seq( + acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK, + dst_str, + dst_mask_str ? dst_mask_str + : CISCO_HOST_WILDCARD_MASK); else - sseq = acl_cisco_get_seq(acl, action, "0.0.0.0", - "255.255.255.255", "0.0.0.0", - "255.255.255.255"); + sseq = acl_cisco_get_seq( + acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK, + "0.0.0.0", CISCO_ANY_WILDCARD_MASK); } if (sseq == -1) return CMD_WARNING; @@ -507,7 +507,7 @@ DEFPY_YANG( /* Use access-list data structure to fetch sequence. */ dnode = yang_dnode_get(running_config->dnode, xpath); acl = nb_running_get_entry(dnode, NULL, true); - if (prefix == NULL) { + if (prefix_str == NULL) { memset(&pany, 0, sizeof(pany)); pany.family = AF_INET; sseq = acl_zebra_get_seq(acl, action, &pany, exact); diff --git a/lib/filter_nb.c b/lib/filter_nb.c index 91691d2f1d..6eacc0f5c5 100644 --- a/lib/filter_nb.c +++ b/lib/filter_nb.c @@ -112,6 +112,19 @@ static void prefix_list_entry_set_empty(struct prefix_list_entry *ple) ple->le = 0; } +/** + * Unsets the cisco style rule for addresses so it becomes disabled (the + * equivalent of setting: `0.0.0.0/32`). + * + * \param addr address part. + * \param mask mask part. + */ +static void cisco_unset_addr_mask(struct in_addr *addr, struct in_addr *mask) +{ + addr->s_addr = INADDR_ANY; + mask->s_addr = CISCO_BIN_HOST_WILDCARD_MASK; +} + /* * XPath: /frr-filter:lib/access-list */ @@ -345,7 +358,7 @@ lib_access_list_entry_host_modify(struct nb_cb_modify_args *args) f->cisco = 1; fc = &f->u.cfilter; yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL); - fc->addr_mask.s_addr = INADDR_ANY; + fc->addr_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK; return NB_OK; } @@ -361,8 +374,7 @@ lib_access_list_entry_host_destroy(struct nb_cb_destroy_args *args) f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->addr, &fc->addr_mask); return NB_OK; } @@ -386,6 +398,7 @@ lib_access_list_entry_network_modify(struct nb_cb_modify_args *args) yang_dnode_get_prefix(&p, args->dnode, NULL); fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); masklen2ip(p.prefixlen, &fc->addr_mask); + fc->addr_mask.s_addr = ~fc->addr_mask.s_addr; return NB_OK; } @@ -401,8 +414,7 @@ lib_access_list_entry_network_destroy(struct nb_cb_destroy_args *args) f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->addr, &fc->addr_mask); return NB_OK; } @@ -423,7 +435,7 @@ lib_access_list_entry_source_any_create(struct nb_cb_create_args *args) f->cisco = 1; fc = &f->u.cfilter; fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + fc->addr_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK; return NB_OK; } @@ -439,8 +451,7 @@ lib_access_list_entry_source_any_destroy(struct nb_cb_destroy_args *args) f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->addr, &fc->addr_mask); return NB_OK; } @@ -461,7 +472,7 @@ static int lib_access_list_entry_destination_host_modify( fc = &f->u.cfilter; fc->extended = 1; yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL); - fc->mask_mask.s_addr = INADDR_ANY; + fc->mask_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK; return NB_OK; } @@ -478,8 +489,7 @@ static int lib_access_list_entry_destination_host_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; fc->extended = 0; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->mask, &fc->mask_mask); return NB_OK; } @@ -503,6 +513,7 @@ static int lib_access_list_entry_destination_network_modify( yang_dnode_get_prefix(&p, args->dnode, NULL); fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); masklen2ip(p.prefixlen, &fc->mask_mask); + fc->mask_mask.s_addr = ~fc->mask_mask.s_addr; return NB_OK; } @@ -519,8 +530,7 @@ static int lib_access_list_entry_destination_network_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; fc->extended = 0; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->mask, &fc->mask_mask); return NB_OK; } @@ -541,7 +551,7 @@ static int lib_access_list_entry_destination_any_create( fc = &f->u.cfilter; fc->extended = 1; fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + fc->mask_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK; return NB_OK; } @@ -558,8 +568,7 @@ static int lib_access_list_entry_destination_any_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; fc->extended = 0; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + cisco_unset_addr_mask(&fc->mask, &fc->mask_mask); return NB_OK; }