From: Rafael Zalamena Date: Sun, 19 Jul 2020 18:27:56 +0000 (-0300) Subject: lib,yang: merge cisco/zebra access list styles X-Git-Tag: base_7.5~145^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F6769%2Fhead;p=mirror%2Ffrr.git lib,yang: merge cisco/zebra access list styles Merge the cisco style access list with zebra's logic so we can mix both types of rules while keeping the commands. With this the cisco style limitation of having 'destination-*' only for specific number ranges no longer exist for users of YANG/northbound (the CLI still has this limitation). Signed-off-by: Rafael Zalamena --- diff --git a/lib/filter.h b/lib/filter.h index 76e992bf8e..d41f3b65cd 100644 --- a/lib/filter.h +++ b/lib/filter.h @@ -170,11 +170,6 @@ enum yang_prefix_list_action { struct lyd_node; struct vty; -extern void access_list_legacy_show(struct vty *vty, struct lyd_node *dnode, - bool show_defaults); -extern void access_list_legacy_remark_show(struct vty *vty, - struct lyd_node *dnode, - bool show_defaults); extern void access_list_show(struct vty *vty, struct lyd_node *dnode, bool show_defaults); extern void access_list_remark_show(struct vty *vty, struct lyd_node *dnode, diff --git a/lib/filter_cli.c b/lib/filter_cli.c index fe8190d098..030039b3fe 100644 --- a/lib/filter_cli.c +++ b/lib/filter_cli.c @@ -193,7 +193,8 @@ DEFPY( * none given (backward compatibility). */ snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); + "/frr-filter:lib/access-list[type='ipv4'][name='%s']", + number_str); nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); if (seq_str == NULL) { /* Use XPath to find the next sequence number. */ @@ -213,7 +214,7 @@ DEFPY( concat_addr_mask_v4(host_str, mask_str, ipmask, sizeof(ipmask)); nb_cli_enqueue_change(vty, "./network", NB_OP_MODIFY, ipmask); } else { - nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL); + nb_cli_enqueue_change(vty, "./source-any", NB_OP_CREATE, NULL); } return nb_cli_apply_changes(vty, xpath_entry); @@ -244,7 +245,7 @@ DEFPY( if (seq_str != NULL) { snprintf( xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']/entry[sequence='%s']", + "/frr-filter:lib/access-list[type='ipv4'][name='%s']/entry[sequence='%s']", number_str, seq_str); nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL); return nb_cli_apply_changes(vty, NULL); @@ -252,7 +253,8 @@ DEFPY( /* Otherwise, to keep compatibility, we need to figure it out. */ snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); + "/frr-filter:lib/access-list[type='ipv4'][name='%s']", + number_str); /* Access-list must exist before entries. */ if (yang_dnode_exists(running_config->dnode, xpath) == false) @@ -308,7 +310,8 @@ DEFPY( * none given (backward compatibility). */ snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); + "/frr-filter:lib/access-list[type='ipv4'][name='%s']", + number_str); nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); if (seq_str == NULL) { /* Use XPath to find the next sequence number. */ @@ -329,7 +332,7 @@ DEFPY( sizeof(ipmask)); nb_cli_enqueue_change(vty, "./network", NB_OP_MODIFY, ipmask); } else { - nb_cli_enqueue_change(vty, "./any", NB_OP_CREATE, NULL); + nb_cli_enqueue_change(vty, "./source-any", NB_OP_CREATE, NULL); } if (dst_str != NULL && dst_mask_str == NULL) { @@ -379,7 +382,7 @@ DEFPY( if (seq_str != NULL) { snprintfrr( xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']/entry[sequence='%s']", + "/frr-filter:lib/access-list[type='ipv4'][name='%s']/entry[sequence='%s']", number_str, seq_str); nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL); return nb_cli_apply_changes(vty, NULL); @@ -387,7 +390,8 @@ DEFPY( /* Otherwise, to keep compatibility, we need to figure it out. */ snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); + "/frr-filter:lib/access-list[type='ipv4'][name='%s']", + number_str); /* Access-list must exist before entries. */ if (yang_dnode_exists(running_config->dnode, xpath) == false) @@ -429,127 +433,6 @@ DEFPY( return nb_cli_apply_changes(vty, NULL); } -DEFPY( - no_access_list_legacy, no_access_list_legacy_cmd, - "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)>$number", - NO_STR - ACCESS_LIST_STR - ACCESS_LIST_XLEG_STR) -{ - char xpath[XPATH_MAXLEN]; - - snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); - nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL); - - return nb_cli_apply_changes(vty, NULL); -} - -void access_list_legacy_show(struct vty *vty, struct lyd_node *dnode, - bool show_defaults) -{ - uint16_t number = yang_dnode_get_uint16(dnode, "../number"); - bool extended; - struct prefix p; - struct in_addr mask; - - vty_out(vty, "access-list %d seq %s %s", number, - yang_dnode_get_string(dnode, "./sequence"), - yang_dnode_get_string(dnode, "./action")); - - extended = (number >= 100 && number <= 199) - || (number >= 2000 && number <= 2699); - if (extended) - vty_out(vty, " ip"); - - if (yang_dnode_exists(dnode, "./network")) { - yang_dnode_get_prefix(&p, dnode, "./network"); - masklen2ip(p.prefixlen, &mask); - vty_out(vty, " %pI4 %pI4", &p.u.prefix4, &mask); - } else if (yang_dnode_exists(dnode, "./host")) { - if (extended) - vty_out(vty, " host"); - - vty_out(vty, " %s", yang_dnode_get_string(dnode, "./host")); - } else if (yang_dnode_exists(dnode, "./any")) - vty_out(vty, " any"); - - if (extended) { - if (yang_dnode_exists(dnode, "./destination-network")) { - yang_dnode_get_prefix(&p, dnode, - "./destination-network"); - masklen2ip(p.prefixlen, &mask); - vty_out(vty, " %pI4 %pI4", &p.u.prefix4, &mask); - } else if (yang_dnode_exists(dnode, "./destination-host")) - vty_out(vty, " host %s", - yang_dnode_get_string(dnode, - "./destination-host")); - else if (yang_dnode_exists(dnode, "./destination-any")) - vty_out(vty, " any"); - } - - vty_out(vty, "\n"); -} - -DEFPY( - access_list_legacy_remark, access_list_legacy_remark_cmd, - "access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)>$number remark LINE...", - ACCESS_LIST_STR - ACCESS_LIST_XLEG_STR - ACCESS_LIST_REMARK_STR - ACCESS_LIST_REMARK_LINE_STR) -{ - int rv; - char *remark; - char xpath[XPATH_MAXLEN]; - - snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']", number_str); - nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); - - remark = argv_concat(argv, argc, 3); - nb_cli_enqueue_change(vty, "./remark", NB_OP_CREATE, remark); - rv = nb_cli_apply_changes(vty, xpath); - XFREE(MTYPE_TMP, remark); - - return rv; -} - -DEFPY( - no_access_list_legacy_remark, no_access_list_legacy_remark_cmd, - "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)>$number remark", - NO_STR - ACCESS_LIST_STR - ACCESS_LIST_XLEG_STR - ACCESS_LIST_REMARK_STR) -{ - char xpath[XPATH_MAXLEN]; - - snprintf(xpath, sizeof(xpath), - "/frr-filter:lib/access-list-legacy[number='%s']/remark", - number_str); - nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL); - - return nb_cli_apply_changes(vty, NULL); -} - -ALIAS( - no_access_list_legacy_remark, no_access_list_legacy_remark_line_cmd, - "no access-list <(1-99)|(100-199)|(1300-1999)|(2000-2699)>$number remark LINE...", - NO_STR - ACCESS_LIST_STR - ACCESS_LIST_XLEG_STR - ACCESS_LIST_REMARK_STR - ACCESS_LIST_REMARK_LINE_STR) - -void access_list_legacy_remark_show(struct vty *vty, struct lyd_node *dnode, - bool show_defaults) -{ - vty_out(vty, "access-list %s remark %s\n", - yang_dnode_get_string(dnode, "../number"), - yang_dnode_get_string(dnode, NULL)); -} - /* * Zebra access lists. */ @@ -1077,6 +960,9 @@ void access_list_show(struct vty *vty, struct lyd_node *dnode, struct prefix p; bool is_any; bool is_exact = false; + bool cisco_style = false; + bool cisco_extended = false; + struct in_addr mask; char macstr[PREFIX2STR_BUFFER]; is_any = yang_dnode_exists(dnode, "./any"); @@ -1085,8 +971,19 @@ void access_list_show(struct vty *vty, struct lyd_node *dnode, if (is_any) break; - yang_dnode_get_prefix(&p, dnode, "./ipv4-prefix"); - is_exact = yang_dnode_get_bool(dnode, "./ipv4-exact-match"); + if (yang_dnode_exists(dnode, "./host") + || yang_dnode_exists(dnode, "./network") + || yang_dnode_exists(dnode, "./source-any")) { + cisco_style = true; + if (yang_dnode_exists(dnode, "./destination-host") + || yang_dnode_exists(dnode, "./destination-network") + || yang_dnode_exists(dnode, "./destination-any")) + cisco_extended = true; + } else { + yang_dnode_get_prefix(&p, dnode, "./ipv4-prefix"); + is_exact = yang_dnode_get_bool(dnode, + "./ipv4-exact-match"); + } break; case YALT_IPV6: /* ipv6 */ vty_out(vty, "ipv6 "); @@ -1110,6 +1007,48 @@ void access_list_show(struct vty *vty, struct lyd_node *dnode, yang_dnode_get_string(dnode, "./sequence"), yang_dnode_get_string(dnode, "./action")); + /* Handle Cisco style access lists. */ + if (cisco_style) { + if (cisco_extended) + vty_out(vty, " ip"); + + if (yang_dnode_exists(dnode, "./network")) { + yang_dnode_get_prefix(&p, dnode, "./network"); + masklen2ip(p.prefixlen, &mask); + vty_out(vty, " %pI4 %pI4", &p.u.prefix4, &mask); + } else if (yang_dnode_exists(dnode, "./host")) { + if (cisco_extended) + vty_out(vty, " host"); + + vty_out(vty, " %s", + yang_dnode_get_string(dnode, "./host")); + } else if (yang_dnode_exists(dnode, "./source-any")) + vty_out(vty, " any"); + + /* Not extended, exit earlier. */ + if (!cisco_extended) { + vty_out(vty, "\n"); + return; + } + + /* Handle destination address. */ + if (yang_dnode_exists(dnode, "./destination-network")) { + yang_dnode_get_prefix(&p, dnode, + "./destination-network"); + masklen2ip(p.prefixlen, &mask); + vty_out(vty, " %pI4 %pI4", &p.u.prefix4, &mask); + } else if (yang_dnode_exists(dnode, "./destination-host")) + vty_out(vty, " host %s", + yang_dnode_get_string(dnode, + "./destination-host")); + else if (yang_dnode_exists(dnode, "./destination-any")) + vty_out(vty, " any"); + + vty_out(vty, "\n"); + return; + } + + /* Zebra style access list. */ if (!is_any) { /* If type is MAC don't show '/mask'. */ if (type == 2 /* mac */) { @@ -1648,10 +1587,6 @@ void filter_cli_init(void) install_element(CONFIG_NODE, &no_access_list_std_cmd); install_element(CONFIG_NODE, &access_list_ext_cmd); install_element(CONFIG_NODE, &no_access_list_ext_cmd); - install_element(CONFIG_NODE, &no_access_list_legacy_cmd); - install_element(CONFIG_NODE, &access_list_legacy_remark_cmd); - install_element(CONFIG_NODE, &no_access_list_legacy_remark_cmd); - install_element(CONFIG_NODE, &no_access_list_legacy_remark_line_cmd); /* access-list zebra-style. */ install_element(CONFIG_NODE, &access_list_cmd); diff --git a/lib/filter_nb.c b/lib/filter_nb.c index d3d868b468..41bf3cf7f4 100644 --- a/lib/filter_nb.c +++ b/lib/filter_nb.c @@ -111,24 +111,38 @@ static void prefix_list_entry_set_empty(struct prefix_list_entry *ple) } /* - * XPath: /frr-filter:lib/access-list-legacy + * XPath: /frr-filter:lib/access-list */ -static int lib_access_list_legacy_create(struct nb_cb_create_args *args) +static int lib_access_list_create(struct nb_cb_create_args *args) { - struct access_list *acl; + struct access_list *acl = NULL; const char *acl_name; + int type; if (args->event != NB_EV_APPLY) return NB_OK; - acl_name = yang_dnode_get_string(args->dnode, "./number"); - acl = access_list_get(AFI_IP, acl_name); + type = yang_dnode_get_enum(args->dnode, "./type"); + acl_name = yang_dnode_get_string(args->dnode, "./name"); + + switch (type) { + case YALT_IPV4: + acl = access_list_get(AFI_IP, acl_name); + break; + case YALT_IPV6: + acl = access_list_get(AFI_IP6, acl_name); + break; + case YALT_MAC: + acl = access_list_get(AFI_L2VPN, acl_name); + break; + } + nb_running_set_entry(args->dnode, acl); return NB_OK; } -static int lib_access_list_legacy_destroy(struct nb_cb_destroy_args *args) +static int lib_access_list_destroy(struct nb_cb_destroy_args *args) { struct access_master *am; struct access_list *acl; @@ -147,9 +161,9 @@ static int lib_access_list_legacy_destroy(struct nb_cb_destroy_args *args) } /* - * XPath: /frr-filter:lib/access-list-legacy/remark + * XPath: /frr-filter:lib/access-list/remark */ -static int lib_access_list_legacy_remark_modify(struct nb_cb_modify_args *args) +static int lib_access_list_remark_modify(struct nb_cb_modify_args *args) { struct access_list *acl; const char *remark; @@ -168,7 +182,7 @@ static int lib_access_list_legacy_remark_modify(struct nb_cb_modify_args *args) } static int -lib_access_list_legacy_remark_destroy(struct nb_cb_destroy_args *args) +lib_access_list_remark_destroy(struct nb_cb_destroy_args *args) { struct access_list *acl; @@ -182,31 +196,20 @@ lib_access_list_legacy_remark_destroy(struct nb_cb_destroy_args *args) return NB_OK; } + /* - * XPath: /frr-filter:lib/access-list-legacy/entry + * XPath: /frr-filter:lib/access-list/entry */ -static int lib_access_list_legacy_entry_create(struct nb_cb_create_args *args) +static int lib_access_list_entry_create(struct nb_cb_create_args *args) { - struct filter_cisco *fc; struct access_list *acl; struct filter *f; - uint32_t aclno; - - /* TODO: validate `filter_lookup_cisco` returns NULL. */ if (args->event != NB_EV_APPLY) return NB_OK; - aclno = yang_dnode_get_uint16(args->dnode, "../number"); - f = filter_new(); - f->cisco = 1; f->seq = yang_dnode_get_uint32(args->dnode, "./sequence"); - fc = &f->u.cfilter; - if ((aclno >= 1 && aclno <= 99) || (aclno >= 1300 && aclno <= 1999)) - fc->extended = 0; - else - fc->extended = 1; acl = nb_running_get_entry(args->dnode, NULL, true); f->acl = acl; @@ -216,7 +219,7 @@ static int lib_access_list_legacy_entry_create(struct nb_cb_create_args *args) return NB_OK; } -static int lib_access_list_legacy_entry_destroy(struct nb_cb_destroy_args *args) +static int lib_access_list_entry_destroy(struct nb_cb_destroy_args *args) { struct access_list *acl; struct filter *f; @@ -232,10 +235,10 @@ static int lib_access_list_legacy_entry_destroy(struct nb_cb_destroy_args *args) } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/action + * XPath: /frr-filter:lib/access-list/entry/action */ static int -lib_access_list_legacy_entry_action_modify(struct nb_cb_modify_args *args) +lib_access_list_entry_action_modify(struct nb_cb_modify_args *args) { const char *filter_type; struct filter *f; @@ -254,86 +257,81 @@ lib_access_list_legacy_entry_action_modify(struct nb_cb_modify_args *args) } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/host + * XPath: /frr-filter:lib/access-list/entry/ipv4-prefix */ static int -lib_access_list_legacy_entry_host_modify(struct nb_cb_modify_args *args) +lib_access_list_entry_ipv4_prefix_modify(struct nb_cb_modify_args *args) { - struct filter_cisco *fc; + struct filter_zebra *fz; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fc = &f->u.cfilter; - yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL); - fc->addr_mask.s_addr = INADDR_ANY; + f->cisco = 0; + fz = &f->u.zfilter; + yang_dnode_get_prefix(&fz->prefix, args->dnode, NULL); return NB_OK; } static int -lib_access_list_legacy_entry_host_destroy(struct nb_cb_destroy_args *args) +lib_access_list_entry_ipv4_prefix_destroy(struct nb_cb_destroy_args *args) { - struct filter_cisco *fc; + struct filter_zebra *fz; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + fz = &f->u.zfilter; + memset(&fz->prefix, 0, sizeof(fz->prefix)); return NB_OK; } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/network + * XPath: /frr-filter:lib/access-list/entry/ipv4-exact-match */ static int -lib_access_list_legacy_entry_network_modify(struct nb_cb_modify_args *args) +lib_access_list_entry_ipv4_exact_match_modify(struct nb_cb_modify_args *args) { - struct filter_cisco *fc; + struct filter_zebra *fz; struct filter *f; - struct prefix p; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fc = &f->u.cfilter; - yang_dnode_get_prefix(&p, args->dnode, NULL); - fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); - masklen2ip(p.prefixlen, &fc->addr_mask); + fz = &f->u.zfilter; + fz->exact = yang_dnode_get_bool(args->dnode, NULL); return NB_OK; } static int -lib_access_list_legacy_entry_network_destroy(struct nb_cb_destroy_args *args) +lib_access_list_entry_ipv4_exact_match_destroy(struct nb_cb_destroy_args *args) { - struct filter_cisco *fc; + struct filter_zebra *fz; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + fz = &f->u.zfilter; + fz->exact = 0; return NB_OK; } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/any + * XPath: /frr-filter:lib/access-list/entry/host */ static int -lib_access_list_legacy_entry_any_create(struct nb_cb_create_args *args) +lib_access_list_entry_host_modify(struct nb_cb_modify_args *args) { struct filter_cisco *fc; struct filter *f; @@ -342,15 +340,16 @@ lib_access_list_legacy_entry_any_create(struct nb_cb_create_args *args) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); + f->cisco = 1; fc = &f->u.cfilter; - fc->addr.s_addr = INADDR_ANY; - fc->addr_mask.s_addr = INADDR_NONE; + yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL); + fc->addr_mask.s_addr = INADDR_ANY; return NB_OK; } static int -lib_access_list_legacy_entry_any_destroy(struct nb_cb_destroy_args *args) +lib_access_list_entry_host_destroy(struct nb_cb_destroy_args *args) { struct filter_cisco *fc; struct filter *f; @@ -367,27 +366,30 @@ lib_access_list_legacy_entry_any_destroy(struct nb_cb_destroy_args *args) } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/destination-host + * XPath: /frr-filter:lib/access-list/entry/network */ -static int lib_access_list_legacy_entry_destination_host_modify( - struct nb_cb_modify_args *args) +static int +lib_access_list_entry_network_modify(struct nb_cb_modify_args *args) { struct filter_cisco *fc; struct filter *f; + struct prefix p; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); + f->cisco = 1; fc = &f->u.cfilter; - yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL); - fc->mask_mask.s_addr = INADDR_ANY; + yang_dnode_get_prefix(&p, args->dnode, NULL); + fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); + masklen2ip(p.prefixlen, &fc->addr_mask); return NB_OK; } -static int lib_access_list_legacy_entry_destination_host_destroy( - struct nb_cb_destroy_args *args) +static int +lib_access_list_entry_network_destroy(struct nb_cb_destroy_args *args) { struct filter_cisco *fc; struct filter *f; @@ -397,36 +399,35 @@ static int lib_access_list_legacy_entry_destination_host_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + fc->addr.s_addr = INADDR_ANY; + fc->addr_mask.s_addr = INADDR_NONE; return NB_OK; } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/destination-network + * XPath: /frr-filter:lib/access-list/entry/source-any */ -static int lib_access_list_legacy_entry_destination_network_modify( - struct nb_cb_modify_args *args) +static int +lib_access_list_entry_source_any_create(struct nb_cb_create_args *args) { struct filter_cisco *fc; struct filter *f; - struct prefix p; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); + f->cisco = 1; fc = &f->u.cfilter; - yang_dnode_get_prefix(&p, args->dnode, NULL); - fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); - masklen2ip(p.prefixlen, &fc->mask_mask); + fc->addr.s_addr = INADDR_ANY; + fc->addr_mask.s_addr = INADDR_NONE; return NB_OK; } -static int lib_access_list_legacy_entry_destination_network_destroy( - struct nb_cb_destroy_args *args) +static int +lib_access_list_entry_source_any_destroy(struct nb_cb_destroy_args *args) { struct filter_cisco *fc; struct filter *f; @@ -436,17 +437,17 @@ static int lib_access_list_legacy_entry_destination_network_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + fc->addr.s_addr = INADDR_ANY; + fc->addr_mask.s_addr = INADDR_NONE; return NB_OK; } /* - * XPath: /frr-filter:lib/access-list-legacy/entry/destination-any + * XPath: /frr-filter:lib/access-list/entry/destination-host */ -static int lib_access_list_legacy_entry_destination_any_create( - struct nb_cb_create_args *args) +static int lib_access_list_entry_destination_host_modify( + struct nb_cb_modify_args *args) { struct filter_cisco *fc; struct filter *f; @@ -456,13 +457,14 @@ static int lib_access_list_legacy_entry_destination_any_create( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; - fc->mask.s_addr = INADDR_ANY; - fc->mask_mask.s_addr = INADDR_NONE; + fc->extended = 1; + yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL); + fc->mask_mask.s_addr = INADDR_ANY; return NB_OK; } -static int lib_access_list_legacy_entry_destination_any_destroy( +static int lib_access_list_entry_destination_host_destroy( struct nb_cb_destroy_args *args) { struct filter_cisco *fc; @@ -473,6 +475,7 @@ static int lib_access_list_legacy_entry_destination_any_destroy( f = nb_running_get_entry(args->dnode, NULL, true); fc = &f->u.cfilter; + fc->extended = 0; fc->mask.s_addr = INADDR_ANY; fc->mask_mask.s_addr = INADDR_NONE; @@ -480,160 +483,81 @@ static int lib_access_list_legacy_entry_destination_any_destroy( } /* - * XPath: /frr-filter:lib/access-list - */ -static int lib_access_list_create(struct nb_cb_create_args *args) -{ - struct access_list *acl = NULL; - const char *acl_name; - int type; - - if (args->event != NB_EV_APPLY) - return NB_OK; - - type = yang_dnode_get_enum(args->dnode, "./type"); - acl_name = yang_dnode_get_string(args->dnode, "./name"); - - switch (type) { - case YALT_IPV4: - acl = access_list_get(AFI_IP, acl_name); - break; - case YALT_IPV6: - acl = access_list_get(AFI_IP6, acl_name); - break; - case YALT_MAC: - acl = access_list_get(AFI_L2VPN, acl_name); - break; - } - - nb_running_set_entry(args->dnode, acl); - - return NB_OK; -} - -static int lib_access_list_destroy(struct nb_cb_destroy_args *args) -{ - struct access_master *am; - struct access_list *acl; - - if (args->event != NB_EV_APPLY) - return NB_OK; - - acl = nb_running_unset_entry(args->dnode); - am = acl->master; - if (am->delete_hook) - am->delete_hook(acl); - - access_list_delete(acl); - - return NB_OK; -} - -/* - * XPath: /frr-filter:lib/access-list/entry - */ -static int lib_access_list_entry_create(struct nb_cb_create_args *args) -{ - struct access_list *acl; - struct filter *f; - - /* TODO: validate `filter_lookup_zebra` returns NULL. */ - - if (args->event != NB_EV_APPLY) - return NB_OK; - - f = filter_new(); - f->seq = yang_dnode_get_uint32(args->dnode, "./sequence"); - - acl = nb_running_get_entry(args->dnode, NULL, true); - f->acl = acl; - access_list_filter_add(acl, f); - nb_running_set_entry(args->dnode, f); - - return NB_OK; -} - -static int lib_access_list_entry_destroy(struct nb_cb_destroy_args *args) -{ - struct access_list *acl; - struct filter *f; - - if (args->event != NB_EV_APPLY) - return NB_OK; - - f = nb_running_unset_entry(args->dnode); - acl = f->acl; - access_list_filter_delete(acl, f); - - return NB_OK; -} - -/* - * XPath: /frr-filter:lib/access-list/entry/ipv4-prefix + * XPath: /frr-filter:lib/access-list/entry/destination-network */ -static int -lib_access_list_entry_ipv4_prefix_modify(struct nb_cb_modify_args *args) +static int lib_access_list_entry_destination_network_modify( + struct nb_cb_modify_args *args) { - struct filter_zebra *fz; + struct filter_cisco *fc; struct filter *f; + struct prefix p; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fz = &f->u.zfilter; - yang_dnode_get_prefix(&fz->prefix, args->dnode, NULL); + fc = &f->u.cfilter; + fc->extended = 1; + yang_dnode_get_prefix(&p, args->dnode, NULL); + fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen); + masklen2ip(p.prefixlen, &fc->mask_mask); return NB_OK; } -static int -lib_access_list_entry_ipv4_prefix_destroy(struct nb_cb_destroy_args *args) +static int lib_access_list_entry_destination_network_destroy( + struct nb_cb_destroy_args *args) { - struct filter_zebra *fz; + struct filter_cisco *fc; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fz = &f->u.zfilter; - memset(&fz->prefix, 0, sizeof(fz->prefix)); + fc = &f->u.cfilter; + fc->extended = 0; + fc->mask.s_addr = INADDR_ANY; + fc->mask_mask.s_addr = INADDR_NONE; return NB_OK; } /* - * XPath: /frr-filter:lib/access-list/entry/ipv4-exact-match + * XPath: /frr-filter:lib/access-list/entry/destination-any */ -static int -lib_access_list_entry_ipv4_exact_match_modify(struct nb_cb_modify_args *args) +static int lib_access_list_entry_destination_any_create( + struct nb_cb_create_args *args) { - struct filter_zebra *fz; + struct filter_cisco *fc; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fz = &f->u.zfilter; - fz->exact = yang_dnode_get_bool(args->dnode, NULL); + fc = &f->u.cfilter; + fc->extended = 1; + fc->mask.s_addr = INADDR_ANY; + fc->mask_mask.s_addr = INADDR_NONE; return NB_OK; } -static int -lib_access_list_entry_ipv4_exact_match_destroy(struct nb_cb_destroy_args *args) +static int lib_access_list_entry_destination_any_destroy( + struct nb_cb_destroy_args *args) { - struct filter_zebra *fz; + struct filter_cisco *fc; struct filter *f; if (args->event != NB_EV_APPLY) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); - fz = &f->u.zfilter; - fz->exact = 0; + fc = &f->u.cfilter; + fc->extended = 0; + fc->mask.s_addr = INADDR_ANY; + fc->mask_mask.s_addr = INADDR_NONE; return NB_OK; } @@ -651,6 +575,7 @@ static int lib_access_list_entry_any_create(struct nb_cb_create_args *args) return NB_OK; f = nb_running_get_entry(args->dnode, NULL, true); + f->cisco = 0; fz = &f->u.zfilter; memset(&fz->prefix, 0, sizeof(fz->prefix)); @@ -1059,117 +984,88 @@ const struct frr_yang_module_info frr_filter_info = { .name = "frr-filter", .nodes = { { - .xpath = "/frr-filter:lib/access-list-legacy", - .cbs = { - .create = lib_access_list_legacy_create, - .destroy = lib_access_list_legacy_destroy, - } - }, - { - .xpath = "/frr-filter:lib/access-list-legacy/remark", - .cbs = { - .modify = lib_access_list_legacy_remark_modify, - .destroy = lib_access_list_legacy_remark_destroy, - .cli_show = access_list_legacy_remark_show, - } - }, - { - .xpath = "/frr-filter:lib/access-list-legacy/entry", - .cbs = { - .create = lib_access_list_legacy_entry_create, - .destroy = lib_access_list_legacy_entry_destroy, - .cli_show = access_list_legacy_show, - } - }, - { - .xpath = "/frr-filter:lib/access-list-legacy/entry/action", - .cbs = { - .modify = lib_access_list_legacy_entry_action_modify, - } - }, - { - .xpath = "/frr-filter:lib/access-list-legacy/entry/host", + .xpath = "/frr-filter:lib/access-list", .cbs = { - .modify = lib_access_list_legacy_entry_host_modify, - .destroy = lib_access_list_legacy_entry_host_destroy, + .create = lib_access_list_create, + .destroy = lib_access_list_destroy, } }, { - .xpath = "/frr-filter:lib/access-list-legacy/entry/network", + .xpath = "/frr-filter:lib/access-list/remark", .cbs = { - .modify = lib_access_list_legacy_entry_network_modify, - .destroy = lib_access_list_legacy_entry_network_destroy, + .modify = lib_access_list_remark_modify, + .destroy = lib_access_list_remark_destroy, + .cli_show = access_list_remark_show, } }, { - .xpath = "/frr-filter:lib/access-list-legacy/entry/any", + .xpath = "/frr-filter:lib/access-list/entry", .cbs = { - .create = lib_access_list_legacy_entry_any_create, - .destroy = lib_access_list_legacy_entry_any_destroy, + .create = lib_access_list_entry_create, + .destroy = lib_access_list_entry_destroy, + .cli_show = access_list_show, } }, { - .xpath = "/frr-filter:lib/access-list-legacy/entry/destination-host", + .xpath = "/frr-filter:lib/access-list/entry/action", .cbs = { - .modify = lib_access_list_legacy_entry_destination_host_modify, - .destroy = lib_access_list_legacy_entry_destination_host_destroy, + .modify = lib_access_list_entry_action_modify, } }, { - .xpath = "/frr-filter:lib/access-list-legacy/entry/destination-network", + .xpath = "/frr-filter:lib/access-list/entry/ipv4-prefix", .cbs = { - .modify = lib_access_list_legacy_entry_destination_network_modify, - .destroy = lib_access_list_legacy_entry_destination_network_destroy, + .modify = lib_access_list_entry_ipv4_prefix_modify, + .destroy = lib_access_list_entry_ipv4_prefix_destroy, } }, { - .xpath = "/frr-filter:lib/access-list-legacy/entry/destination-any", + .xpath = "/frr-filter:lib/access-list/entry/ipv4-exact-match", .cbs = { - .create = lib_access_list_legacy_entry_destination_any_create, - .destroy = lib_access_list_legacy_entry_destination_any_destroy, + .modify = lib_access_list_entry_ipv4_exact_match_modify, + .destroy = lib_access_list_entry_ipv4_exact_match_destroy, } }, { - .xpath = "/frr-filter:lib/access-list", + .xpath = "/frr-filter:lib/access-list/entry/host", .cbs = { - .create = lib_access_list_create, - .destroy = lib_access_list_destroy, + .modify = lib_access_list_entry_host_modify, + .destroy = lib_access_list_entry_host_destroy, } }, { - .xpath = "/frr-filter:lib/access-list/remark", + .xpath = "/frr-filter:lib/access-list/entry/network", .cbs = { - .modify = lib_access_list_legacy_remark_modify, - .destroy = lib_access_list_legacy_remark_destroy, - .cli_show = access_list_remark_show, + .modify = lib_access_list_entry_network_modify, + .destroy = lib_access_list_entry_network_destroy, } }, { - .xpath = "/frr-filter:lib/access-list/entry", + .xpath = "/frr-filter:lib/access-list/entry/source-any", .cbs = { - .create = lib_access_list_entry_create, - .destroy = lib_access_list_entry_destroy, - .cli_show = access_list_show, + .create = lib_access_list_entry_source_any_create, + .destroy = lib_access_list_entry_source_any_destroy, } }, { - .xpath = "/frr-filter:lib/access-list/entry/action", + .xpath = "/frr-filter:lib/access-list/entry/destination-host", .cbs = { - .modify = lib_access_list_legacy_entry_action_modify, + .modify = lib_access_list_entry_destination_host_modify, + .destroy = lib_access_list_entry_destination_host_destroy, } }, { - .xpath = "/frr-filter:lib/access-list/entry/ipv4-prefix", + .xpath = "/frr-filter:lib/access-list/entry/destination-network", .cbs = { - .modify = lib_access_list_entry_ipv4_prefix_modify, - .destroy = lib_access_list_entry_ipv4_prefix_destroy, + .modify = lib_access_list_entry_destination_network_modify, + .destroy = lib_access_list_entry_destination_network_destroy, } }, { - .xpath = "/frr-filter:lib/access-list/entry/ipv4-exact-match", + .xpath = "/frr-filter:lib/access-list/entry/destination-any", .cbs = { - .modify = lib_access_list_entry_ipv4_exact_match_modify, - .destroy = lib_access_list_entry_ipv4_exact_match_destroy, + .create = lib_access_list_entry_destination_any_create, + .destroy = lib_access_list_entry_destination_any_destroy, } }, { diff --git a/lib/routemap_cli.c b/lib/routemap_cli.c index 2c45f09751..31bee1310e 100644 --- a/lib/routemap_cli.c +++ b/lib/routemap_cli.c @@ -213,7 +213,7 @@ DEFPY( DEFPY( match_ip_address, match_ip_address_cmd, - "match ip address <(1-199)$acll|(1300-2699)$aclh|WORD$name>", + "match ip address <(1-199)|(1300-2699)|WORD>$name", MATCH_STR IP_STR "Match address of route\n" @@ -223,29 +223,10 @@ DEFPY( { const char *xpath = "./match-condition[condition='ipv4-address-list']"; char xpath_value[XPATH_MAXLEN + 32]; - int acln = acll ? acll : aclh; nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); - if (name) { - snprintf(xpath_value, sizeof(xpath_value), "%s/list-name", - xpath); - nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, name); - } else /* if (acll || aclh) */ { - if ((acln >= 1 && acln <= 99) - || (acln >= 1300 && acln <= 1999)) { - snprintf(xpath_value, sizeof(xpath_value), - "%s/access-list-num", xpath); - } else { - /* - * if ((acln >= 100 && acln <= 199) - * || (acln >= 2000 && acln <= 2699)) - */ - snprintf(xpath_value, sizeof(xpath_value), - "%s/access-list-num-extended", xpath); - } - nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, - acll_str ? acll_str : aclh_str); - } + snprintf(xpath_value, sizeof(xpath_value), "%s/list-name", xpath); + nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, name); return nb_cli_apply_changes(vty, NULL); } @@ -307,7 +288,7 @@ DEFPY( DEFPY( match_ip_next_hop, match_ip_next_hop_cmd, - "match ip next-hop <(1-199)$acll|(1300-2699)$aclh|WORD$name>", + "match ip next-hop <(1-199)|(1300-2699)|WORD>$name", MATCH_STR IP_STR "Match next-hop address of route\n" @@ -317,29 +298,10 @@ DEFPY( { const char *xpath = "./match-condition[condition='ipv4-next-hop-list']"; char xpath_value[XPATH_MAXLEN + 32]; - int acln = acll ? acll : aclh; nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); - if (name) { - snprintf(xpath_value, sizeof(xpath_value), "%s/list-name", - xpath); - nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, name); - } else /* if (acll || aclh) */ { - if ((acln >= 1 && acln <= 99) - || (acln >= 1300 && acln <= 1999)) { - snprintf(xpath_value, sizeof(xpath_value), - "%s/access-list-num", xpath); - } else { - /* - * if ((acln >= 100 && acln <= 199) - * || (acln >= 2000 && acln <= 2699)) - */ - snprintf(xpath_value, sizeof(xpath_value), - "%s/access-list-num-extended", xpath); - } - nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, - acll_str ? acll_str : aclh_str); - } + snprintf(xpath_value, sizeof(xpath_value), "%s/list-name", xpath); + nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, name); return nb_cli_apply_changes(vty, NULL); } @@ -610,8 +572,6 @@ void route_map_condition_show(struct vty *vty, struct lyd_node *dnode, bool show_defaults) { int condition = yang_dnode_get_enum(dnode, "./condition"); - struct lyd_node *ln; - const char *acl; switch (condition) { case 0: /* interface */ @@ -620,25 +580,14 @@ void route_map_condition_show(struct vty *vty, struct lyd_node *dnode, break; case 1: /* ipv4-address-list */ case 3: /* ipv4-next-hop-list */ - acl = NULL; - if ((ln = yang_dnode_get(dnode, "./list-name")) != NULL) - acl = yang_dnode_get_string(ln, NULL); - else if ((ln = yang_dnode_get(dnode, "./access-list-num")) - != NULL) - acl = yang_dnode_get_string(ln, NULL); - else if ((ln = yang_dnode_get(dnode, - "./access-list-num-extended")) - != NULL) - acl = yang_dnode_get_string(ln, NULL); - - assert(acl); - switch (condition) { case 1: - vty_out(vty, " match ip address %s\n", acl); + vty_out(vty, " match ip address %s\n", + yang_dnode_get_string(dnode, "./list-name")); break; case 3: - vty_out(vty, " match ip next-hop %s\n", acl); + vty_out(vty, " match ip next-hop %s\n", + yang_dnode_get_string(dnode, "./list-name")); break; } break; diff --git a/lib/routemap_northbound.c b/lib/routemap_northbound.c index f500a6c408..967f3fd4d4 100644 --- a/lib/routemap_northbound.c +++ b/lib/routemap_northbound.c @@ -515,77 +515,6 @@ static int lib_route_map_entry_match_condition_interface_destroy( return lib_route_map_entry_match_destroy(args); } -/* - * XPath: /frr-route-map:lib/route-map/entry/match-condition/access-list-num - */ -static int lib_route_map_entry_match_condition_access_list_num_modify( - struct nb_cb_modify_args *args) -{ - struct routemap_hook_context *rhc; - const char *acl; - int condition, rv; - - if (args->event != NB_EV_APPLY) - return NB_OK; - - /* Check for hook function. */ - rv = CMD_SUCCESS; - acl = yang_dnode_get_string(args->dnode, NULL); - rhc = nb_running_get_entry(args->dnode, NULL, true); - condition = yang_dnode_get_enum(args->dnode, "../condition"); - switch (condition) { - case 1: /* ipv4-address-list */ - if (rmap_match_set_hook.match_ip_address == NULL) - break; - rhc->rhc_mhook = rmap_match_set_hook.no_match_ip_address; - rhc->rhc_rule = "ip address"; - rhc->rhc_event = RMAP_EVENT_FILTER_DELETED; - rv = rmap_match_set_hook.match_ip_address( - NULL, rhc->rhc_rmi, "ip address", acl, - RMAP_EVENT_FILTER_ADDED); - break; - case 3: /* ipv4-next-hop-list */ - if (rmap_match_set_hook.match_ip_next_hop == NULL) - break; - rhc->rhc_mhook = rmap_match_set_hook.no_match_ip_next_hop; - rhc->rhc_rule = "ip next-hop"; - rhc->rhc_event = RMAP_EVENT_FILTER_DELETED; - rv = rmap_match_set_hook.match_ip_next_hop( - NULL, rhc->rhc_rmi, "ip next-hop", acl, - RMAP_EVENT_FILTER_ADDED); - break; - } - if (rv != CMD_SUCCESS) { - rhc->rhc_mhook = NULL; - return NB_ERR_INCONSISTENCY; - } - - return NB_OK; -} - -static int lib_route_map_entry_match_condition_access_list_num_destroy( - struct nb_cb_destroy_args *args) -{ - return lib_route_map_entry_match_destroy(args); -} - -/* - * XPath: - * /frr-route-map:lib/route-map/entry/match-condition/access-list-num-extended - */ -static int lib_route_map_entry_match_condition_access_list_num_extended_modify( - struct nb_cb_modify_args *args) -{ - return lib_route_map_entry_match_condition_access_list_num_modify(args); -} - -static int lib_route_map_entry_match_condition_access_list_num_extended_destroy( - struct nb_cb_destroy_args *args) -{ - return lib_route_map_entry_match_condition_access_list_num_destroy( - args); -} - /* * XPath: /frr-route-map:lib/route-map/entry/match-condition/list-name */ @@ -1244,20 +1173,6 @@ const struct frr_yang_module_info frr_route_map_info = { .destroy = lib_route_map_entry_match_condition_interface_destroy, } }, - { - .xpath = "/frr-route-map:lib/route-map/entry/match-condition/access-list-num", - .cbs = { - .modify = lib_route_map_entry_match_condition_access_list_num_modify, - .destroy = lib_route_map_entry_match_condition_access_list_num_destroy, - } - }, - { - .xpath = "/frr-route-map:lib/route-map/entry/match-condition/access-list-num-extended", - .cbs = { - .modify = lib_route_map_entry_match_condition_access_list_num_extended_modify, - .destroy = lib_route_map_entry_match_condition_access_list_num_extended_destroy, - } - }, { .xpath = "/frr-route-map:lib/route-map/entry/match-condition/list-name", .cbs = { diff --git a/yang/frr-filter.yang b/yang/frr-filter.yang index 78db201ea1..c9e09bef4b 100644 --- a/yang/frr-filter.yang +++ b/yang/frr-filter.yang @@ -49,28 +49,6 @@ module frr-filter { /* * Types. */ - typedef access-list-standard { - description "Standard IPv4 access list (any, host or a prefix)"; - type uint16 { - range "1..99 | 1300..1999"; - } - } - - typedef access-list-extended { - description - "Extended IPv4 access list (source / destination any, hosts or prefixes)"; - type uint16 { - range "100..199 | 2000..2699"; - } - } - - typedef access-list-legacy { - description "Standard/Extended IPv4 access list"; - type uint16 { - range "1..199 | 1300..2699"; - } - } - typedef access-list-name { description "Access list name formatting"; type string { @@ -103,79 +81,6 @@ module frr-filter { * Configuration data. */ container lib { - list access-list-legacy { - description "Access list legacy instance"; - - key "number"; - - leaf number { - description "Access list sequence value"; - type access-list-legacy; - } - - leaf remark { - description "Access list remark"; - type string; - } - - list entry { - description "Access list legacy entry"; - - key "sequence"; - - leaf sequence { - description "Access list sequence value"; - type access-list-sequence; - } - - leaf action { - description "Access list action on match"; - type access-list-action; - mandatory true; - } - - choice value { - description - "Standard access list: value to match. - Extended access list: source value to match."; - mandatory true; - - leaf host { - description "Host to match"; - type inet:ipv4-address; - } - leaf network { - description "Network to match"; - type inet:ipv4-prefix; - } - leaf any { - description "Match any"; - type empty; - } - } - - choice extended-value { - when "../number >= 100 and ../number <= 199 or - ../number >= 2000 and ../number <= 2699"; - description "Destination value to match"; - mandatory true; - - leaf destination-host { - description "Host to match"; - type inet:ipv4-address; - } - leaf destination-network { - description "Network to match"; - type inet:ipv4-prefix; - } - leaf destination-any { - description "Match any"; - type empty; - } - } - } - } - list access-list { description "Access list instance"; @@ -232,15 +137,66 @@ module frr-filter { case ipv4-prefix { when "../type = 'ipv4'"; - leaf ipv4-prefix { - description "Configure IPv4 prefix to match"; - type inet:ipv4-prefix; - } + choice style { + description "Access list entry style selection: zebra or cisco."; + mandatory true; + + case zebra { + leaf ipv4-prefix { + description "Configure IPv4 prefix to match"; + type inet:ipv4-prefix; + } + + leaf ipv4-exact-match { + description "Exact match of prefix"; + type boolean; + default false; + } + } + case cisco { + leaf host { + description "Host to match"; + type inet:ipv4-address; + } + leaf network { + description "Network to match"; + type inet:ipv4-prefix; + } + leaf source-any { + /* + * Was `any`, however it conflicts with `any` leaf + * outside this choice. + */ + description "Match any"; + type empty; + } + } - leaf ipv4-exact-match { - description "Exact match of prefix"; - type boolean; - default false; + choice extended-value { + /* + * Legacy note: before using the new access-list format the + * cisco styled list only accepted identifiers using numbers + * and they had the following restriction: + * + * when "../number >= 100 and ../number <= 199 or + * ../number >= 2000 and ../number <= 2699"; + */ + description "Destination value to match"; + mandatory true; + + leaf destination-host { + description "Host to match"; + type inet:ipv4-address; + } + leaf destination-network { + description "Network to match"; + type inet:ipv4-prefix; + } + leaf destination-any { + description "Match any"; + type empty; + } + } } } case ipv6-prefix { diff --git a/yang/frr-route-map.yang b/yang/frr-route-map.yang index f35a2976d1..734b984d7d 100644 --- a/yang/frr-route-map.yang +++ b/yang/frr-route-map.yang @@ -239,20 +239,6 @@ module frr-route-map { type string; } } - case access-list-num { - when "./condition = 'ipv4-address-list' or - ./condition = 'ipv4-next-hop-list'"; - leaf access-list-num { - type filter:access-list-standard; - } - } - case access-list-num-extended { - when "./condition = 'ipv4-address-list' or - ./condition = 'ipv4-next-hop-list'"; - leaf access-list-num-extended { - type filter:access-list-extended; - } - } case list-name { when "./condition = 'ipv4-address-list' or ./condition = 'ipv4-prefix-list' or