From a1198921f21c18659174e0a534c27e0f6d51ec71 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 1 Feb 2017 19:45:57 -0500 Subject: [PATCH] lib: Fix SA warnings and reduce cli The cli could be reduced for v4 and v6 code paths into 1 function. Additionally the v6 code path had a SA issue found where it "theoratically" could have caused a null de-reference. This issue has been removed as well. Signed-off-by: Donald Sharp --- lib/filter.c | 123 ++++++++++++++++++--------------------------------- 1 file changed, 42 insertions(+), 81 deletions(-) diff --git a/lib/filter.c b/lib/filter.c index cd17a562f0..d753c9d874 100644 --- a/lib/filter.c +++ b/lib/filter.c @@ -1327,25 +1327,9 @@ filter_set_zebra (struct vty *vty, const char *name_str, const char *type_str, return CMD_SUCCESS; } -/* Zebra access-list */ -DEFUN (access_list, - access_list_cmd, - "access-list WORD A.B.C.D/M", - "Add an access list entry\n" - "IP zebra access-list name\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "Prefix to match. e.g. 10.0.0.0/8\n") -{ - int idx_word = 1; - int idx_permit_deny = 2; - int idx_ipv4_prefixlen = 3; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 1); -} - DEFUN (access_list_exact, access_list_exact_cmd, - "access-list WORD A.B.C.D/M exact-match", + "access-list WORD A.B.C.D/M [exact-match]", "Add an access list entry\n" "IP zebra access-list name\n" "Specify packets to reject\n" @@ -1353,10 +1337,18 @@ DEFUN (access_list_exact, "Prefix to match. e.g. 10.0.0.0/8\n" "Exact match of the prefixes\n") { + int idx; + int exact = 0; int idx_word = 1; int idx_permit_deny = 2; int idx_ipv4_prefixlen = 3; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 1); + idx = idx_ipv4_prefixlen; + + if (argv_find (argv, argc, "exact-match", &idx)) + exact = 1; + + return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, + AFI_IP, argv[idx_ipv4_prefixlen]->arg, exact, 1); } DEFUN (access_list_any, @@ -1373,25 +1365,9 @@ DEFUN (access_list_any, return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, "0.0.0.0/0", 0, 1); } -DEFUN (no_access_list, - no_access_list_cmd, - "no access-list WORD A.B.C.D/M", - NO_STR - "Add an access list entry\n" - "IP zebra access-list name\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "Prefix to match. e.g. 10.0.0.0/8\n") -{ - int idx_word = 2; - int idx_permit_deny = 3; - int idx_ipv4_prefixlen = 4; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 0, 0); -} - DEFUN (no_access_list_exact, no_access_list_exact_cmd, - "no access-list WORD A.B.C.D/M exact-match", + "no access-list WORD A.B.C.D/M [exact-match]", NO_STR "Add an access list entry\n" "IP zebra access-list name\n" @@ -1400,10 +1376,17 @@ DEFUN (no_access_list_exact, "Prefix to match. e.g. 10.0.0.0/8\n" "Exact match of the prefixes\n") { + int idx; + int exact = 0; int idx_word = 2; int idx_permit_deny = 3; int idx_ipv4_prefixlen = 4; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, 1, 0); + idx = idx_ipv4_prefixlen; + + if (argv_find (argv, argc, "exact-match", &idx)) + exact = 1; + + return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP, argv[idx_ipv4_prefixlen]->arg, exact, 0); } DEFUN (no_access_list_any, @@ -1518,27 +1501,10 @@ DEFUN (no_access_list_remark_comment, { return no_access_list_remark (self, vty, argc, argv); } - - -DEFUN (ipv6_access_list, - ipv6_access_list_cmd, - "ipv6 access-list WORD X:X::X:X/M", - IPV6_STR - "Add an access list entry\n" - "IPv6 zebra access-list\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "IPv6 prefix\n") -{ - int idx = 0; - char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL; - char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL; - return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 0, 1); -} DEFUN (ipv6_access_list_exact, ipv6_access_list_exact_cmd, - "ipv6 access-list WORD X:X::X:X/M exact-match", + "ipv6 access-list WORD X:X::X:X/M [exact-match]", IPV6_STR "Add an access list entry\n" "IPv6 zebra access-list\n" @@ -1547,10 +1513,18 @@ DEFUN (ipv6_access_list_exact, "IPv6 prefix\n" "Exact match of the prefixes\n") { - int idx = 0; - char *alname = argv_find (argv, argc, "WORD", &idx) ? argv[idx]->arg : NULL; - char *prefix = argv_find (argv, argc, "X:X::X:X/M", &idx) ? argv[idx]->arg : NULL; - return filter_set_zebra (vty, alname, argv[3]->text, AFI_IP6, prefix, 1, 1); + int idx; + int exact = 0; + int idx_word = 2; + int idx_allow = 3; + int idx_addr = 4; + idx = idx_addr; + + if (argv_find (argv, argc, "exact-match", &idx)) + exact = 1; + + return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_allow]->text, + AFI_IP6, argv[idx_addr]->arg, exact, 1); } DEFUN (ipv6_access_list_any, @@ -1568,26 +1542,9 @@ DEFUN (ipv6_access_list_any, return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, "::/0", 0, 1); } -DEFUN (no_ipv6_access_list, - no_ipv6_access_list_cmd, - "no ipv6 access-list WORD X:X::X:X/M", - NO_STR - IPV6_STR - "Add an access list entry\n" - "IPv6 zebra access-list\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "Prefix to match. e.g. 3ffe:506::/32\n") -{ - int idx_word = 3; - int idx_permit_deny = 4; - int idx_ipv6_prefixlen = 5; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 0, 0); -} - DEFUN (no_ipv6_access_list_exact, no_ipv6_access_list_exact_cmd, - "no ipv6 access-list WORD X:X::X:X/M exact-match", + "no ipv6 access-list WORD X:X::X:X/M [exact-match]", NO_STR IPV6_STR "Add an access list entry\n" @@ -1597,10 +1554,18 @@ DEFUN (no_ipv6_access_list_exact, "Prefix to match. e.g. 3ffe:506::/32\n" "Exact match of the prefixes\n") { + int idx; + int exact = 0; int idx_word = 3; int idx_permit_deny = 4; int idx_ipv6_prefixlen = 5; - return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, AFI_IP6, argv[idx_ipv6_prefixlen]->arg, 1, 0); + idx = idx_ipv6_prefixlen; + + if (argv_find (argv, argc, "exact-match", &idx)) + exact = 1; + + return filter_set_zebra (vty, argv[idx_word]->arg, argv[idx_permit_deny]->arg, + AFI_IP6, argv[idx_ipv6_prefixlen]->arg, exact, 0); } DEFUN (no_ipv6_access_list_any, @@ -2051,10 +2016,8 @@ access_list_init_ipv4 (void) install_element (ENABLE_NODE, &show_ip_access_list_name_cmd); /* Zebra access-list */ - install_element (CONFIG_NODE, &access_list_cmd); install_element (CONFIG_NODE, &access_list_exact_cmd); install_element (CONFIG_NODE, &access_list_any_cmd); - install_element (CONFIG_NODE, &no_access_list_cmd); install_element (CONFIG_NODE, &no_access_list_exact_cmd); install_element (CONFIG_NODE, &no_access_list_any_cmd); @@ -2144,11 +2107,9 @@ access_list_init_ipv6 (void) install_element (ENABLE_NODE, &show_ipv6_access_list_cmd); install_element (ENABLE_NODE, &show_ipv6_access_list_name_cmd); - install_element (CONFIG_NODE, &ipv6_access_list_cmd); install_element (CONFIG_NODE, &ipv6_access_list_exact_cmd); install_element (CONFIG_NODE, &ipv6_access_list_any_cmd); install_element (CONFIG_NODE, &no_ipv6_access_list_exact_cmd); - install_element (CONFIG_NODE, &no_ipv6_access_list_cmd); install_element (CONFIG_NODE, &no_ipv6_access_list_any_cmd); install_element (CONFIG_NODE, &no_ipv6_access_list_all_cmd); -- 2.39.5