From c1f81772d9bc391add1848edc31db58d7ce77396 Mon Sep 17 00:00:00 2001 From: Rafael Zalamena Date: Fri, 4 Dec 2020 18:12:58 -0300 Subject: [PATCH] lib: silently ignore duplicated values Keep the previous CLI behavior of silently ignoring access lists which contain the same value. Signed-off-by: Rafael Zalamena (cherry picked from commit 208dc372cd1069ab0a9efee2815b04481934f856) --- lib/filter_cli.c | 148 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/lib/filter_cli.c b/lib/filter_cli.c index a8230f3a9a..880b31acfc 100644 --- a/lib/filter_cli.c +++ b/lib/filter_cli.c @@ -162,9 +162,35 @@ DEFPY_YANG( "Wildcard bits\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; + /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + if (host_str && mask_str == NULL) { + ada.ada_xpath[0] = "./host"; + ada.ada_value[0] = host_str; + } else if (host_str && mask_str) { + ada.ada_xpath[0] = "./network/address"; + ada.ada_value[0] = host_str; + ada.ada_xpath[1] = "./network/mask"; + ada.ada_value[1] = mask_str; + } else { + ada.ada_xpath[0] = "./source-any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). @@ -270,10 +296,58 @@ DEFPY_YANG( "Destination address to match\n" "Any destination host\n") { + int idx = 0; int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; + /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + if (src_str && src_mask_str == NULL) { + ada.ada_xpath[idx] = "./host"; + ada.ada_value[idx] = src_str; + idx++; + } else if (src_str && src_mask_str) { + ada.ada_xpath[idx] = "./network/address"; + ada.ada_value[idx] = src_str; + idx++; + ada.ada_xpath[idx] = "./network/mask"; + ada.ada_value[idx] = src_mask_str; + idx++; + } else { + ada.ada_xpath[idx] = "./source-any"; + ada.ada_value[idx] = "true"; + idx++; + } + + if (dst_str && dst_mask_str == NULL) { + ada.ada_xpath[idx] = "./destination-host"; + ada.ada_value[idx] = dst_str; + idx++; + } else if (dst_str && dst_mask_str) { + ada.ada_xpath[idx] = "./destination-network/address"; + ada.ada_value[idx] = dst_str; + idx++; + ada.ada_xpath[idx] = "./destination-network/mask"; + ada.ada_value[idx] = dst_mask_str; + idx++; + } else { + ada.ada_xpath[idx] = "./destination-any"; + ada.ada_value[idx] = "true"; + idx++; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). @@ -419,9 +493,35 @@ DEFPY_YANG( "Match any IPv4\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; + /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + + if (prefix_str) { + ada.ada_xpath[0] = "./ipv4-prefix"; + ada.ada_value[0] = prefix_str; + if (exact) { + ada.ada_xpath[1] = "./ipv4-exact-match"; + ada.ada_value[1] = "true"; + } + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). @@ -590,9 +690,35 @@ DEFPY_YANG( "Match any IPv6\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; + /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv6"; + ada.ada_name = name; + + if (prefix_str) { + ada.ada_xpath[0] = "./ipv6-prefix"; + ada.ada_value[0] = prefix_str; + if (exact) { + ada.ada_xpath[1] = "./ipv6-exact-match"; + ada.ada_value[1] = "true"; + } + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). @@ -765,9 +891,31 @@ DEFPY_YANG( "Match any MAC address\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; + /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "mac"; + ada.ada_name = name; + + if (mac_str) { + ada.ada_xpath[0] = "./mac"; + ada.ada_value[0] = mac_str; + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). -- 2.39.5