diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2020-12-10 08:14:34 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-10 08:14:34 -0500 |
| commit | 9696432fe5aea14ccfb505a20163687f85a49889 (patch) | |
| tree | 3a13de5ae125743f21de7b012057b52932b291ef /lib/filter_cli.c | |
| parent | b2c7cf18b23fee4fe0ce49f38cbcd6035bb55b92 (diff) | |
| parent | 4e32d023cdf9fc5326b09ea6aa16d465bc948147 (diff) | |
Merge pull request #7677 from opensourcerouting/acl-back-compat
lib: restore previous access/prefix list behaviour
Diffstat (limited to 'lib/filter_cli.c')
| -rw-r--r-- | lib/filter_cli.c | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/lib/filter_cli.c b/lib/filter_cli.c index a8230f3a9a..54b6cda9a5 100644 --- a/lib/filter_cli.c +++ b/lib/filter_cli.c @@ -162,10 +162,36 @@ DEFPY_YANG( "Wildcard bits\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + if (host_str && mask_str == NULL) { + ada.ada_xpath[0] = "./host"; + ada.ada_value[0] = host_str; + } else if (host_str && mask_str) { + ada.ada_xpath[0] = "./network/address"; + ada.ada_value[0] = host_str; + ada.ada_xpath[1] = "./network/mask"; + ada.ada_value[1] = mask_str; + } else { + ada.ada_xpath[0] = "./source-any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -270,11 +296,59 @@ DEFPY_YANG( "Destination address to match\n" "Any destination host\n") { + int idx = 0; int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + if (src_str && src_mask_str == NULL) { + ada.ada_xpath[idx] = "./host"; + ada.ada_value[idx] = src_str; + idx++; + } else if (src_str && src_mask_str) { + ada.ada_xpath[idx] = "./network/address"; + ada.ada_value[idx] = src_str; + idx++; + ada.ada_xpath[idx] = "./network/mask"; + ada.ada_value[idx] = src_mask_str; + idx++; + } else { + ada.ada_xpath[idx] = "./source-any"; + ada.ada_value[idx] = "true"; + idx++; + } + + if (dst_str && dst_mask_str == NULL) { + ada.ada_xpath[idx] = "./destination-host"; + ada.ada_value[idx] = dst_str; + idx++; + } else if (dst_str && dst_mask_str) { + ada.ada_xpath[idx] = "./destination-network/address"; + ada.ada_value[idx] = dst_str; + idx++; + ada.ada_xpath[idx] = "./destination-network/mask"; + ada.ada_value[idx] = dst_mask_str; + idx++; + } else { + ada.ada_xpath[idx] = "./destination-any"; + ada.ada_value[idx] = "true"; + idx++; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -419,10 +493,36 @@ DEFPY_YANG( "Match any IPv4\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv4"; + ada.ada_name = name; + + if (prefix_str) { + ada.ada_xpath[0] = "./ipv4-prefix"; + ada.ada_value[0] = prefix_str; + if (exact) { + ada.ada_xpath[1] = "./ipv4-exact-match"; + ada.ada_value[1] = "true"; + } + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -590,10 +690,36 @@ DEFPY_YANG( "Match any IPv6\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "ipv6"; + ada.ada_name = name; + + if (prefix_str) { + ada.ada_xpath[0] = "./ipv6-prefix"; + ada.ada_value[0] = prefix_str; + if (exact) { + ada.ada_xpath[1] = "./ipv6-exact-match"; + ada.ada_value[1] = "true"; + } + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -765,10 +891,32 @@ DEFPY_YANG( "Match any MAC address\n") { int64_t sseq; + struct acl_dup_args ada = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + ada.ada_type = "mac"; + ada.ada_name = name; + + if (mac_str) { + ada.ada_xpath[0] = "./mac"; + ada.ada_value[0] = mac_str; + } else { + ada.ada_xpath[0] = "./any"; + ada.ada_value[0] = "true"; + } + + /* Duplicated entry without sequence, just quit. */ + if (acl_is_dup(vty->candidate_config->dnode, &ada)) + return CMD_SUCCESS; + } + + /* * Create the access-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -1171,10 +1319,45 @@ DEFPY_YANG( "Maximum prefix length\n") { int64_t sseq; + int arg_idx = 0; + struct plist_dup_args pda = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + pda.pda_type = "ipv4"; + pda.pda_name = name; + if (prefix_str) { + pda.pda_xpath[arg_idx] = "./ipv4-prefix"; + pda.pda_value[arg_idx] = prefix_str; + arg_idx++; + if (ge_str) { + pda.pda_xpath[arg_idx] = + "./ipv4-prefix-length-greater-or-equal"; + pda.pda_value[arg_idx] = ge_str; + arg_idx++; + } + if (le_str) { + pda.pda_xpath[arg_idx] = + "./ipv4-prefix-length-lesser-or-equal"; + pda.pda_value[arg_idx] = le_str; + arg_idx++; + } + } else { + pda.pda_xpath[0] = "./any"; + pda.pda_value[0] = ""; + } + + /* Duplicated entry without sequence, just quit. */ + if (plist_is_dup(vty->candidate_config->dnode, &pda)) + return CMD_SUCCESS; + } + + /* * Create the prefix-list first, so we can generate sequence if * none given (backward compatibility). */ @@ -1331,10 +1514,45 @@ DEFPY_YANG( "Minimum prefix length\n") { int64_t sseq; + int arg_idx = 0; + struct plist_dup_args pda = {}; char xpath[XPATH_MAXLEN]; char xpath_entry[XPATH_MAXLEN + 128]; /* + * Backward compatibility: don't complain about duplicated values, + * just silently accept. + */ + if (seq_str == NULL) { + pda.pda_type = "ipv6"; + pda.pda_name = name; + if (prefix_str) { + pda.pda_xpath[arg_idx] = "./ipv6-prefix"; + pda.pda_value[arg_idx] = prefix_str; + arg_idx++; + if (ge_str) { + pda.pda_xpath[arg_idx] = + "./ipv6-prefix-length-greater-or-equal"; + pda.pda_value[arg_idx] = ge_str; + arg_idx++; + } + if (le_str) { + pda.pda_xpath[arg_idx] = + "./ipv6-prefix-length-lesser-or-equal"; + pda.pda_value[arg_idx] = le_str; + arg_idx++; + } + } else { + pda.pda_xpath[0] = "./any"; + pda.pda_value[0] = ""; + } + + /* Duplicated entry without sequence, just quit. */ + if (plist_is_dup(vty->candidate_config->dnode, &pda)) + return CMD_SUCCESS; + } + + /* * Create the prefix-list first, so we can generate sequence if * none given (backward compatibility). */ |