lib: refactory cisco access list net wildcard

Wildcards bits have the opposite representation of a network mask,
example:

192.168.0.0/24 has the following netmask 255.255.0.0 and the wildcard
representation is 0.0.255.255.

To avoid future confusion lets put those definitions into a macro so we
know for sure which form to use.

Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>

lib/filter.h

@@ -32,6 +32,16 @@ extern "C" {
 /* Maximum ACL name length */
 #define ACL_NAMSIZ                128
 
+/** Cisco host wildcard mask. */
+#define CISCO_HOST_WILDCARD_MASK  "0.0.0.0"
+/** Cisco host wildcard binary mask. */
+#define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
+
+/** Cisco any wildcard mask. */
+#define CISCO_ANY_WILDCARD_MASK   "255.255.255.255"
+/** Cisco binary any wildcard mask. */
+#define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
+
 /* Filter direction.  */
 #define FILTER_IN                 0
 #define FILTER_OUT                1

lib/filter_cli.c

@@ -62,7 +62,6 @@ static int64_t acl_cisco_get_seq(struct access_list *acl, const char *action,
 	struct filter f, *fn;
 
 	memset(&f, 0, sizeof(f));
-	memset(&fc, 0, sizeof(fc));
 	f.cisco = 1;
 	if (strcmp(action, "permit") == 0)
 		f.type = FILTER_PERMIT;
@@ -125,6 +124,7 @@ static void concat_addr_mask_v4(const char *addr, const char *mask, char *dst,
 	int plen;
 
 	assert(inet_pton(AF_INET, mask, &ia) == 1);
+	ia.s_addr = ~ia.s_addr;
 	plen = ip_masklen(ia);
 	snprintf(dst, dstlen, "%s/%d", addr, plen);
 }
@@ -252,13 +252,9 @@ DEFPY_YANG(
 	/* Use access-list data structure to fetch sequence. */
 	dnode = yang_dnode_get(running_config->dnode, xpath);
 	acl = nb_running_get_entry(dnode, NULL, true);
-	if (host_str != NULL)
-		sseq = acl_cisco_get_seq(acl, action, host_str,
-					 mask_str ? mask_str : "0.0.0.0", NULL,
-					 NULL);
-	else
-		sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
-					 "255.255.255.255", NULL, NULL);
+	sseq = acl_cisco_get_seq(acl, action, host_str,
+				 mask_str ? mask_str : CISCO_HOST_WILDCARD_MASK,
+				 NULL, NULL);
 	if (sseq == -1)
 		return CMD_WARNING;
 
@@ -389,24 +385,28 @@ DEFPY_YANG(
 		if (dst_str != NULL)
 			sseq = acl_cisco_get_seq(
 				acl, action, src_str,
-				src_mask_str ? src_mask_str : "0.0.0.0",
+				src_mask_str ? src_mask_str
+					     : CISCO_HOST_WILDCARD_MASK,
 				dst_str,
-				dst_mask_str ? dst_mask_str : "0.0.0.0");
+				dst_mask_str ? dst_mask_str
+					     : CISCO_HOST_WILDCARD_MASK);
 		else
-			sseq = acl_cisco_get_seq(acl, action, src_str,
-						 src_mask_str ? src_mask_str
-							      : "0.0.0.0",
-						 "0.0.0.0", "255.255.255.255");
+			sseq = acl_cisco_get_seq(
+				acl, action, src_str,
+				src_mask_str ? src_mask_str
+					     : CISCO_HOST_WILDCARD_MASK,
+				"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
 	} else {
 		if (dst_str != NULL)
-			sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
-						 "255.255.255.255", dst_str,
-						 dst_mask_str ? dst_mask_str
-							      : "0.0.0.0");
+			sseq = acl_cisco_get_seq(
+				acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
+				dst_str,
+				dst_mask_str ? dst_mask_str
+					     : CISCO_HOST_WILDCARD_MASK);
 		else
-			sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
-						 "255.255.255.255", "0.0.0.0",
-						 "255.255.255.255");
+			sseq = acl_cisco_get_seq(
+				acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
+				"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
 	}
 	if (sseq == -1)
 		return CMD_WARNING;
@@ -507,7 +507,7 @@ DEFPY_YANG(
 	/* Use access-list data structure to fetch sequence. */
 	dnode = yang_dnode_get(running_config->dnode, xpath);
 	acl = nb_running_get_entry(dnode, NULL, true);
-	if (prefix == NULL) {
+	if (prefix_str == NULL) {
 		memset(&pany, 0, sizeof(pany));
 		pany.family = AF_INET;
 		sseq = acl_zebra_get_seq(acl, action, &pany, exact);

lib/filter_nb.c

@@ -112,6 +112,19 @@ static void prefix_list_entry_set_empty(struct prefix_list_entry *ple)
 	ple->le = 0;
 }
 
+/**
+ * Unsets the cisco style rule for addresses so it becomes disabled (the
+ * equivalent of setting: `0.0.0.0/32`).
+ *
+ * \param addr address part.
+ * \param mask mask part.
+ */
+static void cisco_unset_addr_mask(struct in_addr *addr, struct in_addr *mask)
+{
+	addr->s_addr = INADDR_ANY;
+	mask->s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
+}
+
 /*
  * XPath: /frr-filter:lib/access-list
  */
@@ -345,7 +358,7 @@ lib_access_list_entry_host_modify(struct nb_cb_modify_args *args)
 	f->cisco = 1;
 	fc = &f->u.cfilter;
 	yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL);
-	fc->addr_mask.s_addr = INADDR_ANY;
+	fc->addr_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
 
 	return NB_OK;
 }
@@ -361,8 +374,7 @@ lib_access_list_entry_host_destroy(struct nb_cb_destroy_args *args)
 
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
-	fc->addr_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 
 	return NB_OK;
 }
@@ -386,6 +398,7 @@ lib_access_list_entry_network_modify(struct nb_cb_modify_args *args)
 	yang_dnode_get_prefix(&p, args->dnode, NULL);
 	fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
 	masklen2ip(p.prefixlen, &fc->addr_mask);
+	fc->addr_mask.s_addr = ~fc->addr_mask.s_addr;
 
 	return NB_OK;
 }
@@ -401,8 +414,7 @@ lib_access_list_entry_network_destroy(struct nb_cb_destroy_args *args)
 
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
-	fc->addr_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 
 	return NB_OK;
 }
@@ -423,7 +435,7 @@ lib_access_list_entry_source_any_create(struct nb_cb_create_args *args)
 	f->cisco = 1;
 	fc = &f->u.cfilter;
 	fc->addr.s_addr = INADDR_ANY;
-	fc->addr_mask.s_addr = INADDR_NONE;
+	fc->addr_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
 
 	return NB_OK;
 }
@@ -439,8 +451,7 @@ lib_access_list_entry_source_any_destroy(struct nb_cb_destroy_args *args)
 
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
-	fc->addr_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 
 	return NB_OK;
 }
@@ -461,7 +472,7 @@ static int lib_access_list_entry_destination_host_modify(
 	fc = &f->u.cfilter;
 	fc->extended = 1;
 	yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL);
-	fc->mask_mask.s_addr = INADDR_ANY;
+	fc->mask_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
 
 	return NB_OK;
 }
@@ -478,8 +489,7 @@ static int lib_access_list_entry_destination_host_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
-	fc->mask_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 
 	return NB_OK;
 }
@@ -503,6 +513,7 @@ static int lib_access_list_entry_destination_network_modify(
 	yang_dnode_get_prefix(&p, args->dnode, NULL);
 	fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
 	masklen2ip(p.prefixlen, &fc->mask_mask);
+	fc->mask_mask.s_addr = ~fc->mask_mask.s_addr;
 
 	return NB_OK;
 }
@@ -519,8 +530,7 @@ static int lib_access_list_entry_destination_network_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
-	fc->mask_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 
 	return NB_OK;
 }
@@ -541,7 +551,7 @@ static int lib_access_list_entry_destination_any_create(
 	fc = &f->u.cfilter;
 	fc->extended = 1;
 	fc->mask.s_addr = INADDR_ANY;
-	fc->mask_mask.s_addr = INADDR_NONE;
+	fc->mask_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
 
 	return NB_OK;
 }
@@ -558,8 +568,7 @@ static int lib_access_list_entry_destination_any_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
-	fc->mask_mask.s_addr = INADDR_NONE;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 
 	return NB_OK;
 }