lib: refactory cisco access list net wildcard

Wildcards bits have the opposite representation of a network mask, example: 192.168.0.0/24 has the following netmask 255.255.0.0 and the wildcard representation is 0.0.255.255. To avoid future confusion lets put those definitions into a macro so we know for sure which form to use. Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
2025-08-09 22:03:12 +00:00 · 2020-08-26 12:50:07 -03:00 · 2020-08-26 12:50:07 -03:00 · 0ed507dda0
commit 0ed507dda0
parent 070783e693
3 changed files with 57 additions and 38 deletions
--- a/lib/filter.h
+++ b/lib/filter.h
@ -32,6 +32,16 @@ extern "C" {
 /* Maximum ACL name length */
 #define ACL_NAMSIZ                128
 /** Cisco host wildcard mask. */
 #define CISCO_HOST_WILDCARD_MASK  "0.0.0.0"
 /** Cisco host wildcard binary mask. */
 #define CISCO_BIN_HOST_WILDCARD_MASK INADDR_ANY
 /** Cisco any wildcard mask. */
 #define CISCO_ANY_WILDCARD_MASK   "255.255.255.255"
 /** Cisco binary any wildcard mask. */
 #define CISCO_BIN_ANY_WILDCARD_MASK INADDR_NONE
 /* Filter direction.  */
 #define FILTER_IN                 0
 #define FILTER_OUT                1
--- a/lib/filter_cli.c
+++ b/lib/filter_cli.c
@ -62,7 +62,6 @@ static int64_t acl_cisco_get_seq(struct access_list *acl, const char *action,
 	struct filter f, *fn;
 	memset(&f, 0, sizeof(f));
 	memset(&fc, 0, sizeof(fc));
 	f.cisco = 1;
 	if (strcmp(action, "permit") == 0)
 		f.type = FILTER_PERMIT;
@ -125,6 +124,7 @@ static void concat_addr_mask_v4(const char *addr, const char *mask, char *dst,
 	int plen;
 	assert(inet_pton(AF_INET, mask, &ia) == 1);
 	ia.s_addr = ~ia.s_addr;
 	plen = ip_masklen(ia);
 	snprintf(dst, dstlen, "%s/%d", addr, plen);
 }
@ -252,13 +252,9 @@ DEFPY_YANG(
 	/* Use access-list data structure to fetch sequence. */
 	dnode = yang_dnode_get(running_config->dnode, xpath);
 	acl = nb_running_get_entry(dnode, NULL, true);
 	if (host_str != NULL)
 	sseq = acl_cisco_get_seq(acl, action, host_str,
-					 mask_str ? mask_str : "0.0.0.0", NULL,
+				 mask_str ? mask_str : CISCO_HOST_WILDCARD_MASK,
-					 NULL);
+				 NULL, NULL);
 	else
 		sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
 					 "255.255.255.255", NULL, NULL);
 	if (sseq == -1)
 		return CMD_WARNING;
@ -389,24 +385,28 @@ DEFPY_YANG(
 		if (dst_str != NULL)
 			sseq = acl_cisco_get_seq(
 				acl, action, src_str,
 				src_mask_str ? src_mask_str : "0.0.0.0",
 				dst_str,
 				dst_mask_str ? dst_mask_str : "0.0.0.0");
 		else
 			sseq = acl_cisco_get_seq(acl, action, src_str,
 				src_mask_str ? src_mask_str
-							      : "0.0.0.0",
+					     : CISCO_HOST_WILDCARD_MASK,
-						 "0.0.0.0", "255.255.255.255");
+				dst_str,
 				dst_mask_str ? dst_mask_str
 					     : CISCO_HOST_WILDCARD_MASK);
 		else
 			sseq = acl_cisco_get_seq(
 				acl, action, src_str,
 				src_mask_str ? src_mask_str
 					     : CISCO_HOST_WILDCARD_MASK,
 				"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
 	} else {
 		if (dst_str != NULL)
-			sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
+			sseq = acl_cisco_get_seq(
-						 "255.255.255.255", dst_str,
+				acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
 				dst_str,
 				dst_mask_str ? dst_mask_str
-							      : "0.0.0.0");
+					     : CISCO_HOST_WILDCARD_MASK);
 		else
-			sseq = acl_cisco_get_seq(acl, action, "0.0.0.0",
+			sseq = acl_cisco_get_seq(
-						 "255.255.255.255", "0.0.0.0",
+				acl, action, "0.0.0.0", CISCO_ANY_WILDCARD_MASK,
-						 "255.255.255.255");
+				"0.0.0.0", CISCO_ANY_WILDCARD_MASK);
 	}
 	if (sseq == -1)
 		return CMD_WARNING;
@ -507,7 +507,7 @@ DEFPY_YANG(
 	/* Use access-list data structure to fetch sequence. */
 	dnode = yang_dnode_get(running_config->dnode, xpath);
 	acl = nb_running_get_entry(dnode, NULL, true);
-	if (prefix == NULL) {
+	if (prefix_str == NULL) {
 		memset(&pany, 0, sizeof(pany));
 		pany.family = AF_INET;
 		sseq = acl_zebra_get_seq(acl, action, &pany, exact);
--- a/lib/filter_nb.c
+++ b/lib/filter_nb.c
@ -112,6 +112,19 @@ static void prefix_list_entry_set_empty(struct prefix_list_entry *ple)
 	ple->le = 0;
 }
 /**
 * Unsets the cisco style rule for addresses so it becomes disabled (the
 * equivalent of setting: `0.0.0.0/32`).
 *
 * \param addr address part.
 * \param mask mask part.
 */
 static void cisco_unset_addr_mask(struct in_addr *addr, struct in_addr *mask)
 {
 	addr->s_addr = INADDR_ANY;
 	mask->s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
 }
 /*
 * XPath: /frr-filter:lib/access-list
 */
@ -345,7 +358,7 @@ lib_access_list_entry_host_modify(struct nb_cb_modify_args *args)
 	f->cisco = 1;
 	fc = &f->u.cfilter;
 	yang_dnode_get_ipv4(&fc->addr, args->dnode, NULL);
-	fc->addr_mask.s_addr = INADDR_ANY;
+	fc->addr_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
 	return NB_OK;
 }
@ -361,8 +374,7 @@ lib_access_list_entry_host_destroy(struct nb_cb_destroy_args *args)
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 	fc->addr_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }
@ -386,6 +398,7 @@ lib_access_list_entry_network_modify(struct nb_cb_modify_args *args)
 	yang_dnode_get_prefix(&p, args->dnode, NULL);
 	fc->addr.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
 	masklen2ip(p.prefixlen, &fc->addr_mask);
 	fc->addr_mask.s_addr = ~fc->addr_mask.s_addr;
 	return NB_OK;
 }
@ -401,8 +414,7 @@ lib_access_list_entry_network_destroy(struct nb_cb_destroy_args *args)
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 	fc->addr_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }
@ -423,7 +435,7 @@ lib_access_list_entry_source_any_create(struct nb_cb_create_args *args)
 	f->cisco = 1;
 	fc = &f->u.cfilter;
 	fc->addr.s_addr = INADDR_ANY;
-	fc->addr_mask.s_addr = INADDR_NONE;
+	fc->addr_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
 	return NB_OK;
 }
@ -439,8 +451,7 @@ lib_access_list_entry_source_any_destroy(struct nb_cb_destroy_args *args)
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
-	fc->addr.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->addr, &fc->addr_mask);
 	fc->addr_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }
@ -461,7 +472,7 @@ static int lib_access_list_entry_destination_host_modify(
 	fc = &f->u.cfilter;
 	fc->extended = 1;
 	yang_dnode_get_ipv4(&fc->mask, args->dnode, NULL);
-	fc->mask_mask.s_addr = INADDR_ANY;
+	fc->mask_mask.s_addr = CISCO_BIN_HOST_WILDCARD_MASK;
 	return NB_OK;
 }
@ -478,8 +489,7 @@ static int lib_access_list_entry_destination_host_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 	fc->mask_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }
@ -503,6 +513,7 @@ static int lib_access_list_entry_destination_network_modify(
 	yang_dnode_get_prefix(&p, args->dnode, NULL);
 	fc->mask.s_addr = ipv4_network_addr(p.u.prefix4.s_addr, p.prefixlen);
 	masklen2ip(p.prefixlen, &fc->mask_mask);
 	fc->mask_mask.s_addr = ~fc->mask_mask.s_addr;
 	return NB_OK;
 }
@ -519,8 +530,7 @@ static int lib_access_list_entry_destination_network_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 	fc->mask_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }
@ -541,7 +551,7 @@ static int lib_access_list_entry_destination_any_create(
 	fc = &f->u.cfilter;
 	fc->extended = 1;
 	fc->mask.s_addr = INADDR_ANY;
-	fc->mask_mask.s_addr = INADDR_NONE;
+	fc->mask_mask.s_addr = CISCO_BIN_ANY_WILDCARD_MASK;
 	return NB_OK;
 }
@ -558,8 +568,7 @@ static int lib_access_list_entry_destination_any_destroy(
 	f = nb_running_get_entry(args->dnode, NULL, true);
 	fc = &f->u.cfilter;
 	fc->extended = 0;
-	fc->mask.s_addr = INADDR_ANY;
+	cisco_unset_addr_mask(&fc->mask, &fc->mask_mask);
 	fc->mask_mask.s_addr = INADDR_NONE;
 	return NB_OK;
 }