diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..304d700 --- /dev/null +++ b/.gitignore @@ -0,0 +1,64 @@ +# Derived from https://github.com/github/gitignore/blob/main/Autotools.gitignore + +# http://www.gnu.org/software/automake + +Makefile.in +/ar-lib +/mdate-sh +/py-compile +/test-driver +/ylwrap +.deps/ +.dirstamp + +# http://www.gnu.org/software/autoconf + +autom4te.cache +/autoscan.log +/autoscan-*.log +/aclocal.m4 +/compile +/config.cache +/config.guess +/config.h.in +/config.log +/config.status +/config.sub +/configure +/configure.scan +/depcomp +/install-sh +/missing +/stamp-h1 + +# https://www.gnu.org/software/libtool/ + +/ltmain.sh + +# http://www.gnu.org/software/texinfo + +/texinfo.tex + +# http://www.gnu.org/software/m4/ + +m4/libtool.m4 +m4/ltoptions.m4 +m4/ltsugar.m4 +m4/ltversion.m4 +m4/lt~obsolete.m4 + +# Generated Makefile +# (meta build system like autotools, +# can automatically generate from config.status script +# (which is called by configure script)) +Makefile + +# Build artifacts +build +configure~ +*.o +*.lo +*.a +*.la +bgpq4 +libtool diff --git a/main.c b/main.c index bb8b3c6..7a19996 100644 --- a/main.c +++ b/main.c @@ -85,9 +85,10 @@ usage(int ecode) printf(" -3 : assume that your device is asn32-safe (default)\n"); printf(" -A : try to aggregate prefix-lists/route-filters\n"); printf(" -E : generate extended access-list (Cisco), " - "route-filter (Juniper)\n" - " [ip|ipv6]-prefix-list (Nokia) or prefix-set " - "(OpenBGPD)\n"); + "route-filter (Juniper),\n" + " [ip|ipv6]-prefix-list (Nokia), " + "prefix-set (OpenBGPD),\n" + " or firewall address-list (MikroTik)\n"); printf(" -f number : generate input as-path access-list\n"); printf(" -G number : generate output as-path access-list\n"); printf(" -H number : generate origin as-lists (JunOS only)\n"); @@ -582,6 +583,14 @@ main(int argc, char* argv[]) exit(1); } + if (aggregate + && (expander.vendor == V_MIKROTIK6 || expander.vendor == V_MIKROTIK7) + && expander.generation == T_EACL) { + sx_report(SX_FATAL, "Sorry, aggregation (-A) is not supported with " + "firewall address-list (-E) on MikroTik.\n"); + exit(1); + } + if (refine && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA || expander.vendor == V_NOKIA_SRL) && expander.generation != T_PREFIXLIST) { diff --git a/printer.c b/printer.c index d97cb71..8466d97 100644 --- a/printer.c +++ b/printer.c @@ -1896,6 +1896,41 @@ bgpq4_print_mikrotik_prefixlist(FILE *f, struct bgpq_expander *b) } } +static void +bgpq4_print_mikrotik_address(struct sx_radix_node *n, void *ff) +{ + char prefix[128]; + FILE *f = (FILE*)ff; + + if (!f) + f = stdout; + + if (n->isGlue) + goto checkSon; + + sx_prefix_snprintf_sep(n->prefix, prefix, sizeof(prefix), "/"); + + fprintf(f,"/%s firewall address-list add list=\"%s\" address=%s\n", + n->prefix->family == AF_INET ? "ip" : "ipv6", + bname, prefix); + +checkSon: + if (n->son) + bgpq4_print_mikrotik_address(n->son, ff); +} + +static void +bgpq4_print_mikrotik_addresslist(FILE *f, struct bgpq_expander *b) +{ + bname = b->name ? b->name : "NN"; + + if (!sx_radix_tree_empty(b->tree)) { + sx_radix_tree_foreach(b->tree, bgpq4_print_mikrotik_address, f); + } else { + fprintf(f, "# generated prefix-list %s is empty\n", bname); + } +} + void bgpq4_print_prefixlist(FILE *f, struct bgpq_expander *b) { @@ -1969,6 +2004,10 @@ bgpq4_print_eacl(FILE *f, struct bgpq_expander *b) case V_NOKIA_SRL: bgpq4_print_nokia_srl_aclipfilter(f, b); break; + case V_MIKROTIK6: + case V_MIKROTIK7: + bgpq4_print_mikrotik_addresslist(f, b); + break; default: sx_report(SX_FATAL, "unreachable point\n"); }