summaryrefslogtreecommitdiffstats
path: root/vnet
diff options
context:
space:
mode:
authorChris Luke <chrisy@flirble.org>2016-06-02 11:00:41 -0400
committerChris Luke <chrisy@flirble.org>2016-06-02 11:28:59 -0400
commite54436005341800f76a584299ef8bf99e8d66227 (patch)
treed1e09b9561eb5b2df3c79c7aeea8ab18fb8bac76 /vnet
parent3419d0b9c1f64c6f477601eeea6b0e5465a89dce (diff)
VPP-91 fix sr tunnel add_del collision check
The add_del function was not properly checking if a tunnel already existed; instead it was checking if the given tunnel name existed. If no tunnel name was given it flat out refused to add a tunnel even though that is optional. Cleanup the add/del parameter validation to "do what I expect" it to do: When adding a tunnel: - If a "name" is given, it must not exist. - The "key" is always checked, and must not exist. When deleting a tunnel: - If the "name" is given, and it exists, then use it. - If the "name" is not given, use the "key". - If the "name" and the "key" are given, then both must point to the same thing. Change-Id: I9b48ae0203f9664cf8af0f7dc49bf480ddec10d5 Signed-off-by: Chris Luke <chrisy@flirble.org>
Diffstat (limited to 'vnet')
-rw-r--r--vnet/vnet/sr/sr.c143
1 files changed, 85 insertions, 58 deletions
diff --git a/vnet/vnet/sr/sr.c b/vnet/vnet/sr/sr.c
index e0ef3181..c4140f8f 100644
--- a/vnet/vnet/sr/sr.c
+++ b/vnet/vnet/sr/sr.c
@@ -750,7 +750,7 @@ int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
ip_lookup_main_t * lm = &im->lookup_main;
ip6_sr_tunnel_key_t key;
ip6_sr_tunnel_t * t;
- uword * p;
+ uword * p, * n;
ip6_sr_header_t * h = 0;
u32 header_length;
ip6_address_t * addrp, *this_address;
@@ -786,69 +786,94 @@ int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
clib_memcpy (key.src.as_u8, a->src_address->as_u8, sizeof (key.src));
clib_memcpy (key.dst.as_u8, a->dst_address->as_u8, sizeof (key.dst));
- /* If the name exists, find the tunnel by name else... */
- if (a->name)
- p = hash_get_mem(sm->tunnel_index_by_name, a->name);
- else if (p==0)
- p = hash_get_mem (sm->tunnel_index_by_key, &key);
+ /* When adding a tunnel:
+ * - If a "name" is given, it must not exist.
+ * - The "key" is always checked, and must not exist.
+ * When deleting a tunnel:
+ * - If the "name" is given, and it exists, then use it.
+ * - If the "name" is not given, use the "key".
+ * - If the "name" and the "key" are given, then both must point to the same
+ * thing.
+ */
- if (p)
- {
- if (a->is_del)
- {
- hash_pair_t *hp;
-
- /* Delete existing tunnel */
- t = pool_elt_at_index (sm->tunnels, p[0]);
+ /* Lookup the key */
+ p = hash_get_mem (sm->tunnel_index_by_key, &key);
- ip6_delete_route_no_next_hop (&t->key.dst, t->dst_mask_width,
- a->rx_table_id);
- vec_free (t->rewrite);
- /* Remove tunnel from any policy if associated */
- if (t->policy_index != ~0)
- {
- pt=pool_elt_at_index (sm->policies, t->policy_index);
- for (i=0; i< vec_len (pt->tunnel_indices); i++)
- {
- if (pt->tunnel_indices[i] == t - sm->tunnels)
- {
- vec_delete (pt->tunnel_indices, 1, i);
- goto found;
- }
- }
- clib_warning ("Tunnel index %d not found in policy_index %d",
- t - sm->tunnels, pt - sm->policies);
- found:
- /* If this is last tunnel in the policy, clean up the policy too */
- if (vec_len (pt->tunnel_indices) == 0)
- {
- hash_unset_mem (sm->policy_index_by_policy_name, pt->name);
- vec_free (pt->name);
- pool_put (sm->policies, pt);
- }
- }
+ /* If the name is given, look it up */
+ if (a->name)
+ n = hash_get_mem(sm->tunnel_index_by_name, a->name);
+ else
+ n = 0;
- /* Clean up the tunnel by name */
- if (t->name)
- {
- hash_unset_mem (sm->tunnel_index_by_name, t->name);
- vec_free (t->name);
- }
- pool_put (sm->tunnels, t);
- hp = hash_get_pair (sm->tunnel_index_by_key, &key);
- key_copy = (void *)(hp->key);
- hash_unset_mem (sm->tunnel_index_by_key, &key);
- vec_free (key_copy);
- return 0;
- }
- else /* create; tunnel already exists; complain */
+ /* validate key/name parameters */
+ if (!a->is_del) /* adding a tunnel */
+ {
+ if (a->name && n) /* name given & exists already */
+ return -1;
+ if (p) /* key exists already */
return -1;
}
- else
+ else /* deleting a tunnel */
{
- /* delete; tunnel does not exist; complain */
- if (a->is_del)
+ if (!p) /* key doesn't exist */
+ return -2;
+ if (a->name && !n) /* name given & it doesn't exist */
return -2;
+
+ if (n) /* name given & found */
+ {
+ if (n[0] != p[0]) /* name and key do not point to the same thing */
+ return -2;
+ }
+ }
+
+
+ if (a->is_del) /* delete the tunnel */
+ {
+ hash_pair_t *hp;
+
+ /* Delete existing tunnel */
+ t = pool_elt_at_index (sm->tunnels, p[0]);
+
+ ip6_delete_route_no_next_hop (&t->key.dst, t->dst_mask_width,
+ a->rx_table_id);
+ vec_free (t->rewrite);
+ /* Remove tunnel from any policy if associated */
+ if (t->policy_index != ~0)
+ {
+ pt=pool_elt_at_index (sm->policies, t->policy_index);
+ for (i=0; i< vec_len (pt->tunnel_indices); i++)
+ {
+ if (pt->tunnel_indices[i] == t - sm->tunnels)
+ {
+ vec_delete (pt->tunnel_indices, 1, i);
+ goto found;
+ }
+ }
+ clib_warning ("Tunnel index %d not found in policy_index %d",
+ t - sm->tunnels, pt - sm->policies);
+ found:
+ /* If this is last tunnel in the policy, clean up the policy too */
+ if (vec_len (pt->tunnel_indices) == 0)
+ {
+ hash_unset_mem (sm->policy_index_by_policy_name, pt->name);
+ vec_free (pt->name);
+ pool_put (sm->policies, pt);
+ }
+ }
+
+ /* Clean up the tunnel by name */
+ if (t->name)
+ {
+ hash_unset_mem (sm->tunnel_index_by_name, t->name);
+ vec_free (t->name);
+ }
+ pool_put (sm->tunnels, t);
+ hp = hash_get_pair (sm->tunnel_index_by_key, &key);
+ key_copy = (void *)(hp->key);
+ hash_unset_mem (sm->tunnel_index_by_key, &key);
+ vec_free (key_copy);
+ return 0;
}
/* create a new tunnel */
@@ -1158,7 +1183,9 @@ sr_add_del_tunnel_command_fn (vlib_main_t * vm,
VLIB_CLI_COMMAND (sr_tunnel_command, static) = {
.path = "sr tunnel",
.short_help =
- "sr tunnel [del] [name <name>] src <addr> dst <addr> [next <addr>] [cleanup] [reroute] [key %s] [policy <policy_name>",
+ "sr tunnel [del] [name <name>] src <addr> dst <addr> [next <addr>] "
+ "[clean] [reroute] [key <secret>] [policy <policy_name>]"
+ "[rx-fib-id <fib_id>] [tx-fib-id <fib_id>]",
.function = sr_add_del_tunnel_command_fn,
};