aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorParixit Gokhale <pgokhale@cisco.com>2019-04-11 14:00:52 -0700
committerParixit Gokhale <pgokhale@cisco.com>2019-04-11 15:32:53 -0700
commitbf386593a064d99784afae449ca6fb45ad4cfbc9 (patch)
tree9cb5b1f07ae2a3ed541ffe5f28d14db83fa4ccd1
parent49e7ef60cb38d9f539d70d7a1e85cea5d350a203 (diff)
Adding check to ensure acl_id matches existing acl_id in abf_policy_update
Change-Id: Ia86387ca5a52d6b4b9e5aff0c01c92df13a5dde5 Signed-off-by: Parixit Gokhale <pgokhale@cisco.com>
-rw-r--r--src/plugins/abf/abf_api.c6
-rw-r--r--src/plugins/abf/abf_policy.c20
-rw-r--r--src/plugins/abf/abf_policy.h6
3 files changed, 23 insertions, 9 deletions
diff --git a/src/plugins/abf/abf_api.c b/src/plugins/abf/abf_api.c
index 9da08394fe6..a951fe6475a 100644
--- a/src/plugins/abf/abf_api.c
+++ b/src/plugins/abf/abf_api.c
@@ -111,12 +111,12 @@ vl_api_abf_policy_add_del_t_handler (vl_api_abf_policy_add_del_t * mp)
if (mp->is_add)
{
- abf_policy_update (ntohl (mp->policy.policy_id),
- ntohl (mp->policy.acl_index), paths);
+ rv = abf_policy_update (ntohl (mp->policy.policy_id),
+ ntohl (mp->policy.acl_index), paths);
}
else
{
- abf_policy_delete (ntohl (mp->policy.policy_id), paths);
+ rv = abf_policy_delete (ntohl (mp->policy.policy_id), paths);
}
done:
vec_free (paths);
diff --git a/src/plugins/abf/abf_policy.c b/src/plugins/abf/abf_policy.c
index c411f3bae62..458bf1b215d 100644
--- a/src/plugins/abf/abf_policy.c
+++ b/src/plugins/abf/abf_policy.c
@@ -76,7 +76,7 @@ abf_policy_find (u32 policy_id)
}
-void
+int
abf_policy_update (u32 policy_id,
u32 acl_index, const fib_route_path_t * rpaths)
{
@@ -128,6 +128,11 @@ abf_policy_update (u32 policy_id,
ap = abf_policy_get (api);
old_pl = ap->ap_pl;
+ if (ap->ap_acl != acl_index)
+ {
+ /* Should change this error code to something more descriptive */
+ return (VNET_API_ERROR_INVALID_VALUE);
+ }
if (FIB_NODE_INDEX_INVALID != old_pl)
{
@@ -155,6 +160,7 @@ abf_policy_update (u32 policy_id,
fib_walk_sync (abf_policy_fib_node_type, api, &ctx);
}
+ return (0);
}
static void
@@ -184,7 +190,7 @@ abf_policy_delete (u32 policy_id, const fib_route_path_t * rpaths)
/*
* no such policy
*/
- return (-1);
+ return (VNET_API_ERROR_INVALID_VALUE);
}
else
{
@@ -242,6 +248,7 @@ abf_policy_cmd (vlib_main_t * vm,
u32 acl_index, policy_id;
fib_route_path_t *rpaths = NULL, rpath;
u32 is_del;
+ int rv = 0;
is_del = 0;
acl_index = INDEX_INVALID;
@@ -283,7 +290,14 @@ abf_policy_cmd (vlib_main_t * vm,
return 0;
}
- abf_policy_update (policy_id, acl_index, rpaths);
+ rv = abf_policy_update (policy_id, acl_index, rpaths);
+ /* Should change this error code to something more descriptive */
+ if (rv == VNET_API_ERROR_INVALID_VALUE)
+ {
+ vlib_cli_output (vm,
+ "ACL index must match existing ACL index in policy");
+ return 0;
+ }
}
else
{
diff --git a/src/plugins/abf/abf_policy.h b/src/plugins/abf/abf_policy.h
index 724611eac38..7d890abed73 100644
--- a/src/plugins/abf/abf_policy.h
+++ b/src/plugins/abf/abf_policy.h
@@ -82,10 +82,10 @@ extern fib_node_type_t abf_policy_fib_node_type;
* @param policy_id User defined Policy ID
* @param acl_index The ACL the policy with match on
* @param rpaths The set of paths to add to the forwarding set
+ * @return error code
*/
-extern void abf_policy_update (u32 policy_id,
- u32 acl_index,
- const fib_route_path_t * rpaths);
+extern int abf_policy_update (u32 policy_id,
+ u32 acl_index, const fib_route_path_t * rpaths);
/**
* Delete paths from an ABF Policy. If no more paths exist, the policy