diff options
author | Parixit Gokhale <pgokhale@cisco.com> | 2019-04-11 14:00:52 -0700 |
---|---|---|
committer | Parixit Gokhale <pgokhale@cisco.com> | 2019-04-11 15:32:53 -0700 |
commit | bf386593a064d99784afae449ca6fb45ad4cfbc9 (patch) | |
tree | 9cb5b1f07ae2a3ed541ffe5f28d14db83fa4ccd1 | |
parent | 49e7ef60cb38d9f539d70d7a1e85cea5d350a203 (diff) |
Adding check to ensure acl_id matches existing acl_id in abf_policy_update
Change-Id: Ia86387ca5a52d6b4b9e5aff0c01c92df13a5dde5
Signed-off-by: Parixit Gokhale <pgokhale@cisco.com>
-rw-r--r-- | src/plugins/abf/abf_api.c | 6 | ||||
-rw-r--r-- | src/plugins/abf/abf_policy.c | 20 | ||||
-rw-r--r-- | src/plugins/abf/abf_policy.h | 6 |
3 files changed, 23 insertions, 9 deletions
diff --git a/src/plugins/abf/abf_api.c b/src/plugins/abf/abf_api.c index 9da08394fe6..a951fe6475a 100644 --- a/src/plugins/abf/abf_api.c +++ b/src/plugins/abf/abf_api.c @@ -111,12 +111,12 @@ vl_api_abf_policy_add_del_t_handler (vl_api_abf_policy_add_del_t * mp) if (mp->is_add) { - abf_policy_update (ntohl (mp->policy.policy_id), - ntohl (mp->policy.acl_index), paths); + rv = abf_policy_update (ntohl (mp->policy.policy_id), + ntohl (mp->policy.acl_index), paths); } else { - abf_policy_delete (ntohl (mp->policy.policy_id), paths); + rv = abf_policy_delete (ntohl (mp->policy.policy_id), paths); } done: vec_free (paths); diff --git a/src/plugins/abf/abf_policy.c b/src/plugins/abf/abf_policy.c index c411f3bae62..458bf1b215d 100644 --- a/src/plugins/abf/abf_policy.c +++ b/src/plugins/abf/abf_policy.c @@ -76,7 +76,7 @@ abf_policy_find (u32 policy_id) } -void +int abf_policy_update (u32 policy_id, u32 acl_index, const fib_route_path_t * rpaths) { @@ -128,6 +128,11 @@ abf_policy_update (u32 policy_id, ap = abf_policy_get (api); old_pl = ap->ap_pl; + if (ap->ap_acl != acl_index) + { + /* Should change this error code to something more descriptive */ + return (VNET_API_ERROR_INVALID_VALUE); + } if (FIB_NODE_INDEX_INVALID != old_pl) { @@ -155,6 +160,7 @@ abf_policy_update (u32 policy_id, fib_walk_sync (abf_policy_fib_node_type, api, &ctx); } + return (0); } static void @@ -184,7 +190,7 @@ abf_policy_delete (u32 policy_id, const fib_route_path_t * rpaths) /* * no such policy */ - return (-1); + return (VNET_API_ERROR_INVALID_VALUE); } else { @@ -242,6 +248,7 @@ abf_policy_cmd (vlib_main_t * vm, u32 acl_index, policy_id; fib_route_path_t *rpaths = NULL, rpath; u32 is_del; + int rv = 0; is_del = 0; acl_index = INDEX_INVALID; @@ -283,7 +290,14 @@ abf_policy_cmd (vlib_main_t * vm, return 0; } - abf_policy_update (policy_id, acl_index, rpaths); + rv = abf_policy_update (policy_id, acl_index, rpaths); + /* Should change this error code to something more descriptive */ + if (rv == VNET_API_ERROR_INVALID_VALUE) + { + vlib_cli_output (vm, + "ACL index must match existing ACL index in policy"); + return 0; + } } else { diff --git a/src/plugins/abf/abf_policy.h b/src/plugins/abf/abf_policy.h index 724611eac38..7d890abed73 100644 --- a/src/plugins/abf/abf_policy.h +++ b/src/plugins/abf/abf_policy.h @@ -82,10 +82,10 @@ extern fib_node_type_t abf_policy_fib_node_type; * @param policy_id User defined Policy ID * @param acl_index The ACL the policy with match on * @param rpaths The set of paths to add to the forwarding set + * @return error code */ -extern void abf_policy_update (u32 policy_id, - u32 acl_index, - const fib_route_path_t * rpaths); +extern int abf_policy_update (u32 policy_id, + u32 acl_index, const fib_route_path_t * rpaths); /** * Delete paths from an ABF Policy. If no more paths exist, the policy |