summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2017-11-10 13:15:12 -0600
committerFlorin Coras <florin.coras@gmail.com>2017-11-11 19:06:46 +0000
commit27cadd23b6c220e73552fa7b3fe61e5874d07cec (patch)
treeeddf4bce55a3dcce933dcfd2984abac57a739a90
parent62fe07c8e30a6ac718fe65528592fe6964d753fa (diff)
ACLs: Use better error return codes than "-1" everywhere.
Added two new errors: ACL_IN_USE_INBOUND ACL_IN_USE_OUTBOUND Update ACL tests to expect new, precise return values. Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697 Signed-off-by: Jon Loeliger <jdl@netgate.com>
-rw-r--r--src/plugins/acl/acl.c28
-rw-r--r--src/vnet/api_errno.h4
-rw-r--r--test/test_acl_plugin.py10
3 files changed, 22 insertions, 20 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index dc7f1ebcdb5..e3993f56d1b 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -182,7 +182,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
{
/* tried to replace a non-existent ACL, no point doing anything */
clib_warning("acl-plugin-error: Trying to replace nonexistent ACL %d (tag %s)", *acl_list_index, tag);
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
if (0 == count) {
@@ -254,19 +254,19 @@ acl_del_list (u32 acl_list_index)
int i, ii;
if (pool_is_free_index (am->acls, acl_list_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
if (acl_list_index < vec_len(am->input_sw_if_index_vec_by_acl)) {
if (vec_len(vec_elt(am->input_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere inbound. Refuse to delete */
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_INBOUND;
}
}
if (acl_list_index < vec_len(am->output_sw_if_index_vec_by_acl)) {
if (vec_len(vec_elt(am->output_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere outbound. Refuse to delete */
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
}
}
@@ -910,7 +910,7 @@ acl_interface_add_inout_acl (u32 sw_if_index, u8 is_input, u32 acl_list_index)
acl_main_t *am = &acl_main;
if (acl_is_not_defined(am, acl_list_index)) {
/* ACL is not defined. Can not apply */
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
void *oldheap = acl_set_heap(am);
@@ -924,7 +924,7 @@ acl_interface_add_inout_acl (u32 sw_if_index, u8 is_input, u32 acl_list_index)
acl_list_index, sw_if_index, index);
/* the entry is already there */
clib_mem_set_heap (oldheap);
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_INBOUND;
}
/* if there was no ACL applied before, enable the ACL processing */
if (vec_len(am->input_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
@@ -946,7 +946,7 @@ acl_interface_add_inout_acl (u32 sw_if_index, u8 is_input, u32 acl_list_index)
acl_list_index, sw_if_index, index);
/* the entry is already there */
clib_mem_set_heap (oldheap);
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
}
/* if there was no ACL applied before, enable the ACL processing */
if (vec_len(am->output_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
@@ -968,7 +968,7 @@ acl_interface_del_inout_acl (u32 sw_if_index, u8 is_input, u32 acl_list_index)
{
acl_main_t *am = &acl_main;
int i;
- int rv = -1;
+ int rv = VNET_API_ERROR_NO_SUCH_ENTRY;
void *oldheap = acl_set_heap(am);
if (is_input)
{
@@ -1085,7 +1085,7 @@ static int
acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
u32 acl_list_index)
{
- int rv = -1;
+ int rv = VNET_API_ERROR_NO_SUCH_ENTRY;
acl_main_t *am = &acl_main;
if (is_add)
{
@@ -1427,7 +1427,7 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
{
/* tried to replace a non-existent ACL, no point doing anything */
clib_warning("acl-plugin-error: Trying to replace nonexistent MACIP ACL %d (tag %s)", *acl_list_index, tag);
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
@@ -1496,7 +1496,7 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index];
/* No point in deleting MACIP ACL which is not applied */
if (~0 == macip_acl_index)
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
/* remove the classifier tables off the interface L2 ACL */
rv =
@@ -1517,7 +1517,7 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
int rv;
if (pool_is_free_index (am->macip_acls, macip_acl_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
void *oldheap = acl_set_heap(am);
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
@@ -1543,7 +1543,7 @@ macip_acl_del_list (u32 acl_list_index)
int i;
if (pool_is_free_index (am->macip_acls, acl_list_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
/* delete any references to the ACL */
@@ -1694,7 +1694,7 @@ vl_api_acl_interface_set_acl_list_t_handler
{
if(acl_is_not_defined(am, ntohl (mp->acls[i]))) {
/* ACL does not exist, so we can not apply it */
- rv = -1;
+ rv = VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
if (0 == rv) {
diff --git a/src/vnet/api_errno.h b/src/vnet/api_errno.h
index f24cef4739c..e4ba8ddfb95 100644
--- a/src/vnet/api_errno.h
+++ b/src/vnet/api_errno.h
@@ -130,7 +130,9 @@ _(NAME_SERVER_FORMAT_ERROR, -137, "Server format error (bug!)") \
_(NAME_SERVER_NO_SUCH_NAME, -138, "No such name") \
_(NAME_SERVER_NO_ADDRESSES, -139, "No addresses available") \
_(NAME_SERVER_NEXT_SERVER, -140, "Retry with new server") \
-_(APP_CONNECT_FILTERED, -141, "Connect was filtered")
+_(APP_CONNECT_FILTERED, -141, "Connect was filtered") \
+_(ACL_IN_USE_INBOUND, -142, "Inbound ACL in use") \
+_(ACL_IN_USE_OUTBOUND, -143, "Outbound ACL in use")
typedef enum
{
diff --git a/test/test_acl_plugin.py b/test/test_acl_plugin.py
index 4d748921aaf..361ced14c21 100644
--- a/test/test_acl_plugin.py
+++ b/test/test_acl_plugin.py
@@ -558,15 +558,15 @@ class TestACLplugin(VppTestCase):
# Test 2: try to modify a nonexistent ACL
reply = self.vapi.acl_add_replace(acl_index=432, r=r,
- tag="FFFF:FFFF", expected_retval=-1)
- self.assertEqual(reply.retval, -1)
+ tag="FFFF:FFFF", expected_retval=-6)
+ self.assertEqual(reply.retval, -6)
# The ACL number should pass through
self.assertEqual(reply.acl_index, 432)
# apply an ACL on an interface inbound, try to delete ACL, must fail
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
n_input=1,
acls=[first_acl])
- reply = self.vapi.acl_del(acl_index=first_acl, expected_retval=-1)
+ reply = self.vapi.acl_del(acl_index=first_acl, expected_retval=-142)
# Unapply an ACL and then try to delete it - must be ok
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
n_input=0,
@@ -577,7 +577,7 @@ class TestACLplugin(VppTestCase):
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
n_input=0,
acls=[second_acl])
- reply = self.vapi.acl_del(acl_index=second_acl, expected_retval=-1)
+ reply = self.vapi.acl_del(acl_index=second_acl, expected_retval=-143)
# Unapply the ACL and then try to delete it - must be ok
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
n_input=0,
@@ -588,7 +588,7 @@ class TestACLplugin(VppTestCase):
self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
n_input=1,
acls=[first_acl],
- expected_retval=-1)
+ expected_retval=-6)
self.logger.info("ACLP_TEST_FINISH_0001")