aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-04-09 21:46:20 +0200
committerMarco Varlese <marco.varlese@suse.de>2018-04-11 10:01:00 +0000
commiteba3cea3e4d2865b8b5462f656d42204f28d3f19 (patch)
treeb0c1b924c2b3cae8c06724b4f319d9fdacc0d08d /src/plugins/acl
parent7486d3c60fbb205c356a166521166b6eeefcc111 (diff)
acl-plugin: VPP-1231: add error checking to acl_plugin_set_acl_vec_for_context
The users of ACL lookup contexts might not check the data they supply, so do it on their behalf in this function, and return an error if an ACL does not exist or if they attempt to apply the same ACL twice. Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/lookup_context.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/src/plugins/acl/lookup_context.c b/src/plugins/acl/lookup_context.c
index 1f70977e593..4af9847a3ba 100644
--- a/src/plugins/acl/lookup_context.c
+++ b/src/plugins/acl/lookup_context.c
@@ -201,6 +201,9 @@ void acl_plugin_put_lookup_context_index (u32 lc_index)
*/
int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
{
+ int rv = 0;
+ uword *seen_acl_bitmap = 0;
+ u32 *pacln = 0;
acl_main_t *am = &acl_main;
acl_lookup_context_t *acontext;
if (am->trace_acl) {
@@ -216,6 +219,25 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
}
void *oldheap = acl_plugin_set_heap ();
+ vec_foreach (pacln, acl_list)
+ {
+ if (pool_is_free_index (am->acls, *pacln))
+ {
+ /* ACL is not defined. Can not apply */
+ clib_warning ("ERROR: ACL %d not defined", *pacln);
+ rv = VNET_API_ERROR_NO_SUCH_ENTRY;
+ goto done;
+ }
+ if (clib_bitmap_get (seen_acl_bitmap, *pacln))
+ {
+ /* ACL being applied twice within the list. error. */
+ clib_warning ("ERROR: ACL %d being applied twice", *pacln);
+ rv = VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
+ goto done;
+ }
+ seen_acl_bitmap = clib_bitmap_set (seen_acl_bitmap, *pacln, 1);
+ }
+
acontext = pool_elt_at_index(am->acl_lookup_contexts, lc_index);
u32 *old_acl_vector = acontext->acl_indices;
acontext->acl_indices = vec_dup(acl_list);
@@ -226,8 +248,11 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
apply_acl_vec(lc_index, acontext->acl_indices);
vec_free(old_acl_vector);
+
+done:
+ clib_bitmap_free (seen_acl_bitmap);
clib_mem_set_heap (oldheap);
- return 0;
+ return rv;
}