summaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2017-05-02 11:06:23 -0500
committerJohn Lo <loj@cisco.com>2017-05-02 23:26:33 +0000
commit1c7d4858369881ac4cc287c4fa16eff2e9890c1c (patch)
tree7d1698af41ef0a75eff7d1b424a4bb2dc8dbca8a /src/vnet
parent41da54f501338072ec9543db2e07e2c046e3964e (diff)
Prevent Bridge Domain operations on BD 0.
The default bridge domain, 0, is created automatically with static features. It should be modified by neither the CLI nor the API. So add tests for, and reject any operation on BD 0. The new API error message BD_NOT_MODIFIABLE is returned in such cases. Change-Id: Iaf3dd80c4f43cf41689ca55756a0a3525420cd12 Signed-off-by: Jon Loeliger <jdl@netgate.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/api_errno.h3
-rw-r--r--src/vnet/l2/l2_api.c19
-rw-r--r--src/vnet/l2/l2_bd.c45
3 files changed, 64 insertions, 3 deletions
diff --git a/src/vnet/api_errno.h b/src/vnet/api_errno.h
index b87c197f134..e694fbf1ed4 100644
--- a/src/vnet/api_errno.h
+++ b/src/vnet/api_errno.h
@@ -110,7 +110,8 @@ _(SVM_SEGMENT_CREATE_FAIL, -117, "svm segment create fail") \
_(APPLICATION_NOT_ATTACHED, -118, "application not attached") \
_(BD_ALREADY_EXISTS, -119, "Bridge domain already exists") \
_(BD_IN_USE, -120, "Bridge domain has member interfaces") \
-_(UNSUPPORTED, -121, "Unsupported")
+_(BD_NOT_MODIFIABLE, -121, "Default bridge domain 0 can be neither deleted nor modified") \
+_(UNSUPPORTED, -122, "Unsupported")
typedef enum
{
diff --git a/src/vnet/l2/l2_api.c b/src/vnet/l2/l2_api.c
index 5a3c8dc2682..8cc7c7942eb 100644
--- a/src/vnet/l2/l2_api.c
+++ b/src/vnet/l2/l2_api.c
@@ -310,7 +310,15 @@ vl_api_bridge_domain_set_mac_age_t_handler (vl_api_bridge_domain_set_mac_age_t
vl_api_bridge_domain_set_mac_age_reply_t *rmp;
int rv = 0;
u32 bd_id = ntohl (mp->bd_id);
- uword *p = hash_get (bdm->bd_index_by_bd_id, bd_id);
+ uword *p;
+
+ if (bd_id == 0)
+ {
+ rv = VNET_API_ERROR_BD_NOT_MODIFIABLE;
+ goto out;
+ }
+
+ p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
{
rv = VNET_API_ERROR_NO_SUCH_ENTRY;
@@ -401,10 +409,13 @@ vl_api_bridge_domain_dump_t_handler (vl_api_bridge_domain_dump_t * mp)
return;
bd_id = ntohl (mp->bd_id);
+ if (bd_id == 0)
+ return;
bd_index = (bd_id == ~0) ? 0 : bd_find_index (bdm, bd_id);
ASSERT (bd_index != ~0);
end = (bd_id == ~0) ? vec_len (l2im->bd_configs) : bd_index + 1;
+
for (; bd_index < end; bd_index++)
{
bd_config = l2input_bd_config_from_index (l2im, bd_index);
@@ -437,6 +448,12 @@ vl_api_bridge_flags_t_handler (vl_api_bridge_flags_t * mp)
u32 flags = ntohl (mp->feature_bitmap);
uword *p;
+ if (bd_id == 0)
+ {
+ rv = VNET_API_ERROR_BD_NOT_MODIFIABLE;
+ goto out;
+ }
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
{
diff --git a/src/vnet/l2/l2_bd.c b/src/vnet/l2/l2_bd.c
index 7c55789bb32..4ebbb547134 100644
--- a/src/vnet/l2/l2_bd.c
+++ b/src/vnet/l2/l2_bd.c
@@ -304,6 +304,10 @@ bd_learn (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
@@ -369,6 +373,10 @@ bd_fwd (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd)
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
@@ -436,6 +444,10 @@ bd_flood (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
@@ -502,6 +514,10 @@ bd_uu_flood (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
@@ -568,6 +584,10 @@ bd_arp_term (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p)
bd_index = *p;
@@ -607,6 +627,10 @@ bd_mac_age (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p == 0)
@@ -780,6 +804,10 @@ bd_arp_entry (vlib_main_t * vm,
goto done;
}
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p)
@@ -900,7 +928,7 @@ bd_show (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd)
u32 bd_id = ~0;
uword *p;
- start = 0;
+ start = 1;
end = vec_len (l2input_main.bd_configs);
if (unformat (input, "%d", &bd_id))
@@ -914,6 +942,10 @@ bd_show (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd)
if (unformat (input, "arp"))
arp = 1;
+ if (bd_id == 0)
+ return clib_error_return (0,
+ "No operations on the default bridge domain are supported");
+
p = hash_get (bdm->bd_index_by_bd_id, bd_id);
if (p)
bd_index = *p;
@@ -1125,6 +1157,8 @@ bd_add_del (l2_bridge_domain_add_del_args_t * a)
{
if (bd_index == ~0)
return VNET_API_ERROR_NO_SUCH_ENTRY;
+ if (bd_index == 0)
+ return VNET_API_ERROR_BD_NOT_MODIFIABLE;
if (vec_len (l2input_main.bd_configs[bd_index].members))
return VNET_API_ERROR_BD_IN_USE;
rv = bd_delete (bdm, bd_index);
@@ -1188,6 +1222,12 @@ bd_add_del_command_fn (vlib_main_t * vm, unformat_input_t * input,
goto done;
}
+ if (bd_id == 0)
+ {
+ error = clib_error_return (0, "bridge domain 0 can not be modified");
+ goto done;
+ }
+
if (mac_age > 255)
{
error = clib_error_return (0, "mac age must be less than 256");
@@ -1218,6 +1258,9 @@ bd_add_del_command_fn (vlib_main_t * vm, unformat_input_t * input,
case VNET_API_ERROR_NO_SUCH_ENTRY:
error = clib_error_return (0, "bridge domain id does not exist");
goto done;
+ case VNET_API_ERROR_BD_NOT_MODIFIABLE:
+ error = clib_error_return (0, "bridge domain 0 can not be modified");
+ goto done;
default:
error = clib_error_return (0, "bd_add_del returned %d", rv);
goto done;