From e38d9470742ac9357515d51468ea9a6ab8c9f8f6 Mon Sep 17 00:00:00 2001 From: Steven Luong Date: Wed, 6 Nov 2024 13:47:26 -0800 Subject: session: validate appns index in vnet_session_rule_add_del vnet_session_rule_add_del may be called with a bogus appns index from the API. Validate the appns index is indeed valid. Type: fix Change-Id: Ife1b5b9ab0b180ececa74008d2ef92045a9e8b58 Signed-off-by: Steven Luong --- test/asf/test_session.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'test/asf') diff --git a/test/asf/test_session.py b/test/asf/test_session.py index 7850f2270da..fe8da126195 100644 --- a/test/asf/test_session.py +++ b/test/asf/test_session.py @@ -189,9 +189,6 @@ class TestApplicationNamespace(VppAsfTestCase): self.assertEqual(dump[1].appns_index[0], 0) self.assertEqual(dump[1].appns_index[1], app0.appns_index) - self.vapi.app_namespace_add_del_v4( - namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0 - ) self.vapi.session_rule_add_del( transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP, lcl="172.100.1.1/32", @@ -203,6 +200,24 @@ class TestApplicationNamespace(VppAsfTestCase): scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL, is_add=0, ) + self.vapi.app_namespace_add_del_v4( + namespace_id="0", sw_if_index=self.loop0.sw_if_index, is_add=0 + ) + + # test bad appns index for the API + with self.vapi.assert_negative_api_retval(): + rv = self.vapi.session_rule_add_del( + transport_proto=VppEnum.vl_api_transport_proto_t.TRANSPORT_PROTO_API_TCP, + lcl="172.100.1.1/32", + rmt="172.100.1.2/32", + lcl_port=5000, + rmt_port=5000, + action_index=1, + appns_index=10, + scope=VppEnum.vl_api_session_rule_scope_t.SESSION_RULE_SCOPE_API_GLOBAL, + is_add=1, + ) + self.assertEqual(rv.retval, -1) @tag_fixme_vpp_workers -- cgit 1.2.3-korg