#include <acl/acl.api_enum.h>
#include <acl/acl.api_types.h>
-#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
#include "fa_node.h"
#include "public_inlines.h"
acl_api_invalid_prefix (const vl_api_prefix_t * prefix)
{
ip_prefix_t ip_prefix;
- return ip_prefix_decode2 (prefix, &ip_prefix);
+ int valid_af =
+ prefix->address.af == ADDRESS_IP4 || prefix->address.af == ADDRESS_IP6;
+ return (!valid_af) || ip_prefix_decode2 (prefix, &ip_prefix);
}
static int
return VNET_API_ERROR_INVALID_SRC_ADDRESS;
if (acl_api_invalid_prefix (&rules[i].dst_prefix))
return VNET_API_ERROR_INVALID_DST_ADDRESS;
+ if (rules[i].src_prefix.address.af != rules[i].dst_prefix.address.af)
+ return VNET_API_ERROR_INVALID_SRC_ADDRESS;
if (ntohs (rules[i].srcport_or_icmptype_first) >
ntohs (rules[i].srcport_or_icmptype_last))
return VNET_API_ERROR_INVALID_VALUE_2;
break;
}
+ unformat_free (line_input);
if (~0 == sw_if_index)
return (clib_error_return (0, "invalid interface"));
if (~0 == acl_index)
acl_interface_add_del_inout_acl (sw_if_index, is_add, is_input, acl_index);
- unformat_free (line_input);
return (NULL);
}
vec_free (rules);
vec_free (tag);
+ unformat_free (line_input);
if (rv)
return (clib_error_return (0, "failed"));
vec_validate (pw->expired,
ACL_N_TIMEOUTS *
am->fa_max_deleted_sessions_per_interval);
- _vec_len (pw->expired) = 0;
+ vec_set_len (pw->expired, 0);
vec_validate_init_empty (pw->fa_conn_list_head, ACL_N_TIMEOUTS - 1,
FA_SESSION_BOGUS_INDEX);
vec_validate_init_empty (pw->fa_conn_list_tail, ACL_N_TIMEOUTS - 1,
Code Review / vpp.git / blobdiff