{
/* tried to replace a non-existent ACL, no point doing anything */
clib_warning("acl-plugin-error: Trying to replace nonexistent ACL %d (tag %s)", *acl_list_index, tag);
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
if (0 == count) {
int i, ii;
if (pool_is_free_index (am->acls, acl_list_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
if (acl_list_index < vec_len(am->input_sw_if_index_vec_by_acl)) {
if (vec_len(vec_elt(am->input_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere inbound. Refuse to delete */
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_INBOUND;
}
}
if (acl_list_index < vec_len(am->output_sw_if_index_vec_by_acl)) {
if (vec_len(vec_elt(am->output_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere outbound. Refuse to delete */
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
}
}
/* Some aids in ASCII graphing the content */
#define XX "\377"
#define __ "\000"
+#define DOT1AD "\210\250"
+#define DOT1Q "\201\00"
#define _(x)
#define v
u8 ip4_5tuple_mask[] =
-_(" dmac smac etype ")
-_(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v __ __ v
+ _(" dmac smac etype ")
+ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v __ __ v
_(" v ihl totlen ")
_(0x0000)
__ __ __ __
_(padeth)
__ __;
- u8 ip6_5tuple_mask[] =
- _(" dmac smac etype ")
+ u8 ip6_5tuple_mask[] =
+ _(" dmac smac etype ")
_(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v __ __ v
_(" v tc + flow ")
_(0x0000) __ __ __ __
_("L4T/U sport dport ")
_(tcpudp) XX XX XX XX _(padpad) __ __ __ __ _(padeth) __ __;
+ u8 dot1q_5tuple_mask[] =
+ _(" dmac smac dot1q etype ")
+ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v DOT1Q __ __ v XX XX v
+ _(padpad) __ __ __ __
+ _(padpad) __ __ __ __
+ _(padpad) __ __ __ __
+ _(padeth) __ __;
+
+ u8 dot1ad_5tuple_mask[] =
+ _(" dmac smac dot1ad etype ")
+ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v DOT1AD __ __ DOT1Q __ __ v XX XX v
+ _(padpad) __ __ __ __
+ _(padpad) __ __ __ __
+ _(padeth) __ __;
+
#undef XX
#undef __
+#undef DOT1AD
+#undef DOT1Q
#undef _
#undef v
- static int count_skip (u8 * p, u32 size)
+static int count_skip (u8 * p, u32 size)
{
u64 *p64 = (u64 *) p;
/* Be tolerant to null pointer */
int is_add)
{
u32 nbuckets = 32;
- u32 memory_size = 2 << 20;
+ u32 memory_size = 2 << 22;
u32 skip = count_skip (mask, mask_len);
u32 match = (mask_len / 16) - skip;
u8 *skip_mask_ptr = mask + 16 * skip;
return ret;
}
-
static int
acl_unhook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
{
vnet_classify_main_t *cm = &vnet_classify_main;
u32 ip4_table_index = ~0;
u32 ip6_table_index = ~0;
+ u32 dot1q_table_index = ~0;
+ u32 dot1ad_table_index = ~0;
void *oldheap = acl_set_heap(am);
vec_validate_init_empty (am->acl_ip4_input_classify_table_by_sw_if_index,
sw_if_index, ~0);
vec_validate_init_empty (am->acl_ip6_input_classify_table_by_sw_if_index,
sw_if_index, ~0);
+ vec_validate_init_empty (am->acl_dot1q_input_classify_table_by_sw_if_index,
+ sw_if_index, ~0);
+ vec_validate_init_empty (am->acl_dot1ad_input_classify_table_by_sw_if_index,
+ sw_if_index, ~0);
/* switch to global heap while calling vnet_* functions */
clib_mem_set_heap (cm->vlib_main->heap_base);
am->l2_input_classify_next_acl_ip6,
&ip6_table_index, 0);
}
+ if (am->acl_dot1q_input_classify_table_by_sw_if_index[sw_if_index] != ~0)
+ {
+ dot1q_table_index =
+ am->acl_dot1q_input_classify_table_by_sw_if_index[sw_if_index];
+ am->acl_dot1q_input_classify_table_by_sw_if_index[sw_if_index] = ~0;
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
+ sizeof (ip6_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1q_table_index, 0);
+ }
+ if (am->acl_dot1ad_input_classify_table_by_sw_if_index[sw_if_index] != ~0)
+ {
+ dot1ad_table_index =
+ am->acl_dot1ad_input_classify_table_by_sw_if_index[sw_if_index];
+ am->acl_dot1ad_input_classify_table_by_sw_if_index[sw_if_index] = ~0;
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1ad_table_index, 0);
+ }
clib_mem_set_heap (oldheap);
return 0;
}
vnet_classify_main_t *cm = &vnet_classify_main;
u32 ip4_table_index = ~0;
u32 ip6_table_index = ~0;
+ u32 dot1q_table_index = ~0;
+ u32 dot1ad_table_index = ~0;
void *oldheap = acl_set_heap(am);
vec_validate_init_empty (am->acl_ip4_output_classify_table_by_sw_if_index,
sw_if_index, ~0);
vec_validate_init_empty (am->acl_ip6_output_classify_table_by_sw_if_index,
sw_if_index, ~0);
+ vec_validate_init_empty (am->acl_dot1q_output_classify_table_by_sw_if_index,
+ sw_if_index, ~0);
+ vec_validate_init_empty (am->acl_dot1ad_output_classify_table_by_sw_if_index,
+ sw_if_index, ~0);
/* switch to global heap while calling vnet_* functions */
clib_mem_set_heap (cm->vlib_main->heap_base);
am->l2_output_classify_next_acl_ip6,
&ip6_table_index, 0);
}
+ if (am->acl_dot1q_output_classify_table_by_sw_if_index[sw_if_index] != ~0)
+ {
+ dot1q_table_index =
+ am->acl_dot1q_output_classify_table_by_sw_if_index[sw_if_index];
+ am->acl_dot1q_output_classify_table_by_sw_if_index[sw_if_index] = ~0;
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
+ sizeof (ip6_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1q_table_index, 0);
+ }
+ if (am->acl_dot1ad_output_classify_table_by_sw_if_index[sw_if_index] != ~0)
+ {
+ dot1ad_table_index =
+ am->acl_dot1ad_output_classify_table_by_sw_if_index[sw_if_index];
+ am->acl_dot1ad_output_classify_table_by_sw_if_index[sw_if_index] = ~0;
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1ad_table_index, 0);
+ }
clib_mem_set_heap (oldheap);
return 0;
}
+static void
+acl_add_vlan_session(acl_main_t * am, u32 table_index, u8 is_output, u8 is_dot1ad, u8 is_ip6)
+{
+ vnet_classify_main_t *cm = &vnet_classify_main;
+ u8 *match;
+ u32 next_acl;
+ u8 idx;
+ u8 session_idx;
+
+ if (is_ip6)
+ {
+ next_acl = (is_output)?am->l2_output_classify_next_acl_ip6:am->l2_input_classify_next_acl_ip6;
+ }
+ else
+ {
+ next_acl = (is_output)?am->l2_output_classify_next_acl_ip4:am->l2_input_classify_next_acl_ip4;
+ }
+ match = (is_dot1ad)?dot1ad_5tuple_mask:dot1q_5tuple_mask;
+ idx = (is_dot1ad)?20:16;
+
+ /* add sessions to vlan tables per ethernet_type */
+ if (is_ip6)
+ {
+ match[idx] = 0x86;
+ match[idx+1] = 0xdd;
+ session_idx = 1;
+ }
+ else
+ {
+ match[idx] = 0x08;
+ match[idx+1] = 0x00;
+ session_idx = 0;
+ }
+ vnet_classify_add_del_session (cm, table_index, match, next_acl,
+ session_idx, 0, 0, 0, 1);
+ memset (&match[idx], 0x00, 2);
+}
+
static int
acl_hook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
{
vnet_classify_main_t *cm = &vnet_classify_main;
u32 ip4_table_index = ~0;
u32 ip6_table_index = ~0;
+ u32 dot1q_table_index = ~0;
+ u32 dot1ad_table_index = ~0;
int rv;
void *prevheap = clib_mem_set_heap (cm->vlib_main->heap_base);
&ip4_table_index, 1);
if (rv)
goto done;
+
rv =
acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
&ip4_table_index, 0);
goto done;
}
+
+ rv =
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0, &dot1ad_table_index, 1);
+ rv =
+ acl_classify_add_del_table_tiny (cm, dot1q_5tuple_mask,
+ sizeof (dot1q_5tuple_mask) - 1, dot1ad_table_index,
+ ~0, &dot1q_table_index, 1);
+ if (rv)
+ {
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0, &dot1ad_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
+ sizeof (ip6_5tuple_mask) - 1, ~0,
+ am->l2_input_classify_next_acl_ip6,
+ &ip6_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
+ sizeof (ip4_5tuple_mask) - 1, ~0,
+ am->l2_input_classify_next_acl_ip4,
+ &ip4_table_index, 0);
+ goto done;
+ }
+
rv =
vnet_l2_input_classify_set_tables (sw_if_index, ip4_table_index,
- ip6_table_index, ~0);
+ ip6_table_index, dot1q_table_index);
+
if (rv)
{
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
+ sizeof (ip4_5tuple_mask) - 1, ~0,
+ am->l2_input_classify_next_acl_ip4,
+ &ip4_table_index, 0);
acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip6,
&ip6_table_index, 0);
- acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
- sizeof (ip4_5tuple_mask) - 1, ~0,
- am->l2_input_classify_next_acl_ip4,
- &ip4_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, dot1q_5tuple_mask,
+ sizeof (dot1q_5tuple_mask) - 1, ~0,
+ ~0, &dot1q_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0, &dot1ad_table_index, 0);
goto done;
}
+ /* add sessions to vlan tables per ethernet_type */
+ acl_add_vlan_session(am, dot1q_table_index, 0, 0, 0);
+ acl_add_vlan_session(am, dot1q_table_index, 0, 0, 1);
+ acl_add_vlan_session(am, dot1ad_table_index, 0, 1, 0);
+ acl_add_vlan_session(am, dot1ad_table_index, 0, 1, 1);
+
am->acl_ip4_input_classify_table_by_sw_if_index[sw_if_index] =
ip4_table_index;
am->acl_ip6_input_classify_table_by_sw_if_index[sw_if_index] =
ip6_table_index;
+ am->acl_dot1q_input_classify_table_by_sw_if_index[sw_if_index] =
+ dot1q_table_index;
+ am->acl_dot1ad_input_classify_table_by_sw_if_index[sw_if_index] =
+ dot1ad_table_index;
vnet_l2_input_classify_enable_disable (sw_if_index, 1);
done:
vnet_classify_main_t *cm = &vnet_classify_main;
u32 ip4_table_index = ~0;
u32 ip6_table_index = ~0;
+ u32 dot1q_table_index = ~0;
+ u32 dot1ad_table_index = ~0;
int rv;
void *prevheap = clib_mem_set_heap (cm->vlib_main->heap_base);
&ip4_table_index, 0);
goto done;
}
+
+ rv =
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0, &dot1ad_table_index, 1);
+ rv =
+ acl_classify_add_del_table_tiny (cm, dot1q_5tuple_mask,
+ sizeof (dot1q_5tuple_mask) - 1, dot1ad_table_index,
+ ~0, &dot1q_table_index, 1);
+ if (rv)
+ {
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0, &dot1ad_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
+ sizeof (ip6_5tuple_mask) - 1, ~0,
+ am->l2_output_classify_next_acl_ip6,
+ &ip6_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
+ sizeof (ip4_5tuple_mask) - 1, ~0,
+ am->l2_output_classify_next_acl_ip4,
+ &ip4_table_index, 0);
+ goto done;
+ }
+
rv =
vnet_l2_output_classify_set_tables (sw_if_index, ip4_table_index,
- ip6_table_index, ~0);
+ ip6_table_index, dot1q_table_index);
+
clib_warning
("ACL enabling on interface sw_if_index %d, setting tables to the following: ip4: %d ip6: %d\n",
sw_if_index, ip4_table_index, ip6_table_index);
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip4,
&ip4_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, dot1q_5tuple_mask,
+ sizeof (dot1q_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1q_table_index, 0);
+ acl_classify_add_del_table_tiny (cm, dot1ad_5tuple_mask,
+ sizeof (dot1ad_5tuple_mask) - 1, ~0,
+ ~0,
+ &dot1ad_table_index, 0);
goto done;
}
+ /* add sessions to vlan tables per ethernet_type */
+ acl_add_vlan_session(am, dot1q_table_index, 1, 0, 0);
+ acl_add_vlan_session(am, dot1q_table_index, 1, 0, 1);
+ acl_add_vlan_session(am, dot1ad_table_index, 1, 1, 0);
+ acl_add_vlan_session(am, dot1ad_table_index, 1, 1, 1);
+
am->acl_ip4_output_classify_table_by_sw_if_index[sw_if_index] =
ip4_table_index;
am->acl_ip6_output_classify_table_by_sw_if_index[sw_if_index] =
ip6_table_index;
+ am->acl_dot1q_output_classify_table_by_sw_if_index[sw_if_index] =
+ dot1q_table_index;
+ am->acl_dot1ad_output_classify_table_by_sw_if_index[sw_if_index] =
+ dot1ad_table_index;
vnet_l2_output_classify_enable_disable (sw_if_index, 1);
done:
return rv;
}
-
-
int
acl_interface_in_enable_disable (acl_main_t * am, u32 sw_if_index,
int enable_disable)
acl_main_t *am = &acl_main;
if (acl_is_not_defined(am, acl_list_index)) {
/* ACL is not defined. Can not apply */
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
void *oldheap = acl_set_heap(am);
acl_list_index, sw_if_index, index);
/* the entry is already there */
clib_mem_set_heap (oldheap);
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_INBOUND;
}
/* if there was no ACL applied before, enable the ACL processing */
if (vec_len(am->input_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
acl_list_index, sw_if_index, index);
/* the entry is already there */
clib_mem_set_heap (oldheap);
- return -1;
+ return VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
}
/* if there was no ACL applied before, enable the ACL processing */
if (vec_len(am->output_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
{
acl_main_t *am = &acl_main;
int i;
- int rv = -1;
+ int rv = VNET_API_ERROR_NO_SUCH_ENTRY;
void *oldheap = acl_set_heap(am);
if (is_input)
{
acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
u32 acl_list_index)
{
- int rv = -1;
+ int rv = VNET_API_ERROR_NO_SUCH_ENTRY;
acl_main_t *am = &acl_main;
if (is_add)
{
u32 count;
u32 table_index;
u32 arp_table_index;
+ u32 dot1q_table_index;
+ u32 dot1ad_table_index;
} macip_match_type_t;
static u32
mvec[match_type_index].prefix_len = a->rules[i].src_prefixlen;
mvec[match_type_index].is_ipv6 = a->rules[i].is_ipv6;
mvec[match_type_index].table_index = ~0;
+ mvec[match_type_index].dot1q_table_index = ~0;
+ mvec[match_type_index].dot1ad_table_index = ~0;
}
mvec[match_type_index].count++;
}
int mask_len;
int is6 = mt->is_ipv6;
int l3_src_offs = get_l3_src_offset(is6);
- memset (mask, 0, sizeof (mask));
- memcpy (&mask[6], mt->mac_mask, 6);
+ int tags;
+ u32 *last_tag_table;
+
+ /*
+ * create chained tables for VLAN (no-tags, dot1q and dot1ad) packets
+ */
+ l3_src_offs += 8;
+ for (tags = 2; tags >= 0; tags--)
+ {
+ memset (mask, 0, sizeof (mask));
+ memcpy (&mask[6], mt->mac_mask, 6);
+ switch (tags)
+ {
+ case 0:
+ default:
+ memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ last_tag_table = &mt->table_index;
+ break;
+ case 1:
+ memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ last_tag_table = &mt->dot1q_table_index;
+ break;
+ case 2:
+ memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ last_tag_table = &mt->dot1ad_table_index;
+ break;
+ }
for (i = 0; i < (mt->prefix_len / 8); i++)
{
mask[l3_src_offs + i] = 0xff;
mask_len = ((l3_src_offs + ((mt->prefix_len+7) / 8) +
(sizeof (u32x4)-1))/sizeof(u32x4)) * sizeof (u32x4);
acl_classify_add_del_table_small (cm, mask, mask_len, last_table,
- (~0 == last_table) ? 0 : ~0, &mt->table_index,
+ (~0 == last_table) ? 0 : ~0, last_tag_table,
1);
- last_table = mt->table_index;
+ last_table = *last_tag_table;
+
+ memset (&mask[12], 0, sizeof (mask)-12);
+ l3_src_offs -= 4;
+ }
}
a->ip4_table_index = last_table;
a->ip6_table_index = last_table;
u32 metadata = 0;
int is6 = a->rules[i].is_ipv6;
int l3_src_offs = get_l3_src_offset(is6);
- memset (mask, 0, sizeof (mask));
- memcpy (&mask[6], a->rules[i].src_mac, 6);
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
- if (is6)
- {
- memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip6, 16);
- mask[12] = 0x86;
- mask[13] = 0xdd;
- }
- else
- {
- memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip4, 4);
- mask[12] = 0x08;
- mask[13] = 0x00;
- }
+ u32 tag_table;
+ int tags, eth;
+
match_type_index =
- macip_find_match_type (mvec, a->rules[i].src_mac_mask,
- a->rules[i].src_prefixlen,
- a->rules[i].is_ipv6);
+ macip_find_match_type (mvec, a->rules[i].src_mac_mask,
+ a->rules[i].src_prefixlen,
+ a->rules[i].is_ipv6);
ASSERT(match_type_index != ~0);
- /* add session to table mvec[match_type_index].table_index; */
- vnet_classify_add_del_session (cm, mvec[match_type_index].table_index,
- mask, a->rules[i].is_permit ? ~0 : 0, i,
- 0, action, metadata, 1);
+
+ l3_src_offs += 8;
+ for (tags = 2; tags >= 0; tags--)
+ {
+ memset (mask, 0, sizeof (mask));
+ memcpy (&mask[6], a->rules[i].src_mac, 6);
+ switch (tags)
+ {
+ case 0:
+ default:
+ tag_table = mvec[match_type_index].table_index;
+ eth = 12;
+ break;
+ case 1:
+ tag_table = mvec[match_type_index].dot1q_table_index;
+ mask[12] = 0x81;
+ mask[13] = 0x00;
+ eth = 16;
+ break;
+ case 2:
+ tag_table = mvec[match_type_index].dot1ad_table_index;
+ mask[12] = 0x88;
+ mask[13] = 0xa8;
+ mask[16] = 0x81;
+ mask[17] = 0x00;
+ eth = 20;
+ break;
+ }
+ if (is6)
+ {
+ memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip6, 16);
+ mask[eth] = 0x86;
+ mask[eth+1] = 0xdd;
+ }
+ else
+ {
+ memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip4, 4);
+ mask[eth] = 0x08;
+ mask[eth+1] = 0x00;
+ }
+
+ /* add session to table mvec[match_type_index].table_index; */
+ vnet_classify_add_del_session (cm, tag_table,
+ mask, a->rules[i].is_permit ? ~0 : 0, i,
+ 0, action, metadata, 1);
+ memset (&mask[12], 0, sizeof (mask)-12);
+ l3_src_offs -= 4;
+ }
+
/* add ARP table entry too */
if (!is6 && (mvec[match_type_index].arp_table_index != ~0))
{
{
/* tried to replace a non-existent ACL, no point doing anything */
clib_warning("acl-plugin-error: Trying to replace nonexistent MACIP ACL %d (tag %s)", *acl_list_index, tag);
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index];
/* No point in deleting MACIP ACL which is not applied */
if (~0 == macip_acl_index)
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
/* remove the classifier tables off the interface L2 ACL */
rv =
int rv;
if (pool_is_free_index (am->macip_acls, macip_acl_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
void *oldheap = acl_set_heap(am);
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
int i;
if (pool_is_free_index (am->macip_acls, acl_list_index))
{
- return -1;
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
}
/* delete any references to the ACL */
{
if(acl_is_not_defined(am, ntohl (mp->acls[i]))) {
/* ACL does not exist, so we can not apply it */
- rv = -1;
+ rv = VNET_API_ERROR_NO_SUCH_ENTRY;
}
}
if (0 == rv) {