IPSEC: more expressive API errors

Change-Id: I517a7bdae03abfea58451819e7854974397d77f8
Signed-off-by: Neale Ranns <nranns@cisco.com>

diff --git a/src/vnet/api_errno.h b/src/vnet/api_errno.h
index 1ec5ad4..b474e19 100644 (file)
--- a/src/vnet/api_errno.h
+++ b/src/vnet/api_errno.h
@@ -145,7 +145,9 @@ _(INVALID_SESSION_ID, -148, "session ID out of range")                      \
 _(ACL_IN_USE_BY_LOOKUP_CONTEXT, -149, "ACL in use by a lookup context")        \
 _(INVALID_VALUE_3, -150, "Invalid value #3")                            \
 _(NON_ETHERNET, -151, "Interface is not an Ethernet interface")         \
-_(BD_ALREADY_HAS_BVI, -152, "Bridge domain already has a BVI interface")
+_(BD_ALREADY_HAS_BVI, -152, "Bridge domain already has a BVI interface") \
+_(INVALID_PROTOCOL, -153, "Invalid Protocol")                           \
+_(INVALID_ALGORITHM, -154, "Invalid Algorithm")
 
 typedef enum
 {

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 4bb3a75..f43cae9 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -207,7 +207,7 @@ ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out)
       *out = IPSEC_PROTOCOL_AH;
       return (0);
     }
-  return (VNET_API_ERROR_UNIMPLEMENTED);
+  return (VNET_API_ERROR_INVALID_PROTOCOL);
 }
 
 static vl_api_ipsec_proto_t
@@ -237,7 +237,7 @@ ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in,
       foreach_ipsec_crypto_alg
 #undef _
     }
-  return (VNET_API_ERROR_UNIMPLEMENTED);
+  return (VNET_API_ERROR_INVALID_ALGORITHM);
 }
 
 static vl_api_ipsec_crypto_alg_t
@@ -270,7 +270,7 @@ ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out)
       foreach_ipsec_integ_alg
 #undef _
     }
-  return (VNET_API_ERROR_UNIMPLEMENTED);
+  return (VNET_API_ERROR_INVALID_ALGORITHM);
 }
 
 static vl_api_ipsec_integ_alg_t
@@ -780,7 +780,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t *
       if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
          mp->alg >= IPSEC_CRYPTO_N_ALG)
        {
-         rv = VNET_API_ERROR_UNIMPLEMENTED;
+         rv = VNET_API_ERROR_INVALID_ALGORITHM;
          goto out;
        }
       break;
@@ -788,7 +788,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t *
     case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
       if (mp->alg >= IPSEC_INTEG_N_ALG)
        {
-         rv = VNET_API_ERROR_UNIMPLEMENTED;
+         rv = VNET_API_ERROR_INVALID_ALGORITHM;
          goto out;
        }
       break;

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 41089b6..bf34604 100644 (file)
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -343,7 +343,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
                         &args->local_ip, &t->input_sa_index);
 
       if (rv)
-       return VNET_API_ERROR_UNIMPLEMENTED;
+       return VNET_API_ERROR_INVALID_SRC_ADDRESS;
 
       ipsec_mk_key (&crypto_key,
                    args->local_crypto_key, args->local_crypto_key_len);
@@ -363,7 +363,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
                         &args->remote_ip, &t->output_sa_index);
 
       if (rv)
-       return VNET_API_ERROR_UNIMPLEMENTED;
+       return VNET_API_ERROR_INVALID_DST_ADDRESS;
 
       /* copy the key */
       if (is_ip6)