ipng/vppcfg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acl: Add the aclname to error messages

Browse Source
This commit is contained in:
Pim van Pelt
2023-01-16 01:12:16 +00:00
parent 56ffe52e20
commit 7fd47c0854
6 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
vppcfg/config/acl.py
View File

@ -192,37 +192,37 @@ def validate_acls(yaml):
terms += 1
orig_acl_term = acl_term.copy()
acl_term = hydrate_term(acl_term)
logger.debug(f"acl term {terms} orig {orig_acl_term} hydrated {acl_term}")
logger.debug(f"acl {aclname} term {terms} orig {orig_acl_term} hydrated {acl_term}")
if acl_term["family"] == "any":
if "source" in acl_term:
msgs.append(f"acl term {terms} family any cannot have source")
msgs.append(f"acl {aclname} term {terms} family any cannot have source")
result = False
if "destination" in acl_term:
msgs.append(f"acl term {terms} family any cannot have destination")
msgs.append(f"acl {aclname} term {terms} family any cannot have destination")
result = False
else:
src = ipaddress.ip_network(acl_term["source"])
dst = ipaddress.ip_network(acl_term["destination"])
if src.version != dst.version:
msgs.append(
f"acl term {terms} source and destination have different address family"
f"acl {aclname} term {terms} source and destination have different address family"
)
result = False
proto = get_protocol(acl_term["protocol"])
if proto is None:
msgs.append(f"acl term {terms} could not understand protocol")
msgs.append(f"acl {aclname} term {terms} could not understand protocol")
result = False
if not proto in [6, 17]:
if "source-port" in orig_acl_term:
msgs.append(
f"acl term {terms} source-port can only be specified for protocol tcp or udp"
f"acl {aclname} term {terms} source-port can only be specified for protocol tcp or udp"
)
result = False
if "destination-port" in orig_acl_term:
msgs.append(
f"acl term {terms} destination-port can only be specified for protocol tcp or udp"
f"acl {aclname} term {terms} destination-port can only be specified for protocol tcp or udp"
)
result = False
@ -233,66 +233,66 @@ def validate_acls(yaml):
)
if src_low_port is None or src_high_port is None:
msgs.append(f"acl term {terms} could not understand source port")
msgs.append(f"acl {aclname} term {terms} could not understand source port")
result = False
else:
if src_low_port > src_high_port:
msgs.append(
f"acl term {terms} source low port is higher than source high port"
f"acl {aclname} term {terms} source low port is higher than source high port"
)
result = False
if src_low_port < 0 or src_low_port > 65535:
msgs.append(
f"acl term {terms} source low port is not between [0,65535]"
f"acl {aclname} term {terms} source low port is not between [0,65535]"
)
result = False
if src_high_port < 0 or src_high_port > 65535:
msgs.append(
f"acl term {terms} source high port is not between [0,65535]"
f"acl {aclname} term {terms} source high port is not between [0,65535]"
)
result = False
if dst_low_port is None or dst_high_port is None:
msgs.append(
f"acl term {terms} could not understand destination port"
f"acl {aclname} term {terms} could not understand destination port"
)
result = False
else:
if dst_low_port > dst_high_port:
msgs.append(
f"acl term {terms} destination low port is higher than destination high port"
f"acl {aclname} term {terms} destination low port is higher than destination high port"
)
result = False
if dst_low_port < 0 or dst_low_port > 65535:
msgs.append(
f"acl term {terms} destination low port is not between [0,65535]"
f"acl {aclname} term {terms} destination low port is not between [0,65535]"
)
result = False
if dst_high_port < 0 or dst_high_port > 65535:
msgs.append(
f"acl term {terms} destination high port is not between [0,65535]"
f"acl {aclname} term {terms} destination high port is not between [0,65535]"
)
result = False
if not proto in [1, 58]:
if "icmp-code" in orig_acl_term:
msgs.append(
f"acl term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6"
f"acl {aclname} term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6"
)
result = False
if "icmp-type" in orig_acl_term:
msgs.append(
f"acl term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6"
f"acl {aclname} term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6"
)
result = False
if proto in [1, 58]:
icmp_code_low, icmp_code_high = get_icmp_low_high(acl_term["icmp-code"])
icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"])
if icmp_code_low > icmp_code_high:
msgs.append(f"acl term {terms} icmp-code low value is higher than high value")
msgs.append(f"acl {aclname} term {terms} icmp-code low value is higher than high value")
result = False
if icmp_type_low > icmp_type_high:
msgs.append(f"acl term {terms} icmp-type low value is higher than high value")
msgs.append(f"acl {aclname} term {terms} icmp-type low value is higher than high value")
result = False
return result, msgs