ipng/vppcfg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acl: Add the aclname to error messages

Browse Source
This commit is contained in:
Pim van Pelt
2023-01-16 01:12:16 +00:00
parent 56ffe52e20
commit 7fd47c0854
6 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
vppcfg/config/acl.py
View File

@ -192,37 +192,37 @@ def validate_acls(yaml):
terms += 1 terms += 1
orig_acl_term = acl_term.copy() orig_acl_term = acl_term.copy()
acl_term = hydrate_term(acl_term) acl_term = hydrate_term(acl_term)
logger.debug(f"acl term {terms} orig {orig_acl_term} hydrated {acl_term}") logger.debug(f"acl {aclname} term {terms} orig {orig_acl_term} hydrated {acl_term}")
if acl_term["family"] == "any": if acl_term["family"] == "any":
if "source" in acl_term: if "source" in acl_term:
msgs.append(f"acl term {terms} family any cannot have source") msgs.append(f"acl {aclname} term {terms} family any cannot have source")
result = False result = False
if "destination" in acl_term: if "destination" in acl_term:
msgs.append(f"acl term {terms} family any cannot have destination") msgs.append(f"acl {aclname} term {terms} family any cannot have destination")
result = False result = False
else: else:
src = ipaddress.ip_network(acl_term["source"]) src = ipaddress.ip_network(acl_term["source"])
dst = ipaddress.ip_network(acl_term["destination"]) dst = ipaddress.ip_network(acl_term["destination"])
if src.version != dst.version: if src.version != dst.version:
msgs.append( msgs.append(
f"acl term {terms} source and destination have different address family" f"acl {aclname} term {terms} source and destination have different address family"
) )
result = False result = False
proto = get_protocol(acl_term["protocol"]) proto = get_protocol(acl_term["protocol"])
if proto is None: if proto is None:
msgs.append(f"acl term {terms} could not understand protocol") msgs.append(f"acl {aclname} term {terms} could not understand protocol")
result = False result = False
if not proto in [6, 17]: if not proto in [6, 17]:
if "source-port" in orig_acl_term: if "source-port" in orig_acl_term:
msgs.append( msgs.append(
f"acl term {terms} source-port can only be specified for protocol tcp or udp" f"acl {aclname} term {terms} source-port can only be specified for protocol tcp or udp"
) )
result = False result = False
if "destination-port" in orig_acl_term: if "destination-port" in orig_acl_term:
msgs.append( msgs.append(
f"acl term {terms} destination-port can only be specified for protocol tcp or udp" f"acl {aclname} term {terms} destination-port can only be specified for protocol tcp or udp"
) )
result = False result = False
@ -233,66 +233,66 @@ def validate_acls(yaml):
) )
if src_low_port is None or src_high_port is None: if src_low_port is None or src_high_port is None:
msgs.append(f"acl term {terms} could not understand source port") msgs.append(f"acl {aclname} term {terms} could not understand source port")
result = False result = False
else: else:
if src_low_port > src_high_port: if src_low_port > src_high_port:
msgs.append( msgs.append(
f"acl term {terms} source low port is higher than source high port" f"acl {aclname} term {terms} source low port is higher than source high port"
) )
result = False result = False
if src_low_port < 0 or src_low_port > 65535: if src_low_port < 0 or src_low_port > 65535:
msgs.append( msgs.append(
f"acl term {terms} source low port is not between [0,65535]" f"acl {aclname} term {terms} source low port is not between [0,65535]"
) )
result = False result = False
if src_high_port < 0 or src_high_port > 65535: if src_high_port < 0 or src_high_port > 65535:
msgs.append( msgs.append(
f"acl term {terms} source high port is not between [0,65535]" f"acl {aclname} term {terms} source high port is not between [0,65535]"
) )
result = False result = False
if dst_low_port is None or dst_high_port is None: if dst_low_port is None or dst_high_port is None:
msgs.append( msgs.append(
f"acl term {terms} could not understand destination port" f"acl {aclname} term {terms} could not understand destination port"
) )
result = False result = False
else: else:
if dst_low_port > dst_high_port: if dst_low_port > dst_high_port:
msgs.append( msgs.append(
f"acl term {terms} destination low port is higher than destination high port" f"acl {aclname} term {terms} destination low port is higher than destination high port"
) )
result = False result = False
if dst_low_port < 0 or dst_low_port > 65535: if dst_low_port < 0 or dst_low_port > 65535:
msgs.append( msgs.append(
f"acl term {terms} destination low port is not between [0,65535]" f"acl {aclname} term {terms} destination low port is not between [0,65535]"
) )
result = False result = False
if dst_high_port < 0 or dst_high_port > 65535: if dst_high_port < 0 or dst_high_port > 65535:
msgs.append( msgs.append(
f"acl term {terms} destination high port is not between [0,65535]" f"acl {aclname} term {terms} destination high port is not between [0,65535]"
) )
result = False result = False
if not proto in [1, 58]: if not proto in [1, 58]:
if "icmp-code" in orig_acl_term: if "icmp-code" in orig_acl_term:
msgs.append( msgs.append(
f"acl term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6" f"acl {aclname} term {terms} icmp-code can only be specified for protocol icmp or icmp-ipv6"
) )
result = False result = False
if "icmp-type" in orig_acl_term: if "icmp-type" in orig_acl_term:
msgs.append( msgs.append(
f"acl term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6" f"acl {aclname} term {terms} icmp-type can only be specified for protocol icmp or icmp-ipv6"
) )
result = False result = False
if proto in [1, 58]: if proto in [1, 58]:
icmp_code_low, icmp_code_high = get_icmp_low_high(acl_term["icmp-code"]) icmp_code_low, icmp_code_high = get_icmp_low_high(acl_term["icmp-code"])
icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"]) icmp_type_low, icmp_type_high = get_icmp_low_high(acl_term["icmp-type"])
if icmp_code_low > icmp_code_high: if icmp_code_low > icmp_code_high:
msgs.append(f"acl term {terms} icmp-code low value is higher than high value") msgs.append(f"acl {aclname} term {terms} icmp-code low value is higher than high value")
result = False result = False
if icmp_type_low > icmp_type_high: if icmp_type_low > icmp_type_high:
msgs.append(f"acl term {terms} icmp-type low value is higher than high value") msgs.append(f"acl {aclname} term {terms} icmp-type low value is higher than high value")
result = False result = False
return result, msgs return result, msgs

2
vppcfg/unittest/yaml/error-acl1.yaml
View File

@ -2,7 +2,7 @@ test:
description: "Family any precludes source/destination" description: "Family any precludes source/destination"
errors: errors:
expected: expected:
- "acl term .* family any cannot have (source|destination)" - "acl .* term .* family any cannot have (source|destination)"
count: 4 count: 4
--- ---
acls: acls:

2
vppcfg/unittest/yaml/error-acl2.yaml
View File

@ -2,7 +2,7 @@ test:
description: "Source and Destination must have the same address family" description: "Source and Destination must have the same address family"
errors: errors:
expected: expected:
- "acl term .* source and destination have different address family" - "acl .* term .* source and destination have different address family"
count: 4 count: 4
--- ---
acls: acls:

14
vppcfg/unittest/yaml/error-acl3.yaml
View File

@ -2,13 +2,13 @@ test:
description: "Ways in which port ranges can fail" description: "Ways in which port ranges can fail"
errors: errors:
expected: expected:
- "acl term .* could not understand source port" - "acl .* term .* could not understand source port"
- "acl term .* could not understand destination port" - "acl .* term .* could not understand destination port"
- "acl term .* source low port is higher than source high port" - "acl .* term .* source low port is higher than source high port"
- "acl term .* source (high|low) port is not between \\[0,65535\\]" - "acl .* term .* source (high|low) port is not between \\[0,65535\\]"
- "acl term .* destination (high|low) port is not between \\[0,65535\\]" - "acl .* term .* destination (high|low) port is not between \\[0,65535\\]"
- "acl term .* source-port can only be specified for protocol tcp or udp" - "acl .* term .* source-port can only be specified for protocol tcp or udp"
- "acl term .* destination-port can only be specified for protocol tcp or udp" - "acl .* term .* destination-port can only be specified for protocol tcp or udp"
count: 7 count: 7
--- ---
acls: acls:

2
vppcfg/unittest/yaml/error-acl4.yaml
View File

@ -2,7 +2,7 @@ test:
description: "Ways in which ACE protocol can fail" description: "Ways in which ACE protocol can fail"
errors: errors:
expected: expected:
- "acl term .* could not understand protocol" - "acl .* term .* could not understand protocol"
count: 1 count: 1
--- ---
acls: acls:

8
vppcfg/unittest/yaml/error-acl5.yaml
View File

@ -2,10 +2,10 @@ test:
description: "Ways in which ICMP code and type can fail" description: "Ways in which ICMP code and type can fail"
errors: errors:
expected: expected:
- "acl term .* icmp-type can only be specified for protocol icmp or icmp-ipv6" - "acl .* term .* icmp-type can only be specified for protocol icmp or icmp-ipv6"
- "acl term .* icmp-code can only be specified for protocol icmp or icmp-ipv6" - "acl .* term .* icmp-code can only be specified for protocol icmp or icmp-ipv6"
- "acl term .* icmp-code low value is higher than high value" - "acl .* term .* icmp-code low value is higher than high value"
- "acl term .* icmp-type low value is higher than high value" - "acl .* term .* icmp-type low value is higher than high value"
count: 8 count: 8
--- ---
acls: acls: