summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHan Zhou <zhouhan@gmail.com>2017-01-18 18:51:16 -0800
committerBen Pfaff <blp@ovn.org>2017-01-31 14:39:03 -0800
commitfa3cc9b9f9f361a458549beb671f3a10e6508872 (patch)
tree41dd895f0df0dd73980a7f6bff65e960c6f19ff4
parent0c3e38159958cee51d5583737fa070721d0ea3df (diff)
downloadopenvswitch-fa3cc9b9f9f361a458549beb671f3a10e6508872.tar.gz
ovn-nbctl: check for duplicated ACL adding.
Check for duplicated ACL adding and add option --may-exist for ovn-nbctl acl-add. Signed-off-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat
-rw-r--r--ovn/utilities/ovn-nbctl.8.xml5
-rw-r--r--ovn/utilities/ovn-nbctl.c14
-rw-r--r--tests/ovn-nbctl.at4
3 files changed, 21 insertions, 2 deletions
diff --git a/ovn/utilities/ovn-nbctl.8.xml b/ovn/utilities/ovn-nbctl.8.xml
index d81e99fab..19134881b 100644
--- a/ovn/utilities/ovn-nbctl.8.xml
+++ b/ovn/utilities/ovn-nbctl.8.xml
@@ -76,7 +76,7 @@
<h1>Logical Switch ACL Commands</h1>
<dl>
- <dt>[<code>--log</code>] <code>acl-add</code> <var>switch</var> <var>direction</var> <var>priority</var> <var>match</var> <var>action</var></dt>
+ <dt>[<code>--log</code>] [<code>--may-exist</code>] <code>acl-add</code> <var>switch</var> <var>direction</var> <var>priority</var> <var>match</var> <var>action</var></dt>
<dd>
Adds the specified ACL to <var>switch</var>.
<var>direction</var> must be either <code>from-lport</code> or
@@ -84,6 +84,9 @@
<code>0</code> and <code>32767</code>, inclusive. If
<code>--log</code> is specified, packet logging is enabled for the
ACL. A full description of the fields are in <code>ovn-nb</code>(5).
+ If <code>--may-exist</code> is specified, adding a duplicated ACL
+ succeeds but the ACL is not really created. Without <code>--may-exist</code>,
+ adding a duplicated ACL results in error.
</dd>
<dt><code>acl-del</code> <var>switch</var> [<var>direction</var> [<var>priority</var> <var>match</var>]]</dt>
diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index 3dac4340f..900b08877 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -1320,6 +1320,18 @@ nbctl_acl_add(struct ctl_context *ctx)
nbrec_acl_set_log(acl, true);
}
+ /* Check if same acl already exists for the ls */
+ for (size_t i = 0; i < ls->n_acls; i++) {
+ if (!acl_cmp(&ls->acls[i], &acl)) {
+ bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL;
+ if (!may_exist) {
+ ctl_fatal("Same ACL already existed on the ls %s.",
+ ctx->argv[1]);
+ }
+ return;
+ }
+ }
+
/* Insert the acl into the logical switch. */
nbrec_logical_switch_verify_acls(ls);
struct nbrec_acl **new_acls = xmalloc(sizeof *new_acls * (ls->n_acls + 1));
@@ -3289,7 +3301,7 @@ static const struct ctl_command_syntax nbctl_commands[] = {
/* acl commands. */
{ "acl-add", 5, 5, "SWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
- nbctl_acl_add, NULL, "--log", RW },
+ nbctl_acl_add, NULL, "--log,--may-exist", RW },
{ "acl-del", 1, 4, "SWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
nbctl_acl_del, NULL, "", RW },
{ "acl-list", 1, 1, "SWITCH", NULL, nbctl_acl_list, NULL, "", RO },
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index cec516f6f..9f0a2779b 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -200,6 +200,10 @@ AT_CHECK([ovn-nbctl acl-add ls0 from-lport 400 tcp drop])
AT_CHECK([ovn-nbctl acl-add ls0 to-lport 300 tcp drop])
AT_CHECK([ovn-nbctl acl-add ls0 from-lport 200 ip drop])
AT_CHECK([ovn-nbctl acl-add ls0 to-lport 100 ip drop])
+dnl Add duplicated ACL
+AT_CHECK([ovn-nbctl acl-add ls0 to-lport 100 ip drop], [1], [], [stderr])
+AT_CHECK([grep 'already existed' stderr], [0], [ignore])
+AT_CHECK([ovn-nbctl --may-exist acl-add ls0 to-lport 100 ip drop])
AT_CHECK([ovn-nbctl acl-list ls0], [0], [dnl
from-lport 600 (udp) drop log
View Lorry Controller Status