From patchwork Thu Jan 19 02:51:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Han Zhou <zhouhan@gmail.com>
X-Patchwork-Id: 716951
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3v3pJN4TYrz9t1C
	for <incoming@patchwork.ozlabs.org>;
	Thu, 19 Jan 2017 13:51:32 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="lmNjzxR6"; dkim-atps=neutral
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 6DCE3B88;
	Thu, 19 Jan 2017 02:51:29 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id B34E2B75
	for <dev@openvswitch.org>; Thu, 19 Jan 2017 02:51:27 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf0-f172.google.com (mail-pf0-f172.google.com
	[209.85.192.172])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C2E1D138
	for <dev@openvswitch.org>; Thu, 19 Jan 2017 02:51:26 +0000 (UTC)
Received: by mail-pf0-f172.google.com with SMTP id y143so9262507pfb.0
	for <dev@openvswitch.org>; Wed, 18 Jan 2017 18:51:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=5uR3OfdtSJcfRPcdUwjSxGFTscnRU0VVKKPOGe42EhM=;
	b=lmNjzxR6f1O9RGXv8ZAEgwalUaOLMT8GufQ6bhJdusMZuh/+H5dXzCwXb6x3loBaP7
	tzONp/hZLyDCcOkEbKDOs60DapHpTf49HX+5XieDQPFNxWXUlwOFPKPIpAekhxD14ngS
	ItXAyx1uKFDrYpqFtSQJJoFhRtlU/bATYMYi6vs0Djk1UJ7flXWP/CvpkgoSBeYnkSOm
	KgFZVdJj3sk6Jf8V2+gvL9asbwVMVnqQGuq4Yln0o8+iOsq/L1ppGdC04wPia2ynmHYs
	E+AMIWuyMTB4GQItr4PeR8SzDTQ/yIty4TP+255k032GEownJLzQOhEoZ7JakUpaqSVg
	Ig7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=5uR3OfdtSJcfRPcdUwjSxGFTscnRU0VVKKPOGe42EhM=;
	b=PxJuaxNxAzFnm7ESZXGJ63vxczoayPe5niPfyxlcBLIL6WuSCKxnq696Vti7b1O+VO
	q5Gj/L3ZqjGFADLjwQ8IT/s8iQk8TPbO7JacULuSl+umfrFQdBs6zm0u+mFYVp4bDhs+
	3moH7HC4M5RXZqGZR4IJwHrVJLiYkwEupNhLUAeq2Cpdn8lpW94FJT4szMSaRgb/6Vz3
	BL9/ACUdp0/H/AgIUY7mcFlwmx7PS150xyne+UuwEcB3tBC2dV1jNMSs46d3lK+Q+dIv
	q9eZXnnh0V9NaP1Wcmcqa6Tpnq0XXdbMRFqc36UVmLkv8OjoVxnQ1Nym02R5gc2lU0cU
	r0eg==
X-Gm-Message-State: 
 AIkVDXJGowGksMtsv4U6wck/WN5cbmblaqhQZfofD6WM3aYoGk1X1VK/CbjGlAS5pK17Ag==
X-Received: by 10.84.210.233 with SMTP id a96mr9755135pli.72.1484794286430;
	Wed, 18 Jan 2017 18:51:26 -0800 (PST)
Received: from localhost.localdomain.localdomain ([216.113.160.70])
	by smtp.gmail.com with ESMTPSA id
	134sm3830150pgh.13.2017.01.18.18.51.25
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 18 Jan 2017 18:51:25 -0800 (PST)
From: Han Zhou <zhouhan@gmail.com>
To: dev@openvswitch.org
Date: Wed, 18 Jan 2017 18:51:16 -0800
Message-Id: <1484794276-17756-1-git-send-email-zhouhan@gmail.com>
X-Mailer: git-send-email 2.1.0
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
	RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH] ovn-nbctl: check for duplicated ACL adding.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Check for duplicated ACL adding and add option --may-exist for
ovn-nbctl acl-add.

Signed-off-by: Han Zhou <zhouhan@gmail.com>
---
 ovn/utilities/ovn-nbctl.8.xml |  5 ++++-
 ovn/utilities/ovn-nbctl.c     | 14 +++++++++++++-
 tests/ovn-nbctl.at            |  4 ++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/ovn/utilities/ovn-nbctl.8.xml b/ovn/utilities/ovn-nbctl.8.xml
index 4911c6a..03d8be9 100644
--- a/ovn/utilities/ovn-nbctl.8.xml
+++ b/ovn/utilities/ovn-nbctl.8.xml
@@ -76,7 +76,7 @@
 
     <h1>Logical Switch ACL Commands</h1>
     <dl>
-      <dt>[<code>--log</code>] <code>acl-add</code> <var>switch</var> <var>direction</var> <var>priority</var> <var>match</var> <var>action</var></dt>
+      <dt>[<code>--log</code>] [<code>--may-exist</code>] <code>acl-add</code> <var>switch</var> <var>direction</var> <var>priority</var> <var>match</var> <var>action</var></dt>
       <dd>
         Adds the specified ACL to <var>switch</var>.
         <var>direction</var> must be either <code>from-lport</code> or
@@ -84,6 +84,9 @@
         <code>0</code> and <code>32767</code>, inclusive.  If
         <code>--log</code> is specified, packet logging is enabled for the
         ACL.  A full description of the fields are in <code>ovn-nb</code>(5).
+        If <code>--may-exist</code> is specified, adding a duplicated ACL
+        succeeds but the ACL is not really created. Without <code>--may-exist</code>,
+        adding a duplicated ACL results in error.
       </dd>
 
       <dt><code>acl-del</code> <var>switch</var> [<var>direction</var> [<var>priority</var> <var>match</var>]]</dt>
diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index 4397daf..bca59fe 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -1314,6 +1314,18 @@ nbctl_acl_add(struct ctl_context *ctx)
         nbrec_acl_set_log(acl, true);
     }
 
+    /* Check if same acl already exists for the ls */
+    for (size_t i = 0; i < ls->n_acls; i++) {
+        if (!acl_cmp(&ls->acls[i], &acl)) {
+            bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL;
+            if (!may_exist) {
+                ctl_fatal("Same ACL already existed on the ls %s.",
+                          ctx->argv[1]);
+            }
+            return;
+        }
+    }
+
     /* Insert the acl into the logical switch. */
     nbrec_logical_switch_verify_acls(ls);
     struct nbrec_acl **new_acls = xmalloc(sizeof *new_acls * (ls->n_acls + 1));
@@ -3244,7 +3256,7 @@ static const struct ctl_command_syntax nbctl_commands[] = {
 
     /* acl commands. */
     { "acl-add", 5, 5, "SWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
-      nbctl_acl_add, NULL, "--log", RW },
+      nbctl_acl_add, NULL, "--log,--may-exist", RW },
     { "acl-del", 1, 4, "SWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
       nbctl_acl_del, NULL, "", RW },
     { "acl-list", 1, 1, "SWITCH", NULL, nbctl_acl_list, NULL, "", RO },
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 164c81a..81530d1 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -200,6 +200,10 @@ AT_CHECK([ovn-nbctl acl-add ls0 from-lport 400 tcp drop])
 AT_CHECK([ovn-nbctl acl-add ls0 to-lport 300 tcp drop])
 AT_CHECK([ovn-nbctl acl-add ls0 from-lport 200 ip drop])
 AT_CHECK([ovn-nbctl acl-add ls0 to-lport 100 ip drop])
+dnl Add duplicated ACL
+AT_CHECK([ovn-nbctl acl-add ls0 to-lport 100 ip drop], [1], [], [stderr])
+AT_CHECK([grep 'already existed' stderr], [0], [ignore])
+AT_CHECK([ovn-nbctl --may-exist acl-add ls0 to-lport 100 ip drop])
 
 AT_CHECK([ovn-nbctl acl-list ls0], [0], [dnl
 from-lport   600 (udp) drop log