Add extra validation for VXLAN packets and tunnels

[vpp.git] / vpp / vpp-api / api.c

diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c
index a5ac060..a5f50ff 100644 (file)
--- a/vpp/vpp-api/api.c
+++ b/vpp/vpp-api/api.c
@@ -982,7 +982,7 @@ vl_api_bridge_domain_add_del_t_handler (vl_api_bridge_domain_add_del_t * mp)
       if (disable_flags)
        bd_set_flags (vm, bd_index, disable_flags, 0 /* disable */ );
 
-      bd_set_mac_age (vm, mp->mac_age, mp->mac_age);
+      bd_set_mac_age (vm, bd_index, mp->mac_age);
     }
   else
     rv = bd_delete_bd_index (bdm, bd_id);
@@ -3104,6 +3104,7 @@ static void vl_api_vxlan_add_del_tunnel_t_handler
   u32 encap_fib_index;
   uword *p;
   ip4_main_t *im = &ip4_main;
+  vnet_main_t *vnm = vnet_get_main ();
   u32 sw_if_index = ~0;
 
   p = hash_get (im->fib_index_by_table_id, ntohl (mp->encap_vrf_id));
@@ -3129,6 +3130,13 @@ static void vl_api_vxlan_add_del_tunnel_t_handler
       goto out;
     }
   a->mcast_sw_if_index = ntohl (mp->mcast_sw_if_index);
+  if (ip46_address_is_multicast (&a->dst) &&
+      pool_is_free_index (vnm->interface_main.sw_interfaces,
+                         a->mcast_sw_if_index))
+    {
+      rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
+      goto out;
+    }
   a->encap_fib_index = encap_fib_index;
   a->decap_next_index = ntohl (mp->decap_next_index);
   a->vni = ntohl (mp->vni);