Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e4ec158) | patch
ip: force full reassembly before virtual 85/40485/1
authorMatthew Smith <mgsmith@netgate.com>
Mon, 5 Feb 2024 22:57:55 +0000 (22:57 +0000)
committerAlexander Skorichenko <askorichenko@netgate.com>
Fri, 8 Mar 2024 11:27:12 +0000 (12:27 +0100)
commit4991354309cd71dee8f9e8c2964e6c7f117d5119
treec288332a9aabe914167a0fc70814624c1fdbb2d1tree | snapshot
parente4ec1584ec1dbc0f2d0343d4cf9c91455059789bcommit | diff
ip: force full reassembly before virtual

Type: improvement

The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.

Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.

Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.

There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.

Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 205ed8f8845a8ea36f38ed29df158a5a07c2e2c3)
src/vnet/ip/reass/ip4_full_reass.c diff | blob | history
Vector Packet Processing