fib: fix ip6-ll fib selection for non-ethernet interfaces

Fixes case when packet to link-local address is received over
gre/mpls or other non-ethernet interface and ip6-ll fib for it
is undefined.
If by a chance ip6-ll fib index is valid, packet will be passed
to some ip6 fib with possibilities to be sent out over unrelated
interface or be looped again into ip6-link-local dpo till oom
and crash.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6

diff --git a/src/vnet/dpo/ip6_ll_dpo.c b/src/vnet/dpo/ip6_ll_dpo.c
index f86472c..deb67d8 100644 (file)
--- a/src/vnet/dpo/ip6_ll_dpo.c
+++ b/src/vnet/dpo/ip6_ll_dpo.c
@@ -97,6 +97,11 @@ typedef enum ip6_ll_next_t_
   IP6_LL_NEXT_NUM,
 } ip6_ll_next_t;
 
+typedef enum ip6_ll_error_t_
+{
+  IP6_LL_ERROR_NO_TABLE,
+} ip6_ll_error_t;
+
 always_inline uword
 ip6_ll_dpo_inline (vlib_main_t * vm,
                   vlib_node_runtime_t * node, vlib_frame_t * frame)
@@ -131,10 +136,19 @@ ip6_ll_dpo_inline (vlib_main_t * vm,
          /* use the packet's RX interface to pick the link-local FIB */
          fib_index0 =
            ip6_ll_fib_get (vnet_buffer (p0)->sw_if_index[VLIB_RX]);
+
+         if (~0 == fib_index0)
+           {
+             next0 = IP6_LL_NEXT_DROP;
+             p0->error = node->errors[IP6_LL_ERROR_NO_TABLE];
+             goto trace0;
+           }
+
          /* write that fib index into the packet so it's used in the
           * lookup node next */
          vnet_buffer (p0)->sw_if_index[VLIB_TX] = fib_index0;
 
+       trace0:
          if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
            {
              ip6_ll_dpo_trace_t *tr = vlib_add_trace (vm, node, p0,
@@ -170,6 +184,10 @@ ip6_ll_dpo_switch (vlib_main_t * vm,
   return (ip6_ll_dpo_inline (vm, node, frame));
 }
 
+static char *ip6_ll_dpo_error_strings[] = {
+  [IP6_LL_ERROR_NO_TABLE] = "Interface is not mapped to an IP6-LL table",
+};
+
 /**
  * @brief
  */
@@ -180,6 +198,8 @@ VLIB_REGISTER_NODE (ip6_ll_dpo_node) =
   .name = "ip6-link-local",
   .vector_size = sizeof (u32),
   .format_trace = format_ip6_ll_dpo_trace,
+  .n_errors = ARRAY_LEN (ip6_ll_dpo_error_strings),
+  .error_strings = ip6_ll_dpo_error_strings,
   .n_next_nodes = IP6_LL_NEXT_NUM,
   .next_nodes = {
     [IP6_LL_NEXT_DROP] = "ip6-drop",

diff --git a/src/vnet/ip/ip6_ll_table.c b/src/vnet/ip/ip6_ll_table.c
index e4010bc..b3f42da 100644 (file)
--- a/src/vnet/ip/ip6_ll_table.c
+++ b/src/vnet/ip/ip6_ll_table.c
@@ -114,9 +114,9 @@ ip6_ll_table_entry_update (const ip6_ll_prefix_t * ilp,
   };
   fib_prefix_t fp;
 
-  vec_validate (ip6_ll_table.ilt_fibs, ilp->ilp_sw_if_index);
+  vec_validate_init_empty (ip6_ll_table.ilt_fibs, ilp->ilp_sw_if_index, ~0);
 
-  if (0 == ip6_ll_fib_get (ilp->ilp_sw_if_index))
+  if (~0 == ip6_ll_fib_get (ilp->ilp_sw_if_index))
     {
       ip6_ll_fib_create (ilp->ilp_sw_if_index);
     }
@@ -151,11 +151,12 @@ ip6_ll_table_entry_delete (const ip6_ll_prefix_t * ilp)
    * if there are no ND sourced prefixes left, then we can clean up this FIB
    */
   fib_index = ip6_ll_fib_get (ilp->ilp_sw_if_index);
-  if (0 == fib_table_get_num_entries (fib_index,
-                                     FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND))
+  if (~0 != fib_index &&
+      0 == fib_table_get_num_entries (fib_index, FIB_PROTOCOL_IP6,
+                                     FIB_SOURCE_IP6_ND))
     {
       fib_table_unlock (fib_index, FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND);
-      ip6_ll_table.ilt_fibs[ilp->ilp_sw_if_index] = 0;
+      ip6_ll_table.ilt_fibs[ilp->ilp_sw_if_index] = ~0;
     }
 }
 
@@ -273,8 +274,7 @@ ip6_ll_show_fib (vlib_main_t * vm,
     u8 *s = NULL;
 
     fib_index = ip6_ll_table.ilt_fibs[sw_if_index];
-
-    if (0 == fib_index)
+    if (~0 == fib_index)
       continue;
 
     fib_table = fib_table_get (fib_index, FIB_PROTOCOL_IP6);
@@ -353,6 +353,16 @@ VLIB_CLI_COMMAND (ip6_show_fib_command, static) = {
 };
 /* *INDENT-ON* */
 
+static clib_error_t *
+ip6_ll_sw_interface_add_del (vnet_main_t *vnm, u32 sw_if_index, u32 is_add)
+{
+  vec_validate_init_empty (ip6_ll_table.ilt_fibs, sw_if_index, ~0);
+
+  return (NULL);
+}
+
+VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_ll_sw_interface_add_del);
+
 static clib_error_t *
 ip6_ll_module_init (vlib_main_t * vm)
 {