From: Kingwel Xie <kingwel.xie@ericsson.com>
Date: Wed, 26 Sep 2018 08:59:52 +0000 (-0400)
Subject: mismatch bi0 and b0 when finalizing ip reassembly.
X-Git-Tag: v18.10-rc1~111
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=a0060659d88e1e95543cd799512548ec9fbe73ec;p=vpp.git

mismatch bi0 and b0 when finalizing ip reassembly.
bi0 always points to the first buffer in chain but b0 could be any fragment in a ip packet.
It causes a vnet_feature_next function call to the wrong buffer
and crashes sometime when there is >1 feature nodes under ip-unicast.
The fix is simple, makes b0 and bi0 both pointed to the first buffer

Change-Id: I7de36e68fb42b050fa63201abd98aeb6ba2e0cd3
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
---

diff --git a/src/vnet/ip/ip4_reassembly.c b/src/vnet/ip/ip4_reassembly.c
index 3466f72e518..08b3e544e02 100644
--- a/src/vnet/ip/ip4_reassembly.c
+++ b/src/vnet/ip/ip4_reassembly.c
@@ -961,6 +961,7 @@ ip4_reassembly_inline (vlib_main_t * vm,
 	      n_left_to_next -= 1;
 	      if (is_feature && IP4_ERROR_NONE == error0)
 		{
+		  b0 = vlib_get_buffer (vm, bi0);
 		  vnet_feature_next (&next0, b0);
 		}
 	      vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
diff --git a/src/vnet/ip/ip6_reassembly.c b/src/vnet/ip/ip6_reassembly.c
index fae0e61a72f..50445f2a181 100644
--- a/src/vnet/ip/ip6_reassembly.c
+++ b/src/vnet/ip/ip6_reassembly.c
@@ -990,6 +990,7 @@ ip6_reassembly_inline (vlib_main_t * vm,
 	      n_left_to_next -= 1;
 	      if (is_feature && IP6_ERROR_NONE == error0)
 		{
+		  b0 = vlib_get_buffer (vm, bi0);
 		  vnet_feature_next (&next0, b0);
 		}
 	      vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,