gerrit.fd Code Review - vpp.git/commit

author	Alexander Chernavin <achernavin@netgate.com>
	Thu, 2 Jun 2022 09:55:37 +0000 (09:55 +0000)
committer	Fan Zhang <roy.fan.zhang@intel.com>
	Sun, 5 Jun 2022 21:14:09 +0000 (21:14 +0000)
commit	1477c7262a734a5768c500cbfd3173944682c20b
tree	9178344c1c7c14150031a0a970ce170a1fd8aa69	tree \| snapshot
parent	db8dd260d5d8ac798a9524f29e746b9094eb73bf	commit \| diff

wireguard: fix crash by not sending arp via wg interface

Type: fix

Currently, neighbor adjacencies on a wg interface are converted into a
midchain only if one of the peers has a matching allowed prefix
configured. If create a route that goes through a wg interface but the
next-hop address does not match any allowed prefixes, an ARP/ND request
will try to be sent via the wg interface to resolve the next-hop address
when matching traffic occurs. And sending an ARP request will cause VPP
to crash while copying hardware address of the wg interface which is
NULL. Sending an ND message will not cause VPP to crash but the error
logged will be unclear (no source address).

With this fix, convert all neighbor adjacencies on a wg interface into a
midchain and update tests to cover the case. If there is no matching
allowed prefix configured, traffic going such routes will be dropped
because of "Peer error". No changes if there is matching allowed prefix
configured.

Also, fix getting peer by adjacency index.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd

src/plugins/wireguard/wireguard_if.c		diff \| blob \| history
src/plugins/wireguard/wireguard_peer.h		diff \| blob \| history
test/test_wireguard.py		diff \| blob \| history