mismatch bi0 and b0 when finalizing ip reassembly.

bi0 always points to the first buffer in chain but b0 could be any fragment in a ip packet.
It causes a vnet_feature_next function call to the wrong buffer
and crashes sometime when there is >1 feature nodes under ip-unicast.
The fix is simple, makes b0 and bi0 both pointed to the first buffer

Change-Id: I7de36e68fb42b050fa63201abd98aeb6ba2e0cd3
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>

diff --git a/src/vnet/ip/ip4_reassembly.c b/src/vnet/ip/ip4_reassembly.c
index 3466f72..08b3e54 100644 (file)
--- a/src/vnet/ip/ip4_reassembly.c
+++ b/src/vnet/ip/ip4_reassembly.c
@@ -961,6 +961,7 @@ ip4_reassembly_inline (vlib_main_t * vm,
              n_left_to_next -= 1;
              if (is_feature && IP4_ERROR_NONE == error0)
                {
+                 b0 = vlib_get_buffer (vm, bi0);
                  vnet_feature_next (&next0, b0);
                }
              vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,

diff --git a/src/vnet/ip/ip6_reassembly.c b/src/vnet/ip/ip6_reassembly.c
index fae0e61..50445f2 100644 (file)
--- a/src/vnet/ip/ip6_reassembly.c
+++ b/src/vnet/ip/ip6_reassembly.c
@@ -990,6 +990,7 @@ ip6_reassembly_inline (vlib_main_t * vm,
              n_left_to_next -= 1;
              if (is_feature && IP6_ERROR_NONE == error0)
                {
+                 b0 = vlib_get_buffer (vm, bi0);
                  vnet_feature_next (&next0, b0);
                }
              vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,