Hello All,
I want to share two observations I had while chasing a crash in VPP.
To the best of my knowledge, this is what happens in
src/plugins/nat/nat_det_out2in.c:icmp_match_out2in_det()
- First it will lookup the destination addr and get the snat_det_map if found.
- If no mapping found, check whether that destination address is an
Interface addr
- if not:
nat_log_info ("unknown dst address: %U",
format_ip4_address, &ip0->dst_address);
goto out;
In this case we are not setting the 'dont_translate' flag to true. Is
there any specific reason for not doing so? Could this be a bug?
In src/plugins/nat/out2in.c:icmp_out2in ()
Here 'snat_session_key_t sm0' is not initialized before it is used.
Since 'snat_session_key_t sm0' is not initialized and dont_translate
flag is false in the icmp_match_out2in_det() callback function,
address, port, protocol and fib_index will be set to uninitialized
values, which could be garbage.
This leads to packets being routed to unexpected locations, if
fib_index happens to be a valid value and vpp crashes
(assert(pool_elt_at_index(ip4_main.v4_fibs, index)) while trying to
fetch the pool with the garbage fib_index.
Is leaving snat_session_key_t sm0 uninitialized intentional, or should
it be initialized?
Thanks and Regards,
Raj
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#14587): https://lists.fd.io/g/vpp-dev/message/14587
Mute This Topic: https://lists.fd.io/mt/55922440/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
