Hello All, I want to share two observations I had while chasing a crash in VPP.
To the best of my knowledge, this is what happens in src/plugins/nat/nat_det_out2in.c:icmp_match_out2in_det() - First it will lookup the destination addr and get the snat_det_map if found. - If no mapping found, check whether that destination address is an Interface addr - if not: nat_log_info ("unknown dst address: %U", format_ip4_address, &ip0->dst_address); goto out; In this case we are not setting the 'dont_translate' flag to true. Is there any specific reason for not doing so? Could this be a bug? In src/plugins/nat/out2in.c:icmp_out2in () Here 'snat_session_key_t sm0' is not initialized before it is used. Since 'snat_session_key_t sm0' is not initialized and dont_translate flag is false in the icmp_match_out2in_det() callback function, address, port, protocol and fib_index will be set to uninitialized values, which could be garbage. This leads to packets being routed to unexpected locations, if fib_index happens to be a valid value and vpp crashes (assert(pool_elt_at_index(ip4_main.v4_fibs, index)) while trying to fetch the pool with the garbage fib_index. Is leaving snat_session_key_t sm0 uninitialized intentional, or should it be initialized? Thanks and Regards, Raj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14587): https://lists.fd.io/g/vpp-dev/message/14587 Mute This Topic: https://lists.fd.io/mt/55922440/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-