Hi VPP folks, Recently I ran into a problem: receiving IGMP packets over a GRE tunnel protected by IPSec in transport mode, sometimes causes a VPP crash. The crash happens in `ip4-local` node. Using debug image, i realized the problem was caused by an invalid fib index passed to `fib_get()` function. Digging down the code, I found the root cause of this problem: buffer's opaque. IGMP packets have a Router Alert option in IP header. This causes the packets to directly goes from `ip4-input` node to `ip4-local` node and this is all right. But IGMP packets that are encrypted, first have to be decrypted. During this process, their buffer's opaque changes and `ipsec.sad_index` is set. Then the packet is passed to `ip4-input` then `ip4-local` and there, `ip.fib_index` from buffer's opaque is used; But the `ipsec.sad_index` and `ip.fib_index` are the same in opaque struct. This is the reason of invalid fib index.
What is the best way to prevent the crashes and fix the behavior of IPSec decryption? which part of the code should be changed?
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20834): https://lists.fd.io/g/vpp-dev/message/20834 Mute This Topic: https://lists.fd.io/mt/88966349/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
