Folks,
I have a scenario where setting up a Wireguard interface and peer causes VPP
to segfault. I think the situation is simply that the function
always_inline uword
wg_output_tun_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_frame_t *frame, u8 is_ip4, u16 async_next_node)
fails to find a proper peer for an adj_index of a packet in this code:
adj_index = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
if (PREDICT_FALSE (last_adj_index != adj_index))
{
peeri = wg_peer_get_by_adj_index (adj_index);
peer = wg_peer_get (peeri);
}
Should it instead see a lack of peer (and route?) and thus simply
drop the packet instead?
The segfault happens in wg_peer_get_by_adj_index() because a
NULL vector was never established with a peer:
static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
return (wg_peer_by_adj_index[ai]);
}
That should have been setup here:
wg_peer_if_adj_change (index_t peeri, void *data)
{
adj_index_t *adj_index = data;
adj_midchain_fixup_t fixup;
ip_adjacency_t *adj;
wg_peer_t *peer;
fib_prefix_t *allowed_ip;
adj = adj_get (*adj_index);
peer = wg_peer_get (peeri);
vec_foreach (allowed_ip, peer->allowed_ips)
{
if (fib_prefix_is_cover_addr_46 (allowed_ip,
&adj->sub_type.nbr.next_hop))
{
vec_add1 (peer->adj_indices, *adj_index);
vec_validate_init_empty (wg_peer_by_adj_index, *adj_index,
INDEX_INVALID);
wg_peer_by_adj_index[*adj_index] = peer - wg_peer_pool;
Dumping core by an invalid vector reference of wg_peer_by_adj_index[] is
a poor way to tell me that a route isn't set up properly? :-). My question
is,
where should we catch this error and prevent that?
Thanks,
jdl
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21198): https://lists.fd.io/g/vpp-dev/message/21198
Mute This Topic: https://lists.fd.io/mt/90248176/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
