interface: Prevent bad inner-dot1q any exact-match configuration
Someone much more knowledgeable than I wrote:
For L3 IP forwarding, any VLAN tags on a packet must be exact
match to a sub-interface which means both outer and inner VLAN
tag IDs must be exact-matched to specific values defined of that
sub-interface. Without exact match on a L3 sub-interface, VPP
has no mechanism to know what VLAN tags to use for packet output,
such as ARP request packets or IP packets, on that sub-interface.
Thus, sub-interface with "inner-dot1q any" is not an exact match
sub-interface by definition since no match is present on inner
tag.
While in the area, fix a memory leak that would ensue on poorly
configured interfaces.
Change-Id: I8d17a96dbca3e3724c297ecc935ca61764e6ce2e
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
diff --git a/src/vnet/interface.c b/src/vnet/interface.c
index b2166dc..5ee3a74 100644
--- a/src/vnet/interface.c
+++ b/src/vnet/interface.c
@@ -582,6 +582,16 @@
vnet_hw_interface_t *hi;
vnet_device_class_t *dev_class;
+ if (template->sub.eth.flags.two_tags == 1
+ && template->sub.eth.flags.exact_match == 1
+ && (template->sub.eth.flags.inner_vlan_id_any == 1
+ || template->sub.eth.flags.outer_vlan_id_any == 1))
+ {
+ error = clib_error_return (0,
+ "inner-dot1q any exact-match is unsupported");
+ return error;
+ }
+
hi = vnet_get_sup_hw_interface (vnm, template->sup_sw_if_index);
dev_class = vnet_get_device_class (vnm, hi->dev_class_index);