commit b9feb61e8f6778bfc100b4bbcb9eee8795e20191
author Vladislav Grishenko <themiron@yandex-team.ru> Fri Nov 19 22:53:41 2021 +0500
committer Neale Ranns <neale@graphiant.com> Fri Mar 25 07:57:58 2022 +0000
tree 129d11e45e2812757bd85d0d73bcd483ec944b79
parent 89d74bdee88a10f04831246217448abae81f6142

fib: fix ip6-ll fib selection for non-ethernet interfaces

Fixes case when packet to link-local address is received over
gre/mpls or other non-ethernet interface and ip6-ll fib for it
is undefined.
If by a chance ip6-ll fib index is valid, packet will be passed
to some ip6 fib with possibilities to be sent out over unrelated
interface or be looped again into ip6-link-local dpo till oom
and crash.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6

src/vnet/ip/ip6_ll_table.c

diff --git a/src/vnet/ip/ip6_ll_table.c b/src/vnet/ip/ip6_ll_table.c
index e4010bc..b3f42da 100644
--- a/src/vnet/ip/ip6_ll_table.c
+++ b/src/vnet/ip/ip6_ll_table.c
@@ -114,9 +114,9 @@
   };
   fib_prefix_t fp;
 
-  vec_validate (ip6_ll_table.ilt_fibs, ilp->ilp_sw_if_index);
+  vec_validate_init_empty (ip6_ll_table.ilt_fibs, ilp->ilp_sw_if_index, ~0);
 
-  if (0 == ip6_ll_fib_get (ilp->ilp_sw_if_index))
+  if (~0 == ip6_ll_fib_get (ilp->ilp_sw_if_index))
     {
       ip6_ll_fib_create (ilp->ilp_sw_if_index);
     }
@@ -151,11 +151,12 @@
    * if there are no ND sourced prefixes left, then we can clean up this FIB
    */
   fib_index = ip6_ll_fib_get (ilp->ilp_sw_if_index);
-  if (0 == fib_table_get_num_entries (fib_index,
-				      FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND))
+  if (~0 != fib_index &&
+      0 == fib_table_get_num_entries (fib_index, FIB_PROTOCOL_IP6,
+				      FIB_SOURCE_IP6_ND))
     {
       fib_table_unlock (fib_index, FIB_PROTOCOL_IP6, FIB_SOURCE_IP6_ND);
-      ip6_ll_table.ilt_fibs[ilp->ilp_sw_if_index] = 0;
+      ip6_ll_table.ilt_fibs[ilp->ilp_sw_if_index] = ~0;
     }
 }
 
@@ -273,8 +274,7 @@
     u8 *s = NULL;
 
     fib_index = ip6_ll_table.ilt_fibs[sw_if_index];
-
-    if (0 == fib_index)
+    if (~0 == fib_index)
       continue;
 
     fib_table = fib_table_get (fib_index, FIB_PROTOCOL_IP6);
@@ -354,6 +354,16 @@
 /* *INDENT-ON* */
 
 static clib_error_t *
+ip6_ll_sw_interface_add_del (vnet_main_t *vnm, u32 sw_if_index, u32 is_add)
+{
+  vec_validate_init_empty (ip6_ll_table.ilt_fibs, sw_if_index, ~0);
+
+  return (NULL);
+}
+
+VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_ll_sw_interface_add_del);
+
+static clib_error_t *
 ip6_ll_module_init (vlib_main_t * vm)
 {
   clib_error_t *error;