From 76b19ceafcf892b56a679d3d7fe5c6f4b93f7de7 Mon Sep 17 00:00:00 2001 From: Pim van Pelt Date: Tue, 10 Aug 2021 23:44:44 +0200 Subject: ip: Fix crash in ip address add on sub-int without exact-match Type: fix Creating a sub-int without exact-match set, and subsequently adding an IPv4 or IPv6 address will crash VPP. This fix catches this situation and refuses to allow the caller to add an IPv4 or IPv6 address on an ethernet sub-int that does not have exact-match set. TESTED: Before this change, the following crashes VPP: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64 ``` After the change, VPP refuses to act: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30 set interface ip address: sub-interface without exact-match doesn't support IP addressing DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64 set interface ip address: sub-interface without exact-match doesn't support IP addressing ``` Signed-off-by: Pim van Pelt Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6 --- src/vnet/interface.c | 23 +++++++++++++++++++++++ src/vnet/interface_funcs.h | 3 +++ src/vnet/ip/ip4_forward.c | 9 +++------ src/vnet/ip/ip6_forward.c | 9 +++------ 4 files changed, 32 insertions(+), 12 deletions(-) diff --git a/src/vnet/interface.c b/src/vnet/interface.c index e79722d0461..20afce1fb6e 100644 --- a/src/vnet/interface.c +++ b/src/vnet/interface.c @@ -1334,6 +1334,29 @@ vnet_sw_interface_is_nbma (vnet_main_t * vnm, u32 sw_if_index) return (hc->flags & VNET_HW_INTERFACE_CLASS_FLAG_NBMA); } +clib_error_t * +vnet_sw_interface_supports_addressing (vnet_main_t *vnm, u32 sw_if_index) +{ + if (sw_if_index == 0) + { + return clib_error_create ( + "local0 interface doesn't support IP addressing"); + } + + if (vnet_sw_interface_is_sub (vnm, sw_if_index)) + { + vnet_sw_interface_t *si; + si = vnet_get_sw_interface_or_null (vnm, sw_if_index); + if (si && si->type == VNET_SW_INTERFACE_TYPE_SUB && + si->sub.eth.flags.exact_match == 0) + { + return clib_error_create ( + "sub-interface without exact-match doesn't support IP addressing"); + } + } + return NULL; +} + clib_error_t * vnet_interface_init (vlib_main_t * vm) { diff --git a/src/vnet/interface_funcs.h b/src/vnet/interface_funcs.h index 3db5a2d8c11..28312d4c85a 100644 --- a/src/vnet/interface_funcs.h +++ b/src/vnet/interface_funcs.h @@ -350,6 +350,9 @@ vnet_sw_interface_is_sub (vnet_main_t *vnm, u32 sw_if_index) return (sw->sw_if_index != sw->sup_sw_if_index); } +clib_error_t *vnet_sw_interface_supports_addressing (vnet_main_t *vnm, + u32 sw_if_index); + always_inline vlib_frame_t * vnet_get_frame_to_sw_interface (vnet_main_t * vnm, u32 sw_if_index) { diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c index ea67005176f..57ad658b83f 100644 --- a/src/vnet/ip/ip4_forward.c +++ b/src/vnet/ip/ip4_forward.c @@ -653,12 +653,9 @@ ip4_add_del_interface_address_internal (vlib_main_t * vm, u32 if_address_index; ip4_address_fib_t ip4_af, *addr_fib = 0; - /* local0 interface doesn't support IP addressing */ - if (sw_if_index == 0) - { - return - clib_error_create ("local0 interface doesn't support IP addressing"); - } + error = vnet_sw_interface_supports_addressing (vnm, sw_if_index); + if (error) + return error; vec_validate (im->fib_index_by_sw_if_index, sw_if_index); ip4_addr_fib_init (&ip4_af, address, diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index ba616ebc7c7..f1de446a504 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -308,12 +308,9 @@ ip6_add_del_interface_address (vlib_main_t * vm, ip6_address_fib_t ip6_af, *addr_fib = 0; const ip6_address_t *ll_addr; - /* local0 interface doesn't support IP addressing */ - if (sw_if_index == 0) - { - return - clib_error_create ("local0 interface doesn't support IP addressing"); - } + error = vnet_sw_interface_supports_addressing (vnm, sw_if_index); + if (error) + return error; if (ip6_address_is_link_local_unicast (address)) { -- cgit 1.2.3-korg