diff options
author | John Lo <loj@cisco.com> | 2016-12-08 16:10:02 -0500 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2016-12-09 09:00:11 +0000 |
commit | 56912c896ae803fad01af390ade921be68ea5ba2 (patch) | |
tree | ef05ce91055c3304e1d8c27d4091ffe1f32d93a9 /vpp | |
parent | 6d403a013276f095e542c9b6281db96354fa6f07 (diff) |
Add extra validation for VXLAN packets and tunnels
- On VXLAN packet decap, validate its DIP against VXLAN tunnel.
- Add extra logic to validate and handle creation of multicast
VXLAN tunnels.
Change-Id: I6abdddd7be4cd9f1bcfc88d9970ba681fdd72f7c
Signed-off-by: John Lo <loj@cisco.com>
Diffstat (limited to 'vpp')
-rw-r--r-- | vpp/vpp-api/api.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c index 3868af9c..a5f50ff1 100644 --- a/vpp/vpp-api/api.c +++ b/vpp/vpp-api/api.c @@ -3104,6 +3104,7 @@ static void vl_api_vxlan_add_del_tunnel_t_handler u32 encap_fib_index; uword *p; ip4_main_t *im = &ip4_main; + vnet_main_t *vnm = vnet_get_main (); u32 sw_if_index = ~0; p = hash_get (im->fib_index_by_table_id, ntohl (mp->encap_vrf_id)); @@ -3129,6 +3130,13 @@ static void vl_api_vxlan_add_del_tunnel_t_handler goto out; } a->mcast_sw_if_index = ntohl (mp->mcast_sw_if_index); + if (ip46_address_is_multicast (&a->dst) && + pool_is_free_index (vnm->interface_main.sw_interfaces, + a->mcast_sw_if_index)) + { + rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; + goto out; + } a->encap_fib_index = encap_fib_index; a->decap_next_index = ntohl (mp->decap_next_index); a->vni = ntohl (mp->vni); |