From b22e1f06bbebc48ec72ce8effa529e69ffbb12ca Mon Sep 17 00:00:00 2001 From: Jon Loeliger Date: Thu, 19 Dec 2019 09:03:52 -0600 Subject: interface: Prevent bad inner-dot1q any exact-match configuration Someone much more knowledgeable than I wrote: For L3 IP forwarding, any VLAN tags on a packet must be exact match to a sub-interface which means both outer and inner VLAN tag IDs must be exact-matched to specific values defined of that sub-interface. Without exact match on a L3 sub-interface, VPP has no mechanism to know what VLAN tags to use for packet output, such as ARP request packets or IP packets, on that sub-interface. Thus, sub-interface with "inner-dot1q any" is not an exact match sub-interface by definition since no match is present on inner tag. While in the area, fix a memory leak that would ensue on poorly configured interfaces. Change-Id: I8d17a96dbca3e3724c297ecc935ca61764e6ce2e Type: fix Signed-off-by: Jon Loeliger --- src/vnet/interface.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/vnet/interface.c') diff --git a/src/vnet/interface.c b/src/vnet/interface.c index b2166dcebae..5ee3a74fe0b 100644 --- a/src/vnet/interface.c +++ b/src/vnet/interface.c @@ -582,6 +582,16 @@ vnet_create_sw_interface (vnet_main_t * vnm, vnet_sw_interface_t * template, vnet_hw_interface_t *hi; vnet_device_class_t *dev_class; + if (template->sub.eth.flags.two_tags == 1 + && template->sub.eth.flags.exact_match == 1 + && (template->sub.eth.flags.inner_vlan_id_any == 1 + || template->sub.eth.flags.outer_vlan_id_any == 1)) + { + error = clib_error_return (0, + "inner-dot1q any exact-match is unsupported"); + return error; + } + hi = vnet_get_sup_hw_interface (vnm, template->sup_sw_if_index); dev_class = vnet_get_device_class (vnm, hi->dev_class_index); -- cgit 1.2.3-korg