Re: [vpp-dev] Crash while configuring ABF

Neale Ranns via Lists.Fd.Io Mon, 18 Mar 2019 07:15:44 -0700

Hi Raj,

ABF, which is a feature that runs in the L3 path, has not (to my knowledge 
anyway) been tested with MACIP ACLs – this ACL type is usually applied to L2 
traffic. Try an L3 ACL instead (i.e. use acl_add_replace to create the ACL, not 
macip_acl_rule).


Regards,
neale


De : <vpp-dev@lists.fd.io> au nom de Raj <rajlistu...@gmail.com>
Date : lundi 18 mars 2019 à 15:08
À : vpp-dev <vpp-dev@lists.fd.io>
Objet : Re: [vpp-dev] Crash while configuring ABF

Hi,

Tested again in 18.10, same result.

Configuration:

sh version
vpp v18.10-22~g13f5dcf91 built by raj on vpp-dev-01 at Mon Mar 18 18:38:14 IST 
2019
DBGvpp#
DBGvpp#
DBGvpp#  set int state GigabitEthernet86/0/3 up
DBGvpp#  set int ip address GigabitEthernet86/0/3 xxx.xx.223.14/29
DBGvpp#  set int ip address GigabitEthernet86/0/3 2001:470:xxxx:xxx::600/64
DBGvpp#  ip route add 0.0.0.0/0<http://0.0.0.0/0> via xxx.xx.223.9 
GigabitEthernet86/0/3
DBGvpp#  ip route add ::/0 via 2001:470:xxxx:xxx::1 GigabitEthernet86/0/3
DBGvpp#  set int state GigabitEthernet86/0/2 up
DBGvpp#  set int ip address GigabitEthernet86/0/2 
100.69.1.1/24<http://100.69.1.1/24>
DBGvpp#  set int ip address GigabitEthernet86/0/2 2001:xxx:xxxx:600::1/56
DBGvpp# set int ip addr GigabitEthernet86/0/0 
192.168.20.1/29<http://192.168.20.1/29>
DBGvpp#  set int state GigabitEthernet86/0/0 up
DBGvpp# sh acl-plugin macip acl
MACIP acl_index: 0, count: 1 (true len 1) tag {} is free pool slot: 0
  ip4_table_index 5, ip6_table_index 5, l2_table_index 5
  out_ip4_table_index -1, out_ip6_table_index -1, out_l2_table_index -1
    rule 0: ipv4 action 1 ip 100.69.1.4/32<http://100.69.1.4/32> mac 
00:00:00:00:00:00 mask 00:00:00:00:00:00
DBGvpp#
DBGvpp# abf policy add id 0 acl 0 via 192.168.20.2 GigabitEthernet86/0/0
DBGvpp# abf attach ip4 policy 0 priority 1 GigabitEthernet86/0/2

API

PUT 
https://{{machine}}/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-macip-acl/macip-acl-2
body

{
    "acl": [
      {
        "acl-name": "macip-acl-2",
        "acl-type": "vpp-acl:vpp-macip-acl",
        "access-list-entries": {
          "ace": [
              {
              "rule-name": "macip-rule-1",
              "matches": {
                "vpp-macip-ace-nodes": {
                  "source-ipv4-network": "100.69.1.4/32<http://100.69.1.4/32>",
                  "source-mac-address": "00:00:00:00:00:00",
                  "source-mac-address-mask": "00:00:00:00:00:00"
                }
              },
              "actions": {
                "permit": [null]
              }
            }

          ]
        }
      }
    ]
}

GDB output:

Thread 1 "vpp_main" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff5b40801 in __GI_abort () at abort.c:79
#2  0x000055555555ce54 in os_panic () at 
/home/raj/vpp-build/src/vpp/vnet/main.c:325
#3  0x00007ffff5f2dadf in debugger () at 
/home/raj/vpp-build/src/vppinfra/error.c:84
#4  0x00007ffff5f2df1a in _clib_error (how_to_die=2, function_name=0x0, 
line_number=0, fmt=0x7fffb4ecce50 "%s:%d (%s) assertion `%s' fails") at 
/home/raj/vpp-build/src/vppinfra/error.c:143
#5  0x00007fffb4ec690a in hash_multi_acl_match_5tuple 
(p_acl_main=0x7fffb4eb7a00 <acl_main>, lc_index=0, pkt_5tuple=0x7fffb55ffb50, 
is_ip6=0, action=0x7fffb55ffad7 "", acl_pos_p=0x7fffb55ffae0,
    acl_match_p=0x7fffb55ffadc, rule_match_p=0x7fffb55ffae4, 
trace_bitmap=0x7fffb55ffae8) at 
/home/raj/vpp-build/src/plugins/acl/public_inlines.h:651
#6  0x00007fffb4ec6b49 in acl_plugin_match_5tuple_inline 
(p_acl_main=0x7fffb4eb7a00 <acl_main>, lc_index=0, pkt_5tuple=0x7fffb55ffb50, 
is_ip6=0, r_action=0x7fffb55ffad7 "", r_acl_pos_p=0x7fffb55ffae0,
    r_acl_match_p=0x7fffb55ffadc, r_rule_match_p=0x7fffb55ffae4, 
trace_bitmap=0x7fffb55ffae8) at 
/home/raj/vpp-build/src/plugins/acl/public_inlines.h:690
#7  0x00007fffb4ec93fe in abf_input_inline (vm=0x7ffff694b240 
<vlib_global_main>, node=0x7fffb537fb80, frame=0x7fffb5ec1640, 
fproto=FIB_PROTOCOL_IP4)
    at /home/raj/vpp-build/src/plugins/abf/abf_itf_attach.c:569
#8  0x00007fffb4ec9662 in abf_input_ip4 (vm=0x7ffff694b240 <vlib_global_main>, 
node=0x7fffb537fb80, frame=0x7fffb5ec1640) at 
/home/raj/vpp-build/src/plugins/abf/abf_itf_attach.c:625
#9  0x00007ffff66c6ad4 in dispatch_node (vm=0x7ffff694b240 <vlib_global_main>, 
node=0x7fffb537fb80, type=VLIB_NODE_TYPE_INTERNAL, 
dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x7fffb5ec1640,
    last_time_stamp=1155022497203244) at /home/raj/vpp-build/src/vlib/main.c:989
#10 0x00007ffff66c708d in dispatch_pending_node (vm=0x7ffff694b240 
<vlib_global_main>, pending_frame_index=1, last_time_stamp=1155022497203244) at 
/home/raj/vpp-build/src/vlib/main.c:1139
#11 0x00007ffff66c8c8b in vlib_main_or_worker_loop (vm=0x7ffff694b240 
<vlib_global_main>, is_main=1) at /home/raj/vpp-build/src/vlib/main.c:1555
#12 0x00007ffff66c9464 in vlib_main_loop (vm=0x7ffff694b240 <vlib_global_main>) 
at /home/raj/vpp-build/src/vlib/main.c:1629
#13 0x00007ffff66ca037 in vlib_main (vm=0x7ffff694b240 <vlib_global_main>, 
input=0x7fffb55fffb0) at /home/raj/vpp-build/src/vlib/main.c:1820
#14 0x00007ffff672148a in thread0 (arg=140737330328128) at 
/home/raj/vpp-build/src/vlib/unix/main.c:607
#15 0x00007ffff5f5085c in clib_calljmp () from 
/home/raj/vpp-build/build-root/install-vpp_debug-native/vpp/lib/libvppinfra.so.18.10
#16 0x00007fffffffd120 in ?? ()
#17 0x00007ffff672193b in vlib_unix_main (argc=43, argv=0x55555588e510) at 
/home/raj/vpp-build/src/vlib/unix/main.c:676
#18 0x000055555555c898 in main (argc=43, argv=0x55555588e510) at 
/home/raj/vpp-build/src/vpp/vnet/main.c:264

Thanks and Regards,

Raj


On Mon, Mar 18, 2019 at 3:53 PM Raj via Lists.Fd.Io<http://Lists.Fd.Io> 
<rajlistuser=gmail....@lists.fd.io<mailto:gmail....@lists.fd.io>> wrote:
Thanks Andrew for looking into it.

In the crash I sent, I missed adding ACL. But I was working with 18.10
previously and there I am sure I added ACL, but there was still some
thing amiss. I am now doing the testing once more in 18.10 and will
get back with result.

Thanks and Regards,

Raj

On Mon, Mar 18, 2019 at 3:41 PM Andrew 👽 Yourtchenko
<ayour...@gmail.com<mailto:ayour...@gmail.com>> wrote:
>
> Raj,
>
> yeah so looking further at it - the abf plugin does not handle the
> error code correctly for the case when the ACL does not exist, and
> rather than erroring out, just keeps going. Hence the assert later on
> when it tries to perform the lookup in the context that has not been
> properly setup..
>
> --a
>
> On 3/18/19, Raj <rajlistu...@gmail.com<mailto:rajlistu...@gmail.com>> wrote:
> > Hello all,
> >
> > I am testing ABF functionality and was able to crash VPP.
> >
> > I was using v19.04-rc0~458-g53ba544d7. Configured VPP using following
> > commands:
> >
> > set int state GigabitEthernet86/0/3 up
> > set int ip address GigabitEthernet86/0/3 xxx.xx.223.14/29
> > set int ip address GigabitEthernet86/0/3 2001:470:xxxx:xxx::600/64
> >
> > ip route add 0.0.0.0/0<http://0.0.0.0/0> via xxx.xx.223.9 
> > GigabitEthernet86/0/3
> > ip route add ::/0 via 2001:470:xxxx:xxx::1 GigabitEthernet86/0/3
> >
> > set int state GigabitEthernet86/0/2 up
> > set int ip address GigabitEthernet86/0/2 100.69.1.1/24<http://100.69.1.1/24>
> > set int ip address GigabitEthernet86/0/2 2001:470:yyyy:yyy::1/56
> >
> > set int ip addr GigabitEthernet86/0/0 
> > 192.168.20.1/29<http://192.168.20.1/29>
> > set int state GigabitEthernet86/0/0 up
> >
> > abf policy add id 0 acl 0 via 192.168.20.2 GigabitEthernet86/0/0
> > abf attach ip4 policy 0 priority 1 GigabitEthernet86/0/2
> >
> > Running VPP under gdb, the back trace is:
> >
> > Thread 1 "vpp_main" received signal SIGABRT, Aborted.
> > __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> > 51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> > (gdb)
> > (gdb)
> > (gdb) bt
> > #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> > #1  0x00007ffff5912801 in __GI_abort () at abort.c:79
> > #2  0x000055555555c4c8 in os_panic () at
> > /home/raj/vpp/src/vpp/vnet/main.c:335
> > #3  0x00007ffff5d0125f in debugger () at
> > /home/raj/vpp/src/vppinfra/error.c:84
> > #4  0x00007ffff5d0169a in _clib_error (how_to_die=2,
> > function_name=0x0, line_number=0, fmt=0x7fffb4860d40 "%s:%d (%s)
> > assertion `%s' fails") at /home/raj/vpp/src/vppinfra/error.c:143
> > #5  0x00007fffb485a720 in hash_multi_acl_match_5tuple
> > (p_acl_main=0x7fffb48513e0 <acl_main>, lc_index=0,
> > pkt_5tuple=0x7fffb6bffac0, is_ip6=0, action=0x7fffb6bffa47 "",
> >     acl_pos_p=0x7fffb6bffa50, acl_match_p=0x7fffb6bffa4c,
> > rule_match_p=0x7fffb6bffa54, trace_bitmap=0x7fffb6bffa58) at
> > /home/raj/vpp/src/plugins/acl/public_inlines.h:636
> > #6  0x00007fffb485a95f in acl_plugin_match_5tuple_inline
> > (p_acl_main=0x7fffb48513e0 <acl_main>, lc_index=0,
> > pkt_5tuple=0x7fffb6bffac0, is_ip6=0, r_action=0x7fffb6bffa47 "",
> >     r_acl_pos_p=0x7fffb6bffa50, r_acl_match_p=0x7fffb6bffa4c,
> > r_rule_match_p=0x7fffb6bffa54, trace_bitmap=0x7fffb6bffa58) at
> > /home/raj/vpp/src/plugins/acl/public_inlines.h:675
> > #7  0x00007fffb485d214 in abf_input_inline (vm=0x7ffff6512600
> > <vlib_global_main>, node=0x7fffb5f36980, frame=0x7fffb6dfc400,
> > fproto=FIB_PROTOCOL_IP4)
> >     at /home/raj/vpp/src/plugins/abf/abf_itf_attach.c:569
> > #8  0x00007fffb485d478 in abf_input_ip4 (vm=0x7ffff6512600
> > <vlib_global_main>, node=0x7fffb5f36980, frame=0x7fffb6dfc400) at
> > /home/raj/vpp/src/plugins/abf/abf_itf_attach.c:625
> > #9  0x00007ffff6280614 in dispatch_node (vm=0x7ffff6512600
> > <vlib_global_main>, node=0x7fffb5f36980, type=VLIB_NODE_TYPE_INTERNAL,
> > dispatch_state=VLIB_NODE_STATE_POLLING,
> >     frame=0x7fffb6dfc400, last_time_stamp=1082092493908744) at
> > /home/raj/vpp/src/vlib/main.c:1209
> > #10 0x00007ffff6280dd5 in dispatch_pending_node (vm=0x7ffff6512600
> > <vlib_global_main>, pending_frame_index=2,
> > last_time_stamp=1082092493908744) at
> > /home/raj/vpp/src/vlib/main.c:1376
> > #11 0x00007ffff6282b01 in vlib_main_or_worker_loop (vm=0x7ffff6512600
> > <vlib_global_main>, is_main=1) at /home/raj/vpp/src/vlib/main.c:1820
> > #12 0x00007ffff628337c in vlib_main_loop (vm=0x7ffff6512600
> > <vlib_global_main>) at /home/raj/vpp/src/vlib/main.c:1922
> > #13 0x00007ffff6284109 in vlib_main (vm=0x7ffff6512600
> > <vlib_global_main>, input=0x7fffb6bfffb0) at
> > /home/raj/vpp/src/vlib/main.c:2111
> > #14 0x00007ffff62e13c0 in thread0 (arg=140737325901312) at
> > /home/raj/vpp/src/vlib/unix/main.c:612
> > #15 0x00007ffff5d24544 in clib_calljmp () from
> > /home/raj/vpp/build-root/install-vpp_debug-native/vpp/lib/libvppinfra.so.19.04
> > #16 0x00007fffffffd170 in ?? ()
> > #17 0x00007ffff62e188d in vlib_unix_main (argc=43,
> > argv=0x55555586f500) at /home/raj/vpp/src/vlib/unix/main.c:681
> > #18 0x000055555555bf0c in main (argc=43, argv=0x55555586f500) at
> > /home/raj/vpp/src/vpp/vnet/main.c:274
> >
> > Thanks and Regards,
> >
> > Raj
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12571): https://lists.fd.io/g/vpp-dev/message/12571
Mute This Topic: https://lists.fd.io/mt/30471670/157026
Group Owner: vpp-dev+ow...@lists.fd.io<mailto:vpp-dev%2bow...@lists.fd.io>
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  
[rajlistu...@gmail.com<mailto:rajlistu...@gmail.com>]
-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12580): https://lists.fd.io/g/vpp-dev/message/12580
Mute This Topic: https://lists.fd.io/mt/30471670/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash while configuring ABF

Reply via email to