Re: [vpp-dev] Wireguard Peer Route Table Questions

Tue, 05 Apr 2022 12:21:39 -0700 

Hey VPP-ers,

I have posted a suggested solution to this issue here:

    https://gerrit.fd.io/r/c/vpp/+/35896

Feel free to review!

jdl


On Mon, Apr 4, 2022 at 12:45 PM Jon Loeliger via lists.fd.io <jdl=
netgate....@lists.fd.io> wrote:

> Folks,
>
> I have a scenario where setting up a Wireguard interface and peer causes
> VPP
> to segfault.  I think the situation is simply that the function
>
>     always_inline uword
>     wg_output_tun_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
>                       vlib_frame_t *frame, u8 is_ip4, u16 async_next_node)
>
> fails to find a proper peer for an adj_index of a packet in this code:
>
>       adj_index = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
>
>       if (PREDICT_FALSE (last_adj_index != adj_index))
>         {
>           peeri = wg_peer_get_by_adj_index (adj_index);
>           peer = wg_peer_get (peeri);
>         }
>
> Should it instead see a lack of peer (and route?) and thus simply
> drop the packet instead?
>
> The segfault happens in  wg_peer_get_by_adj_index() because a
> NULL vector was never established with a peer:
>
>     static inline index_t
>     wg_peer_get_by_adj_index (index_t ai)
>     {
>        return (wg_peer_by_adj_index[ai]);
>     }
>
> That should have been setup here:
>
> wg_peer_if_adj_change (index_t peeri, void *data)
> {
>   adj_index_t *adj_index = data;
>   adj_midchain_fixup_t fixup;
>   ip_adjacency_t *adj;
>   wg_peer_t *peer;
>   fib_prefix_t *allowed_ip;
>
>   adj = adj_get (*adj_index);
>
>   peer = wg_peer_get (peeri);
>   vec_foreach (allowed_ip, peer->allowed_ips)
>     {
>       if (fib_prefix_is_cover_addr_46 (allowed_ip,
>                                        &adj->sub_type.nbr.next_hop))
>         {
>           vec_add1 (peer->adj_indices, *adj_index);
>           vec_validate_init_empty (wg_peer_by_adj_index, *adj_index,
>                                    INDEX_INVALID);
>           wg_peer_by_adj_index[*adj_index] = peer - wg_peer_pool;
>
>
> Dumping core by an invalid vector reference of wg_peer_by_adj_index[] is
> a poor way to tell me that a route isn't set up properly? :-). My question
> is,
> where should we catch this error and prevent that?
>
> Thanks,
> jdl
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21203): https://lists.fd.io/g/vpp-dev/message/21203
Mute This Topic: https://lists.fd.io/mt/90248176/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to