Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on invalid PFCP data #21

Open
ivan4th opened this issue Oct 29, 2020 · 3 comments
Open

Crash on invalid PFCP data #21

ivan4th opened this issue Oct 29, 2020 · 3 comments

Comments

@ivan4th
Copy link
Contributor

ivan4th commented Oct 29, 2020
edited
Loading

The following invalid SessionSetupRequest has caused a crash in the e2e tests (IPv6 mode TDF setup):

Frame 13: 503 bytes on wire (4024 bits), 503 bytes captured (4024 bits)
Ethernet II, Src: 4a:f8:a5:c3:85:ea (4a:f8:a5:c3:85:ea), Dst: fa:8a:78:4d:5b:5b (fa:8a:78:4d:5b:5b)
Internet Protocol Version 6, Src: 2001:db8:10::3, Dst: 2001:db8:10::2
User Datagram Protocol, Src Port: 8805, Dst Port: 8805
Packet Forwarding Control Protocol
    Flags: 0x21, SEID (S)
        001. .... = Version: 1
        ...0 .... = Spare: 0
        .... 0... = Spare: 0
        .... .0.. = Spare: 0
        .... ..0. = Message Priority (MP): False
        .... ...1 = SEID (S): True
    Message Type: PFCP Session Establishment Request (50)
    Length: 437
    SEID: 0x0000000000000000
    Sequence Number: 2
    Spare: 0
    Node ID : FQDN: pfcpstub
        IE Type: Node ID (60)
        IE Length: 10
        0000 .... = Spare: 0
        .... 0010 = Node ID Type: FQDN (2)
        Node ID FQDN: pfcpstub
    F-SEID : SEID: 0x3c04951aa42655d9, IPv4 0.0.0.0
        IE Type: F-SEID (57)
        IE Length: 13
        Flags: 0x02, V4 (IPv4)
            0... .... = Spare: 0
            .0.. .... = Spare: 0
            ..0. .... = Spare: 0
            ...0 .... = Spare: 0
            .... 0... = Spare: 0
            .... .0.. = Spare: 0
            .... ..1. = V4 (IPv4): Present
            .... ...0 = V6 (IPv6): Not Present
        SEID: 0x3c04951aa42655d9
        IPv4 address: 0.0.0.0
    Create PDR : [Grouped IE]
        IE Type: Create PDR (1)
        IE Length: 113
        Packet Detection Rule ID : 1
            IE Type: Packet Detection Rule ID (56)
            IE Length: 2
            Rule ID: 1
        FAR ID : Dynamic by CP 1
            IE Type: FAR ID (108)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0001 = FAR ID: 1
        Precedence : 200
            IE Type: Precedence (29)
            IE Length: 4
            Precedence: 200
        PDI : [Grouped IE]
            IE Type: PDI (2)
            IE Length: 79
            Network Instance : access
                IE Type: Network Instance (22)
                IE Length: 7
                Network Instance: access
            SDF Filter : 
                IE Type: SDF Filter (23)
                IE Length: 38
                Flags: 0x01, FD (Flow Description)
                    0000 .... = Spare: 0
                    ...0 .... = BID (Bidirectional SDF Filter): False
                    .... 0... = FL (Flow Label): False
                    .... .0.. = SPI (Security Parameter Index): False
                    .... ..0. = TTC (ToS Traffic Class): False
                    .... ...1 = FD (Flow Description): True
                Spare: 0
                Length of Flow Description: 34
                Flow Description: permit out ip from any to assigned
            Source Interface : Access
                IE Type: Source Interface (20)
                IE Length: 1
                0000 .... = Spare: 0
                .... 0000 = Source Interface: Access (0)
            UE IP Address : 
                IE Type: UE IP Address (93)
                IE Length: 17
                Flags: 0x01, V6 (IPv6)
                    0000 .... = Spare: 0
                    .... 0... = IPv6D: Source IP address
                    .... .0.. = S/D: Source IP address
                    .... ..0. = V4 (IPv4): Not Present
                    .... ...1 = V6 (IPv6): Present
                IPv6 address: ::
        URR ID : Dynamic by CP 1
            IE Type: URR ID (81)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0001 = URR ID: 1
    Create PDR : [Grouped IE]
        IE Type: Create PDR (1)
        IE Length: 110
        Packet Detection Rule ID : 2
            IE Type: Packet Detection Rule ID (56)
            IE Length: 2
            Rule ID: 2
        FAR ID : Dynamic by CP 2
            IE Type: FAR ID (108)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0010 = FAR ID: 2
        PDI : [Grouped IE]
            IE Type: PDI (2)
            IE Length: 76
            SDF Filter : 
                IE Type: SDF Filter (23)
                IE Length: 38
                Flags: 0x01, FD (Flow Description)
                    0000 .... = Spare: 0
                    ...0 .... = BID (Bidirectional SDF Filter): False
                    .... 0... = FL (Flow Label): False
                    .... .0.. = SPI (Security Parameter Index): False
                    .... ..0. = TTC (ToS Traffic Class): False
                    .... ...1 = FD (Flow Description): True
                Spare: 0
                Length of Flow Description: 34
                Flow Description: permit out ip from any to assigned
            Network Instance : sgi
                IE Type: Network Instance (22)
                IE Length: 4
                Network Instance: sgi
            Source Interface : SGi-LAN/N6-LAN
                IE Type: Source Interface (20)
                IE Length: 1
                0000 .... = Spare: 0
                .... 0010 = Source Interface: SGi-LAN/N6-LAN (2)
            UE IP Address : 
                IE Type: UE IP Address (93)
                IE Length: 17
                Flags: 0x05, S/D, V6 (IPv6)
                    0000 .... = Spare: 0
                    .... 0... = IPv6D: Source IP address
                    .... .1.. = S/D: Destination IP address
                    .... ..0. = V4 (IPv4): Not Present
                    .... ...1 = V6 (IPv6): Present
                IPv6 address: ::
        Precedence : 200
            IE Type: Precedence (29)
            IE Length: 4
            Precedence: 200
        URR ID : Dynamic by CP 1
            IE Type: URR ID (81)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0001 = URR ID: 1
    Create FAR : [Grouped IE]
        IE Type: Create FAR (3)
        IE Length: 76
        FAR ID : Dynamic by CP 1
            IE Type: FAR ID (108)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0001 = FAR ID: 1
        Apply Action : 
            IE Type: Apply Action (44)
            IE Length: 1
            Flags: 0x02, FORW (Forward)
                000. .... = Spare: 0
                ...0 .... = DUPL (Duplicate): False
                .... 0... = NOCP (Notify the CP function): False
                .... .0.. = BUFF (Buffer): False
                .... ..1. = FORW (Forward): True
                .... ...0 = DROP (Drop): False
        Forwarding Parameters : [Grouped IE]
            IE Type: Forwarding Parameters (4)
            IE Length: 59
            Destination Interface : SGi-LAN/N6-LAN
                IE Type: Destination Interface (42)
                IE Length: 1
                0000 .... = Spare: 0
                .... 0010 = Interface: SGi-LAN/N6-LAN (2)
            Network Instance : sgi
                IE Type: Network Instance (22)
                IE Length: 4
                Network Instance: sgi
            Redirect Information : 
                IE Type: Redirect Information (38)
                IE Length: 42
                0000 .... = Spare: 0
                .... 0010 = Redirect Address Type: URL (2)
                Redirect Server Address Length: 37
                Redirect Server Address: http:https://127.0.0.1/this-is-my-redirect/
                IE data not decoded by WS yet
                    [Expert Info (Note/Undecoded): IE data not decoded by WS yet]
                        [IE data not decoded by WS yet]
                        [Severity level: Note]
                        [Group: Undecoded]
    Create FAR : [Grouped IE]
        IE Type: Create FAR (3)
        IE Length: 33
        FAR ID : Dynamic by CP 2
            IE Type: FAR ID (108)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0010 = FAR ID: 2
        Apply Action : 
            IE Type: Apply Action (44)
            IE Length: 1
            Flags: 0x02, FORW (Forward)
                000. .... = Spare: 0
                ...0 .... = DUPL (Duplicate): False
                .... 0... = NOCP (Notify the CP function): False
                .... .0.. = BUFF (Buffer): False
                .... ..1. = FORW (Forward): True
                .... ...0 = DROP (Drop): False
        Forwarding Parameters : [Grouped IE]
            IE Type: Forwarding Parameters (4)
            IE Length: 16
            Destination Interface : Access
                IE Type: Destination Interface (42)
                IE Length: 1
                0000 .... = Spare: 0
                .... 0000 = Interface: Access (0)
            Network Instance : access
                IE Type: Network Instance (22)
                IE Length: 7
                Network Instance: access
    Create URR : [Grouped IE]
        IE Type: Create URR (6)
        IE Length: 19
        URR ID : Dynamic by CP 1
            IE Type: URR ID (81)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0001 = URR ID: 1
        Measurement Method : 
            IE Type: Measurement Method (62)
            IE Length: 1
            Flags: 0x03, VOLUM (Volume), DURAT (Duration)
                0000 0... = Spare: 0
                .... .0.. = EVENT (Event): False
                .... ..1. = VOLUM (Volume): True
                .... ...1 = DURAT (Duration): True
        Reporting Triggers : 
            IE Type: Reporting Triggers (37)
            IE Length: 2
            0... .... = LIUSA (Linked Usage Reporting): False
            .0.. .... = DROTH (Dropped DL Traffic Threshold): False
            ..0. .... = STOPT (Stop of Traffic): False
            ...0 .... = START (Start of Traffic): False
            .... 0... = QUHTI (Quota Holding Time): False
            .... .0.. = TIMTH (Time Threshold): False
            .... ..0. = VOLTH (Volume Threshold): False
            .... ...0 = PERIO (Periodic Reporting): False
            000. .... = Spare: 0
            ..0. .... = EVEQU (Event Quota): False
            ...0 .... = EVETH (Event Threshold): False
            .... 0... = MACAR (MAC Addresses Reporting): False
            .... .0.. = ENVCL (Envelope Closure): False
            .... ..0. = TIMQU (Time Quota): False
            .... ...0 = VOLQU (Volume Quota): False
    Create URR : [Grouped IE]
        IE Type: Create URR (6)
        IE Length: 19
        URR ID : Dynamic by CP 2
            IE Type: URR ID (81)
            IE Length: 4
            0... .... .... .... .... .... .... .... = Allocation type: Dynamic by CP
            .000 0000 0000 0000 0000 0000 0000 0010 = URR ID: 2
        Measurement Method : 
            IE Type: Measurement Method (62)
            IE Length: 1
            Flags: 0x03, VOLUM (Volume), DURAT (Duration)
                0000 0... = Spare: 0
                .... .0.. = EVENT (Event): False
                .... ..1. = VOLUM (Volume): True
                .... ...1 = DURAT (Duration): True
        Reporting Triggers : 
            IE Type: Reporting Triggers (37)
            IE Length: 2
            0... .... = LIUSA (Linked Usage Reporting): False
            .0.. .... = DROTH (Dropped DL Traffic Threshold): False
            ..0. .... = STOPT (Stop of Traffic): False
            ...0 .... = START (Start of Traffic): False
            .... 0... = QUHTI (Quota Holding Time): False
            .... .0.. = TIMTH (Time Threshold): False
            .... ..0. = VOLTH (Volume Threshold): False
            .... ...0 = PERIO (Periodic Reporting): False
            000. .... = Spare: 0
            ..0. .... = EVEQU (Event Quota): False
            ...0 .... = EVETH (Event Threshold): False
            .... 0... = MACAR (MAC Addresses Reporting): False
            .... .0.. = ENVCL (Envelope Closure): False
            .... ..0. = TIMQU (Time Quota): False
            .... ...0 = VOLQU (Volume Quota): False

Stack trace:

/src/vpp/src/vnet/fib/fib_table.c:35 (fib_table_get) assertion `! pool_is_free (ip4_main.fibs, _e)' fails

Program received signal SIGABRT, Aborted.
0x00007ffff4719f47 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#0  0x00007ffff4719f47 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff471b8b1 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x0000000000407193 in os_panic () at /src/vpp/src/vpp/vnet/main.c:371
#3  0x00007ffff55fa619 in debugger () at /src/vpp/src/vppinfra/error.c:84
#4  0x00007ffff55fa397 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7ffff76dc130 "%s:%d (%s) assertion `%s' fails") at /src/vpp/src/vppinfra/error.c:143
#5  0x00007ffff74f7cef in fib_table_get (index=4, proto=FIB_PROTOCOL_IP4) at /src/vpp/src/vnet/fib/fib_table.c:35
#6  0x00007ffff74f88ea in fib_table_entry_special_dpo_add (fib_index=4, prefix=0x7ffff7fc7fe0, source=FIB_SOURCE_FIRST, flags=(FIB_ENTRY_FLAG_EXCLUSIVE | FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT), dpo=0x7ffff7fc7fd8) at /src/vpp/src/vnet/fib/fib_table.c:333
#7  0x00007fffabdd88cf in pfcp_add_del_ue_ip (ip=0x7fffe6ebeb00, si=0x7fffe6ebdd00, is_add=1) at /src/vpp/src/plugins/upf/upf_pfcp.c:1197
#8  0x00007fffabddc766 in pfcp_update_apply (sx=0x7fffe6ebdd00) at /src/vpp/src/plugins/upf/upf_pfcp.c:1836
#9  0x00007fffabdf4f31 in handle_session_establishment_request (req=0x7fffe6ea63c0, msg=0x7ffff7fc8a20) at /src/vpp/src/plugins/upf/upf_pfcp_api.c:2444
@RoadRunnr
Copy link
Member

I really wonder why it hit a IP4 routing table coming from pfcp_add_del_ue_ip. All the UE IPs are IPv6 only.

@RoadRunnr
Copy link
Member

@ivan4th hasn't this been fixed already?

@ivan4th
Copy link
Contributor Author

ivan4th commented Feb 17, 2021

I'm afraid this is not fixed yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ivan4th @RoadRunnr