Hi, We are do investigation in the VPP source code now. After checking the source code and doing testing, looks VPP is not able handle IP fragment.
In source code, in function ip4_local_inline, looks fragment will be treat as error packet finally because of IP4_ERROR_UNKNOWN_PROTOCOL. /* Treat IP frag packets as "experimental" protocol for now until support of IP frag reassembly is implemented */ proto0 = ip4_is_fragment (ip0) ? 0xfe : ip0->protocol; proto1 = ip4_is_fragment (ip1) ? 0xfe : ip1->protocol; ... next0 = lm->local_next_by_ip_protocol[proto0]; next1 = lm->local_next_by_ip_protocol[proto1]; ... next0 = error0 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0; next1 = error1 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1; The version is: DBGvpp# show version vpp v18.04-rc0~46-gc5239ad built by root on k8s1-node1 at Mon Jan 15 06:05:03 UTC 2018 My question is why IP reassemble is not supported in VPP? It is understandable that IP reassemble is not required for pure packet forwarding. But as a router platform, there are also plenty of control plane packets should be handled, for example BGP packet, IKE packet, that's the reason why there is local IP stack on VPP, and IP reassemble is a basic requirement of local IP stack. How to handle the case if the BGP peer send BGP message in several IP fragment to VPP? One BGP message could be quite large depending on route number, and even BGP message fragment can be avoid by MSS since it is based on TCP. How about the case of IKE peer sending IKE message as IP fragments? The IKE message also could be quite large with certificate....... BR/Lollita Liu
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev