Hi,
We are do investigation in the VPP source code now. After
checking the source code and doing testing, looks VPP is not able handle IP
fragment.
In source code, in function ip4_local_inline, looks fragment
will be treat as error packet finally because of IP4_ERROR_UNKNOWN_PROTOCOL.
/* Treat IP frag packets as "experimental" protocol for now
until support of IP frag reassembly is implemented */
proto0 = ip4_is_fragment (ip0) ? 0xfe : ip0->protocol;
proto1 = ip4_is_fragment (ip1) ? 0xfe : ip1->protocol;
...
next0 = lm->local_next_by_ip_protocol[proto0];
next1 = lm->local_next_by_ip_protocol[proto1];
...
next0 =
error0 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP :
next0;
next1 =
error1 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP :
next1;
The version is:
DBGvpp# show version
vpp v18.04-rc0~46-gc5239ad built by root on k8s1-node1 at Mon Jan 15 06:05:03
UTC 2018
My question is why IP reassemble is not supported in VPP? It is understandable
that IP reassemble is not required for pure packet forwarding. But as a router
platform, there are also plenty of control plane packets should be handled, for
example BGP packet, IKE packet, that's the reason why there is local IP stack
on VPP, and IP reassemble is a basic requirement of local IP stack. How to
handle the case if the BGP peer send BGP message in several IP fragment to VPP?
One BGP message could be quite large depending on route number, and even BGP
message fragment can be avoid by MSS since it is based on TCP. How about the
case of IKE peer sending IKE message as IP fragments? The IKE message also
could be quite large with certificate.......
BR/Lollita Liu
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
