1 #include <vppinfra/types.h>
2 #include <vlibmemory/api.h>
4 #include <vlib/buffer.h>
5 #include <vnet/ip/format.h>
6 #include <vnet/ethernet/packet.h>
7 #include <vnet/ip/udp_packet.h>
8 #include <vnet/ip/lookup.h>
9 #include <vnet/ip/icmp46_packet.h>
10 #include <vnet/ip/ip4.h>
11 #include <vnet/ip/ip6.h>
12 #include <vnet/ip/udp.h>
13 #include <vnet/ip/ip6_packet.h>
14 #include <vnet/adj/adj.h>
15 #include <vnet/adj/adj_nbr.h>
16 #include <vnet/bfd/bfd_debug.h>
17 #include <vnet/bfd/bfd_udp.h>
18 #include <vnet/bfd/bfd_main.h>
19 #include <vnet/bfd/bfd_api.h>
24 /* hashmap - bfd session index by bfd key - used for CLI/API lookup, where
25 * discriminator is unknown */
26 mhash_t bfd_session_idx_by_bfd_key;
29 static vlib_node_registration_t bfd_udp4_input_node;
30 static vlib_node_registration_t bfd_udp6_input_node;
32 bfd_udp_main_t bfd_udp_main;
35 bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b,
36 bfd_udp_session_t * bus)
38 const bfd_udp_key_t *key = &bus->key;
40 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
41 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
42 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
48 ip4_udp_headers *headers = NULL;
49 vlib_buffer_advance (b, -sizeof (*headers));
50 headers = vlib_buffer_get_current (b);
51 memset (headers, 0, sizeof (*headers));
52 headers->ip4.ip_version_and_header_length = 0x45;
53 headers->ip4.ttl = 255;
54 headers->ip4.protocol = IP_PROTOCOL_UDP;
55 headers->ip4.src_address.as_u32 = key->local_addr.ip4.as_u32;
56 headers->ip4.dst_address.as_u32 = key->peer_addr.ip4.as_u32;
58 headers->udp.src_port = clib_host_to_net_u16 (50000); /* FIXME */
59 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd4);
61 /* fix ip length, checksum and udp length */
62 const u16 ip_length = vlib_buffer_length_in_chain (vm, b);
64 headers->ip4.length = clib_host_to_net_u16 (ip_length);
65 headers->ip4.checksum = ip4_header_checksum (&headers->ip4);
67 const u16 udp_length = ip_length - (sizeof (headers->ip4));
68 headers->udp.length = clib_host_to_net_u16 (udp_length);
72 bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b,
73 bfd_udp_session_t * bus)
75 const bfd_udp_key_t *key = &bus->key;
77 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
78 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
79 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
85 ip6_udp_headers *headers = NULL;
86 vlib_buffer_advance (b, -sizeof (*headers));
87 headers = vlib_buffer_get_current (b);
88 memset (headers, 0, sizeof (*headers));
89 headers->ip6.ip_version_traffic_class_and_flow_label =
90 clib_host_to_net_u32 (0x6 << 28);
91 headers->ip6.hop_limit = 255;
92 headers->ip6.protocol = IP_PROTOCOL_UDP;
93 clib_memcpy (&headers->ip6.src_address, &key->local_addr.ip6,
94 sizeof (headers->ip6.src_address));
95 clib_memcpy (&headers->ip6.dst_address, &key->peer_addr.ip6,
96 sizeof (headers->ip6.dst_address));
98 headers->udp.src_port = clib_host_to_net_u16 (50000); /* FIXME */
99 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd6);
101 /* fix ip payload length and udp length */
102 const u16 udp_length =
103 vlib_buffer_length_in_chain (vm, b) - (sizeof (headers->ip6));
104 headers->udp.length = clib_host_to_net_u16 (udp_length);
105 headers->ip6.payload_length = headers->udp.length;
107 /* IPv6 UDP checksum is mandatory */
109 headers->udp.checksum =
110 ip6_tcp_udp_icmp_compute_checksum (vm, b, &headers->ip6, &bogus);
112 if (headers->udp.checksum == 0)
114 headers->udp.checksum = 0xffff;
118 static bfd_session_t *
119 bfd_lookup_session (bfd_udp_main_t * bum, const bfd_udp_key_t * key)
121 uword *p = mhash_get (&bum->bfd_session_idx_by_bfd_key, key);
124 return bfd_find_session_by_idx (bum->bfd_main, *p);
130 bfd_udp_key_init (bfd_udp_key_t * key, u32 sw_if_index,
131 const ip46_address_t * local_addr,
132 const ip46_address_t * peer_addr)
134 memset (key, 0, sizeof (*key));
135 key->sw_if_index = sw_if_index;
136 key->local_addr.as_u64[0] = local_addr->as_u64[0];
137 key->local_addr.as_u64[1] = local_addr->as_u64[1];
138 key->peer_addr.as_u64[0] = peer_addr->as_u64[0];
139 key->peer_addr.as_u64[1] = peer_addr->as_u64[1];
142 static vnet_api_error_t
143 bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
144 u32 desired_min_tx_usec,
145 u32 required_min_rx_usec, u8 detect_mult,
146 const ip46_address_t * local_addr,
147 const ip46_address_t * peer_addr,
148 bfd_session_t ** bs_out)
150 /* get a pool entry and if we end up not needing it, give it back */
151 bfd_transport_t t = BFD_TRANSPORT_UDP4;
152 if (!ip46_address_is_ip4 (local_addr))
154 t = BFD_TRANSPORT_UDP6;
156 bfd_session_t *bs = bfd_get_session (bum->bfd_main, t);
157 bfd_udp_session_t *bus = &bs->udp;
158 memset (bus, 0, sizeof (*bus));
159 bfd_udp_key_t *key = &bus->key;
160 bfd_udp_key_init (key, sw_if_index, local_addr, peer_addr);
161 const bfd_session_t *tmp = bfd_lookup_session (bum, key);
164 clib_warning ("duplicate bfd-udp session, existing bs_idx=%d",
166 bfd_put_session (bum->bfd_main, bs);
167 return VNET_API_ERROR_BFD_EEXIST;
169 mhash_set (&bum->bfd_session_idx_by_bfd_key, key, bs->bs_idx, NULL);
170 BFD_DBG ("session created, bs_idx=%u, sw_if_index=%d, local=%U, peer=%U",
171 bs->bs_idx, key->sw_if_index, format_ip46_address,
172 &key->local_addr, IP46_TYPE_ANY, format_ip46_address,
173 &key->peer_addr, IP46_TYPE_ANY);
174 if (BFD_TRANSPORT_UDP4 == t)
176 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4, VNET_LINK_IP4,
179 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP4, VNET_LINK_IP4, %U, %d) "
180 "returns %d", format_ip46_address, &key->peer_addr,
181 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
185 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP6, VNET_LINK_IP6,
188 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP6, VNET_LINK_IP6, %U, %d) "
189 "returns %d", format_ip46_address, &key->peer_addr,
190 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
193 return bfd_session_set_params (bum->bfd_main, bs, desired_min_tx_usec,
194 required_min_rx_usec, detect_mult);
197 static vnet_api_error_t
198 bfd_udp_validate_api_input (u32 sw_if_index,
199 const ip46_address_t * local_addr,
200 const ip46_address_t * peer_addr)
202 vnet_sw_interface_t *sw_if =
203 vnet_get_sw_interface (vnet_get_main (), sw_if_index);
204 u8 local_ip_valid = 0;
205 ip_interface_address_t *ia = NULL;
208 clib_warning ("got NULL sw_if");
209 return VNET_API_ERROR_INVALID_SW_IF_INDEX;
211 if (ip46_address_is_ip4 (local_addr))
213 if (!ip46_address_is_ip4 (peer_addr))
215 clib_warning ("IP family mismatch");
216 return VNET_API_ERROR_INVALID_ARGUMENT;
218 ip4_main_t *im = &ip4_main;
221 foreach_ip_interface_address (
222 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
224 ip_interface_address_get_address (&im->lookup_main, ia);
225 if (x->as_u32 == local_addr->ip4.as_u32)
227 /* valid address for this interface */
236 if (ip46_address_is_ip4 (peer_addr))
238 clib_warning ("IP family mismatch");
239 return VNET_API_ERROR_INVALID_ARGUMENT;
241 ip6_main_t *im = &ip6_main;
243 foreach_ip_interface_address (
244 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
246 ip_interface_address_get_address (&im->lookup_main, ia);
247 if (local_addr->ip6.as_u64[0] == x->as_u64[0] &&
248 local_addr->ip6.as_u64[1] == x->as_u64[1])
250 /* valid address for this interface */
260 clib_warning ("address not found on interface");
261 return VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
267 static vnet_api_error_t
268 bfd_udp_find_session_by_api_input (u32 sw_if_index,
269 const ip46_address_t * local_addr,
270 const ip46_address_t * peer_addr,
271 bfd_session_t ** bs_out)
273 vnet_api_error_t rv =
274 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
277 bfd_udp_main_t *bum = &bfd_udp_main;
279 bfd_udp_key_init (&key, sw_if_index, local_addr, peer_addr);
280 bfd_session_t *bs = bfd_lookup_session (bum, &key);
288 ("BFD session not found (sw_if_index=%u, local=%U, peer=%U",
289 sw_if_index, format_ip46_address, local_addr, IP46_TYPE_ANY,
290 format_ip46_address, peer_addr, IP46_TYPE_ANY);
291 return VNET_API_ERROR_BFD_ENOENT;
297 static vnet_api_error_t
298 bfd_api_verify_common (u32 sw_if_index, u32 desired_min_tx_usec,
299 u32 required_min_rx_usec, u8 detect_mult,
300 const ip46_address_t * local_addr,
301 const ip46_address_t * peer_addr)
303 vnet_api_error_t rv =
304 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
311 clib_warning ("detect_mult < 1");
312 return VNET_API_ERROR_INVALID_ARGUMENT;
314 if (desired_min_tx_usec < 1)
316 clib_warning ("desired_min_tx_usec < 1");
317 return VNET_API_ERROR_INVALID_ARGUMENT;
323 bfd_udp_del_session_internal (bfd_session_t * bs)
325 bfd_udp_main_t *bum = &bfd_udp_main;
326 BFD_DBG ("free bfd-udp session, bs_idx=%d", bs->bs_idx);
327 mhash_unset (&bum->bfd_session_idx_by_bfd_key, &bs->udp.key, NULL);
328 adj_unlock (bs->udp.adj_index);
329 bfd_put_session (bum->bfd_main, bs);
333 bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
334 const ip46_address_t * peer_addr,
335 u32 desired_min_tx_usec, u32 required_min_rx_usec,
336 u8 detect_mult, u8 is_authenticated, u32 conf_key_id,
339 vnet_api_error_t rv =
340 bfd_api_verify_common (sw_if_index, desired_min_tx_usec,
341 required_min_rx_usec, detect_mult,
342 local_addr, peer_addr);
343 bfd_session_t *bs = NULL;
347 bfd_udp_add_session_internal (&bfd_udp_main, sw_if_index,
349 required_min_rx_usec, detect_mult,
350 local_addr, peer_addr, &bs);
352 if (!rv && is_authenticated)
355 rv = bfd_auth_activate (bs, conf_key_id, bfd_key_id,
356 0 /* is not delayed */ );
358 clib_warning ("SSL missing, cannot add authenticated BFD session");
359 rv = VNET_API_ERROR_BFD_NOTSUPP;
363 bfd_udp_del_session_internal (bs);
368 bfd_session_start (bfd_udp_main.bfd_main, bs);
375 bfd_udp_mod_session (u32 sw_if_index,
376 const ip46_address_t * local_addr,
377 const ip46_address_t * peer_addr,
378 u32 desired_min_tx_usec,
379 u32 required_min_rx_usec, u8 detect_mult)
381 bfd_session_t *bs = NULL;
382 vnet_api_error_t rv =
383 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
390 return bfd_session_set_params (bfd_udp_main.bfd_main, bs,
391 desired_min_tx_usec, required_min_rx_usec,
396 bfd_udp_del_session (u32 sw_if_index,
397 const ip46_address_t * local_addr,
398 const ip46_address_t * peer_addr)
400 bfd_session_t *bs = NULL;
401 vnet_api_error_t rv =
402 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
408 bfd_udp_del_session_internal (bs);
413 bfd_udp_session_set_flags (u32 sw_if_index,
414 const ip46_address_t * local_addr,
415 const ip46_address_t * peer_addr, u8 admin_up_down)
417 bfd_session_t *bs = NULL;
418 vnet_api_error_t rv =
419 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
425 bfd_session_set_flags (bs, admin_up_down);
430 bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
434 bfd_auth_key_t *auth_key = NULL;
435 if (!key_len || key_len > bfd_max_len_for_auth_type (auth_type))
437 clib_warning ("Invalid authentication key length for auth_type=%d:%s "
438 "(key_len=%u, must be "
439 "non-zero, expected max=%u)",
440 auth_type, bfd_auth_type_str (auth_type), key_len,
441 (u32) bfd_max_len_for_auth_type (auth_type));
442 return VNET_API_ERROR_INVALID_VALUE;
444 if (!bfd_auth_type_supported (auth_type))
446 clib_warning ("Unsupported auth type=%d:%s", auth_type,
447 bfd_auth_type_str (auth_type));
448 return VNET_API_ERROR_BFD_NOTSUPP;
450 bfd_main_t *bm = bfd_udp_main.bfd_main;
451 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
454 /* modifying existing key - must not be used */
455 const uword key_idx = *key_idx_p;
456 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
457 if (auth_key->use_count > 0)
459 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
460 "sessions - cannot modify",
461 conf_key_id, auth_key->use_count);
462 return VNET_API_ERROR_BFD_EINUSE;
468 pool_get (bm->auth_keys, auth_key);
469 auth_key->conf_key_id = conf_key_id;
470 hash_set (bm->auth_key_by_conf_key_id, conf_key_id,
471 auth_key - bm->auth_keys);
473 auth_key->auth_type = auth_type;
474 memset (auth_key->key, 0, sizeof (auth_key->key));
475 clib_memcpy (auth_key->key, key_data, key_len);
478 clib_warning ("SSL missing, cannot manipulate authentication keys");
479 return VNET_API_ERROR_BFD_NOTSUPP;
484 bfd_auth_del_key (u32 conf_key_id)
487 bfd_auth_key_t *auth_key = NULL;
488 bfd_main_t *bm = bfd_udp_main.bfd_main;
489 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
492 /* deleting existing key - must not be used */
493 const uword key_idx = *key_idx_p;
494 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
495 if (auth_key->use_count > 0)
497 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
498 "sessions - cannot delete",
499 conf_key_id, auth_key->use_count);
500 return VNET_API_ERROR_BFD_EINUSE;
502 hash_unset (bm->auth_key_by_conf_key_id, conf_key_id);
503 memset (auth_key, 0, sizeof (*auth_key));
504 pool_put (bm->auth_keys, auth_key);
509 clib_warning ("Authentication key with conf ID %u does not exist",
511 return VNET_API_ERROR_BFD_ENOENT;
515 clib_warning ("SSL missing, cannot manipulate authentication keys");
516 return VNET_API_ERROR_BFD_NOTSUPP;
521 bfd_udp_auth_activate (u32 sw_if_index,
522 const ip46_address_t * local_addr,
523 const ip46_address_t * peer_addr,
524 u32 conf_key_id, u8 key_id, u8 is_delayed)
527 bfd_session_t *bs = NULL;
528 vnet_api_error_t rv =
529 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
535 return bfd_auth_activate (bs, conf_key_id, key_id, is_delayed);
537 clib_warning ("SSL missing, cannot activate BFD authentication");
538 return VNET_API_ERROR_BFD_NOTSUPP;
543 bfd_udp_auth_deactivate (u32 sw_if_index,
544 const ip46_address_t * local_addr,
545 const ip46_address_t * peer_addr, u8 is_delayed)
547 bfd_session_t *bs = NULL;
548 vnet_api_error_t rv =
549 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
555 return bfd_auth_deactivate (bs, is_delayed);
560 BFD_UDP_INPUT_NEXT_NORMAL,
561 BFD_UDP_INPUT_NEXT_REPLY,
562 BFD_UDP_INPUT_N_NEXT,
563 } bfd_udp_input_next_t;
565 /* Packet counters */
566 #define foreach_bfd_udp_error(F) \
567 F (NONE, "good bfd packets (processed)") \
568 F (BAD, "invalid bfd packets") \
569 F (DISABLED, "bfd packets received on disabled interfaces")
571 #define F(sym, string) static char BFD_UDP_ERR_##sym##_STR[] = string;
572 foreach_bfd_udp_error (F);
575 static char *bfd_udp_error_strings[] = {
576 #define F(sym, string) BFD_UDP_ERR_##sym##_STR,
577 foreach_bfd_udp_error (F)
583 #define F(sym, str) BFD_UDP_ERROR_##sym,
584 foreach_bfd_udp_error (F)
590 bfd_udp4_find_headers (vlib_buffer_t * b, const ip4_header_t ** ip4,
591 const udp_header_t ** udp)
593 /* sanity check first */
594 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
595 if (start < 0 && start < sizeof (b->pre_data))
597 BFD_ERR ("Start of ip header is before pre_data, ignoring");
602 *ip4 = (ip4_header_t *) (b->data + start);
603 if ((u8 *) * ip4 > (u8 *) vlib_buffer_get_current (b))
605 BFD_ERR ("Start of ip header is beyond current data, ignoring");
610 *udp = (udp_header_t *) ((*ip4) + 1);
613 static bfd_udp_error_t
614 bfd_udp4_verify_transport (const ip4_header_t * ip4,
615 const udp_header_t * udp, const bfd_session_t * bs)
617 const bfd_udp_session_t *bus = &bs->udp;
618 const bfd_udp_key_t *key = &bus->key;
619 if (ip4->src_address.as_u32 != key->peer_addr.ip4.as_u32)
621 BFD_ERR ("IPv4 src addr mismatch, got %U, expected %U",
622 format_ip4_address, ip4->src_address.as_u8, format_ip4_address,
623 key->peer_addr.ip4.as_u8);
624 return BFD_UDP_ERROR_BAD;
626 if (ip4->dst_address.as_u32 != key->local_addr.ip4.as_u32)
628 BFD_ERR ("IPv4 dst addr mismatch, got %U, expected %U",
629 format_ip4_address, ip4->dst_address.as_u8, format_ip4_address,
630 key->local_addr.ip4.as_u8);
631 return BFD_UDP_ERROR_BAD;
633 const u8 expected_ttl = 255;
634 if (ip4->ttl != expected_ttl)
636 BFD_ERR ("IPv4 unexpected TTL value %u, expected %u", ip4->ttl,
638 return BFD_UDP_ERROR_BAD;
640 if (clib_net_to_host_u16 (udp->src_port) < 49152 ||
641 clib_net_to_host_u16 (udp->src_port) > 65535)
643 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
646 return BFD_UDP_ERROR_NONE;
656 bfd_rpc_update_session_cb (const bfd_rpc_update_t * a)
658 bfd_consume_pkt (bfd_udp_main.bfd_main, &a->pkt, a->bs_idx);
662 bfd_rpc_update_session (u32 bs_idx, const bfd_pkt_t * pkt)
664 /* packet length was already verified to be correct by the caller */
665 const u32 data_size = sizeof (bfd_rpc_update_t) -
666 STRUCT_SIZE_OF (bfd_rpc_update_t, pkt) + pkt->head.length;
668 bfd_rpc_update_t *update = (bfd_rpc_update_t *) data;
669 update->bs_idx = bs_idx;
670 clib_memcpy (&update->pkt, pkt, pkt->head.length);
671 vl_api_rpc_call_main_thread (bfd_rpc_update_session_cb, data, data_size);
674 static bfd_udp_error_t
675 bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
676 vlib_buffer_t * b, bfd_session_t ** bs_out)
678 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
679 if (sizeof (*pkt) > b->current_length)
682 ("Payload size %d too small to hold bfd packet of minimum size %d",
683 b->current_length, sizeof (*pkt));
684 return BFD_UDP_ERROR_BAD;
686 const ip4_header_t *ip4;
687 const udp_header_t *udp;
688 bfd_udp4_find_headers (b, &ip4, &udp);
691 BFD_ERR ("Couldn't find ip4 or udp header");
692 return BFD_UDP_ERROR_BAD;
694 const u32 udp_payload_length = udp->length - sizeof (*udp);
695 if (pkt->head.length > udp_payload_length)
698 ("BFD packet length is larger than udp payload length (%u > %u)",
699 pkt->head.length, udp_payload_length);
700 return BFD_UDP_ERROR_BAD;
702 if (!bfd_verify_pkt_common (pkt))
704 return BFD_UDP_ERROR_BAD;
706 bfd_session_t *bs = NULL;
709 BFD_DBG ("Looking up BFD session using discriminator %u",
711 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
716 memset (&key, 0, sizeof (key));
717 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
718 key.local_addr.ip4.as_u32 = ip4->dst_address.as_u32;
719 key.peer_addr.ip4.as_u32 = ip4->src_address.as_u32;
720 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
722 key.sw_if_index, format_ip4_address, key.local_addr.ip4.as_u8,
723 format_ip4_address, key.peer_addr.ip4.as_u8);
724 bs = bfd_lookup_session (&bfd_udp_main, &key);
728 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
729 return BFD_UDP_ERROR_BAD;
731 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
732 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
734 BFD_ERR ("Packet verification failed, dropping packet");
735 return BFD_UDP_ERROR_BAD;
738 if (BFD_UDP_ERROR_NONE != (err = bfd_udp4_verify_transport (ip4, udp, bs)))
742 bfd_rpc_update_session (bs->bs_idx, pkt);
744 return BFD_UDP_ERROR_NONE;
748 bfd_udp6_find_headers (vlib_buffer_t * b, const ip6_header_t ** ip6,
749 const udp_header_t ** udp)
751 /* sanity check first */
752 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
753 if (start < 0 && start < sizeof (b->pre_data))
755 BFD_ERR ("Start of ip header is before pre_data, ignoring");
760 *ip6 = (ip6_header_t *) (b->data + start);
761 if ((u8 *) * ip6 > (u8 *) vlib_buffer_get_current (b))
763 BFD_ERR ("Start of ip header is beyond current data, ignoring");
768 if ((*ip6)->protocol != IP_PROTOCOL_UDP)
770 BFD_ERR ("Unexpected protocol in IPv6 header '%u', expected '%u' (== "
771 "IP_PROTOCOL_UDP)", (*ip6)->protocol, IP_PROTOCOL_UDP);
776 *udp = (udp_header_t *) ((*ip6) + 1);
779 static bfd_udp_error_t
780 bfd_udp6_verify_transport (const ip6_header_t * ip6,
781 const udp_header_t * udp, const bfd_session_t * bs)
783 const bfd_udp_session_t *bus = &bs->udp;
784 const bfd_udp_key_t *key = &bus->key;
785 if (ip6->src_address.as_u64[0] != key->peer_addr.ip6.as_u64[0] &&
786 ip6->src_address.as_u64[1] != key->peer_addr.ip6.as_u64[1])
788 BFD_ERR ("IP src addr mismatch, got %U, expected %U",
789 format_ip6_address, ip6, format_ip6_address,
790 &key->peer_addr.ip6);
791 return BFD_UDP_ERROR_BAD;
793 if (ip6->dst_address.as_u64[0] != key->local_addr.ip6.as_u64[0] &&
794 ip6->dst_address.as_u64[1] != key->local_addr.ip6.as_u64[1])
796 BFD_ERR ("IP dst addr mismatch, got %U, expected %U",
797 format_ip6_address, ip6, format_ip6_address,
798 &key->local_addr.ip6);
799 return BFD_UDP_ERROR_BAD;
801 const u8 expected_hop_limit = 255;
802 if (ip6->hop_limit != expected_hop_limit)
804 BFD_ERR ("IPv6 unexpected hop-limit value %u, expected %u",
805 ip6->hop_limit, expected_hop_limit);
806 return BFD_UDP_ERROR_BAD;
808 if (clib_net_to_host_u16 (udp->src_port) < 49152 ||
809 clib_net_to_host_u16 (udp->src_port) > 65535)
811 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
814 return BFD_UDP_ERROR_NONE;
817 static bfd_udp_error_t
818 bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
819 vlib_buffer_t * b, bfd_session_t ** bs_out)
821 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
822 if (sizeof (*pkt) > b->current_length)
825 ("Payload size %d too small to hold bfd packet of minimum size %d",
826 b->current_length, sizeof (*pkt));
827 return BFD_UDP_ERROR_BAD;
829 const ip6_header_t *ip6;
830 const udp_header_t *udp;
831 bfd_udp6_find_headers (b, &ip6, &udp);
834 BFD_ERR ("Couldn't find ip6 or udp header");
835 return BFD_UDP_ERROR_BAD;
837 const u32 udp_payload_length = udp->length - sizeof (*udp);
838 if (pkt->head.length > udp_payload_length)
841 ("BFD packet length is larger than udp payload length (%u > %u)",
842 pkt->head.length, udp_payload_length);
843 return BFD_UDP_ERROR_BAD;
845 if (!bfd_verify_pkt_common (pkt))
847 return BFD_UDP_ERROR_BAD;
849 bfd_session_t *bs = NULL;
852 BFD_DBG ("Looking up BFD session using discriminator %u",
854 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
859 memset (&key, 0, sizeof (key));
860 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
861 key.local_addr.ip6.as_u64[0] = ip6->dst_address.as_u64[0];
862 key.local_addr.ip6.as_u64[1] = ip6->dst_address.as_u64[1];
863 key.peer_addr.ip6.as_u64[0] = ip6->src_address.as_u64[0];
864 key.peer_addr.ip6.as_u64[1] = ip6->src_address.as_u64[1];
865 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
867 key.sw_if_index, format_ip6_address, &key.local_addr,
868 format_ip6_address, &key.peer_addr);
869 bs = bfd_lookup_session (&bfd_udp_main, &key);
873 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
874 return BFD_UDP_ERROR_BAD;
876 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
877 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
879 BFD_ERR ("Packet verification failed, dropping packet");
880 return BFD_UDP_ERROR_BAD;
883 if (BFD_UDP_ERROR_NONE != (err = bfd_udp6_verify_transport (ip6, udp, bs)))
887 bfd_rpc_update_session (bs->bs_idx, pkt);
889 return BFD_UDP_ERROR_NONE;
893 * Process a frame of bfd packets
894 * Expect 1 packet / frame
897 bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
898 vlib_frame_t * f, int is_ipv6)
900 u32 n_left_from, *from;
901 bfd_input_trace_t *t0;
903 from = vlib_frame_vector_args (f); /* array of buffer indices */
904 n_left_from = f->n_vectors; /* number of buffer indices */
906 while (n_left_from > 0)
913 b0 = vlib_get_buffer (vm, bi0);
915 bfd_session_t *bs = NULL;
917 /* If this pkt is traced, snapshot the data */
918 if (b0->flags & VLIB_BUFFER_IS_TRACED)
921 t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
922 len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
925 clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
928 /* scan this bfd pkt. error0 is the counter index to bmp */
931 error0 = bfd_udp6_scan (vm, rt, b0, &bs);
935 error0 = bfd_udp4_scan (vm, rt, b0, &bs);
937 b0->error = rt->errors[error0];
939 next0 = BFD_UDP_INPUT_NEXT_NORMAL;
940 if (BFD_UDP_ERROR_NONE == error0)
943 * if everything went fine, check for poll bit, if present, re-use
944 * the buffer and based on (now updated) session parameters, send
945 * the final packet back
947 const bfd_pkt_t *pkt = vlib_buffer_get_current (b0);
948 if (bfd_pkt_get_poll (pkt))
950 bfd_init_final_control_frame (vm, b0, bs);
953 vlib_node_increment_counter (vm, bfd_udp6_input_node.index,
958 vlib_node_increment_counter (vm, bfd_udp4_input_node.index,
961 next0 = BFD_UDP_INPUT_NEXT_REPLY;
964 vlib_set_next_frame_buffer (vm, rt, next0, bi0);
974 bfd_udp4_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
976 return bfd_udp_input (vm, rt, f, 0);
980 * bfd input graph node declaration
983 VLIB_REGISTER_NODE (bfd_udp4_input_node, static) = {
984 .function = bfd_udp4_input,
985 .name = "bfd-udp4-input",
986 .vector_size = sizeof (u32),
987 .type = VLIB_NODE_TYPE_INTERNAL,
989 .n_errors = BFD_UDP_N_ERROR,
990 .error_strings = bfd_udp_error_strings,
992 .format_trace = bfd_input_format_trace,
994 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
997 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
998 [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup",
1004 bfd_udp6_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1006 return bfd_udp_input (vm, rt, f, 1);
1010 VLIB_REGISTER_NODE (bfd_udp6_input_node, static) = {
1011 .function = bfd_udp6_input,
1012 .name = "bfd-udp6-input",
1013 .vector_size = sizeof (u32),
1014 .type = VLIB_NODE_TYPE_INTERNAL,
1016 .n_errors = BFD_UDP_N_ERROR,
1017 .error_strings = bfd_udp_error_strings,
1019 .format_trace = bfd_input_format_trace,
1021 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1024 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1025 [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup",
1030 static clib_error_t *
1031 bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
1033 // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1034 if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1041 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
1043 static clib_error_t *
1044 bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
1046 if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1053 VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION (bfd_hw_interface_up_down);
1058 static clib_error_t *
1059 bfd_udp_init (vlib_main_t * vm)
1061 mhash_init (&bfd_udp_main.bfd_session_idx_by_bfd_key, sizeof (uword),
1062 sizeof (bfd_udp_key_t));
1063 bfd_udp_main.bfd_main = &bfd_main;
1064 udp_register_dst_port (vm, UDP_DST_PORT_bfd4, bfd_udp4_input_node.index, 1);
1065 udp_register_dst_port (vm, UDP_DST_PORT_bfd6, bfd_udp6_input_node.index, 0);
1069 VLIB_INIT_FUNCTION (bfd_udp_init);
1072 * fd.io coding-style-patch-verification: ON
1075 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob