2 * Copyright (c) 2011-2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vppinfra/types.h>
16 #include <vlibmemory/api.h>
17 #include <vlib/vlib.h>
18 #include <vlib/buffer.h>
19 #include <vnet/ip/format.h>
20 #include <vnet/ethernet/packet.h>
21 #include <vnet/udp/udp_packet.h>
22 #include <vnet/udp/udp.h>
23 #include <vnet/ip/lookup.h>
24 #include <vnet/ip/icmp46_packet.h>
25 #include <vnet/ip/ip4.h>
26 #include <vnet/ip/ip6.h>
27 #include <vnet/ip/ip6_packet.h>
28 #include <vnet/adj/adj.h>
29 #include <vnet/adj/adj_nbr.h>
30 #include <vnet/dpo/receive_dpo.h>
31 #include <vnet/fib/fib_entry.h>
32 #include <vnet/fib/fib_table.h>
33 #include <vnet/bfd/bfd_debug.h>
34 #include <vnet/bfd/bfd_udp.h>
35 #include <vnet/bfd/bfd_main.h>
36 #include <vnet/bfd/bfd_api.h>
41 /* hashmap - bfd session index by bfd key - used for CLI/API lookup, where
42 * discriminator is unknown */
43 mhash_t bfd_session_idx_by_bfd_key;
44 /* convenience variable */
45 vnet_main_t *vnet_main;
46 /* flag indicating whether echo_source_sw_if_index holds a valid value */
47 int echo_source_is_set;
48 /* loopback interface used to get echo source ip */
49 u32 echo_source_sw_if_index;
52 static vlib_node_registration_t bfd_udp4_input_node;
53 static vlib_node_registration_t bfd_udp6_input_node;
54 static vlib_node_registration_t bfd_udp_echo4_input_node;
55 static vlib_node_registration_t bfd_udp_echo6_input_node;
57 bfd_udp_main_t bfd_udp_main;
60 bfd_udp_set_echo_source (u32 sw_if_index)
62 vnet_sw_interface_t *sw_if =
63 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main, sw_if_index);
66 bfd_udp_main.echo_source_sw_if_index = sw_if_index;
67 bfd_udp_main.echo_source_is_set = 1;
70 return VNET_API_ERROR_BFD_ENOENT;
74 bfd_udp_del_echo_source (u32 sw_if_index)
76 bfd_udp_main.echo_source_sw_if_index = ~0;
77 bfd_udp_main.echo_source_is_set = 0;
82 bfd_udp_is_echo_available (bfd_transport_e transport)
84 if (!bfd_udp_main.echo_source_is_set)
86 BFD_DBG ("UDP echo source not set - echo not available");
90 * for the echo to work, we need a loopback interface with at least one
91 * address with netmask length at most 31 (ip4) or 127 (ip6) so that we can
92 * pick an unused address from that subnet
94 vnet_sw_interface_t *sw_if =
95 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main,
96 bfd_udp_main.echo_source_sw_if_index);
97 if (sw_if && sw_if->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
99 if (BFD_TRANSPORT_UDP4 == transport)
101 ip4_main_t *im = &ip4_main;
102 ip_interface_address_t *ia = NULL;
104 foreach_ip_interface_address (&im->lookup_main, ia,
105 bfd_udp_main.echo_source_sw_if_index,
106 0 /* honor unnumbered */, ({
107 if (ia->address_length <= 31)
114 else if (BFD_TRANSPORT_UDP6 == transport)
116 ip6_main_t *im = &ip6_main;
117 ip_interface_address_t *ia = NULL;
119 foreach_ip_interface_address (&im->lookup_main, ia,
120 bfd_udp_main.echo_source_sw_if_index,
121 0 /* honor unnumbered */, ({
122 if (ia->address_length <= 127)
130 BFD_DBG ("No usable IP address for UDP echo - echo not available");
135 bfd_udp_bs_idx_to_sport (u32 bs_idx)
137 /* The source port MUST be in the range 49152 through 65535. The same UDP
138 * source port number MUST be used for all BFD Control packets associated
139 * with a particular session. The source port number SHOULD be unique among
140 * all BFD sessions on the system. If more than 16384 BFD sessions are
141 * simultaneously active, UDP source port numbers MAY be reused on
142 * multiple sessions, but the number of distinct uses of the same UDP
143 * source port number SHOULD be minimized.
145 return 49152 + bs_idx % (65535 - 49152 + 1);
149 bfd_udp_get_echo_src_ip4 (ip4_address_t * addr)
151 if (!bfd_udp_main.echo_source_is_set)
153 BFD_ERR ("cannot find ip4 address, echo source not set");
156 ip_interface_address_t *ia = NULL;
157 ip4_main_t *im = &ip4_main;
160 foreach_ip_interface_address (
161 &im->lookup_main, ia, bfd_udp_main.echo_source_sw_if_index,
162 0 /* honor unnumbered */, ({
164 ip_interface_address_get_address (&im->lookup_main, ia);
165 if (ia->address_length <= 31)
167 addr->as_u32 = clib_host_to_net_u32 (x->as_u32);
169 * flip the last bit to get a different address, might be network,
173 addr->as_u32 = clib_net_to_host_u32 (addr->as_u32);
178 BFD_ERR ("cannot find ip4 address, no usable address found");
183 bfd_udp_get_echo_src_ip6 (ip6_address_t * addr)
185 if (!bfd_udp_main.echo_source_is_set)
187 BFD_ERR ("cannot find ip6 address, echo source not set");
190 ip_interface_address_t *ia = NULL;
191 ip6_main_t *im = &ip6_main;
194 foreach_ip_interface_address (
195 &im->lookup_main, ia, bfd_udp_main.echo_source_sw_if_index,
196 0 /* honor unnumbered */, ({
198 ip_interface_address_get_address (&im->lookup_main, ia);
199 if (ia->address_length <= 127)
202 addr->as_u8[15] ^= 1; /* flip the last bit of the address */
207 BFD_ERR ("cannot find ip6 address, no usable address found");
212 bfd_udp_get_echo_source (int *is_set, u32 * sw_if_index, int *have_usable_ip4,
213 ip4_address_t * ip4, int *have_usable_ip6,
216 if (bfd_udp_main.echo_source_is_set)
219 *sw_if_index = bfd_udp_main.echo_source_sw_if_index;
220 *have_usable_ip4 = bfd_udp_get_echo_src_ip4 (ip4);
221 *have_usable_ip6 = bfd_udp_get_echo_src_ip6 (ip6);
230 bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b,
231 const bfd_session_t * bs, int is_echo)
233 const bfd_udp_session_t *bus = &bs->udp;
234 const bfd_udp_key_t *key = &bus->key;
236 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
237 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
238 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
244 ip4_udp_headers *headers = NULL;
245 vlib_buffer_advance (b, -sizeof (*headers));
246 headers = vlib_buffer_get_current (b);
247 memset (headers, 0, sizeof (*headers));
248 headers->ip4.ip_version_and_header_length = 0x45;
249 headers->ip4.ttl = 255;
250 headers->ip4.protocol = IP_PROTOCOL_UDP;
251 headers->udp.src_port =
252 clib_host_to_net_u16 (bfd_udp_bs_idx_to_sport (bs->bs_idx));
256 if (!(rv = bfd_udp_get_echo_src_ip4 (&headers->ip4.src_address)))
260 headers->ip4.dst_address.as_u32 = key->local_addr.ip4.as_u32;
261 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd_echo4);
265 headers->ip4.src_address.as_u32 = key->local_addr.ip4.as_u32;
266 headers->ip4.dst_address.as_u32 = key->peer_addr.ip4.as_u32;
267 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd4);
270 /* fix ip length, checksum and udp length */
271 const u16 ip_length = vlib_buffer_length_in_chain (vm, b);
273 headers->ip4.length = clib_host_to_net_u16 (ip_length);
274 headers->ip4.checksum = ip4_header_checksum (&headers->ip4);
276 const u16 udp_length = ip_length - (sizeof (headers->ip4));
277 headers->udp.length = clib_host_to_net_u16 (udp_length);
282 bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b,
283 const bfd_session_t * bs, int is_echo)
285 const bfd_udp_session_t *bus = &bs->udp;
286 const bfd_udp_key_t *key = &bus->key;
288 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
289 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
290 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
296 ip6_udp_headers *headers = NULL;
297 vlib_buffer_advance (b, -sizeof (*headers));
298 headers = vlib_buffer_get_current (b);
299 memset (headers, 0, sizeof (*headers));
300 headers->ip6.ip_version_traffic_class_and_flow_label =
301 clib_host_to_net_u32 (0x6 << 28);
302 headers->ip6.hop_limit = 255;
303 headers->ip6.protocol = IP_PROTOCOL_UDP;
304 headers->udp.src_port =
305 clib_host_to_net_u16 (bfd_udp_bs_idx_to_sport (bs->bs_idx));
309 if (!(rv = bfd_udp_get_echo_src_ip6 (&headers->ip6.src_address)))
313 clib_memcpy (&headers->ip6.dst_address, &key->local_addr.ip6,
314 sizeof (headers->ip6.dst_address));
316 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd_echo6);
320 clib_memcpy (&headers->ip6.src_address, &key->local_addr.ip6,
321 sizeof (headers->ip6.src_address));
322 clib_memcpy (&headers->ip6.dst_address, &key->peer_addr.ip6,
323 sizeof (headers->ip6.dst_address));
324 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd6);
327 /* fix ip payload length and udp length */
328 const u16 udp_length =
329 vlib_buffer_length_in_chain (vm, b) - (sizeof (headers->ip6));
330 headers->udp.length = clib_host_to_net_u16 (udp_length);
331 headers->ip6.payload_length = headers->udp.length;
333 /* IPv6 UDP checksum is mandatory */
335 headers->udp.checksum =
336 ip6_tcp_udp_icmp_compute_checksum (vm, b, &headers->ip6, &bogus);
338 if (headers->udp.checksum == 0)
340 headers->udp.checksum = 0xffff;
345 static bfd_session_t *
346 bfd_lookup_session (bfd_udp_main_t * bum, const bfd_udp_key_t * key)
348 uword *p = mhash_get (&bum->bfd_session_idx_by_bfd_key, key);
351 return bfd_find_session_by_idx (bum->bfd_main, *p);
357 bfd_udp_key_init (bfd_udp_key_t * key, u32 sw_if_index,
358 const ip46_address_t * local_addr,
359 const ip46_address_t * peer_addr)
361 memset (key, 0, sizeof (*key));
362 key->sw_if_index = sw_if_index;
363 key->local_addr.as_u64[0] = local_addr->as_u64[0];
364 key->local_addr.as_u64[1] = local_addr->as_u64[1];
365 key->peer_addr.as_u64[0] = peer_addr->as_u64[0];
366 key->peer_addr.as_u64[1] = peer_addr->as_u64[1];
369 static vnet_api_error_t
370 bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
371 u32 desired_min_tx_usec,
372 u32 required_min_rx_usec, u8 detect_mult,
373 const ip46_address_t * local_addr,
374 const ip46_address_t * peer_addr,
375 bfd_session_t ** bs_out)
377 /* get a pool entry and if we end up not needing it, give it back */
378 bfd_transport_e t = BFD_TRANSPORT_UDP4;
379 if (!ip46_address_is_ip4 (local_addr))
381 t = BFD_TRANSPORT_UDP6;
383 bfd_session_t *bs = bfd_get_session (bum->bfd_main, t);
386 bfd_put_session (bum->bfd_main, bs);
387 return VNET_API_ERROR_BFD_EAGAIN;
389 bfd_udp_session_t *bus = &bs->udp;
390 memset (bus, 0, sizeof (*bus));
391 bfd_udp_key_t *key = &bus->key;
392 bfd_udp_key_init (key, sw_if_index, local_addr, peer_addr);
393 const bfd_session_t *tmp = bfd_lookup_session (bum, key);
396 clib_warning ("duplicate bfd-udp session, existing bs_idx=%d",
398 bfd_put_session (bum->bfd_main, bs);
399 return VNET_API_ERROR_BFD_EEXIST;
401 mhash_set (&bum->bfd_session_idx_by_bfd_key, key, bs->bs_idx, NULL);
402 BFD_DBG ("session created, bs_idx=%u, sw_if_index=%d, local=%U, peer=%U",
403 bs->bs_idx, key->sw_if_index, format_ip46_address,
404 &key->local_addr, IP46_TYPE_ANY, format_ip46_address,
405 &key->peer_addr, IP46_TYPE_ANY);
406 if (BFD_TRANSPORT_UDP4 == t)
408 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4, VNET_LINK_IP4,
411 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP4, VNET_LINK_IP4, %U, %d) "
412 "returns %d", format_ip46_address, &key->peer_addr,
413 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
417 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP6, VNET_LINK_IP6,
420 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP6, VNET_LINK_IP6, %U, %d) "
421 "returns %d", format_ip46_address, &key->peer_addr,
422 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
425 return bfd_session_set_params (bum->bfd_main, bs, desired_min_tx_usec,
426 required_min_rx_usec, detect_mult);
429 static vnet_api_error_t
430 bfd_udp_validate_api_input (u32 sw_if_index,
431 const ip46_address_t * local_addr,
432 const ip46_address_t * peer_addr)
434 vnet_sw_interface_t *sw_if =
435 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main, sw_if_index);
436 u8 local_ip_valid = 0;
437 ip_interface_address_t *ia = NULL;
440 clib_warning ("got NULL sw_if");
441 return VNET_API_ERROR_INVALID_SW_IF_INDEX;
443 if (ip46_address_is_ip4 (local_addr))
445 if (!ip46_address_is_ip4 (peer_addr))
447 clib_warning ("IP family mismatch");
448 return VNET_API_ERROR_INVALID_ARGUMENT;
450 ip4_main_t *im = &ip4_main;
453 foreach_ip_interface_address (
454 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
456 ip_interface_address_get_address (&im->lookup_main, ia);
457 if (x->as_u32 == local_addr->ip4.as_u32)
459 /* valid address for this interface */
468 if (ip46_address_is_ip4 (peer_addr))
470 clib_warning ("IP family mismatch");
471 return VNET_API_ERROR_INVALID_ARGUMENT;
473 ip6_main_t *im = &ip6_main;
475 foreach_ip_interface_address (
476 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
478 ip_interface_address_get_address (&im->lookup_main, ia);
479 if (local_addr->ip6.as_u64[0] == x->as_u64[0] &&
480 local_addr->ip6.as_u64[1] == x->as_u64[1])
482 /* valid address for this interface */
492 clib_warning ("address not found on interface");
493 return VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
499 static vnet_api_error_t
500 bfd_udp_find_session_by_api_input (u32 sw_if_index,
501 const ip46_address_t * local_addr,
502 const ip46_address_t * peer_addr,
503 bfd_session_t ** bs_out)
505 vnet_api_error_t rv =
506 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
509 bfd_udp_main_t *bum = &bfd_udp_main;
511 bfd_udp_key_init (&key, sw_if_index, local_addr, peer_addr);
512 bfd_session_t *bs = bfd_lookup_session (bum, &key);
520 ("BFD session not found (sw_if_index=%u, local=%U, peer=%U",
521 sw_if_index, format_ip46_address, local_addr, IP46_TYPE_ANY,
522 format_ip46_address, peer_addr, IP46_TYPE_ANY);
523 return VNET_API_ERROR_BFD_ENOENT;
529 static vnet_api_error_t
530 bfd_api_verify_common (u32 sw_if_index, u32 desired_min_tx_usec,
531 u32 required_min_rx_usec, u8 detect_mult,
532 const ip46_address_t * local_addr,
533 const ip46_address_t * peer_addr)
535 vnet_api_error_t rv =
536 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
543 clib_warning ("detect_mult < 1");
544 return VNET_API_ERROR_INVALID_ARGUMENT;
546 if (desired_min_tx_usec < 1)
548 clib_warning ("desired_min_tx_usec < 1");
549 return VNET_API_ERROR_INVALID_ARGUMENT;
555 bfd_udp_del_session_internal (bfd_session_t * bs)
557 bfd_udp_main_t *bum = &bfd_udp_main;
558 BFD_DBG ("free bfd-udp session, bs_idx=%d", bs->bs_idx);
559 mhash_unset (&bum->bfd_session_idx_by_bfd_key, &bs->udp.key, NULL);
560 adj_unlock (bs->udp.adj_index);
561 bfd_put_session (bum->bfd_main, bs);
565 bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
566 const ip46_address_t * peer_addr,
567 u32 desired_min_tx_usec, u32 required_min_rx_usec,
568 u8 detect_mult, u8 is_authenticated, u32 conf_key_id,
571 vnet_api_error_t rv =
572 bfd_api_verify_common (sw_if_index, desired_min_tx_usec,
573 required_min_rx_usec, detect_mult,
574 local_addr, peer_addr);
575 bfd_session_t *bs = NULL;
579 bfd_udp_add_session_internal (&bfd_udp_main, sw_if_index,
581 required_min_rx_usec, detect_mult,
582 local_addr, peer_addr, &bs);
584 if (!rv && is_authenticated)
587 rv = bfd_auth_activate (bs, conf_key_id, bfd_key_id,
588 0 /* is not delayed */ );
590 clib_warning ("SSL missing, cannot add authenticated BFD session");
591 rv = VNET_API_ERROR_BFD_NOTSUPP;
595 bfd_udp_del_session_internal (bs);
600 bfd_session_start (bfd_udp_main.bfd_main, bs);
607 bfd_udp_mod_session (u32 sw_if_index,
608 const ip46_address_t * local_addr,
609 const ip46_address_t * peer_addr,
610 u32 desired_min_tx_usec,
611 u32 required_min_rx_usec, u8 detect_mult)
613 bfd_session_t *bs = NULL;
614 vnet_api_error_t rv =
615 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
622 return bfd_session_set_params (bfd_udp_main.bfd_main, bs,
623 desired_min_tx_usec, required_min_rx_usec,
628 bfd_udp_del_session (u32 sw_if_index,
629 const ip46_address_t * local_addr,
630 const ip46_address_t * peer_addr)
632 bfd_session_t *bs = NULL;
633 vnet_api_error_t rv =
634 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
640 bfd_udp_del_session_internal (bs);
645 bfd_udp_session_set_flags (u32 sw_if_index,
646 const ip46_address_t * local_addr,
647 const ip46_address_t * peer_addr, u8 admin_up_down)
649 bfd_session_t *bs = NULL;
650 vnet_api_error_t rv =
651 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
657 bfd_session_set_flags (bs, admin_up_down);
662 bfd_udp_auth_activate (u32 sw_if_index,
663 const ip46_address_t * local_addr,
664 const ip46_address_t * peer_addr,
665 u32 conf_key_id, u8 key_id, u8 is_delayed)
668 bfd_session_t *bs = NULL;
669 vnet_api_error_t rv =
670 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
676 return bfd_auth_activate (bs, conf_key_id, key_id, is_delayed);
678 clib_warning ("SSL missing, cannot activate BFD authentication");
679 return VNET_API_ERROR_BFD_NOTSUPP;
684 bfd_udp_auth_deactivate (u32 sw_if_index,
685 const ip46_address_t * local_addr,
686 const ip46_address_t * peer_addr, u8 is_delayed)
688 bfd_session_t *bs = NULL;
689 vnet_api_error_t rv =
690 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
696 return bfd_auth_deactivate (bs, is_delayed);
701 BFD_UDP_INPUT_NEXT_NORMAL,
702 BFD_UDP_INPUT_NEXT_REPLY,
703 BFD_UDP_INPUT_N_NEXT,
704 } bfd_udp_input_next_t;
706 /* Packet counters - BFD control frames */
707 #define foreach_bfd_udp_error(F) \
708 F (NONE, "good bfd packets (processed)") \
709 F (BAD, "invalid bfd packets")
711 #define F(sym, string) static char BFD_UDP_ERR_##sym##_STR[] = string;
712 foreach_bfd_udp_error (F);
715 static char *bfd_udp_error_strings[] = {
716 #define F(sym, string) BFD_UDP_ERR_##sym##_STR,
717 foreach_bfd_udp_error (F)
723 #define F(sym, str) BFD_UDP_ERROR_##sym,
724 foreach_bfd_udp_error (F)
729 /* Packet counters - BFD ECHO packets */
730 #define foreach_bfd_udp_echo_error(F) \
731 F (NONE, "good bfd echo packets (processed)") \
732 F (BAD, "invalid bfd echo packets")
734 #define F(sym, string) static char BFD_UDP_ECHO_ERR_##sym##_STR[] = string;
735 foreach_bfd_udp_echo_error (F);
738 static char *bfd_udp_echo_error_strings[] = {
739 #define F(sym, string) BFD_UDP_ECHO_ERR_##sym##_STR,
740 foreach_bfd_udp_echo_error (F)
746 #define F(sym, str) BFD_UDP_ECHO_ERROR_##sym,
747 foreach_bfd_udp_echo_error (F)
749 BFD_UDP_ECHO_N_ERROR,
750 } bfd_udp_echo_error_t;
753 bfd_udp4_find_headers (vlib_buffer_t * b, ip4_header_t ** ip4,
756 /* sanity check first */
757 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
758 if (start < 0 && start < sizeof (b->pre_data))
760 BFD_ERR ("Start of ip header is before pre_data, ignoring");
765 *ip4 = (ip4_header_t *) (b->data + start);
766 if ((u8 *) * ip4 > (u8 *) vlib_buffer_get_current (b))
768 BFD_ERR ("Start of ip header is beyond current data, ignoring");
773 *udp = (udp_header_t *) ((*ip4) + 1);
776 static bfd_udp_error_t
777 bfd_udp4_verify_transport (const ip4_header_t * ip4,
778 const udp_header_t * udp, const bfd_session_t * bs)
780 const bfd_udp_session_t *bus = &bs->udp;
781 const bfd_udp_key_t *key = &bus->key;
782 if (ip4->src_address.as_u32 != key->peer_addr.ip4.as_u32)
784 BFD_ERR ("IPv4 src addr mismatch, got %U, expected %U",
785 format_ip4_address, ip4->src_address.as_u8, format_ip4_address,
786 key->peer_addr.ip4.as_u8);
787 return BFD_UDP_ERROR_BAD;
789 if (ip4->dst_address.as_u32 != key->local_addr.ip4.as_u32)
791 BFD_ERR ("IPv4 dst addr mismatch, got %U, expected %U",
792 format_ip4_address, ip4->dst_address.as_u8, format_ip4_address,
793 key->local_addr.ip4.as_u8);
794 return BFD_UDP_ERROR_BAD;
796 const u8 expected_ttl = 255;
797 if (ip4->ttl != expected_ttl)
799 BFD_ERR ("IPv4 unexpected TTL value %u, expected %u", ip4->ttl,
801 return BFD_UDP_ERROR_BAD;
803 if (clib_net_to_host_u16 (udp->src_port) < 49152)
805 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
808 return BFD_UDP_ERROR_NONE;
818 bfd_rpc_update_session_cb (const bfd_rpc_update_t * a)
820 bfd_consume_pkt (bfd_udp_main.bfd_main, &a->pkt, a->bs_idx);
824 bfd_rpc_update_session (u32 bs_idx, const bfd_pkt_t * pkt)
826 /* packet length was already verified to be correct by the caller */
827 const u32 data_size = sizeof (bfd_rpc_update_t) -
828 STRUCT_SIZE_OF (bfd_rpc_update_t, pkt) + pkt->head.length;
830 bfd_rpc_update_t *update = (bfd_rpc_update_t *) data;
831 update->bs_idx = bs_idx;
832 clib_memcpy (&update->pkt, pkt, pkt->head.length);
833 vl_api_rpc_call_main_thread (bfd_rpc_update_session_cb, data, data_size);
836 static bfd_udp_error_t
837 bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
838 vlib_buffer_t * b, bfd_session_t ** bs_out)
840 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
841 if (sizeof (*pkt) > b->current_length)
844 ("Payload size %d too small to hold bfd packet of minimum size %d",
845 b->current_length, sizeof (*pkt));
846 return BFD_UDP_ERROR_BAD;
850 bfd_udp4_find_headers (b, &ip4, &udp);
853 BFD_ERR ("Couldn't find ip4 or udp header");
854 return BFD_UDP_ERROR_BAD;
856 const u32 udp_payload_length = udp->length - sizeof (*udp);
857 if (pkt->head.length > udp_payload_length)
860 ("BFD packet length is larger than udp payload length (%u > %u)",
861 pkt->head.length, udp_payload_length);
862 return BFD_UDP_ERROR_BAD;
864 if (!bfd_verify_pkt_common (pkt))
866 return BFD_UDP_ERROR_BAD;
868 bfd_session_t *bs = NULL;
871 BFD_DBG ("Looking up BFD session using discriminator %u",
873 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
878 memset (&key, 0, sizeof (key));
879 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
880 key.local_addr.ip4.as_u32 = ip4->dst_address.as_u32;
881 key.peer_addr.ip4.as_u32 = ip4->src_address.as_u32;
882 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
884 key.sw_if_index, format_ip4_address, key.local_addr.ip4.as_u8,
885 format_ip4_address, key.peer_addr.ip4.as_u8);
886 bs = bfd_lookup_session (&bfd_udp_main, &key);
890 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
891 return BFD_UDP_ERROR_BAD;
893 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
894 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
896 BFD_ERR ("Packet verification failed, dropping packet");
897 return BFD_UDP_ERROR_BAD;
900 if (BFD_UDP_ERROR_NONE != (err = bfd_udp4_verify_transport (ip4, udp, bs)))
904 bfd_rpc_update_session (bs->bs_idx, pkt);
906 return BFD_UDP_ERROR_NONE;
910 bfd_udp6_find_headers (vlib_buffer_t * b, ip6_header_t ** ip6,
913 /* sanity check first */
914 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
915 if (start < 0 && start < sizeof (b->pre_data))
917 BFD_ERR ("Start of ip header is before pre_data, ignoring");
922 *ip6 = (ip6_header_t *) (b->data + start);
923 if ((u8 *) * ip6 > (u8 *) vlib_buffer_get_current (b))
925 BFD_ERR ("Start of ip header is beyond current data, ignoring");
930 if ((*ip6)->protocol != IP_PROTOCOL_UDP)
932 BFD_ERR ("Unexpected protocol in IPv6 header '%u', expected '%u' (== "
933 "IP_PROTOCOL_UDP)", (*ip6)->protocol, IP_PROTOCOL_UDP);
938 *udp = (udp_header_t *) ((*ip6) + 1);
941 static bfd_udp_error_t
942 bfd_udp6_verify_transport (const ip6_header_t * ip6,
943 const udp_header_t * udp, const bfd_session_t * bs)
945 const bfd_udp_session_t *bus = &bs->udp;
946 const bfd_udp_key_t *key = &bus->key;
947 if (ip6->src_address.as_u64[0] != key->peer_addr.ip6.as_u64[0] &&
948 ip6->src_address.as_u64[1] != key->peer_addr.ip6.as_u64[1])
950 BFD_ERR ("IP src addr mismatch, got %U, expected %U",
951 format_ip6_address, ip6, format_ip6_address,
952 &key->peer_addr.ip6);
953 return BFD_UDP_ERROR_BAD;
955 if (ip6->dst_address.as_u64[0] != key->local_addr.ip6.as_u64[0] &&
956 ip6->dst_address.as_u64[1] != key->local_addr.ip6.as_u64[1])
958 BFD_ERR ("IP dst addr mismatch, got %U, expected %U",
959 format_ip6_address, ip6, format_ip6_address,
960 &key->local_addr.ip6);
961 return BFD_UDP_ERROR_BAD;
963 const u8 expected_hop_limit = 255;
964 if (ip6->hop_limit != expected_hop_limit)
966 BFD_ERR ("IPv6 unexpected hop-limit value %u, expected %u",
967 ip6->hop_limit, expected_hop_limit);
968 return BFD_UDP_ERROR_BAD;
970 if (clib_net_to_host_u16 (udp->src_port) < 49152)
972 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
975 return BFD_UDP_ERROR_NONE;
978 static bfd_udp_error_t
979 bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
980 vlib_buffer_t * b, bfd_session_t ** bs_out)
982 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
983 if (sizeof (*pkt) > b->current_length)
986 ("Payload size %d too small to hold bfd packet of minimum size %d",
987 b->current_length, sizeof (*pkt));
988 return BFD_UDP_ERROR_BAD;
992 bfd_udp6_find_headers (b, &ip6, &udp);
995 BFD_ERR ("Couldn't find ip6 or udp header");
996 return BFD_UDP_ERROR_BAD;
998 const u32 udp_payload_length = udp->length - sizeof (*udp);
999 if (pkt->head.length > udp_payload_length)
1002 ("BFD packet length is larger than udp payload length (%u > %u)",
1003 pkt->head.length, udp_payload_length);
1004 return BFD_UDP_ERROR_BAD;
1006 if (!bfd_verify_pkt_common (pkt))
1008 return BFD_UDP_ERROR_BAD;
1010 bfd_session_t *bs = NULL;
1013 BFD_DBG ("Looking up BFD session using discriminator %u",
1015 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
1020 memset (&key, 0, sizeof (key));
1021 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
1022 key.local_addr.ip6.as_u64[0] = ip6->dst_address.as_u64[0];
1023 key.local_addr.ip6.as_u64[1] = ip6->dst_address.as_u64[1];
1024 key.peer_addr.ip6.as_u64[0] = ip6->src_address.as_u64[0];
1025 key.peer_addr.ip6.as_u64[1] = ip6->src_address.as_u64[1];
1026 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
1028 key.sw_if_index, format_ip6_address, &key.local_addr,
1029 format_ip6_address, &key.peer_addr);
1030 bs = bfd_lookup_session (&bfd_udp_main, &key);
1034 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
1035 return BFD_UDP_ERROR_BAD;
1037 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
1038 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
1040 BFD_ERR ("Packet verification failed, dropping packet");
1041 return BFD_UDP_ERROR_BAD;
1043 bfd_udp_error_t err;
1044 if (BFD_UDP_ERROR_NONE != (err = bfd_udp6_verify_transport (ip6, udp, bs)))
1048 bfd_rpc_update_session (bs->bs_idx, pkt);
1050 return BFD_UDP_ERROR_NONE;
1054 * Process a frame of bfd packets
1055 * Expect 1 packet / frame
1058 bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1059 vlib_frame_t * f, int is_ipv6)
1061 u32 n_left_from, *from;
1062 bfd_input_trace_t *t0;
1064 from = vlib_frame_vector_args (f); /* array of buffer indices */
1065 n_left_from = f->n_vectors; /* number of buffer indices */
1067 while (n_left_from > 0)
1074 b0 = vlib_get_buffer (vm, bi0);
1076 bfd_session_t *bs = NULL;
1078 /* If this pkt is traced, snapshot the data */
1079 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1082 t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
1083 len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
1084 : sizeof (t0->data);
1086 clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
1089 /* scan this bfd pkt. error0 is the counter index to bmp */
1092 error0 = bfd_udp6_scan (vm, rt, b0, &bs);
1096 error0 = bfd_udp4_scan (vm, rt, b0, &bs);
1098 b0->error = rt->errors[error0];
1100 next0 = BFD_UDP_INPUT_NEXT_NORMAL;
1101 if (BFD_UDP_ERROR_NONE == error0)
1104 * if everything went fine, check for poll bit, if present, re-use
1105 * the buffer and based on (now updated) session parameters, send
1106 * the final packet back
1108 const bfd_pkt_t *pkt = vlib_buffer_get_current (b0);
1109 if (bfd_pkt_get_poll (pkt))
1111 bfd_init_final_control_frame (vm, b0, bfd_udp_main.bfd_main,
1115 vlib_node_increment_counter (vm, bfd_udp6_input_node.index,
1120 vlib_node_increment_counter (vm, bfd_udp4_input_node.index,
1123 next0 = BFD_UDP_INPUT_NEXT_REPLY;
1126 vlib_set_next_frame_buffer (vm, rt, next0, bi0);
1132 return f->n_vectors;
1136 bfd_udp4_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1138 return bfd_udp_input (vm, rt, f, 0);
1142 * bfd input graph node declaration
1145 VLIB_REGISTER_NODE (bfd_udp4_input_node, static) = {
1146 .function = bfd_udp4_input,
1147 .name = "bfd-udp4-input",
1148 .vector_size = sizeof (u32),
1149 .type = VLIB_NODE_TYPE_INTERNAL,
1151 .n_errors = BFD_UDP_N_ERROR,
1152 .error_strings = bfd_udp_error_strings,
1154 .format_trace = bfd_input_format_trace,
1156 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1159 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1160 [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup",
1166 bfd_udp6_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1168 return bfd_udp_input (vm, rt, f, 1);
1172 VLIB_REGISTER_NODE (bfd_udp6_input_node, static) = {
1173 .function = bfd_udp6_input,
1174 .name = "bfd-udp6-input",
1175 .vector_size = sizeof (u32),
1176 .type = VLIB_NODE_TYPE_INTERNAL,
1178 .n_errors = BFD_UDP_N_ERROR,
1179 .error_strings = bfd_udp_error_strings,
1181 .format_trace = bfd_input_format_trace,
1183 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1186 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1187 [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup",
1193 * Process a frame of bfd echo packets
1194 * Expect 1 packet / frame
1197 bfd_udp_echo_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1198 vlib_frame_t * f, int is_ipv6)
1200 u32 n_left_from, *from;
1201 bfd_input_trace_t *t0;
1203 from = vlib_frame_vector_args (f); /* array of buffer indices */
1204 n_left_from = f->n_vectors; /* number of buffer indices */
1206 while (n_left_from > 0)
1213 b0 = vlib_get_buffer (vm, bi0);
1215 /* If this pkt is traced, snapshot the data */
1216 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1219 t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
1220 len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
1221 : sizeof (t0->data);
1223 clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
1226 if (bfd_consume_echo_pkt (bfd_udp_main.bfd_main, b0))
1228 b0->error = rt->errors[BFD_UDP_ERROR_NONE];
1229 next0 = BFD_UDP_INPUT_NEXT_NORMAL;
1233 /* loop back the packet */
1234 b0->error = rt->errors[BFD_UDP_ERROR_NONE];
1237 vlib_node_increment_counter (vm, bfd_udp_echo6_input_node.index,
1242 vlib_node_increment_counter (vm, bfd_udp_echo4_input_node.index,
1245 next0 = BFD_UDP_INPUT_NEXT_REPLY;
1248 vlib_set_next_frame_buffer (vm, rt, next0, bi0);
1254 return f->n_vectors;
1258 bfd_udp_echo4_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1261 return bfd_udp_echo_input (vm, rt, f, 0);
1265 bfd_echo_input_format_trace (u8 * s, va_list * args)
1267 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1268 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1269 const bfd_udp_echo_input_trace_t *t =
1270 va_arg (*args, bfd_udp_echo_input_trace_t *);
1271 if (t->len > STRUCT_SIZE_OF (bfd_pkt_t, head))
1273 s = format (s, "BFD ECHO:\n");
1274 s = format (s, " data: %U", format_hexdump, t->data, t->len);
1281 * bfd input graph node declaration
1284 VLIB_REGISTER_NODE (bfd_udp_echo4_input_node, static) = {
1285 .function = bfd_udp_echo4_input,
1286 .name = "bfd-udp-echo4-input",
1287 .vector_size = sizeof (u32),
1288 .type = VLIB_NODE_TYPE_INTERNAL,
1290 .n_errors = BFD_UDP_ECHO_N_ERROR,
1291 .error_strings = bfd_udp_error_strings,
1293 .format_trace = bfd_echo_input_format_trace,
1295 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1298 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1299 [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup",
1305 bfd_udp_echo6_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1308 return bfd_udp_echo_input (vm, rt, f, 1);
1312 VLIB_REGISTER_NODE (bfd_udp_echo6_input_node, static) = {
1313 .function = bfd_udp_echo6_input,
1314 .name = "bfd-udp-echo6-input",
1315 .vector_size = sizeof (u32),
1316 .type = VLIB_NODE_TYPE_INTERNAL,
1318 .n_errors = BFD_UDP_ECHO_N_ERROR,
1319 .error_strings = bfd_udp_echo_error_strings,
1321 .format_trace = bfd_echo_input_format_trace,
1323 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1326 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1327 [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup",
1333 static clib_error_t *
1334 bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
1336 // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1337 if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1344 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
1346 static clib_error_t *
1347 bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
1349 if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1356 VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION (bfd_hw_interface_up_down);
1361 static clib_error_t *
1362 bfd_udp_init (vlib_main_t * vm)
1364 mhash_init (&bfd_udp_main.bfd_session_idx_by_bfd_key, sizeof (uword),
1365 sizeof (bfd_udp_key_t));
1366 bfd_udp_main.bfd_main = &bfd_main;
1367 bfd_udp_main.vnet_main = vnet_get_main ();
1368 udp_register_dst_port (vm, UDP_DST_PORT_bfd4, bfd_udp4_input_node.index, 1);
1369 udp_register_dst_port (vm, UDP_DST_PORT_bfd6, bfd_udp6_input_node.index, 0);
1370 udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo4,
1371 bfd_udp_echo4_input_node.index, 1);
1372 udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo6,
1373 bfd_udp_echo6_input_node.index, 0);
1377 VLIB_INIT_FUNCTION (bfd_udp_init);
1380 * fd.io coding-style-patch-verification: ON
1383 * eval: (c-set-style "gnu")