* @brief BFD nodes implementation
*/
-#if WITH_LIBSSL > 0
-#include <openssl/sha.h>
-#endif
-
-#if __SSE4_2__
-#include <x86intrin.h>
-#endif
-
#include <vlibmemory/api.h>
#include <vppinfra/random.h>
#include <vppinfra/error.h>
#include <vnet/bfd/bfd_protocol.h>
#include <vnet/bfd/bfd_main.h>
#include <vlib/log.h>
+#include <vnet/crypto/crypto.h>
static u64
bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret)
{
u64 checksum = 0;
#if defined(clib_crc32c_uses_intrinsics) && !defined (__i386__)
- checksum = crc32_u64 (0, discriminator);
- checksum = crc32_u64 (checksum, expire_time);
- checksum = crc32_u64 (checksum, secret);
+ checksum = clib_crc32c_u64 (0, discriminator);
+ checksum = clib_crc32c_u64 (checksum, expire_time);
+ checksum = clib_crc32c_u64 (checksum, secret);
#else
checksum = clib_xxhash (discriminator ^ expire_time ^ secret);
#endif
}
static void
-bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_tx_interval (bfd_session_t *bs)
{
bs->transmit_interval_nsec =
clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_rx_nsec);
}
static void
-bfd_recalc_echo_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_echo_tx_interval (bfd_session_t *bs)
{
bs->echo_transmit_interval_nsec =
clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_echo_rx_nsec);
}
static void
-bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_calc_next_echo_tx (bfd_session_t *bs, u64 now)
{
bs->echo_tx_timeout_nsec =
bs->echo_last_tx_nsec + bs->echo_transmit_interval_nsec;
}
static void
-bfd_recalc_detection_time (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_detection_time (bfd_session_t *bs)
{
if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up)
{
bs->effective_desired_min_tx_nsec = desired_min_tx_nsec;
BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->effective_desired_min_tx_nsec));
- bfd_recalc_detection_time (bm, bs);
- bfd_recalc_tx_interval (bm, bs);
- bfd_recalc_echo_tx_interval (bm, bs);
+ bfd_recalc_detection_time (bs);
+ bfd_recalc_tx_interval (bs);
+ bfd_recalc_echo_tx_interval (bs);
bfd_calc_next_tx (bm, bs, now);
}
static void
-bfd_set_effective_required_min_rx (bfd_main_t * bm,
- bfd_session_t * bs,
- u64 required_min_rx_nsec)
+bfd_set_effective_required_min_rx (bfd_session_t *bs, u64 required_min_rx_nsec)
{
bs->effective_required_min_rx_nsec = required_min_rx_nsec;
BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->effective_required_min_rx_nsec));
- bfd_recalc_detection_time (bm, bs);
+ bfd_recalc_detection_time (bs);
}
static void
-bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs,
- u64 now, u32 remote_required_min_rx_usec)
+bfd_set_remote_required_min_rx (bfd_session_t *bs,
+ u32 remote_required_min_rx_usec)
{
if (bs->remote_min_rx_usec != remote_required_min_rx_usec)
{
bs->remote_min_rx_nsec = bfd_usec_to_nsec (remote_required_min_rx_usec);
BFD_DBG ("Set remote min rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->remote_min_rx_nsec));
- bfd_recalc_detection_time (bm, bs);
- bfd_recalc_tx_interval (bm, bs);
+ bfd_recalc_detection_time (bs);
+ bfd_recalc_tx_interval (bs);
}
}
static void
-bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs,
- u64 now,
+bfd_set_remote_required_min_echo_rx (bfd_session_t *bs,
u32 remote_required_min_echo_rx_usec)
{
if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec)
bfd_usec_to_nsec (bs->remote_min_echo_rx_usec);
BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->remote_min_echo_rx_nsec));
- bfd_recalc_echo_tx_interval (bm, bs);
+ bfd_recalc_echo_tx_interval (bs);
}
}
BFD_DBG ("\nStarting session: %U", format_bfd_session, bs);
vlib_log_info (bm->log_class, "start BFD session: %U",
format_bfd_session_brief, bs);
- bfd_set_effective_required_min_rx (bm, bs, bs->config_required_min_rx_nsec);
- bfd_recalc_tx_interval (bm, bs);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
+ bfd_recalc_tx_interval (bs);
vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
BFD_EVENT_NEW_SESSION, bs->bs_idx);
bfd_notify_listeners (bm, BFD_LISTEN_EVENT_CREATE, bs);
clib_max
(bs->config_desired_min_tx_nsec,
bm->default_desired_min_tx_nsec));
- bfd_set_effective_required_min_rx (bm, bs,
- bs->config_required_min_rx_nsec);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
bfd_set_timer (bm, bs, now, handling_wakeup);
break;
case BFD_STATE_down:
clib_max
(bs->config_desired_min_tx_nsec,
bm->default_desired_min_tx_nsec));
- bfd_set_effective_required_min_rx (bm, bs,
- bs->config_required_min_rx_nsec);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
bfd_set_timer (bm, bs, now, handling_wakeup);
break;
case BFD_STATE_init:
bs->config_desired_min_tx_nsec);
if (BFD_POLL_NOT_NEEDED == bs->poll_state)
{
- bfd_set_effective_required_min_rx (bm, bs,
+ bfd_set_effective_required_min_rx (bs,
bs->config_required_min_rx_nsec);
}
bfd_set_timer (bm, bs, now, handling_wakeup);
}
static void
-bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_on_config_change (bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
/*
* if remote demand mode is set and we need to do a poll, set the next
{
bs->tx_timeout_nsec = now;
}
- bfd_recalc_detection_time (bm, bs);
+ bfd_recalc_detection_time (bs);
bfd_set_timer (bm, bs, now, 0);
}
return 0;
}
-#if WITH_LIBSSL > 0
static void
-bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
+bfd_add_sha1_auth_section (vlib_main_t *vm, vlib_buffer_t *b,
+ bfd_session_t *bs)
{
bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b);
bfd_auth_sha1_t *auth = &pkt->sha1_auth;
clib_memcpy (auth->hash, bs->auth.curr_key->key,
sizeof (bs->auth.curr_key->key));
unsigned char hash[sizeof (auth->hash)];
- SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash);
+
+ vnet_crypto_op_t op;
+ vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH);
+ op.src = (u8 *) pkt;
+ op.len = sizeof (*pkt);
+ op.digest = hash;
+ vnet_crypto_process_ops (vm, &op, 1);
BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt));
clib_memcpy (auth->hash, hash, sizeof (hash));
}
-#endif
static void
-bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
+bfd_add_auth_section (vlib_main_t *vm, vlib_buffer_t *b, bfd_session_t *bs)
{
bfd_main_t *bm = &bfd_main;
if (bs->auth.curr_key)
"internal error, unexpected BFD auth type '%d'",
auth_type);
break;
-#if WITH_LIBSSL > 0
case BFD_AUTH_TYPE_keyed_sha1:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_sha1:
- bfd_add_sha1_auth_section (b, bs);
- break;
-#else
- case BFD_AUTH_TYPE_keyed_sha1:
- /* fallthrough */
- case BFD_AUTH_TYPE_meticulous_keyed_sha1:
- vlib_log_crit (bm->log_class,
- "internal error, unexpected BFD auth type '%d'",
- auth_type);
+ bfd_add_sha1_auth_section (vm, b, bs);
break;
-#endif
}
}
}
}
static void
-bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs,
- vlib_buffer_t * b)
+bfd_init_control_frame (bfd_session_t *bs, vlib_buffer_t *b)
{
bfd_pkt_t *pkt = vlib_buffer_get_current (b);
u32 bfd_length = 0;
}
static void
-bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_send_echo (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
if (!bfd_is_echo_possible (bs))
{
}
vlib_buffer_t *b = vlib_get_buffer (vm, bi);
ASSERT (b->current_data == 0);
- VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b);
clib_memset (pkt, 0, sizeof (*pkt));
pkt->discriminator = bs->local_discr;
return;
}
bs->echo_last_tx_nsec = now;
- bfd_calc_next_echo_tx (bm, bs, now);
+ bfd_calc_next_echo_tx (bs, now);
}
else
{
}
static void
-bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_send_periodic (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state)
{
}
vlib_buffer_t *b = vlib_get_buffer (vm, bi);
ASSERT (b->current_data == 0);
- VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
- bfd_init_control_frame (bm, bs, b);
+ bfd_init_control_frame (bs, b);
switch (bs->poll_state)
{
case BFD_POLL_NEEDED:
/* fallthrough */
break;
}
- bfd_add_auth_section (b, bs);
+ bfd_add_auth_section (vm, b, bs);
bfd_add_transport_layer (vm, bi, bs);
if (!bfd_transport_control_frame (vm, bi, bs))
{
}
void
-bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b,
- bfd_main_t * bm, bfd_session_t * bs,
- int is_local)
+bfd_init_final_control_frame (vlib_main_t *vm, vlib_buffer_t *b,
+ bfd_session_t *bs)
{
BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx);
- bfd_init_control_frame (bm, bs, b);
+ bfd_init_control_frame (bs, b);
bfd_pkt_set_final (vlib_buffer_get_current (b));
- bfd_add_auth_section (b, bs);
+ bfd_add_auth_section (vm, b, bs);
u32 bi = vlib_get_buffer_index (vm, b);
bfd_add_transport_layer (vm, bi, bs);
bs->last_tx_nsec = bfd_time_now_nsec (vm, NULL);
* since it is no longer required to maintain previous session state)
* and then can transmit at its own rate.
*/
- bfd_set_remote_required_min_rx (bm, bs, now, 1);
+ bfd_set_remote_required_min_rx (bs, 1);
}
else if (bs->echo
&& bs->echo_last_rx_nsec +
}
void
-bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm,
- bfd_session_t * bs, u64 now)
+bfd_on_timeout (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx);
switch (bs->local_state)
{
case BFD_STATE_admin_down:
- bfd_send_periodic (vm, rt, bm, bs, now);
- break;
+ /* fallthrough */
case BFD_STATE_down:
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
break;
case BFD_STATE_init:
bfd_check_rx_timeout (vm, bm, bs, now, 1);
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
break;
case BFD_STATE_up:
bfd_check_rx_timeout (vm, bm, bs, now, 1);
bs->echo = 1;
bs->echo_last_rx_nsec = now;
bs->echo_tx_timeout_nsec = now;
- bfd_set_effective_required_min_rx (bm, bs,
- clib_max
- (bm->min_required_min_rx_while_echo_nsec,
- bs->config_required_min_rx_nsec));
+ bfd_set_effective_required_min_rx (
+ bs, clib_max (bm->min_required_min_rx_while_echo_nsec,
+ bs->config_required_min_rx_nsec));
bfd_set_poll_state (bs, BFD_POLL_NEEDED);
}
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
if (bs->echo)
{
- bfd_send_echo (vm, rt, bm, bs, now);
+ bfd_send_echo (vm, bm, bs, now);
}
break;
}
* bfd process node function
*/
static uword
-bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
+bfd_process (vlib_main_t *vm, CLIB_UNUSED (vlib_node_runtime_t *rt),
+ CLIB_UNUSED (vlib_frame_t *f))
{
bfd_main_t *bm = &bfd_main;
u32 *expired = 0;
now + first_expires_in_ticks * bm->nsec_per_tw_tick;
bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
bfd_unlock (bm);
- timeout = (next_expire_nsec - now) * SEC_PER_NSEC;
+ ASSERT (next_expire_nsec - now <= UINT32_MAX);
+ // cast to u32 to avoid warning
+ timeout = (u32) (next_expire_nsec - now) * SEC_PER_NSEC;
}
BFD_DBG ("vlib_process_wait_for_event_or_clock(vm, %.09f)",
timeout);
{
bfd_session_t *bs =
pool_elt_at_index (bm->sessions, *session_index);
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
bfd_set_timer (bm, bs, now, 1);
}
else
{
bfd_session_t *bs =
pool_elt_at_index (bm->sessions, *session_index);
- bfd_on_config_change (vm, rt, bm, bs, now);
+ bfd_on_config_change (bm, bs, now);
}
else
{
{
bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
bs->tw_id = 0; /* timer is gone because it expired */
- bfd_on_timeout (vm, rt, bm, bs, now);
+ bfd_on_timeout (vm, bm, bs, now);
bfd_set_timer (bm, bs, now, 1);
}
}
/*
* bfd process node declaration
*/
-/* *INDENT-OFF* */
VLIB_REGISTER_NODE (bfd_process_node, static) = {
.function = bfd_process,
.type = VLIB_NODE_TYPE_PROCESS,
.n_next_nodes = 0,
.next_nodes = {},
};
-/* *INDENT-ON* */
static clib_error_t *
-bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
+bfd_sw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm),
+ CLIB_UNUSED (u32 sw_if_index), u32 flags)
{
// bfd_main_t *bm = &bfd_main;
// vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
static clib_error_t *
-bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
+bfd_hw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm),
+ CLIB_UNUSED (u32 hw_if_index), u32 flags)
{
// bfd_main_t *bm = &bfd_main;
if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
}
static int
-bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size,
- bfd_session_t * bs, u8 bfd_key_id,
- bfd_auth_key_t * auth_key)
+bfd_verify_pkt_auth_key_sha1 (vlib_main_t *vm, const bfd_pkt_t *pkt,
+ u32 pkt_size, CLIB_UNUSED (bfd_session_t *bs),
+ u8 bfd_key_id, bfd_auth_key_t *auth_key)
{
ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1);
- u8 result[SHA_DIGEST_LENGTH];
bfd_pkt_with_common_auth_t *with_common = (void *) pkt;
if (pkt_size < sizeof (*with_common))
{
auth.is_delayed ? " (but a delayed auth change is scheduled)" : "");
return 0;
}
- SHA_CTX ctx;
- if (!SHA1_Init (&ctx))
- {
- BFD_ERR ("SHA1_Init failed");
- return 0;
- }
- /* ignore last 20 bytes - use the actual key data instead pkt data */
- if (!SHA1_Update (&ctx, with_sha1,
- sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Final (result, &ctx))
- {
- BFD_ERR ("SHA1_Final failed");
- return 0;
- }
- if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
- {
+
+ u8 hash_from_packet[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ u8 calculated_hash[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ clib_memcpy (hash_from_packet, with_sha1->sha1_auth.hash,
+ sizeof (with_sha1->sha1_auth.hash));
+ clib_memcpy (with_sha1->sha1_auth.hash, auth_key->key,
+ sizeof (auth_key->key));
+ vnet_crypto_op_t op;
+ vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH);
+ op.src = (u8 *) with_sha1;
+ op.len = sizeof (*with_sha1);
+ op.digest = calculated_hash;
+ vnet_crypto_process_ops (vm, &op, 1);
+
+ /* Restore the modified data within the packet */
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (with_sha1->sha1_auth.hash));
+
+ if (0 ==
+ memcmp (calculated_hash, hash_from_packet, sizeof (calculated_hash)))
+ {
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (hash_from_packet));
return 1;
}
BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U",
- format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH,
- format_hex_bytes, result, SHA_DIGEST_LENGTH);
+ format_hex_bytes, hash_from_packet, sizeof (hash_from_packet),
+ format_hex_bytes, calculated_hash, sizeof (calculated_hash));
return 0;
}
bfd_auth_type_str (auth_key->auth_type));
return 0;
case BFD_AUTH_TYPE_simple_password:
- vlib_log_err (bm->log_class,
- "internal error, not implemented, unexpected auth_type=%d:%s",
- auth_key->auth_type,
- bfd_auth_type_str (auth_key->auth_type));
- return 0;
+ /* fallthrough */
case BFD_AUTH_TYPE_keyed_md5:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_md5:
- vlib_log_err
- (bm->log_class,
- "internal error, not implemented, unexpected auth_type=%d:%s",
- auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
+ vlib_log_err (
+ bm->log_class,
+ "internal error, not implemented, unexpected auth_type=%d:%s",
+ auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
return 0;
case BFD_AUTH_TYPE_keyed_sha1:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_sha1:
-#if WITH_LIBSSL > 0
do
{
const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t
*) pkt)->
sha1_auth.seq_num);
- return bfd_verify_pkt_auth_seq_num (vm, bs, seq_num,
- bfd_auth_type_is_meticulous
- (auth_key->auth_type))
- && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id,
- auth_key);
+ return bfd_verify_pkt_auth_seq_num (
+ vm, bs, seq_num,
+ bfd_auth_type_is_meticulous (auth_key->auth_type)) &&
+ bfd_verify_pkt_auth_key_sha1 (vm, pkt, pkt_size, bs,
+ bfd_key_id, auth_key);
}
while (0);
-#else
- vlib_log_err
- (bm->log_class,
- "internal error, attempt to use SHA1 without SSL support");
- return 0;
-#endif
}
return 0;
}
bs->remote_desired_min_tx_nsec =
bfd_usec_to_nsec (clib_net_to_host_u32 (pkt->des_min_tx));
bs->remote_detect_mult = pkt->head.detect_mult;
- bfd_set_remote_required_min_rx (bm, bs, now,
- clib_net_to_host_u32 (pkt->req_min_rx));
- bfd_set_remote_required_min_echo_rx (bm, bs, now,
- clib_net_to_host_u32
- (pkt->req_min_echo_rx));
+ bfd_set_remote_required_min_rx (bs, clib_net_to_host_u32 (pkt->req_min_rx));
+ bfd_set_remote_required_min_echo_rx (
+ bs, clib_net_to_host_u32 (pkt->req_min_echo_rx));
if (bfd_pkt_get_final (pkt))
{
if (BFD_POLL_IN_PROGRESS == bs->poll_state)
bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
if (BFD_STATE_up == bs->local_state)
{
- bfd_set_effective_required_min_rx (bm, bs,
- clib_max (bs->echo *
- bm->min_required_min_rx_while_echo_nsec,
- bs->config_required_min_rx_nsec));
+ bfd_set_effective_desired_min_tx (
+ bm, bs, now, bs->config_desired_min_tx_nsec);
+ bfd_set_effective_required_min_rx (
+ bs,
+ clib_max (bs->echo * bm->min_required_min_rx_while_echo_nsec,
+ bs->config_required_min_rx_nsec));
}
}
else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state)
bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx);
if (is_delayed)
{
- if (bs->auth.next_key == key)
+ if (bs->auth.next_key == key && bs->auth.next_bfd_key_id == bfd_key_id)
{
/* already using this key, no changes required */
return 0;
}
- bs->auth.next_key = key;
+ if (bs->auth.next_key != key)
+ {
+ ++key->use_count;
+ bs->auth.next_key = key;
+ }
bs->auth.next_bfd_key_id = bfd_key_id;
bs->auth.is_delayed = 1;
}
else
{
- if (bs->auth.curr_key == key)
+ if (bs->auth.curr_key == key && bs->auth.curr_bfd_key_id == bfd_key_id)
{
/* already using this key, no changes required */
return 0;
}
+ ++key->use_count;
if (bs->auth.curr_key)
{
--bs->auth.curr_key->use_count;
bs->auth.curr_bfd_key_id = bfd_key_id;
bs->auth.is_delayed = 0;
}
- ++key->use_count;
BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
vlib_log_info (bm->log_class, "session auth modified: %U",
format_bfd_session_brief, bs);
bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed)
{
bfd_main_t *bm = &bfd_main;
-#if WITH_LIBSSL > 0
if (!is_delayed)
{
/* not delayed - deactivate the current key right now */
vlib_log_info (bm->log_class, "session auth modified: %U",
format_bfd_session_brief, bs);
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot deactivate BFD authentication");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
vnet_api_error_t
const u8 * key_data)
{
bfd_main_t *bm = &bfd_main;
-#if WITH_LIBSSL > 0
bfd_auth_key_t *auth_key = NULL;
if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type))
{
clib_memset (auth_key->key, 0, sizeof (auth_key->key));
clib_memcpy (auth_key->key, key_data, key_len);
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot manipulate authentication keys");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
vnet_api_error_t
bfd_auth_del_key (u32 conf_key_id)
{
-#if WITH_LIBSSL > 0
bfd_auth_key_t *auth_key = NULL;
bfd_main_t *bm = &bfd_main;
uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
return VNET_API_ERROR_BFD_ENOENT;
}
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot manipulate authentication keys");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
bfd_main_t bfd_main;
Code Review / vpp.git / blobdiff