* @brief BFD nodes implementation
*/
-#if WITH_LIBSSL > 0
-#include <openssl/sha.h>
-#endif
-
-#if __SSE4_2__
-#include <x86intrin.h>
-#endif
-
#include <vlibmemory/api.h>
#include <vppinfra/random.h>
#include <vppinfra/error.h>
#include <vnet/bfd/bfd_protocol.h>
#include <vnet/bfd/bfd_main.h>
#include <vlib/log.h>
+#include <vnet/crypto/crypto.h>
+
+static void
+bfd_validate_counters (bfd_main_t *bm)
+{
+ vlib_validate_combined_counter (&bm->rx_counter, pool_elts (bm->sessions));
+ vlib_validate_combined_counter (&bm->rx_echo_counter,
+ pool_elts (bm->sessions));
+ vlib_validate_combined_counter (&bm->tx_counter, pool_elts (bm->sessions));
+ vlib_validate_combined_counter (&bm->tx_echo_counter,
+ pool_elts (bm->sessions));
+}
static u64
bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret)
{
u64 checksum = 0;
#if defined(clib_crc32c_uses_intrinsics) && !defined (__i386__)
- checksum = crc32_u64 (0, discriminator);
- checksum = crc32_u64 (checksum, expire_time);
- checksum = crc32_u64 (checksum, secret);
+ checksum = clib_crc32c_u64 (0, discriminator);
+ checksum = clib_crc32c_u64 (checksum, expire_time);
+ checksum = clib_crc32c_u64 (checksum, secret);
#else
checksum = clib_xxhash (discriminator ^ expire_time ^ secret);
#endif
}
static void
-bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_tx_interval (bfd_session_t *bs)
{
bs->transmit_interval_nsec =
clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_rx_nsec);
}
static void
-bfd_recalc_echo_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_echo_tx_interval (bfd_session_t *bs)
{
bs->echo_transmit_interval_nsec =
clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_echo_rx_nsec);
}
static void
-bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_calc_next_echo_tx (bfd_session_t *bs, u64 now)
{
bs->echo_tx_timeout_nsec =
bs->echo_last_tx_nsec + bs->echo_transmit_interval_nsec;
}
static void
-bfd_recalc_detection_time (bfd_main_t * bm, bfd_session_t * bs)
+bfd_recalc_detection_time (bfd_session_t *bs)
{
if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up)
{
bs->effective_desired_min_tx_nsec = desired_min_tx_nsec;
BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->effective_desired_min_tx_nsec));
- bfd_recalc_detection_time (bm, bs);
- bfd_recalc_tx_interval (bm, bs);
- bfd_recalc_echo_tx_interval (bm, bs);
+ bfd_recalc_detection_time (bs);
+ bfd_recalc_tx_interval (bs);
+ bfd_recalc_echo_tx_interval (bs);
bfd_calc_next_tx (bm, bs, now);
}
static void
-bfd_set_effective_required_min_rx (bfd_main_t * bm,
- bfd_session_t * bs,
- u64 required_min_rx_nsec)
+bfd_set_effective_required_min_rx (bfd_session_t *bs, u64 required_min_rx_nsec)
{
bs->effective_required_min_rx_nsec = required_min_rx_nsec;
BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->effective_required_min_rx_nsec));
- bfd_recalc_detection_time (bm, bs);
+ bfd_recalc_detection_time (bs);
}
static void
-bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs,
- u64 now, u32 remote_required_min_rx_usec)
+bfd_set_remote_required_min_rx (bfd_session_t *bs,
+ u32 remote_required_min_rx_usec)
{
if (bs->remote_min_rx_usec != remote_required_min_rx_usec)
{
bs->remote_min_rx_nsec = bfd_usec_to_nsec (remote_required_min_rx_usec);
BFD_DBG ("Set remote min rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->remote_min_rx_nsec));
- bfd_recalc_detection_time (bm, bs);
- bfd_recalc_tx_interval (bm, bs);
+ bfd_recalc_detection_time (bs);
+ bfd_recalc_tx_interval (bs);
}
}
static void
-bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs,
- u64 now,
+bfd_set_remote_required_min_echo_rx (bfd_session_t *bs,
u32 remote_required_min_echo_rx_usec)
{
if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec)
bfd_usec_to_nsec (bs->remote_min_echo_rx_usec);
BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT,
BFD_CLK_PRN (bs->remote_min_echo_rx_nsec));
- bfd_recalc_echo_tx_interval (bm, bs);
+ bfd_recalc_echo_tx_interval (bs);
}
}
BFD_DBG ("\nStarting session: %U", format_bfd_session, bs);
vlib_log_info (bm->log_class, "start BFD session: %U",
format_bfd_session_brief, bs);
- bfd_set_effective_required_min_rx (bm, bs, bs->config_required_min_rx_nsec);
- bfd_recalc_tx_interval (bm, bs);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
+ bfd_recalc_tx_interval (bs);
vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
BFD_EVENT_NEW_SESSION, bs->bs_idx);
bfd_notify_listeners (bm, BFD_LISTEN_EVENT_CREATE, bs);
clib_max
(bs->config_desired_min_tx_nsec,
bm->default_desired_min_tx_nsec));
- bfd_set_effective_required_min_rx (bm, bs,
- bs->config_required_min_rx_nsec);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
bfd_set_timer (bm, bs, now, handling_wakeup);
break;
case BFD_STATE_down:
clib_max
(bs->config_desired_min_tx_nsec,
bm->default_desired_min_tx_nsec));
- bfd_set_effective_required_min_rx (bm, bs,
- bs->config_required_min_rx_nsec);
+ bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec);
bfd_set_timer (bm, bs, now, handling_wakeup);
break;
case BFD_STATE_init:
bs->config_desired_min_tx_nsec);
if (BFD_POLL_NOT_NEEDED == bs->poll_state)
{
- bfd_set_effective_required_min_rx (bm, bs,
+ bfd_set_effective_required_min_rx (bs,
bs->config_required_min_rx_nsec);
}
bfd_set_timer (bm, bs, now, handling_wakeup);
}
static void
-bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_on_config_change (bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
/*
* if remote demand mode is set and we need to do a poll, set the next
{
bs->tx_timeout_nsec = now;
}
- bfd_recalc_detection_time (bm, bs);
+ bfd_recalc_detection_time (bs);
bfd_set_timer (bm, bs, now, 0);
}
{
case BFD_TRANSPORT_UDP4:
BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
- return bfd_transport_udp4 (vm, bi, bs);
+ return bfd_transport_udp4 (vm, bi, bs, 0 /* is_echo */);
break;
case BFD_TRANSPORT_UDP6:
BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
- return bfd_transport_udp6 (vm, bi, bs);
+ return bfd_transport_udp6 (vm, bi, bs, 0 /* is_echo */);
break;
}
return 0;
{
case BFD_TRANSPORT_UDP4:
BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
- return bfd_transport_udp4 (vm, bi, bs);
+ return bfd_transport_udp4 (vm, bi, bs, 1 /* is_echo */);
break;
case BFD_TRANSPORT_UDP6:
BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
- return bfd_transport_udp6 (vm, bi, bs);
+ return bfd_transport_udp6 (vm, bi, bs, 1 /* is_echo */);
break;
}
return 0;
}
-#if WITH_LIBSSL > 0
static void
-bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
+bfd_add_sha1_auth_section (vlib_main_t *vm, vlib_buffer_t *b,
+ bfd_session_t *bs)
{
bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b);
bfd_auth_sha1_t *auth = &pkt->sha1_auth;
clib_memcpy (auth->hash, bs->auth.curr_key->key,
sizeof (bs->auth.curr_key->key));
unsigned char hash[sizeof (auth->hash)];
- SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash);
+
+ vnet_crypto_op_t op;
+ vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH);
+ op.src = (u8 *) pkt;
+ op.len = sizeof (*pkt);
+ op.digest = hash;
+ vnet_crypto_process_ops (vm, &op, 1);
BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt));
clib_memcpy (auth->hash, hash, sizeof (hash));
}
-#endif
static void
-bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
+bfd_add_auth_section (vlib_main_t *vm, vlib_buffer_t *b, bfd_session_t *bs)
{
bfd_main_t *bm = &bfd_main;
if (bs->auth.curr_key)
"internal error, unexpected BFD auth type '%d'",
auth_type);
break;
-#if WITH_LIBSSL > 0
- case BFD_AUTH_TYPE_keyed_sha1:
- /* fallthrough */
- case BFD_AUTH_TYPE_meticulous_keyed_sha1:
- bfd_add_sha1_auth_section (b, bs);
- break;
-#else
case BFD_AUTH_TYPE_keyed_sha1:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_sha1:
- vlib_log_crit (bm->log_class,
- "internal error, unexpected BFD auth type '%d'",
- auth_type);
+ bfd_add_sha1_auth_section (vm, b, bs);
break;
-#endif
}
}
}
}
static void
-bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs,
- vlib_buffer_t * b)
+bfd_init_control_frame (bfd_session_t *bs, vlib_buffer_t *b)
{
bfd_pkt_t *pkt = vlib_buffer_get_current (b);
u32 bfd_length = 0;
}
static void
-bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_send_echo (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
if (!bfd_is_echo_possible (bs))
{
}
vlib_buffer_t *b = vlib_get_buffer (vm, bi);
ASSERT (b->current_data == 0);
- VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b);
clib_memset (pkt, 0, sizeof (*pkt));
pkt->discriminator = bs->local_discr;
return;
}
bs->echo_last_tx_nsec = now;
- bfd_calc_next_echo_tx (bm, bs, now);
+ bfd_calc_next_echo_tx (bs, now);
}
else
{
}
static void
-bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt,
- bfd_main_t * bm, bfd_session_t * bs, u64 now)
+bfd_send_periodic (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state)
{
}
vlib_buffer_t *b = vlib_get_buffer (vm, bi);
ASSERT (b->current_data == 0);
- VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
- bfd_init_control_frame (bm, bs, b);
+ bfd_init_control_frame (bs, b);
switch (bs->poll_state)
{
case BFD_POLL_NEEDED:
/* fallthrough */
break;
}
- bfd_add_auth_section (b, bs);
+ bfd_add_auth_section (vm, b, bs);
bfd_add_transport_layer (vm, bi, bs);
if (!bfd_transport_control_frame (vm, bi, bs))
{
}
void
-bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b,
- bfd_main_t * bm, bfd_session_t * bs,
- int is_local)
+bfd_init_final_control_frame (vlib_main_t *vm, vlib_buffer_t *b,
+ bfd_session_t *bs)
{
BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx);
- bfd_init_control_frame (bm, bs, b);
+ bfd_init_control_frame (bs, b);
bfd_pkt_set_final (vlib_buffer_get_current (b));
- bfd_add_auth_section (b, bs);
+ bfd_add_auth_section (vm, b, bs);
u32 bi = vlib_get_buffer_index (vm, b);
bfd_add_transport_layer (vm, bi, bs);
bs->last_tx_nsec = bfd_time_now_nsec (vm, NULL);
* since it is no longer required to maintain previous session state)
* and then can transmit at its own rate.
*/
- bfd_set_remote_required_min_rx (bm, bs, now, 1);
+ bfd_set_remote_required_min_rx (bs, 1);
}
else if (bs->echo
&& bs->echo_last_rx_nsec +
}
void
-bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm,
- bfd_session_t * bs, u64 now)
+bfd_on_timeout (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now)
{
BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx);
switch (bs->local_state)
{
case BFD_STATE_admin_down:
- bfd_send_periodic (vm, rt, bm, bs, now);
- break;
+ /* fallthrough */
case BFD_STATE_down:
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
break;
case BFD_STATE_init:
bfd_check_rx_timeout (vm, bm, bs, now, 1);
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
break;
case BFD_STATE_up:
bfd_check_rx_timeout (vm, bm, bs, now, 1);
bs->echo = 1;
bs->echo_last_rx_nsec = now;
bs->echo_tx_timeout_nsec = now;
- bfd_set_effective_required_min_rx (bm, bs,
- clib_max
- (bm->min_required_min_rx_while_echo_nsec,
- bs->config_required_min_rx_nsec));
+ bfd_set_effective_required_min_rx (
+ bs, clib_max (bm->min_required_min_rx_while_echo_nsec,
+ bs->config_required_min_rx_nsec));
bfd_set_poll_state (bs, BFD_POLL_NEEDED);
}
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
if (bs->echo)
{
- bfd_send_echo (vm, rt, bm, bs, now);
+ bfd_send_echo (vm, bm, bs, now);
}
break;
}
* bfd process node function
*/
static uword
-bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
+bfd_process (vlib_main_t *vm, CLIB_UNUSED (vlib_node_runtime_t *rt),
+ CLIB_UNUSED (vlib_frame_t *f))
{
bfd_main_t *bm = &bfd_main;
u32 *expired = 0;
now + first_expires_in_ticks * bm->nsec_per_tw_tick;
bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
bfd_unlock (bm);
- timeout = (next_expire_nsec - now) * SEC_PER_NSEC;
+ ASSERT (next_expire_nsec - now <= UINT32_MAX);
+ // cast to u32 to avoid warning
+ timeout = (u32) (next_expire_nsec - now) * SEC_PER_NSEC;
}
BFD_DBG ("vlib_process_wait_for_event_or_clock(vm, %.09f)",
timeout);
{
bfd_session_t *bs =
pool_elt_at_index (bm->sessions, *session_index);
- bfd_send_periodic (vm, rt, bm, bs, now);
+ bfd_send_periodic (vm, bm, bs, now);
bfd_set_timer (bm, bs, now, 1);
}
else
{
bfd_session_t *bs =
pool_elt_at_index (bm->sessions, *session_index);
- bfd_on_config_change (vm, rt, bm, bs, now);
+ bfd_on_config_change (bm, bs, now);
}
else
{
{
bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
bs->tw_id = 0; /* timer is gone because it expired */
- bfd_on_timeout (vm, rt, bm, bs, now);
+ bfd_on_timeout (vm, bm, bs, now);
bfd_set_timer (bm, bs, now, 1);
}
}
/*
* bfd process node declaration
*/
-/* *INDENT-OFF* */
VLIB_REGISTER_NODE (bfd_process_node, static) = {
.function = bfd_process,
.type = VLIB_NODE_TYPE_PROCESS,
.n_next_nodes = 0,
.next_nodes = {},
};
-/* *INDENT-ON* */
static clib_error_t *
-bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
+bfd_sw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm),
+ CLIB_UNUSED (u32 sw_if_index), u32 flags)
{
// bfd_main_t *bm = &bfd_main;
// vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
static clib_error_t *
-bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
+bfd_hw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm),
+ CLIB_UNUSED (u32 hw_if_index), u32 flags)
{
// bfd_main_t *bm = &bfd_main;
if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
bm->owner_thread_index = ~0;
if (n_vlib_mains > 1)
clib_spinlock_init (&bm->lock);
+ bm->rx_counter.name = "bfd rx session counters";
+ bm->rx_counter.stat_segment_name = "/bfd/rx-session-counters";
+ bm->rx_echo_counter.name = "bfd rx session echo counters";
+ bm->rx_echo_counter.stat_segment_name = "/bfd/rx-session-echo-counters";
+ bm->tx_counter.name = "bfd tx session counters";
+ bm->tx_counter.stat_segment_name = "/bfd/tx-session-counters";
+ bm->tx_echo_counter.name = "bfd tx session echo counters";
+ bm->tx_echo_counter.stat_segment_name = "/bfd/tx-session-echo-counters";
return 0;
}
while (hash_get (bm->session_by_disc, result->local_discr));
bfd_set_defaults (bm, result);
hash_set (bm->session_by_disc, result->local_discr, result->bs_idx);
+ bfd_validate_counters (bm);
+ vlib_zero_combined_counter (&bm->rx_counter, result->bs_idx);
+ vlib_zero_combined_counter (&bm->rx_echo_counter, result->bs_idx);
+ vlib_zero_combined_counter (&bm->tx_counter, result->bs_idx);
+ vlib_zero_combined_counter (&bm->tx_echo_counter, result->bs_idx);
bfd_unlock (bm);
return result;
}
--bs->auth.next_key->use_count;
}
hash_unset (bm->session_by_disc, bs->local_discr);
+ vlib_zero_combined_counter (&bm->rx_counter, bs->bs_idx);
+ vlib_zero_combined_counter (&bm->rx_echo_counter, bs->bs_idx);
+ vlib_zero_combined_counter (&bm->tx_counter, bs->bs_idx);
+ vlib_zero_combined_counter (&bm->tx_echo_counter, bs->bs_idx);
pool_put (bm->sessions, bs);
bfd_unlock (bm);
}
}
static int
-bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size,
- bfd_session_t * bs, u8 bfd_key_id,
- bfd_auth_key_t * auth_key)
+bfd_verify_pkt_auth_key_sha1 (vlib_main_t *vm, const bfd_pkt_t *pkt,
+ u32 pkt_size, CLIB_UNUSED (bfd_session_t *bs),
+ u8 bfd_key_id, bfd_auth_key_t *auth_key)
{
ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1);
- u8 result[SHA_DIGEST_LENGTH];
bfd_pkt_with_common_auth_t *with_common = (void *) pkt;
if (pkt_size < sizeof (*with_common))
{
auth.is_delayed ? " (but a delayed auth change is scheduled)" : "");
return 0;
}
- SHA_CTX ctx;
- if (!SHA1_Init (&ctx))
- {
- BFD_ERR ("SHA1_Init failed");
- return 0;
- }
- /* ignore last 20 bytes - use the actual key data instead pkt data */
- if (!SHA1_Update (&ctx, with_sha1,
- sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Final (result, &ctx))
- {
- BFD_ERR ("SHA1_Final failed");
- return 0;
- }
- if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
- {
+
+ u8 hash_from_packet[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ u8 calculated_hash[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ clib_memcpy (hash_from_packet, with_sha1->sha1_auth.hash,
+ sizeof (with_sha1->sha1_auth.hash));
+ clib_memcpy (with_sha1->sha1_auth.hash, auth_key->key,
+ sizeof (auth_key->key));
+ vnet_crypto_op_t op;
+ vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH);
+ op.src = (u8 *) with_sha1;
+ op.len = sizeof (*with_sha1);
+ op.digest = calculated_hash;
+ vnet_crypto_process_ops (vm, &op, 1);
+
+ /* Restore the modified data within the packet */
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (with_sha1->sha1_auth.hash));
+
+ if (0 ==
+ memcmp (calculated_hash, hash_from_packet, sizeof (calculated_hash)))
+ {
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (hash_from_packet));
return 1;
}
BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U",
- format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH,
- format_hex_bytes, result, SHA_DIGEST_LENGTH);
+ format_hex_bytes, hash_from_packet, sizeof (hash_from_packet),
+ format_hex_bytes, calculated_hash, sizeof (calculated_hash));
return 0;
}
bfd_auth_type_str (auth_key->auth_type));
return 0;
case BFD_AUTH_TYPE_simple_password:
- vlib_log_err (bm->log_class,
- "internal error, not implemented, unexpected auth_type=%d:%s",
- auth_key->auth_type,
- bfd_auth_type_str (auth_key->auth_type));
- return 0;
+ /* fallthrough */
case BFD_AUTH_TYPE_keyed_md5:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_md5:
- vlib_log_err
- (bm->log_class,
- "internal error, not implemented, unexpected auth_type=%d:%s",
- auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
+ vlib_log_err (
+ bm->log_class,
+ "internal error, not implemented, unexpected auth_type=%d:%s",
+ auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
return 0;
case BFD_AUTH_TYPE_keyed_sha1:
/* fallthrough */
case BFD_AUTH_TYPE_meticulous_keyed_sha1:
-#if WITH_LIBSSL > 0
do
{
const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t
*) pkt)->
sha1_auth.seq_num);
- return bfd_verify_pkt_auth_seq_num (vm, bs, seq_num,
- bfd_auth_type_is_meticulous
- (auth_key->auth_type))
- && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id,
- auth_key);
+ return bfd_verify_pkt_auth_seq_num (
+ vm, bs, seq_num,
+ bfd_auth_type_is_meticulous (auth_key->auth_type)) &&
+ bfd_verify_pkt_auth_key_sha1 (vm, pkt, pkt_size, bs,
+ bfd_key_id, auth_key);
}
while (0);
-#else
- vlib_log_err
- (bm->log_class,
- "internal error, attempt to use SHA1 without SSL support");
- return 0;
-#endif
}
return 0;
}
bs->remote_desired_min_tx_nsec =
bfd_usec_to_nsec (clib_net_to_host_u32 (pkt->des_min_tx));
bs->remote_detect_mult = pkt->head.detect_mult;
- bfd_set_remote_required_min_rx (bm, bs, now,
- clib_net_to_host_u32 (pkt->req_min_rx));
- bfd_set_remote_required_min_echo_rx (bm, bs, now,
- clib_net_to_host_u32
- (pkt->req_min_echo_rx));
+ bfd_set_remote_required_min_rx (bs, clib_net_to_host_u32 (pkt->req_min_rx));
+ bfd_set_remote_required_min_echo_rx (
+ bs, clib_net_to_host_u32 (pkt->req_min_echo_rx));
if (bfd_pkt_get_final (pkt))
{
if (BFD_POLL_IN_PROGRESS == bs->poll_state)
bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
if (BFD_STATE_up == bs->local_state)
{
- bfd_set_effective_required_min_rx (bm, bs,
- clib_max (bs->echo *
- bm->min_required_min_rx_while_echo_nsec,
- bs->config_required_min_rx_nsec));
+ bfd_set_effective_desired_min_tx (
+ bm, bs, now, bs->config_desired_min_tx_nsec);
+ bfd_set_effective_required_min_rx (
+ bs,
+ clib_max (bs->echo * bm->min_required_min_rx_while_echo_nsec,
+ bs->config_required_min_rx_nsec));
}
}
else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state)
}
}
-int
-bfd_consume_echo_pkt (vlib_main_t * vm, bfd_main_t * bm, vlib_buffer_t * b)
+bfd_session_t *
+bfd_consume_echo_pkt (vlib_main_t *vm, bfd_main_t *bm, vlib_buffer_t *b)
{
bfd_echo_pkt_t *pkt = NULL;
if (b->current_length != sizeof (*pkt))
if (checksum != pkt->checksum)
{
BFD_DBG ("Invalid echo packet, checksum mismatch");
- return 1;
+ return 0;
}
u64 now = bfd_time_now_nsec (vm, NULL);
if (pkt->expire_time_nsec < now)
{
bs->echo_last_rx_nsec = now;
}
- return 1;
+ return bs;
}
u8 *
format_bfd_session (u8 * s, va_list * args)
{
const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
- u32 indent = format_get_indent (s) + vlib_log_get_indent ();
s = format (s, "bs_idx=%u local-state=%s remote-state=%s\n"
- "%Ulocal-discriminator=%u remote-discriminator=%u\n"
- "%Ulocal-diag=%s echo-active=%s\n"
- "%Udesired-min-tx=%u required-min-rx=%u\n"
- "%Urequired-min-echo-rx=%u detect-mult=%u\n"
- "%Uremote-min-rx=%u remote-min-echo-rx=%u\n"
- "%Uremote-demand=%s poll-state=%s\n"
- "%Uauth: local-seq-num=%u remote-seq-num=%u\n"
- "%U is-delayed=%s\n"
- "%U curr-key=%U\n"
- "%U next-key=%U",
+ "local-discriminator=%u remote-discriminator=%u\n"
+ "local-diag=%s echo-active=%s\n"
+ "desired-min-tx=%u required-min-rx=%u\n"
+ "required-min-echo-rx=%u detect-mult=%u\n"
+ "remote-min-rx=%u remote-min-echo-rx=%u\n"
+ "remote-demand=%s poll-state=%s\n"
+ "auth: local-seq-num=%u remote-seq-num=%u\n"
+ " is-delayed=%s\n"
+ " curr-key=%U\n"
+ " next-key=%U",
bs->bs_idx, bfd_state_string (bs->local_state),
- bfd_state_string (bs->remote_state), format_white_space, indent,
- bs->local_discr, bs->remote_discr, format_white_space, indent,
- bfd_diag_code_string (bs->local_diag),
- (bs->echo ? "yes" : "no"), format_white_space, indent,
- bs->config_desired_min_tx_usec, bs->config_required_min_rx_usec,
- format_white_space, indent, 1, bs->local_detect_mult,
- format_white_space, indent, bs->remote_min_rx_usec,
- bs->remote_min_echo_rx_usec, format_white_space, indent,
+ bfd_state_string (bs->remote_state), bs->local_discr,
+ bs->remote_discr, bfd_diag_code_string (bs->local_diag),
+ (bs->echo ? "yes" : "no"), bs->config_desired_min_tx_usec,
+ bs->config_required_min_rx_usec, 1, bs->local_detect_mult,
+ bs->remote_min_rx_usec, bs->remote_min_echo_rx_usec,
(bs->remote_demand ? "yes" : "no"),
- bfd_poll_state_string (bs->poll_state), format_white_space,
- indent, bs->auth.local_seq_number, bs->auth.remote_seq_number,
- format_white_space, indent,
- (bs->auth.is_delayed ? "yes" : "no"), format_white_space,
- indent, format_bfd_auth_key, bs->auth.curr_key,
- format_white_space, indent, format_bfd_auth_key,
+ bfd_poll_state_string (bs->poll_state),
+ bs->auth.local_seq_number, bs->auth.remote_seq_number,
+ (bs->auth.is_delayed ? "yes" : "no"),
+ format_bfd_auth_key, bs->auth.curr_key, format_bfd_auth_key,
bs->auth.next_key);
return s;
}
bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx);
if (is_delayed)
{
- if (bs->auth.next_key == key)
+ if (bs->auth.next_key == key && bs->auth.next_bfd_key_id == bfd_key_id)
{
/* already using this key, no changes required */
return 0;
}
- bs->auth.next_key = key;
+ if (bs->auth.next_key != key)
+ {
+ ++key->use_count;
+ bs->auth.next_key = key;
+ }
bs->auth.next_bfd_key_id = bfd_key_id;
bs->auth.is_delayed = 1;
}
else
{
- if (bs->auth.curr_key == key)
+ if (bs->auth.curr_key == key && bs->auth.curr_bfd_key_id == bfd_key_id)
{
/* already using this key, no changes required */
return 0;
}
+ ++key->use_count;
if (bs->auth.curr_key)
{
--bs->auth.curr_key->use_count;
bs->auth.curr_bfd_key_id = bfd_key_id;
bs->auth.is_delayed = 0;
}
- ++key->use_count;
BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
vlib_log_info (bm->log_class, "session auth modified: %U",
format_bfd_session_brief, bs);
bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed)
{
bfd_main_t *bm = &bfd_main;
-#if WITH_LIBSSL > 0
if (!is_delayed)
{
/* not delayed - deactivate the current key right now */
vlib_log_info (bm->log_class, "session auth modified: %U",
format_bfd_session_brief, bs);
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot deactivate BFD authentication");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
vnet_api_error_t
const u8 * key_data)
{
bfd_main_t *bm = &bfd_main;
-#if WITH_LIBSSL > 0
bfd_auth_key_t *auth_key = NULL;
if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type))
{
clib_memset (auth_key->key, 0, sizeof (auth_key->key));
clib_memcpy (auth_key->key, key_data, key_len);
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot manipulate authentication keys");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
vnet_api_error_t
bfd_auth_del_key (u32 conf_key_id)
{
-#if WITH_LIBSSL > 0
bfd_auth_key_t *auth_key = NULL;
bfd_main_t *bm = &bfd_main;
uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
return VNET_API_ERROR_BFD_ENOENT;
}
return 0;
-#else
- vlib_log_err (bm->log_class,
- "SSL missing, cannot manipulate authentication keys");
- return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
}
bfd_main_t bfd_main;