bfd: refactor code to fix misc warnings

[vpp.git] / src / vnet / bfd / bfd_udp.c

diff --git a/src/vnet/bfd/bfd_udp.c b/src/vnet/bfd/bfd_udp.c
index 0da19bd..d8fd4a1 100644 (file)
--- a/src/vnet/bfd/bfd_udp.c
+++ b/src/vnet/bfd/bfd_udp.c
@@ -22,13 +22,14 @@
 #include <vlib/buffer.h>
 #include <vnet/ip/format.h>
 #include <vnet/ethernet/packet.h>
+#include <vnet/udp/udp_local.h>
 #include <vnet/udp/udp_packet.h>
-#include <vnet/udp/udp.h>
 #include <vnet/ip/lookup.h>
 #include <vnet/ip/icmp46_packet.h>
 #include <vnet/ip/ip4.h>
 #include <vnet/ip/ip6.h>
 #include <vnet/ip/ip6_packet.h>
+#include <vnet/ip/ip6_link.h>
 #include <vnet/adj/adj.h>
 #include <vnet/adj/adj_nbr.h>
 #include <vnet/dpo/receive_dpo.h>
@@ -59,8 +60,16 @@ typedef struct
   u32 ip4_rewrite_idx;
   /* node index of "ip6-rewrite" node */
   u32 ip6_rewrite_idx;
+  /* node index of "ip4-midchain" node */
+  u32 ip4_midchain_idx;
+  /* node index of "ip6-midchain" node */
+  u32 ip6_midchain_idx;
   /* log class */
   vlib_log_class_t log_class;
+  /* number of active udp4 sessions */
+  u32 udp4_sessions_count;
+  /* number of active udp6 sessions */
+  u32 udp6_sessions_count;
 } bfd_udp_main_t;
 
 static vlib_node_registration_t bfd_udp4_input_node;
@@ -74,7 +83,7 @@ vnet_api_error_t
 bfd_udp_set_echo_source (u32 sw_if_index)
 {
   vnet_sw_interface_t *sw_if =
-    vnet_get_sw_interface_safe (bfd_udp_main.vnet_main, sw_if_index);
+    vnet_get_sw_interface_or_null (bfd_udp_main.vnet_main, sw_if_index);
   if (sw_if)
     {
       bfd_udp_main.echo_source_sw_if_index = sw_if_index;
@@ -106,8 +115,8 @@ bfd_udp_is_echo_available (bfd_transport_e transport)
    * pick an unused address from that subnet
    */
   vnet_sw_interface_t *sw_if =
-    vnet_get_sw_interface_safe (bfd_udp_main.vnet_main,
-                               bfd_udp_main.echo_source_sw_if_index);
+    vnet_get_sw_interface_or_null (bfd_udp_main.vnet_main,
+                                  bfd_udp_main.echo_source_sw_if_index);
   if (sw_if && sw_if->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
     {
       if (BFD_TRANSPORT_UDP4 == transport)
@@ -330,17 +339,17 @@ bfd_add_udp6_transport (vlib_main_t * vm, u32 bi, const bfd_session_t * bs,
        {
          return rv;
        }
-      clib_memcpy (&headers->ip6.dst_address, &key->local_addr.ip6,
-                  sizeof (headers->ip6.dst_address));
+      clib_memcpy_fast (&headers->ip6.dst_address, &key->local_addr.ip6,
+                       sizeof (headers->ip6.dst_address));
 
       headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd_echo6);
     }
   else
     {
-      clib_memcpy (&headers->ip6.src_address, &key->local_addr.ip6,
-                  sizeof (headers->ip6.src_address));
-      clib_memcpy (&headers->ip6.dst_address, &key->peer_addr.ip6,
-                  sizeof (headers->ip6.dst_address));
+      clib_memcpy_fast (&headers->ip6.src_address, &key->local_addr.ip6,
+                       sizeof (headers->ip6.src_address));
+      clib_memcpy_fast (&headers->ip6.dst_address, &key->peer_addr.ip6,
+                       sizeof (headers->ip6.dst_address));
       headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd6);
     }
 
@@ -375,8 +384,14 @@ bfd_create_frame_to_next_node (vlib_main_t * vm, u32 bi, u32 next_node)
 int
 bfd_udp_calc_next_node (const struct bfd_session_s *bs, u32 * next_node)
 {
+  vnet_main_t *vnm = vnet_get_main ();
   const bfd_udp_session_t *bus = &bs->udp;
   ip_adjacency_t *adj = adj_get (bus->adj_index);
+
+  /* don't try to send the buffer if the interface is not up */
+  if (!vnet_sw_interface_is_up (vnm, bus->key.sw_if_index))
+    return 0;
+
   switch (adj->lookup_next_index)
     {
     case IP_LOOKUP_NEXT_ARP:
@@ -401,6 +416,17 @@ bfd_udp_calc_next_node (const struct bfd_session_s *bs, u32 * next_node)
          return 1;
        }
       break;
+    case IP_LOOKUP_NEXT_MIDCHAIN:
+      switch (bs->transport)
+       {
+       case BFD_TRANSPORT_UDP4:
+         *next_node = bfd_udp_main.ip4_midchain_idx;
+         return 1;
+       case BFD_TRANSPORT_UDP6:
+         *next_node = bfd_udp_main.ip6_midchain_idx;
+         return 1;
+       }
+      break;
     default:
       /* drop */
       break;
@@ -457,8 +483,8 @@ bfd_udp_key_init (bfd_udp_key_t * key, u32 sw_if_index,
 }
 
 static vnet_api_error_t
-bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
-                             u32 desired_min_tx_usec,
+bfd_udp_add_session_internal (vlib_main_t * vm, bfd_udp_main_t * bum,
+                             u32 sw_if_index, u32 desired_min_tx_usec,
                              u32 required_min_rx_usec, u8 detect_mult,
                              const ip46_address_t * local_addr,
                              const ip46_address_t * peer_addr,
@@ -503,6 +529,14 @@ bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
       BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP4, VNET_LINK_IP4, %U, %d) "
               "returns %d", format_ip46_address, &key->peer_addr,
               IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
+      ++bum->udp4_sessions_count;
+      if (1 == bum->udp4_sessions_count)
+       {
+         udp_register_dst_port (vm, UDP_DST_PORT_bfd4,
+                                bfd_udp4_input_node.index, 1);
+         udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo4,
+                                bfd_udp_echo4_input_node.index, 1);
+       }
     }
   else
     {
@@ -512,6 +546,14 @@ bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
       BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP6, VNET_LINK_IP6, %U, %d) "
               "returns %d", format_ip46_address, &key->peer_addr,
               IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
+      ++bum->udp6_sessions_count;
+      if (1 == bum->udp6_sessions_count)
+       {
+         udp_register_dst_port (vm, UDP_DST_PORT_bfd6,
+                                bfd_udp6_input_node.index, 0);
+         udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo6,
+                                bfd_udp_echo6_input_node.index, 0);
+       }
     }
   *bs_out = bs;
   return bfd_session_set_params (bum->bfd_main, bs, desired_min_tx_usec,
@@ -525,7 +567,7 @@ bfd_udp_validate_api_input (u32 sw_if_index,
 {
   bfd_udp_main_t *bum = &bfd_udp_main;
   vnet_sw_interface_t *sw_if =
-    vnet_get_sw_interface_safe (bfd_udp_main.vnet_main, sw_if_index);
+    vnet_get_sw_interface_or_null (bfd_udp_main.vnet_main, sw_if_index);
   u8 local_ip_valid = 0;
   ip_interface_address_t *ia = NULL;
   if (!sw_if)
@@ -567,21 +609,35 @@ bfd_udp_validate_api_input (u32 sw_if_index,
                        "IP family mismatch (local is ipv6, peer is ipv4)");
          return VNET_API_ERROR_INVALID_ARGUMENT;
        }
-      ip6_main_t *im = &ip6_main;
-      /* *INDENT-OFF* */
-      foreach_ip_interface_address (
-          &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
-            ip6_address_t *x =
-                ip_interface_address_get_address (&im->lookup_main, ia);
-            if (local_addr->ip6.as_u64[0] == x->as_u64[0] &&
-                local_addr->ip6.as_u64[1] == x->as_u64[1])
-              {
-                /* valid address for this interface */
-                local_ip_valid = 1;
-                break;
-              }
-          }));
-      /* *INDENT-ON* */
+
+      if (ip6_address_is_link_local_unicast (&local_addr->ip6))
+       {
+         const ip6_address_t *ll_addr;
+         ll_addr = ip6_get_link_local_address (sw_if_index);
+         if (ll_addr && ip6_address_is_equal (ll_addr, &local_addr->ip6))
+           {
+             /* valid address for this interface */
+             local_ip_valid = 1;
+           }
+       }
+      else
+       {
+         ip6_main_t *im = &ip6_main;
+         /* *INDENT-OFF* */
+         foreach_ip_interface_address (
+             &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
+               ip6_address_t *x =
+                   ip_interface_address_get_address (&im->lookup_main, ia);
+               if (local_addr->ip6.as_u64[0] == x->as_u64[0] &&
+                   local_addr->ip6.as_u64[1] == x->as_u64[1])
+                 {
+                   /* valid address for this interface */
+                   local_ip_valid = 1;
+                   break;
+                 }
+             }));
+         /* *INDENT-ON* */
+       }
     }
 
   if (!local_ip_valid)
@@ -629,9 +685,8 @@ bfd_udp_find_session_by_api_input (u32 sw_if_index,
 
 static vnet_api_error_t
 bfd_api_verify_common (u32 sw_if_index, u32 desired_min_tx_usec,
-                      u32 required_min_rx_usec, u8 detect_mult,
-                      const ip46_address_t * local_addr,
-                      const ip46_address_t * peer_addr)
+                      u8 detect_mult, const ip46_address_t *local_addr,
+                      const ip46_address_t *peer_addr)
 {
   bfd_udp_main_t *bum = &bfd_udp_main;
   vnet_api_error_t rv =
@@ -654,15 +709,67 @@ bfd_api_verify_common (u32 sw_if_index, u32 desired_min_tx_usec,
 }
 
 static void
-bfd_udp_del_session_internal (bfd_session_t * bs)
+bfd_udp_del_session_internal (vlib_main_t * vm, bfd_session_t * bs)
 {
   bfd_udp_main_t *bum = &bfd_udp_main;
   BFD_DBG ("free bfd-udp session, bs_idx=%d", bs->bs_idx);
   mhash_unset (&bum->bfd_session_idx_by_bfd_key, &bs->udp.key, NULL);
   adj_unlock (bs->udp.adj_index);
+  switch (bs->transport)
+    {
+    case BFD_TRANSPORT_UDP4:
+      --bum->udp4_sessions_count;
+      if (!bum->udp4_sessions_count)
+       {
+         udp_unregister_dst_port (vm, UDP_DST_PORT_bfd4, 1);
+         udp_unregister_dst_port (vm, UDP_DST_PORT_bfd_echo4, 1);
+       }
+      break;
+    case BFD_TRANSPORT_UDP6:
+      --bum->udp6_sessions_count;
+      if (!bum->udp6_sessions_count)
+       {
+         udp_unregister_dst_port (vm, UDP_DST_PORT_bfd6, 0);
+         udp_unregister_dst_port (vm, UDP_DST_PORT_bfd_echo6, 0);
+       }
+      break;
+    }
   bfd_put_session (bum->bfd_main, bs);
 }
 
+static vnet_api_error_t
+bfd_udp_add_and_start_session (u32 sw_if_index,
+                              const ip46_address_t *local_addr,
+                              const ip46_address_t *peer_addr,
+                              u32 desired_min_tx_usec,
+                              u32 required_min_rx_usec, u8 detect_mult,
+                              u8 is_authenticated, u32 conf_key_id,
+                              u8 bfd_key_id)
+{
+  bfd_session_t *bs = NULL;
+  vnet_api_error_t rv;
+
+  rv = bfd_udp_add_session_internal (
+    vlib_get_main (), &bfd_udp_main, sw_if_index, desired_min_tx_usec,
+    required_min_rx_usec, detect_mult, local_addr, peer_addr, &bs);
+
+  if (!rv && is_authenticated)
+    {
+      rv = bfd_auth_activate (bs, conf_key_id, bfd_key_id,
+                             0 /* is not delayed */);
+      if (rv)
+       {
+         bfd_udp_del_session_internal (vlib_get_main (), bs);
+       }
+    }
+  if (!rv)
+    {
+      bfd_session_start (bfd_udp_main.bfd_main, bs);
+    }
+
+  return rv;
+}
+
 vnet_api_error_t
 bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
                     const ip46_address_t * peer_addr,
@@ -673,37 +780,45 @@ bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
   bfd_main_t *bm = &bfd_main;
   bfd_lock (bm);
 
-  vnet_api_error_t rv =
-    bfd_api_verify_common (sw_if_index, desired_min_tx_usec,
-                          required_min_rx_usec, detect_mult,
-                          local_addr, peer_addr);
-  bfd_session_t *bs = NULL;
+  vnet_api_error_t rv = bfd_api_verify_common (
+    sw_if_index, desired_min_tx_usec, detect_mult, local_addr, peer_addr);
+
   if (!rv)
-    {
-      rv =
-       bfd_udp_add_session_internal (&bfd_udp_main, sw_if_index,
-                                     desired_min_tx_usec,
-                                     required_min_rx_usec, detect_mult,
-                                     local_addr, peer_addr, &bs);
-    }
-  if (!rv && is_authenticated)
-    {
-#if WITH_LIBSSL > 0
-      rv = bfd_auth_activate (bs, conf_key_id, bfd_key_id,
-                             0 /* is not delayed */ );
-#else
-      vlib_log_err (bfd_udp_main.log_class,
-                   "SSL missing, cannot add authenticated BFD session");
-      rv = VNET_API_ERROR_BFD_NOTSUPP;
-#endif
-      if (rv)
-       {
-         bfd_udp_del_session_internal (bs);
-       }
-    }
+    rv = bfd_udp_add_and_start_session (
+      sw_if_index, local_addr, peer_addr, desired_min_tx_usec,
+      required_min_rx_usec, detect_mult, is_authenticated, conf_key_id,
+      bfd_key_id);
+
+  bfd_unlock (bm);
+  return rv;
+}
+
+vnet_api_error_t
+bfd_udp_upd_session (u32 sw_if_index, const ip46_address_t *local_addr,
+                    const ip46_address_t *peer_addr, u32 desired_min_tx_usec,
+                    u32 required_min_rx_usec, u8 detect_mult,
+                    u8 is_authenticated, u32 conf_key_id, u8 bfd_key_id)
+{
+  bfd_main_t *bm = &bfd_main;
+  bfd_lock (bm);
+
+  vnet_api_error_t rv = bfd_api_verify_common (
+    sw_if_index, desired_min_tx_usec, detect_mult, local_addr, peer_addr);
   if (!rv)
     {
-      bfd_session_start (bfd_udp_main.bfd_main, bs);
+      bfd_session_t *bs = NULL;
+
+      rv = bfd_udp_find_session_by_api_input (sw_if_index, local_addr,
+                                             peer_addr, &bs);
+      if (VNET_API_ERROR_BFD_ENOENT == rv)
+       rv = bfd_udp_add_and_start_session (
+         sw_if_index, local_addr, peer_addr, desired_min_tx_usec,
+         required_min_rx_usec, detect_mult, is_authenticated, conf_key_id,
+         bfd_key_id);
+      else
+       rv = bfd_session_set_params (bfd_udp_main.bfd_main, bs,
+                                    desired_min_tx_usec, required_min_rx_usec,
+                                    detect_mult);
     }
 
   bfd_unlock (bm);
@@ -711,10 +826,8 @@ bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
 }
 
 vnet_api_error_t
-bfd_udp_mod_session (u32 sw_if_index,
-                    const ip46_address_t * local_addr,
-                    const ip46_address_t * peer_addr,
-                    u32 desired_min_tx_usec,
+bfd_udp_mod_session (u32 sw_if_index, const ip46_address_t *local_addr,
+                    const ip46_address_t *peer_addr, u32 desired_min_tx_usec,
                     u32 required_min_rx_usec, u8 detect_mult)
 {
   bfd_session_t *bs = NULL;
@@ -753,13 +866,13 @@ bfd_udp_del_session (u32 sw_if_index,
       bfd_unlock (bm);
       return rv;
     }
-  bfd_udp_del_session_internal (bs);
+  bfd_udp_del_session_internal (vlib_get_main (), bs);
   bfd_unlock (bm);
   return 0;
 }
 
 vnet_api_error_t
-bfd_udp_session_set_flags (u32 sw_if_index,
+bfd_udp_session_set_flags (vlib_main_t * vm, u32 sw_if_index,
                           const ip46_address_t * local_addr,
                           const ip46_address_t * peer_addr, u8 admin_up_down)
 {
@@ -774,7 +887,7 @@ bfd_udp_session_set_flags (u32 sw_if_index,
       bfd_unlock (bm);
       return rv;
     }
-  bfd_session_set_flags (bs, admin_up_down);
+  bfd_session_set_flags (vm, bs, admin_up_down);
   bfd_unlock (bm);
   return 0;
 }
@@ -789,7 +902,6 @@ bfd_udp_auth_activate (u32 sw_if_index,
   bfd_lock (bm);
   vnet_api_error_t error;
 
-#if WITH_LIBSSL > 0
   bfd_session_t *bs = NULL;
   vnet_api_error_t rv =
     bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
@@ -802,12 +914,6 @@ bfd_udp_auth_activate (u32 sw_if_index,
   error = bfd_auth_activate (bs, conf_key_id, key_id, is_delayed);
   bfd_unlock (bm);
   return error;
-#else
-  vlib_log_err (bfd_udp_main->log_class,
-               "SSL missing, cannot activate BFD authentication");
-  bfd_unlock (bm);
-  return VNET_API_ERROR_BFD_NOTSUPP;
-#endif
 }
 
 vnet_api_error_t
@@ -837,6 +943,7 @@ typedef enum
   BFD_UDP_INPUT_NEXT_NORMAL,
   BFD_UDP_INPUT_NEXT_REPLY_ARP,
   BFD_UDP_INPUT_NEXT_REPLY_REWRITE,
+  BFD_UDP_INPUT_NEXT_REPLY_MIDCHAIN,
   BFD_UDP_INPUT_N_NEXT,
 } bfd_udp_input_next_t;
 
@@ -863,6 +970,14 @@ typedef enum
     BFD_UDP_N_ERROR,
 } bfd_udp_error_t;
 
+typedef enum
+{
+  BFD_UDP_ECHO_INPUT_NEXT_NORMAL,
+  BFD_UDP_ECHO_INPUT_NEXT_REPLY_ARP,
+  BFD_UDP_ECHO_INPUT_NEXT_REPLY_REWRITE,
+  BFD_UDP_ECHO_INPUT_N_NEXT,
+} bfd_udp_echo_input_next_t;
+
 /* Packet counters - BFD ECHO packets */
 #define foreach_bfd_udp_echo_error(F)           \
   F (NONE, "good bfd echo packets (processed)") \
@@ -892,7 +1007,7 @@ bfd_udp4_find_headers (vlib_buffer_t * b, ip4_header_t ** ip4,
 {
   /* sanity check first */
   const i32 start = vnet_buffer (b)->l3_hdr_offset;
-  if (start < 0 && start < sizeof (b->pre_data))
+  if (start < -(signed) sizeof (b->pre_data))
     {
       BFD_ERR ("Start of ip header is before pre_data, ignoring");
       *ip4 = NULL;
@@ -952,17 +1067,16 @@ typedef struct
 } bfd_rpc_update_t;
 
 static void
-bfd_rpc_update_session (u32 bs_idx, const bfd_pkt_t * pkt)
+bfd_rpc_update_session (vlib_main_t * vm, u32 bs_idx, const bfd_pkt_t * pkt)
 {
   bfd_main_t *bm = &bfd_main;
   bfd_lock (bm);
-  bfd_consume_pkt (bm, pkt, bs_idx);
+  bfd_consume_pkt (vm, bm, pkt, bs_idx);
   bfd_unlock (bm);
 }
 
 static bfd_udp_error_t
-bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
-              vlib_buffer_t * b, bfd_session_t ** bs_out)
+bfd_udp4_scan (vlib_main_t *vm, vlib_buffer_t *b, bfd_session_t **bs_out)
 {
   const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
   if (sizeof (*pkt) > b->current_length)
@@ -1018,7 +1132,7 @@ bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
       return BFD_UDP_ERROR_BAD;
     }
   BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
-  if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
+  if (!bfd_verify_pkt_auth (vm, pkt, b->current_length, bs))
     {
       BFD_ERR ("Packet verification failed, dropping packet");
       return BFD_UDP_ERROR_BAD;
@@ -1028,7 +1142,7 @@ bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
     {
       return err;
     }
-  bfd_rpc_update_session (bs->bs_idx, pkt);
+  bfd_rpc_update_session (vm, bs->bs_idx, pkt);
   *bs_out = bs;
   return BFD_UDP_ERROR_NONE;
 }
@@ -1039,7 +1153,7 @@ bfd_udp6_find_headers (vlib_buffer_t * b, ip6_header_t ** ip6,
 {
   /* sanity check first */
   const i32 start = vnet_buffer (b)->l3_hdr_offset;
-  if (start < 0 && start < sizeof (b->pre_data))
+  if (start < -(signed) sizeof (b->pre_data))
     {
       BFD_ERR ("Start of ip header is before pre_data, ignoring");
       *ip6 = NULL;
@@ -1103,8 +1217,7 @@ bfd_udp6_verify_transport (const ip6_header_t * ip6,
 }
 
 static bfd_udp_error_t
-bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
-              vlib_buffer_t * b, bfd_session_t ** bs_out)
+bfd_udp6_scan (vlib_main_t *vm, vlib_buffer_t *b, bfd_session_t **bs_out)
 {
   const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
   if (sizeof (*pkt) > b->current_length)
@@ -1162,7 +1275,7 @@ bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
       return BFD_UDP_ERROR_BAD;
     }
   BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
-  if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
+  if (!bfd_verify_pkt_auth (vm, pkt, b->current_length, bs))
     {
       BFD_ERR ("Packet verification failed, dropping packet");
       return BFD_UDP_ERROR_BAD;
@@ -1172,7 +1285,7 @@ bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
     {
       return err;
     }
-  bfd_rpc_update_session (bs->bs_idx, pkt);
+  bfd_rpc_update_session (vm, bs->bs_idx, pkt);
   *bs_out = bs;
   return BFD_UDP_ERROR_NONE;
 }
@@ -1206,23 +1319,23 @@ bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
       /* If this pkt is traced, snapshot the data */
       if (b0->flags & VLIB_BUFFER_IS_TRACED)
        {
-         int len;
+         u64 len;
          t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
          len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
            : sizeof (t0->data);
          t0->len = len;
-         clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
+         clib_memcpy_fast (t0->data, vlib_buffer_get_current (b0), len);
        }
 
       /* scan this bfd pkt. error0 is the counter index to bmp */
       bfd_lock (bm);
       if (is_ipv6)
        {
-         error0 = bfd_udp6_scan (vm, rt, b0, &bs);
+         error0 = bfd_udp6_scan (vm, b0, &bs);
        }
       else
        {
-         error0 = bfd_udp4_scan (vm, rt, b0, &bs);
+         error0 = bfd_udp4_scan (vm, b0, &bs);
        }
       b0->error = rt->errors[error0];
 
@@ -1239,9 +1352,7 @@ bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
            {
              b0->current_data = 0;
              b0->current_length = 0;
-             clib_memset (vnet_buffer (b0), 0, sizeof (*vnet_buffer (b0)));
-             bfd_init_final_control_frame (vm, b0, bfd_udp_main.bfd_main, bs,
-                                           0);
+             bfd_init_final_control_frame (vm, b0, bs);
              if (is_ipv6)
                {
                  vlib_node_increment_counter (vm, bfd_udp6_input_node.index,
@@ -1262,6 +1373,9 @@ bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
                case IP_LOOKUP_NEXT_REWRITE:
                  next0 = BFD_UDP_INPUT_NEXT_REPLY_REWRITE;
                  break;
+               case IP_LOOKUP_NEXT_MIDCHAIN:
+                 next0 = BFD_UDP_INPUT_NEXT_REPLY_MIDCHAIN;
+                 break;
                default:
                  /* drop */
                  break;
@@ -1305,6 +1419,7 @@ VLIB_REGISTER_NODE (bfd_udp4_input_node, static) = {
               [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
               [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip4-arp",
               [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip4-lookup",
+              [BFD_UDP_INPUT_NEXT_REPLY_MIDCHAIN] = "ip4-midchain",
       },
 };
 /* *INDENT-ON* */
@@ -1333,6 +1448,7 @@ VLIB_REGISTER_NODE (bfd_udp6_input_node, static) = {
               [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
               [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip6-discover-neighbor",
               [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip6-lookup",
+              [BFD_UDP_INPUT_NEXT_REPLY_MIDCHAIN] = "ip6-midchain",
       },
 };
 /* *INDENT-ON* */
@@ -1364,19 +1480,19 @@ bfd_udp_echo_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
       /* If this pkt is traced, snapshot the data */
       if (b0->flags & VLIB_BUFFER_IS_TRACED)
        {
-         int len;
+         u64 len;
          t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
          len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
            : sizeof (t0->data);
          t0->len = len;
-         clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
+         clib_memcpy_fast (t0->data, vlib_buffer_get_current (b0), len);
        }
 
       bfd_lock (bm);
-      if (bfd_consume_echo_pkt (bfd_udp_main.bfd_main, b0))
+      if (bfd_consume_echo_pkt (vm, bfd_udp_main.bfd_main, b0))
        {
          b0->error = rt->errors[BFD_UDP_ERROR_NONE];
-         next0 = BFD_UDP_INPUT_NEXT_NORMAL;
+         next0 = BFD_UDP_ECHO_INPUT_NEXT_NORMAL;
        }
       else
        {
@@ -1392,7 +1508,7 @@ bfd_udp_echo_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
              vlib_node_increment_counter (vm, bfd_udp_echo4_input_node.index,
                                           b0->error, 1);
            }
-         next0 = BFD_UDP_INPUT_NEXT_REPLY_REWRITE;
+         next0 = BFD_UDP_ECHO_INPUT_NEXT_REPLY_REWRITE;
        }
 
       bfd_unlock (bm);
@@ -1443,12 +1559,12 @@ VLIB_REGISTER_NODE (bfd_udp_echo4_input_node, static) = {
 
   .format_trace = bfd_echo_input_format_trace,
 
-  .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
+  .n_next_nodes = BFD_UDP_ECHO_INPUT_N_NEXT,
   .next_nodes =
       {
-              [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
-              [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip4-arp",
-              [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip4-lookup",
+              [BFD_UDP_ECHO_INPUT_NEXT_NORMAL] = "error-drop",
+              [BFD_UDP_ECHO_INPUT_NEXT_REPLY_ARP] = "ip4-arp",
+              [BFD_UDP_ECHO_INPUT_NEXT_REPLY_REWRITE] = "ip4-lookup",
       },
 };
 /* *INDENT-ON* */
@@ -1472,48 +1588,53 @@ VLIB_REGISTER_NODE (bfd_udp_echo6_input_node, static) = {
 
   .format_trace = bfd_echo_input_format_trace,
 
-  .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
+  .n_next_nodes = BFD_UDP_ECHO_INPUT_N_NEXT,
   .next_nodes =
       {
-              [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
-              [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip6-discover-neighbor",
-              [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip6-lookup",
+              [BFD_UDP_ECHO_INPUT_NEXT_NORMAL] = "error-drop",
+              [BFD_UDP_ECHO_INPUT_NEXT_REPLY_ARP] = "ip6-discover-neighbor",
+              [BFD_UDP_ECHO_INPUT_NEXT_REPLY_REWRITE] = "ip6-lookup",
       },
 };
 
 /* *INDENT-ON* */
 
 static clib_error_t *
-bfd_udp_sw_if_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_create)
+bfd_udp_sw_if_add_del (CLIB_UNUSED (vnet_main_t *vnm), u32 sw_if_index,
+                      u32 is_create)
 {
-  bfd_session_t **to_be_freed = NULL;
+  u32 *to_be_freed = NULL;
   bfd_udp_main_t *bum = &bfd_udp_main;
   BFD_DBG ("sw_if_add_del called, sw_if_index=%u, is_create=%u", sw_if_index,
           is_create);
   if (!is_create)
     {
       bfd_session_t *bs;
-      pool_foreach (bs, bfd_udp_main.bfd_main->sessions,
-                   {
-                   if (bs->transport != BFD_TRANSPORT_UDP4 &&
-                       bs->transport != BFD_TRANSPORT_UDP6)
-                   {
-                   continue;}
-                   if (bs->udp.key.sw_if_index != sw_if_index)
-                   {
-                   continue;}
-                   vec_add1 (to_be_freed, bs);}
-      );
-    }
-  bfd_session_t **bs;
-  vec_foreach (bs, to_be_freed)
-  {
-    vlib_log_notice (bum->log_class,
-                    "removal of sw_if_index=%u forces removal of bfd session "
-                    "with bs_idx=%u", sw_if_index, (*bs)->bs_idx);
-    bfd_session_set_flags (*bs, 0);
-    bfd_udp_del_session_internal (*bs);
-  }
+      pool_foreach (bs, bum->bfd_main->sessions)
+       {
+         if (bs->transport != BFD_TRANSPORT_UDP4 &&
+             bs->transport != BFD_TRANSPORT_UDP6)
+           {
+             continue;
+           }
+         if (bs->udp.key.sw_if_index != sw_if_index)
+           {
+             continue;
+           }
+         vec_add1 (to_be_freed, bs->bs_idx);
+       }
+    }
+  u32 *bs_idx;
+  vec_foreach (bs_idx, to_be_freed)
+    {
+      bfd_session_t *bs = pool_elt_at_index (bum->bfd_main->sessions, *bs_idx);
+      vlib_log_notice (bum->log_class,
+                      "removal of sw_if_index=%u forces removal of bfd "
+                      "session with bs_idx=%u",
+                      sw_if_index, bs->bs_idx);
+      bfd_session_set_flags (vlib_get_main (), bs, 0);
+      bfd_udp_del_session_internal (vlib_get_main (), bs);
+    }
   return 0;
 }
 
@@ -1525,16 +1646,12 @@ VNET_SW_INTERFACE_ADD_DEL_FUNCTION (bfd_udp_sw_if_add_del);
 static clib_error_t *
 bfd_udp_init (vlib_main_t * vm)
 {
+  bfd_udp_main.udp4_sessions_count = 0;
+  bfd_udp_main.udp6_sessions_count = 0;
   mhash_init (&bfd_udp_main.bfd_session_idx_by_bfd_key, sizeof (uword),
              sizeof (bfd_udp_key_t));
   bfd_udp_main.bfd_main = &bfd_main;
   bfd_udp_main.vnet_main = vnet_get_main ();
-  udp_register_dst_port (vm, UDP_DST_PORT_bfd4, bfd_udp4_input_node.index, 1);
-  udp_register_dst_port (vm, UDP_DST_PORT_bfd6, bfd_udp6_input_node.index, 0);
-  udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo4,
-                        bfd_udp_echo4_input_node.index, 1);
-  udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo6,
-                        bfd_udp_echo6_input_node.index, 0);
   vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "ip4-arp");
   ASSERT (node);
   bfd_udp_main.ip4_arp_idx = node->index;
@@ -1547,6 +1664,12 @@ bfd_udp_init (vlib_main_t * vm)
   node = vlib_get_node_by_name (vm, (u8 *) "ip6-rewrite");
   ASSERT (node);
   bfd_udp_main.ip6_rewrite_idx = node->index;
+  node = vlib_get_node_by_name (vm, (u8 *) "ip4-midchain");
+  ASSERT (node);
+  bfd_udp_main.ip4_midchain_idx = node->index;
+  node = vlib_get_node_by_name (vm, (u8 *) "ip6-midchain");
+  ASSERT (node);
+  bfd_udp_main.ip6_midchain_idx = node->index;
 
   bfd_udp_main.log_class = vlib_log_register_class ("bfd", "udp");
   vlib_log_debug (bfd_udp_main.log_class, "initialized");