X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fbfd%2Fbfd_main.c;h=23e3f0f02e94ed1652860b50dad9260e1af3f8b7;hb=b59f63b0e71c879331280b721ec72ff0b4699540;hp=30d98f6ab3444bdc9ee5d995d4a8da4c3cd4b0b3;hpb=06d82260d9913dbb6be98aef00830ef4967b1f55;p=vpp.git diff --git a/src/vnet/bfd/bfd_main.c b/src/vnet/bfd/bfd_main.c index 30d98f6ab34..23e3f0f02e9 100644 --- a/src/vnet/bfd/bfd_main.c +++ b/src/vnet/bfd/bfd_main.c @@ -17,14 +17,6 @@ * @brief BFD nodes implementation */ -#if WITH_LIBSSL > 0 -#include -#endif - -#if __SSE4_2__ -#include -#endif - #include #include #include @@ -36,15 +28,16 @@ #include #include #include +#include static u64 bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret) { u64 checksum = 0; #if defined(clib_crc32c_uses_intrinsics) && !defined (__i386__) - checksum = crc32_u64 (0, discriminator); - checksum = crc32_u64 (checksum, expire_time); - checksum = crc32_u64 (checksum, secret); + checksum = clib_crc32c_u64 (0, discriminator); + checksum = clib_crc32c_u64 (checksum, expire_time); + checksum = clib_crc32c_u64 (checksum, secret); #else checksum = clib_xxhash (discriminator ^ expire_time ^ secret); #endif @@ -179,7 +172,7 @@ bfd_set_poll_state (bfd_session_t * bs, bfd_poll_state_e state) } static void -bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs) +bfd_recalc_tx_interval (bfd_session_t *bs) { bs->transmit_interval_nsec = clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_rx_nsec); @@ -188,7 +181,7 @@ bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs) } static void -bfd_recalc_echo_tx_interval (bfd_main_t * bm, bfd_session_t * bs) +bfd_recalc_echo_tx_interval (bfd_session_t *bs) { bs->echo_transmit_interval_nsec = clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_echo_rx_nsec); @@ -247,7 +240,7 @@ bfd_calc_next_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now) } static void -bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now) +bfd_calc_next_echo_tx (bfd_session_t *bs, u64 now) { bs->echo_tx_timeout_nsec = bs->echo_last_tx_nsec + bs->echo_transmit_interval_nsec; @@ -268,7 +261,7 @@ bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now) } static void -bfd_recalc_detection_time (bfd_main_t * bm, bfd_session_t * bs) +bfd_recalc_detection_time (bfd_session_t *bs) { if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up) { @@ -392,26 +385,24 @@ bfd_set_effective_desired_min_tx (bfd_main_t * bm, bs->effective_desired_min_tx_nsec = desired_min_tx_nsec; BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT, BFD_CLK_PRN (bs->effective_desired_min_tx_nsec)); - bfd_recalc_detection_time (bm, bs); - bfd_recalc_tx_interval (bm, bs); - bfd_recalc_echo_tx_interval (bm, bs); + bfd_recalc_detection_time (bs); + bfd_recalc_tx_interval (bs); + bfd_recalc_echo_tx_interval (bs); bfd_calc_next_tx (bm, bs, now); } static void -bfd_set_effective_required_min_rx (bfd_main_t * bm, - bfd_session_t * bs, - u64 required_min_rx_nsec) +bfd_set_effective_required_min_rx (bfd_session_t *bs, u64 required_min_rx_nsec) { bs->effective_required_min_rx_nsec = required_min_rx_nsec; BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT, BFD_CLK_PRN (bs->effective_required_min_rx_nsec)); - bfd_recalc_detection_time (bm, bs); + bfd_recalc_detection_time (bs); } static void -bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs, - u64 now, u32 remote_required_min_rx_usec) +bfd_set_remote_required_min_rx (bfd_session_t *bs, + u32 remote_required_min_rx_usec) { if (bs->remote_min_rx_usec != remote_required_min_rx_usec) { @@ -419,14 +410,13 @@ bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs, bs->remote_min_rx_nsec = bfd_usec_to_nsec (remote_required_min_rx_usec); BFD_DBG ("Set remote min rx to " BFD_CLK_FMT, BFD_CLK_PRN (bs->remote_min_rx_nsec)); - bfd_recalc_detection_time (bm, bs); - bfd_recalc_tx_interval (bm, bs); + bfd_recalc_detection_time (bs); + bfd_recalc_tx_interval (bs); } } static void -bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs, - u64 now, +bfd_set_remote_required_min_echo_rx (bfd_session_t *bs, u32 remote_required_min_echo_rx_usec) { if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec) @@ -436,7 +426,7 @@ bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs, bfd_usec_to_nsec (bs->remote_min_echo_rx_usec); BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT, BFD_CLK_PRN (bs->remote_min_echo_rx_nsec)); - bfd_recalc_echo_tx_interval (bm, bs); + bfd_recalc_echo_tx_interval (bs); } } @@ -457,8 +447,8 @@ bfd_session_start (bfd_main_t * bm, bfd_session_t * bs) BFD_DBG ("\nStarting session: %U", format_bfd_session, bs); vlib_log_info (bm->log_class, "start BFD session: %U", format_bfd_session_brief, bs); - bfd_set_effective_required_min_rx (bm, bs, bs->config_required_min_rx_nsec); - bfd_recalc_tx_interval (bm, bs); + bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec); + bfd_recalc_tx_interval (bs); vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index, BFD_EVENT_NEW_SESSION, bs->bs_idx); bfd_notify_listeners (bm, BFD_LISTEN_EVENT_CREATE, bs); @@ -658,8 +648,7 @@ bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now, clib_max (bs->config_desired_min_tx_nsec, bm->default_desired_min_tx_nsec)); - bfd_set_effective_required_min_rx (bm, bs, - bs->config_required_min_rx_nsec); + bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec); bfd_set_timer (bm, bs, now, handling_wakeup); break; case BFD_STATE_down: @@ -668,8 +657,7 @@ bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now, clib_max (bs->config_desired_min_tx_nsec, bm->default_desired_min_tx_nsec)); - bfd_set_effective_required_min_rx (bm, bs, - bs->config_required_min_rx_nsec); + bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec); bfd_set_timer (bm, bs, now, handling_wakeup); break; case BFD_STATE_init: @@ -683,7 +671,7 @@ bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now, bs->config_desired_min_tx_nsec); if (BFD_POLL_NOT_NEEDED == bs->poll_state) { - bfd_set_effective_required_min_rx (bm, bs, + bfd_set_effective_required_min_rx (bs, bs->config_required_min_rx_nsec); } bfd_set_timer (bm, bs, now, handling_wakeup); @@ -701,8 +689,7 @@ bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now, } static void -bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt, - bfd_main_t * bm, bfd_session_t * bs, u64 now) +bfd_on_config_change (bfd_main_t *bm, bfd_session_t *bs, u64 now) { /* * if remote demand mode is set and we need to do a poll, set the next @@ -713,7 +700,7 @@ bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt, { bs->tx_timeout_nsec = now; } - bfd_recalc_detection_time (bm, bs); + bfd_recalc_detection_time (bs); bfd_set_timer (bm, bs, now, 0); } @@ -784,9 +771,9 @@ bfd_transport_echo (vlib_main_t * vm, u32 bi, bfd_session_t * bs) return 0; } -#if WITH_LIBSSL > 0 static void -bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs) +bfd_add_sha1_auth_section (vlib_main_t *vm, vlib_buffer_t *b, + bfd_session_t *bs) { bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b); bfd_auth_sha1_t *auth = &pkt->sha1_auth; @@ -810,14 +797,19 @@ bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs) clib_memcpy (auth->hash, bs->auth.curr_key->key, sizeof (bs->auth.curr_key->key)); unsigned char hash[sizeof (auth->hash)]; - SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash); + + vnet_crypto_op_t op; + vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH); + op.src = (u8 *) pkt; + op.len = sizeof (*pkt); + op.digest = hash; + vnet_crypto_process_ops (vm, &op, 1); BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt)); clib_memcpy (auth->hash, hash, sizeof (hash)); } -#endif static void -bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs) +bfd_add_auth_section (vlib_main_t *vm, vlib_buffer_t *b, bfd_session_t *bs) { bfd_main_t *bm = &bfd_main; if (bs->auth.curr_key) @@ -836,21 +828,11 @@ bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs) "internal error, unexpected BFD auth type '%d'", auth_type); break; -#if WITH_LIBSSL > 0 case BFD_AUTH_TYPE_keyed_sha1: /* fallthrough */ case BFD_AUTH_TYPE_meticulous_keyed_sha1: - bfd_add_sha1_auth_section (b, bs); - break; -#else - case BFD_AUTH_TYPE_keyed_sha1: - /* fallthrough */ - case BFD_AUTH_TYPE_meticulous_keyed_sha1: - vlib_log_crit (bm->log_class, - "internal error, unexpected BFD auth type '%d'", - auth_type); + bfd_add_sha1_auth_section (vm, b, bs); break; -#endif } } } @@ -873,8 +855,7 @@ bfd_is_echo_possible (bfd_session_t * bs) } static void -bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs, - vlib_buffer_t * b) +bfd_init_control_frame (bfd_session_t *bs, vlib_buffer_t *b) { bfd_pkt_t *pkt = vlib_buffer_get_current (b); u32 bfd_length = 0; @@ -904,8 +885,7 @@ bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs, } static void -bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, - bfd_main_t * bm, bfd_session_t * bs, u64 now) +bfd_send_echo (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now) { if (!bfd_is_echo_possible (bs)) { @@ -924,7 +904,6 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, } vlib_buffer_t *b = vlib_get_buffer (vm, bi); ASSERT (b->current_data == 0); - VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b); bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b); clib_memset (pkt, 0, sizeof (*pkt)); pkt->discriminator = bs->local_discr; @@ -949,7 +928,7 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, return; } bs->echo_last_tx_nsec = now; - bfd_calc_next_echo_tx (bm, bs, now); + bfd_calc_next_echo_tx (bs, now); } else { @@ -960,8 +939,7 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, } static void -bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, - bfd_main_t * bm, bfd_session_t * bs, u64 now) +bfd_send_periodic (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now) { if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state) { @@ -993,8 +971,7 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, } vlib_buffer_t *b = vlib_get_buffer (vm, bi); ASSERT (b->current_data == 0); - VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b); - bfd_init_control_frame (bm, bs, b); + bfd_init_control_frame (bs, b); switch (bs->poll_state) { case BFD_POLL_NEEDED: @@ -1018,7 +995,7 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, /* fallthrough */ break; } - bfd_add_auth_section (b, bs); + bfd_add_auth_section (vm, b, bs); bfd_add_transport_layer (vm, bi, bs); if (!bfd_transport_control_frame (vm, bi, bs)) { @@ -1036,14 +1013,13 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, } void -bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b, - bfd_main_t * bm, bfd_session_t * bs, - int is_local) +bfd_init_final_control_frame (vlib_main_t *vm, vlib_buffer_t *b, + bfd_session_t *bs) { BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx); - bfd_init_control_frame (bm, bs, b); + bfd_init_control_frame (bs, b); bfd_pkt_set_final (vlib_buffer_get_current (b)); - bfd_add_auth_section (b, bs); + bfd_add_auth_section (vm, b, bs); u32 bi = vlib_get_buffer_index (vm, b); bfd_add_transport_layer (vm, bi, bs); bs->last_tx_nsec = bfd_time_now_nsec (vm, NULL); @@ -1083,7 +1059,7 @@ bfd_check_rx_timeout (vlib_main_t * vm, bfd_main_t * bm, bfd_session_t * bs, * since it is no longer required to maintain previous session state) * and then can transmit at its own rate. */ - bfd_set_remote_required_min_rx (bm, bs, now, 1); + bfd_set_remote_required_min_rx (bs, 1); } else if (bs->echo && bs->echo_last_rx_nsec + @@ -1096,21 +1072,19 @@ bfd_check_rx_timeout (vlib_main_t * vm, bfd_main_t * bm, bfd_session_t * bs, } void -bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm, - bfd_session_t * bs, u64 now) +bfd_on_timeout (vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now) { BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx); switch (bs->local_state) { case BFD_STATE_admin_down: - bfd_send_periodic (vm, rt, bm, bs, now); - break; + /* fallthrough */ case BFD_STATE_down: - bfd_send_periodic (vm, rt, bm, bs, now); + bfd_send_periodic (vm, bm, bs, now); break; case BFD_STATE_init: bfd_check_rx_timeout (vm, bm, bs, now, 1); - bfd_send_periodic (vm, rt, bm, bs, now); + bfd_send_periodic (vm, bm, bs, now); break; case BFD_STATE_up: bfd_check_rx_timeout (vm, bm, bs, now, 1); @@ -1122,16 +1096,15 @@ bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm, bs->echo = 1; bs->echo_last_rx_nsec = now; bs->echo_tx_timeout_nsec = now; - bfd_set_effective_required_min_rx (bm, bs, - clib_max - (bm->min_required_min_rx_while_echo_nsec, - bs->config_required_min_rx_nsec)); + bfd_set_effective_required_min_rx ( + bs, clib_max (bm->min_required_min_rx_while_echo_nsec, + bs->config_required_min_rx_nsec)); bfd_set_poll_state (bs, BFD_POLL_NEEDED); } - bfd_send_periodic (vm, rt, bm, bs, now); + bfd_send_periodic (vm, bm, bs, now); if (bs->echo) { - bfd_send_echo (vm, rt, bm, bs, now); + bfd_send_echo (vm, bm, bs, now); } break; } @@ -1141,7 +1114,8 @@ bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm, * bfd process node function */ static uword -bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) +bfd_process (vlib_main_t *vm, CLIB_UNUSED (vlib_node_runtime_t *rt), + CLIB_UNUSED (vlib_frame_t *f)) { bfd_main_t *bm = &bfd_main; u32 *expired = 0; @@ -1182,7 +1156,9 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) now + first_expires_in_ticks * bm->nsec_per_tw_tick; bm->bfd_process_next_wakeup_nsec = next_expire_nsec; bfd_unlock (bm); - timeout = (next_expire_nsec - now) * SEC_PER_NSEC; + ASSERT (next_expire_nsec - now <= UINT32_MAX); + // cast to u32 to avoid warning + timeout = (u32) (next_expire_nsec - now) * SEC_PER_NSEC; } BFD_DBG ("vlib_process_wait_for_event_or_clock(vm, %.09f)", timeout); @@ -1219,7 +1195,7 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { bfd_session_t *bs = pool_elt_at_index (bm->sessions, *session_index); - bfd_send_periodic (vm, rt, bm, bs, now); + bfd_send_periodic (vm, bm, bs, now); bfd_set_timer (bm, bs, now, 1); } else @@ -1238,7 +1214,7 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { bfd_session_t *bs = pool_elt_at_index (bm->sessions, *session_index); - bfd_on_config_change (vm, rt, bm, bs, now); + bfd_on_config_change (bm, bs, now); } else { @@ -1265,7 +1241,7 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx); bs->tw_id = 0; /* timer is gone because it expired */ - bfd_on_timeout (vm, rt, bm, bs, now); + bfd_on_timeout (vm, bm, bs, now); bfd_set_timer (bm, bs, now, 1); } } @@ -1286,7 +1262,6 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) /* * bfd process node declaration */ -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (bfd_process_node, static) = { .function = bfd_process, .type = VLIB_NODE_TYPE_PROCESS, @@ -1294,10 +1269,10 @@ VLIB_REGISTER_NODE (bfd_process_node, static) = { .n_next_nodes = 0, .next_nodes = {}, }; -/* *INDENT-ON* */ static clib_error_t * -bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags) +bfd_sw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm), + CLIB_UNUSED (u32 sw_if_index), u32 flags) { // bfd_main_t *bm = &bfd_main; // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index); @@ -1311,7 +1286,8 @@ bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags) VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down); static clib_error_t * -bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags) +bfd_hw_interface_up_down (CLIB_UNUSED (vnet_main_t *vnm), + CLIB_UNUSED (u32 hw_if_index), u32 flags) { // bfd_main_t *bm = &bfd_main; if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP) @@ -1594,14 +1570,13 @@ bfd_verify_pkt_auth_seq_num (vlib_main_t * vm, bfd_session_t * bs, } static int -bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size, - bfd_session_t * bs, u8 bfd_key_id, - bfd_auth_key_t * auth_key) +bfd_verify_pkt_auth_key_sha1 (vlib_main_t *vm, const bfd_pkt_t *pkt, + u32 pkt_size, CLIB_UNUSED (bfd_session_t *bs), + u8 bfd_key_id, bfd_auth_key_t *auth_key) { ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 || auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1); - u8 result[SHA_DIGEST_LENGTH]; bfd_pkt_with_common_auth_t *with_common = (void *) pkt; if (pkt_size < sizeof (*with_common)) { @@ -1636,36 +1611,34 @@ bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size, auth.is_delayed ? " (but a delayed auth change is scheduled)" : ""); return 0; } - SHA_CTX ctx; - if (!SHA1_Init (&ctx)) - { - BFD_ERR ("SHA1_Init failed"); - return 0; - } - /* ignore last 20 bytes - use the actual key data instead pkt data */ - if (!SHA1_Update (&ctx, with_sha1, - sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash))) - { - BFD_ERR ("SHA1_Update failed"); - return 0; - } - if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key))) - { - BFD_ERR ("SHA1_Update failed"); - return 0; - } - if (!SHA1_Final (result, &ctx)) - { - BFD_ERR ("SHA1_Final failed"); - return 0; - } - if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH)) - { + + u8 hash_from_packet[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)]; + u8 calculated_hash[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)]; + clib_memcpy (hash_from_packet, with_sha1->sha1_auth.hash, + sizeof (with_sha1->sha1_auth.hash)); + clib_memcpy (with_sha1->sha1_auth.hash, auth_key->key, + sizeof (auth_key->key)); + vnet_crypto_op_t op; + vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH); + op.src = (u8 *) with_sha1; + op.len = sizeof (*with_sha1); + op.digest = calculated_hash; + vnet_crypto_process_ops (vm, &op, 1); + + /* Restore the modified data within the packet */ + clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet, + sizeof (with_sha1->sha1_auth.hash)); + + if (0 == + memcmp (calculated_hash, hash_from_packet, sizeof (calculated_hash))) + { + clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet, + sizeof (hash_from_packet)); return 1; } BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U", - format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH, - format_hex_bytes, result, SHA_DIGEST_LENGTH); + format_hex_bytes, hash_from_packet, sizeof (hash_from_packet), + format_hex_bytes, calculated_hash, sizeof (calculated_hash)); return 0; } @@ -1684,41 +1657,30 @@ bfd_verify_pkt_auth_key (vlib_main_t * vm, const bfd_pkt_t * pkt, bfd_auth_type_str (auth_key->auth_type)); return 0; case BFD_AUTH_TYPE_simple_password: - vlib_log_err (bm->log_class, - "internal error, not implemented, unexpected auth_type=%d:%s", - auth_key->auth_type, - bfd_auth_type_str (auth_key->auth_type)); - return 0; + /* fallthrough */ case BFD_AUTH_TYPE_keyed_md5: /* fallthrough */ case BFD_AUTH_TYPE_meticulous_keyed_md5: - vlib_log_err - (bm->log_class, - "internal error, not implemented, unexpected auth_type=%d:%s", - auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type)); + vlib_log_err ( + bm->log_class, + "internal error, not implemented, unexpected auth_type=%d:%s", + auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type)); return 0; case BFD_AUTH_TYPE_keyed_sha1: /* fallthrough */ case BFD_AUTH_TYPE_meticulous_keyed_sha1: -#if WITH_LIBSSL > 0 do { const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t *) pkt)-> sha1_auth.seq_num); - return bfd_verify_pkt_auth_seq_num (vm, bs, seq_num, - bfd_auth_type_is_meticulous - (auth_key->auth_type)) - && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id, - auth_key); + return bfd_verify_pkt_auth_seq_num ( + vm, bs, seq_num, + bfd_auth_type_is_meticulous (auth_key->auth_type)) && + bfd_verify_pkt_auth_key_sha1 (vm, pkt, pkt_size, bs, + bfd_key_id, auth_key); } while (0); -#else - vlib_log_err - (bm->log_class, - "internal error, attempt to use SHA1 without SSL support"); - return 0; -#endif } return 0; } @@ -1863,11 +1825,9 @@ bfd_consume_pkt (vlib_main_t * vm, bfd_main_t * bm, const bfd_pkt_t * pkt, bs->remote_desired_min_tx_nsec = bfd_usec_to_nsec (clib_net_to_host_u32 (pkt->des_min_tx)); bs->remote_detect_mult = pkt->head.detect_mult; - bfd_set_remote_required_min_rx (bm, bs, now, - clib_net_to_host_u32 (pkt->req_min_rx)); - bfd_set_remote_required_min_echo_rx (bm, bs, now, - clib_net_to_host_u32 - (pkt->req_min_echo_rx)); + bfd_set_remote_required_min_rx (bs, clib_net_to_host_u32 (pkt->req_min_rx)); + bfd_set_remote_required_min_echo_rx ( + bs, clib_net_to_host_u32 (pkt->req_min_echo_rx)); if (bfd_pkt_get_final (pkt)) { if (BFD_POLL_IN_PROGRESS == bs->poll_state) @@ -1876,10 +1836,12 @@ bfd_consume_pkt (vlib_main_t * vm, bfd_main_t * bm, const bfd_pkt_t * pkt, bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED); if (BFD_STATE_up == bs->local_state) { - bfd_set_effective_required_min_rx (bm, bs, - clib_max (bs->echo * - bm->min_required_min_rx_while_echo_nsec, - bs->config_required_min_rx_nsec)); + bfd_set_effective_desired_min_tx ( + bm, bs, now, bs->config_desired_min_tx_nsec); + bfd_set_effective_required_min_rx ( + bs, + clib_max (bs->echo * bm->min_required_min_rx_while_echo_nsec, + bs->config_required_min_rx_nsec)); } } else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state) @@ -2049,22 +2011,27 @@ bfd_auth_activate (bfd_session_t * bs, u32 conf_key_id, bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx); if (is_delayed) { - if (bs->auth.next_key == key) + if (bs->auth.next_key == key && bs->auth.next_bfd_key_id == bfd_key_id) { /* already using this key, no changes required */ return 0; } - bs->auth.next_key = key; + if (bs->auth.next_key != key) + { + ++key->use_count; + bs->auth.next_key = key; + } bs->auth.next_bfd_key_id = bfd_key_id; bs->auth.is_delayed = 1; } else { - if (bs->auth.curr_key == key) + if (bs->auth.curr_key == key && bs->auth.curr_bfd_key_id == bfd_key_id) { /* already using this key, no changes required */ return 0; } + ++key->use_count; if (bs->auth.curr_key) { --bs->auth.curr_key->use_count; @@ -2073,7 +2040,6 @@ bfd_auth_activate (bfd_session_t * bs, u32 conf_key_id, bs->auth.curr_bfd_key_id = bfd_key_id; bs->auth.is_delayed = 0; } - ++key->use_count; BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs); vlib_log_info (bm->log_class, "session auth modified: %U", format_bfd_session_brief, bs); @@ -2084,7 +2050,6 @@ vnet_api_error_t bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed) { bfd_main_t *bm = &bfd_main; -#if WITH_LIBSSL > 0 if (!is_delayed) { /* not delayed - deactivate the current key right now */ @@ -2115,11 +2080,6 @@ bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed) vlib_log_info (bm->log_class, "session auth modified: %U", format_bfd_session_brief, bs); return 0; -#else - vlib_log_err (bm->log_class, - "SSL missing, cannot deactivate BFD authentication"); - return VNET_API_ERROR_BFD_NOTSUPP; -#endif } vnet_api_error_t @@ -2189,7 +2149,6 @@ bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len, const u8 * key_data) { bfd_main_t *bm = &bfd_main; -#if WITH_LIBSSL > 0 bfd_auth_key_t *auth_key = NULL; if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type)) { @@ -2233,17 +2192,11 @@ bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len, clib_memset (auth_key->key, 0, sizeof (auth_key->key)); clib_memcpy (auth_key->key, key_data, key_len); return 0; -#else - vlib_log_err (bm->log_class, - "SSL missing, cannot manipulate authentication keys"); - return VNET_API_ERROR_BFD_NOTSUPP; -#endif } vnet_api_error_t bfd_auth_del_key (u32 conf_key_id) { -#if WITH_LIBSSL > 0 bfd_auth_key_t *auth_key = NULL; bfd_main_t *bm = &bfd_main; uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id); @@ -2273,11 +2226,6 @@ bfd_auth_del_key (u32 conf_key_id) return VNET_API_ERROR_BFD_ENOENT; } return 0; -#else - vlib_log_err (bm->log_class, - "SSL missing, cannot manipulate authentication keys"); - return VNET_API_ERROR_BFD_NOTSUPP; -#endif } bfd_main_t bfd_main;