2 * Copyright (c) 2011-2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief BFD nodes implementation
21 #include <openssl/sha.h>
25 #include <x86intrin.h>
28 #include <vlibmemory/api.h>
29 #include <vppinfra/random.h>
30 #include <vppinfra/error.h>
31 #include <vppinfra/hash.h>
32 #include <vppinfra/xxhash.h>
33 #include <vnet/ethernet/ethernet.h>
34 #include <vnet/ethernet/packet.h>
35 #include <vnet/bfd/bfd_debug.h>
36 #include <vnet/bfd/bfd_protocol.h>
37 #include <vnet/bfd/bfd_main.h>
41 bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret)
44 #if defined(clib_crc32c_uses_intrinsics) && !defined (__i386__)
45 checksum = crc32_u64 (0, discriminator);
46 checksum = crc32_u64 (checksum, expire_time);
47 checksum = crc32_u64 (checksum, secret);
49 checksum = clib_xxhash (discriminator ^ expire_time ^ secret);
55 bfd_usec_to_nsec (u64 us)
57 return us * NSEC_PER_USEC;
61 bfd_nsec_to_usec (u64 nsec)
63 return nsec / NSEC_PER_USEC;
67 bfd_time_now_nsec (vlib_main_t * vm, f64 * vm_time)
69 f64 _vm_time = vlib_time_now (vm);
72 return _vm_time * NSEC_PER_SEC;
75 static vlib_node_registration_t bfd_process_node;
78 format_bfd_auth_key (u8 * s, va_list * args)
80 const bfd_auth_key_t *key = va_arg (*args, bfd_auth_key_t *);
83 s = format (s, "{auth-type=%u:%s, conf-key-id=%u, use-count=%u}, ",
84 key->auth_type, bfd_auth_type_str (key->auth_type),
85 key->conf_key_id, key->use_count);
89 s = format (s, "{none}");
95 * We actually send all bfd pkts to the "error" node after scanning
96 * them, so the graph node has only one next-index. The "error-drop"
97 * node automatically bumps our per-node packet counters for us.
101 BFD_INPUT_NEXT_NORMAL,
105 static void bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now,
106 int handling_wakeup);
109 bfd_set_defaults (bfd_main_t * bm, bfd_session_t * bs)
111 bs->local_state = BFD_STATE_down;
112 bs->local_diag = BFD_DIAG_CODE_no_diag;
113 bs->remote_state = BFD_STATE_down;
114 bs->remote_discr = 0;
115 bs->hop_type = BFD_HOP_TYPE_SINGLE;
116 bs->config_desired_min_tx_usec = BFD_DEFAULT_DESIRED_MIN_TX_USEC;
117 bs->config_desired_min_tx_nsec = bm->default_desired_min_tx_nsec;
118 bs->effective_desired_min_tx_nsec = bm->default_desired_min_tx_nsec;
119 bs->remote_min_rx_usec = 1;
120 bs->remote_min_rx_nsec = bfd_usec_to_nsec (bs->remote_min_rx_usec);
121 bs->remote_min_echo_rx_usec = 0;
122 bs->remote_min_echo_rx_nsec = 0;
123 bs->remote_demand = 0;
124 bs->auth.remote_seq_number = 0;
125 bs->auth.remote_seq_number_known = 0;
126 bs->auth.local_seq_number = random_u32 (&bm->random_seed);
127 bs->echo_secret = random_u32 (&bm->random_seed);
131 bfd_set_diag (bfd_session_t * bs, bfd_diag_code_e code)
133 if (bs->local_diag != code)
135 BFD_DBG ("set local_diag, bs_idx=%d: '%d:%s'", bs->bs_idx, code,
136 bfd_diag_code_string (code));
137 bs->local_diag = code;
142 bfd_set_state (vlib_main_t * vm, bfd_main_t * bm, bfd_session_t * bs,
143 bfd_state_e new_state, int handling_wakeup)
145 if (bs->local_state != new_state)
147 BFD_DBG ("Change state, bs_idx=%d: %s->%s", bs->bs_idx,
148 bfd_state_string (bs->local_state),
149 bfd_state_string (new_state));
150 bs->local_state = new_state;
151 bfd_on_state_change (bm, bs, bfd_time_now_nsec (vm, NULL),
157 bfd_poll_state_string (bfd_poll_state_e state)
163 return "BFD_POLL_" #x;
164 foreach_bfd_poll_state (F)
171 bfd_set_poll_state (bfd_session_t * bs, bfd_poll_state_e state)
173 if (bs->poll_state != state)
175 BFD_DBG ("Setting poll state=%s, bs_idx=%u",
176 bfd_poll_state_string (state), bs->bs_idx);
177 bs->poll_state = state;
182 bfd_recalc_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
184 bs->transmit_interval_nsec =
185 clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_rx_nsec);
186 BFD_DBG ("Recalculated transmit interval " BFD_CLK_FMT,
187 BFD_CLK_PRN (bs->transmit_interval_nsec));
191 bfd_recalc_echo_tx_interval (bfd_main_t * bm, bfd_session_t * bs)
193 bs->echo_transmit_interval_nsec =
194 clib_max (bs->effective_desired_min_tx_nsec, bs->remote_min_echo_rx_nsec);
195 BFD_DBG ("Recalculated echo transmit interval " BFD_CLK_FMT,
196 BFD_CLK_PRN (bs->echo_transmit_interval_nsec));
200 bfd_calc_next_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
202 if (bs->local_detect_mult > 1)
204 /* common case - 75-100% of transmit interval */
205 bs->tx_timeout_nsec = bs->last_tx_nsec +
206 (1 - .25 * (random_f64 (&bm->random_seed))) *
207 bs->transmit_interval_nsec;
208 if (bs->tx_timeout_nsec < now)
211 * the timeout is in the past, which means that either remote
212 * demand mode was set or performance/clock issues ...
214 BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
215 "tx_timeout is %lu)",
216 (now - bs->tx_timeout_nsec) /
217 bs->transmit_interval_nsec, now, bs->tx_timeout_nsec);
218 bs->tx_timeout_nsec = now;
223 /* special case - 75-90% of transmit interval */
224 bs->tx_timeout_nsec = bs->last_tx_nsec +
225 (.9 - .15 * (random_f64 (&bm->random_seed))) *
226 bs->transmit_interval_nsec;
227 if (bs->tx_timeout_nsec < now)
230 * the timeout is in the past, which means that either remote
231 * demand mode was set or performance/clock issues ...
233 BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
234 "tx_timeout is %lu)",
235 (now - bs->tx_timeout_nsec) /
236 bs->transmit_interval_nsec, now, bs->tx_timeout_nsec);
237 bs->tx_timeout_nsec = now;
240 if (bs->tx_timeout_nsec)
242 BFD_DBG ("Next transmit in %lu nsec/%.02fs@%lu",
243 bs->tx_timeout_nsec - now,
244 (bs->tx_timeout_nsec - now) * SEC_PER_NSEC,
245 bs->tx_timeout_nsec);
250 bfd_calc_next_echo_tx (bfd_main_t * bm, bfd_session_t * bs, u64 now)
252 bs->echo_tx_timeout_nsec =
253 bs->echo_last_tx_nsec + bs->echo_transmit_interval_nsec;
254 if (bs->echo_tx_timeout_nsec < now)
256 /* huh, we've missed it already, transmit now */
257 BFD_DBG ("Missed %lu echo transmit events (now is %lu, calc tx_timeout "
259 (now - bs->echo_tx_timeout_nsec) /
260 bs->echo_transmit_interval_nsec,
261 now, bs->echo_tx_timeout_nsec);
262 bs->echo_tx_timeout_nsec = now;
264 BFD_DBG ("Next echo transmit in %lu nsec/%.02fs@%lu",
265 bs->echo_tx_timeout_nsec - now,
266 (bs->echo_tx_timeout_nsec - now) * SEC_PER_NSEC,
267 bs->echo_tx_timeout_nsec);
271 bfd_recalc_detection_time (bfd_main_t * bm, bfd_session_t * bs)
273 if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up)
275 bs->detection_time_nsec =
276 bs->remote_detect_mult *
277 clib_max (bs->effective_required_min_rx_nsec,
278 bs->remote_desired_min_tx_nsec);
279 BFD_DBG ("Recalculated detection time %lu nsec/%.3fs",
280 bs->detection_time_nsec,
281 bs->detection_time_nsec * SEC_PER_NSEC);
286 bfd_set_timer (bfd_main_t * bm, bfd_session_t * bs, u64 now,
292 if (BFD_STATE_up == bs->local_state)
294 rx_timeout = bs->last_rx_nsec + bs->detection_time_nsec;
296 if (BFD_STATE_up != bs->local_state ||
297 (!bs->remote_demand && bs->remote_min_rx_usec) ||
298 BFD_POLL_NOT_NEEDED != bs->poll_state)
300 tx_timeout = bs->tx_timeout_nsec;
302 if (tx_timeout && rx_timeout)
304 next = clib_min (tx_timeout, rx_timeout);
314 if (bs->echo && next > bs->echo_tx_timeout_nsec)
316 next = bs->echo_tx_timeout_nsec;
318 BFD_DBG ("bs_idx=%u, tx_timeout=%lu, echo_tx_timeout=%lu, rx_timeout=%lu, "
320 bs->bs_idx, tx_timeout, bs->echo_tx_timeout_nsec, rx_timeout,
322 ? "tx" : (next == bs->echo_tx_timeout_nsec ? "echo tx" : "rx"));
326 bs->event_time_nsec = next;
327 /* add extra tick if it's not even */
328 u32 wheel_time_ticks =
329 (bs->event_time_nsec - now) / bm->nsec_per_tw_tick +
330 ((bs->event_time_nsec - now) % bm->nsec_per_tw_tick != 0);
331 BFD_DBG ("event_time_nsec %lu (%lu nsec/%.3fs in future) -> "
332 "wheel_time_ticks %u", bs->event_time_nsec,
333 bs->event_time_nsec - now,
334 (bs->event_time_nsec - now) * SEC_PER_NSEC, wheel_time_ticks);
335 wheel_time_ticks = wheel_time_ticks ? wheel_time_ticks : 1;
339 TW (tw_timer_update) (&bm->wheel, bs->tw_id, wheel_time_ticks);
340 BFD_DBG ("tw_timer_update(%p, %u, %lu);", &bm->wheel, bs->tw_id,
346 TW (tw_timer_start) (&bm->wheel, bs->bs_idx, 0, wheel_time_ticks);
347 BFD_DBG ("tw_timer_start(%p, %u, 0, %lu) == %u;", &bm->wheel,
348 bs->bs_idx, wheel_time_ticks);
351 if (!handling_wakeup)
354 /* Send only if it is earlier than current awaited wakeup time */
356 (bs->event_time_nsec < bm->bfd_process_next_wakeup_nsec) &&
358 * If the wake-up time is within 2x the delay of the event propagation delay,
359 * avoid the expense of sending the event. The 2x multiplier is to workaround the race whereby
360 * simultaneous event + expired timer create one recurring bogus wakeup/suspend instance,
361 * due to double scheduling of the node on the pending list.
363 (bm->bfd_process_next_wakeup_nsec - bs->event_time_nsec >
364 2 * bm->bfd_process_wakeup_event_delay_nsec) &&
365 /* Must be no events in flight to send an event */
366 (!bm->bfd_process_wakeup_events_in_flight);
368 /* If we do send the signal, note this down along with the start timestamp */
371 bm->bfd_process_wakeup_events_in_flight++;
372 bm->bfd_process_wakeup_event_start_nsec = now;
377 /* Use the multithreaded event sending so the workers can send events too */
380 vlib_process_signal_event_mt (bm->vlib_main,
381 bm->bfd_process_node_index,
382 BFD_EVENT_RESCHEDULE, ~0);
388 bfd_set_effective_desired_min_tx (bfd_main_t * bm,
389 bfd_session_t * bs, u64 now,
390 u64 desired_min_tx_nsec)
392 bs->effective_desired_min_tx_nsec = desired_min_tx_nsec;
393 BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT,
394 BFD_CLK_PRN (bs->effective_desired_min_tx_nsec));
395 bfd_recalc_detection_time (bm, bs);
396 bfd_recalc_tx_interval (bm, bs);
397 bfd_recalc_echo_tx_interval (bm, bs);
398 bfd_calc_next_tx (bm, bs, now);
402 bfd_set_effective_required_min_rx (bfd_main_t * bm,
404 u64 required_min_rx_nsec)
406 bs->effective_required_min_rx_nsec = required_min_rx_nsec;
407 BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT,
408 BFD_CLK_PRN (bs->effective_required_min_rx_nsec));
409 bfd_recalc_detection_time (bm, bs);
413 bfd_set_remote_required_min_rx (bfd_main_t * bm, bfd_session_t * bs,
414 u64 now, u32 remote_required_min_rx_usec)
416 if (bs->remote_min_rx_usec != remote_required_min_rx_usec)
418 bs->remote_min_rx_usec = remote_required_min_rx_usec;
419 bs->remote_min_rx_nsec = bfd_usec_to_nsec (remote_required_min_rx_usec);
420 BFD_DBG ("Set remote min rx to " BFD_CLK_FMT,
421 BFD_CLK_PRN (bs->remote_min_rx_nsec));
422 bfd_recalc_detection_time (bm, bs);
423 bfd_recalc_tx_interval (bm, bs);
428 bfd_set_remote_required_min_echo_rx (bfd_main_t * bm, bfd_session_t * bs,
430 u32 remote_required_min_echo_rx_usec)
432 if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec)
434 bs->remote_min_echo_rx_usec = remote_required_min_echo_rx_usec;
435 bs->remote_min_echo_rx_nsec =
436 bfd_usec_to_nsec (bs->remote_min_echo_rx_usec);
437 BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT,
438 BFD_CLK_PRN (bs->remote_min_echo_rx_nsec));
439 bfd_recalc_echo_tx_interval (bm, bs);
444 bfd_notify_listeners (bfd_main_t * bm,
445 bfd_listen_event_e event, const bfd_session_t * bs)
448 vec_foreach (fn, bm->listeners)
455 bfd_session_start (bfd_main_t * bm, bfd_session_t * bs)
457 BFD_DBG ("\nStarting session: %U", format_bfd_session, bs);
458 vlib_log_info (bm->log_class, "start BFD session: %U",
459 format_bfd_session_brief, bs);
460 bfd_set_effective_required_min_rx (bm, bs, bs->config_required_min_rx_nsec);
461 bfd_recalc_tx_interval (bm, bs);
462 vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
463 BFD_EVENT_NEW_SESSION, bs->bs_idx);
464 bfd_notify_listeners (bm, BFD_LISTEN_EVENT_CREATE, bs);
468 bfd_session_set_flags (vlib_main_t * vm, bfd_session_t * bs, u8 admin_up_down)
470 bfd_main_t *bm = &bfd_main;
471 u64 now = bfd_time_now_nsec (vm, NULL);
474 BFD_DBG ("Session set admin-up, bs-idx=%u", bs->bs_idx);
475 vlib_log_info (bm->log_class, "set session admin-up: %U",
476 format_bfd_session_brief, bs);
477 bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
478 bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
479 bfd_calc_next_tx (bm, bs, now);
480 bfd_set_timer (bm, bs, now, 0);
484 BFD_DBG ("Session set admin-down, bs-idx=%u", bs->bs_idx);
485 vlib_log_info (bm->log_class, "set session admin-down: %U",
486 format_bfd_session_brief, bs);
487 bfd_set_diag (bs, BFD_DIAG_CODE_admin_down);
488 bfd_set_state (vm, bm, bs, BFD_STATE_admin_down, 0);
489 bfd_calc_next_tx (bm, bs, now);
490 bfd_set_timer (bm, bs, now, 0);
495 bfd_input_format_trace (u8 * s, va_list * args)
497 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
498 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
499 const bfd_input_trace_t *t = va_arg (*args, bfd_input_trace_t *);
500 const bfd_pkt_t *pkt = (bfd_pkt_t *) t->data;
501 if (t->len > STRUCT_SIZE_OF (bfd_pkt_t, head))
503 s = format (s, "BFD v%u, diag=%u(%s), state=%u(%s),\n"
504 " flags=(P:%u, F:%u, C:%u, A:%u, D:%u, M:%u), "
505 "detect_mult=%u, length=%u\n",
506 bfd_pkt_get_version (pkt), bfd_pkt_get_diag_code (pkt),
507 bfd_diag_code_string (bfd_pkt_get_diag_code (pkt)),
508 bfd_pkt_get_state (pkt),
509 bfd_state_string (bfd_pkt_get_state (pkt)),
510 bfd_pkt_get_poll (pkt), bfd_pkt_get_final (pkt),
511 bfd_pkt_get_control_plane_independent (pkt),
512 bfd_pkt_get_auth_present (pkt), bfd_pkt_get_demand (pkt),
513 bfd_pkt_get_multipoint (pkt), pkt->head.detect_mult,
515 if (t->len >= sizeof (bfd_pkt_t) &&
516 pkt->head.length >= sizeof (bfd_pkt_t))
518 s = format (s, " my discriminator: %u\n",
519 clib_net_to_host_u32 (pkt->my_disc));
520 s = format (s, " your discriminator: %u\n",
521 clib_net_to_host_u32 (pkt->your_disc));
522 s = format (s, " desired min tx interval: %u\n",
523 clib_net_to_host_u32 (pkt->des_min_tx));
524 s = format (s, " required min rx interval: %u\n",
525 clib_net_to_host_u32 (pkt->req_min_rx));
526 s = format (s, " required min echo rx interval: %u",
527 clib_net_to_host_u32 (pkt->req_min_echo_rx));
529 if (t->len >= sizeof (bfd_pkt_with_common_auth_t) &&
530 pkt->head.length >= sizeof (bfd_pkt_with_common_auth_t) &&
531 bfd_pkt_get_auth_present (pkt))
533 const bfd_pkt_with_common_auth_t *with_auth = (void *) pkt;
534 const bfd_auth_common_t *common = &with_auth->common_auth;
535 s = format (s, "\n auth len: %u\n", common->len);
536 s = format (s, " auth type: %u:%s\n", common->type,
537 bfd_auth_type_str (common->type));
538 if (t->len >= sizeof (bfd_pkt_with_sha1_auth_t) &&
539 pkt->head.length >= sizeof (bfd_pkt_with_sha1_auth_t) &&
540 (BFD_AUTH_TYPE_keyed_sha1 == common->type ||
541 BFD_AUTH_TYPE_meticulous_keyed_sha1 == common->type))
543 const bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
544 const bfd_auth_sha1_t *sha1 = &with_sha1->sha1_auth;
545 s = format (s, " seq num: %u\n",
546 clib_net_to_host_u32 (sha1->seq_num));
547 s = format (s, " key id: %u\n", sha1->key_id);
548 s = format (s, " hash: %U", format_hex_bytes, sha1->hash,
549 sizeof (sha1->hash));
554 s = format (s, "\n");
567 bfd_rpc_event_cb (const bfd_rpc_event_t * a)
569 bfd_main_t *bm = &bfd_main;
570 u32 bs_idx = a->bs_idx;
572 bfd_session_t session_data;
575 if (!pool_is_free_index (bm->sessions, bs_idx))
577 bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
578 clib_memcpy (&session_data, bs, sizeof (bfd_session_t));
583 BFD_DBG ("Ignoring event RPC for non-existent session index %u",
589 bfd_event (bm, &session_data);
593 bfd_event_rpc (u32 bs_idx)
595 const u32 data_size = sizeof (bfd_rpc_event_t);
597 bfd_rpc_event_t *event = (bfd_rpc_event_t *) data;
599 event->bs_idx = bs_idx;
600 vl_api_rpc_call_main_thread (bfd_rpc_event_cb, data, data_size);
606 } bfd_rpc_notify_listeners_t;
609 bfd_rpc_notify_listeners_cb (const bfd_rpc_notify_listeners_t * a)
611 bfd_main_t *bm = &bfd_main;
612 u32 bs_idx = a->bs_idx;
614 if (!pool_is_free_index (bm->sessions, bs_idx))
616 bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
617 bfd_notify_listeners (bm, BFD_LISTEN_EVENT_UPDATE, bs);
621 BFD_DBG ("Ignoring notify RPC for non-existent session index %u",
628 bfd_notify_listeners_rpc (u32 bs_idx)
630 const u32 data_size = sizeof (bfd_rpc_notify_listeners_t);
632 bfd_rpc_notify_listeners_t *notify = (bfd_rpc_notify_listeners_t *) data;
633 notify->bs_idx = bs_idx;
634 vl_api_rpc_call_main_thread (bfd_rpc_notify_listeners_cb, data, data_size);
638 bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now,
641 BFD_DBG ("\nState changed: %U", format_bfd_session, bs);
643 if (vlib_get_thread_index () == 0)
649 /* without RPC - a REGRESSION: BFD event are not propagated */
650 bfd_event_rpc (bs->bs_idx);
653 switch (bs->local_state)
655 case BFD_STATE_admin_down:
657 bfd_set_effective_desired_min_tx (bm, bs, now,
659 (bs->config_desired_min_tx_nsec,
660 bm->default_desired_min_tx_nsec));
661 bfd_set_effective_required_min_rx (bm, bs,
662 bs->config_required_min_rx_nsec);
663 bfd_set_timer (bm, bs, now, handling_wakeup);
667 bfd_set_effective_desired_min_tx (bm, bs, now,
669 (bs->config_desired_min_tx_nsec,
670 bm->default_desired_min_tx_nsec));
671 bfd_set_effective_required_min_rx (bm, bs,
672 bs->config_required_min_rx_nsec);
673 bfd_set_timer (bm, bs, now, handling_wakeup);
677 bfd_set_effective_desired_min_tx (bm, bs, now,
678 bs->config_desired_min_tx_nsec);
679 bfd_set_timer (bm, bs, now, handling_wakeup);
682 bfd_set_effective_desired_min_tx (bm, bs, now,
683 bs->config_desired_min_tx_nsec);
684 if (BFD_POLL_NOT_NEEDED == bs->poll_state)
686 bfd_set_effective_required_min_rx (bm, bs,
687 bs->config_required_min_rx_nsec);
689 bfd_set_timer (bm, bs, now, handling_wakeup);
692 if (vlib_get_thread_index () == 0)
694 bfd_notify_listeners (bm, BFD_LISTEN_EVENT_UPDATE, bs);
698 /* without RPC - a REGRESSION: state changes are not propagated */
699 bfd_notify_listeners_rpc (bs->bs_idx);
704 bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt,
705 bfd_main_t * bm, bfd_session_t * bs, u64 now)
708 * if remote demand mode is set and we need to do a poll, set the next
709 * timeout so that the session wakes up immediately
711 if (bs->remote_demand && BFD_POLL_NEEDED == bs->poll_state &&
712 bs->poll_state_start_or_timeout_nsec < now)
714 bs->tx_timeout_nsec = now;
716 bfd_recalc_detection_time (bm, bs);
717 bfd_set_timer (bm, bs, now, 0);
721 bfd_add_transport_layer (vlib_main_t * vm, u32 bi, bfd_session_t * bs)
723 switch (bs->transport)
725 case BFD_TRANSPORT_UDP4:
726 BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
727 bfd_add_udp4_transport (vm, bi, bs, 0 /* is_echo */ );
729 case BFD_TRANSPORT_UDP6:
730 BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
731 bfd_add_udp6_transport (vm, bi, bs, 0 /* is_echo */ );
737 bfd_transport_control_frame (vlib_main_t * vm, u32 bi, bfd_session_t * bs)
739 switch (bs->transport)
741 case BFD_TRANSPORT_UDP4:
742 BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
743 return bfd_transport_udp4 (vm, bi, bs);
745 case BFD_TRANSPORT_UDP6:
746 BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
747 return bfd_transport_udp6 (vm, bi, bs);
754 bfd_echo_add_transport_layer (vlib_main_t * vm, u32 bi, bfd_session_t * bs)
756 switch (bs->transport)
758 case BFD_TRANSPORT_UDP4:
759 BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
760 return bfd_add_udp4_transport (vm, bi, bs, 1 /* is_echo */ );
762 case BFD_TRANSPORT_UDP6:
763 BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
764 return bfd_add_udp6_transport (vm, bi, bs, 1 /* is_echo */ );
771 bfd_transport_echo (vlib_main_t * vm, u32 bi, bfd_session_t * bs)
773 switch (bs->transport)
775 case BFD_TRANSPORT_UDP4:
776 BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
777 return bfd_transport_udp4 (vm, bi, bs);
779 case BFD_TRANSPORT_UDP6:
780 BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
781 return bfd_transport_udp6 (vm, bi, bs);
789 bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
791 bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b);
792 bfd_auth_sha1_t *auth = &pkt->sha1_auth;
793 b->current_length += sizeof (*auth);
794 pkt->pkt.head.length += sizeof (*auth);
795 bfd_pkt_set_auth_present (&pkt->pkt);
796 clib_memset (auth, 0, sizeof (*auth));
797 auth->type_len.type = bs->auth.curr_key->auth_type;
799 * only meticulous authentication types require incrementing seq number
800 * for every message, but doing so doesn't violate the RFC
802 ++bs->auth.local_seq_number;
803 auth->type_len.len = sizeof (bfd_auth_sha1_t);
804 auth->key_id = bs->auth.curr_bfd_key_id;
805 auth->seq_num = clib_host_to_net_u32 (bs->auth.local_seq_number);
807 * first copy the password into the packet, then calculate the hash
808 * and finally replace the password with the calculated hash
810 clib_memcpy (auth->hash, bs->auth.curr_key->key,
811 sizeof (bs->auth.curr_key->key));
812 unsigned char hash[sizeof (auth->hash)];
813 SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash);
814 BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt));
815 clib_memcpy (auth->hash, hash, sizeof (hash));
820 bfd_add_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
822 bfd_main_t *bm = &bfd_main;
823 if (bs->auth.curr_key)
825 const bfd_auth_type_e auth_type = bs->auth.curr_key->auth_type;
828 case BFD_AUTH_TYPE_reserved:
830 case BFD_AUTH_TYPE_simple_password:
832 case BFD_AUTH_TYPE_keyed_md5:
834 case BFD_AUTH_TYPE_meticulous_keyed_md5:
835 vlib_log_crit (bm->log_class,
836 "internal error, unexpected BFD auth type '%d'",
840 case BFD_AUTH_TYPE_keyed_sha1:
842 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
843 bfd_add_sha1_auth_section (b, bs);
846 case BFD_AUTH_TYPE_keyed_sha1:
848 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
849 vlib_log_crit (bm->log_class,
850 "internal error, unexpected BFD auth type '%d'",
859 bfd_is_echo_possible (bfd_session_t * bs)
861 if (BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state &&
862 bs->remote_min_echo_rx_usec > 0)
864 switch (bs->transport)
866 case BFD_TRANSPORT_UDP4:
867 return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP4);
868 case BFD_TRANSPORT_UDP6:
869 return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP6);
876 bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs,
879 bfd_pkt_t *pkt = vlib_buffer_get_current (b);
881 bfd_length = sizeof (bfd_pkt_t);
882 clib_memset (pkt, 0, sizeof (*pkt));
883 bfd_pkt_set_version (pkt, 1);
884 bfd_pkt_set_diag_code (pkt, bs->local_diag);
885 bfd_pkt_set_state (pkt, bs->local_state);
886 pkt->head.detect_mult = bs->local_detect_mult;
887 pkt->head.length = bfd_length;
888 pkt->my_disc = bs->local_discr;
889 pkt->your_disc = bs->remote_discr;
890 pkt->des_min_tx = clib_host_to_net_u32 (bs->config_desired_min_tx_usec);
894 clib_host_to_net_u32 (bfd_nsec_to_usec
895 (bs->effective_required_min_rx_nsec));
900 clib_host_to_net_u32 (bs->config_required_min_rx_usec);
902 pkt->req_min_echo_rx = clib_host_to_net_u32 (1);
903 b->current_length = bfd_length;
907 bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt,
908 bfd_main_t * bm, bfd_session_t * bs, u64 now)
910 if (!bfd_is_echo_possible (bs))
912 BFD_DBG ("\nSwitching off echo function: %U", format_bfd_session, bs);
916 if (now >= bs->echo_tx_timeout_nsec)
918 BFD_DBG ("\nSending echo packet: %U", format_bfd_session, bs);
920 if (vlib_buffer_alloc (vm, &bi, 1) != 1)
922 vlib_log_crit (bm->log_class, "buffer allocation failure");
925 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
926 ASSERT (b->current_data == 0);
927 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
928 bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b);
929 clib_memset (pkt, 0, sizeof (*pkt));
930 pkt->discriminator = bs->local_discr;
931 pkt->expire_time_nsec =
932 now + bs->echo_transmit_interval_nsec * bs->local_detect_mult;
934 bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_nsec,
936 b->current_length = sizeof (*pkt);
937 if (!bfd_echo_add_transport_layer (vm, bi, bs))
939 BFD_ERR ("cannot send echo packet out, turning echo off");
941 vlib_buffer_free_one (vm, bi);
944 if (!bfd_transport_echo (vm, bi, bs))
946 BFD_ERR ("cannot send echo packet out, turning echo off");
948 vlib_buffer_free_one (vm, bi);
951 bs->echo_last_tx_nsec = now;
952 bfd_calc_next_echo_tx (bm, bs, now);
957 ("No need to send echo packet now, now is %lu, tx_timeout is %lu",
958 now, bs->echo_tx_timeout_nsec);
963 bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt,
964 bfd_main_t * bm, bfd_session_t * bs, u64 now)
966 if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state)
968 BFD_DBG ("Remote min rx interval is zero, not sending periodic control "
972 if (BFD_POLL_NOT_NEEDED == bs->poll_state && bs->remote_demand &&
973 BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state)
976 * A system MUST NOT periodically transmit BFD Control packets if Demand
977 * mode is active on the remote system (bfd.RemoteDemandMode is 1,
978 * bfd.SessionState is Up, and bfd.RemoteSessionState is Up) and a Poll
979 * Sequence is not being transmitted.
981 BFD_DBG ("Remote demand is set, not sending periodic control frame");
984 if (now >= bs->tx_timeout_nsec)
986 BFD_DBG ("\nSending periodic control frame: %U", format_bfd_session,
989 if (vlib_buffer_alloc (vm, &bi, 1) != 1)
991 vlib_log_crit (bm->log_class, "buffer allocation failure");
994 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
995 ASSERT (b->current_data == 0);
996 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b);
997 bfd_init_control_frame (bm, bs, b);
998 switch (bs->poll_state)
1000 case BFD_POLL_NEEDED:
1001 if (now < bs->poll_state_start_or_timeout_nsec)
1003 BFD_DBG ("Cannot start a poll sequence yet, need to wait for "
1005 BFD_CLK_PRN (bs->poll_state_start_or_timeout_nsec -
1009 bs->poll_state_start_or_timeout_nsec = now;
1010 bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS);
1012 case BFD_POLL_IN_PROGRESS:
1013 case BFD_POLL_IN_PROGRESS_AND_QUEUED:
1014 bfd_pkt_set_poll (vlib_buffer_get_current (b));
1015 BFD_DBG ("Setting poll bit in packet, bs_idx=%u", bs->bs_idx);
1017 case BFD_POLL_NOT_NEEDED:
1021 bfd_add_auth_section (b, bs);
1022 bfd_add_transport_layer (vm, bi, bs);
1023 if (!bfd_transport_control_frame (vm, bi, bs))
1025 vlib_buffer_free_one (vm, bi);
1027 bs->last_tx_nsec = now;
1028 bfd_calc_next_tx (bm, bs, now);
1033 ("No need to send control frame now, now is %lu, tx_timeout is %lu",
1034 now, bs->tx_timeout_nsec);
1039 bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b,
1040 bfd_main_t * bm, bfd_session_t * bs,
1043 BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx);
1044 bfd_init_control_frame (bm, bs, b);
1045 bfd_pkt_set_final (vlib_buffer_get_current (b));
1046 bfd_add_auth_section (b, bs);
1047 u32 bi = vlib_get_buffer_index (vm, b);
1048 bfd_add_transport_layer (vm, bi, bs);
1049 bs->last_tx_nsec = bfd_time_now_nsec (vm, NULL);
1051 * RFC allows to include changes in final frame, so if there were any
1052 * pending, we already did that, thus we can clear any pending poll needs
1054 bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
1058 bfd_check_rx_timeout (vlib_main_t * vm, bfd_main_t * bm, bfd_session_t * bs,
1059 u64 now, int handling_wakeup)
1061 if (bs->last_rx_nsec + bs->detection_time_nsec <= now)
1063 BFD_DBG ("Rx timeout, session goes down");
1065 * RFC 5880 6.8.1. State Variables
1069 * The remote discriminator for this BFD session. This is the
1070 * discriminator chosen by the remote system, and is totally opaque
1071 * to the local system. This MUST be initialized to zero. If a
1072 * period of a Detection Time passes without the receipt of a valid,
1073 * authenticated BFD packet from the remote system, this variable
1074 * MUST be set to zero.
1076 bs->remote_discr = 0;
1077 bfd_set_diag (bs, BFD_DIAG_CODE_det_time_exp);
1078 bfd_set_state (vm, bm, bs, BFD_STATE_down, handling_wakeup);
1080 * If the remote system does not receive any
1081 * BFD Control packets for a Detection Time, it SHOULD reset
1082 * bfd.RemoteMinRxInterval to its initial value of 1 (per section 6.8.1,
1083 * since it is no longer required to maintain previous session state)
1084 * and then can transmit at its own rate.
1086 bfd_set_remote_required_min_rx (bm, bs, now, 1);
1089 && bs->echo_last_rx_nsec +
1090 bs->echo_transmit_interval_nsec * bs->local_detect_mult <= now)
1092 BFD_DBG ("Echo rx timeout, session goes down");
1093 bfd_set_diag (bs, BFD_DIAG_CODE_echo_failed);
1094 bfd_set_state (vm, bm, bs, BFD_STATE_down, handling_wakeup);
1099 bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm,
1100 bfd_session_t * bs, u64 now)
1102 BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx);
1103 switch (bs->local_state)
1105 case BFD_STATE_admin_down:
1106 bfd_send_periodic (vm, rt, bm, bs, now);
1108 case BFD_STATE_down:
1109 bfd_send_periodic (vm, rt, bm, bs, now);
1111 case BFD_STATE_init:
1112 bfd_check_rx_timeout (vm, bm, bs, now, 1);
1113 bfd_send_periodic (vm, rt, bm, bs, now);
1116 bfd_check_rx_timeout (vm, bm, bs, now, 1);
1117 if (BFD_POLL_NOT_NEEDED == bs->poll_state && !bs->echo &&
1118 bfd_is_echo_possible (bs))
1120 /* switch on echo function as main detection method now */
1121 BFD_DBG ("Switching on echo function, bs_idx=%u", bs->bs_idx);
1123 bs->echo_last_rx_nsec = now;
1124 bs->echo_tx_timeout_nsec = now;
1125 bfd_set_effective_required_min_rx (bm, bs,
1127 (bm->min_required_min_rx_while_echo_nsec,
1128 bs->config_required_min_rx_nsec));
1129 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1131 bfd_send_periodic (vm, rt, bm, bs, now);
1134 bfd_send_echo (vm, rt, bm, bs, now);
1141 * bfd process node function
1144 bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1146 bfd_main_t *bm = &bfd_main;
1148 uword event_type, *event_data = 0;
1150 /* So we can send events to the bfd process */
1151 bm->bfd_process_node_index = bfd_process_node.index;
1156 u64 now = bfd_time_now_nsec (vm, &vm_time);
1157 BFD_DBG ("wakeup, now is %llunsec, vlib_time_now() is %.9f", now,
1161 if (pool_elts (bm->sessions))
1163 u32 first_expires_in_ticks =
1164 TW (tw_timer_first_expires_in_ticks) (&bm->wheel);
1165 if (!first_expires_in_ticks)
1168 ("tw_timer_first_expires_in_ticks(%p) returns 0ticks",
1170 timeout = bm->wheel.next_run_time - vm_time;
1171 BFD_DBG ("wheel.next_run_time is %.9f",
1172 bm->wheel.next_run_time);
1173 u64 next_expire_nsec = now + timeout * SEC_PER_NSEC;
1174 bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
1179 BFD_DBG ("tw_timer_first_expires_in_ticks(%p) returns %luticks",
1180 &bm->wheel, first_expires_in_ticks);
1181 u64 next_expire_nsec =
1182 now + first_expires_in_ticks * bm->nsec_per_tw_tick;
1183 bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
1185 timeout = (next_expire_nsec - now) * SEC_PER_NSEC;
1187 BFD_DBG ("vlib_process_wait_for_event_or_clock(vm, %.09f)",
1189 (void) vlib_process_wait_for_event_or_clock (vm, timeout);
1193 (void) vlib_process_wait_for_event (vm);
1195 event_type = vlib_process_get_events (vm, &event_data);
1196 now = bfd_time_now_nsec (vm, &vm_time);
1197 uword *session_index;
1200 case ~0: /* no events => timeout */
1201 /* nothing to do here */
1203 case BFD_EVENT_RESCHEDULE:
1204 BFD_DBG ("reschedule event");
1206 bm->bfd_process_wakeup_event_delay_nsec =
1207 now - bm->bfd_process_wakeup_event_start_nsec;
1208 bm->bfd_process_wakeup_events_in_flight--;
1210 /* nothing to do here - reschedule is done automatically after
1211 * each event or timeout */
1213 case BFD_EVENT_NEW_SESSION:
1214 vec_foreach (session_index, event_data)
1217 if (!pool_is_free_index (bm->sessions, *session_index))
1220 pool_elt_at_index (bm->sessions, *session_index);
1221 bfd_send_periodic (vm, rt, bm, bs, now);
1222 bfd_set_timer (bm, bs, now, 1);
1226 BFD_DBG ("Ignoring event for non-existent session index %u",
1227 (u32) * session_index);
1232 case BFD_EVENT_CONFIG_CHANGED:
1233 vec_foreach (session_index, event_data)
1236 if (!pool_is_free_index (bm->sessions, *session_index))
1239 pool_elt_at_index (bm->sessions, *session_index);
1240 bfd_on_config_change (vm, rt, bm, bs, now);
1244 BFD_DBG ("Ignoring event for non-existent session index %u",
1245 (u32) * session_index);
1251 vlib_log_err (bm->log_class, "BUG: event type 0x%wx", event_type);
1254 BFD_DBG ("tw_timer_expire_timers_vec(%p, %.04f);", &bm->wheel, vm_time);
1257 TW (tw_timer_expire_timers_vec) (&bm->wheel, vm_time, expired);
1258 BFD_DBG ("Expired %d elements", vec_len (expired));
1260 vec_foreach (p, expired)
1262 const u32 bs_idx = *p;
1263 if (!pool_is_free_index (bm->sessions, bs_idx))
1265 bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
1266 bs->tw_id = 0; /* timer is gone because it expired */
1267 bfd_on_timeout (vm, rt, bm, bs, now);
1268 bfd_set_timer (bm, bs, now, 1);
1274 _vec_len (expired) = 0;
1278 _vec_len (event_data) = 0;
1286 * bfd process node declaration
1289 VLIB_REGISTER_NODE (bfd_process_node, static) = {
1290 .function = bfd_process,
1291 .type = VLIB_NODE_TYPE_PROCESS,
1292 .name = "bfd-process",
1298 static clib_error_t *
1299 bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
1301 // bfd_main_t *bm = &bfd_main;
1302 // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1303 if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1310 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
1312 static clib_error_t *
1313 bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
1315 // bfd_main_t *bm = &bfd_main;
1316 if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1323 VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION (bfd_hw_interface_up_down);
1326 bfd_register_listener (bfd_notify_fn_t fn)
1328 bfd_main_t *bm = &bfd_main;
1330 vec_add1 (bm->listeners, fn);
1336 static clib_error_t *
1337 bfd_main_init (vlib_main_t * vm)
1339 vlib_thread_main_t *tm = &vlib_thread_main;
1340 u32 n_vlib_mains = tm->n_vlib_mains;
1342 setbuf (stdout, NULL);
1344 bfd_main_t *bm = &bfd_main;
1345 bm->random_seed = random_default_seed ();
1347 bm->vnet_main = vnet_get_main ();
1348 clib_memset (&bm->wheel, 0, sizeof (bm->wheel));
1349 bm->nsec_per_tw_tick = (f64) NSEC_PER_SEC / BFD_TW_TPS;
1350 bm->default_desired_min_tx_nsec =
1351 bfd_usec_to_nsec (BFD_DEFAULT_DESIRED_MIN_TX_USEC);
1352 bm->min_required_min_rx_while_echo_nsec =
1353 bfd_usec_to_nsec (BFD_REQUIRED_MIN_RX_USEC_WHILE_ECHO);
1354 BFD_DBG ("tw_timer_wheel_init(%p, %p, %.04f, %u)", &bm->wheel, NULL,
1355 1.00 / BFD_TW_TPS, ~0);
1356 TW (tw_timer_wheel_init) (&bm->wheel, NULL, 1.00 / BFD_TW_TPS, ~0);
1357 bm->log_class = vlib_log_register_class ("bfd", 0);
1358 vlib_log_debug (bm->log_class, "initialized");
1359 bm->owner_thread_index = ~0;
1360 if (n_vlib_mains > 1)
1361 clib_spinlock_init (&bm->lock);
1365 VLIB_INIT_FUNCTION (bfd_main_init);
1368 bfd_get_session (bfd_main_t * bm, bfd_transport_e t)
1370 bfd_session_t *result;
1374 pool_get (bm->sessions, result);
1375 clib_memset (result, 0, sizeof (*result));
1376 result->bs_idx = result - bm->sessions;
1377 result->transport = t;
1378 const unsigned limit = 1000;
1379 unsigned counter = 0;
1382 result->local_discr = random_u32 (&bm->random_seed);
1383 if (counter > limit)
1385 vlib_log_crit (bm->log_class,
1386 "couldn't allocate unused session discriminator even "
1387 "after %u tries!", limit);
1388 pool_put (bm->sessions, result);
1394 while (hash_get (bm->session_by_disc, result->local_discr));
1395 bfd_set_defaults (bm, result);
1396 hash_set (bm->session_by_disc, result->local_discr, result->bs_idx);
1402 bfd_put_session (bfd_main_t * bm, bfd_session_t * bs)
1406 vlib_log_info (bm->log_class, "delete session: %U",
1407 format_bfd_session_brief, bs);
1408 bfd_notify_listeners (bm, BFD_LISTEN_EVENT_DELETE, bs);
1409 if (bs->auth.curr_key)
1411 --bs->auth.curr_key->use_count;
1413 if (bs->auth.next_key)
1415 --bs->auth.next_key->use_count;
1417 hash_unset (bm->session_by_disc, bs->local_discr);
1418 pool_put (bm->sessions, bs);
1423 bfd_find_session_by_idx (bfd_main_t * bm, uword bs_idx)
1425 bfd_lock_check (bm);
1426 if (!pool_is_free_index (bm->sessions, bs_idx))
1428 return pool_elt_at_index (bm->sessions, bs_idx);
1434 bfd_find_session_by_disc (bfd_main_t * bm, u32 disc)
1436 bfd_lock_check (bm);
1437 uword *p = hash_get (bfd_main.session_by_disc, disc);
1440 return pool_elt_at_index (bfd_main.sessions, *p);
1446 * @brief verify bfd packet - common checks
1450 * @return 1 if bfd packet is valid
1453 bfd_verify_pkt_common (const bfd_pkt_t * pkt)
1455 if (1 != bfd_pkt_get_version (pkt))
1457 BFD_ERR ("BFD verification failed - unexpected version: '%d'",
1458 bfd_pkt_get_version (pkt));
1461 if (pkt->head.length < sizeof (bfd_pkt_t) ||
1462 (bfd_pkt_get_auth_present (pkt) &&
1463 pkt->head.length < sizeof (bfd_pkt_with_common_auth_t)))
1465 BFD_ERR ("BFD verification failed - unexpected length: '%d' (auth "
1467 pkt->head.length, bfd_pkt_get_auth_present (pkt));
1470 if (!pkt->head.detect_mult)
1472 BFD_ERR ("BFD verification failed - unexpected detect-mult: '%d'",
1473 pkt->head.detect_mult);
1476 if (bfd_pkt_get_multipoint (pkt))
1478 BFD_ERR ("BFD verification failed - unexpected multipoint: '%d'",
1479 bfd_pkt_get_multipoint (pkt));
1484 BFD_ERR ("BFD verification failed - unexpected my-disc: '%d'",
1488 if (!pkt->your_disc)
1490 const u8 pkt_state = bfd_pkt_get_state (pkt);
1491 if (pkt_state != BFD_STATE_down && pkt_state != BFD_STATE_admin_down)
1493 BFD_ERR ("BFD verification failed - unexpected state: '%s' "
1494 "(your-disc is zero)", bfd_state_string (pkt_state));
1502 bfd_session_switch_auth_to_next (bfd_session_t * bs)
1504 BFD_DBG ("Switching authentication key from %U to %U for bs_idx=%u",
1505 format_bfd_auth_key, bs->auth.curr_key, format_bfd_auth_key,
1506 bs->auth.next_key, bs->bs_idx);
1507 bs->auth.is_delayed = 0;
1508 if (bs->auth.curr_key)
1510 --bs->auth.curr_key->use_count;
1512 bs->auth.curr_key = bs->auth.next_key;
1513 bs->auth.next_key = NULL;
1514 bs->auth.curr_bfd_key_id = bs->auth.next_bfd_key_id;
1518 bfd_auth_type_is_meticulous (bfd_auth_type_e auth_type)
1520 if (BFD_AUTH_TYPE_meticulous_keyed_md5 == auth_type ||
1521 BFD_AUTH_TYPE_meticulous_keyed_sha1 == auth_type)
1529 bfd_verify_pkt_auth_seq_num (vlib_main_t * vm, bfd_session_t * bs,
1530 u32 received_seq_num, int is_meticulous)
1535 * This variable MUST be set to zero after no packets have been
1536 * received on this session for at least twice the Detection Time.
1538 u64 now = bfd_time_now_nsec (vm, NULL);
1539 if (now - bs->last_rx_nsec > bs->detection_time_nsec * 2)
1541 BFD_DBG ("BFD peer unresponsive for %lu nsec, which is > 2 * "
1542 "detection_time=%u nsec, resetting remote_seq_number_known "
1543 "flag", now - bs->last_rx_nsec, bs->detection_time_nsec * 2);
1544 bs->auth.remote_seq_number_known = 0;
1546 if (bs->auth.remote_seq_number_known)
1548 /* remote sequence number is known, verify its validity */
1549 const u32 max_u32 = 0xffffffff;
1550 /* the calculation might wrap, account for the special case... */
1551 if (bs->auth.remote_seq_number > max_u32 - 3 * bs->local_detect_mult)
1557 * |----------+----------------------------+-----------|
1559 * | remote_seq_num------+
1561 * +-----(remote_seq_num + 3*detect_mult) % * 0xffffffff
1563 * x + y + z = 0xffffffff
1564 * x + z = 3 * detect_mult
1566 const u32 z = max_u32 - bs->auth.remote_seq_number;
1567 const u32 x = 3 * bs->local_detect_mult - z;
1568 if (received_seq_num > x &&
1569 received_seq_num < bs->auth.remote_seq_number + is_meticulous)
1572 ("Recvd sequence number=%u out of ranges <0, %u>, <%u, %u>",
1573 received_seq_num, x,
1574 bs->auth.remote_seq_number + is_meticulous, max_u32);
1581 const u32 min = bs->auth.remote_seq_number + is_meticulous;
1583 bs->auth.remote_seq_number + 3 * bs->local_detect_mult;
1584 if (received_seq_num < min || received_seq_num > max)
1586 BFD_ERR ("Recvd sequence number=%u out of range <%u, %u>",
1587 received_seq_num, min, max);
1596 bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size,
1597 bfd_session_t * bs, u8 bfd_key_id,
1598 bfd_auth_key_t * auth_key)
1600 ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
1601 auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1);
1603 u8 result[SHA_DIGEST_LENGTH];
1604 bfd_pkt_with_common_auth_t *with_common = (void *) pkt;
1605 if (pkt_size < sizeof (*with_common))
1607 BFD_ERR ("Packet size too small to hold authentication common header");
1610 if (with_common->common_auth.type != auth_key->auth_type)
1612 BFD_ERR ("BFD auth type mismatch, packet auth=%d:%s doesn't match "
1613 "in-use auth=%d:%s",
1614 with_common->common_auth.type,
1615 bfd_auth_type_str (with_common->common_auth.type),
1616 auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1619 bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
1620 if (pkt_size < sizeof (*with_sha1) ||
1621 with_sha1->sha1_auth.type_len.len < sizeof (with_sha1->sha1_auth))
1624 ("BFD size mismatch, payload size=%u, expected=%u, auth_len=%u, "
1625 "expected=%u", pkt_size, sizeof (*with_sha1),
1626 with_sha1->sha1_auth.type_len.len, sizeof (with_sha1->sha1_auth));
1629 if (with_sha1->sha1_auth.key_id != bfd_key_id)
1632 ("BFD key ID mismatch, packet key ID=%u doesn't match key ID=%u%s",
1633 with_sha1->sha1_auth.key_id, bfd_key_id,
1635 auth.is_delayed ? " (but a delayed auth change is scheduled)" : "");
1639 if (!SHA1_Init (&ctx))
1641 BFD_ERR ("SHA1_Init failed");
1644 /* ignore last 20 bytes - use the actual key data instead pkt data */
1645 if (!SHA1_Update (&ctx, with_sha1,
1646 sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
1648 BFD_ERR ("SHA1_Update failed");
1651 if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
1653 BFD_ERR ("SHA1_Update failed");
1656 if (!SHA1_Final (result, &ctx))
1658 BFD_ERR ("SHA1_Final failed");
1661 if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
1665 BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U",
1666 format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH,
1667 format_hex_bytes, result, SHA_DIGEST_LENGTH);
1672 bfd_verify_pkt_auth_key (vlib_main_t * vm, const bfd_pkt_t * pkt,
1673 u32 pkt_size, bfd_session_t * bs, u8 bfd_key_id,
1674 bfd_auth_key_t * auth_key)
1676 bfd_main_t *bm = &bfd_main;
1677 switch (auth_key->auth_type)
1679 case BFD_AUTH_TYPE_reserved:
1680 vlib_log_err (bm->log_class,
1681 "internal error, unexpected auth_type=%d:%s",
1682 auth_key->auth_type,
1683 bfd_auth_type_str (auth_key->auth_type));
1685 case BFD_AUTH_TYPE_simple_password:
1686 vlib_log_err (bm->log_class,
1687 "internal error, not implemented, unexpected auth_type=%d:%s",
1688 auth_key->auth_type,
1689 bfd_auth_type_str (auth_key->auth_type));
1691 case BFD_AUTH_TYPE_keyed_md5:
1693 case BFD_AUTH_TYPE_meticulous_keyed_md5:
1696 "internal error, not implemented, unexpected auth_type=%d:%s",
1697 auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1699 case BFD_AUTH_TYPE_keyed_sha1:
1701 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1705 const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t
1708 return bfd_verify_pkt_auth_seq_num (vm, bs, seq_num,
1709 bfd_auth_type_is_meticulous
1710 (auth_key->auth_type))
1711 && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id,
1718 "internal error, attempt to use SHA1 without SSL support");
1726 * @brief verify bfd packet - authentication
1730 * @return 1 if bfd packet is valid
1733 bfd_verify_pkt_auth (vlib_main_t * vm, const bfd_pkt_t * pkt, u16 pkt_size,
1736 if (bfd_pkt_get_auth_present (pkt))
1738 /* authentication present in packet */
1739 if (!bs->auth.curr_key)
1741 /* currently not using authentication - can we turn it on? */
1742 if (bs->auth.is_delayed && bs->auth.next_key)
1744 /* yes, switch is scheduled - make sure the auth is valid */
1745 if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1746 bs->auth.next_bfd_key_id,
1749 /* auth matches next key, do the switch, packet is valid */
1750 bfd_session_switch_auth_to_next (bs);
1757 /* yes, using authentication, verify the key */
1758 if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1759 bs->auth.curr_bfd_key_id,
1762 /* verification passed, packet is valid */
1767 /* verification failed - but maybe we need to switch key */
1768 if (bs->auth.is_delayed && bs->auth.next_key)
1770 /* delayed switch present, verify if that key works */
1771 if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1772 bs->auth.next_bfd_key_id,
1775 /* auth matches next key, switch key, packet is valid */
1776 bfd_session_switch_auth_to_next (bs);
1785 /* authentication in packet not present */
1786 if (pkt_size > sizeof (*pkt))
1788 BFD_ERR ("BFD verification failed - unexpected packet size '%d' "
1789 "(auth not present)", pkt_size);
1792 if (bs->auth.curr_key)
1794 /* currently authenticating - could we turn it off? */
1795 if (bs->auth.is_delayed && !bs->auth.next_key)
1797 /* yes, delayed switch to NULL key is scheduled */
1798 bfd_session_switch_auth_to_next (bs);
1804 /* no auth in packet, no auth in use - packet is valid */
1812 bfd_consume_pkt (vlib_main_t * vm, bfd_main_t * bm, const bfd_pkt_t * pkt,
1815 bfd_lock_check (bm);
1817 bfd_session_t *bs = bfd_find_session_by_idx (bm, bs_idx);
1818 if (!bs || (pkt->your_disc && pkt->your_disc != bs->local_discr))
1822 BFD_DBG ("Scanning bfd packet, bs_idx=%d", bs->bs_idx);
1823 bs->remote_discr = pkt->my_disc;
1824 bs->remote_state = bfd_pkt_get_state (pkt);
1825 bs->remote_demand = bfd_pkt_get_demand (pkt);
1826 bs->remote_diag = bfd_pkt_get_diag_code (pkt);
1827 u64 now = bfd_time_now_nsec (vm, NULL);
1828 bs->last_rx_nsec = now;
1829 if (bfd_pkt_get_auth_present (pkt))
1831 bfd_auth_type_e auth_type =
1832 ((bfd_pkt_with_common_auth_t *) (pkt))->common_auth.type;
1835 case BFD_AUTH_TYPE_reserved:
1837 case BFD_AUTH_TYPE_simple_password:
1839 case BFD_AUTH_TYPE_keyed_md5:
1841 case BFD_AUTH_TYPE_meticulous_keyed_md5:
1842 vlib_log_crit (bm->log_class,
1843 "internal error, unexpected auth_type=%d:%s",
1844 auth_type, bfd_auth_type_str (auth_type));
1846 case BFD_AUTH_TYPE_keyed_sha1:
1848 case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1851 bfd_pkt_with_sha1_auth_t *with_sha1 =
1852 (bfd_pkt_with_sha1_auth_t *) pkt;
1853 bs->auth.remote_seq_number =
1854 clib_net_to_host_u32 (with_sha1->sha1_auth.seq_num);
1855 bs->auth.remote_seq_number_known = 1;
1856 BFD_DBG ("Received sequence number %u",
1857 bs->auth.remote_seq_number);
1862 bs->remote_desired_min_tx_nsec =
1863 bfd_usec_to_nsec (clib_net_to_host_u32 (pkt->des_min_tx));
1864 bs->remote_detect_mult = pkt->head.detect_mult;
1865 bfd_set_remote_required_min_rx (bm, bs, now,
1866 clib_net_to_host_u32 (pkt->req_min_rx));
1867 bfd_set_remote_required_min_echo_rx (bm, bs, now,
1868 clib_net_to_host_u32
1869 (pkt->req_min_echo_rx));
1870 if (bfd_pkt_get_final (pkt))
1872 if (BFD_POLL_IN_PROGRESS == bs->poll_state)
1874 BFD_DBG ("Poll sequence terminated, bs_idx=%u", bs->bs_idx);
1875 bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
1876 if (BFD_STATE_up == bs->local_state)
1878 bfd_set_effective_required_min_rx (bm, bs,
1879 clib_max (bs->echo *
1880 bm->min_required_min_rx_while_echo_nsec,
1881 bs->config_required_min_rx_nsec));
1884 else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state)
1887 * next poll sequence must be delayed by at least the round trip
1888 * time, so calculate that here
1890 BFD_DBG ("Next poll sequence can commence in " BFD_CLK_FMT,
1891 BFD_CLK_PRN (now - bs->poll_state_start_or_timeout_nsec));
1892 bs->poll_state_start_or_timeout_nsec =
1893 now + (now - bs->poll_state_start_or_timeout_nsec);
1895 ("Poll sequence terminated, but another is needed, bs_idx=%u",
1897 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1900 bfd_calc_next_tx (bm, bs, now);
1901 bfd_set_timer (bm, bs, now, 0);
1902 if (BFD_STATE_admin_down == bs->local_state)
1904 BFD_DBG ("Session is admin-down, ignoring packet, bs_idx=%u",
1908 if (BFD_STATE_admin_down == bs->remote_state)
1910 bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1911 bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
1913 else if (BFD_STATE_down == bs->local_state)
1915 if (BFD_STATE_down == bs->remote_state)
1917 bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1918 bfd_set_state (vm, bm, bs, BFD_STATE_init, 0);
1920 else if (BFD_STATE_init == bs->remote_state)
1922 bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1923 bfd_set_state (vm, bm, bs, BFD_STATE_up, 0);
1926 else if (BFD_STATE_init == bs->local_state)
1928 if (BFD_STATE_up == bs->remote_state ||
1929 BFD_STATE_init == bs->remote_state)
1931 bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1932 bfd_set_state (vm, bm, bs, BFD_STATE_up, 0);
1935 else /* BFD_STATE_up == bs->local_state */
1937 if (BFD_STATE_down == bs->remote_state)
1939 bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1940 bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
1946 bfd_consume_echo_pkt (vlib_main_t * vm, bfd_main_t * bm, vlib_buffer_t * b)
1948 bfd_echo_pkt_t *pkt = NULL;
1949 if (b->current_length != sizeof (*pkt))
1953 pkt = vlib_buffer_get_current (b);
1954 bfd_session_t *bs = bfd_find_session_by_disc (bm, pkt->discriminator);
1959 BFD_DBG ("Scanning bfd echo packet, bs_idx=%d", bs->bs_idx);
1961 bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_nsec,
1963 if (checksum != pkt->checksum)
1965 BFD_DBG ("Invalid echo packet, checksum mismatch");
1968 u64 now = bfd_time_now_nsec (vm, NULL);
1969 if (pkt->expire_time_nsec < now)
1971 BFD_DBG ("Stale packet received, expire time %lu < now %lu",
1972 pkt->expire_time_nsec, now);
1976 bs->echo_last_rx_nsec = now;
1982 format_bfd_session (u8 * s, va_list * args)
1984 const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
1985 u32 indent = format_get_indent (s) + vlib_log_get_indent ();
1986 s = format (s, "bs_idx=%u local-state=%s remote-state=%s\n"
1987 "%Ulocal-discriminator=%u remote-discriminator=%u\n"
1988 "%Ulocal-diag=%s echo-active=%s\n"
1989 "%Udesired-min-tx=%u required-min-rx=%u\n"
1990 "%Urequired-min-echo-rx=%u detect-mult=%u\n"
1991 "%Uremote-min-rx=%u remote-min-echo-rx=%u\n"
1992 "%Uremote-demand=%s poll-state=%s\n"
1993 "%Uauth: local-seq-num=%u remote-seq-num=%u\n"
1994 "%U is-delayed=%s\n"
1997 bs->bs_idx, bfd_state_string (bs->local_state),
1998 bfd_state_string (bs->remote_state), format_white_space, indent,
1999 bs->local_discr, bs->remote_discr, format_white_space, indent,
2000 bfd_diag_code_string (bs->local_diag),
2001 (bs->echo ? "yes" : "no"), format_white_space, indent,
2002 bs->config_desired_min_tx_usec, bs->config_required_min_rx_usec,
2003 format_white_space, indent, 1, bs->local_detect_mult,
2004 format_white_space, indent, bs->remote_min_rx_usec,
2005 bs->remote_min_echo_rx_usec, format_white_space, indent,
2006 (bs->remote_demand ? "yes" : "no"),
2007 bfd_poll_state_string (bs->poll_state), format_white_space,
2008 indent, bs->auth.local_seq_number, bs->auth.remote_seq_number,
2009 format_white_space, indent,
2010 (bs->auth.is_delayed ? "yes" : "no"), format_white_space,
2011 indent, format_bfd_auth_key, bs->auth.curr_key,
2012 format_white_space, indent, format_bfd_auth_key,
2018 format_bfd_session_brief (u8 * s, va_list * args)
2020 const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
2022 format (s, "bs_idx=%u local-state=%s remote-state=%s", bs->bs_idx,
2023 bfd_state_string (bs->local_state),
2024 bfd_state_string (bs->remote_state));
2029 bfd_auth_type_supported (bfd_auth_type_e auth_type)
2031 if (auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
2032 auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1)
2040 bfd_auth_activate (bfd_session_t * bs, u32 conf_key_id,
2041 u8 bfd_key_id, u8 is_delayed)
2043 bfd_main_t *bm = &bfd_main;
2044 const uword *key_idx_p =
2045 hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2048 vlib_log_err (bm->log_class,
2049 "authentication key with config ID %u doesn't exist)",
2051 return VNET_API_ERROR_BFD_ENOENT;
2053 const uword key_idx = *key_idx_p;
2054 bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx);
2057 if (bs->auth.next_key == key)
2059 /* already using this key, no changes required */
2062 bs->auth.next_key = key;
2063 bs->auth.next_bfd_key_id = bfd_key_id;
2064 bs->auth.is_delayed = 1;
2068 if (bs->auth.curr_key == key)
2070 /* already using this key, no changes required */
2073 if (bs->auth.curr_key)
2075 --bs->auth.curr_key->use_count;
2077 bs->auth.curr_key = key;
2078 bs->auth.curr_bfd_key_id = bfd_key_id;
2079 bs->auth.is_delayed = 0;
2082 BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
2083 vlib_log_info (bm->log_class, "session auth modified: %U",
2084 format_bfd_session_brief, bs);
2089 bfd_auth_deactivate (bfd_session_t * bs, u8 is_delayed)
2091 bfd_main_t *bm = &bfd_main;
2095 /* not delayed - deactivate the current key right now */
2096 if (bs->auth.curr_key)
2098 --bs->auth.curr_key->use_count;
2099 bs->auth.curr_key = NULL;
2101 bs->auth.is_delayed = 0;
2105 /* delayed - mark as so */
2106 bs->auth.is_delayed = 1;
2109 * clear the next key unconditionally - either the auth change is not delayed
2110 * in which case the caller expects the session to not use authentication
2111 * from this point forward, or it is delayed, in which case the next_key
2112 * needs to be set to NULL to make it so in the future
2114 if (bs->auth.next_key)
2116 --bs->auth.next_key->use_count;
2117 bs->auth.next_key = NULL;
2119 BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
2120 vlib_log_info (bm->log_class, "session auth modified: %U",
2121 format_bfd_session_brief, bs);
2124 vlib_log_err (bm->log_class,
2125 "SSL missing, cannot deactivate BFD authentication");
2126 return VNET_API_ERROR_BFD_NOTSUPP;
2131 bfd_session_set_params (bfd_main_t * bm, bfd_session_t * bs,
2132 u32 desired_min_tx_usec,
2133 u32 required_min_rx_usec, u8 detect_mult)
2135 if (bs->local_detect_mult != detect_mult ||
2136 bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2137 bs->config_required_min_rx_usec != required_min_rx_usec)
2139 BFD_DBG ("\nChanging session params: %U", format_bfd_session, bs);
2140 switch (bs->poll_state)
2142 case BFD_POLL_NOT_NEEDED:
2143 if (BFD_STATE_up == bs->local_state ||
2144 BFD_STATE_init == bs->local_state)
2146 /* poll sequence is not needed for detect multiplier change */
2147 if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2148 bs->config_required_min_rx_usec != required_min_rx_usec)
2150 bfd_set_poll_state (bs, BFD_POLL_NEEDED);
2154 case BFD_POLL_NEEDED:
2155 case BFD_POLL_IN_PROGRESS_AND_QUEUED:
2157 * nothing to do - will be handled in the future poll which is
2158 * already scheduled for execution
2161 case BFD_POLL_IN_PROGRESS:
2162 /* poll sequence is not needed for detect multiplier change */
2163 if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2164 bs->config_required_min_rx_usec != required_min_rx_usec)
2166 BFD_DBG ("Poll in progress, queueing extra poll, bs_idx=%u",
2168 bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS_AND_QUEUED);
2172 bs->local_detect_mult = detect_mult;
2173 bs->config_desired_min_tx_usec = desired_min_tx_usec;
2174 bs->config_desired_min_tx_nsec = bfd_usec_to_nsec (desired_min_tx_usec);
2175 bs->config_required_min_rx_usec = required_min_rx_usec;
2176 bs->config_required_min_rx_nsec =
2177 bfd_usec_to_nsec (required_min_rx_usec);
2178 BFD_DBG ("\nChanged session params: %U", format_bfd_session, bs);
2180 vlib_log_info (bm->log_class, "changed session params: %U",
2181 format_bfd_session_brief, bs);
2182 vlib_process_signal_event (bm->vlib_main, bm->bfd_process_node_index,
2183 BFD_EVENT_CONFIG_CHANGED, bs->bs_idx);
2187 BFD_DBG ("Ignore parameter change - no change, bs_idx=%u", bs->bs_idx);
2193 bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
2194 const u8 * key_data)
2196 bfd_main_t *bm = &bfd_main;
2198 bfd_auth_key_t *auth_key = NULL;
2199 if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type))
2201 vlib_log_err (bm->log_class,
2202 "invalid authentication key length for auth_type=%d:%s "
2203 "(key_len=%u, must be non-zero, expected max=%u)",
2204 auth_type, bfd_auth_type_str (auth_type), key_len,
2205 (u32) bfd_max_key_len_for_auth_type (auth_type));
2206 return VNET_API_ERROR_INVALID_VALUE;
2208 if (!bfd_auth_type_supported (auth_type))
2210 vlib_log_err (bm->log_class, "unsupported auth type=%d:%s", auth_type,
2211 bfd_auth_type_str (auth_type));
2212 return VNET_API_ERROR_BFD_NOTSUPP;
2214 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2217 /* modifying existing key - must not be used */
2218 const uword key_idx = *key_idx_p;
2219 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
2220 if (auth_key->use_count > 0)
2222 vlib_log_err (bm->log_class,
2223 "authentication key with conf ID %u in use by %u BFD "
2224 "session(s) - cannot modify", conf_key_id,
2225 auth_key->use_count);
2226 return VNET_API_ERROR_BFD_EINUSE;
2231 /* adding new key */
2232 pool_get (bm->auth_keys, auth_key);
2233 auth_key->conf_key_id = conf_key_id;
2234 hash_set (bm->auth_key_by_conf_key_id, conf_key_id,
2235 auth_key - bm->auth_keys);
2237 auth_key->auth_type = auth_type;
2238 clib_memset (auth_key->key, 0, sizeof (auth_key->key));
2239 clib_memcpy (auth_key->key, key_data, key_len);
2242 vlib_log_err (bm->log_class,
2243 "SSL missing, cannot manipulate authentication keys");
2244 return VNET_API_ERROR_BFD_NOTSUPP;
2249 bfd_auth_del_key (u32 conf_key_id)
2252 bfd_auth_key_t *auth_key = NULL;
2253 bfd_main_t *bm = &bfd_main;
2254 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2257 /* deleting existing key - must not be used */
2258 const uword key_idx = *key_idx_p;
2259 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
2260 if (auth_key->use_count > 0)
2262 vlib_log_err (bm->log_class,
2263 "authentication key with conf ID %u in use by %u BFD "
2264 "session(s) - cannot delete", conf_key_id,
2265 auth_key->use_count);
2266 return VNET_API_ERROR_BFD_EINUSE;
2268 hash_unset (bm->auth_key_by_conf_key_id, conf_key_id);
2269 clib_memset (auth_key, 0, sizeof (*auth_key));
2270 pool_put (bm->auth_keys, auth_key);
2275 vlib_log_err (bm->log_class,
2276 "authentication key with conf ID %u does not exist",
2278 return VNET_API_ERROR_BFD_ENOENT;
2282 vlib_log_err (bm->log_class,
2283 "SSL missing, cannot manipulate authentication keys");
2284 return VNET_API_ERROR_BFD_NOTSUPP;
2288 bfd_main_t bfd_main;
2291 * fd.io coding-style-patch-verification: ON
2294 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob