2 * Copyright (c) 2011-2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vppinfra/types.h>
16 #include <vlibmemory/api.h>
17 #include <vlib/vlib.h>
18 #include <vlib/buffer.h>
19 #include <vnet/ip/format.h>
20 #include <vnet/ethernet/packet.h>
21 #include <vnet/udp/udp_packet.h>
22 #include <vnet/udp/udp.h>
23 #include <vnet/ip/lookup.h>
24 #include <vnet/ip/icmp46_packet.h>
25 #include <vnet/ip/ip4.h>
26 #include <vnet/ip/ip6.h>
27 #include <vnet/ip/ip6_packet.h>
28 #include <vnet/adj/adj.h>
29 #include <vnet/adj/adj_nbr.h>
30 #include <vnet/dpo/receive_dpo.h>
31 #include <vnet/fib/fib_entry.h>
32 #include <vnet/fib/fib_table.h>
33 #include <vnet/bfd/bfd_debug.h>
34 #include <vnet/bfd/bfd_udp.h>
35 #include <vnet/bfd/bfd_main.h>
36 #include <vnet/bfd/bfd_api.h>
41 /* hashmap - bfd session index by bfd key - used for CLI/API lookup, where
42 * discriminator is unknown */
43 mhash_t bfd_session_idx_by_bfd_key;
44 /* convenience variable */
45 vnet_main_t *vnet_main;
46 /* flag indicating whether echo_source_sw_if_index holds a valid value */
47 int echo_source_is_set;
48 /* loopback interface used to get echo source ip */
49 u32 echo_source_sw_if_index;
52 static vlib_node_registration_t bfd_udp4_input_node;
53 static vlib_node_registration_t bfd_udp6_input_node;
54 static vlib_node_registration_t bfd_udp_echo4_input_node;
55 static vlib_node_registration_t bfd_udp_echo6_input_node;
57 bfd_udp_main_t bfd_udp_main;
60 bfd_udp_set_echo_source (u32 sw_if_index)
62 vnet_sw_interface_t *sw_if =
63 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main,
64 bfd_udp_main.echo_source_sw_if_index);
67 bfd_udp_main.echo_source_sw_if_index = sw_if_index;
68 bfd_udp_main.echo_source_is_set = 1;
71 return VNET_API_ERROR_BFD_ENOENT;
75 bfd_udp_del_echo_source (u32 sw_if_index)
77 bfd_udp_main.echo_source_sw_if_index = ~0;
78 bfd_udp_main.echo_source_is_set = 0;
83 bfd_udp_is_echo_available (bfd_transport_e transport)
85 if (!bfd_udp_main.echo_source_is_set)
90 * for the echo to work, we need a loopback interface with at least one
91 * address with netmask length at most 31 (ip4) or 127 (ip6) so that we can
92 * pick an unused address from that subnet
94 vnet_sw_interface_t *sw_if =
95 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main,
96 bfd_udp_main.echo_source_sw_if_index);
97 if (sw_if && sw_if->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
99 if (BFD_TRANSPORT_UDP4 == transport)
101 ip4_main_t *im = &ip4_main;
102 ip_interface_address_t *ia = NULL;
104 foreach_ip_interface_address (&im->lookup_main, ia,
105 bfd_udp_main.echo_source_sw_if_index,
106 0 /* honor unnumbered */, ({
107 if (ia->address_length <= 31)
114 else if (BFD_TRANSPORT_UDP6 == transport)
116 ip6_main_t *im = &ip6_main;
117 ip_interface_address_t *ia = NULL;
119 foreach_ip_interface_address (&im->lookup_main, ia,
120 bfd_udp_main.echo_source_sw_if_index,
121 0 /* honor unnumbered */, ({
122 if (ia->address_length <= 127)
134 bfd_udp_bs_idx_to_sport (u32 bs_idx)
136 /* The source port MUST be in the range 49152 through 65535. The same UDP
137 * source port number MUST be used for all BFD Control packets associated
138 * with a particular session. The source port number SHOULD be unique among
139 * all BFD sessions on the system. If more than 16384 BFD sessions are
140 * simultaneously active, UDP source port numbers MAY be reused on
141 * multiple sessions, but the number of distinct uses of the same UDP
142 * source port number SHOULD be minimized.
144 return 49152 + bs_idx % (65535 - 49152 + 1);
153 bfd_udp_get_echo_src_ip4 (ip4_address_t * addr)
155 if (!bfd_udp_main.echo_source_is_set)
157 BFD_ERR ("cannot find ip4 address, echo source not set");
160 ip_interface_address_t *ia = NULL;
161 ip4_main_t *im = &ip4_main;
164 foreach_ip_interface_address (
165 &im->lookup_main, ia, bfd_udp_main.echo_source_sw_if_index,
166 0 /* honor unnumbered */, ({
168 ip_interface_address_get_address (&im->lookup_main, ia);
169 if (ia->address_length <= 31)
171 addr->as_u32 = clib_host_to_net_u32 (x->as_u32);
173 * flip the last bit to get a different address, might be network,
177 addr->as_u32 = clib_net_to_host_u32 (addr->as_u32);
182 BFD_ERR ("cannot find ip4 address, no usable address found");
187 bfd_udp_get_echo_src_ip6 (ip6_address_t * addr)
189 if (!bfd_udp_main.echo_source_is_set)
191 BFD_ERR ("cannot find ip6 address, echo source not set");
194 ip_interface_address_t *ia = NULL;
195 ip6_main_t *im = &ip6_main;
198 foreach_ip_interface_address (
199 &im->lookup_main, ia, bfd_udp_main.echo_source_sw_if_index,
200 0 /* honor unnumbered */, ({
202 ip_interface_address_get_address (&im->lookup_main, ia);
203 if (ia->address_length <= 127)
206 addr->as_u8[15] ^= 1; /* flip the last bit of the address */
212 BFD_ERR ("cannot find ip6 address, no usable address found");
217 bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b,
218 const bfd_session_t * bs, int is_echo)
220 const bfd_udp_session_t *bus = &bs->udp;
221 const bfd_udp_key_t *key = &bus->key;
223 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
224 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
225 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
231 ip4_udp_headers *headers = NULL;
232 vlib_buffer_advance (b, -sizeof (*headers));
233 headers = vlib_buffer_get_current (b);
234 memset (headers, 0, sizeof (*headers));
235 headers->ip4.ip_version_and_header_length = 0x45;
236 headers->ip4.ttl = 255;
237 headers->ip4.protocol = IP_PROTOCOL_UDP;
238 headers->udp.src_port =
239 clib_host_to_net_u16 (bfd_udp_bs_idx_to_sport (bs->bs_idx));
243 if (!(rv = bfd_udp_get_echo_src_ip4 (&headers->ip4.src_address)))
247 headers->ip4.dst_address.as_u32 = key->local_addr.ip4.as_u32;
248 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd_echo4);
252 headers->ip4.src_address.as_u32 = key->local_addr.ip4.as_u32;
253 headers->ip4.dst_address.as_u32 = key->peer_addr.ip4.as_u32;
254 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd4);
257 /* fix ip length, checksum and udp length */
258 const u16 ip_length = vlib_buffer_length_in_chain (vm, b);
260 headers->ip4.length = clib_host_to_net_u16 (ip_length);
261 headers->ip4.checksum = ip4_header_checksum (&headers->ip4);
263 const u16 udp_length = ip_length - (sizeof (headers->ip4));
264 headers->udp.length = clib_host_to_net_u16 (udp_length);
269 bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b,
270 const bfd_session_t * bs, int is_echo)
272 const bfd_udp_session_t *bus = &bs->udp;
273 const bfd_udp_key_t *key = &bus->key;
275 b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED;
276 vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index;
277 vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index;
283 ip6_udp_headers *headers = NULL;
284 vlib_buffer_advance (b, -sizeof (*headers));
285 headers = vlib_buffer_get_current (b);
286 memset (headers, 0, sizeof (*headers));
287 headers->ip6.ip_version_traffic_class_and_flow_label =
288 clib_host_to_net_u32 (0x6 << 28);
289 headers->ip6.hop_limit = 255;
290 headers->ip6.protocol = IP_PROTOCOL_UDP;
291 headers->udp.src_port =
292 clib_host_to_net_u16 (bfd_udp_bs_idx_to_sport (bs->bs_idx));
296 if (!(rv = bfd_udp_get_echo_src_ip6 (&headers->ip6.src_address)))
300 clib_memcpy (&headers->ip6.dst_address, &key->local_addr.ip6,
301 sizeof (headers->ip6.dst_address));
303 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd_echo6);
307 clib_memcpy (&headers->ip6.src_address, &key->local_addr.ip6,
308 sizeof (headers->ip6.src_address));
309 clib_memcpy (&headers->ip6.dst_address, &key->peer_addr.ip6,
310 sizeof (headers->ip6.dst_address));
311 headers->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_bfd6);
314 /* fix ip payload length and udp length */
315 const u16 udp_length =
316 vlib_buffer_length_in_chain (vm, b) - (sizeof (headers->ip6));
317 headers->udp.length = clib_host_to_net_u16 (udp_length);
318 headers->ip6.payload_length = headers->udp.length;
320 /* IPv6 UDP checksum is mandatory */
322 headers->udp.checksum =
323 ip6_tcp_udp_icmp_compute_checksum (vm, b, &headers->ip6, &bogus);
325 if (headers->udp.checksum == 0)
327 headers->udp.checksum = 0xffff;
332 static bfd_session_t *
333 bfd_lookup_session (bfd_udp_main_t * bum, const bfd_udp_key_t * key)
335 uword *p = mhash_get (&bum->bfd_session_idx_by_bfd_key, key);
338 return bfd_find_session_by_idx (bum->bfd_main, *p);
344 bfd_udp_key_init (bfd_udp_key_t * key, u32 sw_if_index,
345 const ip46_address_t * local_addr,
346 const ip46_address_t * peer_addr)
348 memset (key, 0, sizeof (*key));
349 key->sw_if_index = sw_if_index;
350 key->local_addr.as_u64[0] = local_addr->as_u64[0];
351 key->local_addr.as_u64[1] = local_addr->as_u64[1];
352 key->peer_addr.as_u64[0] = peer_addr->as_u64[0];
353 key->peer_addr.as_u64[1] = peer_addr->as_u64[1];
356 static vnet_api_error_t
357 bfd_udp_add_session_internal (bfd_udp_main_t * bum, u32 sw_if_index,
358 u32 desired_min_tx_usec,
359 u32 required_min_rx_usec, u8 detect_mult,
360 const ip46_address_t * local_addr,
361 const ip46_address_t * peer_addr,
362 bfd_session_t ** bs_out)
364 /* get a pool entry and if we end up not needing it, give it back */
365 bfd_transport_e t = BFD_TRANSPORT_UDP4;
366 if (!ip46_address_is_ip4 (local_addr))
368 t = BFD_TRANSPORT_UDP6;
370 bfd_session_t *bs = bfd_get_session (bum->bfd_main, t);
373 bfd_put_session (bum->bfd_main, bs);
374 return VNET_API_ERROR_BFD_EAGAIN;
376 bfd_udp_session_t *bus = &bs->udp;
377 memset (bus, 0, sizeof (*bus));
378 bfd_udp_key_t *key = &bus->key;
379 bfd_udp_key_init (key, sw_if_index, local_addr, peer_addr);
380 const bfd_session_t *tmp = bfd_lookup_session (bum, key);
383 clib_warning ("duplicate bfd-udp session, existing bs_idx=%d",
385 bfd_put_session (bum->bfd_main, bs);
386 return VNET_API_ERROR_BFD_EEXIST;
388 mhash_set (&bum->bfd_session_idx_by_bfd_key, key, bs->bs_idx, NULL);
389 BFD_DBG ("session created, bs_idx=%u, sw_if_index=%d, local=%U, peer=%U",
390 bs->bs_idx, key->sw_if_index, format_ip46_address,
391 &key->local_addr, IP46_TYPE_ANY, format_ip46_address,
392 &key->peer_addr, IP46_TYPE_ANY);
393 if (BFD_TRANSPORT_UDP4 == t)
395 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4, VNET_LINK_IP4,
398 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP4, VNET_LINK_IP4, %U, %d) "
399 "returns %d", format_ip46_address, &key->peer_addr,
400 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
402 fib_prefix_t fib_prefix;
403 memset (&fib_prefix, 0, sizeof (fib_prefix));
404 fib_prefix.fp_len = 0;
405 fib_prefix.fp_proto = FIB_PROTOCOL_IP4;
406 fib_prefix.fp_addr = key->local_addr;
407 u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, 0); /* FIXME table id 0? */
408 dpo_id_t dpo = DPO_INVALID;
410 dproto = fib_proto_to_dpo (fib_prefix.fp_proto);
411 receive_dpo_add_or_lock (dproto, ~0, NULL, &dpo);
412 fib_table_entry_special_dpo_update (fib_index, &fib_prefix,
414 FIB_ENTRY_FLAG_LOCAL, &dpo);
419 bus->adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP6, VNET_LINK_IP6,
422 BFD_DBG ("adj_nbr_add_or_lock(FIB_PROTOCOL_IP6, VNET_LINK_IP6, %U, %d) "
423 "returns %d", format_ip46_address, &key->peer_addr,
424 IP46_TYPE_ANY, key->sw_if_index, bus->adj_index);
427 return bfd_session_set_params (bum->bfd_main, bs, desired_min_tx_usec,
428 required_min_rx_usec, detect_mult);
431 static vnet_api_error_t
432 bfd_udp_validate_api_input (u32 sw_if_index,
433 const ip46_address_t * local_addr,
434 const ip46_address_t * peer_addr)
436 vnet_sw_interface_t *sw_if =
437 vnet_get_sw_interface_safe (bfd_udp_main.vnet_main, sw_if_index);
438 u8 local_ip_valid = 0;
439 ip_interface_address_t *ia = NULL;
442 clib_warning ("got NULL sw_if");
443 return VNET_API_ERROR_INVALID_SW_IF_INDEX;
445 if (ip46_address_is_ip4 (local_addr))
447 if (!ip46_address_is_ip4 (peer_addr))
449 clib_warning ("IP family mismatch");
450 return VNET_API_ERROR_INVALID_ARGUMENT;
452 ip4_main_t *im = &ip4_main;
455 foreach_ip_interface_address (
456 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
458 ip_interface_address_get_address (&im->lookup_main, ia);
459 if (x->as_u32 == local_addr->ip4.as_u32)
461 /* valid address for this interface */
470 if (ip46_address_is_ip4 (peer_addr))
472 clib_warning ("IP family mismatch");
473 return VNET_API_ERROR_INVALID_ARGUMENT;
475 ip6_main_t *im = &ip6_main;
477 foreach_ip_interface_address (
478 &im->lookup_main, ia, sw_if_index, 0 /* honor unnumbered */, ({
480 ip_interface_address_get_address (&im->lookup_main, ia);
481 if (local_addr->ip6.as_u64[0] == x->as_u64[0] &&
482 local_addr->ip6.as_u64[1] == x->as_u64[1])
484 /* valid address for this interface */
494 clib_warning ("address not found on interface");
495 return VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
501 static vnet_api_error_t
502 bfd_udp_find_session_by_api_input (u32 sw_if_index,
503 const ip46_address_t * local_addr,
504 const ip46_address_t * peer_addr,
505 bfd_session_t ** bs_out)
507 vnet_api_error_t rv =
508 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
511 bfd_udp_main_t *bum = &bfd_udp_main;
513 bfd_udp_key_init (&key, sw_if_index, local_addr, peer_addr);
514 bfd_session_t *bs = bfd_lookup_session (bum, &key);
522 ("BFD session not found (sw_if_index=%u, local=%U, peer=%U",
523 sw_if_index, format_ip46_address, local_addr, IP46_TYPE_ANY,
524 format_ip46_address, peer_addr, IP46_TYPE_ANY);
525 return VNET_API_ERROR_BFD_ENOENT;
531 static vnet_api_error_t
532 bfd_api_verify_common (u32 sw_if_index, u32 desired_min_tx_usec,
533 u32 required_min_rx_usec, u8 detect_mult,
534 const ip46_address_t * local_addr,
535 const ip46_address_t * peer_addr)
537 vnet_api_error_t rv =
538 bfd_udp_validate_api_input (sw_if_index, local_addr, peer_addr);
545 clib_warning ("detect_mult < 1");
546 return VNET_API_ERROR_INVALID_ARGUMENT;
548 if (desired_min_tx_usec < 1)
550 clib_warning ("desired_min_tx_usec < 1");
551 return VNET_API_ERROR_INVALID_ARGUMENT;
557 bfd_udp_del_session_internal (bfd_session_t * bs)
559 bfd_udp_main_t *bum = &bfd_udp_main;
560 BFD_DBG ("free bfd-udp session, bs_idx=%d", bs->bs_idx);
561 mhash_unset (&bum->bfd_session_idx_by_bfd_key, &bs->udp.key, NULL);
562 adj_unlock (bs->udp.adj_index);
563 bfd_put_session (bum->bfd_main, bs);
567 bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
568 const ip46_address_t * peer_addr,
569 u32 desired_min_tx_usec, u32 required_min_rx_usec,
570 u8 detect_mult, u8 is_authenticated, u32 conf_key_id,
573 vnet_api_error_t rv =
574 bfd_api_verify_common (sw_if_index, desired_min_tx_usec,
575 required_min_rx_usec, detect_mult,
576 local_addr, peer_addr);
577 bfd_session_t *bs = NULL;
581 bfd_udp_add_session_internal (&bfd_udp_main, sw_if_index,
583 required_min_rx_usec, detect_mult,
584 local_addr, peer_addr, &bs);
586 if (!rv && is_authenticated)
589 rv = bfd_auth_activate (bs, conf_key_id, bfd_key_id,
590 0 /* is not delayed */ );
592 clib_warning ("SSL missing, cannot add authenticated BFD session");
593 rv = VNET_API_ERROR_BFD_NOTSUPP;
597 bfd_udp_del_session_internal (bs);
602 bfd_session_start (bfd_udp_main.bfd_main, bs);
609 bfd_udp_mod_session (u32 sw_if_index,
610 const ip46_address_t * local_addr,
611 const ip46_address_t * peer_addr,
612 u32 desired_min_tx_usec,
613 u32 required_min_rx_usec, u8 detect_mult)
615 bfd_session_t *bs = NULL;
616 vnet_api_error_t rv =
617 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
624 return bfd_session_set_params (bfd_udp_main.bfd_main, bs,
625 desired_min_tx_usec, required_min_rx_usec,
630 bfd_udp_del_session (u32 sw_if_index,
631 const ip46_address_t * local_addr,
632 const ip46_address_t * peer_addr)
634 bfd_session_t *bs = NULL;
635 vnet_api_error_t rv =
636 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
642 bfd_udp_del_session_internal (bs);
647 bfd_udp_session_set_flags (u32 sw_if_index,
648 const ip46_address_t * local_addr,
649 const ip46_address_t * peer_addr, u8 admin_up_down)
651 bfd_session_t *bs = NULL;
652 vnet_api_error_t rv =
653 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
659 bfd_session_set_flags (bs, admin_up_down);
664 bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
668 bfd_auth_key_t *auth_key = NULL;
669 if (!key_len || key_len > bfd_max_len_for_auth_type (auth_type))
671 clib_warning ("Invalid authentication key length for auth_type=%d:%s "
672 "(key_len=%u, must be "
673 "non-zero, expected max=%u)",
674 auth_type, bfd_auth_type_str (auth_type), key_len,
675 (u32) bfd_max_len_for_auth_type (auth_type));
676 return VNET_API_ERROR_INVALID_VALUE;
678 if (!bfd_auth_type_supported (auth_type))
680 clib_warning ("Unsupported auth type=%d:%s", auth_type,
681 bfd_auth_type_str (auth_type));
682 return VNET_API_ERROR_BFD_NOTSUPP;
684 bfd_main_t *bm = bfd_udp_main.bfd_main;
685 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
688 /* modifying existing key - must not be used */
689 const uword key_idx = *key_idx_p;
690 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
691 if (auth_key->use_count > 0)
693 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
694 "sessions - cannot modify",
695 conf_key_id, auth_key->use_count);
696 return VNET_API_ERROR_BFD_EINUSE;
702 pool_get (bm->auth_keys, auth_key);
703 auth_key->conf_key_id = conf_key_id;
704 hash_set (bm->auth_key_by_conf_key_id, conf_key_id,
705 auth_key - bm->auth_keys);
707 auth_key->auth_type = auth_type;
708 memset (auth_key->key, 0, sizeof (auth_key->key));
709 clib_memcpy (auth_key->key, key_data, key_len);
712 clib_warning ("SSL missing, cannot manipulate authentication keys");
713 return VNET_API_ERROR_BFD_NOTSUPP;
718 bfd_auth_del_key (u32 conf_key_id)
721 bfd_auth_key_t *auth_key = NULL;
722 bfd_main_t *bm = bfd_udp_main.bfd_main;
723 uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
726 /* deleting existing key - must not be used */
727 const uword key_idx = *key_idx_p;
728 auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
729 if (auth_key->use_count > 0)
731 clib_warning ("Authentication key with conf ID %u in use by %u BFD "
732 "sessions - cannot delete",
733 conf_key_id, auth_key->use_count);
734 return VNET_API_ERROR_BFD_EINUSE;
736 hash_unset (bm->auth_key_by_conf_key_id, conf_key_id);
737 memset (auth_key, 0, sizeof (*auth_key));
738 pool_put (bm->auth_keys, auth_key);
743 clib_warning ("Authentication key with conf ID %u does not exist",
745 return VNET_API_ERROR_BFD_ENOENT;
749 clib_warning ("SSL missing, cannot manipulate authentication keys");
750 return VNET_API_ERROR_BFD_NOTSUPP;
755 bfd_udp_auth_activate (u32 sw_if_index,
756 const ip46_address_t * local_addr,
757 const ip46_address_t * peer_addr,
758 u32 conf_key_id, u8 key_id, u8 is_delayed)
761 bfd_session_t *bs = NULL;
762 vnet_api_error_t rv =
763 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
769 return bfd_auth_activate (bs, conf_key_id, key_id, is_delayed);
771 clib_warning ("SSL missing, cannot activate BFD authentication");
772 return VNET_API_ERROR_BFD_NOTSUPP;
777 bfd_udp_auth_deactivate (u32 sw_if_index,
778 const ip46_address_t * local_addr,
779 const ip46_address_t * peer_addr, u8 is_delayed)
781 bfd_session_t *bs = NULL;
782 vnet_api_error_t rv =
783 bfd_udp_find_session_by_api_input (sw_if_index, local_addr, peer_addr,
789 return bfd_auth_deactivate (bs, is_delayed);
794 BFD_UDP_INPUT_NEXT_NORMAL,
795 BFD_UDP_INPUT_NEXT_REPLY,
796 BFD_UDP_INPUT_N_NEXT,
797 } bfd_udp_input_next_t;
799 /* Packet counters - BFD control frames */
800 #define foreach_bfd_udp_error(F) \
801 F (NONE, "good bfd packets (processed)") \
802 F (BAD, "invalid bfd packets")
804 #define F(sym, string) static char BFD_UDP_ERR_##sym##_STR[] = string;
805 foreach_bfd_udp_error (F);
808 static char *bfd_udp_error_strings[] = {
809 #define F(sym, string) BFD_UDP_ERR_##sym##_STR,
810 foreach_bfd_udp_error (F)
816 #define F(sym, str) BFD_UDP_ERROR_##sym,
817 foreach_bfd_udp_error (F)
822 /* Packet counters - BFD ECHO packets */
823 #define foreach_bfd_udp_echo_error(F) \
824 F (NONE, "good bfd echo packets (processed)") \
825 F (BAD, "invalid bfd echo packets")
827 #define F(sym, string) static char BFD_UDP_ECHO_ERR_##sym##_STR[] = string;
828 foreach_bfd_udp_echo_error (F);
831 static char *bfd_udp_echo_error_strings[] = {
832 #define F(sym, string) BFD_UDP_ECHO_ERR_##sym##_STR,
833 foreach_bfd_udp_echo_error (F)
839 #define F(sym, str) BFD_UDP_ECHO_ERROR_##sym,
840 foreach_bfd_udp_echo_error (F)
842 BFD_UDP_ECHO_N_ERROR,
843 } bfd_udp_echo_error_t;
846 bfd_udp4_find_headers (vlib_buffer_t * b, ip4_header_t ** ip4,
849 /* sanity check first */
850 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
851 if (start < 0 && start < sizeof (b->pre_data))
853 BFD_ERR ("Start of ip header is before pre_data, ignoring");
858 *ip4 = (ip4_header_t *) (b->data + start);
859 if ((u8 *) * ip4 > (u8 *) vlib_buffer_get_current (b))
861 BFD_ERR ("Start of ip header is beyond current data, ignoring");
866 *udp = (udp_header_t *) ((*ip4) + 1);
869 static bfd_udp_error_t
870 bfd_udp4_verify_transport (const ip4_header_t * ip4,
871 const udp_header_t * udp, const bfd_session_t * bs)
873 const bfd_udp_session_t *bus = &bs->udp;
874 const bfd_udp_key_t *key = &bus->key;
875 if (ip4->src_address.as_u32 != key->peer_addr.ip4.as_u32)
877 BFD_ERR ("IPv4 src addr mismatch, got %U, expected %U",
878 format_ip4_address, ip4->src_address.as_u8, format_ip4_address,
879 key->peer_addr.ip4.as_u8);
880 return BFD_UDP_ERROR_BAD;
882 if (ip4->dst_address.as_u32 != key->local_addr.ip4.as_u32)
884 BFD_ERR ("IPv4 dst addr mismatch, got %U, expected %U",
885 format_ip4_address, ip4->dst_address.as_u8, format_ip4_address,
886 key->local_addr.ip4.as_u8);
887 return BFD_UDP_ERROR_BAD;
889 const u8 expected_ttl = 255;
890 if (ip4->ttl != expected_ttl)
892 BFD_ERR ("IPv4 unexpected TTL value %u, expected %u", ip4->ttl,
894 return BFD_UDP_ERROR_BAD;
896 if (clib_net_to_host_u16 (udp->src_port) < 49152)
898 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
901 return BFD_UDP_ERROR_NONE;
911 bfd_rpc_update_session_cb (const bfd_rpc_update_t * a)
913 bfd_consume_pkt (bfd_udp_main.bfd_main, &a->pkt, a->bs_idx);
917 bfd_rpc_update_session (u32 bs_idx, const bfd_pkt_t * pkt)
919 /* packet length was already verified to be correct by the caller */
920 const u32 data_size = sizeof (bfd_rpc_update_t) -
921 STRUCT_SIZE_OF (bfd_rpc_update_t, pkt) + pkt->head.length;
923 bfd_rpc_update_t *update = (bfd_rpc_update_t *) data;
924 update->bs_idx = bs_idx;
925 clib_memcpy (&update->pkt, pkt, pkt->head.length);
926 vl_api_rpc_call_main_thread (bfd_rpc_update_session_cb, data, data_size);
929 static bfd_udp_error_t
930 bfd_udp4_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
931 vlib_buffer_t * b, bfd_session_t ** bs_out)
933 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
934 if (sizeof (*pkt) > b->current_length)
937 ("Payload size %d too small to hold bfd packet of minimum size %d",
938 b->current_length, sizeof (*pkt));
939 return BFD_UDP_ERROR_BAD;
943 bfd_udp4_find_headers (b, &ip4, &udp);
946 BFD_ERR ("Couldn't find ip4 or udp header");
947 return BFD_UDP_ERROR_BAD;
949 const u32 udp_payload_length = udp->length - sizeof (*udp);
950 if (pkt->head.length > udp_payload_length)
953 ("BFD packet length is larger than udp payload length (%u > %u)",
954 pkt->head.length, udp_payload_length);
955 return BFD_UDP_ERROR_BAD;
957 if (!bfd_verify_pkt_common (pkt))
959 return BFD_UDP_ERROR_BAD;
961 bfd_session_t *bs = NULL;
964 BFD_DBG ("Looking up BFD session using discriminator %u",
966 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
971 memset (&key, 0, sizeof (key));
972 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
973 key.local_addr.ip4.as_u32 = ip4->dst_address.as_u32;
974 key.peer_addr.ip4.as_u32 = ip4->src_address.as_u32;
975 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
977 key.sw_if_index, format_ip4_address, key.local_addr.ip4.as_u8,
978 format_ip4_address, key.peer_addr.ip4.as_u8);
979 bs = bfd_lookup_session (&bfd_udp_main, &key);
983 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
984 return BFD_UDP_ERROR_BAD;
986 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
987 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
989 BFD_ERR ("Packet verification failed, dropping packet");
990 return BFD_UDP_ERROR_BAD;
993 if (BFD_UDP_ERROR_NONE != (err = bfd_udp4_verify_transport (ip4, udp, bs)))
997 bfd_rpc_update_session (bs->bs_idx, pkt);
999 return BFD_UDP_ERROR_NONE;
1003 bfd_udp6_find_headers (vlib_buffer_t * b, ip6_header_t ** ip6,
1004 udp_header_t ** udp)
1006 /* sanity check first */
1007 const i32 start = vnet_buffer (b)->ip.start_of_ip_header;
1008 if (start < 0 && start < sizeof (b->pre_data))
1010 BFD_ERR ("Start of ip header is before pre_data, ignoring");
1015 *ip6 = (ip6_header_t *) (b->data + start);
1016 if ((u8 *) * ip6 > (u8 *) vlib_buffer_get_current (b))
1018 BFD_ERR ("Start of ip header is beyond current data, ignoring");
1023 if ((*ip6)->protocol != IP_PROTOCOL_UDP)
1025 BFD_ERR ("Unexpected protocol in IPv6 header '%u', expected '%u' (== "
1026 "IP_PROTOCOL_UDP)", (*ip6)->protocol, IP_PROTOCOL_UDP);
1031 *udp = (udp_header_t *) ((*ip6) + 1);
1034 static bfd_udp_error_t
1035 bfd_udp6_verify_transport (const ip6_header_t * ip6,
1036 const udp_header_t * udp, const bfd_session_t * bs)
1038 const bfd_udp_session_t *bus = &bs->udp;
1039 const bfd_udp_key_t *key = &bus->key;
1040 if (ip6->src_address.as_u64[0] != key->peer_addr.ip6.as_u64[0] &&
1041 ip6->src_address.as_u64[1] != key->peer_addr.ip6.as_u64[1])
1043 BFD_ERR ("IP src addr mismatch, got %U, expected %U",
1044 format_ip6_address, ip6, format_ip6_address,
1045 &key->peer_addr.ip6);
1046 return BFD_UDP_ERROR_BAD;
1048 if (ip6->dst_address.as_u64[0] != key->local_addr.ip6.as_u64[0] &&
1049 ip6->dst_address.as_u64[1] != key->local_addr.ip6.as_u64[1])
1051 BFD_ERR ("IP dst addr mismatch, got %U, expected %U",
1052 format_ip6_address, ip6, format_ip6_address,
1053 &key->local_addr.ip6);
1054 return BFD_UDP_ERROR_BAD;
1056 const u8 expected_hop_limit = 255;
1057 if (ip6->hop_limit != expected_hop_limit)
1059 BFD_ERR ("IPv6 unexpected hop-limit value %u, expected %u",
1060 ip6->hop_limit, expected_hop_limit);
1061 return BFD_UDP_ERROR_BAD;
1063 if (clib_net_to_host_u16 (udp->src_port) < 49152)
1065 BFD_ERR ("Invalid UDP src port %u, out of range <49152,65535>",
1068 return BFD_UDP_ERROR_NONE;
1071 static bfd_udp_error_t
1072 bfd_udp6_scan (vlib_main_t * vm, vlib_node_runtime_t * rt,
1073 vlib_buffer_t * b, bfd_session_t ** bs_out)
1075 const bfd_pkt_t *pkt = vlib_buffer_get_current (b);
1076 if (sizeof (*pkt) > b->current_length)
1079 ("Payload size %d too small to hold bfd packet of minimum size %d",
1080 b->current_length, sizeof (*pkt));
1081 return BFD_UDP_ERROR_BAD;
1085 bfd_udp6_find_headers (b, &ip6, &udp);
1088 BFD_ERR ("Couldn't find ip6 or udp header");
1089 return BFD_UDP_ERROR_BAD;
1091 const u32 udp_payload_length = udp->length - sizeof (*udp);
1092 if (pkt->head.length > udp_payload_length)
1095 ("BFD packet length is larger than udp payload length (%u > %u)",
1096 pkt->head.length, udp_payload_length);
1097 return BFD_UDP_ERROR_BAD;
1099 if (!bfd_verify_pkt_common (pkt))
1101 return BFD_UDP_ERROR_BAD;
1103 bfd_session_t *bs = NULL;
1106 BFD_DBG ("Looking up BFD session using discriminator %u",
1108 bs = bfd_find_session_by_disc (bfd_udp_main.bfd_main, pkt->your_disc);
1113 memset (&key, 0, sizeof (key));
1114 key.sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
1115 key.local_addr.ip6.as_u64[0] = ip6->dst_address.as_u64[0];
1116 key.local_addr.ip6.as_u64[1] = ip6->dst_address.as_u64[1];
1117 key.peer_addr.ip6.as_u64[0] = ip6->src_address.as_u64[0];
1118 key.peer_addr.ip6.as_u64[1] = ip6->src_address.as_u64[1];
1119 BFD_DBG ("Looking up BFD session using key (sw_if_index=%u, local=%U, "
1121 key.sw_if_index, format_ip6_address, &key.local_addr,
1122 format_ip6_address, &key.peer_addr);
1123 bs = bfd_lookup_session (&bfd_udp_main, &key);
1127 BFD_ERR ("BFD session lookup failed - no session matches BFD pkt");
1128 return BFD_UDP_ERROR_BAD;
1130 BFD_DBG ("BFD session found, bs_idx=%u", bs->bs_idx);
1131 if (!bfd_verify_pkt_auth (pkt, b->current_length, bs))
1133 BFD_ERR ("Packet verification failed, dropping packet");
1134 return BFD_UDP_ERROR_BAD;
1136 bfd_udp_error_t err;
1137 if (BFD_UDP_ERROR_NONE != (err = bfd_udp6_verify_transport (ip6, udp, bs)))
1141 bfd_rpc_update_session (bs->bs_idx, pkt);
1143 return BFD_UDP_ERROR_NONE;
1147 * Process a frame of bfd packets
1148 * Expect 1 packet / frame
1151 bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1152 vlib_frame_t * f, int is_ipv6)
1154 u32 n_left_from, *from;
1155 bfd_input_trace_t *t0;
1157 from = vlib_frame_vector_args (f); /* array of buffer indices */
1158 n_left_from = f->n_vectors; /* number of buffer indices */
1160 while (n_left_from > 0)
1167 b0 = vlib_get_buffer (vm, bi0);
1169 bfd_session_t *bs = NULL;
1171 /* If this pkt is traced, snapshot the data */
1172 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1175 t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
1176 len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
1177 : sizeof (t0->data);
1179 clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
1182 /* scan this bfd pkt. error0 is the counter index to bmp */
1185 error0 = bfd_udp6_scan (vm, rt, b0, &bs);
1189 error0 = bfd_udp4_scan (vm, rt, b0, &bs);
1191 b0->error = rt->errors[error0];
1193 next0 = BFD_UDP_INPUT_NEXT_NORMAL;
1194 if (BFD_UDP_ERROR_NONE == error0)
1197 * if everything went fine, check for poll bit, if present, re-use
1198 * the buffer and based on (now updated) session parameters, send
1199 * the final packet back
1201 const bfd_pkt_t *pkt = vlib_buffer_get_current (b0);
1202 if (bfd_pkt_get_poll (pkt))
1204 bfd_init_final_control_frame (vm, b0, bfd_udp_main.bfd_main,
1208 vlib_node_increment_counter (vm, bfd_udp6_input_node.index,
1213 vlib_node_increment_counter (vm, bfd_udp4_input_node.index,
1216 next0 = BFD_UDP_INPUT_NEXT_REPLY;
1219 vlib_set_next_frame_buffer (vm, rt, next0, bi0);
1225 return f->n_vectors;
1229 bfd_udp4_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1231 return bfd_udp_input (vm, rt, f, 0);
1235 * bfd input graph node declaration
1238 VLIB_REGISTER_NODE (bfd_udp4_input_node, static) = {
1239 .function = bfd_udp4_input,
1240 .name = "bfd-udp4-input",
1241 .vector_size = sizeof (u32),
1242 .type = VLIB_NODE_TYPE_INTERNAL,
1244 .n_errors = BFD_UDP_N_ERROR,
1245 .error_strings = bfd_udp_error_strings,
1247 .format_trace = bfd_input_format_trace,
1249 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1252 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1253 [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup",
1259 bfd_udp6_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
1261 return bfd_udp_input (vm, rt, f, 1);
1265 VLIB_REGISTER_NODE (bfd_udp6_input_node, static) = {
1266 .function = bfd_udp6_input,
1267 .name = "bfd-udp6-input",
1268 .vector_size = sizeof (u32),
1269 .type = VLIB_NODE_TYPE_INTERNAL,
1271 .n_errors = BFD_UDP_N_ERROR,
1272 .error_strings = bfd_udp_error_strings,
1274 .format_trace = bfd_input_format_trace,
1276 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1279 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1280 [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup",
1286 * Process a frame of bfd echo packets
1287 * Expect 1 packet / frame
1290 bfd_udp_echo_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1291 vlib_frame_t * f, int is_ipv6)
1293 u32 n_left_from, *from;
1294 bfd_input_trace_t *t0;
1296 from = vlib_frame_vector_args (f); /* array of buffer indices */
1297 n_left_from = f->n_vectors; /* number of buffer indices */
1299 while (n_left_from > 0)
1306 b0 = vlib_get_buffer (vm, bi0);
1308 /* If this pkt is traced, snapshot the data */
1309 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1312 t0 = vlib_add_trace (vm, rt, b0, sizeof (*t0));
1313 len = (b0->current_length < sizeof (t0->data)) ? b0->current_length
1314 : sizeof (t0->data);
1316 clib_memcpy (t0->data, vlib_buffer_get_current (b0), len);
1319 if (bfd_consume_echo_pkt (bfd_udp_main.bfd_main, b0))
1321 b0->error = rt->errors[BFD_UDP_ERROR_NONE];
1322 next0 = BFD_UDP_INPUT_NEXT_NORMAL;
1326 /* loop back the packet */
1327 b0->error = rt->errors[BFD_UDP_ERROR_NONE];
1330 vlib_node_increment_counter (vm, bfd_udp_echo6_input_node.index,
1335 vlib_node_increment_counter (vm, bfd_udp_echo4_input_node.index,
1338 next0 = BFD_UDP_INPUT_NEXT_REPLY;
1341 vlib_set_next_frame_buffer (vm, rt, next0, bi0);
1347 return f->n_vectors;
1351 bfd_udp_echo4_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1354 return bfd_udp_echo_input (vm, rt, f, 0);
1358 bfd_echo_input_format_trace (u8 * s, va_list * args)
1360 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1361 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1362 const bfd_udp_echo_input_trace_t *t =
1363 va_arg (*args, bfd_udp_echo_input_trace_t *);
1364 if (t->len > STRUCT_SIZE_OF (bfd_pkt_t, head))
1366 s = format (s, "BFD ECHO:\n");
1367 s = format (s, " data: %U", format_hexdump, t->data, t->len);
1374 * bfd input graph node declaration
1377 VLIB_REGISTER_NODE (bfd_udp_echo4_input_node, static) = {
1378 .function = bfd_udp_echo4_input,
1379 .name = "bfd-udp-echo4-input",
1380 .vector_size = sizeof (u32),
1381 .type = VLIB_NODE_TYPE_INTERNAL,
1383 .n_errors = BFD_UDP_ECHO_N_ERROR,
1384 .error_strings = bfd_udp_error_strings,
1386 .format_trace = bfd_echo_input_format_trace,
1388 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1391 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1392 [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup",
1398 bfd_udp_echo6_input (vlib_main_t * vm, vlib_node_runtime_t * rt,
1401 return bfd_udp_echo_input (vm, rt, f, 1);
1405 VLIB_REGISTER_NODE (bfd_udp_echo6_input_node, static) = {
1406 .function = bfd_udp_echo6_input,
1407 .name = "bfd-udp-echo6-input",
1408 .vector_size = sizeof (u32),
1409 .type = VLIB_NODE_TYPE_INTERNAL,
1411 .n_errors = BFD_UDP_ECHO_N_ERROR,
1412 .error_strings = bfd_udp_echo_error_strings,
1414 .format_trace = bfd_echo_input_format_trace,
1416 .n_next_nodes = BFD_UDP_INPUT_N_NEXT,
1419 [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop",
1420 [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup",
1426 static clib_error_t *
1427 bfd_sw_interface_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
1429 // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1430 if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1437 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (bfd_sw_interface_up_down);
1439 static clib_error_t *
1440 bfd_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
1442 if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1449 VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION (bfd_hw_interface_up_down);
1454 static clib_error_t *
1455 bfd_udp_init (vlib_main_t * vm)
1457 mhash_init (&bfd_udp_main.bfd_session_idx_by_bfd_key, sizeof (uword),
1458 sizeof (bfd_udp_key_t));
1459 bfd_udp_main.bfd_main = &bfd_main;
1460 bfd_udp_main.vnet_main = vnet_get_main ();
1461 udp_register_dst_port (vm, UDP_DST_PORT_bfd4, bfd_udp4_input_node.index, 1);
1462 udp_register_dst_port (vm, UDP_DST_PORT_bfd6, bfd_udp6_input_node.index, 0);
1463 udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo4,
1464 bfd_udp_echo4_input_node.index, 1);
1465 udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo6,
1466 bfd_udp_echo6_input_node.index, 0);
1470 VLIB_INIT_FUNCTION (bfd_udp_init);
1473 * fd.io coding-style-patch-verification: ON
1476 * eval: (c-set-style "gnu")