FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
bfd_main.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2011-2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief BFD nodes implementation
18  */
19 
20 #if WITH_LIBSSL > 0
21 #include <openssl/sha.h>
22 #endif
23 
24 #if __SSE4_2__
25 #include <x86intrin.h>
26 #endif
27 
28 #include <vlibmemory/api.h>
29 #include <vppinfra/random.h>
30 #include <vppinfra/error.h>
31 #include <vppinfra/hash.h>
32 #include <vppinfra/xxhash.h>
33 #include <vnet/ethernet/ethernet.h>
34 #include <vnet/ethernet/packet.h>
35 #include <vnet/bfd/bfd_debug.h>
36 #include <vnet/bfd/bfd_protocol.h>
37 #include <vnet/bfd/bfd_main.h>
38 #include <vlib/log.h>
39 
40 static u64
41 bfd_calc_echo_checksum (u32 discriminator, u64 expire_time, u32 secret)
42 {
43  u64 checksum = 0;
44 #if defined(clib_crc32c_uses_intrinsics) && !defined (__i386__)
45  checksum = crc32_u64 (0, discriminator);
46  checksum = crc32_u64 (checksum, expire_time);
47  checksum = crc32_u64 (checksum, secret);
48 #else
49  checksum = clib_xxhash (discriminator ^ expire_time ^ secret);
50 #endif
51  return checksum;
52 }
53 
54 static u64
56 {
57  return us * NSEC_PER_USEC;
58 }
59 
60 u32
62 {
63  return nsec / NSEC_PER_USEC;
64 }
65 
68 {
69  f64 _vm_time = vlib_time_now (vm);
70  if (vm_time)
71  *vm_time = _vm_time;
72  return _vm_time * NSEC_PER_SEC;
73 }
74 
76 
77 u8 *
78 format_bfd_auth_key (u8 * s, va_list * args)
79 {
80  const bfd_auth_key_t *key = va_arg (*args, bfd_auth_key_t *);
81  if (key)
82  {
83  s = format (s, "{auth-type=%u:%s, conf-key-id=%u, use-count=%u}, ",
85  key->conf_key_id, key->use_count);
86  }
87  else
88  {
89  s = format (s, "{none}");
90  }
91  return s;
92 }
93 
94 /*
95  * We actually send all bfd pkts to the "error" node after scanning
96  * them, so the graph node has only one next-index. The "error-drop"
97  * node automatically bumps our per-node packet counters for us.
98  */
99 typedef enum
100 {
104 
105 static void bfd_on_state_change (bfd_main_t * bm, bfd_session_t * bs, u64 now,
106  int handling_wakeup);
107 
108 static void
110 {
111  bs->local_state = BFD_STATE_down;
112  bs->local_diag = BFD_DIAG_CODE_no_diag;
113  bs->remote_state = BFD_STATE_down;
114  bs->remote_discr = 0;
115  bs->hop_type = BFD_HOP_TYPE_SINGLE;
119  bs->remote_min_rx_usec = 1;
121  bs->remote_min_echo_rx_usec = 0;
122  bs->remote_min_echo_rx_nsec = 0;
123  bs->remote_demand = 0;
124  bs->auth.remote_seq_number = 0;
127  bs->echo_secret = random_u32 (&bm->random_seed);
128 }
129 
130 static void
132 {
133  if (bs->local_diag != code)
134  {
135  BFD_DBG ("set local_diag, bs_idx=%d: '%d:%s'", bs->bs_idx, code,
136  bfd_diag_code_string (code));
137  bs->local_diag = code;
138  }
139 }
140 
141 static void
143  bfd_state_e new_state, int handling_wakeup)
144 {
145  if (bs->local_state != new_state)
146  {
147  BFD_DBG ("Change state, bs_idx=%d: %s->%s", bs->bs_idx,
149  bfd_state_string (new_state));
150  bs->local_state = new_state;
151  bfd_on_state_change (bm, bs, bfd_time_now_nsec (vm, NULL),
152  handling_wakeup);
153  }
154 }
155 
156 const char *
158 {
159  switch (state)
160  {
161 #define F(x) \
162  case BFD_POLL_##x: \
163  return "BFD_POLL_" #x;
165 #undef F
166  }
167  return "UNKNOWN";
168 }
169 
170 static void
172 {
173  if (bs->poll_state != state)
174  {
175  BFD_DBG ("Setting poll state=%s, bs_idx=%u",
176  bfd_poll_state_string (state), bs->bs_idx);
177  bs->poll_state = state;
178  }
179 }
180 
181 static void
183 {
186  BFD_DBG ("Recalculated transmit interval " BFD_CLK_FMT,
187  BFD_CLK_PRN (bs->transmit_interval_nsec));
188 }
189 
190 static void
192 {
195  BFD_DBG ("Recalculated echo transmit interval " BFD_CLK_FMT,
196  BFD_CLK_PRN (bs->echo_transmit_interval_nsec));
197 }
198 
199 static void
201 {
202  if (bs->local_detect_mult > 1)
203  {
204  /* common case - 75-100% of transmit interval */
205  bs->tx_timeout_nsec = bs->last_tx_nsec +
206  (1 - .25 * (random_f64 (&bm->random_seed))) *
208  if (bs->tx_timeout_nsec < now)
209  {
210  /*
211  * the timeout is in the past, which means that either remote
212  * demand mode was set or performance/clock issues ...
213  */
214  BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
215  "tx_timeout is %lu)",
216  (now - bs->tx_timeout_nsec) /
218  bs->tx_timeout_nsec = now;
219  }
220  }
221  else
222  {
223  /* special case - 75-90% of transmit interval */
224  bs->tx_timeout_nsec = bs->last_tx_nsec +
225  (.9 - .15 * (random_f64 (&bm->random_seed))) *
227  if (bs->tx_timeout_nsec < now)
228  {
229  /*
230  * the timeout is in the past, which means that either remote
231  * demand mode was set or performance/clock issues ...
232  */
233  BFD_DBG ("Missed %lu transmit events (now is %lu, calc "
234  "tx_timeout is %lu)",
235  (now - bs->tx_timeout_nsec) /
237  bs->tx_timeout_nsec = now;
238  }
239  }
240  if (bs->tx_timeout_nsec)
241  {
242  BFD_DBG ("Next transmit in %lu nsec/%.02fs@%lu",
243  bs->tx_timeout_nsec - now,
244  (bs->tx_timeout_nsec - now) * SEC_PER_NSEC,
245  bs->tx_timeout_nsec);
246  }
247 }
248 
249 static void
251 {
254  if (bs->echo_tx_timeout_nsec < now)
255  {
256  /* huh, we've missed it already, transmit now */
257  BFD_DBG ("Missed %lu echo transmit events (now is %lu, calc tx_timeout "
258  "is %lu)",
259  (now - bs->echo_tx_timeout_nsec) /
261  now, bs->echo_tx_timeout_nsec);
262  bs->echo_tx_timeout_nsec = now;
263  }
264  BFD_DBG ("Next echo transmit in %lu nsec/%.02fs@%lu",
265  bs->echo_tx_timeout_nsec - now,
266  (bs->echo_tx_timeout_nsec - now) * SEC_PER_NSEC,
268 }
269 
270 static void
272 {
273  if (bs->local_state == BFD_STATE_init || bs->local_state == BFD_STATE_up)
274  {
275  bs->detection_time_nsec =
276  bs->remote_detect_mult *
279  BFD_DBG ("Recalculated detection time %lu nsec/%.3fs",
282  }
283 }
284 
285 static void
287  int handling_wakeup)
288 {
289  u64 next = 0;
290  u64 rx_timeout = 0;
291  u64 tx_timeout = 0;
292  if (BFD_STATE_up == bs->local_state)
293  {
294  rx_timeout = bs->last_rx_nsec + bs->detection_time_nsec;
295  }
296  if (BFD_STATE_up != bs->local_state ||
297  (!bs->remote_demand && bs->remote_min_rx_usec) ||
298  BFD_POLL_NOT_NEEDED != bs->poll_state)
299  {
300  tx_timeout = bs->tx_timeout_nsec;
301  }
302  if (tx_timeout && rx_timeout)
303  {
304  next = clib_min (tx_timeout, rx_timeout);
305  }
306  else if (tx_timeout)
307  {
308  next = tx_timeout;
309  }
310  else if (rx_timeout)
311  {
312  next = rx_timeout;
313  }
314  if (bs->echo && next > bs->echo_tx_timeout_nsec)
315  {
316  next = bs->echo_tx_timeout_nsec;
317  }
318  BFD_DBG ("bs_idx=%u, tx_timeout=%lu, echo_tx_timeout=%lu, rx_timeout=%lu, "
319  "next=%s",
320  bs->bs_idx, tx_timeout, bs->echo_tx_timeout_nsec, rx_timeout,
321  next == tx_timeout
322  ? "tx" : (next == bs->echo_tx_timeout_nsec ? "echo tx" : "rx"));
323  if (next)
324  {
325  int send_signal = 0;
326  bs->event_time_nsec = next;
327  /* add extra tick if it's not even */
328  u32 wheel_time_ticks =
329  (bs->event_time_nsec - now) / bm->nsec_per_tw_tick +
330  ((bs->event_time_nsec - now) % bm->nsec_per_tw_tick != 0);
331  BFD_DBG ("event_time_nsec %lu (%lu nsec/%.3fs in future) -> "
332  "wheel_time_ticks %u", bs->event_time_nsec,
333  bs->event_time_nsec - now,
334  (bs->event_time_nsec - now) * SEC_PER_NSEC, wheel_time_ticks);
335  wheel_time_ticks = wheel_time_ticks ? wheel_time_ticks : 1;
336  bfd_lock (bm);
337  if (bs->tw_id)
338  {
339  TW (tw_timer_update) (&bm->wheel, bs->tw_id, wheel_time_ticks);
340  BFD_DBG ("tw_timer_update(%p, %u, %lu);", &bm->wheel, bs->tw_id,
341  wheel_time_ticks);
342  }
343  else
344  {
345  bs->tw_id =
346  TW (tw_timer_start) (&bm->wheel, bs->bs_idx, 0, wheel_time_ticks);
347  BFD_DBG ("tw_timer_start(%p, %u, 0, %lu) == %u;", &bm->wheel,
348  bs->bs_idx, wheel_time_ticks);
349  }
350 
351  if (!handling_wakeup)
352  {
353 
354  /* Send only if it is earlier than current awaited wakeup time */
355  send_signal =
357  /*
358  * If the wake-up time is within 2x the delay of the event propagation delay,
359  * avoid the expense of sending the event. The 2x multiplier is to workaround the race whereby
360  * simultaneous event + expired timer create one recurring bogus wakeup/suspend instance,
361  * due to double scheduling of the node on the pending list.
362  */
365  /* Must be no events in flight to send an event */
367 
368  /* If we do send the signal, note this down along with the start timestamp */
369  if (send_signal)
370  {
373  }
374  }
375  bfd_unlock (bm);
376 
377  /* Use the multithreaded event sending so the workers can send events too */
378  if (send_signal)
379  {
383  }
384  }
385 }
386 
387 static void
389  bfd_session_t * bs, u64 now,
390  u64 desired_min_tx_nsec)
391 {
392  bs->effective_desired_min_tx_nsec = desired_min_tx_nsec;
393  BFD_DBG ("Set effective desired min tx to " BFD_CLK_FMT,
394  BFD_CLK_PRN (bs->effective_desired_min_tx_nsec));
395  bfd_recalc_detection_time (bm, bs);
396  bfd_recalc_tx_interval (bm, bs);
398  bfd_calc_next_tx (bm, bs, now);
399 }
400 
401 static void
403  bfd_session_t * bs,
404  u64 required_min_rx_nsec)
405 {
406  bs->effective_required_min_rx_nsec = required_min_rx_nsec;
407  BFD_DBG ("Set effective required min rx to " BFD_CLK_FMT,
408  BFD_CLK_PRN (bs->effective_required_min_rx_nsec));
409  bfd_recalc_detection_time (bm, bs);
410 }
411 
412 static void
414  u64 now, u32 remote_required_min_rx_usec)
415 {
416  if (bs->remote_min_rx_usec != remote_required_min_rx_usec)
417  {
418  bs->remote_min_rx_usec = remote_required_min_rx_usec;
419  bs->remote_min_rx_nsec = bfd_usec_to_nsec (remote_required_min_rx_usec);
420  BFD_DBG ("Set remote min rx to " BFD_CLK_FMT,
421  BFD_CLK_PRN (bs->remote_min_rx_nsec));
422  bfd_recalc_detection_time (bm, bs);
423  bfd_recalc_tx_interval (bm, bs);
424  }
425 }
426 
427 static void
429  u64 now,
430  u32 remote_required_min_echo_rx_usec)
431 {
432  if (bs->remote_min_echo_rx_usec != remote_required_min_echo_rx_usec)
433  {
434  bs->remote_min_echo_rx_usec = remote_required_min_echo_rx_usec;
437  BFD_DBG ("Set remote min echo rx to " BFD_CLK_FMT,
438  BFD_CLK_PRN (bs->remote_min_echo_rx_nsec));
440  }
441 }
442 
443 static void
445  bfd_listen_event_e event, const bfd_session_t * bs)
446 {
447  bfd_notify_fn_t *fn;
448  vec_foreach (fn, bm->listeners)
449  {
450  (*fn) (event, bs);
451  }
452 }
453 
454 void
456 {
457  BFD_DBG ("\nStarting session: %U", format_bfd_session, bs);
458  vlib_log_info (bm->log_class, "start BFD session: %U",
461  bfd_recalc_tx_interval (bm, bs);
464  bfd_notify_listeners (bm, BFD_LISTEN_EVENT_CREATE, bs);
465 }
466 
467 void
469 {
470  bfd_main_t *bm = &bfd_main;
471  u64 now = bfd_time_now_nsec (vm, NULL);
472  if (admin_up_down)
473  {
474  BFD_DBG ("Session set admin-up, bs-idx=%u", bs->bs_idx);
475  vlib_log_info (bm->log_class, "set session admin-up: %U",
477  bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
478  bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
479  bfd_calc_next_tx (bm, bs, now);
480  bfd_set_timer (bm, bs, now, 0);
481  }
482  else
483  {
484  BFD_DBG ("Session set admin-down, bs-idx=%u", bs->bs_idx);
485  vlib_log_info (bm->log_class, "set session admin-down: %U",
487  bfd_set_diag (bs, BFD_DIAG_CODE_admin_down);
488  bfd_set_state (vm, bm, bs, BFD_STATE_admin_down, 0);
489  bfd_calc_next_tx (bm, bs, now);
490  bfd_set_timer (bm, bs, now, 0);
491  }
492 }
493 
494 u8 *
495 bfd_input_format_trace (u8 * s, va_list * args)
496 {
497  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
498  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
499  const bfd_input_trace_t *t = va_arg (*args, bfd_input_trace_t *);
500  const bfd_pkt_t *pkt = (bfd_pkt_t *) t->data;
501  if (t->len > STRUCT_SIZE_OF (bfd_pkt_t, head))
502  {
503  s = format (s, "BFD v%u, diag=%u(%s), state=%u(%s),\n"
504  " flags=(P:%u, F:%u, C:%u, A:%u, D:%u, M:%u), "
505  "detect_mult=%u, length=%u\n",
508  bfd_pkt_get_state (pkt),
510  bfd_pkt_get_poll (pkt), bfd_pkt_get_final (pkt),
513  bfd_pkt_get_multipoint (pkt), pkt->head.detect_mult,
514  pkt->head.length);
515  if (t->len >= sizeof (bfd_pkt_t) &&
516  pkt->head.length >= sizeof (bfd_pkt_t))
517  {
518  s = format (s, " my discriminator: %u\n",
519  clib_net_to_host_u32 (pkt->my_disc));
520  s = format (s, " your discriminator: %u\n",
521  clib_net_to_host_u32 (pkt->your_disc));
522  s = format (s, " desired min tx interval: %u\n",
523  clib_net_to_host_u32 (pkt->des_min_tx));
524  s = format (s, " required min rx interval: %u\n",
525  clib_net_to_host_u32 (pkt->req_min_rx));
526  s = format (s, " required min echo rx interval: %u",
527  clib_net_to_host_u32 (pkt->req_min_echo_rx));
528  }
529  if (t->len >= sizeof (bfd_pkt_with_common_auth_t) &&
530  pkt->head.length >= sizeof (bfd_pkt_with_common_auth_t) &&
532  {
533  const bfd_pkt_with_common_auth_t *with_auth = (void *) pkt;
534  const bfd_auth_common_t *common = &with_auth->common_auth;
535  s = format (s, "\n auth len: %u\n", common->len);
536  s = format (s, " auth type: %u:%s\n", common->type,
537  bfd_auth_type_str (common->type));
538  if (t->len >= sizeof (bfd_pkt_with_sha1_auth_t) &&
539  pkt->head.length >= sizeof (bfd_pkt_with_sha1_auth_t) &&
540  (BFD_AUTH_TYPE_keyed_sha1 == common->type ||
541  BFD_AUTH_TYPE_meticulous_keyed_sha1 == common->type))
542  {
543  const bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
544  const bfd_auth_sha1_t *sha1 = &with_sha1->sha1_auth;
545  s = format (s, " seq num: %u\n",
546  clib_net_to_host_u32 (sha1->seq_num));
547  s = format (s, " key id: %u\n", sha1->key_id);
548  s = format (s, " hash: %U", format_hex_bytes, sha1->hash,
549  sizeof (sha1->hash));
550  }
551  }
552  else
553  {
554  s = format (s, "\n");
555  }
556  }
557 
558  return s;
559 }
560 
561 typedef struct
562 {
565 
566 static void
568 {
569  bfd_main_t *bm = &bfd_main;
570  u32 bs_idx = a->bs_idx;
571  u32 valid_bs = 0;
572  bfd_session_t session_data;
573 
574  bfd_lock (bm);
575  if (!pool_is_free_index (bm->sessions, bs_idx))
576  {
577  bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
578  clib_memcpy (&session_data, bs, sizeof (bfd_session_t));
579  valid_bs = 1;
580  }
581  else
582  {
583  BFD_DBG ("Ignoring event RPC for non-existent session index %u",
584  bs_idx);
585  }
586  bfd_unlock (bm);
587 
588  if (valid_bs)
589  bfd_event (bm, &session_data);
590 }
591 
592 static void
594 {
595  const u32 data_size = sizeof (bfd_rpc_event_t);
596  u8 data[data_size];
597  bfd_rpc_event_t *event = (bfd_rpc_event_t *) data;
598 
599  event->bs_idx = bs_idx;
601 }
602 
603 typedef struct
604 {
607 
608 static void
610 {
611  bfd_main_t *bm = &bfd_main;
612  u32 bs_idx = a->bs_idx;
613  bfd_lock (bm);
614  if (!pool_is_free_index (bm->sessions, bs_idx))
615  {
616  bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
617  bfd_notify_listeners (bm, BFD_LISTEN_EVENT_UPDATE, bs);
618  }
619  else
620  {
621  BFD_DBG ("Ignoring notify RPC for non-existent session index %u",
622  bs_idx);
623  }
624  bfd_unlock (bm);
625 }
626 
627 static void
629 {
630  const u32 data_size = sizeof (bfd_rpc_notify_listeners_t);
631  u8 data[data_size];
633  notify->bs_idx = bs_idx;
635 }
636 
637 static void
639  int handling_wakeup)
640 {
641  BFD_DBG ("\nState changed: %U", format_bfd_session, bs);
642 
643  if (vlib_get_thread_index () == 0)
644  {
645  bfd_event (bm, bs);
646  }
647  else
648  {
649  /* without RPC - a REGRESSION: BFD event are not propagated */
650  bfd_event_rpc (bs->bs_idx);
651  }
652 
653  switch (bs->local_state)
654  {
655  case BFD_STATE_admin_down:
656  bs->echo = 0;
658  clib_max
663  bfd_set_timer (bm, bs, now, handling_wakeup);
664  break;
665  case BFD_STATE_down:
666  bs->echo = 0;
668  clib_max
673  bfd_set_timer (bm, bs, now, handling_wakeup);
674  break;
675  case BFD_STATE_init:
676  bs->echo = 0;
679  bfd_set_timer (bm, bs, now, handling_wakeup);
680  break;
681  case BFD_STATE_up:
684  if (BFD_POLL_NOT_NEEDED == bs->poll_state)
685  {
688  }
689  bfd_set_timer (bm, bs, now, handling_wakeup);
690  break;
691  }
692  if (vlib_get_thread_index () == 0)
693  {
694  bfd_notify_listeners (bm, BFD_LISTEN_EVENT_UPDATE, bs);
695  }
696  else
697  {
698  /* without RPC - a REGRESSION: state changes are not propagated */
700  }
701 }
702 
703 static void
705  bfd_main_t * bm, bfd_session_t * bs, u64 now)
706 {
707  /*
708  * if remote demand mode is set and we need to do a poll, set the next
709  * timeout so that the session wakes up immediately
710  */
711  if (bs->remote_demand && BFD_POLL_NEEDED == bs->poll_state &&
713  {
714  bs->tx_timeout_nsec = now;
715  }
716  bfd_recalc_detection_time (bm, bs);
717  bfd_set_timer (bm, bs, now, 0);
718 }
719 
720 static void
722 {
723  switch (bs->transport)
724  {
725  case BFD_TRANSPORT_UDP4:
726  BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
727  bfd_add_udp4_transport (vm, bi, bs, 0 /* is_echo */ );
728  break;
729  case BFD_TRANSPORT_UDP6:
730  BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
731  bfd_add_udp6_transport (vm, bi, bs, 0 /* is_echo */ );
732  break;
733  }
734 }
735 
736 static int
738 {
739  switch (bs->transport)
740  {
741  case BFD_TRANSPORT_UDP4:
742  BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx);
743  return bfd_transport_udp4 (vm, bi, bs);
744  break;
745  case BFD_TRANSPORT_UDP6:
746  BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx);
747  return bfd_transport_udp6 (vm, bi, bs);
748  break;
749  }
750  return 0;
751 }
752 
753 static int
755 {
756  switch (bs->transport)
757  {
758  case BFD_TRANSPORT_UDP4:
759  BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
760  return bfd_add_udp4_transport (vm, bi, bs, 1 /* is_echo */ );
761  break;
762  case BFD_TRANSPORT_UDP6:
763  BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
764  return bfd_add_udp6_transport (vm, bi, bs, 1 /* is_echo */ );
765  break;
766  }
767  return 0;
768 }
769 
770 static int
772 {
773  switch (bs->transport)
774  {
775  case BFD_TRANSPORT_UDP4:
776  BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx);
777  return bfd_transport_udp4 (vm, bi, bs);
778  break;
779  case BFD_TRANSPORT_UDP6:
780  BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx);
781  return bfd_transport_udp6 (vm, bi, bs);
782  break;
783  }
784  return 0;
785 }
786 
787 #if WITH_LIBSSL > 0
788 static void
789 bfd_add_sha1_auth_section (vlib_buffer_t * b, bfd_session_t * bs)
790 {
791  bfd_pkt_with_sha1_auth_t *pkt = vlib_buffer_get_current (b);
792  bfd_auth_sha1_t *auth = &pkt->sha1_auth;
793  b->current_length += sizeof (*auth);
794  pkt->pkt.head.length += sizeof (*auth);
795  bfd_pkt_set_auth_present (&pkt->pkt);
796  clib_memset (auth, 0, sizeof (*auth));
797  auth->type_len.type = bs->auth.curr_key->auth_type;
798  /*
799  * only meticulous authentication types require incrementing seq number
800  * for every message, but doing so doesn't violate the RFC
801  */
802  ++bs->auth.local_seq_number;
803  auth->type_len.len = sizeof (bfd_auth_sha1_t);
804  auth->key_id = bs->auth.curr_bfd_key_id;
805  auth->seq_num = clib_host_to_net_u32 (bs->auth.local_seq_number);
806  /*
807  * first copy the password into the packet, then calculate the hash
808  * and finally replace the password with the calculated hash
809  */
810  clib_memcpy (auth->hash, bs->auth.curr_key->key,
811  sizeof (bs->auth.curr_key->key));
812  unsigned char hash[sizeof (auth->hash)];
813  SHA1 ((unsigned char *) pkt, sizeof (*pkt), hash);
814  BFD_DBG ("hashing: %U", format_hex_bytes, pkt, sizeof (*pkt));
815  clib_memcpy (auth->hash, hash, sizeof (hash));
816 }
817 #endif
818 
819 static void
821 {
822  bfd_main_t *bm = &bfd_main;
823  if (bs->auth.curr_key)
824  {
825  const bfd_auth_type_e auth_type = bs->auth.curr_key->auth_type;
826  switch (auth_type)
827  {
828  case BFD_AUTH_TYPE_reserved:
829  /* fallthrough */
830  case BFD_AUTH_TYPE_simple_password:
831  /* fallthrough */
832  case BFD_AUTH_TYPE_keyed_md5:
833  /* fallthrough */
834  case BFD_AUTH_TYPE_meticulous_keyed_md5:
836  "internal error, unexpected BFD auth type '%d'",
837  auth_type);
838  break;
839 #if WITH_LIBSSL > 0
840  case BFD_AUTH_TYPE_keyed_sha1:
841  /* fallthrough */
842  case BFD_AUTH_TYPE_meticulous_keyed_sha1:
843  bfd_add_sha1_auth_section (b, bs);
844  break;
845 #else
846  case BFD_AUTH_TYPE_keyed_sha1:
847  /* fallthrough */
848  case BFD_AUTH_TYPE_meticulous_keyed_sha1:
850  "internal error, unexpected BFD auth type '%d'",
851  auth_type);
852  break;
853 #endif
854  }
855  }
856 }
857 
858 static int
860 {
861  if (BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state &&
862  bs->remote_min_echo_rx_usec > 0)
863  {
864  switch (bs->transport)
865  {
866  case BFD_TRANSPORT_UDP4:
867  return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP4);
868  case BFD_TRANSPORT_UDP6:
869  return bfd_udp_is_echo_available (BFD_TRANSPORT_UDP6);
870  }
871  }
872  return 0;
873 }
874 
875 static void
877  vlib_buffer_t * b)
878 {
879  bfd_pkt_t *pkt = vlib_buffer_get_current (b);
880  u32 bfd_length = 0;
881  bfd_length = sizeof (bfd_pkt_t);
882  clib_memset (pkt, 0, sizeof (*pkt));
883  bfd_pkt_set_version (pkt, 1);
885  bfd_pkt_set_state (pkt, bs->local_state);
886  pkt->head.detect_mult = bs->local_detect_mult;
887  pkt->head.length = bfd_length;
888  pkt->my_disc = bs->local_discr;
889  pkt->your_disc = bs->remote_discr;
890  pkt->des_min_tx = clib_host_to_net_u32 (bs->config_desired_min_tx_usec);
891  if (bs->echo)
892  {
893  pkt->req_min_rx =
894  clib_host_to_net_u32 (bfd_nsec_to_usec
896  }
897  else
898  {
899  pkt->req_min_rx =
900  clib_host_to_net_u32 (bs->config_required_min_rx_usec);
901  }
902  pkt->req_min_echo_rx = clib_host_to_net_u32 (1);
903  b->current_length = bfd_length;
904 }
905 
906 static void
908  bfd_main_t * bm, bfd_session_t * bs, u64 now)
909 {
910  if (!bfd_is_echo_possible (bs))
911  {
912  BFD_DBG ("\nSwitching off echo function: %U", format_bfd_session, bs);
913  bs->echo = 0;
914  return;
915  }
916  if (now >= bs->echo_tx_timeout_nsec)
917  {
918  BFD_DBG ("\nSending echo packet: %U", format_bfd_session, bs);
919  u32 bi;
920  if (vlib_buffer_alloc (vm, &bi, 1) != 1)
921  {
922  vlib_log_crit (bm->log_class, "buffer allocation failure");
923  return;
924  }
925  vlib_buffer_t *b = vlib_get_buffer (vm, bi);
926  ASSERT (b->current_data == 0);
928  bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b);
929  clib_memset (pkt, 0, sizeof (*pkt));
930  pkt->discriminator = bs->local_discr;
931  pkt->expire_time_nsec =
933  pkt->checksum =
934  bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_nsec,
935  bs->echo_secret);
936  b->current_length = sizeof (*pkt);
937  if (!bfd_echo_add_transport_layer (vm, bi, bs))
938  {
939  BFD_ERR ("cannot send echo packet out, turning echo off");
940  bs->echo = 0;
941  vlib_buffer_free_one (vm, bi);
942  return;
943  }
944  if (!bfd_transport_echo (vm, bi, bs))
945  {
946  BFD_ERR ("cannot send echo packet out, turning echo off");
947  bs->echo = 0;
948  vlib_buffer_free_one (vm, bi);
949  return;
950  }
951  bs->echo_last_tx_nsec = now;
952  bfd_calc_next_echo_tx (bm, bs, now);
953  }
954  else
955  {
956  BFD_DBG
957  ("No need to send echo packet now, now is %lu, tx_timeout is %lu",
958  now, bs->echo_tx_timeout_nsec);
959  }
960 }
961 
962 static void
964  bfd_main_t * bm, bfd_session_t * bs, u64 now)
965 {
966  if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state)
967  {
968  BFD_DBG ("Remote min rx interval is zero, not sending periodic control "
969  "frame");
970  return;
971  }
972  if (BFD_POLL_NOT_NEEDED == bs->poll_state && bs->remote_demand &&
973  BFD_STATE_up == bs->local_state && BFD_STATE_up == bs->remote_state)
974  {
975  /*
976  * A system MUST NOT periodically transmit BFD Control packets if Demand
977  * mode is active on the remote system (bfd.RemoteDemandMode is 1,
978  * bfd.SessionState is Up, and bfd.RemoteSessionState is Up) and a Poll
979  * Sequence is not being transmitted.
980  */
981  BFD_DBG ("Remote demand is set, not sending periodic control frame");
982  return;
983  }
984  if (now >= bs->tx_timeout_nsec)
985  {
986  BFD_DBG ("\nSending periodic control frame: %U", format_bfd_session,
987  bs);
988  u32 bi;
989  if (vlib_buffer_alloc (vm, &bi, 1) != 1)
990  {
991  vlib_log_crit (bm->log_class, "buffer allocation failure");
992  return;
993  }
994  vlib_buffer_t *b = vlib_get_buffer (vm, bi);
995  ASSERT (b->current_data == 0);
997  bfd_init_control_frame (bm, bs, b);
998  switch (bs->poll_state)
999  {
1000  case BFD_POLL_NEEDED:
1001  if (now < bs->poll_state_start_or_timeout_nsec)
1002  {
1003  BFD_DBG ("Cannot start a poll sequence yet, need to wait for "
1004  BFD_CLK_FMT,
1005  BFD_CLK_PRN (bs->poll_state_start_or_timeout_nsec -
1006  now));
1007  break;
1008  }
1010  bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS);
1011  /* fallthrough */
1012  case BFD_POLL_IN_PROGRESS:
1013  case BFD_POLL_IN_PROGRESS_AND_QUEUED:
1015  BFD_DBG ("Setting poll bit in packet, bs_idx=%u", bs->bs_idx);
1016  break;
1017  case BFD_POLL_NOT_NEEDED:
1018  /* fallthrough */
1019  break;
1020  }
1021  bfd_add_auth_section (b, bs);
1022  bfd_add_transport_layer (vm, bi, bs);
1023  if (!bfd_transport_control_frame (vm, bi, bs))
1024  {
1025  vlib_buffer_free_one (vm, bi);
1026  }
1027  bs->last_tx_nsec = now;
1028  bfd_calc_next_tx (bm, bs, now);
1029  }
1030  else
1031  {
1032  BFD_DBG
1033  ("No need to send control frame now, now is %lu, tx_timeout is %lu",
1034  now, bs->tx_timeout_nsec);
1035  }
1036 }
1037 
1038 void
1040  bfd_main_t * bm, bfd_session_t * bs,
1041  int is_local)
1042 {
1043  BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx);
1044  bfd_init_control_frame (bm, bs, b);
1046  bfd_add_auth_section (b, bs);
1047  u32 bi = vlib_get_buffer_index (vm, b);
1048  bfd_add_transport_layer (vm, bi, bs);
1049  bs->last_tx_nsec = bfd_time_now_nsec (vm, NULL);
1050  /*
1051  * RFC allows to include changes in final frame, so if there were any
1052  * pending, we already did that, thus we can clear any pending poll needs
1053  */
1054  bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
1055 }
1056 
1057 static void
1059  u64 now, int handling_wakeup)
1060 {
1061  if (bs->last_rx_nsec + bs->detection_time_nsec <= now)
1062  {
1063  BFD_DBG ("Rx timeout, session goes down");
1064  /*
1065  * RFC 5880 6.8.1. State Variables
1066 
1067  * bfd.RemoteDiscr
1068 
1069  * The remote discriminator for this BFD session. This is the
1070  * discriminator chosen by the remote system, and is totally opaque
1071  * to the local system. This MUST be initialized to zero. If a
1072  * period of a Detection Time passes without the receipt of a valid,
1073  * authenticated BFD packet from the remote system, this variable
1074  * MUST be set to zero.
1075  */
1076  bs->remote_discr = 0;
1077  bfd_set_diag (bs, BFD_DIAG_CODE_det_time_exp);
1078  bfd_set_state (vm, bm, bs, BFD_STATE_down, handling_wakeup);
1079  /*
1080  * If the remote system does not receive any
1081  * BFD Control packets for a Detection Time, it SHOULD reset
1082  * bfd.RemoteMinRxInterval to its initial value of 1 (per section 6.8.1,
1083  * since it is no longer required to maintain previous session state)
1084  * and then can transmit at its own rate.
1085  */
1086  bfd_set_remote_required_min_rx (bm, bs, now, 1);
1087  }
1088  else if (bs->echo
1089  && bs->echo_last_rx_nsec +
1091  {
1092  BFD_DBG ("Echo rx timeout, session goes down");
1093  bfd_set_diag (bs, BFD_DIAG_CODE_echo_failed);
1094  bfd_set_state (vm, bm, bs, BFD_STATE_down, handling_wakeup);
1095  }
1096 }
1097 
1098 void
1100  bfd_session_t * bs, u64 now)
1101 {
1102  BFD_DBG ("Timeout for bs_idx=%lu", bs->bs_idx);
1103  switch (bs->local_state)
1104  {
1105  case BFD_STATE_admin_down:
1106  bfd_send_periodic (vm, rt, bm, bs, now);
1107  break;
1108  case BFD_STATE_down:
1109  bfd_send_periodic (vm, rt, bm, bs, now);
1110  break;
1111  case BFD_STATE_init:
1112  bfd_check_rx_timeout (vm, bm, bs, now, 1);
1113  bfd_send_periodic (vm, rt, bm, bs, now);
1114  break;
1115  case BFD_STATE_up:
1116  bfd_check_rx_timeout (vm, bm, bs, now, 1);
1117  if (BFD_POLL_NOT_NEEDED == bs->poll_state && !bs->echo &&
1118  bfd_is_echo_possible (bs))
1119  {
1120  /* switch on echo function as main detection method now */
1121  BFD_DBG ("Switching on echo function, bs_idx=%u", bs->bs_idx);
1122  bs->echo = 1;
1123  bs->echo_last_rx_nsec = now;
1124  bs->echo_tx_timeout_nsec = now;
1126  clib_max
1129  bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1130  }
1131  bfd_send_periodic (vm, rt, bm, bs, now);
1132  if (bs->echo)
1133  {
1134  bfd_send_echo (vm, rt, bm, bs, now);
1135  }
1136  break;
1137  }
1138 }
1139 
1140 /*
1141  * bfd process node function
1142  */
1143 static uword
1145 {
1146  bfd_main_t *bm = &bfd_main;
1147  u32 *expired = 0;
1148  uword event_type, *event_data = 0;
1149 
1150  /* So we can send events to the bfd process */
1152 
1153  while (1)
1154  {
1155  f64 vm_time;
1156  u64 now = bfd_time_now_nsec (vm, &vm_time);
1157  BFD_DBG ("wakeup, now is %llunsec, vlib_time_now() is %.9f", now,
1158  vm_time);
1159  bfd_lock (bm);
1160  f64 timeout;
1161  if (pool_elts (bm->sessions))
1162  {
1163  u32 first_expires_in_ticks =
1164  TW (tw_timer_first_expires_in_ticks) (&bm->wheel);
1165  if (!first_expires_in_ticks)
1166  {
1167  BFD_DBG
1168  ("tw_timer_first_expires_in_ticks(%p) returns 0ticks",
1169  &bm->wheel);
1170  timeout = bm->wheel.next_run_time - vm_time;
1171  BFD_DBG ("wheel.next_run_time is %.9f",
1172  bm->wheel.next_run_time);
1173  u64 next_expire_nsec = now + timeout * SEC_PER_NSEC;
1174  bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
1175  bfd_unlock (bm);
1176  }
1177  else
1178  {
1179  BFD_DBG ("tw_timer_first_expires_in_ticks(%p) returns %luticks",
1180  &bm->wheel, first_expires_in_ticks);
1181  u64 next_expire_nsec =
1182  now + first_expires_in_ticks * bm->nsec_per_tw_tick;
1183  bm->bfd_process_next_wakeup_nsec = next_expire_nsec;
1184  bfd_unlock (bm);
1185  timeout = (next_expire_nsec - now) * SEC_PER_NSEC;
1186  }
1187  BFD_DBG ("vlib_process_wait_for_event_or_clock(vm, %.09f)",
1188  timeout);
1189  (void) vlib_process_wait_for_event_or_clock (vm, timeout);
1190  }
1191  else
1192  {
1193  bfd_unlock (bm);
1194  (void) vlib_process_wait_for_event (vm);
1195  }
1196  event_type = vlib_process_get_events (vm, &event_data);
1197  now = bfd_time_now_nsec (vm, &vm_time);
1198  uword *session_index;
1199  switch (event_type)
1200  {
1201  case ~0: /* no events => timeout */
1202  /* nothing to do here */
1203  break;
1204  case BFD_EVENT_RESCHEDULE:
1205  BFD_DBG ("reschedule event");
1206  bfd_lock (bm);
1210  bfd_unlock (bm);
1211  /* nothing to do here - reschedule is done automatically after
1212  * each event or timeout */
1213  break;
1214  case BFD_EVENT_NEW_SESSION:
1215  vec_foreach (session_index, event_data)
1216  {
1217  bfd_lock (bm);
1218  if (!pool_is_free_index (bm->sessions, *session_index))
1219  {
1220  bfd_session_t *bs =
1221  pool_elt_at_index (bm->sessions, *session_index);
1222  bfd_send_periodic (vm, rt, bm, bs, now);
1223  bfd_set_timer (bm, bs, now, 1);
1224  }
1225  else
1226  {
1227  BFD_DBG ("Ignoring event for non-existent session index %u",
1228  (u32) * session_index);
1229  }
1230  bfd_unlock (bm);
1231  }
1232  break;
1234  vec_foreach (session_index, event_data)
1235  {
1236  bfd_lock (bm);
1237  if (!pool_is_free_index (bm->sessions, *session_index))
1238  {
1239  bfd_session_t *bs =
1240  pool_elt_at_index (bm->sessions, *session_index);
1241  bfd_on_config_change (vm, rt, bm, bs, now);
1242  }
1243  else
1244  {
1245  BFD_DBG ("Ignoring event for non-existent session index %u",
1246  (u32) * session_index);
1247  }
1248  bfd_unlock (bm);
1249  }
1250  break;
1251  default:
1252  vlib_log_err (bm->log_class, "BUG: event type 0x%wx", event_type);
1253  break;
1254  }
1255  BFD_DBG ("tw_timer_expire_timers_vec(%p, %.04f);", &bm->wheel, vm_time);
1256  bfd_lock (bm);
1257  expired =
1258  TW (tw_timer_expire_timers_vec) (&bm->wheel, vm_time, expired);
1259  BFD_DBG ("Expired %d elements", vec_len (expired));
1260  u32 *p = NULL;
1261  vec_foreach (p, expired)
1262  {
1263  const u32 bs_idx = *p;
1264  if (!pool_is_free_index (bm->sessions, bs_idx))
1265  {
1266  bfd_session_t *bs = pool_elt_at_index (bm->sessions, bs_idx);
1267  bs->tw_id = 0; /* timer is gone because it expired */
1268  bfd_on_timeout (vm, rt, bm, bs, now);
1269  bfd_set_timer (bm, bs, now, 1);
1270  }
1271  }
1272  bfd_unlock (bm);
1273  if (expired)
1274  {
1275  _vec_len (expired) = 0;
1276  }
1277  if (event_data)
1278  {
1279  _vec_len (event_data) = 0;
1280  }
1281  }
1282 
1283  return 0;
1284 }
1285 
1286 /*
1287  * bfd process node declaration
1288  */
1289 /* *INDENT-OFF* */
1291  .function = bfd_process,
1292  .type = VLIB_NODE_TYPE_PROCESS,
1293  .name = "bfd-process",
1294  .n_next_nodes = 0,
1295  .next_nodes = {},
1296 };
1297 /* *INDENT-ON* */
1298 
1299 static clib_error_t *
1301 {
1302  // bfd_main_t *bm = &bfd_main;
1303  // vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1304  if (!(flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1305  {
1306  /* TODO */
1307  }
1308  return 0;
1309 }
1310 
1312 
1313 static clib_error_t *
1315 {
1316  // bfd_main_t *bm = &bfd_main;
1317  if (flags & VNET_HW_INTERFACE_FLAG_LINK_UP)
1318  {
1319  /* TODO */
1320  }
1321  return 0;
1322 }
1323 
1325 
1326 void
1328 {
1329  bfd_main_t *bm = &bfd_main;
1330 
1331  vec_add1 (bm->listeners, fn);
1332 }
1333 
1334 /*
1335  * setup function
1336  */
1337 static clib_error_t *
1339 {
1341  u32 n_vlib_mains = tm->n_vlib_mains;
1342 #if BFD_DEBUG
1343  setbuf (stdout, NULL);
1344 #endif
1345  bfd_main_t *bm = &bfd_main;
1347  bm->vlib_main = vm;
1348  bm->vnet_main = vnet_get_main ();
1349  clib_memset (&bm->wheel, 0, sizeof (bm->wheel));
1355  BFD_DBG ("tw_timer_wheel_init(%p, %p, %.04f, %u)", &bm->wheel, NULL,
1356  1.00 / BFD_TW_TPS, ~0);
1357  TW (tw_timer_wheel_init) (&bm->wheel, NULL, 1.00 / BFD_TW_TPS, ~0);
1358  bm->log_class = vlib_log_register_class ("bfd", 0);
1359  vlib_log_debug (bm->log_class, "initialized");
1360  bm->owner_thread_index = ~0;
1361  if (n_vlib_mains > 1)
1362  clib_spinlock_init (&bm->lock);
1363  return 0;
1364 }
1365 
1367 
1368 bfd_session_t *
1370 {
1371  bfd_session_t *result;
1372 
1373  bfd_lock (bm);
1374 
1375  pool_get (bm->sessions, result);
1376  clib_memset (result, 0, sizeof (*result));
1377  result->bs_idx = result - bm->sessions;
1378  result->transport = t;
1379  const unsigned limit = 1000;
1380  unsigned counter = 0;
1381  do
1382  {
1383  result->local_discr = random_u32 (&bm->random_seed);
1384  if (counter > limit)
1385  {
1386  vlib_log_crit (bm->log_class,
1387  "couldn't allocate unused session discriminator even "
1388  "after %u tries!", limit);
1389  pool_put (bm->sessions, result);
1390  bfd_unlock (bm);
1391  return NULL;
1392  }
1393  ++counter;
1394  }
1395  while (hash_get (bm->session_by_disc, result->local_discr));
1396  bfd_set_defaults (bm, result);
1397  hash_set (bm->session_by_disc, result->local_discr, result->bs_idx);
1398  bfd_unlock (bm);
1399  return result;
1400 }
1401 
1402 void
1404 {
1405  bfd_lock (bm);
1406 
1407  vlib_log_info (bm->log_class, "delete session: %U",
1409  bfd_notify_listeners (bm, BFD_LISTEN_EVENT_DELETE, bs);
1410  if (bs->auth.curr_key)
1411  {
1412  --bs->auth.curr_key->use_count;
1413  }
1414  if (bs->auth.next_key)
1415  {
1416  --bs->auth.next_key->use_count;
1417  }
1419  pool_put (bm->sessions, bs);
1420  bfd_unlock (bm);
1421 }
1422 
1423 bfd_session_t *
1425 {
1426  bfd_lock_check (bm);
1427  if (!pool_is_free_index (bm->sessions, bs_idx))
1428  {
1429  return pool_elt_at_index (bm->sessions, bs_idx);
1430  }
1431  return NULL;
1432 }
1433 
1434 bfd_session_t *
1436 {
1437  bfd_lock_check (bm);
1438  uword *p = hash_get (bfd_main.session_by_disc, disc);
1439  if (p)
1440  {
1441  return pool_elt_at_index (bfd_main.sessions, *p);
1442  }
1443  return NULL;
1444 }
1445 
1446 /**
1447  * @brief verify bfd packet - common checks
1448  *
1449  * @param pkt
1450  *
1451  * @return 1 if bfd packet is valid
1452  */
1453 int
1454 bfd_verify_pkt_common (const bfd_pkt_t * pkt)
1455 {
1456  if (1 != bfd_pkt_get_version (pkt))
1457  {
1458  BFD_ERR ("BFD verification failed - unexpected version: '%d'",
1459  bfd_pkt_get_version (pkt));
1460  return 0;
1461  }
1462  if (pkt->head.length < sizeof (bfd_pkt_t) ||
1463  (bfd_pkt_get_auth_present (pkt) &&
1464  pkt->head.length < sizeof (bfd_pkt_with_common_auth_t)))
1465  {
1466  BFD_ERR ("BFD verification failed - unexpected length: '%d' (auth "
1467  "present: %d)",
1468  pkt->head.length, bfd_pkt_get_auth_present (pkt));
1469  return 0;
1470  }
1471  if (!pkt->head.detect_mult)
1472  {
1473  BFD_ERR ("BFD verification failed - unexpected detect-mult: '%d'",
1474  pkt->head.detect_mult);
1475  return 0;
1476  }
1477  if (bfd_pkt_get_multipoint (pkt))
1478  {
1479  BFD_ERR ("BFD verification failed - unexpected multipoint: '%d'",
1480  bfd_pkt_get_multipoint (pkt));
1481  return 0;
1482  }
1483  if (!pkt->my_disc)
1484  {
1485  BFD_ERR ("BFD verification failed - unexpected my-disc: '%d'",
1486  pkt->my_disc);
1487  return 0;
1488  }
1489  if (!pkt->your_disc)
1490  {
1491  const u8 pkt_state = bfd_pkt_get_state (pkt);
1492  if (pkt_state != BFD_STATE_down && pkt_state != BFD_STATE_admin_down)
1493  {
1494  BFD_ERR ("BFD verification failed - unexpected state: '%s' "
1495  "(your-disc is zero)", bfd_state_string (pkt_state));
1496  return 0;
1497  }
1498  }
1499  return 1;
1500 }
1501 
1502 static void
1504 {
1505  BFD_DBG ("Switching authentication key from %U to %U for bs_idx=%u",
1507  bs->auth.next_key, bs->bs_idx);
1508  bs->auth.is_delayed = 0;
1509  if (bs->auth.curr_key)
1510  {
1511  --bs->auth.curr_key->use_count;
1512  }
1513  bs->auth.curr_key = bs->auth.next_key;
1514  bs->auth.next_key = NULL;
1516 }
1517 
1518 static int
1520 {
1521  if (BFD_AUTH_TYPE_meticulous_keyed_md5 == auth_type ||
1522  BFD_AUTH_TYPE_meticulous_keyed_sha1 == auth_type)
1523  {
1524  return 1;
1525  }
1526  return 0;
1527 }
1528 
1529 static int
1531  u32 received_seq_num, int is_meticulous)
1532 {
1533  /*
1534  * RFC 5880 6.8.1:
1535  *
1536  * This variable MUST be set to zero after no packets have been
1537  * received on this session for at least twice the Detection Time.
1538  */
1539  u64 now = bfd_time_now_nsec (vm, NULL);
1540  if (now - bs->last_rx_nsec > bs->detection_time_nsec * 2)
1541  {
1542  BFD_DBG ("BFD peer unresponsive for %lu nsec, which is > 2 * "
1543  "detection_time=%u nsec, resetting remote_seq_number_known "
1544  "flag", now - bs->last_rx_nsec, bs->detection_time_nsec * 2);
1545  bs->auth.remote_seq_number_known = 0;
1546  }
1547  if (bs->auth.remote_seq_number_known)
1548  {
1549  /* remote sequence number is known, verify its validity */
1550  const u32 max_u32 = 0xffffffff;
1551  /* the calculation might wrap, account for the special case... */
1552  if (bs->auth.remote_seq_number > max_u32 - 3 * bs->local_detect_mult)
1553  {
1554  /*
1555  * special case
1556  *
1557  * x y z
1558  * |----------+----------------------------+-----------|
1559  * 0 ^ ^ 0xffffffff
1560  * | remote_seq_num------+
1561  * |
1562  * +-----(remote_seq_num + 3*detect_mult) % * 0xffffffff
1563  *
1564  * x + y + z = 0xffffffff
1565  * x + z = 3 * detect_mult
1566  */
1567  const u32 z = max_u32 - bs->auth.remote_seq_number;
1568  const u32 x = 3 * bs->local_detect_mult - z;
1569  if (received_seq_num > x &&
1570  received_seq_num < bs->auth.remote_seq_number + is_meticulous)
1571  {
1572  BFD_ERR
1573  ("Recvd sequence number=%u out of ranges <0, %u>, <%u, %u>",
1574  received_seq_num, x,
1575  bs->auth.remote_seq_number + is_meticulous, max_u32);
1576  return 0;
1577  }
1578  }
1579  else
1580  {
1581  /* regular case */
1582  const u32 min = bs->auth.remote_seq_number + is_meticulous;
1583  const u32 max =
1585  if (received_seq_num < min || received_seq_num > max)
1586  {
1587  BFD_ERR ("Recvd sequence number=%u out of range <%u, %u>",
1588  received_seq_num, min, max);
1589  return 0;
1590  }
1591  }
1592  }
1593  return 1;
1594 }
1595 
1596 static int
1597 bfd_verify_pkt_auth_key_sha1 (const bfd_pkt_t * pkt, u32 pkt_size,
1598  bfd_session_t * bs, u8 bfd_key_id,
1599  bfd_auth_key_t * auth_key)
1600 {
1601  ASSERT (auth_key->auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
1602  auth_key->auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1);
1603 
1604  u8 result[SHA_DIGEST_LENGTH];
1605  bfd_pkt_with_common_auth_t *with_common = (void *) pkt;
1606  if (pkt_size < sizeof (*with_common))
1607  {
1608  BFD_ERR ("Packet size too small to hold authentication common header");
1609  return 0;
1610  }
1611  if (with_common->common_auth.type != auth_key->auth_type)
1612  {
1613  BFD_ERR ("BFD auth type mismatch, packet auth=%d:%s doesn't match "
1614  "in-use auth=%d:%s",
1615  with_common->common_auth.type,
1616  bfd_auth_type_str (with_common->common_auth.type),
1617  auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1618  return 0;
1619  }
1620  bfd_pkt_with_sha1_auth_t *with_sha1 = (void *) pkt;
1621  if (pkt_size < sizeof (*with_sha1) ||
1622  with_sha1->sha1_auth.type_len.len < sizeof (with_sha1->sha1_auth))
1623  {
1624  BFD_ERR
1625  ("BFD size mismatch, payload size=%u, expected=%u, auth_len=%u, "
1626  "expected=%u", pkt_size, sizeof (*with_sha1),
1627  with_sha1->sha1_auth.type_len.len, sizeof (with_sha1->sha1_auth));
1628  return 0;
1629  }
1630  if (with_sha1->sha1_auth.key_id != bfd_key_id)
1631  {
1632  BFD_ERR
1633  ("BFD key ID mismatch, packet key ID=%u doesn't match key ID=%u%s",
1634  with_sha1->sha1_auth.key_id, bfd_key_id,
1635  bs->
1636  auth.is_delayed ? " (but a delayed auth change is scheduled)" : "");
1637  return 0;
1638  }
1639  SHA_CTX ctx;
1640  if (!SHA1_Init (&ctx))
1641  {
1642  BFD_ERR ("SHA1_Init failed");
1643  return 0;
1644  }
1645  /* ignore last 20 bytes - use the actual key data instead pkt data */
1646  if (!SHA1_Update (&ctx, with_sha1,
1647  sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
1648  {
1649  BFD_ERR ("SHA1_Update failed");
1650  return 0;
1651  }
1652  if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
1653  {
1654  BFD_ERR ("SHA1_Update failed");
1655  return 0;
1656  }
1657  if (!SHA1_Final (result, &ctx))
1658  {
1659  BFD_ERR ("SHA1_Final failed");
1660  return 0;
1661  }
1662  if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
1663  {
1664  return 1;
1665  }
1666  BFD_ERR ("SHA1 hash: %U doesn't match the expected value: %U",
1667  format_hex_bytes, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH,
1668  format_hex_bytes, result, SHA_DIGEST_LENGTH);
1669  return 0;
1670 }
1671 
1672 static int
1673 bfd_verify_pkt_auth_key (vlib_main_t * vm, const bfd_pkt_t * pkt,
1674  u32 pkt_size, bfd_session_t * bs, u8 bfd_key_id,
1675  bfd_auth_key_t * auth_key)
1676 {
1677  bfd_main_t *bm = &bfd_main;
1678  switch (auth_key->auth_type)
1679  {
1680  case BFD_AUTH_TYPE_reserved:
1681  vlib_log_err (bm->log_class,
1682  "internal error, unexpected auth_type=%d:%s",
1683  auth_key->auth_type,
1684  bfd_auth_type_str (auth_key->auth_type));
1685  return 0;
1686  case BFD_AUTH_TYPE_simple_password:
1687  vlib_log_err (bm->log_class,
1688  "internal error, not implemented, unexpected auth_type=%d:%s",
1689  auth_key->auth_type,
1690  bfd_auth_type_str (auth_key->auth_type));
1691  return 0;
1692  case BFD_AUTH_TYPE_keyed_md5:
1693  /* fallthrough */
1694  case BFD_AUTH_TYPE_meticulous_keyed_md5:
1695  vlib_log_err
1696  (bm->log_class,
1697  "internal error, not implemented, unexpected auth_type=%d:%s",
1698  auth_key->auth_type, bfd_auth_type_str (auth_key->auth_type));
1699  return 0;
1700  case BFD_AUTH_TYPE_keyed_sha1:
1701  /* fallthrough */
1702  case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1703 #if WITH_LIBSSL > 0
1704  do
1705  {
1706  const u32 seq_num = clib_net_to_host_u32 (((bfd_pkt_with_sha1_auth_t
1707  *) pkt)->
1708  sha1_auth.seq_num);
1709  return bfd_verify_pkt_auth_seq_num (vm, bs, seq_num,
1711  (auth_key->auth_type))
1712  && bfd_verify_pkt_auth_key_sha1 (pkt, pkt_size, bs, bfd_key_id,
1713  auth_key);
1714  }
1715  while (0);
1716 #else
1717  vlib_log_err
1718  (bm->log_class,
1719  "internal error, attempt to use SHA1 without SSL support");
1720  return 0;
1721 #endif
1722  }
1723  return 0;
1724 }
1725 
1726 /**
1727  * @brief verify bfd packet - authentication
1728  *
1729  * @param pkt
1730  *
1731  * @return 1 if bfd packet is valid
1732  */
1733 int
1734 bfd_verify_pkt_auth (vlib_main_t * vm, const bfd_pkt_t * pkt, u16 pkt_size,
1735  bfd_session_t * bs)
1736 {
1737  if (bfd_pkt_get_auth_present (pkt))
1738  {
1739  /* authentication present in packet */
1740  if (!bs->auth.curr_key)
1741  {
1742  /* currently not using authentication - can we turn it on? */
1743  if (bs->auth.is_delayed && bs->auth.next_key)
1744  {
1745  /* yes, switch is scheduled - make sure the auth is valid */
1746  if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1747  bs->auth.next_bfd_key_id,
1748  bs->auth.next_key))
1749  {
1750  /* auth matches next key, do the switch, packet is valid */
1752  return 1;
1753  }
1754  }
1755  }
1756  else
1757  {
1758  /* yes, using authentication, verify the key */
1759  if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1760  bs->auth.curr_bfd_key_id,
1761  bs->auth.curr_key))
1762  {
1763  /* verification passed, packet is valid */
1764  return 1;
1765  }
1766  else
1767  {
1768  /* verification failed - but maybe we need to switch key */
1769  if (bs->auth.is_delayed && bs->auth.next_key)
1770  {
1771  /* delayed switch present, verify if that key works */
1772  if (bfd_verify_pkt_auth_key (vm, pkt, pkt_size, bs,
1773  bs->auth.next_bfd_key_id,
1774  bs->auth.next_key))
1775  {
1776  /* auth matches next key, switch key, packet is valid */
1778  return 1;
1779  }
1780  }
1781  }
1782  }
1783  }
1784  else
1785  {
1786  /* authentication in packet not present */
1787  if (pkt_size > sizeof (*pkt))
1788  {
1789  BFD_ERR ("BFD verification failed - unexpected packet size '%d' "
1790  "(auth not present)", pkt_size);
1791  return 0;
1792  }
1793  if (bs->auth.curr_key)
1794  {
1795  /* currently authenticating - could we turn it off? */
1796  if (bs->auth.is_delayed && !bs->auth.next_key)
1797  {
1798  /* yes, delayed switch to NULL key is scheduled */
1800  return 1;
1801  }
1802  }
1803  else
1804  {
1805  /* no auth in packet, no auth in use - packet is valid */
1806  return 1;
1807  }
1808  }
1809  return 0;
1810 }
1811 
1812 void
1813 bfd_consume_pkt (vlib_main_t * vm, bfd_main_t * bm, const bfd_pkt_t * pkt,
1814  u32 bs_idx)
1815 {
1816  bfd_lock_check (bm);
1817 
1818  bfd_session_t *bs = bfd_find_session_by_idx (bm, bs_idx);
1819  if (!bs || (pkt->your_disc && pkt->your_disc != bs->local_discr))
1820  {
1821  return;
1822  }
1823  BFD_DBG ("Scanning bfd packet, bs_idx=%d", bs->bs_idx);
1824  bs->remote_discr = pkt->my_disc;
1825  bs->remote_state = bfd_pkt_get_state (pkt);
1826  bs->remote_demand = bfd_pkt_get_demand (pkt);
1827  bs->remote_diag = bfd_pkt_get_diag_code (pkt);
1828  u64 now = bfd_time_now_nsec (vm, NULL);
1829  bs->last_rx_nsec = now;
1830  if (bfd_pkt_get_auth_present (pkt))
1831  {
1832  bfd_auth_type_e auth_type =
1833  ((bfd_pkt_with_common_auth_t *) (pkt))->common_auth.type;
1834  switch (auth_type)
1835  {
1836  case BFD_AUTH_TYPE_reserved:
1837  /* fallthrough */
1838  case BFD_AUTH_TYPE_simple_password:
1839  /* fallthrough */
1840  case BFD_AUTH_TYPE_keyed_md5:
1841  /* fallthrough */
1842  case BFD_AUTH_TYPE_meticulous_keyed_md5:
1843  vlib_log_crit (bm->log_class,
1844  "internal error, unexpected auth_type=%d:%s",
1845  auth_type, bfd_auth_type_str (auth_type));
1846  break;
1847  case BFD_AUTH_TYPE_keyed_sha1:
1848  /* fallthrough */
1849  case BFD_AUTH_TYPE_meticulous_keyed_sha1:
1850  do
1851  {
1852  bfd_pkt_with_sha1_auth_t *with_sha1 =
1853  (bfd_pkt_with_sha1_auth_t *) pkt;
1854  bs->auth.remote_seq_number =
1855  clib_net_to_host_u32 (with_sha1->sha1_auth.seq_num);
1856  bs->auth.remote_seq_number_known = 1;
1857  BFD_DBG ("Received sequence number %u",
1858  bs->auth.remote_seq_number);
1859  }
1860  while (0);
1861  }
1862  }
1864  bfd_usec_to_nsec (clib_net_to_host_u32 (pkt->des_min_tx));
1865  bs->remote_detect_mult = pkt->head.detect_mult;
1866  bfd_set_remote_required_min_rx (bm, bs, now,
1867  clib_net_to_host_u32 (pkt->req_min_rx));
1869  clib_net_to_host_u32
1870  (pkt->req_min_echo_rx));
1871  if (bfd_pkt_get_final (pkt))
1872  {
1873  if (BFD_POLL_IN_PROGRESS == bs->poll_state)
1874  {
1875  BFD_DBG ("Poll sequence terminated, bs_idx=%u", bs->bs_idx);
1876  bfd_set_poll_state (bs, BFD_POLL_NOT_NEEDED);
1877  if (BFD_STATE_up == bs->local_state)
1878  {
1880  clib_max (bs->echo *
1883  }
1884  }
1885  else if (BFD_POLL_IN_PROGRESS_AND_QUEUED == bs->poll_state)
1886  {
1887  /*
1888  * next poll sequence must be delayed by at least the round trip
1889  * time, so calculate that here
1890  */
1891  BFD_DBG ("Next poll sequence can commence in " BFD_CLK_FMT,
1892  BFD_CLK_PRN (now - bs->poll_state_start_or_timeout_nsec));
1894  now + (now - bs->poll_state_start_or_timeout_nsec);
1895  BFD_DBG
1896  ("Poll sequence terminated, but another is needed, bs_idx=%u",
1897  bs->bs_idx);
1898  bfd_set_poll_state (bs, BFD_POLL_NEEDED);
1899  }
1900  }
1901  bfd_calc_next_tx (bm, bs, now);
1902  bfd_set_timer (bm, bs, now, 0);
1903  if (BFD_STATE_admin_down == bs->local_state)
1904  {
1905  BFD_DBG ("Session is admin-down, ignoring packet, bs_idx=%u",
1906  bs->bs_idx);
1907  return;
1908  }
1909  if (BFD_STATE_admin_down == bs->remote_state)
1910  {
1911  bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1912  bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
1913  }
1914  else if (BFD_STATE_down == bs->local_state)
1915  {
1916  if (BFD_STATE_down == bs->remote_state)
1917  {
1918  bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1919  bfd_set_state (vm, bm, bs, BFD_STATE_init, 0);
1920  }
1921  else if (BFD_STATE_init == bs->remote_state)
1922  {
1923  bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1924  bfd_set_state (vm, bm, bs, BFD_STATE_up, 0);
1925  }
1926  }
1927  else if (BFD_STATE_init == bs->local_state)
1928  {
1929  if (BFD_STATE_up == bs->remote_state ||
1930  BFD_STATE_init == bs->remote_state)
1931  {
1932  bfd_set_diag (bs, BFD_DIAG_CODE_no_diag);
1933  bfd_set_state (vm, bm, bs, BFD_STATE_up, 0);
1934  }
1935  }
1936  else /* BFD_STATE_up == bs->local_state */
1937  {
1938  if (BFD_STATE_down == bs->remote_state)
1939  {
1940  bfd_set_diag (bs, BFD_DIAG_CODE_neighbor_sig_down);
1941  bfd_set_state (vm, bm, bs, BFD_STATE_down, 0);
1942  }
1943  }
1944 }
1945 
1946 int
1948 {
1949  bfd_echo_pkt_t *pkt = NULL;
1950  if (b->current_length != sizeof (*pkt))
1951  {
1952  return 0;
1953  }
1954  pkt = vlib_buffer_get_current (b);
1955  bfd_session_t *bs = bfd_find_session_by_disc (bm, pkt->discriminator);
1956  if (!bs)
1957  {
1958  return 0;
1959  }
1960  BFD_DBG ("Scanning bfd echo packet, bs_idx=%d", bs->bs_idx);
1961  u64 checksum =
1962  bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_nsec,
1963  bs->echo_secret);
1964  if (checksum != pkt->checksum)
1965  {
1966  BFD_DBG ("Invalid echo packet, checksum mismatch");
1967  return 1;
1968  }
1969  u64 now = bfd_time_now_nsec (vm, NULL);
1970  if (pkt->expire_time_nsec < now)
1971  {
1972  BFD_DBG ("Stale packet received, expire time %lu < now %lu",
1973  pkt->expire_time_nsec, now);
1974  }
1975  else
1976  {
1977  bs->echo_last_rx_nsec = now;
1978  }
1979  return 1;
1980 }
1981 
1982 u8 *
1983 format_bfd_session (u8 * s, va_list * args)
1984 {
1985  const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
1986  u32 indent = format_get_indent (s) + vlib_log_get_indent ();
1987  s = format (s, "bs_idx=%u local-state=%s remote-state=%s\n"
1988  "%Ulocal-discriminator=%u remote-discriminator=%u\n"
1989  "%Ulocal-diag=%s echo-active=%s\n"
1990  "%Udesired-min-tx=%u required-min-rx=%u\n"
1991  "%Urequired-min-echo-rx=%u detect-mult=%u\n"
1992  "%Uremote-min-rx=%u remote-min-echo-rx=%u\n"
1993  "%Uremote-demand=%s poll-state=%s\n"
1994  "%Uauth: local-seq-num=%u remote-seq-num=%u\n"
1995  "%U is-delayed=%s\n"
1996  "%U curr-key=%U\n"
1997  "%U next-key=%U",
1998  bs->bs_idx, bfd_state_string (bs->local_state),
2000  bs->local_discr, bs->remote_discr, format_white_space, indent,
2002  (bs->echo ? "yes" : "no"), format_white_space, indent,
2004  format_white_space, indent, 1, bs->local_detect_mult,
2007  (bs->remote_demand ? "yes" : "no"),
2009  indent, bs->auth.local_seq_number, bs->auth.remote_seq_number,
2010  format_white_space, indent,
2011  (bs->auth.is_delayed ? "yes" : "no"), format_white_space,
2012  indent, format_bfd_auth_key, bs->auth.curr_key,
2014  bs->auth.next_key);
2015  return s;
2016 }
2017 
2018 u8 *
2019 format_bfd_session_brief (u8 * s, va_list * args)
2020 {
2021  const bfd_session_t *bs = va_arg (*args, bfd_session_t *);
2022  s =
2023  format (s, "bs_idx=%u local-state=%s remote-state=%s", bs->bs_idx,
2026  return s;
2027 }
2028 
2029 unsigned
2031 {
2032  if (auth_type == BFD_AUTH_TYPE_keyed_sha1 ||
2033  auth_type == BFD_AUTH_TYPE_meticulous_keyed_sha1)
2034  {
2035  return 1;
2036  }
2037  return 0;
2038 }
2039 
2042  u8 bfd_key_id, u8 is_delayed)
2043 {
2044  bfd_main_t *bm = &bfd_main;
2045  const uword *key_idx_p =
2046  hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2047  if (!key_idx_p)
2048  {
2049  vlib_log_err (bm->log_class,
2050  "authentication key with config ID %u doesn't exist)",
2051  conf_key_id);
2052  return VNET_API_ERROR_BFD_ENOENT;
2053  }
2054  const uword key_idx = *key_idx_p;
2055  bfd_auth_key_t *key = pool_elt_at_index (bm->auth_keys, key_idx);
2056  if (is_delayed)
2057  {
2058  if (bs->auth.next_key == key)
2059  {
2060  /* already using this key, no changes required */
2061  return 0;
2062  }
2063  bs->auth.next_key = key;
2064  bs->auth.next_bfd_key_id = bfd_key_id;
2065  bs->auth.is_delayed = 1;
2066  }
2067  else
2068  {
2069  if (bs->auth.curr_key == key)
2070  {
2071  /* already using this key, no changes required */
2072  return 0;
2073  }
2074  if (bs->auth.curr_key)
2075  {
2076  --bs->auth.curr_key->use_count;
2077  }
2078  bs->auth.curr_key = key;
2079  bs->auth.curr_bfd_key_id = bfd_key_id;
2080  bs->auth.is_delayed = 0;
2081  }
2082  ++key->use_count;
2083  BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
2084  vlib_log_info (bm->log_class, "session auth modified: %U",
2086  return 0;
2087 }
2088 
2091 {
2092  bfd_main_t *bm = &bfd_main;
2093 #if WITH_LIBSSL > 0
2094  if (!is_delayed)
2095  {
2096  /* not delayed - deactivate the current key right now */
2097  if (bs->auth.curr_key)
2098  {
2099  --bs->auth.curr_key->use_count;
2100  bs->auth.curr_key = NULL;
2101  }
2102  bs->auth.is_delayed = 0;
2103  }
2104  else
2105  {
2106  /* delayed - mark as so */
2107  bs->auth.is_delayed = 1;
2108  }
2109  /*
2110  * clear the next key unconditionally - either the auth change is not delayed
2111  * in which case the caller expects the session to not use authentication
2112  * from this point forward, or it is delayed, in which case the next_key
2113  * needs to be set to NULL to make it so in the future
2114  */
2115  if (bs->auth.next_key)
2116  {
2117  --bs->auth.next_key->use_count;
2118  bs->auth.next_key = NULL;
2119  }
2120  BFD_DBG ("\nSession auth modified: %U", format_bfd_session, bs);
2121  vlib_log_info (bm->log_class, "session auth modified: %U",
2123  return 0;
2124 #else
2125  vlib_log_err (bm->log_class,
2126  "SSL missing, cannot deactivate BFD authentication");
2127  return VNET_API_ERROR_BFD_NOTSUPP;
2128 #endif
2129 }
2130 
2133  u32 desired_min_tx_usec,
2134  u32 required_min_rx_usec, u8 detect_mult)
2135 {
2136  if (bs->local_detect_mult != detect_mult ||
2137  bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2138  bs->config_required_min_rx_usec != required_min_rx_usec)
2139  {
2140  BFD_DBG ("\nChanging session params: %U", format_bfd_session, bs);
2141  switch (bs->poll_state)
2142  {
2143  case BFD_POLL_NOT_NEEDED:
2144  if (BFD_STATE_up == bs->local_state ||
2145  BFD_STATE_init == bs->local_state)
2146  {
2147  /* poll sequence is not needed for detect multiplier change */
2148  if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2149  bs->config_required_min_rx_usec != required_min_rx_usec)
2150  {
2151  bfd_set_poll_state (bs, BFD_POLL_NEEDED);
2152  }
2153  }
2154  break;
2155  case BFD_POLL_NEEDED:
2156  case BFD_POLL_IN_PROGRESS_AND_QUEUED:
2157  /*
2158  * nothing to do - will be handled in the future poll which is
2159  * already scheduled for execution
2160  */
2161  break;
2162  case BFD_POLL_IN_PROGRESS:
2163  /* poll sequence is not needed for detect multiplier change */
2164  if (bs->config_desired_min_tx_usec != desired_min_tx_usec ||
2165  bs->config_required_min_rx_usec != required_min_rx_usec)
2166  {
2167  BFD_DBG ("Poll in progress, queueing extra poll, bs_idx=%u",
2168  bs->bs_idx);
2169  bfd_set_poll_state (bs, BFD_POLL_IN_PROGRESS_AND_QUEUED);
2170  }
2171  }
2172 
2173  bs->local_detect_mult = detect_mult;
2174  bs->config_desired_min_tx_usec = desired_min_tx_usec;
2175  bs->config_desired_min_tx_nsec = bfd_usec_to_nsec (desired_min_tx_usec);
2176  bs->config_required_min_rx_usec = required_min_rx_usec;
2178  bfd_usec_to_nsec (required_min_rx_usec);
2179  BFD_DBG ("\nChanged session params: %U", format_bfd_session, bs);
2180 
2181  vlib_log_info (bm->log_class, "changed session params: %U",
2185  }
2186  else
2187  {
2188  BFD_DBG ("Ignore parameter change - no change, bs_idx=%u", bs->bs_idx);
2189  }
2190  return 0;
2191 }
2192 
2194 bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
2195  const u8 * key_data)
2196 {
2197  bfd_main_t *bm = &bfd_main;
2198 #if WITH_LIBSSL > 0
2199  bfd_auth_key_t *auth_key = NULL;
2200  if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type))
2201  {
2202  vlib_log_err (bm->log_class,
2203  "invalid authentication key length for auth_type=%d:%s "
2204  "(key_len=%u, must be non-zero, expected max=%u)",
2205  auth_type, bfd_auth_type_str (auth_type), key_len,
2206  (u32) bfd_max_key_len_for_auth_type (auth_type));
2207  return VNET_API_ERROR_INVALID_VALUE;
2208  }
2209  if (!bfd_auth_type_supported (auth_type))
2210  {
2211  vlib_log_err (bm->log_class, "unsupported auth type=%d:%s", auth_type,
2212  bfd_auth_type_str (auth_type));
2213  return VNET_API_ERROR_BFD_NOTSUPP;
2214  }
2215  uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2216  if (key_idx_p)
2217  {
2218  /* modifying existing key - must not be used */
2219  const uword key_idx = *key_idx_p;
2220  auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
2221  if (auth_key->use_count > 0)
2222  {
2223  vlib_log_err (bm->log_class,
2224  "authentication key with conf ID %u in use by %u BFD "
2225  "session(s) - cannot modify", conf_key_id,
2226  auth_key->use_count);
2227  return VNET_API_ERROR_BFD_EINUSE;
2228  }
2229  }
2230  else
2231  {
2232  /* adding new key */
2233  pool_get (bm->auth_keys, auth_key);
2234  auth_key->conf_key_id = conf_key_id;
2235  hash_set (bm->auth_key_by_conf_key_id, conf_key_id,
2236  auth_key - bm->auth_keys);
2237  }
2238  auth_key->auth_type = auth_type;
2239  clib_memset (auth_key->key, 0, sizeof (auth_key->key));
2240  clib_memcpy (auth_key->key, key_data, key_len);
2241  return 0;
2242 #else
2243  vlib_log_err (bm->log_class,
2244  "SSL missing, cannot manipulate authentication keys");
2245  return VNET_API_ERROR_BFD_NOTSUPP;
2246 #endif
2247 }
2248 
2250 bfd_auth_del_key (u32 conf_key_id)
2251 {
2252 #if WITH_LIBSSL > 0
2253  bfd_auth_key_t *auth_key = NULL;
2254  bfd_main_t *bm = &bfd_main;
2255  uword *key_idx_p = hash_get (bm->auth_key_by_conf_key_id, conf_key_id);
2256  if (key_idx_p)
2257  {
2258  /* deleting existing key - must not be used */
2259  const uword key_idx = *key_idx_p;
2260  auth_key = pool_elt_at_index (bm->auth_keys, key_idx);
2261  if (auth_key->use_count > 0)
2262  {
2263  vlib_log_err (bm->log_class,
2264  "authentication key with conf ID %u in use by %u BFD "
2265  "session(s) - cannot delete", conf_key_id,
2266  auth_key->use_count);
2267  return VNET_API_ERROR_BFD_EINUSE;
2268  }
2269  hash_unset (bm->auth_key_by_conf_key_id, conf_key_id);
2270  clib_memset (auth_key, 0, sizeof (*auth_key));
2271  pool_put (bm->auth_keys, auth_key);
2272  }
2273  else
2274  {
2275  /* no such key */
2276  vlib_log_err (bm->log_class,
2277  "authentication key with conf ID %u does not exist",
2278  conf_key_id);
2279  return VNET_API_ERROR_BFD_ENOENT;
2280  }
2281  return 0;
2282 #else
2283  vlib_log_err (bm->log_class,
2284  "SSL missing, cannot manipulate authentication keys");
2285  return VNET_API_ERROR_BFD_NOTSUPP;
2286 #endif
2287 }
2288 
2290 
2291 /*
2292  * fd.io coding-style-patch-verification: ON
2293  *
2294  * Local Variables:
2295  * eval: (c-set-style "gnu")
2296  * End:
2297  */
vlib_log_class_t vlib_log_register_class(char *class, char *subclass)
Definition: log.c:209
VNET_HW_INTERFACE_LINK_UP_DOWN_FUNCTION(bfd_hw_interface_up_down)
static int bfd_transport_control_frame(vlib_main_t *vm, u32 bi, bfd_session_t *bs)
Definition: bfd_main.c:737
u8 bfd_pkt_get_auth_present(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:98
static void bfd_notify_listeners_rpc(u32 bs_idx)
Definition: bfd_main.c:628
u64 poll_state_start_or_timeout_nsec
helper for delayed poll sequence - marks either start of running poll sequence or timeout...
Definition: bfd_main.h:199
static void bfd_recalc_echo_tx_interval(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:191
static void bfd_on_state_change(bfd_main_t *bm, bfd_session_t *bs, u64 now, int handling_wakeup)
Definition: bfd_main.c:638
bfd_session_t * bfd_get_session(bfd_main_t *bm, bfd_transport_e t)
Definition: bfd_main.c:1369
bfd_notify_fn_t * listeners
vector of callback notification functions
Definition: bfd_main.h:319
void TW() tw_timer_wheel_init(TWT(tw_timer_wheel) *tw, void *expired_timer_callback, f64 timer_interval_in_seconds, u32 max_expirations)
Initialize a tw timer wheel template instance.
vnet_api_error_t
Definition: api_errno.h:162
#define hash_set(h, key, value)
Definition: hash.h:255
bfd_auth_type_e auth_type
authentication type for this key
Definition: bfd_main.h:55
#define clib_min(x, y)
Definition: clib.h:327
u8 curr_bfd_key_id
current key ID sent out in bfd packet
Definition: bfd_main.h:223
#define CLIB_UNUSED(x)
Definition: clib.h:87
static uword random_default_seed(void)
Default random seed (unix/linux user-mode)
Definition: random.h:91
u64 effective_required_min_rx_nsec
effective required min rx interval (nsec)
Definition: bfd_main.h:127
static f64 vlib_process_wait_for_event_or_clock(vlib_main_t *vm, f64 dt)
Suspend a cooperative multi-tasking thread Waits for an event, or for the indicated number of seconds...
Definition: node_funcs.h:751
#define hash_unset(h, key)
Definition: hash.h:261
vl_api_wireguard_peer_flags_t flags
Definition: wireguard.api:103
a
Definition: bitmap.h:538
static uword * vlib_process_wait_for_event(vlib_main_t *vm)
Definition: node_funcs.h:656
void bfd_pkt_set_poll(bfd_pkt_t *pkt)
Definition: bfd_protocol.c:66
u64 remote_min_rx_nsec
remote min rx interval (nsec)
Definition: bfd_main.h:133
bfd_main_t bfd_main
Definition: bfd_main.c:2289
#define BFD_TW_TPS
timing wheel tick-rate, 1ms should be good enough
Definition: bfd_main.h:449
vnet_main_t * vnet_get_main(void)
Definition: misc.c:46
void bfd_on_timeout(vlib_main_t *vm, vlib_node_runtime_t *rt, bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:1099
static void bfd_set_effective_desired_min_tx(bfd_main_t *bm, bfd_session_t *bs, u64 now, u64 desired_min_tx_nsec)
Definition: bfd_main.c:388
u64 default_desired_min_tx_nsec
default desired min tx in nsec
Definition: bfd_main.h:304
#define BFD_ERR(...)
Definition: bfd_debug.h:72
vl_api_ikev2_auth_t auth
Definition: ikev2_types.api:88
i16 current_data
signed offset in data[], pre_data[] that we are currently processing.
Definition: buffer.h:110
unsigned long u64
Definition: types.h:89
u32 * auth_key_by_conf_key_id
hashmap - index in pool auth_keys by conf_key_id
Definition: bfd_main.h:316
static void bfd_session_switch_auth_to_next(bfd_session_t *bs)
Definition: bfd_main.c:1503
u8 bfd_pkt_get_diag_code(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:35
static uword bfd_process(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
Definition: bfd_main.c:1144
bfd_session_t * bfd_find_session_by_disc(bfd_main_t *bm, u32 disc)
Definition: bfd_main.c:1435
u8 * format_bfd_auth_key(u8 *s, va_list *args)
Definition: bfd_main.c:78
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:333
static u64 bfd_time_now_nsec(vlib_main_t *vm, f64 *vm_time)
Definition: bfd_main.c:67
int bfd_verify_pkt_common(const bfd_pkt_t *pkt)
verify bfd packet - common checks
Definition: bfd_main.c:1454
u64 remote_min_echo_rx_nsec
remote min echo rx interval (nsec)
Definition: bfd_main.h:139
u32 echo_secret
secret used for calculating/checking checksum of echo packets
Definition: bfd_main.h:187
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:113
bfd_diag_code_e local_diag
local diagnostics
Definition: bfd_main.h:100
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:592
static u64 clib_xxhash(u64 key)
Definition: xxhash.h:58
u16 key_len
Definition: ikev2_types.api:95
static void bfd_on_config_change(vlib_main_t *vm, vlib_node_runtime_t *rt, bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:704
void bfd_put_session(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:1403
static int bfd_verify_pkt_auth_key(vlib_main_t *vm, const bfd_pkt_t *pkt, u32 pkt_size, bfd_session_t *bs, u8 bfd_key_id, bfd_auth_key_t *auth_key)
Definition: bfd_main.c:1673
static u32 format_get_indent(u8 *s)
Definition: format.h:72
u8 remote_seq_number_known
set to 1 if remote sequence number is known
Definition: bfd_main.h:220
static void bfd_set_remote_required_min_rx(bfd_main_t *bm, bfd_session_t *bs, u64 now, u32 remote_required_min_rx_usec)
Definition: bfd_main.c:413
vlib_main_t * vm
Definition: in2out_ed.c:1582
static void bfd_unlock(bfd_main_t *bm)
Definition: bfd_main.h:385
unsigned bfd_auth_type_supported(bfd_auth_type_e auth_type)
Definition: bfd_main.c:2030
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
uword owner_thread_index
Definition: bfd_main.h:270
bfd_diag_code_e
Definition: bfd_protocol.h:177
static void bfd_add_transport_layer(vlib_main_t *vm, u32 bi, bfd_session_t *bs)
Definition: bfd_main.c:721
void bfd_init_final_control_frame(vlib_main_t *vm, vlib_buffer_t *b, bfd_main_t *bm, bfd_session_t *bs, int is_local)
Definition: bfd_main.c:1039
u32 bfd_process_node_index
background process node index
Definition: bfd_main.h:294
u8 bfd_pkt_get_version(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:22
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:252
vlib_log_class_t log_class
log class
Definition: bfd_main.h:322
bfd_auth_type_e
Definition: bfd_protocol.h:36
u32 tw_id
timing wheel internal id used to manipulate timer (if set)
Definition: bfd_main.h:160
u64 last_rx_nsec
timestamp of last packet received
Definition: bfd_main.h:172
unsigned char u8
Definition: types.h:56
u32 remote_seq_number
remote sequence number
Definition: bfd_main.h:217
u8 data[128]
Definition: ipsec_types.api:89
u64 effective_desired_min_tx_nsec
effective desired min tx interval (nsec)
Definition: bfd_main.h:118
int bfd_add_udp4_transport(vlib_main_t *vm, u32 bi, const bfd_session_t *bs, int is_echo)
Definition: bfd_udp.c:253
double f64
Definition: types.h:142
#define clib_memcpy(d, s, n)
Definition: string.h:180
void bfd_session_set_flags(vlib_main_t *vm, bfd_session_t *bs, u8 admin_up_down)
Definition: bfd_main.c:468
vnet_api_error_t bfd_auth_deactivate(bfd_session_t *bs, u8 is_delayed)
Definition: bfd_main.c:2090
static void bfd_lock_check(bfd_main_t *bm)
Definition: bfd_main.h:401
u8 key[20]
key data directly usable for bfd purposes - already padded with zeroes (so we don&#39;t need the actual l...
Definition: bfd_main.h:52
const char * bfd_poll_state_string(bfd_poll_state_e state)
Definition: bfd_main.c:157
u32 random_seed
for generating random numbers
Definition: bfd_main.h:310
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
static uword vlib_process_get_events(vlib_main_t *vm, uword **data_vector)
Return the first event type which has occurred and a vector of per-event data of that type...
Definition: node_funcs.h:579
u8 * format_white_space(u8 *s, va_list *va)
Definition: std-formats.c:129
int bfd_transport_udp4(vlib_main_t *vm, u32 bi, const struct bfd_session_s *bs)
transport packet over udpv4
Definition: bfd_udp.c:438
u64 remote_min_rx_usec
remote min rx interval (microseconds)
Definition: bfd_main.h:130
static void bfd_rpc_event_cb(const bfd_rpc_event_t *a)
Definition: bfd_main.c:567
u8 * format_hex_bytes(u8 *s, va_list *va)
Definition: std-formats.c:84
void bfd_event(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_api.c:178
void vl_api_rpc_call_main_thread(void *fp, u8 *data, u32 data_length)
Definition: vlib_api.c:619
u64 bfd_process_wakeup_event_delay_nsec
The time it took the last wakeup event to make it to handling.
Definition: bfd_main.h:279
unsigned int u32
Definition: types.h:88
bfd_auth_key_t * next_key
set to next key to use if delayed switch is enabled - in that case the key is switched when first inc...
Definition: bfd_main.h:211
static vlib_node_registration_t bfd_process_node
(constructor) VLIB_REGISTER_NODE (bfd_process_node)
Definition: bfd_main.c:75
u64 echo_last_tx_nsec
timestamp of last echo packet transmitted
Definition: bfd_main.h:181
#define vlib_log_debug(...)
Definition: log.h:109
static void bfd_set_poll_state(bfd_session_t *bs, bfd_poll_state_e state)
Definition: bfd_main.c:171
static u32 vlib_get_buffer_index(vlib_main_t *vm, void *p)
Translate buffer pointer into buffer index.
Definition: buffer_funcs.h:293
static void bfd_calc_next_echo_tx(bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:250
bfd_session_t * bfd_find_session_by_idx(bfd_main_t *bm, uword bs_idx)
Definition: bfd_main.c:1424
static void clib_spinlock_init(clib_spinlock_t *p)
Definition: lock.h:63
static u64 bfd_calc_echo_checksum(u32 discriminator, u64 expire_time, u32 secret)
Definition: bfd_main.c:41
u8 remote_demand
1 if remote system sets demand mode, 0 otherwise
Definition: bfd_main.h:148
bfd_session_t * sessions
pool of bfd sessions context data
Definition: bfd_main.h:285
bfd_poll_state_e
Definition: bfd_main.h:64
bfd_auth_key_t * auth_keys
pool of authentication keys
Definition: bfd_main.h:313
u64 remote_desired_min_tx_nsec
remote desired min tx interval (nsec)
Definition: bfd_main.h:142
#define hash_get(h, key)
Definition: hash.h:249
bfd_transport_e transport
transport type for this session
Definition: bfd_main.h:236
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:534
static clib_error_t * bfd_sw_interface_up_down(vnet_main_t *vnm, u32 sw_if_index, u32 flags)
Definition: bfd_main.c:1300
static void bfd_event_rpc(u32 bs_idx)
Definition: bfd_main.c:593
static void vlib_process_signal_event(vlib_main_t *vm, uword node_index, uword type_opaque, uword data)
Definition: node_funcs.h:1015
u32 remote_discr
remote discriminator
Definition: bfd_main.h:109
long ctx[MAX_CONNS]
Definition: main.c:144
static __clib_warn_unused_result u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
Definition: buffer_funcs.h:677
bfd_poll_state_e poll_state
state info regarding poll sequence
Definition: bfd_main.h:193
u8 bfd_pkt_get_control_plane_independent(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:84
unsigned short u16
Definition: types.h:57
void bfd_pkt_set_auth_present(bfd_pkt_t *pkt)
Definition: bfd_protocol.c:104
static void bfd_set_state(vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, bfd_state_e new_state, int handling_wakeup)
Definition: bfd_main.c:142
u64 echo_transmit_interval_nsec
transmit interval for echo packets
Definition: bfd_main.h:175
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:229
BFD global declarations.
u32 *TW() tw_timer_expire_timers_vec(TWT(tw_timer_wheel) *tw, f64 now, u32 *vec)
#define SEC_PER_NSEC
Definition: bfd_main.h:446
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:302
static void bfd_set_diag(bfd_session_t *bs, bfd_diag_code_e code)
Definition: bfd_main.c:131
void TW() tw_timer_update(TWT(tw_timer_wheel) *tw, u32 handle, u64 interval)
Update a tw timer.
u8 local_detect_mult
configured detect multiplier
Definition: bfd_main.h:145
#define NSEC_PER_USEC
Definition: bfd_main.h:443
#define always_inline
Definition: ipsec.h:28
static int bfd_is_echo_possible(bfd_session_t *bs)
Definition: bfd_main.c:859
vlib_thread_main_t vlib_thread_main
Definition: threads.c:35
int bfd_transport_udp6(vlib_main_t *vm, u32 bi, const struct bfd_session_s *bs)
transport packet over udpv6
Definition: bfd_udp.c:450
int bfd_add_udp6_transport(vlib_main_t *vm, u32 bi, const bfd_session_t *bs, int is_echo)
Definition: bfd_udp.c:308
u8 bfd_pkt_get_final(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:72
void bfd_pkt_set_final(bfd_pkt_t *pkt)
Definition: bfd_protocol.c:78
static void bfd_notify_listeners(bfd_main_t *bm, bfd_listen_event_e event, const bfd_session_t *bs)
Definition: bfd_main.c:444
bfd_diag_code_e remote_diag
remote diagnostics
Definition: bfd_main.h:103
static void bfd_send_periodic(vlib_main_t *vm, vlib_node_runtime_t *rt, bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:963
static void bfd_check_rx_timeout(vlib_main_t *vm, bfd_main_t *bm, bfd_session_t *bs, u64 now, int handling_wakeup)
Definition: bfd_main.c:1058
#define BFD_DEFAULT_DESIRED_MIN_TX_USEC
default, slow transmission interval for BFD packets, per spec at least 1s
Definition: bfd_main.h:452
void bfd_session_start(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:455
const char * bfd_auth_type_str(bfd_auth_type_e auth_type)
Definition: bfd_protocol.c:151
bool is_local
Definition: ikev2_types.api:33
static int bfd_verify_pkt_auth_seq_num(vlib_main_t *vm, bfd_session_t *bs, u32 received_seq_num, int is_meticulous)
Definition: bfd_main.c:1530
vnet_main_t * vnet_main
Definition: bfd_main.h:298
u8 bfd_pkt_get_multipoint(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:124
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:219
static void bfd_recalc_tx_interval(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:182
u64 event_time_nsec
next event time in nsec for this session (0 if no event)
Definition: bfd_main.h:157
BFD protocol declarations.
static void vlib_process_signal_event_mt(vlib_main_t *vm, uword node_index, uword type_opaque, uword data)
Signal event to process from any thread.
Definition: node_funcs.h:1039
bfd_input_next_t
Definition: bfd_main.c:99
u32 config_desired_min_tx_usec
configured desired min tx interval (microseconds)
Definition: bfd_main.h:112
u32 bfd_max_key_len_for_auth_type(bfd_auth_type_e auth_type)
get the maximum length of key data for given auth type
Definition: bfd_protocol.c:138
static void bfd_calc_next_tx(bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:200
u8 * format_bfd_session(u8 *s, va_list *args)
Definition: bfd_main.c:1983
const char * bfd_diag_code_string(bfd_diag_code_e diag)
Definition: bfd_protocol.c:164
static void bfd_add_auth_section(vlib_buffer_t *b, bfd_session_t *bs)
Definition: bfd_main.c:820
u64 config_desired_min_tx_nsec
configured desired min tx interval (nsec)
Definition: bfd_main.h:115
static int bfd_verify_pkt_auth_key_sha1(const bfd_pkt_t *pkt, u32 pkt_size, bfd_session_t *bs, u8 bfd_key_id, bfd_auth_key_t *auth_key)
Definition: bfd_main.c:1597
u8 bfd_pkt_get_demand(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:110
u64 echo_last_rx_nsec
timestamp of last echo packet received
Definition: bfd_main.h:184
vnet_api_error_t bfd_auth_activate(bfd_session_t *bs, u32 conf_key_id, u8 bfd_key_id, u8 is_delayed)
Definition: bfd_main.c:2041
BFD global declarations.
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
Definition: pool.h:299
static void bfd_set_remote_required_min_echo_rx(bfd_main_t *bm, bfd_session_t *bs, u64 now, u32 remote_required_min_echo_rx_usec)
Definition: bfd_main.c:428
bfd_state_e
Definition: bfd_protocol.h:195
u8 * bfd_input_format_trace(u8 *s, va_list *args)
Definition: bfd_main.c:495
vlib_main_t vlib_node_runtime_t * node
Definition: in2out_ed.c:1582
#define BFD_DBG(...)
Definition: bfd_debug.h:71
void bfd_pkt_set_version(bfd_pkt_t *pkt, int version)
Definition: bfd_protocol.c:28
#define ASSERT(truth)
static void bfd_recalc_detection_time(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:271
u32 vlib_log_get_indent()
Definition: log.c:240
int bfd_udp_is_echo_available(bfd_transport_e transport)
check if the bfd udp layer is echo-capable at this time
Definition: bfd_udp.c:105
u64 nsec_per_tw_tick
how many nanoseconds is one timing wheel tick
Definition: bfd_main.h:301
u64 bfd_process_next_wakeup_nsec
When the bfd process is supposed to wake up next.
Definition: bfd_main.h:282
u8 echo
1 is echo function is active, 0 otherwise
Definition: bfd_main.h:154
u64 last_tx_nsec
timestamp of last packet transmitted
Definition: bfd_main.h:169
u64 config_required_min_rx_nsec
configured required min rx interval (nsec)
Definition: bfd_main.h:124
int bfd_consume_echo_pkt(vlib_main_t *vm, bfd_main_t *bm, vlib_buffer_t *b)
Definition: bfd_main.c:1947
u8 bfd_pkt_get_state(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:48
u32 local_discr
local discriminator
Definition: bfd_main.h:106
static f64 random_f64(u32 *seed)
Generate f64 random number in the interval [0,1].
Definition: random.h:145
bfd_hop_type_e hop_type
BFD hop type.
Definition: bfd_main.h:97
u32 conf_key_id
global configuration key ID
Definition: bfd_main.h:43
vnet_api_error_t bfd_auth_del_key(u32 conf_key_id)
delete existing authentication key
Definition: bfd_main.c:2250
vlib_main_t * vlib_main
convenience variables
Definition: bfd_main.h:297
bfd_state_e local_state
session state
Definition: bfd_main.h:91
static int bfd_echo_add_transport_layer(vlib_main_t *vm, u32 bi, bfd_session_t *bs)
Definition: bfd_main.c:754
u32 bfd_nsec_to_usec(u64 nsec)
Definition: bfd_main.c:61
#define clib_max(x, y)
Definition: clib.h:320
u32 * session_by_disc
hashmap - bfd session by discriminator
Definition: bfd_main.h:291
vnet_api_error_t bfd_session_set_params(bfd_main_t *bm, bfd_session_t *bs, u32 desired_min_tx_usec, u32 required_min_rx_usec, u8 detect_mult)
Definition: bfd_main.c:2132
static u64 bfd_usec_to_nsec(u64 us)
Definition: bfd_main.c:55
void(* bfd_notify_fn_t)(bfd_listen_event_e, const bfd_session_t *)
session nitification call back function type
Definition: bfd_main.h:263
typedef key
Definition: ipsec_types.api:85
struct _vlib_node_registration vlib_node_registration_t
u32 local_seq_number
sequence number incremented occasionally or always (if meticulous)
Definition: bfd_main.h:214
void bfd_register_listener(bfd_notify_fn_t fn)
Register a callback function to receive session notifications.
Definition: bfd_main.c:1327
u32 config_required_min_rx_usec
configured required min rx interval (microseconds)
Definition: bfd_main.h:121
u64 transmit_interval_nsec
transmit interval
Definition: bfd_main.h:163
static void bfd_set_timer(bfd_main_t *bm, bfd_session_t *bs, u64 now, int handling_wakeup)
Definition: bfd_main.c:286
int bfd_verify_pkt_auth(vlib_main_t *vm, const bfd_pkt_t *pkt, u16 pkt_size, bfd_session_t *bs)
verify bfd packet - authentication
Definition: bfd_main.c:1734
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
static void bfd_set_defaults(bfd_main_t *bm, bfd_session_t *bs)
Definition: bfd_main.c:109
u32 use_count
keeps track of how many sessions reference this key
Definition: bfd_main.h:46
#define VLIB_BUFFER_TRACE_TRAJECTORY_INIT(b)
Definition: buffer.h:492
VLIB buffer representation.
Definition: buffer.h:102
#define vlib_log_info(...)
Definition: log.h:108
u64 uword
Definition: types.h:112
u8 next_bfd_key_id
key ID to use when switched to next_key
Definition: bfd_main.h:226
#define vlib_log_crit(...)
Definition: log.h:104
u64 detection_time_nsec
detection time
Definition: bfd_main.h:190
#define F(x)
u8 bfd_pkt_get_poll(const bfd_pkt_t *pkt)
Definition: bfd_protocol.c:60
Linear Congruential Random Number Generator.
int bfd_process_wakeup_events_in_flight
Number of event wakeup RPCs in flight.
Definition: bfd_main.h:273
u64 bfd_process_wakeup_event_start_nsec
The timestamp of last wakeup event being sent.
Definition: bfd_main.h:276
u32 bs_idx
index in bfd_main.sessions pool
Definition: bfd_main.h:88
u8 * format_bfd_session_brief(u8 *s, va_list *args)
Definition: bfd_main.c:2019
static int bfd_transport_echo(vlib_main_t *vm, u32 bi, bfd_session_t *bs)
Definition: bfd_main.c:771
static u32 random_u32(u32 *seed)
32-bit random number generator
Definition: random.h:69
u32 TW() tw_timer_start(TWT(tw_timer_wheel) *tw, u32 user_id, u32 timer_id, u64 interval)
Start a Tw Timer.
u64 remote_min_echo_rx_usec
remote min echo rx interval (microseconds)
Definition: bfd_main.h:136
vnet_api_error_t bfd_auth_set_key(u32 conf_key_id, u8 auth_type, u8 key_len, const u8 *key_data)
create or modify bfd authentication key
Definition: bfd_main.c:2194
vl_api_dhcp_client_state_t state
Definition: dhcp.api:201
#define STRUCT_SIZE_OF(t, f)
Definition: clib.h:72
u64 tx_timeout_nsec
next time at which to transmit a packet
Definition: bfd_main.h:166
#define vec_foreach(var, vec)
Vector iterator.
bfd_state_e remote_state
remote session state
Definition: bfd_main.h:94
const char * bfd_state_string(bfd_state_e state)
Definition: bfd_protocol.c:177
#define vlib_log_err(...)
Definition: log.h:105
struct bfd_session_s::@154 auth
authentication information
bfd packet trace capture
Definition: bfd_main.h:342
static void vlib_buffer_free_one(vlib_main_t *vm, u32 buffer_index)
Free one buffer Shorthand to free a single buffer chain.
Definition: buffer_funcs.h:970
static void bfd_rpc_notify_listeners_cb(const bfd_rpc_notify_listeners_t *a)
Definition: bfd_main.c:609
u64 echo_tx_timeout_nsec
next time at which to transmit echo packet
Definition: bfd_main.h:178
u64 min_required_min_rx_while_echo_nsec
minimum required min rx while echo function is active - nsec
Definition: bfd_main.h:307
static int bfd_auth_type_is_meticulous(bfd_auth_type_e auth_type)
Definition: bfd_main.c:1519
bfd_auth_key_t * curr_key
current key in use
Definition: bfd_main.h:205
clib_spinlock_t lock
lock to protect data structures
Definition: bfd_main.h:268
#define TW(a)
void bfd_consume_pkt(vlib_main_t *vm, bfd_main_t *bm, const bfd_pkt_t *pkt, u32 bs_idx)
Definition: bfd_main.c:1813
static void bfd_send_echo(vlib_main_t *vm, vlib_node_runtime_t *rt, bfd_main_t *bm, bfd_session_t *bs, u64 now)
Definition: bfd_main.c:907
void bfd_pkt_set_state(bfd_pkt_t *pkt, int value)
Definition: bfd_protocol.c:54
static clib_error_t * bfd_hw_interface_up_down(vnet_main_t *vnm, u32 hw_if_index, u32 flags)
Definition: bfd_main.c:1314
u8 remote_detect_mult
remote detect multiplier
Definition: bfd_main.h:151
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:85
void bfd_pkt_set_diag_code(bfd_pkt_t *pkt, int value)
Definition: bfd_protocol.c:41
#define BFD_REQUIRED_MIN_RX_USEC_WHILE_ECHO
minimum required min rx set locally when echo function is used, per spec should be set to at least 1s...
Definition: bfd_main.h:458
u8 is_delayed
set to 1 if delayed action is pending, which might be activation of authentication, change of key or deactivation
Definition: bfd_main.h:232
static void bfd_set_effective_required_min_rx(bfd_main_t *bm, bfd_session_t *bs, u64 required_min_rx_nsec)
Definition: bfd_main.c:402
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:33
static clib_error_t * bfd_main_init(vlib_main_t *vm)
Definition: bfd_main.c:1338
static void bfd_lock(bfd_main_t *bm)
Definition: bfd_main.h:368
bfd_transport_e
Definition: bfd_api.h:30
bfd_listen_event_e
Definition: bfd_main.h:253
static void bfd_init_control_frame(bfd_main_t *bm, bfd_session_t *bs, vlib_buffer_t *b)
Definition: bfd_main.c:876
VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION(bfd_sw_interface_up_down)
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128