From b17dd9607ee8ecba5ae3ef69c7b4915b57de292a Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Mon, 9 Jan 2017 07:43:48 +0100
Subject: BFD: SHA1 authentication

Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.

Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>
---
 src/vnet/bfd/bfd_api.h | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

(limited to 'src/vnet/bfd/bfd_api.h')

diff --git a/src/vnet/bfd/bfd_api.h b/src/vnet/bfd/bfd_api.h
index a9bc5a1f..128a3dc4 100644
--- a/src/vnet/bfd/bfd_api.h
+++ b/src/vnet/bfd/bfd_api.h
@@ -24,17 +24,36 @@
 #include <vnet/ip/ip6_packet.h>
 #include <vnet/bfd/bfd_udp.h>
 
-vnet_api_error_t bfd_udp_add_session (u32 sw_if_index, u32 desired_min_tx_us,
-				      u32 required_min_rx_us, u8 detect_mult,
-				      const ip46_address_t * local_addr,
-				      const ip46_address_t * peer_addr,
-				      u32 * bs_index);
+vnet_api_error_t
+bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr,
+		     const ip46_address_t * peer_addr, u32 desired_min_tx_us,
+		     u32 required_min_rx_us, u8 detect_mult,
+		     u8 is_authenticated, u32 conf_key_id, u8 bfd_key_id);
 
 vnet_api_error_t bfd_udp_del_session (u32 sw_if_index,
 				      const ip46_address_t * local_addr,
 				      const ip46_address_t * peer_addr);
 
-vnet_api_error_t bfd_session_set_flags (u32 bs_index, u8 admin_up_down);
+vnet_api_error_t bfd_udp_session_set_flags (u32 sw_if_index,
+					    const ip46_address_t * local_addr,
+					    const ip46_address_t * peer_addr,
+					    u8 admin_up_down);
+
+vnet_api_error_t bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len,
+				   const u8 * key);
+
+vnet_api_error_t bfd_auth_del_key (u32 conf_key_id);
+
+vnet_api_error_t bfd_udp_auth_activate (u32 sw_if_index,
+					const ip46_address_t * local_addr,
+					const ip46_address_t * peer_addr,
+					u32 conf_key_id, u8 bfd_key_id,
+					u8 is_delayed);
+
+vnet_api_error_t bfd_udp_auth_deactivate (u32 sw_if_index,
+					  const ip46_address_t * local_addr,
+					  const ip46_address_t * peer_addr,
+					  u8 is_delayed);
 
 #endif /* __included_bfd_api_h__ */
 
-- 
cgit 1.2.3-korg