From 738844871220f853629504f61c248f0c9402dc77 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Thu, 23 Feb 2017 09:26:30 +0100 Subject: BFD: command line interface Implement command line interface to the BFD binary APIs. Add corresponding unit tests. Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f Signed-off-by: Klement Sekera --- src/vnet/bfd/bfd_cli.c | 900 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 900 insertions(+) create mode 100644 src/vnet/bfd/bfd_cli.c (limited to 'src/vnet/bfd/bfd_cli.c') diff --git a/src/vnet/bfd/bfd_cli.c b/src/vnet/bfd/bfd_cli.c new file mode 100644 index 00000000..a3736d98 --- /dev/null +++ b/src/vnet/bfd/bfd_cli.c @@ -0,0 +1,900 @@ +/* + * Copyright (c) 2011-2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file + * @brief BFD CLI implementation + */ + +#include +#include +#include +#include +#include +#include +#include + +static u8 * +format_bfd_session_cli (u8 * s, va_list * args) +{ + bfd_main_t *bm = va_arg (*args, bfd_main_t *); + bfd_session_t *bs = va_arg (*args, bfd_session_t *); + switch (bs->transport) + { + case BFD_TRANSPORT_UDP4: + s = format (s, "%=10u %-32s %20U %20U\n", bs->bs_idx, "IPv4 address", + format_ip4_address, bs->udp.key.local_addr.ip4.as_u8, + format_ip4_address, bs->udp.key.peer_addr.ip4.as_u8); + break; + case BFD_TRANSPORT_UDP6: + s = format (s, "%=10u %-32s %20U %20U\n", bs->bs_idx, "IPv6 address", + format_ip6_address, &bs->udp.key.local_addr.ip6, + format_ip6_address, &bs->udp.key.peer_addr.ip6); + break; + } + s = format (s, "%10s %-32s %20s %20s\n", "", "Session state", + bfd_state_string (bs->local_state), + bfd_state_string (bs->remote_state)); + s = format (s, "%10s %-32s %20s %20s\n", "", "Diagnostic code", + bfd_diag_code_string (bs->local_diag), + bfd_diag_code_string (bs->remote_diag)); + s = format (s, "%10s %-32s %20u %20u\n", "", "Detect multiplier", + bs->local_detect_mult, bs->remote_detect_mult); + s = format (s, "%10s %-32s %20u %20u\n", "", + "Required Min Rx Interval (usec)", + bs->config_required_min_rx_usec, bs->remote_min_rx_usec); + s = format (s, "%10s %-32s %20u %20u\n", "", + "Desired Min Tx Interval (usec)", + bs->config_desired_min_tx_usec, bfd_clocks_to_usec (bm, + bs->remote_desired_min_tx_clocks)); + s = + format (s, "%10s %-32s %20u\n", "", "Transmit interval", + bfd_clocks_to_usec (bm, bs->transmit_interval_clocks)); + s = + format (s, "%10s %-32s %20s %20s\n", "", "Demand mode", "no", + bs->remote_demand ? "yes" : "no"); + s = + format (s, "%10s %-32s %20s\n", "", "Poll state", + bfd_poll_state_string (bs->poll_state)); + if (bs->auth.curr_key) + { + s = format (s, "%10s %-32s %20u\n", "", "Authentication config key ID", + bs->auth.curr_key->conf_key_id); + s = format (s, "%10s %-32s %20u\n", "", "Authentication BFD key ID", + bs->auth.curr_bfd_key_id); + } + return s; +} + +static clib_error_t * +show_bfd (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + bfd_main_t *bm = &bfd_main; + bfd_session_t *bs = NULL; + + if (unformat (input, "keys")) + { + bfd_auth_key_t *key = NULL; + u8 *s = format (NULL, "%=10s %=25s %=10s\n", "Configuration Key ID", + "Type", "Use Count"); + /* *INDENT-OFF* */ + pool_foreach (key, bm->auth_keys, { + s = format (s, "%10u %-25s %10u\n", key->conf_key_id, + bfd_auth_type_str (key->auth_type), key->use_count); + }); + /* *INDENT-ON* */ + vlib_cli_output (vm, "%v\n", s); + vlib_cli_output (vm, "Number of configured BFD keys: %lu\n", + (u64) pool_elts (bm->auth_keys)); + } + else if (unformat (input, "sessions")) + { + u8 *s = format (NULL, "%=10s %=32s %=20s %=20s\n", "Index", "Property", + "Local value", "Remote value"); + /* *INDENT-OFF* */ + pool_foreach (bs, bm->sessions, + { s = format (s, "%U", format_bfd_session_cli, bm, bs); }); + /* *INDENT-ON* */ + vlib_cli_output (vm, "%v", s); + vec_free (s); + vlib_cli_output (vm, "Number of configured BFD sessions: %lu\n", + (u64) pool_elts (bm->sessions)); + } + else if (unformat (input, "echo-source")) + { + int is_set; + u32 sw_if_index; + int have_usable_ip4; + ip4_address_t ip4; + int have_usable_ip6; + ip6_address_t ip6; + bfd_udp_get_echo_source (&is_set, &sw_if_index, &have_usable_ip4, &ip4, + &have_usable_ip6, &ip6); + if (is_set) + { + vnet_sw_interface_t *sw_if = + vnet_get_sw_interface_safe (&vnet_main, sw_if_index); + vnet_hw_interface_t *hw_if = + vnet_get_hw_interface (&vnet_main, sw_if->hw_if_index); + u8 *s = format (NULL, "UDP echo source is: %v\n", hw_if->name); + s = format (s, "IPv4 address usable as echo source: "); + if (have_usable_ip4) + { + s = format (s, "%U\n", format_ip4_address, &ip4); + } + else + { + s = format (s, "none\n"); + } + s = format (s, "IPv6 address usable as echo source: "); + if (have_usable_ip6) + { + s = format (s, "%U\n", format_ip6_address, &ip6); + } + else + { + s = format (s, "none\n"); + } + vlib_cli_output (vm, "%v", s); + vec_free (s); + } + else + { + vlib_cli_output (vm, "UDP echo source is not set.\n"); + } + } + else + { + vlib_cli_output (vm, "Number of configured BFD sessions: %lu\n", + (u64) pool_elts (bm->sessions)); + vlib_cli_output (vm, "Number of configured BFD keys: %lu\n", + (u64) pool_elts (bm->auth_keys)); + } + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (show_bfd_command, static) = { + .path = "show bfd", + .short_help = "show bfd [keys|sessions|echo-source]", + .function = show_bfd, +}; +/* *INDENT-ON* */ + +static u8 * +format_vnet_api_errno (u8 * s, va_list * args) +{ + vnet_api_error_t api_error = va_arg (*args, vnet_api_error_t); +#define _(a, b, c) \ + case b: \ + s = format (s, "%s", c); \ + break; + switch (api_error) + { + foreach_vnet_api_error default:s = format (s, "UNKNOWN"); + break; + } + return s; +} + +static clib_error_t * +bfd_cli_key_add (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; + int have_key_id = 0; + u32 key_id = 0; + u8 *vec_auth_type = NULL; + bfd_auth_type_e auth_type = BFD_AUTH_TYPE_reserved; + u8 *secret = NULL; + static const u8 keyed_sha1[] = "keyed-sha1"; + static const u8 meticulous_keyed_sha1[] = "meticulous-keyed-sha1"; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "conf-key-id %u", &key_id)) + { + have_key_id = 1; + } + else if (unformat (input, "type %U", unformat_token, "a-zA-Z0-9-", + &vec_auth_type)) + { + if (vec_len (vec_auth_type) == sizeof (keyed_sha1) - 1 && + 0 == memcmp (vec_auth_type, keyed_sha1, + sizeof (keyed_sha1) - 1)) + { + auth_type = BFD_AUTH_TYPE_keyed_sha1; + } + else if (vec_len (vec_auth_type) == + sizeof (meticulous_keyed_sha1) - 1 && + 0 == memcmp (vec_auth_type, meticulous_keyed_sha1, + sizeof (meticulous_keyed_sha1) - 1)) + { + auth_type = BFD_AUTH_TYPE_meticulous_keyed_sha1; + } + else + { + ret = clib_error_return (0, "invalid type `%v'", vec_auth_type); + goto out; + } + } + else if (unformat (input, "secret %U", unformat_hex_string, &secret)) + { + /* nothing to do here */ + } + else + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + if (!have_key_id) + { + ret = + clib_error_return (0, "required parameter missing: `conf-key-id'"); + goto out; + } + if (!vec_auth_type) + { + ret = clib_error_return (0, "required parameter missing: `type'"); + goto out; + } + if (!secret) + { + ret = clib_error_return (0, "required parameter missing: `secret'"); + goto out; + } + + vnet_api_error_t rv = + bfd_auth_set_key (key_id, auth_type, vec_len (secret), secret); + if (rv) + { + ret = + clib_error_return (0, "`bfd_auth_set_key' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + } + +out: + vec_free (vec_auth_type); + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_key_add_command, static) = { + .path = "bfd key set", + .short_help = "bfd key set" + " conf-key-id " + " type " + " secret ", + .function = bfd_cli_key_add, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_key_del (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; + u32 key_id = 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (!unformat (input, "conf-key-id %u", &key_id)) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + vnet_api_error_t rv = bfd_auth_del_key (key_id); + if (rv) + { + ret = + clib_error_return (0, "`bfd_auth_del_key' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_key_del_command, static) = { + .path = "bfd key del", + .short_help = "bfd key del conf-key-id ", + .function = bfd_cli_key_del, +}; +/* *INDENT-ON* */ + +#define INTERFACE_STR "interface" +#define LOCAL_ADDR_STR "local-addr" +#define PEER_ADDR_STR "peer-addr" +#define CONF_KEY_ID_STR "conf-key-id" +#define BFD_KEY_ID_STR "bfd-key-id" +#define DESIRED_MIN_TX_STR "desired-min-tx" +#define REQUIRED_MIN_RX_STR "required-min-rx" +#define DETECT_MULT_STR "detect-mult" +#define ADMIN_STR "admin" +#define DELAYED_STR "delayed" + +static const unsigned mandatory = 1; +static const unsigned optional = 0; + +#define DECLARE(t, n, s, r, ...) \ + int have_##n = 0; \ + t n; + +#define UNFORMAT(t, n, s, r, ...) \ + if (unformat (input, s " " __VA_ARGS__, &n)) \ + { \ + something_parsed = 1; \ + have_##n = 1; \ + } + +#define CHECK_MANDATORY(t, n, s, r, ...) \ + if (mandatory == r && !have_##n) \ + { \ + ret = clib_error_return (0, "Required parameter `%s' missing.", n); \ + goto out; \ + } + +static clib_error_t * +bfd_cli_udp_session_add (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_add_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (u32, desired_min_tx, DESIRED_MIN_TX_STR, mandatory, "%u") \ + F (u32, required_min_rx, REQUIRED_MIN_RX_STR, mandatory, "%u") \ + F (u32, detect_mult, DETECT_MULT_STR, mandatory, "%u") \ + F (u32, conf_key_id, CONF_KEY_ID_STR, optional, "%u") \ + F (u32, bfd_key_id, BFD_KEY_ID_STR, optional, "%u") + + foreach_bfd_cli_udp_session_add_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_add_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_add_cli_param (CHECK_MANDATORY); + + if (1 == have_conf_key_id + have_bfd_key_id) + { + ret = clib_error_return (0, "Incompatible parameter combination, `%s' " + "and `%s' must be either both specified or none", + CONF_KEY_ID_STR, BFD_KEY_ID_STR); + goto out; + } + + if (detect_mult > 255) + { + ret = clib_error_return (0, "%s value `%u' out of range <1,255>", + DETECT_MULT_STR, detect_mult); + goto out; + } + + if (have_bfd_key_id && bfd_key_id > 255) + { + ret = clib_error_return (0, "%s value `%u' out of range <1,255>", + BFD_KEY_ID_STR, bfd_key_id); + goto out; + } + + vnet_api_error_t rv = + bfd_udp_add_session (sw_if_index, &local_addr, &peer_addr, desired_min_tx, + required_min_rx, + detect_mult, have_conf_key_id, conf_key_id, + bfd_key_id); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_add_add_session' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_add_command, static) = { + .path = "bfd udp session add", + .short_help = "bfd udp session add" + " interface " + " local-addr " + " peer-addr " + " desired-min-tx " + " required-min-rx " + " detect-mult " + "[" + " conf-key-id " + " bfd-key-id " + "]", + .function = bfd_cli_udp_session_add, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_session_mod (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_mod_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (u32, desired_min_tx, DESIRED_MIN_TX_STR, mandatory, "%u") \ + F (u32, required_min_rx, REQUIRED_MIN_RX_STR, mandatory, "%u") \ + F (u32, detect_mult, DETECT_MULT_STR, mandatory, "%u") + + foreach_bfd_cli_udp_session_mod_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_mod_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_mod_cli_param (CHECK_MANDATORY); + + if (detect_mult > 255) + { + ret = clib_error_return (0, "%s value `%u' out of range <1,255>", + DETECT_MULT_STR, detect_mult); + goto out; + } + + vnet_api_error_t rv = + bfd_udp_mod_session (sw_if_index, &local_addr, &peer_addr, + desired_min_tx, required_min_rx, detect_mult); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_udp_mod_session' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_mod_command, static) = { + .path = "bfd udp session mod", + .short_help = "bfd udp session mod interface" + " local-addr" + " peer-addr" + " desired-min-tx" + " required-min-rx" + " detect-mult" + " ", + .function = bfd_cli_udp_session_mod, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_session_del (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_del_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) + + foreach_bfd_cli_udp_session_del_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_del_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_del_cli_param (CHECK_MANDATORY); + + vnet_api_error_t rv = + bfd_udp_del_session (sw_if_index, &local_addr, &peer_addr); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_udp_del_session' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_del_command, static) = { + .path = "bfd udp session del", + .short_help = "bfd udp session del interface" + " local-addr" + " peer-addr" + " ", + .function = bfd_cli_udp_session_del, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_session_set_flags (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_set_flags_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (u8 *, admin_up_down_token, ADMIN_STR, mandatory, "%v", \ + &admin_up_down_token) + + foreach_bfd_cli_udp_session_set_flags_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_set_flags_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_set_flags_cli_param (CHECK_MANDATORY); + + u8 admin_up_down; + static const char up[] = "up"; + static const char down[] = "down"; + if (!memcmp (admin_up_down_token, up, sizeof (up) - 1)) + { + admin_up_down = 1; + } + else if (!memcmp (admin_up_down_token, down, sizeof (down) - 1)) + { + admin_up_down = 0; + } + else + { + ret = + clib_error_return (0, "Unrecognized value for `%s' parameter: `%v'", + ADMIN_STR, admin_up_down_token); + goto out; + } + vnet_api_error_t rv = bfd_udp_session_set_flags (sw_if_index, &local_addr, + &peer_addr, admin_up_down); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_udp_session_set_flags' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_set_flags_command, static) = { + .path = "bfd udp session set-flags", + .short_help = "bfd udp session set-flags" + " interface " + " local-addr " + " peer-addr " + " admin ", + .function = bfd_cli_udp_session_set_flags, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_session_auth_activate (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_auth_activate_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (u8 *, delayed_token, DELAYED_STR, optional, "%v") \ + F (u32, conf_key_id, CONF_KEY_ID_STR, mandatory, "%u") \ + F (u32, bfd_key_id, BFD_KEY_ID_STR, mandatory, "%u") + + foreach_bfd_cli_udp_session_auth_activate_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_auth_activate_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_auth_activate_cli_param (CHECK_MANDATORY); + + u8 is_delayed = 0; + if (have_delayed_token) + { + static const char yes[] = "yes"; + static const char no[] = "no"; + if (!memcmp (delayed_token, yes, sizeof (yes) - 1)) + { + is_delayed = 1; + } + else if (!memcmp (delayed_token, no, sizeof (no) - 1)) + { + is_delayed = 0; + } + else + { + ret = + clib_error_return (0, + "Unrecognized value for `%s' parameter: `%v'", + DELAYED_STR, delayed_token); + goto out; + } + } + + if (have_bfd_key_id && bfd_key_id > 255) + { + ret = clib_error_return (0, "%s value `%u' out of range <1,255>", + BFD_KEY_ID_STR, bfd_key_id); + goto out; + } + + vnet_api_error_t rv = + bfd_udp_auth_activate (sw_if_index, &local_addr, &peer_addr, conf_key_id, + bfd_key_id, is_delayed); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_udp_auth_activate' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_auth_activate_command, static) = { + .path = "bfd udp session auth activate", + .short_help = "bfd udp session auth activate" + " interface " + " local-addr " + " peer-addr " + " conf-key-id " + " bfd-key-id " + " [ delayed ]", + .function = bfd_cli_udp_session_auth_activate, +}; + +static clib_error_t * +bfd_cli_udp_session_auth_deactivate (vlib_main_t *vm, unformat_input_t *input, + CLIB_UNUSED (vlib_cli_command_t *lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_session_auth_deactivate_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) \ + F (ip46_address_t, local_addr, LOCAL_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (ip46_address_t, peer_addr, PEER_ADDR_STR, mandatory, "%U", \ + unformat_ip46_address) \ + F (u8 *, delayed_token, DELAYED_STR, optional, "%v") + + foreach_bfd_cli_udp_session_auth_deactivate_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_session_auth_deactivate_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_session_auth_deactivate_cli_param (CHECK_MANDATORY); + + u8 is_delayed = 0; + if (have_delayed_token) + { + static const char yes[] = "yes"; + static const char no[] = "no"; + if (!memcmp (delayed_token, yes, sizeof (yes) - 1)) + { + is_delayed = 1; + } + else if (!memcmp (delayed_token, no, sizeof (no) - 1)) + { + is_delayed = 0; + } + else + { + ret = clib_error_return ( + 0, "Unrecognized value for `%s' parameter: `%v'", DELAYED_STR, + delayed_token); + goto out; + } + } + + vnet_api_error_t rv = bfd_udp_auth_deactivate (sw_if_index, &local_addr, + &peer_addr, is_delayed); + if (rv) + { + ret = clib_error_return ( + 0, "`bfd_udp_auth_deactivate' API call failed, rv=%d:%U", (int)rv, + format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_session_auth_deactivate_command, static) = { + .path = "bfd udp session auth deactivate", + .short_help = "bfd udp session auth deactivate" + " interface " + " local-addr " + " peer-addr " + "[ delayed ]", + .function = bfd_cli_udp_session_auth_deactivate, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_set_echo_source (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + clib_error_t *ret = NULL; +#define foreach_bfd_cli_udp_set_echo_source_cli_param(F) \ + F (u32, sw_if_index, INTERFACE_STR, mandatory, "%U", \ + unformat_vnet_sw_interface, &vnet_main) + + foreach_bfd_cli_udp_set_echo_source_cli_param (DECLARE); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + int something_parsed = 0; + foreach_bfd_cli_udp_set_echo_source_cli_param (UNFORMAT); + + if (!something_parsed) + { + ret = clib_error_return (0, "Unknown input `%U'", + format_unformat_error, input); + goto out; + } + } + + foreach_bfd_cli_udp_set_echo_source_cli_param (CHECK_MANDATORY); + + vnet_api_error_t rv = bfd_udp_set_echo_source (sw_if_index); + if (rv) + { + ret = + clib_error_return (0, + "`bfd_udp_set_echo_source' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + goto out; + } + +out: + return ret; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_set_echo_source_cmd, static) = { + .path = "bfd udp echo-source set", + .short_help = "bfd udp echo-source set interface ", + .function = bfd_cli_udp_set_echo_source, +}; +/* *INDENT-ON* */ + +static clib_error_t * +bfd_cli_udp_del_echo_source (vlib_main_t * vm, unformat_input_t * input, + CLIB_UNUSED (vlib_cli_command_t * lmd)) +{ + vnet_api_error_t rv = bfd_udp_del_echo_source (); + if (rv) + { + return clib_error_return (0, + "`bfd_udp_del_echo_source' API call failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + } + + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (bfd_cli_udp_del_echo_source_cmd, static) = { + .path = "bfd udp echo-source del", + .short_help = "bfd udp echo-source del", + .function = bfd_cli_udp_del_echo_source, +}; +/* *INDENT-ON* */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ -- cgit 1.2.3-korg From b16bfe3f94739821c7382bd0849630b21e03a8b7 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Tue, 28 Feb 2017 11:56:48 +0100 Subject: BFD: documentation Change-Id: I06a23d24340c5527f3848177d2178bf3e55f7614 Signed-off-by: Klement Sekera --- src/vnet/bfd/bfd_api.c | 4 + src/vnet/bfd/bfd_api.h | 32 +++- src/vnet/bfd/bfd_cli.c | 4 +- src/vnet/bfd/bfd_doc.md | 375 +++++++++++++++++++++++++++++++++++++++++++- src/vnet/bfd/bfd_main.c | 6 +- src/vnet/bfd/bfd_main.h | 140 ++++++++--------- src/vnet/bfd/bfd_protocol.c | 6 +- src/vnet/bfd/bfd_protocol.h | 5 +- src/vnet/bfd/bfd_udp.c | 4 + src/vnet/bfd/bfd_udp.h | 39 +++-- src/vnet/bfd/dir.dox | 2 +- 11 files changed, 526 insertions(+), 91 deletions(-) (limited to 'src/vnet/bfd/bfd_cli.c') diff --git a/src/vnet/bfd/bfd_api.c b/src/vnet/bfd/bfd_api.c index e64df48e..185c03cf 100644 --- a/src/vnet/bfd/bfd_api.c +++ b/src/vnet/bfd/bfd_api.c @@ -16,6 +16,10 @@ * limitations under the License. *------------------------------------------------------------------ */ +/** + * @file + * @brief BFD binary API implementation + */ #include #include diff --git a/src/vnet/bfd/bfd_api.h b/src/vnet/bfd/bfd_api.h index 35ad3cda..9f0509d5 100644 --- a/src/vnet/bfd/bfd_api.h +++ b/src/vnet/bfd/bfd_api.h @@ -14,7 +14,7 @@ */ /** * @file - * @brief BFD global declarations + * @brief BFD API declarations */ #ifndef __included_bfd_api_h__ #define __included_bfd_api_h__ @@ -34,6 +34,9 @@ typedef enum #undef F } bfd_transport_e; +/** + * @brief create a new bfd session + */ vnet_api_error_t bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr, @@ -41,39 +44,66 @@ bfd_udp_add_session (u32 sw_if_index, const ip46_address_t * local_addr, u8 detect_mult, u8 is_authenticated, u32 conf_key_id, u8 bfd_key_id); +/** + * @brief modify existing session + */ vnet_api_error_t bfd_udp_mod_session (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr, u32 desired_min_tx_usec, u32 required_min_rx_usec, u8 detect_mult); +/** + * @brief delete existing session + */ vnet_api_error_t bfd_udp_del_session (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr); +/** + * @brief set session admin down/up + */ vnet_api_error_t bfd_udp_session_set_flags (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr, u8 admin_up_down); +/** + * @brief create or modify bfd authentication key + */ vnet_api_error_t bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len, const u8 * key); +/** + * @brief delete existing authentication key + */ vnet_api_error_t bfd_auth_del_key (u32 conf_key_id); +/** + * @brief activate authentication for existing session + */ vnet_api_error_t bfd_udp_auth_activate (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr, u32 conf_key_id, u8 bfd_key_id, u8 is_delayed); +/** + * @brief deactivate authentication for existing session + */ vnet_api_error_t bfd_udp_auth_deactivate (u32 sw_if_index, const ip46_address_t * local_addr, const ip46_address_t * peer_addr, u8 is_delayed); +/** + * @brief set echo-source interface + */ vnet_api_error_t bfd_udp_set_echo_source (u32 loopback_sw_if_index); +/** + * @brief unset echo-source interface + */ vnet_api_error_t bfd_udp_del_echo_source (); #endif /* __included_bfd_api_h__ */ diff --git a/src/vnet/bfd/bfd_cli.c b/src/vnet/bfd/bfd_cli.c index a3736d98..f15acb4b 100644 --- a/src/vnet/bfd/bfd_cli.c +++ b/src/vnet/bfd/bfd_cli.c @@ -737,7 +737,7 @@ VLIB_CLI_COMMAND (bfd_cli_udp_session_auth_activate_command, static) = { " peer-addr " " conf-key-id " " bfd-key-id " - " [ delayed ]", + " [ delayed ]", .function = bfd_cli_udp_session_auth_activate, }; @@ -815,7 +815,7 @@ VLIB_CLI_COMMAND (bfd_cli_udp_session_auth_deactivate_command, static) = { " interface " " local-addr " " peer-addr " - "[ delayed ]", + "[ delayed ]", .function = bfd_cli_udp_session_auth_deactivate, }; /* *INDENT-ON* */ diff --git a/src/vnet/bfd/bfd_doc.md b/src/vnet/bfd/bfd_doc.md index 3e86b178..7d7606e4 100644 --- a/src/vnet/bfd/bfd_doc.md +++ b/src/vnet/bfd/bfd_doc.md @@ -1,3 +1,374 @@ -# BFD Notes {#bfd_doc} +# BFD module {#bfd_doc} -@todo Someone needs to produce this or remove the stub file. +## Overview + +Bidirectional Forwarding Detection in VPP currently supports single-hop UDP +transport based on RFC 5880 and RFC 5881. + +## Usage + +### General usage + +BFD sessions are created using APIs only. The following CLIs are implemented, +which call the APIs to manipulate the BFD: + +#### Show commands: + +> show bfd [keys|sessions|echo-source] + +Show the existing keys, sessions or echo-source. + +#### Key manipulation + +##### Create a new key or modify an existing key + +> bfd key set conf-key-id type secret + +Parameters: + +* conf-key-id - local configuration key ID, used to uniquely identify this key +* type - type of the key +* secret - shared secret (hex data) + +Example: + +> bfd key set conf-key-id 2368880803 type meticulous-keyed-sha1 secret 69d685b0d990cdba46872706dc + +Notes: + +* in-use key cannot be modified + +##### Delete an existing key + +> bfd key del conf-key-id + +Parameters: + +* conf-key-id - local configuration key ID, used to uniquely identify this key + +Example: + +> bfd key del conf-key-id 2368880803 + +Notes: + +* in-use key cannot be deleted + +##### Create a new (plain or authenticated) BFD session + +> bfd udp session add interface local-addr
peer-addr
desired-min-tx required-min-rx detect-mult [ conf-key-id bfd-key-id ] + +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) +* desired-min-tx - desired minimum tx interval (microseconds) +* required-min-rx - required minimum rx interval (microseconds) +* detect-mult - detect multiplier (must be non-zero) +* conf-key-id - local configuration key ID +* bfd-key-id - BFD key ID, as carried in BFD control frames + +Example: + +> bfd udp session add interface pg0 local-addr fd01:1::1 peer-addr fd01:1::2 desired-min-tx 100000 required-min-rx 100000 detect-mult 3 conf-key-id 1029559112 bfd-key-id 13 + +Notes: + +* if conf-key-id and bfd-key-id are not specified, session is non-authenticated +* desired-min-tx controls desired transmission rate of both control frames and echo packets + +##### Modify BFD session + +> bfd udp session mod interface local-addr
peer-addr
desired-min-tx required-min-rx detect-mult + +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) +* desired-min-tx - desired minimum tx interval (microseconds) +* required-min-rx - required minimum rx interval (microseconds) +* detect-mult - detect multiplier (must be non-zero) + +Example: + +> bfd udp session mod interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 desired-min-tx 300000 required-min-rx 200000 detect-mult 12 + +Notes: + +* desired-min-tx controls desired transmission rate of both control frames and echo packets + +##### Delete an existing BFD session + +> bfd udp session del interface local-addr
peer-addr
+ +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) + +Example: + +> bfd udp session del interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 + +##### Set session admin-up or admin-down + +> bfd udp session set-flags interface local-addr
peer-addr
admin + +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) +* admin - up/down based on desired action + +Example: + +> bfd udp session set-flags admin down interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 + +##### Activate/change authentication for existing session + +> bfd udp session auth activate interface local-addr
peer-addr
conf-key-id bfd-key-id [ delayed ] + +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) +* conf-key-id - local configuration key ID +* bfd-key-id - BFD key ID, as carried in BFD control frames +* delayed - is yes then this action is delayed until the peer performs the same action + +Example: + +> bfd udp session auth activate interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 conf-key-id 540928695 bfd-key-id 239 delayed yes + +Notes: + +* see [Delayed option] for more information + +##### Deactivate authentication for existing session + +> bfd udp session auth deactivate interface local-addr
peer-addr
[ delayed ] + +Parameters: + +* interface - interface to which this session is tied to +* local-addr - local address (ipv4 or ipv6) +* peer-addr - peer address (ipv4 or ipv6, must match local-addr family) +* delayed - is yes then this action is delayed until the peer performs the same action + +Example: + +> bfd udp session auth deactivate interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 + +Notes: + +* see [Delayed option] for more information + +##### Set echo-source interface + +> bfd udp echo-source set interface + +Parameters: + +* interface - interface used for getting source address for echo packets + +Example: + +> bfd udp echo-source set interface loop0 + +##### Delete echo-source interface + +> bfd udp echo-source del + +Example: + +> bfd udp echo-source del + +### Authentication + +BFD sessions should be authenticated for security purposes. SHA1 and meticulous +SHA1 authentication is supported by VPP. First, authentication keys are +configured in VPP and afterwards they can be used by sessions. + +There are two key IDs in the scope of BFD session: + +* configuration key ID is the internal unique key ID inside VPP and is never + communicated to any peer, it serves only the purpose of identifying the key +* BFD key ID is the key ID carried in BFD control frames and is used for + verifying authentication + +#### Turning auth on/off + +Authentication can be turned on or off at any time. Care must be taken however, +to either synchronize the authentication manipulation with peer's actions +to avoid the session going down. + +##### Delayed option + +Delayed option is useful for synchronizing authentication changes with a peer. +If it's specified, then authentication change is not performed immediately. +In this case, VPP continues to transmit packets using the old authentication +method (unauthenticated or using old sha1 key). If a packet is received, which +does not pass the current authentication, then VPP tries to authenticate it +using the new method (which might be none, if deactivating authentication) +and if it passes, then the new authentication method is put in use. + +The recommended procedure for enabling/changing/disabling session +authentication is: + +1. perform authentication change on vpp's side with delayed option set to yes +2. perform authentication change on peer's side (without delayed option) + +Notes: + +* if both peers use delayed option at the same time, the change will never + be carried out, since none of the peers will see any packet with the new + authentication which could trigger the change +* remote peer does not need to support or even be aware of this mechanism + for it to work properly + + +### Echo function + +Echo function is used by VPP whenever a peer declares the willingness +to support it, echo-source is set and it contains a usable subnet (see below). +When echo function is switched on, the required min rx interval advertised +to peer is set to 1 second (or the configured value, if its higher). + +#### Echo source address + +Because echo packets are only looped back (and not processed in any way) +by a peer, it's necessary to set the source address in a way which avoids +packet drop due to spoofing protection by VPP. Per RFC, the source address +should not be in the subnet set on the interface over which the echo packets +are sent. Also, it must not be any VPP-local address, otherwise the packet +gets dropped on receipt by VPP. The solution is to create a loopback interface +with a (private) IPv4/IPv6 subnet assigned as echo-source. The BFD then picks +an unused address from the subnet by flipping the last bit and uses that as +source address in the echo packets, thus meeting RFC recommendation while +avoiding spoofing protection. + +Example: if 10.10.10.3/31 is the subnet, then 10.10.10.2 will be used as + source address in (IPv4) echo packets + +### Demand mode + +Demand mode is respected by VPP, but not used locally. The only scenario when +demand mode could make sense currently is when echo is active. Because echo +packets are inherently insecure against an adversary looping them back a poll +sequence would be required for slow periodic connectivity verification anyway. +It's more efficient to just ask the remote peer to send slow periodic control +frames without VPP initiating periodic poll sequences. + +### Admin-down + +Session may be put admin-down at any time. This immediately causes the state +to be changed to AdminDown and remain so unless the session is put admin-up. + +## BFD implementation notes + +Because BFD can work over different transport layers, the BFD code is separated +into core BFD functionality - main module implemented in bfd_main.c +and transport-specific code implemented in bfd_udp.c. + +### Main module + +Main module is responsible for handling all the BFD functionality defined +in RFC 5880. + +#### Internal API + +Internal APIs defined in bfd_main.h are called from transport-specific code +to create/modify/delete + +#### Packet receipt + +When a packet is received by the transport layer, it is forwarded to main +module (to main thread) via an RPC call. At this point, the authentication has +been verified, so the packet is consumed, session parameters are updated +accordingly and state change (if applicable). Based on these, the timeouts +are adjusted if required and an event is sent to the process node to wake up +and recalculate sleep time. + +#### Packet transmit + +Main module allocates a vlib_buffer_t, creates the required BFD frame (control +or echo in it), then calls the transport layer to add the transport layer. +Then a frame containing the buffer to the aprropriate node is created +and enqueued. + +#### Process node + +Main module implements one process node which is a simple loop. The process +node gets next timeout from the timer wheel, sleeps until the timeout expires +and then calls a timeout routine which drives the state machine for each +session which timed out. The sleep is interrupted externally via vlib event, +when a session is added or modified in a way which might require timer wheel +manipulation. In this case the caller inserts the necessary timeout to timer +wheel and then signals the process node to wake up early, handle possible +timeouts and recalculate the sleep time again. + +#### State machine + +Default state of BFD session when created is Down, per RFC 5880. State changes +to Init, Up or Down based on events like received state from peer and timeouts. +The session state can be set AdminDown using a binary API, which prevents it +from going to any other state, until this limitation is removed. This state +is advertised to peers in slow periodic control frames. + +For each session, the following timeouts are maintained: + +1. tx timeout - used for sending out control frames +2. rx timeout - used for detecting session timeout +3. echo tx timeout - used for sending out echo frames +3. echo rx timeout - used for detecting session timeout based on echo + +These timeouts are maintained in cpu clocks and recalculated when appropriate +(e.g. rx timeout is bumped when a packet is received, keeping the session +alive). Only the earliest timeout is inserted into the timer wheel at a time +and timer wheel events are never deleted, rather spurious events are ignored. +This allows efficient operation, like not inserting events into timing wheel +for each packet received or ignoring left-over events in case a bfd session +gets removed and a new one is recreated with the same session index. + +#### Authentication keys management + +Authentication keys are managed internally in a pool, with each key tracking +it's use count. The removal/modification is only allowed if the key is not in +use. + +### UDP module + +UDP module is responsible for: + +1. public APIs/CLIs to configure BFD over UDP. +2. support code called by main module to encapsulate/decapsulate BFD packets + +This module implements two graph nodes - for consuming ipv4 and ipv6 packets +target at BFD ports 3874 and 3875. + +#### Packet receipt + +BFD packet receipt receipt starts in the bfd udp graph nodes. Since the code +needs to verify IP/UDP header data, it relies on ip4-local (and ip6-local) +nodes to store pointers to the appropriate headers. First, your discriminator +is extracted from BFD packet and used to lookup the existing session. In case +it's zero, the pair of IP addresses and sw_if_index is used to lookup session. +Then, main module is called to verify the authentication, if present. +Afterwards a check is made if the IP/UDP headers are correct. If yes, then +an RPC call is made to the main thread to consume the packet and take action +upon it. + +#### Packet transmission + +When process node decides that there is a need to transmit the packet, it +creates a buffer, fills the BFD frame data in and calls the UDP module to +add the transport layer. This is a simple operation for the control frames +consisting of just adding UDP/IP headers based on session data. For echo +frames, an additional step, looking at the echo-source interface and picking +and address is performed and if this fails, then the packet cannot be +transmitted and an error is returned to main thread. diff --git a/src/vnet/bfd/bfd_main.c b/src/vnet/bfd/bfd_main.c index d38623c1..ea6db1f9 100644 --- a/src/vnet/bfd/bfd_main.c +++ b/src/vnet/bfd/bfd_main.c @@ -1606,8 +1606,6 @@ bfd_consume_pkt (bfd_main_t * bm, const bfd_pkt_t * pkt, u32 bs_idx) bfd_set_remote_required_min_echo_rx (bm, bs, now, clib_net_to_host_u32 (pkt->req_min_echo_rx)); - /* FIXME 6.8.2 */ - /* FIXME 6.8.4 */ if (bfd_pkt_get_final (pkt)) { if (BFD_POLL_IN_PROGRESS == bs->poll_state) @@ -1915,13 +1913,13 @@ bfd_auth_set_key (u32 conf_key_id, u8 auth_type, u8 key_len, { #if WITH_LIBSSL > 0 bfd_auth_key_t *auth_key = NULL; - if (!key_len || key_len > bfd_max_len_for_auth_type (auth_type)) + if (!key_len || key_len > bfd_max_key_len_for_auth_type (auth_type)) { clib_warning ("Invalid authentication key length for auth_type=%d:%s " "(key_len=%u, must be " "non-zero, expected max=%u)", auth_type, bfd_auth_type_str (auth_type), key_len, - (u32) bfd_max_len_for_auth_type (auth_type)); + (u32) bfd_max_key_len_for_auth_type (auth_type)); return VNET_API_ERROR_INVALID_VALUE; } if (!bfd_auth_type_supported (auth_type)) diff --git a/src/vnet/bfd/bfd_main.h b/src/vnet/bfd/bfd_main.h index 3be3694c..4d460f41 100644 --- a/src/vnet/bfd/bfd_main.h +++ b/src/vnet/bfd/bfd_main.h @@ -37,19 +37,19 @@ typedef enum typedef struct { - /* global configuration key ID */ + /** global configuration key ID */ u32 conf_key_id; - /* keeps track of how many sessions reference this key */ + /** keeps track of how many sessions reference this key */ u32 use_count; - /* + /** * key data directly usable for bfd purposes - already padded with zeroes * (so we don't need the actual length) */ u8 key[20]; - /* authentication type for this key */ + /** authentication type for this key */ bfd_auth_type_e auth_type; } bfd_auth_key_t; @@ -68,152 +68,152 @@ typedef enum typedef struct bfd_session_s { - /* index in bfd_main.sessions pool */ + /** index in bfd_main.sessions pool */ u32 bs_idx; - /* session state */ + /** session state */ bfd_state_e local_state; - /* remote session state */ + /** remote session state */ bfd_state_e remote_state; - /* local diagnostics */ + /** local diagnostics */ bfd_diag_code_e local_diag; - /* remote diagnostics */ + /** remote diagnostics */ bfd_diag_code_e remote_diag; - /* local discriminator */ + /** local discriminator */ u32 local_discr; - /* remote discriminator */ + /** remote discriminator */ u32 remote_discr; - /* configured desired min tx interval (microseconds) */ + /** configured desired min tx interval (microseconds) */ u32 config_desired_min_tx_usec; - /* configured desired min tx interval (clocks) */ + /** configured desired min tx interval (clocks) */ u64 config_desired_min_tx_clocks; - /* effective desired min tx interval (clocks) */ + /** effective desired min tx interval (clocks) */ u64 effective_desired_min_tx_clocks; - /* configured required min rx interval (microseconds) */ + /** configured required min rx interval (microseconds) */ u32 config_required_min_rx_usec; - /* configured required min rx interval (clocks) */ + /** configured required min rx interval (clocks) */ u64 config_required_min_rx_clocks; - /* effective required min rx interval (clocks) */ + /** effective required min rx interval (clocks) */ u64 effective_required_min_rx_clocks; - /* remote min rx interval (microseconds) */ + /** remote min rx interval (microseconds) */ u64 remote_min_rx_usec; - /* remote min rx interval (clocks) */ + /** remote min rx interval (clocks) */ u64 remote_min_rx_clocks; - /* remote min echo rx interval (microseconds) */ + /** remote min echo rx interval (microseconds) */ u64 remote_min_echo_rx_usec; - /* remote min echo rx interval (clocks) */ + /** remote min echo rx interval (clocks) */ u64 remote_min_echo_rx_clocks; - /* remote desired min tx interval (clocks) */ + /** remote desired min tx interval (clocks) */ u64 remote_desired_min_tx_clocks; - /* configured detect multiplier */ + /** configured detect multiplier */ u8 local_detect_mult; - /* 1 if remote system sets demand mode, 0 otherwise */ + /** 1 if remote system sets demand mode, 0 otherwise */ u8 remote_demand; - /* remote detect multiplier */ + /** remote detect multiplier */ u8 remote_detect_mult; - /* 1 is echo function is active, 0 otherwise */ + /** 1 is echo function is active, 0 otherwise */ u8 echo; - /* set to value of timer in timing wheel, 0 if never set */ + /** set to value of timer in timing wheel, 0 if never set */ u64 wheel_time_clocks; - /* transmit interval */ + /** transmit interval */ u64 transmit_interval_clocks; - /* next time at which to transmit a packet */ + /** next time at which to transmit a packet */ u64 tx_timeout_clocks; - /* timestamp of last packet transmitted */ + /** timestamp of last packet transmitted */ u64 last_tx_clocks; - /* timestamp of last packet received */ + /** timestamp of last packet received */ u64 last_rx_clocks; - /* transmit interval for echo packets */ + /** transmit interval for echo packets */ u64 echo_transmit_interval_clocks; - /* next time at which to transmit echo packet */ + /** next time at which to transmit echo packet */ u64 echo_tx_timeout_clocks; - /* timestamp of last echo packet transmitted */ + /** timestamp of last echo packet transmitted */ u64 echo_last_tx_clocks; - /* timestamp of last echo packet received */ + /** timestamp of last echo packet received */ u64 echo_last_rx_clocks; - /* secret used for calculating/checking checksum of echo packets */ + /** secret used for calculating/checking checksum of echo packets */ u32 echo_secret; - /* detection time */ + /** detection time */ u64 detection_time_clocks; - /* state info regarding poll sequence */ + /** state info regarding poll sequence */ bfd_poll_state_e poll_state; - /* + /** * helper for delayed poll sequence - marks either start of running poll * sequence or timeout, after which we can start the next poll sequnce */ u64 poll_state_start_or_timeout_clocks; - /* authentication information */ + /** authentication information */ struct { - /* current key in use */ + /** current key in use */ bfd_auth_key_t *curr_key; - /* + /** * set to next key to use if delayed switch is enabled - in that case * the key is switched when first incoming packet is signed with next_key */ bfd_auth_key_t *next_key; - /* sequence number incremented occasionally or always (if meticulous) */ + /** sequence number incremented occasionally or always (if meticulous) */ u32 local_seq_number; - /* remote sequence number */ + /** remote sequence number */ u32 remote_seq_number; - /* set to 1 if remote sequence number is known */ + /** set to 1 if remote sequence number is known */ u8 remote_seq_number_known; - /* current key ID sent out in bfd packet */ + /** current key ID sent out in bfd packet */ u8 curr_bfd_key_id; - /* key ID to use when switched to next_key */ + /** key ID to use when switched to next_key */ u8 next_bfd_key_id; - /* + /** * set to 1 if delayed action is pending, which might be activation * of authentication, change of key or deactivation */ u8 is_delayed; } auth; - /* transport type for this session */ + /** transport type for this session */ bfd_transport_e transport; - /* union of transport-specific data */ + /** union of transport-specific data */ union { bfd_udp_session_t udp; @@ -222,48 +222,48 @@ typedef struct bfd_session_s typedef struct { - /* pool of bfd sessions context data */ + /** pool of bfd sessions context data */ bfd_session_t *sessions; - /* timing wheel for scheduling timeouts */ + /** timing wheel for scheduling timeouts */ timing_wheel_t wheel; - /* timing wheel inaccuracy, in clocks */ + /** timing wheel inaccuracy, in clocks */ u64 wheel_inaccuracy; - /* hashmap - bfd session by discriminator */ + /** hashmap - bfd session by discriminator */ u32 *session_by_disc; - /* background process node index */ + /** background process node index */ u32 bfd_process_node_index; - /* convenience variables */ + /** convenience variables */ vlib_main_t *vlib_main; vnet_main_t *vnet_main; - /* cpu clocks per second */ + /** cpu clocks per second */ f64 cpu_cps; - /* default desired min tx in clocks */ + /** default desired min tx in clocks */ u64 default_desired_min_tx_clocks; - /* minimum required min rx while echo function is active - clocks */ + /** minimum required min rx while echo function is active - clocks */ u64 min_required_min_rx_while_echo_clocks; - /* for generating random numbers */ + /** for generating random numbers */ u32 random_seed; - /* pool of authentication keys */ + /** pool of authentication keys */ bfd_auth_key_t *auth_keys; - /* hashmap - index in pool auth_keys by conf_key_id */ + /** hashmap - index in pool auth_keys by conf_key_id */ u32 *auth_key_by_conf_key_id; } bfd_main_t; extern bfd_main_t bfd_main; -/* Packet counters */ +/** Packet counters */ #define foreach_bfd_error(F) \ F (NONE, "good bfd packets (processed)") \ F (BAD, "invalid bfd packets") \ @@ -277,7 +277,7 @@ typedef enum BFD_N_ERROR, } bfd_error_t; -/* bfd packet trace capture */ +/** bfd packet trace capture */ typedef struct { u32 len; @@ -291,14 +291,14 @@ enum BFD_EVENT_CONFIG_CHANGED, } bfd_process_event_e; -/* echo packet structure */ /* *INDENT-OFF* */ +/** echo packet structure */ typedef CLIB_PACKED (struct { - /* local discriminator */ + /** local discriminator */ u32 discriminator; - /* expire time of this packet - clocks */ + /** expire time of this packet - clocks */ u64 expire_time_clocks; - /* checksum - based on discriminator, local secret and expire time */ + /** checksum - based on discriminator, local secret and expire time */ u64 checksum; }) bfd_echo_pkt_t; /* *INDENT-ON* */ @@ -335,10 +335,10 @@ const char *bfd_poll_state_string (bfd_poll_state_e state); #define USEC_PER_MS 1000LL #define USEC_PER_SECOND (1000 * USEC_PER_MS) -/* default, slow transmission interval for BFD packets, per spec at least 1s */ +/** default, slow transmission interval for BFD packets, per spec at least 1s */ #define BFD_DEFAULT_DESIRED_MIN_TX_USEC USEC_PER_SECOND -/* +/** * minimum required min rx set locally when echo function is used, per spec * should be set to at least 1s */ diff --git a/src/vnet/bfd/bfd_protocol.c b/src/vnet/bfd/bfd_protocol.c index 5deb9702..cd51e91a 100644 --- a/src/vnet/bfd/bfd_protocol.c +++ b/src/vnet/bfd/bfd_protocol.c @@ -12,6 +12,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +/** + * @file + * @brief BFD protocol implementation + */ #include u8 @@ -131,7 +135,7 @@ bfd_pkt_set_multipoint (bfd_pkt_t * pkt) #endif u32 -bfd_max_len_for_auth_type (bfd_auth_type_e auth_type) +bfd_max_key_len_for_auth_type (bfd_auth_type_e auth_type) { #define F(t, l, n, s) \ if (auth_type == t) \ diff --git a/src/vnet/bfd/bfd_protocol.h b/src/vnet/bfd/bfd_protocol.h index cdbb8fa7..210c561b 100644 --- a/src/vnet/bfd/bfd_protocol.h +++ b/src/vnet/bfd/bfd_protocol.h @@ -40,7 +40,10 @@ typedef enum #undef F } bfd_auth_type_e; -u32 bfd_max_len_for_auth_type (bfd_auth_type_e auth_type); +/** + * @brief get the maximum length of key data for given auth type + */ +u32 bfd_max_key_len_for_auth_type (bfd_auth_type_e auth_type); const char *bfd_auth_type_str (bfd_auth_type_e auth_type); /* *INDENT-OFF* */ diff --git a/src/vnet/bfd/bfd_udp.c b/src/vnet/bfd/bfd_udp.c index e6dbaabb..b3eabc9c 100644 --- a/src/vnet/bfd/bfd_udp.c +++ b/src/vnet/bfd/bfd_udp.c @@ -12,6 +12,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +/** + * @file + * @brief BFD UDP transport layer implementation + */ #include #include #include diff --git a/src/vnet/bfd/bfd_udp.h b/src/vnet/bfd/bfd_udp.h index e33b7407..5080ec98 100644 --- a/src/vnet/bfd/bfd_udp.h +++ b/src/vnet/bfd/bfd_udp.h @@ -13,7 +13,7 @@ */ /** * @file - * @brief BFD global declarations + * @brief BFD UDP transport layer declarations */ #ifndef __included_bfd_udp_h__ @@ -25,23 +25,27 @@ #include /* *INDENT-OFF* */ +/** identifier of BFD session based on UDP transport only */ typedef CLIB_PACKED (struct { - + /** interface to which the session is tied */ u32 sw_if_index; + /** local address */ ip46_address_t local_addr; + /** peer address */ ip46_address_t peer_addr; - }) bfd_udp_key_t; /* *INDENT-ON* */ +/** UDP transport specific data embedded in bfd_session's union */ typedef struct { + /** key identifying this session */ bfd_udp_key_t key; - + /** adjacency index returned from adj lock call */ adj_index_t adj_index; } bfd_udp_session_t; -/* bfd udp echo packet trace capture */ +/** bfd udp echo packet trace capture */ typedef struct { u32 len; @@ -50,8 +54,23 @@ typedef struct struct bfd_session_s; +/** + * @brief add the necessary transport layer by prepending it to existing data + * + * @param is_echo 1 if this is echo packet, 0 if control frame + * + * @return 1 on success, 0 on failure + */ int bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b, const struct bfd_session_s *bs, int is_echo); + +/** + * @brief add the necessary transport layer by prepending it to existing data + * + * @param is_echo 1 if this is echo packet, 0 if control frame + * + * @return 1 on success, 0 on failure + */ int bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b, const struct bfd_session_s *bs, int is_echo); @@ -62,10 +81,12 @@ int bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b, */ int bfd_udp_is_echo_available (bfd_transport_e transport); -void -bfd_udp_get_echo_source (int *is_set, u32 * sw_if_index, int *have_usable_ip4, - ip4_address_t * ip4, int *have_usable_ip6, - ip6_address_t * ip6); +/** + * @brief get echo source information - used by CLI + */ +void bfd_udp_get_echo_source (int *is_set, u32 * sw_if_index, + int *have_usable_ip4, ip4_address_t * ip4, + int *have_usable_ip6, ip6_address_t * ip6); #endif /* __included_bfd_udp_h__ */ diff --git a/src/vnet/bfd/dir.dox b/src/vnet/bfd/dir.dox index ed656b52..b9a5978f 100644 --- a/src/vnet/bfd/dir.dox +++ b/src/vnet/bfd/dir.dox @@ -13,6 +13,6 @@ * limitations under the License. */ /** - @dir vnet/vnet/bfd + @dir @brief Bidirectional Forwarding Detection (BFD) implementation */ -- cgit 1.2.3-korg From e50e8568c160f51cc2a268b59e209d13cb7344be Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Tue, 4 Apr 2017 16:19:48 +0200 Subject: BFD: add ARP-awareness, fix bugs Make BFD ARP-aware when sending out packets. Fix a few one-liner bugs discovered while integrating with cisco nexus. Enhance CLI view to better observe session state. Change-Id: I266c29492f351207b84328ab665d9d697969da9c Signed-off-by: Klement Sekera --- src/vnet/bfd/bfd_cli.c | 57 ++++++++++++++++---- src/vnet/bfd/bfd_main.c | 136 ++++++++++++++++++++++++++++------------------- src/vnet/bfd/bfd_main.h | 3 +- src/vnet/bfd/bfd_udp.c | 138 ++++++++++++++++++++++++++++++++++++++++++++---- src/vnet/bfd/bfd_udp.h | 25 ++++++++- 5 files changed, 282 insertions(+), 77 deletions(-) (limited to 'src/vnet/bfd/bfd_cli.c') diff --git a/src/vnet/bfd/bfd_cli.c b/src/vnet/bfd/bfd_cli.c index f15acb4b..44e671c5 100644 --- a/src/vnet/bfd/bfd_cli.c +++ b/src/vnet/bfd/bfd_cli.c @@ -28,6 +28,7 @@ static u8 * format_bfd_session_cli (u8 * s, va_list * args) { + vlib_main_t *vm = va_arg (*args, vlib_main_t *); bfd_main_t *bm = va_arg (*args, bfd_main_t *); bfd_session_t *bs = va_arg (*args, bfd_session_t *); switch (bs->transport) @@ -51,7 +52,7 @@ format_bfd_session_cli (u8 * s, va_list * args) bfd_diag_code_string (bs->remote_diag)); s = format (s, "%10s %-32s %20u %20u\n", "", "Detect multiplier", bs->local_detect_mult, bs->remote_detect_mult); - s = format (s, "%10s %-32s %20u %20u\n", "", + s = format (s, "%10s %-32s %20u %20llu\n", "", "Required Min Rx Interval (usec)", bs->config_required_min_rx_usec, bs->remote_min_rx_usec); s = format (s, "%10s %-32s %20u %20u\n", "", @@ -61,18 +62,54 @@ format_bfd_session_cli (u8 * s, va_list * args) s = format (s, "%10s %-32s %20u\n", "", "Transmit interval", bfd_clocks_to_usec (bm, bs->transmit_interval_clocks)); + u64 now = clib_cpu_time_now (); + u8 *tmp = NULL; + if (bs->last_tx_clocks > 0) + { + tmp = format (tmp, "%.2fs ago", (now - bs->last_tx_clocks) * + vm->clib_time.seconds_per_clock); + s = format (s, "%10s %-32s %20v\n", "", "Last control frame tx", tmp); + vec_reset_length (tmp); + } + if (bs->last_rx_clocks) + { + tmp = format (tmp, "%.2fs ago", (now - bs->last_rx_clocks) * + vm->clib_time.seconds_per_clock); + s = format (s, "%10s %-32s %20v\n", "", "Last control frame rx", tmp); + vec_reset_length (tmp); + } s = - format (s, "%10s %-32s %20s %20s\n", "", "Demand mode", "no", - bs->remote_demand ? "yes" : "no"); - s = - format (s, "%10s %-32s %20s\n", "", "Poll state", - bfd_poll_state_string (bs->poll_state)); + format (s, "%10s %-32s %20u %20llu\n", "", "Min Echo Rx Interval (usec)", + 1, bs->remote_min_echo_rx_usec); + if (bs->echo) + { + s = format (s, "%10s %-32s %20u\n", "", "Echo transmit interval", + bfd_clocks_to_usec (bm, bs->echo_transmit_interval_clocks)); + tmp = format (tmp, "%.2fs ago", (now - bs->echo_last_tx_clocks) * + vm->clib_time.seconds_per_clock); + s = format (s, "%10s %-32s %20v\n", "", "Last echo frame tx", tmp); + vec_reset_length (tmp); + tmp = format (tmp, "%.6fs", + (bs->echo_last_rx_clocks - bs->echo_last_tx_clocks) * + vm->clib_time.seconds_per_clock); + s = + format (s, "%10s %-32s %20v\n", "", "Last echo frame roundtrip time", + tmp); + } + vec_free (tmp); + tmp = NULL; + s = format (s, "%10s %-32s %20s %20s\n", "", "Demand mode", "no", + bs->remote_demand ? "yes" : "no"); + s = format (s, "%10s %-32s %20s\n", "", "Poll state", + bfd_poll_state_string (bs->poll_state)); if (bs->auth.curr_key) { s = format (s, "%10s %-32s %20u\n", "", "Authentication config key ID", bs->auth.curr_key->conf_key_id); s = format (s, "%10s %-32s %20u\n", "", "Authentication BFD key ID", bs->auth.curr_bfd_key_id); + s = format (s, "%10s %-32s %20u %20u\n", "", "Sequence number", + bs->auth.local_seq_number, bs->auth.remote_seq_number); } return s; } @@ -96,6 +133,7 @@ show_bfd (vlib_main_t * vm, unformat_input_t * input, }); /* *INDENT-ON* */ vlib_cli_output (vm, "%v\n", s); + vec_free (s); vlib_cli_output (vm, "Number of configured BFD keys: %lu\n", (u64) pool_elts (bm->auth_keys)); } @@ -104,8 +142,9 @@ show_bfd (vlib_main_t * vm, unformat_input_t * input, u8 *s = format (NULL, "%=10s %=32s %=20s %=20s\n", "Index", "Property", "Local value", "Remote value"); /* *INDENT-OFF* */ - pool_foreach (bs, bm->sessions, - { s = format (s, "%U", format_bfd_session_cli, bm, bs); }); + pool_foreach (bs, bm->sessions, { + s = format (s, "%U", format_bfd_session_cli, vm, bm, bs); + }); /* *INDENT-ON* */ vlib_cli_output (vm, "%v", s); vec_free (s); @@ -349,7 +388,7 @@ static const unsigned optional = 0; #define CHECK_MANDATORY(t, n, s, r, ...) \ if (mandatory == r && !have_##n) \ { \ - ret = clib_error_return (0, "Required parameter `%s' missing.", n); \ + ret = clib_error_return (0, "Required parameter `%s' missing.", s); \ goto out; \ } diff --git a/src/vnet/bfd/bfd_main.c b/src/vnet/bfd/bfd_main.c index ea6db1f9..2b70a20c 100644 --- a/src/vnet/bfd/bfd_main.c +++ b/src/vnet/bfd/bfd_main.c @@ -63,13 +63,6 @@ bfd_clocks_to_usec (const bfd_main_t * bm, u64 clocks) static vlib_node_registration_t bfd_process_node; -/* set to 0 here, real values filled at startup */ -static u32 bfd_node_index_by_transport[] = { -#define F(t, n) [BFD_TRANSPORT_##t] = 0, - foreach_bfd_transport (F) -#undef F -}; - u8 * format_bfd_auth_key (u8 * s, va_list * args) { @@ -560,51 +553,70 @@ bfd_on_config_change (vlib_main_t * vm, vlib_node_runtime_t * rt, } static void -bfd_add_transport_layer (vlib_main_t * vm, vlib_buffer_t * b, - bfd_session_t * bs) +bfd_add_transport_layer (vlib_main_t * vm, u32 bi, bfd_session_t * bs) +{ + switch (bs->transport) + { + case BFD_TRANSPORT_UDP4: + BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx); + bfd_add_udp4_transport (vm, bi, bs, 0 /* is_echo */ ); + break; + case BFD_TRANSPORT_UDP6: + BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx); + bfd_add_udp6_transport (vm, bi, bs, 0 /* is_echo */ ); + break; + } +} + +static int +bfd_transport_control_frame (vlib_main_t * vm, u32 bi, bfd_session_t * bs) { switch (bs->transport) { case BFD_TRANSPORT_UDP4: BFD_DBG ("Transport bfd via udp4, bs_idx=%u", bs->bs_idx); - bfd_add_udp4_transport (vm, b, bs, 0 /* is_echo */ ); + return bfd_transport_udp4 (vm, bi, bs); break; case BFD_TRANSPORT_UDP6: BFD_DBG ("Transport bfd via udp6, bs_idx=%u", bs->bs_idx); - bfd_add_udp6_transport (vm, b, bs, 0 /* is_echo */ ); + return bfd_transport_udp6 (vm, bi, bs); break; } + return 0; } static int -bfd_echo_add_transport_layer (vlib_main_t * vm, vlib_buffer_t * b, - bfd_session_t * bs) +bfd_echo_add_transport_layer (vlib_main_t * vm, u32 bi, bfd_session_t * bs) { switch (bs->transport) { case BFD_TRANSPORT_UDP4: BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx); - return bfd_add_udp4_transport (vm, b, bs, 1 /* is_echo */ ); + return bfd_add_udp4_transport (vm, bi, bs, 1 /* is_echo */ ); break; case BFD_TRANSPORT_UDP6: BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx); - return bfd_add_udp6_transport (vm, b, bs, 1 /* is_echo */ ); + return bfd_add_udp6_transport (vm, bi, bs, 1 /* is_echo */ ); break; } return 0; } -static void -bfd_create_frame_to_next_node (vlib_main_t * vm, bfd_session_t * bs, u32 bi) +static int +bfd_transport_echo (vlib_main_t * vm, u32 bi, bfd_session_t * bs) { - - vlib_frame_t *f = - vlib_get_frame_to_node (vm, bfd_node_index_by_transport[bs->transport]); - - u32 *to_next = vlib_frame_vector_args (f); - to_next[0] = bi; - f->n_vectors = 1; - vlib_put_frame_to_node (vm, bfd_node_index_by_transport[bs->transport], f); + switch (bs->transport) + { + case BFD_TRANSPORT_UDP4: + BFD_DBG ("Transport bfd echo via udp4, bs_idx=%u", bs->bs_idx); + return bfd_transport_udp4 (vm, bi, bs); + break; + case BFD_TRANSPORT_UDP6: + BFD_DBG ("Transport bfd echo via udp6, bs_idx=%u", bs->bs_idx); + return bfd_transport_udp6 (vm, bi, bs); + break; + } + return 0; } #if WITH_LIBSSL > 0 @@ -704,7 +716,7 @@ bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs, bfd_pkt_set_diag_code (pkt, bs->local_diag); bfd_pkt_set_state (pkt, bs->local_state); pkt->head.detect_mult = bs->local_detect_mult; - pkt->head.length = clib_host_to_net_u32 (bfd_length); + pkt->head.length = bfd_length; pkt->my_disc = bs->local_discr; pkt->your_disc = bs->remote_discr; pkt->des_min_tx = clib_host_to_net_u32 (bs->config_desired_min_tx_usec); @@ -725,8 +737,7 @@ bfd_init_control_frame (bfd_main_t * bm, bfd_session_t * bs, static void bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, - bfd_main_t * bm, bfd_session_t * bs, u64 now, - int handling_wakeup) + bfd_main_t * bm, bfd_session_t * bs, u64 now) { if (!bfd_is_echo_possible (bs)) { @@ -734,7 +745,8 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, bs->echo = 0; return; } - /* sometimes the wheel expires an event a bit sooner than requested, account + /* sometimes the wheel expires an event a bit sooner than requested, + account for that here */ if (now + bm->wheel_inaccuracy >= bs->echo_tx_timeout_clocks) { @@ -747,6 +759,8 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, } vlib_buffer_t *b = vlib_get_buffer (vm, bi); ASSERT (b->current_data == 0); + memset (vnet_buffer (b), 0, sizeof (*vnet_buffer (b))); + VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b); bfd_echo_pkt_t *pkt = vlib_buffer_get_current (b); memset (pkt, 0, sizeof (*pkt)); pkt->discriminator = bs->local_discr; @@ -756,7 +770,14 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_calc_echo_checksum (bs->local_discr, pkt->expire_time_clocks, bs->echo_secret); b->current_length = sizeof (*pkt); - if (!bfd_echo_add_transport_layer (vm, b, bs)) + if (!bfd_echo_add_transport_layer (vm, bi, bs)) + { + BFD_ERR ("cannot send echo packet out, turning echo off"); + bs->echo = 0; + vlib_buffer_free_one (vm, bi); + return; + } + if (!bfd_transport_echo (vm, bi, bs)) { BFD_ERR ("cannot send echo packet out, turning echo off"); bs->echo = 0; @@ -765,7 +786,6 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, } bs->echo_last_tx_clocks = now; bfd_calc_next_echo_tx (bm, bs, now); - bfd_create_frame_to_next_node (vm, bs, bi); } else { @@ -777,8 +797,7 @@ bfd_send_echo (vlib_main_t * vm, vlib_node_runtime_t * rt, static void bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, - bfd_main_t * bm, bfd_session_t * bs, u64 now, - int handling_wakeup) + bfd_main_t * bm, bfd_session_t * bs, u64 now) { if (!bs->remote_min_rx_usec && BFD_POLL_NOT_NEEDED == bs->poll_state) { @@ -798,8 +817,10 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, BFD_DBG ("Remote demand is set, not sending periodic control frame"); return; } - /* sometimes the wheel expires an event a bit sooner than requested, account - for that here */ + /* + * sometimes the wheel expires an event a bit sooner than requested, account + * for that here + */ if (now + bm->wheel_inaccuracy >= bs->tx_timeout_clocks) { BFD_DBG ("\nSending periodic control frame: %U", format_bfd_session, @@ -812,6 +833,8 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, } vlib_buffer_t *b = vlib_get_buffer (vm, bi); ASSERT (b->current_data == 0); + memset (vnet_buffer (b), 0, sizeof (*vnet_buffer (b))); + VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b); bfd_init_control_frame (bm, bs, b); switch (bs->poll_state) { @@ -837,10 +860,13 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, break; } bfd_add_auth_section (b, bs); - bfd_add_transport_layer (vm, b, bs); + bfd_add_transport_layer (vm, bi, bs); + if (!bfd_transport_control_frame (vm, bi, bs)) + { + vlib_buffer_free_one (vm, bi); + } bs->last_tx_clocks = now; bfd_calc_next_tx (bm, bs, now); - bfd_create_frame_to_next_node (vm, bs, bi); } else { @@ -852,13 +878,15 @@ bfd_send_periodic (vlib_main_t * vm, vlib_node_runtime_t * rt, void bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b, - bfd_main_t * bm, bfd_session_t * bs) + bfd_main_t * bm, bfd_session_t * bs, + int is_local) { BFD_DBG ("Send final control frame for bs_idx=%lu", bs->bs_idx); bfd_init_control_frame (bm, bs, b); bfd_pkt_set_final (vlib_buffer_get_current (b)); bfd_add_auth_section (b, bs); - bfd_add_transport_layer (vm, b, bs); + u32 bi = vlib_get_buffer_index (vm, b); + bfd_add_transport_layer (vm, bi, bs); bs->last_tx_clocks = clib_cpu_time_now (); /* * RFC allows to include changes in final frame, so if there were any @@ -871,8 +899,10 @@ static void bfd_check_rx_timeout (bfd_main_t * bm, bfd_session_t * bs, u64 now, int handling_wakeup) { - /* sometimes the wheel expires an event a bit sooner than requested, account - for that here */ + /* + * sometimes the wheel expires an event a bit sooner than requested, account + * for that here + */ if (bs->last_rx_clocks + bs->detection_time_clocks <= now + bm->wheel_inaccuracy) { @@ -907,14 +937,14 @@ bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm, switch (bs->local_state) { case BFD_STATE_admin_down: - bfd_send_periodic (vm, rt, bm, bs, now, 1); + bfd_send_periodic (vm, rt, bm, bs, now); break; case BFD_STATE_down: - bfd_send_periodic (vm, rt, bm, bs, now, 1); + bfd_send_periodic (vm, rt, bm, bs, now); break; case BFD_STATE_init: bfd_check_rx_timeout (bm, bs, now, 1); - bfd_send_periodic (vm, rt, bm, bs, now, 1); + bfd_send_periodic (vm, rt, bm, bs, now); break; case BFD_STATE_up: bfd_check_rx_timeout (bm, bs, now, 1); @@ -932,10 +962,10 @@ bfd_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * rt, bfd_main_t * bm, bs->config_required_min_rx_clocks)); bfd_set_poll_state (bs, BFD_POLL_NEEDED); } - bfd_send_periodic (vm, rt, bm, bs, now, 1); + bfd_send_periodic (vm, rt, bm, bs, now); if (bs->echo) { - bfd_send_echo (vm, rt, bm, bs, now, 1); + bfd_send_echo (vm, rt, bm, bs, now); } break; } @@ -996,7 +1026,8 @@ bfd_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { bfd_session_t *bs = pool_elt_at_index (bm->sessions, *event_data); - bfd_send_periodic (vm, rt, bm, bs, now, 1); + bfd_send_periodic (vm, rt, bm, bs, now); + bfd_set_timer (bm, bs, now, 1); } else { @@ -1113,14 +1144,6 @@ bfd_main_init (vlib_main_t * vm) const u64 now = clib_cpu_time_now (); timing_wheel_init (&bm->wheel, now, bm->cpu_cps); bm->wheel_inaccuracy = 2 << bm->wheel.log2_clocks_per_bin; - - vlib_node_t *node = NULL; -#define F(t, n) \ - node = vlib_get_node_by_name (vm, (u8 *)n); \ - bfd_node_index_by_transport[BFD_TRANSPORT_##t] = node->index; \ - BFD_DBG ("node '%s' has index %u", n, node->index); - foreach_bfd_transport (F); -#undef F return 0; } @@ -1654,10 +1677,12 @@ bfd_consume_pkt (bfd_main_t * bm, const bfd_pkt_t * pkt, u32 bs_idx) { if (BFD_STATE_down == bs->remote_state) { + bfd_set_diag (bs, BFD_DIAG_CODE_no_diag); bfd_set_state (bm, bs, BFD_STATE_init, 0); } else if (BFD_STATE_init == bs->remote_state) { + bfd_set_diag (bs, BFD_DIAG_CODE_no_diag); bfd_set_state (bm, bs, BFD_STATE_up, 0); } } @@ -1666,6 +1691,7 @@ bfd_consume_pkt (bfd_main_t * bm, const bfd_pkt_t * pkt, u32 bs_idx) if (BFD_STATE_up == bs->remote_state || BFD_STATE_init == bs->remote_state) { + bfd_set_diag (bs, BFD_DIAG_CODE_no_diag); bfd_set_state (bm, bs, BFD_STATE_up, 0); } } diff --git a/src/vnet/bfd/bfd_main.h b/src/vnet/bfd/bfd_main.h index 4d460f41..d722a552 100644 --- a/src/vnet/bfd/bfd_main.h +++ b/src/vnet/bfd/bfd_main.h @@ -316,7 +316,8 @@ int bfd_verify_pkt_auth (const bfd_pkt_t * pkt, u16 pkt_size, bfd_session_t * bs); void bfd_event (bfd_main_t * bm, bfd_session_t * bs); void bfd_init_final_control_frame (vlib_main_t * vm, vlib_buffer_t * b, - bfd_main_t * bm, bfd_session_t * bs); + bfd_main_t * bm, bfd_session_t * bs, + int is_local); u8 *format_bfd_session (u8 * s, va_list * args); u8 *format_bfd_auth_key (u8 * s, va_list * args); void bfd_session_set_flags (bfd_session_t * bs, u8 admin_up_down); diff --git a/src/vnet/bfd/bfd_udp.c b/src/vnet/bfd/bfd_udp.c index b3eabc9c..ebee590b 100644 --- a/src/vnet/bfd/bfd_udp.c +++ b/src/vnet/bfd/bfd_udp.c @@ -51,6 +51,14 @@ typedef struct int echo_source_is_set; /* loopback interface used to get echo source ip */ u32 echo_source_sw_if_index; + /* node index of "ip4-arp" node */ + u32 ip4_arp_idx; + /* node index of "ip6-discover-neighbor" node */ + u32 ip6_ndp_idx; + /* node index of "ip4-rewrite" node */ + u32 ip4_rewrite_idx; + /* node index of "ip6-rewrite" node */ + u32 ip6_rewrite_idx; } bfd_udp_main_t; static vlib_node_registration_t bfd_udp4_input_node; @@ -231,15 +239,18 @@ bfd_udp_get_echo_source (int *is_set, u32 * sw_if_index, int *have_usable_ip4, } int -bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b, +bfd_add_udp4_transport (vlib_main_t * vm, u32 bi, const bfd_session_t * bs, int is_echo) { const bfd_udp_session_t *bus = &bs->udp; const bfd_udp_key_t *key = &bus->key; + vlib_buffer_t *b = vlib_get_buffer (vm, bi); b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED; vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index; vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index; + vnet_buffer (b)->sw_if_index[VLIB_RX] = 0; + vnet_buffer (b)->sw_if_index[VLIB_TX] = ~0; typedef struct { ip4_header_t ip4; @@ -283,15 +294,18 @@ bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b, } int -bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b, +bfd_add_udp6_transport (vlib_main_t * vm, u32 bi, const bfd_session_t * bs, int is_echo) { const bfd_udp_session_t *bus = &bs->udp; const bfd_udp_key_t *key = &bus->key; + vlib_buffer_t *b = vlib_get_buffer (vm, bi); b->flags |= VNET_BUFFER_LOCALLY_ORIGINATED; vnet_buffer (b)->ip.adj_index[VLIB_RX] = bus->adj_index; vnet_buffer (b)->ip.adj_index[VLIB_TX] = bus->adj_index; + vnet_buffer (b)->sw_if_index[VLIB_RX] = 0; + vnet_buffer (b)->sw_if_index[VLIB_TX] = 0; typedef struct { ip6_header_t ip6; @@ -346,6 +360,76 @@ bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b, return 1; } +static void +bfd_create_frame_to_next_node (vlib_main_t * vm, u32 bi, u32 next_node) +{ + vlib_frame_t *f = vlib_get_frame_to_node (vm, next_node); + u32 *to_next = vlib_frame_vector_args (f); + to_next[0] = bi; + f->n_vectors = 1; + vlib_put_frame_to_node (vm, next_node, f); +} + +int +bfd_udp_calc_next_node (const struct bfd_session_s *bs, u32 * next_node) +{ + const bfd_udp_session_t *bus = &bs->udp; + ip_adjacency_t *adj = adj_get (bus->adj_index); + switch (adj->lookup_next_index) + { + case IP_LOOKUP_NEXT_ARP: + switch (bs->transport) + { + case BFD_TRANSPORT_UDP4: + *next_node = bfd_udp_main.ip4_arp_idx; + return 1; + case BFD_TRANSPORT_UDP6: + *next_node = bfd_udp_main.ip6_ndp_idx; + return 1; + } + break; + case IP_LOOKUP_NEXT_REWRITE: + switch (bs->transport) + { + case BFD_TRANSPORT_UDP4: + *next_node = bfd_udp_main.ip4_rewrite_idx; + return 1; + case BFD_TRANSPORT_UDP6: + *next_node = bfd_udp_main.ip6_rewrite_idx; + return 1; + } + break; + default: + /* drop */ + break; + } + return 0; +} + +int +bfd_transport_udp4 (vlib_main_t * vm, u32 bi, const struct bfd_session_s *bs) +{ + u32 next_node; + int rv = bfd_udp_calc_next_node (bs, &next_node); + if (rv) + { + bfd_create_frame_to_next_node (vm, bi, next_node); + } + return rv; +} + +int +bfd_transport_udp6 (vlib_main_t * vm, u32 bi, const struct bfd_session_s *bs) +{ + u32 next_node; + int rv = bfd_udp_calc_next_node (bs, &next_node); + if (rv) + { + bfd_create_frame_to_next_node (vm, bi, next_node); + } + return 1; +} + static bfd_session_t * bfd_lookup_session (bfd_udp_main_t * bum, const bfd_udp_key_t * key) { @@ -703,7 +787,8 @@ bfd_udp_auth_deactivate (u32 sw_if_index, typedef enum { BFD_UDP_INPUT_NEXT_NORMAL, - BFD_UDP_INPUT_NEXT_REPLY, + BFD_UDP_INPUT_NEXT_REPLY_ARP, + BFD_UDP_INPUT_NEXT_REPLY_REWRITE, BFD_UDP_INPUT_N_NEXT, } bfd_udp_input_next_t; @@ -1112,8 +1197,11 @@ bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt, const bfd_pkt_t *pkt = vlib_buffer_get_current (b0); if (bfd_pkt_get_poll (pkt)) { + b0->current_data = 0; + b0->current_length = 0; + memset (vnet_buffer (b0), 0, sizeof (*vnet_buffer (b0))); bfd_init_final_control_frame (vm, b0, bfd_udp_main.bfd_main, - bs); + bs, 0); if (is_ipv6) { vlib_node_increment_counter (vm, bfd_udp6_input_node.index, @@ -1124,7 +1212,20 @@ bfd_udp_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_node_increment_counter (vm, bfd_udp4_input_node.index, b0->error, 1); } - next0 = BFD_UDP_INPUT_NEXT_REPLY; + const bfd_udp_session_t *bus = &bs->udp; + ip_adjacency_t *adj = adj_get (bus->adj_index); + switch (adj->lookup_next_index) + { + case IP_LOOKUP_NEXT_ARP: + next0 = BFD_UDP_INPUT_NEXT_REPLY_ARP; + break; + case IP_LOOKUP_NEXT_REWRITE: + next0 = BFD_UDP_INPUT_NEXT_REPLY_REWRITE; + break; + default: + /* drop */ + break; + } } } vlib_set_next_frame_buffer (vm, rt, next0, bi0); @@ -1161,7 +1262,8 @@ VLIB_REGISTER_NODE (bfd_udp4_input_node, static) = { .next_nodes = { [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop", - [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup", + [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip4-arp", + [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip4-lookup", }, }; /* *INDENT-ON* */ @@ -1188,7 +1290,8 @@ VLIB_REGISTER_NODE (bfd_udp6_input_node, static) = { .next_nodes = { [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop", - [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup", + [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip6-discover-neighbor", + [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip6-lookup", }, }; /* *INDENT-ON* */ @@ -1246,7 +1349,7 @@ bfd_udp_echo_input (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_node_increment_counter (vm, bfd_udp_echo4_input_node.index, b0->error, 1); } - next0 = BFD_UDP_INPUT_NEXT_REPLY; + next0 = BFD_UDP_INPUT_NEXT_REPLY_REWRITE; } vlib_set_next_frame_buffer (vm, rt, next0, bi0); @@ -1300,7 +1403,8 @@ VLIB_REGISTER_NODE (bfd_udp_echo4_input_node, static) = { .next_nodes = { [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop", - [BFD_UDP_INPUT_NEXT_REPLY] = "ip4-lookup", + [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip4-arp", + [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip4-lookup", }, }; /* *INDENT-ON* */ @@ -1328,7 +1432,8 @@ VLIB_REGISTER_NODE (bfd_udp_echo6_input_node, static) = { .next_nodes = { [BFD_UDP_INPUT_NEXT_NORMAL] = "error-drop", - [BFD_UDP_INPUT_NEXT_REPLY] = "ip6-lookup", + [BFD_UDP_INPUT_NEXT_REPLY_ARP] = "ip6-discover-neighbor", + [BFD_UDP_INPUT_NEXT_REPLY_REWRITE] = "ip6-lookup", }, }; @@ -1375,6 +1480,19 @@ bfd_udp_init (vlib_main_t * vm) bfd_udp_echo4_input_node.index, 1); udp_register_dst_port (vm, UDP_DST_PORT_bfd_echo6, bfd_udp_echo6_input_node.index, 0); + vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "ip4-arp"); + ASSERT (node); + bfd_udp_main.ip4_arp_idx = node->index; + node = vlib_get_node_by_name (vm, (u8 *) "ip6-discover-neighbor"); + ASSERT (node); + bfd_udp_main.ip6_ndp_idx = node->index; + node = vlib_get_node_by_name (vm, (u8 *) "ip4-rewrite"); + ASSERT (node); + bfd_udp_main.ip4_rewrite_idx = node->index; + node = vlib_get_node_by_name (vm, (u8 *) "ip6-rewrite"); + ASSERT (node); + bfd_udp_main.ip6_rewrite_idx = node->index; + return 0; } diff --git a/src/vnet/bfd/bfd_udp.h b/src/vnet/bfd/bfd_udp.h index 5080ec98..a4adbadf 100644 --- a/src/vnet/bfd/bfd_udp.h +++ b/src/vnet/bfd/bfd_udp.h @@ -57,11 +57,12 @@ struct bfd_session_s; /** * @brief add the necessary transport layer by prepending it to existing data * + * * @param is_echo 1 if this is echo packet, 0 if control frame * * @return 1 on success, 0 on failure */ -int bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b, +int bfd_add_udp4_transport (vlib_main_t * vm, u32 bi, const struct bfd_session_s *bs, int is_echo); /** @@ -71,9 +72,29 @@ int bfd_add_udp4_transport (vlib_main_t * vm, vlib_buffer_t * b, * * @return 1 on success, 0 on failure */ -int bfd_add_udp6_transport (vlib_main_t * vm, vlib_buffer_t * b, +int bfd_add_udp6_transport (vlib_main_t * vm, u32 bi, const struct bfd_session_s *bs, int is_echo); +/** + * @brief transport packet over udpv4 + * + * @param is_echo 1 if this is echo packet, 0 if control frame + * + * @return 1 on success, 0 on failure + */ +int bfd_transport_udp4 (vlib_main_t * vm, u32 bi, + const struct bfd_session_s *bs); + +/** + * @brief transport packet over udpv6 + * + * @param is_echo 1 if this is echo packet, 0 if control frame + * + * @return 1 on success, 0 on failure + */ +int bfd_transport_udp6 (vlib_main_t * vm, u32 bi, + const struct bfd_session_s *bs); + /** * @brief check if the bfd udp layer is echo-capable at this time * -- cgit 1.2.3-korg From 86326daeaa10c5ce4a8aa0b6d97c75a3bbb73493 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Mon, 24 Apr 2017 02:30:53 +0000 Subject: BFD: disable gcc6 warnings in helper macros Change-Id: Ibec3f1a2619d593accd8c560fb29d39d5617e16a Signed-off-by: Klement Sekera --- src/vnet/bfd/bfd_cli.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/vnet/bfd/bfd_cli.c') diff --git a/src/vnet/bfd/bfd_cli.c b/src/vnet/bfd/bfd_cli.c index 44e671c5..b2cd8df2 100644 --- a/src/vnet/bfd/bfd_cli.c +++ b/src/vnet/bfd/bfd_cli.c @@ -385,8 +385,19 @@ static const unsigned optional = 0; have_##n = 1; \ } +#if __GNUC__ >= 6 +#define PRAGMA_STR1 \ + _Pragma ("GCC diagnostic ignored \"-Wtautological-compare\""); +#define PRAGMA_STR2 _Pragma ("GCC diagnostic pop"); +#else +#define PRAGMA_STR1 +#define PRAGMA_STR2 +#endif + #define CHECK_MANDATORY(t, n, s, r, ...) \ + PRAGMA_STR1 \ if (mandatory == r && !have_##n) \ + PRAGMA_STR2 \ { \ ret = clib_error_return (0, "Required parameter `%s' missing.", s); \ goto out; \ -- cgit 1.2.3-korg