1 files changed, 186 insertions, 21 deletions

diff --git a/src/vnet/bfd/bfd.api b/src/vnet/bfd/bfd.api
index 5798ee698ce..17ca35b6004 100644
--- a/src/vnet/bfd/bfd.api
+++ b/src/vnet/bfd/bfd.api
@@ -21,7 +21,8 @@
     @param min_rx - desired min rx interval
     @param detect_mult - desired detection multiplier
 */
-define bfd_set_config {
+define bfd_set_config
+{
   u32 client_index;
   u32 context;
   u32 slow_timer;
@@ -34,14 +35,16 @@ define bfd_set_config {
     @param context - sender context, to match reply w/ request
     @param retval - return code for the request
 */
-define bfd_set_config_reply {
+define bfd_set_config_reply
+{
   u32 context;
   i32 retval;
 };
 
 /** \brief Get BFD configuration
 */
-define bfd_get_config {
+define bfd_get_config
+{
   u32 client_index;
   u32 context;
 };
@@ -54,7 +57,8 @@ define bfd_get_config {
     @param min_rx - desired min rx interval
     @param detect_mult - desired detection multiplier
 */
-define bfd_get_config_reply {
+define bfd_get_config_reply
+{
   u32 client_index;
   u32 context;
   u32 slow_timer;
@@ -69,12 +73,16 @@ define bfd_get_config_reply {
     @param sw_if_index - sw index of the interface
     @param desired_min_tx - desired min transmit interval (microseconds)
     @param required_min_rx - required min receive interval (microseconds)
-    @param detect_mult - detect multiplier (# of packets missed between connection goes down)
     @param local_addr - local address
     @param peer_addr - peer address
     @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
+    @param detect_mult - detect multiplier (# of packets missed before connection goes down)
+    @param is_authenticated - non-zero if authentication is required
+    @param bfd_key_id - key id sent out in BFD packets (if is_authenticated)
+    @param conf_key_id - id of already configured key (if is_authenticated)
 */
-define bfd_udp_add {
+define bfd_udp_add
+{
   u32 client_index;
   u32 context;
   u32 sw_if_index;
@@ -84,17 +92,19 @@ define bfd_udp_add {
   u8 peer_addr[16];
   u8 is_ipv6;
   u8 detect_mult;
+  u8 is_authenticated;
+  u8 bfd_key_id;
+  u32 conf_key_id;
 };
 
 /** \brief Add UDP BFD session response
     @param context - sender context, to match reply w/ request
     @param retval - return code for the request
-    @param bs_index - index of the session created
 */
-define bfd_udp_add_reply {
+define bfd_udp_add_reply
+{
   u32 context;
   i32 retval;
-  u32 bs_index;
 };
 
 /** \brief Delete UDP BFD session on interface
@@ -105,7 +115,8 @@ define bfd_udp_add_reply {
     @param peer_addr - peer address
     @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
 */
-define bfd_udp_del {
+define bfd_udp_del
+{
   u32 client_index;
   u32 context;
   u32 sw_if_index;
@@ -118,7 +129,8 @@ define bfd_udp_del {
     @param context - sender context, to match reply w/ request
     @param retval - return code for the request
 */
-define bfd_udp_del_reply {
+define bfd_udp_del_reply
+{
   u32 context;
   i32 retval;
 };
@@ -127,48 +139,61 @@ define bfd_udp_del_reply {
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
 */
-define bfd_udp_session_dump {
+define bfd_udp_session_dump
+{
   u32 client_index;
   u32 context;
 };
 
 /** \brief BFD session details structure
     @param context - sender context, to match reply w/ request
-    @param bs_index - index of the session
     @param sw_if_index - sw index of the interface
     @param local_addr - local address
     @param peer_addr - peer address
     @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
     @param state - session state
+    @param is_authenticated - non-zero if authentication in-use, zero otherwise
+    @param bfd_key_id - ID of key currently in-use if auth is on
+    @param conf_key_id - configured key ID for this session
 */
-define bfd_udp_session_details {
+define bfd_udp_session_details
+{
   u32 context;
-  u32 bs_index; 
   u32 sw_if_index;
   u8 local_addr[16];
   u8 peer_addr[16];
   u8 is_ipv6;
   u8 state;
+  u8 is_authenticated;
+  u8 bfd_key_id;
+  u32 conf_key_id;
 };
 
-/** \brief Set flags of BFD session
+/** \brief Set flags of BFD UDP session
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
-    @param bs_index - index of the bfd session to set flags on
+    @param sw_if_index - sw index of the interface
+    @param local_addr - local address
+    @param peer_addr - peer address
+    @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
     @param admin_up_down - set the admin state, 1 = up, 0 = down
 */
-define bfd_session_set_flags {
+define bfd_udp_session_set_flags
+{
   u32 client_index;
   u32 context;
-  u32 bs_index;
+  u32 sw_if_index;
+  u8 local_addr[16];
+  u8 peer_addr[16];
+  u8 is_ipv6;
   u8 admin_up_down;
 };
 
-/** \brief Reply to bfd_session_set_flags 
+/** \brief Reply to bfd_udp_session_set_flags
     @param context - sender context which was passed in the request
     @param retval - return code of the set flags request
 */
-define bfd_session_set_flags_reply
+define bfd_udp_session_set_flags_reply
 {
   u32 context;
   i32 retval;
@@ -198,6 +223,146 @@ define want_bfd_events_reply
   i32 retval;
 };
 
+/** \brief BFD UDP - add/replace key to configuration
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param conf_key_id - key ID to add/replace/delete
+    @param key_len - length of key (must be non-zero)
+    @param auth_type - authentication type (RFC 5880/4.1/Auth Type)
+    @param key - key data
+*/
+define bfd_auth_set_key
+{
+  u32 client_index;
+  u32 context;
+  u32 conf_key_id;
+  u8 key_len;
+  u8 auth_type;
+  u8 key[20];
+};
+
+/** \brief BFD UDP - add/replace key reply
+    @param context - returned sender context, to match reply w/ request
+    @param retval - return code
+*/
+define bfd_auth_set_key_reply
+{
+  u32 context;
+  i32 retval;
+};
+
+/** \brief BFD UDP - delete key from configuration
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param conf_key_id - key ID to add/replace/delete
+    @param key_len - length of key (must be non-zero)
+    @param key - key data
+*/
+define bfd_auth_del_key
+{
+  u32 client_index;
+  u32 context;
+  u32 conf_key_id;
+};
+
+/** \brief BFD UDP - delete key reply
+    @param context - returned sender context, to match reply w/ request
+    @param retval - return code
+*/
+define bfd_auth_del_key_reply
+{
+  u32 context;
+  i32 retval;
+};
+
+/** \brief Get a list of configured authentication keys
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+*/
+define bfd_auth_keys_dump
+{
+  u32 client_index;
+  u32 context;
+};
+
+/** \brief BFD authentication key details
+    @param context - sender context, to match reply w/ request
+    @param conf_key_id - configured key ID
+    @param use_count - how many BFD sessions currently use this key
+    @param auth_type - authentication type (RFC 5880/4.1/Auth Type)
+*/
+define bfd_auth_keys_details
+{
+  u32 context;
+  u32 conf_key_id;
+  u32 use_count;
+  u8 auth_type;
+};
+
+/** \brief BFD UDP - activate/change authentication
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param sw_if_index - sw index of the interface
+    @param local_addr - local address
+    @param peer_addr - peer address
+    @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
+    @param is_delayed - change is applied once peer applies the change (on first received packet with this auth)
+    @param bfd_key_id - key id sent out in BFD packets
+    @param conf_key_id - id of already configured key
+*/
+define bfd_udp_auth_activate
+{
+  u32 client_index;
+  u32 context;
+  u32 sw_if_index;
+  u8 local_addr[16];
+  u8 peer_addr[16];
+  u8 is_ipv6;
+  u8 is_delayed;
+  u8 bfd_key_id;
+  u32 conf_key_id;
+};
+
+/** \brief BFD UDP - activate/change authentication reply
+    @param context - returned sender context, to match reply w/ request
+    @param retval - return code
+*/
+define bfd_udp_auth_activate_reply
+{
+  u32 context;
+  i32 retval;
+};
+
+/** \brief BFD UDP - deactivate authentication
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param sw_if_index - sw index of the interface
+    @param local_addr - local address
+    @param peer_addr - peer address
+    @param is_ipv6 - local_addr, peer_addr are IPv6 if non-zero, otherwise IPv4
+    @param is_delayed - change is applied once peer applies the change (on first received non-authenticated packet)
+*/
+define bfd_udp_auth_deactivate
+{
+  u32 client_index;
+  u32 context;
+  u32 sw_if_index;
+  u8 local_addr[16];
+  u8 peer_addr[16];
+  u8 is_ipv6;
+  u8 is_delayed;
+};
+
+/** \brief BFD UDP - deactivate authentication reply
+    @param context - returned sender context, to match reply w/ request
+    @param retval - return code
+*/
+define bfd_udp_auth_deactivate_reply
+{
+  u32 context;
+  i32 retval;
+};
+
 /*
  * Local Variables:
  * eval: (c-set-style "gnu")