summaryrefslogtreecommitdiffstats
path: root/LICENSE
blob: 7a4a3ea2424c09fbe48d455aed1eaa94d9124835 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202

                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."

      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.

   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.

   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.

   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:

      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.

      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.

   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.

   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.

   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.

   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.

   END OF TERMS AND CONDITIONS

   APPENDIX: How to apply the Apache License to your work.

      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

   Copyright [yyyy] [name of copyright owner]

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
ass="k">* interface - interface to which this session is tied to * local-addr - local address (ipv4 or ipv6) * peer-addr - peer address (ipv4 or ipv6, must match local-addr family) * conf-key-id - local configuration key ID * bfd-key-id - BFD key ID, as carried in BFD control frames * delayed - is yes then this action is delayed until the peer performs the same action Example: > bfd udp session auth activate interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 conf-key-id 540928695 bfd-key-id 239 delayed yes Notes: * see [Delayed option] for more information ##### Deactivate authentication for existing session > bfd udp session auth deactivate interface <interface> local-addr <address> peer-addr <address> [ delayed <yes|no> ] Parameters: * interface - interface to which this session is tied to * local-addr - local address (ipv4 or ipv6) * peer-addr - peer address (ipv4 or ipv6, must match local-addr family) * delayed - is yes then this action is delayed until the peer performs the same action Example: > bfd udp session auth deactivate interface pg0 local-addr 172.16.1.1 peer-addr 172.16.1.2 Notes: * see [Delayed option] for more information ##### Set echo-source interface > bfd udp echo-source set interface <interface> Parameters: * interface - interface used for getting source address for echo packets Example: > bfd udp echo-source set interface loop0 ##### Delete echo-source interface > bfd udp echo-source del Example: > bfd udp echo-source del ### Authentication BFD sessions should be authenticated for security purposes. SHA1 and meticulous SHA1 authentication is supported by VPP. First, authentication keys are configured in VPP and afterwards they can be used by sessions. There are two key IDs in the scope of BFD session: * configuration key ID is the internal unique key ID inside VPP and is never communicated to any peer, it serves only the purpose of identifying the key * BFD key ID is the key ID carried in BFD control frames and is used for verifying authentication #### Turning auth on/off Authentication can be turned on or off at any time. Care must be taken however, to either synchronize the authentication manipulation with peer's actions to avoid the session going down. ##### Delayed option Delayed option is useful for synchronizing authentication changes with a peer. If it's specified, then authentication change is not performed immediately. In this case, VPP continues to transmit packets using the old authentication method (unauthenticated or using old sha1 key). If a packet is received, which does not pass the current authentication, then VPP tries to authenticate it using the new method (which might be none, if deactivating authentication) and if it passes, then the new authentication method is put in use. The recommended procedure for enabling/changing/disabling session authentication is: 1. perform authentication change on vpp's side with delayed option set to yes 2. perform authentication change on peer's side (without delayed option) Notes: * if both peers use delayed option at the same time, the change will never be carried out, since none of the peers will see any packet with the new authentication which could trigger the change * remote peer does not need to support or even be aware of this mechanism for it to work properly ### Echo function Echo function is used by VPP whenever a peer declares the willingness to support it, echo-source is set and it contains a usable subnet (see below). When echo function is switched on, the required min rx interval advertised to peer is set to 1 second (or the configured value, if its higher). #### Echo source address Because echo packets are only looped back (and not processed in any way) by a peer, it's necessary to set the source address in a way which avoids packet drop due to spoofing protection by VPP. Per RFC, the source address should not be in the subnet set on the interface over which the echo packets are sent. Also, it must not be any VPP-local address, otherwise the packet gets dropped on receipt by VPP. The solution is to create a loopback interface with a (private) IPv4/IPv6 subnet assigned as echo-source. The BFD then picks an unused address from the subnet by flipping the last bit and uses that as source address in the echo packets, thus meeting RFC recommendation while avoiding spoofing protection. Example: if 10.10.10.3/31 is the subnet, then 10.10.10.2 will be used as source address in (IPv4) echo packets ### Demand mode Demand mode is respected by VPP, but not used locally. The only scenario when demand mode could make sense currently is when echo is active. Because echo packets are inherently insecure against an adversary looping them back a poll sequence would be required for slow periodic connectivity verification anyway. It's more efficient to just ask the remote peer to send slow periodic control frames without VPP initiating periodic poll sequences. ### Admin-down Session may be put admin-down at any time. This immediately causes the state to be changed to AdminDown and remain so unless the session is put admin-up. ## BFD implementation notes Because BFD can work over different transport layers, the BFD code is separated into core BFD functionality - main module implemented in bfd_main.c and transport-specific code implemented in bfd_udp.c. ### Main module Main module is responsible for handling all the BFD functionality defined in RFC 5880. #### Internal API Internal APIs defined in bfd_main.h are called from transport-specific code to create/modify/delete #### Packet receipt When a packet is received by the transport layer, it is forwarded to main module (to main thread) via an RPC call. At this point, the authentication has been verified, so the packet is consumed, session parameters are updated accordingly and state change (if applicable). Based on these, the timeouts are adjusted if required and an event is sent to the process node to wake up and recalculate sleep time. #### Packet transmit Main module allocates a vlib_buffer_t, creates the required BFD frame (control or echo in it), then calls the transport layer to add the transport layer. Then a frame containing the buffer to the aprropriate node is created and enqueued. #### Process node Main module implements one process node which is a simple loop. The process node gets next timeout from the timer wheel, sleeps until the timeout expires and then calls a timeout routine which drives the state machine for each session which timed out. The sleep is interrupted externally via vlib event, when a session is added or modified in a way which might require timer wheel manipulation. In this case the caller inserts the necessary timeout to timer wheel and then signals the process node to wake up early, handle possible timeouts and recalculate the sleep time again. #### State machine Default state of BFD session when created is Down, per RFC 5880. State changes to Init, Up or Down based on events like received state from peer and timeouts. The session state can be set AdminDown using a binary API, which prevents it from going to any other state, until this limitation is removed. This state is advertised to peers in slow periodic control frames. For each session, the following timeouts are maintained: 1. tx timeout - used for sending out control frames 2. rx timeout - used for detecting session timeout 3. echo tx timeout - used for sending out echo frames 3. echo rx timeout - used for detecting session timeout based on echo These timeouts are maintained in cpu clocks and recalculated when appropriate (e.g. rx timeout is bumped when a packet is received, keeping the session alive). Only the earliest timeout is inserted into the timer wheel at a time and timer wheel events are never deleted, rather spurious events are ignored. This allows efficient operation, like not inserting events into timing wheel for each packet received or ignoring left-over events in case a bfd session gets removed and a new one is recreated with the same session index. #### Authentication keys management Authentication keys are managed internally in a pool, with each key tracking it's use count. The removal/modification is only allowed if the key is not in use. ### UDP module UDP module is responsible for: 1. public APIs/CLIs to configure BFD over UDP. 2. support code called by main module to encapsulate/decapsulate BFD packets This module implements two graph nodes - for consuming ipv4 and ipv6 packets target at BFD ports 3874 and 3875. #### Packet receipt BFD packet receipt receipt starts in the bfd udp graph nodes. Since the code needs to verify IP/UDP header data, it relies on ip4-local (and ip6-local) nodes to store pointers to the appropriate headers. First, your discriminator is extracted from BFD packet and used to lookup the existing session. In case it's zero, the pair of IP addresses and sw_if_index is used to lookup session. Then, main module is called to verify the authentication, if present. Afterwards a check is made if the IP/UDP headers are correct. If yes, then an RPC call is made to the main thread to consume the packet and take action upon it. #### Packet transmission When process node decides that there is a need to transmit the packet, it creates a buffer, fills the BFD frame data in and calls the UDP module to add the transport layer. This is a simple operation for the control frames consisting of just adding UDP/IP headers based on session data. For echo frames, an additional step, looking at the echo-source interface and picking and address is performed and if this fails, then the packet cannot be transmitted and an error is returned to main thread.