]> git.proxmox.com Git - mirror_frr.git/blob - bfdd/bfd_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #11759 from donaldsharp/bfd_noarp
[mirror_frr.git] / bfdd / bfd_packet.c
1 /*********************************************************************
2 * Copyright 2017 Cumulus Networks, Inc. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the Free
6 * Software Foundation; either version 2 of the License, or (at your option)
7 * any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; see the file COPYING; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 *
18 * bfd_packet.c: implements the BFD protocol packet handling.
19 *
20 * Authors
21 * -------
22 * Shrijeet Mukherjee [shm@cumulusnetworks.com]
23 * Kanna Rajagopal [kanna@cumulusnetworks.com]
24 * Radhika Mahankali [Radhika@cumulusnetworks.com]
25 */
26
27 #include <zebra.h>
28
29 #ifdef BFD_LINUX
30 #include <linux/if_packet.h>
31 #endif /* BFD_LINUX */
32
33 #include <netinet/if_ether.h>
34 #include <netinet/udp.h>
35
36 #include "lib/sockopt.h"
37 #include "lib/checksum.h"
38 #include "lib/network.h"
39
40 #include "bfd.h"
41
42 /*
43 * Prototypes
44 */
45 static int ptm_bfd_process_echo_pkt(struct bfd_vrf_global *bvrf, int s);
46 int _ptm_bfd_send(struct bfd_session *bs, uint16_t *port, const void *data,
47 size_t datalen);
48
49 static void bfd_sd_reschedule(struct bfd_vrf_global *bvrf, int sd);
50 ssize_t bfd_recv_ipv4(int sd, uint8_t *msgbuf, size_t msgbuflen, uint8_t *ttl,
51 ifindex_t *ifindex, struct sockaddr_any *local,
52 struct sockaddr_any *peer);
53 ssize_t bfd_recv_ipv6(int sd, uint8_t *msgbuf, size_t msgbuflen, uint8_t *ttl,
54 ifindex_t *ifindex, struct sockaddr_any *local,
55 struct sockaddr_any *peer);
56 int bp_udp_send(int sd, uint8_t ttl, uint8_t *data, size_t datalen,
57 struct sockaddr *to, socklen_t tolen);
58 int bp_bfd_echo_in(struct bfd_vrf_global *bvrf, int sd,
59 uint8_t *ttl, uint32_t *my_discr);
60 #ifdef BFD_LINUX
61 ssize_t bfd_recv_ipv4_fp(int sd, uint8_t *msgbuf, size_t msgbuflen,
62 uint8_t *ttl, ifindex_t *ifindex,
63 struct sockaddr_any *local, struct sockaddr_any *peer);
64 void bfd_peer_mac_set(int sd, struct bfd_session *bfd,
65 struct sockaddr_any *peer, struct interface *ifp);
66 int bp_udp_send_fp(int sd, uint8_t *data, size_t datalen,
67 struct bfd_session *bfd);
68 ssize_t bfd_recv_fp_echo(int sd, uint8_t *msgbuf, size_t msgbuflen,
69 uint8_t *ttl, ifindex_t *ifindex,
70 struct sockaddr_any *local, struct sockaddr_any *peer);
71 #endif
72
73 /* socket related prototypes */
74 static void bp_set_ipopts(int sd);
75 static void bp_bind_ip(int sd, uint16_t port);
76 static void bp_set_ipv6opts(int sd);
77 static void bp_bind_ipv6(int sd, uint16_t port);
78
79
80 /*
81 * Functions
82 */
83 int _ptm_bfd_send(struct bfd_session *bs, uint16_t *port, const void *data,
84 size_t datalen)
85 {
86 struct sockaddr *sa;
87 struct sockaddr_in sin;
88 struct sockaddr_in6 sin6;
89 socklen_t slen;
90 ssize_t rv;
91 int sd = -1;
92
93 if (CHECK_FLAG(bs->flags, BFD_SESS_FLAG_IPV6)) {
94 memset(&sin6, 0, sizeof(sin6));
95 sin6.sin6_family = AF_INET6;
96 memcpy(&sin6.sin6_addr, &bs->key.peer, sizeof(sin6.sin6_addr));
97 if (bs->ifp && IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr))
98 sin6.sin6_scope_id = bs->ifp->ifindex;
99
100 sin6.sin6_port =
101 (port) ? *port
102 : (CHECK_FLAG(bs->flags, BFD_SESS_FLAG_MH))
103 ? htons(BFD_DEF_MHOP_DEST_PORT)
104 : htons(BFD_DEFDESTPORT);
105
106 sd = bs->sock;
107 sa = (struct sockaddr *)&sin6;
108 slen = sizeof(sin6);
109 } else {
110 memset(&sin, 0, sizeof(sin));
111 sin.sin_family = AF_INET;
112 memcpy(&sin.sin_addr, &bs->key.peer, sizeof(sin.sin_addr));
113 sin.sin_port =
114 (port) ? *port
115 : (CHECK_FLAG(bs->flags, BFD_SESS_FLAG_MH))
116 ? htons(BFD_DEF_MHOP_DEST_PORT)
117 : htons(BFD_DEFDESTPORT);
118
119 sd = bs->sock;
120 sa = (struct sockaddr *)&sin;
121 slen = sizeof(sin);
122 }
123
124 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
125 sa->sa_len = slen;
126 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
127 rv = sendto(sd, data, datalen, 0, sa, slen);
128 if (rv <= 0) {
129 if (bglobal.debug_network)
130 zlog_debug("packet-send: send failure: %s",
131 strerror(errno));
132 return -1;
133 }
134 if (rv < (ssize_t)datalen) {
135 if (bglobal.debug_network)
136 zlog_debug("packet-send: send partial: %s",
137 strerror(errno));
138 }
139
140 return 0;
141 }
142
143 #ifdef BFD_LINUX
144 /*
145 * Compute the UDP checksum.
146 *
147 * Checksum is not set in the packet, just computed.
148 *
149 * pkt
150 * Packet, fully filled out except for checksum field.
151 *
152 * pktsize
153 * sizeof(*pkt)
154 *
155 * ip
156 * IP address that pkt will be transmitted from and too.
157 *
158 * Returns:
159 * Checksum in network byte order.
160 */
161 static uint16_t bfd_pkt_checksum(struct udphdr *pkt, size_t pktsize,
162 struct in6_addr *ip, sa_family_t family)
163 {
164 uint16_t chksum;
165
166 pkt->check = 0;
167
168 if (family == AF_INET6) {
169 struct ipv6_ph ph = {};
170
171 memcpy(&ph.src, ip, sizeof(ph.src));
172 memcpy(&ph.dst, ip, sizeof(ph.dst));
173 ph.ulpl = htons(pktsize);
174 ph.next_hdr = IPPROTO_UDP;
175 chksum = in_cksum_with_ph6(&ph, pkt, pktsize);
176 } else {
177 struct ipv4_ph ph = {};
178
179 memcpy(&ph.src, ip, sizeof(ph.src));
180 memcpy(&ph.dst, ip, sizeof(ph.dst));
181 ph.proto = IPPROTO_UDP;
182 ph.len = htons(pktsize);
183 chksum = in_cksum_with_ph4(&ph, pkt, pktsize);
184 }
185
186 return chksum;
187 }
188
189 /*
190 * This routine creates the entire ECHO packet so that it will be looped
191 * in the forwarding plane of the peer router instead of going up the
192 * stack in BFD to be looped. If we haven't learned the peers MAC yet
193 * no echo is sent.
194 *
195 * echo packet with src/dst IP equal to local IP
196 * dest MAC as peer's MAC
197 *
198 * currently support ipv4
199 */
200 void ptm_bfd_echo_fp_snd(struct bfd_session *bfd)
201 {
202 int sd;
203 struct bfd_vrf_global *bvrf = bfd_vrf_look_by_session(bfd);
204 int total_len = 0;
205 struct ethhdr *eth;
206 struct udphdr *uh;
207 struct iphdr *iph;
208 struct bfd_echo_pkt *beph;
209 static char sendbuff[100];
210
211 if (!bvrf)
212 return;
213 if (!CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_MAC_SET))
214 return;
215 if (!CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE))
216 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE);
217
218 memset(sendbuff, 0, sizeof(sendbuff));
219
220 /* add eth hdr */
221 eth = (struct ethhdr *)(sendbuff);
222 memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(eth->h_source));
223 memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(eth->h_dest));
224
225 total_len += sizeof(struct ethhdr);
226
227 sd = bvrf->bg_echo;
228 eth->h_proto = htons(ETH_P_IP);
229
230 /* add ip hdr */
231 iph = (struct iphdr *)(sendbuff + sizeof(struct ethhdr));
232
233 iph->ihl = sizeof(struct ip) >> 2;
234 iph->version = IPVERSION;
235 iph->tos = IPTOS_PREC_INTERNETCONTROL;
236 iph->id = (uint16_t)frr_weak_random();
237 iph->ttl = BFD_TTL_VAL;
238 iph->protocol = IPPROTO_UDP;
239 memcpy(&iph->saddr, &bfd->local_address.sa_sin.sin_addr,
240 sizeof(bfd->local_address.sa_sin.sin_addr));
241 memcpy(&iph->daddr, &bfd->local_address.sa_sin.sin_addr,
242 sizeof(bfd->local_address.sa_sin.sin_addr));
243 total_len += sizeof(struct iphdr);
244
245 /* add udp hdr */
246 uh = (struct udphdr *)(sendbuff + sizeof(struct iphdr) +
247 sizeof(struct ethhdr));
248 uh->source = htons(BFD_DEF_ECHO_PORT);
249 uh->dest = htons(BFD_DEF_ECHO_PORT);
250
251 total_len += sizeof(struct udphdr);
252
253 /* add bfd echo */
254 beph = (struct bfd_echo_pkt *)(sendbuff + sizeof(struct udphdr) +
255 sizeof(struct iphdr) +
256 sizeof(struct ethhdr));
257
258 beph->ver = BFD_ECHO_VERSION;
259 beph->len = BFD_ECHO_PKT_LEN;
260 beph->my_discr = htonl(bfd->discrs.my_discr);
261
262 total_len += sizeof(struct bfd_echo_pkt);
263 uh->len =
264 htons(total_len - sizeof(struct iphdr) - sizeof(struct ethhdr));
265 uh->check = bfd_pkt_checksum(
266 uh, (total_len - sizeof(struct iphdr) - sizeof(struct ethhdr)),
267 (struct in6_addr *)&iph->saddr, AF_INET);
268
269 iph->tot_len = htons(total_len - sizeof(struct ethhdr));
270 iph->check = in_cksum((const void *)iph, sizeof(struct iphdr));
271
272 if (bp_udp_send_fp(sd, (uint8_t *)&sendbuff, total_len, bfd) == -1)
273 return;
274
275 bfd->stats.tx_echo_pkt++;
276 }
277 #endif
278
279 void ptm_bfd_echo_snd(struct bfd_session *bfd)
280 {
281 struct sockaddr *sa;
282 socklen_t salen;
283 int sd;
284 struct bfd_echo_pkt bep;
285 struct sockaddr_in sin;
286 struct sockaddr_in6 sin6;
287 struct bfd_vrf_global *bvrf = bfd_vrf_look_by_session(bfd);
288
289 if (!bvrf)
290 return;
291 if (!CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE))
292 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE);
293
294 memset(&bep, 0, sizeof(bep));
295 bep.ver = BFD_ECHO_VERSION;
296 bep.len = BFD_ECHO_PKT_LEN;
297 bep.my_discr = htonl(bfd->discrs.my_discr);
298
299 if (CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_IPV6)) {
300 if (bvrf->bg_echov6 == -1)
301 return;
302 sd = bvrf->bg_echov6;
303 memset(&sin6, 0, sizeof(sin6));
304 sin6.sin6_family = AF_INET6;
305 memcpy(&sin6.sin6_addr, &bfd->key.peer, sizeof(sin6.sin6_addr));
306 if (bfd->ifp && IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr))
307 sin6.sin6_scope_id = bfd->ifp->ifindex;
308
309 sin6.sin6_port = htons(BFD_DEF_ECHO_PORT);
310 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
311 sin6.sin6_len = sizeof(sin6);
312 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
313
314 sa = (struct sockaddr *)&sin6;
315 salen = sizeof(sin6);
316 } else {
317 sd = bvrf->bg_echo;
318 memset(&sin, 0, sizeof(sin));
319 sin.sin_family = AF_INET;
320 memcpy(&sin.sin_addr, &bfd->key.peer, sizeof(sin.sin_addr));
321 sin.sin_port = htons(BFD_DEF_ECHO_PORT);
322 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
323 sin.sin_len = sizeof(sin);
324 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
325
326 sa = (struct sockaddr *)&sin;
327 salen = sizeof(sin);
328 }
329 if (bp_udp_send(sd, BFD_TTL_VAL, (uint8_t *)&bep, sizeof(bep), sa,
330 salen)
331 == -1)
332 return;
333
334 bfd->stats.tx_echo_pkt++;
335 }
336
337 static int ptm_bfd_process_echo_pkt(struct bfd_vrf_global *bvrf, int s)
338 {
339 struct bfd_session *bfd;
340 uint32_t my_discr = 0;
341 uint8_t ttl = 0;
342
343 /* Receive and parse echo packet. */
344 if (bp_bfd_echo_in(bvrf, s, &ttl, &my_discr) == -1)
345 return 0;
346
347 /* Your discriminator not zero - use it to find session */
348 bfd = bfd_id_lookup(my_discr);
349 if (bfd == NULL) {
350 if (bglobal.debug_network)
351 zlog_debug("echo-packet: no matching session (id:%u)",
352 my_discr);
353 return -1;
354 }
355
356 if (!CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE)) {
357 if (bglobal.debug_network)
358 zlog_debug("echo-packet: echo disabled [%s] (id:%u)",
359 bs_to_string(bfd), my_discr);
360 return -1;
361 }
362
363 bfd->stats.rx_echo_pkt++;
364
365 /* Compute detect time */
366 bfd->echo_detect_TO = bfd->remote_detect_mult * bfd->echo_xmt_TO;
367
368 /* Update echo receive timeout. */
369 if (bfd->echo_detect_TO > 0)
370 bfd_echo_recvtimer_update(bfd);
371
372 return 0;
373 }
374
375 void ptm_bfd_snd(struct bfd_session *bfd, int fbit)
376 {
377 struct bfd_pkt cp = {};
378
379 /* Set fields according to section 6.5.7 */
380 cp.diag = bfd->local_diag;
381 BFD_SETVER(cp.diag, BFD_VERSION);
382 cp.flags = 0;
383 BFD_SETSTATE(cp.flags, bfd->ses_state);
384
385 if (CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_CBIT))
386 BFD_SETCBIT(cp.flags, BFD_CBIT);
387
388 BFD_SETDEMANDBIT(cp.flags, BFD_DEF_DEMAND);
389
390 /*
391 * Polling and Final can't be set at the same time.
392 *
393 * RFC 5880, Section 6.5.
394 */
395 BFD_SETFBIT(cp.flags, fbit);
396 if (fbit == 0)
397 BFD_SETPBIT(cp.flags, bfd->polling);
398
399 cp.detect_mult = bfd->detect_mult;
400 cp.len = BFD_PKT_LEN;
401 cp.discrs.my_discr = htonl(bfd->discrs.my_discr);
402 cp.discrs.remote_discr = htonl(bfd->discrs.remote_discr);
403 if (bfd->polling) {
404 cp.timers.desired_min_tx =
405 htonl(bfd->timers.desired_min_tx);
406 cp.timers.required_min_rx =
407 htonl(bfd->timers.required_min_rx);
408 } else {
409 /*
410 * We can only announce current setting on poll, this
411 * avoids timing mismatch with our peer and give it
412 * the oportunity to learn. See `bs_final_handler` for
413 * more information.
414 */
415 cp.timers.desired_min_tx =
416 htonl(bfd->cur_timers.desired_min_tx);
417 cp.timers.required_min_rx =
418 htonl(bfd->cur_timers.required_min_rx);
419 }
420 cp.timers.required_min_echo = htonl(bfd->timers.required_min_echo_rx);
421
422 if (_ptm_bfd_send(bfd, NULL, &cp, BFD_PKT_LEN) != 0)
423 return;
424
425 bfd->stats.tx_ctrl_pkt++;
426 }
427
428 #ifdef BFD_LINUX
429 /*
430 * receive the ipv4 echo packet that was loopback in the peers forwarding plane
431 */
432 ssize_t bfd_recv_ipv4_fp(int sd, uint8_t *msgbuf, size_t msgbuflen,
433 uint8_t *ttl, ifindex_t *ifindex,
434 struct sockaddr_any *local, struct sockaddr_any *peer)
435 {
436 ssize_t mlen;
437 struct sockaddr_ll msgaddr;
438 struct msghdr msghdr;
439 struct iovec iov[1];
440 uint16_t recv_checksum;
441 uint16_t checksum;
442 struct iphdr *ip;
443 struct udphdr *uh;
444
445 /* Prepare the recvmsg params. */
446 iov[0].iov_base = msgbuf;
447 iov[0].iov_len = msgbuflen;
448
449 memset(&msghdr, 0, sizeof(msghdr));
450 msghdr.msg_name = &msgaddr;
451 msghdr.msg_namelen = sizeof(msgaddr);
452 msghdr.msg_iov = iov;
453 msghdr.msg_iovlen = 1;
454
455 mlen = recvmsg(sd, &msghdr, MSG_DONTWAIT);
456 if (mlen == -1) {
457 if (errno != EAGAIN || errno != EWOULDBLOCK || errno != EINTR)
458 zlog_err("%s: recv failed: %s", __func__,
459 strerror(errno));
460
461 return -1;
462 }
463
464 ip = (struct iphdr *)(msgbuf + sizeof(struct ethhdr));
465
466 /* verify ip checksum */
467 recv_checksum = ip->check;
468 ip->check = 0;
469 checksum = in_cksum((const void *)ip, sizeof(struct iphdr));
470 if (recv_checksum != checksum) {
471 if (bglobal.debug_network)
472 zlog_debug(
473 "%s: invalid iphdr checksum expected 0x%x rcvd 0x%x",
474 __func__, checksum, recv_checksum);
475 return -1;
476 }
477
478 *ttl = ip->ttl;
479 if (*ttl != 254) {
480 /* Echo should be looped in peer's forwarding plane, but it also
481 * comes up to BFD so silently drop it
482 */
483 if (ip->daddr == ip->saddr)
484 return -1;
485
486 if (bglobal.debug_network)
487 zlog_debug("%s: invalid TTL: %u", __func__, *ttl);
488 return -1;
489 }
490
491 local->sa_sin.sin_family = AF_INET;
492 memcpy(&local->sa_sin.sin_addr, &ip->saddr, sizeof(ip->saddr));
493 peer->sa_sin.sin_family = AF_INET;
494 memcpy(&peer->sa_sin.sin_addr, &ip->daddr, sizeof(ip->daddr));
495
496 *ifindex = msgaddr.sll_ifindex;
497
498 /* verify udp checksum */
499 uh = (struct udphdr *)(msgbuf + sizeof(struct iphdr) +
500 sizeof(struct ethhdr));
501 recv_checksum = uh->check;
502 uh->check = 0;
503 checksum = bfd_pkt_checksum(uh, ntohs(uh->len),
504 (struct in6_addr *)&ip->saddr, AF_INET);
505 if (recv_checksum != checksum) {
506 if (bglobal.debug_network)
507 zlog_debug(
508 "%s: invalid udphdr checksum expected 0x%x rcvd 0x%x",
509 __func__, checksum, recv_checksum);
510 return -1;
511 }
512 return mlen;
513 }
514 #endif
515
516 ssize_t bfd_recv_ipv4(int sd, uint8_t *msgbuf, size_t msgbuflen, uint8_t *ttl,
517 ifindex_t *ifindex, struct sockaddr_any *local,
518 struct sockaddr_any *peer)
519 {
520 struct cmsghdr *cm;
521 ssize_t mlen;
522 struct sockaddr_in msgaddr;
523 struct msghdr msghdr;
524 struct iovec iov[1];
525 uint8_t cmsgbuf[255];
526
527 /* Prepare the recvmsg params. */
528 iov[0].iov_base = msgbuf;
529 iov[0].iov_len = msgbuflen;
530
531 memset(&msghdr, 0, sizeof(msghdr));
532 msghdr.msg_name = &msgaddr;
533 msghdr.msg_namelen = sizeof(msgaddr);
534 msghdr.msg_iov = iov;
535 msghdr.msg_iovlen = 1;
536 msghdr.msg_control = cmsgbuf;
537 msghdr.msg_controllen = sizeof(cmsgbuf);
538
539 mlen = recvmsg(sd, &msghdr, MSG_DONTWAIT);
540 if (mlen == -1) {
541 if (errno != EAGAIN)
542 zlog_err("ipv4-recv: recv failed: %s", strerror(errno));
543
544 return -1;
545 }
546
547 /* Get source address */
548 peer->sa_sin = *((struct sockaddr_in *)(msghdr.msg_name));
549
550 /* Get and check TTL */
551 for (cm = CMSG_FIRSTHDR(&msghdr); cm != NULL;
552 cm = CMSG_NXTHDR(&msghdr, cm)) {
553 if (cm->cmsg_level != IPPROTO_IP)
554 continue;
555
556 switch (cm->cmsg_type) {
557 #ifdef BFD_LINUX
558 case IP_TTL: {
559 uint32_t ttlval;
560
561 memcpy(&ttlval, CMSG_DATA(cm), sizeof(ttlval));
562 if (ttlval > 255) {
563 if (bglobal.debug_network)
564 zlog_debug("ipv4-recv: invalid TTL: %u",
565 ttlval);
566 return -1;
567 }
568 *ttl = ttlval;
569 break;
570 }
571
572 case IP_PKTINFO: {
573 struct in_pktinfo *pi =
574 (struct in_pktinfo *)CMSG_DATA(cm);
575
576 if (pi == NULL)
577 break;
578
579 local->sa_sin.sin_family = AF_INET;
580 local->sa_sin.sin_addr = pi->ipi_addr;
581 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
582 local->sa_sin.sin_len = sizeof(local->sa_sin);
583 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
584
585 *ifindex = pi->ipi_ifindex;
586 break;
587 }
588 #endif /* BFD_LINUX */
589 #ifdef BFD_BSD
590 case IP_RECVTTL: {
591 memcpy(ttl, CMSG_DATA(cm), sizeof(*ttl));
592 break;
593 }
594
595 case IP_RECVDSTADDR: {
596 struct in_addr ia;
597
598 memcpy(&ia, CMSG_DATA(cm), sizeof(ia));
599 local->sa_sin.sin_family = AF_INET;
600 local->sa_sin.sin_addr = ia;
601 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
602 local->sa_sin.sin_len = sizeof(local->sa_sin);
603 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
604 break;
605 }
606 #endif /* BFD_BSD */
607
608 default:
609 /*
610 * On *BSDs we expect to land here when skipping
611 * the IP_RECVIF header. It will be handled by
612 * getsockopt_ifindex() below.
613 */
614 /* NOTHING */
615 break;
616 }
617 }
618
619 /* OS agnostic way of getting interface name. */
620 if (*ifindex == IFINDEX_INTERNAL)
621 *ifindex = getsockopt_ifindex(AF_INET, &msghdr);
622
623 return mlen;
624 }
625
626 ssize_t bfd_recv_ipv6(int sd, uint8_t *msgbuf, size_t msgbuflen, uint8_t *ttl,
627 ifindex_t *ifindex, struct sockaddr_any *local,
628 struct sockaddr_any *peer)
629 {
630 struct cmsghdr *cm;
631 struct in6_pktinfo *pi6 = NULL;
632 ssize_t mlen;
633 uint32_t ttlval;
634 struct sockaddr_in6 msgaddr6;
635 struct msghdr msghdr6;
636 struct iovec iov[1];
637 uint8_t cmsgbuf6[255];
638
639 /* Prepare the recvmsg params. */
640 iov[0].iov_base = msgbuf;
641 iov[0].iov_len = msgbuflen;
642
643 memset(&msghdr6, 0, sizeof(msghdr6));
644 msghdr6.msg_name = &msgaddr6;
645 msghdr6.msg_namelen = sizeof(msgaddr6);
646 msghdr6.msg_iov = iov;
647 msghdr6.msg_iovlen = 1;
648 msghdr6.msg_control = cmsgbuf6;
649 msghdr6.msg_controllen = sizeof(cmsgbuf6);
650
651 mlen = recvmsg(sd, &msghdr6, MSG_DONTWAIT);
652 if (mlen == -1) {
653 if (errno != EAGAIN)
654 zlog_err("ipv6-recv: recv failed: %s", strerror(errno));
655
656 return -1;
657 }
658
659 /* Get source address */
660 peer->sa_sin6 = *((struct sockaddr_in6 *)(msghdr6.msg_name));
661
662 /* Get and check TTL */
663 for (cm = CMSG_FIRSTHDR(&msghdr6); cm != NULL;
664 cm = CMSG_NXTHDR(&msghdr6, cm)) {
665 if (cm->cmsg_level != IPPROTO_IPV6)
666 continue;
667
668 if (cm->cmsg_type == IPV6_HOPLIMIT) {
669 memcpy(&ttlval, CMSG_DATA(cm), sizeof(ttlval));
670 if (ttlval > 255) {
671 if (bglobal.debug_network)
672 zlog_debug("ipv6-recv: invalid TTL: %u",
673 ttlval);
674 return -1;
675 }
676
677 *ttl = ttlval;
678 } else if (cm->cmsg_type == IPV6_PKTINFO) {
679 pi6 = (struct in6_pktinfo *)CMSG_DATA(cm);
680 if (pi6) {
681 local->sa_sin6.sin6_family = AF_INET6;
682 local->sa_sin6.sin6_addr = pi6->ipi6_addr;
683 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
684 local->sa_sin6.sin6_len = sizeof(local->sa_sin6);
685 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
686
687 *ifindex = pi6->ipi6_ifindex;
688
689 /* Set scope ID for link local addresses. */
690 if (IN6_IS_ADDR_LINKLOCAL(
691 &peer->sa_sin6.sin6_addr))
692 peer->sa_sin6.sin6_scope_id = *ifindex;
693 if (IN6_IS_ADDR_LINKLOCAL(
694 &local->sa_sin6.sin6_addr))
695 local->sa_sin6.sin6_scope_id = *ifindex;
696 }
697 }
698 }
699
700 return mlen;
701 }
702
703 static void bfd_sd_reschedule(struct bfd_vrf_global *bvrf, int sd)
704 {
705 if (sd == bvrf->bg_shop) {
706 THREAD_OFF(bvrf->bg_ev[0]);
707 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop,
708 &bvrf->bg_ev[0]);
709 } else if (sd == bvrf->bg_mhop) {
710 THREAD_OFF(bvrf->bg_ev[1]);
711 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop,
712 &bvrf->bg_ev[1]);
713 } else if (sd == bvrf->bg_shop6) {
714 THREAD_OFF(bvrf->bg_ev[2]);
715 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop6,
716 &bvrf->bg_ev[2]);
717 } else if (sd == bvrf->bg_mhop6) {
718 THREAD_OFF(bvrf->bg_ev[3]);
719 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop6,
720 &bvrf->bg_ev[3]);
721 } else if (sd == bvrf->bg_echo) {
722 THREAD_OFF(bvrf->bg_ev[4]);
723 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echo,
724 &bvrf->bg_ev[4]);
725 } else if (sd == bvrf->bg_echov6) {
726 THREAD_OFF(bvrf->bg_ev[5]);
727 thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echov6,
728 &bvrf->bg_ev[5]);
729 }
730 }
731
732 static void cp_debug(bool mhop, struct sockaddr_any *peer,
733 struct sockaddr_any *local, ifindex_t ifindex,
734 vrf_id_t vrfid, const char *fmt, ...)
735 {
736 char buf[512], peerstr[128], localstr[128], portstr[64], vrfstr[64];
737 va_list vl;
738
739 /* Don't to any processing if debug is disabled. */
740 if (bglobal.debug_network == false)
741 return;
742
743 if (peer->sa_sin.sin_family)
744 snprintf(peerstr, sizeof(peerstr), " peer:%s", satostr(peer));
745 else
746 peerstr[0] = 0;
747
748 if (local->sa_sin.sin_family)
749 snprintf(localstr, sizeof(localstr), " local:%s",
750 satostr(local));
751 else
752 localstr[0] = 0;
753
754 if (ifindex != IFINDEX_INTERNAL)
755 snprintf(portstr, sizeof(portstr), " port:%u", ifindex);
756 else
757 portstr[0] = 0;
758
759 if (vrfid != VRF_DEFAULT)
760 snprintf(vrfstr, sizeof(vrfstr), " vrf:%u", vrfid);
761 else
762 vrfstr[0] = 0;
763
764 va_start(vl, fmt);
765 vsnprintf(buf, sizeof(buf), fmt, vl);
766 va_end(vl);
767
768 zlog_debug("control-packet: %s [mhop:%s%s%s%s%s]", buf,
769 mhop ? "yes" : "no", peerstr, localstr, portstr, vrfstr);
770 }
771
772 void bfd_recv_cb(struct thread *t)
773 {
774 int sd = THREAD_FD(t);
775 struct bfd_session *bfd;
776 struct bfd_pkt *cp;
777 bool is_mhop;
778 ssize_t mlen = 0;
779 uint8_t ttl = 0;
780 vrf_id_t vrfid;
781 ifindex_t ifindex = IFINDEX_INTERNAL;
782 struct sockaddr_any local, peer;
783 uint8_t msgbuf[1516];
784 struct interface *ifp = NULL;
785 struct bfd_vrf_global *bvrf = THREAD_ARG(t);
786
787 /* Schedule next read. */
788 bfd_sd_reschedule(bvrf, sd);
789
790 /* Handle echo packets. */
791 if (sd == bvrf->bg_echo || sd == bvrf->bg_echov6) {
792 ptm_bfd_process_echo_pkt(bvrf, sd);
793 return;
794 }
795
796 /* Sanitize input/output. */
797 memset(&local, 0, sizeof(local));
798 memset(&peer, 0, sizeof(peer));
799
800 /* Handle control packets. */
801 is_mhop = false;
802 if (sd == bvrf->bg_shop || sd == bvrf->bg_mhop) {
803 is_mhop = sd == bvrf->bg_mhop;
804 mlen = bfd_recv_ipv4(sd, msgbuf, sizeof(msgbuf), &ttl, &ifindex,
805 &local, &peer);
806 } else if (sd == bvrf->bg_shop6 || sd == bvrf->bg_mhop6) {
807 is_mhop = sd == bvrf->bg_mhop6;
808 mlen = bfd_recv_ipv6(sd, msgbuf, sizeof(msgbuf), &ttl, &ifindex,
809 &local, &peer);
810 }
811
812 /*
813 * With netns backend, we have a separate socket in each VRF. It means
814 * that bvrf here is correct and we believe the bvrf->vrf->vrf_id.
815 * With VRF-lite backend, we have a single socket in the default VRF.
816 * It means that we can't believe the bvrf->vrf->vrf_id. But in
817 * VRF-lite, the ifindex is globally unique, so we can retrieve the
818 * correct vrf_id from the interface.
819 */
820 vrfid = bvrf->vrf->vrf_id;
821 if (ifindex) {
822 ifp = if_lookup_by_index(ifindex, vrfid);
823 if (ifp)
824 vrfid = ifp->vrf->vrf_id;
825 }
826
827 /* Implement RFC 5880 6.8.6 */
828 if (mlen < BFD_PKT_LEN) {
829 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
830 "too small (%ld bytes)", mlen);
831 return;
832 }
833
834 /* Validate single hop packet TTL. */
835 if ((!is_mhop) && (ttl != BFD_TTL_VAL)) {
836 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
837 "invalid TTL: %d expected %d", ttl, BFD_TTL_VAL);
838 return;
839 }
840
841 /*
842 * Parse the control header for inconsistencies:
843 * - Invalid version;
844 * - Bad multiplier configuration;
845 * - Short packets;
846 * - Invalid discriminator;
847 */
848 cp = (struct bfd_pkt *)(msgbuf);
849 if (BFD_GETVER(cp->diag) != BFD_VERSION) {
850 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
851 "bad version %d", BFD_GETVER(cp->diag));
852 return;
853 }
854
855 if (cp->detect_mult == 0) {
856 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
857 "detect multiplier set to zero");
858 return;
859 }
860
861 if ((cp->len < BFD_PKT_LEN) || (cp->len > mlen)) {
862 cp_debug(is_mhop, &peer, &local, ifindex, vrfid, "too small");
863 return;
864 }
865
866 if (cp->discrs.my_discr == 0) {
867 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
868 "'my discriminator' is zero");
869 return;
870 }
871
872 /* Find the session that this packet belongs. */
873 bfd = ptm_bfd_sess_find(cp, &peer, &local, ifp, vrfid, is_mhop);
874 if (bfd == NULL) {
875 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
876 "no session found");
877 return;
878 }
879 /*
880 * We may have a situation where received packet is on wrong vrf
881 */
882 if (bfd && bfd->vrf && bfd->vrf != bvrf->vrf) {
883 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
884 "wrong vrfid.");
885 return;
886 }
887
888 /* Ensure that existing good sessions are not overridden. */
889 if (!cp->discrs.remote_discr && bfd->ses_state != PTM_BFD_DOWN &&
890 bfd->ses_state != PTM_BFD_ADM_DOWN) {
891 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
892 "'remote discriminator' is zero, not overridden");
893 return;
894 }
895
896 /*
897 * Multi hop: validate packet TTL.
898 * Single hop: set local address that received the packet.
899 * set peers mac address for echo packets
900 */
901 if (is_mhop) {
902 if (ttl < bfd->mh_ttl) {
903 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
904 "exceeded max hop count (expected %d, got %d)",
905 bfd->mh_ttl, ttl);
906 return;
907 }
908 } else {
909
910 if (bfd->local_address.sa_sin.sin_family == AF_UNSPEC)
911 bfd->local_address = local;
912 #ifdef BFD_LINUX
913 if (ifp)
914 bfd_peer_mac_set(sd, bfd, &peer, ifp);
915 #endif
916 }
917
918 bfd->stats.rx_ctrl_pkt++;
919
920 /*
921 * If no interface was detected, save the interface where the
922 * packet came in.
923 */
924 if (!is_mhop && bfd->ifp == NULL)
925 bfd->ifp = ifp;
926
927 /* Log remote discriminator changes. */
928 if ((bfd->discrs.remote_discr != 0)
929 && (bfd->discrs.remote_discr != ntohl(cp->discrs.my_discr)))
930 cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
931 "remote discriminator mismatch (expected %u, got %u)",
932 bfd->discrs.remote_discr, ntohl(cp->discrs.my_discr));
933
934 bfd->discrs.remote_discr = ntohl(cp->discrs.my_discr);
935
936 /* Save remote diagnostics before state switch. */
937 bfd->remote_diag = cp->diag & BFD_DIAGMASK;
938
939 /* Update remote timers settings. */
940 bfd->remote_timers.desired_min_tx = ntohl(cp->timers.desired_min_tx);
941 bfd->remote_timers.required_min_rx = ntohl(cp->timers.required_min_rx);
942 bfd->remote_timers.required_min_echo =
943 ntohl(cp->timers.required_min_echo);
944 bfd->remote_detect_mult = cp->detect_mult;
945
946 if (BFD_GETCBIT(cp->flags))
947 bfd->remote_cbit = 1;
948 else
949 bfd->remote_cbit = 0;
950
951 /* State switch from section 6.2. */
952 bs_state_handler(bfd, BFD_GETSTATE(cp->flags));
953
954 /* RFC 5880, Section 6.5: handle POLL/FINAL negotiation sequence. */
955 if (bfd->polling && BFD_GETFBIT(cp->flags)) {
956 /* Disable polling. */
957 bfd->polling = 0;
958
959 /* Handle poll finalization. */
960 bs_final_handler(bfd);
961 }
962
963 /*
964 * Detection timeout calculation:
965 * The minimum detection timeout is the remote detection
966 * multipler (number of packets to be missed) times the agreed
967 * transmission interval.
968 *
969 * RFC 5880, Section 6.8.4.
970 */
971 if (bfd->cur_timers.required_min_rx > bfd->remote_timers.desired_min_tx)
972 bfd->detect_TO = bfd->remote_detect_mult
973 * bfd->cur_timers.required_min_rx;
974 else
975 bfd->detect_TO = bfd->remote_detect_mult
976 * bfd->remote_timers.desired_min_tx;
977
978 /* Apply new receive timer immediately. */
979 bfd_recvtimer_update(bfd);
980
981 /* Handle echo timers changes. */
982 bs_echo_timer_handler(bfd);
983
984 /*
985 * We've received a packet with the POLL bit set, we must send
986 * a control packet back with the FINAL bit set.
987 *
988 * RFC 5880, Section 6.5.
989 */
990 if (BFD_GETPBIT(cp->flags)) {
991 /* We are finalizing a poll negotiation. */
992 bs_final_handler(bfd);
993
994 /* Send the control packet with the final bit immediately. */
995 ptm_bfd_snd(bfd, 1);
996 }
997 }
998
999 /*
1000 * bp_bfd_echo_in: proccesses an BFD echo packet. On TTL == BFD_TTL_VAL
1001 * the packet is looped back or returns the my discriminator ID along
1002 * with the TTL.
1003 *
1004 * Returns -1 on error or loopback or 0 on success.
1005 */
1006 int bp_bfd_echo_in(struct bfd_vrf_global *bvrf, int sd,
1007 uint8_t *ttl, uint32_t *my_discr)
1008 {
1009 struct bfd_echo_pkt *bep;
1010 ssize_t rlen;
1011 struct sockaddr_any local, peer;
1012 ifindex_t ifindex = IFINDEX_INTERNAL;
1013 vrf_id_t vrfid = VRF_DEFAULT;
1014 uint8_t msgbuf[1516];
1015 size_t bfd_offset = 0;
1016
1017 if (sd == bvrf->bg_echo) {
1018 #ifdef BFD_LINUX
1019 rlen = bfd_recv_ipv4_fp(sd, msgbuf, sizeof(msgbuf), ttl,
1020 &ifindex, &local, &peer);
1021
1022 /* silently drop echo packet that is looped in fastpath but
1023 * still comes up to BFD
1024 */
1025 if (rlen == -1)
1026 return -1;
1027 bfd_offset = sizeof(struct udphdr) + sizeof(struct iphdr) +
1028 sizeof(struct ethhdr);
1029 #else
1030 rlen = bfd_recv_ipv4(sd, msgbuf, sizeof(msgbuf), ttl, &ifindex,
1031 &local, &peer);
1032 bfd_offset = 0;
1033 #endif
1034 } else {
1035 rlen = bfd_recv_ipv6(sd, msgbuf, sizeof(msgbuf), ttl, &ifindex,
1036 &local, &peer);
1037 bfd_offset = 0;
1038 }
1039
1040 /* Short packet, better not risk reading it. */
1041 if (rlen < (ssize_t)sizeof(*bep)) {
1042 cp_debug(false, &peer, &local, ifindex, vrfid,
1043 "small echo packet");
1044 return -1;
1045 }
1046
1047 /* Test for loopback for ipv6, ipv4 is looped in forwarding plane */
1048 if ((*ttl == BFD_TTL_VAL) && (sd == bvrf->bg_echov6)) {
1049 bp_udp_send(sd, *ttl - 1, msgbuf, rlen,
1050 (struct sockaddr *)&peer,
1051 (sd == bvrf->bg_echo) ? sizeof(peer.sa_sin)
1052 : sizeof(peer.sa_sin6));
1053 return -1;
1054 }
1055
1056 /* Read my discriminator from BFD Echo packet. */
1057 bep = (struct bfd_echo_pkt *)(msgbuf + bfd_offset);
1058 *my_discr = ntohl(bep->my_discr);
1059 if (*my_discr == 0) {
1060 cp_debug(false, &peer, &local, ifindex, vrfid,
1061 "invalid echo packet discriminator (zero)");
1062 return -1;
1063 }
1064
1065 return 0;
1066 }
1067
1068 #ifdef BFD_LINUX
1069 /*
1070 * send a bfd packet with src/dst same IP so that the peer will receive
1071 * the packet and forward it back to sender in the forwarding plane
1072 */
1073 int bp_udp_send_fp(int sd, uint8_t *data, size_t datalen,
1074 struct bfd_session *bfd)
1075 {
1076 ssize_t wlen;
1077 struct msghdr msg;
1078 struct iovec iov[1];
1079 uint8_t msgctl[255];
1080 struct sockaddr_ll sadr_ll;
1081
1082
1083 sadr_ll.sll_ifindex = bfd->ifp->ifindex;
1084 sadr_ll.sll_halen = ETH_ALEN;
1085 memcpy(sadr_ll.sll_addr, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr));
1086 sadr_ll.sll_protocol = htons(ETH_P_IP);
1087
1088 /* Prepare message data. */
1089 iov[0].iov_base = data;
1090 iov[0].iov_len = datalen;
1091
1092 memset(&msg, 0, sizeof(msg));
1093 memset(msgctl, 0, sizeof(msgctl));
1094 msg.msg_name = &sadr_ll;
1095 msg.msg_namelen = sizeof(sadr_ll);
1096 msg.msg_iov = iov;
1097 msg.msg_iovlen = 1;
1098
1099 /* Send echo to peer */
1100 wlen = sendmsg(sd, &msg, 0);
1101
1102 if (wlen <= 0) {
1103 if (bglobal.debug_network)
1104 zlog_debug("udp-send: loopback failure: (%d) %s", errno,
1105 strerror(errno));
1106 return -1;
1107 } else if (wlen < (ssize_t)datalen) {
1108 if (bglobal.debug_network)
1109 zlog_debug("udp-send: partial send: %zd expected %zu",
1110 wlen, datalen);
1111 return -1;
1112 }
1113
1114 return 0;
1115 }
1116 #endif
1117
1118 int bp_udp_send(int sd, uint8_t ttl, uint8_t *data, size_t datalen,
1119 struct sockaddr *to, socklen_t tolen)
1120 {
1121 struct cmsghdr *cmsg;
1122 ssize_t wlen;
1123 int ttlval = ttl;
1124 bool is_ipv6 = to->sa_family == AF_INET6;
1125 struct msghdr msg;
1126 struct iovec iov[1];
1127 uint8_t msgctl[255];
1128
1129 /* Prepare message data. */
1130 iov[0].iov_base = data;
1131 iov[0].iov_len = datalen;
1132
1133 memset(&msg, 0, sizeof(msg));
1134 memset(msgctl, 0, sizeof(msgctl));
1135 msg.msg_name = to;
1136 msg.msg_namelen = tolen;
1137 msg.msg_iov = iov;
1138 msg.msg_iovlen = 1;
1139
1140 /* Prepare the packet TTL information. */
1141 if (ttl > 0) {
1142 /* Use ancillary data. */
1143 msg.msg_control = msgctl;
1144 msg.msg_controllen = CMSG_LEN(sizeof(ttlval));
1145
1146 /* Configure the ancillary data. */
1147 cmsg = CMSG_FIRSTHDR(&msg);
1148 cmsg->cmsg_len = CMSG_LEN(sizeof(ttlval));
1149 if (is_ipv6) {
1150 cmsg->cmsg_level = IPPROTO_IPV6;
1151 cmsg->cmsg_type = IPV6_HOPLIMIT;
1152 } else {
1153 #ifdef BFD_LINUX
1154 cmsg->cmsg_level = IPPROTO_IP;
1155 cmsg->cmsg_type = IP_TTL;
1156 #else
1157 /* FreeBSD does not support TTL in ancillary data. */
1158 msg.msg_control = NULL;
1159 msg.msg_controllen = 0;
1160
1161 bp_set_ttl(sd, ttl);
1162 #endif /* BFD_BSD */
1163 }
1164 memcpy(CMSG_DATA(cmsg), &ttlval, sizeof(ttlval));
1165 }
1166
1167 /* Send echo back. */
1168 wlen = sendmsg(sd, &msg, 0);
1169 if (wlen <= 0) {
1170 if (bglobal.debug_network)
1171 zlog_debug("udp-send: loopback failure: (%d) %s", errno,
1172 strerror(errno));
1173 return -1;
1174 } else if (wlen < (ssize_t)datalen) {
1175 if (bglobal.debug_network)
1176 zlog_debug("udp-send: partial send: %zd expected %zu",
1177 wlen, datalen);
1178 return -1;
1179 }
1180
1181 return 0;
1182 }
1183
1184
1185 /*
1186 * Sockets creation.
1187 */
1188
1189
1190 /*
1191 * IPv4 sockets
1192 */
1193 int bp_set_ttl(int sd, uint8_t value)
1194 {
1195 int ttl = value;
1196
1197 if (setsockopt(sd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) == -1) {
1198 zlog_warn("set-ttl: setsockopt(IP_TTL, %d): %s", value,
1199 strerror(errno));
1200 return -1;
1201 }
1202
1203 return 0;
1204 }
1205
1206 int bp_set_tos(int sd, uint8_t value)
1207 {
1208 int tos = value;
1209
1210 if (setsockopt(sd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) {
1211 zlog_warn("set-tos: setsockopt(IP_TOS, %d): %s", value,
1212 strerror(errno));
1213 return -1;
1214 }
1215
1216 return 0;
1217 }
1218
1219 static bool bp_set_reuse_addr(int sd)
1220 {
1221 int one = 1;
1222
1223 if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) == -1) {
1224 zlog_warn("set-reuse-addr: setsockopt(SO_REUSEADDR, %d): %s",
1225 one, strerror(errno));
1226 return false;
1227 }
1228 return true;
1229 }
1230
1231 static bool bp_set_reuse_port(int sd)
1232 {
1233 int one = 1;
1234
1235 if (setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) == -1) {
1236 zlog_warn("set-reuse-port: setsockopt(SO_REUSEPORT, %d): %s",
1237 one, strerror(errno));
1238 return false;
1239 }
1240 return true;
1241 }
1242
1243
1244 static void bp_set_ipopts(int sd)
1245 {
1246 int rcvttl = BFD_RCV_TTL_VAL;
1247
1248 if (!bp_set_reuse_addr(sd))
1249 zlog_fatal("set-reuse-addr: failed");
1250
1251 if (!bp_set_reuse_port(sd))
1252 zlog_fatal("set-reuse-port: failed");
1253
1254 if (bp_set_ttl(sd, BFD_TTL_VAL) != 0)
1255 zlog_fatal("set-ipopts: TTL configuration failed");
1256
1257 if (setsockopt(sd, IPPROTO_IP, IP_RECVTTL, &rcvttl, sizeof(rcvttl))
1258 == -1)
1259 zlog_fatal("set-ipopts: setsockopt(IP_RECVTTL, %d): %s", rcvttl,
1260 strerror(errno));
1261
1262 #ifdef BFD_LINUX
1263 int pktinfo = BFD_PKT_INFO_VAL;
1264
1265 /* Figure out address and interface to do the peer matching. */
1266 if (setsockopt(sd, IPPROTO_IP, IP_PKTINFO, &pktinfo, sizeof(pktinfo))
1267 == -1)
1268 zlog_fatal("set-ipopts: setsockopt(IP_PKTINFO, %d): %s",
1269 pktinfo, strerror(errno));
1270 #endif /* BFD_LINUX */
1271 #ifdef BFD_BSD
1272 int yes = 1;
1273
1274 /* Find out our address for peer matching. */
1275 if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR, &yes, sizeof(yes)) == -1)
1276 zlog_fatal("set-ipopts: setsockopt(IP_RECVDSTADDR, %d): %s",
1277 yes, strerror(errno));
1278
1279 /* Find out interface where the packet came in. */
1280 if (setsockopt_ifindex(AF_INET, sd, yes) == -1)
1281 zlog_fatal("set-ipopts: setsockopt_ipv4_ifindex(%d): %s", yes,
1282 strerror(errno));
1283 #endif /* BFD_BSD */
1284 }
1285
1286 static void bp_bind_ip(int sd, uint16_t port)
1287 {
1288 struct sockaddr_in sin;
1289
1290 memset(&sin, 0, sizeof(sin));
1291 sin.sin_family = AF_INET;
1292 sin.sin_addr.s_addr = htonl(INADDR_ANY);
1293 sin.sin_port = htons(port);
1294 if (bind(sd, (struct sockaddr *)&sin, sizeof(sin)) == -1)
1295 zlog_fatal("bind-ip: bind: %s", strerror(errno));
1296 }
1297
1298 int bp_udp_shop(const struct vrf *vrf)
1299 {
1300 int sd;
1301
1302 frr_with_privs(&bglobal.bfdd_privs) {
1303 sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
1304 vrf->name);
1305 }
1306 if (sd == -1)
1307 zlog_fatal("udp-shop: socket: %s", strerror(errno));
1308
1309 bp_set_ipopts(sd);
1310 bp_bind_ip(sd, BFD_DEFDESTPORT);
1311 return sd;
1312 }
1313
1314 int bp_udp_mhop(const struct vrf *vrf)
1315 {
1316 int sd;
1317
1318 frr_with_privs(&bglobal.bfdd_privs) {
1319 sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
1320 vrf->name);
1321 }
1322 if (sd == -1)
1323 zlog_fatal("udp-mhop: socket: %s", strerror(errno));
1324
1325 bp_set_ipopts(sd);
1326 bp_bind_ip(sd, BFD_DEF_MHOP_DEST_PORT);
1327
1328 return sd;
1329 }
1330
1331 int bp_peer_socket(const struct bfd_session *bs)
1332 {
1333 int sd, pcount;
1334 struct sockaddr_in sin;
1335 static int srcPort = BFD_SRCPORTINIT;
1336 const char *device_to_bind = NULL;
1337
1338 if (bs->key.ifname[0])
1339 device_to_bind = (const char *)bs->key.ifname;
1340 else if ((!vrf_is_backend_netns() && bs->vrf->vrf_id != VRF_DEFAULT)
1341 || ((CHECK_FLAG(bs->flags, BFD_SESS_FLAG_MH)
1342 && bs->key.vrfname[0])))
1343 device_to_bind = (const char *)bs->key.vrfname;
1344
1345 frr_with_privs(&bglobal.bfdd_privs) {
1346 sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC,
1347 bs->vrf->vrf_id, device_to_bind);
1348 }
1349 if (sd == -1) {
1350 zlog_err("ipv4-new: failed to create socket: %s",
1351 strerror(errno));
1352 return -1;
1353 }
1354
1355 /* Set TTL to 255 for all transmitted packets */
1356 if (bp_set_ttl(sd, BFD_TTL_VAL) != 0) {
1357 close(sd);
1358 return -1;
1359 }
1360
1361 /* Set TOS to CS6 for all transmitted packets */
1362 if (bp_set_tos(sd, BFD_TOS_VAL) != 0) {
1363 close(sd);
1364 return -1;
1365 }
1366
1367 /* Find an available source port in the proper range */
1368 memset(&sin, 0, sizeof(sin));
1369 sin.sin_family = AF_INET;
1370 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
1371 sin.sin_len = sizeof(sin);
1372 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
1373 memcpy(&sin.sin_addr, &bs->key.local, sizeof(sin.sin_addr));
1374 if (CHECK_FLAG(bs->flags, BFD_SESS_FLAG_MH) == 0)
1375 sin.sin_addr.s_addr = INADDR_ANY;
1376
1377 pcount = 0;
1378 do {
1379 if ((++pcount) > (BFD_SRCPORTMAX - BFD_SRCPORTINIT)) {
1380 /* Searched all ports, none available */
1381 zlog_err("ipv4-new: failed to bind port: %s",
1382 strerror(errno));
1383 close(sd);
1384 return -1;
1385 }
1386 if (srcPort >= BFD_SRCPORTMAX)
1387 srcPort = BFD_SRCPORTINIT;
1388 sin.sin_port = htons(srcPort++);
1389 } while (bind(sd, (struct sockaddr *)&sin, sizeof(sin)) < 0);
1390
1391 return sd;
1392 }
1393
1394
1395 /*
1396 * IPv6 sockets
1397 */
1398
1399 int bp_peer_socketv6(const struct bfd_session *bs)
1400 {
1401 int sd, pcount;
1402 struct sockaddr_in6 sin6;
1403 static int srcPort = BFD_SRCPORTINIT;
1404 const char *device_to_bind = NULL;
1405
1406 if (bs->key.ifname[0])
1407 device_to_bind = (const char *)bs->key.ifname;
1408 else if ((!vrf_is_backend_netns() && bs->vrf->vrf_id != VRF_DEFAULT)
1409 || ((CHECK_FLAG(bs->flags, BFD_SESS_FLAG_MH)
1410 && bs->key.vrfname[0])))
1411 device_to_bind = (const char *)bs->key.vrfname;
1412
1413 frr_with_privs(&bglobal.bfdd_privs) {
1414 sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC,
1415 bs->vrf->vrf_id, device_to_bind);
1416 }
1417 if (sd == -1) {
1418 zlog_err("ipv6-new: failed to create socket: %s",
1419 strerror(errno));
1420 return -1;
1421 }
1422
1423 /* Set TTL to 255 for all transmitted packets */
1424 if (bp_set_ttlv6(sd, BFD_TTL_VAL) != 0) {
1425 close(sd);
1426 return -1;
1427 }
1428
1429 /* Set TOS to CS6 for all transmitted packets */
1430 if (bp_set_tosv6(sd, BFD_TOS_VAL) != 0) {
1431 close(sd);
1432 return -1;
1433 }
1434
1435 /* Find an available source port in the proper range */
1436 memset(&sin6, 0, sizeof(sin6));
1437 sin6.sin6_family = AF_INET6;
1438 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
1439 sin6.sin6_len = sizeof(sin6);
1440 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
1441 memcpy(&sin6.sin6_addr, &bs->key.local, sizeof(sin6.sin6_addr));
1442 if (bs->ifp && IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr))
1443 sin6.sin6_scope_id = bs->ifp->ifindex;
1444
1445 pcount = 0;
1446 do {
1447 if ((++pcount) > (BFD_SRCPORTMAX - BFD_SRCPORTINIT)) {
1448 /* Searched all ports, none available */
1449 zlog_err("ipv6-new: failed to bind port: %s",
1450 strerror(errno));
1451 close(sd);
1452 return -1;
1453 }
1454 if (srcPort >= BFD_SRCPORTMAX)
1455 srcPort = BFD_SRCPORTINIT;
1456 sin6.sin6_port = htons(srcPort++);
1457 } while (bind(sd, (struct sockaddr *)&sin6, sizeof(sin6)) < 0);
1458
1459 return sd;
1460 }
1461
1462 int bp_set_ttlv6(int sd, uint8_t value)
1463 {
1464 int ttl = value;
1465
1466 if (setsockopt(sd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))
1467 == -1) {
1468 zlog_warn("set-ttlv6: setsockopt(IPV6_UNICAST_HOPS, %d): %s",
1469 value, strerror(errno));
1470 return -1;
1471 }
1472
1473 return 0;
1474 }
1475
1476 int bp_set_tosv6(int sd, uint8_t value)
1477 {
1478 int tos = value;
1479
1480 if (setsockopt(sd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos))
1481 == -1) {
1482 zlog_warn("set-tosv6: setsockopt(IPV6_TCLASS, %d): %s", value,
1483 strerror(errno));
1484 return -1;
1485 }
1486
1487 return 0;
1488 }
1489
1490 static void bp_set_ipv6opts(int sd)
1491 {
1492 int ipv6_pktinfo = BFD_IPV6_PKT_INFO_VAL;
1493 int ipv6_only = BFD_IPV6_ONLY_VAL;
1494
1495 if (!bp_set_reuse_addr(sd))
1496 zlog_fatal("set-reuse-addr: failed");
1497
1498 if (!bp_set_reuse_port(sd))
1499 zlog_fatal("set-reuse-port: failed");
1500
1501 if (bp_set_ttlv6(sd, BFD_TTL_VAL) == -1)
1502 zlog_fatal(
1503 "set-ipv6opts: setsockopt(IPV6_UNICAST_HOPS, %d): %s",
1504 BFD_TTL_VAL, strerror(errno));
1505
1506 if (setsockopt_ipv6_hoplimit(sd, BFD_RCV_TTL_VAL) == -1)
1507 zlog_fatal("set-ipv6opts: setsockopt(IPV6_HOPLIMIT, %d): %s",
1508 BFD_RCV_TTL_VAL, strerror(errno));
1509
1510 if (setsockopt_ipv6_pktinfo(sd, ipv6_pktinfo) == -1)
1511 zlog_fatal("set-ipv6opts: setsockopt(IPV6_PKTINFO, %d): %s",
1512 ipv6_pktinfo, strerror(errno));
1513
1514 if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, &ipv6_only,
1515 sizeof(ipv6_only))
1516 == -1)
1517 zlog_fatal("set-ipv6opts: setsockopt(IPV6_V6ONLY, %d): %s",
1518 ipv6_only, strerror(errno));
1519 }
1520
1521 static void bp_bind_ipv6(int sd, uint16_t port)
1522 {
1523 struct sockaddr_in6 sin6;
1524
1525 memset(&sin6, 0, sizeof(sin6));
1526 sin6.sin6_family = AF_INET6;
1527 sin6.sin6_addr = in6addr_any;
1528 sin6.sin6_port = htons(port);
1529 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
1530 sin6.sin6_len = sizeof(sin6);
1531 #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
1532 if (bind(sd, (struct sockaddr *)&sin6, sizeof(sin6)) == -1)
1533 zlog_fatal("bind-ipv6: bind: %s", strerror(errno));
1534 }
1535
1536 int bp_udp6_shop(const struct vrf *vrf)
1537 {
1538 int sd;
1539
1540 frr_with_privs(&bglobal.bfdd_privs) {
1541 sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
1542 vrf->name);
1543 }
1544 if (sd == -1) {
1545 if (errno != EAFNOSUPPORT)
1546 zlog_fatal("udp6-shop: socket: %s", strerror(errno));
1547 else
1548 zlog_warn("udp6-shop: V6 is not supported, continuing");
1549
1550 return -1;
1551 }
1552
1553 bp_set_ipv6opts(sd);
1554 bp_bind_ipv6(sd, BFD_DEFDESTPORT);
1555
1556 return sd;
1557 }
1558
1559 int bp_udp6_mhop(const struct vrf *vrf)
1560 {
1561 int sd;
1562
1563 frr_with_privs(&bglobal.bfdd_privs) {
1564 sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
1565 vrf->name);
1566 }
1567 if (sd == -1) {
1568 if (errno != EAFNOSUPPORT)
1569 zlog_fatal("udp6-mhop: socket: %s", strerror(errno));
1570 else
1571 zlog_warn("udp6-mhop: V6 is not supported, continuing");
1572
1573 return -1;
1574 }
1575
1576 bp_set_ipv6opts(sd);
1577 bp_bind_ipv6(sd, BFD_DEF_MHOP_DEST_PORT);
1578
1579 return sd;
1580 }
1581
1582 #ifdef BFD_LINUX
1583 /* tcpdump -dd udp dst port 3785 */
1584 struct sock_filter my_filterudp[] = {
1585 {0x28, 0, 0, 0x0000000c}, {0x15, 0, 8, 0x00000800},
1586 {0x30, 0, 0, 0x00000017}, {0x15, 0, 6, 0x00000011},
1587 {0x28, 0, 0, 0x00000014}, {0x45, 4, 0, 0x00001fff},
1588 {0xb1, 0, 0, 0x0000000e}, {0x48, 0, 0, 0x00000010},
1589 {0x15, 0, 1, 0x00000ec9}, {0x6, 0, 0, 0x00040000},
1590 {0x6, 0, 0, 0x00000000},
1591 };
1592
1593 #define MY_FILTER_LENGTH 11
1594
1595 int bp_echo_socket(const struct vrf *vrf)
1596 {
1597 int s;
1598
1599 frr_with_privs (&bglobal.bfdd_privs) {
1600 s = vrf_socket(AF_PACKET, SOCK_RAW, ETH_P_IP, vrf->vrf_id,
1601 vrf->name);
1602 }
1603
1604 if (s == -1)
1605 zlog_fatal("echo-socket: socket: %s", strerror(errno));
1606
1607 struct sock_fprog pf;
1608 struct sockaddr_ll sll;
1609
1610 /* adjust filter for socket to only receive ECHO packets */
1611 pf.filter = my_filterudp;
1612 pf.len = MY_FILTER_LENGTH;
1613 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) ==
1614 -1) {
1615 zlog_warn("%s: setsockopt(SO_ATTACH_FILTER): %s", __func__,
1616 strerror(errno));
1617 close(s);
1618 return -1;
1619 }
1620
1621 memset(&sll, 0, sizeof(sll));
1622 sll.sll_family = AF_PACKET;
1623 sll.sll_protocol = htons(ETH_P_IP);
1624 sll.sll_ifindex = 0;
1625 if (bind(s, (struct sockaddr *)&sll, sizeof(sll)) < 0) {
1626 zlog_warn("Failed to bind echo socket: %s",
1627 safe_strerror(errno));
1628 close(s);
1629 return -1;
1630 }
1631
1632 return s;
1633 }
1634 #else
1635 int bp_echo_socket(const struct vrf *vrf)
1636 {
1637 int s;
1638
1639 frr_with_privs(&bglobal.bfdd_privs) {
1640 s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name);
1641 }
1642 if (s == -1)
1643 zlog_fatal("echo-socket: socket: %s", strerror(errno));
1644
1645 bp_set_ipopts(s);
1646 bp_bind_ip(s, BFD_DEF_ECHO_PORT);
1647
1648 return s;
1649 }
1650 #endif
1651
1652 int bp_echov6_socket(const struct vrf *vrf)
1653 {
1654 int s;
1655
1656 frr_with_privs(&bglobal.bfdd_privs) {
1657 s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name);
1658 }
1659 if (s == -1) {
1660 if (errno != EAFNOSUPPORT)
1661 zlog_fatal("echov6-socket: socket: %s",
1662 strerror(errno));
1663 else
1664 zlog_warn("echov6-socket: V6 is not supported, continuing");
1665
1666 return -1;
1667 }
1668
1669 bp_set_ipv6opts(s);
1670 bp_bind_ipv6(s, BFD_DEF_ECHO_PORT);
1671
1672 return s;
1673 }
1674
1675 #ifdef BFD_LINUX
1676 /* get peer's mac address to be used with Echo packets when they are looped in
1677 * peers forwarding plane
1678 */
1679 void bfd_peer_mac_set(int sd, struct bfd_session *bfd,
1680 struct sockaddr_any *peer, struct interface *ifp)
1681 {
1682 struct arpreq arpreq_;
1683
1684 if (CHECK_FLAG(bfd->flags, BFD_SESS_FLAG_MAC_SET))
1685 return;
1686 if (ifp->flags & IFF_NOARP)
1687 return;
1688
1689 if (peer->sa_sin.sin_family == AF_INET) {
1690 /* IPV4 */
1691 struct sockaddr_in *addr =
1692 (struct sockaddr_in *)&arpreq_.arp_pa;
1693
1694 memset(&arpreq_, 0, sizeof(struct arpreq));
1695 addr->sin_family = AF_INET;
1696 memcpy(&addr->sin_addr.s_addr, &peer->sa_sin.sin_addr,
1697 sizeof(addr->sin_addr));
1698 strlcpy(arpreq_.arp_dev, ifp->name, sizeof(arpreq_.arp_dev));
1699
1700 if (ioctl(sd, SIOCGARP, &arpreq_) < 0) {
1701 zlog_warn(
1702 "BFD: getting peer's mac on %s failed error %s",
1703 ifp->name, strerror(errno));
1704 UNSET_FLAG(bfd->flags, BFD_SESS_FLAG_MAC_SET);
1705 memset(bfd->peer_hw_addr, 0, sizeof(bfd->peer_hw_addr));
1706
1707 } else {
1708 memcpy(bfd->peer_hw_addr, arpreq_.arp_ha.sa_data,
1709 sizeof(bfd->peer_hw_addr));
1710 SET_FLAG(bfd->flags, BFD_SESS_FLAG_MAC_SET);
1711 }
1712 }
1713 }
1714 #endif
FRRouting mirror