0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 17:51:53 +00:00

BFD: Set password per session

This commit is contained in:
Katerina Kubecova 2024-04-11 14:53:39 +02:00 committed by Ondrej Zajicek
parent 13c10ee062
commit e6dbde6883
5 changed files with 37 additions and 5 deletions

View File

@ -21,6 +21,8 @@ struct bfd_options {
u8 passive; u8 passive;
u8 passive_set; u8 passive_set;
u8 mode; u8 mode;
u8 auth_type; /* Authentication type (BFD_AUTH_*) */
list *passwords; /* Passwords for authentication */
}; };
struct bfd_request { struct bfd_request {

View File

@ -612,6 +612,8 @@ bfd_item:
| MULTIPLIER expr { this_bfd_opts->multiplier = $2; } | MULTIPLIER expr { this_bfd_opts->multiplier = $2; }
| PASSIVE bool { this_bfd_opts->passive = $2; this_bfd_opts->passive_set = 1; } | PASSIVE bool { this_bfd_opts->passive = $2; this_bfd_opts->passive_set = 1; }
| GRACEFUL { this_bfd_opts->mode = BGP_BFD_GRACEFUL; } | GRACEFUL { this_bfd_opts->mode = BGP_BFD_GRACEFUL; }
| AUTHENTICATION bfd_auth_type { this_bfd_opts->auth_type = $2; }
| password_list {}
; ;
bfd_items: bfd_items:
@ -619,10 +621,34 @@ bfd_items:
| bfd_items bfd_item ';' | bfd_items bfd_item ';'
; ;
bfd_opts_start:
{ reset_passwords(); } ;
bfd_opts_end:
{
this_bfd_opts->passwords = get_passwords();
if (!this_bfd_opts->auth_type != !this_bfd_opts->passwords)
cf_warn("Authentication and password options should be used together");
if (this_bfd_opts->passwords)
{
struct password_item *pass;
WALK_LIST(pass, *this_bfd_opts->passwords)
{
if (pass->alg)
cf_error("Password algorithm option not available in BFD protocol");
pass->alg = bfd_auth_type_to_hash_alg[this_bfd_opts->auth_type];
}
}
};
bfd_opts: bfd_opts:
'{' bfd_items '}' bfd_opts_start '{' bfd_items '}' bfd_opts_end
; ;
/* Core commands */ /* Core commands */
CF_CLI_HELP(SHOW, ..., [[Show status information]]) CF_CLI_HELP(SHOW, ..., [[Show status information]])

View File

@ -174,6 +174,8 @@ bfd_merge_options(const struct bfd_iface_config *cf, const struct bfd_options *o
.idle_tx_int = opts->idle_tx_int ?: cf->idle_tx_int, .idle_tx_int = opts->idle_tx_int ?: cf->idle_tx_int,
.multiplier = opts->multiplier ?: cf->multiplier, .multiplier = opts->multiplier ?: cf->multiplier,
.passive = opts->passive_set ? opts->passive : cf->passive, .passive = opts->passive_set ? opts->passive : cf->passive,
.auth_type = opts->auth_type ?: cf->auth_type,
.passwords = opts->passwords ?: cf->passwords,
}; };
} }
@ -1195,7 +1197,7 @@ bfd_show_session(struct bfd_session *s, int details)
const char *ifname = (s->ifa && s->ifa->iface) ? s->ifa->iface->name : "---"; const char *ifname = (s->ifa && s->ifa->iface) ? s->ifa->iface->name : "---";
btime tx_int = s->last_tx ? MAX(s->des_min_tx_int, s->rem_min_rx_int) : 0; btime tx_int = s->last_tx ? MAX(s->des_min_tx_int, s->rem_min_rx_int) : 0;
btime timeout = (btime) MAX(s->req_min_rx_int, s->rem_min_tx_int) * s->rem_detect_mult; btime timeout = (btime) MAX(s->req_min_rx_int, s->rem_min_tx_int) * s->rem_detect_mult;
u8 auth_type = s->ifa->cf->auth_type; u8 auth_type = s->cf.auth_type;
loc_state = (loc_state < 4) ? loc_state : 0; loc_state = (loc_state < 4) ? loc_state : 0;
rem_state = (rem_state < 4) ? rem_state : 0; rem_state = (rem_state < 4) ? rem_state : 0;

View File

@ -69,6 +69,8 @@ struct bfd_session_config
u32 idle_tx_int; u32 idle_tx_int;
u8 multiplier; u8 multiplier;
u8 passive; u8 passive;
u8 auth_type; /* Authentication type (BFD_AUTH_*) */
list *passwords; /* Passwords for authentication */
}; };
struct bfd_neighbor struct bfd_neighbor

View File

@ -109,7 +109,7 @@ const u8 bfd_auth_type_to_hash_alg[] = {
static void static void
bfd_fill_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt) bfd_fill_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt)
{ {
struct bfd_iface_config *cf = s->ifa->cf; struct bfd_session_config *cf = &s->cf;
struct password_item *pass = password_find(cf->passwords, 0); struct password_item *pass = password_find(cf->passwords, 0);
uint meticulous = 0; uint meticulous = 0;
@ -179,7 +179,7 @@ bfd_fill_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_c
static int static int
bfd_check_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt) bfd_check_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt)
{ {
struct bfd_iface_config *cf = s->ifa->cf; struct bfd_session_config *cf = &s->cf;
const char *err_dsc = NULL; const char *err_dsc = NULL;
uint err_val = 0; uint err_val = 0;
uint auth_type = 0; uint auth_type = 0;
@ -306,7 +306,7 @@ bfd_send_ctl(struct bfd_proto *p, struct bfd_session *s, int final)
else if (s->poll_active) else if (s->poll_active)
pkt->flags |= BFD_FLAG_POLL; pkt->flags |= BFD_FLAG_POLL;
if (s->ifa->cf->auth_type) if (s->cf.auth_type)
bfd_fill_authentication(p, s, pkt); bfd_fill_authentication(p, s, pkt);
if (sk->tbuf != sk->tpos) if (sk->tbuf != sk->tpos)