0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

BFD: Set password per session

This commit is contained in:
Katerina Kubecova 2024-04-11 14:53:39 +02:00 committed by Ondrej Zajicek
parent 13c10ee062
commit e6dbde6883
5 changed files with 37 additions and 5 deletions

View File

@ -21,6 +21,8 @@ struct bfd_options {
u8 passive;
u8 passive_set;
u8 mode;
u8 auth_type; /* Authentication type (BFD_AUTH_*) */
list *passwords; /* Passwords for authentication */
};
struct bfd_request {

View File

@ -612,6 +612,8 @@ bfd_item:
| MULTIPLIER expr { this_bfd_opts->multiplier = $2; }
| PASSIVE bool { this_bfd_opts->passive = $2; this_bfd_opts->passive_set = 1; }
| GRACEFUL { this_bfd_opts->mode = BGP_BFD_GRACEFUL; }
| AUTHENTICATION bfd_auth_type { this_bfd_opts->auth_type = $2; }
| password_list {}
;
bfd_items:
@ -619,10 +621,34 @@ bfd_items:
| bfd_items bfd_item ';'
;
bfd_opts_start:
{ reset_passwords(); } ;
bfd_opts_end:
{
this_bfd_opts->passwords = get_passwords();
if (!this_bfd_opts->auth_type != !this_bfd_opts->passwords)
cf_warn("Authentication and password options should be used together");
if (this_bfd_opts->passwords)
{
struct password_item *pass;
WALK_LIST(pass, *this_bfd_opts->passwords)
{
if (pass->alg)
cf_error("Password algorithm option not available in BFD protocol");
pass->alg = bfd_auth_type_to_hash_alg[this_bfd_opts->auth_type];
}
}
};
bfd_opts:
'{' bfd_items '}'
bfd_opts_start '{' bfd_items '}' bfd_opts_end
;
/* Core commands */
CF_CLI_HELP(SHOW, ..., [[Show status information]])

View File

@ -174,6 +174,8 @@ bfd_merge_options(const struct bfd_iface_config *cf, const struct bfd_options *o
.idle_tx_int = opts->idle_tx_int ?: cf->idle_tx_int,
.multiplier = opts->multiplier ?: cf->multiplier,
.passive = opts->passive_set ? opts->passive : cf->passive,
.auth_type = opts->auth_type ?: cf->auth_type,
.passwords = opts->passwords ?: cf->passwords,
};
}
@ -1195,7 +1197,7 @@ bfd_show_session(struct bfd_session *s, int details)
const char *ifname = (s->ifa && s->ifa->iface) ? s->ifa->iface->name : "---";
btime tx_int = s->last_tx ? MAX(s->des_min_tx_int, s->rem_min_rx_int) : 0;
btime timeout = (btime) MAX(s->req_min_rx_int, s->rem_min_tx_int) * s->rem_detect_mult;
u8 auth_type = s->ifa->cf->auth_type;
u8 auth_type = s->cf.auth_type;
loc_state = (loc_state < 4) ? loc_state : 0;
rem_state = (rem_state < 4) ? rem_state : 0;

View File

@ -69,6 +69,8 @@ struct bfd_session_config
u32 idle_tx_int;
u8 multiplier;
u8 passive;
u8 auth_type; /* Authentication type (BFD_AUTH_*) */
list *passwords; /* Passwords for authentication */
};
struct bfd_neighbor

View File

@ -109,7 +109,7 @@ const u8 bfd_auth_type_to_hash_alg[] = {
static void
bfd_fill_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt)
{
struct bfd_iface_config *cf = s->ifa->cf;
struct bfd_session_config *cf = &s->cf;
struct password_item *pass = password_find(cf->passwords, 0);
uint meticulous = 0;
@ -179,7 +179,7 @@ bfd_fill_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_c
static int
bfd_check_authentication(struct bfd_proto *p, struct bfd_session *s, struct bfd_ctl_packet *pkt)
{
struct bfd_iface_config *cf = s->ifa->cf;
struct bfd_session_config *cf = &s->cf;
const char *err_dsc = NULL;
uint err_val = 0;
uint auth_type = 0;
@ -306,7 +306,7 @@ bfd_send_ctl(struct bfd_proto *p, struct bfd_session *s, int final)
else if (s->poll_active)
pkt->flags |= BFD_FLAG_POLL;
if (s->ifa->cf->auth_type)
if (s->cf.auth_type)
bfd_fill_authentication(p, s, pkt);
if (sk->tbuf != sk->tpos)