[ovs-dev] [PATCH] BFD: Add check_tnl_key feature to BFD code.

Ethan Jackson ethan at nicira.com
Tue Jul 16 02:28:25 UTC 2013 

Merged, thanks!

Ethan

On Mon, Jul 15, 2013 at 6:58 PM, Pavithra Ramesh <paramesh at vmware.com> wrote:
> This change adds the check_tnl_key functionality for BFD.
> When the feature is enabled, BFD will only accept control
> packets with a tunnel key of 0.
>
> Signed-off-by: Pavithra Ramesh <paramesh at vmware.com>
> ---
>  lib/bfd.c                    |   16 ++++++++++------
>  lib/bfd.h                    |    4 +++-
>  ofproto/ofproto-dpif-xlate.c |    2 +-
>  vswitchd/vswitch.xml         |    6 ++++++
>  4 files changed, 20 insertions(+), 8 deletions(-)
>
> diff --git a/lib/bfd.c b/lib/bfd.c
> index aa1a3f7..c4b6921 100644
> --- a/lib/bfd.c
> +++ b/lib/bfd.c
> @@ -58,10 +58,6 @@ VLOG_DEFINE_THIS_MODULE(bfd);
>   *
>   * - Set TOS/PCP on inner BFD frame, and outer tunnel header when encapped.
>   *
> - * - CFM "check_tnl_key" option equivalent.
> - *
> - * - CFM "fault override" equivalent.
> - *
>   * - Sending BFD messages should be in its own thread/process.
>   *
>   * - Scale testing.  How does it operate when there are large number of bfd
> @@ -182,6 +178,7 @@ struct bfd {
>
>      int ref_cnt;
>      int forwarding_override;      /* Manual override of 'forwarding' status. */
> +    bool check_tnl_key;    /* Verify the tunnel key of inbound packets? */
>  };
>
>  static bool bfd_in_poll(const struct bfd *);
> @@ -287,6 +284,7 @@ bfd_configure(struct bfd *bfd, const char *name,
>          bfd_set_state(bfd, STATE_DOWN, DIAG_NONE);
>      }
>
> +    bfd->check_tnl_key = smap_get_bool(cfg, "check_tnl_key", false);
>      min_tx = smap_get_int(cfg, "min_tx", 100);
>      min_tx = MAX(min_tx, 100);
>      if (bfd->cfg_min_tx != min_tx) {
> @@ -449,13 +447,19 @@ bfd_put_packet(struct bfd *bfd, struct ofpbuf *p,
>  }
>
>  bool
> -bfd_should_process_flow(const struct flow *flow, struct flow_wildcards *wc)
> +bfd_should_process_flow(const struct bfd *bfd,
> +                        const struct flow *flow,
> +                        struct flow_wildcards *wc)
>  {
>      memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
>      memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
> +    if (bfd->check_tnl_key) {
> +        memset(&wc->masks.tunnel.tun_id, 0xff, sizeof wc->masks.tunnel.tun_id);
> +    }
>      return (flow->dl_type == htons(ETH_TYPE_IP)
>              && flow->nw_proto == IPPROTO_UDP
> -            && flow->tp_dst == htons(3784));
> +            && flow->tp_dst == htons(3784)
> +            && (!bfd->check_tnl_key || flow->tunnel.tun_id == htonl(0)));
>  }
>
>  void
> diff --git a/lib/bfd.h b/lib/bfd.h
> index ab854d8..dc720a9 100644
> --- a/lib/bfd.h
> +++ b/lib/bfd.h
> @@ -34,7 +34,9 @@ bool bfd_should_send_packet(const struct bfd *);
>  void bfd_put_packet(struct bfd *bfd, struct ofpbuf *packet,
>                      uint8_t eth_src[6]);
>
> -bool bfd_should_process_flow(const struct flow *, struct flow_wildcards *);
> +bool bfd_should_process_flow(const struct bfd *,
> +                             const struct flow *,
> +                             struct flow_wildcards *);
>  void bfd_process_packet(struct bfd *, const struct flow *,
>                          const struct ofpbuf *);
>
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index 84677a1..0507f8e 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -1193,7 +1193,7 @@ process_special(struct xlate_ctx *ctx, const struct flow *flow,
>              cfm_process_heartbeat(xport->cfm, packet);
>          }
>          return SLOW_CFM;
> -    } else if (xport->bfd && bfd_should_process_flow(flow, wc)) {
> +    } else if (xport->bfd && bfd_should_process_flow(xport->bfd, flow, wc)) {
>          if (packet) {
>              bfd_process_packet(xport->bfd, flow, packet);
>          }
> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
> index 3385912..957b02c 100644
> --- a/vswitchd/vswitch.xml
> +++ b/vswitchd/vswitch.xml
> @@ -1890,6 +1890,12 @@
>            <code>false</code>.
>        </column>
>
> +      <column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
> +          When set to true, Check Tunnel Key will make BFD only accept control
> +          messages with an <code>in_key</code> of zero. Defaults to
> +          <code>false</code>.
> +      </column>
> +
>        <column name="bfd_status" key="state"
>            type='{"type": "string",
>            "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
X-CudaMail-Whitelist-To: dev at openvswitch.org

More information about the dev mailing list