BFD

BFD Control packet parser/serializer

[RFC 5880] BFD Control packet format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Vers |  Diag   |Sta|P|F|C|A|D|M|  Detect Mult  |    Length     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       My Discriminator                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Your Discriminator                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Desired Min TX Interval                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   Required Min RX Interval                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                 Required Min Echo RX Interval                 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

An optional Authentication Section MAY be present in the following format of types:

  1. Format of Simple Password Authentication Section:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Auth Type   |   Auth Len    |  Auth Key ID  |  Password...  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              ...                              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
  2. Format of Keyed MD5 and Meticulous Keyed MD5 Authentication Section:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Auth Type   |   Auth Len    |  Auth Key ID  |   Reserved    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Sequence Number                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Auth Key/Digest...                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              ...                              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
  3. Format of Keyed SHA1 and Meticulous Keyed SHA1 Authentication Section:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Auth Type   |   Auth Len    |  Auth Key ID  |   Reserved    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Sequence Number                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Auth Key/Hash...                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              ...                              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
class os_ken.lib.packet.bfd.BFDAuth(auth_len=None)

Base class of BFD (RFC 5880) Authentication Section

An instance has the following attributes at least. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

The authentication type in use.

auth_len

The length, in bytes, of the authentication section, including the auth_type and auth_len fields.

classmethod parser_hdr(buf)

Parser for common part of authentication section.

serialize_hdr()

Serialization function for common part of authentication section.

class os_ken.lib.packet.bfd.KeyedMD5(auth_key_id, seq, auth_key=None, digest=None, auth_len=None)

BFD (RFC 5880) Keyed MD5 Authentication Section class

An instance has the following attributes. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

(Fixed) The authentication type in use.

auth_key_id

The authentication Key ID in use.

seq

The sequence number for this packet. This value is incremented occasionally.

auth_key

The shared MD5 key for this packet.

digest

(Optional) The 16-byte MD5 digest for the packet.

auth_len

(Fixed) The length of the authentication section is 24 bytes.

authenticate(prev, auth_keys=None)

Authenticate the MD5 digest for this packet.

This method can be invoked only when self.digest is defined.

Returns a boolean indicates whether the digest can be authenticated by the correspondent Auth Key or not.

prev is a bfd instance for the BFD Control header which this authentication section belongs to. It's necessary to be assigned because an MD5 digest must be calculated over the entire BFD Control packet.

auth_keys is a dictionary of authentication key chain which key is an integer of Auth Key ID and value is a string of Auth Key.

serialize(payload, prev)

Encode a Keyed MD5 Authentication Section.

This method is used only when encoding an BFD Control packet.

payload is the rest of the packet which will immediately follow this section.

prev is a bfd instance for the BFD Control header which this authentication section belongs to. It's necessary to be assigned because an MD5 digest must be calculated over the entire BFD Control packet.

class os_ken.lib.packet.bfd.KeyedSHA1(auth_key_id, seq, auth_key=None, auth_hash=None, auth_len=None)

BFD (RFC 5880) Keyed SHA1 Authentication Section class

An instance has the following attributes. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

(Fixed) The authentication type in use.

auth_key_id

The authentication Key ID in use.

seq

The sequence number for this packet. This value is incremented occasionally.

auth_key

The shared SHA1 key for this packet.

auth_hash

(Optional) The 20-byte SHA1 hash for the packet.

auth_len

(Fixed) The length of the authentication section is 28 bytes.

authenticate(prev, auth_keys=None)

Authenticate the SHA1 hash for this packet.

This method can be invoked only when self.auth_hash is defined.

Returns a boolean indicates whether the hash can be authenticated by the correspondent Auth Key or not.

prev is a bfd instance for the BFD Control header which this authentication section belongs to. It's necessary to be assigned because an SHA1 hash must be calculated over the entire BFD Control packet.

auth_keys is a dictionary of authentication key chain which key is an integer of Auth Key ID and value is a string of Auth Key.

serialize(payload, prev)

Encode a Keyed SHA1 Authentication Section.

This method is used only when encoding an BFD Control packet.

payload is the rest of the packet which will immediately follow this section.

prev is a bfd instance for the BFD Control header which this authentication section belongs to. It's necessary to be assigned because an SHA1 hash must be calculated over the entire BFD Control packet.

class os_ken.lib.packet.bfd.MeticulousKeyedMD5(auth_key_id, seq, auth_key=None, digest=None, auth_len=None)

BFD (RFC 5880) Meticulous Keyed MD5 Authentication Section class

All methods of this class are inherited from KeyedMD5.

An instance has the following attributes. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

(Fixed) The authentication type in use.

auth_key_id

The authentication Key ID in use.

seq

The sequence number for this packet. This value is incremented for each successive packet transmitted for a session.

auth_key

The shared MD5 key for this packet.

digest

(Optional) The 16-byte MD5 digest for the packet.

auth_len

(Fixed) The length of the authentication section is 24 bytes.

class os_ken.lib.packet.bfd.MeticulousKeyedSHA1(auth_key_id, seq, auth_key=None, auth_hash=None, auth_len=None)

BFD (RFC 5880) Meticulous Keyed SHA1 Authentication Section class

All methods of this class are inherited from KeyedSHA1.

An instance has the following attributes. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

(Fixed) The authentication type in use.

auth_key_id

The authentication Key ID in use.

seq

The sequence number for this packet. This value is incremented for each successive packet transmitted for a session.

auth_key

The shared SHA1 key for this packet.

auth_hash

(Optional) The 20-byte SHA1 hash for the packet.

auth_len

(Fixed) The length of the authentication section is 28 bytes.

class os_ken.lib.packet.bfd.SimplePassword(auth_key_id, password, auth_len=None)

BFD (RFC 5880) Simple Password Authentication Section class

An instance has the following attributes. Most of them are same to the on-wire counterparts but in host byte order.

Attribute

Description

auth_type

(Fixed) The authentication type in use.

auth_key_id

The authentication Key ID in use.

password

The simple password in use on this session. The password is a binary string, and MUST be from 1 to 16 bytes in length.

auth_len

The length, in bytes, of the authentication section, including the auth_type and auth_len fields.

authenticate(prev=None, auth_keys=None)

Authenticate the password for this packet.

This method can be invoked only when self.password is defined.

Returns a boolean indicates whether the password can be authenticated or not.

prev is a bfd instance for the BFD Control header. It's not necessary for authenticating the Simple Password.

auth_keys is a dictionary of authentication key chain which key is an integer of Auth Key ID and value is a string of Password.

serialize(payload, prev)

Encode a Simple Password Authentication Section.

payload is the rest of the packet which will immediately follow this section.

prev is a bfd instance for the BFD Control header. It's not necessary for encoding only the Simple Password section.

class os_ken.lib.packet.bfd.bfd(ver=1, diag=0, state=0, flags=0, detect_mult=0, my_discr=0, your_discr=0, desired_min_tx_interval=0, required_min_rx_interval=0, required_min_echo_rx_interval=0, auth_cls=None, length=None)

BFD (RFC 5880) Control packet encoder/decoder class.

The serialized packet would looks like the ones described in the following sections.

  • RFC 5880 Generic BFD Control Packet Format

An instance has the following attributes at least. Most of them are same to the on-wire counterparts but in host byte order.

__init__ takes the corresponding args in this order.

Attribute

Description

ver

The version number of the protocol. This class implements protocol version 1.

diag

A diagnostic code specifying the local system's reason for the last change in session state.

state

The current BFD session state as seen by the transmitting system.

flags

Bitmap of the following flags.

BFD_FLAG_POLL
BFD_FLAG_FINAL
BFD_FLAG_CTRL_PLANE_INDEP
BFD_FLAG_AUTH_PRESENT
BFD_FLAG_DEMAND
BFD_FLAG_MULTIPOINT

detect_mult

Detection time multiplier.

my_discr

My Discriminator.

your_discr

Your Discriminator.

desired_min_tx_interval

Desired Min TX Interval. (in microseconds)

required_min_rx_interval

Required Min RX Interval. (in microseconds)

required_min_echo_rx_interval

Required Min Echo RX Interval. (in microseconds)

auth_cls

(Optional) Authentication Section instance. It's defined only when the Authentication Present (A) bit is set in flags. Assign an instance of the following classes: SimplePassword, KeyedMD5, MeticulousKeyedMD5, KeyedSHA1, and MeticulousKeyedSHA1.

length

(Optional) Length of the BFD Control packet, in bytes.

authenticate(*args, **kwargs)

Authenticate this packet.

Returns a boolean indicates whether the packet can be authenticated or not.

Returns False if the Authentication Present (A) is not set in the flag of this packet.

Returns False if the Authentication Section for this packet is not present.

For the description of the arguemnts of this method, refer to the authentication method of the Authentication Section classes.

pack()

Encode a BFD Control packet without authentication section.

classmethod parser(buf)

Decode a protocol header.

This method is used only when decoding a packet.

Decode a protocol header at offset 0 in bytearray buf. Returns the following three objects.

  • An object to describe the decoded header.

  • A packet_base.PacketBase subclass appropriate for the rest of the packet. None when the rest of the packet should be considered as raw payload.

  • The rest of packet.

serialize(payload, prev)

Encode a protocol header.

This method is used only when encoding a packet.

Encode a protocol header. Returns a bytearray which contains the header.

payload is the rest of the packet which will immediately follow this header.

prev is a packet_base.PacketBase subclass for the outer protocol header. prev is None if the current header is the outer-most. For example, prev is ipv4 or ipv6 for tcp.serialize.