]> git.proxmox.com Git - mirror_frr.git/blame - bgpd/bgp_open.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #12603 from opensourcerouting/fix/deprecate_bgp_stuff_some
[mirror_frr.git] / bgpd / bgp_open.c
CommitLineData
718e3744 1/* BGP open message handling
896014f4
DL		 2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
718e3744 20
21#include <zebra.h>
22
23#include "linklist.h"
24#include "prefix.h"
25#include "stream.h"
26#include "thread.h"
27#include "log.h"
28#include "command.h"
6d58272b 29#include "memory.h"
3f9c7369 30#include "queue.h"
039f3a34 31#include "filter.h"
718e3744 32
856ca177 33#include "lib/json.h"
718e3744 34#include "bgpd/bgpd.h"
35#include "bgpd/bgp_attr.h"
36#include "bgpd/bgp_debug.h"
14454c9f 37#include "bgpd/bgp_errors.h"
718e3744 38#include "bgpd/bgp_fsm.h"
39#include "bgpd/bgp_packet.h"
40#include "bgpd/bgp_open.h"
0b2aa3a0 41#include "bgpd/bgp_aspath.h"
538621f2 42#include "bgpd/bgp_vty.h"
4a1ab8e4 43#include "bgpd/bgp_memory.h"
538621f2 44
1cadb718
DA		 45static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
688ea069 60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
d864dd9e 61 {CAPABILITY_CODE_ROLE, "Role"},
1cadb718
DA		 62 {0}};
63
64/* Minimum sizes for length field of each cap (so not inc. the header) */
65static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
688ea069 80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
d864dd9e 81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
1cadb718
DA		 82};
83
84/* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
688ea069 104 [CAPABILITY_CODE_LLGR] = 1,
d864dd9e 105 [CAPABILITY_CODE_ROLE] = 1,
1cadb718
DA		 106};
107
718e3744 108/* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
da88f402 115 Next, if we send capability to the peer we want to set my capability
718e3744 116 inforation at each peer. */
117
9f049418
DS		 118void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
718e3744 120{
d62a17ae 121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
da3b87f8 147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
d62a17ae 150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 default:
171 json_object_int_add(
172 json_cap,
173 "capabilityErrorMultiProtocolAfiUnknown",
174 ntohs(mpc.afi));
175 break;
176 }
177 switch (safi) {
178 case SAFI_UNICAST:
179 json_object_string_add(
180 json_cap,
181 "capabilityErrorMultiProtocolSafi",
182 "unicast");
183 break;
184 case SAFI_MULTICAST:
185 json_object_string_add(
186 json_cap,
187 "capabilityErrorMultiProtocolSafi",
188 "multicast");
189 break;
190 case SAFI_LABELED_UNICAST:
191 json_object_string_add(
192 json_cap,
193 "capabilityErrorMultiProtocolSafi",
194 "labeled-unicast");
195 break;
196 case SAFI_MPLS_VPN:
197 json_object_string_add(
198 json_cap,
199 "capabilityErrorMultiProtocolSafi",
200 "MPLS-labeled VPN");
201 break;
202 case SAFI_ENCAP:
203 json_object_string_add(
204 json_cap,
205 "capabilityErrorMultiProtocolSafi",
206 "encap");
207 break;
208 case SAFI_EVPN:
209 json_object_string_add(
210 json_cap,
211 "capabilityErrorMultiProtocolSafi",
212 "EVPN");
213 break;
7c40bf39 214 case SAFI_FLOWSPEC:
215 json_object_string_add(
216 json_cap,
217 "capabilityErrorMultiProtocolSafi",
218 "flowspec");
219 break;
d62a17ae 220 default:
221 json_object_int_add(
222 json_cap,
223 "capabilityErrorMultiProtocolSafiUnknown",
224 mpc.safi);
225 break;
226 }
227 } else {
228 vty_out(vty,
229 " Capability error for: Multi protocol ");
230 switch (afi) {
231 case AFI_IP:
232 vty_out(vty, "AFI IPv4, ");
233 break;
234 case AFI_IP6:
235 vty_out(vty, "AFI IPv6, ");
236 break;
237 case AFI_L2VPN:
238 vty_out(vty, "AFI L2VPN, ");
239 break;
240 default:
241 vty_out(vty, "AFI Unknown %d, ",
242 ntohs(mpc.afi));
243 break;
244 }
245 switch (safi) {
246 case SAFI_UNICAST:
247 vty_out(vty, "SAFI Unicast");
248 break;
249 case SAFI_MULTICAST:
250 vty_out(vty, "SAFI Multicast");
251 break;
252 case SAFI_LABELED_UNICAST:
253 vty_out(vty, "SAFI Labeled-unicast");
254 break;
255 case SAFI_MPLS_VPN:
256 vty_out(vty, "SAFI MPLS-labeled VPN");
257 break;
258 case SAFI_ENCAP:
259 vty_out(vty, "SAFI ENCAP");
260 break;
7c40bf39 261 case SAFI_FLOWSPEC:
262 vty_out(vty, "SAFI FLOWSPEC");
263 break;
d62a17ae 264 case SAFI_EVPN:
265 vty_out(vty, "SAFI EVPN");
266 break;
267 default:
268 vty_out(vty, "SAFI Unknown %d ",
269 mpc.safi);
270 break;
271 }
272 vty_out(vty, "\n");
273 }
274 } else if (hdr->code >= 128) {
275 if (use_json)
276 json_object_int_add(
277 json_cap,
278 "capabilityErrorVendorSpecificCapabilityCode",
279 hdr->code);
280 else
281 vty_out(vty,
282 " Capability error: vendor specific capability code %d",
283 hdr->code);
284 } else {
285 if (use_json)
286 json_object_int_add(
287 json_cap,
288 "capabilityErrorUnknownCapabilityCode",
289 hdr->code);
290 else
291 vty_out(vty,
292 " Capability error: unknown capability code %d",
293 hdr->code);
294 }
295 pnt += hdr->length + 2;
296 }
297 if (use_json)
298 json_object_object_add(json_neigh, "capabilityErrors",
299 json_cap);
718e3744 300}
301
d62a17ae 302static void bgp_capability_mp_data(struct stream *s,
303 struct capability_mp_data *mpc)
718e3744 304{
d62a17ae 305 mpc->afi = stream_getw(s);
306 mpc->reserved = stream_getc(s);
307 mpc->safi = stream_getc(s);
6d58272b 308}
718e3744 309
6d58272b 310/* Set negotiated capability value. */
d62a17ae 311static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
6d58272b 312{
d62a17ae 313 struct capability_mp_data mpc;
314 struct stream *s = BGP_INPUT(peer);
315 afi_t afi;
316 safi_t safi;
317
318 /* Verify length is 4 */
319 if (hdr->length != 4) {
065eaa36 320 flog_warn(
e50f7cfd 321 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 322 "MP Cap: Received invalid length %d, non-multiple of 4",
323 hdr->length);
324 return -1;
325 }
326
327 bgp_capability_mp_data(s, &mpc);
328
329 if (bgp_debug_neighbor_events(peer))
1cadb718
DA		 330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
332 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
d62a17ae 333
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
336 return -1;
337
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer->afc_recv[afi][safi] = 1;
340
341 if (peer->afc[afi][safi])
342 peer->afc_nego[afi][safi] = 1;
343 else
344 return -1;
345
346 return 0;
718e3744 347}
348
d62a17ae 349static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
d7c0a89a
QY		 350 iana_safi_t safi, uint8_t type,
351 uint8_t mode)
718e3744 352{
d62a17ae 353 if (bgp_debug_neighbor_events(peer))
354 zlog_debug(
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer->host, afi, safi, type, mode);
718e3744 357}
358
d62a17ae 359static const struct message orf_type_str[] = {
5bb2aa89 360 {ORF_TYPE_RESERVED, "Reserved"},
d62a17ae 361 {ORF_TYPE_PREFIX, "Prefixlist"},
362 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
363 {0}};
6d58272b 364
d62a17ae 365static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
366 {ORF_MODE_SEND, "Send"},
367 {ORF_MODE_BOTH, "Both"},
368 {0}};
6d58272b 369
d62a17ae 370static int bgp_capability_orf_entry(struct peer *peer,
371 struct capability_header *hdr)
718e3744 372{
d62a17ae 373 struct stream *s = BGP_INPUT(peer);
374 struct capability_mp_data mpc;
d7c0a89a 375 uint8_t num;
d62a17ae 376 iana_afi_t pkt_afi;
377 afi_t afi;
5c525538
RW		 378 iana_safi_t pkt_safi;
379 safi_t safi;
d7c0a89a
QY		 380 uint8_t type;
381 uint8_t mode;
382 uint16_t sm_cap = 0; /* capability send-mode receive */
383 uint16_t rm_cap = 0; /* capability receive-mode receive */
d62a17ae 384 int i;
385
386 /* ORF Entry header */
387 bgp_capability_mp_data(s, &mpc);
388 num = stream_getc(s);
389 pkt_afi = mpc.afi;
390 pkt_safi = mpc.safi;
391
392 if (bgp_debug_neighbor_events(peer))
748a041f
DS		 393 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
394 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
d62a17ae 395
396 /* Convert AFI, SAFI to internal values, check. */
397 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
398 zlog_info(
3efd0893 399 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
d62a17ae 400 peer->host, pkt_afi, pkt_safi);
401 return 0;
718e3744 402 }
d62a17ae 403
404 mpc.afi = pkt_afi;
405 mpc.safi = safi;
406
407 /* validate number field */
408 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
409 zlog_info(
3efd0893 410 "%s ORF Capability entry length error, Cap length %u, num %u",
d62a17ae 411 peer->host, hdr->length, num);
412 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
413 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
414 return -1;
718e3744 415 }
416
d62a17ae 417 for (i = 0; i < num; i++) {
418 type = stream_getc(s);
419 mode = stream_getc(s);
420
421 /* ORF Mode error check */
422 switch (mode) {
423 case ORF_MODE_BOTH:
424 case ORF_MODE_SEND:
425 case ORF_MODE_RECEIVE:
426 break;
427 default:
428 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
429 type, mode);
430 continue;
431 }
432 /* ORF Type and afi/safi error checks */
433 /* capcode versus type */
434 switch (hdr->code) {
435 case CAPABILITY_CODE_ORF:
436 switch (type) {
5bb2aa89
DA		 437 case ORF_TYPE_RESERVED:
438 if (bgp_debug_neighbor_events(peer))
439 zlog_debug(
440 "%s Addr-family %d/%d has reserved ORF type, ignoring",
441 peer->host, afi, safi);
442 break;
d62a17ae 443 case ORF_TYPE_PREFIX:
444 break;
445 default:
446 bgp_capability_orf_not_support(
447 peer, pkt_afi, pkt_safi, type, mode);
448 continue;
449 }
450 break;
451 case CAPABILITY_CODE_ORF_OLD:
452 switch (type) {
5bb2aa89
DA		 453 case ORF_TYPE_RESERVED:
454 if (bgp_debug_neighbor_events(peer))
455 zlog_debug(
456 "%s Addr-family %d/%d has reserved ORF type, ignoring",
457 peer->host, afi, safi);
458 break;
d62a17ae 459 case ORF_TYPE_PREFIX_OLD:
460 break;
461 default:
462 bgp_capability_orf_not_support(
463 peer, pkt_afi, pkt_safi, type, mode);
464 continue;
465 }
466 break;
467 default:
468 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
469 type, mode);
470 continue;
471 }
472
473 /* AFI vs SAFI */
474 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
475 || (afi == AFI_IP && safi == SAFI_MULTICAST)
476 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
477 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
478 type, mode);
479 continue;
480 }
481
482 if (bgp_debug_neighbor_events(peer))
483 zlog_debug(
3efd0893 484 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
d62a17ae 485 peer->host,
486 lookup_msg(orf_type_str, type, NULL),
748a041f
DS		 487 lookup_msg(orf_mode_str, mode, NULL),
488 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
d62a17ae 489
490 if (hdr->code == CAPABILITY_CODE_ORF) {
491 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
492 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
493 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
494 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
495 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
496 } else {
497 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
498 type, mode);
499 continue;
500 }
501
502 switch (mode) {
503 case ORF_MODE_BOTH:
504 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
505 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
506 break;
507 case ORF_MODE_SEND:
508 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
509 break;
510 case ORF_MODE_RECEIVE:
511 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
512 break;
513 }
718e3744 514 }
d62a17ae 515 return 0;
718e3744 516}
517
d62a17ae 518static int bgp_capability_restart(struct peer *peer,
519 struct capability_header *caphdr)
6d58272b 520{
d62a17ae 521 struct stream *s = BGP_INPUT(peer);
d7c0a89a 522 uint16_t restart_flag_time;
d62a17ae 523 size_t end = stream_get_getp(s) + caphdr->length;
524
525 /* Verify length is a multiple of 4 */
526 if ((caphdr->length - 2) % 4) {
065eaa36 527 flog_warn(
e50f7cfd 528 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 529 "Restart Cap: Received invalid length %d, non-multiple of 4",
530 caphdr->length);
531 return -1;
532 }
533
534 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
535 restart_flag_time = stream_getw(s);
eea685b6
DA		 536
537 /* The most significant bit is defined in [RFC4724] as
538 * the Restart State ("R") bit.
539 */
d83facbb 540 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
54394daa 541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
d7b3cda6 542 else
54394daa 543 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
d62a17ae 544
eea685b6
DA		 545 /* The second most significant bit is defined in this
546 * document as the Graceful Notification ("N") bit.
547 */
548 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
549 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
d7b3cda6 550 else
eea685b6 551 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
d62a17ae 552
553 UNSET_FLAG(restart_flag_time, 0xF000);
554 peer->v_gr_restart = restart_flag_time;
555
556 if (bgp_debug_neighbor_events(peer)) {
eea685b6
DA		 557 zlog_debug(
558 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
559 peer->host,
560 CHECK_FLAG(peer->cap,
561 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
562 ? " "
563 : " not ",
564 peer->v_gr_restart,
565 CHECK_FLAG(peer->cap,
566 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
567 ? "yes"
568 : "no");
d62a17ae 569 }
570
571 while (stream_get_getp(s) + 4 <= end) {
572 afi_t afi;
573 safi_t safi;
574 iana_afi_t pkt_afi = stream_getw(s);
5c525538 575 iana_safi_t pkt_safi = stream_getc(s);
d7c0a89a 576 uint8_t flag = stream_getc(s);
d62a17ae 577
578 /* Convert AFI, SAFI to internal values, check. */
579 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
580 if (bgp_debug_neighbor_events(peer))
581 zlog_debug(
3efd0893 582 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
748a041f
DS		 583 peer->host, iana_afi2str(pkt_afi),
584 iana_safi2str(pkt_safi));
d62a17ae 585 } else if (!peer->afc[afi][safi]) {
586 if (bgp_debug_neighbor_events(peer))
587 zlog_debug(
3efd0893 588 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
748a041f
DS		 589 peer->host, iana_afi2str(pkt_afi),
590 iana_safi2str(pkt_safi));
d62a17ae 591 } else {
592 if (bgp_debug_neighbor_events(peer))
593 zlog_debug(
594 "%s Address family %s is%spreserved",
5cb5f4d0 595 peer->host, get_afi_safi_str(afi, safi, false),
d62a17ae 596 CHECK_FLAG(
597 peer->af_cap[afi][safi],
598 PEER_CAP_RESTART_AF_PRESERVE_RCV)
599 ? " "
600 : " not ");
601
602 SET_FLAG(peer->af_cap[afi][safi],
603 PEER_CAP_RESTART_AF_RCV);
d83facbb 604 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
d62a17ae 605 SET_FLAG(peer->af_cap[afi][safi],
606 PEER_CAP_RESTART_AF_PRESERVE_RCV);
607 }
608 }
609 return 0;
6d58272b 610}
718e3744 611
8606be87
DA		 612static int bgp_capability_llgr(struct peer *peer,
613 struct capability_header *caphdr)
614{
615 struct stream *s = BGP_INPUT(peer);
616 size_t end = stream_get_getp(s) + caphdr->length;
617
618 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
619
620 while (stream_get_getp(s) + 4 <= end) {
621 afi_t afi;
622 safi_t safi;
623 iana_afi_t pkt_afi = stream_getw(s);
624 iana_safi_t pkt_safi = stream_getc(s);
625 uint8_t flags = stream_getc(s);
626 uint32_t stale_time = stream_get3(s);
627
628 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
629 if (bgp_debug_neighbor_events(peer))
630 zlog_debug(
631 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
632 peer->host, iana_afi2str(pkt_afi),
633 iana_safi2str(pkt_safi));
634 } else if (!peer->afc[afi][safi]
635 || !CHECK_FLAG(peer->af_cap[afi][safi],
636 PEER_CAP_RESTART_AF_RCV)) {
637 if (bgp_debug_neighbor_events(peer))
638 zlog_debug(
639 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
640 peer->host, iana_afi2str(pkt_afi),
641 iana_safi2str(pkt_safi));
642 } else {
1479ed2f
DA		 643 if (bgp_debug_neighbor_events(peer))
644 zlog_debug(
645 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
646 peer->host, iana_afi2str(pkt_afi),
647 iana_safi2str(pkt_safi), stale_time);
648
8606be87 649 peer->llgr[afi][safi].flags = flags;
1479ed2f
DA		 650 peer->llgr[afi][safi].stale_time =
651 MIN(stale_time, peer->bgp->llgr_stale_time);
8606be87
DA		 652 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
653 }
654 }
655
656 return 0;
657}
658
14051b36 659/* Unlike other capability parsing routines, this one returns 0 on error */
d62a17ae 660static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
0b2aa3a0 661{
d62a17ae 662 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
663
664 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
e50f7cfd 665 flog_err(EC_BGP_PKT_OPEN,
1c50c1c0
QY		 666 "%s AS4 capability has incorrect data length %d",
667 peer->host, hdr->length);
d62a17ae 668 return 0;
669 }
670
671 as_t as4 = stream_getl(BGP_INPUT(peer));
672
673 if (BGP_DEBUG(as4, AS4))
674 zlog_debug(
675 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
676 peer->host, as4);
677 return as4;
0b2aa3a0
PJ		 678}
679
ef56aee4
DA		 680static int bgp_capability_ext_message(struct peer *peer,
681 struct capability_header *hdr)
682{
683 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
684 flog_err(
685 EC_BGP_PKT_OPEN,
686 "%s: BGP Extended Message capability has incorrect data length %d",
687 peer->host, hdr->length);
688 return -1;
689 }
690
691 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
692
693 return 0;
694}
695
d62a17ae 696static int bgp_capability_addpath(struct peer *peer,
697 struct capability_header *hdr)
a82478b9 698{
d62a17ae 699 struct stream *s = BGP_INPUT(peer);
700 size_t end = stream_get_getp(s) + hdr->length;
701
702 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
703
704 /* Verify length is a multiple of 4 */
705 if (hdr->length % 4) {
065eaa36 706 flog_warn(
e50f7cfd 707 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 708 "Add Path: Received invalid length %d, non-multiple of 4",
709 hdr->length);
710 return -1;
711 }
712
713 while (stream_get_getp(s) + 4 <= end) {
714 afi_t afi;
715 safi_t safi;
716 iana_afi_t pkt_afi = stream_getw(s);
5c525538 717 iana_safi_t pkt_safi = stream_getc(s);
d7c0a89a 718 uint8_t send_receive = stream_getc(s);
d62a17ae 719
720 if (bgp_debug_neighbor_events(peer))
721 zlog_debug(
70aa70f9
DA		 722 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
723 peer->host,
724 lookup_msg(capcode_str, hdr->code, NULL),
725 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
d62a17ae 726 (send_receive & BGP_ADDPATH_RX) ? ", receive"
727 : "",
728 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
729 : "");
730
731 /* Convert AFI, SAFI to internal values, check. */
732 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
733 if (bgp_debug_neighbor_events(peer))
734 zlog_debug(
3efd0893 735 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
748a041f
DS		 736 peer->host, iana_afi2str(pkt_afi),
737 iana_safi2str(pkt_safi));
d62a17ae 738 continue;
739 } else if (!peer->afc[afi][safi]) {
740 if (bgp_debug_neighbor_events(peer))
741 zlog_debug(
3efd0893 742 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
748a041f
DS		 743 peer->host, iana_afi2str(pkt_afi),
744 iana_safi2str(pkt_safi));
d62a17ae 745 continue;
746 }
747
748 if (send_receive & BGP_ADDPATH_RX)
749 SET_FLAG(peer->af_cap[afi][safi],
750 PEER_CAP_ADDPATH_AF_RX_RCV);
751
752 if (send_receive & BGP_ADDPATH_TX)
753 SET_FLAG(peer->af_cap[afi][safi],
754 PEER_CAP_ADDPATH_AF_TX_RCV);
755 }
756
757 return 0;
a82478b9
DS		 758}
759
d62a17ae 760static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
8a92a8a0 761{
d62a17ae 762 struct stream *s = BGP_INPUT(peer);
763 size_t end = stream_get_getp(s) + hdr->length;
764
765 /* Verify length is a multiple of 4 */
766 if (hdr->length % 6) {
065eaa36 767 flog_warn(
e50f7cfd 768 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 769 "Extended NH: Received invalid length %d, non-multiple of 6",
770 hdr->length);
771 return -1;
772 }
773
774 while (stream_get_getp(s) + 6 <= end) {
775 iana_afi_t pkt_afi = stream_getw(s);
776 afi_t afi;
5c525538
RW		 777 iana_safi_t pkt_safi = stream_getw(s);
778 safi_t safi;
d62a17ae 779 iana_afi_t pkt_nh_afi = stream_getw(s);
780 afi_t nh_afi;
781
782 if (bgp_debug_neighbor_events(peer))
783 zlog_debug(
748a041f
DS		 784 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
785 peer->host, iana_afi2str(pkt_afi),
786 iana_safi2str(pkt_safi), pkt_nh_afi);
d62a17ae 787
788 /* Convert AFI, SAFI to internal values, check. */
789 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
790 if (bgp_debug_neighbor_events(peer))
791 zlog_debug(
3efd0893 792 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
748a041f
DS		 793 peer->host, iana_afi2str(pkt_afi),
794 iana_safi2str(pkt_safi));
d62a17ae 795 continue;
796 }
797
798 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
799 * with
800 * the Nexthop AFI being IPv6. A future spec may introduce other
801 * possibilities, so we ignore other values with a log. Also,
802 * only
803 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
804 * (and expected).
805 */
806 nh_afi = afi_iana2int(pkt_nh_afi);
807
808 if (afi != AFI_IP || nh_afi != AFI_IP6
770df5fd 809 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
d62a17ae 810 || safi == SAFI_LABELED_UNICAST)) {
065eaa36 811 flog_warn(
e50f7cfd 812 EC_BGP_CAPABILITY_INVALID_DATA,
3efd0893 813 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
748a041f
DS		 814 peer->host, iana_afi2str(pkt_afi),
815 iana_safi2str(pkt_safi), pkt_nh_afi);
d62a17ae 816 continue;
817 }
818
819 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
820
821 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
822 SET_FLAG(peer->af_cap[afi][safi],
823 PEER_CAP_ENHE_AF_NEGO);
824 }
825
826 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
827
828 return 0;
8a92a8a0
DS		 829}
830
d62a17ae 831static int bgp_capability_hostname(struct peer *peer,
832 struct capability_header *hdr)
04b6bdc0 833{
d62a17ae 834 struct stream *s = BGP_INPUT(peer);
835 char str[BGP_MAX_HOSTNAME + 1];
836 size_t end = stream_get_getp(s) + hdr->length;
d7c0a89a 837 uint8_t len;
d62a17ae 838
839 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
840
841 len = stream_getc(s);
842 if (stream_get_getp(s) + len > end) {
065eaa36 843 flog_warn(
e50f7cfd 844 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 845 "%s: Received malformed hostname capability from peer %s",
15569c58 846 __func__, peer->host);
d62a17ae 847 return -1;
848 }
849
850 if (len > BGP_MAX_HOSTNAME) {
851 stream_get(str, s, BGP_MAX_HOSTNAME);
852 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
853 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
854 } else if (len)
855 stream_get(str, s, len);
856
857 if (len) {
858 str[len] = '\0';
859
e1b36e13
QY		 860 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
861 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
d62a17ae 862
863 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
864 }
865
866 if (stream_get_getp(s) + 1 > end) {
065eaa36 867 flog_warn(
e50f7cfd 868 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 869 "%s: Received invalid domain name len (hostname capability) from peer %s",
15569c58 870 __func__, peer->host);
d62a17ae 871 return -1;
872 }
873
874 len = stream_getc(s);
875 if (stream_get_getp(s) + len > end) {
065eaa36 876 flog_warn(
e50f7cfd 877 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 878 "%s: Received runt domain name (hostname capability) from peer %s",
15569c58 879 __func__, peer->host);
d62a17ae 880 return -1;
881 }
882
883 if (len > BGP_MAX_HOSTNAME) {
884 stream_get(str, s, BGP_MAX_HOSTNAME);
885 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
886 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
887 } else if (len)
888 stream_get(str, s, len);
889
890 if (len) {
891 str[len] = '\0';
aba5353c 892
e1b36e13 893 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
aba5353c 894
d62a17ae 895 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
896 }
897
898 if (bgp_debug_neighbor_events(peer)) {
899 zlog_debug("%s received hostname %s, domainname %s", peer->host,
900 peer->hostname, peer->domainname);
901 }
902
903 return 0;
04b6bdc0
DW		 904}
905
d864dd9e
EB		 906static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
907{
908 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
909 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
910 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
911 "Role: Received invalid length %d", hdr->length);
912 return -1;
913 }
914 uint8_t role = stream_getc(BGP_INPUT(peer));
915
8f2d6021 916 peer->remote_role = role;
d864dd9e
EB		 917 return 0;
918}
919
3b381c32
AS		 920/**
921 * Parse given capability.
6d58272b 922 * XXX: This is reading into a stream, but not using stream API
3b381c32
AS		 923 *
924 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
925 * capabilities were encountered.
6d58272b 926 */
d62a17ae 927static int bgp_capability_parse(struct peer *peer, size_t length,
d7c0a89a 928 int *mp_capability, uint8_t **error)
6d58272b 929{
d62a17ae 930 int ret;
931 struct stream *s = BGP_INPUT(peer);
932 size_t end = stream_get_getp(s) + length;
34aa7448 933 uint16_t restart_flag_time = 0;
d62a17ae 934
935 assert(STREAM_READABLE(s) >= length);
936
937 while (stream_get_getp(s) < end) {
938 size_t start;
d7c0a89a 939 uint8_t *sp = stream_pnt(s);
d62a17ae 940 struct capability_header caphdr;
941
942 ret = 0;
943 /* We need at least capability code and capability length. */
944 if (stream_get_getp(s) + 2 > end) {
945 zlog_info("%s Capability length error (< header)",
946 peer->host);
947 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
949 return -1;
950 }
951
952 caphdr.code = stream_getc(s);
953 caphdr.length = stream_getc(s);
954 start = stream_get_getp(s);
955
956 /* Capability length check sanity check. */
957 if (start + caphdr.length > end) {
958 zlog_info("%s Capability length error (< length)",
959 peer->host);
960 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
961 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
962 return -1;
963 }
964
965 if (bgp_debug_neighbor_events(peer))
966 zlog_debug("%s OPEN has %s capability (%u), length %u",
967 peer->host,
968 lookup_msg(capcode_str, caphdr.code, NULL),
969 caphdr.code, caphdr.length);
970
971 /* Length sanity check, type-specific, for known capabilities */
972 switch (caphdr.code) {
973 case CAPABILITY_CODE_MP:
974 case CAPABILITY_CODE_REFRESH:
975 case CAPABILITY_CODE_REFRESH_OLD:
976 case CAPABILITY_CODE_ORF:
977 case CAPABILITY_CODE_ORF_OLD:
978 case CAPABILITY_CODE_RESTART:
979 case CAPABILITY_CODE_AS4:
980 case CAPABILITY_CODE_ADDPATH:
981 case CAPABILITY_CODE_DYNAMIC:
982 case CAPABILITY_CODE_DYNAMIC_OLD:
983 case CAPABILITY_CODE_ENHE:
984 case CAPABILITY_CODE_FQDN:
9af52ccf 985 case CAPABILITY_CODE_ENHANCED_RR:
ef56aee4 986 case CAPABILITY_CODE_EXT_MESSAGE:
d864dd9e 987 case CAPABILITY_CODE_ROLE:
d62a17ae 988 /* Check length. */
989 if (caphdr.length < cap_minsizes[caphdr.code]) {
990 zlog_info(
3efd0893 991 "%s %s Capability length error: got %u, expected at least %u",
d62a17ae 992 peer->host,
993 lookup_msg(capcode_str, caphdr.code,
994 NULL),
995 caphdr.length,
996 (unsigned)cap_minsizes[caphdr.code]);
997 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
999 return -1;
1000 }
1001 if (caphdr.length
1002 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1003 zlog_info(
3efd0893 1004 "%s %s Capability length error: got %u, expected a multiple of %u",
d62a17ae 1005 peer->host,
1006 lookup_msg(capcode_str, caphdr.code,
1007 NULL),
1008 caphdr.length,
1009 (unsigned)cap_modsizes[caphdr.code]);
1010 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1011 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1012 return -1;
1013 }
1014 /* we deliberately ignore unknown codes, see below */
1015 default:
1016 break;
1017 }
1018
1019 switch (caphdr.code) {
1020 case CAPABILITY_CODE_MP: {
1021 *mp_capability = 1;
1022
1023 /* Ignore capability when override-capability is set. */
1024 if (!CHECK_FLAG(peer->flags,
1025 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1026 /* Set negotiated value. */
1027 ret = bgp_capability_mp(peer, &caphdr);
1028
1029 /* Unsupported Capability. */
1030 if (ret < 0) {
1031 /* Store return data. */
1032 memcpy(*error, sp, caphdr.length + 2);
1033 *error += caphdr.length + 2;
1034 }
1035 ret = 0; /* Don't return error for this */
1036 }
1037 } break;
9af52ccf 1038 case CAPABILITY_CODE_ENHANCED_RR:
d62a17ae 1039 case CAPABILITY_CODE_REFRESH:
1040 case CAPABILITY_CODE_REFRESH_OLD: {
1041 /* BGP refresh capability */
9af52ccf
DA		 1042 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1043 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1044 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
d62a17ae 1045 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1046 else
1047 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1048 } break;
1049 case CAPABILITY_CODE_ORF:
1050 case CAPABILITY_CODE_ORF_OLD:
1051 ret = bgp_capability_orf_entry(peer, &caphdr);
1052 break;
1053 case CAPABILITY_CODE_RESTART:
1054 ret = bgp_capability_restart(peer, &caphdr);
1055 break;
8606be87
DA		 1056 case CAPABILITY_CODE_LLGR:
1057 ret = bgp_capability_llgr(peer, &caphdr);
1058 break;
d62a17ae 1059 case CAPABILITY_CODE_DYNAMIC:
1060 case CAPABILITY_CODE_DYNAMIC_OLD:
1061 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1062 break;
1063 case CAPABILITY_CODE_AS4:
1064 /* Already handled as a special-case parsing of the
1065 * capabilities
1066 * at the beginning of OPEN processing. So we care not a
1067 * jot
1068 * for the value really, only error case.
1069 */
1070 if (!bgp_capability_as4(peer, &caphdr))
1071 ret = -1;
1072 break;
1073 case CAPABILITY_CODE_ADDPATH:
1074 ret = bgp_capability_addpath(peer, &caphdr);
1075 break;
1076 case CAPABILITY_CODE_ENHE:
1077 ret = bgp_capability_enhe(peer, &caphdr);
1078 break;
ef56aee4
DA		 1079 case CAPABILITY_CODE_EXT_MESSAGE:
1080 ret = bgp_capability_ext_message(peer, &caphdr);
1081 break;
d62a17ae 1082 case CAPABILITY_CODE_FQDN:
1083 ret = bgp_capability_hostname(peer, &caphdr);
1084 break;
d864dd9e
EB		 1085 case CAPABILITY_CODE_ROLE:
1086 ret = bgp_capability_role(peer, &caphdr);
1087 break;
d62a17ae 1088 default:
1089 if (caphdr.code > 128) {
1090 /* We don't send Notification for unknown vendor
1091 specific
1092 capabilities. It seems reasonable for now...
1093 */
e50f7cfd 1094 flog_warn(EC_BGP_CAPABILITY_VENDOR,
065eaa36 1095 "%s Vendor specific capability %d",
d62a17ae 1096 peer->host, caphdr.code);
1097 } else {
065eaa36 1098 flog_warn(
e50f7cfd 1099 EC_BGP_CAPABILITY_UNKNOWN,
d62a17ae 1100 "%s unrecognized capability code: %d - ignored",
1101 peer->host, caphdr.code);
1102 memcpy(*error, sp, caphdr.length + 2);
1103 *error += caphdr.length + 2;
1104 }
1105 }
1106
1107 if (ret < 0) {
1108 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1109 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1110 return -1;
1111 }
1112 if (stream_get_getp(s) != (start + caphdr.length)) {
1113 if (stream_get_getp(s) > (start + caphdr.length))
065eaa36 1114 flog_warn(
e50f7cfd 1115 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 1116 "%s Cap-parser for %s read past cap-length, %u!",
1117 peer->host,
1118 lookup_msg(capcode_str, caphdr.code,
1119 NULL),
1120 caphdr.length);
1121 stream_set_getp(s, start + caphdr.length);
1122 }
34aa7448 1123
1124 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1125 UNSET_FLAG(restart_flag_time, 0xF000);
1126 peer->v_gr_restart = restart_flag_time;
1127 }
718e3744 1128 }
d62a17ae 1129 return 0;
718e3744 1130}
1131
3dc339cd 1132static bool strict_capability_same(struct peer *peer)
718e3744 1133{
d62a17ae 1134 int i, j;
718e3744 1135
d62a17ae 1136 for (i = AFI_IP; i < AFI_MAX; i++)
1137 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1138 if (peer->afc[i][j] != peer->afc_nego[i][j])
3dc339cd
DA		 1139 return false;
1140 return true;
718e3744 1141}
1142
d864dd9e
EB		 1143
1144static bool bgp_role_violation(struct peer *peer)
1145{
1146 uint8_t local_role = peer->local_role;
8f2d6021
EB		 1147 uint8_t remote_role = peer->remote_role;
1148
1149 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1150 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1151 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1152 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1153 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1154 (local_role == ROLE_RS_CLIENT &&
1155 remote_role == ROLE_RS_SERVER))) {
d864dd9e
EB		 1156 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1157 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1158 return true;
1159 }
8f2d6021 1160 if (remote_role == ROLE_UNDEFINED &&
7dddd1f7 1161 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
d864dd9e
EB		 1162 const char *err_msg =
1163 "Strict mode. Please set the role on your side.";
1164 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1165 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1166 (uint8_t *)err_msg, strlen(err_msg));
1167 return true;
1168 }
1169 return false;
1170}
1171
1172
0b2aa3a0
PJ		 1173/* peek into option, stores ASN to *as4 if the AS4 capability was found.
1174 * Returns 0 if no as4 found, as4cap value otherwise.
1175 */
d08c0c80 1176as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
0b2aa3a0 1177{
d62a17ae 1178 struct stream *s = BGP_INPUT(peer);
1179 size_t orig_getp = stream_get_getp(s);
1180 size_t end = orig_getp + length;
1181 as_t as4 = 0;
1182
1183 if (BGP_DEBUG(as4, AS4))
4cb5e18b 1184 zlog_debug(
3efd0893 1185 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
d62a17ae 1186 peer->host, length);
1187 /* the error cases we DONT handle, we ONLY try to read as4 out of
1188 * correctly formatted options.
1189 */
1190 while (stream_get_getp(s) < end) {
d7c0a89a 1191 uint8_t opt_type;
d08c0c80 1192 uint16_t opt_length;
d62a17ae 1193
3e46b43e
DS		 1194 /* Ensure we can read the option type */
1195 if (stream_get_getp(s) + 1 > end)
d62a17ae 1196 goto end;
1197
3e46b43e 1198 /* Fetch the option type */
d62a17ae 1199 opt_type = stream_getc(s);
3e46b43e
DS		 1200
1201 /*
1202 * Check the length and fetch the opt_length
1203 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1204 * then we do a getw which is 2 bytes. So we need to
1205 * ensure that we can read that as well
1206 */
1207 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1208 if (stream_get_getp(s) + 2 > end)
1209 goto end;
1210
1211 opt_length = stream_getw(s);
1212 } else {
1213 if (stream_get_getp(s) + 1 > end)
1214 goto end;
1215
1216 opt_length = stream_getc(s);
1217 }
d62a17ae 1218
1219 /* Option length check. */
1220 if (stream_get_getp(s) + opt_length > end)
1221 goto end;
1222
1223 if (opt_type == BGP_OPEN_OPT_CAP) {
1224 unsigned long capd_start = stream_get_getp(s);
1225 unsigned long capd_end = capd_start + opt_length;
1226
1227 assert(capd_end <= end);
1228
1229 while (stream_get_getp(s) < capd_end) {
1230 struct capability_header hdr;
1231
1232 if (stream_get_getp(s) + 2 > capd_end)
1233 goto end;
1234
1235 hdr.code = stream_getc(s);
1236 hdr.length = stream_getc(s);
1237
1238 if ((stream_get_getp(s) + hdr.length)
1239 > capd_end)
1240 goto end;
1241
1242 if (hdr.code == CAPABILITY_CODE_AS4) {
1243 if (BGP_DEBUG(as4, AS4))
4cb5e18b 1244 zlog_debug(
d62a17ae 1245 "[AS4] found AS4 capability, about to parse");
1246 as4 = bgp_capability_as4(peer, &hdr);
1247
1248 goto end;
1249 }
1250 stream_forward_getp(s, hdr.length);
1251 }
1252 }
0b2aa3a0 1253 }
0b2aa3a0
PJ		 1254
1255end:
d62a17ae 1256 stream_set_getp(s, orig_getp);
1257 return as4;
0b2aa3a0
PJ		 1258}
1259
3b381c32
AS		 1260/**
1261 * Parse open option.
1262 *
1263 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1264 */
d08c0c80
DA		 1265int bgp_open_option_parse(struct peer *peer, uint16_t length,
1266 int *mp_capability)
718e3744 1267{
d62a17ae 1268 int ret = 0;
d7c0a89a 1269 uint8_t *error;
556beacf 1270 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
d62a17ae 1271 struct stream *s = BGP_INPUT(peer);
1272 size_t end = stream_get_getp(s) + length;
1273
1274 error = error_data;
1275
1276 if (bgp_debug_neighbor_events(peer))
1277 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1278 peer->host, length);
1279
77b34214
NT		 1280 /* Unset any previously received GR capability. */
1281 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1282
d62a17ae 1283 while (stream_get_getp(s) < end) {
d7c0a89a 1284 uint8_t opt_type;
d08c0c80 1285 uint16_t opt_length;
d62a17ae 1286
1117baca
DS		 1287 /*
1288 * Check that we can read the opt_type and fetch it
1289 */
1290 if (STREAM_READABLE(s) < 1) {
d62a17ae 1291 zlog_info("%s Option length error", peer->host);
1292 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1293 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1294 return -1;
1295 }
d62a17ae 1296 opt_type = stream_getc(s);
1117baca
DS		 1297
1298 /*
1299 * Check the length of the stream to ensure that
1300 * FRR can properly read the opt_length. Then read it
1301 */
1302 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1303 if (STREAM_READABLE(s) < 2) {
1304 zlog_info("%s Option length error", peer->host);
1305 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1306 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1307 return -1;
1308 }
1309
1310 opt_length = stream_getw(s);
1311 } else {
1312 if (STREAM_READABLE(s) < 1) {
1313 zlog_info("%s Option length error", peer->host);
1314 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1315 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1316 return -1;
1317 }
1318
1319 opt_length = stream_getc(s);
1320 }
d62a17ae 1321
1322 /* Option length check. */
1323 if (STREAM_READABLE(s) < opt_length) {
d08c0c80
DA		 1324 zlog_info("%s Option length error (%d)", peer->host,
1325 opt_length);
d62a17ae 1326 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1327 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1328 return -1;
1329 }
1330
1331 if (bgp_debug_neighbor_events(peer))
1332 zlog_debug(
1333 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1334 peer->host, opt_type,
db3f8f31
DA		 1335 opt_type == BGP_OPEN_OPT_CAP ? "Capability"
1336 : "Unknown",
d62a17ae 1337 opt_length);
1338
1339 switch (opt_type) {
d62a17ae 1340 case BGP_OPEN_OPT_CAP:
1341 ret = bgp_capability_parse(peer, opt_length,
1342 mp_capability, &error);
1343 break;
1344 default:
1345 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1346 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1347 ret = -1;
1348 break;
1349 }
1350
1351 /* Parse error. To accumulate all unsupported capability codes,
1352 bgp_capability_parse does not return -1 when encounter
1353 unsupported capability code. To detect that, please check
1354 error and erro_data pointer, like below. */
1355 if (ret < 0)
1356 return -1;
718e3744 1357 }
1358
d62a17ae 1359 /* All OPEN option is parsed. Check capability when strict compare
1360 flag is enabled.*/
1361 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1362 /* If Unsupported Capability exists. */
1363 if (error != error_data) {
1364 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1365 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1366 error_data,
1367 error - error_data);
1368 return -1;
1369 }
1370
1371 /* Check local capability does not negotiated with remote
1372 peer. */
1373 if (!strict_capability_same(peer)) {
1374 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1375 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1376 return -1;
1377 }
718e3744 1378 }
1379
ef56aee4
DA		 1380 /* Extended Message Support */
1381 peer->max_packet_size =
8d976b0e
DA		 1382 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1383 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
556beacf
QY		 1384 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1385 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
ef56aee4 1386
d864dd9e
EB		 1387 /* Check that roles are corresponding to each other */
1388 if (bgp_role_violation(peer))
1389 return -1;
1390
d62a17ae 1391 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1392 error. */
1393 if (*mp_capability
1394 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1395 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1396 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1397 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1398 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1399 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
7c40bf39 1400 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
d62a17ae 1401 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1402 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1403 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1404 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1405 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
7c40bf39 1406 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
d62a17ae 1407 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
e50f7cfd 1408 flog_err(EC_BGP_PKT_OPEN,
3efd0893 1409 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1c50c1c0 1410 peer->host);
d62a17ae 1411
1412 if (error != error_data)
1413 bgp_notify_send_with_data(
1414 peer, BGP_NOTIFY_OPEN_ERR,
1415 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1416 error - error_data);
1417 else
1418 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1419 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1420 return -1;
1421 }
718e3744 1422 }
d62a17ae 1423 return 0;
718e3744 1424}
1425
d62a17ae 1426static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
d08c0c80
DA		 1427 afi_t afi, safi_t safi, uint8_t code,
1428 bool ext_opt_params)
718e3744 1429{
d08c0c80 1430 uint16_t cap_len;
d7c0a89a 1431 uint8_t orf_len;
d62a17ae 1432 unsigned long capp;
1433 unsigned long orfp;
1434 unsigned long numberp;
1435 int number_of_orfs = 0;
617975d1
DS		 1436 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1437 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
d62a17ae 1438
1439 /* Convert AFI, SAFI to values for packet. */
1440 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1441
1442 stream_putc(s, BGP_OPEN_OPT_CAP);
1443 capp = stream_get_endp(s); /* Set Capability Len Pointer */
d08c0c80
DA		 1444 ext_opt_params ? stream_putw(s, 0)
1445 : stream_putc(s, 0); /* Capability Length */
d62a17ae 1446 stream_putc(s, code); /* Capability Code */
1447 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1448 stream_putc(s, 0); /* ORF Length */
1449 stream_putw(s, pkt_afi);
1450 stream_putc(s, 0);
1451 stream_putc(s, pkt_safi);
1452 numberp = stream_get_endp(s); /* Set Number Pointer */
1453 stream_putc(s, 0); /* Number of ORFs */
1454
1455 /* Address Prefix ORF */
1456 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1457 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1458 stream_putc(s, (code == CAPABILITY_CODE_ORF
1459 ? ORF_TYPE_PREFIX
1460 : ORF_TYPE_PREFIX_OLD));
1461
1462 if (CHECK_FLAG(peer->af_flags[afi][safi],
1463 PEER_FLAG_ORF_PREFIX_SM)
1464 && CHECK_FLAG(peer->af_flags[afi][safi],
1465 PEER_FLAG_ORF_PREFIX_RM)) {
1466 SET_FLAG(peer->af_cap[afi][safi],
1467 PEER_CAP_ORF_PREFIX_SM_ADV);
1468 SET_FLAG(peer->af_cap[afi][safi],
1469 PEER_CAP_ORF_PREFIX_RM_ADV);
1470 stream_putc(s, ORF_MODE_BOTH);
1471 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1472 PEER_FLAG_ORF_PREFIX_SM)) {
1473 SET_FLAG(peer->af_cap[afi][safi],
1474 PEER_CAP_ORF_PREFIX_SM_ADV);
1475 stream_putc(s, ORF_MODE_SEND);
1476 } else {
1477 SET_FLAG(peer->af_cap[afi][safi],
1478 PEER_CAP_ORF_PREFIX_RM_ADV);
1479 stream_putc(s, ORF_MODE_RECEIVE);
1480 }
1481 number_of_orfs++;
718e3744 1482 }
718e3744 1483
d62a17ae 1484 /* Total Number of ORFs. */
1485 stream_putc_at(s, numberp, number_of_orfs);
718e3744 1486
d62a17ae 1487 /* Total ORF Len. */
1488 orf_len = stream_get_endp(s) - orfp - 1;
1489 stream_putc_at(s, orfp, orf_len);
718e3744 1490
d62a17ae 1491 /* Total Capability Len. */
1492 cap_len = stream_get_endp(s) - capp - 1;
d08c0c80
DA		 1493 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1494 : stream_putc_at(s, capp, cap_len);
718e3744 1495}
1496
034e185d 1497static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
d08c0c80 1498 bool ext_opt_params)
034e185d 1499{
1500 int len;
617975d1 1501 iana_afi_t pkt_afi = IANA_AFI_IPV4;
034e185d 1502 afi_t afi;
1503 safi_t safi;
617975d1 1504 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
034e185d 1505 uint32_t restart_time;
1506 unsigned long capp = 0;
1507 unsigned long rcapp = 0;
1508
13909c4f
DS		 1509 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1510 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1511 return;
1512
1513 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1514 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1515 peer->host);
1516
1517 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1518 stream_putc(s, BGP_OPEN_OPT_CAP);
1519 capp = stream_get_endp(s); /* Set Capability Len Pointer */
d08c0c80
DA		 1520 ext_opt_params ? stream_putw(s, 0)
1521 : stream_putc(s, 0); /* Capability Length */
13909c4f
DS		 1522 stream_putc(s, CAPABILITY_CODE_RESTART);
1523 /* Set Restart Capability Len Pointer */
1524 rcapp = stream_get_endp(s);
1525 stream_putc(s, 0);
1526 restart_time = peer->bgp->restart_time;
1527 if (peer->bgp->t_startup) {
d83facbb 1528 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
54394daa 1529 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
f2ca5c5b
DA		 1530 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1531 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1532 peer->host);
1533 }
034e185d 1534
f2ca5c5b
DA		 1535 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1536 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1537 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
034e185d 1538 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
f2ca5c5b 1539 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
13909c4f
DS		 1540 peer->host);
1541 }
1542
1543 stream_putw(s, restart_time);
1544
1545 /* Send address-family specific graceful-restart capability
1546 * only when GR config is present
1547 */
1548 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
892fedb6 1549 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
13909c4f
DS		 1550 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1551 zlog_debug("[BGP_GR] F bit Set");
1552
1553 FOREACH_AFI_SAFI (afi, safi) {
1554 if (!peer->afc[afi][safi])
1555 continue;
0f0444fb 1556
1557 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1558 zlog_debug(
13909c4f
DS		 1559 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1560 afi, safi);
034e185d 1561
13909c4f
DS		 1562 /* Convert AFI, SAFI to values for
1563 * packet.
1564 */
1565 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1566 &pkt_safi);
1567 stream_putw(s, pkt_afi);
1568 stream_putc(s, pkt_safi);
892fedb6
DA		 1569 if (CHECK_FLAG(peer->bgp->flags,
1570 BGP_FLAG_GR_PRESERVE_FWD))
d83facbb 1571 stream_putc(s, GRACEFUL_RESTART_F_BIT);
13909c4f
DS		 1572 else
1573 stream_putc(s, 0);
034e185d 1574 }
034e185d 1575 }
13909c4f
DS		 1576
1577 /* Total Graceful restart capability Len. */
1578 len = stream_get_endp(s) - rcapp - 1;
1579 stream_putc_at(s, rcapp, len);
1580
1581 /* Total Capability Len. */
1582 len = stream_get_endp(s) - capp - 1;
d08c0c80
DA		 1583 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1584 : stream_putc_at(s, capp, len);
034e185d 1585}
1586
8606be87 1587static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
d08c0c80 1588 bool ext_opt_params)
8606be87
DA		 1589{
1590 int len;
617975d1 1591 iana_afi_t pkt_afi = IANA_AFI_IPV4;
8606be87
DA		 1592 afi_t afi;
1593 safi_t safi;
617975d1 1594 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
8606be87
DA		 1595 unsigned long capp = 0;
1596 unsigned long rcapp = 0;
1597
1598 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1599 return;
1600
1601 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1602
1603 stream_putc(s, BGP_OPEN_OPT_CAP);
1604 capp = stream_get_endp(s); /* Set Capability Len Pointer */
d08c0c80
DA		 1605 ext_opt_params ? stream_putw(s, 0)
1606 : stream_putc(s, 0); /* Capability Length */
8606be87
DA		 1607 stream_putc(s, CAPABILITY_CODE_LLGR);
1608
1609 rcapp = stream_get_endp(s);
1610 stream_putc(s, 0);
1611
1612 FOREACH_AFI_SAFI (afi, safi) {
1613 if (!peer->afc[afi][safi])
1614 continue;
1615
1616 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1617
1618 stream_putw(s, pkt_afi);
1619 stream_putc(s, pkt_safi);
1620 stream_putc(s, LLGR_F_BIT);
1621 stream_put3(s, peer->bgp->llgr_stale_time);
1622
1623 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1624 }
1625
1626 /* Total Long-lived Graceful Restart capability Len. */
1627 len = stream_get_endp(s) - rcapp - 1;
1628 stream_putc_at(s, rcapp, len);
1629
1630 /* Total Capability Len. */
1631 len = stream_get_endp(s) - capp - 1;
d08c0c80
DA		 1632 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1633 : stream_putc_at(s, capp, len);
8606be87
DA		 1634}
1635
718e3744 1636/* Fill in capability open option to the packet. */
d08c0c80
DA		 1637uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1638 bool ext_opt_params)
718e3744 1639{
d08c0c80
DA		 1640 uint16_t len;
1641 unsigned long cp, capp, rcapp, eopl = 0;
617975d1 1642 iana_afi_t pkt_afi = IANA_AFI_IPV4;
d62a17ae 1643 afi_t afi;
5c525538 1644 safi_t safi;
617975d1 1645 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
d62a17ae 1646 as_t local_as;
d7c0a89a 1647 uint8_t afi_safi_count = 0;
8ccee4b8 1648 bool adv_addpath_tx = false;
d62a17ae 1649
d08c0c80 1650 /* Non-Ext OP Len. */
d62a17ae 1651 cp = stream_get_endp(s);
d62a17ae 1652 stream_putc(s, 0);
1653
d08c0c80
DA		 1654 if (ext_opt_params) {
1655 /* Non-Ext OP Len. */
1656 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1657
1658 /* Non-Ext OP Type */
1659 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1660
1661 /* Extended Opt. Parm. Length */
1662 eopl = stream_get_endp(s);
1663 stream_putw(s, 0);
1664 }
1665
d62a17ae 1666 /* Do not send capability. */
1667 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1668 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
d08c0c80 1669 return 0;
d62a17ae 1670
1671 /* MP capability for configured AFI, SAFI */
05c7a1cc
QY		 1672 FOREACH_AFI_SAFI (afi, safi) {
1673 if (peer->afc[afi][safi]) {
1674 /* Convert AFI, SAFI to values for packet. */
1675 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1676 &pkt_safi);
1677
1678 peer->afc_adv[afi][safi] = 1;
1679 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1680 ext_opt_params
1681 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1682 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
05c7a1cc
QY		 1683 stream_putc(s, CAPABILITY_CODE_MP);
1684 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1685 stream_putw(s, pkt_afi);
1686 stream_putc(s, 0);
1687 stream_putc(s, pkt_safi);
1688
1689 /* Extended nexthop capability - currently
1690 * supporting RFC-5549 for
1691 * Link-Local peering only
1692 */
1693 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1694 && peer->su.sa.sa_family == AF_INET6
05c7a1cc 1695 && afi == AFI_IP
770df5fd 1696 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
05c7a1cc
QY		 1697 || safi == SAFI_LABELED_UNICAST)) {
1698 /* RFC 5549 Extended Next Hop Encoding
1699 */
1700 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
d62a17ae 1701 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1702 ext_opt_params
1703 ? stream_putw(s,
1704 CAPABILITY_CODE_ENHE_LEN
1705 + 2)
1706 : stream_putc(s,
1707 CAPABILITY_CODE_ENHE_LEN
1708 + 2);
05c7a1cc
QY		 1709 stream_putc(s, CAPABILITY_CODE_ENHE);
1710 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1711
1712 SET_FLAG(peer->af_cap[AFI_IP][safi],
1713 PEER_CAP_ENHE_AF_ADV);
d62a17ae 1714 stream_putw(s, pkt_afi);
05c7a1cc
QY		 1715 stream_putw(s, pkt_safi);
1716 stream_putw(s, afi_int2iana(AFI_IP6));
d62a17ae 1717
05c7a1cc
QY		 1718 if (CHECK_FLAG(peer->af_cap[afi][safi],
1719 PEER_CAP_ENHE_AF_RCV))
1720 SET_FLAG(peer->af_cap[afi][safi],
1721 PEER_CAP_ENHE_AF_NEGO);
d62a17ae 1722 }
1723 }
05c7a1cc 1724 }
d62a17ae 1725
1726 /* Route refresh. */
1727 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1728 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1729 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1730 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
d62a17ae 1731 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1732 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1733 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1734 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1735 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
d62a17ae 1736 stream_putc(s, CAPABILITY_CODE_REFRESH);
1737 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1738
9af52ccf
DA		 1739 /* Enhanced Route Refresh. */
1740 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1741 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1742 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1743 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
9af52ccf
DA		 1744 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1745 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1746
d62a17ae 1747 /* AS4 */
1748 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1749 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1750 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1751 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
d62a17ae 1752 stream_putc(s, CAPABILITY_CODE_AS4);
1753 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1754 if (peer->change_local_as)
1755 local_as = peer->change_local_as;
1756 else
1757 local_as = peer->local_as;
1758 stream_putl(s, local_as);
1759
ef56aee4
DA		 1760 /* Extended Message Support */
1761 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1762 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1763 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1764 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
ef56aee4
DA		 1765 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1766 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1767
d864dd9e 1768 /* Role*/
8f2d6021 1769 if (peer->local_role != ROLE_UNDEFINED) {
d864dd9e
EB		 1770 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1771 stream_putc(s, BGP_OPEN_OPT_CAP);
1772 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1773 stream_putc(s, CAPABILITY_CODE_ROLE);
1774 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1775 stream_putc(s, peer->local_role);
1776 }
1777
d62a17ae 1778 /* AddPath */
05c7a1cc
QY		 1779 FOREACH_AFI_SAFI (afi, safi) {
1780 if (peer->afc[afi][safi]) {
1781 afi_safi_count++;
1782
1783 /* Only advertise addpath TX if a feature that
1784 * will use it is
1785 * configured */
dcc68b5e 1786 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
8ccee4b8
DA		 1787 adv_addpath_tx = true;
1788
1789 /* If we have enabled labeled unicast, we MUST check
1790 * against unicast SAFI because addpath IDs are
1791 * allocated under unicast SAFI, the same as the RIB
1792 * is managed in unicast SAFI.
1793 */
1794 if (safi == SAFI_LABELED_UNICAST)
1795 if (peer->addpath_type[afi][SAFI_UNICAST] !=
1796 BGP_ADDPATH_NONE)
1797 adv_addpath_tx = true;
05c7a1cc
QY		 1798 }
1799 }
d62a17ae 1800
1801 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1802 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1803 ext_opt_params
1804 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1805 + 2)
1806 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1807 + 2);
d62a17ae 1808 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1809 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1810
05c7a1cc
QY		 1811 FOREACH_AFI_SAFI (afi, safi) {
1812 if (peer->afc[afi][safi]) {
7c0e4312
DA		 1813 bool adv_addpath_rx =
1814 !CHECK_FLAG(peer->af_flags[afi][safi],
1815 PEER_FLAG_DISABLE_ADDPATH_RX);
1816 uint8_t flags = 0;
1817
05c7a1cc
QY		 1818 /* Convert AFI, SAFI to values for packet. */
1819 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1820 &pkt_safi);
d62a17ae 1821
05c7a1cc
QY		 1822 stream_putw(s, pkt_afi);
1823 stream_putc(s, pkt_safi);
d62a17ae 1824
7c0e4312
DA		 1825 if (adv_addpath_rx) {
1826 SET_FLAG(flags, BGP_ADDPATH_RX);
05c7a1cc
QY		 1827 SET_FLAG(peer->af_cap[afi][safi],
1828 PEER_CAP_ADDPATH_AF_RX_ADV);
7c0e4312
DA		 1829 } else {
1830 UNSET_FLAG(peer->af_cap[afi][safi],
1831 PEER_CAP_ADDPATH_AF_RX_ADV);
1832 }
1833
1834 if (adv_addpath_tx) {
1835 SET_FLAG(flags, BGP_ADDPATH_TX);
05c7a1cc
QY		 1836 SET_FLAG(peer->af_cap[afi][safi],
1837 PEER_CAP_ADDPATH_AF_TX_ADV);
8ccee4b8
DA		 1838 if (safi == SAFI_LABELED_UNICAST)
1839 SET_FLAG(
1840 peer->af_cap[afi][SAFI_UNICAST],
1841 PEER_CAP_ADDPATH_AF_TX_ADV);
05c7a1cc 1842 } else {
05c7a1cc
QY		 1843 UNSET_FLAG(peer->af_cap[afi][safi],
1844 PEER_CAP_ADDPATH_AF_TX_ADV);
d62a17ae 1845 }
7c0e4312
DA		 1846
1847 stream_putc(s, flags);
05c7a1cc
QY		 1848 }
1849 }
d62a17ae 1850
1851 /* ORF capability. */
05c7a1cc
QY		 1852 FOREACH_AFI_SAFI (afi, safi) {
1853 if (CHECK_FLAG(peer->af_flags[afi][safi],
1854 PEER_FLAG_ORF_PREFIX_SM)
1855 || CHECK_FLAG(peer->af_flags[afi][safi],
1856 PEER_FLAG_ORF_PREFIX_RM)) {
1857 bgp_open_capability_orf(s, peer, afi, safi,
d08c0c80
DA		 1858 CAPABILITY_CODE_ORF_OLD,
1859 ext_opt_params);
05c7a1cc 1860 bgp_open_capability_orf(s, peer, afi, safi,
d08c0c80
DA		 1861 CAPABILITY_CODE_ORF,
1862 ext_opt_params);
05c7a1cc
QY		 1863 }
1864 }
d62a17ae 1865
1866 /* Dynamic capability. */
1867 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1868 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1869 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1870 ext_opt_params
1871 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1872 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
d62a17ae 1873 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1874 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1875 stream_putc(s, BGP_OPEN_OPT_CAP);
d08c0c80
DA		 1876 ext_opt_params
1877 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1878 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
d62a17ae 1879 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1880 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
718e3744 1881 }
1882
d62a17ae 1883 /* Hostname capability */
6b3ee3a0 1884 if (cmd_hostname_get()) {
d62a17ae 1885 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1886 stream_putc(s, BGP_OPEN_OPT_CAP);
1887 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
d08c0c80
DA		 1888 ext_opt_params ? stream_putw(s, 0)
1889 : stream_putc(s, 0); /* Capability Length */
d62a17ae 1890 stream_putc(s, CAPABILITY_CODE_FQDN);
1891 capp = stream_get_endp(s);
1892 stream_putc(s, 0); /* dummy len for now */
6b3ee3a0 1893 len = strlen(cmd_hostname_get());
d62a17ae 1894 if (len > BGP_MAX_HOSTNAME)
1895 len = BGP_MAX_HOSTNAME;
1896
1897 stream_putc(s, len);
6b3ee3a0
MK		 1898 stream_put(s, cmd_hostname_get(), len);
1899 if (cmd_domainname_get()) {
1900 len = strlen(cmd_domainname_get());
d62a17ae 1901 if (len > BGP_MAX_HOSTNAME)
1902 len = BGP_MAX_HOSTNAME;
1903
1904 stream_putc(s, len);
6b3ee3a0 1905 stream_put(s, cmd_domainname_get(), len);
d62a17ae 1906 } else
d62a17ae 1907 stream_putc(s, 0); /* 0 length */
04b6bdc0 1908
d62a17ae 1909 /* Set the lengths straight */
1910 len = stream_get_endp(s) - rcapp - 1;
d08c0c80
DA		 1911 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1912 : stream_putc_at(s, rcapp, len);
1913
d62a17ae 1914 len = stream_get_endp(s) - capp - 1;
1915 stream_putc_at(s, capp, len);
04b6bdc0 1916
d62a17ae 1917 if (bgp_debug_neighbor_events(peer))
d62a17ae 1918 zlog_debug(
1919 "%s Sending hostname cap with hn = %s, dn = %s",
6b3ee3a0
MK		 1920 peer->host, cmd_hostname_get(),
1921 cmd_domainname_get());
d62a17ae 1922 }
1923
d08c0c80
DA		 1924 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1925 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
d62a17ae 1926
1927 /* Total Opt Parm Len. */
1928 len = stream_get_endp(s) - cp - 1;
d08c0c80
DA		 1929
1930 if (ext_opt_params) {
1931 len = stream_get_endp(s) - eopl - 2;
1932 stream_putw_at(s, eopl, len);
1933 } else {
1934 stream_putc_at(s, cp, len);
1935 }
1936
1937 return len;
718e3744 1938}
FRRouting mirror