]> git.proxmox.com Git - mirror_frr.git/blame - bgpd/bgp_open.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5619 from qlyoung/fix-zebra-netlink-undefined-bitshift
[mirror_frr.git] / bgpd / bgp_open.c
CommitLineData
718e3744 1/* BGP open message handling
896014f4
DL		 2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
718e3744 20
21#include <zebra.h>
22
23#include "linklist.h"
24#include "prefix.h"
25#include "stream.h"
26#include "thread.h"
27#include "log.h"
28#include "command.h"
6d58272b 29#include "memory.h"
3f9c7369 30#include "queue.h"
039f3a34 31#include "filter.h"
718e3744 32
856ca177 33#include "lib/json.h"
718e3744 34#include "bgpd/bgpd.h"
35#include "bgpd/bgp_attr.h"
36#include "bgpd/bgp_debug.h"
14454c9f 37#include "bgpd/bgp_errors.h"
718e3744 38#include "bgpd/bgp_fsm.h"
39#include "bgpd/bgp_packet.h"
40#include "bgpd/bgp_open.h"
0b2aa3a0 41#include "bgpd/bgp_aspath.h"
538621f2 42#include "bgpd/bgp_vty.h"
4a1ab8e4 43#include "bgpd/bgp_memory.h"
538621f2 44
718e3744 45/* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
46 negotiate remote peer supports extentions or not. But if
47 remote-peer doesn't supports negotiation process itself. We would
48 like to do manual configuration.
49
50 So there is many configurable point. First of all we want set each
51 peer whether we send capability negotiation to the peer or not.
da88f402 52 Next, if we send capability to the peer we want to set my capability
718e3744 53 inforation at each peer. */
54
9f049418
DS		 55void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
56 json_object *json_neigh)
718e3744 57{
d62a17ae 58 char *pnt;
59 char *end;
60 struct capability_mp_data mpc;
61 struct capability_header *hdr;
62 json_object *json_cap = NULL;
63
64 if (use_json)
65 json_cap = json_object_new_object();
66
67 pnt = peer->notify.data;
68 end = pnt + peer->notify.length;
69
70 while (pnt < end) {
71 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
72 return;
73
74 hdr = (struct capability_header *)pnt;
75 if (pnt + hdr->length + 2 > end)
76 return;
77
78 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
79
80 if (hdr->code == CAPABILITY_CODE_MP) {
81 afi_t afi;
82 safi_t safi;
83
da3b87f8 84 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
85 mpc.safi, &afi, &safi);
86
d62a17ae 87 if (use_json) {
88 switch (afi) {
89 case AFI_IP:
90 json_object_string_add(
91 json_cap,
92 "capabilityErrorMultiProtocolAfi",
93 "IPv4");
94 break;
95 case AFI_IP6:
96 json_object_string_add(
97 json_cap,
98 "capabilityErrorMultiProtocolAfi",
99 "IPv6");
100 break;
101 case AFI_L2VPN:
102 json_object_string_add(
103 json_cap,
104 "capabilityErrorMultiProtocolAfi",
105 "L2VPN");
106 break;
107 default:
108 json_object_int_add(
109 json_cap,
110 "capabilityErrorMultiProtocolAfiUnknown",
111 ntohs(mpc.afi));
112 break;
113 }
114 switch (safi) {
115 case SAFI_UNICAST:
116 json_object_string_add(
117 json_cap,
118 "capabilityErrorMultiProtocolSafi",
119 "unicast");
120 break;
121 case SAFI_MULTICAST:
122 json_object_string_add(
123 json_cap,
124 "capabilityErrorMultiProtocolSafi",
125 "multicast");
126 break;
127 case SAFI_LABELED_UNICAST:
128 json_object_string_add(
129 json_cap,
130 "capabilityErrorMultiProtocolSafi",
131 "labeled-unicast");
132 break;
133 case SAFI_MPLS_VPN:
134 json_object_string_add(
135 json_cap,
136 "capabilityErrorMultiProtocolSafi",
137 "MPLS-labeled VPN");
138 break;
139 case SAFI_ENCAP:
140 json_object_string_add(
141 json_cap,
142 "capabilityErrorMultiProtocolSafi",
143 "encap");
144 break;
145 case SAFI_EVPN:
146 json_object_string_add(
147 json_cap,
148 "capabilityErrorMultiProtocolSafi",
149 "EVPN");
150 break;
7c40bf39 151 case SAFI_FLOWSPEC:
152 json_object_string_add(
153 json_cap,
154 "capabilityErrorMultiProtocolSafi",
155 "flowspec");
156 break;
d62a17ae 157 default:
158 json_object_int_add(
159 json_cap,
160 "capabilityErrorMultiProtocolSafiUnknown",
161 mpc.safi);
162 break;
163 }
164 } else {
165 vty_out(vty,
166 " Capability error for: Multi protocol ");
167 switch (afi) {
168 case AFI_IP:
169 vty_out(vty, "AFI IPv4, ");
170 break;
171 case AFI_IP6:
172 vty_out(vty, "AFI IPv6, ");
173 break;
174 case AFI_L2VPN:
175 vty_out(vty, "AFI L2VPN, ");
176 break;
177 default:
178 vty_out(vty, "AFI Unknown %d, ",
179 ntohs(mpc.afi));
180 break;
181 }
182 switch (safi) {
183 case SAFI_UNICAST:
184 vty_out(vty, "SAFI Unicast");
185 break;
186 case SAFI_MULTICAST:
187 vty_out(vty, "SAFI Multicast");
188 break;
189 case SAFI_LABELED_UNICAST:
190 vty_out(vty, "SAFI Labeled-unicast");
191 break;
192 case SAFI_MPLS_VPN:
193 vty_out(vty, "SAFI MPLS-labeled VPN");
194 break;
195 case SAFI_ENCAP:
196 vty_out(vty, "SAFI ENCAP");
197 break;
7c40bf39 198 case SAFI_FLOWSPEC:
199 vty_out(vty, "SAFI FLOWSPEC");
200 break;
d62a17ae 201 case SAFI_EVPN:
202 vty_out(vty, "SAFI EVPN");
203 break;
204 default:
205 vty_out(vty, "SAFI Unknown %d ",
206 mpc.safi);
207 break;
208 }
209 vty_out(vty, "\n");
210 }
211 } else if (hdr->code >= 128) {
212 if (use_json)
213 json_object_int_add(
214 json_cap,
215 "capabilityErrorVendorSpecificCapabilityCode",
216 hdr->code);
217 else
218 vty_out(vty,
219 " Capability error: vendor specific capability code %d",
220 hdr->code);
221 } else {
222 if (use_json)
223 json_object_int_add(
224 json_cap,
225 "capabilityErrorUnknownCapabilityCode",
226 hdr->code);
227 else
228 vty_out(vty,
229 " Capability error: unknown capability code %d",
230 hdr->code);
231 }
232 pnt += hdr->length + 2;
233 }
234 if (use_json)
235 json_object_object_add(json_neigh, "capabilityErrors",
236 json_cap);
718e3744 237}
238
d62a17ae 239static void bgp_capability_mp_data(struct stream *s,
240 struct capability_mp_data *mpc)
718e3744 241{
d62a17ae 242 mpc->afi = stream_getw(s);
243 mpc->reserved = stream_getc(s);
244 mpc->safi = stream_getc(s);
6d58272b 245}
718e3744 246
6d58272b 247/* Set negotiated capability value. */
d62a17ae 248static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
6d58272b 249{
d62a17ae 250 struct capability_mp_data mpc;
251 struct stream *s = BGP_INPUT(peer);
252 afi_t afi;
253 safi_t safi;
254
255 /* Verify length is 4 */
256 if (hdr->length != 4) {
065eaa36 257 flog_warn(
e50f7cfd 258 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 259 "MP Cap: Received invalid length %d, non-multiple of 4",
260 hdr->length);
261 return -1;
262 }
263
264 bgp_capability_mp_data(s, &mpc);
265
266 if (bgp_debug_neighbor_events(peer))
748a041f
DS		 267 zlog_debug("%s OPEN has MP_EXT CAP for afi/safi: %s/%s",
268 peer->host, iana_afi2str(mpc.afi),
269 iana_safi2str(mpc.safi));
d62a17ae 270
271 /* Convert AFI, SAFI to internal values, check. */
272 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
273 return -1;
274
275 /* Now safi remapped, and afi/safi are valid array indices */
276 peer->afc_recv[afi][safi] = 1;
277
278 if (peer->afc[afi][safi])
279 peer->afc_nego[afi][safi] = 1;
280 else
281 return -1;
282
283 return 0;
718e3744 284}
285
d62a17ae 286static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
d7c0a89a
QY		 287 iana_safi_t safi, uint8_t type,
288 uint8_t mode)
718e3744 289{
d62a17ae 290 if (bgp_debug_neighbor_events(peer))
291 zlog_debug(
292 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
293 peer->host, afi, safi, type, mode);
718e3744 294}
295
d62a17ae 296static const struct message orf_type_str[] = {
297 {ORF_TYPE_PREFIX, "Prefixlist"},
298 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
299 {0}};
6d58272b 300
d62a17ae 301static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
302 {ORF_MODE_SEND, "Send"},
303 {ORF_MODE_BOTH, "Both"},
304 {0}};
6d58272b 305
d62a17ae 306static int bgp_capability_orf_entry(struct peer *peer,
307 struct capability_header *hdr)
718e3744 308{
d62a17ae 309 struct stream *s = BGP_INPUT(peer);
310 struct capability_mp_data mpc;
d7c0a89a 311 uint8_t num;
d62a17ae 312 iana_afi_t pkt_afi;
313 afi_t afi;
5c525538
RW		 314 iana_safi_t pkt_safi;
315 safi_t safi;
d7c0a89a
QY		 316 uint8_t type;
317 uint8_t mode;
318 uint16_t sm_cap = 0; /* capability send-mode receive */
319 uint16_t rm_cap = 0; /* capability receive-mode receive */
d62a17ae 320 int i;
321
322 /* ORF Entry header */
323 bgp_capability_mp_data(s, &mpc);
324 num = stream_getc(s);
325 pkt_afi = mpc.afi;
326 pkt_safi = mpc.safi;
327
328 if (bgp_debug_neighbor_events(peer))
748a041f
DS		 329 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
330 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
d62a17ae 331
332 /* Convert AFI, SAFI to internal values, check. */
333 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
334 zlog_info(
335 "%s Addr-family %d/%d not supported."
336 " Ignoring the ORF capability",
337 peer->host, pkt_afi, pkt_safi);
338 return 0;
718e3744 339 }
d62a17ae 340
341 mpc.afi = pkt_afi;
342 mpc.safi = safi;
343
344 /* validate number field */
345 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
346 zlog_info(
347 "%s ORF Capability entry length error,"
348 " Cap length %u, num %u",
349 peer->host, hdr->length, num);
350 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
351 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
352 return -1;
718e3744 353 }
354
d62a17ae 355 for (i = 0; i < num; i++) {
356 type = stream_getc(s);
357 mode = stream_getc(s);
358
359 /* ORF Mode error check */
360 switch (mode) {
361 case ORF_MODE_BOTH:
362 case ORF_MODE_SEND:
363 case ORF_MODE_RECEIVE:
364 break;
365 default:
366 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
367 type, mode);
368 continue;
369 }
370 /* ORF Type and afi/safi error checks */
371 /* capcode versus type */
372 switch (hdr->code) {
373 case CAPABILITY_CODE_ORF:
374 switch (type) {
375 case ORF_TYPE_PREFIX:
376 break;
377 default:
378 bgp_capability_orf_not_support(
379 peer, pkt_afi, pkt_safi, type, mode);
380 continue;
381 }
382 break;
383 case CAPABILITY_CODE_ORF_OLD:
384 switch (type) {
385 case ORF_TYPE_PREFIX_OLD:
386 break;
387 default:
388 bgp_capability_orf_not_support(
389 peer, pkt_afi, pkt_safi, type, mode);
390 continue;
391 }
392 break;
393 default:
394 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
395 type, mode);
396 continue;
397 }
398
399 /* AFI vs SAFI */
400 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
401 || (afi == AFI_IP && safi == SAFI_MULTICAST)
402 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
403 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
404 type, mode);
405 continue;
406 }
407
408 if (bgp_debug_neighbor_events(peer))
409 zlog_debug(
410 "%s OPEN has %s ORF capability"
748a041f 411 " as %s for afi/safi: %s/%s",
d62a17ae 412 peer->host,
413 lookup_msg(orf_type_str, type, NULL),
748a041f
DS		 414 lookup_msg(orf_mode_str, mode, NULL),
415 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
d62a17ae 416
417 if (hdr->code == CAPABILITY_CODE_ORF) {
418 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
419 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
420 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
421 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
422 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
423 } else {
424 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
425 type, mode);
426 continue;
427 }
428
429 switch (mode) {
430 case ORF_MODE_BOTH:
431 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
432 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
433 break;
434 case ORF_MODE_SEND:
435 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
436 break;
437 case ORF_MODE_RECEIVE:
438 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
439 break;
440 }
718e3744 441 }
d62a17ae 442 return 0;
718e3744 443}
444
d62a17ae 445static int bgp_capability_restart(struct peer *peer,
446 struct capability_header *caphdr)
6d58272b 447{
d62a17ae 448 struct stream *s = BGP_INPUT(peer);
d7c0a89a 449 uint16_t restart_flag_time;
d62a17ae 450 size_t end = stream_get_getp(s) + caphdr->length;
451
452 /* Verify length is a multiple of 4 */
453 if ((caphdr->length - 2) % 4) {
065eaa36 454 flog_warn(
e50f7cfd 455 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 456 "Restart Cap: Received invalid length %d, non-multiple of 4",
457 caphdr->length);
458 return -1;
459 }
460
461 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
462 restart_flag_time = stream_getw(s);
463 if (CHECK_FLAG(restart_flag_time, RESTART_R_BIT))
464 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV);
465
466 UNSET_FLAG(restart_flag_time, 0xF000);
467 peer->v_gr_restart = restart_flag_time;
468
469 if (bgp_debug_neighbor_events(peer)) {
470 zlog_debug("%s OPEN has Graceful Restart capability",
471 peer->host);
472 zlog_debug("%s Peer has%srestarted. Restart Time : %d",
473 peer->host,
474 CHECK_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV)
475 ? " "
476 : " not ",
477 peer->v_gr_restart);
478 }
479
480 while (stream_get_getp(s) + 4 <= end) {
481 afi_t afi;
482 safi_t safi;
483 iana_afi_t pkt_afi = stream_getw(s);
5c525538 484 iana_safi_t pkt_safi = stream_getc(s);
d7c0a89a 485 uint8_t flag = stream_getc(s);
d62a17ae 486
487 /* Convert AFI, SAFI to internal values, check. */
488 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
489 if (bgp_debug_neighbor_events(peer))
490 zlog_debug(
748a041f 491 "%s Addr-family %s/%s(afi/safi) not supported."
d62a17ae 492 " Ignore the Graceful Restart capability for this AFI/SAFI",
748a041f
DS		 493 peer->host, iana_afi2str(pkt_afi),
494 iana_safi2str(pkt_safi));
d62a17ae 495 } else if (!peer->afc[afi][safi]) {
496 if (bgp_debug_neighbor_events(peer))
497 zlog_debug(
748a041f 498 "%s Addr-family %s/%s(afi/safi) not enabled."
d62a17ae 499 " Ignore the Graceful Restart capability",
748a041f
DS		 500 peer->host, iana_afi2str(pkt_afi),
501 iana_safi2str(pkt_safi));
d62a17ae 502 } else {
503 if (bgp_debug_neighbor_events(peer))
504 zlog_debug(
505 "%s Address family %s is%spreserved",
5cb5f4d0 506 peer->host, get_afi_safi_str(afi, safi, false),
d62a17ae 507 CHECK_FLAG(
508 peer->af_cap[afi][safi],
509 PEER_CAP_RESTART_AF_PRESERVE_RCV)
510 ? " "
511 : " not ");
512
513 SET_FLAG(peer->af_cap[afi][safi],
514 PEER_CAP_RESTART_AF_RCV);
515 if (CHECK_FLAG(flag, RESTART_F_BIT))
516 SET_FLAG(peer->af_cap[afi][safi],
517 PEER_CAP_RESTART_AF_PRESERVE_RCV);
518 }
519 }
520 return 0;
6d58272b 521}
718e3744 522
14051b36 523/* Unlike other capability parsing routines, this one returns 0 on error */
d62a17ae 524static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
0b2aa3a0 525{
d62a17ae 526 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
527
528 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
e50f7cfd 529 flog_err(EC_BGP_PKT_OPEN,
1c50c1c0
QY		 530 "%s AS4 capability has incorrect data length %d",
531 peer->host, hdr->length);
d62a17ae 532 return 0;
533 }
534
535 as_t as4 = stream_getl(BGP_INPUT(peer));
536
537 if (BGP_DEBUG(as4, AS4))
538 zlog_debug(
539 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
540 peer->host, as4);
541 return as4;
0b2aa3a0
PJ		 542}
543
d62a17ae 544static int bgp_capability_addpath(struct peer *peer,
545 struct capability_header *hdr)
a82478b9 546{
d62a17ae 547 struct stream *s = BGP_INPUT(peer);
548 size_t end = stream_get_getp(s) + hdr->length;
549
550 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
551
552 /* Verify length is a multiple of 4 */
553 if (hdr->length % 4) {
065eaa36 554 flog_warn(
e50f7cfd 555 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 556 "Add Path: Received invalid length %d, non-multiple of 4",
557 hdr->length);
558 return -1;
559 }
560
561 while (stream_get_getp(s) + 4 <= end) {
562 afi_t afi;
563 safi_t safi;
564 iana_afi_t pkt_afi = stream_getw(s);
5c525538 565 iana_safi_t pkt_safi = stream_getc(s);
d7c0a89a 566 uint8_t send_receive = stream_getc(s);
d62a17ae 567
568 if (bgp_debug_neighbor_events(peer))
569 zlog_debug(
748a041f
DS		 570 "%s OPEN has AddPath CAP for afi/safi: %s/%s%s%s",
571 peer->host, iana_afi2str(pkt_afi),
572 iana_safi2str(pkt_safi),
d62a17ae 573 (send_receive & BGP_ADDPATH_RX) ? ", receive"
574 : "",
575 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
576 : "");
577
578 /* Convert AFI, SAFI to internal values, check. */
579 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
580 if (bgp_debug_neighbor_events(peer))
581 zlog_debug(
748a041f 582 "%s Addr-family %s/%s(afi/safi) not supported."
d62a17ae 583 " Ignore the Addpath Attribute for this AFI/SAFI",
748a041f
DS		 584 peer->host, iana_afi2str(pkt_afi),
585 iana_safi2str(pkt_safi));
d62a17ae 586 continue;
587 } else if (!peer->afc[afi][safi]) {
588 if (bgp_debug_neighbor_events(peer))
589 zlog_debug(
748a041f 590 "%s Addr-family %s/%s(afi/safi) not enabled."
d62a17ae 591 " Ignore the AddPath capability for this AFI/SAFI",
748a041f
DS		 592 peer->host, iana_afi2str(pkt_afi),
593 iana_safi2str(pkt_safi));
d62a17ae 594 continue;
595 }
596
597 if (send_receive & BGP_ADDPATH_RX)
598 SET_FLAG(peer->af_cap[afi][safi],
599 PEER_CAP_ADDPATH_AF_RX_RCV);
600
601 if (send_receive & BGP_ADDPATH_TX)
602 SET_FLAG(peer->af_cap[afi][safi],
603 PEER_CAP_ADDPATH_AF_TX_RCV);
604 }
605
606 return 0;
a82478b9
DS		 607}
608
d62a17ae 609static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
8a92a8a0 610{
d62a17ae 611 struct stream *s = BGP_INPUT(peer);
612 size_t end = stream_get_getp(s) + hdr->length;
613
614 /* Verify length is a multiple of 4 */
615 if (hdr->length % 6) {
065eaa36 616 flog_warn(
e50f7cfd 617 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 618 "Extended NH: Received invalid length %d, non-multiple of 6",
619 hdr->length);
620 return -1;
621 }
622
623 while (stream_get_getp(s) + 6 <= end) {
624 iana_afi_t pkt_afi = stream_getw(s);
625 afi_t afi;
5c525538
RW		 626 iana_safi_t pkt_safi = stream_getw(s);
627 safi_t safi;
d62a17ae 628 iana_afi_t pkt_nh_afi = stream_getw(s);
629 afi_t nh_afi;
630
631 if (bgp_debug_neighbor_events(peer))
632 zlog_debug(
748a041f
DS		 633 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
634 peer->host, iana_afi2str(pkt_afi),
635 iana_safi2str(pkt_safi), pkt_nh_afi);
d62a17ae 636
637 /* Convert AFI, SAFI to internal values, check. */
638 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
639 if (bgp_debug_neighbor_events(peer))
640 zlog_debug(
748a041f 641 "%s Addr-family %s/%s(afi/safi) not supported."
d62a17ae 642 " Ignore the ENHE Attribute for this AFI/SAFI",
748a041f
DS		 643 peer->host, iana_afi2str(pkt_afi),
644 iana_safi2str(pkt_safi));
d62a17ae 645 continue;
646 }
647
648 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
649 * with
650 * the Nexthop AFI being IPv6. A future spec may introduce other
651 * possibilities, so we ignore other values with a log. Also,
652 * only
653 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
654 * (and expected).
655 */
656 nh_afi = afi_iana2int(pkt_nh_afi);
657
658 if (afi != AFI_IP || nh_afi != AFI_IP6
659 || !(safi == SAFI_UNICAST
660 || safi == SAFI_LABELED_UNICAST)) {
065eaa36 661 flog_warn(
e50f7cfd 662 EC_BGP_CAPABILITY_INVALID_DATA,
748a041f 663 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u "
d62a17ae 664 "in Extended Next-hop capability, ignoring",
748a041f
DS		 665 peer->host, iana_afi2str(pkt_afi),
666 iana_safi2str(pkt_safi), pkt_nh_afi);
d62a17ae 667 continue;
668 }
669
670 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
671
672 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
673 SET_FLAG(peer->af_cap[afi][safi],
674 PEER_CAP_ENHE_AF_NEGO);
675 }
676
677 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
678
679 return 0;
8a92a8a0
DS		 680}
681
d62a17ae 682static int bgp_capability_hostname(struct peer *peer,
683 struct capability_header *hdr)
04b6bdc0 684{
d62a17ae 685 struct stream *s = BGP_INPUT(peer);
686 char str[BGP_MAX_HOSTNAME + 1];
687 size_t end = stream_get_getp(s) + hdr->length;
d7c0a89a 688 uint8_t len;
d62a17ae 689
690 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
691
692 len = stream_getc(s);
693 if (stream_get_getp(s) + len > end) {
065eaa36 694 flog_warn(
e50f7cfd 695 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 696 "%s: Received malformed hostname capability from peer %s",
697 __FUNCTION__, peer->host);
698 return -1;
699 }
700
701 if (len > BGP_MAX_HOSTNAME) {
702 stream_get(str, s, BGP_MAX_HOSTNAME);
703 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
704 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
705 } else if (len)
706 stream_get(str, s, len);
707
708 if (len) {
709 str[len] = '\0';
710
711 if (peer->hostname != NULL) {
712 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
713 peer->hostname = NULL;
714 }
715
716 if (peer->domainname != NULL) {
717 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
718 peer->domainname = NULL;
719 }
720
721 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
722 }
723
724 if (stream_get_getp(s) + 1 > end) {
065eaa36 725 flog_warn(
e50f7cfd 726 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 727 "%s: Received invalid domain name len (hostname capability) from peer %s",
728 __FUNCTION__, peer->host);
729 return -1;
730 }
731
732 len = stream_getc(s);
733 if (stream_get_getp(s) + len > end) {
065eaa36 734 flog_warn(
e50f7cfd 735 EC_BGP_CAPABILITY_INVALID_DATA,
d62a17ae 736 "%s: Received runt domain name (hostname capability) from peer %s",
737 __FUNCTION__, peer->host);
738 return -1;
739 }
740
741 if (len > BGP_MAX_HOSTNAME) {
742 stream_get(str, s, BGP_MAX_HOSTNAME);
743 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
744 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
745 } else if (len)
746 stream_get(str, s, len);
747
748 if (len) {
749 str[len] = '\0';
750 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
751 }
752
753 if (bgp_debug_neighbor_events(peer)) {
754 zlog_debug("%s received hostname %s, domainname %s", peer->host,
755 peer->hostname, peer->domainname);
756 }
757
758 return 0;
04b6bdc0
DW		 759}
760
d62a17ae 761static const struct message capcode_str[] = {
762 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
763 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
764 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
765 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
766 {CAPABILITY_CODE_AS4, "4-octet AS number"},
767 {CAPABILITY_CODE_ADDPATH, "AddPath"},
768 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
769 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
770 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
771 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
772 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
773 {CAPABILITY_CODE_FQDN, "FQDN"},
774 {0}};
6d58272b
PJ		 775
776/* Minimum sizes for length field of each cap (so not inc. the header) */
d62a17ae 777static const size_t cap_minsizes[] = {
9d303b37
DL		 778 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
779 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
780 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
781 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
782 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
783 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
784 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
785 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
786 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
787 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
788 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
789 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
6d58272b
PJ		 790};
791
695ef95f
PJ		 792/* value the capability must be a multiple of.
793 * 0-data capabilities won't be checked against this.
794 * Other capabilities whose data doesn't fall on convenient boundaries for this
795 * table should be set to 1.
796 */
d62a17ae 797static const size_t cap_modsizes[] = {
9d303b37
DL		 798 [CAPABILITY_CODE_MP] = 4,
799 [CAPABILITY_CODE_REFRESH] = 1,
800 [CAPABILITY_CODE_ORF] = 1,
801 [CAPABILITY_CODE_RESTART] = 1,
802 [CAPABILITY_CODE_AS4] = 4,
803 [CAPABILITY_CODE_ADDPATH] = 4,
804 [CAPABILITY_CODE_DYNAMIC] = 1,
805 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
806 [CAPABILITY_CODE_ENHE] = 6,
807 [CAPABILITY_CODE_REFRESH_OLD] = 1,
808 [CAPABILITY_CODE_ORF_OLD] = 1,
809 [CAPABILITY_CODE_FQDN] = 1,
695ef95f
PJ		 810};
811
3b381c32
AS		 812/**
813 * Parse given capability.
6d58272b 814 * XXX: This is reading into a stream, but not using stream API
3b381c32
AS		 815 *
816 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
817 * capabilities were encountered.
6d58272b 818 */
d62a17ae 819static int bgp_capability_parse(struct peer *peer, size_t length,
d7c0a89a 820 int *mp_capability, uint8_t **error)
6d58272b 821{
d62a17ae 822 int ret;
823 struct stream *s = BGP_INPUT(peer);
824 size_t end = stream_get_getp(s) + length;
825
826 assert(STREAM_READABLE(s) >= length);
827
828 while (stream_get_getp(s) < end) {
829 size_t start;
d7c0a89a 830 uint8_t *sp = stream_pnt(s);
d62a17ae 831 struct capability_header caphdr;
832
833 ret = 0;
834 /* We need at least capability code and capability length. */
835 if (stream_get_getp(s) + 2 > end) {
836 zlog_info("%s Capability length error (< header)",
837 peer->host);
838 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
839 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
840 return -1;
841 }
842
843 caphdr.code = stream_getc(s);
844 caphdr.length = stream_getc(s);
845 start = stream_get_getp(s);
846
847 /* Capability length check sanity check. */
848 if (start + caphdr.length > end) {
849 zlog_info("%s Capability length error (< length)",
850 peer->host);
851 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
852 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
853 return -1;
854 }
855
856 if (bgp_debug_neighbor_events(peer))
857 zlog_debug("%s OPEN has %s capability (%u), length %u",
858 peer->host,
859 lookup_msg(capcode_str, caphdr.code, NULL),
860 caphdr.code, caphdr.length);
861
862 /* Length sanity check, type-specific, for known capabilities */
863 switch (caphdr.code) {
864 case CAPABILITY_CODE_MP:
865 case CAPABILITY_CODE_REFRESH:
866 case CAPABILITY_CODE_REFRESH_OLD:
867 case CAPABILITY_CODE_ORF:
868 case CAPABILITY_CODE_ORF_OLD:
869 case CAPABILITY_CODE_RESTART:
870 case CAPABILITY_CODE_AS4:
871 case CAPABILITY_CODE_ADDPATH:
872 case CAPABILITY_CODE_DYNAMIC:
873 case CAPABILITY_CODE_DYNAMIC_OLD:
874 case CAPABILITY_CODE_ENHE:
875 case CAPABILITY_CODE_FQDN:
876 /* Check length. */
877 if (caphdr.length < cap_minsizes[caphdr.code]) {
878 zlog_info(
879 "%s %s Capability length error: got %u,"
880 " expected at least %u",
881 peer->host,
882 lookup_msg(capcode_str, caphdr.code,
883 NULL),
884 caphdr.length,
885 (unsigned)cap_minsizes[caphdr.code]);
886 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
887 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
888 return -1;
889 }
890 if (caphdr.length
891 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
892 zlog_info(
893 "%s %s Capability length error: got %u,"
894 " expected a multiple of %u",
895 peer->host,
896 lookup_msg(capcode_str, caphdr.code,
897 NULL),
898 caphdr.length,
899 (unsigned)cap_modsizes[caphdr.code]);
900 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
901 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
902 return -1;
903 }
904 /* we deliberately ignore unknown codes, see below */
905 default:
906 break;
907 }
908
909 switch (caphdr.code) {
910 case CAPABILITY_CODE_MP: {
911 *mp_capability = 1;
912
913 /* Ignore capability when override-capability is set. */
914 if (!CHECK_FLAG(peer->flags,
915 PEER_FLAG_OVERRIDE_CAPABILITY)) {
916 /* Set negotiated value. */
917 ret = bgp_capability_mp(peer, &caphdr);
918
919 /* Unsupported Capability. */
920 if (ret < 0) {
921 /* Store return data. */
922 memcpy(*error, sp, caphdr.length + 2);
923 *error += caphdr.length + 2;
924 }
925 ret = 0; /* Don't return error for this */
926 }
927 } break;
928 case CAPABILITY_CODE_REFRESH:
929 case CAPABILITY_CODE_REFRESH_OLD: {
930 /* BGP refresh capability */
931 if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
932 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
933 else
934 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
935 } break;
936 case CAPABILITY_CODE_ORF:
937 case CAPABILITY_CODE_ORF_OLD:
938 ret = bgp_capability_orf_entry(peer, &caphdr);
939 break;
940 case CAPABILITY_CODE_RESTART:
941 ret = bgp_capability_restart(peer, &caphdr);
942 break;
943 case CAPABILITY_CODE_DYNAMIC:
944 case CAPABILITY_CODE_DYNAMIC_OLD:
945 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
946 break;
947 case CAPABILITY_CODE_AS4:
948 /* Already handled as a special-case parsing of the
949 * capabilities
950 * at the beginning of OPEN processing. So we care not a
951 * jot
952 * for the value really, only error case.
953 */
954 if (!bgp_capability_as4(peer, &caphdr))
955 ret = -1;
956 break;
957 case CAPABILITY_CODE_ADDPATH:
958 ret = bgp_capability_addpath(peer, &caphdr);
959 break;
960 case CAPABILITY_CODE_ENHE:
961 ret = bgp_capability_enhe(peer, &caphdr);
962 break;
963 case CAPABILITY_CODE_FQDN:
964 ret = bgp_capability_hostname(peer, &caphdr);
965 break;
966 default:
967 if (caphdr.code > 128) {
968 /* We don't send Notification for unknown vendor
969 specific
970 capabilities. It seems reasonable for now...
971 */
e50f7cfd 972 flog_warn(EC_BGP_CAPABILITY_VENDOR,
065eaa36 973 "%s Vendor specific capability %d",
d62a17ae 974 peer->host, caphdr.code);
975 } else {
065eaa36 976 flog_warn(
e50f7cfd 977 EC_BGP_CAPABILITY_UNKNOWN,
d62a17ae 978 "%s unrecognized capability code: %d - ignored",
979 peer->host, caphdr.code);
980 memcpy(*error, sp, caphdr.length + 2);
981 *error += caphdr.length + 2;
982 }
983 }
984
985 if (ret < 0) {
986 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
987 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
988 return -1;
989 }
990 if (stream_get_getp(s) != (start + caphdr.length)) {
991 if (stream_get_getp(s) > (start + caphdr.length))
065eaa36 992 flog_warn(
e50f7cfd 993 EC_BGP_CAPABILITY_INVALID_LENGTH,
d62a17ae 994 "%s Cap-parser for %s read past cap-length, %u!",
995 peer->host,
996 lookup_msg(capcode_str, caphdr.code,
997 NULL),
998 caphdr.length);
999 stream_set_getp(s, start + caphdr.length);
1000 }
718e3744 1001 }
d62a17ae 1002 return 0;
718e3744 1003}
1004
d62a17ae 1005static int bgp_auth_parse(struct peer *peer, size_t length)
718e3744 1006{
d62a17ae 1007 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1008 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1009 return -1;
718e3744 1010}
1011
d62a17ae 1012static int strict_capability_same(struct peer *peer)
718e3744 1013{
d62a17ae 1014 int i, j;
718e3744 1015
d62a17ae 1016 for (i = AFI_IP; i < AFI_MAX; i++)
1017 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1018 if (peer->afc[i][j] != peer->afc_nego[i][j])
1019 return 0;
1020 return 1;
718e3744 1021}
1022
0b2aa3a0
PJ		 1023/* peek into option, stores ASN to *as4 if the AS4 capability was found.
1024 * Returns 0 if no as4 found, as4cap value otherwise.
1025 */
d7c0a89a 1026as_t peek_for_as4_capability(struct peer *peer, uint8_t length)
0b2aa3a0 1027{
d62a17ae 1028 struct stream *s = BGP_INPUT(peer);
1029 size_t orig_getp = stream_get_getp(s);
1030 size_t end = orig_getp + length;
1031 as_t as4 = 0;
1032
1033 if (BGP_DEBUG(as4, AS4))
4cb5e18b 1034 zlog_debug(
d62a17ae 1035 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u,"
1036 " peeking for as4",
1037 peer->host, length);
1038 /* the error cases we DONT handle, we ONLY try to read as4 out of
1039 * correctly formatted options.
1040 */
1041 while (stream_get_getp(s) < end) {
d7c0a89a
QY		 1042 uint8_t opt_type;
1043 uint8_t opt_length;
d62a17ae 1044
1045 /* Check the length. */
1046 if (stream_get_getp(s) + 2 > end)
1047 goto end;
1048
1049 /* Fetch option type and length. */
1050 opt_type = stream_getc(s);
1051 opt_length = stream_getc(s);
1052
1053 /* Option length check. */
1054 if (stream_get_getp(s) + opt_length > end)
1055 goto end;
1056
1057 if (opt_type == BGP_OPEN_OPT_CAP) {
1058 unsigned long capd_start = stream_get_getp(s);
1059 unsigned long capd_end = capd_start + opt_length;
1060
1061 assert(capd_end <= end);
1062
1063 while (stream_get_getp(s) < capd_end) {
1064 struct capability_header hdr;
1065
1066 if (stream_get_getp(s) + 2 > capd_end)
1067 goto end;
1068
1069 hdr.code = stream_getc(s);
1070 hdr.length = stream_getc(s);
1071
1072 if ((stream_get_getp(s) + hdr.length)
1073 > capd_end)
1074 goto end;
1075
1076 if (hdr.code == CAPABILITY_CODE_AS4) {
1077 if (BGP_DEBUG(as4, AS4))
4cb5e18b 1078 zlog_debug(
d62a17ae 1079 "[AS4] found AS4 capability, about to parse");
1080 as4 = bgp_capability_as4(peer, &hdr);
1081
1082 goto end;
1083 }
1084 stream_forward_getp(s, hdr.length);
1085 }
1086 }
0b2aa3a0 1087 }
0b2aa3a0
PJ		 1088
1089end:
d62a17ae 1090 stream_set_getp(s, orig_getp);
1091 return as4;
0b2aa3a0
PJ		 1092}
1093
3b381c32
AS		 1094/**
1095 * Parse open option.
1096 *
1097 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1098 */
d7c0a89a 1099int bgp_open_option_parse(struct peer *peer, uint8_t length, int *mp_capability)
718e3744 1100{
d62a17ae 1101 int ret = 0;
d7c0a89a
QY		 1102 uint8_t *error;
1103 uint8_t error_data[BGP_MAX_PACKET_SIZE];
d62a17ae 1104 struct stream *s = BGP_INPUT(peer);
1105 size_t end = stream_get_getp(s) + length;
1106
1107 error = error_data;
1108
1109 if (bgp_debug_neighbor_events(peer))
1110 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1111 peer->host, length);
1112
1113 while (stream_get_getp(s) < end) {
d7c0a89a
QY		 1114 uint8_t opt_type;
1115 uint8_t opt_length;
d62a17ae 1116
1117 /* Must have at least an OPEN option header */
1118 if (STREAM_READABLE(s) < 2) {
1119 zlog_info("%s Option length error", peer->host);
1120 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1121 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1122 return -1;
1123 }
1124
1125 /* Fetch option type and length. */
1126 opt_type = stream_getc(s);
1127 opt_length = stream_getc(s);
1128
1129 /* Option length check. */
1130 if (STREAM_READABLE(s) < opt_length) {
1131 zlog_info("%s Option length error", peer->host);
1132 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1133 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1134 return -1;
1135 }
1136
1137 if (bgp_debug_neighbor_events(peer))
1138 zlog_debug(
1139 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1140 peer->host, opt_type,
1141 opt_type == BGP_OPEN_OPT_AUTH
1142 ? "Authentication"
1143 : opt_type == BGP_OPEN_OPT_CAP
1144 ? "Capability"
1145 : "Unknown",
1146 opt_length);
1147
1148 switch (opt_type) {
1149 case BGP_OPEN_OPT_AUTH:
1150 ret = bgp_auth_parse(peer, opt_length);
1151 break;
1152 case BGP_OPEN_OPT_CAP:
1153 ret = bgp_capability_parse(peer, opt_length,
1154 mp_capability, &error);
1155 break;
1156 default:
1157 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1158 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1159 ret = -1;
1160 break;
1161 }
1162
1163 /* Parse error. To accumulate all unsupported capability codes,
1164 bgp_capability_parse does not return -1 when encounter
1165 unsupported capability code. To detect that, please check
1166 error and erro_data pointer, like below. */
1167 if (ret < 0)
1168 return -1;
718e3744 1169 }
1170
d62a17ae 1171 /* All OPEN option is parsed. Check capability when strict compare
1172 flag is enabled.*/
1173 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1174 /* If Unsupported Capability exists. */
1175 if (error != error_data) {
1176 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1177 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1178 error_data,
1179 error - error_data);
1180 return -1;
1181 }
1182
1183 /* Check local capability does not negotiated with remote
1184 peer. */
1185 if (!strict_capability_same(peer)) {
1186 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1187 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1188 return -1;
1189 }
718e3744 1190 }
1191
d62a17ae 1192 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1193 error. */
1194 if (*mp_capability
1195 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1196 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1197 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1198 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1199 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1200 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
7c40bf39 1201 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
d62a17ae 1202 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1203 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1204 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1205 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1206 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
7c40bf39 1207 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
d62a17ae 1208 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
e50f7cfd 1209 flog_err(EC_BGP_PKT_OPEN,
1c50c1c0
QY		 1210 "%s [Error] Configured AFI/SAFIs do not "
1211 "overlap with received MP capabilities",
1212 peer->host);
d62a17ae 1213
1214 if (error != error_data)
1215 bgp_notify_send_with_data(
1216 peer, BGP_NOTIFY_OPEN_ERR,
1217 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1218 error - error_data);
1219 else
1220 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1221 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1222 return -1;
1223 }
718e3744 1224 }
d62a17ae 1225 return 0;
718e3744 1226}
1227
d62a17ae 1228static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
d7c0a89a 1229 afi_t afi, safi_t safi, uint8_t code)
718e3744 1230{
d7c0a89a
QY		 1231 uint8_t cap_len;
1232 uint8_t orf_len;
d62a17ae 1233 unsigned long capp;
1234 unsigned long orfp;
1235 unsigned long numberp;
1236 int number_of_orfs = 0;
1237 iana_afi_t pkt_afi;
5c525538 1238 iana_safi_t pkt_safi;
d62a17ae 1239
1240 /* Convert AFI, SAFI to values for packet. */
1241 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1242
1243 stream_putc(s, BGP_OPEN_OPT_CAP);
1244 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1245 stream_putc(s, 0); /* Capability Length */
1246 stream_putc(s, code); /* Capability Code */
1247 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1248 stream_putc(s, 0); /* ORF Length */
1249 stream_putw(s, pkt_afi);
1250 stream_putc(s, 0);
1251 stream_putc(s, pkt_safi);
1252 numberp = stream_get_endp(s); /* Set Number Pointer */
1253 stream_putc(s, 0); /* Number of ORFs */
1254
1255 /* Address Prefix ORF */
1256 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1257 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1258 stream_putc(s, (code == CAPABILITY_CODE_ORF
1259 ? ORF_TYPE_PREFIX
1260 : ORF_TYPE_PREFIX_OLD));
1261
1262 if (CHECK_FLAG(peer->af_flags[afi][safi],
1263 PEER_FLAG_ORF_PREFIX_SM)
1264 && CHECK_FLAG(peer->af_flags[afi][safi],
1265 PEER_FLAG_ORF_PREFIX_RM)) {
1266 SET_FLAG(peer->af_cap[afi][safi],
1267 PEER_CAP_ORF_PREFIX_SM_ADV);
1268 SET_FLAG(peer->af_cap[afi][safi],
1269 PEER_CAP_ORF_PREFIX_RM_ADV);
1270 stream_putc(s, ORF_MODE_BOTH);
1271 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1272 PEER_FLAG_ORF_PREFIX_SM)) {
1273 SET_FLAG(peer->af_cap[afi][safi],
1274 PEER_CAP_ORF_PREFIX_SM_ADV);
1275 stream_putc(s, ORF_MODE_SEND);
1276 } else {
1277 SET_FLAG(peer->af_cap[afi][safi],
1278 PEER_CAP_ORF_PREFIX_RM_ADV);
1279 stream_putc(s, ORF_MODE_RECEIVE);
1280 }
1281 number_of_orfs++;
718e3744 1282 }
718e3744 1283
d62a17ae 1284 /* Total Number of ORFs. */
1285 stream_putc_at(s, numberp, number_of_orfs);
718e3744 1286
d62a17ae 1287 /* Total ORF Len. */
1288 orf_len = stream_get_endp(s) - orfp - 1;
1289 stream_putc_at(s, orfp, orf_len);
718e3744 1290
d62a17ae 1291 /* Total Capability Len. */
1292 cap_len = stream_get_endp(s) - capp - 1;
1293 stream_putc_at(s, capp, cap_len);
718e3744 1294}
1295
1296/* Fill in capability open option to the packet. */
d62a17ae 1297void bgp_open_capability(struct stream *s, struct peer *peer)
718e3744 1298{
d7c0a89a 1299 uint8_t len;
d62a17ae 1300 unsigned long cp, capp, rcapp;
1301 iana_afi_t pkt_afi;
1302 afi_t afi;
5c525538
RW		 1303 safi_t safi;
1304 iana_safi_t pkt_safi;
d62a17ae 1305 as_t local_as;
d7c0a89a
QY		 1306 uint32_t restart_time;
1307 uint8_t afi_safi_count = 0;
d62a17ae 1308 int adv_addpath_tx = 0;
1309
1310 /* Remember current pointer for Opt Parm Len. */
1311 cp = stream_get_endp(s);
1312
1313 /* Opt Parm Len. */
1314 stream_putc(s, 0);
1315
1316 /* Do not send capability. */
1317 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1318 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1319 return;
1320
1321 /* MP capability for configured AFI, SAFI */
05c7a1cc
QY		 1322 FOREACH_AFI_SAFI (afi, safi) {
1323 if (peer->afc[afi][safi]) {
1324 /* Convert AFI, SAFI to values for packet. */
1325 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1326 &pkt_safi);
1327
1328 peer->afc_adv[afi][safi] = 1;
1329 stream_putc(s, BGP_OPEN_OPT_CAP);
1330 stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1331 stream_putc(s, CAPABILITY_CODE_MP);
1332 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1333 stream_putw(s, pkt_afi);
1334 stream_putc(s, 0);
1335 stream_putc(s, pkt_safi);
1336
1337 /* Extended nexthop capability - currently
1338 * supporting RFC-5549 for
1339 * Link-Local peering only
1340 */
1341 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1342 && peer->su.sa.sa_family == AF_INET6
05c7a1cc
QY		 1343 && afi == AFI_IP
1344 && (safi == SAFI_UNICAST
1345 || safi == SAFI_LABELED_UNICAST)) {
1346 /* RFC 5549 Extended Next Hop Encoding
1347 */
1348 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
d62a17ae 1349 stream_putc(s, BGP_OPEN_OPT_CAP);
05c7a1cc
QY		 1350 stream_putc(s, CAPABILITY_CODE_ENHE_LEN + 2);
1351 stream_putc(s, CAPABILITY_CODE_ENHE);
1352 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1353
1354 SET_FLAG(peer->af_cap[AFI_IP][safi],
1355 PEER_CAP_ENHE_AF_ADV);
d62a17ae 1356 stream_putw(s, pkt_afi);
05c7a1cc
QY		 1357 stream_putw(s, pkt_safi);
1358 stream_putw(s, afi_int2iana(AFI_IP6));
d62a17ae 1359
05c7a1cc
QY		 1360 if (CHECK_FLAG(peer->af_cap[afi][safi],
1361 PEER_CAP_ENHE_AF_RCV))
1362 SET_FLAG(peer->af_cap[afi][safi],
1363 PEER_CAP_ENHE_AF_NEGO);
d62a17ae 1364 }
1365 }
05c7a1cc 1366 }
d62a17ae 1367
1368 /* Route refresh. */
1369 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1370 stream_putc(s, BGP_OPEN_OPT_CAP);
1371 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1372 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1373 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1374 stream_putc(s, BGP_OPEN_OPT_CAP);
1375 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1376 stream_putc(s, CAPABILITY_CODE_REFRESH);
1377 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1378
1379 /* AS4 */
1380 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1381 stream_putc(s, BGP_OPEN_OPT_CAP);
1382 stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1383 stream_putc(s, CAPABILITY_CODE_AS4);
1384 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1385 if (peer->change_local_as)
1386 local_as = peer->change_local_as;
1387 else
1388 local_as = peer->local_as;
1389 stream_putl(s, local_as);
1390
1391 /* AddPath */
05c7a1cc
QY		 1392 FOREACH_AFI_SAFI (afi, safi) {
1393 if (peer->afc[afi][safi]) {
1394 afi_safi_count++;
1395
1396 /* Only advertise addpath TX if a feature that
1397 * will use it is
1398 * configured */
dcc68b5e 1399 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
05c7a1cc
QY		 1400 adv_addpath_tx = 1;
1401 }
1402 }
d62a17ae 1403
1404 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1405 stream_putc(s, BGP_OPEN_OPT_CAP);
1406 stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count) + 2);
1407 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1408 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1409
05c7a1cc
QY		 1410 FOREACH_AFI_SAFI (afi, safi) {
1411 if (peer->afc[afi][safi]) {
1412 /* Convert AFI, SAFI to values for packet. */
1413 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1414 &pkt_safi);
d62a17ae 1415
05c7a1cc
QY		 1416 stream_putw(s, pkt_afi);
1417 stream_putc(s, pkt_safi);
d62a17ae 1418
05c7a1cc
QY		 1419 if (adv_addpath_tx) {
1420 stream_putc(s, BGP_ADDPATH_RX | BGP_ADDPATH_TX);
1421 SET_FLAG(peer->af_cap[afi][safi],
1422 PEER_CAP_ADDPATH_AF_RX_ADV);
1423 SET_FLAG(peer->af_cap[afi][safi],
1424 PEER_CAP_ADDPATH_AF_TX_ADV);
1425 } else {
1426 stream_putc(s, BGP_ADDPATH_RX);
1427 SET_FLAG(peer->af_cap[afi][safi],
1428 PEER_CAP_ADDPATH_AF_RX_ADV);
1429 UNSET_FLAG(peer->af_cap[afi][safi],
1430 PEER_CAP_ADDPATH_AF_TX_ADV);
d62a17ae 1431 }
05c7a1cc
QY		 1432 }
1433 }
d62a17ae 1434
1435 /* ORF capability. */
05c7a1cc
QY		 1436 FOREACH_AFI_SAFI (afi, safi) {
1437 if (CHECK_FLAG(peer->af_flags[afi][safi],
1438 PEER_FLAG_ORF_PREFIX_SM)
1439 || CHECK_FLAG(peer->af_flags[afi][safi],
1440 PEER_FLAG_ORF_PREFIX_RM)) {
1441 bgp_open_capability_orf(s, peer, afi, safi,
1442 CAPABILITY_CODE_ORF_OLD);
1443 bgp_open_capability_orf(s, peer, afi, safi,
1444 CAPABILITY_CODE_ORF);
1445 }
1446 }
d62a17ae 1447
1448 /* Dynamic capability. */
1449 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1450 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1451 stream_putc(s, BGP_OPEN_OPT_CAP);
1452 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1453 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1454 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1455 stream_putc(s, BGP_OPEN_OPT_CAP);
1456 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1457 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1458 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
718e3744 1459 }
1460
d62a17ae 1461 /* Hostname capability */
6b3ee3a0 1462 if (cmd_hostname_get()) {
d62a17ae 1463 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1464 stream_putc(s, BGP_OPEN_OPT_CAP);
1465 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1466 stream_putc(s, 0); /* dummy len for now */
1467 stream_putc(s, CAPABILITY_CODE_FQDN);
1468 capp = stream_get_endp(s);
1469 stream_putc(s, 0); /* dummy len for now */
6b3ee3a0 1470 len = strlen(cmd_hostname_get());
d62a17ae 1471 if (len > BGP_MAX_HOSTNAME)
1472 len = BGP_MAX_HOSTNAME;
1473
1474 stream_putc(s, len);
6b3ee3a0
MK		 1475 stream_put(s, cmd_hostname_get(), len);
1476 if (cmd_domainname_get()) {
1477 len = strlen(cmd_domainname_get());
d62a17ae 1478 if (len > BGP_MAX_HOSTNAME)
1479 len = BGP_MAX_HOSTNAME;
1480
1481 stream_putc(s, len);
6b3ee3a0 1482 stream_put(s, cmd_domainname_get(), len);
d62a17ae 1483 } else
d62a17ae 1484 stream_putc(s, 0); /* 0 length */
04b6bdc0 1485
d62a17ae 1486 /* Set the lengths straight */
1487 len = stream_get_endp(s) - rcapp - 1;
1488 stream_putc_at(s, rcapp, len);
1489 len = stream_get_endp(s) - capp - 1;
1490 stream_putc_at(s, capp, len);
04b6bdc0 1491
d62a17ae 1492 if (bgp_debug_neighbor_events(peer))
d62a17ae 1493 zlog_debug(
1494 "%s Sending hostname cap with hn = %s, dn = %s",
6b3ee3a0
MK		 1495 peer->host, cmd_hostname_get(),
1496 cmd_domainname_get());
d62a17ae 1497 }
1498
1499 /* Sending base graceful-restart capability irrespective of the config
1500 */
1501 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1502 stream_putc(s, BGP_OPEN_OPT_CAP);
1503 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1504 stream_putc(s, 0); /* Capability Length */
1505 stream_putc(s, CAPABILITY_CODE_RESTART);
1506 rcapp = stream_get_endp(s); /* Set Restart Capability Len Pointer */
1507 stream_putc(s, 0);
1508 restart_time = peer->bgp->restart_time;
1509 if (peer->bgp->t_startup) {
1510 SET_FLAG(restart_time, RESTART_R_BIT);
1511 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_ADV);
1512 }
1513 stream_putw(s, restart_time);
1514
1515 /* Send address-family specific graceful-restart capability only when GR
1516 config
1517 is present */
1518 if (bgp_flag_check(peer->bgp, BGP_FLAG_GRACEFUL_RESTART)) {
05c7a1cc
QY		 1519 FOREACH_AFI_SAFI (afi, safi) {
1520 if (peer->afc[afi][safi]) {
1521 /* Convert AFI, SAFI to values for
1522 * packet. */
1523 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1524 &pkt_safi);
1525 stream_putw(s, pkt_afi);
1526 stream_putc(s, pkt_safi);
1527 if (bgp_flag_check(peer->bgp,
1528 BGP_FLAG_GR_PRESERVE_FWD))
1529 stream_putc(s, RESTART_F_BIT);
1530 else
1531 stream_putc(s, 0);
1532 }
1533 }
d62a17ae 1534 }
1535
1536 /* Total Graceful restart capability Len. */
1537 len = stream_get_endp(s) - rcapp - 1;
1538 stream_putc_at(s, rcapp, len);
1539
1540 /* Total Capability Len. */
1541 len = stream_get_endp(s) - capp - 1;
1542 stream_putc_at(s, capp, len);
1543
1544 /* Total Opt Parm Len. */
1545 len = stream_get_endp(s) - cp - 1;
1546 stream_putc_at(s, cp, len);
718e3744 1547}
FRRouting mirror