]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* BGP packet management routine. |
56257a44 QY |
2 | * Contains utility functions for constructing and consuming BGP messages. |
3 | * Copyright (C) 2017 Cumulus Networks | |
896014f4 DL |
4 | * Copyright (C) 1999 Kunihiro Ishiguro |
5 | * | |
6 | * This file is part of GNU Zebra. | |
7 | * | |
8 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2, or (at your option) any | |
11 | * later version. | |
12 | * | |
13 | * GNU Zebra is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | * General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License along | |
19 | * with this program; see the file COPYING; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
21 | */ | |
718e3744 | 22 | |
23 | #include <zebra.h> | |
d3ecc69e | 24 | #include <sys/time.h> |
718e3744 | 25 | |
26 | #include "thread.h" | |
27 | #include "stream.h" | |
28 | #include "network.h" | |
29 | #include "prefix.h" | |
30 | #include "command.h" | |
31 | #include "log.h" | |
32 | #include "memory.h" | |
d62a17ae | 33 | #include "sockunion.h" /* for inet_ntop () */ |
baa376fc | 34 | #include "sockopt.h" |
718e3744 | 35 | #include "linklist.h" |
36 | #include "plist.h" | |
3f9c7369 | 37 | #include "queue.h" |
039f3a34 | 38 | #include "filter.h" |
02705213 | 39 | #include "lib_errors.h" |
718e3744 | 40 | |
41 | #include "bgpd/bgpd.h" | |
42 | #include "bgpd/bgp_table.h" | |
43 | #include "bgpd/bgp_dump.h" | |
6c29258c | 44 | #include "bgpd/bgp_bmp.h" |
718e3744 | 45 | #include "bgpd/bgp_attr.h" |
46 | #include "bgpd/bgp_debug.h" | |
14454c9f | 47 | #include "bgpd/bgp_errors.h" |
718e3744 | 48 | #include "bgpd/bgp_fsm.h" |
49 | #include "bgpd/bgp_route.h" | |
50 | #include "bgpd/bgp_packet.h" | |
51 | #include "bgpd/bgp_open.h" | |
52 | #include "bgpd/bgp_aspath.h" | |
53 | #include "bgpd/bgp_community.h" | |
54 | #include "bgpd/bgp_ecommunity.h" | |
57d187bc | 55 | #include "bgpd/bgp_lcommunity.h" |
718e3744 | 56 | #include "bgpd/bgp_network.h" |
57 | #include "bgpd/bgp_mplsvpn.h" | |
7ef5a232 | 58 | #include "bgpd/bgp_evpn.h" |
718e3744 | 59 | #include "bgpd/bgp_advertise.h" |
93406d87 | 60 | #include "bgpd/bgp_vty.h" |
3f9c7369 | 61 | #include "bgpd/bgp_updgrp.h" |
cd1964ff | 62 | #include "bgpd/bgp_label.h" |
56257a44 | 63 | #include "bgpd/bgp_io.h" |
934af458 | 64 | #include "bgpd/bgp_keepalives.h" |
7c40bf39 | 65 | #include "bgpd/bgp_flowspec.h" |
d9a03c57 | 66 | #include "bgpd/bgp_trace.h" |
718e3744 | 67 | |
584470fb DL |
68 | DEFINE_HOOK(bgp_packet_dump, |
69 | (struct peer *peer, uint8_t type, bgp_size_t size, | |
70 | struct stream *s), | |
8451921b | 71 | (peer, type, size, s)); |
584470fb | 72 | |
6fd04594 DL |
73 | DEFINE_HOOK(bgp_packet_send, |
74 | (struct peer *peer, uint8_t type, bgp_size_t size, | |
75 | struct stream *s), | |
8451921b | 76 | (peer, type, size, s)); |
6fd04594 | 77 | |
d8151687 QY |
78 | /** |
79 | * Sets marker and type fields for a BGP message. | |
80 | * | |
81 | * @param s the stream containing the packet | |
82 | * @param type the packet type | |
83 | * @return the size of the stream | |
84 | */ | |
d7c0a89a | 85 | int bgp_packet_set_marker(struct stream *s, uint8_t type) |
718e3744 | 86 | { |
d62a17ae | 87 | int i; |
718e3744 | 88 | |
d62a17ae | 89 | /* Fill in marker. */ |
90 | for (i = 0; i < BGP_MARKER_SIZE; i++) | |
91 | stream_putc(s, 0xff); | |
718e3744 | 92 | |
d62a17ae | 93 | /* Dummy total length. This field is should be filled in later on. */ |
94 | stream_putw(s, 0); | |
718e3744 | 95 | |
d62a17ae | 96 | /* BGP packet type. */ |
97 | stream_putc(s, type); | |
718e3744 | 98 | |
d62a17ae | 99 | /* Return current stream size. */ |
100 | return stream_get_endp(s); | |
718e3744 | 101 | } |
102 | ||
d8151687 QY |
103 | /** |
104 | * Sets size field for a BGP message. | |
105 | * | |
106 | * Size field is set to the size of the stream passed. | |
107 | * | |
108 | * @param s the stream containing the packet | |
d8151687 | 109 | */ |
65baedca | 110 | void bgp_packet_set_size(struct stream *s) |
718e3744 | 111 | { |
d62a17ae | 112 | int cp; |
718e3744 | 113 | |
d62a17ae | 114 | /* Preserve current pointer. */ |
115 | cp = stream_get_endp(s); | |
116 | stream_putw_at(s, BGP_MARKER_SIZE, cp); | |
718e3744 | 117 | } |
118 | ||
d3ecc69e QY |
119 | /* |
120 | * Push a packet onto the beginning of the peer's output queue. | |
121 | * This function acquires the peer's write mutex before proceeding. | |
122 | */ | |
123 | static void bgp_packet_add(struct peer *peer, struct stream *s) | |
124 | { | |
bd9fb6f3 DL |
125 | intmax_t delta; |
126 | uint32_t holdtime; | |
460ed839 | 127 | intmax_t sendholdtime; |
bd9fb6f3 | 128 | |
cb1991af | 129 | frr_with_mutex (&peer->io_mtx) { |
bd9fb6f3 DL |
130 | /* if the queue is empty, reset the "last OK" timestamp to |
131 | * now, otherwise if we write another packet immediately | |
132 | * after it'll get confused | |
133 | */ | |
134 | if (!stream_fifo_count_safe(peer->obuf)) | |
083ec940 | 135 | peer->last_sendq_ok = monotime(NULL); |
bd9fb6f3 | 136 | |
00dffa8c | 137 | stream_fifo_push(peer->obuf, s); |
bd9fb6f3 | 138 | |
083ec940 | 139 | delta = monotime(NULL) - peer->last_sendq_ok; |
460ed839 DA |
140 | |
141 | if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER)) | |
142 | holdtime = atomic_load_explicit(&peer->holdtime, | |
143 | memory_order_relaxed); | |
144 | else | |
145 | holdtime = peer->bgp->default_holdtime; | |
146 | ||
147 | sendholdtime = holdtime * 2; | |
bd9fb6f3 DL |
148 | |
149 | /* Note that when we're here, we're adding some packet to the | |
150 | * OutQ. That includes keepalives when there is nothing to | |
151 | * do, so there's a guarantee we pass by here once in a while. | |
152 | * | |
153 | * That implies there is no need to go set up another separate | |
154 | * timer that ticks down SendHoldTime, as we'll be here sooner | |
155 | * or later anyway and will see the checks below failing. | |
156 | */ | |
382268f4 DL |
157 | if (!holdtime) { |
158 | /* no holdtime, do nothing. */ | |
460ed839 | 159 | } else if (delta > sendholdtime) { |
bd9fb6f3 DL |
160 | flog_err( |
161 | EC_BGP_SENDQ_STUCK_PROPER, | |
460ed839 DA |
162 | "%pBP has not made any SendQ progress for 2 holdtimes (%jds), terminating session", |
163 | peer, sendholdtime); | |
bd9fb6f3 DL |
164 | BGP_EVENT_ADD(peer, TCP_fatal_error); |
165 | } else if (delta > (intmax_t)holdtime && | |
083ec940 | 166 | monotime(NULL) - peer->last_sendq_warn > 5) { |
bd9fb6f3 DL |
167 | flog_warn( |
168 | EC_BGP_SENDQ_STUCK_WARN, | |
460ed839 DA |
169 | "%pBP has not made any SendQ progress for 1 holdtime (%us), peer overloaded?", |
170 | peer, holdtime); | |
083ec940 | 171 | peer->last_sendq_warn = monotime(NULL); |
bd9fb6f3 | 172 | } |
00dffa8c | 173 | } |
718e3744 | 174 | } |
175 | ||
d62a17ae | 176 | static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi, |
177 | safi_t safi) | |
93406d87 | 178 | { |
d62a17ae | 179 | struct stream *s; |
617975d1 DS |
180 | iana_afi_t pkt_afi = IANA_AFI_IPV4; |
181 | iana_safi_t pkt_safi = IANA_SAFI_UNICAST; | |
d62a17ae | 182 | |
183 | if (DISABLE_BGP_ANNOUNCE) | |
184 | return NULL; | |
185 | ||
186 | if (bgp_debug_neighbor_events(peer)) | |
187 | zlog_debug("send End-of-RIB for %s to %s", | |
5cb5f4d0 | 188 | get_afi_safi_str(afi, safi, false), peer->host); |
d62a17ae | 189 | |
ef56aee4 | 190 | s = stream_new(peer->max_packet_size); |
d62a17ae | 191 | |
192 | /* Make BGP update packet. */ | |
193 | bgp_packet_set_marker(s, BGP_MSG_UPDATE); | |
194 | ||
195 | /* Unfeasible Routes Length */ | |
196 | stream_putw(s, 0); | |
197 | ||
198 | if (afi == AFI_IP && safi == SAFI_UNICAST) { | |
199 | /* Total Path Attribute Length */ | |
200 | stream_putw(s, 0); | |
201 | } else { | |
202 | /* Convert AFI, SAFI to values for packet. */ | |
203 | bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi); | |
204 | ||
205 | /* Total Path Attribute Length */ | |
206 | stream_putw(s, 6); | |
207 | stream_putc(s, BGP_ATTR_FLAG_OPTIONAL); | |
208 | stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI); | |
209 | stream_putc(s, 3); | |
210 | stream_putw(s, pkt_afi); | |
211 | stream_putc(s, pkt_safi); | |
212 | } | |
213 | ||
214 | bgp_packet_set_size(s); | |
d62a17ae | 215 | return s; |
718e3744 | 216 | } |
217 | ||
d8151687 QY |
218 | /* Called when there is a change in the EOR(implicit or explicit) status of a |
219 | * peer. Ends the update-delay if all expected peers are done with EORs. */ | |
220 | void bgp_check_update_delay(struct bgp *bgp) | |
221 | { | |
222 | struct listnode *node, *nnode; | |
223 | struct peer *peer = NULL; | |
224 | ||
225 | if (bgp_debug_neighbor_events(peer)) | |
226 | zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d", | |
227 | bgp->established, bgp->restarted_peers, | |
228 | bgp->implicit_eors, bgp->explicit_eors); | |
229 | ||
230 | if (bgp->established | |
231 | <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) { | |
becedef6 QY |
232 | /* |
233 | * This is an extra sanity check to make sure we wait for all | |
234 | * the eligible configured peers. This check is performed if | |
235 | * establish wait timer is on, or establish wait option is not | |
236 | * given with the update-delay command | |
237 | */ | |
d8151687 QY |
238 | if (bgp->t_establish_wait |
239 | || (bgp->v_establish_wait == bgp->v_update_delay)) | |
240 | for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) { | |
241 | if (CHECK_FLAG(peer->flags, | |
242 | PEER_FLAG_CONFIG_NODE) | |
243 | && !CHECK_FLAG(peer->flags, | |
244 | PEER_FLAG_SHUTDOWN) | |
cb9196e7 DS |
245 | && !CHECK_FLAG(peer->bgp->flags, |
246 | BGP_FLAG_SHUTDOWN) | |
d8151687 QY |
247 | && !peer->update_delay_over) { |
248 | if (bgp_debug_neighbor_events(peer)) | |
249 | zlog_debug( | |
250 | " Peer %s pending, continuing read-only mode", | |
251 | peer->host); | |
252 | return; | |
253 | } | |
254 | } | |
255 | ||
256 | zlog_info( | |
257 | "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d", | |
258 | bgp->restarted_peers, bgp->implicit_eors, | |
259 | bgp->explicit_eors); | |
260 | bgp_update_delay_end(bgp); | |
261 | } | |
262 | } | |
263 | ||
becedef6 QY |
264 | /* |
265 | * Called if peer is known to have restarted. The restart-state bit in | |
266 | * Graceful-Restart capability is used for that | |
267 | */ | |
d8151687 QY |
268 | void bgp_update_restarted_peers(struct peer *peer) |
269 | { | |
270 | if (!bgp_update_delay_active(peer->bgp)) | |
271 | return; /* BGP update delay has ended */ | |
272 | if (peer->update_delay_over) | |
273 | return; /* This peer has already been considered */ | |
274 | ||
275 | if (bgp_debug_neighbor_events(peer)) | |
276 | zlog_debug("Peer %s: Checking restarted", peer->host); | |
277 | ||
feb17238 | 278 | if (peer_established(peer)) { |
d8151687 QY |
279 | peer->update_delay_over = 1; |
280 | peer->bgp->restarted_peers++; | |
281 | bgp_check_update_delay(peer->bgp); | |
282 | } | |
283 | } | |
284 | ||
becedef6 QY |
285 | /* |
286 | * Called as peer receives a keep-alive. Determines if this occurence can be | |
287 | * taken as an implicit EOR for this peer. | |
288 | * NOTE: The very first keep-alive after the Established state of a peer is | |
289 | * considered implicit EOR for the update-delay purposes | |
290 | */ | |
d8151687 QY |
291 | void bgp_update_implicit_eors(struct peer *peer) |
292 | { | |
293 | if (!bgp_update_delay_active(peer->bgp)) | |
294 | return; /* BGP update delay has ended */ | |
295 | if (peer->update_delay_over) | |
296 | return; /* This peer has already been considered */ | |
297 | ||
298 | if (bgp_debug_neighbor_events(peer)) | |
299 | zlog_debug("Peer %s: Checking implicit EORs", peer->host); | |
300 | ||
feb17238 | 301 | if (peer_established(peer)) { |
d8151687 QY |
302 | peer->update_delay_over = 1; |
303 | peer->bgp->implicit_eors++; | |
304 | bgp_check_update_delay(peer->bgp); | |
305 | } | |
306 | } | |
307 | ||
becedef6 QY |
308 | /* |
309 | * Should be called only when there is a change in the EOR_RECEIVED status | |
310 | * for any afi/safi on a peer. | |
311 | */ | |
d8151687 QY |
312 | static void bgp_update_explicit_eors(struct peer *peer) |
313 | { | |
314 | afi_t afi; | |
315 | safi_t safi; | |
316 | ||
317 | if (!bgp_update_delay_active(peer->bgp)) | |
318 | return; /* BGP update delay has ended */ | |
319 | if (peer->update_delay_over) | |
320 | return; /* This peer has already been considered */ | |
321 | ||
322 | if (bgp_debug_neighbor_events(peer)) | |
323 | zlog_debug("Peer %s: Checking explicit EORs", peer->host); | |
324 | ||
f18ba3cd DS |
325 | FOREACH_AFI_SAFI (afi, safi) { |
326 | if (peer->afc_nego[afi][safi] | |
327 | && !CHECK_FLAG(peer->af_sflags[afi][safi], | |
328 | PEER_STATUS_EOR_RECEIVED)) { | |
329 | if (bgp_debug_neighbor_events(peer)) | |
330 | zlog_debug( | |
331 | " afi %d safi %d didn't receive EOR", | |
332 | afi, safi); | |
333 | return; | |
d8151687 | 334 | } |
f18ba3cd | 335 | } |
d8151687 QY |
336 | |
337 | peer->update_delay_over = 1; | |
338 | peer->bgp->explicit_eors++; | |
339 | bgp_check_update_delay(peer->bgp); | |
340 | } | |
341 | ||
342 | /** | |
343 | * Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers. | |
344 | * | |
345 | * mp_withdraw, if set, is used to nullify attr structure on most of the | |
346 | * calling safi function and for evpn, passed as parameter | |
347 | */ | |
348 | int bgp_nlri_parse(struct peer *peer, struct attr *attr, | |
349 | struct bgp_nlri *packet, int mp_withdraw) | |
350 | { | |
351 | switch (packet->safi) { | |
352 | case SAFI_UNICAST: | |
353 | case SAFI_MULTICAST: | |
354 | return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr, | |
355 | packet); | |
356 | case SAFI_LABELED_UNICAST: | |
357 | return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr, | |
358 | packet); | |
359 | case SAFI_MPLS_VPN: | |
360 | return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr, | |
361 | packet); | |
362 | case SAFI_EVPN: | |
363 | return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw); | |
7c40bf39 | 364 | case SAFI_FLOWSPEC: |
365 | return bgp_nlri_parse_flowspec(peer, attr, packet, mp_withdraw); | |
d8151687 | 366 | } |
513386b5 | 367 | return BGP_NLRI_PARSE_ERROR; |
d8151687 QY |
368 | } |
369 | ||
a783cc05 XL |
370 | |
371 | /* | |
372 | * Check if route-refresh request from peer is pending (received before EoR), | |
373 | * and process it now. | |
374 | */ | |
375 | static void bgp_process_pending_refresh(struct peer *peer, afi_t afi, | |
376 | safi_t safi) | |
377 | { | |
378 | if (CHECK_FLAG(peer->af_sflags[afi][safi], | |
379 | PEER_STATUS_REFRESH_PENDING)) { | |
380 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
381 | PEER_STATUS_REFRESH_PENDING); | |
382 | bgp_route_refresh_send(peer, afi, safi, 0, 0, 0, | |
383 | BGP_ROUTE_REFRESH_BORR); | |
384 | if (bgp_debug_neighbor_events(peer)) | |
385 | zlog_debug( | |
386 | "%pBP sending route-refresh (BoRR) for %s/%s (for pending REQUEST)", | |
387 | peer, afi2str(afi), safi2str(safi)); | |
388 | ||
389 | SET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_BORR_SEND); | |
390 | UNSET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EORR_SEND); | |
391 | bgp_announce_route(peer, afi, safi, true); | |
392 | } | |
393 | } | |
394 | ||
6ec98a2f QY |
395 | /* |
396 | * Checks a variety of conditions to determine whether the peer needs to be | |
397 | * rescheduled for packet generation again, and does so if necessary. | |
398 | * | |
399 | * @param peer to check for rescheduling | |
400 | */ | |
af1e1dc6 QY |
401 | static void bgp_write_proceed_actions(struct peer *peer) |
402 | { | |
403 | afi_t afi; | |
404 | safi_t safi; | |
405 | struct peer_af *paf; | |
406 | struct bpacket *next_pkt; | |
407 | struct update_subgroup *subgrp; | |
0e5cdd59 | 408 | enum bgp_af_index index; |
af1e1dc6 | 409 | |
0e5cdd59 DS |
410 | for (index = BGP_AF_START; index < BGP_AF_MAX; index++) { |
411 | paf = peer->peer_af_array[index]; | |
c58b0f46 QY |
412 | if (!paf) |
413 | continue; | |
0e5cdd59 | 414 | |
c58b0f46 QY |
415 | subgrp = paf->subgroup; |
416 | if (!subgrp) | |
417 | continue; | |
418 | ||
419 | next_pkt = paf->next_pkt_to_send; | |
420 | if (next_pkt && next_pkt->buffer) { | |
421 | BGP_TIMER_ON(peer->t_generate_updgrp_packets, | |
422 | bgp_generate_updgrp_packets, 0); | |
423 | return; | |
424 | } | |
af1e1dc6 | 425 | |
c58b0f46 QY |
426 | /* No packets readily available for AFI/SAFI, are there |
427 | * subgroup packets | |
428 | * that need to be generated? */ | |
429 | if (bpacket_queue_is_full(SUBGRP_INST(subgrp), | |
430 | SUBGRP_PKTQ(subgrp)) | |
431 | || subgroup_packets_to_build(subgrp)) { | |
432 | BGP_TIMER_ON(peer->t_generate_updgrp_packets, | |
433 | bgp_generate_updgrp_packets, 0); | |
434 | return; | |
435 | } | |
af1e1dc6 | 436 | |
0e5cdd59 DS |
437 | afi = paf->afi; |
438 | safi = paf->safi; | |
439 | ||
c58b0f46 QY |
440 | /* No packets to send, see if EOR is pending */ |
441 | if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) { | |
442 | if (!subgrp->t_coalesce && peer->afc_nego[afi][safi] | |
443 | && peer->synctime | |
444 | && !CHECK_FLAG(peer->af_sflags[afi][safi], | |
445 | PEER_STATUS_EOR_SEND) | |
446 | && safi != SAFI_MPLS_VPN) { | |
af1e1dc6 QY |
447 | BGP_TIMER_ON(peer->t_generate_updgrp_packets, |
448 | bgp_generate_updgrp_packets, 0); | |
449 | return; | |
450 | } | |
af1e1dc6 | 451 | } |
c58b0f46 | 452 | } |
af1e1dc6 QY |
453 | } |
454 | ||
6ec98a2f QY |
455 | /* |
456 | * Generate advertisement information (withdraws, updates, EOR) from each | |
457 | * update group a peer belongs to, encode this information into packets, and | |
458 | * enqueue the packets onto the peer's output buffer. | |
56257a44 | 459 | */ |
cc9f21da | 460 | void bgp_generate_updgrp_packets(struct thread *thread) |
718e3744 | 461 | { |
56257a44 | 462 | struct peer *peer = THREAD_ARG(thread); |
56257a44 QY |
463 | |
464 | struct stream *s; | |
d62a17ae | 465 | struct peer_af *paf; |
466 | struct bpacket *next_pkt; | |
d0ad6d8e QY |
467 | uint32_t wpq; |
468 | uint32_t generated = 0; | |
d62a17ae | 469 | afi_t afi; |
470 | safi_t safi; | |
471 | ||
d0ad6d8e QY |
472 | wpq = atomic_load_explicit(&peer->bgp->wpkt_quanta, |
473 | memory_order_relaxed); | |
474 | ||
d62a17ae | 475 | /* |
476 | * The code beyond this part deals with update packets, proceed only | |
477 | * if peer is Established and updates are not on hold (as part of | |
f4d2dd84 | 478 | * update-delay processing). |
3f9c7369 | 479 | */ |
feb17238 | 480 | if (!peer_established(peer)) |
cc9f21da | 481 | return; |
d62a17ae | 482 | |
f4d2dd84 DS |
483 | if ((peer->bgp->main_peers_update_hold) |
484 | || bgp_update_delay_active(peer->bgp)) | |
cc9f21da | 485 | return; |
d62a17ae | 486 | |
b10b6d52 | 487 | if (peer->t_routeadv) |
cc9f21da | 488 | return; |
b10b6d52 | 489 | |
963b7ee4 DS |
490 | /* |
491 | * Since the following is a do while loop | |
492 | * let's stop adding to the outq if we are | |
493 | * already at the limit. | |
494 | */ | |
495 | if (peer->obuf->count >= bm->outq_limit) { | |
496 | bgp_write_proceed_actions(peer); | |
497 | return; | |
498 | } | |
499 | ||
56257a44 | 500 | do { |
0e5cdd59 DS |
501 | enum bgp_af_index index; |
502 | ||
56257a44 | 503 | s = NULL; |
0e5cdd59 DS |
504 | for (index = BGP_AF_START; index < BGP_AF_MAX; index++) { |
505 | paf = peer->peer_af_array[index]; | |
c58b0f46 QY |
506 | if (!paf || !PAF_SUBGRP(paf)) |
507 | continue; | |
0e5cdd59 DS |
508 | |
509 | afi = paf->afi; | |
510 | safi = paf->safi; | |
c58b0f46 | 511 | next_pkt = paf->next_pkt_to_send; |
80bd61c4 | 512 | |
c58b0f46 QY |
513 | /* |
514 | * Try to generate a packet for the peer if we are at | |
515 | * the end of the list. Always try to push out | |
516 | * WITHDRAWs first. | |
517 | */ | |
518 | if (!next_pkt || !next_pkt->buffer) { | |
519 | next_pkt = subgroup_withdraw_packet( | |
520 | PAF_SUBGRP(paf)); | |
521 | if (!next_pkt || !next_pkt->buffer) | |
522 | subgroup_update_packet(PAF_SUBGRP(paf)); | |
523 | next_pkt = paf->next_pkt_to_send; | |
524 | } | |
80bd61c4 | 525 | |
c58b0f46 QY |
526 | /* |
527 | * If we still don't have a packet to send to the peer, | |
528 | * then try to find out out if we have to send eor or | |
529 | * if not, skip to the next AFI, SAFI. Don't send the | |
530 | * EOR prematurely; if the subgroup's coalesce timer is | |
531 | * running, the adjacency-out structure is not created | |
532 | * yet. | |
533 | */ | |
534 | if (!next_pkt || !next_pkt->buffer) { | |
9af52ccf DA |
535 | if (!paf->t_announce_route) { |
536 | /* Make sure we supress BGP UPDATES | |
537 | * for normal processing later again. | |
538 | */ | |
2adac256 DA |
539 | UNSET_FLAG(paf->subgroup->sflags, |
540 | SUBGRP_STATUS_FORCE_UPDATES); | |
541 | ||
9af52ccf DA |
542 | /* If route-refresh BoRR message was |
543 | * already sent and we are done with | |
544 | * re-announcing tables for a decent | |
545 | * afi/safi, we ready to send | |
546 | * EoRR request. | |
547 | */ | |
548 | if (CHECK_FLAG( | |
549 | peer->af_sflags[afi][safi], | |
550 | PEER_STATUS_BORR_SEND)) { | |
551 | bgp_route_refresh_send( | |
552 | peer, afi, safi, 0, 0, | |
553 | 0, | |
554 | BGP_ROUTE_REFRESH_EORR); | |
555 | ||
556 | SET_FLAG(peer->af_sflags[afi] | |
557 | [safi], | |
558 | PEER_STATUS_EORR_SEND); | |
559 | UNSET_FLAG( | |
560 | peer->af_sflags[afi] | |
561 | [safi], | |
562 | PEER_STATUS_BORR_SEND); | |
563 | ||
564 | if (bgp_debug_neighbor_events( | |
565 | peer)) | |
566 | zlog_debug( | |
f70c91dc DA |
567 | "%pBP sending route-refresh (EoRR) for %s/%s", |
568 | peer, | |
9af52ccf DA |
569 | afi2str(afi), |
570 | safi2str(safi)); | |
571 | } | |
572 | } | |
573 | ||
c58b0f46 | 574 | if (CHECK_FLAG(peer->cap, |
36235319 | 575 | PEER_CAP_RESTART_RCV)) { |
c58b0f46 | 576 | if (!(PAF_SUBGRP(paf))->t_coalesce |
36235319 QY |
577 | && peer->afc_nego[afi][safi] |
578 | && peer->synctime | |
579 | && !CHECK_FLAG( | |
580 | peer->af_sflags[afi][safi], | |
581 | PEER_STATUS_EOR_SEND)) { | |
d6e3c15b | 582 | /* If EOR is disabled, |
583 | * the message is not sent | |
584 | */ | |
36235319 QY |
585 | if (BGP_SEND_EOR(peer->bgp, afi, |
586 | safi)) { | |
d6e3c15b | 587 | SET_FLAG( |
36235319 QY |
588 | peer->af_sflags |
589 | [afi] | |
590 | [safi], | |
591 | PEER_STATUS_EOR_SEND); | |
d6e3c15b | 592 | |
9e3b51a7 | 593 | /* Update EOR |
594 | * send time | |
595 | */ | |
36235319 QY |
596 | peer->eor_stime[afi] |
597 | [safi] = | |
598 | monotime(NULL); | |
9e3b51a7 | 599 | |
d6e3c15b | 600 | BGP_UPDATE_EOR_PKT( |
36235319 QY |
601 | peer, afi, safi, |
602 | s); | |
a783cc05 XL |
603 | bgp_process_pending_refresh( |
604 | peer, afi, | |
605 | safi); | |
56257a44 | 606 | } |
80bd61c4 | 607 | } |
d62a17ae | 608 | } |
c58b0f46 QY |
609 | continue; |
610 | } | |
9e3b51a7 | 611 | |
612 | /* Update packet send time */ | |
613 | peer->pkt_stime[afi][safi] = monotime(NULL); | |
614 | ||
c58b0f46 QY |
615 | /* Found a packet template to send, overwrite |
616 | * packet with appropriate attributes from peer | |
617 | * and advance peer */ | |
618 | s = bpacket_reformat_for_peer(next_pkt, paf); | |
619 | bgp_packet_add(peer, s); | |
c58b0f46 QY |
620 | bpacket_queue_advance_peer(paf); |
621 | } | |
963b7ee4 DS |
622 | } while (s && (++generated < wpq) && |
623 | (peer->obuf->count <= bm->outq_limit)); | |
80bd61c4 | 624 | |
6ec98a2f QY |
625 | if (generated) |
626 | bgp_writes_on(peer); | |
627 | ||
af1e1dc6 | 628 | bgp_write_proceed_actions(peer); |
80bd61c4 QY |
629 | } |
630 | ||
d3ecc69e QY |
631 | /* |
632 | * Creates a BGP Keepalive packet and appends it to the peer's output queue. | |
633 | */ | |
d62a17ae | 634 | void bgp_keepalive_send(struct peer *peer) |
718e3744 | 635 | { |
d62a17ae | 636 | struct stream *s; |
637 | ||
556beacf | 638 | s = stream_new(BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE); |
718e3744 | 639 | |
d62a17ae | 640 | /* Make keepalive packet. */ |
641 | bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE); | |
718e3744 | 642 | |
d62a17ae | 643 | /* Set packet size. */ |
65baedca | 644 | bgp_packet_set_size(s); |
718e3744 | 645 | |
d62a17ae | 646 | /* Dump packet if debug option is set. */ |
647 | /* bgp_packet_dump (s); */ | |
718e3744 | 648 | |
d62a17ae | 649 | if (bgp_debug_keepalive(peer)) |
650 | zlog_debug("%s sending KEEPALIVE", peer->host); | |
718e3744 | 651 | |
d62a17ae | 652 | /* Add packet to the peer. */ |
653 | bgp_packet_add(peer, s); | |
424ab01d QY |
654 | |
655 | bgp_writes_on(peer); | |
718e3744 | 656 | } |
657 | ||
d3ecc69e QY |
658 | /* |
659 | * Creates a BGP Open packet and appends it to the peer's output queue. | |
660 | * Sets capabilities as necessary. | |
661 | */ | |
d62a17ae | 662 | void bgp_open_send(struct peer *peer) |
718e3744 | 663 | { |
d62a17ae | 664 | struct stream *s; |
d7c0a89a | 665 | uint16_t send_holdtime; |
d62a17ae | 666 | as_t local_as; |
718e3744 | 667 | |
b90a8e13 | 668 | if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER)) |
d62a17ae | 669 | send_holdtime = peer->holdtime; |
670 | else | |
671 | send_holdtime = peer->bgp->default_holdtime; | |
718e3744 | 672 | |
d62a17ae | 673 | /* local-as Change */ |
674 | if (peer->change_local_as) | |
675 | local_as = peer->change_local_as; | |
676 | else | |
677 | local_as = peer->local_as; | |
718e3744 | 678 | |
556beacf | 679 | s = stream_new(BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE); |
718e3744 | 680 | |
d62a17ae | 681 | /* Make open packet. */ |
682 | bgp_packet_set_marker(s, BGP_MSG_OPEN); | |
718e3744 | 683 | |
d62a17ae | 684 | /* Set open packet values. */ |
685 | stream_putc(s, BGP_VERSION_4); /* BGP version */ | |
d7c0a89a QY |
686 | stream_putw(s, (local_as <= BGP_AS_MAX) ? (uint16_t)local_as |
687 | : BGP_AS_TRANS); | |
d62a17ae | 688 | stream_putw(s, send_holdtime); /* Hold Time */ |
689 | stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */ | |
718e3744 | 690 | |
d08c0c80 DA |
691 | /* Set capabilities */ |
692 | if (CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) { | |
693 | (void)bgp_open_capability(s, peer, true); | |
694 | } else { | |
695 | struct stream *tmp = stream_new(STREAM_SIZE(s)); | |
696 | ||
697 | stream_copy(tmp, s); | |
698 | if (bgp_open_capability(tmp, peer, false) | |
699 | > BGP_OPEN_NON_EXT_OPT_LEN) { | |
700 | stream_free(tmp); | |
701 | (void)bgp_open_capability(s, peer, true); | |
702 | } else { | |
703 | stream_copy(s, tmp); | |
704 | stream_free(tmp); | |
705 | } | |
706 | } | |
718e3744 | 707 | |
d62a17ae | 708 | /* Set BGP packet length. */ |
65baedca | 709 | bgp_packet_set_size(s); |
718e3744 | 710 | |
d62a17ae | 711 | if (bgp_debug_neighbor_events(peer)) |
712 | zlog_debug( | |
23d0a753 | 713 | "%s sending OPEN, version %d, my as %u, holdtime %d, id %pI4", |
d62a17ae | 714 | peer->host, BGP_VERSION_4, local_as, send_holdtime, |
23d0a753 | 715 | &peer->local_id); |
718e3744 | 716 | |
d62a17ae | 717 | /* Dump packet if debug option is set. */ |
718 | /* bgp_packet_dump (s); */ | |
6fd04594 | 719 | hook_call(bgp_packet_send, peer, BGP_MSG_OPEN, stream_get_endp(s), s); |
718e3744 | 720 | |
d62a17ae | 721 | /* Add packet to the peer. */ |
722 | bgp_packet_add(peer, s); | |
424ab01d QY |
723 | |
724 | bgp_writes_on(peer); | |
725 | } | |
726 | ||
a127f33b QY |
727 | /* |
728 | * Writes NOTIFICATION message directly to a peer socket without waiting for | |
729 | * the I/O thread. | |
730 | * | |
731 | * There must be exactly one stream on the peer->obuf FIFO, and the data within | |
732 | * this stream must match the format of a BGP NOTIFICATION message. | |
733 | * Transmission is best-effort. | |
734 | * | |
735 | * @requires peer->io_mtx | |
736 | * @param peer | |
737 | * @return 0 | |
738 | */ | |
3dc339cd | 739 | static void bgp_write_notify(struct peer *peer) |
424ab01d QY |
740 | { |
741 | int ret, val; | |
d7c0a89a | 742 | uint8_t type; |
424ab01d QY |
743 | struct stream *s; |
744 | ||
a127f33b QY |
745 | /* There should be at least one packet. */ |
746 | s = stream_fifo_pop(peer->obuf); | |
424ab01d | 747 | |
8ec586b0 | 748 | if (!s) |
3dc339cd | 749 | return; |
8ec586b0 QY |
750 | |
751 | assert(stream_get_endp(s) >= BGP_HEADER_SIZE); | |
752 | ||
becedef6 QY |
753 | /* |
754 | * socket is in nonblocking mode, if we can't deliver the NOTIFY, well, | |
755 | * we only care about getting a clean shutdown at this point. | |
756 | */ | |
424ab01d QY |
757 | ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s)); |
758 | ||
becedef6 QY |
759 | /* |
760 | * only connection reset/close gets counted as TCP_fatal_error, failure | |
761 | * to write the entire NOTIFY doesn't get different FSM treatment | |
762 | */ | |
424ab01d | 763 | if (ret <= 0) { |
3735936b | 764 | stream_free(s); |
424ab01d | 765 | BGP_EVENT_ADD(peer, TCP_fatal_error); |
3dc339cd | 766 | return; |
424ab01d QY |
767 | } |
768 | ||
769 | /* Disable Nagle, make NOTIFY packet go out right away */ | |
770 | val = 1; | |
771 | (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val, | |
772 | sizeof(val)); | |
773 | ||
774 | /* Retrieve BGP packet type. */ | |
775 | stream_set_getp(s, BGP_MARKER_SIZE + 2); | |
776 | type = stream_getc(s); | |
777 | ||
778 | assert(type == BGP_MSG_NOTIFY); | |
779 | ||
780 | /* Type should be notify. */ | |
0112e9e0 | 781 | atomic_fetch_add_explicit(&peer->notify_out, 1, memory_order_relaxed); |
424ab01d QY |
782 | |
783 | /* Double start timer. */ | |
784 | peer->v_start *= 2; | |
785 | ||
786 | /* Overflow check. */ | |
787 | if (peer->v_start >= (60 * 2)) | |
788 | peer->v_start = (60 * 2); | |
789 | ||
becedef6 QY |
790 | /* |
791 | * Handle Graceful Restart case where the state changes to | |
792 | * Connect instead of Idle | |
793 | */ | |
424ab01d QY |
794 | BGP_EVENT_ADD(peer, BGP_Stop); |
795 | ||
3735936b | 796 | stream_free(s); |
718e3744 | 797 | } |
798 | ||
eea685b6 DA |
799 | /* |
800 | * Encapsulate an original BGP CEASE Notification into Hard Reset | |
801 | */ | |
802 | static uint8_t *bgp_notify_encapsulate_hard_reset(uint8_t code, uint8_t subcode, | |
803 | uint8_t *data, size_t datalen) | |
804 | { | |
805 | uint8_t *message = XCALLOC(MTYPE_BGP_NOTIFICATION, datalen + 2); | |
806 | ||
807 | /* ErrCode */ | |
808 | message[0] = code; | |
809 | /* Subcode */ | |
810 | message[1] = subcode; | |
811 | /* Data */ | |
812 | if (datalen) | |
813 | memcpy(message + 2, data, datalen); | |
814 | ||
815 | return message; | |
816 | } | |
817 | ||
818 | /* | |
819 | * Decapsulate an original BGP CEASE Notification from Hard Reset | |
820 | */ | |
821 | struct bgp_notify bgp_notify_decapsulate_hard_reset(struct bgp_notify *notify) | |
822 | { | |
823 | struct bgp_notify bn = {}; | |
824 | ||
825 | bn.code = notify->raw_data[0]; | |
826 | bn.subcode = notify->raw_data[1]; | |
827 | bn.length = notify->length - 2; | |
828 | ||
c73d2363 | 829 | bn.raw_data = XMALLOC(MTYPE_BGP_NOTIFICATION, bn.length); |
eea685b6 DA |
830 | memcpy(bn.raw_data, notify->raw_data + 2, bn.length); |
831 | ||
832 | return bn; | |
833 | } | |
834 | ||
20170775 DA |
835 | /* Check if Graceful-Restart N-bit is exchanged */ |
836 | bool bgp_has_graceful_restart_notification(struct peer *peer) | |
837 | { | |
838 | return CHECK_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV) && | |
839 | CHECK_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV); | |
840 | } | |
841 | ||
eea685b6 DA |
842 | /* |
843 | * Check if to send BGP CEASE Notification/Hard Reset? | |
844 | */ | |
1ae314be DA |
845 | bool bgp_notify_send_hard_reset(struct peer *peer, uint8_t code, |
846 | uint8_t subcode) | |
eea685b6 DA |
847 | { |
848 | /* When the "N" bit has been exchanged, a Hard Reset message is used to | |
849 | * indicate to the peer that the session is to be fully terminated. | |
850 | */ | |
20170775 | 851 | if (!bgp_has_graceful_restart_notification(peer)) |
eea685b6 DA |
852 | return false; |
853 | ||
854 | /* | |
855 | * https://datatracker.ietf.org/doc/html/rfc8538#section-5.1 | |
856 | */ | |
1ae314be | 857 | if (code == BGP_NOTIFY_CEASE) { |
eea685b6 DA |
858 | switch (subcode) { |
859 | case BGP_NOTIFY_CEASE_MAX_PREFIX: | |
860 | case BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN: | |
861 | case BGP_NOTIFY_CEASE_PEER_UNCONFIG: | |
862 | case BGP_NOTIFY_CEASE_HARD_RESET: | |
aebe2e37 | 863 | case BGP_NOTIFY_CEASE_BFD_DOWN: |
eea685b6 | 864 | return true; |
1ae314be DA |
865 | case BGP_NOTIFY_CEASE_ADMIN_RESET: |
866 | /* Provide user control: | |
867 | * `bgp hard-adminstrative-reset` | |
868 | */ | |
869 | if (CHECK_FLAG(peer->bgp->flags, | |
870 | BGP_FLAG_HARD_ADMIN_RESET)) | |
871 | return true; | |
872 | else | |
873 | return false; | |
eea685b6 DA |
874 | default: |
875 | break; | |
876 | } | |
877 | } | |
878 | ||
879 | return false; | |
880 | } | |
881 | ||
1ae314be DA |
882 | /* |
883 | * Check if received BGP CEASE Notification/Hard Reset? | |
884 | */ | |
885 | bool bgp_notify_received_hard_reset(struct peer *peer, uint8_t code, | |
886 | uint8_t subcode) | |
887 | { | |
888 | /* When the "N" bit has been exchanged, a Hard Reset message is used to | |
889 | * indicate to the peer that the session is to be fully terminated. | |
890 | */ | |
20170775 | 891 | if (!bgp_has_graceful_restart_notification(peer)) |
1ae314be DA |
892 | return false; |
893 | ||
894 | if (code == BGP_NOTIFY_CEASE && subcode == BGP_NOTIFY_CEASE_HARD_RESET) | |
895 | return true; | |
896 | ||
897 | return false; | |
898 | } | |
899 | ||
d3ecc69e QY |
900 | /* |
901 | * Creates a BGP Notify and appends it to the peer's output queue. | |
902 | * | |
becedef6 QY |
903 | * This function attempts to write the packet from the thread it is called |
904 | * from, to ensure the packet gets out ASAP. | |
d3ecc69e | 905 | * |
a127f33b QY |
906 | * This function may be called from multiple threads. Since the function |
907 | * modifies I/O buffer(s) in the peer, these are locked for the duration of the | |
908 | * call to prevent tampering from other threads. | |
909 | * | |
910 | * Delivery of the NOTIFICATION is attempted once and is best-effort. After | |
911 | * return, the peer structure *must* be reset; no assumptions about session | |
912 | * state are valid. | |
913 | * | |
d3ecc69e QY |
914 | * @param peer |
915 | * @param code BGP error code | |
916 | * @param sub_code BGP error subcode | |
917 | * @param data Data portion | |
918 | * @param datalen length of data portion | |
919 | */ | |
71ca5b09 MS |
920 | static void bgp_notify_send_internal(struct peer *peer, uint8_t code, |
921 | uint8_t sub_code, uint8_t *data, | |
922 | size_t datalen, bool use_curr) | |
718e3744 | 923 | { |
d62a17ae | 924 | struct stream *s; |
1ae314be | 925 | bool hard_reset = bgp_notify_send_hard_reset(peer, code, sub_code); |
d62a17ae | 926 | |
a127f33b | 927 | /* Lock I/O mutex to prevent other threads from pushing packets */ |
00dffa8c | 928 | frr_mutex_lock_autounlock(&peer->io_mtx); |
a127f33b QY |
929 | /* ============================================== */ |
930 | ||
d62a17ae | 931 | /* Allocate new stream. */ |
ef56aee4 | 932 | s = stream_new(peer->max_packet_size); |
d62a17ae | 933 | |
d3ecc69e | 934 | /* Make notify packet. */ |
d62a17ae | 935 | bgp_packet_set_marker(s, BGP_MSG_NOTIFY); |
936 | ||
eea685b6 DA |
937 | /* Check if we should send Hard Reset Notification or not */ |
938 | if (hard_reset) { | |
939 | uint8_t *hard_reset_message = bgp_notify_encapsulate_hard_reset( | |
940 | code, sub_code, data, datalen); | |
d62a17ae | 941 | |
eea685b6 DA |
942 | /* Hard Reset encapsulates another NOTIFICATION message |
943 | * in its data portion. | |
944 | */ | |
945 | stream_putc(s, BGP_NOTIFY_CEASE); | |
946 | stream_putc(s, BGP_NOTIFY_CEASE_HARD_RESET); | |
947 | stream_write(s, hard_reset_message, datalen + 2); | |
948 | ||
949 | XFREE(MTYPE_BGP_NOTIFICATION, hard_reset_message); | |
950 | } else { | |
951 | stream_putc(s, code); | |
952 | stream_putc(s, sub_code); | |
953 | if (data) | |
954 | stream_write(s, data, datalen); | |
955 | } | |
d62a17ae | 956 | |
957 | /* Set BGP packet length. */ | |
bd6b2706 | 958 | bgp_packet_set_size(s); |
d62a17ae | 959 | |
424ab01d | 960 | /* wipe output buffer */ |
a127f33b | 961 | stream_fifo_clean(peer->obuf); |
d62a17ae | 962 | |
becedef6 QY |
963 | /* |
964 | * If possible, store last packet for debugging purposes. This check is | |
965 | * in place because we are sometimes called with a doppelganger peer, | |
966 | * who tends to have a plethora of fields nulled out. | |
71ca5b09 MS |
967 | * |
968 | * Some callers should not attempt this - the io pthread for example | |
969 | * should not touch internals of the peer struct. | |
becedef6 | 970 | */ |
71ca5b09 | 971 | if (use_curr && peer->curr) { |
d8151687 | 972 | size_t packetsize = stream_get_endp(peer->curr); |
556beacf | 973 | assert(packetsize <= peer->max_packet_size); |
d8151687 QY |
974 | memcpy(peer->last_reset_cause, peer->curr->data, packetsize); |
975 | peer->last_reset_cause_size = packetsize; | |
976 | } | |
977 | ||
d62a17ae | 978 | /* For debug */ |
979 | { | |
980 | struct bgp_notify bgp_notify; | |
981 | int first = 0; | |
982 | int i; | |
983 | char c[4]; | |
984 | ||
985 | bgp_notify.code = code; | |
986 | bgp_notify.subcode = sub_code; | |
987 | bgp_notify.data = NULL; | |
e0981960 | 988 | bgp_notify.length = datalen; |
d62a17ae | 989 | bgp_notify.raw_data = data; |
990 | ||
991 | peer->notify.code = bgp_notify.code; | |
992 | peer->notify.subcode = bgp_notify.subcode; | |
3573b171 | 993 | peer->notify.length = bgp_notify.length; |
d62a17ae | 994 | |
e0981960 | 995 | if (bgp_notify.length && data) { |
3573b171 DA |
996 | bgp_notify.data = XMALLOC(MTYPE_BGP_NOTIFICATION, |
997 | bgp_notify.length * 3); | |
d62a17ae | 998 | for (i = 0; i < bgp_notify.length; i++) |
999 | if (first) { | |
552d6491 QY |
1000 | snprintf(c, sizeof(c), " %02x", |
1001 | data[i]); | |
f009ff26 | 1002 | |
552d6491 | 1003 | strlcat(bgp_notify.data, c, |
2ba1fe69 | 1004 | bgp_notify.length); |
f009ff26 | 1005 | |
d62a17ae | 1006 | } else { |
1007 | first = 1; | |
552d6491 | 1008 | snprintf(c, sizeof(c), "%02x", data[i]); |
f009ff26 | 1009 | |
552d6491 | 1010 | strlcpy(bgp_notify.data, c, |
2ba1fe69 | 1011 | bgp_notify.length); |
d62a17ae | 1012 | } |
1013 | } | |
eea685b6 | 1014 | bgp_notify_print(peer, &bgp_notify, "sending", hard_reset); |
d62a17ae | 1015 | |
1016 | if (bgp_notify.data) { | |
3573b171 DA |
1017 | if (data) { |
1018 | XFREE(MTYPE_BGP_NOTIFICATION, | |
1019 | peer->notify.data); | |
1020 | peer->notify.data = XCALLOC( | |
1021 | MTYPE_BGP_NOTIFICATION, datalen); | |
1022 | memcpy(peer->notify.data, data, datalen); | |
1023 | } | |
1024 | ||
1025 | XFREE(MTYPE_BGP_NOTIFICATION, bgp_notify.data); | |
d62a17ae | 1026 | bgp_notify.length = 0; |
1027 | } | |
1028 | } | |
1029 | ||
1030 | /* peer reset cause */ | |
1031 | if (code == BGP_NOTIFY_CEASE) { | |
1032 | if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET) | |
1033 | peer->last_reset = PEER_DOWN_USER_RESET; | |
5597214c DA |
1034 | else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN) { |
1035 | if (CHECK_FLAG(peer->sflags, PEER_STATUS_RTT_SHUTDOWN)) | |
1036 | peer->last_reset = PEER_DOWN_RTT_SHUTDOWN; | |
1037 | else | |
1038 | peer->last_reset = PEER_DOWN_USER_SHUTDOWN; | |
1039 | } else | |
d62a17ae | 1040 | peer->last_reset = PEER_DOWN_NOTIFY_SEND; |
1041 | } else | |
1042 | peer->last_reset = PEER_DOWN_NOTIFY_SEND; | |
1043 | ||
d3ecc69e | 1044 | /* Add packet to peer's output queue */ |
a127f33b | 1045 | stream_fifo_push(peer->obuf, s); |
424ab01d | 1046 | |
5cce3f05 | 1047 | bgp_peer_gr_flags_update(peer); |
36235319 QY |
1048 | BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp, |
1049 | peer->bgp->peer); | |
5cce3f05 | 1050 | |
424ab01d | 1051 | bgp_write_notify(peer); |
718e3744 | 1052 | } |
1053 | ||
d3ecc69e QY |
1054 | /* |
1055 | * Creates a BGP Notify and appends it to the peer's output queue. | |
1056 | * | |
becedef6 QY |
1057 | * This function attempts to write the packet from the thread it is called |
1058 | * from, to ensure the packet gets out ASAP. | |
d3ecc69e QY |
1059 | * |
1060 | * @param peer | |
1061 | * @param code BGP error code | |
1062 | * @param sub_code BGP error subcode | |
1063 | */ | |
d7c0a89a | 1064 | void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) |
718e3744 | 1065 | { |
71ca5b09 MS |
1066 | bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); |
1067 | } | |
1068 | ||
1069 | /* | |
1070 | * Enqueue notification; called from the main pthread, peer object access is ok. | |
1071 | */ | |
1072 | void bgp_notify_send_with_data(struct peer *peer, uint8_t code, | |
1073 | uint8_t sub_code, uint8_t *data, size_t datalen) | |
1074 | { | |
1075 | bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); | |
1076 | } | |
1077 | ||
1078 | /* | |
1079 | * For use by the io pthread, queueing a notification but avoiding access to | |
1080 | * the peer object. | |
1081 | */ | |
1082 | void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, | |
1083 | uint8_t *data, size_t datalen) | |
1084 | { | |
1085 | /* Avoid touching the peer object */ | |
1086 | bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); | |
718e3744 | 1087 | } |
1088 | ||
d3ecc69e QY |
1089 | /* |
1090 | * Creates BGP Route Refresh packet and appends it to the peer's output queue. | |
1091 | * | |
1092 | * @param peer | |
1093 | * @param afi Address Family Identifier | |
1094 | * @param safi Subsequent Address Family Identifier | |
1095 | * @param orf_type Outbound Route Filtering type | |
1096 | * @param when_to_refresh Whether to refresh immediately or defer | |
1097 | * @param remove Whether to remove ORF for specified AFI/SAFI | |
1098 | */ | |
d62a17ae | 1099 | void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, |
d7c0a89a | 1100 | uint8_t orf_type, uint8_t when_to_refresh, |
9af52ccf | 1101 | int remove, uint8_t subtype) |
718e3744 | 1102 | { |
d62a17ae | 1103 | struct stream *s; |
1104 | struct bgp_filter *filter; | |
1105 | int orf_refresh = 0; | |
617975d1 DS |
1106 | iana_afi_t pkt_afi = IANA_AFI_IPV4; |
1107 | iana_safi_t pkt_safi = IANA_SAFI_UNICAST; | |
d62a17ae | 1108 | |
1109 | if (DISABLE_BGP_ANNOUNCE) | |
1110 | return; | |
1111 | ||
1112 | filter = &peer->filter[afi][safi]; | |
1113 | ||
1114 | /* Convert AFI, SAFI to values for packet. */ | |
1115 | bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi); | |
1116 | ||
ef56aee4 | 1117 | s = stream_new(peer->max_packet_size); |
d62a17ae | 1118 | |
1119 | /* Make BGP update packet. */ | |
1120 | if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV)) | |
1121 | bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW); | |
718e3744 | 1122 | else |
d62a17ae | 1123 | bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD); |
1124 | ||
1125 | /* Encode Route Refresh message. */ | |
1126 | stream_putw(s, pkt_afi); | |
9af52ccf DA |
1127 | if (subtype) |
1128 | stream_putc(s, subtype); | |
1129 | else | |
1130 | stream_putc(s, 0); | |
d62a17ae | 1131 | stream_putc(s, pkt_safi); |
1132 | ||
1133 | if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD) | |
1134 | if (remove || filter->plist[FILTER_IN].plist) { | |
d7c0a89a | 1135 | uint16_t orf_len; |
d62a17ae | 1136 | unsigned long orfp; |
1137 | ||
1138 | orf_refresh = 1; | |
1139 | stream_putc(s, when_to_refresh); | |
1140 | stream_putc(s, orf_type); | |
1141 | orfp = stream_get_endp(s); | |
1142 | stream_putw(s, 0); | |
1143 | ||
1144 | if (remove) { | |
1145 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
1146 | PEER_STATUS_ORF_PREFIX_SEND); | |
1147 | stream_putc(s, ORF_COMMON_PART_REMOVE_ALL); | |
1148 | if (bgp_debug_neighbor_events(peer)) | |
1149 | zlog_debug( | |
f70c91dc DA |
1150 | "%pBP sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %s/%s", |
1151 | peer, orf_type, | |
a7d91a8c DA |
1152 | (when_to_refresh == |
1153 | REFRESH_DEFER | |
d62a17ae | 1154 | ? "defer" |
1155 | : "immediate"), | |
748a041f DS |
1156 | iana_afi2str(pkt_afi), |
1157 | iana_safi2str(pkt_safi)); | |
d62a17ae | 1158 | } else { |
1159 | SET_FLAG(peer->af_sflags[afi][safi], | |
1160 | PEER_STATUS_ORF_PREFIX_SEND); | |
1161 | prefix_bgp_orf_entry( | |
1162 | s, filter->plist[FILTER_IN].plist, | |
1163 | ORF_COMMON_PART_ADD, | |
1164 | ORF_COMMON_PART_PERMIT, | |
1165 | ORF_COMMON_PART_DENY); | |
1166 | if (bgp_debug_neighbor_events(peer)) | |
1167 | zlog_debug( | |
f70c91dc DA |
1168 | "%pBP sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %s/%s", |
1169 | peer, orf_type, | |
a7d91a8c DA |
1170 | (when_to_refresh == |
1171 | REFRESH_DEFER | |
d62a17ae | 1172 | ? "defer" |
1173 | : "immediate"), | |
748a041f DS |
1174 | iana_afi2str(pkt_afi), |
1175 | iana_safi2str(pkt_safi)); | |
d62a17ae | 1176 | } |
1177 | ||
1178 | /* Total ORF Entry Len. */ | |
1179 | orf_len = stream_get_endp(s) - orfp - 2; | |
1180 | stream_putw_at(s, orfp, orf_len); | |
1181 | } | |
1182 | ||
1183 | /* Set packet size. */ | |
65baedca | 1184 | bgp_packet_set_size(s); |
d62a17ae | 1185 | |
1186 | if (bgp_debug_neighbor_events(peer)) { | |
1187 | if (!orf_refresh) | |
a7d91a8c | 1188 | zlog_debug( |
f70c91dc DA |
1189 | "%pBP sending REFRESH_REQ for afi/safi: %s/%s", |
1190 | peer, iana_afi2str(pkt_afi), | |
1191 | iana_safi2str(pkt_safi)); | |
d62a17ae | 1192 | } |
1193 | ||
1194 | /* Add packet to the peer. */ | |
1195 | bgp_packet_add(peer, s); | |
424ab01d QY |
1196 | |
1197 | bgp_writes_on(peer); | |
718e3744 | 1198 | } |
1199 | ||
d3ecc69e QY |
1200 | /* |
1201 | * Create a BGP Capability packet and append it to the peer's output queue. | |
1202 | * | |
1203 | * @param peer | |
1204 | * @param afi Address Family Identifier | |
1205 | * @param safi Subsequent Address Family Identifier | |
1206 | * @param capability_code BGP Capability Code | |
1207 | * @param action Set or Remove capability | |
1208 | */ | |
d62a17ae | 1209 | void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi, |
1210 | int capability_code, int action) | |
718e3744 | 1211 | { |
d62a17ae | 1212 | struct stream *s; |
617975d1 DS |
1213 | iana_afi_t pkt_afi = IANA_AFI_IPV4; |
1214 | iana_safi_t pkt_safi = IANA_SAFI_UNICAST; | |
d62a17ae | 1215 | |
1216 | /* Convert AFI, SAFI to values for packet. */ | |
1217 | bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi); | |
1218 | ||
ef56aee4 | 1219 | s = stream_new(peer->max_packet_size); |
d62a17ae | 1220 | |
1221 | /* Make BGP update packet. */ | |
1222 | bgp_packet_set_marker(s, BGP_MSG_CAPABILITY); | |
1223 | ||
1224 | /* Encode MP_EXT capability. */ | |
1225 | if (capability_code == CAPABILITY_CODE_MP) { | |
1226 | stream_putc(s, action); | |
1227 | stream_putc(s, CAPABILITY_CODE_MP); | |
1228 | stream_putc(s, CAPABILITY_CODE_MP_LEN); | |
1229 | stream_putw(s, pkt_afi); | |
1230 | stream_putc(s, 0); | |
1231 | stream_putc(s, pkt_safi); | |
1232 | ||
1233 | if (bgp_debug_neighbor_events(peer)) | |
1234 | zlog_debug( | |
f70c91dc DA |
1235 | "%pBP sending CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s", |
1236 | peer, | |
d62a17ae | 1237 | action == CAPABILITY_ACTION_SET ? "Advertising" |
1238 | : "Removing", | |
748a041f | 1239 | iana_afi2str(pkt_afi), iana_safi2str(pkt_safi)); |
d62a17ae | 1240 | } |
1241 | ||
1242 | /* Set packet size. */ | |
65baedca | 1243 | bgp_packet_set_size(s); |
718e3744 | 1244 | |
d62a17ae | 1245 | /* Add packet to the peer. */ |
1246 | bgp_packet_add(peer, s); | |
424ab01d QY |
1247 | |
1248 | bgp_writes_on(peer); | |
d62a17ae | 1249 | } |
718e3744 | 1250 | |
d62a17ae | 1251 | /* RFC1771 6.8 Connection collision detection. */ |
1252 | static int bgp_collision_detect(struct peer *new, struct in_addr remote_id) | |
1253 | { | |
1254 | struct peer *peer; | |
1255 | ||
f88221f3 DS |
1256 | /* |
1257 | * Upon receipt of an OPEN message, the local system must examine | |
1258 | * all of its connections that are in the OpenConfirm state. A BGP | |
1259 | * speaker may also examine connections in an OpenSent state if it | |
1260 | * knows the BGP Identifier of the peer by means outside of the | |
1261 | * protocol. If among these connections there is a connection to a | |
1262 | * remote BGP speaker whose BGP Identifier equals the one in the | |
1263 | * OPEN message, then the local system performs the following | |
1264 | * collision resolution procedure: | |
1265 | */ | |
1266 | peer = new->doppelganger; | |
1267 | if (peer == NULL) | |
1268 | return 0; | |
1269 | ||
1270 | /* | |
1271 | * Do not accept the new connection in Established or Clearing | |
1272 | * states. Note that a peer GR is handled by closing the existing | |
1273 | * connection upon receipt of new one. | |
1274 | */ | |
feb17238 | 1275 | if (peer_established(peer) || peer->status == Clearing) { |
f88221f3 DS |
1276 | bgp_notify_send(new, BGP_NOTIFY_CEASE, |
1277 | BGP_NOTIFY_CEASE_COLLISION_RESOLUTION); | |
1278 | return -1; | |
1279 | } | |
1280 | ||
1281 | if ((peer->status != OpenConfirm) && (peer->status != OpenSent)) | |
1282 | return 0; | |
1283 | ||
1284 | /* | |
1285 | * 1. The BGP Identifier of the local system is | |
1286 | * compared to the BGP Identifier of the remote | |
1287 | * system (as specified in the OPEN message). | |
1288 | * | |
1289 | * If the BGP Identifiers of the peers | |
1290 | * involved in the connection collision | |
1291 | * are identical, then the connection | |
1292 | * initiated by the BGP speaker with the | |
1293 | * larger AS number is preserved. | |
1294 | */ | |
1295 | if (ntohl(peer->local_id.s_addr) < ntohl(remote_id.s_addr) | |
1296 | || (ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr) | |
1297 | && peer->local_as < peer->as)) | |
1298 | if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER)) { | |
1299 | /* | |
1300 | * 2. If the value of the local BGP | |
1301 | * Identifier is less than the remote one, | |
1302 | * the local system closes BGP connection | |
1303 | * that already exists (the one that is | |
1304 | * already in the OpenConfirm state), | |
1305 | * and accepts BGP connection initiated by | |
1306 | * the remote system. | |
1307 | */ | |
1308 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, | |
1309 | BGP_NOTIFY_CEASE_COLLISION_RESOLUTION); | |
1310 | return 1; | |
1311 | } else { | |
1312 | bgp_notify_send(new, BGP_NOTIFY_CEASE, | |
1313 | BGP_NOTIFY_CEASE_COLLISION_RESOLUTION); | |
1314 | return -1; | |
1315 | } | |
1316 | else { | |
1317 | if (ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr) | |
1318 | && peer->local_as == peer->as) | |
1319 | flog_err(EC_BGP_ROUTER_ID_SAME, | |
1320 | "Peer's router-id %pI4 is the same as ours", | |
1321 | &remote_id); | |
1322 | ||
1323 | /* | |
1324 | * 3. Otherwise, the local system closes newly | |
1325 | * created BGP connection (the one associated with the | |
1326 | * newly received OPEN message), and continues to use | |
1327 | * the existing one (the one that is already in the | |
1328 | * OpenConfirm state). | |
d62a17ae | 1329 | */ |
f88221f3 DS |
1330 | if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER)) { |
1331 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, | |
1332 | BGP_NOTIFY_CEASE_COLLISION_RESOLUTION); | |
1333 | return 1; | |
1334 | } else { | |
d62a17ae | 1335 | bgp_notify_send(new, BGP_NOTIFY_CEASE, |
1336 | BGP_NOTIFY_CEASE_COLLISION_RESOLUTION); | |
95f7965d | 1337 | return -1; |
d62a17ae | 1338 | } |
1339 | } | |
d62a17ae | 1340 | } |
718e3744 | 1341 | |
d8151687 QY |
1342 | /* Packet processing routines ---------------------------------------------- */ |
1343 | /* | |
1344 | * This is a family of functions designed to be called from | |
1345 | * bgp_process_packet(). These functions all share similar behavior and should | |
1346 | * adhere to the following invariants and restrictions: | |
1347 | * | |
1348 | * Return codes | |
1349 | * ------------ | |
1350 | * The return code of any one of those functions should be one of the FSM event | |
1351 | * codes specified in bgpd.h. If a NOTIFY was sent, this event code MUST be | |
1352 | * BGP_Stop. Otherwise, the code SHOULD correspond to the function's expected | |
1353 | * packet type. For example, bgp_open_receive() should return BGP_Stop upon | |
1354 | * error and Receive_OPEN_message otherwise. | |
1355 | * | |
1356 | * If no action is necessary, the correct return code is BGP_PACKET_NOOP as | |
1357 | * defined below. | |
1358 | * | |
1359 | * Side effects | |
1360 | * ------------ | |
1361 | * - May send NOTIFY messages | |
1362 | * - May not modify peer->status | |
1363 | * - May not call bgp_event_update() | |
1364 | */ | |
1365 | ||
1366 | #define BGP_PACKET_NOOP 0 | |
1367 | ||
1368 | /** | |
1369 | * Process BGP OPEN message for peer. | |
1370 | * | |
1371 | * If any errors are encountered in the OPEN message, immediately sends NOTIFY | |
1372 | * and returns BGP_Stop. | |
1373 | * | |
1374 | * @param peer | |
1375 | * @param size size of the packet | |
1376 | * @return as in summary | |
1377 | */ | |
d62a17ae | 1378 | static int bgp_open_receive(struct peer *peer, bgp_size_t size) |
1379 | { | |
1380 | int ret; | |
d7c0a89a | 1381 | uint8_t version; |
d08c0c80 | 1382 | uint16_t optlen; |
d7c0a89a QY |
1383 | uint16_t holdtime; |
1384 | uint16_t send_holdtime; | |
d62a17ae | 1385 | as_t remote_as; |
6dcef54c | 1386 | as_t as4 = 0, as4_be; |
d62a17ae | 1387 | struct in_addr remote_id; |
1388 | int mp_capability; | |
d7c0a89a QY |
1389 | uint8_t notify_data_remote_as[2]; |
1390 | uint8_t notify_data_remote_as4[4]; | |
1391 | uint8_t notify_data_remote_id[4]; | |
1392 | uint16_t *holdtime_ptr; | |
d62a17ae | 1393 | |
1394 | /* Parse open packet. */ | |
424ab01d QY |
1395 | version = stream_getc(peer->curr); |
1396 | memcpy(notify_data_remote_as, stream_pnt(peer->curr), 2); | |
1397 | remote_as = stream_getw(peer->curr); | |
d7c0a89a | 1398 | holdtime_ptr = (uint16_t *)stream_pnt(peer->curr); |
424ab01d QY |
1399 | holdtime = stream_getw(peer->curr); |
1400 | memcpy(notify_data_remote_id, stream_pnt(peer->curr), 4); | |
1401 | remote_id.s_addr = stream_get_ipv4(peer->curr); | |
d62a17ae | 1402 | |
d62a17ae | 1403 | /* BEGIN to read the capability here, but dont do it yet */ |
1404 | mp_capability = 0; | |
424ab01d | 1405 | optlen = stream_getc(peer->curr); |
d62a17ae | 1406 | |
d08c0c80 DA |
1407 | /* Extended Optional Parameters Length for BGP OPEN Message */ |
1408 | if (optlen == BGP_OPEN_NON_EXT_OPT_LEN | |
1409 | || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) { | |
1410 | uint8_t opttype; | |
1411 | ||
766eec1b DS |
1412 | if (STREAM_READABLE(peer->curr) < 1) { |
1413 | flog_err( | |
1414 | EC_BGP_PKT_OPEN, | |
1415 | "%s: stream does not have enough bytes for extended optional parameters", | |
1416 | peer->host); | |
1417 | bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, | |
1418 | BGP_NOTIFY_OPEN_MALFORMED_ATTR); | |
1419 | return BGP_Stop; | |
1420 | } | |
1421 | ||
d08c0c80 DA |
1422 | opttype = stream_getc(peer->curr); |
1423 | if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) { | |
766eec1b DS |
1424 | if (STREAM_READABLE(peer->curr) < 2) { |
1425 | flog_err( | |
1426 | EC_BGP_PKT_OPEN, | |
1427 | "%s: stream does not have enough bytes to read the extended optional parameters optlen", | |
1428 | peer->host); | |
1429 | bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, | |
1430 | BGP_NOTIFY_OPEN_MALFORMED_ATTR); | |
1431 | return BGP_Stop; | |
1432 | } | |
d08c0c80 DA |
1433 | optlen = stream_getw(peer->curr); |
1434 | SET_FLAG(peer->sflags, | |
1435 | PEER_STATUS_EXT_OPT_PARAMS_LENGTH); | |
1436 | } | |
1437 | } | |
1438 | ||
1439 | /* Receive OPEN message log */ | |
1440 | if (bgp_debug_neighbor_events(peer)) | |
1441 | zlog_debug( | |
1442 | "%s rcv OPEN%s, version %d, remote-as (in open) %u, holdtime %d, id %pI4", | |
1443 | peer->host, | |
1444 | CHECK_FLAG(peer->sflags, | |
1445 | PEER_STATUS_EXT_OPT_PARAMS_LENGTH) | |
1446 | ? " (Extended)" | |
1447 | : "", | |
1448 | version, remote_as, holdtime, &remote_id); | |
1449 | ||
d62a17ae | 1450 | if (optlen != 0) { |
1451 | /* If not enough bytes, it is an error. */ | |
424ab01d | 1452 | if (STREAM_READABLE(peer->curr) < optlen) { |
d08c0c80 DA |
1453 | flog_err(EC_BGP_PKT_OPEN, |
1454 | "%s: stream has not enough bytes (%u)", | |
1455 | peer->host, optlen); | |
d62a17ae | 1456 | bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, |
1457 | BGP_NOTIFY_OPEN_MALFORMED_ATTR); | |
d8151687 | 1458 | return BGP_Stop; |
d62a17ae | 1459 | } |
718e3744 | 1460 | |
d62a17ae | 1461 | /* We need the as4 capability value *right now* because |
1462 | * if it is there, we have not got the remote_as yet, and | |
1463 | * without | |
1464 | * that we do not know which peer is connecting to us now. | |
1465 | */ | |
1466 | as4 = peek_for_as4_capability(peer, optlen); | |
d62a17ae | 1467 | } |
718e3744 | 1468 | |
6dcef54c DL |
1469 | as4_be = htonl(as4); |
1470 | memcpy(notify_data_remote_as4, &as4_be, 4); | |
1471 | ||
d62a17ae | 1472 | /* Just in case we have a silly peer who sends AS4 capability set to 0 |
1473 | */ | |
1474 | if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) { | |
e50f7cfd | 1475 | flog_err(EC_BGP_PKT_OPEN, |
1c50c1c0 QY |
1476 | "%s bad OPEN, got AS4 capability, but AS4 set to 0", |
1477 | peer->host); | |
d62a17ae | 1478 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, |
1479 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1480 | notify_data_remote_as4, 4); | |
d8151687 | 1481 | return BGP_Stop; |
d62a17ae | 1482 | } |
718e3744 | 1483 | |
33d022bc DA |
1484 | /* Codification of AS 0 Processing */ |
1485 | if (remote_as == BGP_AS_ZERO) { | |
1486 | flog_err(EC_BGP_PKT_OPEN, "%s bad OPEN, got AS set to 0", | |
1487 | peer->host); | |
1488 | bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, | |
1489 | BGP_NOTIFY_OPEN_BAD_PEER_AS); | |
1490 | return BGP_Stop; | |
1491 | } | |
1492 | ||
d62a17ae | 1493 | if (remote_as == BGP_AS_TRANS) { |
1494 | /* Take the AS4 from the capability. We must have received the | |
1495 | * capability now! Otherwise we have a asn16 peer who uses | |
1496 | * BGP_AS_TRANS, for some unknown reason. | |
1497 | */ | |
1498 | if (as4 == BGP_AS_TRANS) { | |
af4c2728 | 1499 | flog_err( |
e50f7cfd | 1500 | EC_BGP_PKT_OPEN, |
d62a17ae | 1501 | "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed", |
1502 | peer->host); | |
1503 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1504 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1505 | notify_data_remote_as4, 4); | |
d8151687 | 1506 | return BGP_Stop; |
d62a17ae | 1507 | } |
718e3744 | 1508 | |
d62a17ae | 1509 | if (!as4 && BGP_DEBUG(as4, AS4)) |
1510 | zlog_debug( | |
3efd0893 | 1511 | "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4. Odd, but proceeding.", |
d62a17ae | 1512 | peer->host); |
1513 | else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4)) | |
1514 | zlog_debug( | |
3efd0893 | 1515 | "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits in 2-bytes, very odd peer.", |
d62a17ae | 1516 | peer->host, as4); |
1517 | if (as4) | |
1518 | remote_as = as4; | |
1519 | } else { | |
1520 | /* We may have a partner with AS4 who has an asno < BGP_AS_MAX | |
1521 | */ | |
1522 | /* If we have got the capability, peer->as4cap must match | |
1523 | * remote_as */ | |
1524 | if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) | |
1525 | && as4 != remote_as) { | |
1526 | /* raise error, log this, close session */ | |
af4c2728 | 1527 | flog_err( |
e50f7cfd | 1528 | EC_BGP_PKT_OPEN, |
3efd0893 | 1529 | "%s bad OPEN, got AS4 capability, but remote_as %u mismatch with 16bit 'myasn' %u in open", |
d62a17ae | 1530 | peer->host, as4, remote_as); |
1531 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1532 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1533 | notify_data_remote_as4, 4); | |
d8151687 | 1534 | return BGP_Stop; |
d62a17ae | 1535 | } |
1536 | } | |
6b0655a2 | 1537 | |
787c3020 DA |
1538 | /* rfc6286: |
1539 | * If the BGP Identifier field of the OPEN message | |
1540 | * is zero, or if it is the same as the BGP Identifier | |
1541 | * of the local BGP speaker and the message is from an | |
1542 | * internal peer, then the Error Subcode is set to | |
1543 | * "Bad BGP Identifier". | |
1544 | */ | |
975a328e | 1545 | if (remote_id.s_addr == INADDR_ANY |
787c3020 DA |
1546 | || (peer->sort == BGP_PEER_IBGP |
1547 | && ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr))) { | |
d62a17ae | 1548 | if (bgp_debug_neighbor_events(peer)) |
23d0a753 DA |
1549 | zlog_debug("%s bad OPEN, wrong router identifier %pI4", |
1550 | peer->host, &remote_id); | |
d62a17ae | 1551 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, |
1552 | BGP_NOTIFY_OPEN_BAD_BGP_IDENT, | |
1553 | notify_data_remote_id, 4); | |
d8151687 | 1554 | return BGP_Stop; |
d62a17ae | 1555 | } |
1556 | ||
d62a17ae | 1557 | /* Peer BGP version check. */ |
1558 | if (version != BGP_VERSION_4) { | |
d7c0a89a | 1559 | uint16_t maxver = htons(BGP_VERSION_4); |
d62a17ae | 1560 | /* XXX this reply may not be correct if version < 4 XXX */ |
1561 | if (bgp_debug_neighbor_events(peer)) | |
1562 | zlog_debug( | |
1563 | "%s bad protocol version, remote requested %d, local request %d", | |
1564 | peer->host, version, BGP_VERSION_4); | |
1565 | /* Data must be in network byte order here */ | |
1566 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1567 | BGP_NOTIFY_OPEN_UNSUP_VERSION, | |
d7c0a89a | 1568 | (uint8_t *)&maxver, 2); |
d8151687 | 1569 | return BGP_Stop; |
d62a17ae | 1570 | } |
1571 | ||
1572 | /* Check neighbor as number. */ | |
1573 | if (peer->as_type == AS_UNSPECIFIED) { | |
1574 | if (bgp_debug_neighbor_events(peer)) | |
1575 | zlog_debug( | |
1576 | "%s bad OPEN, remote AS is unspecified currently", | |
1577 | peer->host); | |
1578 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1579 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1580 | notify_data_remote_as, 2); | |
d8151687 | 1581 | return BGP_Stop; |
d62a17ae | 1582 | } else if (peer->as_type == AS_INTERNAL) { |
1583 | if (remote_as != peer->bgp->as) { | |
1584 | if (bgp_debug_neighbor_events(peer)) | |
1585 | zlog_debug( | |
1586 | "%s bad OPEN, remote AS is %u, internal specified", | |
1587 | peer->host, remote_as); | |
1588 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1589 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1590 | notify_data_remote_as, 2); | |
d8151687 | 1591 | return BGP_Stop; |
1ff9a340 | 1592 | } |
d62a17ae | 1593 | peer->as = peer->local_as; |
1594 | } else if (peer->as_type == AS_EXTERNAL) { | |
1595 | if (remote_as == peer->bgp->as) { | |
1596 | if (bgp_debug_neighbor_events(peer)) | |
1597 | zlog_debug( | |
1598 | "%s bad OPEN, remote AS is %u, external specified", | |
1599 | peer->host, remote_as); | |
1600 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1601 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1602 | notify_data_remote_as, 2); | |
d8151687 | 1603 | return BGP_Stop; |
1ff9a340 | 1604 | } |
d62a17ae | 1605 | peer->as = remote_as; |
1606 | } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) { | |
1607 | if (bgp_debug_neighbor_events(peer)) | |
1608 | zlog_debug("%s bad OPEN, remote AS is %u, expected %u", | |
1609 | peer->host, remote_as, peer->as); | |
1610 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, | |
1611 | BGP_NOTIFY_OPEN_BAD_PEER_AS, | |
1612 | notify_data_remote_as, 2); | |
d8151687 | 1613 | return BGP_Stop; |
eb821189 | 1614 | } |
718e3744 | 1615 | |
7a75470f DS |
1616 | /* |
1617 | * When collision is detected and this peer is closed. | |
1618 | * Return immediately. | |
1619 | */ | |
1620 | ret = bgp_collision_detect(peer, remote_id); | |
1621 | if (ret < 0) | |
1622 | return BGP_Stop; | |
1623 | ||
1624 | /* Get sockname. */ | |
1625 | if (bgp_getsockname(peer) < 0) { | |
1626 | flog_err_sys(EC_LIB_SOCKET, | |
1627 | "%s: bgp_getsockname() failed for peer: %s", | |
1628 | __func__, peer->host); | |
1629 | return BGP_Stop; | |
1630 | } | |
1631 | ||
1632 | /* Set remote router-id */ | |
1633 | peer->remote_id = remote_id; | |
1634 | ||
d62a17ae | 1635 | /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST |
1636 | calculate the value of the Hold Timer by using the smaller of its | |
1637 | configured Hold Time and the Hold Time received in the OPEN message. | |
1638 | The Hold Time MUST be either zero or at least three seconds. An | |
1639 | implementation may reject connections on the basis of the Hold Time. | |
0b2aa3a0 | 1640 | */ |
d62a17ae | 1641 | |
1642 | if (holdtime < 3 && holdtime != 0) { | |
b042667a TI |
1643 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, |
1644 | BGP_NOTIFY_OPEN_UNACEP_HOLDTIME, | |
1645 | (uint8_t *)holdtime_ptr, 2); | |
1646 | return BGP_Stop; | |
1647 | } | |
1648 | ||
1649 | /* Send notification message when Hold Time received in the OPEN message | |
1650 | * is smaller than configured minimum Hold Time. */ | |
1651 | if (holdtime < peer->bgp->default_min_holdtime | |
1652 | && peer->bgp->default_min_holdtime != 0) { | |
d62a17ae | 1653 | bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR, |
1654 | BGP_NOTIFY_OPEN_UNACEP_HOLDTIME, | |
d7c0a89a | 1655 | (uint8_t *)holdtime_ptr, 2); |
d8151687 | 1656 | return BGP_Stop; |
0b2aa3a0 | 1657 | } |
d62a17ae | 1658 | |
1659 | /* From the rfc: A reasonable maximum time between KEEPALIVE messages | |
1660 | would be one third of the Hold Time interval. KEEPALIVE messages | |
1661 | MUST NOT be sent more frequently than one per second. An | |
1662 | implementation MAY adjust the rate at which it sends KEEPALIVE | |
1663 | messages as a function of the Hold Time interval. */ | |
1664 | ||
b90a8e13 | 1665 | if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER)) |
d62a17ae | 1666 | send_holdtime = peer->holdtime; |
1667 | else | |
1668 | send_holdtime = peer->bgp->default_holdtime; | |
1669 | ||
1670 | if (holdtime < send_holdtime) | |
1671 | peer->v_holdtime = holdtime; | |
1672 | else | |
1673 | peer->v_holdtime = send_holdtime; | |
1674 | ||
7aa4fd5b TA |
1675 | /* Set effective keepalive to 1/3 the effective holdtime. |
1676 | * Use configured keeplive when < effective keepalive. | |
1677 | */ | |
1678 | peer->v_keepalive = peer->v_holdtime / 3; | |
1679 | if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER)) { | |
1680 | if (peer->keepalive && peer->keepalive < peer->v_keepalive) | |
1681 | peer->v_keepalive = peer->keepalive; | |
1682 | } else { | |
1683 | if (peer->bgp->default_keepalive | |
1684 | && peer->bgp->default_keepalive < peer->v_keepalive) | |
1685 | peer->v_keepalive = peer->bgp->default_keepalive; | |
1686 | } | |
d62a17ae | 1687 | |
234f6fd4 DA |
1688 | /* If another side disabled sending Software Version capability, |
1689 | * we MUST drop the previous from showing in the outputs to avoid | |
1690 | * stale information and due to security reasons. | |
1691 | */ | |
1692 | if (peer->soft_version) | |
1693 | XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version); | |
1694 | ||
d62a17ae | 1695 | /* Open option part parse. */ |
1696 | if (optlen != 0) { | |
1bb379bf | 1697 | if (bgp_open_option_parse(peer, optlen, &mp_capability) < 0) |
d8151687 | 1698 | return BGP_Stop; |
d62a17ae | 1699 | } else { |
1700 | if (bgp_debug_neighbor_events(peer)) | |
1701 | zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0", | |
1702 | peer->host); | |
0299c004 | 1703 | } |
d62a17ae | 1704 | |
1705 | /* | |
1706 | * Assume that the peer supports the locally configured set of | |
1707 | * AFI/SAFIs if the peer did not send us any Mulitiprotocol | |
1708 | * capabilities, or if 'override-capability' is configured. | |
1709 | */ | |
1710 | if (!mp_capability | |
1711 | || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) { | |
1712 | peer->afc_nego[AFI_IP][SAFI_UNICAST] = | |
1713 | peer->afc[AFI_IP][SAFI_UNICAST]; | |
1714 | peer->afc_nego[AFI_IP][SAFI_MULTICAST] = | |
1715 | peer->afc[AFI_IP][SAFI_MULTICAST]; | |
1716 | peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] = | |
1717 | peer->afc[AFI_IP][SAFI_LABELED_UNICAST]; | |
7c40bf39 | 1718 | peer->afc_nego[AFI_IP][SAFI_FLOWSPEC] = |
1719 | peer->afc[AFI_IP][SAFI_FLOWSPEC]; | |
d62a17ae | 1720 | peer->afc_nego[AFI_IP6][SAFI_UNICAST] = |
1721 | peer->afc[AFI_IP6][SAFI_UNICAST]; | |
1722 | peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = | |
1723 | peer->afc[AFI_IP6][SAFI_MULTICAST]; | |
1724 | peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] = | |
1725 | peer->afc[AFI_IP6][SAFI_LABELED_UNICAST]; | |
1726 | peer->afc_nego[AFI_L2VPN][SAFI_EVPN] = | |
1727 | peer->afc[AFI_L2VPN][SAFI_EVPN]; | |
7c40bf39 | 1728 | peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC] = |
1729 | peer->afc[AFI_IP6][SAFI_FLOWSPEC]; | |
0299c004 | 1730 | } |
d62a17ae | 1731 | |
d62a17ae | 1732 | /* Verify valid local address present based on negotiated |
1733 | * address-families. */ | |
1734 | if (peer->afc_nego[AFI_IP][SAFI_UNICAST] | |
e5f22b30 | 1735 | || peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] |
d62a17ae | 1736 | || peer->afc_nego[AFI_IP][SAFI_MULTICAST] |
1737 | || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] | |
1738 | || peer->afc_nego[AFI_IP][SAFI_ENCAP]) { | |
975a328e | 1739 | if (peer->nexthop.v4.s_addr == INADDR_ANY) { |
d62a17ae | 1740 | #if defined(HAVE_CUMULUS) |
50121ac0 DS |
1741 | zlog_warn("%s: No local IPv4 addr, BGP routing may not work", |
1742 | peer->host); | |
1d808091 | 1743 | #endif |
d62a17ae | 1744 | } |
1745 | } | |
1746 | if (peer->afc_nego[AFI_IP6][SAFI_UNICAST] | |
e5f22b30 | 1747 | || peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] |
d62a17ae | 1748 | || peer->afc_nego[AFI_IP6][SAFI_MULTICAST] |
1749 | || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN] | |
1750 | || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) { | |
1751 | if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) { | |
1752 | #if defined(HAVE_CUMULUS) | |
50121ac0 DS |
1753 | zlog_warn("%s: No local IPv6 address, BGP routing may not work", |
1754 | peer->host); | |
1d808091 | 1755 | #endif |
d62a17ae | 1756 | } |
1757 | } | |
1758 | peer->rtt = sockopt_tcp_rtt(peer->fd); | |
1759 | ||
d8151687 | 1760 | return Receive_OPEN_message; |
718e3744 | 1761 | } |
1762 | ||
d8151687 QY |
1763 | /** |
1764 | * Process BGP KEEPALIVE message for peer. | |
1765 | * | |
1766 | * @param peer | |
1767 | * @param size size of the packet | |
1768 | * @return as in summary | |
1769 | */ | |
1770 | static int bgp_keepalive_receive(struct peer *peer, bgp_size_t size) | |
f188f2c4 | 1771 | { |
d8151687 QY |
1772 | if (bgp_debug_keepalive(peer)) |
1773 | zlog_debug("%s KEEPALIVE rcvd", peer->host); | |
d62a17ae | 1774 | |
d8151687 | 1775 | bgp_update_implicit_eors(peer); |
d62a17ae | 1776 | |
e410d563 DA |
1777 | peer->rtt = sockopt_tcp_rtt(peer->fd); |
1778 | ||
8336c896 DA |
1779 | /* If the peer's RTT is higher than expected, shutdown |
1780 | * the peer automatically. | |
1781 | */ | |
5597214c DA |
1782 | if (!CHECK_FLAG(peer->flags, PEER_FLAG_RTT_SHUTDOWN)) |
1783 | return Receive_KEEPALIVE_message; | |
8336c896 | 1784 | |
5597214c | 1785 | if (peer->rtt > peer->rtt_expected) { |
8336c896 DA |
1786 | peer->rtt_keepalive_rcv++; |
1787 | ||
1788 | if (peer->rtt_keepalive_rcv > peer->rtt_keepalive_conf) { | |
5597214c DA |
1789 | char rtt_shutdown_reason[BUFSIZ] = {}; |
1790 | ||
1791 | snprintfrr( | |
1792 | rtt_shutdown_reason, | |
1793 | sizeof(rtt_shutdown_reason), | |
1794 | "shutdown due to high round-trip-time (%dms > %dms, hit %u times)", | |
1795 | peer->rtt, peer->rtt_expected, | |
1796 | peer->rtt_keepalive_rcv); | |
1797 | zlog_warn("%s %s", peer->host, rtt_shutdown_reason); | |
1798 | SET_FLAG(peer->sflags, PEER_STATUS_RTT_SHUTDOWN); | |
1799 | peer_tx_shutdown_message_set(peer, rtt_shutdown_reason); | |
8336c896 DA |
1800 | peer_flag_set(peer, PEER_FLAG_SHUTDOWN); |
1801 | } | |
1802 | } else { | |
1803 | if (peer->rtt_keepalive_rcv) | |
1804 | peer->rtt_keepalive_rcv--; | |
1805 | } | |
1806 | ||
d8151687 | 1807 | return Receive_KEEPALIVE_message; |
f188f2c4 DS |
1808 | } |
1809 | ||
cc9f21da | 1810 | static void bgp_refresh_stalepath_timer_expire(struct thread *thread) |
9af52ccf DA |
1811 | { |
1812 | struct peer_af *paf; | |
1813 | ||
1814 | paf = THREAD_ARG(thread); | |
1815 | ||
1816 | afi_t afi = paf->afi; | |
1817 | safi_t safi = paf->safi; | |
1818 | struct peer *peer = paf->peer; | |
1819 | ||
1820 | peer->t_refresh_stalepath = NULL; | |
1821 | ||
1822 | if (peer->nsf[afi][safi]) | |
1823 | bgp_clear_stale_route(peer, afi, safi); | |
1824 | ||
1825 | if (bgp_debug_neighbor_events(peer)) | |
a7d91a8c | 1826 | zlog_debug( |
f70c91dc DA |
1827 | "%pBP route-refresh (BoRR) timer expired for afi/safi: %d/%d", |
1828 | peer, afi, safi); | |
9af52ccf DA |
1829 | |
1830 | bgp_timer_set(peer); | |
9af52ccf | 1831 | } |
d62a17ae | 1832 | |
d8151687 QY |
1833 | /** |
1834 | * Process BGP UPDATE message for peer. | |
1835 | * | |
1836 | * Parses UPDATE and creates attribute object. | |
1837 | * | |
1838 | * @param peer | |
1839 | * @param size size of the packet | |
1840 | * @return as in summary | |
7ef5a232 | 1841 | */ |
d62a17ae | 1842 | static int bgp_update_receive(struct peer *peer, bgp_size_t size) |
718e3744 | 1843 | { |
d62a17ae | 1844 | int ret, nlri_ret; |
d7c0a89a | 1845 | uint8_t *end; |
d62a17ae | 1846 | struct stream *s; |
1847 | struct attr attr; | |
1848 | bgp_size_t attribute_len; | |
1849 | bgp_size_t update_len; | |
1850 | bgp_size_t withdraw_len; | |
f009ff26 | 1851 | bool restart = false; |
d62a17ae | 1852 | |
1853 | enum NLRI_TYPES { | |
1854 | NLRI_UPDATE, | |
1855 | NLRI_WITHDRAW, | |
1856 | NLRI_MP_UPDATE, | |
1857 | NLRI_MP_WITHDRAW, | |
1858 | NLRI_TYPE_MAX | |
1859 | }; | |
1860 | struct bgp_nlri nlris[NLRI_TYPE_MAX]; | |
1861 | ||
1862 | /* Status must be Established. */ | |
feb17238 | 1863 | if (!peer_established(peer)) { |
e50f7cfd | 1864 | flog_err(EC_BGP_INVALID_STATUS, |
1c50c1c0 QY |
1865 | "%s [FSM] Update packet received under status %s", |
1866 | peer->host, | |
1867 | lookup_msg(bgp_status_msg, peer->status, NULL)); | |
0e35025e | 1868 | bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, |
3893aeee | 1869 | bgp_fsm_error_subcode(peer->status)); |
d8151687 | 1870 | return BGP_Stop; |
d62a17ae | 1871 | } |
1872 | ||
1873 | /* Set initial values. */ | |
6006b807 | 1874 | memset(&attr, 0, sizeof(attr)); |
d62a17ae | 1875 | attr.label_index = BGP_INVALID_LABEL_INDEX; |
1876 | attr.label = MPLS_INVALID_LABEL; | |
1877 | memset(&nlris, 0, sizeof(nlris)); | |
1878 | memset(peer->rcvd_attr_str, 0, BUFSIZ); | |
1879 | peer->rcvd_attr_printed = 0; | |
1880 | ||
424ab01d | 1881 | s = peer->curr; |
d62a17ae | 1882 | end = stream_pnt(s) + size; |
1883 | ||
1884 | /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute | |
1885 | Length is too large (i.e., if Unfeasible Routes Length + Total | |
1886 | Attribute Length + 23 exceeds the message Length), then the Error | |
1887 | Subcode is set to Malformed Attribute List. */ | |
1888 | if (stream_pnt(s) + 2 > end) { | |
e50f7cfd | 1889 | flog_err(EC_BGP_UPDATE_RCV, |
3efd0893 | 1890 | "%s [Error] Update packet error (packet length is short for unfeasible length)", |
1c50c1c0 | 1891 | peer->host); |
d62a17ae | 1892 | bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, |
1893 | BGP_NOTIFY_UPDATE_MAL_ATTR); | |
d8151687 | 1894 | return BGP_Stop; |
d62a17ae | 1895 | } |
1896 | ||
1897 | /* Unfeasible Route Length. */ | |
1898 | withdraw_len = stream_getw(s); | |
1899 | ||
1900 | /* Unfeasible Route Length check. */ | |
1901 | if (stream_pnt(s) + withdraw_len > end) { | |
e50f7cfd | 1902 | flog_err(EC_BGP_UPDATE_RCV, |
3efd0893 | 1903 | "%s [Error] Update packet error (packet unfeasible length overflow %d)", |
1c50c1c0 | 1904 | peer->host, withdraw_len); |
d62a17ae | 1905 | bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, |
1906 | BGP_NOTIFY_UPDATE_MAL_ATTR); | |
d8151687 | 1907 | return BGP_Stop; |
d62a17ae | 1908 | } |
1909 | ||
1910 | /* Unfeasible Route packet format check. */ | |
1911 | if (withdraw_len > 0) { | |
1912 | nlris[NLRI_WITHDRAW].afi = AFI_IP; | |
1913 | nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST; | |
1914 | nlris[NLRI_WITHDRAW].nlri = stream_pnt(s); | |
1915 | nlris[NLRI_WITHDRAW].length = withdraw_len; | |
1916 | stream_forward_getp(s, withdraw_len); | |
1917 | } | |
1918 | ||
1919 | /* Attribute total length check. */ | |
1920 | if (stream_pnt(s) + 2 > end) { | |
ade6974d | 1921 | flog_warn( |
e50f7cfd | 1922 | EC_BGP_UPDATE_PACKET_SHORT, |
ade6974d QY |
1923 | "%s [Error] Packet Error (update packet is short for attribute length)", |
1924 | peer->host); | |
d62a17ae | 1925 | bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, |
1926 | BGP_NOTIFY_UPDATE_MAL_ATTR); | |
d8151687 | 1927 | return BGP_Stop; |
d62a17ae | 1928 | } |
1929 | ||
1930 | /* Fetch attribute total length. */ | |
1931 | attribute_len = stream_getw(s); | |
1932 | ||
1933 | /* Attribute length check. */ | |
1934 | if (stream_pnt(s) + attribute_len > end) { | |
ade6974d | 1935 | flog_warn( |
e50f7cfd | 1936 | EC_BGP_UPDATE_PACKET_LONG, |
ade6974d QY |
1937 | "%s [Error] Packet Error (update packet attribute length overflow %d)", |
1938 | peer->host, attribute_len); | |
d62a17ae | 1939 | bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, |
1940 | BGP_NOTIFY_UPDATE_MAL_ATTR); | |
d8151687 | 1941 | return BGP_Stop; |
d62a17ae | 1942 | } |
1943 | ||
1944 | /* Certain attribute parsing errors should not be considered bad enough | |
1945 | * to reset the session for, most particularly any partial/optional | |
1946 | * attributes that have 'tunneled' over speakers that don't understand | |
1947 | * them. Instead we withdraw only the prefix concerned. | |
1948 | * | |
1949 | * Complicates the flow a little though.. | |
1950 | */ | |
79288e4c | 1951 | enum bgp_attr_parse_ret attr_parse_ret = BGP_ATTR_PARSE_PROCEED; |
d62a17ae | 1952 | /* This define morphs the update case into a withdraw when lower levels |
1953 | * have signalled an error condition where this is best. | |
1954 | */ | |
b881c707 | 1955 | #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL) |
718e3744 | 1956 | |
d62a17ae | 1957 | /* Parse attribute when it exists. */ |
1958 | if (attribute_len) { | |
1959 | attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len, | |
1960 | &nlris[NLRI_MP_UPDATE], | |
1961 | &nlris[NLRI_MP_WITHDRAW]); | |
1962 | if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) { | |
1963 | bgp_attr_unintern_sub(&attr); | |
d8151687 | 1964 | return BGP_Stop; |
d62a17ae | 1965 | } |
1966 | } | |
1967 | ||
1968 | /* Logging the attribute. */ | |
1969 | if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW | |
1970 | || BGP_DEBUG(update, UPDATE_IN) | |
1971 | || BGP_DEBUG(update, UPDATE_PREFIX)) { | |
5022c833 DA |
1972 | ret = bgp_dump_attr(&attr, peer->rcvd_attr_str, |
1973 | sizeof(peer->rcvd_attr_str)); | |
d62a17ae | 1974 | |
b4d46cc9 DL |
1975 | peer->stat_upd_7606++; |
1976 | ||
d62a17ae | 1977 | if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW) |
af4c2728 | 1978 | flog_err( |
e50f7cfd | 1979 | EC_BGP_UPDATE_RCV, |
f70c91dc DA |
1980 | "%pBP rcvd UPDATE with errors in attr(s)!! Withdrawing route.", |
1981 | peer); | |
d62a17ae | 1982 | |
1983 | if (ret && bgp_debug_update(peer, NULL, NULL, 1)) { | |
f70c91dc | 1984 | zlog_debug("%pBP rcvd UPDATE w/ attr: %s", peer, |
d62a17ae | 1985 | peer->rcvd_attr_str); |
1986 | peer->rcvd_attr_printed = 1; | |
1987 | } | |
1988 | } | |
1989 | ||
1990 | /* Network Layer Reachability Information. */ | |
1991 | update_len = end - stream_pnt(s); | |
1992 | ||
1993 | if (update_len) { | |
1994 | /* Set NLRI portion to structure. */ | |
1995 | nlris[NLRI_UPDATE].afi = AFI_IP; | |
1996 | nlris[NLRI_UPDATE].safi = SAFI_UNICAST; | |
1997 | nlris[NLRI_UPDATE].nlri = stream_pnt(s); | |
1998 | nlris[NLRI_UPDATE].length = update_len; | |
1999 | stream_forward_getp(s, update_len); | |
9738e9aa | 2000 | |
2001 | if (CHECK_FLAG(attr.flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI))) { | |
2002 | /* | |
2003 | * We skipped nexthop attribute validation earlier so | |
2004 | * validate the nexthop now. | |
2005 | */ | |
2006 | if (bgp_attr_nexthop_valid(peer, &attr) < 0) { | |
2007 | bgp_attr_unintern_sub(&attr); | |
2008 | return BGP_Stop; | |
2009 | } | |
2010 | } | |
d62a17ae | 2011 | } |
2012 | ||
2013 | if (BGP_DEBUG(update, UPDATE_IN)) | |
f70c91dc DA |
2014 | zlog_debug("%pBP rcvd UPDATE wlen %d attrlen %d alen %d", peer, |
2015 | withdraw_len, attribute_len, update_len); | |
d62a17ae | 2016 | |
2017 | /* Parse any given NLRIs */ | |
2018 | for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) { | |
2019 | if (!nlris[i].nlri) | |
2020 | continue; | |
2021 | ||
2022 | /* NLRI is processed iff the peer if configured for the specific | |
2023 | * afi/safi */ | |
2024 | if (!peer->afc[nlris[i].afi][nlris[i].safi]) { | |
2025 | zlog_info( | |
2026 | "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u", | |
2027 | peer->host, nlris[i].afi, nlris[i].safi); | |
2028 | continue; | |
2029 | } | |
2030 | ||
2031 | /* EoR handled later */ | |
2032 | if (nlris[i].length == 0) | |
2033 | continue; | |
2034 | ||
2035 | switch (i) { | |
2036 | case NLRI_UPDATE: | |
2037 | case NLRI_MP_UPDATE: | |
2038 | nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG, | |
2039 | &nlris[i], 0); | |
2040 | break; | |
2041 | case NLRI_WITHDRAW: | |
2042 | case NLRI_MP_WITHDRAW: | |
b1d7888f DA |
2043 | nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG, |
2044 | &nlris[i], 1); | |
d62a17ae | 2045 | break; |
2046 | default: | |
513386b5 | 2047 | nlri_ret = BGP_NLRI_PARSE_ERROR; |
d62a17ae | 2048 | } |
2049 | ||
513386b5 DA |
2050 | if (nlri_ret < BGP_NLRI_PARSE_OK |
2051 | && nlri_ret != BGP_NLRI_PARSE_ERROR_PREFIX_OVERFLOW) { | |
e50f7cfd | 2052 | flog_err(EC_BGP_UPDATE_RCV, |
1c50c1c0 | 2053 | "%s [Error] Error parsing NLRI", peer->host); |
feb17238 | 2054 | if (peer_established(peer)) |
d62a17ae | 2055 | bgp_notify_send( |
2056 | peer, BGP_NOTIFY_UPDATE_ERR, | |
2057 | i <= NLRI_WITHDRAW | |
2058 | ? BGP_NOTIFY_UPDATE_INVAL_NETWORK | |
2059 | : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR); | |
2060 | bgp_attr_unintern_sub(&attr); | |
d8151687 | 2061 | return BGP_Stop; |
d62a17ae | 2062 | } |
2063 | } | |
2064 | ||
2065 | /* EoR checks | |
2066 | * | |
2067 | * Non-MP IPv4/Unicast EoR is a completely empty UPDATE | |
2068 | * and MP EoR should have only an empty MP_UNREACH | |
2069 | */ | |
996c9314 LB |
2070 | if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) |
2071 | || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) { | |
d62a17ae | 2072 | afi_t afi = 0; |
2073 | safi_t safi; | |
f009ff26 | 2074 | struct graceful_restart_info *gr_info; |
2075 | ||
2076 | /* Restarting router */ | |
36235319 QY |
2077 | if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer) |
2078 | && BGP_PEER_RESTARTING_MODE(peer)) | |
f009ff26 | 2079 | restart = true; |
d62a17ae | 2080 | |
2081 | /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already | |
2082 | * checked | |
2083 | * update and withdraw NLRI lengths are 0. | |
2084 | */ | |
2085 | if (!attribute_len) { | |
2086 | afi = AFI_IP; | |
2087 | safi = SAFI_UNICAST; | |
2088 | } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI) | |
2089 | && nlris[NLRI_MP_WITHDRAW].length == 0) { | |
2090 | afi = nlris[NLRI_MP_WITHDRAW].afi; | |
2091 | safi = nlris[NLRI_MP_WITHDRAW].safi; | |
9b9df989 DS |
2092 | } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) { |
2093 | afi = nlris[NLRI_MP_UPDATE].afi; | |
2094 | safi = nlris[NLRI_MP_UPDATE].safi; | |
d62a17ae | 2095 | } |
2096 | ||
2097 | if (afi && peer->afc[afi][safi]) { | |
e82d19a3 DS |
2098 | struct vrf *vrf = vrf_lookup_by_id(peer->bgp->vrf_id); |
2099 | ||
d62a17ae | 2100 | /* End-of-RIB received */ |
2101 | if (!CHECK_FLAG(peer->af_sflags[afi][safi], | |
2102 | PEER_STATUS_EOR_RECEIVED)) { | |
2103 | SET_FLAG(peer->af_sflags[afi][safi], | |
2104 | PEER_STATUS_EOR_RECEIVED); | |
2105 | bgp_update_explicit_eors(peer); | |
f009ff26 | 2106 | /* Update graceful restart information */ |
2107 | gr_info = &(peer->bgp->gr_info[afi][safi]); | |
2108 | if (restart) | |
2109 | gr_info->eor_received++; | |
2110 | /* If EOR received from all peers and selection | |
2111 | * deferral timer is running, cancel the timer | |
2112 | * and invoke the best path calculation | |
2113 | */ | |
36235319 QY |
2114 | if (gr_info->eor_required |
2115 | == gr_info->eor_received) { | |
2116 | if (bgp_debug_neighbor_events(peer)) | |
2117 | zlog_debug( | |
2118 | "%s %d, %s %d", | |
f009ff26 | 2119 | "EOR REQ", |
2120 | gr_info->eor_required, | |
2121 | "EOR RCV", | |
2122 | gr_info->eor_received); | |
b96b4f1c SB |
2123 | if (gr_info->t_select_deferral) { |
2124 | void *info = THREAD_ARG( | |
2125 | gr_info->t_select_deferral); | |
2126 | XFREE(MTYPE_TMP, info); | |
2127 | } | |
fa5806c3 | 2128 | THREAD_OFF(gr_info->t_select_deferral); |
f009ff26 | 2129 | gr_info->eor_required = 0; |
2130 | gr_info->eor_received = 0; | |
2131 | /* Best path selection */ | |
42c93837 DA |
2132 | bgp_best_path_select_defer(peer->bgp, |
2133 | afi, safi); | |
f009ff26 | 2134 | } |
d62a17ae | 2135 | } |
2136 | ||
2137 | /* NSF delete stale route */ | |
2138 | if (peer->nsf[afi][safi]) | |
2139 | bgp_clear_stale_route(peer, afi, safi); | |
2140 | ||
1479ed2f DA |
2141 | zlog_info( |
2142 | "%s: rcvd End-of-RIB for %s from %s in vrf %s", | |
2143 | __func__, get_afi_safi_str(afi, safi, false), | |
2144 | peer->host, vrf ? vrf->name : VRF_DEFAULT_NAME); | |
2145 | } | |
f80f838b | 2146 | } |
d62a17ae | 2147 | |
2148 | /* Everything is done. We unintern temporary structures which | |
2149 | interned in bgp_attr_parse(). */ | |
2150 | bgp_attr_unintern_sub(&attr); | |
2151 | ||
083ec940 | 2152 | peer->update_time = monotime(NULL); |
d62a17ae | 2153 | |
c385f82a MK |
2154 | /* Notify BGP Conditional advertisement scanner process */ |
2155 | peer->advmap_table_change = true; | |
2156 | ||
d8151687 | 2157 | return Receive_UPDATE_message; |
718e3744 | 2158 | } |
2159 | ||
d8151687 QY |
2160 | /** |
2161 | * Process BGP NOTIFY message for peer. | |
2162 | * | |
2163 | * @param peer | |
2164 | * @param size size of the packet | |
2165 | * @return as in summary | |
2166 | */ | |
2167 | static int bgp_notify_receive(struct peer *peer, bgp_size_t size) | |
718e3744 | 2168 | { |
10d476d4 DA |
2169 | struct bgp_notify outer = {}; |
2170 | struct bgp_notify inner = {}; | |
eea685b6 | 2171 | bool hard_reset = false; |
d62a17ae | 2172 | |
2173 | if (peer->notify.data) { | |
eea685b6 | 2174 | XFREE(MTYPE_BGP_NOTIFICATION, peer->notify.data); |
d62a17ae | 2175 | peer->notify.length = 0; |
e7ce634f | 2176 | peer->notify.hard_reset = false; |
d62a17ae | 2177 | } |
2178 | ||
eea685b6 DA |
2179 | outer.code = stream_getc(peer->curr); |
2180 | outer.subcode = stream_getc(peer->curr); | |
2181 | outer.length = size - 2; | |
2182 | outer.data = NULL; | |
2183 | outer.raw_data = NULL; | |
2184 | if (outer.length) { | |
2185 | outer.raw_data = XMALLOC(MTYPE_BGP_NOTIFICATION, outer.length); | |
2186 | memcpy(outer.raw_data, stream_pnt(peer->curr), outer.length); | |
2187 | } | |
2188 | ||
1ae314be DA |
2189 | hard_reset = |
2190 | bgp_notify_received_hard_reset(peer, outer.code, outer.subcode); | |
eea685b6 DA |
2191 | if (hard_reset && outer.length) { |
2192 | inner = bgp_notify_decapsulate_hard_reset(&outer); | |
2193 | peer->notify.hard_reset = true; | |
2194 | } else { | |
2195 | inner = outer; | |
2196 | } | |
d62a17ae | 2197 | |
2198 | /* Preserv notify code and sub code. */ | |
eea685b6 DA |
2199 | peer->notify.code = inner.code; |
2200 | peer->notify.subcode = inner.subcode; | |
d62a17ae | 2201 | /* For further diagnostic record returned Data. */ |
eea685b6 DA |
2202 | if (inner.length) { |
2203 | peer->notify.length = inner.length; | |
2204 | peer->notify.data = | |
2205 | XMALLOC(MTYPE_BGP_NOTIFICATION, inner.length); | |
2206 | memcpy(peer->notify.data, inner.raw_data, inner.length); | |
d62a17ae | 2207 | } |
2208 | ||
2209 | /* For debug */ | |
2210 | { | |
2211 | int i; | |
2212 | int first = 0; | |
2213 | char c[4]; | |
2214 | ||
eea685b6 DA |
2215 | if (inner.length) { |
2216 | inner.data = XMALLOC(MTYPE_BGP_NOTIFICATION, | |
2217 | inner.length * 3); | |
2218 | for (i = 0; i < inner.length; i++) | |
d62a17ae | 2219 | if (first) { |
552d6491 | 2220 | snprintf(c, sizeof(c), " %02x", |
424ab01d | 2221 | stream_getc(peer->curr)); |
f009ff26 | 2222 | |
eea685b6 DA |
2223 | strlcat(inner.data, c, |
2224 | inner.length * 3); | |
f009ff26 | 2225 | |
d62a17ae | 2226 | } else { |
2227 | first = 1; | |
552d6491 QY |
2228 | snprintf(c, sizeof(c), "%02x", |
2229 | stream_getc(peer->curr)); | |
f009ff26 | 2230 | |
eea685b6 DA |
2231 | strlcpy(inner.data, c, |
2232 | inner.length * 3); | |
d62a17ae | 2233 | } |
d62a17ae | 2234 | } |
2235 | ||
eea685b6 | 2236 | bgp_notify_print(peer, &inner, "received", hard_reset); |
10d476d4 | 2237 | if (inner.length) { |
eea685b6 DA |
2238 | XFREE(MTYPE_BGP_NOTIFICATION, inner.data); |
2239 | inner.length = 0; | |
2240 | } | |
2241 | if (outer.length) { | |
2242 | XFREE(MTYPE_BGP_NOTIFICATION, outer.data); | |
10d476d4 | 2243 | XFREE(MTYPE_BGP_NOTIFICATION, outer.raw_data); |
c73d2363 DA |
2244 | |
2245 | /* If this is a Hard Reset notification, we MUST free | |
2246 | * the inner (encapsulated) notification too. | |
2247 | */ | |
2248 | if (hard_reset) | |
2249 | XFREE(MTYPE_BGP_NOTIFICATION, inner.raw_data); | |
eea685b6 | 2250 | outer.length = 0; |
d62a17ae | 2251 | } |
2252 | } | |
2253 | ||
2254 | /* peer count update */ | |
0112e9e0 | 2255 | atomic_fetch_add_explicit(&peer->notify_in, 1, memory_order_relaxed); |
d62a17ae | 2256 | |
2257 | peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED; | |
2258 | ||
2259 | /* We have to check for Notify with Unsupported Optional Parameter. | |
2260 | in that case we fallback to open without the capability option. | |
2261 | But this done in bgp_stop. We just mark it here to avoid changing | |
2262 | the fsm tables. */ | |
eea685b6 DA |
2263 | if (inner.code == BGP_NOTIFY_OPEN_ERR && |
2264 | inner.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM) | |
d62a17ae | 2265 | UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN); |
2266 | ||
20170775 DA |
2267 | /* If Graceful-Restart N-bit (Notification) is exchanged, |
2268 | * and it's not a Hard Reset, let's retain the routes. | |
2269 | */ | |
2270 | if (bgp_has_graceful_restart_notification(peer) && !hard_reset && | |
2271 | CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) | |
2272 | SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT); | |
2273 | ||
5cce3f05 | 2274 | bgp_peer_gr_flags_update(peer); |
36235319 QY |
2275 | BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp, |
2276 | peer->bgp->peer); | |
5cce3f05 | 2277 | |
d8151687 | 2278 | return Receive_NOTIFICATION_message; |
718e3744 | 2279 | } |
2280 | ||
d8151687 QY |
2281 | /** |
2282 | * Process BGP ROUTEREFRESH message for peer. | |
2283 | * | |
2284 | * @param peer | |
2285 | * @param size size of the packet | |
2286 | * @return as in summary | |
2287 | */ | |
2288 | static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size) | |
718e3744 | 2289 | { |
d62a17ae | 2290 | iana_afi_t pkt_afi; |
2291 | afi_t afi; | |
5c525538 RW |
2292 | iana_safi_t pkt_safi; |
2293 | safi_t safi; | |
d62a17ae | 2294 | struct stream *s; |
2295 | struct peer_af *paf; | |
2296 | struct update_group *updgrp; | |
2297 | struct peer *updgrp_peer; | |
9af52ccf | 2298 | uint8_t subtype; |
e1a32ec1 | 2299 | bool force_update = false; |
9af52ccf DA |
2300 | bgp_size_t msg_length = |
2301 | size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE); | |
d62a17ae | 2302 | |
2303 | /* If peer does not have the capability, send notification. */ | |
2304 | if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) { | |
e50f7cfd | 2305 | flog_err(EC_BGP_NO_CAP, |
1c50c1c0 QY |
2306 | "%s [Error] BGP route refresh is not enabled", |
2307 | peer->host); | |
d62a17ae | 2308 | bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, |
2309 | BGP_NOTIFY_HEADER_BAD_MESTYPE); | |
d8151687 | 2310 | return BGP_Stop; |
d62a17ae | 2311 | } |
2312 | ||
2313 | /* Status must be Established. */ | |
feb17238 | 2314 | if (!peer_established(peer)) { |
af4c2728 | 2315 | flog_err( |
e50f7cfd | 2316 | EC_BGP_INVALID_STATUS, |
d62a17ae | 2317 | "%s [Error] Route refresh packet received under status %s", |
2318 | peer->host, | |
2319 | lookup_msg(bgp_status_msg, peer->status, NULL)); | |
0e35025e | 2320 | bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, |
3893aeee | 2321 | bgp_fsm_error_subcode(peer->status)); |
d8151687 | 2322 | return BGP_Stop; |
d62a17ae | 2323 | } |
2324 | ||
424ab01d | 2325 | s = peer->curr; |
d62a17ae | 2326 | |
2327 | /* Parse packet. */ | |
2328 | pkt_afi = stream_getw(s); | |
9af52ccf | 2329 | subtype = stream_getc(s); |
d62a17ae | 2330 | pkt_safi = stream_getc(s); |
2331 | ||
d62a17ae | 2332 | /* Convert AFI, SAFI to internal values and check. */ |
2333 | if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) { | |
2334 | zlog_info( | |
748a041f DS |
2335 | "%s REFRESH_REQ for unrecognized afi/safi: %s/%s - ignored", |
2336 | peer->host, iana_afi2str(pkt_afi), | |
2337 | iana_safi2str(pkt_safi)); | |
d8151687 | 2338 | return BGP_PACKET_NOOP; |
d62a17ae | 2339 | } |
2340 | ||
2341 | if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) { | |
d7c0a89a QY |
2342 | uint8_t *end; |
2343 | uint8_t when_to_refresh; | |
2344 | uint8_t orf_type; | |
2345 | uint16_t orf_len; | |
d62a17ae | 2346 | |
9af52ccf DA |
2347 | if (subtype) { |
2348 | /* If the length, excluding the fixed-size message | |
2349 | * header, of the received ROUTE-REFRESH message with | |
2350 | * Message Subtype 1 and 2 is not 4, then the BGP | |
2351 | * speaker MUST send a NOTIFICATION message with the | |
2352 | * Error Code of "ROUTE-REFRESH Message Error" and the | |
2353 | * subcode of "Invalid Message Length". | |
2354 | */ | |
2355 | if (msg_length != 4) { | |
2356 | zlog_err( | |
2357 | "%s Enhanced Route Refresh message length error", | |
2358 | peer->host); | |
2359 | bgp_notify_send( | |
2360 | peer, BGP_NOTIFY_ROUTE_REFRESH_ERR, | |
2361 | BGP_NOTIFY_ROUTE_REFRESH_INVALID_MSG_LEN); | |
2362 | } | |
2363 | ||
2364 | /* When the BGP speaker receives a ROUTE-REFRESH message | |
2365 | * with a "Message Subtype" field other than 0, 1, or 2, | |
2366 | * it MUST ignore the received ROUTE-REFRESH message. | |
2367 | */ | |
2368 | if (subtype > 2) | |
2369 | zlog_err( | |
2370 | "%s Enhanced Route Refresh invalid subtype", | |
2371 | peer->host); | |
2372 | } | |
2373 | ||
2374 | if (msg_length < 5) { | |
d62a17ae | 2375 | zlog_info("%s ORF route refresh length error", |
2376 | peer->host); | |
0e35025e DA |
2377 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, |
2378 | BGP_NOTIFY_SUBCODE_UNSPECIFIC); | |
d8151687 | 2379 | return BGP_Stop; |
718e3744 | 2380 | } |
2381 | ||
d62a17ae | 2382 | when_to_refresh = stream_getc(s); |
2383 | end = stream_pnt(s) + (size - 5); | |
2384 | ||
2385 | while ((stream_pnt(s) + 2) < end) { | |
2386 | orf_type = stream_getc(s); | |
2387 | orf_len = stream_getw(s); | |
2388 | ||
2389 | /* orf_len in bounds? */ | |
2390 | if ((stream_pnt(s) + orf_len) > end) | |
2391 | break; /* XXX: Notify instead?? */ | |
2392 | if (orf_type == ORF_TYPE_PREFIX | |
2393 | || orf_type == ORF_TYPE_PREFIX_OLD) { | |
2394 | uint8_t *p_pnt = stream_pnt(s); | |
2395 | uint8_t *p_end = stream_pnt(s) + orf_len; | |
2396 | struct orf_prefix orfp; | |
d7c0a89a QY |
2397 | uint8_t common = 0; |
2398 | uint32_t seq; | |
d62a17ae | 2399 | int psize; |
2400 | char name[BUFSIZ]; | |
2401 | int ret = CMD_SUCCESS; | |
2402 | ||
2403 | if (bgp_debug_neighbor_events(peer)) { | |
2404 | zlog_debug( | |
f70c91dc DA |
2405 | "%pBP rcvd Prefixlist ORF(%d) length %d", |
2406 | peer, orf_type, orf_len); | |
d62a17ae | 2407 | } |
2408 | ||
f1aa4929 DA |
2409 | /* ORF prefix-list name */ |
2410 | snprintf(name, sizeof(name), "%s.%d.%d", | |
2411 | peer->host, afi, safi); | |
2412 | ||
d62a17ae | 2413 | /* we're going to read at least 1 byte of common |
2414 | * ORF header, | |
2415 | * and 7 bytes of ORF Address-filter entry from | |
2416 | * the stream | |
2417 | */ | |
f1aa4929 DA |
2418 | if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) { |
2419 | if (bgp_debug_neighbor_events(peer)) | |
2420 | zlog_debug( | |
2421 | "%pBP rcvd Remove-All pfxlist ORF request", | |
2422 | peer); | |
2423 | prefix_bgp_orf_remove_all(afi, name); | |
d62a17ae | 2424 | break; |
f1aa4929 | 2425 | } |
d62a17ae | 2426 | |
f1aa4929 DA |
2427 | if (orf_len < 7) |
2428 | break; | |
d62a17ae | 2429 | |
2430 | while (p_pnt < p_end) { | |
2431 | /* If the ORF entry is malformed, want | |
2432 | * to read as much of it | |
2433 | * as possible without going beyond the | |
2434 | * bounds of the entry, | |
2435 | * to maximise debug information. | |
2436 | */ | |
2437 | int ok; | |
6006b807 | 2438 | memset(&orfp, 0, sizeof(orfp)); |
d62a17ae | 2439 | common = *p_pnt++; |
2440 | /* after ++: p_pnt <= p_end */ | |
d7c0a89a QY |
2441 | ok = ((uint32_t)(p_end - p_pnt) |
2442 | >= sizeof(uint32_t)); | |
d62a17ae | 2443 | if (ok) { |
2444 | memcpy(&seq, p_pnt, | |
d7c0a89a QY |
2445 | sizeof(uint32_t)); |
2446 | p_pnt += sizeof(uint32_t); | |
d62a17ae | 2447 | orfp.seq = ntohl(seq); |
2448 | } else | |
2449 | p_pnt = p_end; | |
2450 | ||
5ca840a3 | 2451 | /* val checked in prefix_bgp_orf_set */ |
1bb379bf | 2452 | if (p_pnt < p_end) |
5ca840a3 DS |
2453 | orfp.ge = *p_pnt++; |
2454 | ||
2455 | /* val checked in prefix_bgp_orf_set */ | |
1bb379bf | 2456 | if (p_pnt < p_end) |
5ca840a3 DS |
2457 | orfp.le = *p_pnt++; |
2458 | ||
d62a17ae | 2459 | if ((ok = (p_pnt < p_end))) |
2460 | orfp.p.prefixlen = *p_pnt++; | |
5ca840a3 DS |
2461 | |
2462 | /* afi checked already */ | |
2463 | orfp.p.family = afi2family(afi); | |
2464 | ||
2465 | /* 0 if not ok */ | |
2466 | psize = PSIZE(orfp.p.prefixlen); | |
2467 | /* valid for family ? */ | |
2468 | if (psize > prefix_blen(&orfp.p)) { | |
d62a17ae | 2469 | ok = 0; |
2470 | psize = prefix_blen(&orfp.p); | |
2471 | } | |
5ca840a3 DS |
2472 | /* valid for packet ? */ |
2473 | if (psize > (p_end - p_pnt)) { | |
d62a17ae | 2474 | ok = 0; |
2475 | psize = p_end - p_pnt; | |
2476 | } | |
2477 | ||
2478 | if (psize > 0) | |
2479 | memcpy(&orfp.p.u.prefix, p_pnt, | |
2480 | psize); | |
2481 | p_pnt += psize; | |
2482 | ||
2483 | if (bgp_debug_neighbor_events(peer)) { | |
2484 | char buf[INET6_BUFSIZ]; | |
2485 | ||
2486 | zlog_debug( | |
f70c91dc DA |
2487 | "%pBP rcvd %s %s seq %u %s/%d ge %d le %d%s", |
2488 | peer, | |
d62a17ae | 2489 | (common & ORF_COMMON_PART_REMOVE |
2490 | ? "Remove" | |
2491 | : "Add"), | |
2492 | (common & ORF_COMMON_PART_DENY | |
2493 | ? "deny" | |
2494 | : "permit"), | |
2495 | orfp.seq, | |
2496 | inet_ntop( | |
2497 | orfp.p.family, | |
2498 | &orfp.p.u.prefix, | |
2499 | buf, | |
2500 | INET6_BUFSIZ), | |
2501 | orfp.p.prefixlen, | |
2502 | orfp.ge, orfp.le, | |
2503 | ok ? "" : " MALFORMED"); | |
2504 | } | |
2505 | ||
2506 | if (ok) | |
2507 | ret = prefix_bgp_orf_set( | |
2508 | name, afi, &orfp, | |
2509 | (common & ORF_COMMON_PART_DENY | |
2510 | ? 0 | |
2511 | : 1), | |
2512 | (common & ORF_COMMON_PART_REMOVE | |
2513 | ? 0 | |
2514 | : 1)); | |
2515 | ||
2516 | if (!ok || (ok && ret != CMD_SUCCESS)) { | |
2517 | zlog_info( | |
f70c91dc DA |
2518 | "%pBP Received misformatted prefixlist ORF. Remove All pfxlist", |
2519 | peer); | |
d62a17ae | 2520 | prefix_bgp_orf_remove_all(afi, |
2521 | name); | |
2522 | break; | |
2523 | } | |
2524 | } | |
2525 | ||
2526 | peer->orf_plist[afi][safi] = | |
2527 | prefix_bgp_orf_lookup(afi, name); | |
2528 | } | |
2529 | stream_forward_getp(s, orf_len); | |
718e3744 | 2530 | } |
d62a17ae | 2531 | if (bgp_debug_neighbor_events(peer)) |
f70c91dc | 2532 | zlog_debug("%pBP rcvd Refresh %s ORF request", peer, |
d62a17ae | 2533 | when_to_refresh == REFRESH_DEFER |
2534 | ? "Defer" | |
2535 | : "Immediate"); | |
2536 | if (when_to_refresh == REFRESH_DEFER) | |
d8151687 | 2537 | return BGP_PACKET_NOOP; |
d62a17ae | 2538 | } |
40d2700d | 2539 | |
d62a17ae | 2540 | /* First update is deferred until ORF or ROUTE-REFRESH is received */ |
2541 | if (CHECK_FLAG(peer->af_sflags[afi][safi], | |
2542 | PEER_STATUS_ORF_WAIT_REFRESH)) | |
2543 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
2544 | PEER_STATUS_ORF_WAIT_REFRESH); | |
2545 | ||
2546 | paf = peer_af_find(peer, afi, safi); | |
2547 | if (paf && paf->subgroup) { | |
2548 | if (peer->orf_plist[afi][safi]) { | |
2549 | updgrp = PAF_UPDGRP(paf); | |
2550 | updgrp_peer = UPDGRP_PEER(updgrp); | |
2551 | updgrp_peer->orf_plist[afi][safi] = | |
2552 | peer->orf_plist[afi][safi]; | |
2553 | } | |
2554 | ||
2adac256 DA |
2555 | /* Avoid supressing duplicate routes later |
2556 | * when processing in subgroup_announce_table(). | |
2557 | */ | |
e1a32ec1 | 2558 | force_update = true; |
2adac256 | 2559 | |
d62a17ae | 2560 | /* If the peer is configured for default-originate clear the |
2561 | * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will | |
2562 | * re-advertise the | |
2563 | * default | |
2564 | */ | |
2565 | if (CHECK_FLAG(paf->subgroup->sflags, | |
2566 | SUBGRP_STATUS_DEFAULT_ORIGINATE)) | |
2567 | UNSET_FLAG(paf->subgroup->sflags, | |
2568 | SUBGRP_STATUS_DEFAULT_ORIGINATE); | |
718e3744 | 2569 | } |
d62a17ae | 2570 | |
9af52ccf DA |
2571 | if (subtype == BGP_ROUTE_REFRESH_BORR) { |
2572 | /* A BGP speaker that has received the Graceful Restart | |
2573 | * Capability from its neighbor MUST ignore any BoRRs for | |
2574 | * an <AFI, SAFI> from the neighbor before the speaker | |
2575 | * receives the EoR for the given <AFI, SAFI> from the | |
2576 | * neighbor. | |
2577 | */ | |
2578 | if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) | |
2579 | && !CHECK_FLAG(peer->af_sflags[afi][safi], | |
2580 | PEER_STATUS_EOR_RECEIVED)) { | |
2581 | if (bgp_debug_neighbor_events(peer)) | |
2582 | zlog_debug( | |
f70c91dc DA |
2583 | "%pBP rcvd route-refresh (BoRR) for %s/%s before EoR", |
2584 | peer, afi2str(afi), safi2str(safi)); | |
9af52ccf DA |
2585 | return BGP_PACKET_NOOP; |
2586 | } | |
2587 | ||
2588 | if (peer->t_refresh_stalepath) { | |
2589 | if (bgp_debug_neighbor_events(peer)) | |
2590 | zlog_debug( | |
f70c91dc DA |
2591 | "%pBP rcvd route-refresh (BoRR) for %s/%s, whereas BoRR already received", |
2592 | peer, afi2str(afi), safi2str(safi)); | |
9af52ccf DA |
2593 | return BGP_PACKET_NOOP; |
2594 | } | |
2595 | ||
2596 | SET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_BORR_RECEIVED); | |
2597 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
2598 | PEER_STATUS_EORR_RECEIVED); | |
2599 | ||
2600 | /* When a BGP speaker receives a BoRR message from | |
2601 | * a peer, it MUST mark all the routes with the given | |
2602 | * Address Family Identifier and Subsequent Address | |
2603 | * Family Identifier, <AFI, SAFI> [RFC2918], from | |
2604 | * that peer as stale. | |
2605 | */ | |
2606 | if (peer_active_nego(peer)) { | |
2607 | SET_FLAG(peer->af_sflags[afi][safi], | |
2608 | PEER_STATUS_ENHANCED_REFRESH); | |
2609 | bgp_set_stale_route(peer, afi, safi); | |
2610 | } | |
2611 | ||
feb17238 | 2612 | if (peer_established(peer)) |
9af52ccf DA |
2613 | thread_add_timer(bm->master, |
2614 | bgp_refresh_stalepath_timer_expire, | |
2615 | paf, peer->bgp->stalepath_time, | |
2616 | &peer->t_refresh_stalepath); | |
2617 | ||
2618 | if (bgp_debug_neighbor_events(peer)) | |
2619 | zlog_debug( | |
f70c91dc DA |
2620 | "%pBP rcvd route-refresh (BoRR) for %s/%s, triggering timer for %u seconds", |
2621 | peer, afi2str(afi), safi2str(safi), | |
9af52ccf DA |
2622 | peer->bgp->stalepath_time); |
2623 | } else if (subtype == BGP_ROUTE_REFRESH_EORR) { | |
2624 | if (!peer->t_refresh_stalepath) { | |
2625 | zlog_err( | |
f70c91dc DA |
2626 | "%pBP rcvd route-refresh (EoRR) for %s/%s, whereas no BoRR received", |
2627 | peer, afi2str(afi), safi2str(safi)); | |
9af52ccf DA |
2628 | return BGP_PACKET_NOOP; |
2629 | } | |
2630 | ||
fa5806c3 | 2631 | THREAD_OFF(peer->t_refresh_stalepath); |
9af52ccf DA |
2632 | |
2633 | SET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EORR_RECEIVED); | |
2634 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
2635 | PEER_STATUS_BORR_RECEIVED); | |
2636 | ||
2637 | if (bgp_debug_neighbor_events(peer)) | |
2638 | zlog_debug( | |
f70c91dc DA |
2639 | "%pBP rcvd route-refresh (EoRR) for %s/%s, stopping BoRR timer", |
2640 | peer, afi2str(afi), safi2str(safi)); | |
9af52ccf DA |
2641 | |
2642 | if (peer->nsf[afi][safi]) | |
2643 | bgp_clear_stale_route(peer, afi, safi); | |
2644 | } else { | |
bcbeb3f9 | 2645 | if (bgp_debug_neighbor_events(peer)) |
a7d91a8c | 2646 | zlog_debug( |
f70c91dc DA |
2647 | "%pBP rcvd route-refresh (REQUEST) for %s/%s", |
2648 | peer, afi2str(afi), safi2str(safi)); | |
bcbeb3f9 | 2649 | |
9af52ccf DA |
2650 | /* In response to a "normal route refresh request" from the |
2651 | * peer, the speaker MUST send a BoRR message. | |
2652 | */ | |
2653 | if (CHECK_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV)) { | |
2654 | /* For a BGP speaker that supports the BGP Graceful | |
2655 | * Restart, it MUST NOT send a BoRR for an <AFI, SAFI> | |
2656 | * to a neighbor before it sends the EoR for the | |
2657 | * <AFI, SAFI> to the neighbor. | |
2658 | */ | |
2659 | if (!CHECK_FLAG(peer->af_sflags[afi][safi], | |
2660 | PEER_STATUS_EOR_SEND)) { | |
2661 | if (bgp_debug_neighbor_events(peer)) | |
2662 | zlog_debug( | |
f70c91dc DA |
2663 | "%pBP rcvd route-refresh (REQUEST) for %s/%s before EoR", |
2664 | peer, afi2str(afi), | |
2665 | safi2str(safi)); | |
a783cc05 XL |
2666 | /* Can't send BoRR now, postpone after EoR */ |
2667 | SET_FLAG(peer->af_sflags[afi][safi], | |
2668 | PEER_STATUS_REFRESH_PENDING); | |
9af52ccf DA |
2669 | return BGP_PACKET_NOOP; |
2670 | } | |
2671 | ||
2672 | bgp_route_refresh_send(peer, afi, safi, 0, 0, 0, | |
2673 | BGP_ROUTE_REFRESH_BORR); | |
2674 | ||
2675 | if (bgp_debug_neighbor_events(peer)) | |
2676 | zlog_debug( | |
f70c91dc DA |
2677 | "%pBP sending route-refresh (BoRR) for %s/%s", |
2678 | peer, afi2str(afi), safi2str(safi)); | |
9af52ccf DA |
2679 | |
2680 | /* Set flag Ready-To-Send to know when we can send EoRR | |
2681 | * message. | |
2682 | */ | |
2683 | SET_FLAG(peer->af_sflags[afi][safi], | |
2684 | PEER_STATUS_BORR_SEND); | |
2685 | UNSET_FLAG(peer->af_sflags[afi][safi], | |
2686 | PEER_STATUS_EORR_SEND); | |
2687 | } | |
2688 | } | |
2689 | ||
d62a17ae | 2690 | /* Perform route refreshment to the peer */ |
e1a32ec1 | 2691 | bgp_announce_route(peer, afi, safi, force_update); |
d8151687 QY |
2692 | |
2693 | /* No FSM action necessary */ | |
2694 | return BGP_PACKET_NOOP; | |
718e3744 | 2695 | } |
2696 | ||
d8151687 QY |
2697 | /** |
2698 | * Parse BGP CAPABILITY message for peer. | |
2699 | * | |
2700 | * @param peer | |
2701 | * @param size size of the packet | |
2702 | * @return as in summary | |
2703 | */ | |
d7c0a89a | 2704 | static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt, |
d62a17ae | 2705 | bgp_size_t length) |
718e3744 | 2706 | { |
d7c0a89a | 2707 | uint8_t *end; |
d62a17ae | 2708 | struct capability_mp_data mpc; |
2709 | struct capability_header *hdr; | |
d7c0a89a | 2710 | uint8_t action; |
d62a17ae | 2711 | iana_afi_t pkt_afi; |
2712 | afi_t afi; | |
5c525538 RW |
2713 | iana_safi_t pkt_safi; |
2714 | safi_t safi; | |
d62a17ae | 2715 | |
2716 | end = pnt + length; | |
2717 | ||
2718 | while (pnt < end) { | |
2719 | /* We need at least action, capability code and capability | |
2720 | * length. */ | |
2721 | if (pnt + 3 > end) { | |
2722 | zlog_info("%s Capability length error", peer->host); | |
0e35025e DA |
2723 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, |
2724 | BGP_NOTIFY_SUBCODE_UNSPECIFIC); | |
d8151687 | 2725 | return BGP_Stop; |
d62a17ae | 2726 | } |
2727 | action = *pnt; | |
2728 | hdr = (struct capability_header *)(pnt + 1); | |
2729 | ||
2730 | /* Action value check. */ | |
2731 | if (action != CAPABILITY_ACTION_SET | |
2732 | && action != CAPABILITY_ACTION_UNSET) { | |
2733 | zlog_info("%s Capability Action Value error %d", | |
2734 | peer->host, action); | |
0e35025e DA |
2735 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, |
2736 | BGP_NOTIFY_SUBCODE_UNSPECIFIC); | |
d8151687 | 2737 | return BGP_Stop; |
d62a17ae | 2738 | } |
2739 | ||
2740 | if (bgp_debug_neighbor_events(peer)) | |
2741 | zlog_debug( | |
2742 | "%s CAPABILITY has action: %d, code: %u, length %u", | |
2743 | peer->host, action, hdr->code, hdr->length); | |
2744 | ||
ff6db102 DS |
2745 | if (hdr->length < sizeof(struct capability_mp_data)) { |
2746 | zlog_info( | |
2747 | "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d", | |
2748 | peer, sizeof(struct capability_mp_data), | |
2749 | hdr->length); | |
2750 | return BGP_Stop; | |
2751 | } | |
2752 | ||
d62a17ae | 2753 | /* Capability length check. */ |
2754 | if ((pnt + hdr->length + 3) > end) { | |
2755 | zlog_info("%s Capability length error", peer->host); | |
0e35025e DA |
2756 | bgp_notify_send(peer, BGP_NOTIFY_CEASE, |
2757 | BGP_NOTIFY_SUBCODE_UNSPECIFIC); | |
d8151687 | 2758 | return BGP_Stop; |
d62a17ae | 2759 | } |
2760 | ||
2761 | /* Fetch structure to the byte stream. */ | |
2762 | memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data)); | |
d2b6417b | 2763 | pnt += hdr->length + 3; |
d62a17ae | 2764 | |
2765 | /* We know MP Capability Code. */ | |
2766 | if (hdr->code == CAPABILITY_CODE_MP) { | |
2767 | pkt_afi = ntohs(mpc.afi); | |
2768 | pkt_safi = mpc.safi; | |
2769 | ||
2770 | /* Ignore capability when override-capability is set. */ | |
2771 | if (CHECK_FLAG(peer->flags, | |
2772 | PEER_FLAG_OVERRIDE_CAPABILITY)) | |
2773 | continue; | |
2774 | ||
2775 | /* Convert AFI, SAFI to internal values. */ | |
2776 | if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, | |
2777 | &safi)) { | |
2778 | if (bgp_debug_neighbor_events(peer)) | |
2779 | zlog_debug( | |
3efd0893 | 2780 | "%s Dynamic Capability MP_EXT afi/safi invalid (%s/%s)", |
748a041f DS |
2781 | peer->host, |
2782 | iana_afi2str(pkt_afi), | |
2783 | iana_safi2str(pkt_safi)); | |
d62a17ae | 2784 | continue; |
2785 | } | |
2786 | ||
2787 | /* Address family check. */ | |
2788 | if (bgp_debug_neighbor_events(peer)) | |
2789 | zlog_debug( | |
c386cdd8 | 2790 | "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s", |
d62a17ae | 2791 | peer->host, |
2792 | action == CAPABILITY_ACTION_SET | |
2793 | ? "Advertising" | |
2794 | : "Removing", | |
c386cdd8 DA |
2795 | iana_afi2str(pkt_afi), |
2796 | iana_safi2str(pkt_safi)); | |
d62a17ae | 2797 | |
2798 | if (action == CAPABILITY_ACTION_SET) { | |
2799 | peer->afc_recv[afi][safi] = 1; | |
2800 | if (peer->afc[afi][safi]) { | |
2801 | peer->afc_nego[afi][safi] = 1; | |
e1a32ec1 DS |
2802 | bgp_announce_route(peer, afi, safi, |
2803 | false); | |
d62a17ae | 2804 | } |
2805 | } else { | |
2806 | peer->afc_recv[afi][safi] = 0; | |
2807 | peer->afc_nego[afi][safi] = 0; | |
2808 | ||
2809 | if (peer_active_nego(peer)) | |
2810 | bgp_clear_route(peer, afi, safi); | |
2811 | else | |
d8151687 | 2812 | return BGP_Stop; |
d62a17ae | 2813 | } |
2814 | } else { | |
ade6974d | 2815 | flog_warn( |
e50f7cfd | 2816 | EC_BGP_UNRECOGNIZED_CAPABILITY, |
ade6974d QY |
2817 | "%s unrecognized capability code: %d - ignored", |
2818 | peer->host, hdr->code); | |
d62a17ae | 2819 | } |
d62a17ae | 2820 | } |
d8151687 QY |
2821 | |
2822 | /* No FSM action necessary */ | |
2823 | return BGP_PACKET_NOOP; | |
718e3744 | 2824 | } |
2825 | ||
d8151687 QY |
2826 | /** |
2827 | * Parse BGP CAPABILITY message for peer. | |
01b7ce2d | 2828 | * |
d8151687 QY |
2829 | * Exported for unit testing. |
2830 | * | |
2831 | * @param peer | |
2832 | * @param size size of the packet | |
2833 | * @return as in summary | |
01b7ce2d | 2834 | */ |
d62a17ae | 2835 | int bgp_capability_receive(struct peer *peer, bgp_size_t size) |
718e3744 | 2836 | { |
d7c0a89a | 2837 | uint8_t *pnt; |
d62a17ae | 2838 | |
2839 | /* Fetch pointer. */ | |
424ab01d | 2840 | pnt = stream_pnt(peer->curr); |
d62a17ae | 2841 | |
2842 | if (bgp_debug_neighbor_events(peer)) | |
2843 | zlog_debug("%s rcv CAPABILITY", peer->host); | |
2844 | ||
2845 | /* If peer does not have the capability, send notification. */ | |
2846 | if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) { | |
e50f7cfd | 2847 | flog_err(EC_BGP_NO_CAP, |
1c50c1c0 QY |
2848 | "%s [Error] BGP dynamic capability is not enabled", |
2849 | peer->host); | |
d62a17ae | 2850 | bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, |
2851 | BGP_NOTIFY_HEADER_BAD_MESTYPE); | |
d8151687 | 2852 | return BGP_Stop; |
d62a17ae | 2853 | } |
2854 | ||
2855 | /* Status must be Established. */ | |
feb17238 | 2856 | if (!peer_established(peer)) { |
af4c2728 | 2857 | flog_err( |
e50f7cfd | 2858 | EC_BGP_NO_CAP, |
d62a17ae | 2859 | "%s [Error] Dynamic capability packet received under status %s", |
2860 | peer->host, | |
2861 | lookup_msg(bgp_status_msg, peer->status, NULL)); | |
0e35025e | 2862 | bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, |
3893aeee | 2863 | bgp_fsm_error_subcode(peer->status)); |
d8151687 | 2864 | return BGP_Stop; |
d62a17ae | 2865 | } |
2866 | ||
2867 | /* Parse packet. */ | |
2868 | return bgp_capability_msg_parse(peer, pnt, size); | |
718e3744 | 2869 | } |
6b0655a2 | 2870 | |
d8151687 QY |
2871 | /** |
2872 | * Processes a peer's input buffer. | |
2873 | * | |
2874 | * This function sidesteps the event loop and directly calls bgp_event_update() | |
2875 | * after processing each BGP message. This is necessary to ensure proper | |
2876 | * ordering of FSM events and unifies the behavior that was present previously, | |
2877 | * whereby some of the packet handling functions would update the FSM and some | |
2878 | * would not, making event flow difficult to understand. Please think twice | |
2879 | * before hacking this. | |
2880 | * | |
2881 | * Thread type: THREAD_EVENT | |
2882 | * @param thread | |
2883 | * @return 0 | |
2884 | */ | |
cc9f21da | 2885 | void bgp_process_packet(struct thread *thread) |
718e3744 | 2886 | { |
424ab01d | 2887 | /* Yes first of all get peer pointer. */ |
d8151687 QY |
2888 | struct peer *peer; // peer |
2889 | uint32_t rpkt_quanta_old; // how many packets to read | |
2890 | int fsm_update_result; // return code of bgp_event_update() | |
2891 | int mprc; // message processing return code | |
555e09d4 | 2892 | |
424ab01d | 2893 | peer = THREAD_ARG(thread); |
555e09d4 QY |
2894 | rpkt_quanta_old = atomic_load_explicit(&peer->bgp->rpkt_quanta, |
2895 | memory_order_relaxed); | |
e3c7270d | 2896 | fsm_update_result = 0; |
555e09d4 | 2897 | |
424ab01d | 2898 | /* Guard against scheduled events that occur after peer deletion. */ |
9eb217ff | 2899 | if (peer->status == Deleted || peer->status == Clearing) |
cc9f21da | 2900 | return; |
718e3744 | 2901 | |
555e09d4 | 2902 | unsigned int processed = 0; |
d62a17ae | 2903 | |
555e09d4 | 2904 | while (processed < rpkt_quanta_old) { |
d7c0a89a | 2905 | uint8_t type = 0; |
9eb217ff QY |
2906 | bgp_size_t size; |
2907 | char notify_data_length[2]; | |
d62a17ae | 2908 | |
cb1991af | 2909 | frr_with_mutex (&peer->io_mtx) { |
9eb217ff QY |
2910 | peer->curr = stream_fifo_pop(peer->ibuf); |
2911 | } | |
d62a17ae | 2912 | |
9eb217ff | 2913 | if (peer->curr == NULL) // no packets to process, hmm... |
cc9f21da | 2914 | return; |
d62a17ae | 2915 | |
9eb217ff QY |
2916 | /* skip the marker and copy the packet length */ |
2917 | stream_forward_getp(peer->curr, BGP_MARKER_SIZE); | |
2918 | memcpy(notify_data_length, stream_pnt(peer->curr), 2); | |
2919 | ||
2920 | /* read in the packet length and type */ | |
2921 | size = stream_getw(peer->curr); | |
2922 | type = stream_getc(peer->curr); | |
2923 | ||
584470fb | 2924 | hook_call(bgp_packet_dump, peer, type, size, peer->curr); |
9eb217ff QY |
2925 | |
2926 | /* adjust size to exclude the marker + length + type */ | |
2927 | size -= BGP_HEADER_SIZE; | |
2928 | ||
2929 | /* Read rest of the packet and call each sort of packet routine | |
2930 | */ | |
2931 | switch (type) { | |
2932 | case BGP_MSG_OPEN: | |
c7bb4f00 | 2933 | frrtrace(2, frr_bgp, open_process, peer, size); |
0112e9e0 QY |
2934 | atomic_fetch_add_explicit(&peer->open_in, 1, |
2935 | memory_order_relaxed); | |
d8151687 QY |
2936 | mprc = bgp_open_receive(peer, size); |
2937 | if (mprc == BGP_Stop) | |
af4c2728 | 2938 | flog_err( |
e50f7cfd | 2939 | EC_BGP_PKT_OPEN, |
d8151687 | 2940 | "%s: BGP OPEN receipt failed for peer: %s", |
0767b4f3 | 2941 | __func__, peer->host); |
9eb217ff QY |
2942 | break; |
2943 | case BGP_MSG_UPDATE: | |
c7bb4f00 | 2944 | frrtrace(2, frr_bgp, update_process, peer, size); |
0112e9e0 QY |
2945 | atomic_fetch_add_explicit(&peer->update_in, 1, |
2946 | memory_order_relaxed); | |
9eb217ff | 2947 | peer->readtime = monotime(NULL); |
d8151687 QY |
2948 | mprc = bgp_update_receive(peer, size); |
2949 | if (mprc == BGP_Stop) | |
af4c2728 | 2950 | flog_err( |
e50f7cfd | 2951 | EC_BGP_UPDATE_RCV, |
d8151687 | 2952 | "%s: BGP UPDATE receipt failed for peer: %s", |
0767b4f3 | 2953 | __func__, peer->host); |
9eb217ff QY |
2954 | break; |
2955 | case BGP_MSG_NOTIFY: | |
c7bb4f00 | 2956 | frrtrace(2, frr_bgp, notification_process, peer, size); |
0112e9e0 QY |
2957 | atomic_fetch_add_explicit(&peer->notify_in, 1, |
2958 | memory_order_relaxed); | |
d8151687 QY |
2959 | mprc = bgp_notify_receive(peer, size); |
2960 | if (mprc == BGP_Stop) | |
af4c2728 | 2961 | flog_err( |
e50f7cfd | 2962 | EC_BGP_NOTIFY_RCV, |
d8151687 | 2963 | "%s: BGP NOTIFY receipt failed for peer: %s", |
0767b4f3 | 2964 | __func__, peer->host); |
9eb217ff QY |
2965 | break; |
2966 | case BGP_MSG_KEEPALIVE: | |
c7bb4f00 | 2967 | frrtrace(2, frr_bgp, keepalive_process, peer, size); |
9eb217ff | 2968 | peer->readtime = monotime(NULL); |
0112e9e0 QY |
2969 | atomic_fetch_add_explicit(&peer->keepalive_in, 1, |
2970 | memory_order_relaxed); | |
d8151687 QY |
2971 | mprc = bgp_keepalive_receive(peer, size); |
2972 | if (mprc == BGP_Stop) | |
af4c2728 | 2973 | flog_err( |
e50f7cfd | 2974 | EC_BGP_KEEP_RCV, |
d8151687 | 2975 | "%s: BGP KEEPALIVE receipt failed for peer: %s", |
0767b4f3 | 2976 | __func__, peer->host); |
9eb217ff QY |
2977 | break; |
2978 | case BGP_MSG_ROUTE_REFRESH_NEW: | |
2979 | case BGP_MSG_ROUTE_REFRESH_OLD: | |
c7bb4f00 | 2980 | frrtrace(2, frr_bgp, refresh_process, peer, size); |
0112e9e0 QY |
2981 | atomic_fetch_add_explicit(&peer->refresh_in, 1, |
2982 | memory_order_relaxed); | |
d8151687 QY |
2983 | mprc = bgp_route_refresh_receive(peer, size); |
2984 | if (mprc == BGP_Stop) | |
af4c2728 | 2985 | flog_err( |
e50f7cfd | 2986 | EC_BGP_RFSH_RCV, |
d8151687 | 2987 | "%s: BGP ROUTEREFRESH receipt failed for peer: %s", |
0767b4f3 | 2988 | __func__, peer->host); |
9eb217ff QY |
2989 | break; |
2990 | case BGP_MSG_CAPABILITY: | |
c7bb4f00 | 2991 | frrtrace(2, frr_bgp, capability_process, peer, size); |
0112e9e0 QY |
2992 | atomic_fetch_add_explicit(&peer->dynamic_cap_in, 1, |
2993 | memory_order_relaxed); | |
d8151687 QY |
2994 | mprc = bgp_capability_receive(peer, size); |
2995 | if (mprc == BGP_Stop) | |
af4c2728 | 2996 | flog_err( |
e50f7cfd | 2997 | EC_BGP_CAP_RCV, |
d8151687 | 2998 | "%s: BGP CAPABILITY receipt failed for peer: %s", |
0767b4f3 | 2999 | __func__, peer->host); |
9eb217ff | 3000 | break; |
e3c7270d | 3001 | default: |
db878db0 QY |
3002 | /* Suppress uninitialized variable warning */ |
3003 | mprc = 0; | |
5041dc4f | 3004 | (void)mprc; |
becedef6 QY |
3005 | /* |
3006 | * The message type should have been sanitized before | |
3007 | * we ever got here. Receipt of a message with an | |
3008 | * invalid header at this point is indicative of a | |
3009 | * security issue. | |
3010 | */ | |
e3c7270d | 3011 | assert (!"Message of invalid type received during input processing"); |
9eb217ff QY |
3012 | } |
3013 | ||
d8151687 QY |
3014 | /* delete processed packet */ |
3015 | stream_free(peer->curr); | |
3016 | peer->curr = NULL; | |
3017 | processed++; | |
9eb217ff | 3018 | |
d8151687 QY |
3019 | /* Update FSM */ |
3020 | if (mprc != BGP_PACKET_NOOP) | |
3021 | fsm_update_result = bgp_event_update(peer, mprc); | |
e3c7270d QY |
3022 | else |
3023 | continue; | |
d8151687 | 3024 | |
becedef6 QY |
3025 | /* |
3026 | * If peer was deleted, do not process any more packets. This | |
3027 | * is usually due to executing BGP_Stop or a stub deletion. | |
3028 | */ | |
d8151687 QY |
3029 | if (fsm_update_result == FSM_PEER_TRANSFERRED |
3030 | || fsm_update_result == FSM_PEER_STOPPED) | |
3031 | break; | |
d62a17ae | 3032 | } |
3033 | ||
d8151687 QY |
3034 | if (fsm_update_result != FSM_PEER_TRANSFERRED |
3035 | && fsm_update_result != FSM_PEER_STOPPED) { | |
cb1991af | 3036 | frr_with_mutex (&peer->io_mtx) { |
becedef6 QY |
3037 | // more work to do, come back later |
3038 | if (peer->ibuf->count > 0) | |
e0d550df | 3039 | thread_add_event( |
4af76660 QY |
3040 | bm->master, bgp_process_packet, peer, 0, |
3041 | &peer->t_process_packet); | |
d8151687 | 3042 | } |
718e3744 | 3043 | } |
718e3744 | 3044 | } |
9e3b51a7 | 3045 | |
3046 | /* Send EOR when routes are processed by selection deferral timer */ | |
3047 | void bgp_send_delayed_eor(struct bgp *bgp) | |
3048 | { | |
3049 | struct peer *peer; | |
3050 | struct listnode *node, *nnode; | |
3051 | ||
3052 | /* EOR message sent in bgp_write_proceed_actions */ | |
3053 | for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) | |
3054 | bgp_write_proceed_actions(peer); | |
3055 | } | |
6af96fa3 MS |
3056 | |
3057 | /* | |
3058 | * Task callback to handle socket error encountered in the io pthread. We avoid | |
3059 | * having the io pthread try to enqueue fsm events or mess with the peer | |
3060 | * struct. | |
3061 | */ | |
cc9f21da | 3062 | void bgp_packet_process_error(struct thread *thread) |
6af96fa3 MS |
3063 | { |
3064 | struct peer *peer; | |
3065 | int code; | |
3066 | ||
3067 | peer = THREAD_ARG(thread); | |
3068 | code = THREAD_VAL(thread); | |
3069 | ||
3070 | if (bgp_debug_neighbor_events(peer)) | |
3071 | zlog_debug("%s [Event] BGP error %d on fd %d", | |
046bb347 | 3072 | peer->host, code, peer->fd); |
6af96fa3 MS |
3073 | |
3074 | /* Closed connection or error on the socket */ | |
feb17238 | 3075 | if (peer_established(peer)) { |
6af96fa3 MS |
3076 | if ((CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART) |
3077 | || CHECK_FLAG(peer->flags, | |
3078 | PEER_FLAG_GRACEFUL_RESTART_HELPER)) | |
3079 | && CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) { | |
3080 | peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION; | |
3081 | SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT); | |
3082 | } else | |
3083 | peer->last_reset = PEER_DOWN_CLOSE_SESSION; | |
3084 | } | |
3085 | ||
3086 | bgp_event_update(peer, code); | |
6af96fa3 | 3087 | } |