]> git.proxmox.com Git - mirror_frr.git/blame - bgpd/bgp_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
*: reindent
[mirror_frr.git] / bgpd / bgp_packet.c
CommitLineData
718e3744 1/* BGP packet management routine.
896014f4
DL		 2 * Copyright (C) 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
718e3744 20
21#include <zebra.h>
22
23#include "thread.h"
24#include "stream.h"
25#include "network.h"
26#include "prefix.h"
27#include "command.h"
28#include "log.h"
29#include "memory.h"
d62a17ae 30#include "sockunion.h" /* for inet_ntop () */
baa376fc 31#include "sockopt.h"
718e3744 32#include "linklist.h"
33#include "plist.h"
3f9c7369 34#include "queue.h"
039f3a34 35#include "filter.h"
718e3744 36
37#include "bgpd/bgpd.h"
38#include "bgpd/bgp_table.h"
39#include "bgpd/bgp_dump.h"
40#include "bgpd/bgp_attr.h"
41#include "bgpd/bgp_debug.h"
42#include "bgpd/bgp_fsm.h"
43#include "bgpd/bgp_route.h"
44#include "bgpd/bgp_packet.h"
45#include "bgpd/bgp_open.h"
46#include "bgpd/bgp_aspath.h"
47#include "bgpd/bgp_community.h"
48#include "bgpd/bgp_ecommunity.h"
57d187bc 49#include "bgpd/bgp_lcommunity.h"
718e3744 50#include "bgpd/bgp_network.h"
51#include "bgpd/bgp_mplsvpn.h"
7ef5a232 52#include "bgpd/bgp_evpn.h"
718e3744 53#include "bgpd/bgp_advertise.h"
93406d87 54#include "bgpd/bgp_vty.h"
3f9c7369 55#include "bgpd/bgp_updgrp.h"
cd1964ff 56#include "bgpd/bgp_label.h"
718e3744 57
718e3744 58/* Set up BGP packet marker and packet type. */
d62a17ae 59int bgp_packet_set_marker(struct stream *s, u_char type)
718e3744 60{
d62a17ae 61 int i;
718e3744 62
d62a17ae 63 /* Fill in marker. */
64 for (i = 0; i < BGP_MARKER_SIZE; i++)
65 stream_putc(s, 0xff);
718e3744 66
d62a17ae 67 /* Dummy total length. This field is should be filled in later on. */
68 stream_putw(s, 0);
718e3744 69
d62a17ae 70 /* BGP packet type. */
71 stream_putc(s, type);
718e3744 72
d62a17ae 73 /* Return current stream size. */
74 return stream_get_endp(s);
718e3744 75}
76
77/* Set BGP packet header size entry. If size is zero then use current
78 stream size. */
d62a17ae 79int bgp_packet_set_size(struct stream *s)
718e3744 80{
d62a17ae 81 int cp;
718e3744 82
d62a17ae 83 /* Preserve current pointer. */
84 cp = stream_get_endp(s);
85 stream_putw_at(s, BGP_MARKER_SIZE, cp);
718e3744 86
d62a17ae 87 return cp;
718e3744 88}
89
90/* Add new packet to the peer. */
d62a17ae 91void bgp_packet_add(struct peer *peer, struct stream *s)
718e3744 92{
d62a17ae 93 /* Add packet to the end of list. */
94 stream_fifo_push(peer->obuf, s);
718e3744 95}
96
97/* Free first packet. */
d62a17ae 98static void bgp_packet_delete(struct peer *peer)
718e3744 99{
d62a17ae 100 stream_free(stream_fifo_pop(peer->obuf));
718e3744 101}
102
718e3744 103/* Check file descriptor whether connect is established. */
d62a17ae 104int bgp_connect_check(struct peer *peer, int change_state)
718e3744 105{
d62a17ae 106 int status;
107 socklen_t slen;
108 int ret;
109
110 /* Anyway I have to reset read and write thread. */
111 BGP_READ_OFF(peer->t_read);
112 BGP_WRITE_OFF(peer->t_write);
113
114 /* Check file descriptor. */
115 slen = sizeof(status);
116 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *)&status,
117 &slen);
118
119 /* If getsockopt is fail, this is fatal error. */
120 if (ret < 0) {
121 zlog_info("can't get sockopt for nonblocking connect");
122 BGP_EVENT_ADD(peer, TCP_fatal_error);
123 return -1;
124 }
125
126 /* When status is 0 then TCP connection is established. */
127 if (status == 0) {
128 BGP_EVENT_ADD(peer, TCP_connection_open);
129 return 1;
130 } else {
131 if (bgp_debug_neighbor_events(peer))
132 zlog_debug("%s [Event] Connect failed (%s)", peer->host,
133 safe_strerror(errno));
134 if (change_state)
135 BGP_EVENT_ADD(peer, TCP_connection_open_failed);
136 return 0;
137 }
718e3744 138}
139
d62a17ae 140static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi,
141 safi_t safi)
93406d87 142{
d62a17ae 143 struct stream *s;
144 iana_afi_t pkt_afi;
145 safi_t pkt_safi;
146
147 if (DISABLE_BGP_ANNOUNCE)
148 return NULL;
149
150 if (bgp_debug_neighbor_events(peer))
151 zlog_debug("send End-of-RIB for %s to %s",
152 afi_safi_print(afi, safi), peer->host);
153
154 s = stream_new(BGP_MAX_PACKET_SIZE);
155
156 /* Make BGP update packet. */
157 bgp_packet_set_marker(s, BGP_MSG_UPDATE);
158
159 /* Unfeasible Routes Length */
160 stream_putw(s, 0);
161
162 if (afi == AFI_IP && safi == SAFI_UNICAST) {
163 /* Total Path Attribute Length */
164 stream_putw(s, 0);
165 } else {
166 /* Convert AFI, SAFI to values for packet. */
167 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
168
169 /* Total Path Attribute Length */
170 stream_putw(s, 6);
171 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
172 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
173 stream_putc(s, 3);
174 stream_putw(s, pkt_afi);
175 stream_putc(s, pkt_safi);
176 }
177
178 bgp_packet_set_size(s);
179 bgp_packet_add(peer, s);
180 return s;
718e3744 181}
182
718e3744 183/* Get next packet to be written. */
d62a17ae 184static struct stream *bgp_write_packet(struct peer *peer)
718e3744 185{
d62a17ae 186 struct stream *s = NULL;
187 struct peer_af *paf;
188 struct bpacket *next_pkt;
189 afi_t afi;
190 safi_t safi;
191
192 s = stream_fifo_head(peer->obuf);
193 if (s)
194 return s;
195
196 /*
197 * The code beyond this part deals with update packets, proceed only
198 * if peer is Established and updates are not on hold (as part of
199 * update-delay post processing).
3f9c7369 200 */
d62a17ae 201 if (peer->status != Established)
202 return NULL;
203
204 if (peer->bgp && peer->bgp->main_peers_update_hold)
205 return NULL;
206
207 for (afi = AFI_IP; afi < AFI_MAX; afi++)
208 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
209 paf = peer_af_find(peer, afi, safi);
210 if (!paf || !PAF_SUBGRP(paf))
211 continue;
212 next_pkt = paf->next_pkt_to_send;
213
214 /* Try to generate a packet for the peer if we are at
215 * the end of
216 * the list. Always try to push out WITHDRAWs first. */
217 if (!next_pkt || !next_pkt->buffer) {
218 next_pkt = subgroup_withdraw_packet(
219 PAF_SUBGRP(paf));
220 if (!next_pkt || !next_pkt->buffer)
221 subgroup_update_packet(PAF_SUBGRP(paf));
222 next_pkt = paf->next_pkt_to_send;
223 }
224
225 /* If we still don't have a packet to send to the peer,
226 * then
227 * try to find out out if we have to send eor or if not,
228 * skip to
229 * the next AFI, SAFI.
230 * Don't send the EOR prematurely... if the subgroup's
231 * coalesce
232 * timer is running, the adjacency-out structure is not
233 * created
234 * yet.
235 */
236 if (!next_pkt || !next_pkt->buffer) {
237 if (CHECK_FLAG(peer->cap,
238 PEER_CAP_RESTART_RCV)) {
239 if (!(PAF_SUBGRP(paf))->t_coalesce
240 && peer->afc_nego[afi][safi]
241 && peer->synctime
242 && !CHECK_FLAG(
243 peer->af_sflags[afi]
244 [safi],
245 PEER_STATUS_EOR_SEND)) {
246 SET_FLAG(peer->af_sflags[afi]
247 [safi],
248 PEER_STATUS_EOR_SEND);
249 return bgp_update_packet_eor(
250 peer, afi, safi);
251 }
252 }
253 continue;
254 }
255
256
257 /*
258 * Found a packet template to send, overwrite packet
259 * with appropriate
260 * attributes from peer and advance peer
261 */
262 s = bpacket_reformat_for_peer(next_pkt, paf);
263 bpacket_queue_advance_peer(paf);
264 return s;
265 }
718e3744 266
d62a17ae 267 return NULL;
d889623f
DS		 268}
269
3f9c7369 270/* The next action for the peer from a write perspective */
d62a17ae 271static void bgp_write_proceed_actions(struct peer *peer)
d889623f 272{
d62a17ae 273 afi_t afi;
274 safi_t safi;
275 struct peer_af *paf;
276 struct bpacket *next_pkt;
277 int fullq_found = 0;
278 struct update_subgroup *subgrp;
279
280 if (stream_fifo_head(peer->obuf)) {
281 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
282 return;
283 }
284
285 for (afi = AFI_IP; afi < AFI_MAX; afi++)
286 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
287 paf = peer_af_find(peer, afi, safi);
288 if (!paf)
289 continue;
290 subgrp = paf->subgroup;
291 if (!subgrp)
292 continue;
293
294 next_pkt = paf->next_pkt_to_send;
295 if (next_pkt && next_pkt->buffer) {
296 BGP_WRITE_ON(peer->t_write, bgp_write,
297 peer->fd);
298 return;
299 }
300
301 /* No packets readily available for AFI/SAFI, are there
302 * subgroup packets
303 * that need to be generated? */
304 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
305 SUBGRP_PKTQ(subgrp)))
306 fullq_found = 1;
307 else if (subgroup_packets_to_build(subgrp)) {
308 BGP_WRITE_ON(peer->t_write, bgp_write,
309 peer->fd);
310 return;
311 }
312
313 /* No packets to send, see if EOR is pending */
314 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
315 if (!subgrp->t_coalesce
316 && peer->afc_nego[afi][safi]
317 && peer->synctime
318 && !CHECK_FLAG(peer->af_sflags[afi][safi],
319 PEER_STATUS_EOR_SEND)
320 && safi != SAFI_MPLS_VPN) {
321 BGP_WRITE_ON(peer->t_write, bgp_write,
322 peer->fd);
323 return;
324 }
325 }
326 }
327 if (fullq_found) {
328 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
329 return;
330 }
d889623f
DS		 331}
332
718e3744 333/* Write packet to the peer. */
d62a17ae 334int bgp_write(struct thread *thread)
718e3744 335{
d62a17ae 336 struct peer *peer;
337 u_char type;
338 struct stream *s;
339 int num;
340 int update_last_write = 0;
341 unsigned int count = 0;
342 unsigned int oc = 0;
343
344 /* Yes first of all get peer pointer. */
345 peer = THREAD_ARG(thread);
346 peer->t_write = NULL;
347
348 /* For non-blocking IO check. */
349 if (peer->status == Connect) {
350 bgp_connect_check(peer, 1);
351 return 0;
718e3744 352 }
35398589 353
d62a17ae 354 s = bgp_write_packet(peer);
355 if (!s) {
356 bgp_write_proceed_actions(peer);
357 return 0;
718e3744 358 }
359
d62a17ae 360 sockopt_cork(peer->fd, 1);
718e3744 361
d62a17ae 362 oc = peer->update_out;
718e3744 363
d62a17ae 364 /* Nonblocking write until TCP output buffer is full. */
365 do {
366 int writenum;
718e3744 367
d62a17ae 368 /* Number of bytes to be sent. */
369 writenum = stream_get_endp(s) - stream_get_getp(s);
718e3744 370
d62a17ae 371 /* Call write() system call. */
372 num = write(peer->fd, STREAM_PNT(s), writenum);
373 if (num < 0) {
374 /* write failed either retry needed or error */
375 if (ERRNO_IO_RETRY(errno))
376 break;
cb1faec9 377
d62a17ae 378 BGP_EVENT_ADD(peer, TCP_fatal_error);
379 return 0;
380 }
3a69f74a 381
d62a17ae 382 if (num != writenum) {
383 /* Partial write */
384 stream_forward_getp(s, num);
385 break;
386 }
1ba2a97a 387
d62a17ae 388 /* Retrieve BGP packet type. */
389 stream_set_getp(s, BGP_MARKER_SIZE + 2);
390 type = stream_getc(s);
391
392 switch (type) {
393 case BGP_MSG_OPEN:
394 peer->open_out++;
395 break;
396 case BGP_MSG_UPDATE:
397 peer->update_out++;
398 break;
399 case BGP_MSG_NOTIFY:
400 peer->notify_out++;
401 /* Double start timer. */
402 peer->v_start *= 2;
403
404 /* Overflow check. */
405 if (peer->v_start >= (60 * 2))
406 peer->v_start = (60 * 2);
407
408 /* Flush any existing events */
409 BGP_EVENT_ADD(peer, BGP_Stop);
410 goto done;
411
412 case BGP_MSG_KEEPALIVE:
413 peer->keepalive_out++;
414 break;
415 case BGP_MSG_ROUTE_REFRESH_NEW:
416 case BGP_MSG_ROUTE_REFRESH_OLD:
417 peer->refresh_out++;
418 break;
419 case BGP_MSG_CAPABILITY:
420 peer->dynamic_cap_out++;
421 break;
422 }
cb1faec9 423
d62a17ae 424 /* OK we send packet so delete it. */
425 bgp_packet_delete(peer);
426 update_last_write = 1;
427 } while (++count < peer->bgp->wpkt_quanta
428 && (s = bgp_write_packet(peer)) != NULL);
718e3744 429
d62a17ae 430 bgp_write_proceed_actions(peer);
718e3744 431
d62a17ae 432done:
433 /* Update last_update if UPDATEs were written. */
434 if (peer->update_out > oc)
435 peer->last_update = bgp_clock();
718e3744 436
d62a17ae 437 /* If we TXed any flavor of packet update last_write */
438 if (update_last_write)
439 peer->last_write = bgp_clock();
86998bc2 440
d62a17ae 441 sockopt_cork(peer->fd, 0);
442 return 0;
443}
8ff202e2 444
d62a17ae 445/* This is only for sending NOTIFICATION message to neighbor. */
446static int bgp_write_notify(struct peer *peer)
447{
448 int ret, val;
449 u_char type;
450 struct stream *s;
451
452 /* There should be at least one packet. */
453 s = stream_fifo_head(peer->obuf);
454 if (!s)
455 return 0;
456 assert(stream_get_endp(s) >= BGP_HEADER_SIZE);
457
458 /* Stop collecting data within the socket */
459 sockopt_cork(peer->fd, 0);
460
461 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
462 * we only care about getting a clean shutdown at this point. */
463 ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s));
464
465 /* only connection reset/close gets counted as TCP_fatal_error, failure
466 * to write the entire NOTIFY doesn't get different FSM treatment */
467 if (ret <= 0) {
468 BGP_EVENT_ADD(peer, TCP_fatal_error);
469 return 0;
470 }
718e3744 471
d62a17ae 472 /* Disable Nagle, make NOTIFY packet go out right away */
473 val = 1;
474 (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val,
475 sizeof(val));
86998bc2 476
d62a17ae 477 /* Retrieve BGP packet type. */
478 stream_set_getp(s, BGP_MARKER_SIZE + 2);
479 type = stream_getc(s);
718e3744 480
d62a17ae 481 assert(type == BGP_MSG_NOTIFY);
718e3744 482
d62a17ae 483 /* Type should be notify. */
484 peer->notify_out++;
718e3744 485
d62a17ae 486 /* Double start timer. */
487 peer->v_start *= 2;
718e3744 488
d62a17ae 489 /* Overflow check. */
490 if (peer->v_start >= (60 * 2))
491 peer->v_start = (60 * 2);
718e3744 492
d62a17ae 493 /* Handle Graceful Restart case where the state changes to
494 Connect instead of Idle */
495 BGP_EVENT_ADD(peer, BGP_Stop);
718e3744 496
d62a17ae 497 return 0;
718e3744 498}
499
500/* Make keepalive packet and send it to the peer. */
d62a17ae 501void bgp_keepalive_send(struct peer *peer)
718e3744 502{
d62a17ae 503 struct stream *s;
504
505 s = stream_new(BGP_MAX_PACKET_SIZE);
718e3744 506
d62a17ae 507 /* Make keepalive packet. */
508 bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE);
718e3744 509
d62a17ae 510 /* Set packet size. */
511 (void)bgp_packet_set_size(s);
718e3744 512
d62a17ae 513 /* Dump packet if debug option is set. */
514 /* bgp_packet_dump (s); */
718e3744 515
d62a17ae 516 if (bgp_debug_keepalive(peer))
517 zlog_debug("%s sending KEEPALIVE", peer->host);
718e3744 518
d62a17ae 519 /* Add packet to the peer. */
520 bgp_packet_add(peer, s);
718e3744 521
d62a17ae 522 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
718e3744 523}
524
525/* Make open packet and send it to the peer. */
d62a17ae 526void bgp_open_send(struct peer *peer)
718e3744 527{
d62a17ae 528 struct stream *s;
529 u_int16_t send_holdtime;
530 as_t local_as;
718e3744 531
d62a17ae 532 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
533 send_holdtime = peer->holdtime;
534 else
535 send_holdtime = peer->bgp->default_holdtime;
718e3744 536
d62a17ae 537 /* local-as Change */
538 if (peer->change_local_as)
539 local_as = peer->change_local_as;
540 else
541 local_as = peer->local_as;
718e3744 542
d62a17ae 543 s = stream_new(BGP_MAX_PACKET_SIZE);
718e3744 544
d62a17ae 545 /* Make open packet. */
546 bgp_packet_set_marker(s, BGP_MSG_OPEN);
718e3744 547
d62a17ae 548 /* Set open packet values. */
549 stream_putc(s, BGP_VERSION_4); /* BGP version */
550 stream_putw(s,
551 (local_as <= BGP_AS_MAX) ? (u_int16_t)local_as
552 : BGP_AS_TRANS);
553 stream_putw(s, send_holdtime); /* Hold Time */
554 stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */
718e3744 555
d62a17ae 556 /* Set capability code. */
557 bgp_open_capability(s, peer);
718e3744 558
d62a17ae 559 /* Set BGP packet length. */
560 (void)bgp_packet_set_size(s);
718e3744 561
d62a17ae 562 if (bgp_debug_neighbor_events(peer))
563 zlog_debug(
564 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
565 peer->host, BGP_VERSION_4, local_as, send_holdtime,
566 inet_ntoa(peer->local_id));
718e3744 567
d62a17ae 568 /* Dump packet if debug option is set. */
569 /* bgp_packet_dump (s); */
718e3744 570
d62a17ae 571 /* Add packet to the peer. */
572 bgp_packet_add(peer, s);
718e3744 573
d62a17ae 574 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
718e3744 575}
576
577/* Send BGP notify packet with data potion. */
d62a17ae 578void bgp_notify_send_with_data(struct peer *peer, u_char code, u_char sub_code,
579 u_char *data, size_t datalen)
718e3744 580{
d62a17ae 581 struct stream *s;
582 int length;
583
584 /* Allocate new stream. */
585 s = stream_new(BGP_MAX_PACKET_SIZE);
586
587 /* Make nitify packet. */
588 bgp_packet_set_marker(s, BGP_MSG_NOTIFY);
589
590 /* Set notify packet values. */
591 stream_putc(s, code); /* BGP notify code */
592 stream_putc(s, sub_code); /* BGP notify sub_code */
593
594 /* If notify data is present. */
595 if (data)
596 stream_write(s, data, datalen);
597
598 /* Set BGP packet length. */
599 length = bgp_packet_set_size(s);
600
601 /* Add packet to the peer. */
602 stream_fifo_clean(peer->obuf);
603 bgp_packet_add(peer, s);
604
605 /* For debug */
606 {
607 struct bgp_notify bgp_notify;
608 int first = 0;
609 int i;
610 char c[4];
611
612 bgp_notify.code = code;
613 bgp_notify.subcode = sub_code;
614 bgp_notify.data = NULL;
615 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
616 bgp_notify.raw_data = data;
617
618 peer->notify.code = bgp_notify.code;
619 peer->notify.subcode = bgp_notify.subcode;
620
621 if (bgp_notify.length) {
622 bgp_notify.data =
623 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
624 for (i = 0; i < bgp_notify.length; i++)
625 if (first) {
626 sprintf(c, " %02x", data[i]);
627 strcat(bgp_notify.data, c);
628 } else {
629 first = 1;
630 sprintf(c, "%02x", data[i]);
631 strcpy(bgp_notify.data, c);
632 }
633 }
634 bgp_notify_print(peer, &bgp_notify, "sending");
635
636 if (bgp_notify.data) {
637 XFREE(MTYPE_TMP, bgp_notify.data);
638 bgp_notify.data = NULL;
639 bgp_notify.length = 0;
640 }
641 }
642
643 /* peer reset cause */
644 if (code == BGP_NOTIFY_CEASE) {
645 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
646 peer->last_reset = PEER_DOWN_USER_RESET;
647 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
648 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
649 else
650 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
651 } else
652 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
653
654 /* Call immediately. */
655 BGP_WRITE_OFF(peer->t_write);
656
657 bgp_write_notify(peer);
718e3744 658}
659
660/* Send BGP notify packet. */
d62a17ae 661void bgp_notify_send(struct peer *peer, u_char code, u_char sub_code)
718e3744 662{
d62a17ae 663 bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
718e3744 664}
665
718e3744 666/* Send route refresh message to the peer. */
d62a17ae 667void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
668 u_char orf_type, u_char when_to_refresh, int remove)
718e3744 669{
d62a17ae 670 struct stream *s;
671 struct bgp_filter *filter;
672 int orf_refresh = 0;
673 iana_afi_t pkt_afi;
674 safi_t pkt_safi;
675
676 if (DISABLE_BGP_ANNOUNCE)
677 return;
678
679 filter = &peer->filter[afi][safi];
680
681 /* Convert AFI, SAFI to values for packet. */
682 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
683
684 s = stream_new(BGP_MAX_PACKET_SIZE);
685
686 /* Make BGP update packet. */
687 if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV))
688 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW);
718e3744 689 else
d62a17ae 690 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD);
691
692 /* Encode Route Refresh message. */
693 stream_putw(s, pkt_afi);
694 stream_putc(s, 0);
695 stream_putc(s, pkt_safi);
696
697 if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD)
698 if (remove || filter->plist[FILTER_IN].plist) {
699 u_int16_t orf_len;
700 unsigned long orfp;
701
702 orf_refresh = 1;
703 stream_putc(s, when_to_refresh);
704 stream_putc(s, orf_type);
705 orfp = stream_get_endp(s);
706 stream_putw(s, 0);
707
708 if (remove) {
709 UNSET_FLAG(peer->af_sflags[afi][safi],
710 PEER_STATUS_ORF_PREFIX_SEND);
711 stream_putc(s, ORF_COMMON_PART_REMOVE_ALL);
712 if (bgp_debug_neighbor_events(peer))
713 zlog_debug(
714 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
715 peer->host, orf_type,
716 (when_to_refresh == REFRESH_DEFER
717 ? "defer"
718 : "immediate"),
719 pkt_afi, pkt_safi);
720 } else {
721 SET_FLAG(peer->af_sflags[afi][safi],
722 PEER_STATUS_ORF_PREFIX_SEND);
723 prefix_bgp_orf_entry(
724 s, filter->plist[FILTER_IN].plist,
725 ORF_COMMON_PART_ADD,
726 ORF_COMMON_PART_PERMIT,
727 ORF_COMMON_PART_DENY);
728 if (bgp_debug_neighbor_events(peer))
729 zlog_debug(
730 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
731 peer->host, orf_type,
732 (when_to_refresh == REFRESH_DEFER
733 ? "defer"
734 : "immediate"),
735 pkt_afi, pkt_safi);
736 }
737
738 /* Total ORF Entry Len. */
739 orf_len = stream_get_endp(s) - orfp - 2;
740 stream_putw_at(s, orfp, orf_len);
741 }
742
743 /* Set packet size. */
744 (void)bgp_packet_set_size(s);
745
746 if (bgp_debug_neighbor_events(peer)) {
747 if (!orf_refresh)
748 zlog_debug("%s sending REFRESH_REQ for afi/safi: %d/%d",
749 peer->host, pkt_afi, pkt_safi);
750 }
751
752 /* Add packet to the peer. */
753 bgp_packet_add(peer, s);
754
755 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
718e3744 756}
757
758/* Send capability message to the peer. */
d62a17ae 759void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi,
760 int capability_code, int action)
718e3744 761{
d62a17ae 762 struct stream *s;
763 iana_afi_t pkt_afi;
764 safi_t pkt_safi;
765
766 /* Convert AFI, SAFI to values for packet. */
767 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
768
769 s = stream_new(BGP_MAX_PACKET_SIZE);
770
771 /* Make BGP update packet. */
772 bgp_packet_set_marker(s, BGP_MSG_CAPABILITY);
773
774 /* Encode MP_EXT capability. */
775 if (capability_code == CAPABILITY_CODE_MP) {
776 stream_putc(s, action);
777 stream_putc(s, CAPABILITY_CODE_MP);
778 stream_putc(s, CAPABILITY_CODE_MP_LEN);
779 stream_putw(s, pkt_afi);
780 stream_putc(s, 0);
781 stream_putc(s, pkt_safi);
782
783 if (bgp_debug_neighbor_events(peer))
784 zlog_debug(
785 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
786 peer->host,
787 action == CAPABILITY_ACTION_SET ? "Advertising"
788 : "Removing",
789 pkt_afi, pkt_safi);
790 }
791
792 /* Set packet size. */
793 (void)bgp_packet_set_size(s);
718e3744 794
d62a17ae 795 /* Add packet to the peer. */
796 bgp_packet_add(peer, s);
718e3744 797
d62a17ae 798 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
799}
718e3744 800
d62a17ae 801/* RFC1771 6.8 Connection collision detection. */
802static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
803{
804 struct peer *peer;
805
806 /* Upon receipt of an OPEN message, the local system must examine
807 all of its connections that are in the OpenConfirm state. A BGP
808 speaker may also examine connections in an OpenSent state if it
809 knows the BGP Identifier of the peer by means outside of the
810 protocol. If among these connections there is a connection to a
811 remote BGP speaker whose BGP Identifier equals the one in the
812 OPEN message, then the local system performs the following
813 collision resolution procedure: */
814
815 if ((peer = new->doppelganger) != NULL) {
816 /* Do not accept the new connection in Established or Clearing
817 * states.
818 * Note that a peer GR is handled by closing the existing
819 * connection
820 * upon receipt of new one.
821 */
822 if (peer->status == Established || peer->status == Clearing) {
823 bgp_notify_send(new, BGP_NOTIFY_CEASE,
824 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
825 return (-1);
826 } else if ((peer->status == OpenConfirm)
827 || (peer->status == OpenSent)) {
828 /* 1. The BGP Identifier of the local system is compared
829 to
830 the BGP Identifier of the remote system (as specified
831 in
832 the OPEN message). */
833
834 if (ntohl(peer->local_id.s_addr)
835 < ntohl(remote_id.s_addr))
836 if (!CHECK_FLAG(peer->sflags,
837 PEER_STATUS_ACCEPT_PEER)) {
838 /* 2. If the value of the local BGP
839 Identifier is less
840 than the remote one, the local system
841 closes BGP
842 connection that already exists (the
843 one that is
844 already in the OpenConfirm state),
845 and accepts BGP
846 connection initiated by the remote
847 system. */
848 bgp_notify_send(
849 peer, BGP_NOTIFY_CEASE,
850 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
851 return 1;
852 } else {
853 bgp_notify_send(
854 new, BGP_NOTIFY_CEASE,
855 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
856 return -1;
857 }
858 else {
859 /* 3. Otherwise, the local system closes newly
860 created
861 BGP connection (the one associated with the
862 newly
863 received OPEN message), and continues to use
864 the
865 existing one (the one that is already in the
866 OpenConfirm state). */
867 if (CHECK_FLAG(peer->sflags,
868 PEER_STATUS_ACCEPT_PEER)) {
869 bgp_notify_send(
870 peer, BGP_NOTIFY_CEASE,
871 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
872 return 1;
873 } else {
874 bgp_notify_send(
875 new, BGP_NOTIFY_CEASE,
876 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
877 return -1;
878 }
879 }
880 }
881 }
882 return 0;
883}
718e3744 884
d62a17ae 885static int bgp_open_receive(struct peer *peer, bgp_size_t size)
886{
887 int ret;
888 u_char version;
889 u_char optlen;
890 u_int16_t holdtime;
891 u_int16_t send_holdtime;
892 as_t remote_as;
893 as_t as4 = 0;
894 struct in_addr remote_id;
895 int mp_capability;
896 u_int8_t notify_data_remote_as[2];
897 u_int8_t notify_data_remote_as4[4];
898 u_int8_t notify_data_remote_id[4];
899 u_int16_t *holdtime_ptr;
900
901 /* Parse open packet. */
902 version = stream_getc(peer->ibuf);
903 memcpy(notify_data_remote_as, stream_pnt(peer->ibuf), 2);
904 remote_as = stream_getw(peer->ibuf);
905 holdtime_ptr = (u_int16_t *)stream_pnt(peer->ibuf);
906 holdtime = stream_getw(peer->ibuf);
907 memcpy(notify_data_remote_id, stream_pnt(peer->ibuf), 4);
908 remote_id.s_addr = stream_get_ipv4(peer->ibuf);
909
910 /* Receive OPEN message log */
911 if (bgp_debug_neighbor_events(peer))
912 zlog_debug(
913 "%s rcv OPEN, version %d, remote-as (in open) %u,"
914 " holdtime %d, id %s",
915 peer->host, version, remote_as, holdtime,
916 inet_ntoa(remote_id));
917
918 /* BEGIN to read the capability here, but dont do it yet */
919 mp_capability = 0;
920 optlen = stream_getc(peer->ibuf);
921
922 if (optlen != 0) {
923 /* If not enough bytes, it is an error. */
924 if (STREAM_READABLE(peer->ibuf) < optlen) {
925 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
926 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
927 return -1;
928 }
718e3744 929
d62a17ae 930 /* We need the as4 capability value *right now* because
931 * if it is there, we have not got the remote_as yet, and
932 * without
933 * that we do not know which peer is connecting to us now.
934 */
935 as4 = peek_for_as4_capability(peer, optlen);
936 memcpy(notify_data_remote_as4, &as4, 4);
937 }
718e3744 938
d62a17ae 939 /* Just in case we have a silly peer who sends AS4 capability set to 0
940 */
941 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {
942 zlog_err("%s bad OPEN, got AS4 capability, but AS4 set to 0",
943 peer->host);
944 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
945 BGP_NOTIFY_OPEN_BAD_PEER_AS,
946 notify_data_remote_as4, 4);
947 return -1;
948 }
718e3744 949
d62a17ae 950 if (remote_as == BGP_AS_TRANS) {
951 /* Take the AS4 from the capability. We must have received the
952 * capability now! Otherwise we have a asn16 peer who uses
953 * BGP_AS_TRANS, for some unknown reason.
954 */
955 if (as4 == BGP_AS_TRANS) {
956 zlog_err(
957 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
958 peer->host);
959 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
960 BGP_NOTIFY_OPEN_BAD_PEER_AS,
961 notify_data_remote_as4, 4);
962 return -1;
963 }
718e3744 964
d62a17ae 965 if (!as4 && BGP_DEBUG(as4, AS4))
966 zlog_debug(
967 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
968 " Odd, but proceeding.",
969 peer->host);
970 else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4))
971 zlog_debug(
972 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
973 "in 2-bytes, very odd peer.",
974 peer->host, as4);
975 if (as4)
976 remote_as = as4;
977 } else {
978 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
979 */
980 /* If we have got the capability, peer->as4cap must match
981 * remote_as */
982 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)
983 && as4 != remote_as) {
984 /* raise error, log this, close session */
985 zlog_err(
986 "%s bad OPEN, got AS4 capability, but remote_as %u"
987 " mismatch with 16bit 'myasn' %u in open",
988 peer->host, as4, remote_as);
989 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
990 BGP_NOTIFY_OPEN_BAD_PEER_AS,
991 notify_data_remote_as4, 4);
992 return -1;
993 }
994 }
6b0655a2 995
d62a17ae 996 /* remote router-id check. */
997 if (remote_id.s_addr == 0 || IPV4_CLASS_DE(ntohl(remote_id.s_addr))
998 || ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)) {
999 if (bgp_debug_neighbor_events(peer))
1000 zlog_debug("%s bad OPEN, wrong router identifier %s",
1001 peer->host, inet_ntoa(remote_id));
1002 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1003 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1004 notify_data_remote_id, 4);
1005 return -1;
1006 }
1007
1008 /* Set remote router-id */
1009 peer->remote_id = remote_id;
1010
1011 /* Peer BGP version check. */
1012 if (version != BGP_VERSION_4) {
1013 u_int16_t maxver = htons(BGP_VERSION_4);
1014 /* XXX this reply may not be correct if version < 4 XXX */
1015 if (bgp_debug_neighbor_events(peer))
1016 zlog_debug(
1017 "%s bad protocol version, remote requested %d, local request %d",
1018 peer->host, version, BGP_VERSION_4);
1019 /* Data must be in network byte order here */
1020 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1021 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1022 (u_int8_t *)&maxver, 2);
1023 return -1;
1024 }
1025
1026 /* Check neighbor as number. */
1027 if (peer->as_type == AS_UNSPECIFIED) {
1028 if (bgp_debug_neighbor_events(peer))
1029 zlog_debug(
1030 "%s bad OPEN, remote AS is unspecified currently",
1031 peer->host);
1032 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1033 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1034 notify_data_remote_as, 2);
1ff9a340 1035 return -1;
d62a17ae 1036 } else if (peer->as_type == AS_INTERNAL) {
1037 if (remote_as != peer->bgp->as) {
1038 if (bgp_debug_neighbor_events(peer))
1039 zlog_debug(
1040 "%s bad OPEN, remote AS is %u, internal specified",
1041 peer->host, remote_as);
1042 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1043 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1044 notify_data_remote_as, 2);
1045 return -1;
1ff9a340 1046 }
d62a17ae 1047 peer->as = peer->local_as;
1048 } else if (peer->as_type == AS_EXTERNAL) {
1049 if (remote_as == peer->bgp->as) {
1050 if (bgp_debug_neighbor_events(peer))
1051 zlog_debug(
1052 "%s bad OPEN, remote AS is %u, external specified",
1053 peer->host, remote_as);
1054 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1055 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1056 notify_data_remote_as, 2);
1057 return -1;
1ff9a340 1058 }
d62a17ae 1059 peer->as = remote_as;
1060 } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) {
1061 if (bgp_debug_neighbor_events(peer))
1062 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1063 peer->host, remote_as, peer->as);
1064 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1065 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1066 notify_data_remote_as, 2);
1067 return -1;
eb821189 1068 }
718e3744 1069
d62a17ae 1070 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1071 calculate the value of the Hold Timer by using the smaller of its
1072 configured Hold Time and the Hold Time received in the OPEN message.
1073 The Hold Time MUST be either zero or at least three seconds. An
1074 implementation may reject connections on the basis of the Hold Time.
0b2aa3a0 1075 */
d62a17ae 1076
1077 if (holdtime < 3 && holdtime != 0) {
1078 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1079 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1080 (u_char *)holdtime_ptr, 2);
1081 return -1;
0b2aa3a0 1082 }
d62a17ae 1083
1084 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1085 would be one third of the Hold Time interval. KEEPALIVE messages
1086 MUST NOT be sent more frequently than one per second. An
1087 implementation MAY adjust the rate at which it sends KEEPALIVE
1088 messages as a function of the Hold Time interval. */
1089
1090 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
1091 send_holdtime = peer->holdtime;
1092 else
1093 send_holdtime = peer->bgp->default_holdtime;
1094
1095 if (holdtime < send_holdtime)
1096 peer->v_holdtime = holdtime;
1097 else
1098 peer->v_holdtime = send_holdtime;
1099
1100 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
1101 peer->v_keepalive = peer->keepalive;
1102 else
1103 peer->v_keepalive = peer->v_holdtime / 3;
1104
1105 /* Open option part parse. */
1106 if (optlen != 0) {
1107 if ((ret = bgp_open_option_parse(peer, optlen, &mp_capability))
1108 < 0)
1109 return ret;
1110 } else {
1111 if (bgp_debug_neighbor_events(peer))
1112 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1113 peer->host);
0299c004 1114 }
d62a17ae 1115
1116 /*
1117 * Assume that the peer supports the locally configured set of
1118 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1119 * capabilities, or if 'override-capability' is configured.
1120 */
1121 if (!mp_capability
1122 || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1123 peer->afc_nego[AFI_IP][SAFI_UNICAST] =
1124 peer->afc[AFI_IP][SAFI_UNICAST];
1125 peer->afc_nego[AFI_IP][SAFI_MULTICAST] =
1126 peer->afc[AFI_IP][SAFI_MULTICAST];
1127 peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] =
1128 peer->afc[AFI_IP][SAFI_LABELED_UNICAST];
1129 peer->afc_nego[AFI_IP6][SAFI_UNICAST] =
1130 peer->afc[AFI_IP6][SAFI_UNICAST];
1131 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] =
1132 peer->afc[AFI_IP6][SAFI_MULTICAST];
1133 peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] =
1134 peer->afc[AFI_IP6][SAFI_LABELED_UNICAST];
1135 peer->afc_nego[AFI_L2VPN][SAFI_EVPN] =
1136 peer->afc[AFI_L2VPN][SAFI_EVPN];
0299c004 1137 }
d62a17ae 1138
1139 /* When collision is detected and this peer is closed. Retrun
1140 immidiately. */
1141 ret = bgp_collision_detect(peer, remote_id);
1142 if (ret < 0)
1143 return ret;
1144
1145 /* Get sockname. */
1146 if ((ret = bgp_getsockname(peer)) < 0) {
1147 zlog_err("%s: bgp_getsockname() failed for peer: %s",
1148 __FUNCTION__, peer->host);
1149 return (ret);
1150 }
1151
1152 /* Verify valid local address present based on negotiated
1153 * address-families. */
1154 if (peer->afc_nego[AFI_IP][SAFI_UNICAST]
1155 || peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1156 || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1157 || peer->afc_nego[AFI_IP][SAFI_ENCAP]) {
1158 if (!peer->nexthop.v4.s_addr) {
1159#if defined(HAVE_CUMULUS)
1160 zlog_err(
1161 "%s: No local IPv4 addr resetting connection, fd %d",
1162 peer->host, peer->fd);
1163 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1164 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1165 return -1;
1d808091 1166#endif
d62a17ae 1167 }
1168 }
1169 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1170 || peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1171 || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1172 || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) {
1173 if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) {
1174#if defined(HAVE_CUMULUS)
1175 zlog_err(
1176 "%s: No local IPv6 addr resetting connection, fd %d",
1177 peer->host, peer->fd);
1178 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1179 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1180 return -1;
1d808091 1181#endif
d62a17ae 1182 }
1183 }
1184 peer->rtt = sockopt_tcp_rtt(peer->fd);
1185
1186 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0) {
1187 zlog_err("%s: BGP event update failed for peer: %s",
1188 __FUNCTION__, peer->host);
1189 /* DD: bgp send notify and reset state */
1190 return (ret);
1191 }
1192
1193 peer->packet_size = 0;
1194 if (peer->ibuf)
1195 stream_reset(peer->ibuf);
1196
1197 return 0;
718e3744 1198}
1199
d62a17ae 1200/* Called when there is a change in the EOR(implicit or explicit) status of a
1201 peer.
f188f2c4 1202 Ends the update-delay if all expected peers are done with EORs. */
d62a17ae 1203void bgp_check_update_delay(struct bgp *bgp)
f188f2c4 1204{
d62a17ae 1205 struct listnode *node, *nnode;
1206 struct peer *peer = NULL;
1207
1208 if (bgp_debug_neighbor_events(peer))
1209 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
1210 bgp->established, bgp->restarted_peers,
1211 bgp->implicit_eors, bgp->explicit_eors);
1212
1213 if (bgp->established
1214 <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) {
1215 /* This is an extra sanity check to make sure we wait for all
1216 the
1217 eligible configured peers. This check is performed if
1218 establish wait
1219 timer is on, or establish wait option is not given with the
1220 update-delay command */
1221 if (bgp->t_establish_wait
1222 || (bgp->v_establish_wait == bgp->v_update_delay))
1223 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
1224 if (CHECK_FLAG(peer->flags,
1225 PEER_FLAG_CONFIG_NODE)
1226 && !CHECK_FLAG(peer->flags,
1227 PEER_FLAG_SHUTDOWN)
1228 && !peer->update_delay_over) {
1229 if (bgp_debug_neighbor_events(peer))
1230 zlog_debug(
1231 " Peer %s pending, continuing read-only mode",
1232 peer->host);
1233 return;
1234 }
1235 }
1236
1237 zlog_info(
1238 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1239 bgp->restarted_peers, bgp->implicit_eors,
1240 bgp->explicit_eors);
1241 bgp_update_delay_end(bgp);
1242 }
f188f2c4
DS		 1243}
1244
1245/* Called if peer is known to have restarted. The restart-state bit in
1246 Graceful-Restart capability is used for that */
d62a17ae 1247void bgp_update_restarted_peers(struct peer *peer)
f188f2c4 1248{
d62a17ae 1249 if (!bgp_update_delay_active(peer->bgp))
1250 return; /* BGP update delay has ended */
1251 if (peer->update_delay_over)
1252 return; /* This peer has already been considered */
1253
1254 if (bgp_debug_neighbor_events(peer))
1255 zlog_debug("Peer %s: Checking restarted", peer->host);
1256
1257 if (peer->status == Established) {
1258 peer->update_delay_over = 1;
1259 peer->bgp->restarted_peers++;
1260 bgp_check_update_delay(peer->bgp);
1261 }
f188f2c4
DS		 1262}
1263
1264/* Called as peer receives a keep-alive. Determines if this occurence can be
1265 taken as an implicit EOR for this peer.
1266 NOTE: The very first keep-alive after the Established state of a peer is
d62a17ae 1267 considered implicit EOR for the update-delay purposes */
1268void bgp_update_implicit_eors(struct peer *peer)
f188f2c4 1269{
d62a17ae 1270 if (!bgp_update_delay_active(peer->bgp))
1271 return; /* BGP update delay has ended */
1272 if (peer->update_delay_over)
1273 return; /* This peer has already been considered */
1274
1275 if (bgp_debug_neighbor_events(peer))
1276 zlog_debug("Peer %s: Checking implicit EORs", peer->host);
1277
1278 if (peer->status == Established) {
1279 peer->update_delay_over = 1;
1280 peer->bgp->implicit_eors++;
1281 bgp_check_update_delay(peer->bgp);
1282 }
f188f2c4
DS		 1283}
1284
1285/* Should be called only when there is a change in the EOR_RECEIVED status
1286 for any afi/safi on a peer */
d62a17ae 1287static void bgp_update_explicit_eors(struct peer *peer)
f188f2c4 1288{
d62a17ae 1289 afi_t afi;
1290 safi_t safi;
1291
1292 if (!bgp_update_delay_active(peer->bgp))
1293 return; /* BGP update delay has ended */
1294 if (peer->update_delay_over)
1295 return; /* This peer has already been considered */
1296
1297 if (bgp_debug_neighbor_events(peer))
1298 zlog_debug("Peer %s: Checking explicit EORs", peer->host);
1299
1300 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1301 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
1302 if (peer->afc_nego[afi][safi]
1303 && !CHECK_FLAG(peer->af_sflags[afi][safi],
1304 PEER_STATUS_EOR_RECEIVED)) {
1305 if (bgp_debug_neighbor_events(peer))
1306 zlog_debug(
1307 " afi %d safi %d didnt receive EOR",
1308 afi, safi);
1309 return;
1310 }
1311 }
1312
1313 peer->update_delay_over = 1;
1314 peer->bgp->explicit_eors++;
1315 bgp_check_update_delay(peer->bgp);
f188f2c4
DS		 1316}
1317
d62a17ae 1318/* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers
1319 * mp_withdraw, if set, is used to nullify attr structure on most of the calling
1320 * safi function
7ef5a232
PG		 1321 * and for evpn, passed as parameter
1322 */
d62a17ae 1323int bgp_nlri_parse(struct peer *peer, struct attr *attr,
1324 struct bgp_nlri *packet, int mp_withdraw)
96e52474 1325{
d62a17ae 1326 switch (packet->safi) {
1327 case SAFI_UNICAST:
1328 case SAFI_MULTICAST:
1329 return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr,
1330 packet);
1331 case SAFI_LABELED_UNICAST:
1332 return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr,
1333 packet);
1334 case SAFI_MPLS_VPN:
1335 return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr,
1336 packet);
1337 case SAFI_EVPN:
1338 return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw);
1339 }
1340 return -1;
96e52474
PJ		 1341}
1342
718e3744 1343/* Parse BGP Update packet and make attribute object. */
d62a17ae 1344static int bgp_update_receive(struct peer *peer, bgp_size_t size)
718e3744 1345{
d62a17ae 1346 int ret, nlri_ret;
1347 u_char *end;
1348 struct stream *s;
1349 struct attr attr;
1350 bgp_size_t attribute_len;
1351 bgp_size_t update_len;
1352 bgp_size_t withdraw_len;
1353
1354 enum NLRI_TYPES {
1355 NLRI_UPDATE,
1356 NLRI_WITHDRAW,
1357 NLRI_MP_UPDATE,
1358 NLRI_MP_WITHDRAW,
1359 NLRI_TYPE_MAX
1360 };
1361 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1362
1363 /* Status must be Established. */
1364 if (peer->status != Established) {
1365 zlog_err("%s [FSM] Update packet received under status %s",
1366 peer->host,
1367 lookup_msg(bgp_status_msg, peer->status, NULL));
1368 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
1369 return -1;
1370 }
1371
1372 /* Set initial values. */
1373 memset(&attr, 0, sizeof(struct attr));
1374 attr.label_index = BGP_INVALID_LABEL_INDEX;
1375 attr.label = MPLS_INVALID_LABEL;
1376 memset(&nlris, 0, sizeof(nlris));
1377 memset(peer->rcvd_attr_str, 0, BUFSIZ);
1378 peer->rcvd_attr_printed = 0;
1379
1380 s = peer->ibuf;
1381 end = stream_pnt(s) + size;
1382
1383 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1384 Length is too large (i.e., if Unfeasible Routes Length + Total
1385 Attribute Length + 23 exceeds the message Length), then the Error
1386 Subcode is set to Malformed Attribute List. */
1387 if (stream_pnt(s) + 2 > end) {
1388 zlog_err(
1389 "%s [Error] Update packet error"
1390 " (packet length is short for unfeasible length)",
1391 peer->host);
1392 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1393 BGP_NOTIFY_UPDATE_MAL_ATTR);
1394 return -1;
1395 }
1396
1397 /* Unfeasible Route Length. */
1398 withdraw_len = stream_getw(s);
1399
1400 /* Unfeasible Route Length check. */
1401 if (stream_pnt(s) + withdraw_len > end) {
1402 zlog_err(
1403 "%s [Error] Update packet error"
1404 " (packet unfeasible length overflow %d)",
1405 peer->host, withdraw_len);
1406 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1407 BGP_NOTIFY_UPDATE_MAL_ATTR);
1408 return -1;
1409 }
1410
1411 /* Unfeasible Route packet format check. */
1412 if (withdraw_len > 0) {
1413 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1414 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1415 nlris[NLRI_WITHDRAW].nlri = stream_pnt(s);
1416 nlris[NLRI_WITHDRAW].length = withdraw_len;
1417 stream_forward_getp(s, withdraw_len);
1418 }
1419
1420 /* Attribute total length check. */
1421 if (stream_pnt(s) + 2 > end) {
1422 zlog_warn(
1423 "%s [Error] Packet Error"
1424 " (update packet is short for attribute length)",
1425 peer->host);
1426 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1427 BGP_NOTIFY_UPDATE_MAL_ATTR);
1428 return -1;
1429 }
1430
1431 /* Fetch attribute total length. */
1432 attribute_len = stream_getw(s);
1433
1434 /* Attribute length check. */
1435 if (stream_pnt(s) + attribute_len > end) {
1436 zlog_warn(
1437 "%s [Error] Packet Error"
1438 " (update packet attribute length overflow %d)",
1439 peer->host, attribute_len);
1440 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1441 BGP_NOTIFY_UPDATE_MAL_ATTR);
1442 return -1;
1443 }
1444
1445 /* Certain attribute parsing errors should not be considered bad enough
1446 * to reset the session for, most particularly any partial/optional
1447 * attributes that have 'tunneled' over speakers that don't understand
1448 * them. Instead we withdraw only the prefix concerned.
1449 *
1450 * Complicates the flow a little though..
1451 */
1452 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1453/* This define morphs the update case into a withdraw when lower levels
1454 * have signalled an error condition where this is best.
1455 */
b881c707 1456#define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
718e3744 1457
d62a17ae 1458 /* Parse attribute when it exists. */
1459 if (attribute_len) {
1460 attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len,
1461 &nlris[NLRI_MP_UPDATE],
1462 &nlris[NLRI_MP_WITHDRAW]);
1463 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) {
1464 bgp_attr_unintern_sub(&attr);
1465 return -1;
1466 }
1467 }
1468
1469 /* Logging the attribute. */
1470 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW
1471 || BGP_DEBUG(update, UPDATE_IN)
1472 || BGP_DEBUG(update, UPDATE_PREFIX)) {
1473 ret = bgp_dump_attr(&attr, peer->rcvd_attr_str, BUFSIZ);
1474
1475 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1476 zlog_err(
1477 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1478 peer->host);
1479
1480 if (ret && bgp_debug_update(peer, NULL, NULL, 1)) {
1481 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer->host,
1482 peer->rcvd_attr_str);
1483 peer->rcvd_attr_printed = 1;
1484 }
1485 }
1486
1487 /* Network Layer Reachability Information. */
1488 update_len = end - stream_pnt(s);
1489
1490 if (update_len) {
1491 /* Set NLRI portion to structure. */
1492 nlris[NLRI_UPDATE].afi = AFI_IP;
1493 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1494 nlris[NLRI_UPDATE].nlri = stream_pnt(s);
1495 nlris[NLRI_UPDATE].length = update_len;
1496 stream_forward_getp(s, update_len);
1497 }
1498
1499 if (BGP_DEBUG(update, UPDATE_IN))
1500 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1501 peer->host, withdraw_len, attribute_len, update_len);
1502
1503 /* Parse any given NLRIs */
1504 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) {
1505 if (!nlris[i].nlri)
1506 continue;
1507
1508 /* NLRI is processed iff the peer if configured for the specific
1509 * afi/safi */
1510 if (!peer->afc[nlris[i].afi][nlris[i].safi]) {
1511 zlog_info(
1512 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1513 peer->host, nlris[i].afi, nlris[i].safi);
1514 continue;
1515 }
1516
1517 /* EoR handled later */
1518 if (nlris[i].length == 0)
1519 continue;
1520
1521 switch (i) {
1522 case NLRI_UPDATE:
1523 case NLRI_MP_UPDATE:
1524 nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG,
1525 &nlris[i], 0);
1526 break;
1527 case NLRI_WITHDRAW:
1528 case NLRI_MP_WITHDRAW:
1529 nlri_ret = bgp_nlri_parse(peer, &attr, &nlris[i], 1);
1530 break;
1531 default:
1532 nlri_ret = -1;
1533 }
1534
1535 if (nlri_ret < 0) {
1536 zlog_err("%s [Error] Error parsing NLRI", peer->host);
1537 if (peer->status == Established)
1538 bgp_notify_send(
1539 peer, BGP_NOTIFY_UPDATE_ERR,
1540 i <= NLRI_WITHDRAW
1541 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1542 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1543 bgp_attr_unintern_sub(&attr);
1544 return -1;
1545 }
1546 }
1547
1548 /* EoR checks
1549 *
1550 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1551 * and MP EoR should have only an empty MP_UNREACH
1552 */
1553 if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) {
1554 afi_t afi = 0;
1555 safi_t safi;
1556
1557 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1558 * checked
1559 * update and withdraw NLRI lengths are 0.
1560 */
1561 if (!attribute_len) {
1562 afi = AFI_IP;
1563 safi = SAFI_UNICAST;
1564 } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)
1565 && nlris[NLRI_MP_WITHDRAW].length == 0) {
1566 afi = nlris[NLRI_MP_WITHDRAW].afi;
1567 safi = nlris[NLRI_MP_WITHDRAW].safi;
1568 }
1569
1570 if (afi && peer->afc[afi][safi]) {
1571 /* End-of-RIB received */
1572 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
1573 PEER_STATUS_EOR_RECEIVED)) {
1574 SET_FLAG(peer->af_sflags[afi][safi],
1575 PEER_STATUS_EOR_RECEIVED);
1576 bgp_update_explicit_eors(peer);
1577 }
1578
1579 /* NSF delete stale route */
1580 if (peer->nsf[afi][safi])
1581 bgp_clear_stale_route(peer, afi, safi);
1582
1583 if (bgp_debug_neighbor_events(peer)) {
1584 zlog_debug("rcvd End-of-RIB for %s from %s",
1585 afi_safi_print(afi, safi),
1586 peer->host);
1587 }
1588 }
f80f838b 1589 }
d62a17ae 1590
1591 /* Everything is done. We unintern temporary structures which
1592 interned in bgp_attr_parse(). */
1593 bgp_attr_unintern_sub(&attr);
1594
1595 /* If peering is stopped due to some reason, do not generate BGP
1596 event. */
1597 if (peer->status != Established)
1598 return 0;
1599
1600 /* Increment packet counter. */
1601 peer->update_in++;
1602 peer->update_time = bgp_clock();
1603
1604 /* Rearm holdtime timer */
1605 BGP_TIMER_OFF(peer->t_holdtime);
1606 bgp_timer_set(peer);
1607
1608 return 0;
718e3744 1609}
1610
1611/* Notify message treatment function. */
d62a17ae 1612static void bgp_notify_receive(struct peer *peer, bgp_size_t size)
718e3744 1613{
d62a17ae 1614 struct bgp_notify bgp_notify;
1615
1616 if (peer->notify.data) {
1617 XFREE(MTYPE_TMP, peer->notify.data);
1618 peer->notify.data = NULL;
1619 peer->notify.length = 0;
1620 }
1621
1622 bgp_notify.code = stream_getc(peer->ibuf);
1623 bgp_notify.subcode = stream_getc(peer->ibuf);
1624 bgp_notify.length = size - 2;
1625 bgp_notify.data = NULL;
1626
1627 /* Preserv notify code and sub code. */
1628 peer->notify.code = bgp_notify.code;
1629 peer->notify.subcode = bgp_notify.subcode;
1630 /* For further diagnostic record returned Data. */
1631 if (bgp_notify.length) {
1632 peer->notify.length = size - 2;
1633 peer->notify.data = XMALLOC(MTYPE_TMP, size - 2);
1634 memcpy(peer->notify.data, stream_pnt(peer->ibuf), size - 2);
1635 }
1636
1637 /* For debug */
1638 {
1639 int i;
1640 int first = 0;
1641 char c[4];
1642
1643 if (bgp_notify.length) {
1644 bgp_notify.data =
1645 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
1646 for (i = 0; i < bgp_notify.length; i++)
1647 if (first) {
1648 sprintf(c, " %02x",
1649 stream_getc(peer->ibuf));
1650 strcat(bgp_notify.data, c);
1651 } else {
1652 first = 1;
1653 sprintf(c, "%02x",
1654 stream_getc(peer->ibuf));
1655 strcpy(bgp_notify.data, c);
1656 }
1657 bgp_notify.raw_data = (u_char *)peer->notify.data;
1658 }
1659
1660 bgp_notify_print(peer, &bgp_notify, "received");
1661 if (bgp_notify.data) {
1662 XFREE(MTYPE_TMP, bgp_notify.data);
1663 bgp_notify.data = NULL;
1664 bgp_notify.length = 0;
1665 }
1666 }
1667
1668 /* peer count update */
1669 peer->notify_in++;
1670
1671 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1672
1673 /* We have to check for Notify with Unsupported Optional Parameter.
1674 in that case we fallback to open without the capability option.
1675 But this done in bgp_stop. We just mark it here to avoid changing
1676 the fsm tables. */
1677 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR
1678 && bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM)
1679 UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1680
1681 BGP_EVENT_ADD(peer, Receive_NOTIFICATION_message);
718e3744 1682}
1683
1684/* Keepalive treatment function -- get keepalive send keepalive */
d62a17ae 1685static void bgp_keepalive_receive(struct peer *peer, bgp_size_t size)
718e3744 1686{
d62a17ae 1687 if (bgp_debug_keepalive(peer))
1688 zlog_debug("%s KEEPALIVE rcvd", peer->host);
1689
1690 BGP_EVENT_ADD(peer, Receive_KEEPALIVE_message);
718e3744 1691}
1692
1693/* Route refresh message is received. */
d62a17ae 1694static void bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
718e3744 1695{
d62a17ae 1696 iana_afi_t pkt_afi;
1697 afi_t afi;
1698 safi_t pkt_safi, safi;
1699 struct stream *s;
1700 struct peer_af *paf;
1701 struct update_group *updgrp;
1702 struct peer *updgrp_peer;
1703
1704 /* If peer does not have the capability, send notification. */
1705 if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) {
1706 zlog_err("%s [Error] BGP route refresh is not enabled",
1707 peer->host);
1708 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
1709 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1710 return;
1711 }
1712
1713 /* Status must be Established. */
1714 if (peer->status != Established) {
1715 zlog_err(
1716 "%s [Error] Route refresh packet received under status %s",
1717 peer->host,
1718 lookup_msg(bgp_status_msg, peer->status, NULL));
1719 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
1720 return;
1721 }
1722
1723 s = peer->ibuf;
1724
1725 /* Parse packet. */
1726 pkt_afi = stream_getw(s);
1727 (void)stream_getc(s);
1728 pkt_safi = stream_getc(s);
1729
1730 if (bgp_debug_update(peer, NULL, NULL, 0))
1731 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1732 peer->host, pkt_afi, pkt_safi);
1733
1734 /* Convert AFI, SAFI to internal values and check. */
1735 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1736 zlog_info(
1737 "%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1738 peer->host, pkt_afi, pkt_safi);
1739 return;
1740 }
1741
1742 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) {
1743 u_char *end;
1744 u_char when_to_refresh;
1745 u_char orf_type;
1746 u_int16_t orf_len;
1747
1748 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1749 < 5) {
1750 zlog_info("%s ORF route refresh length error",
1751 peer->host);
1752 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1753 return;
718e3744 1754 }
1755
d62a17ae 1756 when_to_refresh = stream_getc(s);
1757 end = stream_pnt(s) + (size - 5);
1758
1759 while ((stream_pnt(s) + 2) < end) {
1760 orf_type = stream_getc(s);
1761 orf_len = stream_getw(s);
1762
1763 /* orf_len in bounds? */
1764 if ((stream_pnt(s) + orf_len) > end)
1765 break; /* XXX: Notify instead?? */
1766 if (orf_type == ORF_TYPE_PREFIX
1767 || orf_type == ORF_TYPE_PREFIX_OLD) {
1768 uint8_t *p_pnt = stream_pnt(s);
1769 uint8_t *p_end = stream_pnt(s) + orf_len;
1770 struct orf_prefix orfp;
1771 u_char common = 0;
1772 u_int32_t seq;
1773 int psize;
1774 char name[BUFSIZ];
1775 int ret = CMD_SUCCESS;
1776
1777 if (bgp_debug_neighbor_events(peer)) {
1778 zlog_debug(
1779 "%s rcvd Prefixlist ORF(%d) length %d",
1780 peer->host, orf_type, orf_len);
1781 }
1782
1783 /* we're going to read at least 1 byte of common
1784 * ORF header,
1785 * and 7 bytes of ORF Address-filter entry from
1786 * the stream
1787 */
1788 if (orf_len < 7)
1789 break;
1790
1791 /* ORF prefix-list name */
1792 sprintf(name, "%s.%d.%d", peer->host, afi,
1793 safi);
1794
1795 while (p_pnt < p_end) {
1796 /* If the ORF entry is malformed, want
1797 * to read as much of it
1798 * as possible without going beyond the
1799 * bounds of the entry,
1800 * to maximise debug information.
1801 */
1802 int ok;
1803 memset(&orfp, 0,
1804 sizeof(struct orf_prefix));
1805 common = *p_pnt++;
1806 /* after ++: p_pnt <= p_end */
1807 if (common
1808 & ORF_COMMON_PART_REMOVE_ALL) {
1809 if (bgp_debug_neighbor_events(
1810 peer))
1811 zlog_debug(
1812 "%s rcvd Remove-All pfxlist ORF request",
1813 peer->host);
1814 prefix_bgp_orf_remove_all(afi,
1815 name);
1816 break;
1817 }
1818 ok = ((u_int32_t)(p_end - p_pnt)
1819 >= sizeof(u_int32_t));
1820 if (ok) {
1821 memcpy(&seq, p_pnt,
1822 sizeof(u_int32_t));
1823 p_pnt += sizeof(u_int32_t);
1824 orfp.seq = ntohl(seq);
1825 } else
1826 p_pnt = p_end;
1827
1828 if ((ok = (p_pnt < p_end)))
1829 orfp.ge =
1830 *p_pnt++; /* value
1831 checked in
1832 prefix_bgp_orf_set()
1833 */
1834 if ((ok = (p_pnt < p_end)))
1835 orfp.le =
1836 *p_pnt++; /* value
1837 checked in
1838 prefix_bgp_orf_set()
1839 */
1840 if ((ok = (p_pnt < p_end)))
1841 orfp.p.prefixlen = *p_pnt++;
1842 orfp.p.family = afi2family(
1843 afi); /* afi checked already */
1844
1845 psize = PSIZE(
1846 orfp.p.prefixlen); /* 0 if not
1847 ok */
1848 if (psize
1849 > prefix_blen(
1850 &orfp.p)) /* valid for
1851 family ? */
1852 {
1853 ok = 0;
1854 psize = prefix_blen(&orfp.p);
1855 }
1856 if (psize
1857 > (p_end - p_pnt)) /* valid for
1858 packet ? */
1859 {
1860 ok = 0;
1861 psize = p_end - p_pnt;
1862 }
1863
1864 if (psize > 0)
1865 memcpy(&orfp.p.u.prefix, p_pnt,
1866 psize);
1867 p_pnt += psize;
1868
1869 if (bgp_debug_neighbor_events(peer)) {
1870 char buf[INET6_BUFSIZ];
1871
1872 zlog_debug(
1873 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1874 peer->host,
1875 (common & ORF_COMMON_PART_REMOVE
1876 ? "Remove"
1877 : "Add"),
1878 (common & ORF_COMMON_PART_DENY
1879 ? "deny"
1880 : "permit"),
1881 orfp.seq,
1882 inet_ntop(
1883 orfp.p.family,
1884 &orfp.p.u.prefix,
1885 buf,
1886 INET6_BUFSIZ),
1887 orfp.p.prefixlen,
1888 orfp.ge, orfp.le,
1889 ok ? "" : " MALFORMED");
1890 }
1891
1892 if (ok)
1893 ret = prefix_bgp_orf_set(
1894 name, afi, &orfp,
1895 (common & ORF_COMMON_PART_DENY
1896 ? 0
1897 : 1),
1898 (common & ORF_COMMON_PART_REMOVE
1899 ? 0
1900 : 1));
1901
1902 if (!ok || (ok && ret != CMD_SUCCESS)) {
1903 zlog_info(
1904 "%s Received misformatted prefixlist ORF."
1905 " Remove All pfxlist",
1906 peer->host);
1907 prefix_bgp_orf_remove_all(afi,
1908 name);
1909 break;
1910 }
1911 }
1912
1913 peer->orf_plist[afi][safi] =
1914 prefix_bgp_orf_lookup(afi, name);
1915 }
1916 stream_forward_getp(s, orf_len);
718e3744 1917 }
d62a17ae 1918 if (bgp_debug_neighbor_events(peer))
1919 zlog_debug("%s rcvd Refresh %s ORF request", peer->host,
1920 when_to_refresh == REFRESH_DEFER
1921 ? "Defer"
1922 : "Immediate");
1923 if (when_to_refresh == REFRESH_DEFER)
1924 return;
1925 }
40d2700d 1926
d62a17ae 1927 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1928 if (CHECK_FLAG(peer->af_sflags[afi][safi],
1929 PEER_STATUS_ORF_WAIT_REFRESH))
1930 UNSET_FLAG(peer->af_sflags[afi][safi],
1931 PEER_STATUS_ORF_WAIT_REFRESH);
1932
1933 paf = peer_af_find(peer, afi, safi);
1934 if (paf && paf->subgroup) {
1935 if (peer->orf_plist[afi][safi]) {
1936 updgrp = PAF_UPDGRP(paf);
1937 updgrp_peer = UPDGRP_PEER(updgrp);
1938 updgrp_peer->orf_plist[afi][safi] =
1939 peer->orf_plist[afi][safi];
1940 }
1941
1942 /* If the peer is configured for default-originate clear the
1943 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
1944 * re-advertise the
1945 * default
1946 */
1947 if (CHECK_FLAG(paf->subgroup->sflags,
1948 SUBGRP_STATUS_DEFAULT_ORIGINATE))
1949 UNSET_FLAG(paf->subgroup->sflags,
1950 SUBGRP_STATUS_DEFAULT_ORIGINATE);
718e3744 1951 }
d62a17ae 1952
1953 /* Perform route refreshment to the peer */
1954 bgp_announce_route(peer, afi, safi);
718e3744 1955}
1956
d62a17ae 1957static int bgp_capability_msg_parse(struct peer *peer, u_char *pnt,
1958 bgp_size_t length)
718e3744 1959{
d62a17ae 1960 u_char *end;
1961 struct capability_mp_data mpc;
1962 struct capability_header *hdr;
1963 u_char action;
1964 iana_afi_t pkt_afi;
1965 afi_t afi;
1966 safi_t pkt_safi, safi;
1967
1968 end = pnt + length;
1969
1970 while (pnt < end) {
1971 /* We need at least action, capability code and capability
1972 * length. */
1973 if (pnt + 3 > end) {
1974 zlog_info("%s Capability length error", peer->host);
1975 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1976 return -1;
1977 }
1978 action = *pnt;
1979 hdr = (struct capability_header *)(pnt + 1);
1980
1981 /* Action value check. */
1982 if (action != CAPABILITY_ACTION_SET
1983 && action != CAPABILITY_ACTION_UNSET) {
1984 zlog_info("%s Capability Action Value error %d",
1985 peer->host, action);
1986 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1987 return -1;
1988 }
1989
1990 if (bgp_debug_neighbor_events(peer))
1991 zlog_debug(
1992 "%s CAPABILITY has action: %d, code: %u, length %u",
1993 peer->host, action, hdr->code, hdr->length);
1994
1995 /* Capability length check. */
1996 if ((pnt + hdr->length + 3) > end) {
1997 zlog_info("%s Capability length error", peer->host);
1998 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1999 return -1;
2000 }
2001
2002 /* Fetch structure to the byte stream. */
2003 memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
2004
2005 /* We know MP Capability Code. */
2006 if (hdr->code == CAPABILITY_CODE_MP) {
2007 pkt_afi = ntohs(mpc.afi);
2008 pkt_safi = mpc.safi;
2009
2010 /* Ignore capability when override-capability is set. */
2011 if (CHECK_FLAG(peer->flags,
2012 PEER_FLAG_OVERRIDE_CAPABILITY))
2013 continue;
2014
2015 /* Convert AFI, SAFI to internal values. */
2016 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi,
2017 &safi)) {
2018 if (bgp_debug_neighbor_events(peer))
2019 zlog_debug(
2020 "%s Dynamic Capability MP_EXT afi/safi invalid "
2021 "(%u/%u)",
2022 peer->host, pkt_afi, pkt_safi);
2023 continue;
2024 }
2025
2026 /* Address family check. */
2027 if (bgp_debug_neighbor_events(peer))
2028 zlog_debug(
2029 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2030 peer->host,
2031 action == CAPABILITY_ACTION_SET
2032 ? "Advertising"
2033 : "Removing",
2034 pkt_afi, pkt_safi);
2035
2036 if (action == CAPABILITY_ACTION_SET) {
2037 peer->afc_recv[afi][safi] = 1;
2038 if (peer->afc[afi][safi]) {
2039 peer->afc_nego[afi][safi] = 1;
2040 bgp_announce_route(peer, afi, safi);
2041 }
2042 } else {
2043 peer->afc_recv[afi][safi] = 0;
2044 peer->afc_nego[afi][safi] = 0;
2045
2046 if (peer_active_nego(peer))
2047 bgp_clear_route(peer, afi, safi);
2048 else
2049 BGP_EVENT_ADD(peer, BGP_Stop);
2050 }
2051 } else {
2052 zlog_warn(
2053 "%s unrecognized capability code: %d - ignored",
2054 peer->host, hdr->code);
2055 }
2056 pnt += hdr->length + 3;
2057 }
2058 return 0;
718e3744 2059}
2060
d62a17ae 2061/* Dynamic Capability is received.
01b7ce2d
PJ		 2062 *
2063 * This is exported for unit-test purposes
2064 */
d62a17ae 2065int bgp_capability_receive(struct peer *peer, bgp_size_t size)
718e3744 2066{
d62a17ae 2067 u_char *pnt;
2068
2069 /* Fetch pointer. */
2070 pnt = stream_pnt(peer->ibuf);
2071
2072 if (bgp_debug_neighbor_events(peer))
2073 zlog_debug("%s rcv CAPABILITY", peer->host);
2074
2075 /* If peer does not have the capability, send notification. */
2076 if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) {
2077 zlog_err("%s [Error] BGP dynamic capability is not enabled",
2078 peer->host);
2079 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2080 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2081 return -1;
2082 }
2083
2084 /* Status must be Established. */
2085 if (peer->status != Established) {
2086 zlog_err(
2087 "%s [Error] Dynamic capability packet received under status %s",
2088 peer->host,
2089 lookup_msg(bgp_status_msg, peer->status, NULL));
2090 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
2091 return -1;
2092 }
2093
2094 /* Parse packet. */
2095 return bgp_capability_msg_parse(peer, pnt, size);
718e3744 2096}
6b0655a2 2097
718e3744 2098/* BGP read utility function. */
d62a17ae 2099static int bgp_read_packet(struct peer *peer)
718e3744 2100{
d62a17ae 2101 int nbytes;
2102 int readsize;
718e3744 2103
d62a17ae 2104 readsize = peer->packet_size - stream_get_endp(peer->ibuf);
718e3744 2105
d62a17ae 2106 /* If size is zero then return. */
2107 if (!readsize)
2108 return 0;
718e3744 2109
d62a17ae 2110 /* Read packet from fd. */
2111 nbytes = stream_read_try(peer->ibuf, peer->fd, readsize);
718e3744 2112
d62a17ae 2113 /* If read byte is smaller than zero then error occured. */
2114 if (nbytes < 0) {
2115 /* Transient error should retry */
2116 if (nbytes == -2)
2117 return -1;
718e3744 2118
d62a17ae 2119 zlog_err("%s [Error] bgp_read_packet error: %s", peer->host,
2120 safe_strerror(errno));
93406d87 2121
d62a17ae 2122 if (peer->status == Established) {
2123 if (CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) {
2124 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2125 SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT);
2126 } else
2127 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2128 }
93406d87 2129
d62a17ae 2130 BGP_EVENT_ADD(peer, TCP_fatal_error);
2131 return -1;
2132 }
718e3744 2133
d62a17ae 2134 /* When read byte is zero : clear bgp peer and return */
2135 if (nbytes == 0) {
2136 if (bgp_debug_neighbor_events(peer))
2137 zlog_debug("%s [Event] BGP connection closed fd %d",
2138 peer->host, peer->fd);
2139
2140 if (peer->status == Established) {
2141 if (CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) {
2142 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2143 SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT);
2144 } else
2145 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2146 }
e0701b79 2147
d62a17ae 2148 BGP_EVENT_ADD(peer, TCP_connection_closed);
2149 return -1;
93406d87 2150 }
e0701b79 2151
d62a17ae 2152 /* We read partial packet. */
2153 if (stream_get_endp(peer->ibuf) != peer->packet_size)
2154 return -1;
718e3744 2155
d62a17ae 2156 return 0;
718e3744 2157}
2158
2159/* Marker check. */
d62a17ae 2160static int bgp_marker_all_one(struct stream *s, int length)
718e3744 2161{
d62a17ae 2162 int i;
718e3744 2163
d62a17ae 2164 for (i = 0; i < length; i++)
2165 if (s->data[i] != 0xff)
2166 return 0;
718e3744 2167
d62a17ae 2168 return 1;
718e3744 2169}
2170
2171/* Starting point of packet process function. */
d62a17ae 2172int bgp_read(struct thread *thread)
718e3744 2173{
d62a17ae 2174 int ret;
2175 u_char type = 0;
2176 struct peer *peer;
2177 bgp_size_t size;
2178 char notify_data_length[2];
2179 u_int32_t notify_out;
2180
2181 /* Yes first of all get peer pointer. */
2182 peer = THREAD_ARG(thread);
2183 peer->t_read = NULL;
2184
2185 /* Note notify_out so we can check later to see if we sent another one
2186 */
2187 notify_out = peer->notify_out;
2188
2189 /* For non-blocking IO check. */
2190 if (peer->status == Connect) {
2191 bgp_connect_check(peer, 1);
2192 goto done;
2193 } else {
2194 if (peer->fd < 0) {
2195 zlog_err("bgp_read peer's fd is negative value %d",
2196 peer->fd);
2197 return -1;
2198 }
2199 BGP_READ_ON(peer->t_read, bgp_read, peer->fd);
718e3744 2200 }
d62a17ae 2201
2202 /* Read packet header to determine type of the packet */
2203 if (peer->packet_size == 0)
2204 peer->packet_size = BGP_HEADER_SIZE;
2205
2206 if (stream_get_endp(peer->ibuf) < BGP_HEADER_SIZE) {
2207 ret = bgp_read_packet(peer);
2208
2209 /* Header read error or partial read packet. */
2210 if (ret < 0)
2211 goto done;
2212
2213 /* Get size and type. */
2214 stream_forward_getp(peer->ibuf, BGP_MARKER_SIZE);
2215 memcpy(notify_data_length, stream_pnt(peer->ibuf), 2);
2216 size = stream_getw(peer->ibuf);
2217 type = stream_getc(peer->ibuf);
2218
2219 /* Marker check */
2220 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2221 && !bgp_marker_all_one(peer->ibuf, BGP_MARKER_SIZE)) {
2222 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2223 BGP_NOTIFY_HEADER_NOT_SYNC);
2224 goto done;
2225 }
2226
2227 /* BGP type check. */
2228 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2229 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2230 && type != BGP_MSG_ROUTE_REFRESH_NEW
2231 && type != BGP_MSG_ROUTE_REFRESH_OLD
2232 && type != BGP_MSG_CAPABILITY) {
2233 if (bgp_debug_neighbor_events(peer))
2234 zlog_debug("%s unknown message type 0x%02x",
2235 peer->host, type);
2236 bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
2237 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2238 &type, 1);
2239 goto done;
2240 }
2241 /* Mimimum packet length check. */
2242 if ((size < BGP_HEADER_SIZE) || (size > BGP_MAX_PACKET_SIZE)
2243 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2244 || (type == BGP_MSG_UPDATE
2245 && size < BGP_MSG_UPDATE_MIN_SIZE)
2246 || (type == BGP_MSG_NOTIFY
2247 && size < BGP_MSG_NOTIFY_MIN_SIZE)
2248 || (type == BGP_MSG_KEEPALIVE
2249 && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2250 || (type == BGP_MSG_ROUTE_REFRESH_NEW
2251 && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2252 || (type == BGP_MSG_ROUTE_REFRESH_OLD
2253 && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2254 || (type == BGP_MSG_CAPABILITY
2255 && size < BGP_MSG_CAPABILITY_MIN_SIZE)) {
2256 if (bgp_debug_neighbor_events(peer))
2257 zlog_debug("%s bad message length - %d for %s",
2258 peer->host, size,
2259 type == 128
2260 ? "ROUTE-REFRESH"
2261 : bgp_type_str[(int)type]);
2262 bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
2263 BGP_NOTIFY_HEADER_BAD_MESLEN,
2264 (u_char *)notify_data_length,
2265 2);
2266 goto done;
2267 }
2268
2269 /* Adjust size to message length. */
2270 peer->packet_size = size;
718e3744 2271 }
2272
d62a17ae 2273 ret = bgp_read_packet(peer);
2274 if (ret < 0)
2275 goto done;
2276
2277 /* Get size and type again. */
2278 (void)stream_getw_from(peer->ibuf, BGP_MARKER_SIZE);
2279 type = stream_getc_from(peer->ibuf, BGP_MARKER_SIZE + 2);
2280
2281 /* BGP packet dump function. */
2282 bgp_dump_packet(peer, type, peer->ibuf);
2283
2284 size = (peer->packet_size - BGP_HEADER_SIZE);
2285
2286 /* Read rest of the packet and call each sort of packet routine */
2287 switch (type) {
2288 case BGP_MSG_OPEN:
2289 peer->open_in++;
2290 bgp_open_receive(peer, size); /* XXX return value ignored! */
2291 break;
2292 case BGP_MSG_UPDATE:
2293 peer->readtime = monotime(NULL);
2294 bgp_update_receive(peer, size);
2295 break;
2296 case BGP_MSG_NOTIFY:
2297 bgp_notify_receive(peer, size);
2298 break;
2299 case BGP_MSG_KEEPALIVE:
2300 peer->readtime = monotime(NULL);
2301 bgp_keepalive_receive(peer, size);
2302 break;
2303 case BGP_MSG_ROUTE_REFRESH_NEW:
2304 case BGP_MSG_ROUTE_REFRESH_OLD:
2305 peer->refresh_in++;
2306 bgp_route_refresh_receive(peer, size);
2307 break;
2308 case BGP_MSG_CAPABILITY:
2309 peer->dynamic_cap_in++;
2310 bgp_capability_receive(peer, size);
2311 break;
718e3744 2312 }
d62a17ae 2313
2314 /* If reading this packet caused us to send a NOTIFICATION then store a
2315 * copy
2316 * of the packet for troubleshooting purposes
2317 */
2318 if (notify_out < peer->notify_out) {
2319 memcpy(peer->last_reset_cause, peer->ibuf->data,
2320 peer->packet_size);
2321 peer->last_reset_cause_size = peer->packet_size;
2322 notify_out = peer->notify_out;
2323 }
2324
2325 /* Clear input buffer. */
2326 peer->packet_size = 0;
2327 if (peer->ibuf)
2328 stream_reset(peer->ibuf);
2329
2330done:
2331 /* If reading this packet caused us to send a NOTIFICATION then store a
2332 * copy
2333 * of the packet for troubleshooting purposes
2334 */
2335 if (notify_out < peer->notify_out) {
2336 memcpy(peer->last_reset_cause, peer->ibuf->data,
2337 peer->packet_size);
2338 peer->last_reset_cause_size = peer->packet_size;
718e3744 2339 }
2340
d62a17ae 2341 return 0;
718e3744 2342}
FRRouting mirror