]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_attr.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: Prevent possible crash when parsing v6 attributes
[mirror_frr.git] / bgpd / bgp_attr.c
1 /* BGP attributes management routines.
2 * Copyright (C) 1996, 97, 98, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "memory.h"
26 #include "vector.h"
27 #include "stream.h"
28 #include "log.h"
29 #include "hash.h"
30 #include "jhash.h"
31 #include "queue.h"
32 #include "table.h"
33 #include "filter.h"
34 #include "command.h"
35
36 #include "bgpd/bgpd.h"
37 #include "bgpd/bgp_attr.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_aspath.h"
40 #include "bgpd/bgp_community.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_errors.h"
43 #include "bgpd/bgp_label.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_lcommunity.h"
47 #include "bgpd/bgp_updgrp.h"
48 #include "bgpd/bgp_encap_types.h"
49 #if ENABLE_BGP_VNC
50 #include "bgpd/rfapi/bgp_rfapi_cfg.h"
51 #include "bgp_encap_types.h"
52 #include "bgp_vnc_types.h"
53 #endif
54 #include "bgp_encap_types.h"
55 #include "bgp_evpn.h"
56 #include "bgp_flowspec_private.h"
57
58 /* Attribute strings for logging. */
59 static const struct message attr_str[] = {
60 {BGP_ATTR_ORIGIN, "ORIGIN"},
61 {BGP_ATTR_AS_PATH, "AS_PATH"},
62 {BGP_ATTR_NEXT_HOP, "NEXT_HOP"},
63 {BGP_ATTR_MULTI_EXIT_DISC, "MULTI_EXIT_DISC"},
64 {BGP_ATTR_LOCAL_PREF, "LOCAL_PREF"},
65 {BGP_ATTR_ATOMIC_AGGREGATE, "ATOMIC_AGGREGATE"},
66 {BGP_ATTR_AGGREGATOR, "AGGREGATOR"},
67 {BGP_ATTR_COMMUNITIES, "COMMUNITY"},
68 {BGP_ATTR_ORIGINATOR_ID, "ORIGINATOR_ID"},
69 {BGP_ATTR_CLUSTER_LIST, "CLUSTER_LIST"},
70 {BGP_ATTR_DPA, "DPA"},
71 {BGP_ATTR_ADVERTISER, "ADVERTISER"},
72 {BGP_ATTR_RCID_PATH, "RCID_PATH"},
73 {BGP_ATTR_MP_REACH_NLRI, "MP_REACH_NLRI"},
74 {BGP_ATTR_MP_UNREACH_NLRI, "MP_UNREACH_NLRI"},
75 {BGP_ATTR_EXT_COMMUNITIES, "EXT_COMMUNITIES"},
76 {BGP_ATTR_AS4_PATH, "AS4_PATH"},
77 {BGP_ATTR_AS4_AGGREGATOR, "AS4_AGGREGATOR"},
78 {BGP_ATTR_AS_PATHLIMIT, "AS_PATHLIMIT"},
79 {BGP_ATTR_PMSI_TUNNEL, "PMSI_TUNNEL_ATTRIBUTE"},
80 {BGP_ATTR_ENCAP, "ENCAP"},
81 #if ENABLE_BGP_VNC
82 {BGP_ATTR_VNC, "VNC"},
83 #endif
84 {BGP_ATTR_LARGE_COMMUNITIES, "LARGE_COMMUNITY"},
85 {BGP_ATTR_PREFIX_SID, "PREFIX_SID"},
86 {0}};
87
88 static const struct message attr_flag_str[] = {
89 {BGP_ATTR_FLAG_OPTIONAL, "Optional"},
90 {BGP_ATTR_FLAG_TRANS, "Transitive"},
91 {BGP_ATTR_FLAG_PARTIAL, "Partial"},
92 /* bgp_attr_flags_diagnose() relies on this bit being last in
93 this list */
94 {BGP_ATTR_FLAG_EXTLEN, "Extended Length"},
95 {0}};
96
97 static struct hash *cluster_hash;
98
99 static void *cluster_hash_alloc(void *p)
100 {
101 const struct cluster_list *val = (const struct cluster_list *)p;
102 struct cluster_list *cluster;
103
104 cluster = XMALLOC(MTYPE_CLUSTER, sizeof(struct cluster_list));
105 cluster->length = val->length;
106
107 if (cluster->length) {
108 cluster->list = XMALLOC(MTYPE_CLUSTER_VAL, val->length);
109 memcpy(cluster->list, val->list, val->length);
110 } else
111 cluster->list = NULL;
112
113 cluster->refcnt = 0;
114
115 return cluster;
116 }
117
118 /* Cluster list related functions. */
119 static struct cluster_list *cluster_parse(struct in_addr *pnt, int length)
120 {
121 struct cluster_list tmp;
122 struct cluster_list *cluster;
123
124 tmp.length = length;
125 tmp.list = pnt;
126
127 cluster = hash_get(cluster_hash, &tmp, cluster_hash_alloc);
128 cluster->refcnt++;
129 return cluster;
130 }
131
132 int cluster_loop_check(struct cluster_list *cluster, struct in_addr originator)
133 {
134 int i;
135
136 for (i = 0; i < cluster->length / 4; i++)
137 if (cluster->list[i].s_addr == originator.s_addr)
138 return 1;
139 return 0;
140 }
141
142 static unsigned int cluster_hash_key_make(void *p)
143 {
144 const struct cluster_list *cluster = p;
145
146 return jhash(cluster->list, cluster->length, 0);
147 }
148
149 static int cluster_hash_cmp(const void *p1, const void *p2)
150 {
151 const struct cluster_list *cluster1 = p1;
152 const struct cluster_list *cluster2 = p2;
153
154 return (cluster1->length == cluster2->length
155 && memcmp(cluster1->list, cluster2->list, cluster1->length)
156 == 0);
157 }
158
159 static void cluster_free(struct cluster_list *cluster)
160 {
161 if (cluster->list)
162 XFREE(MTYPE_CLUSTER_VAL, cluster->list);
163 XFREE(MTYPE_CLUSTER, cluster);
164 }
165
166 static struct cluster_list *cluster_intern(struct cluster_list *cluster)
167 {
168 struct cluster_list *find;
169
170 find = hash_get(cluster_hash, cluster, cluster_hash_alloc);
171 find->refcnt++;
172
173 return find;
174 }
175
176 void cluster_unintern(struct cluster_list *cluster)
177 {
178 if (cluster->refcnt)
179 cluster->refcnt--;
180
181 if (cluster->refcnt == 0) {
182 hash_release(cluster_hash, cluster);
183 cluster_free(cluster);
184 }
185 }
186
187 static void cluster_init(void)
188 {
189 cluster_hash = hash_create(cluster_hash_key_make, cluster_hash_cmp,
190 "BGP Cluster");
191 }
192
193 static void cluster_finish(void)
194 {
195 hash_clean(cluster_hash, (void (*)(void *))cluster_free);
196 hash_free(cluster_hash);
197 cluster_hash = NULL;
198 }
199
200 static struct hash *encap_hash = NULL;
201 #if ENABLE_BGP_VNC
202 static struct hash *vnc_hash = NULL;
203 #endif
204
205 struct bgp_attr_encap_subtlv *encap_tlv_dup(struct bgp_attr_encap_subtlv *orig)
206 {
207 struct bgp_attr_encap_subtlv *new;
208 struct bgp_attr_encap_subtlv *tail;
209 struct bgp_attr_encap_subtlv *p;
210
211 for (p = orig, tail = new = NULL; p; p = p->next) {
212 int size = sizeof(struct bgp_attr_encap_subtlv) + p->length;
213 if (tail) {
214 tail->next = XCALLOC(MTYPE_ENCAP_TLV, size);
215 tail = tail->next;
216 } else {
217 tail = new = XCALLOC(MTYPE_ENCAP_TLV, size);
218 }
219 assert(tail);
220 memcpy(tail, p, size);
221 tail->next = NULL;
222 }
223
224 return new;
225 }
226
227 static void encap_free(struct bgp_attr_encap_subtlv *p)
228 {
229 struct bgp_attr_encap_subtlv *next;
230 while (p) {
231 next = p->next;
232 p->next = NULL;
233 XFREE(MTYPE_ENCAP_TLV, p);
234 p = next;
235 }
236 }
237
238 void bgp_attr_flush_encap(struct attr *attr)
239 {
240 if (!attr)
241 return;
242
243 if (attr->encap_subtlvs) {
244 encap_free(attr->encap_subtlvs);
245 attr->encap_subtlvs = NULL;
246 }
247 #if ENABLE_BGP_VNC
248 if (attr->vnc_subtlvs) {
249 encap_free(attr->vnc_subtlvs);
250 attr->vnc_subtlvs = NULL;
251 }
252 #endif
253 }
254
255 /*
256 * Compare encap sub-tlv chains
257 *
258 * 1 = equivalent
259 * 0 = not equivalent
260 *
261 * This algorithm could be made faster if needed
262 */
263 static int encap_same(struct bgp_attr_encap_subtlv *h1,
264 struct bgp_attr_encap_subtlv *h2)
265 {
266 struct bgp_attr_encap_subtlv *p;
267 struct bgp_attr_encap_subtlv *q;
268
269 if (h1 == h2)
270 return 1;
271 if (h1 == NULL || h2 == NULL)
272 return 0;
273
274 for (p = h1; p; p = p->next) {
275 for (q = h2; q; q = q->next) {
276 if ((p->type == q->type) && (p->length == q->length)
277 && !memcmp(p->value, q->value, p->length)) {
278
279 break;
280 }
281 }
282 if (!q)
283 return 0;
284 }
285
286 for (p = h2; p; p = p->next) {
287 for (q = h1; q; q = q->next) {
288 if ((p->type == q->type) && (p->length == q->length)
289 && !memcmp(p->value, q->value, p->length)) {
290
291 break;
292 }
293 }
294 if (!q)
295 return 0;
296 }
297
298 return 1;
299 }
300
301 static void *encap_hash_alloc(void *p)
302 {
303 /* Encap structure is already allocated. */
304 return p;
305 }
306
307 typedef enum {
308 ENCAP_SUBTLV_TYPE,
309 #if ENABLE_BGP_VNC
310 VNC_SUBTLV_TYPE
311 #endif
312 } encap_subtlv_type;
313
314 static struct bgp_attr_encap_subtlv *
315 encap_intern(struct bgp_attr_encap_subtlv *encap, encap_subtlv_type type)
316 {
317 struct bgp_attr_encap_subtlv *find;
318 struct hash *hash = encap_hash;
319 #if ENABLE_BGP_VNC
320 if (type == VNC_SUBTLV_TYPE)
321 hash = vnc_hash;
322 #endif
323
324 find = hash_get(hash, encap, encap_hash_alloc);
325 if (find != encap)
326 encap_free(encap);
327 find->refcnt++;
328
329 return find;
330 }
331
332 static void encap_unintern(struct bgp_attr_encap_subtlv **encapp,
333 encap_subtlv_type type)
334 {
335 struct bgp_attr_encap_subtlv *encap = *encapp;
336 if (encap->refcnt)
337 encap->refcnt--;
338
339 if (encap->refcnt == 0) {
340 struct hash *hash = encap_hash;
341 #if ENABLE_BGP_VNC
342 if (type == VNC_SUBTLV_TYPE)
343 hash = vnc_hash;
344 #endif
345 hash_release(hash, encap);
346 encap_free(encap);
347 *encapp = NULL;
348 }
349 }
350
351 static unsigned int encap_hash_key_make(void *p)
352 {
353 const struct bgp_attr_encap_subtlv *encap = p;
354
355 return jhash(encap->value, encap->length, 0);
356 }
357
358 static int encap_hash_cmp(const void *p1, const void *p2)
359 {
360 return encap_same((struct bgp_attr_encap_subtlv *)p1,
361 (struct bgp_attr_encap_subtlv *)p2);
362 }
363
364 static void encap_init(void)
365 {
366 encap_hash = hash_create(encap_hash_key_make, encap_hash_cmp,
367 "BGP Encap Hash");
368 #if ENABLE_BGP_VNC
369 vnc_hash = hash_create(encap_hash_key_make, encap_hash_cmp,
370 "BGP VNC Hash");
371 #endif
372 }
373
374 static void encap_finish(void)
375 {
376 hash_clean(encap_hash, (void (*)(void *))encap_free);
377 hash_free(encap_hash);
378 encap_hash = NULL;
379 #if ENABLE_BGP_VNC
380 hash_clean(vnc_hash, (void (*)(void *))encap_free);
381 hash_free(vnc_hash);
382 vnc_hash = NULL;
383 #endif
384 }
385
386 static bool overlay_index_same(const struct attr *a1, const struct attr *a2)
387 {
388 if (!a1 && a2)
389 return false;
390 if (!a2 && a1)
391 return false;
392 if (!a1 && !a2)
393 return true;
394 return !memcmp(&(a1->evpn_overlay), &(a2->evpn_overlay),
395 sizeof(struct overlay_index));
396 }
397
398 /* Unknown transit attribute. */
399 static struct hash *transit_hash;
400
401 static void transit_free(struct transit *transit)
402 {
403 if (transit->val)
404 XFREE(MTYPE_TRANSIT_VAL, transit->val);
405 XFREE(MTYPE_TRANSIT, transit);
406 }
407
408 static void *transit_hash_alloc(void *p)
409 {
410 /* Transit structure is already allocated. */
411 return p;
412 }
413
414 static struct transit *transit_intern(struct transit *transit)
415 {
416 struct transit *find;
417
418 find = hash_get(transit_hash, transit, transit_hash_alloc);
419 if (find != transit)
420 transit_free(transit);
421 find->refcnt++;
422
423 return find;
424 }
425
426 void transit_unintern(struct transit *transit)
427 {
428 if (transit->refcnt)
429 transit->refcnt--;
430
431 if (transit->refcnt == 0) {
432 hash_release(transit_hash, transit);
433 transit_free(transit);
434 }
435 }
436
437 static unsigned int transit_hash_key_make(void *p)
438 {
439 const struct transit *transit = p;
440
441 return jhash(transit->val, transit->length, 0);
442 }
443
444 static int transit_hash_cmp(const void *p1, const void *p2)
445 {
446 const struct transit *transit1 = p1;
447 const struct transit *transit2 = p2;
448
449 return (transit1->length == transit2->length
450 && memcmp(transit1->val, transit2->val, transit1->length) == 0);
451 }
452
453 static void transit_init(void)
454 {
455 transit_hash = hash_create(transit_hash_key_make, transit_hash_cmp,
456 "BGP Transit Hash");
457 }
458
459 static void transit_finish(void)
460 {
461 hash_clean(transit_hash, (void (*)(void *))transit_free);
462 hash_free(transit_hash);
463 transit_hash = NULL;
464 }
465
466 /* Attribute hash routines. */
467 static struct hash *attrhash;
468
469 /* Shallow copy of an attribute
470 * Though, not so shallow that it doesn't copy the contents
471 * of the attr_extra pointed to by 'extra'
472 */
473 void bgp_attr_dup(struct attr *new, struct attr *orig)
474 {
475 *new = *orig;
476 }
477
478 unsigned long int attr_count(void)
479 {
480 return attrhash->count;
481 }
482
483 unsigned long int attr_unknown_count(void)
484 {
485 return transit_hash->count;
486 }
487
488 unsigned int attrhash_key_make(void *p)
489 {
490 const struct attr *attr = (struct attr *)p;
491 uint32_t key = 0;
492 #define MIX(val) key = jhash_1word(val, key)
493 #define MIX3(a, b, c) key = jhash_3words((a), (b), (c), key)
494
495 MIX3(attr->origin, attr->nexthop.s_addr, attr->med);
496 MIX3(attr->local_pref, attr->aggregator_as,
497 attr->aggregator_addr.s_addr);
498 MIX3(attr->weight, attr->mp_nexthop_global_in.s_addr,
499 attr->originator_id.s_addr);
500 MIX3(attr->tag, attr->label, attr->label_index);
501
502 if (attr->aspath)
503 MIX(aspath_key_make(attr->aspath));
504 if (attr->community)
505 MIX(community_hash_make(attr->community));
506
507 if (attr->lcommunity)
508 MIX(lcommunity_hash_make(attr->lcommunity));
509 if (attr->ecommunity)
510 MIX(ecommunity_hash_make(attr->ecommunity));
511 if (attr->cluster)
512 MIX(cluster_hash_key_make(attr->cluster));
513 if (attr->transit)
514 MIX(transit_hash_key_make(attr->transit));
515 if (attr->encap_subtlvs)
516 MIX(encap_hash_key_make(attr->encap_subtlvs));
517 #if ENABLE_BGP_VNC
518 if (attr->vnc_subtlvs)
519 MIX(encap_hash_key_make(attr->vnc_subtlvs));
520 #endif
521 MIX(attr->mp_nexthop_len);
522 key = jhash(attr->mp_nexthop_global.s6_addr, IPV6_MAX_BYTELEN, key);
523 key = jhash(attr->mp_nexthop_local.s6_addr, IPV6_MAX_BYTELEN, key);
524 MIX(attr->nh_ifindex);
525 MIX(attr->nh_lla_ifindex);
526
527 return key;
528 }
529
530 int attrhash_cmp(const void *p1, const void *p2)
531 {
532 const struct attr *attr1 = p1;
533 const struct attr *attr2 = p2;
534
535 if (attr1->flag == attr2->flag && attr1->origin == attr2->origin
536 && attr1->nexthop.s_addr == attr2->nexthop.s_addr
537 && attr1->aspath == attr2->aspath
538 && attr1->community == attr2->community && attr1->med == attr2->med
539 && attr1->local_pref == attr2->local_pref
540 && attr1->rmap_change_flags == attr2->rmap_change_flags) {
541 if (attr1->aggregator_as == attr2->aggregator_as
542 && attr1->aggregator_addr.s_addr
543 == attr2->aggregator_addr.s_addr
544 && attr1->weight == attr2->weight
545 && attr1->tag == attr2->tag
546 && attr1->label_index == attr2->label_index
547 && attr1->mp_nexthop_len == attr2->mp_nexthop_len
548 && attr1->ecommunity == attr2->ecommunity
549 && attr1->lcommunity == attr2->lcommunity
550 && attr1->cluster == attr2->cluster
551 && attr1->transit == attr2->transit
552 && (attr1->encap_tunneltype == attr2->encap_tunneltype)
553 && encap_same(attr1->encap_subtlvs, attr2->encap_subtlvs)
554 #if ENABLE_BGP_VNC
555 && encap_same(attr1->vnc_subtlvs, attr2->vnc_subtlvs)
556 #endif
557 && IPV6_ADDR_SAME(&attr1->mp_nexthop_global,
558 &attr2->mp_nexthop_global)
559 && IPV6_ADDR_SAME(&attr1->mp_nexthop_local,
560 &attr2->mp_nexthop_local)
561 && IPV4_ADDR_SAME(&attr1->mp_nexthop_global_in,
562 &attr2->mp_nexthop_global_in)
563 && IPV4_ADDR_SAME(&attr1->originator_id,
564 &attr2->originator_id)
565 && overlay_index_same(attr1, attr2)
566 && attr1->nh_ifindex == attr2->nh_ifindex
567 && attr1->nh_lla_ifindex == attr2->nh_lla_ifindex)
568 return 1;
569 }
570
571 return 0;
572 }
573
574 static void attrhash_init(void)
575 {
576 attrhash =
577 hash_create(attrhash_key_make, attrhash_cmp, "BGP Attributes");
578 }
579
580 /*
581 * special for hash_clean below
582 */
583 static void attr_vfree(void *attr)
584 {
585 XFREE(MTYPE_ATTR, attr);
586 }
587
588 static void attrhash_finish(void)
589 {
590 hash_clean(attrhash, attr_vfree);
591 hash_free(attrhash);
592 attrhash = NULL;
593 }
594
595 static void attr_show_all_iterator(struct hash_backet *backet, struct vty *vty)
596 {
597 struct attr *attr = backet->data;
598
599 vty_out(vty, "attr[%ld] nexthop %s\n", attr->refcnt,
600 inet_ntoa(attr->nexthop));
601 vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u label: %u\n",
602 attr->flag, attr->med, attr->local_pref, attr->origin,
603 attr->weight, attr->label);
604 }
605
606 void attr_show_all(struct vty *vty)
607 {
608 hash_iterate(attrhash, (void (*)(struct hash_backet *,
609 void *))attr_show_all_iterator,
610 vty);
611 }
612
613 static void *bgp_attr_hash_alloc(void *p)
614 {
615 struct attr *val = (struct attr *)p;
616 struct attr *attr;
617
618 attr = XMALLOC(MTYPE_ATTR, sizeof(struct attr));
619 *attr = *val;
620 if (val->encap_subtlvs) {
621 val->encap_subtlvs = NULL;
622 }
623 #if ENABLE_BGP_VNC
624 if (val->vnc_subtlvs) {
625 val->vnc_subtlvs = NULL;
626 }
627 #endif
628 attr->refcnt = 0;
629 return attr;
630 }
631
632 /* Internet argument attribute. */
633 struct attr *bgp_attr_intern(struct attr *attr)
634 {
635 struct attr *find;
636
637 /* Intern referenced strucutre. */
638 if (attr->aspath) {
639 if (!attr->aspath->refcnt)
640 attr->aspath = aspath_intern(attr->aspath);
641 else
642 attr->aspath->refcnt++;
643 }
644 if (attr->community) {
645 if (!attr->community->refcnt)
646 attr->community = community_intern(attr->community);
647 else
648 attr->community->refcnt++;
649 }
650
651 if (attr->ecommunity) {
652 if (!attr->ecommunity->refcnt)
653 attr->ecommunity = ecommunity_intern(attr->ecommunity);
654 else
655 attr->ecommunity->refcnt++;
656 }
657 if (attr->lcommunity) {
658 if (!attr->lcommunity->refcnt)
659 attr->lcommunity = lcommunity_intern(attr->lcommunity);
660 else
661 attr->lcommunity->refcnt++;
662 }
663 if (attr->cluster) {
664 if (!attr->cluster->refcnt)
665 attr->cluster = cluster_intern(attr->cluster);
666 else
667 attr->cluster->refcnt++;
668 }
669 if (attr->transit) {
670 if (!attr->transit->refcnt)
671 attr->transit = transit_intern(attr->transit);
672 else
673 attr->transit->refcnt++;
674 }
675 if (attr->encap_subtlvs) {
676 if (!attr->encap_subtlvs->refcnt)
677 attr->encap_subtlvs = encap_intern(attr->encap_subtlvs,
678 ENCAP_SUBTLV_TYPE);
679 else
680 attr->encap_subtlvs->refcnt++;
681 }
682 #if ENABLE_BGP_VNC
683 if (attr->vnc_subtlvs) {
684 if (!attr->vnc_subtlvs->refcnt)
685 attr->vnc_subtlvs = encap_intern(attr->vnc_subtlvs,
686 VNC_SUBTLV_TYPE);
687 else
688 attr->vnc_subtlvs->refcnt++;
689 }
690 #endif
691
692 /* At this point, attr only contains intern'd pointers. that means
693 * if we find it in attrhash, it has all the same pointers and we
694 * correctly updated the refcounts on these.
695 * If we don't find it, we need to allocate a one because in all
696 * cases this returns a new reference to a hashed attr, but the input
697 * wasn't on hash. */
698 find = (struct attr *)hash_get(attrhash, attr, bgp_attr_hash_alloc);
699 find->refcnt++;
700
701 return find;
702 }
703
704 /* Make network statement's attribute. */
705 struct attr *bgp_attr_default_set(struct attr *attr, uint8_t origin)
706 {
707 memset(attr, 0, sizeof(struct attr));
708
709 attr->origin = origin;
710 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
711 attr->aspath = aspath_empty();
712 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
713 attr->weight = BGP_ATTR_DEFAULT_WEIGHT;
714 attr->tag = 0;
715 attr->label_index = BGP_INVALID_LABEL_INDEX;
716 attr->label = MPLS_INVALID_LABEL;
717 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
718 attr->mp_nexthop_len = IPV6_MAX_BYTELEN;
719
720 return attr;
721 }
722
723 /* Create the attributes for an aggregate */
724 struct attr *bgp_attr_aggregate_intern(struct bgp *bgp, uint8_t origin,
725 struct aspath *aspath,
726 struct community *community, int as_set,
727 uint8_t atomic_aggregate)
728 {
729 struct attr attr;
730 struct attr *new;
731
732 memset(&attr, 0, sizeof(struct attr));
733
734 /* Origin attribute. */
735 attr.origin = origin;
736 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
737
738 /* AS path attribute. */
739 if (aspath)
740 attr.aspath = aspath_intern(aspath);
741 else
742 attr.aspath = aspath_empty();
743 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
744
745 /* Next hop attribute. */
746 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
747
748 if (community) {
749 uint32_t gshut = COMMUNITY_GSHUT;
750
751 /* If we are not shutting down ourselves and we are
752 * aggregating a route that contains the GSHUT community we
753 * need to remove that community when creating the aggregate */
754 if (!bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)
755 && community_include(community, gshut)) {
756 community_del_val(community, &gshut);
757 }
758
759 attr.community = community;
760 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES);
761 }
762
763 if (bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)) {
764 bgp_attr_add_gshut_community(&attr);
765 }
766
767 attr.label_index = BGP_INVALID_LABEL_INDEX;
768 attr.label = MPLS_INVALID_LABEL;
769 attr.weight = BGP_ATTR_DEFAULT_WEIGHT;
770 attr.mp_nexthop_len = IPV6_MAX_BYTELEN;
771 if (!as_set || atomic_aggregate)
772 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE);
773 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR);
774 if (CHECK_FLAG(bgp->config, BGP_CONFIG_CONFEDERATION))
775 attr.aggregator_as = bgp->confed_id;
776 else
777 attr.aggregator_as = bgp->as;
778 attr.aggregator_addr = bgp->router_id;
779 attr.label_index = BGP_INVALID_LABEL_INDEX;
780 attr.label = MPLS_INVALID_LABEL;
781
782 new = bgp_attr_intern(&attr);
783
784 aspath_unintern(&new->aspath);
785 return new;
786 }
787
788 /* Unintern just the sub-components of the attr, but not the attr */
789 void bgp_attr_unintern_sub(struct attr *attr)
790 {
791 /* aspath refcount shoud be decrement. */
792 if (attr->aspath)
793 aspath_unintern(&attr->aspath);
794 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH));
795
796 if (attr->community)
797 community_unintern(&attr->community);
798 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES));
799
800 if (attr->ecommunity)
801 ecommunity_unintern(&attr->ecommunity);
802 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
803
804 if (attr->lcommunity)
805 lcommunity_unintern(&attr->lcommunity);
806 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES));
807
808 if (attr->cluster)
809 cluster_unintern(attr->cluster);
810 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_CLUSTER_LIST));
811
812 if (attr->transit)
813 transit_unintern(attr->transit);
814
815 if (attr->encap_subtlvs)
816 encap_unintern(&attr->encap_subtlvs, ENCAP_SUBTLV_TYPE);
817
818 #if ENABLE_BGP_VNC
819 if (attr->vnc_subtlvs)
820 encap_unintern(&attr->vnc_subtlvs, VNC_SUBTLV_TYPE);
821 #endif
822 }
823
824 /*
825 * We have some show commands that let you experimentally
826 * apply a route-map. When we apply the route-map
827 * we are reseting values but not saving them for
828 * posterity via intern'ing( because route-maps don't
829 * do that) but at this point in time we need
830 * to compare the new attr to the old and if the
831 * routemap has changed it we need to, as Snoop Dog says,
832 * Drop it like it's hot
833 */
834 void bgp_attr_undup(struct attr *new, struct attr *old)
835 {
836 if (new->aspath != old->aspath)
837 aspath_free(new->aspath);
838
839 if (new->community != old->community)
840 community_free(new->community);
841
842 if (new->ecommunity != old->ecommunity)
843 ecommunity_free(&new->ecommunity);
844
845 if (new->lcommunity != old->lcommunity)
846 lcommunity_free(&new->lcommunity);
847 }
848
849 /* Free bgp attribute and aspath. */
850 void bgp_attr_unintern(struct attr **pattr)
851 {
852 struct attr *attr = *pattr;
853 struct attr *ret;
854 struct attr tmp;
855
856 /* Decrement attribute reference. */
857 attr->refcnt--;
858
859 tmp = *attr;
860
861 /* If reference becomes zero then free attribute object. */
862 if (attr->refcnt == 0) {
863 ret = hash_release(attrhash, attr);
864 assert(ret != NULL);
865 XFREE(MTYPE_ATTR, attr);
866 *pattr = NULL;
867 }
868
869 bgp_attr_unintern_sub(&tmp);
870 }
871
872 void bgp_attr_flush(struct attr *attr)
873 {
874 if (attr->aspath && !attr->aspath->refcnt) {
875 aspath_free(attr->aspath);
876 attr->aspath = NULL;
877 }
878 if (attr->community && !attr->community->refcnt) {
879 community_free(attr->community);
880 attr->community = NULL;
881 }
882
883 if (attr->ecommunity && !attr->ecommunity->refcnt)
884 ecommunity_free(&attr->ecommunity);
885 if (attr->lcommunity && !attr->lcommunity->refcnt)
886 lcommunity_free(&attr->lcommunity);
887 if (attr->cluster && !attr->cluster->refcnt) {
888 cluster_free(attr->cluster);
889 attr->cluster = NULL;
890 }
891 if (attr->transit && !attr->transit->refcnt) {
892 transit_free(attr->transit);
893 attr->transit = NULL;
894 }
895 if (attr->encap_subtlvs && !attr->encap_subtlvs->refcnt) {
896 encap_free(attr->encap_subtlvs);
897 attr->encap_subtlvs = NULL;
898 }
899 #if ENABLE_BGP_VNC
900 if (attr->vnc_subtlvs && !attr->vnc_subtlvs->refcnt) {
901 encap_free(attr->vnc_subtlvs);
902 attr->vnc_subtlvs = NULL;
903 }
904 #endif
905 }
906
907 /* Implement draft-scudder-idr-optional-transitive behaviour and
908 * avoid resetting sessions for malformed attributes which are
909 * are partial/optional and hence where the error likely was not
910 * introduced by the sending neighbour.
911 */
912 static bgp_attr_parse_ret_t
913 bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
914 bgp_size_t length)
915 {
916 struct peer *const peer = args->peer;
917 const uint8_t flags = args->flags;
918 /* startp and length must be special-cased, as whether or not to
919 * send the attribute data with the NOTIFY depends on the error,
920 * the caller therefore signals this with the seperate length argument
921 */
922 uint8_t *notify_datap = (length > 0 ? args->startp : NULL);
923
924 /* Only relax error handling for eBGP peers */
925 if (peer->sort != BGP_PEER_EBGP) {
926 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, subcode,
927 notify_datap, length);
928 return BGP_ATTR_PARSE_ERROR;
929 }
930
931 /* Adjust the stream getp to the end of the attribute, in case we can
932 * still proceed but the caller hasn't read all the attribute.
933 */
934 stream_set_getp(BGP_INPUT(peer),
935 (args->startp - STREAM_DATA(BGP_INPUT(peer)))
936 + args->total);
937
938 switch (args->type) {
939 /* where an attribute is relatively inconsequential, e.g. it does not
940 * affect route selection, and can be safely ignored, then any such
941 * attributes which are malformed should just be ignored and the route
942 * processed as normal.
943 */
944 case BGP_ATTR_AS4_AGGREGATOR:
945 case BGP_ATTR_AGGREGATOR:
946 case BGP_ATTR_ATOMIC_AGGREGATE:
947 return BGP_ATTR_PARSE_PROCEED;
948
949 /* Core attributes, particularly ones which may influence route
950 * selection, should always cause session resets
951 */
952 case BGP_ATTR_ORIGIN:
953 case BGP_ATTR_AS_PATH:
954 case BGP_ATTR_NEXT_HOP:
955 case BGP_ATTR_MULTI_EXIT_DISC:
956 case BGP_ATTR_LOCAL_PREF:
957 case BGP_ATTR_COMMUNITIES:
958 case BGP_ATTR_ORIGINATOR_ID:
959 case BGP_ATTR_CLUSTER_LIST:
960 case BGP_ATTR_MP_REACH_NLRI:
961 case BGP_ATTR_MP_UNREACH_NLRI:
962 case BGP_ATTR_EXT_COMMUNITIES:
963 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, subcode,
964 notify_datap, length);
965 return BGP_ATTR_PARSE_ERROR;
966 }
967
968 /* Partial optional attributes that are malformed should not cause
969 * the whole session to be reset. Instead treat it as a withdrawal
970 * of the routes, if possible.
971 */
972 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS)
973 && CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
974 && CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL))
975 return BGP_ATTR_PARSE_WITHDRAW;
976
977 /* default to reset */
978 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
979 }
980
981 /* Find out what is wrong with the path attribute flag bits and log the error.
982 "Flag bits" here stand for Optional, Transitive and Partial, but not for
983 Extended Length. Checking O/T/P bits at once implies, that the attribute
984 being diagnosed is defined by RFC as either a "well-known" or an "optional,
985 non-transitive" attribute. */
986 static void
987 bgp_attr_flags_diagnose(struct bgp_attr_parser_args *args,
988 uint8_t desired_flags /* how RFC says it must be */
989 )
990 {
991 uint8_t seen = 0, i;
992 uint8_t real_flags = args->flags;
993 const uint8_t attr_code = args->type;
994
995 desired_flags &= ~BGP_ATTR_FLAG_EXTLEN;
996 real_flags &= ~BGP_ATTR_FLAG_EXTLEN;
997 for (i = 0; i <= 2; i++) /* O,T,P, but not E */
998 if (CHECK_FLAG(desired_flags, attr_flag_str[i].key)
999 != CHECK_FLAG(real_flags, attr_flag_str[i].key)) {
1000 flog_err(
1001 BGP_ERR_ATTR_FLAG,
1002 "%s attribute must%s be flagged as \"%s\"",
1003 lookup_msg(attr_str, attr_code, NULL),
1004 CHECK_FLAG(desired_flags, attr_flag_str[i].key)
1005 ? ""
1006 : " not",
1007 attr_flag_str[i].str);
1008 seen = 1;
1009 }
1010 if (!seen) {
1011 zlog_debug(
1012 "Strange, %s called for attr %s, but no problem found with flags"
1013 " (real flags 0x%x, desired 0x%x)",
1014 __func__, lookup_msg(attr_str, attr_code, NULL),
1015 real_flags, desired_flags);
1016 }
1017 }
1018
1019 /* Required flags for attributes. EXTLEN will be masked off when testing,
1020 * as will PARTIAL for optional+transitive attributes.
1021 */
1022 const uint8_t attr_flags_values[] = {
1023 [BGP_ATTR_ORIGIN] = BGP_ATTR_FLAG_TRANS,
1024 [BGP_ATTR_AS_PATH] = BGP_ATTR_FLAG_TRANS,
1025 [BGP_ATTR_NEXT_HOP] = BGP_ATTR_FLAG_TRANS,
1026 [BGP_ATTR_MULTI_EXIT_DISC] = BGP_ATTR_FLAG_OPTIONAL,
1027 [BGP_ATTR_LOCAL_PREF] = BGP_ATTR_FLAG_TRANS,
1028 [BGP_ATTR_ATOMIC_AGGREGATE] = BGP_ATTR_FLAG_TRANS,
1029 [BGP_ATTR_AGGREGATOR] = BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL,
1030 [BGP_ATTR_COMMUNITIES] = BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL,
1031 [BGP_ATTR_ORIGINATOR_ID] = BGP_ATTR_FLAG_OPTIONAL,
1032 [BGP_ATTR_CLUSTER_LIST] = BGP_ATTR_FLAG_OPTIONAL,
1033 [BGP_ATTR_MP_REACH_NLRI] = BGP_ATTR_FLAG_OPTIONAL,
1034 [BGP_ATTR_MP_UNREACH_NLRI] = BGP_ATTR_FLAG_OPTIONAL,
1035 [BGP_ATTR_EXT_COMMUNITIES] =
1036 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1037 [BGP_ATTR_AS4_PATH] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1038 [BGP_ATTR_AS4_AGGREGATOR] =
1039 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1040 [BGP_ATTR_PMSI_TUNNEL] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1041 [BGP_ATTR_LARGE_COMMUNITIES] =
1042 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1043 [BGP_ATTR_PREFIX_SID] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1044 };
1045 static const size_t attr_flags_values_max = array_size(attr_flags_values) - 1;
1046
1047 static int bgp_attr_flag_invalid(struct bgp_attr_parser_args *args)
1048 {
1049 uint8_t mask = BGP_ATTR_FLAG_EXTLEN;
1050 const uint8_t flags = args->flags;
1051 const uint8_t attr_code = args->type;
1052
1053 /* there may be attributes we don't know about */
1054 if (attr_code > attr_flags_values_max)
1055 return 0;
1056 if (attr_flags_values[attr_code] == 0)
1057 return 0;
1058
1059 /* RFC4271, "For well-known attributes, the Transitive bit MUST be set
1060 * to
1061 * 1."
1062 */
1063 if (!CHECK_FLAG(BGP_ATTR_FLAG_OPTIONAL, flags)
1064 && !CHECK_FLAG(BGP_ATTR_FLAG_TRANS, flags)) {
1065 flog_err(
1066 BGP_ERR_ATTR_FLAG,
1067 "%s well-known attributes must have transitive flag set (%x)",
1068 lookup_msg(attr_str, attr_code, NULL), flags);
1069 return 1;
1070 }
1071
1072 /* "For well-known attributes and for optional non-transitive
1073 * attributes,
1074 * the Partial bit MUST be set to 0."
1075 */
1076 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL)) {
1077 if (!CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)) {
1078 flog_err(BGP_ERR_ATTR_FLAG,
1079 "%s well-known attribute "
1080 "must NOT have the partial flag set (%x)",
1081 lookup_msg(attr_str, attr_code, NULL), flags);
1082 return 1;
1083 }
1084 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
1085 && !CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS)) {
1086 flog_err(BGP_ERR_ATTR_FLAG,
1087 "%s optional + transitive attribute "
1088 "must NOT have the partial flag set (%x)",
1089 lookup_msg(attr_str, attr_code, NULL), flags);
1090 return 1;
1091 }
1092 }
1093
1094 /* Optional transitive attributes may go through speakers that don't
1095 * reocgnise them and set the Partial bit.
1096 */
1097 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
1098 && CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS))
1099 SET_FLAG(mask, BGP_ATTR_FLAG_PARTIAL);
1100
1101 if ((flags & ~mask) == attr_flags_values[attr_code])
1102 return 0;
1103
1104 bgp_attr_flags_diagnose(args, attr_flags_values[attr_code]);
1105 return 1;
1106 }
1107
1108 /* Get origin attribute of the update message. */
1109 static bgp_attr_parse_ret_t bgp_attr_origin(struct bgp_attr_parser_args *args)
1110 {
1111 struct peer *const peer = args->peer;
1112 struct attr *const attr = args->attr;
1113 const bgp_size_t length = args->length;
1114
1115 /* If any recognized attribute has Attribute Length that conflicts
1116 with the expected length (based on the attribute type code), then
1117 the Error Subcode is set to Attribute Length Error. The Data
1118 field contains the erroneous attribute (type, length and
1119 value). */
1120 if (length != 1) {
1121 flog_err(BGP_ERR_ATTR_LEN,
1122 "Origin attribute length is not one %d", length);
1123 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1124 args->total);
1125 }
1126
1127 /* Fetch origin attribute. */
1128 attr->origin = stream_getc(BGP_INPUT(peer));
1129
1130 /* If the ORIGIN attribute has an undefined value, then the Error
1131 Subcode is set to Invalid Origin Attribute. The Data field
1132 contains the unrecognized attribute (type, length and value). */
1133 if ((attr->origin != BGP_ORIGIN_IGP) && (attr->origin != BGP_ORIGIN_EGP)
1134 && (attr->origin != BGP_ORIGIN_INCOMPLETE)) {
1135 flog_err(BGP_ERR_ATTR_ORIGIN,
1136 "Origin attribute value is invalid %d", attr->origin);
1137 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_INVAL_ORIGIN,
1138 args->total);
1139 }
1140
1141 /* Set oring attribute flag. */
1142 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
1143
1144 return 0;
1145 }
1146
1147 /* Parse AS path information. This function is wrapper of
1148 aspath_parse. */
1149 static int bgp_attr_aspath(struct bgp_attr_parser_args *args)
1150 {
1151 struct attr *const attr = args->attr;
1152 struct peer *const peer = args->peer;
1153 const bgp_size_t length = args->length;
1154
1155 /*
1156 * peer with AS4 => will get 4Byte ASnums
1157 * otherwise, will get 16 Bit
1158 */
1159 attr->aspath = aspath_parse(peer->curr, length,
1160 CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV));
1161
1162 /* In case of IBGP, length will be zero. */
1163 if (!attr->aspath) {
1164 flog_err(BGP_ERR_ATTR_MAL_AS_PATH,
1165 "Malformed AS path from %s, length is %d", peer->host,
1166 length);
1167 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH,
1168 0);
1169 }
1170
1171 /* Set aspath attribute flag. */
1172 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
1173
1174 return BGP_ATTR_PARSE_PROCEED;
1175 }
1176
1177 static bgp_attr_parse_ret_t bgp_attr_aspath_check(struct peer *const peer,
1178 struct attr *const attr)
1179 {
1180 /* These checks were part of bgp_attr_aspath, but with
1181 * as4 we should to check aspath things when
1182 * aspath synthesizing with as4_path has already taken place.
1183 * Otherwise we check ASPATH and use the synthesized thing, and that is
1184 * not right.
1185 * So do the checks later, i.e. here
1186 */
1187 struct aspath *aspath;
1188
1189 /* Confederation sanity check. */
1190 if ((peer->sort == BGP_PEER_CONFED
1191 && !aspath_left_confed_check(attr->aspath))
1192 || (peer->sort == BGP_PEER_EBGP
1193 && aspath_confed_check(attr->aspath))) {
1194 flog_err(BGP_ERR_ATTR_MAL_AS_PATH, "Malformed AS path from %s",
1195 peer->host);
1196 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1197 BGP_NOTIFY_UPDATE_MAL_AS_PATH);
1198 return BGP_ATTR_PARSE_ERROR;
1199 }
1200
1201 /* First AS check for EBGP. */
1202 if (CHECK_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS)) {
1203 if (peer->sort == BGP_PEER_EBGP
1204 && !aspath_firstas_check(attr->aspath, peer->as)) {
1205 flog_err(BGP_ERR_ATTR_FIRST_AS,
1206 "%s incorrect first AS (must be %u)",
1207 peer->host, peer->as);
1208 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1209 BGP_NOTIFY_UPDATE_MAL_AS_PATH);
1210 return BGP_ATTR_PARSE_ERROR;
1211 }
1212 }
1213
1214 /* local-as prepend */
1215 if (peer->change_local_as
1216 && !CHECK_FLAG(peer->flags, PEER_FLAG_LOCAL_AS_NO_PREPEND)) {
1217 aspath = aspath_dup(attr->aspath);
1218 aspath = aspath_add_seq(aspath, peer->change_local_as);
1219 aspath_unintern(&attr->aspath);
1220 attr->aspath = aspath_intern(aspath);
1221 }
1222
1223 return BGP_ATTR_PARSE_PROCEED;
1224 }
1225
1226 /* Parse AS4 path information. This function is another wrapper of
1227 aspath_parse. */
1228 static int bgp_attr_as4_path(struct bgp_attr_parser_args *args,
1229 struct aspath **as4_path)
1230 {
1231 struct peer *const peer = args->peer;
1232 struct attr *const attr = args->attr;
1233 const bgp_size_t length = args->length;
1234
1235 *as4_path = aspath_parse(peer->curr, length, 1);
1236
1237 /* In case of IBGP, length will be zero. */
1238 if (!*as4_path) {
1239 flog_err(BGP_ERR_ATTR_MAL_AS_PATH,
1240 "Malformed AS4 path from %s, length is %d",
1241 peer->host, length);
1242 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH,
1243 0);
1244 }
1245
1246 /* Set aspath attribute flag. */
1247 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH);
1248
1249 return BGP_ATTR_PARSE_PROCEED;
1250 }
1251
1252 /* Nexthop attribute. */
1253 static bgp_attr_parse_ret_t bgp_attr_nexthop(struct bgp_attr_parser_args *args)
1254 {
1255 struct peer *const peer = args->peer;
1256 struct attr *const attr = args->attr;
1257 const bgp_size_t length = args->length;
1258
1259 in_addr_t nexthop_h, nexthop_n;
1260
1261 /* Check nexthop attribute length. */
1262 if (length != 4) {
1263 flog_err(BGP_ERR_ATTR_LEN,
1264 "Nexthop attribute length isn't four [%d]", length);
1265
1266 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1267 args->total);
1268 }
1269
1270 /* According to section 6.3 of RFC4271, syntactically incorrect NEXT_HOP
1271 attribute must result in a NOTIFICATION message (this is implemented
1272 below).
1273 At the same time, semantically incorrect NEXT_HOP is more likely to
1274 be just
1275 logged locally (this is implemented somewhere else). The UPDATE
1276 message
1277 gets ignored in any of these cases. */
1278 nexthop_n = stream_get_ipv4(peer->curr);
1279 nexthop_h = ntohl(nexthop_n);
1280 if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h)
1281 || IPV4_CLASS_DE(nexthop_h))
1282 && !BGP_DEBUG(
1283 allow_martians,
1284 ALLOW_MARTIANS)) /* loopbacks may be used in testing */
1285 {
1286 char buf[INET_ADDRSTRLEN];
1287 inet_ntop(AF_INET, &nexthop_n, buf, INET_ADDRSTRLEN);
1288 flog_err(BGP_ERR_ATTR_MARTIAN_NH, "Martian nexthop %s", buf);
1289 return bgp_attr_malformed(
1290 args, BGP_NOTIFY_UPDATE_INVAL_NEXT_HOP, args->total);
1291 }
1292
1293 attr->nexthop.s_addr = nexthop_n;
1294 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1295
1296 return BGP_ATTR_PARSE_PROCEED;
1297 }
1298
1299 /* MED atrribute. */
1300 static bgp_attr_parse_ret_t bgp_attr_med(struct bgp_attr_parser_args *args)
1301 {
1302 struct peer *const peer = args->peer;
1303 struct attr *const attr = args->attr;
1304 const bgp_size_t length = args->length;
1305
1306 /* Length check. */
1307 if (length != 4) {
1308 flog_err(BGP_ERR_ATTR_LEN,
1309 "MED attribute length isn't four [%d]", length);
1310
1311 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1312 args->total);
1313 }
1314
1315 attr->med = stream_getl(peer->curr);
1316
1317 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC);
1318
1319 return BGP_ATTR_PARSE_PROCEED;
1320 }
1321
1322 /* Local preference attribute. */
1323 static bgp_attr_parse_ret_t
1324 bgp_attr_local_pref(struct bgp_attr_parser_args *args)
1325 {
1326 struct peer *const peer = args->peer;
1327 struct attr *const attr = args->attr;
1328 const bgp_size_t length = args->length;
1329
1330 /* Length check. */
1331 if (length != 4) {
1332 flog_err(BGP_ERR_ATTR_LEN,
1333 "LOCAL_PREF attribute length isn't 4 [%u]", length);
1334 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1335 args->total);
1336 }
1337
1338 /* If it is contained in an UPDATE message that is received from an
1339 external peer, then this attribute MUST be ignored by the
1340 receiving speaker. */
1341 if (peer->sort == BGP_PEER_EBGP) {
1342 stream_forward_getp(peer->curr, length);
1343 return BGP_ATTR_PARSE_PROCEED;
1344 }
1345
1346 attr->local_pref = stream_getl(peer->curr);
1347
1348 /* Set the local-pref flag. */
1349 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF);
1350
1351 return BGP_ATTR_PARSE_PROCEED;
1352 }
1353
1354 /* Atomic aggregate. */
1355 static int bgp_attr_atomic(struct bgp_attr_parser_args *args)
1356 {
1357 struct attr *const attr = args->attr;
1358 const bgp_size_t length = args->length;
1359
1360 /* Length check. */
1361 if (length != 0) {
1362 flog_err(BGP_ERR_ATTR_LEN,
1363 "ATOMIC_AGGREGATE attribute length isn't 0 [%u]",
1364 length);
1365 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1366 args->total);
1367 }
1368
1369 /* Set atomic aggregate flag. */
1370 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE);
1371
1372 return BGP_ATTR_PARSE_PROCEED;
1373 }
1374
1375 /* Aggregator attribute */
1376 static int bgp_attr_aggregator(struct bgp_attr_parser_args *args)
1377 {
1378 struct peer *const peer = args->peer;
1379 struct attr *const attr = args->attr;
1380 const bgp_size_t length = args->length;
1381
1382 int wantedlen = 6;
1383
1384 /* peer with AS4 will send 4 Byte AS, peer without will send 2 Byte */
1385 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV))
1386 wantedlen = 8;
1387
1388 if (length != wantedlen) {
1389 flog_err(BGP_ERR_ATTR_LEN,
1390 "AGGREGATOR attribute length isn't %u [%u]",
1391 wantedlen, length);
1392 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1393 args->total);
1394 }
1395
1396 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV))
1397 attr->aggregator_as = stream_getl(peer->curr);
1398 else
1399 attr->aggregator_as = stream_getw(peer->curr);
1400 attr->aggregator_addr.s_addr = stream_get_ipv4(peer->curr);
1401
1402 /* Set atomic aggregate flag. */
1403 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR);
1404
1405 return BGP_ATTR_PARSE_PROCEED;
1406 }
1407
1408 /* New Aggregator attribute */
1409 static bgp_attr_parse_ret_t
1410 bgp_attr_as4_aggregator(struct bgp_attr_parser_args *args,
1411 as_t *as4_aggregator_as,
1412 struct in_addr *as4_aggregator_addr)
1413 {
1414 struct peer *const peer = args->peer;
1415 struct attr *const attr = args->attr;
1416 const bgp_size_t length = args->length;
1417
1418 if (length != 8) {
1419 flog_err(BGP_ERR_ATTR_LEN,
1420 "New Aggregator length is not 8 [%d]", length);
1421 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1422 0);
1423 }
1424
1425 *as4_aggregator_as = stream_getl(peer->curr);
1426 as4_aggregator_addr->s_addr = stream_get_ipv4(peer->curr);
1427
1428 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR);
1429
1430 return BGP_ATTR_PARSE_PROCEED;
1431 }
1432
1433 /* Munge Aggregator and New-Aggregator, AS_PATH and NEW_AS_PATH.
1434 */
1435 static bgp_attr_parse_ret_t
1436 bgp_attr_munge_as4_attrs(struct peer *const peer, struct attr *const attr,
1437 struct aspath *as4_path, as_t as4_aggregator,
1438 struct in_addr *as4_aggregator_addr)
1439 {
1440 int ignore_as4_path = 0;
1441 struct aspath *newpath;
1442
1443 if (!attr->aspath) {
1444 /* NULL aspath shouldn't be possible as bgp_attr_parse should
1445 * have
1446 * checked that all well-known, mandatory attributes were
1447 * present.
1448 *
1449 * Can only be a problem with peer itself - hard error
1450 */
1451 return BGP_ATTR_PARSE_ERROR;
1452 }
1453
1454 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)) {
1455 /* peer can do AS4, so we ignore AS4_PATH and AS4_AGGREGATOR
1456 * if given.
1457 * It is worth a warning though, because the peer really
1458 * should not send them
1459 */
1460 if (BGP_DEBUG(as4, AS4)) {
1461 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH)))
1462 zlog_debug("[AS4] %s %s AS4_PATH", peer->host,
1463 "AS4 capable peer, yet it sent");
1464
1465 if (attr->flag
1466 & (ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR)))
1467 zlog_debug("[AS4] %s %s AS4_AGGREGATOR",
1468 peer->host,
1469 "AS4 capable peer, yet it sent");
1470 }
1471
1472 return BGP_ATTR_PARSE_PROCEED;
1473 }
1474
1475 /* We have a asn16 peer. First, look for AS4_AGGREGATOR
1476 * because that may override AS4_PATH
1477 */
1478 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR))) {
1479 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR))) {
1480 /* received both.
1481 * if the as_number in aggregator is not AS_TRANS,
1482 * then AS4_AGGREGATOR and AS4_PATH shall be ignored
1483 * and the Aggregator shall be taken as
1484 * info on the aggregating node, and the AS_PATH
1485 * shall be taken as the AS_PATH
1486 * otherwise
1487 * the Aggregator shall be ignored and the
1488 * AS4_AGGREGATOR shall be taken as the
1489 * Aggregating node and the AS_PATH is to be
1490 * constructed "as in all other cases"
1491 */
1492 if (attr->aggregator_as != BGP_AS_TRANS) {
1493 /* ignore */
1494 if (BGP_DEBUG(as4, AS4))
1495 zlog_debug(
1496 "[AS4] %s BGP not AS4 capable peer"
1497 " send AGGREGATOR != AS_TRANS and"
1498 " AS4_AGGREGATOR, so ignore"
1499 " AS4_AGGREGATOR and AS4_PATH",
1500 peer->host);
1501 ignore_as4_path = 1;
1502 } else {
1503 /* "New_aggregator shall be taken as aggregator"
1504 */
1505 attr->aggregator_as = as4_aggregator;
1506 attr->aggregator_addr.s_addr =
1507 as4_aggregator_addr->s_addr;
1508 }
1509 } else {
1510 /* We received a AS4_AGGREGATOR but no AGGREGATOR.
1511 * That is bogus - but reading the conditions
1512 * we have to handle AS4_AGGREGATOR as if it were
1513 * AGGREGATOR in that case
1514 */
1515 if (BGP_DEBUG(as4, AS4))
1516 zlog_debug(
1517 "[AS4] %s BGP not AS4 capable peer send"
1518 " AS4_AGGREGATOR but no AGGREGATOR, will take"
1519 " it as if AGGREGATOR with AS_TRANS had been there",
1520 peer->host);
1521 attr->aggregator_as = as4_aggregator;
1522 /* sweep it under the carpet and simulate a "good"
1523 * AGGREGATOR */
1524 attr->flag |= (ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR));
1525 }
1526 }
1527
1528 /* need to reconcile NEW_AS_PATH and AS_PATH */
1529 if (!ignore_as4_path
1530 && (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH)))) {
1531 newpath = aspath_reconcile_as4(attr->aspath, as4_path);
1532 if (!newpath)
1533 return BGP_ATTR_PARSE_ERROR;
1534
1535 aspath_unintern(&attr->aspath);
1536 attr->aspath = aspath_intern(newpath);
1537 }
1538 return BGP_ATTR_PARSE_PROCEED;
1539 }
1540
1541 /* Community attribute. */
1542 static bgp_attr_parse_ret_t
1543 bgp_attr_community(struct bgp_attr_parser_args *args)
1544 {
1545 struct peer *const peer = args->peer;
1546 struct attr *const attr = args->attr;
1547 const bgp_size_t length = args->length;
1548
1549 if (length == 0) {
1550 attr->community = NULL;
1551 return BGP_ATTR_PARSE_PROCEED;
1552 }
1553
1554 attr->community =
1555 community_parse((uint32_t *)stream_pnt(peer->curr), length);
1556
1557 /* XXX: fix community_parse to use stream API and remove this */
1558 stream_forward_getp(peer->curr, length);
1559
1560 if (!attr->community)
1561 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1562 args->total);
1563
1564 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES);
1565
1566 return BGP_ATTR_PARSE_PROCEED;
1567 }
1568
1569 /* Originator ID attribute. */
1570 static bgp_attr_parse_ret_t
1571 bgp_attr_originator_id(struct bgp_attr_parser_args *args)
1572 {
1573 struct peer *const peer = args->peer;
1574 struct attr *const attr = args->attr;
1575 const bgp_size_t length = args->length;
1576
1577 /* Length check. */
1578 if (length != 4) {
1579 flog_err(BGP_ERR_ATTR_LEN, "Bad originator ID length %d",
1580 length);
1581
1582 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1583 args->total);
1584 }
1585
1586 attr->originator_id.s_addr = stream_get_ipv4(peer->curr);
1587
1588 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID);
1589
1590 return BGP_ATTR_PARSE_PROCEED;
1591 }
1592
1593 /* Cluster list attribute. */
1594 static bgp_attr_parse_ret_t
1595 bgp_attr_cluster_list(struct bgp_attr_parser_args *args)
1596 {
1597 struct peer *const peer = args->peer;
1598 struct attr *const attr = args->attr;
1599 const bgp_size_t length = args->length;
1600
1601 /* Check length. */
1602 if (length % 4) {
1603 flog_err(BGP_ERR_ATTR_LEN, "Bad cluster list length %d",
1604 length);
1605
1606 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1607 args->total);
1608 }
1609
1610 attr->cluster =
1611 cluster_parse((struct in_addr *)stream_pnt(peer->curr), length);
1612
1613 /* XXX: Fix cluster_parse to use stream API and then remove this */
1614 stream_forward_getp(peer->curr, length);
1615
1616 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_CLUSTER_LIST);
1617
1618 return BGP_ATTR_PARSE_PROCEED;
1619 }
1620
1621 /* Multiprotocol reachability information parse. */
1622 int bgp_mp_reach_parse(struct bgp_attr_parser_args *args,
1623 struct bgp_nlri *mp_update)
1624 {
1625 iana_afi_t pkt_afi;
1626 afi_t afi;
1627 iana_safi_t pkt_safi;
1628 safi_t safi;
1629 bgp_size_t nlri_len;
1630 size_t start;
1631 struct stream *s;
1632 struct peer *const peer = args->peer;
1633 struct attr *const attr = args->attr;
1634 const bgp_size_t length = args->length;
1635
1636 /* Set end of packet. */
1637 s = BGP_INPUT(peer);
1638 start = stream_get_getp(s);
1639
1640 /* safe to read statically sized header? */
1641 #define BGP_MP_REACH_MIN_SIZE 5
1642 #define LEN_LEFT (length - (stream_get_getp(s) - start))
1643 if ((length > STREAM_READABLE(s)) || (length < BGP_MP_REACH_MIN_SIZE)) {
1644 zlog_info("%s: %s sent invalid length, %lu", __func__,
1645 peer->host, (unsigned long)length);
1646 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1647 }
1648
1649 /* Load AFI, SAFI. */
1650 pkt_afi = stream_getw(s);
1651 pkt_safi = stream_getc(s);
1652
1653 /* Convert AFI, SAFI to internal values, check. */
1654 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1655 /* Log if AFI or SAFI is unrecognized. This is not an error
1656 * unless
1657 * the attribute is otherwise malformed.
1658 */
1659 if (bgp_debug_update(peer, NULL, NULL, 0))
1660 zlog_debug(
1661 "%s: MP_REACH received AFI %u or SAFI %u is unrecognized",
1662 peer->host, pkt_afi, pkt_safi);
1663 return BGP_ATTR_PARSE_ERROR;
1664 }
1665
1666 /* Get nexthop length. */
1667 attr->mp_nexthop_len = stream_getc(s);
1668
1669 if (LEN_LEFT < attr->mp_nexthop_len) {
1670 zlog_info(
1671 "%s: %s, MP nexthop length, %u, goes past end of attribute",
1672 __func__, peer->host, attr->mp_nexthop_len);
1673 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1674 }
1675
1676 /* Nexthop length check. */
1677 switch (attr->mp_nexthop_len) {
1678 case 0:
1679 if (safi != SAFI_FLOWSPEC) {
1680 zlog_info("%s: (%s) Wrong multiprotocol next hop length: %d",
1681 __func__, peer->host, attr->mp_nexthop_len);
1682 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1683 }
1684 break;
1685 case BGP_ATTR_NHLEN_VPNV4:
1686 stream_getl(s); /* RD high */
1687 stream_getl(s); /* RD low */
1688 /*
1689 * NOTE: intentional fall through
1690 * - for consistency in rx processing
1691 *
1692 * The following comment is to signal GCC this intention
1693 * and supress the warning
1694 */
1695 /* FALLTHRU */
1696 case BGP_ATTR_NHLEN_IPV4:
1697 stream_get(&attr->mp_nexthop_global_in, s, IPV4_MAX_BYTELEN);
1698 /* Probably needed for RFC 2283 */
1699 if (attr->nexthop.s_addr == 0)
1700 memcpy(&attr->nexthop.s_addr,
1701 &attr->mp_nexthop_global_in, IPV4_MAX_BYTELEN);
1702 break;
1703 case BGP_ATTR_NHLEN_IPV6_GLOBAL:
1704 case BGP_ATTR_NHLEN_VPNV6_GLOBAL:
1705 if (attr->mp_nexthop_len == BGP_ATTR_NHLEN_VPNV6_GLOBAL) {
1706 stream_getl(s); /* RD high */
1707 stream_getl(s); /* RD low */
1708 }
1709 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
1710 if (IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_global)) {
1711 if (!peer->nexthop.ifp) {
1712 zlog_warn("%s: interface not set appropriately to handle some attributes",
1713 peer->host);
1714 return BGP_ATTR_PARSE_WITHDRAW;
1715 }
1716 attr->nh_ifindex = peer->nexthop.ifp->ifindex;
1717 }
1718 break;
1719 case BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL:
1720 case BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL:
1721 if (attr->mp_nexthop_len
1722 == BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL) {
1723 stream_getl(s); /* RD high */
1724 stream_getl(s); /* RD low */
1725 }
1726 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
1727 if (IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_global)) {
1728 if (!peer->nexthop.ifp) {
1729 zlog_warn("%s: interface not set appropriately to handle some attributes",
1730 peer->host);
1731 return BGP_ATTR_PARSE_WITHDRAW;
1732 }
1733 attr->nh_ifindex = peer->nexthop.ifp->ifindex;
1734 }
1735 if (attr->mp_nexthop_len
1736 == BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL) {
1737 stream_getl(s); /* RD high */
1738 stream_getl(s); /* RD low */
1739 }
1740 stream_get(&attr->mp_nexthop_local, s, IPV6_MAX_BYTELEN);
1741 if (!IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_local)) {
1742 char buf1[INET6_ADDRSTRLEN];
1743 char buf2[INET6_ADDRSTRLEN];
1744
1745 if (bgp_debug_update(peer, NULL, NULL, 1))
1746 zlog_debug(
1747 "%s rcvd nexthops %s, %s -- ignoring non-LL value",
1748 peer->host,
1749 inet_ntop(AF_INET6,
1750 &attr->mp_nexthop_global,
1751 buf1, INET6_ADDRSTRLEN),
1752 inet_ntop(AF_INET6,
1753 &attr->mp_nexthop_local, buf2,
1754 INET6_ADDRSTRLEN));
1755
1756 attr->mp_nexthop_len = IPV6_MAX_BYTELEN;
1757 }
1758 if (!peer->nexthop.ifp) {
1759 zlog_warn("%s: Interface not set appropriately to handle this some attributes",
1760 peer->host);
1761 return BGP_ATTR_PARSE_WITHDRAW;
1762 }
1763 attr->nh_lla_ifindex = peer->nexthop.ifp->ifindex;
1764 break;
1765 default:
1766 zlog_info("%s: (%s) Wrong multiprotocol next hop length: %d",
1767 __func__, peer->host, attr->mp_nexthop_len);
1768 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1769 }
1770
1771 if (!LEN_LEFT) {
1772 zlog_info("%s: (%s) Failed to read SNPA and NLRI(s)", __func__,
1773 peer->host);
1774 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1775 }
1776
1777 {
1778 uint8_t val;
1779 if ((val = stream_getc(s)))
1780 zlog_warn(
1781 "%s sent non-zero value, %u, for defunct SNPA-length field",
1782 peer->host, val);
1783 }
1784
1785 /* must have nrli_len, what is left of the attribute */
1786 nlri_len = LEN_LEFT;
1787 if (nlri_len > STREAM_READABLE(s)) {
1788 zlog_info("%s: (%s) Failed to read NLRI", __func__, peer->host);
1789 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1790 }
1791
1792 if (!nlri_len) {
1793 zlog_info("%s: (%s) No Reachability, Treating as a EOR marker",
1794 __func__, peer->host);
1795
1796 mp_update->afi = afi;
1797 mp_update->safi = safi;
1798 return BGP_ATTR_PARSE_EOR;
1799 }
1800
1801 mp_update->afi = afi;
1802 mp_update->safi = safi;
1803 mp_update->nlri = stream_pnt(s);
1804 mp_update->length = nlri_len;
1805
1806 stream_forward_getp(s, nlri_len);
1807
1808 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI);
1809
1810 return BGP_ATTR_PARSE_PROCEED;
1811 #undef LEN_LEFT
1812 }
1813
1814 /* Multiprotocol unreachable parse */
1815 int bgp_mp_unreach_parse(struct bgp_attr_parser_args *args,
1816 struct bgp_nlri *mp_withdraw)
1817 {
1818 struct stream *s;
1819 iana_afi_t pkt_afi;
1820 afi_t afi;
1821 iana_safi_t pkt_safi;
1822 safi_t safi;
1823 uint16_t withdraw_len;
1824 struct peer *const peer = args->peer;
1825 struct attr *const attr = args->attr;
1826 const bgp_size_t length = args->length;
1827
1828 s = peer->curr;
1829
1830 #define BGP_MP_UNREACH_MIN_SIZE 3
1831 if ((length > STREAM_READABLE(s)) || (length < BGP_MP_UNREACH_MIN_SIZE))
1832 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1833
1834 pkt_afi = stream_getw(s);
1835 pkt_safi = stream_getc(s);
1836
1837 /* Convert AFI, SAFI to internal values, check. */
1838 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1839 /* Log if AFI or SAFI is unrecognized. This is not an error
1840 * unless
1841 * the attribute is otherwise malformed.
1842 */
1843 if (bgp_debug_update(peer, NULL, NULL, 0))
1844 zlog_debug(
1845 "%s: MP_UNREACH received AFI %u or SAFI %u is unrecognized",
1846 peer->host, pkt_afi, pkt_safi);
1847 return BGP_ATTR_PARSE_ERROR;
1848 }
1849
1850 withdraw_len = length - BGP_MP_UNREACH_MIN_SIZE;
1851
1852 mp_withdraw->afi = afi;
1853 mp_withdraw->safi = safi;
1854 mp_withdraw->nlri = stream_pnt(s);
1855 mp_withdraw->length = withdraw_len;
1856
1857 stream_forward_getp(s, withdraw_len);
1858
1859 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI);
1860
1861 return BGP_ATTR_PARSE_PROCEED;
1862 }
1863
1864 /* Large Community attribute. */
1865 static bgp_attr_parse_ret_t
1866 bgp_attr_large_community(struct bgp_attr_parser_args *args)
1867 {
1868 struct peer *const peer = args->peer;
1869 struct attr *const attr = args->attr;
1870 const bgp_size_t length = args->length;
1871
1872 /*
1873 * Large community follows new attribute format.
1874 */
1875 if (length == 0) {
1876 attr->lcommunity = NULL;
1877 /* Empty extcomm doesn't seem to be invalid per se */
1878 return BGP_ATTR_PARSE_PROCEED;
1879 }
1880
1881 attr->lcommunity =
1882 lcommunity_parse((uint8_t *)stream_pnt(peer->curr), length);
1883 /* XXX: fix ecommunity_parse to use stream API */
1884 stream_forward_getp(peer->curr, length);
1885
1886 if (!attr->lcommunity)
1887 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1888 args->total);
1889
1890 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES);
1891
1892 return BGP_ATTR_PARSE_PROCEED;
1893 }
1894
1895 /* Extended Community attribute. */
1896 static bgp_attr_parse_ret_t
1897 bgp_attr_ext_communities(struct bgp_attr_parser_args *args)
1898 {
1899 struct peer *const peer = args->peer;
1900 struct attr *const attr = args->attr;
1901 const bgp_size_t length = args->length;
1902 uint8_t sticky = 0;
1903
1904 if (length == 0) {
1905 attr->ecommunity = NULL;
1906 /* Empty extcomm doesn't seem to be invalid per se */
1907 return BGP_ATTR_PARSE_PROCEED;
1908 }
1909
1910 attr->ecommunity =
1911 ecommunity_parse((uint8_t *)stream_pnt(peer->curr), length);
1912 /* XXX: fix ecommunity_parse to use stream API */
1913 stream_forward_getp(peer->curr, length);
1914
1915 if (!attr->ecommunity)
1916 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1917 args->total);
1918
1919 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES);
1920
1921 /* Extract MAC mobility sequence number, if any. */
1922 attr->mm_seqnum = bgp_attr_mac_mobility_seqnum(attr, &sticky);
1923 attr->sticky = sticky;
1924
1925 /* Check if this is a Gateway MAC-IP advertisement */
1926 attr->default_gw = bgp_attr_default_gw(attr);
1927
1928 /* Handle scenario where router flag ecommunity is not
1929 * set but default gw ext community is present.
1930 * Use default gateway, set and propogate R-bit.
1931 */
1932 if (attr->default_gw)
1933 attr->router_flag = 1;
1934
1935 /* Check EVPN Neighbor advertisement flags, R-bit */
1936 bgp_attr_evpn_na_flag(attr, &attr->router_flag);
1937
1938 /* Extract the Rmac, if any */
1939 bgp_attr_rmac(attr, &attr->rmac);
1940
1941 return BGP_ATTR_PARSE_PROCEED;
1942 }
1943
1944 /* Parse Tunnel Encap attribute in an UPDATE */
1945 static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
1946 bgp_size_t length, /* IN: attr's length field */
1947 struct attr *attr, /* IN: caller already allocated */
1948 uint8_t flag, /* IN: attr's flags field */
1949 uint8_t *startp)
1950 {
1951 bgp_size_t total;
1952 uint16_t tunneltype = 0;
1953
1954 total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
1955
1956 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
1957 || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
1958 zlog_info(
1959 "Tunnel Encap attribute flag isn't optional and transitive %d",
1960 flag);
1961 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
1962 BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
1963 startp, total);
1964 return -1;
1965 }
1966
1967 if (BGP_ATTR_ENCAP == type) {
1968 /* read outer TLV type and length */
1969 uint16_t tlv_length;
1970
1971 if (length < 4) {
1972 zlog_info(
1973 "Tunnel Encap attribute not long enough to contain outer T,L");
1974 bgp_notify_send_with_data(
1975 peer, BGP_NOTIFY_UPDATE_ERR,
1976 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
1977 return -1;
1978 }
1979 tunneltype = stream_getw(BGP_INPUT(peer));
1980 tlv_length = stream_getw(BGP_INPUT(peer));
1981 length -= 4;
1982
1983 if (tlv_length != length) {
1984 zlog_info("%s: tlv_length(%d) != length(%d)", __func__,
1985 tlv_length, length);
1986 }
1987 }
1988
1989 while (length >= 4) {
1990 uint16_t subtype = 0;
1991 uint16_t sublength = 0;
1992 struct bgp_attr_encap_subtlv *tlv;
1993
1994 if (BGP_ATTR_ENCAP == type) {
1995 subtype = stream_getc(BGP_INPUT(peer));
1996 sublength = stream_getc(BGP_INPUT(peer));
1997 length -= 2;
1998 #if ENABLE_BGP_VNC
1999 } else {
2000 subtype = stream_getw(BGP_INPUT(peer));
2001 sublength = stream_getw(BGP_INPUT(peer));
2002 length -= 4;
2003 #endif
2004 }
2005
2006 if (sublength > length) {
2007 zlog_info(
2008 "Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
2009 sublength, length);
2010 bgp_notify_send_with_data(
2011 peer, BGP_NOTIFY_UPDATE_ERR,
2012 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
2013 return -1;
2014 }
2015
2016 /* alloc and copy sub-tlv */
2017 /* TBD make sure these are freed when attributes are released */
2018 tlv = XCALLOC(MTYPE_ENCAP_TLV,
2019 sizeof(struct bgp_attr_encap_subtlv) + sublength);
2020 tlv->type = subtype;
2021 tlv->length = sublength;
2022 stream_get(tlv->value, peer->curr, sublength);
2023 length -= sublength;
2024
2025 /* attach tlv to encap chain */
2026 if (BGP_ATTR_ENCAP == type) {
2027 struct bgp_attr_encap_subtlv *stlv_last;
2028 for (stlv_last = attr->encap_subtlvs;
2029 stlv_last && stlv_last->next;
2030 stlv_last = stlv_last->next)
2031 ;
2032 if (stlv_last) {
2033 stlv_last->next = tlv;
2034 } else {
2035 attr->encap_subtlvs = tlv;
2036 }
2037 #if ENABLE_BGP_VNC
2038 } else {
2039 struct bgp_attr_encap_subtlv *stlv_last;
2040 for (stlv_last = attr->vnc_subtlvs;
2041 stlv_last && stlv_last->next;
2042 stlv_last = stlv_last->next)
2043 ;
2044 if (stlv_last) {
2045 stlv_last->next = tlv;
2046 } else {
2047 attr->vnc_subtlvs = tlv;
2048 }
2049 #endif
2050 }
2051 }
2052
2053 if (BGP_ATTR_ENCAP == type) {
2054 attr->encap_tunneltype = tunneltype;
2055 }
2056
2057 if (length) {
2058 /* spurious leftover data */
2059 zlog_info(
2060 "Tunnel Encap attribute length is bad: %d leftover octets",
2061 length);
2062 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
2063 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2064 startp, total);
2065 return -1;
2066 }
2067
2068 return 0;
2069 }
2070
2071 /*
2072 * Read an individual SID value returning how much data we have read
2073 * Returns 0 if there was an error that needs to be passed up the stack
2074 */
2075 static bgp_attr_parse_ret_t bgp_attr_psid_sub(int32_t type,
2076 int32_t length,
2077 struct bgp_attr_parser_args *args,
2078 struct bgp_nlri *mp_update)
2079 {
2080 struct peer *const peer = args->peer;
2081 struct attr *const attr = args->attr;
2082 uint32_t label_index;
2083 struct in6_addr ipv6_sid;
2084 uint32_t srgb_base;
2085 uint32_t srgb_range;
2086 int srgb_count;
2087
2088 if (type == BGP_PREFIX_SID_LABEL_INDEX) {
2089 if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
2090 flog_err(
2091 BGP_ERR_ATTR_LEN,
2092 "Prefix SID label index length is %d instead of %d",
2093 length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
2094 return bgp_attr_malformed(args,
2095 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2096 args->total);
2097 }
2098
2099 /* Ignore flags and reserved */
2100 stream_getc(peer->curr);
2101 stream_getw(peer->curr);
2102
2103 /* Fetch the label index and see if it is valid. */
2104 label_index = stream_getl(peer->curr);
2105 if (label_index == BGP_INVALID_LABEL_INDEX)
2106 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2107 args->total);
2108
2109 /* Store label index; subsequently, we'll check on
2110 * address-family */
2111 attr->label_index = label_index;
2112
2113 /*
2114 * Ignore the Label index attribute unless received for
2115 * labeled-unicast
2116 * SAFI.
2117 */
2118 if (!mp_update->length
2119 || mp_update->safi != SAFI_LABELED_UNICAST)
2120 attr->label_index = BGP_INVALID_LABEL_INDEX;
2121 }
2122
2123 /* Placeholder code for the IPv6 SID type */
2124 else if (type == BGP_PREFIX_SID_IPV6) {
2125 if (length != BGP_PREFIX_SID_IPV6_LENGTH) {
2126 flog_err(BGP_ERR_ATTR_LEN,
2127 "Prefix SID IPv6 length is %d instead of %d",
2128 length, BGP_PREFIX_SID_IPV6_LENGTH);
2129 return bgp_attr_malformed(args,
2130 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2131 args->total);
2132 }
2133
2134 /* Ignore reserved */
2135 stream_getc(peer->curr);
2136 stream_getw(peer->curr);
2137
2138 stream_get(&ipv6_sid, peer->curr, 16);
2139 }
2140
2141 /* Placeholder code for the Originator SRGB type */
2142 else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
2143 /* Ignore flags */
2144 stream_getw(peer->curr);
2145
2146 length -= 2;
2147
2148 if (length % BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH) {
2149 flog_err(
2150 BGP_ERR_ATTR_LEN,
2151 "Prefix SID Originator SRGB length is %d, it must be a multiple of %d ",
2152 length, BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH);
2153 return bgp_attr_malformed(
2154 args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2155 args->total);
2156 }
2157
2158 srgb_count = length / BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH;
2159
2160 for (int i = 0; i < srgb_count; i++) {
2161 stream_get(&srgb_base, peer->curr, 3);
2162 stream_get(&srgb_range, peer->curr, 3);
2163 }
2164 }
2165
2166 return BGP_ATTR_PARSE_PROCEED;
2167 }
2168
2169 /* Prefix SID attribute
2170 * draft-ietf-idr-bgp-prefix-sid-05
2171 */
2172 bgp_attr_parse_ret_t
2173 bgp_attr_prefix_sid(int32_t tlength, struct bgp_attr_parser_args *args,
2174 struct bgp_nlri *mp_update)
2175 {
2176 struct peer *const peer = args->peer;
2177 struct attr *const attr = args->attr;
2178 bgp_attr_parse_ret_t ret;
2179
2180 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID);
2181
2182 while (tlength) {
2183 int32_t type, length;
2184
2185 type = stream_getc(peer->curr);
2186 length = stream_getw(peer->curr);
2187
2188 ret = bgp_attr_psid_sub(type, length, args, mp_update);
2189
2190 if (ret != BGP_ATTR_PARSE_PROCEED)
2191 return ret;
2192 /*
2193 * Subtract length + the T and the L
2194 * since length is the Vector portion
2195 */
2196 tlength -= length + 3;
2197
2198 if (tlength < 0) {
2199 flog_err(
2200 BGP_ERR_ATTR_LEN,
2201 "Prefix SID internal length %d causes us to read beyond the total Prefix SID length",
2202 length);
2203 return bgp_attr_malformed(args,
2204 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2205 args->total);
2206 }
2207 }
2208
2209 return BGP_ATTR_PARSE_PROCEED;
2210 }
2211
2212 /* PMSI tunnel attribute (RFC 6514)
2213 * Basic validation checks done here.
2214 */
2215 static bgp_attr_parse_ret_t
2216 bgp_attr_pmsi_tunnel(struct bgp_attr_parser_args *args)
2217 {
2218 struct peer *const peer = args->peer;
2219 struct attr *const attr = args->attr;
2220 const bgp_size_t length = args->length;
2221 uint8_t tnl_type;
2222
2223 /* Verify that the receiver is expecting "ingress replication" as we
2224 * can only support that.
2225 */
2226 if (length < 2) {
2227 flog_err(BGP_ERR_ATTR_LEN,
2228 "Bad PMSI tunnel attribute length %d", length);
2229 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2230 args->total);
2231 }
2232 stream_getc(peer->curr); /* Flags */
2233 tnl_type = stream_getc(peer->curr);
2234 if (tnl_type > PMSI_TNLTYPE_MAX) {
2235 flog_err(BGP_ERR_ATTR_PMSI_TYPE,
2236 "Invalid PMSI tunnel attribute type %d", tnl_type);
2237 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2238 args->total);
2239 }
2240 if (tnl_type == PMSI_TNLTYPE_INGR_REPL) {
2241 if (length != 9) {
2242 flog_err(BGP_ERR_ATTR_PMSI_LEN,
2243 "Bad PMSI tunnel attribute length %d for IR",
2244 length);
2245 return bgp_attr_malformed(
2246 args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2247 args->total);
2248 }
2249 }
2250
2251 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_PMSI_TUNNEL);
2252 attr->pmsi_tnl_type = tnl_type;
2253
2254 /* Forward read pointer of input stream. */
2255 stream_forward_getp(peer->curr, length - 2);
2256
2257 return BGP_ATTR_PARSE_PROCEED;
2258 }
2259
2260 /* BGP unknown attribute treatment. */
2261 static bgp_attr_parse_ret_t bgp_attr_unknown(struct bgp_attr_parser_args *args)
2262 {
2263 bgp_size_t total = args->total;
2264 struct transit *transit;
2265 struct peer *const peer = args->peer;
2266 struct attr *const attr = args->attr;
2267 uint8_t *const startp = args->startp;
2268 const uint8_t type = args->type;
2269 const uint8_t flag = args->flags;
2270 const bgp_size_t length = args->length;
2271
2272 if (bgp_debug_update(peer, NULL, NULL, 1))
2273 zlog_debug(
2274 "%s Unknown attribute is received (type %d, length %d)",
2275 peer->host, type, length);
2276
2277 /* Forward read pointer of input stream. */
2278 stream_forward_getp(peer->curr, length);
2279
2280 /* If any of the mandatory well-known attributes are not recognized,
2281 then the Error Subcode is set to Unrecognized Well-known
2282 Attribute. The Data field contains the unrecognized attribute
2283 (type, length and value). */
2284 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
2285 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_UNREC_ATTR,
2286 args->total);
2287 }
2288
2289 /* Unrecognized non-transitive optional attributes must be quietly
2290 ignored and not passed along to other BGP peers. */
2291 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS))
2292 return BGP_ATTR_PARSE_PROCEED;
2293
2294 /* If a path with recognized transitive optional attribute is
2295 accepted and passed along to other BGP peers and the Partial bit
2296 in the Attribute Flags octet is set to 1 by some previous AS, it
2297 is not set back to 0 by the current AS. */
2298 SET_FLAG(*startp, BGP_ATTR_FLAG_PARTIAL);
2299
2300 /* Store transitive attribute to the end of attr->transit. */
2301 if (!attr->transit)
2302 attr->transit = XCALLOC(MTYPE_TRANSIT, sizeof(struct transit));
2303
2304 transit = attr->transit;
2305
2306 if (transit->val)
2307 transit->val = XREALLOC(MTYPE_TRANSIT_VAL, transit->val,
2308 transit->length + total);
2309 else
2310 transit->val = XMALLOC(MTYPE_TRANSIT_VAL, total);
2311
2312 memcpy(transit->val + transit->length, startp, total);
2313 transit->length += total;
2314
2315 return BGP_ATTR_PARSE_PROCEED;
2316 }
2317
2318 /* Well-known attribute check. */
2319 static int bgp_attr_check(struct peer *peer, struct attr *attr)
2320 {
2321 uint8_t type = 0;
2322
2323 /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
2324 * empty UPDATE. */
2325 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
2326 return BGP_ATTR_PARSE_PROCEED;
2327
2328 /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
2329 to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
2330 are present, it should. Check for any other attribute being present
2331 instead.
2332 */
2333 if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
2334 CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))))
2335 return BGP_ATTR_PARSE_PROCEED;
2336
2337 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
2338 type = BGP_ATTR_ORIGIN;
2339
2340 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH)))
2341 type = BGP_ATTR_AS_PATH;
2342
2343 /* RFC 2858 makes Next-Hop optional/ignored, if MP_REACH_NLRI is present
2344 * and
2345 * NLRI is empty. We can't easily check NLRI empty here though.
2346 */
2347 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP))
2348 && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)))
2349 type = BGP_ATTR_NEXT_HOP;
2350
2351 if (peer->sort == BGP_PEER_IBGP
2352 && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
2353 type = BGP_ATTR_LOCAL_PREF;
2354
2355 if (type) {
2356 zlog_warn("%s Missing well-known attribute %s.", peer->host,
2357 lookup_msg(attr_str, type, NULL));
2358 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
2359 BGP_NOTIFY_UPDATE_MISS_ATTR, &type,
2360 1);
2361 return BGP_ATTR_PARSE_ERROR;
2362 }
2363 return BGP_ATTR_PARSE_PROCEED;
2364 }
2365
2366 /* Read attribute of update packet. This function is called from
2367 bgp_update_receive() in bgp_packet.c. */
2368 bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
2369 bgp_size_t size, struct bgp_nlri *mp_update,
2370 struct bgp_nlri *mp_withdraw)
2371 {
2372 int ret;
2373 uint8_t flag = 0;
2374 uint8_t type = 0;
2375 bgp_size_t length;
2376 uint8_t *startp, *endp;
2377 uint8_t *attr_endp;
2378 uint8_t seen[BGP_ATTR_BITMAP_SIZE];
2379 /* we need the as4_path only until we have synthesized the as_path with
2380 * it */
2381 /* same goes for as4_aggregator */
2382 struct aspath *as4_path = NULL;
2383 as_t as4_aggregator = 0;
2384 struct in_addr as4_aggregator_addr = {.s_addr = 0};
2385
2386 /* Initialize bitmap. */
2387 memset(seen, 0, BGP_ATTR_BITMAP_SIZE);
2388
2389 /* End pointer of BGP attribute. */
2390 endp = BGP_INPUT_PNT(peer) + size;
2391
2392 /* Get attributes to the end of attribute length. */
2393 while (BGP_INPUT_PNT(peer) < endp) {
2394 /* Check remaining length check.*/
2395 if (endp - BGP_INPUT_PNT(peer) < BGP_ATTR_MIN_LEN) {
2396 /* XXX warning: long int format, int arg (arg 5) */
2397 zlog_warn(
2398 "%s: error BGP attribute length %lu is smaller than min len",
2399 peer->host,
2400 (unsigned long)(endp
2401 - stream_pnt(BGP_INPUT(peer))));
2402
2403 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2404 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2405 return BGP_ATTR_PARSE_ERROR;
2406 }
2407
2408 /* Fetch attribute flag and type. */
2409 startp = BGP_INPUT_PNT(peer);
2410 /* "The lower-order four bits of the Attribute Flags octet are
2411 unused. They MUST be zero when sent and MUST be ignored when
2412 received." */
2413 flag = 0xF0 & stream_getc(BGP_INPUT(peer));
2414 type = stream_getc(BGP_INPUT(peer));
2415
2416 /* Check whether Extended-Length applies and is in bounds */
2417 if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN)
2418 && ((endp - startp) < (BGP_ATTR_MIN_LEN + 1))) {
2419 zlog_warn(
2420 "%s: Extended length set, but just %lu bytes of attr header",
2421 peer->host,
2422 (unsigned long)(endp
2423 - stream_pnt(BGP_INPUT(peer))));
2424
2425 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2426 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2427 return BGP_ATTR_PARSE_ERROR;
2428 }
2429
2430 /* Check extended attribue length bit. */
2431 if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN))
2432 length = stream_getw(BGP_INPUT(peer));
2433 else
2434 length = stream_getc(BGP_INPUT(peer));
2435
2436 /* If any attribute appears more than once in the UPDATE
2437 message, then the Error Subcode is set to Malformed Attribute
2438 List. */
2439
2440 if (CHECK_BITMAP(seen, type)) {
2441 zlog_warn(
2442 "%s: error BGP attribute type %d appears twice in a message",
2443 peer->host, type);
2444
2445 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2446 BGP_NOTIFY_UPDATE_MAL_ATTR);
2447 return BGP_ATTR_PARSE_ERROR;
2448 }
2449
2450 /* Set type to bitmap to check duplicate attribute. `type' is
2451 unsigned char so it never overflow bitmap range. */
2452
2453 SET_BITMAP(seen, type);
2454
2455 /* Overflow check. */
2456 attr_endp = BGP_INPUT_PNT(peer) + length;
2457
2458 if (attr_endp > endp) {
2459 zlog_warn(
2460 "%s: BGP type %d length %d is too large, attribute total length is %d. attr_endp is %p. endp is %p",
2461 peer->host, type, length, size, attr_endp,
2462 endp);
2463 /*
2464 * RFC 4271 6.3
2465 * If any recognized attribute has an Attribute
2466 * Length that conflicts with the expected length
2467 * (based on the attribute type code), then the
2468 * Error Subcode MUST be set to Attribute Length
2469 * Error. The Data field MUST contain the erroneous
2470 * attribute (type, length, and value).
2471 * ----------
2472 * We do not currently have a good way to determine the
2473 * length of the attribute independent of the length
2474 * received in the message. Instead we send the
2475 * minimum between the amount of data we have and the
2476 * amount specified by the attribute length field.
2477 *
2478 * Instead of directly passing in the packet buffer and
2479 * offset we use the stream_get* functions to read into
2480 * a stack buffer, since they perform bounds checking
2481 * and we are working with untrusted data.
2482 */
2483 unsigned char ndata[BGP_MAX_PACKET_SIZE];
2484 memset(ndata, 0x00, sizeof(ndata));
2485 size_t lfl =
2486 CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 2 : 1;
2487 /* Rewind to end of flag field */
2488 stream_forward_getp(BGP_INPUT(peer), -(1 + lfl));
2489 /* Type */
2490 stream_get(&ndata[0], BGP_INPUT(peer), 1);
2491 /* Length */
2492 stream_get(&ndata[1], BGP_INPUT(peer), lfl);
2493 /* Value */
2494 size_t atl = attr_endp - startp;
2495 size_t ndl = MIN(atl, STREAM_READABLE(BGP_INPUT(peer)));
2496 stream_get(&ndata[lfl + 1], BGP_INPUT(peer), ndl);
2497
2498 bgp_notify_send_with_data(
2499 peer, BGP_NOTIFY_UPDATE_ERR,
2500 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, ndata,
2501 ndl + lfl + 1);
2502
2503 return BGP_ATTR_PARSE_ERROR;
2504 }
2505
2506 struct bgp_attr_parser_args attr_args = {
2507 .peer = peer,
2508 .length = length,
2509 .attr = attr,
2510 .type = type,
2511 .flags = flag,
2512 .startp = startp,
2513 .total = attr_endp - startp,
2514 };
2515
2516
2517 /* If any recognized attribute has Attribute Flags that conflict
2518 with the Attribute Type Code, then the Error Subcode is set
2519 to
2520 Attribute Flags Error. The Data field contains the erroneous
2521 attribute (type, length and value). */
2522 if (bgp_attr_flag_invalid(&attr_args)) {
2523 bgp_attr_parse_ret_t ret;
2524 ret = bgp_attr_malformed(
2525 &attr_args, BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
2526 attr_args.total);
2527 if (ret == BGP_ATTR_PARSE_PROCEED)
2528 continue;
2529 return ret;
2530 }
2531
2532 /* OK check attribute and store it's value. */
2533 switch (type) {
2534 case BGP_ATTR_ORIGIN:
2535 ret = bgp_attr_origin(&attr_args);
2536 break;
2537 case BGP_ATTR_AS_PATH:
2538 ret = bgp_attr_aspath(&attr_args);
2539 break;
2540 case BGP_ATTR_AS4_PATH:
2541 ret = bgp_attr_as4_path(&attr_args, &as4_path);
2542 break;
2543 case BGP_ATTR_NEXT_HOP:
2544 ret = bgp_attr_nexthop(&attr_args);
2545 break;
2546 case BGP_ATTR_MULTI_EXIT_DISC:
2547 ret = bgp_attr_med(&attr_args);
2548 break;
2549 case BGP_ATTR_LOCAL_PREF:
2550 ret = bgp_attr_local_pref(&attr_args);
2551 break;
2552 case BGP_ATTR_ATOMIC_AGGREGATE:
2553 ret = bgp_attr_atomic(&attr_args);
2554 break;
2555 case BGP_ATTR_AGGREGATOR:
2556 ret = bgp_attr_aggregator(&attr_args);
2557 break;
2558 case BGP_ATTR_AS4_AGGREGATOR:
2559 ret = bgp_attr_as4_aggregator(&attr_args,
2560 &as4_aggregator,
2561 &as4_aggregator_addr);
2562 break;
2563 case BGP_ATTR_COMMUNITIES:
2564 ret = bgp_attr_community(&attr_args);
2565 break;
2566 case BGP_ATTR_LARGE_COMMUNITIES:
2567 ret = bgp_attr_large_community(&attr_args);
2568 break;
2569 case BGP_ATTR_ORIGINATOR_ID:
2570 ret = bgp_attr_originator_id(&attr_args);
2571 break;
2572 case BGP_ATTR_CLUSTER_LIST:
2573 ret = bgp_attr_cluster_list(&attr_args);
2574 break;
2575 case BGP_ATTR_MP_REACH_NLRI:
2576 ret = bgp_mp_reach_parse(&attr_args, mp_update);
2577 break;
2578 case BGP_ATTR_MP_UNREACH_NLRI:
2579 ret = bgp_mp_unreach_parse(&attr_args, mp_withdraw);
2580 break;
2581 case BGP_ATTR_EXT_COMMUNITIES:
2582 ret = bgp_attr_ext_communities(&attr_args);
2583 break;
2584 #if ENABLE_BGP_VNC
2585 case BGP_ATTR_VNC:
2586 #endif
2587 case BGP_ATTR_ENCAP:
2588 ret = bgp_attr_encap(type, peer, length, attr, flag,
2589 startp);
2590 break;
2591 case BGP_ATTR_PREFIX_SID:
2592 ret = bgp_attr_prefix_sid(length,
2593 &attr_args, mp_update);
2594 break;
2595 case BGP_ATTR_PMSI_TUNNEL:
2596 ret = bgp_attr_pmsi_tunnel(&attr_args);
2597 break;
2598 default:
2599 ret = bgp_attr_unknown(&attr_args);
2600 break;
2601 }
2602
2603 if (ret == BGP_ATTR_PARSE_ERROR_NOTIFYPLS) {
2604 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2605 BGP_NOTIFY_UPDATE_MAL_ATTR);
2606 ret = BGP_ATTR_PARSE_ERROR;
2607 }
2608
2609 if (ret == BGP_ATTR_PARSE_EOR) {
2610 if (as4_path)
2611 aspath_unintern(&as4_path);
2612 return ret;
2613 }
2614
2615 /* If hard error occured immediately return to the caller. */
2616 if (ret == BGP_ATTR_PARSE_ERROR) {
2617 zlog_warn("%s: Attribute %s, parse error", peer->host,
2618 lookup_msg(attr_str, type, NULL));
2619 if (as4_path)
2620 aspath_unintern(&as4_path);
2621 return ret;
2622 }
2623 if (ret == BGP_ATTR_PARSE_WITHDRAW) {
2624
2625 zlog_warn(
2626 "%s: Attribute %s, parse error - treating as withdrawal",
2627 peer->host, lookup_msg(attr_str, type, NULL));
2628 if (as4_path)
2629 aspath_unintern(&as4_path);
2630 return ret;
2631 }
2632
2633 /* Check the fetched length. */
2634 if (BGP_INPUT_PNT(peer) != attr_endp) {
2635 zlog_warn("%s: BGP attribute %s, fetch error",
2636 peer->host, lookup_msg(attr_str, type, NULL));
2637 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2638 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2639 if (as4_path)
2640 aspath_unintern(&as4_path);
2641 return BGP_ATTR_PARSE_ERROR;
2642 }
2643 }
2644
2645 /* Check final read pointer is same as end pointer. */
2646 if (BGP_INPUT_PNT(peer) != endp) {
2647 zlog_warn("%s: BGP attribute %s, length mismatch", peer->host,
2648 lookup_msg(attr_str, type, NULL));
2649 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2650 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2651 if (as4_path)
2652 aspath_unintern(&as4_path);
2653 return BGP_ATTR_PARSE_ERROR;
2654 }
2655
2656 /* Check all mandatory well-known attributes are present */
2657 {
2658 bgp_attr_parse_ret_t ret;
2659 if ((ret = bgp_attr_check(peer, attr)) < 0) {
2660 if (as4_path)
2661 aspath_unintern(&as4_path);
2662 return ret;
2663 }
2664 }
2665
2666 /*
2667 * At this place we can see whether we got AS4_PATH and/or
2668 * AS4_AGGREGATOR from a 16Bit peer and act accordingly.
2669 * We can not do this before we've read all attributes because
2670 * the as4 handling does not say whether AS4_PATH has to be sent
2671 * after AS_PATH or not - and when AS4_AGGREGATOR will be send
2672 * in relationship to AGGREGATOR.
2673 * So, to be defensive, we are not relying on any order and read
2674 * all attributes first, including these 32bit ones, and now,
2675 * afterwards, we look what and if something is to be done for as4.
2676 *
2677 * It is possible to not have AS_PATH, e.g. GR EoR and sole
2678 * MP_UNREACH_NLRI.
2679 */
2680 /* actually... this doesn't ever return failure currently, but
2681 * better safe than sorry */
2682 if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH))
2683 && bgp_attr_munge_as4_attrs(peer, attr, as4_path, as4_aggregator,
2684 &as4_aggregator_addr)) {
2685 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2686 BGP_NOTIFY_UPDATE_MAL_ATTR);
2687 if (as4_path)
2688 aspath_unintern(&as4_path);
2689 return BGP_ATTR_PARSE_ERROR;
2690 }
2691
2692 /* At this stage, we have done all fiddling with as4, and the
2693 * resulting info is in attr->aggregator resp. attr->aspath
2694 * so we can chuck as4_aggregator and as4_path alltogether in
2695 * order to save memory
2696 */
2697 if (as4_path) {
2698 aspath_unintern(&as4_path); /* unintern - it is in the hash */
2699 /* The flag that we got this is still there, but that does not
2700 * do any trouble
2701 */
2702 }
2703 /*
2704 * The "rest" of the code does nothing with as4_aggregator.
2705 * there is no memory attached specifically which is not part
2706 * of the attr.
2707 * so ignoring just means do nothing.
2708 */
2709 /*
2710 * Finally do the checks on the aspath we did not do yet
2711 * because we waited for a potentially synthesized aspath.
2712 */
2713 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS_PATH))) {
2714 ret = bgp_attr_aspath_check(peer, attr);
2715 if (ret != BGP_ATTR_PARSE_PROCEED)
2716 return ret;
2717 }
2718 /* Finally intern unknown attribute. */
2719 if (attr->transit)
2720 attr->transit = transit_intern(attr->transit);
2721 if (attr->encap_subtlvs)
2722 attr->encap_subtlvs =
2723 encap_intern(attr->encap_subtlvs, ENCAP_SUBTLV_TYPE);
2724 #if ENABLE_BGP_VNC
2725 if (attr->vnc_subtlvs)
2726 attr->vnc_subtlvs =
2727 encap_intern(attr->vnc_subtlvs, VNC_SUBTLV_TYPE);
2728 #endif
2729
2730 return BGP_ATTR_PARSE_PROCEED;
2731 }
2732
2733 size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
2734 safi_t safi, struct bpacket_attr_vec_arr *vecarr,
2735 struct attr *attr)
2736 {
2737 size_t sizep;
2738 iana_afi_t pkt_afi;
2739 iana_safi_t pkt_safi;
2740 afi_t nh_afi;
2741
2742 /* Set extended bit always to encode the attribute length as 2 bytes */
2743 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN);
2744 stream_putc(s, BGP_ATTR_MP_REACH_NLRI);
2745 sizep = stream_get_endp(s);
2746 stream_putw(s, 0); /* Marker: Attribute length. */
2747
2748
2749 /* Convert AFI, SAFI to values for packet. */
2750 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
2751
2752 stream_putw(s, pkt_afi); /* AFI */
2753 stream_putc(s, pkt_safi); /* SAFI */
2754
2755 /* Nexthop AFI */
2756 if (afi == AFI_IP
2757 && (safi == SAFI_UNICAST || safi == SAFI_LABELED_UNICAST))
2758 nh_afi = peer_cap_enhe(peer, afi, safi) ? AFI_IP6 : AFI_IP;
2759 else
2760 nh_afi = BGP_NEXTHOP_AFI_FROM_NHLEN(attr->mp_nexthop_len);
2761
2762 /* Nexthop */
2763 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s, attr);
2764 switch (nh_afi) {
2765 case AFI_IP:
2766 switch (safi) {
2767 case SAFI_UNICAST:
2768 case SAFI_MULTICAST:
2769 case SAFI_LABELED_UNICAST:
2770 stream_putc(s, 4);
2771 stream_put_ipv4(s, attr->nexthop.s_addr);
2772 break;
2773 case SAFI_MPLS_VPN:
2774 stream_putc(s, 12);
2775 stream_putl(s, 0); /* RD = 0, per RFC */
2776 stream_putl(s, 0);
2777 stream_put(s, &attr->mp_nexthop_global_in, 4);
2778 break;
2779 case SAFI_ENCAP:
2780 case SAFI_EVPN:
2781 stream_putc(s, 4);
2782 stream_put(s, &attr->mp_nexthop_global_in, 4);
2783 break;
2784 case SAFI_FLOWSPEC:
2785 stream_putc(s, 0); /* no nexthop for flowspec */
2786 default:
2787 break;
2788 }
2789 break;
2790 case AFI_IP6:
2791 switch (safi) {
2792 case SAFI_UNICAST:
2793 case SAFI_MULTICAST:
2794 case SAFI_LABELED_UNICAST:
2795 case SAFI_EVPN: {
2796 if (attr->mp_nexthop_len
2797 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
2798 stream_putc(s,
2799 BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL);
2800 stream_put(s, &attr->mp_nexthop_global,
2801 IPV6_MAX_BYTELEN);
2802 stream_put(s, &attr->mp_nexthop_local,
2803 IPV6_MAX_BYTELEN);
2804 } else {
2805 stream_putc(s, IPV6_MAX_BYTELEN);
2806 stream_put(s, &attr->mp_nexthop_global,
2807 IPV6_MAX_BYTELEN);
2808 }
2809 } break;
2810 case SAFI_MPLS_VPN: {
2811 if (attr->mp_nexthop_len
2812 == BGP_ATTR_NHLEN_IPV6_GLOBAL) {
2813 stream_putc(s, 24);
2814 stream_putl(s, 0); /* RD = 0, per RFC */
2815 stream_putl(s, 0);
2816 stream_put(s, &attr->mp_nexthop_global,
2817 IPV6_MAX_BYTELEN);
2818 } else if (attr->mp_nexthop_len
2819 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
2820 stream_putc(s, 48);
2821 stream_putl(s, 0); /* RD = 0, per RFC */
2822 stream_putl(s, 0);
2823 stream_put(s, &attr->mp_nexthop_global,
2824 IPV6_MAX_BYTELEN);
2825 stream_putl(s, 0); /* RD = 0, per RFC */
2826 stream_putl(s, 0);
2827 stream_put(s, &attr->mp_nexthop_local,
2828 IPV6_MAX_BYTELEN);
2829 }
2830 } break;
2831 case SAFI_ENCAP:
2832 stream_putc(s, IPV6_MAX_BYTELEN);
2833 stream_put(s, &attr->mp_nexthop_global,
2834 IPV6_MAX_BYTELEN);
2835 break;
2836 case SAFI_FLOWSPEC:
2837 stream_putc(s, 0); /* no nexthop for flowspec */
2838 default:
2839 break;
2840 }
2841 break;
2842 default:
2843 if (safi != SAFI_FLOWSPEC)
2844 flog_err(
2845 BGP_ERR_ATTR_NH_SEND_LEN,
2846 "Bad nexthop when sending to %s, AFI %u SAFI %u nhlen %d",
2847 peer->host, afi, safi, attr->mp_nexthop_len);
2848 break;
2849 }
2850
2851 /* SNPA */
2852 stream_putc(s, 0);
2853 return sizep;
2854 }
2855
2856 void bgp_packet_mpattr_prefix(struct stream *s, afi_t afi, safi_t safi,
2857 struct prefix *p, struct prefix_rd *prd,
2858 mpls_label_t *label, uint32_t num_labels,
2859 int addpath_encode, uint32_t addpath_tx_id,
2860 struct attr *attr)
2861 {
2862 if (safi == SAFI_MPLS_VPN) {
2863 if (addpath_encode)
2864 stream_putl(s, addpath_tx_id);
2865 /* Label, RD, Prefix write. */
2866 stream_putc(s, p->prefixlen + 88);
2867 stream_put(s, label, BGP_LABEL_BYTES);
2868 stream_put(s, prd->val, 8);
2869 stream_put(s, &p->u.prefix, PSIZE(p->prefixlen));
2870 } else if (afi == AFI_L2VPN && safi == SAFI_EVPN) {
2871 /* EVPN prefix - contents depend on type */
2872 bgp_evpn_encode_prefix(s, p, prd, label, num_labels, attr,
2873 addpath_encode, addpath_tx_id);
2874 } else if (safi == SAFI_LABELED_UNICAST) {
2875 /* Prefix write with label. */
2876 stream_put_labeled_prefix(s, p, label);
2877 } else if (safi == SAFI_FLOWSPEC) {
2878 if (PSIZE (p->prefixlen)+2 < FLOWSPEC_NLRI_SIZELIMIT)
2879 stream_putc(s, PSIZE (p->prefixlen)+2);
2880 else
2881 stream_putw(s, (PSIZE (p->prefixlen)+2)|(0xf<<12));
2882 stream_putc(s, 2);/* Filter type */
2883 stream_putc(s, p->prefixlen);/* Prefix length */
2884 stream_put(s, &p->u.prefix, PSIZE (p->prefixlen));
2885 } else
2886 stream_put_prefix_addpath(s, p, addpath_encode, addpath_tx_id);
2887 }
2888
2889 size_t bgp_packet_mpattr_prefix_size(afi_t afi, safi_t safi, struct prefix *p)
2890 {
2891 int size = PSIZE(p->prefixlen);
2892 if (safi == SAFI_MPLS_VPN)
2893 size += 88;
2894 else if (afi == AFI_L2VPN && safi == SAFI_EVPN)
2895 size += 232; // TODO: Maximum possible for type-2, type-3 and
2896 // type-5
2897 return size;
2898 }
2899
2900 /*
2901 * Encodes the tunnel encapsulation attribute,
2902 * and with ENABLE_BGP_VNC the VNC attribute which uses
2903 * almost the same TLV format
2904 */
2905 static void bgp_packet_mpattr_tea(struct bgp *bgp, struct peer *peer,
2906 struct stream *s, struct attr *attr,
2907 uint8_t attrtype)
2908 {
2909 unsigned int attrlenfield = 0;
2910 unsigned int attrhdrlen = 0;
2911 struct bgp_attr_encap_subtlv *subtlvs;
2912 struct bgp_attr_encap_subtlv *st;
2913 const char *attrname;
2914
2915 if (!attr || (attrtype == BGP_ATTR_ENCAP
2916 && (!attr->encap_tunneltype
2917 || attr->encap_tunneltype == BGP_ENCAP_TYPE_MPLS)))
2918 return;
2919
2920 switch (attrtype) {
2921 case BGP_ATTR_ENCAP:
2922 attrname = "Tunnel Encap";
2923 subtlvs = attr->encap_subtlvs;
2924 if (subtlvs == NULL) /* nothing to do */
2925 return;
2926 /*
2927 * The tunnel encap attr has an "outer" tlv.
2928 * T = tunneltype,
2929 * L = total length of subtlvs,
2930 * V = concatenated subtlvs.
2931 */
2932 attrlenfield = 2 + 2; /* T + L */
2933 attrhdrlen = 1 + 1; /* subTLV T + L */
2934 break;
2935
2936 #if ENABLE_BGP_VNC
2937 case BGP_ATTR_VNC:
2938 attrname = "VNC";
2939 subtlvs = attr->vnc_subtlvs;
2940 if (subtlvs == NULL) /* nothing to do */
2941 return;
2942 attrlenfield = 0; /* no outer T + L */
2943 attrhdrlen = 2 + 2; /* subTLV T + L */
2944 break;
2945 #endif
2946
2947 default:
2948 assert(0);
2949 }
2950
2951 /* compute attr length */
2952 for (st = subtlvs; st; st = st->next) {
2953 attrlenfield += (attrhdrlen + st->length);
2954 }
2955
2956 if (attrlenfield > 0xffff) {
2957 zlog_info("%s attribute is too long (length=%d), can't send it",
2958 attrname, attrlenfield);
2959 return;
2960 }
2961
2962 if (attrlenfield > 0xff) {
2963 /* 2-octet length field */
2964 stream_putc(s,
2965 BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL
2966 | BGP_ATTR_FLAG_EXTLEN);
2967 stream_putc(s, attrtype);
2968 stream_putw(s, attrlenfield & 0xffff);
2969 } else {
2970 /* 1-octet length field */
2971 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL);
2972 stream_putc(s, attrtype);
2973 stream_putc(s, attrlenfield & 0xff);
2974 }
2975
2976 if (attrtype == BGP_ATTR_ENCAP) {
2977 /* write outer T+L */
2978 stream_putw(s, attr->encap_tunneltype);
2979 stream_putw(s, attrlenfield - 4);
2980 }
2981
2982 /* write each sub-tlv */
2983 for (st = subtlvs; st; st = st->next) {
2984 if (attrtype == BGP_ATTR_ENCAP) {
2985 stream_putc(s, st->type);
2986 stream_putc(s, st->length);
2987 #if ENABLE_BGP_VNC
2988 } else {
2989 stream_putw(s, st->type);
2990 stream_putw(s, st->length);
2991 #endif
2992 }
2993 stream_put(s, st->value, st->length);
2994 }
2995 }
2996
2997 void bgp_packet_mpattr_end(struct stream *s, size_t sizep)
2998 {
2999 /* Set MP attribute length. Don't count the (2) bytes used to encode
3000 the attr length */
3001 stream_putw_at(s, sizep, (stream_get_endp(s) - sizep) - 2);
3002 }
3003
3004 /* Make attribute packet. */
3005 bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer,
3006 struct stream *s, struct attr *attr,
3007 struct bpacket_attr_vec_arr *vecarr,
3008 struct prefix *p, afi_t afi, safi_t safi,
3009 struct peer *from, struct prefix_rd *prd,
3010 mpls_label_t *label, uint32_t num_labels,
3011 int addpath_encode, uint32_t addpath_tx_id)
3012 {
3013 size_t cp;
3014 size_t aspath_sizep;
3015 struct aspath *aspath;
3016 int send_as4_path = 0;
3017 int send_as4_aggregator = 0;
3018 int use32bit = (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)) ? 1 : 0;
3019
3020 if (!bgp)
3021 bgp = peer->bgp;
3022
3023 /* Remember current pointer. */
3024 cp = stream_get_endp(s);
3025
3026 if (p
3027 && !((afi == AFI_IP && safi == SAFI_UNICAST)
3028 && !peer_cap_enhe(peer, afi, safi))) {
3029 size_t mpattrlen_pos = 0;
3030
3031 mpattrlen_pos = bgp_packet_mpattr_start(s, peer, afi, safi,
3032 vecarr, attr);
3033 bgp_packet_mpattr_prefix(s, afi, safi, p, prd, label,
3034 num_labels, addpath_encode,
3035 addpath_tx_id, attr);
3036 bgp_packet_mpattr_end(s, mpattrlen_pos);
3037 }
3038
3039 /* Origin attribute. */
3040 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3041 stream_putc(s, BGP_ATTR_ORIGIN);
3042 stream_putc(s, 1);
3043 stream_putc(s, attr->origin);
3044
3045 /* AS path attribute. */
3046
3047 /* If remote-peer is EBGP */
3048 if (peer->sort == BGP_PEER_EBGP
3049 && (!CHECK_FLAG(peer->af_flags[afi][safi],
3050 PEER_FLAG_AS_PATH_UNCHANGED)
3051 || attr->aspath->segments == NULL)
3052 && (!CHECK_FLAG(peer->af_flags[afi][safi],
3053 PEER_FLAG_RSERVER_CLIENT))) {
3054 aspath = aspath_dup(attr->aspath);
3055
3056 /* Even though we may not be configured for confederations we
3057 * may have
3058 * RXed an AS_PATH with AS_CONFED_SEQUENCE or AS_CONFED_SET */
3059 aspath = aspath_delete_confed_seq(aspath);
3060
3061 if (CHECK_FLAG(bgp->config, BGP_CONFIG_CONFEDERATION)) {
3062 /* Stuff our path CONFED_ID on the front */
3063 aspath = aspath_add_seq(aspath, bgp->confed_id);
3064 } else {
3065 if (peer->change_local_as) {
3066 /* If replace-as is specified, we only use the
3067 change_local_as when
3068 advertising routes. */
3069 if (!CHECK_FLAG(
3070 peer->flags,
3071 PEER_FLAG_LOCAL_AS_REPLACE_AS)) {
3072 aspath = aspath_add_seq(aspath,
3073 peer->local_as);
3074 }
3075 aspath = aspath_add_seq(aspath,
3076 peer->change_local_as);
3077 } else {
3078 aspath = aspath_add_seq(aspath, peer->local_as);
3079 }
3080 }
3081 } else if (peer->sort == BGP_PEER_CONFED) {
3082 /* A confed member, so we need to do the AS_CONFED_SEQUENCE
3083 * thing */
3084 aspath = aspath_dup(attr->aspath);
3085 aspath = aspath_add_confed_seq(aspath, peer->local_as);
3086 } else
3087 aspath = attr->aspath;
3088
3089 /* If peer is not AS4 capable, then:
3090 * - send the created AS_PATH out as AS4_PATH (optional, transitive),
3091 * but ensure that no AS_CONFED_SEQUENCE and AS_CONFED_SET path
3092 * segment
3093 * types are in it (i.e. exclude them if they are there)
3094 * AND do this only if there is at least one asnum > 65535 in the
3095 * path!
3096 * - send an AS_PATH out, but put 16Bit ASnums in it, not 32bit, and
3097 * change
3098 * all ASnums > 65535 to BGP_AS_TRANS
3099 */
3100
3101 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN);
3102 stream_putc(s, BGP_ATTR_AS_PATH);
3103 aspath_sizep = stream_get_endp(s);
3104 stream_putw(s, 0);
3105 stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, use32bit));
3106
3107 /* OLD session may need NEW_AS_PATH sent, if there are 4-byte ASNs
3108 * in the path
3109 */
3110 if (!use32bit && aspath_has_as4(aspath))
3111 send_as4_path =
3112 1; /* we'll do this later, at the correct place */
3113
3114 /* Nexthop attribute. */
3115 if (afi == AFI_IP && safi == SAFI_UNICAST
3116 && !peer_cap_enhe(peer, afi, safi)) {
3117 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) {
3118 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3119 stream_putc(s, BGP_ATTR_NEXT_HOP);
3120 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s,
3121 attr);
3122 stream_putc(s, 4);
3123 stream_put_ipv4(s, attr->nexthop.s_addr);
3124 } else if (peer_cap_enhe(from, afi, safi)) {
3125 /*
3126 * Likely this is the case when an IPv4 prefix was
3127 * received with
3128 * Extended Next-hop capability and now being advertised
3129 * to
3130 * non-ENHE peers.
3131 * Setting the mandatory (ipv4) next-hop attribute here
3132 * to enable
3133 * implicit next-hop self with correct (ipv4 address
3134 * family).
3135 */
3136 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3137 stream_putc(s, BGP_ATTR_NEXT_HOP);
3138 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s,
3139 NULL);
3140 stream_putc(s, 4);
3141 stream_put_ipv4(s, 0);
3142 }
3143 }
3144
3145 /* MED attribute. */
3146 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC)
3147 || bgp->maxmed_active) {
3148 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3149 stream_putc(s, BGP_ATTR_MULTI_EXIT_DISC);
3150 stream_putc(s, 4);
3151 stream_putl(s, (bgp->maxmed_active ? bgp->maxmed_value
3152 : attr->med));
3153 }
3154
3155 /* Local preference. */
3156 if (peer->sort == BGP_PEER_IBGP || peer->sort == BGP_PEER_CONFED) {
3157 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3158 stream_putc(s, BGP_ATTR_LOCAL_PREF);
3159 stream_putc(s, 4);
3160 stream_putl(s, attr->local_pref);
3161 }
3162
3163 /* Atomic aggregate. */
3164 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE)) {
3165 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3166 stream_putc(s, BGP_ATTR_ATOMIC_AGGREGATE);
3167 stream_putc(s, 0);
3168 }
3169
3170 /* Aggregator. */
3171 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR)) {
3172 /* Common to BGP_ATTR_AGGREGATOR, regardless of ASN size */
3173 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3174 stream_putc(s, BGP_ATTR_AGGREGATOR);
3175
3176 if (use32bit) {
3177 /* AS4 capable peer */
3178 stream_putc(s, 8);
3179 stream_putl(s, attr->aggregator_as);
3180 } else {
3181 /* 2-byte AS peer */
3182 stream_putc(s, 6);
3183
3184 /* Is ASN representable in 2-bytes? Or must AS_TRANS be
3185 * used? */
3186 if (attr->aggregator_as > 65535) {
3187 stream_putw(s, BGP_AS_TRANS);
3188
3189 /* we have to send AS4_AGGREGATOR, too.
3190 * we'll do that later in order to send
3191 * attributes in ascending
3192 * order.
3193 */
3194 send_as4_aggregator = 1;
3195 } else
3196 stream_putw(s, (uint16_t)attr->aggregator_as);
3197 }
3198 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3199 }
3200
3201 /* Community attribute. */
3202 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY)
3203 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES))) {
3204 if (attr->community->size * 4 > 255) {
3205 stream_putc(s,
3206 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3207 | BGP_ATTR_FLAG_EXTLEN);
3208 stream_putc(s, BGP_ATTR_COMMUNITIES);
3209 stream_putw(s, attr->community->size * 4);
3210 } else {
3211 stream_putc(s,
3212 BGP_ATTR_FLAG_OPTIONAL
3213 | BGP_ATTR_FLAG_TRANS);
3214 stream_putc(s, BGP_ATTR_COMMUNITIES);
3215 stream_putc(s, attr->community->size * 4);
3216 }
3217 stream_put(s, attr->community->val, attr->community->size * 4);
3218 }
3219
3220 /*
3221 * Large Community attribute.
3222 */
3223 if (CHECK_FLAG(peer->af_flags[afi][safi],
3224 PEER_FLAG_SEND_LARGE_COMMUNITY)
3225 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES))) {
3226 if (lcom_length(attr->lcommunity) > 255) {
3227 stream_putc(s,
3228 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3229 | BGP_ATTR_FLAG_EXTLEN);
3230 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3231 stream_putw(s, lcom_length(attr->lcommunity));
3232 } else {
3233 stream_putc(s,
3234 BGP_ATTR_FLAG_OPTIONAL
3235 | BGP_ATTR_FLAG_TRANS);
3236 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3237 stream_putc(s, lcom_length(attr->lcommunity));
3238 }
3239 stream_put(s, attr->lcommunity->val,
3240 lcom_length(attr->lcommunity));
3241 }
3242
3243 /* Route Reflector. */
3244 if (peer->sort == BGP_PEER_IBGP && from
3245 && from->sort == BGP_PEER_IBGP) {
3246 /* Originator ID. */
3247 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3248 stream_putc(s, BGP_ATTR_ORIGINATOR_ID);
3249 stream_putc(s, 4);
3250
3251 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID))
3252 stream_put_in_addr(s, &attr->originator_id);
3253 else
3254 stream_put_in_addr(s, &from->remote_id);
3255
3256 /* Cluster list. */
3257 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3258 stream_putc(s, BGP_ATTR_CLUSTER_LIST);
3259
3260 if (attr->cluster) {
3261 stream_putc(s, attr->cluster->length + 4);
3262 /* If this peer configuration's parent BGP has
3263 * cluster_id. */
3264 if (bgp->config & BGP_CONFIG_CLUSTER_ID)
3265 stream_put_in_addr(s, &bgp->cluster_id);
3266 else
3267 stream_put_in_addr(s, &bgp->router_id);
3268 stream_put(s, attr->cluster->list,
3269 attr->cluster->length);
3270 } else {
3271 stream_putc(s, 4);
3272 /* If this peer configuration's parent BGP has
3273 * cluster_id. */
3274 if (bgp->config & BGP_CONFIG_CLUSTER_ID)
3275 stream_put_in_addr(s, &bgp->cluster_id);
3276 else
3277 stream_put_in_addr(s, &bgp->router_id);
3278 }
3279 }
3280
3281 /* Extended Communities attribute. */
3282 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY)
3283 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
3284 if (peer->sort == BGP_PEER_IBGP
3285 || peer->sort == BGP_PEER_CONFED) {
3286 if (attr->ecommunity->size * 8 > 255) {
3287 stream_putc(s,
3288 BGP_ATTR_FLAG_OPTIONAL
3289 | BGP_ATTR_FLAG_TRANS
3290 | BGP_ATTR_FLAG_EXTLEN);
3291 stream_putc(s, BGP_ATTR_EXT_COMMUNITIES);
3292 stream_putw(s, attr->ecommunity->size * 8);
3293 } else {
3294 stream_putc(s,
3295 BGP_ATTR_FLAG_OPTIONAL
3296 | BGP_ATTR_FLAG_TRANS);
3297 stream_putc(s, BGP_ATTR_EXT_COMMUNITIES);
3298 stream_putc(s, attr->ecommunity->size * 8);
3299 }
3300 stream_put(s, attr->ecommunity->val,
3301 attr->ecommunity->size * 8);
3302 } else {
3303 uint8_t *pnt;
3304 int tbit;
3305 int ecom_tr_size = 0;
3306 int i;
3307
3308 for (i = 0; i < attr->ecommunity->size; i++) {
3309 pnt = attr->ecommunity->val + (i * 8);
3310 tbit = *pnt;
3311
3312 if (CHECK_FLAG(tbit,
3313 ECOMMUNITY_FLAG_NON_TRANSITIVE))
3314 continue;
3315
3316 ecom_tr_size++;
3317 }
3318
3319 if (ecom_tr_size) {
3320 if (ecom_tr_size * 8 > 255) {
3321 stream_putc(
3322 s,
3323 BGP_ATTR_FLAG_OPTIONAL
3324 | BGP_ATTR_FLAG_TRANS
3325 | BGP_ATTR_FLAG_EXTLEN);
3326 stream_putc(s,
3327 BGP_ATTR_EXT_COMMUNITIES);
3328 stream_putw(s, ecom_tr_size * 8);
3329 } else {
3330 stream_putc(
3331 s,
3332 BGP_ATTR_FLAG_OPTIONAL
3333 | BGP_ATTR_FLAG_TRANS);
3334 stream_putc(s,
3335 BGP_ATTR_EXT_COMMUNITIES);
3336 stream_putc(s, ecom_tr_size * 8);
3337 }
3338
3339 for (i = 0; i < attr->ecommunity->size; i++) {
3340 pnt = attr->ecommunity->val + (i * 8);
3341 tbit = *pnt;
3342
3343 if (CHECK_FLAG(
3344 tbit,
3345 ECOMMUNITY_FLAG_NON_TRANSITIVE))
3346 continue;
3347
3348 stream_put(s, pnt, 8);
3349 }
3350 }
3351 }
3352 }
3353
3354 /* Label index attribute. */
3355 if (safi == SAFI_LABELED_UNICAST) {
3356 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID)) {
3357 uint32_t label_index;
3358
3359 label_index = attr->label_index;
3360
3361 if (label_index != BGP_INVALID_LABEL_INDEX) {
3362 stream_putc(s,
3363 BGP_ATTR_FLAG_OPTIONAL
3364 | BGP_ATTR_FLAG_TRANS);
3365 stream_putc(s, BGP_ATTR_PREFIX_SID);
3366 stream_putc(s, 10);
3367 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX);
3368 stream_putw(s,
3369 BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
3370 stream_putc(s, 0); // reserved
3371 stream_putw(s, 0); // flags
3372 stream_putl(s, label_index);
3373 }
3374 }
3375 }
3376
3377 if (send_as4_path) {
3378 /* If the peer is NOT As4 capable, AND */
3379 /* there are ASnums > 65535 in path THEN
3380 * give out AS4_PATH */
3381
3382 /* Get rid of all AS_CONFED_SEQUENCE and AS_CONFED_SET
3383 * path segments!
3384 * Hm, I wonder... confederation things *should* only be at
3385 * the beginning of an aspath, right? Then we should use
3386 * aspath_delete_confed_seq for this, because it is already
3387 * there! (JK)
3388 * Folks, talk to me: what is reasonable here!?
3389 */
3390 aspath = aspath_delete_confed_seq(aspath);
3391
3392 stream_putc(s,
3393 BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL
3394 | BGP_ATTR_FLAG_EXTLEN);
3395 stream_putc(s, BGP_ATTR_AS4_PATH);
3396 aspath_sizep = stream_get_endp(s);
3397 stream_putw(s, 0);
3398 stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, 1));
3399 }
3400
3401 if (aspath != attr->aspath)
3402 aspath_free(aspath);
3403
3404 if (send_as4_aggregator) {
3405 /* send AS4_AGGREGATOR, at this place */
3406 /* this section of code moved here in order to ensure the
3407 * correct
3408 * *ascending* order of attributes
3409 */
3410 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3411 stream_putc(s, BGP_ATTR_AS4_AGGREGATOR);
3412 stream_putc(s, 8);
3413 stream_putl(s, attr->aggregator_as);
3414 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3415 }
3416
3417 if (((afi == AFI_IP || afi == AFI_IP6)
3418 && (safi == SAFI_ENCAP || safi == SAFI_MPLS_VPN))
3419 || (afi == AFI_L2VPN && safi == SAFI_EVPN)) {
3420 /* Tunnel Encap attribute */
3421 bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_ENCAP);
3422
3423 #if ENABLE_BGP_VNC
3424 /* VNC attribute */
3425 bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_VNC);
3426 #endif
3427 }
3428
3429 /* PMSI Tunnel */
3430 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PMSI_TUNNEL)) {
3431 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3432 stream_putc(s, BGP_ATTR_PMSI_TUNNEL);
3433 stream_putc(s, 9); // Length
3434 stream_putc(s, 0); // Flags
3435 stream_putc(s, PMSI_TNLTYPE_INGR_REPL); // IR (6)
3436 stream_put(s, &(attr->label),
3437 BGP_LABEL_BYTES); // MPLS Label / VXLAN VNI
3438 stream_put_ipv4(s, attr->nexthop.s_addr);
3439 // Unicast tunnel endpoint IP address
3440 }
3441
3442 /* Unknown transit attribute. */
3443 if (attr->transit)
3444 stream_put(s, attr->transit->val, attr->transit->length);
3445
3446 /* Return total size of attribute. */
3447 return stream_get_endp(s) - cp;
3448 }
3449
3450 size_t bgp_packet_mpunreach_start(struct stream *s, afi_t afi, safi_t safi)
3451 {
3452 unsigned long attrlen_pnt;
3453 iana_afi_t pkt_afi;
3454 iana_safi_t pkt_safi;
3455
3456 /* Set extended bit always to encode the attribute length as 2 bytes */
3457 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN);
3458 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
3459
3460 attrlen_pnt = stream_get_endp(s);
3461 stream_putw(s, 0); /* Length of this attribute. */
3462
3463 /* Convert AFI, SAFI to values for packet. */
3464 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
3465
3466 stream_putw(s, pkt_afi);
3467 stream_putc(s, pkt_safi);
3468
3469 return attrlen_pnt;
3470 }
3471
3472 void bgp_packet_mpunreach_prefix(struct stream *s, struct prefix *p, afi_t afi,
3473 safi_t safi, struct prefix_rd *prd,
3474 mpls_label_t *label, uint32_t num_labels,
3475 int addpath_encode, uint32_t addpath_tx_id,
3476 struct attr *attr)
3477 {
3478 uint8_t wlabel[3] = {0x80, 0x00, 0x00};
3479
3480 if (safi == SAFI_LABELED_UNICAST) {
3481 label = (mpls_label_t *)wlabel;
3482 num_labels = 1;
3483 }
3484
3485 return bgp_packet_mpattr_prefix(s, afi, safi, p, prd, label, num_labels,
3486 addpath_encode, addpath_tx_id, attr);
3487 }
3488
3489 void bgp_packet_mpunreach_end(struct stream *s, size_t attrlen_pnt)
3490 {
3491 bgp_packet_mpattr_end(s, attrlen_pnt);
3492 }
3493
3494 /* Initialization of attribute. */
3495 void bgp_attr_init(void)
3496 {
3497 aspath_init();
3498 attrhash_init();
3499 community_init();
3500 ecommunity_init();
3501 lcommunity_init();
3502 cluster_init();
3503 transit_init();
3504 encap_init();
3505 }
3506
3507 void bgp_attr_finish(void)
3508 {
3509 aspath_finish();
3510 attrhash_finish();
3511 community_finish();
3512 ecommunity_finish();
3513 lcommunity_finish();
3514 cluster_finish();
3515 transit_finish();
3516 encap_finish();
3517 }
3518
3519 /* Make attribute packet. */
3520 void bgp_dump_routes_attr(struct stream *s, struct attr *attr,
3521 struct prefix *prefix)
3522 {
3523 unsigned long cp;
3524 unsigned long len;
3525 size_t aspath_lenp;
3526 struct aspath *aspath;
3527 int addpath_encode = 0;
3528 uint32_t addpath_tx_id = 0;
3529
3530 /* Remember current pointer. */
3531 cp = stream_get_endp(s);
3532
3533 /* Place holder of length. */
3534 stream_putw(s, 0);
3535
3536 /* Origin attribute. */
3537 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3538 stream_putc(s, BGP_ATTR_ORIGIN);
3539 stream_putc(s, 1);
3540 stream_putc(s, attr->origin);
3541
3542 aspath = attr->aspath;
3543
3544 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN);
3545 stream_putc(s, BGP_ATTR_AS_PATH);
3546 aspath_lenp = stream_get_endp(s);
3547 stream_putw(s, 0);
3548
3549 stream_putw_at(s, aspath_lenp, aspath_put(s, aspath, 1));
3550
3551 /* Nexthop attribute. */
3552 /* If it's an IPv6 prefix, don't dump the IPv4 nexthop to save space */
3553 if (prefix != NULL && prefix->family != AF_INET6) {
3554 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3555 stream_putc(s, BGP_ATTR_NEXT_HOP);
3556 stream_putc(s, 4);
3557 stream_put_ipv4(s, attr->nexthop.s_addr);
3558 }
3559
3560 /* MED attribute. */
3561 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC)) {
3562 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3563 stream_putc(s, BGP_ATTR_MULTI_EXIT_DISC);
3564 stream_putc(s, 4);
3565 stream_putl(s, attr->med);
3566 }
3567
3568 /* Local preference. */
3569 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)) {
3570 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3571 stream_putc(s, BGP_ATTR_LOCAL_PREF);
3572 stream_putc(s, 4);
3573 stream_putl(s, attr->local_pref);
3574 }
3575
3576 /* Atomic aggregate. */
3577 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE)) {
3578 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3579 stream_putc(s, BGP_ATTR_ATOMIC_AGGREGATE);
3580 stream_putc(s, 0);
3581 }
3582
3583 /* Aggregator. */
3584 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR)) {
3585 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3586 stream_putc(s, BGP_ATTR_AGGREGATOR);
3587 stream_putc(s, 8);
3588 stream_putl(s, attr->aggregator_as);
3589 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3590 }
3591
3592 /* Community attribute. */
3593 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES)) {
3594 if (attr->community->size * 4 > 255) {
3595 stream_putc(s,
3596 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3597 | BGP_ATTR_FLAG_EXTLEN);
3598 stream_putc(s, BGP_ATTR_COMMUNITIES);
3599 stream_putw(s, attr->community->size * 4);
3600 } else {
3601 stream_putc(s,
3602 BGP_ATTR_FLAG_OPTIONAL
3603 | BGP_ATTR_FLAG_TRANS);
3604 stream_putc(s, BGP_ATTR_COMMUNITIES);
3605 stream_putc(s, attr->community->size * 4);
3606 }
3607 stream_put(s, attr->community->val, attr->community->size * 4);
3608 }
3609
3610 /* Large Community attribute. */
3611 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES)) {
3612 if (lcom_length(attr->lcommunity) > 255) {
3613 stream_putc(s,
3614 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3615 | BGP_ATTR_FLAG_EXTLEN);
3616 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3617 stream_putw(s, lcom_length(attr->lcommunity));
3618 } else {
3619 stream_putc(s,
3620 BGP_ATTR_FLAG_OPTIONAL
3621 | BGP_ATTR_FLAG_TRANS);
3622 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3623 stream_putc(s, lcom_length(attr->lcommunity));
3624 }
3625
3626 stream_put(s, attr->lcommunity->val,
3627 lcom_length(attr->lcommunity));
3628 }
3629
3630 /* Add a MP_NLRI attribute to dump the IPv6 next hop */
3631 if (prefix != NULL && prefix->family == AF_INET6
3632 && (attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL
3633 || attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL)) {
3634 int sizep;
3635
3636 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3637 stream_putc(s, BGP_ATTR_MP_REACH_NLRI);
3638 sizep = stream_get_endp(s);
3639
3640 /* MP header */
3641 stream_putc(s, 0); /* Marker: Attribute length. */
3642 stream_putw(s, AFI_IP6); /* AFI */
3643 stream_putc(s, SAFI_UNICAST); /* SAFI */
3644
3645 /* Next hop */
3646 stream_putc(s, attr->mp_nexthop_len);
3647 stream_put(s, &attr->mp_nexthop_global, IPV6_MAX_BYTELEN);
3648 if (attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL)
3649 stream_put(s, &attr->mp_nexthop_local,
3650 IPV6_MAX_BYTELEN);
3651
3652 /* SNPA */
3653 stream_putc(s, 0);
3654
3655 /* Prefix */
3656 stream_put_prefix_addpath(s, prefix, addpath_encode,
3657 addpath_tx_id);
3658
3659 /* Set MP attribute length. */
3660 stream_putc_at(s, sizep, (stream_get_endp(s) - sizep) - 1);
3661 }
3662
3663 /* Prefix SID */
3664 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID)) {
3665 if (attr->label_index != BGP_INVALID_LABEL_INDEX) {
3666 stream_putc(s,
3667 BGP_ATTR_FLAG_OPTIONAL
3668 | BGP_ATTR_FLAG_TRANS);
3669 stream_putc(s, BGP_ATTR_PREFIX_SID);
3670 stream_putc(s, 10);
3671 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX);
3672 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
3673 stream_putc(s, 0); // reserved
3674 stream_putw(s, 0); // flags
3675 stream_putl(s, attr->label_index);
3676 }
3677 }
3678
3679 /* Return total size of attribute. */
3680 len = stream_get_endp(s) - cp - 2;
3681 stream_putw_at(s, cp, len);
3682 }
FRRouting mirror