]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_attr.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #3042 from donaldsharp/pim_startup
[mirror_frr.git] / bgpd / bgp_attr.c
1 /* BGP attributes management routines.
2 * Copyright (C) 1996, 97, 98, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "memory.h"
26 #include "vector.h"
27 #include "stream.h"
28 #include "log.h"
29 #include "hash.h"
30 #include "jhash.h"
31 #include "queue.h"
32 #include "table.h"
33 #include "filter.h"
34 #include "command.h"
35
36 #include "bgpd/bgpd.h"
37 #include "bgpd/bgp_attr.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_aspath.h"
40 #include "bgpd/bgp_community.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_errors.h"
43 #include "bgpd/bgp_label.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_lcommunity.h"
47 #include "bgpd/bgp_updgrp.h"
48 #include "bgpd/bgp_encap_types.h"
49 #if ENABLE_BGP_VNC
50 #include "bgpd/rfapi/bgp_rfapi_cfg.h"
51 #include "bgp_encap_types.h"
52 #include "bgp_vnc_types.h"
53 #endif
54 #include "bgp_encap_types.h"
55 #include "bgp_evpn.h"
56 #include "bgp_flowspec_private.h"
57
58 /* Attribute strings for logging. */
59 static const struct message attr_str[] = {
60 {BGP_ATTR_ORIGIN, "ORIGIN"},
61 {BGP_ATTR_AS_PATH, "AS_PATH"},
62 {BGP_ATTR_NEXT_HOP, "NEXT_HOP"},
63 {BGP_ATTR_MULTI_EXIT_DISC, "MULTI_EXIT_DISC"},
64 {BGP_ATTR_LOCAL_PREF, "LOCAL_PREF"},
65 {BGP_ATTR_ATOMIC_AGGREGATE, "ATOMIC_AGGREGATE"},
66 {BGP_ATTR_AGGREGATOR, "AGGREGATOR"},
67 {BGP_ATTR_COMMUNITIES, "COMMUNITY"},
68 {BGP_ATTR_ORIGINATOR_ID, "ORIGINATOR_ID"},
69 {BGP_ATTR_CLUSTER_LIST, "CLUSTER_LIST"},
70 {BGP_ATTR_DPA, "DPA"},
71 {BGP_ATTR_ADVERTISER, "ADVERTISER"},
72 {BGP_ATTR_RCID_PATH, "RCID_PATH"},
73 {BGP_ATTR_MP_REACH_NLRI, "MP_REACH_NLRI"},
74 {BGP_ATTR_MP_UNREACH_NLRI, "MP_UNREACH_NLRI"},
75 {BGP_ATTR_EXT_COMMUNITIES, "EXT_COMMUNITIES"},
76 {BGP_ATTR_AS4_PATH, "AS4_PATH"},
77 {BGP_ATTR_AS4_AGGREGATOR, "AS4_AGGREGATOR"},
78 {BGP_ATTR_AS_PATHLIMIT, "AS_PATHLIMIT"},
79 {BGP_ATTR_PMSI_TUNNEL, "PMSI_TUNNEL_ATTRIBUTE"},
80 {BGP_ATTR_ENCAP, "ENCAP"},
81 #if ENABLE_BGP_VNC
82 {BGP_ATTR_VNC, "VNC"},
83 #endif
84 {BGP_ATTR_LARGE_COMMUNITIES, "LARGE_COMMUNITY"},
85 {BGP_ATTR_PREFIX_SID, "PREFIX_SID"},
86 {0}};
87
88 static const struct message attr_flag_str[] = {
89 {BGP_ATTR_FLAG_OPTIONAL, "Optional"},
90 {BGP_ATTR_FLAG_TRANS, "Transitive"},
91 {BGP_ATTR_FLAG_PARTIAL, "Partial"},
92 /* bgp_attr_flags_diagnose() relies on this bit being last in
93 this list */
94 {BGP_ATTR_FLAG_EXTLEN, "Extended Length"},
95 {0}};
96
97 static struct hash *cluster_hash;
98
99 static void *cluster_hash_alloc(void *p)
100 {
101 const struct cluster_list *val = (const struct cluster_list *)p;
102 struct cluster_list *cluster;
103
104 cluster = XMALLOC(MTYPE_CLUSTER, sizeof(struct cluster_list));
105 cluster->length = val->length;
106
107 if (cluster->length) {
108 cluster->list = XMALLOC(MTYPE_CLUSTER_VAL, val->length);
109 memcpy(cluster->list, val->list, val->length);
110 } else
111 cluster->list = NULL;
112
113 cluster->refcnt = 0;
114
115 return cluster;
116 }
117
118 /* Cluster list related functions. */
119 static struct cluster_list *cluster_parse(struct in_addr *pnt, int length)
120 {
121 struct cluster_list tmp;
122 struct cluster_list *cluster;
123
124 tmp.length = length;
125 tmp.list = pnt;
126
127 cluster = hash_get(cluster_hash, &tmp, cluster_hash_alloc);
128 cluster->refcnt++;
129 return cluster;
130 }
131
132 int cluster_loop_check(struct cluster_list *cluster, struct in_addr originator)
133 {
134 int i;
135
136 for (i = 0; i < cluster->length / 4; i++)
137 if (cluster->list[i].s_addr == originator.s_addr)
138 return 1;
139 return 0;
140 }
141
142 static unsigned int cluster_hash_key_make(void *p)
143 {
144 const struct cluster_list *cluster = p;
145
146 return jhash(cluster->list, cluster->length, 0);
147 }
148
149 static int cluster_hash_cmp(const void *p1, const void *p2)
150 {
151 const struct cluster_list *cluster1 = p1;
152 const struct cluster_list *cluster2 = p2;
153
154 return (cluster1->length == cluster2->length
155 && memcmp(cluster1->list, cluster2->list, cluster1->length)
156 == 0);
157 }
158
159 static void cluster_free(struct cluster_list *cluster)
160 {
161 if (cluster->list)
162 XFREE(MTYPE_CLUSTER_VAL, cluster->list);
163 XFREE(MTYPE_CLUSTER, cluster);
164 }
165
166 static struct cluster_list *cluster_intern(struct cluster_list *cluster)
167 {
168 struct cluster_list *find;
169
170 find = hash_get(cluster_hash, cluster, cluster_hash_alloc);
171 find->refcnt++;
172
173 return find;
174 }
175
176 void cluster_unintern(struct cluster_list *cluster)
177 {
178 if (cluster->refcnt)
179 cluster->refcnt--;
180
181 if (cluster->refcnt == 0) {
182 hash_release(cluster_hash, cluster);
183 cluster_free(cluster);
184 }
185 }
186
187 static void cluster_init(void)
188 {
189 cluster_hash = hash_create(cluster_hash_key_make, cluster_hash_cmp,
190 "BGP Cluster");
191 }
192
193 static void cluster_finish(void)
194 {
195 hash_clean(cluster_hash, (void (*)(void *))cluster_free);
196 hash_free(cluster_hash);
197 cluster_hash = NULL;
198 }
199
200 static struct hash *encap_hash = NULL;
201 #if ENABLE_BGP_VNC
202 static struct hash *vnc_hash = NULL;
203 #endif
204
205 struct bgp_attr_encap_subtlv *encap_tlv_dup(struct bgp_attr_encap_subtlv *orig)
206 {
207 struct bgp_attr_encap_subtlv *new;
208 struct bgp_attr_encap_subtlv *tail;
209 struct bgp_attr_encap_subtlv *p;
210
211 for (p = orig, tail = new = NULL; p; p = p->next) {
212 int size = sizeof(struct bgp_attr_encap_subtlv) + p->length;
213 if (tail) {
214 tail->next = XCALLOC(MTYPE_ENCAP_TLV, size);
215 tail = tail->next;
216 } else {
217 tail = new = XCALLOC(MTYPE_ENCAP_TLV, size);
218 }
219 assert(tail);
220 memcpy(tail, p, size);
221 tail->next = NULL;
222 }
223
224 return new;
225 }
226
227 static void encap_free(struct bgp_attr_encap_subtlv *p)
228 {
229 struct bgp_attr_encap_subtlv *next;
230 while (p) {
231 next = p->next;
232 p->next = NULL;
233 XFREE(MTYPE_ENCAP_TLV, p);
234 p = next;
235 }
236 }
237
238 void bgp_attr_flush_encap(struct attr *attr)
239 {
240 if (!attr)
241 return;
242
243 if (attr->encap_subtlvs) {
244 encap_free(attr->encap_subtlvs);
245 attr->encap_subtlvs = NULL;
246 }
247 #if ENABLE_BGP_VNC
248 if (attr->vnc_subtlvs) {
249 encap_free(attr->vnc_subtlvs);
250 attr->vnc_subtlvs = NULL;
251 }
252 #endif
253 }
254
255 /*
256 * Compare encap sub-tlv chains
257 *
258 * 1 = equivalent
259 * 0 = not equivalent
260 *
261 * This algorithm could be made faster if needed
262 */
263 static int encap_same(const struct bgp_attr_encap_subtlv *h1,
264 const struct bgp_attr_encap_subtlv *h2)
265 {
266 const struct bgp_attr_encap_subtlv *p;
267 const struct bgp_attr_encap_subtlv *q;
268
269 if (h1 == h2)
270 return 1;
271 if (h1 == NULL || h2 == NULL)
272 return 0;
273
274 for (p = h1; p; p = p->next) {
275 for (q = h2; q; q = q->next) {
276 if ((p->type == q->type) && (p->length == q->length)
277 && !memcmp(p->value, q->value, p->length)) {
278
279 break;
280 }
281 }
282 if (!q)
283 return 0;
284 }
285
286 for (p = h2; p; p = p->next) {
287 for (q = h1; q; q = q->next) {
288 if ((p->type == q->type) && (p->length == q->length)
289 && !memcmp(p->value, q->value, p->length)) {
290
291 break;
292 }
293 }
294 if (!q)
295 return 0;
296 }
297
298 return 1;
299 }
300
301 static void *encap_hash_alloc(void *p)
302 {
303 /* Encap structure is already allocated. */
304 return p;
305 }
306
307 typedef enum {
308 ENCAP_SUBTLV_TYPE,
309 #if ENABLE_BGP_VNC
310 VNC_SUBTLV_TYPE
311 #endif
312 } encap_subtlv_type;
313
314 static struct bgp_attr_encap_subtlv *
315 encap_intern(struct bgp_attr_encap_subtlv *encap, encap_subtlv_type type)
316 {
317 struct bgp_attr_encap_subtlv *find;
318 struct hash *hash = encap_hash;
319 #if ENABLE_BGP_VNC
320 if (type == VNC_SUBTLV_TYPE)
321 hash = vnc_hash;
322 #endif
323
324 find = hash_get(hash, encap, encap_hash_alloc);
325 if (find != encap)
326 encap_free(encap);
327 find->refcnt++;
328
329 return find;
330 }
331
332 static void encap_unintern(struct bgp_attr_encap_subtlv **encapp,
333 encap_subtlv_type type)
334 {
335 struct bgp_attr_encap_subtlv *encap = *encapp;
336 if (encap->refcnt)
337 encap->refcnt--;
338
339 if (encap->refcnt == 0) {
340 struct hash *hash = encap_hash;
341 #if ENABLE_BGP_VNC
342 if (type == VNC_SUBTLV_TYPE)
343 hash = vnc_hash;
344 #endif
345 hash_release(hash, encap);
346 encap_free(encap);
347 *encapp = NULL;
348 }
349 }
350
351 static unsigned int encap_hash_key_make(void *p)
352 {
353 const struct bgp_attr_encap_subtlv *encap = p;
354
355 return jhash(encap->value, encap->length, 0);
356 }
357
358 static int encap_hash_cmp(const void *p1, const void *p2)
359 {
360 return encap_same((const struct bgp_attr_encap_subtlv *)p1,
361 (const struct bgp_attr_encap_subtlv *)p2);
362 }
363
364 static void encap_init(void)
365 {
366 encap_hash = hash_create(encap_hash_key_make, encap_hash_cmp,
367 "BGP Encap Hash");
368 #if ENABLE_BGP_VNC
369 vnc_hash = hash_create(encap_hash_key_make, encap_hash_cmp,
370 "BGP VNC Hash");
371 #endif
372 }
373
374 static void encap_finish(void)
375 {
376 hash_clean(encap_hash, (void (*)(void *))encap_free);
377 hash_free(encap_hash);
378 encap_hash = NULL;
379 #if ENABLE_BGP_VNC
380 hash_clean(vnc_hash, (void (*)(void *))encap_free);
381 hash_free(vnc_hash);
382 vnc_hash = NULL;
383 #endif
384 }
385
386 static bool overlay_index_same(const struct attr *a1, const struct attr *a2)
387 {
388 if (!a1 && a2)
389 return false;
390 if (!a2 && a1)
391 return false;
392 if (!a1 && !a2)
393 return true;
394 return !memcmp(&(a1->evpn_overlay), &(a2->evpn_overlay),
395 sizeof(struct overlay_index));
396 }
397
398 /* Unknown transit attribute. */
399 static struct hash *transit_hash;
400
401 static void transit_free(struct transit *transit)
402 {
403 if (transit->val)
404 XFREE(MTYPE_TRANSIT_VAL, transit->val);
405 XFREE(MTYPE_TRANSIT, transit);
406 }
407
408 static void *transit_hash_alloc(void *p)
409 {
410 /* Transit structure is already allocated. */
411 return p;
412 }
413
414 static struct transit *transit_intern(struct transit *transit)
415 {
416 struct transit *find;
417
418 find = hash_get(transit_hash, transit, transit_hash_alloc);
419 if (find != transit)
420 transit_free(transit);
421 find->refcnt++;
422
423 return find;
424 }
425
426 void transit_unintern(struct transit *transit)
427 {
428 if (transit->refcnt)
429 transit->refcnt--;
430
431 if (transit->refcnt == 0) {
432 hash_release(transit_hash, transit);
433 transit_free(transit);
434 }
435 }
436
437 static unsigned int transit_hash_key_make(void *p)
438 {
439 const struct transit *transit = p;
440
441 return jhash(transit->val, transit->length, 0);
442 }
443
444 static int transit_hash_cmp(const void *p1, const void *p2)
445 {
446 const struct transit *transit1 = p1;
447 const struct transit *transit2 = p2;
448
449 return (transit1->length == transit2->length
450 && memcmp(transit1->val, transit2->val, transit1->length) == 0);
451 }
452
453 static void transit_init(void)
454 {
455 transit_hash = hash_create(transit_hash_key_make, transit_hash_cmp,
456 "BGP Transit Hash");
457 }
458
459 static void transit_finish(void)
460 {
461 hash_clean(transit_hash, (void (*)(void *))transit_free);
462 hash_free(transit_hash);
463 transit_hash = NULL;
464 }
465
466 /* Attribute hash routines. */
467 static struct hash *attrhash;
468
469 /* Shallow copy of an attribute
470 * Though, not so shallow that it doesn't copy the contents
471 * of the attr_extra pointed to by 'extra'
472 */
473 void bgp_attr_dup(struct attr *new, struct attr *orig)
474 {
475 *new = *orig;
476 }
477
478 unsigned long int attr_count(void)
479 {
480 return attrhash->count;
481 }
482
483 unsigned long int attr_unknown_count(void)
484 {
485 return transit_hash->count;
486 }
487
488 unsigned int attrhash_key_make(void *p)
489 {
490 const struct attr *attr = (struct attr *)p;
491 uint32_t key = 0;
492 #define MIX(val) key = jhash_1word(val, key)
493 #define MIX3(a, b, c) key = jhash_3words((a), (b), (c), key)
494
495 MIX3(attr->origin, attr->nexthop.s_addr, attr->med);
496 MIX3(attr->local_pref, attr->aggregator_as,
497 attr->aggregator_addr.s_addr);
498 MIX3(attr->weight, attr->mp_nexthop_global_in.s_addr,
499 attr->originator_id.s_addr);
500 MIX3(attr->tag, attr->label, attr->label_index);
501
502 if (attr->aspath)
503 MIX(aspath_key_make(attr->aspath));
504 if (attr->community)
505 MIX(community_hash_make(attr->community));
506
507 if (attr->lcommunity)
508 MIX(lcommunity_hash_make(attr->lcommunity));
509 if (attr->ecommunity)
510 MIX(ecommunity_hash_make(attr->ecommunity));
511 if (attr->cluster)
512 MIX(cluster_hash_key_make(attr->cluster));
513 if (attr->transit)
514 MIX(transit_hash_key_make(attr->transit));
515 if (attr->encap_subtlvs)
516 MIX(encap_hash_key_make(attr->encap_subtlvs));
517 #if ENABLE_BGP_VNC
518 if (attr->vnc_subtlvs)
519 MIX(encap_hash_key_make(attr->vnc_subtlvs));
520 #endif
521 MIX(attr->mp_nexthop_len);
522 key = jhash(attr->mp_nexthop_global.s6_addr, IPV6_MAX_BYTELEN, key);
523 key = jhash(attr->mp_nexthop_local.s6_addr, IPV6_MAX_BYTELEN, key);
524 MIX(attr->nh_ifindex);
525 MIX(attr->nh_lla_ifindex);
526
527 return key;
528 }
529
530 int attrhash_cmp(const void *p1, const void *p2)
531 {
532 const struct attr *attr1 = p1;
533 const struct attr *attr2 = p2;
534
535 if (attr1->flag == attr2->flag && attr1->origin == attr2->origin
536 && attr1->nexthop.s_addr == attr2->nexthop.s_addr
537 && attr1->aspath == attr2->aspath
538 && attr1->community == attr2->community && attr1->med == attr2->med
539 && attr1->local_pref == attr2->local_pref
540 && attr1->rmap_change_flags == attr2->rmap_change_flags) {
541 if (attr1->aggregator_as == attr2->aggregator_as
542 && attr1->aggregator_addr.s_addr
543 == attr2->aggregator_addr.s_addr
544 && attr1->weight == attr2->weight
545 && attr1->tag == attr2->tag
546 && attr1->label_index == attr2->label_index
547 && attr1->mp_nexthop_len == attr2->mp_nexthop_len
548 && attr1->ecommunity == attr2->ecommunity
549 && attr1->lcommunity == attr2->lcommunity
550 && attr1->cluster == attr2->cluster
551 && attr1->transit == attr2->transit
552 && (attr1->encap_tunneltype == attr2->encap_tunneltype)
553 && encap_same(attr1->encap_subtlvs, attr2->encap_subtlvs)
554 #if ENABLE_BGP_VNC
555 && encap_same(attr1->vnc_subtlvs, attr2->vnc_subtlvs)
556 #endif
557 && IPV6_ADDR_SAME(&attr1->mp_nexthop_global,
558 &attr2->mp_nexthop_global)
559 && IPV6_ADDR_SAME(&attr1->mp_nexthop_local,
560 &attr2->mp_nexthop_local)
561 && IPV4_ADDR_SAME(&attr1->mp_nexthop_global_in,
562 &attr2->mp_nexthop_global_in)
563 && IPV4_ADDR_SAME(&attr1->originator_id,
564 &attr2->originator_id)
565 && overlay_index_same(attr1, attr2)
566 && attr1->nh_ifindex == attr2->nh_ifindex
567 && attr1->nh_lla_ifindex == attr2->nh_lla_ifindex)
568 return 1;
569 }
570
571 return 0;
572 }
573
574 static void attrhash_init(void)
575 {
576 attrhash =
577 hash_create(attrhash_key_make, attrhash_cmp, "BGP Attributes");
578 }
579
580 /*
581 * special for hash_clean below
582 */
583 static void attr_vfree(void *attr)
584 {
585 XFREE(MTYPE_ATTR, attr);
586 }
587
588 static void attrhash_finish(void)
589 {
590 hash_clean(attrhash, attr_vfree);
591 hash_free(attrhash);
592 attrhash = NULL;
593 }
594
595 static void attr_show_all_iterator(struct hash_backet *backet, struct vty *vty)
596 {
597 struct attr *attr = backet->data;
598
599 vty_out(vty, "attr[%ld] nexthop %s\n", attr->refcnt,
600 inet_ntoa(attr->nexthop));
601 vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u label: %u\n",
602 attr->flag, attr->med, attr->local_pref, attr->origin,
603 attr->weight, attr->label);
604 }
605
606 void attr_show_all(struct vty *vty)
607 {
608 hash_iterate(attrhash, (void (*)(struct hash_backet *,
609 void *))attr_show_all_iterator,
610 vty);
611 }
612
613 static void *bgp_attr_hash_alloc(void *p)
614 {
615 struct attr *val = (struct attr *)p;
616 struct attr *attr;
617
618 attr = XMALLOC(MTYPE_ATTR, sizeof(struct attr));
619 *attr = *val;
620 if (val->encap_subtlvs) {
621 val->encap_subtlvs = NULL;
622 }
623 #if ENABLE_BGP_VNC
624 if (val->vnc_subtlvs) {
625 val->vnc_subtlvs = NULL;
626 }
627 #endif
628 attr->refcnt = 0;
629 return attr;
630 }
631
632 /* Internet argument attribute. */
633 struct attr *bgp_attr_intern(struct attr *attr)
634 {
635 struct attr *find;
636
637 /* Intern referenced strucutre. */
638 if (attr->aspath) {
639 if (!attr->aspath->refcnt)
640 attr->aspath = aspath_intern(attr->aspath);
641 else
642 attr->aspath->refcnt++;
643 }
644 if (attr->community) {
645 if (!attr->community->refcnt)
646 attr->community = community_intern(attr->community);
647 else
648 attr->community->refcnt++;
649 }
650
651 if (attr->ecommunity) {
652 if (!attr->ecommunity->refcnt)
653 attr->ecommunity = ecommunity_intern(attr->ecommunity);
654 else
655 attr->ecommunity->refcnt++;
656 }
657 if (attr->lcommunity) {
658 if (!attr->lcommunity->refcnt)
659 attr->lcommunity = lcommunity_intern(attr->lcommunity);
660 else
661 attr->lcommunity->refcnt++;
662 }
663 if (attr->cluster) {
664 if (!attr->cluster->refcnt)
665 attr->cluster = cluster_intern(attr->cluster);
666 else
667 attr->cluster->refcnt++;
668 }
669 if (attr->transit) {
670 if (!attr->transit->refcnt)
671 attr->transit = transit_intern(attr->transit);
672 else
673 attr->transit->refcnt++;
674 }
675 if (attr->encap_subtlvs) {
676 if (!attr->encap_subtlvs->refcnt)
677 attr->encap_subtlvs = encap_intern(attr->encap_subtlvs,
678 ENCAP_SUBTLV_TYPE);
679 else
680 attr->encap_subtlvs->refcnt++;
681 }
682 #if ENABLE_BGP_VNC
683 if (attr->vnc_subtlvs) {
684 if (!attr->vnc_subtlvs->refcnt)
685 attr->vnc_subtlvs = encap_intern(attr->vnc_subtlvs,
686 VNC_SUBTLV_TYPE);
687 else
688 attr->vnc_subtlvs->refcnt++;
689 }
690 #endif
691
692 /* At this point, attr only contains intern'd pointers. that means
693 * if we find it in attrhash, it has all the same pointers and we
694 * correctly updated the refcounts on these.
695 * If we don't find it, we need to allocate a one because in all
696 * cases this returns a new reference to a hashed attr, but the input
697 * wasn't on hash. */
698 find = (struct attr *)hash_get(attrhash, attr, bgp_attr_hash_alloc);
699 find->refcnt++;
700
701 return find;
702 }
703
704 /* Make network statement's attribute. */
705 struct attr *bgp_attr_default_set(struct attr *attr, uint8_t origin)
706 {
707 memset(attr, 0, sizeof(struct attr));
708
709 attr->origin = origin;
710 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
711 attr->aspath = aspath_empty();
712 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
713 attr->weight = BGP_ATTR_DEFAULT_WEIGHT;
714 attr->tag = 0;
715 attr->label_index = BGP_INVALID_LABEL_INDEX;
716 attr->label = MPLS_INVALID_LABEL;
717 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
718 attr->mp_nexthop_len = IPV6_MAX_BYTELEN;
719
720 return attr;
721 }
722
723 /* Create the attributes for an aggregate */
724 struct attr *bgp_attr_aggregate_intern(struct bgp *bgp, uint8_t origin,
725 struct aspath *aspath,
726 struct community *community, int as_set,
727 uint8_t atomic_aggregate)
728 {
729 struct attr attr;
730 struct attr *new;
731
732 memset(&attr, 0, sizeof(struct attr));
733
734 /* Origin attribute. */
735 attr.origin = origin;
736 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
737
738 /* AS path attribute. */
739 if (aspath)
740 attr.aspath = aspath_intern(aspath);
741 else
742 attr.aspath = aspath_empty();
743 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
744
745 /* Next hop attribute. */
746 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
747
748 if (community) {
749 uint32_t gshut = COMMUNITY_GSHUT;
750
751 /* If we are not shutting down ourselves and we are
752 * aggregating a route that contains the GSHUT community we
753 * need to remove that community when creating the aggregate */
754 if (!bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)
755 && community_include(community, gshut)) {
756 community_del_val(community, &gshut);
757 }
758
759 attr.community = community;
760 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES);
761 }
762
763 if (bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)) {
764 bgp_attr_add_gshut_community(&attr);
765 }
766
767 attr.label_index = BGP_INVALID_LABEL_INDEX;
768 attr.label = MPLS_INVALID_LABEL;
769 attr.weight = BGP_ATTR_DEFAULT_WEIGHT;
770 attr.mp_nexthop_len = IPV6_MAX_BYTELEN;
771 if (!as_set || atomic_aggregate)
772 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE);
773 attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR);
774 if (CHECK_FLAG(bgp->config, BGP_CONFIG_CONFEDERATION))
775 attr.aggregator_as = bgp->confed_id;
776 else
777 attr.aggregator_as = bgp->as;
778 attr.aggregator_addr = bgp->router_id;
779 attr.label_index = BGP_INVALID_LABEL_INDEX;
780 attr.label = MPLS_INVALID_LABEL;
781
782 new = bgp_attr_intern(&attr);
783
784 aspath_unintern(&new->aspath);
785 return new;
786 }
787
788 /* Unintern just the sub-components of the attr, but not the attr */
789 void bgp_attr_unintern_sub(struct attr *attr)
790 {
791 /* aspath refcount shoud be decrement. */
792 if (attr->aspath)
793 aspath_unintern(&attr->aspath);
794 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH));
795
796 if (attr->community)
797 community_unintern(&attr->community);
798 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES));
799
800 if (attr->ecommunity)
801 ecommunity_unintern(&attr->ecommunity);
802 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
803
804 if (attr->lcommunity)
805 lcommunity_unintern(&attr->lcommunity);
806 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES));
807
808 if (attr->cluster)
809 cluster_unintern(attr->cluster);
810 UNSET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_CLUSTER_LIST));
811
812 if (attr->transit)
813 transit_unintern(attr->transit);
814
815 if (attr->encap_subtlvs)
816 encap_unintern(&attr->encap_subtlvs, ENCAP_SUBTLV_TYPE);
817
818 #if ENABLE_BGP_VNC
819 if (attr->vnc_subtlvs)
820 encap_unintern(&attr->vnc_subtlvs, VNC_SUBTLV_TYPE);
821 #endif
822 }
823
824 /*
825 * We have some show commands that let you experimentally
826 * apply a route-map. When we apply the route-map
827 * we are reseting values but not saving them for
828 * posterity via intern'ing( because route-maps don't
829 * do that) but at this point in time we need
830 * to compare the new attr to the old and if the
831 * routemap has changed it we need to, as Snoop Dog says,
832 * Drop it like it's hot
833 */
834 void bgp_attr_undup(struct attr *new, struct attr *old)
835 {
836 if (new->aspath != old->aspath)
837 aspath_free(new->aspath);
838
839 if (new->community != old->community)
840 community_free(new->community);
841
842 if (new->ecommunity != old->ecommunity)
843 ecommunity_free(&new->ecommunity);
844
845 if (new->lcommunity != old->lcommunity)
846 lcommunity_free(&new->lcommunity);
847 }
848
849 /* Free bgp attribute and aspath. */
850 void bgp_attr_unintern(struct attr **pattr)
851 {
852 struct attr *attr = *pattr;
853 struct attr *ret;
854 struct attr tmp;
855
856 /* Decrement attribute reference. */
857 attr->refcnt--;
858
859 tmp = *attr;
860
861 /* If reference becomes zero then free attribute object. */
862 if (attr->refcnt == 0) {
863 ret = hash_release(attrhash, attr);
864 assert(ret != NULL);
865 XFREE(MTYPE_ATTR, attr);
866 *pattr = NULL;
867 }
868
869 bgp_attr_unintern_sub(&tmp);
870 }
871
872 void bgp_attr_flush(struct attr *attr)
873 {
874 if (attr->aspath && !attr->aspath->refcnt) {
875 aspath_free(attr->aspath);
876 attr->aspath = NULL;
877 }
878 if (attr->community && !attr->community->refcnt) {
879 community_free(attr->community);
880 attr->community = NULL;
881 }
882
883 if (attr->ecommunity && !attr->ecommunity->refcnt)
884 ecommunity_free(&attr->ecommunity);
885 if (attr->lcommunity && !attr->lcommunity->refcnt)
886 lcommunity_free(&attr->lcommunity);
887 if (attr->cluster && !attr->cluster->refcnt) {
888 cluster_free(attr->cluster);
889 attr->cluster = NULL;
890 }
891 if (attr->transit && !attr->transit->refcnt) {
892 transit_free(attr->transit);
893 attr->transit = NULL;
894 }
895 if (attr->encap_subtlvs && !attr->encap_subtlvs->refcnt) {
896 encap_free(attr->encap_subtlvs);
897 attr->encap_subtlvs = NULL;
898 }
899 #if ENABLE_BGP_VNC
900 if (attr->vnc_subtlvs && !attr->vnc_subtlvs->refcnt) {
901 encap_free(attr->vnc_subtlvs);
902 attr->vnc_subtlvs = NULL;
903 }
904 #endif
905 }
906
907 /* Implement draft-scudder-idr-optional-transitive behaviour and
908 * avoid resetting sessions for malformed attributes which are
909 * are partial/optional and hence where the error likely was not
910 * introduced by the sending neighbour.
911 */
912 static bgp_attr_parse_ret_t
913 bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
914 bgp_size_t length)
915 {
916 struct peer *const peer = args->peer;
917 const uint8_t flags = args->flags;
918 /* startp and length must be special-cased, as whether or not to
919 * send the attribute data with the NOTIFY depends on the error,
920 * the caller therefore signals this with the seperate length argument
921 */
922 uint8_t *notify_datap = (length > 0 ? args->startp : NULL);
923
924 /* Only relax error handling for eBGP peers */
925 if (peer->sort != BGP_PEER_EBGP) {
926 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, subcode,
927 notify_datap, length);
928 return BGP_ATTR_PARSE_ERROR;
929 }
930
931 /* Adjust the stream getp to the end of the attribute, in case we can
932 * still proceed but the caller hasn't read all the attribute.
933 */
934 stream_set_getp(BGP_INPUT(peer),
935 (args->startp - STREAM_DATA(BGP_INPUT(peer)))
936 + args->total);
937
938 switch (args->type) {
939 /* where an attribute is relatively inconsequential, e.g. it does not
940 * affect route selection, and can be safely ignored, then any such
941 * attributes which are malformed should just be ignored and the route
942 * processed as normal.
943 */
944 case BGP_ATTR_AS4_AGGREGATOR:
945 case BGP_ATTR_AGGREGATOR:
946 case BGP_ATTR_ATOMIC_AGGREGATE:
947 return BGP_ATTR_PARSE_PROCEED;
948
949 /* Core attributes, particularly ones which may influence route
950 * selection, should always cause session resets
951 */
952 case BGP_ATTR_ORIGIN:
953 case BGP_ATTR_AS_PATH:
954 case BGP_ATTR_NEXT_HOP:
955 case BGP_ATTR_MULTI_EXIT_DISC:
956 case BGP_ATTR_LOCAL_PREF:
957 case BGP_ATTR_COMMUNITIES:
958 case BGP_ATTR_ORIGINATOR_ID:
959 case BGP_ATTR_CLUSTER_LIST:
960 case BGP_ATTR_MP_REACH_NLRI:
961 case BGP_ATTR_MP_UNREACH_NLRI:
962 case BGP_ATTR_EXT_COMMUNITIES:
963 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, subcode,
964 notify_datap, length);
965 return BGP_ATTR_PARSE_ERROR;
966 }
967
968 /* Partial optional attributes that are malformed should not cause
969 * the whole session to be reset. Instead treat it as a withdrawal
970 * of the routes, if possible.
971 */
972 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS)
973 && CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
974 && CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL))
975 return BGP_ATTR_PARSE_WITHDRAW;
976
977 /* default to reset */
978 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
979 }
980
981 /* Find out what is wrong with the path attribute flag bits and log the error.
982 "Flag bits" here stand for Optional, Transitive and Partial, but not for
983 Extended Length. Checking O/T/P bits at once implies, that the attribute
984 being diagnosed is defined by RFC as either a "well-known" or an "optional,
985 non-transitive" attribute. */
986 static void
987 bgp_attr_flags_diagnose(struct bgp_attr_parser_args *args,
988 uint8_t desired_flags /* how RFC says it must be */
989 )
990 {
991 uint8_t seen = 0, i;
992 uint8_t real_flags = args->flags;
993 const uint8_t attr_code = args->type;
994
995 desired_flags &= ~BGP_ATTR_FLAG_EXTLEN;
996 real_flags &= ~BGP_ATTR_FLAG_EXTLEN;
997 for (i = 0; i <= 2; i++) /* O,T,P, but not E */
998 if (CHECK_FLAG(desired_flags, attr_flag_str[i].key)
999 != CHECK_FLAG(real_flags, attr_flag_str[i].key)) {
1000 flog_err(EC_BGP_ATTR_FLAG,
1001 "%s attribute must%s be flagged as \"%s\"",
1002 lookup_msg(attr_str, attr_code, NULL),
1003 CHECK_FLAG(desired_flags, attr_flag_str[i].key)
1004 ? ""
1005 : " not",
1006 attr_flag_str[i].str);
1007 seen = 1;
1008 }
1009 if (!seen) {
1010 zlog_debug(
1011 "Strange, %s called for attr %s, but no problem found with flags"
1012 " (real flags 0x%x, desired 0x%x)",
1013 __func__, lookup_msg(attr_str, attr_code, NULL),
1014 real_flags, desired_flags);
1015 }
1016 }
1017
1018 /* Required flags for attributes. EXTLEN will be masked off when testing,
1019 * as will PARTIAL for optional+transitive attributes.
1020 */
1021 const uint8_t attr_flags_values[] = {
1022 [BGP_ATTR_ORIGIN] = BGP_ATTR_FLAG_TRANS,
1023 [BGP_ATTR_AS_PATH] = BGP_ATTR_FLAG_TRANS,
1024 [BGP_ATTR_NEXT_HOP] = BGP_ATTR_FLAG_TRANS,
1025 [BGP_ATTR_MULTI_EXIT_DISC] = BGP_ATTR_FLAG_OPTIONAL,
1026 [BGP_ATTR_LOCAL_PREF] = BGP_ATTR_FLAG_TRANS,
1027 [BGP_ATTR_ATOMIC_AGGREGATE] = BGP_ATTR_FLAG_TRANS,
1028 [BGP_ATTR_AGGREGATOR] = BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL,
1029 [BGP_ATTR_COMMUNITIES] = BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL,
1030 [BGP_ATTR_ORIGINATOR_ID] = BGP_ATTR_FLAG_OPTIONAL,
1031 [BGP_ATTR_CLUSTER_LIST] = BGP_ATTR_FLAG_OPTIONAL,
1032 [BGP_ATTR_MP_REACH_NLRI] = BGP_ATTR_FLAG_OPTIONAL,
1033 [BGP_ATTR_MP_UNREACH_NLRI] = BGP_ATTR_FLAG_OPTIONAL,
1034 [BGP_ATTR_EXT_COMMUNITIES] =
1035 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1036 [BGP_ATTR_AS4_PATH] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1037 [BGP_ATTR_AS4_AGGREGATOR] =
1038 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1039 [BGP_ATTR_PMSI_TUNNEL] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1040 [BGP_ATTR_LARGE_COMMUNITIES] =
1041 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1042 [BGP_ATTR_PREFIX_SID] = BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS,
1043 };
1044 static const size_t attr_flags_values_max = array_size(attr_flags_values) - 1;
1045
1046 static int bgp_attr_flag_invalid(struct bgp_attr_parser_args *args)
1047 {
1048 uint8_t mask = BGP_ATTR_FLAG_EXTLEN;
1049 const uint8_t flags = args->flags;
1050 const uint8_t attr_code = args->type;
1051
1052 /* there may be attributes we don't know about */
1053 if (attr_code > attr_flags_values_max)
1054 return 0;
1055 if (attr_flags_values[attr_code] == 0)
1056 return 0;
1057
1058 /* RFC4271, "For well-known attributes, the Transitive bit MUST be set
1059 * to
1060 * 1."
1061 */
1062 if (!CHECK_FLAG(BGP_ATTR_FLAG_OPTIONAL, flags)
1063 && !CHECK_FLAG(BGP_ATTR_FLAG_TRANS, flags)) {
1064 flog_err(
1065 EC_BGP_ATTR_FLAG,
1066 "%s well-known attributes must have transitive flag set (%x)",
1067 lookup_msg(attr_str, attr_code, NULL), flags);
1068 return 1;
1069 }
1070
1071 /* "For well-known attributes and for optional non-transitive
1072 * attributes,
1073 * the Partial bit MUST be set to 0."
1074 */
1075 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL)) {
1076 if (!CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)) {
1077 flog_err(EC_BGP_ATTR_FLAG,
1078 "%s well-known attribute "
1079 "must NOT have the partial flag set (%x)",
1080 lookup_msg(attr_str, attr_code, NULL), flags);
1081 return 1;
1082 }
1083 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
1084 && !CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS)) {
1085 flog_err(EC_BGP_ATTR_FLAG,
1086 "%s optional + transitive attribute "
1087 "must NOT have the partial flag set (%x)",
1088 lookup_msg(attr_str, attr_code, NULL), flags);
1089 return 1;
1090 }
1091 }
1092
1093 /* Optional transitive attributes may go through speakers that don't
1094 * reocgnise them and set the Partial bit.
1095 */
1096 if (CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
1097 && CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS))
1098 SET_FLAG(mask, BGP_ATTR_FLAG_PARTIAL);
1099
1100 if ((flags & ~mask) == attr_flags_values[attr_code])
1101 return 0;
1102
1103 bgp_attr_flags_diagnose(args, attr_flags_values[attr_code]);
1104 return 1;
1105 }
1106
1107 /* Get origin attribute of the update message. */
1108 static bgp_attr_parse_ret_t bgp_attr_origin(struct bgp_attr_parser_args *args)
1109 {
1110 struct peer *const peer = args->peer;
1111 struct attr *const attr = args->attr;
1112 const bgp_size_t length = args->length;
1113
1114 /* If any recognized attribute has Attribute Length that conflicts
1115 with the expected length (based on the attribute type code), then
1116 the Error Subcode is set to Attribute Length Error. The Data
1117 field contains the erroneous attribute (type, length and
1118 value). */
1119 if (length != 1) {
1120 flog_err(EC_BGP_ATTR_LEN,
1121 "Origin attribute length is not one %d", length);
1122 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1123 args->total);
1124 }
1125
1126 /* Fetch origin attribute. */
1127 attr->origin = stream_getc(BGP_INPUT(peer));
1128
1129 /* If the ORIGIN attribute has an undefined value, then the Error
1130 Subcode is set to Invalid Origin Attribute. The Data field
1131 contains the unrecognized attribute (type, length and value). */
1132 if ((attr->origin != BGP_ORIGIN_IGP) && (attr->origin != BGP_ORIGIN_EGP)
1133 && (attr->origin != BGP_ORIGIN_INCOMPLETE)) {
1134 flog_err(EC_BGP_ATTR_ORIGIN,
1135 "Origin attribute value is invalid %d", attr->origin);
1136 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_INVAL_ORIGIN,
1137 args->total);
1138 }
1139
1140 /* Set oring attribute flag. */
1141 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGIN);
1142
1143 return 0;
1144 }
1145
1146 /* Parse AS path information. This function is wrapper of
1147 aspath_parse. */
1148 static int bgp_attr_aspath(struct bgp_attr_parser_args *args)
1149 {
1150 struct attr *const attr = args->attr;
1151 struct peer *const peer = args->peer;
1152 const bgp_size_t length = args->length;
1153
1154 /*
1155 * peer with AS4 => will get 4Byte ASnums
1156 * otherwise, will get 16 Bit
1157 */
1158 attr->aspath = aspath_parse(peer->curr, length,
1159 CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV));
1160
1161 /* In case of IBGP, length will be zero. */
1162 if (!attr->aspath) {
1163 flog_err(EC_BGP_ATTR_MAL_AS_PATH,
1164 "Malformed AS path from %s, length is %d", peer->host,
1165 length);
1166 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH,
1167 0);
1168 }
1169
1170 /* Set aspath attribute flag. */
1171 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH);
1172
1173 return BGP_ATTR_PARSE_PROCEED;
1174 }
1175
1176 static bgp_attr_parse_ret_t bgp_attr_aspath_check(struct peer *const peer,
1177 struct attr *const attr)
1178 {
1179 /* These checks were part of bgp_attr_aspath, but with
1180 * as4 we should to check aspath things when
1181 * aspath synthesizing with as4_path has already taken place.
1182 * Otherwise we check ASPATH and use the synthesized thing, and that is
1183 * not right.
1184 * So do the checks later, i.e. here
1185 */
1186 struct aspath *aspath;
1187
1188 /* Confederation sanity check. */
1189 if ((peer->sort == BGP_PEER_CONFED
1190 && !aspath_left_confed_check(attr->aspath))
1191 || (peer->sort == BGP_PEER_EBGP
1192 && aspath_confed_check(attr->aspath))) {
1193 flog_err(EC_BGP_ATTR_MAL_AS_PATH, "Malformed AS path from %s",
1194 peer->host);
1195 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1196 BGP_NOTIFY_UPDATE_MAL_AS_PATH);
1197 return BGP_ATTR_PARSE_ERROR;
1198 }
1199
1200 /* First AS check for EBGP. */
1201 if (CHECK_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS)) {
1202 if (peer->sort == BGP_PEER_EBGP
1203 && !aspath_firstas_check(attr->aspath, peer->as)) {
1204 flog_err(EC_BGP_ATTR_FIRST_AS,
1205 "%s incorrect first AS (must be %u)",
1206 peer->host, peer->as);
1207 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1208 BGP_NOTIFY_UPDATE_MAL_AS_PATH);
1209 return BGP_ATTR_PARSE_ERROR;
1210 }
1211 }
1212
1213 /* local-as prepend */
1214 if (peer->change_local_as
1215 && !CHECK_FLAG(peer->flags, PEER_FLAG_LOCAL_AS_NO_PREPEND)) {
1216 aspath = aspath_dup(attr->aspath);
1217 aspath = aspath_add_seq(aspath, peer->change_local_as);
1218 aspath_unintern(&attr->aspath);
1219 attr->aspath = aspath_intern(aspath);
1220 }
1221
1222 return BGP_ATTR_PARSE_PROCEED;
1223 }
1224
1225 /* Parse AS4 path information. This function is another wrapper of
1226 aspath_parse. */
1227 static int bgp_attr_as4_path(struct bgp_attr_parser_args *args,
1228 struct aspath **as4_path)
1229 {
1230 struct peer *const peer = args->peer;
1231 struct attr *const attr = args->attr;
1232 const bgp_size_t length = args->length;
1233
1234 *as4_path = aspath_parse(peer->curr, length, 1);
1235
1236 /* In case of IBGP, length will be zero. */
1237 if (!*as4_path) {
1238 flog_err(EC_BGP_ATTR_MAL_AS_PATH,
1239 "Malformed AS4 path from %s, length is %d", peer->host,
1240 length);
1241 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH,
1242 0);
1243 }
1244
1245 /* Set aspath attribute flag. */
1246 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH);
1247
1248 return BGP_ATTR_PARSE_PROCEED;
1249 }
1250
1251 /* Nexthop attribute. */
1252 static bgp_attr_parse_ret_t bgp_attr_nexthop(struct bgp_attr_parser_args *args)
1253 {
1254 struct peer *const peer = args->peer;
1255 struct attr *const attr = args->attr;
1256 const bgp_size_t length = args->length;
1257
1258 in_addr_t nexthop_h, nexthop_n;
1259
1260 /* Check nexthop attribute length. */
1261 if (length != 4) {
1262 flog_err(EC_BGP_ATTR_LEN,
1263 "Nexthop attribute length isn't four [%d]", length);
1264
1265 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1266 args->total);
1267 }
1268
1269 /* According to section 6.3 of RFC4271, syntactically incorrect NEXT_HOP
1270 attribute must result in a NOTIFICATION message (this is implemented
1271 below).
1272 At the same time, semantically incorrect NEXT_HOP is more likely to
1273 be just
1274 logged locally (this is implemented somewhere else). The UPDATE
1275 message
1276 gets ignored in any of these cases. */
1277 nexthop_n = stream_get_ipv4(peer->curr);
1278 nexthop_h = ntohl(nexthop_n);
1279 if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h)
1280 || IPV4_CLASS_DE(nexthop_h))
1281 && !BGP_DEBUG(
1282 allow_martians,
1283 ALLOW_MARTIANS)) /* loopbacks may be used in testing */
1284 {
1285 char buf[INET_ADDRSTRLEN];
1286 inet_ntop(AF_INET, &nexthop_n, buf, INET_ADDRSTRLEN);
1287 flog_err(EC_BGP_ATTR_MARTIAN_NH, "Martian nexthop %s", buf);
1288 return bgp_attr_malformed(
1289 args, BGP_NOTIFY_UPDATE_INVAL_NEXT_HOP, args->total);
1290 }
1291
1292 attr->nexthop.s_addr = nexthop_n;
1293 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1294
1295 return BGP_ATTR_PARSE_PROCEED;
1296 }
1297
1298 /* MED atrribute. */
1299 static bgp_attr_parse_ret_t bgp_attr_med(struct bgp_attr_parser_args *args)
1300 {
1301 struct peer *const peer = args->peer;
1302 struct attr *const attr = args->attr;
1303 const bgp_size_t length = args->length;
1304
1305 /* Length check. */
1306 if (length != 4) {
1307 flog_err(EC_BGP_ATTR_LEN,
1308 "MED attribute length isn't four [%d]", length);
1309
1310 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1311 args->total);
1312 }
1313
1314 attr->med = stream_getl(peer->curr);
1315
1316 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC);
1317
1318 return BGP_ATTR_PARSE_PROCEED;
1319 }
1320
1321 /* Local preference attribute. */
1322 static bgp_attr_parse_ret_t
1323 bgp_attr_local_pref(struct bgp_attr_parser_args *args)
1324 {
1325 struct peer *const peer = args->peer;
1326 struct attr *const attr = args->attr;
1327 const bgp_size_t length = args->length;
1328
1329 /* Length check. */
1330 if (length != 4) {
1331 flog_err(EC_BGP_ATTR_LEN,
1332 "LOCAL_PREF attribute length isn't 4 [%u]", length);
1333 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1334 args->total);
1335 }
1336
1337 /* If it is contained in an UPDATE message that is received from an
1338 external peer, then this attribute MUST be ignored by the
1339 receiving speaker. */
1340 if (peer->sort == BGP_PEER_EBGP) {
1341 stream_forward_getp(peer->curr, length);
1342 return BGP_ATTR_PARSE_PROCEED;
1343 }
1344
1345 attr->local_pref = stream_getl(peer->curr);
1346
1347 /* Set the local-pref flag. */
1348 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF);
1349
1350 return BGP_ATTR_PARSE_PROCEED;
1351 }
1352
1353 /* Atomic aggregate. */
1354 static int bgp_attr_atomic(struct bgp_attr_parser_args *args)
1355 {
1356 struct attr *const attr = args->attr;
1357 const bgp_size_t length = args->length;
1358
1359 /* Length check. */
1360 if (length != 0) {
1361 flog_err(EC_BGP_ATTR_LEN,
1362 "ATOMIC_AGGREGATE attribute length isn't 0 [%u]",
1363 length);
1364 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1365 args->total);
1366 }
1367
1368 /* Set atomic aggregate flag. */
1369 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE);
1370
1371 return BGP_ATTR_PARSE_PROCEED;
1372 }
1373
1374 /* Aggregator attribute */
1375 static int bgp_attr_aggregator(struct bgp_attr_parser_args *args)
1376 {
1377 struct peer *const peer = args->peer;
1378 struct attr *const attr = args->attr;
1379 const bgp_size_t length = args->length;
1380
1381 int wantedlen = 6;
1382
1383 /* peer with AS4 will send 4 Byte AS, peer without will send 2 Byte */
1384 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV))
1385 wantedlen = 8;
1386
1387 if (length != wantedlen) {
1388 flog_err(EC_BGP_ATTR_LEN,
1389 "AGGREGATOR attribute length isn't %u [%u]", wantedlen,
1390 length);
1391 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1392 args->total);
1393 }
1394
1395 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV))
1396 attr->aggregator_as = stream_getl(peer->curr);
1397 else
1398 attr->aggregator_as = stream_getw(peer->curr);
1399 attr->aggregator_addr.s_addr = stream_get_ipv4(peer->curr);
1400
1401 /* Set atomic aggregate flag. */
1402 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR);
1403
1404 return BGP_ATTR_PARSE_PROCEED;
1405 }
1406
1407 /* New Aggregator attribute */
1408 static bgp_attr_parse_ret_t
1409 bgp_attr_as4_aggregator(struct bgp_attr_parser_args *args,
1410 as_t *as4_aggregator_as,
1411 struct in_addr *as4_aggregator_addr)
1412 {
1413 struct peer *const peer = args->peer;
1414 struct attr *const attr = args->attr;
1415 const bgp_size_t length = args->length;
1416
1417 if (length != 8) {
1418 flog_err(EC_BGP_ATTR_LEN, "New Aggregator length is not 8 [%d]",
1419 length);
1420 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1421 0);
1422 }
1423
1424 *as4_aggregator_as = stream_getl(peer->curr);
1425 as4_aggregator_addr->s_addr = stream_get_ipv4(peer->curr);
1426
1427 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR);
1428
1429 return BGP_ATTR_PARSE_PROCEED;
1430 }
1431
1432 /* Munge Aggregator and New-Aggregator, AS_PATH and NEW_AS_PATH.
1433 */
1434 static bgp_attr_parse_ret_t
1435 bgp_attr_munge_as4_attrs(struct peer *const peer, struct attr *const attr,
1436 struct aspath *as4_path, as_t as4_aggregator,
1437 struct in_addr *as4_aggregator_addr)
1438 {
1439 int ignore_as4_path = 0;
1440 struct aspath *newpath;
1441
1442 if (!attr->aspath) {
1443 /* NULL aspath shouldn't be possible as bgp_attr_parse should
1444 * have
1445 * checked that all well-known, mandatory attributes were
1446 * present.
1447 *
1448 * Can only be a problem with peer itself - hard error
1449 */
1450 return BGP_ATTR_PARSE_ERROR;
1451 }
1452
1453 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)) {
1454 /* peer can do AS4, so we ignore AS4_PATH and AS4_AGGREGATOR
1455 * if given.
1456 * It is worth a warning though, because the peer really
1457 * should not send them
1458 */
1459 if (BGP_DEBUG(as4, AS4)) {
1460 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH)))
1461 zlog_debug("[AS4] %s %s AS4_PATH", peer->host,
1462 "AS4 capable peer, yet it sent");
1463
1464 if (attr->flag
1465 & (ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR)))
1466 zlog_debug("[AS4] %s %s AS4_AGGREGATOR",
1467 peer->host,
1468 "AS4 capable peer, yet it sent");
1469 }
1470
1471 return BGP_ATTR_PARSE_PROCEED;
1472 }
1473
1474 /* We have a asn16 peer. First, look for AS4_AGGREGATOR
1475 * because that may override AS4_PATH
1476 */
1477 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_AGGREGATOR))) {
1478 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR))) {
1479 /* received both.
1480 * if the as_number in aggregator is not AS_TRANS,
1481 * then AS4_AGGREGATOR and AS4_PATH shall be ignored
1482 * and the Aggregator shall be taken as
1483 * info on the aggregating node, and the AS_PATH
1484 * shall be taken as the AS_PATH
1485 * otherwise
1486 * the Aggregator shall be ignored and the
1487 * AS4_AGGREGATOR shall be taken as the
1488 * Aggregating node and the AS_PATH is to be
1489 * constructed "as in all other cases"
1490 */
1491 if (attr->aggregator_as != BGP_AS_TRANS) {
1492 /* ignore */
1493 if (BGP_DEBUG(as4, AS4))
1494 zlog_debug(
1495 "[AS4] %s BGP not AS4 capable peer"
1496 " send AGGREGATOR != AS_TRANS and"
1497 " AS4_AGGREGATOR, so ignore"
1498 " AS4_AGGREGATOR and AS4_PATH",
1499 peer->host);
1500 ignore_as4_path = 1;
1501 } else {
1502 /* "New_aggregator shall be taken as aggregator"
1503 */
1504 attr->aggregator_as = as4_aggregator;
1505 attr->aggregator_addr.s_addr =
1506 as4_aggregator_addr->s_addr;
1507 }
1508 } else {
1509 /* We received a AS4_AGGREGATOR but no AGGREGATOR.
1510 * That is bogus - but reading the conditions
1511 * we have to handle AS4_AGGREGATOR as if it were
1512 * AGGREGATOR in that case
1513 */
1514 if (BGP_DEBUG(as4, AS4))
1515 zlog_debug(
1516 "[AS4] %s BGP not AS4 capable peer send"
1517 " AS4_AGGREGATOR but no AGGREGATOR, will take"
1518 " it as if AGGREGATOR with AS_TRANS had been there",
1519 peer->host);
1520 attr->aggregator_as = as4_aggregator;
1521 /* sweep it under the carpet and simulate a "good"
1522 * AGGREGATOR */
1523 attr->flag |= (ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR));
1524 }
1525 }
1526
1527 /* need to reconcile NEW_AS_PATH and AS_PATH */
1528 if (!ignore_as4_path
1529 && (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH)))) {
1530 newpath = aspath_reconcile_as4(attr->aspath, as4_path);
1531 if (!newpath)
1532 return BGP_ATTR_PARSE_ERROR;
1533
1534 aspath_unintern(&attr->aspath);
1535 attr->aspath = aspath_intern(newpath);
1536 }
1537 return BGP_ATTR_PARSE_PROCEED;
1538 }
1539
1540 /* Community attribute. */
1541 static bgp_attr_parse_ret_t
1542 bgp_attr_community(struct bgp_attr_parser_args *args)
1543 {
1544 struct peer *const peer = args->peer;
1545 struct attr *const attr = args->attr;
1546 const bgp_size_t length = args->length;
1547
1548 if (length == 0) {
1549 attr->community = NULL;
1550 return BGP_ATTR_PARSE_PROCEED;
1551 }
1552
1553 attr->community =
1554 community_parse((uint32_t *)stream_pnt(peer->curr), length);
1555
1556 /* XXX: fix community_parse to use stream API and remove this */
1557 stream_forward_getp(peer->curr, length);
1558
1559 if (!attr->community)
1560 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1561 args->total);
1562
1563 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES);
1564
1565 return BGP_ATTR_PARSE_PROCEED;
1566 }
1567
1568 /* Originator ID attribute. */
1569 static bgp_attr_parse_ret_t
1570 bgp_attr_originator_id(struct bgp_attr_parser_args *args)
1571 {
1572 struct peer *const peer = args->peer;
1573 struct attr *const attr = args->attr;
1574 const bgp_size_t length = args->length;
1575
1576 /* Length check. */
1577 if (length != 4) {
1578 flog_err(EC_BGP_ATTR_LEN, "Bad originator ID length %d",
1579 length);
1580
1581 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1582 args->total);
1583 }
1584
1585 attr->originator_id.s_addr = stream_get_ipv4(peer->curr);
1586
1587 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID);
1588
1589 return BGP_ATTR_PARSE_PROCEED;
1590 }
1591
1592 /* Cluster list attribute. */
1593 static bgp_attr_parse_ret_t
1594 bgp_attr_cluster_list(struct bgp_attr_parser_args *args)
1595 {
1596 struct peer *const peer = args->peer;
1597 struct attr *const attr = args->attr;
1598 const bgp_size_t length = args->length;
1599
1600 /* Check length. */
1601 if (length % 4) {
1602 flog_err(EC_BGP_ATTR_LEN, "Bad cluster list length %d", length);
1603
1604 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
1605 args->total);
1606 }
1607
1608 attr->cluster =
1609 cluster_parse((struct in_addr *)stream_pnt(peer->curr), length);
1610
1611 /* XXX: Fix cluster_parse to use stream API and then remove this */
1612 stream_forward_getp(peer->curr, length);
1613
1614 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_CLUSTER_LIST);
1615
1616 return BGP_ATTR_PARSE_PROCEED;
1617 }
1618
1619 /* Multiprotocol reachability information parse. */
1620 int bgp_mp_reach_parse(struct bgp_attr_parser_args *args,
1621 struct bgp_nlri *mp_update)
1622 {
1623 iana_afi_t pkt_afi;
1624 afi_t afi;
1625 iana_safi_t pkt_safi;
1626 safi_t safi;
1627 bgp_size_t nlri_len;
1628 size_t start;
1629 struct stream *s;
1630 struct peer *const peer = args->peer;
1631 struct attr *const attr = args->attr;
1632 const bgp_size_t length = args->length;
1633
1634 /* Set end of packet. */
1635 s = BGP_INPUT(peer);
1636 start = stream_get_getp(s);
1637
1638 /* safe to read statically sized header? */
1639 #define BGP_MP_REACH_MIN_SIZE 5
1640 #define LEN_LEFT (length - (stream_get_getp(s) - start))
1641 if ((length > STREAM_READABLE(s)) || (length < BGP_MP_REACH_MIN_SIZE)) {
1642 zlog_info("%s: %s sent invalid length, %lu", __func__,
1643 peer->host, (unsigned long)length);
1644 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1645 }
1646
1647 /* Load AFI, SAFI. */
1648 pkt_afi = stream_getw(s);
1649 pkt_safi = stream_getc(s);
1650
1651 /* Convert AFI, SAFI to internal values, check. */
1652 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1653 /* Log if AFI or SAFI is unrecognized. This is not an error
1654 * unless
1655 * the attribute is otherwise malformed.
1656 */
1657 if (bgp_debug_update(peer, NULL, NULL, 0))
1658 zlog_debug(
1659 "%s: MP_REACH received AFI %u or SAFI %u is unrecognized",
1660 peer->host, pkt_afi, pkt_safi);
1661 return BGP_ATTR_PARSE_ERROR;
1662 }
1663
1664 /* Get nexthop length. */
1665 attr->mp_nexthop_len = stream_getc(s);
1666
1667 if (LEN_LEFT < attr->mp_nexthop_len) {
1668 zlog_info(
1669 "%s: %s, MP nexthop length, %u, goes past end of attribute",
1670 __func__, peer->host, attr->mp_nexthop_len);
1671 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1672 }
1673
1674 /* Nexthop length check. */
1675 switch (attr->mp_nexthop_len) {
1676 case 0:
1677 if (safi != SAFI_FLOWSPEC) {
1678 zlog_info("%s: (%s) Wrong multiprotocol next hop length: %d",
1679 __func__, peer->host, attr->mp_nexthop_len);
1680 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1681 }
1682 break;
1683 case BGP_ATTR_NHLEN_VPNV4:
1684 stream_getl(s); /* RD high */
1685 stream_getl(s); /* RD low */
1686 /*
1687 * NOTE: intentional fall through
1688 * - for consistency in rx processing
1689 *
1690 * The following comment is to signal GCC this intention
1691 * and supress the warning
1692 */
1693 /* FALLTHRU */
1694 case BGP_ATTR_NHLEN_IPV4:
1695 stream_get(&attr->mp_nexthop_global_in, s, IPV4_MAX_BYTELEN);
1696 /* Probably needed for RFC 2283 */
1697 if (attr->nexthop.s_addr == 0)
1698 memcpy(&attr->nexthop.s_addr,
1699 &attr->mp_nexthop_global_in, IPV4_MAX_BYTELEN);
1700 break;
1701 case BGP_ATTR_NHLEN_IPV6_GLOBAL:
1702 case BGP_ATTR_NHLEN_VPNV6_GLOBAL:
1703 if (attr->mp_nexthop_len == BGP_ATTR_NHLEN_VPNV6_GLOBAL) {
1704 stream_getl(s); /* RD high */
1705 stream_getl(s); /* RD low */
1706 }
1707 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
1708 if (IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_global)) {
1709 if (!peer->nexthop.ifp) {
1710 zlog_warn("%s: interface not set appropriately to handle some attributes",
1711 peer->host);
1712 return BGP_ATTR_PARSE_WITHDRAW;
1713 }
1714 attr->nh_ifindex = peer->nexthop.ifp->ifindex;
1715 }
1716 break;
1717 case BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL:
1718 case BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL:
1719 if (attr->mp_nexthop_len
1720 == BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL) {
1721 stream_getl(s); /* RD high */
1722 stream_getl(s); /* RD low */
1723 }
1724 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
1725 if (IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_global)) {
1726 if (!peer->nexthop.ifp) {
1727 zlog_warn("%s: interface not set appropriately to handle some attributes",
1728 peer->host);
1729 return BGP_ATTR_PARSE_WITHDRAW;
1730 }
1731 attr->nh_ifindex = peer->nexthop.ifp->ifindex;
1732 }
1733 if (attr->mp_nexthop_len
1734 == BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL) {
1735 stream_getl(s); /* RD high */
1736 stream_getl(s); /* RD low */
1737 }
1738 stream_get(&attr->mp_nexthop_local, s, IPV6_MAX_BYTELEN);
1739 if (!IN6_IS_ADDR_LINKLOCAL(&attr->mp_nexthop_local)) {
1740 char buf1[INET6_ADDRSTRLEN];
1741 char buf2[INET6_ADDRSTRLEN];
1742
1743 if (bgp_debug_update(peer, NULL, NULL, 1))
1744 zlog_debug(
1745 "%s rcvd nexthops %s, %s -- ignoring non-LL value",
1746 peer->host,
1747 inet_ntop(AF_INET6,
1748 &attr->mp_nexthop_global,
1749 buf1, INET6_ADDRSTRLEN),
1750 inet_ntop(AF_INET6,
1751 &attr->mp_nexthop_local, buf2,
1752 INET6_ADDRSTRLEN));
1753
1754 attr->mp_nexthop_len = IPV6_MAX_BYTELEN;
1755 }
1756 if (!peer->nexthop.ifp) {
1757 zlog_warn("%s: Interface not set appropriately to handle this some attributes",
1758 peer->host);
1759 return BGP_ATTR_PARSE_WITHDRAW;
1760 }
1761 attr->nh_lla_ifindex = peer->nexthop.ifp->ifindex;
1762 break;
1763 default:
1764 zlog_info("%s: (%s) Wrong multiprotocol next hop length: %d",
1765 __func__, peer->host, attr->mp_nexthop_len);
1766 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1767 }
1768
1769 if (!LEN_LEFT) {
1770 zlog_info("%s: (%s) Failed to read SNPA and NLRI(s)", __func__,
1771 peer->host);
1772 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1773 }
1774
1775 {
1776 uint8_t val;
1777 if ((val = stream_getc(s)))
1778 flog_warn(
1779 EC_BGP_DEFUNCT_SNPA_LEN,
1780 "%s sent non-zero value, %u, for defunct SNPA-length field",
1781 peer->host, val);
1782 }
1783
1784 /* must have nrli_len, what is left of the attribute */
1785 nlri_len = LEN_LEFT;
1786 if (nlri_len > STREAM_READABLE(s)) {
1787 zlog_info("%s: (%s) Failed to read NLRI", __func__, peer->host);
1788 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1789 }
1790
1791 if (!nlri_len) {
1792 zlog_info("%s: (%s) No Reachability, Treating as a EOR marker",
1793 __func__, peer->host);
1794
1795 mp_update->afi = afi;
1796 mp_update->safi = safi;
1797 return BGP_ATTR_PARSE_EOR;
1798 }
1799
1800 mp_update->afi = afi;
1801 mp_update->safi = safi;
1802 mp_update->nlri = stream_pnt(s);
1803 mp_update->length = nlri_len;
1804
1805 stream_forward_getp(s, nlri_len);
1806
1807 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI);
1808
1809 return BGP_ATTR_PARSE_PROCEED;
1810 #undef LEN_LEFT
1811 }
1812
1813 /* Multiprotocol unreachable parse */
1814 int bgp_mp_unreach_parse(struct bgp_attr_parser_args *args,
1815 struct bgp_nlri *mp_withdraw)
1816 {
1817 struct stream *s;
1818 iana_afi_t pkt_afi;
1819 afi_t afi;
1820 iana_safi_t pkt_safi;
1821 safi_t safi;
1822 uint16_t withdraw_len;
1823 struct peer *const peer = args->peer;
1824 struct attr *const attr = args->attr;
1825 const bgp_size_t length = args->length;
1826
1827 s = peer->curr;
1828
1829 #define BGP_MP_UNREACH_MIN_SIZE 3
1830 if ((length > STREAM_READABLE(s)) || (length < BGP_MP_UNREACH_MIN_SIZE))
1831 return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
1832
1833 pkt_afi = stream_getw(s);
1834 pkt_safi = stream_getc(s);
1835
1836 /* Convert AFI, SAFI to internal values, check. */
1837 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1838 /* Log if AFI or SAFI is unrecognized. This is not an error
1839 * unless
1840 * the attribute is otherwise malformed.
1841 */
1842 if (bgp_debug_update(peer, NULL, NULL, 0))
1843 zlog_debug(
1844 "%s: MP_UNREACH received AFI %u or SAFI %u is unrecognized",
1845 peer->host, pkt_afi, pkt_safi);
1846 return BGP_ATTR_PARSE_ERROR;
1847 }
1848
1849 withdraw_len = length - BGP_MP_UNREACH_MIN_SIZE;
1850
1851 mp_withdraw->afi = afi;
1852 mp_withdraw->safi = safi;
1853 mp_withdraw->nlri = stream_pnt(s);
1854 mp_withdraw->length = withdraw_len;
1855
1856 stream_forward_getp(s, withdraw_len);
1857
1858 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI);
1859
1860 return BGP_ATTR_PARSE_PROCEED;
1861 }
1862
1863 /* Large Community attribute. */
1864 static bgp_attr_parse_ret_t
1865 bgp_attr_large_community(struct bgp_attr_parser_args *args)
1866 {
1867 struct peer *const peer = args->peer;
1868 struct attr *const attr = args->attr;
1869 const bgp_size_t length = args->length;
1870
1871 /*
1872 * Large community follows new attribute format.
1873 */
1874 if (length == 0) {
1875 attr->lcommunity = NULL;
1876 /* Empty extcomm doesn't seem to be invalid per se */
1877 return BGP_ATTR_PARSE_PROCEED;
1878 }
1879
1880 attr->lcommunity =
1881 lcommunity_parse((uint8_t *)stream_pnt(peer->curr), length);
1882 /* XXX: fix ecommunity_parse to use stream API */
1883 stream_forward_getp(peer->curr, length);
1884
1885 if (!attr->lcommunity)
1886 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1887 args->total);
1888
1889 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES);
1890
1891 return BGP_ATTR_PARSE_PROCEED;
1892 }
1893
1894 /* Extended Community attribute. */
1895 static bgp_attr_parse_ret_t
1896 bgp_attr_ext_communities(struct bgp_attr_parser_args *args)
1897 {
1898 struct peer *const peer = args->peer;
1899 struct attr *const attr = args->attr;
1900 const bgp_size_t length = args->length;
1901 uint8_t sticky = 0;
1902
1903 if (length == 0) {
1904 attr->ecommunity = NULL;
1905 /* Empty extcomm doesn't seem to be invalid per se */
1906 return BGP_ATTR_PARSE_PROCEED;
1907 }
1908
1909 attr->ecommunity =
1910 ecommunity_parse((uint8_t *)stream_pnt(peer->curr), length);
1911 /* XXX: fix ecommunity_parse to use stream API */
1912 stream_forward_getp(peer->curr, length);
1913
1914 if (!attr->ecommunity)
1915 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
1916 args->total);
1917
1918 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES);
1919
1920 /* Extract MAC mobility sequence number, if any. */
1921 attr->mm_seqnum = bgp_attr_mac_mobility_seqnum(attr, &sticky);
1922 attr->sticky = sticky;
1923
1924 /* Check if this is a Gateway MAC-IP advertisement */
1925 attr->default_gw = bgp_attr_default_gw(attr);
1926
1927 /* Handle scenario where router flag ecommunity is not
1928 * set but default gw ext community is present.
1929 * Use default gateway, set and propogate R-bit.
1930 */
1931 if (attr->default_gw)
1932 attr->router_flag = 1;
1933
1934 /* Check EVPN Neighbor advertisement flags, R-bit */
1935 bgp_attr_evpn_na_flag(attr, &attr->router_flag);
1936
1937 /* Extract the Rmac, if any */
1938 bgp_attr_rmac(attr, &attr->rmac);
1939
1940 return BGP_ATTR_PARSE_PROCEED;
1941 }
1942
1943 /* Parse Tunnel Encap attribute in an UPDATE */
1944 static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
1945 bgp_size_t length, /* IN: attr's length field */
1946 struct attr *attr, /* IN: caller already allocated */
1947 uint8_t flag, /* IN: attr's flags field */
1948 uint8_t *startp)
1949 {
1950 bgp_size_t total;
1951 uint16_t tunneltype = 0;
1952
1953 total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
1954
1955 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
1956 || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
1957 zlog_info(
1958 "Tunnel Encap attribute flag isn't optional and transitive %d",
1959 flag);
1960 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
1961 BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
1962 startp, total);
1963 return -1;
1964 }
1965
1966 if (BGP_ATTR_ENCAP == type) {
1967 /* read outer TLV type and length */
1968 uint16_t tlv_length;
1969
1970 if (length < 4) {
1971 zlog_info(
1972 "Tunnel Encap attribute not long enough to contain outer T,L");
1973 bgp_notify_send_with_data(
1974 peer, BGP_NOTIFY_UPDATE_ERR,
1975 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
1976 return -1;
1977 }
1978 tunneltype = stream_getw(BGP_INPUT(peer));
1979 tlv_length = stream_getw(BGP_INPUT(peer));
1980 length -= 4;
1981
1982 if (tlv_length != length) {
1983 zlog_info("%s: tlv_length(%d) != length(%d)", __func__,
1984 tlv_length, length);
1985 }
1986 }
1987
1988 while (length >= 4) {
1989 uint16_t subtype = 0;
1990 uint16_t sublength = 0;
1991 struct bgp_attr_encap_subtlv *tlv;
1992
1993 if (BGP_ATTR_ENCAP == type) {
1994 subtype = stream_getc(BGP_INPUT(peer));
1995 sublength = stream_getc(BGP_INPUT(peer));
1996 length -= 2;
1997 #if ENABLE_BGP_VNC
1998 } else {
1999 subtype = stream_getw(BGP_INPUT(peer));
2000 sublength = stream_getw(BGP_INPUT(peer));
2001 length -= 4;
2002 #endif
2003 }
2004
2005 if (sublength > length) {
2006 zlog_info(
2007 "Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
2008 sublength, length);
2009 bgp_notify_send_with_data(
2010 peer, BGP_NOTIFY_UPDATE_ERR,
2011 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
2012 return -1;
2013 }
2014
2015 /* alloc and copy sub-tlv */
2016 /* TBD make sure these are freed when attributes are released */
2017 tlv = XCALLOC(MTYPE_ENCAP_TLV,
2018 sizeof(struct bgp_attr_encap_subtlv) + sublength);
2019 tlv->type = subtype;
2020 tlv->length = sublength;
2021 stream_get(tlv->value, peer->curr, sublength);
2022 length -= sublength;
2023
2024 /* attach tlv to encap chain */
2025 if (BGP_ATTR_ENCAP == type) {
2026 struct bgp_attr_encap_subtlv *stlv_last;
2027 for (stlv_last = attr->encap_subtlvs;
2028 stlv_last && stlv_last->next;
2029 stlv_last = stlv_last->next)
2030 ;
2031 if (stlv_last) {
2032 stlv_last->next = tlv;
2033 } else {
2034 attr->encap_subtlvs = tlv;
2035 }
2036 #if ENABLE_BGP_VNC
2037 } else {
2038 struct bgp_attr_encap_subtlv *stlv_last;
2039 for (stlv_last = attr->vnc_subtlvs;
2040 stlv_last && stlv_last->next;
2041 stlv_last = stlv_last->next)
2042 ;
2043 if (stlv_last) {
2044 stlv_last->next = tlv;
2045 } else {
2046 attr->vnc_subtlvs = tlv;
2047 }
2048 #endif
2049 }
2050 }
2051
2052 if (BGP_ATTR_ENCAP == type) {
2053 attr->encap_tunneltype = tunneltype;
2054 }
2055
2056 if (length) {
2057 /* spurious leftover data */
2058 zlog_info(
2059 "Tunnel Encap attribute length is bad: %d leftover octets",
2060 length);
2061 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
2062 BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2063 startp, total);
2064 return -1;
2065 }
2066
2067 return 0;
2068 }
2069
2070 /*
2071 * Read an individual SID value returning how much data we have read
2072 * Returns 0 if there was an error that needs to be passed up the stack
2073 */
2074 static bgp_attr_parse_ret_t bgp_attr_psid_sub(int32_t type,
2075 int32_t length,
2076 struct bgp_attr_parser_args *args,
2077 struct bgp_nlri *mp_update)
2078 {
2079 struct peer *const peer = args->peer;
2080 struct attr *const attr = args->attr;
2081 uint32_t label_index;
2082 struct in6_addr ipv6_sid;
2083 uint32_t srgb_base;
2084 uint32_t srgb_range;
2085 int srgb_count;
2086
2087 if (type == BGP_PREFIX_SID_LABEL_INDEX) {
2088 if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
2089 flog_err(
2090 EC_BGP_ATTR_LEN,
2091 "Prefix SID label index length is %d instead of %d",
2092 length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
2093 return bgp_attr_malformed(args,
2094 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2095 args->total);
2096 }
2097
2098 /* Ignore flags and reserved */
2099 stream_getc(peer->curr);
2100 stream_getw(peer->curr);
2101
2102 /* Fetch the label index and see if it is valid. */
2103 label_index = stream_getl(peer->curr);
2104 if (label_index == BGP_INVALID_LABEL_INDEX)
2105 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2106 args->total);
2107
2108 /* Store label index; subsequently, we'll check on
2109 * address-family */
2110 attr->label_index = label_index;
2111
2112 /*
2113 * Ignore the Label index attribute unless received for
2114 * labeled-unicast
2115 * SAFI.
2116 */
2117 if (!mp_update->length
2118 || mp_update->safi != SAFI_LABELED_UNICAST)
2119 attr->label_index = BGP_INVALID_LABEL_INDEX;
2120 }
2121
2122 /* Placeholder code for the IPv6 SID type */
2123 else if (type == BGP_PREFIX_SID_IPV6) {
2124 if (length != BGP_PREFIX_SID_IPV6_LENGTH) {
2125 flog_err(EC_BGP_ATTR_LEN,
2126 "Prefix SID IPv6 length is %d instead of %d",
2127 length, BGP_PREFIX_SID_IPV6_LENGTH);
2128 return bgp_attr_malformed(args,
2129 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2130 args->total);
2131 }
2132
2133 /* Ignore reserved */
2134 stream_getc(peer->curr);
2135 stream_getw(peer->curr);
2136
2137 stream_get(&ipv6_sid, peer->curr, 16);
2138 }
2139
2140 /* Placeholder code for the Originator SRGB type */
2141 else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
2142 /* Ignore flags */
2143 stream_getw(peer->curr);
2144
2145 length -= 2;
2146
2147 if (length % BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH) {
2148 flog_err(
2149 EC_BGP_ATTR_LEN,
2150 "Prefix SID Originator SRGB length is %d, it must be a multiple of %d ",
2151 length, BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH);
2152 return bgp_attr_malformed(
2153 args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2154 args->total);
2155 }
2156
2157 srgb_count = length / BGP_PREFIX_SID_ORIGINATOR_SRGB_LENGTH;
2158
2159 for (int i = 0; i < srgb_count; i++) {
2160 stream_get(&srgb_base, peer->curr, 3);
2161 stream_get(&srgb_range, peer->curr, 3);
2162 }
2163 }
2164
2165 return BGP_ATTR_PARSE_PROCEED;
2166 }
2167
2168 /* Prefix SID attribute
2169 * draft-ietf-idr-bgp-prefix-sid-05
2170 */
2171 bgp_attr_parse_ret_t
2172 bgp_attr_prefix_sid(int32_t tlength, struct bgp_attr_parser_args *args,
2173 struct bgp_nlri *mp_update)
2174 {
2175 struct peer *const peer = args->peer;
2176 struct attr *const attr = args->attr;
2177 bgp_attr_parse_ret_t ret;
2178
2179 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID);
2180
2181 while (tlength) {
2182 int32_t type, length;
2183
2184 type = stream_getc(peer->curr);
2185 length = stream_getw(peer->curr);
2186
2187 ret = bgp_attr_psid_sub(type, length, args, mp_update);
2188
2189 if (ret != BGP_ATTR_PARSE_PROCEED)
2190 return ret;
2191 /*
2192 * Subtract length + the T and the L
2193 * since length is the Vector portion
2194 */
2195 tlength -= length + 3;
2196
2197 if (tlength < 0) {
2198 flog_err(
2199 EC_BGP_ATTR_LEN,
2200 "Prefix SID internal length %d causes us to read beyond the total Prefix SID length",
2201 length);
2202 return bgp_attr_malformed(args,
2203 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2204 args->total);
2205 }
2206 }
2207
2208 return BGP_ATTR_PARSE_PROCEED;
2209 }
2210
2211 /* PMSI tunnel attribute (RFC 6514)
2212 * Basic validation checks done here.
2213 */
2214 static bgp_attr_parse_ret_t
2215 bgp_attr_pmsi_tunnel(struct bgp_attr_parser_args *args)
2216 {
2217 struct peer *const peer = args->peer;
2218 struct attr *const attr = args->attr;
2219 const bgp_size_t length = args->length;
2220 uint8_t tnl_type;
2221
2222 /* Verify that the receiver is expecting "ingress replication" as we
2223 * can only support that.
2224 */
2225 if (length < 2) {
2226 flog_err(EC_BGP_ATTR_LEN, "Bad PMSI tunnel attribute length %d",
2227 length);
2228 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2229 args->total);
2230 }
2231 stream_getc(peer->curr); /* Flags */
2232 tnl_type = stream_getc(peer->curr);
2233 if (tnl_type > PMSI_TNLTYPE_MAX) {
2234 flog_err(EC_BGP_ATTR_PMSI_TYPE,
2235 "Invalid PMSI tunnel attribute type %d", tnl_type);
2236 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
2237 args->total);
2238 }
2239 if (tnl_type == PMSI_TNLTYPE_INGR_REPL) {
2240 if (length != 9) {
2241 flog_err(EC_BGP_ATTR_PMSI_LEN,
2242 "Bad PMSI tunnel attribute length %d for IR",
2243 length);
2244 return bgp_attr_malformed(
2245 args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
2246 args->total);
2247 }
2248 }
2249
2250 attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_PMSI_TUNNEL);
2251 attr->pmsi_tnl_type = tnl_type;
2252
2253 /* Forward read pointer of input stream. */
2254 stream_forward_getp(peer->curr, length - 2);
2255
2256 return BGP_ATTR_PARSE_PROCEED;
2257 }
2258
2259 /* BGP unknown attribute treatment. */
2260 static bgp_attr_parse_ret_t bgp_attr_unknown(struct bgp_attr_parser_args *args)
2261 {
2262 bgp_size_t total = args->total;
2263 struct transit *transit;
2264 struct peer *const peer = args->peer;
2265 struct attr *const attr = args->attr;
2266 uint8_t *const startp = args->startp;
2267 const uint8_t type = args->type;
2268 const uint8_t flag = args->flags;
2269 const bgp_size_t length = args->length;
2270
2271 if (bgp_debug_update(peer, NULL, NULL, 1))
2272 zlog_debug(
2273 "%s Unknown attribute is received (type %d, length %d)",
2274 peer->host, type, length);
2275
2276 /* Forward read pointer of input stream. */
2277 stream_forward_getp(peer->curr, length);
2278
2279 /* If any of the mandatory well-known attributes are not recognized,
2280 then the Error Subcode is set to Unrecognized Well-known
2281 Attribute. The Data field contains the unrecognized attribute
2282 (type, length and value). */
2283 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
2284 return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_UNREC_ATTR,
2285 args->total);
2286 }
2287
2288 /* Unrecognized non-transitive optional attributes must be quietly
2289 ignored and not passed along to other BGP peers. */
2290 if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS))
2291 return BGP_ATTR_PARSE_PROCEED;
2292
2293 /* If a path with recognized transitive optional attribute is
2294 accepted and passed along to other BGP peers and the Partial bit
2295 in the Attribute Flags octet is set to 1 by some previous AS, it
2296 is not set back to 0 by the current AS. */
2297 SET_FLAG(*startp, BGP_ATTR_FLAG_PARTIAL);
2298
2299 /* Store transitive attribute to the end of attr->transit. */
2300 if (!attr->transit)
2301 attr->transit = XCALLOC(MTYPE_TRANSIT, sizeof(struct transit));
2302
2303 transit = attr->transit;
2304
2305 if (transit->val)
2306 transit->val = XREALLOC(MTYPE_TRANSIT_VAL, transit->val,
2307 transit->length + total);
2308 else
2309 transit->val = XMALLOC(MTYPE_TRANSIT_VAL, total);
2310
2311 memcpy(transit->val + transit->length, startp, total);
2312 transit->length += total;
2313
2314 return BGP_ATTR_PARSE_PROCEED;
2315 }
2316
2317 /* Well-known attribute check. */
2318 static int bgp_attr_check(struct peer *peer, struct attr *attr)
2319 {
2320 uint8_t type = 0;
2321
2322 /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
2323 * empty UPDATE. */
2324 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
2325 return BGP_ATTR_PARSE_PROCEED;
2326
2327 /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
2328 to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
2329 are present, it should. Check for any other attribute being present
2330 instead.
2331 */
2332 if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
2333 CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))))
2334 return BGP_ATTR_PARSE_PROCEED;
2335
2336 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
2337 type = BGP_ATTR_ORIGIN;
2338
2339 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH)))
2340 type = BGP_ATTR_AS_PATH;
2341
2342 /* RFC 2858 makes Next-Hop optional/ignored, if MP_REACH_NLRI is present
2343 * and
2344 * NLRI is empty. We can't easily check NLRI empty here though.
2345 */
2346 if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP))
2347 && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)))
2348 type = BGP_ATTR_NEXT_HOP;
2349
2350 if (peer->sort == BGP_PEER_IBGP
2351 && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
2352 type = BGP_ATTR_LOCAL_PREF;
2353
2354 if (type) {
2355 flog_warn(EC_BGP_MISSING_ATTRIBUTE,
2356 "%s Missing well-known attribute %s.", peer->host,
2357 lookup_msg(attr_str, type, NULL));
2358 bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
2359 BGP_NOTIFY_UPDATE_MISS_ATTR, &type,
2360 1);
2361 return BGP_ATTR_PARSE_ERROR;
2362 }
2363 return BGP_ATTR_PARSE_PROCEED;
2364 }
2365
2366 /* Read attribute of update packet. This function is called from
2367 bgp_update_receive() in bgp_packet.c. */
2368 bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
2369 bgp_size_t size, struct bgp_nlri *mp_update,
2370 struct bgp_nlri *mp_withdraw)
2371 {
2372 bgp_attr_parse_ret_t ret;
2373 uint8_t flag = 0;
2374 uint8_t type = 0;
2375 bgp_size_t length;
2376 uint8_t *startp, *endp;
2377 uint8_t *attr_endp;
2378 uint8_t seen[BGP_ATTR_BITMAP_SIZE];
2379 /* we need the as4_path only until we have synthesized the as_path with
2380 * it */
2381 /* same goes for as4_aggregator */
2382 struct aspath *as4_path = NULL;
2383 as_t as4_aggregator = 0;
2384 struct in_addr as4_aggregator_addr = {.s_addr = 0};
2385
2386 /* Initialize bitmap. */
2387 memset(seen, 0, BGP_ATTR_BITMAP_SIZE);
2388
2389 /* End pointer of BGP attribute. */
2390 endp = BGP_INPUT_PNT(peer) + size;
2391
2392 /* Get attributes to the end of attribute length. */
2393 while (BGP_INPUT_PNT(peer) < endp) {
2394 /* Check remaining length check.*/
2395 if (endp - BGP_INPUT_PNT(peer) < BGP_ATTR_MIN_LEN) {
2396 /* XXX warning: long int format, int arg (arg 5) */
2397 flog_warn(
2398 EC_BGP_ATTRIBUTE_TOO_SMALL,
2399 "%s: error BGP attribute length %lu is smaller than min len",
2400 peer->host,
2401 (unsigned long)(endp
2402 - stream_pnt(BGP_INPUT(peer))));
2403
2404 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2405 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2406 return BGP_ATTR_PARSE_ERROR;
2407 }
2408
2409 /* Fetch attribute flag and type. */
2410 startp = BGP_INPUT_PNT(peer);
2411 /* "The lower-order four bits of the Attribute Flags octet are
2412 unused. They MUST be zero when sent and MUST be ignored when
2413 received." */
2414 flag = 0xF0 & stream_getc(BGP_INPUT(peer));
2415 type = stream_getc(BGP_INPUT(peer));
2416
2417 /* Check whether Extended-Length applies and is in bounds */
2418 if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN)
2419 && ((endp - startp) < (BGP_ATTR_MIN_LEN + 1))) {
2420 flog_warn(
2421 EC_BGP_EXT_ATTRIBUTE_TOO_SMALL,
2422 "%s: Extended length set, but just %lu bytes of attr header",
2423 peer->host,
2424 (unsigned long)(endp
2425 - stream_pnt(BGP_INPUT(peer))));
2426
2427 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2428 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2429 return BGP_ATTR_PARSE_ERROR;
2430 }
2431
2432 /* Check extended attribue length bit. */
2433 if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN))
2434 length = stream_getw(BGP_INPUT(peer));
2435 else
2436 length = stream_getc(BGP_INPUT(peer));
2437
2438 /* If any attribute appears more than once in the UPDATE
2439 message, then the Error Subcode is set to Malformed Attribute
2440 List. */
2441
2442 if (CHECK_BITMAP(seen, type)) {
2443 flog_warn(
2444 EC_BGP_ATTRIBUTE_REPEATED,
2445 "%s: error BGP attribute type %d appears twice in a message",
2446 peer->host, type);
2447
2448 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2449 BGP_NOTIFY_UPDATE_MAL_ATTR);
2450 return BGP_ATTR_PARSE_ERROR;
2451 }
2452
2453 /* Set type to bitmap to check duplicate attribute. `type' is
2454 unsigned char so it never overflow bitmap range. */
2455
2456 SET_BITMAP(seen, type);
2457
2458 /* Overflow check. */
2459 attr_endp = BGP_INPUT_PNT(peer) + length;
2460
2461 if (attr_endp > endp) {
2462 flog_warn(
2463 EC_BGP_ATTRIBUTE_TOO_LARGE,
2464 "%s: BGP type %d length %d is too large, attribute total length is %d. attr_endp is %p. endp is %p",
2465 peer->host, type, length, size, attr_endp,
2466 endp);
2467 /*
2468 * RFC 4271 6.3
2469 * If any recognized attribute has an Attribute
2470 * Length that conflicts with the expected length
2471 * (based on the attribute type code), then the
2472 * Error Subcode MUST be set to Attribute Length
2473 * Error. The Data field MUST contain the erroneous
2474 * attribute (type, length, and value).
2475 * ----------
2476 * We do not currently have a good way to determine the
2477 * length of the attribute independent of the length
2478 * received in the message. Instead we send the
2479 * minimum between the amount of data we have and the
2480 * amount specified by the attribute length field.
2481 *
2482 * Instead of directly passing in the packet buffer and
2483 * offset we use the stream_get* functions to read into
2484 * a stack buffer, since they perform bounds checking
2485 * and we are working with untrusted data.
2486 */
2487 unsigned char ndata[BGP_MAX_PACKET_SIZE];
2488 memset(ndata, 0x00, sizeof(ndata));
2489 size_t lfl =
2490 CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 2 : 1;
2491 /* Rewind to end of flag field */
2492 stream_forward_getp(BGP_INPUT(peer), -(1 + lfl));
2493 /* Type */
2494 stream_get(&ndata[0], BGP_INPUT(peer), 1);
2495 /* Length */
2496 stream_get(&ndata[1], BGP_INPUT(peer), lfl);
2497 /* Value */
2498 size_t atl = attr_endp - startp;
2499 size_t ndl = MIN(atl, STREAM_READABLE(BGP_INPUT(peer)));
2500 stream_get(&ndata[lfl + 1], BGP_INPUT(peer), ndl);
2501
2502 bgp_notify_send_with_data(
2503 peer, BGP_NOTIFY_UPDATE_ERR,
2504 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, ndata,
2505 ndl + lfl + 1);
2506
2507 return BGP_ATTR_PARSE_ERROR;
2508 }
2509
2510 struct bgp_attr_parser_args attr_args = {
2511 .peer = peer,
2512 .length = length,
2513 .attr = attr,
2514 .type = type,
2515 .flags = flag,
2516 .startp = startp,
2517 .total = attr_endp - startp,
2518 };
2519
2520
2521 /* If any recognized attribute has Attribute Flags that conflict
2522 with the Attribute Type Code, then the Error Subcode is set
2523 to
2524 Attribute Flags Error. The Data field contains the erroneous
2525 attribute (type, length and value). */
2526 if (bgp_attr_flag_invalid(&attr_args)) {
2527 ret = bgp_attr_malformed(
2528 &attr_args, BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
2529 attr_args.total);
2530 if (ret == BGP_ATTR_PARSE_PROCEED)
2531 continue;
2532 return ret;
2533 }
2534
2535 /* OK check attribute and store it's value. */
2536 switch (type) {
2537 case BGP_ATTR_ORIGIN:
2538 ret = bgp_attr_origin(&attr_args);
2539 break;
2540 case BGP_ATTR_AS_PATH:
2541 ret = bgp_attr_aspath(&attr_args);
2542 break;
2543 case BGP_ATTR_AS4_PATH:
2544 ret = bgp_attr_as4_path(&attr_args, &as4_path);
2545 break;
2546 case BGP_ATTR_NEXT_HOP:
2547 ret = bgp_attr_nexthop(&attr_args);
2548 break;
2549 case BGP_ATTR_MULTI_EXIT_DISC:
2550 ret = bgp_attr_med(&attr_args);
2551 break;
2552 case BGP_ATTR_LOCAL_PREF:
2553 ret = bgp_attr_local_pref(&attr_args);
2554 break;
2555 case BGP_ATTR_ATOMIC_AGGREGATE:
2556 ret = bgp_attr_atomic(&attr_args);
2557 break;
2558 case BGP_ATTR_AGGREGATOR:
2559 ret = bgp_attr_aggregator(&attr_args);
2560 break;
2561 case BGP_ATTR_AS4_AGGREGATOR:
2562 ret = bgp_attr_as4_aggregator(&attr_args,
2563 &as4_aggregator,
2564 &as4_aggregator_addr);
2565 break;
2566 case BGP_ATTR_COMMUNITIES:
2567 ret = bgp_attr_community(&attr_args);
2568 break;
2569 case BGP_ATTR_LARGE_COMMUNITIES:
2570 ret = bgp_attr_large_community(&attr_args);
2571 break;
2572 case BGP_ATTR_ORIGINATOR_ID:
2573 ret = bgp_attr_originator_id(&attr_args);
2574 break;
2575 case BGP_ATTR_CLUSTER_LIST:
2576 ret = bgp_attr_cluster_list(&attr_args);
2577 break;
2578 case BGP_ATTR_MP_REACH_NLRI:
2579 ret = bgp_mp_reach_parse(&attr_args, mp_update);
2580 break;
2581 case BGP_ATTR_MP_UNREACH_NLRI:
2582 ret = bgp_mp_unreach_parse(&attr_args, mp_withdraw);
2583 break;
2584 case BGP_ATTR_EXT_COMMUNITIES:
2585 ret = bgp_attr_ext_communities(&attr_args);
2586 break;
2587 #if ENABLE_BGP_VNC
2588 case BGP_ATTR_VNC:
2589 #endif
2590 case BGP_ATTR_ENCAP:
2591 ret = bgp_attr_encap(type, peer, length, attr, flag,
2592 startp);
2593 break;
2594 case BGP_ATTR_PREFIX_SID:
2595 ret = bgp_attr_prefix_sid(length,
2596 &attr_args, mp_update);
2597 break;
2598 case BGP_ATTR_PMSI_TUNNEL:
2599 ret = bgp_attr_pmsi_tunnel(&attr_args);
2600 break;
2601 default:
2602 ret = bgp_attr_unknown(&attr_args);
2603 break;
2604 }
2605
2606 if (ret == BGP_ATTR_PARSE_ERROR_NOTIFYPLS) {
2607 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2608 BGP_NOTIFY_UPDATE_MAL_ATTR);
2609 ret = BGP_ATTR_PARSE_ERROR;
2610 }
2611
2612 if (ret == BGP_ATTR_PARSE_EOR) {
2613 if (as4_path)
2614 aspath_unintern(&as4_path);
2615 return ret;
2616 }
2617
2618 /* If hard error occured immediately return to the caller. */
2619 if (ret == BGP_ATTR_PARSE_ERROR) {
2620 flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR,
2621 "%s: Attribute %s, parse error", peer->host,
2622 lookup_msg(attr_str, type, NULL));
2623 if (as4_path)
2624 aspath_unintern(&as4_path);
2625 return ret;
2626 }
2627 if (ret == BGP_ATTR_PARSE_WITHDRAW) {
2628
2629 flog_warn(
2630 EC_BGP_ATTRIBUTE_PARSE_WITHDRAW,
2631 "%s: Attribute %s, parse error - treating as withdrawal",
2632 peer->host, lookup_msg(attr_str, type, NULL));
2633 if (as4_path)
2634 aspath_unintern(&as4_path);
2635 return ret;
2636 }
2637
2638 /* Check the fetched length. */
2639 if (BGP_INPUT_PNT(peer) != attr_endp) {
2640 flog_warn(EC_BGP_ATTRIBUTE_FETCH_ERROR,
2641 "%s: BGP attribute %s, fetch error",
2642 peer->host, lookup_msg(attr_str, type, NULL));
2643 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2644 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2645 if (as4_path)
2646 aspath_unintern(&as4_path);
2647 return BGP_ATTR_PARSE_ERROR;
2648 }
2649 }
2650
2651 /* Check final read pointer is same as end pointer. */
2652 if (BGP_INPUT_PNT(peer) != endp) {
2653 flog_warn(EC_BGP_ATTRIBUTES_MISMATCH,
2654 "%s: BGP attribute %s, length mismatch", peer->host,
2655 lookup_msg(attr_str, type, NULL));
2656 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2657 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR);
2658 if (as4_path)
2659 aspath_unintern(&as4_path);
2660 return BGP_ATTR_PARSE_ERROR;
2661 }
2662
2663 /* Check all mandatory well-known attributes are present */
2664 if ((ret = bgp_attr_check(peer, attr)) < 0) {
2665 if (as4_path)
2666 aspath_unintern(&as4_path);
2667 return ret;
2668 }
2669
2670 /*
2671 * At this place we can see whether we got AS4_PATH and/or
2672 * AS4_AGGREGATOR from a 16Bit peer and act accordingly.
2673 * We can not do this before we've read all attributes because
2674 * the as4 handling does not say whether AS4_PATH has to be sent
2675 * after AS_PATH or not - and when AS4_AGGREGATOR will be send
2676 * in relationship to AGGREGATOR.
2677 * So, to be defensive, we are not relying on any order and read
2678 * all attributes first, including these 32bit ones, and now,
2679 * afterwards, we look what and if something is to be done for as4.
2680 *
2681 * It is possible to not have AS_PATH, e.g. GR EoR and sole
2682 * MP_UNREACH_NLRI.
2683 */
2684 /* actually... this doesn't ever return failure currently, but
2685 * better safe than sorry */
2686 if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH))
2687 && bgp_attr_munge_as4_attrs(peer, attr, as4_path, as4_aggregator,
2688 &as4_aggregator_addr)) {
2689 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
2690 BGP_NOTIFY_UPDATE_MAL_ATTR);
2691 if (as4_path)
2692 aspath_unintern(&as4_path);
2693 return BGP_ATTR_PARSE_ERROR;
2694 }
2695
2696 /* At this stage, we have done all fiddling with as4, and the
2697 * resulting info is in attr->aggregator resp. attr->aspath
2698 * so we can chuck as4_aggregator and as4_path alltogether in
2699 * order to save memory
2700 */
2701 if (as4_path) {
2702 aspath_unintern(&as4_path); /* unintern - it is in the hash */
2703 /* The flag that we got this is still there, but that does not
2704 * do any trouble
2705 */
2706 }
2707 /*
2708 * The "rest" of the code does nothing with as4_aggregator.
2709 * there is no memory attached specifically which is not part
2710 * of the attr.
2711 * so ignoring just means do nothing.
2712 */
2713 /*
2714 * Finally do the checks on the aspath we did not do yet
2715 * because we waited for a potentially synthesized aspath.
2716 */
2717 if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS_PATH))) {
2718 ret = bgp_attr_aspath_check(peer, attr);
2719 if (ret != BGP_ATTR_PARSE_PROCEED)
2720 return ret;
2721 }
2722 /* Finally intern unknown attribute. */
2723 if (attr->transit)
2724 attr->transit = transit_intern(attr->transit);
2725 if (attr->encap_subtlvs)
2726 attr->encap_subtlvs =
2727 encap_intern(attr->encap_subtlvs, ENCAP_SUBTLV_TYPE);
2728 #if ENABLE_BGP_VNC
2729 if (attr->vnc_subtlvs)
2730 attr->vnc_subtlvs =
2731 encap_intern(attr->vnc_subtlvs, VNC_SUBTLV_TYPE);
2732 #endif
2733
2734 return BGP_ATTR_PARSE_PROCEED;
2735 }
2736
2737 size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
2738 safi_t safi, struct bpacket_attr_vec_arr *vecarr,
2739 struct attr *attr)
2740 {
2741 size_t sizep;
2742 iana_afi_t pkt_afi;
2743 iana_safi_t pkt_safi;
2744 afi_t nh_afi;
2745
2746 /* Set extended bit always to encode the attribute length as 2 bytes */
2747 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN);
2748 stream_putc(s, BGP_ATTR_MP_REACH_NLRI);
2749 sizep = stream_get_endp(s);
2750 stream_putw(s, 0); /* Marker: Attribute length. */
2751
2752
2753 /* Convert AFI, SAFI to values for packet. */
2754 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
2755
2756 stream_putw(s, pkt_afi); /* AFI */
2757 stream_putc(s, pkt_safi); /* SAFI */
2758
2759 /* Nexthop AFI */
2760 if (afi == AFI_IP
2761 && (safi == SAFI_UNICAST || safi == SAFI_LABELED_UNICAST))
2762 nh_afi = peer_cap_enhe(peer, afi, safi) ? AFI_IP6 : AFI_IP;
2763 else
2764 nh_afi = BGP_NEXTHOP_AFI_FROM_NHLEN(attr->mp_nexthop_len);
2765
2766 /* Nexthop */
2767 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s, attr);
2768 switch (nh_afi) {
2769 case AFI_IP:
2770 switch (safi) {
2771 case SAFI_UNICAST:
2772 case SAFI_MULTICAST:
2773 case SAFI_LABELED_UNICAST:
2774 stream_putc(s, 4);
2775 stream_put_ipv4(s, attr->nexthop.s_addr);
2776 break;
2777 case SAFI_MPLS_VPN:
2778 stream_putc(s, 12);
2779 stream_putl(s, 0); /* RD = 0, per RFC */
2780 stream_putl(s, 0);
2781 stream_put(s, &attr->mp_nexthop_global_in, 4);
2782 break;
2783 case SAFI_ENCAP:
2784 case SAFI_EVPN:
2785 stream_putc(s, 4);
2786 stream_put(s, &attr->mp_nexthop_global_in, 4);
2787 break;
2788 case SAFI_FLOWSPEC:
2789 stream_putc(s, 0); /* no nexthop for flowspec */
2790 default:
2791 break;
2792 }
2793 break;
2794 case AFI_IP6:
2795 switch (safi) {
2796 case SAFI_UNICAST:
2797 case SAFI_MULTICAST:
2798 case SAFI_LABELED_UNICAST:
2799 case SAFI_EVPN: {
2800 if (attr->mp_nexthop_len
2801 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
2802 stream_putc(s,
2803 BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL);
2804 stream_put(s, &attr->mp_nexthop_global,
2805 IPV6_MAX_BYTELEN);
2806 stream_put(s, &attr->mp_nexthop_local,
2807 IPV6_MAX_BYTELEN);
2808 } else {
2809 stream_putc(s, IPV6_MAX_BYTELEN);
2810 stream_put(s, &attr->mp_nexthop_global,
2811 IPV6_MAX_BYTELEN);
2812 }
2813 } break;
2814 case SAFI_MPLS_VPN: {
2815 if (attr->mp_nexthop_len
2816 == BGP_ATTR_NHLEN_IPV6_GLOBAL) {
2817 stream_putc(s, 24);
2818 stream_putl(s, 0); /* RD = 0, per RFC */
2819 stream_putl(s, 0);
2820 stream_put(s, &attr->mp_nexthop_global,
2821 IPV6_MAX_BYTELEN);
2822 } else if (attr->mp_nexthop_len
2823 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
2824 stream_putc(s, 48);
2825 stream_putl(s, 0); /* RD = 0, per RFC */
2826 stream_putl(s, 0);
2827 stream_put(s, &attr->mp_nexthop_global,
2828 IPV6_MAX_BYTELEN);
2829 stream_putl(s, 0); /* RD = 0, per RFC */
2830 stream_putl(s, 0);
2831 stream_put(s, &attr->mp_nexthop_local,
2832 IPV6_MAX_BYTELEN);
2833 }
2834 } break;
2835 case SAFI_ENCAP:
2836 stream_putc(s, IPV6_MAX_BYTELEN);
2837 stream_put(s, &attr->mp_nexthop_global,
2838 IPV6_MAX_BYTELEN);
2839 break;
2840 case SAFI_FLOWSPEC:
2841 stream_putc(s, 0); /* no nexthop for flowspec */
2842 default:
2843 break;
2844 }
2845 break;
2846 default:
2847 if (safi != SAFI_FLOWSPEC)
2848 flog_err(
2849 EC_BGP_ATTR_NH_SEND_LEN,
2850 "Bad nexthop when sending to %s, AFI %u SAFI %u nhlen %d",
2851 peer->host, afi, safi, attr->mp_nexthop_len);
2852 break;
2853 }
2854
2855 /* SNPA */
2856 stream_putc(s, 0);
2857 return sizep;
2858 }
2859
2860 void bgp_packet_mpattr_prefix(struct stream *s, afi_t afi, safi_t safi,
2861 struct prefix *p, struct prefix_rd *prd,
2862 mpls_label_t *label, uint32_t num_labels,
2863 int addpath_encode, uint32_t addpath_tx_id,
2864 struct attr *attr)
2865 {
2866 if (safi == SAFI_MPLS_VPN) {
2867 if (addpath_encode)
2868 stream_putl(s, addpath_tx_id);
2869 /* Label, RD, Prefix write. */
2870 stream_putc(s, p->prefixlen + 88);
2871 stream_put(s, label, BGP_LABEL_BYTES);
2872 stream_put(s, prd->val, 8);
2873 stream_put(s, &p->u.prefix, PSIZE(p->prefixlen));
2874 } else if (afi == AFI_L2VPN && safi == SAFI_EVPN) {
2875 /* EVPN prefix - contents depend on type */
2876 bgp_evpn_encode_prefix(s, p, prd, label, num_labels, attr,
2877 addpath_encode, addpath_tx_id);
2878 } else if (safi == SAFI_LABELED_UNICAST) {
2879 /* Prefix write with label. */
2880 stream_put_labeled_prefix(s, p, label);
2881 } else if (safi == SAFI_FLOWSPEC) {
2882 if (PSIZE (p->prefixlen)+2 < FLOWSPEC_NLRI_SIZELIMIT)
2883 stream_putc(s, PSIZE (p->prefixlen)+2);
2884 else
2885 stream_putw(s, (PSIZE (p->prefixlen)+2)|(0xf<<12));
2886 stream_putc(s, 2);/* Filter type */
2887 stream_putc(s, p->prefixlen);/* Prefix length */
2888 stream_put(s, &p->u.prefix, PSIZE (p->prefixlen));
2889 } else
2890 stream_put_prefix_addpath(s, p, addpath_encode, addpath_tx_id);
2891 }
2892
2893 size_t bgp_packet_mpattr_prefix_size(afi_t afi, safi_t safi, struct prefix *p)
2894 {
2895 int size = PSIZE(p->prefixlen);
2896 if (safi == SAFI_MPLS_VPN)
2897 size += 88;
2898 else if (afi == AFI_L2VPN && safi == SAFI_EVPN)
2899 size += 232; // TODO: Maximum possible for type-2, type-3 and
2900 // type-5
2901 return size;
2902 }
2903
2904 /*
2905 * Encodes the tunnel encapsulation attribute,
2906 * and with ENABLE_BGP_VNC the VNC attribute which uses
2907 * almost the same TLV format
2908 */
2909 static void bgp_packet_mpattr_tea(struct bgp *bgp, struct peer *peer,
2910 struct stream *s, struct attr *attr,
2911 uint8_t attrtype)
2912 {
2913 unsigned int attrlenfield = 0;
2914 unsigned int attrhdrlen = 0;
2915 struct bgp_attr_encap_subtlv *subtlvs;
2916 struct bgp_attr_encap_subtlv *st;
2917 const char *attrname;
2918
2919 if (!attr || (attrtype == BGP_ATTR_ENCAP
2920 && (!attr->encap_tunneltype
2921 || attr->encap_tunneltype == BGP_ENCAP_TYPE_MPLS)))
2922 return;
2923
2924 switch (attrtype) {
2925 case BGP_ATTR_ENCAP:
2926 attrname = "Tunnel Encap";
2927 subtlvs = attr->encap_subtlvs;
2928 if (subtlvs == NULL) /* nothing to do */
2929 return;
2930 /*
2931 * The tunnel encap attr has an "outer" tlv.
2932 * T = tunneltype,
2933 * L = total length of subtlvs,
2934 * V = concatenated subtlvs.
2935 */
2936 attrlenfield = 2 + 2; /* T + L */
2937 attrhdrlen = 1 + 1; /* subTLV T + L */
2938 break;
2939
2940 #if ENABLE_BGP_VNC
2941 case BGP_ATTR_VNC:
2942 attrname = "VNC";
2943 subtlvs = attr->vnc_subtlvs;
2944 if (subtlvs == NULL) /* nothing to do */
2945 return;
2946 attrlenfield = 0; /* no outer T + L */
2947 attrhdrlen = 2 + 2; /* subTLV T + L */
2948 break;
2949 #endif
2950
2951 default:
2952 assert(0);
2953 }
2954
2955 /* compute attr length */
2956 for (st = subtlvs; st; st = st->next) {
2957 attrlenfield += (attrhdrlen + st->length);
2958 }
2959
2960 if (attrlenfield > 0xffff) {
2961 zlog_info("%s attribute is too long (length=%d), can't send it",
2962 attrname, attrlenfield);
2963 return;
2964 }
2965
2966 if (attrlenfield > 0xff) {
2967 /* 2-octet length field */
2968 stream_putc(s,
2969 BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL
2970 | BGP_ATTR_FLAG_EXTLEN);
2971 stream_putc(s, attrtype);
2972 stream_putw(s, attrlenfield & 0xffff);
2973 } else {
2974 /* 1-octet length field */
2975 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL);
2976 stream_putc(s, attrtype);
2977 stream_putc(s, attrlenfield & 0xff);
2978 }
2979
2980 if (attrtype == BGP_ATTR_ENCAP) {
2981 /* write outer T+L */
2982 stream_putw(s, attr->encap_tunneltype);
2983 stream_putw(s, attrlenfield - 4);
2984 }
2985
2986 /* write each sub-tlv */
2987 for (st = subtlvs; st; st = st->next) {
2988 if (attrtype == BGP_ATTR_ENCAP) {
2989 stream_putc(s, st->type);
2990 stream_putc(s, st->length);
2991 #if ENABLE_BGP_VNC
2992 } else {
2993 stream_putw(s, st->type);
2994 stream_putw(s, st->length);
2995 #endif
2996 }
2997 stream_put(s, st->value, st->length);
2998 }
2999 }
3000
3001 void bgp_packet_mpattr_end(struct stream *s, size_t sizep)
3002 {
3003 /* Set MP attribute length. Don't count the (2) bytes used to encode
3004 the attr length */
3005 stream_putw_at(s, sizep, (stream_get_endp(s) - sizep) - 2);
3006 }
3007
3008 /* Make attribute packet. */
3009 bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer,
3010 struct stream *s, struct attr *attr,
3011 struct bpacket_attr_vec_arr *vecarr,
3012 struct prefix *p, afi_t afi, safi_t safi,
3013 struct peer *from, struct prefix_rd *prd,
3014 mpls_label_t *label, uint32_t num_labels,
3015 int addpath_encode, uint32_t addpath_tx_id)
3016 {
3017 size_t cp;
3018 size_t aspath_sizep;
3019 struct aspath *aspath;
3020 int send_as4_path = 0;
3021 int send_as4_aggregator = 0;
3022 int use32bit = (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)) ? 1 : 0;
3023
3024 if (!bgp)
3025 bgp = peer->bgp;
3026
3027 /* Remember current pointer. */
3028 cp = stream_get_endp(s);
3029
3030 if (p
3031 && !((afi == AFI_IP && safi == SAFI_UNICAST)
3032 && !peer_cap_enhe(peer, afi, safi))) {
3033 size_t mpattrlen_pos = 0;
3034
3035 mpattrlen_pos = bgp_packet_mpattr_start(s, peer, afi, safi,
3036 vecarr, attr);
3037 bgp_packet_mpattr_prefix(s, afi, safi, p, prd, label,
3038 num_labels, addpath_encode,
3039 addpath_tx_id, attr);
3040 bgp_packet_mpattr_end(s, mpattrlen_pos);
3041 }
3042
3043 /* Origin attribute. */
3044 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3045 stream_putc(s, BGP_ATTR_ORIGIN);
3046 stream_putc(s, 1);
3047 stream_putc(s, attr->origin);
3048
3049 /* AS path attribute. */
3050
3051 /* If remote-peer is EBGP */
3052 if (peer->sort == BGP_PEER_EBGP
3053 && (!CHECK_FLAG(peer->af_flags[afi][safi],
3054 PEER_FLAG_AS_PATH_UNCHANGED)
3055 || attr->aspath->segments == NULL)
3056 && (!CHECK_FLAG(peer->af_flags[afi][safi],
3057 PEER_FLAG_RSERVER_CLIENT))) {
3058 aspath = aspath_dup(attr->aspath);
3059
3060 /* Even though we may not be configured for confederations we
3061 * may have
3062 * RXed an AS_PATH with AS_CONFED_SEQUENCE or AS_CONFED_SET */
3063 aspath = aspath_delete_confed_seq(aspath);
3064
3065 if (CHECK_FLAG(bgp->config, BGP_CONFIG_CONFEDERATION)) {
3066 /* Stuff our path CONFED_ID on the front */
3067 aspath = aspath_add_seq(aspath, bgp->confed_id);
3068 } else {
3069 if (peer->change_local_as) {
3070 /* If replace-as is specified, we only use the
3071 change_local_as when
3072 advertising routes. */
3073 if (!CHECK_FLAG(
3074 peer->flags,
3075 PEER_FLAG_LOCAL_AS_REPLACE_AS)) {
3076 aspath = aspath_add_seq(aspath,
3077 peer->local_as);
3078 }
3079 aspath = aspath_add_seq(aspath,
3080 peer->change_local_as);
3081 } else {
3082 aspath = aspath_add_seq(aspath, peer->local_as);
3083 }
3084 }
3085 } else if (peer->sort == BGP_PEER_CONFED) {
3086 /* A confed member, so we need to do the AS_CONFED_SEQUENCE
3087 * thing */
3088 aspath = aspath_dup(attr->aspath);
3089 aspath = aspath_add_confed_seq(aspath, peer->local_as);
3090 } else
3091 aspath = attr->aspath;
3092
3093 /* If peer is not AS4 capable, then:
3094 * - send the created AS_PATH out as AS4_PATH (optional, transitive),
3095 * but ensure that no AS_CONFED_SEQUENCE and AS_CONFED_SET path
3096 * segment
3097 * types are in it (i.e. exclude them if they are there)
3098 * AND do this only if there is at least one asnum > 65535 in the
3099 * path!
3100 * - send an AS_PATH out, but put 16Bit ASnums in it, not 32bit, and
3101 * change
3102 * all ASnums > 65535 to BGP_AS_TRANS
3103 */
3104
3105 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN);
3106 stream_putc(s, BGP_ATTR_AS_PATH);
3107 aspath_sizep = stream_get_endp(s);
3108 stream_putw(s, 0);
3109 stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, use32bit));
3110
3111 /* OLD session may need NEW_AS_PATH sent, if there are 4-byte ASNs
3112 * in the path
3113 */
3114 if (!use32bit && aspath_has_as4(aspath))
3115 send_as4_path =
3116 1; /* we'll do this later, at the correct place */
3117
3118 /* Nexthop attribute. */
3119 if (afi == AFI_IP && safi == SAFI_UNICAST
3120 && !peer_cap_enhe(peer, afi, safi)) {
3121 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) {
3122 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3123 stream_putc(s, BGP_ATTR_NEXT_HOP);
3124 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s,
3125 attr);
3126 stream_putc(s, 4);
3127 stream_put_ipv4(s, attr->nexthop.s_addr);
3128 } else if (peer_cap_enhe(from, afi, safi)) {
3129 /*
3130 * Likely this is the case when an IPv4 prefix was
3131 * received with
3132 * Extended Next-hop capability and now being advertised
3133 * to
3134 * non-ENHE peers.
3135 * Setting the mandatory (ipv4) next-hop attribute here
3136 * to enable
3137 * implicit next-hop self with correct (ipv4 address
3138 * family).
3139 */
3140 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3141 stream_putc(s, BGP_ATTR_NEXT_HOP);
3142 bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s,
3143 NULL);
3144 stream_putc(s, 4);
3145 stream_put_ipv4(s, 0);
3146 }
3147 }
3148
3149 /* MED attribute. */
3150 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC)
3151 || bgp->maxmed_active) {
3152 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3153 stream_putc(s, BGP_ATTR_MULTI_EXIT_DISC);
3154 stream_putc(s, 4);
3155 stream_putl(s, (bgp->maxmed_active ? bgp->maxmed_value
3156 : attr->med));
3157 }
3158
3159 /* Local preference. */
3160 if (peer->sort == BGP_PEER_IBGP || peer->sort == BGP_PEER_CONFED) {
3161 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3162 stream_putc(s, BGP_ATTR_LOCAL_PREF);
3163 stream_putc(s, 4);
3164 stream_putl(s, attr->local_pref);
3165 }
3166
3167 /* Atomic aggregate. */
3168 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE)) {
3169 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3170 stream_putc(s, BGP_ATTR_ATOMIC_AGGREGATE);
3171 stream_putc(s, 0);
3172 }
3173
3174 /* Aggregator. */
3175 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR)) {
3176 /* Common to BGP_ATTR_AGGREGATOR, regardless of ASN size */
3177 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3178 stream_putc(s, BGP_ATTR_AGGREGATOR);
3179
3180 if (use32bit) {
3181 /* AS4 capable peer */
3182 stream_putc(s, 8);
3183 stream_putl(s, attr->aggregator_as);
3184 } else {
3185 /* 2-byte AS peer */
3186 stream_putc(s, 6);
3187
3188 /* Is ASN representable in 2-bytes? Or must AS_TRANS be
3189 * used? */
3190 if (attr->aggregator_as > 65535) {
3191 stream_putw(s, BGP_AS_TRANS);
3192
3193 /* we have to send AS4_AGGREGATOR, too.
3194 * we'll do that later in order to send
3195 * attributes in ascending
3196 * order.
3197 */
3198 send_as4_aggregator = 1;
3199 } else
3200 stream_putw(s, (uint16_t)attr->aggregator_as);
3201 }
3202 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3203 }
3204
3205 /* Community attribute. */
3206 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY)
3207 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES))) {
3208 if (attr->community->size * 4 > 255) {
3209 stream_putc(s,
3210 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3211 | BGP_ATTR_FLAG_EXTLEN);
3212 stream_putc(s, BGP_ATTR_COMMUNITIES);
3213 stream_putw(s, attr->community->size * 4);
3214 } else {
3215 stream_putc(s,
3216 BGP_ATTR_FLAG_OPTIONAL
3217 | BGP_ATTR_FLAG_TRANS);
3218 stream_putc(s, BGP_ATTR_COMMUNITIES);
3219 stream_putc(s, attr->community->size * 4);
3220 }
3221 stream_put(s, attr->community->val, attr->community->size * 4);
3222 }
3223
3224 /*
3225 * Large Community attribute.
3226 */
3227 if (CHECK_FLAG(peer->af_flags[afi][safi],
3228 PEER_FLAG_SEND_LARGE_COMMUNITY)
3229 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES))) {
3230 if (lcom_length(attr->lcommunity) > 255) {
3231 stream_putc(s,
3232 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3233 | BGP_ATTR_FLAG_EXTLEN);
3234 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3235 stream_putw(s, lcom_length(attr->lcommunity));
3236 } else {
3237 stream_putc(s,
3238 BGP_ATTR_FLAG_OPTIONAL
3239 | BGP_ATTR_FLAG_TRANS);
3240 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3241 stream_putc(s, lcom_length(attr->lcommunity));
3242 }
3243 stream_put(s, attr->lcommunity->val,
3244 lcom_length(attr->lcommunity));
3245 }
3246
3247 /* Route Reflector. */
3248 if (peer->sort == BGP_PEER_IBGP && from
3249 && from->sort == BGP_PEER_IBGP) {
3250 /* Originator ID. */
3251 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3252 stream_putc(s, BGP_ATTR_ORIGINATOR_ID);
3253 stream_putc(s, 4);
3254
3255 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID))
3256 stream_put_in_addr(s, &attr->originator_id);
3257 else
3258 stream_put_in_addr(s, &from->remote_id);
3259
3260 /* Cluster list. */
3261 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3262 stream_putc(s, BGP_ATTR_CLUSTER_LIST);
3263
3264 if (attr->cluster) {
3265 stream_putc(s, attr->cluster->length + 4);
3266 /* If this peer configuration's parent BGP has
3267 * cluster_id. */
3268 if (bgp->config & BGP_CONFIG_CLUSTER_ID)
3269 stream_put_in_addr(s, &bgp->cluster_id);
3270 else
3271 stream_put_in_addr(s, &bgp->router_id);
3272 stream_put(s, attr->cluster->list,
3273 attr->cluster->length);
3274 } else {
3275 stream_putc(s, 4);
3276 /* If this peer configuration's parent BGP has
3277 * cluster_id. */
3278 if (bgp->config & BGP_CONFIG_CLUSTER_ID)
3279 stream_put_in_addr(s, &bgp->cluster_id);
3280 else
3281 stream_put_in_addr(s, &bgp->router_id);
3282 }
3283 }
3284
3285 /* Extended Communities attribute. */
3286 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY)
3287 && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
3288 if (peer->sort == BGP_PEER_IBGP
3289 || peer->sort == BGP_PEER_CONFED) {
3290 if (attr->ecommunity->size * 8 > 255) {
3291 stream_putc(s,
3292 BGP_ATTR_FLAG_OPTIONAL
3293 | BGP_ATTR_FLAG_TRANS
3294 | BGP_ATTR_FLAG_EXTLEN);
3295 stream_putc(s, BGP_ATTR_EXT_COMMUNITIES);
3296 stream_putw(s, attr->ecommunity->size * 8);
3297 } else {
3298 stream_putc(s,
3299 BGP_ATTR_FLAG_OPTIONAL
3300 | BGP_ATTR_FLAG_TRANS);
3301 stream_putc(s, BGP_ATTR_EXT_COMMUNITIES);
3302 stream_putc(s, attr->ecommunity->size * 8);
3303 }
3304 stream_put(s, attr->ecommunity->val,
3305 attr->ecommunity->size * 8);
3306 } else {
3307 uint8_t *pnt;
3308 int tbit;
3309 int ecom_tr_size = 0;
3310 int i;
3311
3312 for (i = 0; i < attr->ecommunity->size; i++) {
3313 pnt = attr->ecommunity->val + (i * 8);
3314 tbit = *pnt;
3315
3316 if (CHECK_FLAG(tbit,
3317 ECOMMUNITY_FLAG_NON_TRANSITIVE))
3318 continue;
3319
3320 ecom_tr_size++;
3321 }
3322
3323 if (ecom_tr_size) {
3324 if (ecom_tr_size * 8 > 255) {
3325 stream_putc(
3326 s,
3327 BGP_ATTR_FLAG_OPTIONAL
3328 | BGP_ATTR_FLAG_TRANS
3329 | BGP_ATTR_FLAG_EXTLEN);
3330 stream_putc(s,
3331 BGP_ATTR_EXT_COMMUNITIES);
3332 stream_putw(s, ecom_tr_size * 8);
3333 } else {
3334 stream_putc(
3335 s,
3336 BGP_ATTR_FLAG_OPTIONAL
3337 | BGP_ATTR_FLAG_TRANS);
3338 stream_putc(s,
3339 BGP_ATTR_EXT_COMMUNITIES);
3340 stream_putc(s, ecom_tr_size * 8);
3341 }
3342
3343 for (i = 0; i < attr->ecommunity->size; i++) {
3344 pnt = attr->ecommunity->val + (i * 8);
3345 tbit = *pnt;
3346
3347 if (CHECK_FLAG(
3348 tbit,
3349 ECOMMUNITY_FLAG_NON_TRANSITIVE))
3350 continue;
3351
3352 stream_put(s, pnt, 8);
3353 }
3354 }
3355 }
3356 }
3357
3358 /* Label index attribute. */
3359 if (safi == SAFI_LABELED_UNICAST) {
3360 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID)) {
3361 uint32_t label_index;
3362
3363 label_index = attr->label_index;
3364
3365 if (label_index != BGP_INVALID_LABEL_INDEX) {
3366 stream_putc(s,
3367 BGP_ATTR_FLAG_OPTIONAL
3368 | BGP_ATTR_FLAG_TRANS);
3369 stream_putc(s, BGP_ATTR_PREFIX_SID);
3370 stream_putc(s, 10);
3371 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX);
3372 stream_putw(s,
3373 BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
3374 stream_putc(s, 0); // reserved
3375 stream_putw(s, 0); // flags
3376 stream_putl(s, label_index);
3377 }
3378 }
3379 }
3380
3381 if (send_as4_path) {
3382 /* If the peer is NOT As4 capable, AND */
3383 /* there are ASnums > 65535 in path THEN
3384 * give out AS4_PATH */
3385
3386 /* Get rid of all AS_CONFED_SEQUENCE and AS_CONFED_SET
3387 * path segments!
3388 * Hm, I wonder... confederation things *should* only be at
3389 * the beginning of an aspath, right? Then we should use
3390 * aspath_delete_confed_seq for this, because it is already
3391 * there! (JK)
3392 * Folks, talk to me: what is reasonable here!?
3393 */
3394 aspath = aspath_delete_confed_seq(aspath);
3395
3396 stream_putc(s,
3397 BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL
3398 | BGP_ATTR_FLAG_EXTLEN);
3399 stream_putc(s, BGP_ATTR_AS4_PATH);
3400 aspath_sizep = stream_get_endp(s);
3401 stream_putw(s, 0);
3402 stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, 1));
3403 }
3404
3405 if (aspath != attr->aspath)
3406 aspath_free(aspath);
3407
3408 if (send_as4_aggregator) {
3409 /* send AS4_AGGREGATOR, at this place */
3410 /* this section of code moved here in order to ensure the
3411 * correct
3412 * *ascending* order of attributes
3413 */
3414 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3415 stream_putc(s, BGP_ATTR_AS4_AGGREGATOR);
3416 stream_putc(s, 8);
3417 stream_putl(s, attr->aggregator_as);
3418 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3419 }
3420
3421 if (((afi == AFI_IP || afi == AFI_IP6)
3422 && (safi == SAFI_ENCAP || safi == SAFI_MPLS_VPN))
3423 || (afi == AFI_L2VPN && safi == SAFI_EVPN)) {
3424 /* Tunnel Encap attribute */
3425 bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_ENCAP);
3426
3427 #if ENABLE_BGP_VNC
3428 /* VNC attribute */
3429 bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_VNC);
3430 #endif
3431 }
3432
3433 /* PMSI Tunnel */
3434 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PMSI_TUNNEL)) {
3435 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3436 stream_putc(s, BGP_ATTR_PMSI_TUNNEL);
3437 stream_putc(s, 9); // Length
3438 stream_putc(s, 0); // Flags
3439 stream_putc(s, PMSI_TNLTYPE_INGR_REPL); // IR (6)
3440 stream_put(s, &(attr->label),
3441 BGP_LABEL_BYTES); // MPLS Label / VXLAN VNI
3442 stream_put_ipv4(s, attr->nexthop.s_addr);
3443 // Unicast tunnel endpoint IP address
3444 }
3445
3446 /* Unknown transit attribute. */
3447 if (attr->transit)
3448 stream_put(s, attr->transit->val, attr->transit->length);
3449
3450 /* Return total size of attribute. */
3451 return stream_get_endp(s) - cp;
3452 }
3453
3454 size_t bgp_packet_mpunreach_start(struct stream *s, afi_t afi, safi_t safi)
3455 {
3456 unsigned long attrlen_pnt;
3457 iana_afi_t pkt_afi;
3458 iana_safi_t pkt_safi;
3459
3460 /* Set extended bit always to encode the attribute length as 2 bytes */
3461 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN);
3462 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
3463
3464 attrlen_pnt = stream_get_endp(s);
3465 stream_putw(s, 0); /* Length of this attribute. */
3466
3467 /* Convert AFI, SAFI to values for packet. */
3468 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
3469
3470 stream_putw(s, pkt_afi);
3471 stream_putc(s, pkt_safi);
3472
3473 return attrlen_pnt;
3474 }
3475
3476 void bgp_packet_mpunreach_prefix(struct stream *s, struct prefix *p, afi_t afi,
3477 safi_t safi, struct prefix_rd *prd,
3478 mpls_label_t *label, uint32_t num_labels,
3479 int addpath_encode, uint32_t addpath_tx_id,
3480 struct attr *attr)
3481 {
3482 uint8_t wlabel[3] = {0x80, 0x00, 0x00};
3483
3484 if (safi == SAFI_LABELED_UNICAST) {
3485 label = (mpls_label_t *)wlabel;
3486 num_labels = 1;
3487 }
3488
3489 return bgp_packet_mpattr_prefix(s, afi, safi, p, prd, label, num_labels,
3490 addpath_encode, addpath_tx_id, attr);
3491 }
3492
3493 void bgp_packet_mpunreach_end(struct stream *s, size_t attrlen_pnt)
3494 {
3495 bgp_packet_mpattr_end(s, attrlen_pnt);
3496 }
3497
3498 /* Initialization of attribute. */
3499 void bgp_attr_init(void)
3500 {
3501 aspath_init();
3502 attrhash_init();
3503 community_init();
3504 ecommunity_init();
3505 lcommunity_init();
3506 cluster_init();
3507 transit_init();
3508 encap_init();
3509 }
3510
3511 void bgp_attr_finish(void)
3512 {
3513 aspath_finish();
3514 attrhash_finish();
3515 community_finish();
3516 ecommunity_finish();
3517 lcommunity_finish();
3518 cluster_finish();
3519 transit_finish();
3520 encap_finish();
3521 }
3522
3523 /* Make attribute packet. */
3524 void bgp_dump_routes_attr(struct stream *s, struct attr *attr,
3525 struct prefix *prefix)
3526 {
3527 unsigned long cp;
3528 unsigned long len;
3529 size_t aspath_lenp;
3530 struct aspath *aspath;
3531 int addpath_encode = 0;
3532 uint32_t addpath_tx_id = 0;
3533
3534 /* Remember current pointer. */
3535 cp = stream_get_endp(s);
3536
3537 /* Place holder of length. */
3538 stream_putw(s, 0);
3539
3540 /* Origin attribute. */
3541 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3542 stream_putc(s, BGP_ATTR_ORIGIN);
3543 stream_putc(s, 1);
3544 stream_putc(s, attr->origin);
3545
3546 aspath = attr->aspath;
3547
3548 stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN);
3549 stream_putc(s, BGP_ATTR_AS_PATH);
3550 aspath_lenp = stream_get_endp(s);
3551 stream_putw(s, 0);
3552
3553 stream_putw_at(s, aspath_lenp, aspath_put(s, aspath, 1));
3554
3555 /* Nexthop attribute. */
3556 /* If it's an IPv6 prefix, don't dump the IPv4 nexthop to save space */
3557 if (prefix != NULL && prefix->family != AF_INET6) {
3558 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3559 stream_putc(s, BGP_ATTR_NEXT_HOP);
3560 stream_putc(s, 4);
3561 stream_put_ipv4(s, attr->nexthop.s_addr);
3562 }
3563
3564 /* MED attribute. */
3565 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC)) {
3566 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3567 stream_putc(s, BGP_ATTR_MULTI_EXIT_DISC);
3568 stream_putc(s, 4);
3569 stream_putl(s, attr->med);
3570 }
3571
3572 /* Local preference. */
3573 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)) {
3574 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3575 stream_putc(s, BGP_ATTR_LOCAL_PREF);
3576 stream_putc(s, 4);
3577 stream_putl(s, attr->local_pref);
3578 }
3579
3580 /* Atomic aggregate. */
3581 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE)) {
3582 stream_putc(s, BGP_ATTR_FLAG_TRANS);
3583 stream_putc(s, BGP_ATTR_ATOMIC_AGGREGATE);
3584 stream_putc(s, 0);
3585 }
3586
3587 /* Aggregator. */
3588 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR)) {
3589 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS);
3590 stream_putc(s, BGP_ATTR_AGGREGATOR);
3591 stream_putc(s, 8);
3592 stream_putl(s, attr->aggregator_as);
3593 stream_put_ipv4(s, attr->aggregator_addr.s_addr);
3594 }
3595
3596 /* Community attribute. */
3597 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES)) {
3598 if (attr->community->size * 4 > 255) {
3599 stream_putc(s,
3600 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3601 | BGP_ATTR_FLAG_EXTLEN);
3602 stream_putc(s, BGP_ATTR_COMMUNITIES);
3603 stream_putw(s, attr->community->size * 4);
3604 } else {
3605 stream_putc(s,
3606 BGP_ATTR_FLAG_OPTIONAL
3607 | BGP_ATTR_FLAG_TRANS);
3608 stream_putc(s, BGP_ATTR_COMMUNITIES);
3609 stream_putc(s, attr->community->size * 4);
3610 }
3611 stream_put(s, attr->community->val, attr->community->size * 4);
3612 }
3613
3614 /* Large Community attribute. */
3615 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES)) {
3616 if (lcom_length(attr->lcommunity) > 255) {
3617 stream_putc(s,
3618 BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS
3619 | BGP_ATTR_FLAG_EXTLEN);
3620 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3621 stream_putw(s, lcom_length(attr->lcommunity));
3622 } else {
3623 stream_putc(s,
3624 BGP_ATTR_FLAG_OPTIONAL
3625 | BGP_ATTR_FLAG_TRANS);
3626 stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES);
3627 stream_putc(s, lcom_length(attr->lcommunity));
3628 }
3629
3630 stream_put(s, attr->lcommunity->val,
3631 lcom_length(attr->lcommunity));
3632 }
3633
3634 /* Add a MP_NLRI attribute to dump the IPv6 next hop */
3635 if (prefix != NULL && prefix->family == AF_INET6
3636 && (attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL
3637 || attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL)) {
3638 int sizep;
3639
3640 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
3641 stream_putc(s, BGP_ATTR_MP_REACH_NLRI);
3642 sizep = stream_get_endp(s);
3643
3644 /* MP header */
3645 stream_putc(s, 0); /* Marker: Attribute length. */
3646 stream_putw(s, AFI_IP6); /* AFI */
3647 stream_putc(s, SAFI_UNICAST); /* SAFI */
3648
3649 /* Next hop */
3650 stream_putc(s, attr->mp_nexthop_len);
3651 stream_put(s, &attr->mp_nexthop_global, IPV6_MAX_BYTELEN);
3652 if (attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL)
3653 stream_put(s, &attr->mp_nexthop_local,
3654 IPV6_MAX_BYTELEN);
3655
3656 /* SNPA */
3657 stream_putc(s, 0);
3658
3659 /* Prefix */
3660 stream_put_prefix_addpath(s, prefix, addpath_encode,
3661 addpath_tx_id);
3662
3663 /* Set MP attribute length. */
3664 stream_putc_at(s, sizep, (stream_get_endp(s) - sizep) - 1);
3665 }
3666
3667 /* Prefix SID */
3668 if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID)) {
3669 if (attr->label_index != BGP_INVALID_LABEL_INDEX) {
3670 stream_putc(s,
3671 BGP_ATTR_FLAG_OPTIONAL
3672 | BGP_ATTR_FLAG_TRANS);
3673 stream_putc(s, BGP_ATTR_PREFIX_SID);
3674 stream_putc(s, 10);
3675 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX);
3676 stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
3677 stream_putc(s, 0); // reserved
3678 stream_putw(s, 0); // flags
3679 stream_putl(s, attr->label_index);
3680 }
3681 }
3682
3683 /* Return total size of attribute. */
3684 len = stream_get_endp(s) - cp - 2;
3685 stream_putw_at(s, cp, len);
3686 }
FRRouting mirror