1 /* BGP FlowSpec for packet handling
3 * Copyright (C) 2017 ChinaTelecom SDN Group
4 * Copyright (C) 2018 6WIND
6 * FRRouting is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * FRRouting is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
26 #include "bgpd/bgpd.h"
27 #include "bgpd/bgp_route.h"
28 #include "bgpd/bgp_flowspec.h"
29 #include "bgpd/bgp_flowspec_util.h"
30 #include "bgpd/bgp_flowspec_private.h"
31 #include "bgpd/bgp_ecommunity.h"
32 #include "bgpd/bgp_debug.h"
34 static int bgp_fs_nlri_validate(uint8_t *nlri_content
, uint32_t len
)
38 int ret
= 0, error
= 0;
40 while (offset
< len
-1) {
41 type
= nlri_content
[offset
];
44 case FLOWSPEC_DEST_PREFIX
:
45 case FLOWSPEC_SRC_PREFIX
:
46 ret
= bgp_flowspec_ip_address(
47 BGP_FLOWSPEC_VALIDATE_ONLY
,
48 nlri_content
+ offset
,
49 len
- offset
, NULL
, &error
);
51 case FLOWSPEC_IP_PROTOCOL
:
53 case FLOWSPEC_DEST_PORT
:
54 case FLOWSPEC_SRC_PORT
:
55 case FLOWSPEC_ICMP_TYPE
:
56 case FLOWSPEC_ICMP_CODE
:
57 ret
= bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY
,
58 nlri_content
+ offset
,
59 len
- offset
, NULL
, &error
);
61 case FLOWSPEC_TCP_FLAGS
:
62 case FLOWSPEC_FRAGMENT
:
63 ret
= bgp_flowspec_bitmask_decode(
64 BGP_FLOWSPEC_VALIDATE_ONLY
,
65 nlri_content
+ offset
,
66 len
- offset
, NULL
, &error
);
68 case FLOWSPEC_PKT_LEN
:
70 ret
= bgp_flowspec_op_decode(
71 BGP_FLOWSPEC_VALIDATE_ONLY
,
72 nlri_content
+ offset
,
73 len
- offset
, NULL
, &error
);
86 int bgp_nlri_parse_flowspec(struct peer
*peer
, struct attr
*attr
,
87 struct bgp_nlri
*packet
, int withdraw
)
98 /* Start processing the NLRI - there may be multiple in the MP_REACH */
100 lim
= pnt
+ packet
->length
;
104 if (afi
== AFI_IP6
) {
105 zlog_err("BGP flowspec IPv6 not supported");
109 if (packet
->length
>= FLOWSPEC_NLRI_SIZELIMIT
) {
110 zlog_err("BGP flowspec nlri length maximum reached (%u)",
115 for (; pnt
< lim
; pnt
+= psize
) {
116 /* Clear prefix structure. */
117 memset(&p
, 0, sizeof(struct prefix
));
119 /* All FlowSpec NLRI begin with length. */
125 /* When packet overflow occur return immediately. */
126 if (pnt
+ psize
> lim
) {
127 zlog_err("Flowspec NLRI length inconsistent ( size %u seen)",
131 if (bgp_fs_nlri_validate(pnt
, psize
) < 0) {
132 zlog_err("Bad flowspec format or NLRI options not supported");
135 p
.family
= AF_FLOWSPEC
;
137 /* Flowspec encoding is in bytes */
138 p
.u
.prefix_flowspec
.prefixlen
= psize
;
139 temp
= XCALLOC(MTYPE_TMP
, psize
);
140 memcpy(temp
, pnt
, psize
);
141 p
.u
.prefix_flowspec
.ptr
= (uintptr_t) temp
;
143 if (BGP_DEBUG(flowspec
, FLOWSPEC
)) {
144 char return_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
];
145 char local_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
* 2];
146 char ec_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
];
149 bgp_fs_nlri_get_string((unsigned char *)
150 p
.u
.prefix_flowspec
.ptr
,
151 p
.u
.prefix_flowspec
.prefixlen
,
153 NLRI_STRING_FORMAT_MIN
, NULL
);
154 snprintf(ec_string
, sizeof(ec_string
),
156 if (attr
&& attr
->ecommunity
) {
157 s
= ecommunity_ecom2str(attr
->ecommunity
,
158 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
159 snprintf(ec_string
, sizeof(ec_string
),
161 s
== NULL
? "none" : s
);
164 ecommunity_strfree(&s
);
166 snprintf(local_string
, sizeof(local_string
),
167 "FS Rx %s %s %s %s", withdraw
?
169 afi2str(afi
), return_string
,
170 attr
!= NULL
? ec_string
: "");
171 zlog_info("%s", local_string
);
173 /* Process the route. */
175 ret
= bgp_update(peer
, &p
, 0, attr
,
177 ZEBRA_ROUTE_BGP
, BGP_ROUTE_NORMAL
,
178 NULL
, NULL
, 0, 0, NULL
);
180 ret
= bgp_withdraw(peer
, &p
, 0, attr
,
182 ZEBRA_ROUTE_BGP
, BGP_ROUTE_NORMAL
,
183 NULL
, NULL
, 0, NULL
);
185 zlog_err("Flowspec NLRI failed to be %s.",
186 attr
? "added" : "withdrawn");