1 /* BGP FlowSpec for packet handling
3 * Copyright (C) 2017 ChinaTelecom SDN Group
4 * Copyright (C) 2018 6WIND
6 * FRRouting is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * FRRouting is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "lib_errors.h"
27 #include "bgpd/bgpd.h"
28 #include "bgpd/bgp_route.h"
29 #include "bgpd/bgp_flowspec.h"
30 #include "bgpd/bgp_flowspec_util.h"
31 #include "bgpd/bgp_flowspec_private.h"
32 #include "bgpd/bgp_ecommunity.h"
33 #include "bgpd/bgp_debug.h"
34 #include "bgpd/bgp_errors.h"
36 static int bgp_fs_nlri_validate(uint8_t *nlri_content
, uint32_t len
,
41 int ret
= 0, error
= 0;
43 while (offset
< len
-1) {
44 type
= nlri_content
[offset
];
47 case FLOWSPEC_DEST_PREFIX
:
48 case FLOWSPEC_SRC_PREFIX
:
49 ret
= bgp_flowspec_ip_address(
50 BGP_FLOWSPEC_VALIDATE_ONLY
,
51 nlri_content
+ offset
,
52 len
- offset
, NULL
, &error
,
55 case FLOWSPEC_FLOW_LABEL
:
58 ret
= bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY
,
59 nlri_content
+ offset
,
60 len
- offset
, NULL
, &error
);
62 case FLOWSPEC_IP_PROTOCOL
:
64 case FLOWSPEC_DEST_PORT
:
65 case FLOWSPEC_SRC_PORT
:
66 case FLOWSPEC_ICMP_TYPE
:
67 case FLOWSPEC_ICMP_CODE
:
68 ret
= bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY
,
69 nlri_content
+ offset
,
70 len
- offset
, NULL
, &error
);
72 case FLOWSPEC_TCP_FLAGS
:
73 case FLOWSPEC_FRAGMENT
:
74 ret
= bgp_flowspec_bitmask_decode(
75 BGP_FLOWSPEC_VALIDATE_ONLY
,
76 nlri_content
+ offset
,
77 len
- offset
, NULL
, &error
);
79 case FLOWSPEC_PKT_LEN
:
81 ret
= bgp_flowspec_op_decode(
82 BGP_FLOWSPEC_VALIDATE_ONLY
,
83 nlri_content
+ offset
,
84 len
- offset
, NULL
, &error
);
97 int bgp_nlri_parse_flowspec(struct peer
*peer
, struct attr
*attr
,
98 struct bgp_nlri
*packet
, int withdraw
)
109 /* Start processing the NLRI - there may be multiple in the MP_REACH */
111 lim
= pnt
+ packet
->length
;
115 if (packet
->length
>= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED
) {
116 flog_err(EC_BGP_FLOWSPEC_PACKET
,
117 "BGP flowspec nlri length maximum reached (%u)",
119 return BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT
;
122 for (; pnt
< lim
; pnt
+= psize
) {
123 /* Clear prefix structure. */
124 memset(&p
, 0, sizeof(p
));
126 /* All FlowSpec NLRI begin with length. */
128 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW
;
131 if (psize
>= FLOWSPEC_NLRI_SIZELIMIT
) {
136 /* When packet overflow occur return immediately. */
137 if (pnt
+ psize
> lim
) {
139 EC_BGP_FLOWSPEC_PACKET
,
140 "Flowspec NLRI length inconsistent ( size %u seen)",
142 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW
;
144 if (bgp_fs_nlri_validate(pnt
, psize
, afi
) < 0) {
146 EC_BGP_FLOWSPEC_PACKET
,
147 "Bad flowspec format or NLRI options not supported");
148 return BGP_NLRI_PARSE_ERROR_FLOWSPEC_BAD_FORMAT
;
150 p
.family
= AF_FLOWSPEC
;
152 /* Flowspec encoding is in bytes */
153 p
.u
.prefix_flowspec
.prefixlen
= psize
;
154 p
.u
.prefix_flowspec
.family
= afi2family(afi
);
155 temp
= XCALLOC(MTYPE_TMP
, psize
);
156 memcpy(temp
, pnt
, psize
);
157 p
.u
.prefix_flowspec
.ptr
= (uintptr_t) temp
;
159 if (BGP_DEBUG(flowspec
, FLOWSPEC
)) {
160 char return_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
];
161 char local_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
*2+16];
162 char ec_string
[BGP_FLOWSPEC_NLRI_STRING_MAX
];
165 bgp_fs_nlri_get_string((unsigned char *)
166 p
.u
.prefix_flowspec
.ptr
,
167 p
.u
.prefix_flowspec
.prefixlen
,
169 NLRI_STRING_FORMAT_MIN
, NULL
,
171 snprintf(ec_string
, sizeof(ec_string
),
173 if (attr
&& bgp_attr_get_ecommunity(attr
)) {
174 s
= ecommunity_ecom2str(
175 bgp_attr_get_ecommunity(attr
),
176 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
177 snprintf(ec_string
, sizeof(ec_string
),
179 s
== NULL
? "none" : s
);
182 ecommunity_strfree(&s
);
184 snprintf(local_string
, sizeof(local_string
),
185 "FS Rx %s %s %s %s", withdraw
?
187 afi2str(afi
), return_string
,
188 attr
!= NULL
? ec_string
: "");
189 zlog_info("%s", local_string
);
191 /* Process the route. */
193 ret
= bgp_update(peer
, &p
, 0, attr
,
195 ZEBRA_ROUTE_BGP
, BGP_ROUTE_NORMAL
,
196 NULL
, NULL
, 0, 0, NULL
);
198 ret
= bgp_withdraw(peer
, &p
, 0, attr
,
200 ZEBRA_ROUTE_BGP
, BGP_ROUTE_NORMAL
,
201 NULL
, NULL
, 0, NULL
);
203 flog_err(EC_BGP_FLOWSPEC_INSTALLATION
,
204 "Flowspec NLRI failed to be %s.",
205 attr
? "added" : "withdrawn");
206 return BGP_NLRI_PARSE_ERROR
;
209 return BGP_NLRI_PARSE_OK
;