]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_flowspec.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
zebra: clang-format style fixes
[mirror_frr.git] / bgpd / bgp_flowspec.c
1 /* BGP FlowSpec for packet handling
2 * Portions:
3 * Copyright (C) 2017 ChinaTelecom SDN Group
4 * Copyright (C) 2018 6WIND
5 *
6 * FRRouting is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * FRRouting is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22 #include <math.h>
23
24 #include "prefix.h"
25 #include "lib_errors.h"
26
27 #include "bgpd/bgpd.h"
28 #include "bgpd/bgp_route.h"
29 #include "bgpd/bgp_flowspec.h"
30 #include "bgpd/bgp_flowspec_util.h"
31 #include "bgpd/bgp_flowspec_private.h"
32 #include "bgpd/bgp_ecommunity.h"
33 #include "bgpd/bgp_debug.h"
34 #include "bgpd/bgp_errors.h"
35
36 static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len,
37 afi_t afi)
38 {
39 uint32_t offset = 0;
40 int type;
41 int ret = 0, error = 0;
42
43 while (offset < len-1) {
44 type = nlri_content[offset];
45 offset++;
46 switch (type) {
47 case FLOWSPEC_DEST_PREFIX:
48 case FLOWSPEC_SRC_PREFIX:
49 ret = bgp_flowspec_ip_address(
50 BGP_FLOWSPEC_VALIDATE_ONLY,
51 nlri_content + offset,
52 len - offset, NULL, &error,
53 afi, NULL);
54 break;
55 case FLOWSPEC_FLOW_LABEL:
56 if (afi == AFI_IP)
57 return -1;
58 ret = bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY,
59 nlri_content + offset,
60 len - offset, NULL, &error);
61 break;
62 case FLOWSPEC_IP_PROTOCOL:
63 case FLOWSPEC_PORT:
64 case FLOWSPEC_DEST_PORT:
65 case FLOWSPEC_SRC_PORT:
66 case FLOWSPEC_ICMP_TYPE:
67 case FLOWSPEC_ICMP_CODE:
68 ret = bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY,
69 nlri_content + offset,
70 len - offset, NULL, &error);
71 break;
72 case FLOWSPEC_TCP_FLAGS:
73 case FLOWSPEC_FRAGMENT:
74 ret = bgp_flowspec_bitmask_decode(
75 BGP_FLOWSPEC_VALIDATE_ONLY,
76 nlri_content + offset,
77 len - offset, NULL, &error);
78 break;
79 case FLOWSPEC_PKT_LEN:
80 case FLOWSPEC_DSCP:
81 ret = bgp_flowspec_op_decode(
82 BGP_FLOWSPEC_VALIDATE_ONLY,
83 nlri_content + offset,
84 len - offset, NULL, &error);
85 break;
86 default:
87 error = -1;
88 break;
89 }
90 offset += ret;
91 if (error < 0)
92 break;
93 }
94 return error;
95 }
96
97 int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
98 struct bgp_nlri *packet, int withdraw)
99 {
100 uint8_t *pnt;
101 uint8_t *lim;
102 afi_t afi;
103 safi_t safi;
104 int psize = 0;
105 struct prefix p;
106 void *temp;
107
108 /* Start processing the NLRI - there may be multiple in the MP_REACH */
109 pnt = packet->nlri;
110 lim = pnt + packet->length;
111 afi = packet->afi;
112 safi = packet->safi;
113
114 if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
115 flog_err(EC_BGP_FLOWSPEC_PACKET,
116 "BGP flowspec nlri length maximum reached (%u)",
117 packet->length);
118 return BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT;
119 }
120
121 for (; pnt < lim; pnt += psize) {
122 /* Clear prefix structure. */
123 memset(&p, 0, sizeof(p));
124
125 /* All FlowSpec NLRI begin with length. */
126 if (pnt + 1 > lim)
127 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
128
129 psize = *pnt++;
130 if (psize >= FLOWSPEC_NLRI_SIZELIMIT) {
131 psize &= 0x0f;
132 psize = psize << 8;
133 psize |= *pnt++;
134 }
135 /* When packet overflow occur return immediately. */
136 if (pnt + psize > lim) {
137 flog_err(
138 EC_BGP_FLOWSPEC_PACKET,
139 "Flowspec NLRI length inconsistent ( size %u seen)",
140 psize);
141 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
142 }
143 if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) {
144 flog_err(
145 EC_BGP_FLOWSPEC_PACKET,
146 "Bad flowspec format or NLRI options not supported");
147 return BGP_NLRI_PARSE_ERROR_FLOWSPEC_BAD_FORMAT;
148 }
149 p.family = AF_FLOWSPEC;
150 p.prefixlen = 0;
151 /* Flowspec encoding is in bytes */
152 p.u.prefix_flowspec.prefixlen = psize;
153 p.u.prefix_flowspec.family = afi2family(afi);
154 temp = XCALLOC(MTYPE_TMP, psize);
155 memcpy(temp, pnt, psize);
156 p.u.prefix_flowspec.ptr = (uintptr_t) temp;
157
158 if (BGP_DEBUG(flowspec, FLOWSPEC)) {
159 char return_string[BGP_FLOWSPEC_NLRI_STRING_MAX];
160 char local_string[BGP_FLOWSPEC_NLRI_STRING_MAX*2+16];
161 char ec_string[BGP_FLOWSPEC_NLRI_STRING_MAX];
162 char *s = NULL;
163
164 bgp_fs_nlri_get_string((unsigned char *)
165 p.u.prefix_flowspec.ptr,
166 p.u.prefix_flowspec.prefixlen,
167 return_string,
168 NLRI_STRING_FORMAT_MIN, NULL,
169 afi);
170 snprintf(ec_string, sizeof(ec_string),
171 "EC{none}");
172 if (attr && bgp_attr_get_ecommunity(attr)) {
173 s = ecommunity_ecom2str(
174 bgp_attr_get_ecommunity(attr),
175 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
176 snprintf(ec_string, sizeof(ec_string),
177 "EC{%s}",
178 s == NULL ? "none" : s);
179
180 if (s)
181 ecommunity_strfree(&s);
182 }
183 snprintf(local_string, sizeof(local_string),
184 "FS Rx %s %s %s %s", withdraw ?
185 "Withdraw":"Update",
186 afi2str(afi), return_string,
187 attr != NULL ? ec_string : "");
188 zlog_info("%s", local_string);
189 }
190 /* Process the route. */
191 if (!withdraw)
192 bgp_update(peer, &p, 0, attr, afi, safi,
193 ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL,
194 NULL, 0, 0, NULL);
195 else
196 bgp_withdraw(peer, &p, 0, attr, afi, safi,
197 ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL,
198 NULL, 0, NULL);
199 }
200 return BGP_NLRI_PARSE_OK;
201 }
FRRouting mirror