]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_flowspec.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2591 from LabNConsulting/working/master/bgp-delayed-default-instance
[mirror_frr.git] / bgpd / bgp_flowspec.c
1 /* BGP FlowSpec for packet handling
2 * Portions:
3 * Copyright (C) 2017 ChinaTelecom SDN Group
4 * Copyright (C) 2018 6WIND
5 *
6 * FRRouting is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * FRRouting is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include "math.h"
22
23 #include <zebra.h>
24 #include "prefix.h"
25
26 #include "bgpd/bgpd.h"
27 #include "bgpd/bgp_route.h"
28 #include "bgpd/bgp_flowspec.h"
29 #include "bgpd/bgp_flowspec_util.h"
30 #include "bgpd/bgp_flowspec_private.h"
31 #include "bgpd/bgp_ecommunity.h"
32 #include "bgpd/bgp_debug.h"
33
34 static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len)
35 {
36 uint32_t offset = 0;
37 int type;
38 int ret = 0, error = 0;
39
40 while (offset < len-1) {
41 type = nlri_content[offset];
42 offset++;
43 switch (type) {
44 case FLOWSPEC_DEST_PREFIX:
45 case FLOWSPEC_SRC_PREFIX:
46 ret = bgp_flowspec_ip_address(
47 BGP_FLOWSPEC_VALIDATE_ONLY,
48 nlri_content + offset,
49 len - offset, NULL, &error);
50 break;
51 case FLOWSPEC_IP_PROTOCOL:
52 case FLOWSPEC_PORT:
53 case FLOWSPEC_DEST_PORT:
54 case FLOWSPEC_SRC_PORT:
55 case FLOWSPEC_ICMP_TYPE:
56 case FLOWSPEC_ICMP_CODE:
57 ret = bgp_flowspec_op_decode(BGP_FLOWSPEC_VALIDATE_ONLY,
58 nlri_content + offset,
59 len - offset, NULL, &error);
60 break;
61 case FLOWSPEC_TCP_FLAGS:
62 case FLOWSPEC_FRAGMENT:
63 ret = bgp_flowspec_bitmask_decode(
64 BGP_FLOWSPEC_VALIDATE_ONLY,
65 nlri_content + offset,
66 len - offset, NULL, &error);
67 break;
68 case FLOWSPEC_PKT_LEN:
69 case FLOWSPEC_DSCP:
70 ret = bgp_flowspec_op_decode(
71 BGP_FLOWSPEC_VALIDATE_ONLY,
72 nlri_content + offset,
73 len - offset, NULL, &error);
74 break;
75 default:
76 error = -1;
77 break;
78 }
79 offset += ret;
80 if (error < 0)
81 break;
82 }
83 return error;
84 }
85
86 int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
87 struct bgp_nlri *packet, int withdraw)
88 {
89 uint8_t *pnt;
90 uint8_t *lim;
91 afi_t afi;
92 safi_t safi;
93 int psize = 0;
94 struct prefix p;
95 int ret;
96 void *temp;
97
98 /* Start processing the NLRI - there may be multiple in the MP_REACH */
99 pnt = packet->nlri;
100 lim = pnt + packet->length;
101 afi = packet->afi;
102 safi = packet->safi;
103
104 if (afi == AFI_IP6) {
105 zlog_err("BGP flowspec IPv6 not supported");
106 return -1;
107 }
108
109 if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) {
110 zlog_err("BGP flowspec nlri length maximum reached (%u)",
111 packet->length);
112 return -1;
113 }
114
115 for (; pnt < lim; pnt += psize) {
116 /* Clear prefix structure. */
117 memset(&p, 0, sizeof(struct prefix));
118
119 /* All FlowSpec NLRI begin with length. */
120 if (pnt + 1 > lim)
121 return -1;
122
123 psize = *pnt++;
124
125 /* When packet overflow occur return immediately. */
126 if (pnt + psize > lim) {
127 zlog_err("Flowspec NLRI length inconsistent ( size %u seen)",
128 psize);
129 return -1;
130 }
131 if (bgp_fs_nlri_validate(pnt, psize) < 0) {
132 zlog_err("Bad flowspec format or NLRI options not supported");
133 return -1;
134 }
135 p.family = AF_FLOWSPEC;
136 p.prefixlen = 0;
137 /* Flowspec encoding is in bytes */
138 p.u.prefix_flowspec.prefixlen = psize;
139 temp = XCALLOC(MTYPE_TMP, psize);
140 memcpy(temp, pnt, psize);
141 p.u.prefix_flowspec.ptr = (uintptr_t) temp;
142
143 if (BGP_DEBUG(flowspec, FLOWSPEC)) {
144 char return_string[BGP_FLOWSPEC_NLRI_STRING_MAX];
145 char local_string[BGP_FLOWSPEC_NLRI_STRING_MAX * 2];
146 char ec_string[BGP_FLOWSPEC_NLRI_STRING_MAX];
147 char *s = NULL;
148
149 bgp_fs_nlri_get_string((unsigned char *)
150 p.u.prefix_flowspec.ptr,
151 p.u.prefix_flowspec.prefixlen,
152 return_string,
153 NLRI_STRING_FORMAT_MIN, NULL);
154 snprintf(ec_string, sizeof(ec_string),
155 "EC{none}");
156 if (attr && attr->ecommunity) {
157 s = ecommunity_ecom2str(attr->ecommunity,
158 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
159 snprintf(ec_string, sizeof(ec_string),
160 "EC{%s}",
161 s == NULL ? "none" : s);
162
163 if (s)
164 ecommunity_strfree(&s);
165 }
166 snprintf(local_string, sizeof(local_string),
167 "FS Rx %s %s %s %s", withdraw ?
168 "Withdraw":"Update",
169 afi2str(afi), return_string,
170 attr != NULL ? ec_string : "");
171 zlog_info("%s", local_string);
172 }
173 /* Process the route. */
174 if (!withdraw)
175 ret = bgp_update(peer, &p, 0, attr,
176 afi, safi,
177 ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL,
178 NULL, NULL, 0, 0, NULL);
179 else
180 ret = bgp_withdraw(peer, &p, 0, attr,
181 afi, safi,
182 ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL,
183 NULL, NULL, 0, NULL);
184 if (ret) {
185 zlog_err("Flowspec NLRI failed to be %s.",
186 attr ? "added" : "withdrawn");
187 return -1;
188 }
189 }
190 return 0;
191 }
FRRouting mirror