]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12798 from donaldsharp/rib_match_multicast
[mirror_frr.git] / bgpd / bgp_open.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* BGP open message handling
3 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 */
5
6 #include <zebra.h>
7
8 #include "linklist.h"
9 #include "prefix.h"
10 #include "stream.h"
11 #include "thread.h"
12 #include "log.h"
13 #include "command.h"
14 #include "memory.h"
15 #include "queue.h"
16 #include "filter.h"
17
18 #include "lib/json.h"
19 #include "bgpd/bgpd.h"
20 #include "bgpd/bgp_attr.h"
21 #include "bgpd/bgp_debug.h"
22 #include "bgpd/bgp_errors.h"
23 #include "bgpd/bgp_fsm.h"
24 #include "bgpd/bgp_packet.h"
25 #include "bgpd/bgp_open.h"
26 #include "bgpd/bgp_aspath.h"
27 #include "bgpd/bgp_vty.h"
28 #include "bgpd/bgp_memory.h"
29
30 static const struct message capcode_str[] = {
31 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
32 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
33 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
34 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
35 {CAPABILITY_CODE_AS4, "4-octet AS number"},
36 {CAPABILITY_CODE_ADDPATH, "AddPath"},
37 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
38 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
39 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
40 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
41 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
42 {CAPABILITY_CODE_FQDN, "FQDN"},
43 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
44 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
45 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
46 {CAPABILITY_CODE_ROLE, "Role"},
47 {CAPABILITY_CODE_SOFT_VERSION, "Software Version"},
48 {0}};
49
50 /* Minimum sizes for length field of each cap (so not inc. the header) */
51 static const size_t cap_minsizes[] = {
52 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
53 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
54 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
55 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
56 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
57 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
58 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
59 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
60 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
61 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
62 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
63 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
64 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
65 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
66 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
67 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
68 [CAPABILITY_CODE_SOFT_VERSION] = CAPABILITY_CODE_SOFT_VERSION_LEN,
69 };
70
71 /* value the capability must be a multiple of.
72 * 0-data capabilities won't be checked against this.
73 * Other capabilities whose data doesn't fall on convenient boundaries for this
74 * table should be set to 1.
75 */
76 static const size_t cap_modsizes[] = {
77 [CAPABILITY_CODE_MP] = 4,
78 [CAPABILITY_CODE_REFRESH] = 1,
79 [CAPABILITY_CODE_ORF] = 1,
80 [CAPABILITY_CODE_RESTART] = 1,
81 [CAPABILITY_CODE_AS4] = 4,
82 [CAPABILITY_CODE_ADDPATH] = 4,
83 [CAPABILITY_CODE_DYNAMIC] = 1,
84 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
85 [CAPABILITY_CODE_ENHE] = 6,
86 [CAPABILITY_CODE_REFRESH_OLD] = 1,
87 [CAPABILITY_CODE_ORF_OLD] = 1,
88 [CAPABILITY_CODE_FQDN] = 1,
89 [CAPABILITY_CODE_ENHANCED_RR] = 1,
90 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
91 [CAPABILITY_CODE_LLGR] = 1,
92 [CAPABILITY_CODE_ROLE] = 1,
93 [CAPABILITY_CODE_SOFT_VERSION] = 1,
94 };
95
96 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
97 negotiate remote peer supports extentions or not. But if
98 remote-peer doesn't supports negotiation process itself. We would
99 like to do manual configuration.
100
101 So there is many configurable point. First of all we want set each
102 peer whether we send capability negotiation to the peer or not.
103 Next, if we send capability to the peer we want to set my capability
104 inforation at each peer. */
105
106 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
107 json_object *json_neigh)
108 {
109 char *pnt;
110 char *end;
111 struct capability_mp_data mpc;
112 struct capability_header *hdr;
113 json_object *json_cap = NULL;
114
115 if (use_json)
116 json_cap = json_object_new_object();
117
118 pnt = peer->notify.data;
119 end = pnt + peer->notify.length;
120
121 while (pnt < end) {
122 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
123 return;
124
125 hdr = (struct capability_header *)pnt;
126 if (pnt + hdr->length + 2 > end)
127 return;
128
129 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
130
131 if (hdr->code == CAPABILITY_CODE_MP) {
132 afi_t afi;
133 safi_t safi;
134
135 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
136 mpc.safi, &afi, &safi);
137
138 if (use_json) {
139 switch (afi) {
140 case AFI_IP:
141 json_object_string_add(
142 json_cap,
143 "capabilityErrorMultiProtocolAfi",
144 "IPv4");
145 break;
146 case AFI_IP6:
147 json_object_string_add(
148 json_cap,
149 "capabilityErrorMultiProtocolAfi",
150 "IPv6");
151 break;
152 case AFI_L2VPN:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "L2VPN");
157 break;
158 case AFI_UNSPEC:
159 case AFI_MAX:
160 json_object_int_add(
161 json_cap,
162 "capabilityErrorMultiProtocolAfiUnknown",
163 ntohs(mpc.afi));
164 break;
165 }
166 switch (safi) {
167 case SAFI_UNICAST:
168 json_object_string_add(
169 json_cap,
170 "capabilityErrorMultiProtocolSafi",
171 "unicast");
172 break;
173 case SAFI_MULTICAST:
174 json_object_string_add(
175 json_cap,
176 "capabilityErrorMultiProtocolSafi",
177 "multicast");
178 break;
179 case SAFI_LABELED_UNICAST:
180 json_object_string_add(
181 json_cap,
182 "capabilityErrorMultiProtocolSafi",
183 "labeled-unicast");
184 break;
185 case SAFI_MPLS_VPN:
186 json_object_string_add(
187 json_cap,
188 "capabilityErrorMultiProtocolSafi",
189 "MPLS-labeled VPN");
190 break;
191 case SAFI_ENCAP:
192 json_object_string_add(
193 json_cap,
194 "capabilityErrorMultiProtocolSafi",
195 "encap");
196 break;
197 case SAFI_EVPN:
198 json_object_string_add(
199 json_cap,
200 "capabilityErrorMultiProtocolSafi",
201 "EVPN");
202 break;
203 case SAFI_FLOWSPEC:
204 json_object_string_add(
205 json_cap,
206 "capabilityErrorMultiProtocolSafi",
207 "flowspec");
208 break;
209 case SAFI_UNSPEC:
210 case SAFI_MAX:
211 json_object_int_add(
212 json_cap,
213 "capabilityErrorMultiProtocolSafiUnknown",
214 mpc.safi);
215 break;
216 }
217 } else {
218 vty_out(vty,
219 " Capability error for: Multi protocol ");
220 switch (afi) {
221 case AFI_IP:
222 vty_out(vty, "AFI IPv4, ");
223 break;
224 case AFI_IP6:
225 vty_out(vty, "AFI IPv6, ");
226 break;
227 case AFI_L2VPN:
228 vty_out(vty, "AFI L2VPN, ");
229 break;
230 case AFI_UNSPEC:
231 case AFI_MAX:
232 vty_out(vty, "AFI Unknown %d, ",
233 ntohs(mpc.afi));
234 break;
235 }
236 switch (safi) {
237 case SAFI_UNICAST:
238 vty_out(vty, "SAFI Unicast");
239 break;
240 case SAFI_MULTICAST:
241 vty_out(vty, "SAFI Multicast");
242 break;
243 case SAFI_LABELED_UNICAST:
244 vty_out(vty, "SAFI Labeled-unicast");
245 break;
246 case SAFI_MPLS_VPN:
247 vty_out(vty, "SAFI MPLS-labeled VPN");
248 break;
249 case SAFI_ENCAP:
250 vty_out(vty, "SAFI ENCAP");
251 break;
252 case SAFI_FLOWSPEC:
253 vty_out(vty, "SAFI FLOWSPEC");
254 break;
255 case SAFI_EVPN:
256 vty_out(vty, "SAFI EVPN");
257 break;
258 case SAFI_UNSPEC:
259 case SAFI_MAX:
260 vty_out(vty, "SAFI Unknown %d ",
261 mpc.safi);
262 break;
263 }
264 vty_out(vty, "\n");
265 }
266 } else if (hdr->code >= 128) {
267 if (use_json)
268 json_object_int_add(
269 json_cap,
270 "capabilityErrorVendorSpecificCapabilityCode",
271 hdr->code);
272 else
273 vty_out(vty,
274 " Capability error: vendor specific capability code %d",
275 hdr->code);
276 } else {
277 if (use_json)
278 json_object_int_add(
279 json_cap,
280 "capabilityErrorUnknownCapabilityCode",
281 hdr->code);
282 else
283 vty_out(vty,
284 " Capability error: unknown capability code %d",
285 hdr->code);
286 }
287 pnt += hdr->length + 2;
288 }
289 if (use_json)
290 json_object_object_add(json_neigh, "capabilityErrors",
291 json_cap);
292 }
293
294 static void bgp_capability_mp_data(struct stream *s,
295 struct capability_mp_data *mpc)
296 {
297 mpc->afi = stream_getw(s);
298 mpc->reserved = stream_getc(s);
299 mpc->safi = stream_getc(s);
300 }
301
302 /* Set negotiated capability value. */
303 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
304 {
305 struct capability_mp_data mpc;
306 struct stream *s = BGP_INPUT(peer);
307 afi_t afi;
308 safi_t safi;
309
310 /* Verify length is 4 */
311 if (hdr->length != 4) {
312 flog_warn(
313 EC_BGP_CAPABILITY_INVALID_LENGTH,
314 "MP Cap: Received invalid length %d, non-multiple of 4",
315 hdr->length);
316 return -1;
317 }
318
319 bgp_capability_mp_data(s, &mpc);
320
321 if (bgp_debug_neighbor_events(peer))
322 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
323 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
324 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
325
326 /* Convert AFI, SAFI to internal values, check. */
327 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
328 return -1;
329
330 /* Now safi remapped, and afi/safi are valid array indices */
331 peer->afc_recv[afi][safi] = 1;
332
333 if (peer->afc[afi][safi])
334 peer->afc_nego[afi][safi] = 1;
335 else
336 return -1;
337
338 return 0;
339 }
340
341 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
342 iana_safi_t safi, uint8_t type,
343 uint8_t mode)
344 {
345 if (bgp_debug_neighbor_events(peer))
346 zlog_debug(
347 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
348 peer->host, afi, safi, type, mode);
349 }
350
351 static const struct message orf_type_str[] = {
352 {ORF_TYPE_RESERVED, "Reserved"},
353 {ORF_TYPE_PREFIX, "Prefixlist"},
354 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
355 {0}};
356
357 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
358 {ORF_MODE_SEND, "Send"},
359 {ORF_MODE_BOTH, "Both"},
360 {0}};
361
362 static int bgp_capability_orf_entry(struct peer *peer,
363 struct capability_header *hdr)
364 {
365 struct stream *s = BGP_INPUT(peer);
366 struct capability_mp_data mpc;
367 uint8_t num;
368 iana_afi_t pkt_afi;
369 afi_t afi;
370 iana_safi_t pkt_safi;
371 safi_t safi;
372 uint8_t type;
373 uint8_t mode;
374 uint16_t sm_cap = 0; /* capability send-mode receive */
375 uint16_t rm_cap = 0; /* capability receive-mode receive */
376 int i;
377
378 /* ORF Entry header */
379 bgp_capability_mp_data(s, &mpc);
380 num = stream_getc(s);
381 pkt_afi = mpc.afi;
382 pkt_safi = mpc.safi;
383
384 if (bgp_debug_neighbor_events(peer))
385 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
386 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
387
388 /* Convert AFI, SAFI to internal values, check. */
389 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
390 zlog_info(
391 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
392 peer->host, pkt_afi, pkt_safi);
393 return 0;
394 }
395
396 mpc.afi = pkt_afi;
397 mpc.safi = safi;
398
399 /* validate number field */
400 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
401 zlog_info(
402 "%s ORF Capability entry length error, Cap length %u, num %u",
403 peer->host, hdr->length, num);
404 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
405 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
406 return -1;
407 }
408
409 for (i = 0; i < num; i++) {
410 type = stream_getc(s);
411 mode = stream_getc(s);
412
413 /* ORF Mode error check */
414 switch (mode) {
415 case ORF_MODE_BOTH:
416 case ORF_MODE_SEND:
417 case ORF_MODE_RECEIVE:
418 break;
419 default:
420 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
421 type, mode);
422 continue;
423 }
424 /* ORF Type and afi/safi error checks */
425 /* capcode versus type */
426 switch (hdr->code) {
427 case CAPABILITY_CODE_ORF:
428 switch (type) {
429 case ORF_TYPE_RESERVED:
430 if (bgp_debug_neighbor_events(peer))
431 zlog_debug(
432 "%s Addr-family %d/%d has reserved ORF type, ignoring",
433 peer->host, afi, safi);
434 break;
435 case ORF_TYPE_PREFIX:
436 break;
437 default:
438 bgp_capability_orf_not_support(
439 peer, pkt_afi, pkt_safi, type, mode);
440 continue;
441 }
442 break;
443 case CAPABILITY_CODE_ORF_OLD:
444 switch (type) {
445 case ORF_TYPE_RESERVED:
446 if (bgp_debug_neighbor_events(peer))
447 zlog_debug(
448 "%s Addr-family %d/%d has reserved ORF type, ignoring",
449 peer->host, afi, safi);
450 break;
451 case ORF_TYPE_PREFIX_OLD:
452 break;
453 default:
454 bgp_capability_orf_not_support(
455 peer, pkt_afi, pkt_safi, type, mode);
456 continue;
457 }
458 break;
459 default:
460 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
461 type, mode);
462 continue;
463 }
464
465 /* AFI vs SAFI */
466 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
467 || (afi == AFI_IP && safi == SAFI_MULTICAST)
468 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
469 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
470 type, mode);
471 continue;
472 }
473
474 if (bgp_debug_neighbor_events(peer))
475 zlog_debug(
476 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
477 peer->host,
478 lookup_msg(orf_type_str, type, NULL),
479 lookup_msg(orf_mode_str, mode, NULL),
480 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
481
482 if (hdr->code == CAPABILITY_CODE_ORF) {
483 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
484 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
485 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
486 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
487 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
488 } else {
489 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
490 type, mode);
491 continue;
492 }
493
494 switch (mode) {
495 case ORF_MODE_BOTH:
496 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
497 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
498 break;
499 case ORF_MODE_SEND:
500 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
501 break;
502 case ORF_MODE_RECEIVE:
503 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
504 break;
505 }
506 }
507 return 0;
508 }
509
510 static int bgp_capability_restart(struct peer *peer,
511 struct capability_header *caphdr)
512 {
513 struct stream *s = BGP_INPUT(peer);
514 uint16_t restart_flag_time;
515 size_t end = stream_get_getp(s) + caphdr->length;
516
517 /* Verify length is a multiple of 4 */
518 if ((caphdr->length - 2) % 4) {
519 flog_warn(
520 EC_BGP_CAPABILITY_INVALID_LENGTH,
521 "Restart Cap: Received invalid length %d, non-multiple of 4",
522 caphdr->length);
523 return -1;
524 }
525
526 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
527 restart_flag_time = stream_getw(s);
528
529 /* The most significant bit is defined in [RFC4724] as
530 * the Restart State ("R") bit.
531 */
532 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
533 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
534 else
535 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
536
537 /* The second most significant bit is defined in this
538 * document as the Graceful Notification ("N") bit.
539 */
540 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
542 else
543 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
544
545 UNSET_FLAG(restart_flag_time, 0xF000);
546 peer->v_gr_restart = restart_flag_time;
547
548 if (bgp_debug_neighbor_events(peer)) {
549 zlog_debug(
550 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
551 peer->host,
552 CHECK_FLAG(peer->cap,
553 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
554 ? " "
555 : " not ",
556 peer->v_gr_restart,
557 CHECK_FLAG(peer->cap,
558 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
559 ? "yes"
560 : "no");
561 }
562
563 while (stream_get_getp(s) + 4 <= end) {
564 afi_t afi;
565 safi_t safi;
566 iana_afi_t pkt_afi = stream_getw(s);
567 iana_safi_t pkt_safi = stream_getc(s);
568 uint8_t flag = stream_getc(s);
569
570 /* Convert AFI, SAFI to internal values, check. */
571 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
572 if (bgp_debug_neighbor_events(peer))
573 zlog_debug(
574 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
575 peer->host, iana_afi2str(pkt_afi),
576 iana_safi2str(pkt_safi));
577 } else if (!peer->afc[afi][safi]) {
578 if (bgp_debug_neighbor_events(peer))
579 zlog_debug(
580 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
581 peer->host, iana_afi2str(pkt_afi),
582 iana_safi2str(pkt_safi));
583 } else {
584 if (bgp_debug_neighbor_events(peer))
585 zlog_debug(
586 "%s Address family %s is%spreserved",
587 peer->host, get_afi_safi_str(afi, safi, false),
588 CHECK_FLAG(
589 peer->af_cap[afi][safi],
590 PEER_CAP_RESTART_AF_PRESERVE_RCV)
591 ? " "
592 : " not ");
593
594 SET_FLAG(peer->af_cap[afi][safi],
595 PEER_CAP_RESTART_AF_RCV);
596 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
597 SET_FLAG(peer->af_cap[afi][safi],
598 PEER_CAP_RESTART_AF_PRESERVE_RCV);
599 }
600 }
601 return 0;
602 }
603
604 static int bgp_capability_llgr(struct peer *peer,
605 struct capability_header *caphdr)
606 {
607 struct stream *s = BGP_INPUT(peer);
608 size_t end = stream_get_getp(s) + caphdr->length;
609
610 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
611
612 while (stream_get_getp(s) + 4 <= end) {
613 afi_t afi;
614 safi_t safi;
615 iana_afi_t pkt_afi = stream_getw(s);
616 iana_safi_t pkt_safi = stream_getc(s);
617 uint8_t flags = stream_getc(s);
618 uint32_t stale_time = stream_get3(s);
619
620 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
621 if (bgp_debug_neighbor_events(peer))
622 zlog_debug(
623 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
624 peer->host, iana_afi2str(pkt_afi),
625 iana_safi2str(pkt_safi));
626 } else if (!peer->afc[afi][safi]
627 || !CHECK_FLAG(peer->af_cap[afi][safi],
628 PEER_CAP_RESTART_AF_RCV)) {
629 if (bgp_debug_neighbor_events(peer))
630 zlog_debug(
631 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
632 peer->host, iana_afi2str(pkt_afi),
633 iana_safi2str(pkt_safi));
634 } else {
635 if (bgp_debug_neighbor_events(peer))
636 zlog_debug(
637 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
638 peer->host, iana_afi2str(pkt_afi),
639 iana_safi2str(pkt_safi), stale_time);
640
641 peer->llgr[afi][safi].flags = flags;
642 peer->llgr[afi][safi].stale_time =
643 MIN(stale_time, peer->bgp->llgr_stale_time);
644 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
645 }
646 }
647
648 return 0;
649 }
650
651 /* Unlike other capability parsing routines, this one returns 0 on error */
652 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
653 {
654 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
655
656 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
657 flog_err(EC_BGP_PKT_OPEN,
658 "%s AS4 capability has incorrect data length %d",
659 peer->host, hdr->length);
660 return 0;
661 }
662
663 as_t as4 = stream_getl(BGP_INPUT(peer));
664
665 if (BGP_DEBUG(as4, AS4))
666 zlog_debug(
667 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
668 peer->host, as4);
669 return as4;
670 }
671
672 static int bgp_capability_ext_message(struct peer *peer,
673 struct capability_header *hdr)
674 {
675 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
676 flog_err(
677 EC_BGP_PKT_OPEN,
678 "%s: BGP Extended Message capability has incorrect data length %d",
679 peer->host, hdr->length);
680 return -1;
681 }
682
683 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
684
685 return 0;
686 }
687
688 static int bgp_capability_addpath(struct peer *peer,
689 struct capability_header *hdr)
690 {
691 struct stream *s = BGP_INPUT(peer);
692 size_t end = stream_get_getp(s) + hdr->length;
693
694 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
695
696 /* Verify length is a multiple of 4 */
697 if (hdr->length % 4) {
698 flog_warn(
699 EC_BGP_CAPABILITY_INVALID_LENGTH,
700 "Add Path: Received invalid length %d, non-multiple of 4",
701 hdr->length);
702 return -1;
703 }
704
705 while (stream_get_getp(s) + 4 <= end) {
706 afi_t afi;
707 safi_t safi;
708 iana_afi_t pkt_afi = stream_getw(s);
709 iana_safi_t pkt_safi = stream_getc(s);
710 uint8_t send_receive = stream_getc(s);
711
712 if (bgp_debug_neighbor_events(peer))
713 zlog_debug(
714 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
715 peer->host,
716 lookup_msg(capcode_str, hdr->code, NULL),
717 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
718 (send_receive & BGP_ADDPATH_RX) ? ", receive"
719 : "",
720 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
721 : "");
722
723 /* Convert AFI, SAFI to internal values, check. */
724 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
725 if (bgp_debug_neighbor_events(peer))
726 zlog_debug(
727 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
728 peer->host, iana_afi2str(pkt_afi),
729 iana_safi2str(pkt_safi));
730 continue;
731 } else if (!peer->afc[afi][safi]) {
732 if (bgp_debug_neighbor_events(peer))
733 zlog_debug(
734 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
735 peer->host, iana_afi2str(pkt_afi),
736 iana_safi2str(pkt_safi));
737 continue;
738 }
739
740 if (send_receive & BGP_ADDPATH_RX)
741 SET_FLAG(peer->af_cap[afi][safi],
742 PEER_CAP_ADDPATH_AF_RX_RCV);
743
744 if (send_receive & BGP_ADDPATH_TX)
745 SET_FLAG(peer->af_cap[afi][safi],
746 PEER_CAP_ADDPATH_AF_TX_RCV);
747 }
748
749 return 0;
750 }
751
752 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
753 {
754 struct stream *s = BGP_INPUT(peer);
755 size_t end = stream_get_getp(s) + hdr->length;
756
757 /* Verify length is a multiple of 4 */
758 if (hdr->length % 6) {
759 flog_warn(
760 EC_BGP_CAPABILITY_INVALID_LENGTH,
761 "Extended NH: Received invalid length %d, non-multiple of 6",
762 hdr->length);
763 return -1;
764 }
765
766 while (stream_get_getp(s) + 6 <= end) {
767 iana_afi_t pkt_afi = stream_getw(s);
768 afi_t afi;
769 iana_safi_t pkt_safi = stream_getw(s);
770 safi_t safi;
771 iana_afi_t pkt_nh_afi = stream_getw(s);
772 afi_t nh_afi;
773
774 if (bgp_debug_neighbor_events(peer))
775 zlog_debug(
776 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
777 peer->host, iana_afi2str(pkt_afi),
778 iana_safi2str(pkt_safi), pkt_nh_afi);
779
780 /* Convert AFI, SAFI to internal values, check. */
781 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
782 if (bgp_debug_neighbor_events(peer))
783 zlog_debug(
784 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
785 peer->host, iana_afi2str(pkt_afi),
786 iana_safi2str(pkt_safi));
787 continue;
788 }
789
790 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
791 * with
792 * the Nexthop AFI being IPv6. A future spec may introduce other
793 * possibilities, so we ignore other values with a log. Also,
794 * only
795 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
796 * (and expected).
797 */
798 nh_afi = afi_iana2int(pkt_nh_afi);
799
800 if (afi != AFI_IP || nh_afi != AFI_IP6
801 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
802 || safi == SAFI_LABELED_UNICAST)) {
803 flog_warn(
804 EC_BGP_CAPABILITY_INVALID_DATA,
805 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
806 peer->host, iana_afi2str(pkt_afi),
807 iana_safi2str(pkt_safi), pkt_nh_afi);
808 continue;
809 }
810
811 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
812
813 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
814 SET_FLAG(peer->af_cap[afi][safi],
815 PEER_CAP_ENHE_AF_NEGO);
816 }
817
818 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
819
820 return 0;
821 }
822
823 static int bgp_capability_hostname(struct peer *peer,
824 struct capability_header *hdr)
825 {
826 struct stream *s = BGP_INPUT(peer);
827 char str[BGP_MAX_HOSTNAME + 1];
828 size_t end = stream_get_getp(s) + hdr->length;
829 uint8_t len;
830
831 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
832
833 len = stream_getc(s);
834 if (stream_get_getp(s) + len > end) {
835 flog_warn(
836 EC_BGP_CAPABILITY_INVALID_DATA,
837 "%s: Received malformed hostname capability from peer %s",
838 __func__, peer->host);
839 return -1;
840 }
841
842 if (len > BGP_MAX_HOSTNAME) {
843 stream_get(str, s, BGP_MAX_HOSTNAME);
844 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
845 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
846 } else if (len)
847 stream_get(str, s, len);
848
849 if (len) {
850 str[len] = '\0';
851
852 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
853 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
854
855 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
856 }
857
858 if (stream_get_getp(s) + 1 > end) {
859 flog_warn(
860 EC_BGP_CAPABILITY_INVALID_DATA,
861 "%s: Received invalid domain name len (hostname capability) from peer %s",
862 __func__, peer->host);
863 return -1;
864 }
865
866 len = stream_getc(s);
867 if (stream_get_getp(s) + len > end) {
868 flog_warn(
869 EC_BGP_CAPABILITY_INVALID_DATA,
870 "%s: Received runt domain name (hostname capability) from peer %s",
871 __func__, peer->host);
872 return -1;
873 }
874
875 if (len > BGP_MAX_HOSTNAME) {
876 stream_get(str, s, BGP_MAX_HOSTNAME);
877 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
878 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
879 } else if (len)
880 stream_get(str, s, len);
881
882 if (len) {
883 str[len] = '\0';
884
885 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
886
887 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
888 }
889
890 if (bgp_debug_neighbor_events(peer)) {
891 zlog_debug("%s received hostname %s, domainname %s", peer->host,
892 peer->hostname, peer->domainname);
893 }
894
895 return 0;
896 }
897
898 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
899 {
900 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
901 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
902 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
903 "Role: Received invalid length %d", hdr->length);
904 return -1;
905 }
906 uint8_t role = stream_getc(BGP_INPUT(peer));
907
908 peer->remote_role = role;
909 return 0;
910 }
911
912 static int bgp_capability_software_version(struct peer *peer,
913 struct capability_header *hdr)
914 {
915 struct stream *s = BGP_INPUT(peer);
916 char str[BGP_MAX_SOFT_VERSION + 1];
917 size_t end = stream_get_getp(s) + hdr->length;
918 uint8_t len;
919
920 SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV);
921
922 len = stream_getc(s);
923 if (stream_get_getp(s) + len > end) {
924 flog_warn(
925 EC_BGP_CAPABILITY_INVALID_DATA,
926 "%s: Received malformed Software Version capability from peer %s",
927 __func__, peer->host);
928 return -1;
929 }
930
931 if (len) {
932 stream_get(str, s, len);
933 str[len] = '\0';
934
935 XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version);
936
937 peer->soft_version = XSTRDUP(MTYPE_BGP_SOFT_VERSION, str);
938
939 if (bgp_debug_neighbor_events(peer))
940 zlog_debug("%s sent Software Version: %s", peer->host,
941 peer->soft_version);
942 }
943
944 return 0;
945 }
946
947 /**
948 * Parse given capability.
949 * XXX: This is reading into a stream, but not using stream API
950 *
951 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
952 * capabilities were encountered.
953 */
954 static int bgp_capability_parse(struct peer *peer, size_t length,
955 int *mp_capability, uint8_t **error)
956 {
957 int ret;
958 struct stream *s = BGP_INPUT(peer);
959 size_t end = stream_get_getp(s) + length;
960 uint16_t restart_flag_time = 0;
961
962 assert(STREAM_READABLE(s) >= length);
963
964 while (stream_get_getp(s) < end) {
965 size_t start;
966 uint8_t *sp = stream_pnt(s);
967 struct capability_header caphdr;
968
969 ret = 0;
970 /* We need at least capability code and capability length. */
971 if (stream_get_getp(s) + 2 > end) {
972 zlog_info("%s Capability length error (< header)",
973 peer->host);
974 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
975 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
976 return -1;
977 }
978
979 caphdr.code = stream_getc(s);
980 caphdr.length = stream_getc(s);
981 start = stream_get_getp(s);
982
983 /* Capability length check sanity check. */
984 if (start + caphdr.length > end) {
985 zlog_info("%s Capability length error (< length)",
986 peer->host);
987 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
988 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
989 return -1;
990 }
991
992 if (bgp_debug_neighbor_events(peer))
993 zlog_debug("%s OPEN has %s capability (%u), length %u",
994 peer->host,
995 lookup_msg(capcode_str, caphdr.code, NULL),
996 caphdr.code, caphdr.length);
997
998 /* Length sanity check, type-specific, for known capabilities */
999 switch (caphdr.code) {
1000 case CAPABILITY_CODE_MP:
1001 case CAPABILITY_CODE_REFRESH:
1002 case CAPABILITY_CODE_REFRESH_OLD:
1003 case CAPABILITY_CODE_ORF:
1004 case CAPABILITY_CODE_ORF_OLD:
1005 case CAPABILITY_CODE_RESTART:
1006 case CAPABILITY_CODE_AS4:
1007 case CAPABILITY_CODE_ADDPATH:
1008 case CAPABILITY_CODE_DYNAMIC:
1009 case CAPABILITY_CODE_DYNAMIC_OLD:
1010 case CAPABILITY_CODE_ENHE:
1011 case CAPABILITY_CODE_FQDN:
1012 case CAPABILITY_CODE_ENHANCED_RR:
1013 case CAPABILITY_CODE_EXT_MESSAGE:
1014 case CAPABILITY_CODE_ROLE:
1015 case CAPABILITY_CODE_SOFT_VERSION:
1016 /* Check length. */
1017 if (caphdr.length < cap_minsizes[caphdr.code]) {
1018 zlog_info(
1019 "%s %s Capability length error: got %u, expected at least %u",
1020 peer->host,
1021 lookup_msg(capcode_str, caphdr.code,
1022 NULL),
1023 caphdr.length,
1024 (unsigned)cap_minsizes[caphdr.code]);
1025 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1026 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1027 return -1;
1028 }
1029 if (caphdr.length
1030 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1031 zlog_info(
1032 "%s %s Capability length error: got %u, expected a multiple of %u",
1033 peer->host,
1034 lookup_msg(capcode_str, caphdr.code,
1035 NULL),
1036 caphdr.length,
1037 (unsigned)cap_modsizes[caphdr.code]);
1038 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1039 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1040 return -1;
1041 }
1042 /* we deliberately ignore unknown codes, see below */
1043 default:
1044 break;
1045 }
1046
1047 switch (caphdr.code) {
1048 case CAPABILITY_CODE_MP: {
1049 *mp_capability = 1;
1050
1051 /* Ignore capability when override-capability is set. */
1052 if (!CHECK_FLAG(peer->flags,
1053 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1054 /* Set negotiated value. */
1055 ret = bgp_capability_mp(peer, &caphdr);
1056
1057 /* Unsupported Capability. */
1058 if (ret < 0) {
1059 /* Store return data. */
1060 memcpy(*error, sp, caphdr.length + 2);
1061 *error += caphdr.length + 2;
1062 }
1063 ret = 0; /* Don't return error for this */
1064 }
1065 } break;
1066 case CAPABILITY_CODE_ENHANCED_RR:
1067 case CAPABILITY_CODE_REFRESH:
1068 case CAPABILITY_CODE_REFRESH_OLD: {
1069 /* BGP refresh capability */
1070 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1071 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1072 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1073 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1074 else
1075 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1076 } break;
1077 case CAPABILITY_CODE_ORF:
1078 case CAPABILITY_CODE_ORF_OLD:
1079 ret = bgp_capability_orf_entry(peer, &caphdr);
1080 break;
1081 case CAPABILITY_CODE_RESTART:
1082 ret = bgp_capability_restart(peer, &caphdr);
1083 break;
1084 case CAPABILITY_CODE_LLGR:
1085 ret = bgp_capability_llgr(peer, &caphdr);
1086 break;
1087 case CAPABILITY_CODE_DYNAMIC:
1088 case CAPABILITY_CODE_DYNAMIC_OLD:
1089 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1090 break;
1091 case CAPABILITY_CODE_AS4:
1092 /* Already handled as a special-case parsing of the
1093 * capabilities
1094 * at the beginning of OPEN processing. So we care not a
1095 * jot
1096 * for the value really, only error case.
1097 */
1098 if (!bgp_capability_as4(peer, &caphdr))
1099 ret = -1;
1100 break;
1101 case CAPABILITY_CODE_ADDPATH:
1102 ret = bgp_capability_addpath(peer, &caphdr);
1103 break;
1104 case CAPABILITY_CODE_ENHE:
1105 ret = bgp_capability_enhe(peer, &caphdr);
1106 break;
1107 case CAPABILITY_CODE_EXT_MESSAGE:
1108 ret = bgp_capability_ext_message(peer, &caphdr);
1109 break;
1110 case CAPABILITY_CODE_FQDN:
1111 ret = bgp_capability_hostname(peer, &caphdr);
1112 break;
1113 case CAPABILITY_CODE_ROLE:
1114 ret = bgp_capability_role(peer, &caphdr);
1115 break;
1116 case CAPABILITY_CODE_SOFT_VERSION:
1117 ret = bgp_capability_software_version(peer, &caphdr);
1118 break;
1119 default:
1120 if (caphdr.code > 128) {
1121 /* We don't send Notification for unknown vendor
1122 specific
1123 capabilities. It seems reasonable for now...
1124 */
1125 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1126 "%s Vendor specific capability %d",
1127 peer->host, caphdr.code);
1128 } else {
1129 flog_warn(
1130 EC_BGP_CAPABILITY_UNKNOWN,
1131 "%s unrecognized capability code: %d - ignored",
1132 peer->host, caphdr.code);
1133 memcpy(*error, sp, caphdr.length + 2);
1134 *error += caphdr.length + 2;
1135 }
1136 }
1137
1138 if (ret < 0) {
1139 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1140 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1141 return -1;
1142 }
1143 if (stream_get_getp(s) != (start + caphdr.length)) {
1144 if (stream_get_getp(s) > (start + caphdr.length))
1145 flog_warn(
1146 EC_BGP_CAPABILITY_INVALID_LENGTH,
1147 "%s Cap-parser for %s read past cap-length, %u!",
1148 peer->host,
1149 lookup_msg(capcode_str, caphdr.code,
1150 NULL),
1151 caphdr.length);
1152 stream_set_getp(s, start + caphdr.length);
1153 }
1154
1155 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1156 UNSET_FLAG(restart_flag_time, 0xF000);
1157 peer->v_gr_restart = restart_flag_time;
1158 }
1159 }
1160 return 0;
1161 }
1162
1163 static bool strict_capability_same(struct peer *peer)
1164 {
1165 int i, j;
1166
1167 for (i = AFI_IP; i < AFI_MAX; i++)
1168 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1169 if (peer->afc[i][j] != peer->afc_nego[i][j])
1170 return false;
1171 return true;
1172 }
1173
1174
1175 static bool bgp_role_violation(struct peer *peer)
1176 {
1177 uint8_t local_role = peer->local_role;
1178 uint8_t remote_role = peer->remote_role;
1179
1180 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1181 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1182 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1183 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1184 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1185 (local_role == ROLE_RS_CLIENT &&
1186 remote_role == ROLE_RS_SERVER))) {
1187 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1188 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1189 return true;
1190 }
1191 if (remote_role == ROLE_UNDEFINED &&
1192 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1193 const char *err_msg =
1194 "Strict mode. Please set the role on your side.";
1195 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1196 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1197 (uint8_t *)err_msg, strlen(err_msg));
1198 return true;
1199 }
1200 return false;
1201 }
1202
1203
1204 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1205 * Returns 0 if no as4 found, as4cap value otherwise.
1206 */
1207 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1208 {
1209 struct stream *s = BGP_INPUT(peer);
1210 size_t orig_getp = stream_get_getp(s);
1211 size_t end = orig_getp + length;
1212 as_t as4 = 0;
1213
1214 if (BGP_DEBUG(as4, AS4))
1215 zlog_debug(
1216 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1217 peer->host, length);
1218 /* the error cases we DONT handle, we ONLY try to read as4 out of
1219 * correctly formatted options.
1220 */
1221 while (stream_get_getp(s) < end) {
1222 uint8_t opt_type;
1223 uint16_t opt_length;
1224
1225 /* Ensure we can read the option type */
1226 if (stream_get_getp(s) + 1 > end)
1227 goto end;
1228
1229 /* Fetch the option type */
1230 opt_type = stream_getc(s);
1231
1232 /*
1233 * Check the length and fetch the opt_length
1234 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1235 * then we do a getw which is 2 bytes. So we need to
1236 * ensure that we can read that as well
1237 */
1238 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1239 if (stream_get_getp(s) + 2 > end)
1240 goto end;
1241
1242 opt_length = stream_getw(s);
1243 } else {
1244 if (stream_get_getp(s) + 1 > end)
1245 goto end;
1246
1247 opt_length = stream_getc(s);
1248 }
1249
1250 /* Option length check. */
1251 if (stream_get_getp(s) + opt_length > end)
1252 goto end;
1253
1254 if (opt_type == BGP_OPEN_OPT_CAP) {
1255 unsigned long capd_start = stream_get_getp(s);
1256 unsigned long capd_end = capd_start + opt_length;
1257
1258 assert(capd_end <= end);
1259
1260 while (stream_get_getp(s) < capd_end) {
1261 struct capability_header hdr;
1262
1263 if (stream_get_getp(s) + 2 > capd_end)
1264 goto end;
1265
1266 hdr.code = stream_getc(s);
1267 hdr.length = stream_getc(s);
1268
1269 if ((stream_get_getp(s) + hdr.length)
1270 > capd_end)
1271 goto end;
1272
1273 if (hdr.code == CAPABILITY_CODE_AS4) {
1274 if (BGP_DEBUG(as4, AS4))
1275 zlog_debug(
1276 "[AS4] found AS4 capability, about to parse");
1277 as4 = bgp_capability_as4(peer, &hdr);
1278
1279 goto end;
1280 }
1281 stream_forward_getp(s, hdr.length);
1282 }
1283 }
1284 }
1285
1286 end:
1287 stream_set_getp(s, orig_getp);
1288 return as4;
1289 }
1290
1291 /**
1292 * Parse open option.
1293 *
1294 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1295 */
1296 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1297 int *mp_capability)
1298 {
1299 int ret = 0;
1300 uint8_t *error;
1301 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1302 struct stream *s = BGP_INPUT(peer);
1303 size_t end = stream_get_getp(s) + length;
1304
1305 error = error_data;
1306
1307 if (bgp_debug_neighbor_events(peer))
1308 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1309 peer->host, length);
1310
1311 /* Unset any previously received GR capability. */
1312 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1313
1314 while (stream_get_getp(s) < end) {
1315 uint8_t opt_type;
1316 uint16_t opt_length;
1317
1318 /*
1319 * Check that we can read the opt_type and fetch it
1320 */
1321 if (STREAM_READABLE(s) < 1) {
1322 zlog_info("%s Option length error", peer->host);
1323 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1324 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1325 return -1;
1326 }
1327 opt_type = stream_getc(s);
1328
1329 /*
1330 * Check the length of the stream to ensure that
1331 * FRR can properly read the opt_length. Then read it
1332 */
1333 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1334 if (STREAM_READABLE(s) < 2) {
1335 zlog_info("%s Option length error", peer->host);
1336 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1337 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1338 return -1;
1339 }
1340
1341 opt_length = stream_getw(s);
1342 } else {
1343 if (STREAM_READABLE(s) < 1) {
1344 zlog_info("%s Option length error", peer->host);
1345 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1346 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1347 return -1;
1348 }
1349
1350 opt_length = stream_getc(s);
1351 }
1352
1353 /* Option length check. */
1354 if (STREAM_READABLE(s) < opt_length) {
1355 zlog_info("%s Option length error (%d)", peer->host,
1356 opt_length);
1357 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1358 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1359 return -1;
1360 }
1361
1362 if (bgp_debug_neighbor_events(peer))
1363 zlog_debug(
1364 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1365 peer->host, opt_type,
1366 opt_type == BGP_OPEN_OPT_CAP ? "Capability"
1367 : "Unknown",
1368 opt_length);
1369
1370 switch (opt_type) {
1371 case BGP_OPEN_OPT_CAP:
1372 ret = bgp_capability_parse(peer, opt_length,
1373 mp_capability, &error);
1374 break;
1375 default:
1376 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1377 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1378 ret = -1;
1379 break;
1380 }
1381
1382 /* Parse error. To accumulate all unsupported capability codes,
1383 bgp_capability_parse does not return -1 when encounter
1384 unsupported capability code. To detect that, please check
1385 error and erro_data pointer, like below. */
1386 if (ret < 0)
1387 return -1;
1388 }
1389
1390 /* All OPEN option is parsed. Check capability when strict compare
1391 flag is enabled.*/
1392 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1393 /* If Unsupported Capability exists. */
1394 if (error != error_data) {
1395 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1396 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1397 error_data,
1398 error - error_data);
1399 return -1;
1400 }
1401
1402 /* Check local capability does not negotiated with remote
1403 peer. */
1404 if (!strict_capability_same(peer)) {
1405 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1406 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1407 return -1;
1408 }
1409 }
1410
1411 /* Extended Message Support */
1412 peer->max_packet_size =
1413 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1414 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1415 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1416 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1417
1418 /* Check that roles are corresponding to each other */
1419 if (bgp_role_violation(peer))
1420 return -1;
1421
1422 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1423 error. */
1424 if (*mp_capability
1425 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1426 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1427 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1428 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1429 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1430 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1431 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1432 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1433 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1434 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1435 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1436 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1437 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1438 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1439 flog_err(EC_BGP_PKT_OPEN,
1440 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1441 peer->host);
1442
1443 if (error != error_data)
1444 bgp_notify_send_with_data(
1445 peer, BGP_NOTIFY_OPEN_ERR,
1446 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1447 error - error_data);
1448 else
1449 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1450 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1451 return -1;
1452 }
1453 }
1454 return 0;
1455 }
1456
1457 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1458 afi_t afi, safi_t safi, uint8_t code,
1459 bool ext_opt_params)
1460 {
1461 uint16_t cap_len;
1462 uint8_t orf_len;
1463 unsigned long capp;
1464 unsigned long orfp;
1465 unsigned long numberp;
1466 int number_of_orfs = 0;
1467 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1468 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1469
1470 /* Convert AFI, SAFI to values for packet. */
1471 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1472
1473 stream_putc(s, BGP_OPEN_OPT_CAP);
1474 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1475 ext_opt_params ? stream_putw(s, 0)
1476 : stream_putc(s, 0); /* Capability Length */
1477 stream_putc(s, code); /* Capability Code */
1478 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1479 stream_putc(s, 0); /* ORF Length */
1480 stream_putw(s, pkt_afi);
1481 stream_putc(s, 0);
1482 stream_putc(s, pkt_safi);
1483 numberp = stream_get_endp(s); /* Set Number Pointer */
1484 stream_putc(s, 0); /* Number of ORFs */
1485
1486 /* Address Prefix ORF */
1487 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1488 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1489 stream_putc(s, (code == CAPABILITY_CODE_ORF
1490 ? ORF_TYPE_PREFIX
1491 : ORF_TYPE_PREFIX_OLD));
1492
1493 if (CHECK_FLAG(peer->af_flags[afi][safi],
1494 PEER_FLAG_ORF_PREFIX_SM)
1495 && CHECK_FLAG(peer->af_flags[afi][safi],
1496 PEER_FLAG_ORF_PREFIX_RM)) {
1497 SET_FLAG(peer->af_cap[afi][safi],
1498 PEER_CAP_ORF_PREFIX_SM_ADV);
1499 SET_FLAG(peer->af_cap[afi][safi],
1500 PEER_CAP_ORF_PREFIX_RM_ADV);
1501 stream_putc(s, ORF_MODE_BOTH);
1502 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1503 PEER_FLAG_ORF_PREFIX_SM)) {
1504 SET_FLAG(peer->af_cap[afi][safi],
1505 PEER_CAP_ORF_PREFIX_SM_ADV);
1506 stream_putc(s, ORF_MODE_SEND);
1507 } else {
1508 SET_FLAG(peer->af_cap[afi][safi],
1509 PEER_CAP_ORF_PREFIX_RM_ADV);
1510 stream_putc(s, ORF_MODE_RECEIVE);
1511 }
1512 number_of_orfs++;
1513 }
1514
1515 /* Total Number of ORFs. */
1516 stream_putc_at(s, numberp, number_of_orfs);
1517
1518 /* Total ORF Len. */
1519 orf_len = stream_get_endp(s) - orfp - 1;
1520 stream_putc_at(s, orfp, orf_len);
1521
1522 /* Total Capability Len. */
1523 cap_len = stream_get_endp(s) - capp - 1;
1524 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1525 : stream_putc_at(s, capp, cap_len);
1526 }
1527
1528 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1529 bool ext_opt_params)
1530 {
1531 int len;
1532 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1533 afi_t afi;
1534 safi_t safi;
1535 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1536 uint32_t restart_time;
1537 unsigned long capp = 0;
1538 unsigned long rcapp = 0;
1539
1540 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1541 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1542 return;
1543
1544 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1545 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1546 peer->host);
1547
1548 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1549 stream_putc(s, BGP_OPEN_OPT_CAP);
1550 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1551 ext_opt_params ? stream_putw(s, 0)
1552 : stream_putc(s, 0); /* Capability Length */
1553 stream_putc(s, CAPABILITY_CODE_RESTART);
1554 /* Set Restart Capability Len Pointer */
1555 rcapp = stream_get_endp(s);
1556 stream_putc(s, 0);
1557 restart_time = peer->bgp->restart_time;
1558 if (peer->bgp->t_startup) {
1559 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1560 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1561 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1562 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1563 peer->host);
1564 }
1565
1566 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1567 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1568 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1569 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1570 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1571 peer->host);
1572 }
1573
1574 stream_putw(s, restart_time);
1575
1576 /* Send address-family specific graceful-restart capability
1577 * only when GR config is present
1578 */
1579 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1580 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1581 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1582 zlog_debug("[BGP_GR] F bit Set");
1583
1584 FOREACH_AFI_SAFI (afi, safi) {
1585 if (!peer->afc[afi][safi])
1586 continue;
1587
1588 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1589 zlog_debug(
1590 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1591 afi, safi);
1592
1593 /* Convert AFI, SAFI to values for
1594 * packet.
1595 */
1596 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1597 &pkt_safi);
1598 stream_putw(s, pkt_afi);
1599 stream_putc(s, pkt_safi);
1600 if (CHECK_FLAG(peer->bgp->flags,
1601 BGP_FLAG_GR_PRESERVE_FWD))
1602 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1603 else
1604 stream_putc(s, 0);
1605 }
1606 }
1607
1608 /* Total Graceful restart capability Len. */
1609 len = stream_get_endp(s) - rcapp - 1;
1610 stream_putc_at(s, rcapp, len);
1611
1612 /* Total Capability Len. */
1613 len = stream_get_endp(s) - capp - 1;
1614 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1615 : stream_putc_at(s, capp, len);
1616 }
1617
1618 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1619 bool ext_opt_params)
1620 {
1621 int len;
1622 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1623 afi_t afi;
1624 safi_t safi;
1625 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1626 unsigned long capp = 0;
1627 unsigned long rcapp = 0;
1628
1629 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1630 return;
1631
1632 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1633
1634 stream_putc(s, BGP_OPEN_OPT_CAP);
1635 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1636 ext_opt_params ? stream_putw(s, 0)
1637 : stream_putc(s, 0); /* Capability Length */
1638 stream_putc(s, CAPABILITY_CODE_LLGR);
1639
1640 rcapp = stream_get_endp(s);
1641 stream_putc(s, 0);
1642
1643 FOREACH_AFI_SAFI (afi, safi) {
1644 if (!peer->afc[afi][safi])
1645 continue;
1646
1647 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1648
1649 stream_putw(s, pkt_afi);
1650 stream_putc(s, pkt_safi);
1651 stream_putc(s, LLGR_F_BIT);
1652 stream_put3(s, peer->bgp->llgr_stale_time);
1653
1654 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1655 }
1656
1657 /* Total Long-lived Graceful Restart capability Len. */
1658 len = stream_get_endp(s) - rcapp - 1;
1659 stream_putc_at(s, rcapp, len);
1660
1661 /* Total Capability Len. */
1662 len = stream_get_endp(s) - capp - 1;
1663 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1664 : stream_putc_at(s, capp, len);
1665 }
1666
1667 /* Fill in capability open option to the packet. */
1668 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1669 bool ext_opt_params)
1670 {
1671 uint16_t len;
1672 unsigned long cp, capp, rcapp, eopl = 0;
1673 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1674 afi_t afi;
1675 safi_t safi;
1676 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1677 as_t local_as;
1678 uint8_t afi_safi_count = 0;
1679 bool adv_addpath_tx = false;
1680
1681 /* Non-Ext OP Len. */
1682 cp = stream_get_endp(s);
1683 stream_putc(s, 0);
1684
1685 if (ext_opt_params) {
1686 /* Non-Ext OP Len. */
1687 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1688
1689 /* Non-Ext OP Type */
1690 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1691
1692 /* Extended Opt. Parm. Length */
1693 eopl = stream_get_endp(s);
1694 stream_putw(s, 0);
1695 }
1696
1697 /* Do not send capability. */
1698 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1699 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1700 return 0;
1701
1702 /* MP capability for configured AFI, SAFI */
1703 FOREACH_AFI_SAFI (afi, safi) {
1704 if (peer->afc[afi][safi]) {
1705 /* Convert AFI, SAFI to values for packet. */
1706 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1707 &pkt_safi);
1708
1709 peer->afc_adv[afi][safi] = 1;
1710 stream_putc(s, BGP_OPEN_OPT_CAP);
1711 ext_opt_params
1712 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1713 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1714 stream_putc(s, CAPABILITY_CODE_MP);
1715 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1716 stream_putw(s, pkt_afi);
1717 stream_putc(s, 0);
1718 stream_putc(s, pkt_safi);
1719
1720 /* Extended nexthop capability - currently
1721 * supporting RFC-5549 for
1722 * Link-Local peering only
1723 */
1724 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1725 && peer->su.sa.sa_family == AF_INET6
1726 && afi == AFI_IP
1727 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1728 || safi == SAFI_LABELED_UNICAST)) {
1729 /* RFC 5549 Extended Next Hop Encoding
1730 */
1731 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1732 stream_putc(s, BGP_OPEN_OPT_CAP);
1733 ext_opt_params
1734 ? stream_putw(s,
1735 CAPABILITY_CODE_ENHE_LEN
1736 + 2)
1737 : stream_putc(s,
1738 CAPABILITY_CODE_ENHE_LEN
1739 + 2);
1740 stream_putc(s, CAPABILITY_CODE_ENHE);
1741 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1742
1743 SET_FLAG(peer->af_cap[AFI_IP][safi],
1744 PEER_CAP_ENHE_AF_ADV);
1745 stream_putw(s, pkt_afi);
1746 stream_putw(s, pkt_safi);
1747 stream_putw(s, afi_int2iana(AFI_IP6));
1748
1749 if (CHECK_FLAG(peer->af_cap[afi][safi],
1750 PEER_CAP_ENHE_AF_RCV))
1751 SET_FLAG(peer->af_cap[afi][safi],
1752 PEER_CAP_ENHE_AF_NEGO);
1753 }
1754 }
1755 }
1756
1757 /* Route refresh. */
1758 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1759 stream_putc(s, BGP_OPEN_OPT_CAP);
1760 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1761 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1762 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1763 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1764 stream_putc(s, BGP_OPEN_OPT_CAP);
1765 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1766 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1767 stream_putc(s, CAPABILITY_CODE_REFRESH);
1768 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1769
1770 /* Enhanced Route Refresh. */
1771 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1772 stream_putc(s, BGP_OPEN_OPT_CAP);
1773 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1774 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1775 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1776 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1777
1778 /* AS4 */
1779 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1780 stream_putc(s, BGP_OPEN_OPT_CAP);
1781 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1782 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1783 stream_putc(s, CAPABILITY_CODE_AS4);
1784 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1785 if (peer->change_local_as)
1786 local_as = peer->change_local_as;
1787 else
1788 local_as = peer->local_as;
1789 stream_putl(s, local_as);
1790
1791 /* Extended Message Support */
1792 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1793 stream_putc(s, BGP_OPEN_OPT_CAP);
1794 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1795 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1796 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1797 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1798
1799 /* Role*/
1800 if (peer->local_role != ROLE_UNDEFINED) {
1801 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1802 stream_putc(s, BGP_OPEN_OPT_CAP);
1803 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1804 stream_putc(s, CAPABILITY_CODE_ROLE);
1805 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1806 stream_putc(s, peer->local_role);
1807 }
1808
1809 /* AddPath */
1810 FOREACH_AFI_SAFI (afi, safi) {
1811 if (peer->afc[afi][safi]) {
1812 afi_safi_count++;
1813
1814 /* Only advertise addpath TX if a feature that
1815 * will use it is
1816 * configured */
1817 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1818 adv_addpath_tx = true;
1819
1820 /* If we have enabled labeled unicast, we MUST check
1821 * against unicast SAFI because addpath IDs are
1822 * allocated under unicast SAFI, the same as the RIB
1823 * is managed in unicast SAFI.
1824 */
1825 if (safi == SAFI_LABELED_UNICAST)
1826 if (peer->addpath_type[afi][SAFI_UNICAST] !=
1827 BGP_ADDPATH_NONE)
1828 adv_addpath_tx = true;
1829 }
1830 }
1831
1832 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1833 stream_putc(s, BGP_OPEN_OPT_CAP);
1834 ext_opt_params
1835 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1836 + 2)
1837 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1838 + 2);
1839 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1840 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1841
1842 FOREACH_AFI_SAFI (afi, safi) {
1843 if (peer->afc[afi][safi]) {
1844 bool adv_addpath_rx =
1845 !CHECK_FLAG(peer->af_flags[afi][safi],
1846 PEER_FLAG_DISABLE_ADDPATH_RX);
1847 uint8_t flags = 0;
1848
1849 /* Convert AFI, SAFI to values for packet. */
1850 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1851 &pkt_safi);
1852
1853 stream_putw(s, pkt_afi);
1854 stream_putc(s, pkt_safi);
1855
1856 if (adv_addpath_rx) {
1857 SET_FLAG(flags, BGP_ADDPATH_RX);
1858 SET_FLAG(peer->af_cap[afi][safi],
1859 PEER_CAP_ADDPATH_AF_RX_ADV);
1860 } else {
1861 UNSET_FLAG(peer->af_cap[afi][safi],
1862 PEER_CAP_ADDPATH_AF_RX_ADV);
1863 }
1864
1865 if (adv_addpath_tx) {
1866 SET_FLAG(flags, BGP_ADDPATH_TX);
1867 SET_FLAG(peer->af_cap[afi][safi],
1868 PEER_CAP_ADDPATH_AF_TX_ADV);
1869 if (safi == SAFI_LABELED_UNICAST)
1870 SET_FLAG(
1871 peer->af_cap[afi][SAFI_UNICAST],
1872 PEER_CAP_ADDPATH_AF_TX_ADV);
1873 } else {
1874 UNSET_FLAG(peer->af_cap[afi][safi],
1875 PEER_CAP_ADDPATH_AF_TX_ADV);
1876 }
1877
1878 stream_putc(s, flags);
1879 }
1880 }
1881
1882 /* ORF capability. */
1883 FOREACH_AFI_SAFI (afi, safi) {
1884 if (CHECK_FLAG(peer->af_flags[afi][safi],
1885 PEER_FLAG_ORF_PREFIX_SM)
1886 || CHECK_FLAG(peer->af_flags[afi][safi],
1887 PEER_FLAG_ORF_PREFIX_RM)) {
1888 bgp_open_capability_orf(s, peer, afi, safi,
1889 CAPABILITY_CODE_ORF_OLD,
1890 ext_opt_params);
1891 bgp_open_capability_orf(s, peer, afi, safi,
1892 CAPABILITY_CODE_ORF,
1893 ext_opt_params);
1894 }
1895 }
1896
1897 /* Dynamic capability. */
1898 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1899 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1900 stream_putc(s, BGP_OPEN_OPT_CAP);
1901 ext_opt_params
1902 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1903 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1904 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1905 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1906 stream_putc(s, BGP_OPEN_OPT_CAP);
1907 ext_opt_params
1908 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1909 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1910 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1911 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1912 }
1913
1914 /* Hostname capability */
1915 if (cmd_hostname_get()) {
1916 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1917 stream_putc(s, BGP_OPEN_OPT_CAP);
1918 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1919 ext_opt_params ? stream_putw(s, 0)
1920 : stream_putc(s, 0); /* Capability Length */
1921 stream_putc(s, CAPABILITY_CODE_FQDN);
1922 capp = stream_get_endp(s);
1923 stream_putc(s, 0); /* dummy len for now */
1924 len = strlen(cmd_hostname_get());
1925 if (len > BGP_MAX_HOSTNAME)
1926 len = BGP_MAX_HOSTNAME;
1927
1928 stream_putc(s, len);
1929 stream_put(s, cmd_hostname_get(), len);
1930 if (cmd_domainname_get()) {
1931 len = strlen(cmd_domainname_get());
1932 if (len > BGP_MAX_HOSTNAME)
1933 len = BGP_MAX_HOSTNAME;
1934
1935 stream_putc(s, len);
1936 stream_put(s, cmd_domainname_get(), len);
1937 } else
1938 stream_putc(s, 0); /* 0 length */
1939
1940 /* Set the lengths straight */
1941 len = stream_get_endp(s) - rcapp - 1;
1942 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1943 : stream_putc_at(s, rcapp, len);
1944
1945 len = stream_get_endp(s) - capp - 1;
1946 stream_putc_at(s, capp, len);
1947
1948 if (bgp_debug_neighbor_events(peer))
1949 zlog_debug(
1950 "%s Sending hostname cap with hn = %s, dn = %s",
1951 peer->host, cmd_hostname_get(),
1952 cmd_domainname_get());
1953 }
1954
1955 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1956 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1957
1958 /* Software Version capability
1959 * An implementation is REQUIRED Extended Optional Parameters
1960 * Length for BGP OPEN Message support as defined in [RFC9072].
1961 * The inclusion of the Software Version Capability is OPTIONAL.
1962 * If an implementation supports the inclusion of the capability,
1963 * the implementation MUST include a configuration switch to enable
1964 * or disable its use, and that switch MUST be off by default.
1965 */
1966 if (peergroup_flag_check(peer, PEER_FLAG_CAPABILITY_SOFT_VERSION) ||
1967 peer->sort == BGP_PEER_IBGP) {
1968 SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_ADV);
1969 stream_putc(s, BGP_OPEN_OPT_CAP);
1970 rcapp = stream_get_endp(s);
1971 ext_opt_params ? stream_putw(s, 0)
1972 : stream_putc(s, 0); /* Capability Length */
1973 stream_putc(s, CAPABILITY_CODE_SOFT_VERSION);
1974 capp = stream_get_endp(s);
1975 stream_putc(s, 0); /* dummy placeholder len */
1976
1977 /* The Capability Length SHOULD be no greater than 64.
1978 * This is the limit to allow other capabilities as much
1979 * space as they require.
1980 */
1981 len = strlen(cmd_software_version_get());
1982 if (len > BGP_MAX_SOFT_VERSION)
1983 len = BGP_MAX_SOFT_VERSION;
1984
1985 stream_putc(s, len);
1986 stream_put(s, cmd_software_version_get(), len);
1987
1988 /* Software Version capability Len. */
1989 len = stream_get_endp(s) - rcapp - 1;
1990 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1991 : stream_putc_at(s, rcapp, len);
1992
1993 /* Total Capability Len. */
1994 len = stream_get_endp(s) - capp - 1;
1995 stream_putc_at(s, capp, len);
1996
1997 if (bgp_debug_neighbor_events(peer))
1998 zlog_debug("%s Sending Software Version cap, value: %s",
1999 peer->host, cmd_software_version_get());
2000 }
2001
2002 /* Total Opt Parm Len. */
2003 len = stream_get_endp(s) - cp - 1;
2004
2005 if (ext_opt_params) {
2006 len = stream_get_endp(s) - eopl - 2;
2007 stream_putw_at(s, eopl, len);
2008 } else {
2009 stream_putc_at(s, cp, len);
2010 }
2011
2012 return len;
2013 }
FRRouting mirror