]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: Adding BGP GR Global & Per Neighbour FSM changes
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
46 negotiate remote peer supports extentions or not. But if
47 remote-peer doesn't supports negotiation process itself. We would
48 like to do manual configuration.
49
50 So there is many configurable point. First of all we want set each
51 peer whether we send capability negotiation to the peer or not.
52 Next, if we send capability to the peer we want to set my capability
53 inforation at each peer. */
54
55 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
56 json_object *json_neigh)
57 {
58 char *pnt;
59 char *end;
60 struct capability_mp_data mpc;
61 struct capability_header *hdr;
62 json_object *json_cap = NULL;
63
64 if (use_json)
65 json_cap = json_object_new_object();
66
67 pnt = peer->notify.data;
68 end = pnt + peer->notify.length;
69
70 while (pnt < end) {
71 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
72 return;
73
74 hdr = (struct capability_header *)pnt;
75 if (pnt + hdr->length + 2 > end)
76 return;
77
78 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
79
80 if (hdr->code == CAPABILITY_CODE_MP) {
81 afi_t afi;
82 safi_t safi;
83
84 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
85 mpc.safi, &afi, &safi);
86
87 if (use_json) {
88 switch (afi) {
89 case AFI_IP:
90 json_object_string_add(
91 json_cap,
92 "capabilityErrorMultiProtocolAfi",
93 "IPv4");
94 break;
95 case AFI_IP6:
96 json_object_string_add(
97 json_cap,
98 "capabilityErrorMultiProtocolAfi",
99 "IPv6");
100 break;
101 case AFI_L2VPN:
102 json_object_string_add(
103 json_cap,
104 "capabilityErrorMultiProtocolAfi",
105 "L2VPN");
106 break;
107 default:
108 json_object_int_add(
109 json_cap,
110 "capabilityErrorMultiProtocolAfiUnknown",
111 ntohs(mpc.afi));
112 break;
113 }
114 switch (safi) {
115 case SAFI_UNICAST:
116 json_object_string_add(
117 json_cap,
118 "capabilityErrorMultiProtocolSafi",
119 "unicast");
120 break;
121 case SAFI_MULTICAST:
122 json_object_string_add(
123 json_cap,
124 "capabilityErrorMultiProtocolSafi",
125 "multicast");
126 break;
127 case SAFI_LABELED_UNICAST:
128 json_object_string_add(
129 json_cap,
130 "capabilityErrorMultiProtocolSafi",
131 "labeled-unicast");
132 break;
133 case SAFI_MPLS_VPN:
134 json_object_string_add(
135 json_cap,
136 "capabilityErrorMultiProtocolSafi",
137 "MPLS-labeled VPN");
138 break;
139 case SAFI_ENCAP:
140 json_object_string_add(
141 json_cap,
142 "capabilityErrorMultiProtocolSafi",
143 "encap");
144 break;
145 case SAFI_EVPN:
146 json_object_string_add(
147 json_cap,
148 "capabilityErrorMultiProtocolSafi",
149 "EVPN");
150 break;
151 case SAFI_FLOWSPEC:
152 json_object_string_add(
153 json_cap,
154 "capabilityErrorMultiProtocolSafi",
155 "flowspec");
156 break;
157 default:
158 json_object_int_add(
159 json_cap,
160 "capabilityErrorMultiProtocolSafiUnknown",
161 mpc.safi);
162 break;
163 }
164 } else {
165 vty_out(vty,
166 " Capability error for: Multi protocol ");
167 switch (afi) {
168 case AFI_IP:
169 vty_out(vty, "AFI IPv4, ");
170 break;
171 case AFI_IP6:
172 vty_out(vty, "AFI IPv6, ");
173 break;
174 case AFI_L2VPN:
175 vty_out(vty, "AFI L2VPN, ");
176 break;
177 default:
178 vty_out(vty, "AFI Unknown %d, ",
179 ntohs(mpc.afi));
180 break;
181 }
182 switch (safi) {
183 case SAFI_UNICAST:
184 vty_out(vty, "SAFI Unicast");
185 break;
186 case SAFI_MULTICAST:
187 vty_out(vty, "SAFI Multicast");
188 break;
189 case SAFI_LABELED_UNICAST:
190 vty_out(vty, "SAFI Labeled-unicast");
191 break;
192 case SAFI_MPLS_VPN:
193 vty_out(vty, "SAFI MPLS-labeled VPN");
194 break;
195 case SAFI_ENCAP:
196 vty_out(vty, "SAFI ENCAP");
197 break;
198 case SAFI_FLOWSPEC:
199 vty_out(vty, "SAFI FLOWSPEC");
200 break;
201 case SAFI_EVPN:
202 vty_out(vty, "SAFI EVPN");
203 break;
204 default:
205 vty_out(vty, "SAFI Unknown %d ",
206 mpc.safi);
207 break;
208 }
209 vty_out(vty, "\n");
210 }
211 } else if (hdr->code >= 128) {
212 if (use_json)
213 json_object_int_add(
214 json_cap,
215 "capabilityErrorVendorSpecificCapabilityCode",
216 hdr->code);
217 else
218 vty_out(vty,
219 " Capability error: vendor specific capability code %d",
220 hdr->code);
221 } else {
222 if (use_json)
223 json_object_int_add(
224 json_cap,
225 "capabilityErrorUnknownCapabilityCode",
226 hdr->code);
227 else
228 vty_out(vty,
229 " Capability error: unknown capability code %d",
230 hdr->code);
231 }
232 pnt += hdr->length + 2;
233 }
234 if (use_json)
235 json_object_object_add(json_neigh, "capabilityErrors",
236 json_cap);
237 }
238
239 static void bgp_capability_mp_data(struct stream *s,
240 struct capability_mp_data *mpc)
241 {
242 mpc->afi = stream_getw(s);
243 mpc->reserved = stream_getc(s);
244 mpc->safi = stream_getc(s);
245 }
246
247 /* Set negotiated capability value. */
248 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
249 {
250 struct capability_mp_data mpc;
251 struct stream *s = BGP_INPUT(peer);
252 afi_t afi;
253 safi_t safi;
254
255 /* Verify length is 4 */
256 if (hdr->length != 4) {
257 flog_warn(
258 EC_BGP_CAPABILITY_INVALID_LENGTH,
259 "MP Cap: Received invalid length %d, non-multiple of 4",
260 hdr->length);
261 return -1;
262 }
263
264 bgp_capability_mp_data(s, &mpc);
265
266 if (bgp_debug_neighbor_events(peer))
267 zlog_debug("%s OPEN has MP_EXT CAP for afi/safi: %s/%s",
268 peer->host, iana_afi2str(mpc.afi),
269 iana_safi2str(mpc.safi));
270
271 /* Convert AFI, SAFI to internal values, check. */
272 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
273 return -1;
274
275 /* Now safi remapped, and afi/safi are valid array indices */
276 peer->afc_recv[afi][safi] = 1;
277
278 if (peer->afc[afi][safi])
279 peer->afc_nego[afi][safi] = 1;
280 else
281 return -1;
282
283 return 0;
284 }
285
286 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
287 iana_safi_t safi, uint8_t type,
288 uint8_t mode)
289 {
290 if (bgp_debug_neighbor_events(peer))
291 zlog_debug(
292 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
293 peer->host, afi, safi, type, mode);
294 }
295
296 static const struct message orf_type_str[] = {
297 {ORF_TYPE_PREFIX, "Prefixlist"},
298 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
299 {0}};
300
301 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
302 {ORF_MODE_SEND, "Send"},
303 {ORF_MODE_BOTH, "Both"},
304 {0}};
305
306 static int bgp_capability_orf_entry(struct peer *peer,
307 struct capability_header *hdr)
308 {
309 struct stream *s = BGP_INPUT(peer);
310 struct capability_mp_data mpc;
311 uint8_t num;
312 iana_afi_t pkt_afi;
313 afi_t afi;
314 iana_safi_t pkt_safi;
315 safi_t safi;
316 uint8_t type;
317 uint8_t mode;
318 uint16_t sm_cap = 0; /* capability send-mode receive */
319 uint16_t rm_cap = 0; /* capability receive-mode receive */
320 int i;
321
322 /* ORF Entry header */
323 bgp_capability_mp_data(s, &mpc);
324 num = stream_getc(s);
325 pkt_afi = mpc.afi;
326 pkt_safi = mpc.safi;
327
328 if (bgp_debug_neighbor_events(peer))
329 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
330 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
331
332 /* Convert AFI, SAFI to internal values, check. */
333 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
334 zlog_info(
335 "%s Addr-family %d/%d not supported."
336 " Ignoring the ORF capability",
337 peer->host, pkt_afi, pkt_safi);
338 return 0;
339 }
340
341 mpc.afi = pkt_afi;
342 mpc.safi = safi;
343
344 /* validate number field */
345 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
346 zlog_info(
347 "%s ORF Capability entry length error,"
348 " Cap length %u, num %u",
349 peer->host, hdr->length, num);
350 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
351 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
352 return -1;
353 }
354
355 for (i = 0; i < num; i++) {
356 type = stream_getc(s);
357 mode = stream_getc(s);
358
359 /* ORF Mode error check */
360 switch (mode) {
361 case ORF_MODE_BOTH:
362 case ORF_MODE_SEND:
363 case ORF_MODE_RECEIVE:
364 break;
365 default:
366 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
367 type, mode);
368 continue;
369 }
370 /* ORF Type and afi/safi error checks */
371 /* capcode versus type */
372 switch (hdr->code) {
373 case CAPABILITY_CODE_ORF:
374 switch (type) {
375 case ORF_TYPE_PREFIX:
376 break;
377 default:
378 bgp_capability_orf_not_support(
379 peer, pkt_afi, pkt_safi, type, mode);
380 continue;
381 }
382 break;
383 case CAPABILITY_CODE_ORF_OLD:
384 switch (type) {
385 case ORF_TYPE_PREFIX_OLD:
386 break;
387 default:
388 bgp_capability_orf_not_support(
389 peer, pkt_afi, pkt_safi, type, mode);
390 continue;
391 }
392 break;
393 default:
394 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
395 type, mode);
396 continue;
397 }
398
399 /* AFI vs SAFI */
400 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
401 || (afi == AFI_IP && safi == SAFI_MULTICAST)
402 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
403 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
404 type, mode);
405 continue;
406 }
407
408 if (bgp_debug_neighbor_events(peer))
409 zlog_debug(
410 "%s OPEN has %s ORF capability"
411 " as %s for afi/safi: %s/%s",
412 peer->host,
413 lookup_msg(orf_type_str, type, NULL),
414 lookup_msg(orf_mode_str, mode, NULL),
415 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
416
417 if (hdr->code == CAPABILITY_CODE_ORF) {
418 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
419 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
420 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
421 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
422 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
423 } else {
424 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
425 type, mode);
426 continue;
427 }
428
429 switch (mode) {
430 case ORF_MODE_BOTH:
431 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
432 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
433 break;
434 case ORF_MODE_SEND:
435 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
436 break;
437 case ORF_MODE_RECEIVE:
438 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
439 break;
440 }
441 }
442 return 0;
443 }
444
445 static int bgp_capability_restart(struct peer *peer,
446 struct capability_header *caphdr)
447 {
448 struct stream *s = BGP_INPUT(peer);
449 uint16_t restart_flag_time;
450 size_t end = stream_get_getp(s) + caphdr->length;
451
452 /* Verify length is a multiple of 4 */
453 if ((caphdr->length - 2) % 4) {
454 flog_warn(
455 EC_BGP_CAPABILITY_INVALID_LENGTH,
456 "Restart Cap: Received invalid length %d, non-multiple of 4",
457 caphdr->length);
458 return -1;
459 }
460
461 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
462 restart_flag_time = stream_getw(s);
463 if (CHECK_FLAG(restart_flag_time, RESTART_R_BIT))
464 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV);
465
466 UNSET_FLAG(restart_flag_time, 0xF000);
467 peer->v_gr_restart = restart_flag_time;
468
469 if (bgp_debug_neighbor_events(peer)) {
470 zlog_debug("%s OPEN has Graceful Restart capability",
471 peer->host);
472 zlog_debug("%s Peer has%srestarted. Restart Time : %d",
473 peer->host,
474 CHECK_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV)
475 ? " "
476 : " not ",
477 peer->v_gr_restart);
478 }
479
480 while (stream_get_getp(s) + 4 <= end) {
481 afi_t afi;
482 safi_t safi;
483 iana_afi_t pkt_afi = stream_getw(s);
484 iana_safi_t pkt_safi = stream_getc(s);
485 uint8_t flag = stream_getc(s);
486
487 /* Convert AFI, SAFI to internal values, check. */
488 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
489 if (bgp_debug_neighbor_events(peer))
490 zlog_debug(
491 "%s Addr-family %s/%s(afi/safi) not supported."
492 " Ignore the Graceful Restart capability for this AFI/SAFI",
493 peer->host, iana_afi2str(pkt_afi),
494 iana_safi2str(pkt_safi));
495 } else if (!peer->afc[afi][safi]) {
496 if (bgp_debug_neighbor_events(peer))
497 zlog_debug(
498 "%s Addr-family %s/%s(afi/safi) not enabled."
499 " Ignore the Graceful Restart capability",
500 peer->host, iana_afi2str(pkt_afi),
501 iana_safi2str(pkt_safi));
502 } else {
503 if (bgp_debug_neighbor_events(peer))
504 zlog_debug(
505 "%s Address family %s is%spreserved",
506 peer->host, get_afi_safi_str(afi, safi, false),
507 CHECK_FLAG(
508 peer->af_cap[afi][safi],
509 PEER_CAP_RESTART_AF_PRESERVE_RCV)
510 ? " "
511 : " not ");
512
513 SET_FLAG(peer->af_cap[afi][safi],
514 PEER_CAP_RESTART_AF_RCV);
515 if (CHECK_FLAG(flag, RESTART_F_BIT))
516 SET_FLAG(peer->af_cap[afi][safi],
517 PEER_CAP_RESTART_AF_PRESERVE_RCV);
518 }
519 }
520 return 0;
521 }
522
523 /* Unlike other capability parsing routines, this one returns 0 on error */
524 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
525 {
526 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
527
528 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
529 flog_err(EC_BGP_PKT_OPEN,
530 "%s AS4 capability has incorrect data length %d",
531 peer->host, hdr->length);
532 return 0;
533 }
534
535 as_t as4 = stream_getl(BGP_INPUT(peer));
536
537 if (BGP_DEBUG(as4, AS4))
538 zlog_debug(
539 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
540 peer->host, as4);
541 return as4;
542 }
543
544 static int bgp_capability_addpath(struct peer *peer,
545 struct capability_header *hdr)
546 {
547 struct stream *s = BGP_INPUT(peer);
548 size_t end = stream_get_getp(s) + hdr->length;
549
550 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
551
552 /* Verify length is a multiple of 4 */
553 if (hdr->length % 4) {
554 flog_warn(
555 EC_BGP_CAPABILITY_INVALID_LENGTH,
556 "Add Path: Received invalid length %d, non-multiple of 4",
557 hdr->length);
558 return -1;
559 }
560
561 while (stream_get_getp(s) + 4 <= end) {
562 afi_t afi;
563 safi_t safi;
564 iana_afi_t pkt_afi = stream_getw(s);
565 iana_safi_t pkt_safi = stream_getc(s);
566 uint8_t send_receive = stream_getc(s);
567
568 if (bgp_debug_neighbor_events(peer))
569 zlog_debug(
570 "%s OPEN has AddPath CAP for afi/safi: %s/%s%s%s",
571 peer->host, iana_afi2str(pkt_afi),
572 iana_safi2str(pkt_safi),
573 (send_receive & BGP_ADDPATH_RX) ? ", receive"
574 : "",
575 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
576 : "");
577
578 /* Convert AFI, SAFI to internal values, check. */
579 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
580 if (bgp_debug_neighbor_events(peer))
581 zlog_debug(
582 "%s Addr-family %s/%s(afi/safi) not supported."
583 " Ignore the Addpath Attribute for this AFI/SAFI",
584 peer->host, iana_afi2str(pkt_afi),
585 iana_safi2str(pkt_safi));
586 continue;
587 } else if (!peer->afc[afi][safi]) {
588 if (bgp_debug_neighbor_events(peer))
589 zlog_debug(
590 "%s Addr-family %s/%s(afi/safi) not enabled."
591 " Ignore the AddPath capability for this AFI/SAFI",
592 peer->host, iana_afi2str(pkt_afi),
593 iana_safi2str(pkt_safi));
594 continue;
595 }
596
597 if (send_receive & BGP_ADDPATH_RX)
598 SET_FLAG(peer->af_cap[afi][safi],
599 PEER_CAP_ADDPATH_AF_RX_RCV);
600
601 if (send_receive & BGP_ADDPATH_TX)
602 SET_FLAG(peer->af_cap[afi][safi],
603 PEER_CAP_ADDPATH_AF_TX_RCV);
604 }
605
606 return 0;
607 }
608
609 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
610 {
611 struct stream *s = BGP_INPUT(peer);
612 size_t end = stream_get_getp(s) + hdr->length;
613
614 /* Verify length is a multiple of 4 */
615 if (hdr->length % 6) {
616 flog_warn(
617 EC_BGP_CAPABILITY_INVALID_LENGTH,
618 "Extended NH: Received invalid length %d, non-multiple of 6",
619 hdr->length);
620 return -1;
621 }
622
623 while (stream_get_getp(s) + 6 <= end) {
624 iana_afi_t pkt_afi = stream_getw(s);
625 afi_t afi;
626 iana_safi_t pkt_safi = stream_getw(s);
627 safi_t safi;
628 iana_afi_t pkt_nh_afi = stream_getw(s);
629 afi_t nh_afi;
630
631 if (bgp_debug_neighbor_events(peer))
632 zlog_debug(
633 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
634 peer->host, iana_afi2str(pkt_afi),
635 iana_safi2str(pkt_safi), pkt_nh_afi);
636
637 /* Convert AFI, SAFI to internal values, check. */
638 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
639 if (bgp_debug_neighbor_events(peer))
640 zlog_debug(
641 "%s Addr-family %s/%s(afi/safi) not supported."
642 " Ignore the ENHE Attribute for this AFI/SAFI",
643 peer->host, iana_afi2str(pkt_afi),
644 iana_safi2str(pkt_safi));
645 continue;
646 }
647
648 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
649 * with
650 * the Nexthop AFI being IPv6. A future spec may introduce other
651 * possibilities, so we ignore other values with a log. Also,
652 * only
653 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
654 * (and expected).
655 */
656 nh_afi = afi_iana2int(pkt_nh_afi);
657
658 if (afi != AFI_IP || nh_afi != AFI_IP6
659 || !(safi == SAFI_UNICAST
660 || safi == SAFI_LABELED_UNICAST)) {
661 flog_warn(
662 EC_BGP_CAPABILITY_INVALID_DATA,
663 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u "
664 "in Extended Next-hop capability, ignoring",
665 peer->host, iana_afi2str(pkt_afi),
666 iana_safi2str(pkt_safi), pkt_nh_afi);
667 continue;
668 }
669
670 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
671
672 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
673 SET_FLAG(peer->af_cap[afi][safi],
674 PEER_CAP_ENHE_AF_NEGO);
675 }
676
677 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
678
679 return 0;
680 }
681
682 static int bgp_capability_hostname(struct peer *peer,
683 struct capability_header *hdr)
684 {
685 struct stream *s = BGP_INPUT(peer);
686 char str[BGP_MAX_HOSTNAME + 1];
687 size_t end = stream_get_getp(s) + hdr->length;
688 uint8_t len;
689
690 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
691
692 len = stream_getc(s);
693 if (stream_get_getp(s) + len > end) {
694 flog_warn(
695 EC_BGP_CAPABILITY_INVALID_DATA,
696 "%s: Received malformed hostname capability from peer %s",
697 __FUNCTION__, peer->host);
698 return -1;
699 }
700
701 if (len > BGP_MAX_HOSTNAME) {
702 stream_get(str, s, BGP_MAX_HOSTNAME);
703 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
704 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
705 } else if (len)
706 stream_get(str, s, len);
707
708 if (len) {
709 str[len] = '\0';
710
711 if (peer->hostname != NULL) {
712 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
713 peer->hostname = NULL;
714 }
715
716 if (peer->domainname != NULL) {
717 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
718 peer->domainname = NULL;
719 }
720
721 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
722 }
723
724 if (stream_get_getp(s) + 1 > end) {
725 flog_warn(
726 EC_BGP_CAPABILITY_INVALID_DATA,
727 "%s: Received invalid domain name len (hostname capability) from peer %s",
728 __FUNCTION__, peer->host);
729 return -1;
730 }
731
732 len = stream_getc(s);
733 if (stream_get_getp(s) + len > end) {
734 flog_warn(
735 EC_BGP_CAPABILITY_INVALID_DATA,
736 "%s: Received runt domain name (hostname capability) from peer %s",
737 __FUNCTION__, peer->host);
738 return -1;
739 }
740
741 if (len > BGP_MAX_HOSTNAME) {
742 stream_get(str, s, BGP_MAX_HOSTNAME);
743 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
744 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
745 } else if (len)
746 stream_get(str, s, len);
747
748 if (len) {
749 str[len] = '\0';
750
751 if (peer->domainname != NULL) {
752 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
753 peer->domainname = NULL;
754 }
755
756 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
757 }
758
759 if (bgp_debug_neighbor_events(peer)) {
760 zlog_debug("%s received hostname %s, domainname %s", peer->host,
761 peer->hostname, peer->domainname);
762 }
763
764 return 0;
765 }
766
767 static const struct message capcode_str[] = {
768 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
769 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
770 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
771 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
772 {CAPABILITY_CODE_AS4, "4-octet AS number"},
773 {CAPABILITY_CODE_ADDPATH, "AddPath"},
774 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
775 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
776 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
777 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
778 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
779 {CAPABILITY_CODE_FQDN, "FQDN"},
780 {0}};
781
782 /* Minimum sizes for length field of each cap (so not inc. the header) */
783 static const size_t cap_minsizes[] = {
784 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
785 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
786 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
787 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
788 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
789 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
790 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
791 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
792 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
793 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
794 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
795 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
796 };
797
798 /* value the capability must be a multiple of.
799 * 0-data capabilities won't be checked against this.
800 * Other capabilities whose data doesn't fall on convenient boundaries for this
801 * table should be set to 1.
802 */
803 static const size_t cap_modsizes[] = {
804 [CAPABILITY_CODE_MP] = 4,
805 [CAPABILITY_CODE_REFRESH] = 1,
806 [CAPABILITY_CODE_ORF] = 1,
807 [CAPABILITY_CODE_RESTART] = 1,
808 [CAPABILITY_CODE_AS4] = 4,
809 [CAPABILITY_CODE_ADDPATH] = 4,
810 [CAPABILITY_CODE_DYNAMIC] = 1,
811 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
812 [CAPABILITY_CODE_ENHE] = 6,
813 [CAPABILITY_CODE_REFRESH_OLD] = 1,
814 [CAPABILITY_CODE_ORF_OLD] = 1,
815 [CAPABILITY_CODE_FQDN] = 1,
816 };
817
818 /**
819 * Parse given capability.
820 * XXX: This is reading into a stream, but not using stream API
821 *
822 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
823 * capabilities were encountered.
824 */
825 static int bgp_capability_parse(struct peer *peer, size_t length,
826 int *mp_capability, uint8_t **error)
827 {
828 int ret;
829 struct stream *s = BGP_INPUT(peer);
830 size_t end = stream_get_getp(s) + length;
831
832 assert(STREAM_READABLE(s) >= length);
833
834 while (stream_get_getp(s) < end) {
835 size_t start;
836 uint8_t *sp = stream_pnt(s);
837 struct capability_header caphdr;
838
839 ret = 0;
840 /* We need at least capability code and capability length. */
841 if (stream_get_getp(s) + 2 > end) {
842 zlog_info("%s Capability length error (< header)",
843 peer->host);
844 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
845 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
846 return -1;
847 }
848
849 caphdr.code = stream_getc(s);
850 caphdr.length = stream_getc(s);
851 start = stream_get_getp(s);
852
853 /* Capability length check sanity check. */
854 if (start + caphdr.length > end) {
855 zlog_info("%s Capability length error (< length)",
856 peer->host);
857 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
858 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
859 return -1;
860 }
861
862 if (bgp_debug_neighbor_events(peer))
863 zlog_debug("%s OPEN has %s capability (%u), length %u",
864 peer->host,
865 lookup_msg(capcode_str, caphdr.code, NULL),
866 caphdr.code, caphdr.length);
867
868 /* Length sanity check, type-specific, for known capabilities */
869 switch (caphdr.code) {
870 case CAPABILITY_CODE_MP:
871 case CAPABILITY_CODE_REFRESH:
872 case CAPABILITY_CODE_REFRESH_OLD:
873 case CAPABILITY_CODE_ORF:
874 case CAPABILITY_CODE_ORF_OLD:
875 case CAPABILITY_CODE_RESTART:
876 case CAPABILITY_CODE_AS4:
877 case CAPABILITY_CODE_ADDPATH:
878 case CAPABILITY_CODE_DYNAMIC:
879 case CAPABILITY_CODE_DYNAMIC_OLD:
880 case CAPABILITY_CODE_ENHE:
881 case CAPABILITY_CODE_FQDN:
882 /* Check length. */
883 if (caphdr.length < cap_minsizes[caphdr.code]) {
884 zlog_info(
885 "%s %s Capability length error: got %u,"
886 " expected at least %u",
887 peer->host,
888 lookup_msg(capcode_str, caphdr.code,
889 NULL),
890 caphdr.length,
891 (unsigned)cap_minsizes[caphdr.code]);
892 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
893 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
894 return -1;
895 }
896 if (caphdr.length
897 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
898 zlog_info(
899 "%s %s Capability length error: got %u,"
900 " expected a multiple of %u",
901 peer->host,
902 lookup_msg(capcode_str, caphdr.code,
903 NULL),
904 caphdr.length,
905 (unsigned)cap_modsizes[caphdr.code]);
906 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
907 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
908 return -1;
909 }
910 /* we deliberately ignore unknown codes, see below */
911 default:
912 break;
913 }
914
915 switch (caphdr.code) {
916 case CAPABILITY_CODE_MP: {
917 *mp_capability = 1;
918
919 /* Ignore capability when override-capability is set. */
920 if (!CHECK_FLAG(peer->flags,
921 PEER_FLAG_OVERRIDE_CAPABILITY)) {
922 /* Set negotiated value. */
923 ret = bgp_capability_mp(peer, &caphdr);
924
925 /* Unsupported Capability. */
926 if (ret < 0) {
927 /* Store return data. */
928 memcpy(*error, sp, caphdr.length + 2);
929 *error += caphdr.length + 2;
930 }
931 ret = 0; /* Don't return error for this */
932 }
933 } break;
934 case CAPABILITY_CODE_REFRESH:
935 case CAPABILITY_CODE_REFRESH_OLD: {
936 /* BGP refresh capability */
937 if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
938 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
939 else
940 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
941 } break;
942 case CAPABILITY_CODE_ORF:
943 case CAPABILITY_CODE_ORF_OLD:
944 ret = bgp_capability_orf_entry(peer, &caphdr);
945 break;
946 case CAPABILITY_CODE_RESTART:
947 ret = bgp_capability_restart(peer, &caphdr);
948 break;
949 case CAPABILITY_CODE_DYNAMIC:
950 case CAPABILITY_CODE_DYNAMIC_OLD:
951 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
952 break;
953 case CAPABILITY_CODE_AS4:
954 /* Already handled as a special-case parsing of the
955 * capabilities
956 * at the beginning of OPEN processing. So we care not a
957 * jot
958 * for the value really, only error case.
959 */
960 if (!bgp_capability_as4(peer, &caphdr))
961 ret = -1;
962 break;
963 case CAPABILITY_CODE_ADDPATH:
964 ret = bgp_capability_addpath(peer, &caphdr);
965 break;
966 case CAPABILITY_CODE_ENHE:
967 ret = bgp_capability_enhe(peer, &caphdr);
968 break;
969 case CAPABILITY_CODE_FQDN:
970 ret = bgp_capability_hostname(peer, &caphdr);
971 break;
972 default:
973 if (caphdr.code > 128) {
974 /* We don't send Notification for unknown vendor
975 specific
976 capabilities. It seems reasonable for now...
977 */
978 flog_warn(EC_BGP_CAPABILITY_VENDOR,
979 "%s Vendor specific capability %d",
980 peer->host, caphdr.code);
981 } else {
982 flog_warn(
983 EC_BGP_CAPABILITY_UNKNOWN,
984 "%s unrecognized capability code: %d - ignored",
985 peer->host, caphdr.code);
986 memcpy(*error, sp, caphdr.length + 2);
987 *error += caphdr.length + 2;
988 }
989 }
990
991 if (ret < 0) {
992 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
993 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
994 return -1;
995 }
996 if (stream_get_getp(s) != (start + caphdr.length)) {
997 if (stream_get_getp(s) > (start + caphdr.length))
998 flog_warn(
999 EC_BGP_CAPABILITY_INVALID_LENGTH,
1000 "%s Cap-parser for %s read past cap-length, %u!",
1001 peer->host,
1002 lookup_msg(capcode_str, caphdr.code,
1003 NULL),
1004 caphdr.length);
1005 stream_set_getp(s, start + caphdr.length);
1006 }
1007 }
1008 return 0;
1009 }
1010
1011 static int bgp_auth_parse(struct peer *peer, size_t length)
1012 {
1013 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1014 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1015 return -1;
1016 }
1017
1018 static int strict_capability_same(struct peer *peer)
1019 {
1020 int i, j;
1021
1022 for (i = AFI_IP; i < AFI_MAX; i++)
1023 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1024 if (peer->afc[i][j] != peer->afc_nego[i][j])
1025 return 0;
1026 return 1;
1027 }
1028
1029 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1030 * Returns 0 if no as4 found, as4cap value otherwise.
1031 */
1032 as_t peek_for_as4_capability(struct peer *peer, uint8_t length)
1033 {
1034 struct stream *s = BGP_INPUT(peer);
1035 size_t orig_getp = stream_get_getp(s);
1036 size_t end = orig_getp + length;
1037 as_t as4 = 0;
1038
1039 if (BGP_DEBUG(as4, AS4))
1040 zlog_debug(
1041 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u,"
1042 " peeking for as4",
1043 peer->host, length);
1044 /* the error cases we DONT handle, we ONLY try to read as4 out of
1045 * correctly formatted options.
1046 */
1047 while (stream_get_getp(s) < end) {
1048 uint8_t opt_type;
1049 uint8_t opt_length;
1050
1051 /* Check the length. */
1052 if (stream_get_getp(s) + 2 > end)
1053 goto end;
1054
1055 /* Fetch option type and length. */
1056 opt_type = stream_getc(s);
1057 opt_length = stream_getc(s);
1058
1059 /* Option length check. */
1060 if (stream_get_getp(s) + opt_length > end)
1061 goto end;
1062
1063 if (opt_type == BGP_OPEN_OPT_CAP) {
1064 unsigned long capd_start = stream_get_getp(s);
1065 unsigned long capd_end = capd_start + opt_length;
1066
1067 assert(capd_end <= end);
1068
1069 while (stream_get_getp(s) < capd_end) {
1070 struct capability_header hdr;
1071
1072 if (stream_get_getp(s) + 2 > capd_end)
1073 goto end;
1074
1075 hdr.code = stream_getc(s);
1076 hdr.length = stream_getc(s);
1077
1078 if ((stream_get_getp(s) + hdr.length)
1079 > capd_end)
1080 goto end;
1081
1082 if (hdr.code == CAPABILITY_CODE_AS4) {
1083 if (BGP_DEBUG(as4, AS4))
1084 zlog_debug(
1085 "[AS4] found AS4 capability, about to parse");
1086 as4 = bgp_capability_as4(peer, &hdr);
1087
1088 goto end;
1089 }
1090 stream_forward_getp(s, hdr.length);
1091 }
1092 }
1093 }
1094
1095 end:
1096 stream_set_getp(s, orig_getp);
1097 return as4;
1098 }
1099
1100 /**
1101 * Parse open option.
1102 *
1103 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1104 */
1105 int bgp_open_option_parse(struct peer *peer, uint8_t length, int *mp_capability)
1106 {
1107 int ret = 0;
1108 uint8_t *error;
1109 uint8_t error_data[BGP_MAX_PACKET_SIZE];
1110 struct stream *s = BGP_INPUT(peer);
1111 size_t end = stream_get_getp(s) + length;
1112
1113 error = error_data;
1114
1115 if (bgp_debug_neighbor_events(peer))
1116 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1117 peer->host, length);
1118
1119 while (stream_get_getp(s) < end) {
1120 uint8_t opt_type;
1121 uint8_t opt_length;
1122
1123 /* Must have at least an OPEN option header */
1124 if (STREAM_READABLE(s) < 2) {
1125 zlog_info("%s Option length error", peer->host);
1126 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1127 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1128 return -1;
1129 }
1130
1131 /* Fetch option type and length. */
1132 opt_type = stream_getc(s);
1133 opt_length = stream_getc(s);
1134
1135 /* Option length check. */
1136 if (STREAM_READABLE(s) < opt_length) {
1137 zlog_info("%s Option length error", peer->host);
1138 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1139 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1140 return -1;
1141 }
1142
1143 if (bgp_debug_neighbor_events(peer))
1144 zlog_debug(
1145 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1146 peer->host, opt_type,
1147 opt_type == BGP_OPEN_OPT_AUTH
1148 ? "Authentication"
1149 : opt_type == BGP_OPEN_OPT_CAP
1150 ? "Capability"
1151 : "Unknown",
1152 opt_length);
1153
1154 switch (opt_type) {
1155 case BGP_OPEN_OPT_AUTH:
1156 ret = bgp_auth_parse(peer, opt_length);
1157 break;
1158 case BGP_OPEN_OPT_CAP:
1159 ret = bgp_capability_parse(peer, opt_length,
1160 mp_capability, &error);
1161 break;
1162 default:
1163 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1164 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1165 ret = -1;
1166 break;
1167 }
1168
1169 /* Parse error. To accumulate all unsupported capability codes,
1170 bgp_capability_parse does not return -1 when encounter
1171 unsupported capability code. To detect that, please check
1172 error and erro_data pointer, like below. */
1173 if (ret < 0)
1174 return -1;
1175 }
1176
1177 /* All OPEN option is parsed. Check capability when strict compare
1178 flag is enabled.*/
1179 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1180 /* If Unsupported Capability exists. */
1181 if (error != error_data) {
1182 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1183 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1184 error_data,
1185 error - error_data);
1186 return -1;
1187 }
1188
1189 /* Check local capability does not negotiated with remote
1190 peer. */
1191 if (!strict_capability_same(peer)) {
1192 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1193 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1194 return -1;
1195 }
1196 }
1197
1198 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1199 error. */
1200 if (*mp_capability
1201 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1202 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1203 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1204 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1205 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1206 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1207 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1208 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1209 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1210 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1211 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1212 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1213 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1214 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1215 flog_err(EC_BGP_PKT_OPEN,
1216 "%s [Error] Configured AFI/SAFIs do not "
1217 "overlap with received MP capabilities",
1218 peer->host);
1219
1220 if (error != error_data)
1221 bgp_notify_send_with_data(
1222 peer, BGP_NOTIFY_OPEN_ERR,
1223 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1224 error - error_data);
1225 else
1226 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1227 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1228 return -1;
1229 }
1230 }
1231 return 0;
1232 }
1233
1234 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1235 afi_t afi, safi_t safi, uint8_t code)
1236 {
1237 uint8_t cap_len;
1238 uint8_t orf_len;
1239 unsigned long capp;
1240 unsigned long orfp;
1241 unsigned long numberp;
1242 int number_of_orfs = 0;
1243 iana_afi_t pkt_afi;
1244 iana_safi_t pkt_safi;
1245
1246 /* Convert AFI, SAFI to values for packet. */
1247 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1248
1249 stream_putc(s, BGP_OPEN_OPT_CAP);
1250 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1251 stream_putc(s, 0); /* Capability Length */
1252 stream_putc(s, code); /* Capability Code */
1253 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1254 stream_putc(s, 0); /* ORF Length */
1255 stream_putw(s, pkt_afi);
1256 stream_putc(s, 0);
1257 stream_putc(s, pkt_safi);
1258 numberp = stream_get_endp(s); /* Set Number Pointer */
1259 stream_putc(s, 0); /* Number of ORFs */
1260
1261 /* Address Prefix ORF */
1262 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1263 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1264 stream_putc(s, (code == CAPABILITY_CODE_ORF
1265 ? ORF_TYPE_PREFIX
1266 : ORF_TYPE_PREFIX_OLD));
1267
1268 if (CHECK_FLAG(peer->af_flags[afi][safi],
1269 PEER_FLAG_ORF_PREFIX_SM)
1270 && CHECK_FLAG(peer->af_flags[afi][safi],
1271 PEER_FLAG_ORF_PREFIX_RM)) {
1272 SET_FLAG(peer->af_cap[afi][safi],
1273 PEER_CAP_ORF_PREFIX_SM_ADV);
1274 SET_FLAG(peer->af_cap[afi][safi],
1275 PEER_CAP_ORF_PREFIX_RM_ADV);
1276 stream_putc(s, ORF_MODE_BOTH);
1277 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1278 PEER_FLAG_ORF_PREFIX_SM)) {
1279 SET_FLAG(peer->af_cap[afi][safi],
1280 PEER_CAP_ORF_PREFIX_SM_ADV);
1281 stream_putc(s, ORF_MODE_SEND);
1282 } else {
1283 SET_FLAG(peer->af_cap[afi][safi],
1284 PEER_CAP_ORF_PREFIX_RM_ADV);
1285 stream_putc(s, ORF_MODE_RECEIVE);
1286 }
1287 number_of_orfs++;
1288 }
1289
1290 /* Total Number of ORFs. */
1291 stream_putc_at(s, numberp, number_of_orfs);
1292
1293 /* Total ORF Len. */
1294 orf_len = stream_get_endp(s) - orfp - 1;
1295 stream_putc_at(s, orfp, orf_len);
1296
1297 /* Total Capability Len. */
1298 cap_len = stream_get_endp(s) - capp - 1;
1299 stream_putc_at(s, capp, cap_len);
1300 }
1301
1302 /* Fill in capability open option to the packet. */
1303 void bgp_open_capability(struct stream *s, struct peer *peer)
1304 {
1305 uint8_t len;
1306 unsigned long cp, capp, rcapp;
1307 iana_afi_t pkt_afi;
1308 afi_t afi;
1309 safi_t safi;
1310 iana_safi_t pkt_safi;
1311 as_t local_as;
1312 uint32_t restart_time;
1313 uint8_t afi_safi_count = 0;
1314 int adv_addpath_tx = 0;
1315
1316 /* Remember current pointer for Opt Parm Len. */
1317 cp = stream_get_endp(s);
1318
1319 /* Opt Parm Len. */
1320 stream_putc(s, 0);
1321
1322 /* Do not send capability. */
1323 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1324 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1325 return;
1326
1327 /* MP capability for configured AFI, SAFI */
1328 FOREACH_AFI_SAFI (afi, safi) {
1329 if (peer->afc[afi][safi]) {
1330 /* Convert AFI, SAFI to values for packet. */
1331 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1332 &pkt_safi);
1333
1334 peer->afc_adv[afi][safi] = 1;
1335 stream_putc(s, BGP_OPEN_OPT_CAP);
1336 stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1337 stream_putc(s, CAPABILITY_CODE_MP);
1338 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1339 stream_putw(s, pkt_afi);
1340 stream_putc(s, 0);
1341 stream_putc(s, pkt_safi);
1342
1343 /* Extended nexthop capability - currently
1344 * supporting RFC-5549 for
1345 * Link-Local peering only
1346 */
1347 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1348 && peer->su.sa.sa_family == AF_INET6
1349 && afi == AFI_IP
1350 && (safi == SAFI_UNICAST
1351 || safi == SAFI_LABELED_UNICAST)) {
1352 /* RFC 5549 Extended Next Hop Encoding
1353 */
1354 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1355 stream_putc(s, BGP_OPEN_OPT_CAP);
1356 stream_putc(s, CAPABILITY_CODE_ENHE_LEN + 2);
1357 stream_putc(s, CAPABILITY_CODE_ENHE);
1358 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1359
1360 SET_FLAG(peer->af_cap[AFI_IP][safi],
1361 PEER_CAP_ENHE_AF_ADV);
1362 stream_putw(s, pkt_afi);
1363 stream_putw(s, pkt_safi);
1364 stream_putw(s, afi_int2iana(AFI_IP6));
1365
1366 if (CHECK_FLAG(peer->af_cap[afi][safi],
1367 PEER_CAP_ENHE_AF_RCV))
1368 SET_FLAG(peer->af_cap[afi][safi],
1369 PEER_CAP_ENHE_AF_NEGO);
1370 }
1371 }
1372 }
1373
1374 /* Route refresh. */
1375 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1376 stream_putc(s, BGP_OPEN_OPT_CAP);
1377 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1378 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1379 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1380 stream_putc(s, BGP_OPEN_OPT_CAP);
1381 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1382 stream_putc(s, CAPABILITY_CODE_REFRESH);
1383 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1384
1385 /* AS4 */
1386 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1387 stream_putc(s, BGP_OPEN_OPT_CAP);
1388 stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1389 stream_putc(s, CAPABILITY_CODE_AS4);
1390 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1391 if (peer->change_local_as)
1392 local_as = peer->change_local_as;
1393 else
1394 local_as = peer->local_as;
1395 stream_putl(s, local_as);
1396
1397 /* AddPath */
1398 FOREACH_AFI_SAFI (afi, safi) {
1399 if (peer->afc[afi][safi]) {
1400 afi_safi_count++;
1401
1402 /* Only advertise addpath TX if a feature that
1403 * will use it is
1404 * configured */
1405 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1406 adv_addpath_tx = 1;
1407 }
1408 }
1409
1410 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1411 stream_putc(s, BGP_OPEN_OPT_CAP);
1412 stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count) + 2);
1413 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1414 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1415
1416 FOREACH_AFI_SAFI (afi, safi) {
1417 if (peer->afc[afi][safi]) {
1418 /* Convert AFI, SAFI to values for packet. */
1419 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1420 &pkt_safi);
1421
1422 stream_putw(s, pkt_afi);
1423 stream_putc(s, pkt_safi);
1424
1425 if (adv_addpath_tx) {
1426 stream_putc(s, BGP_ADDPATH_RX | BGP_ADDPATH_TX);
1427 SET_FLAG(peer->af_cap[afi][safi],
1428 PEER_CAP_ADDPATH_AF_RX_ADV);
1429 SET_FLAG(peer->af_cap[afi][safi],
1430 PEER_CAP_ADDPATH_AF_TX_ADV);
1431 } else {
1432 stream_putc(s, BGP_ADDPATH_RX);
1433 SET_FLAG(peer->af_cap[afi][safi],
1434 PEER_CAP_ADDPATH_AF_RX_ADV);
1435 UNSET_FLAG(peer->af_cap[afi][safi],
1436 PEER_CAP_ADDPATH_AF_TX_ADV);
1437 }
1438 }
1439 }
1440
1441 /* ORF capability. */
1442 FOREACH_AFI_SAFI (afi, safi) {
1443 if (CHECK_FLAG(peer->af_flags[afi][safi],
1444 PEER_FLAG_ORF_PREFIX_SM)
1445 || CHECK_FLAG(peer->af_flags[afi][safi],
1446 PEER_FLAG_ORF_PREFIX_RM)) {
1447 bgp_open_capability_orf(s, peer, afi, safi,
1448 CAPABILITY_CODE_ORF_OLD);
1449 bgp_open_capability_orf(s, peer, afi, safi,
1450 CAPABILITY_CODE_ORF);
1451 }
1452 }
1453
1454 /* Dynamic capability. */
1455 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1456 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1457 stream_putc(s, BGP_OPEN_OPT_CAP);
1458 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1459 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1460 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1461 stream_putc(s, BGP_OPEN_OPT_CAP);
1462 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1463 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1464 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1465 }
1466
1467 /* Hostname capability */
1468 if (cmd_hostname_get()) {
1469 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1470 stream_putc(s, BGP_OPEN_OPT_CAP);
1471 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1472 stream_putc(s, 0); /* dummy len for now */
1473 stream_putc(s, CAPABILITY_CODE_FQDN);
1474 capp = stream_get_endp(s);
1475 stream_putc(s, 0); /* dummy len for now */
1476 len = strlen(cmd_hostname_get());
1477 if (len > BGP_MAX_HOSTNAME)
1478 len = BGP_MAX_HOSTNAME;
1479
1480 stream_putc(s, len);
1481 stream_put(s, cmd_hostname_get(), len);
1482 if (cmd_domainname_get()) {
1483 len = strlen(cmd_domainname_get());
1484 if (len > BGP_MAX_HOSTNAME)
1485 len = BGP_MAX_HOSTNAME;
1486
1487 stream_putc(s, len);
1488 stream_put(s, cmd_domainname_get(), len);
1489 } else
1490 stream_putc(s, 0); /* 0 length */
1491
1492 /* Set the lengths straight */
1493 len = stream_get_endp(s) - rcapp - 1;
1494 stream_putc_at(s, rcapp, len);
1495 len = stream_get_endp(s) - capp - 1;
1496 stream_putc_at(s, capp, len);
1497
1498 if (bgp_debug_neighbor_events(peer))
1499 zlog_debug(
1500 "%s Sending hostname cap with hn = %s, dn = %s",
1501 peer->host, cmd_hostname_get(),
1502 cmd_domainname_get());
1503 }
1504
1505 /* Sending base graceful-restart capability irrespective of the config
1506 */
1507 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1508 stream_putc(s, BGP_OPEN_OPT_CAP);
1509 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1510 stream_putc(s, 0); /* Capability Length */
1511 stream_putc(s, CAPABILITY_CODE_RESTART);
1512 rcapp = stream_get_endp(s); /* Set Restart Capability Len Pointer */
1513 stream_putc(s, 0);
1514 restart_time = peer->bgp->restart_time;
1515 if (peer->bgp->t_startup) {
1516 SET_FLAG(restart_time, RESTART_R_BIT);
1517 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_ADV);
1518 }
1519 stream_putw(s, restart_time);
1520
1521 /* Send address-family specific graceful-restart capability only when GR
1522 config
1523 is present */
1524 if (bgp_flag_check(peer->bgp, BGP_FLAG_GRACEFUL_RESTART)) {
1525 FOREACH_AFI_SAFI (afi, safi) {
1526 if (peer->afc[afi][safi]) {
1527 /* Convert AFI, SAFI to values for
1528 * packet. */
1529 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1530 &pkt_safi);
1531 stream_putw(s, pkt_afi);
1532 stream_putc(s, pkt_safi);
1533 if (bgp_flag_check(peer->bgp,
1534 BGP_FLAG_GR_PRESERVE_FWD))
1535 stream_putc(s, RESTART_F_BIT);
1536 else
1537 stream_putc(s, 0);
1538 }
1539 }
1540 }
1541
1542 /* Total Graceful restart capability Len. */
1543 len = stream_get_endp(s) - rcapp - 1;
1544 stream_putc_at(s, rcapp, len);
1545
1546 /* Total Capability Len. */
1547 len = stream_get_endp(s) - capp - 1;
1548 stream_putc_at(s, capp, len);
1549
1550 /* Total Opt Parm Len. */
1551 len = stream_get_endp(s) - cp - 1;
1552 stream_putc_at(s, cp, len);
1553 }
FRRouting mirror