]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5717 from pguibert6WIND/flowspec_issue_redistribute
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
46 negotiate remote peer supports extentions or not. But if
47 remote-peer doesn't supports negotiation process itself. We would
48 like to do manual configuration.
49
50 So there is many configurable point. First of all we want set each
51 peer whether we send capability negotiation to the peer or not.
52 Next, if we send capability to the peer we want to set my capability
53 inforation at each peer. */
54
55 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
56 json_object *json_neigh)
57 {
58 char *pnt;
59 char *end;
60 struct capability_mp_data mpc;
61 struct capability_header *hdr;
62 json_object *json_cap = NULL;
63
64 if (use_json)
65 json_cap = json_object_new_object();
66
67 pnt = peer->notify.data;
68 end = pnt + peer->notify.length;
69
70 while (pnt < end) {
71 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
72 return;
73
74 hdr = (struct capability_header *)pnt;
75 if (pnt + hdr->length + 2 > end)
76 return;
77
78 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
79
80 if (hdr->code == CAPABILITY_CODE_MP) {
81 afi_t afi;
82 safi_t safi;
83
84 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
85 mpc.safi, &afi, &safi);
86
87 if (use_json) {
88 switch (afi) {
89 case AFI_IP:
90 json_object_string_add(
91 json_cap,
92 "capabilityErrorMultiProtocolAfi",
93 "IPv4");
94 break;
95 case AFI_IP6:
96 json_object_string_add(
97 json_cap,
98 "capabilityErrorMultiProtocolAfi",
99 "IPv6");
100 break;
101 case AFI_L2VPN:
102 json_object_string_add(
103 json_cap,
104 "capabilityErrorMultiProtocolAfi",
105 "L2VPN");
106 break;
107 default:
108 json_object_int_add(
109 json_cap,
110 "capabilityErrorMultiProtocolAfiUnknown",
111 ntohs(mpc.afi));
112 break;
113 }
114 switch (safi) {
115 case SAFI_UNICAST:
116 json_object_string_add(
117 json_cap,
118 "capabilityErrorMultiProtocolSafi",
119 "unicast");
120 break;
121 case SAFI_MULTICAST:
122 json_object_string_add(
123 json_cap,
124 "capabilityErrorMultiProtocolSafi",
125 "multicast");
126 break;
127 case SAFI_LABELED_UNICAST:
128 json_object_string_add(
129 json_cap,
130 "capabilityErrorMultiProtocolSafi",
131 "labeled-unicast");
132 break;
133 case SAFI_MPLS_VPN:
134 json_object_string_add(
135 json_cap,
136 "capabilityErrorMultiProtocolSafi",
137 "MPLS-labeled VPN");
138 break;
139 case SAFI_ENCAP:
140 json_object_string_add(
141 json_cap,
142 "capabilityErrorMultiProtocolSafi",
143 "encap");
144 break;
145 case SAFI_EVPN:
146 json_object_string_add(
147 json_cap,
148 "capabilityErrorMultiProtocolSafi",
149 "EVPN");
150 break;
151 case SAFI_FLOWSPEC:
152 json_object_string_add(
153 json_cap,
154 "capabilityErrorMultiProtocolSafi",
155 "flowspec");
156 break;
157 default:
158 json_object_int_add(
159 json_cap,
160 "capabilityErrorMultiProtocolSafiUnknown",
161 mpc.safi);
162 break;
163 }
164 } else {
165 vty_out(vty,
166 " Capability error for: Multi protocol ");
167 switch (afi) {
168 case AFI_IP:
169 vty_out(vty, "AFI IPv4, ");
170 break;
171 case AFI_IP6:
172 vty_out(vty, "AFI IPv6, ");
173 break;
174 case AFI_L2VPN:
175 vty_out(vty, "AFI L2VPN, ");
176 break;
177 default:
178 vty_out(vty, "AFI Unknown %d, ",
179 ntohs(mpc.afi));
180 break;
181 }
182 switch (safi) {
183 case SAFI_UNICAST:
184 vty_out(vty, "SAFI Unicast");
185 break;
186 case SAFI_MULTICAST:
187 vty_out(vty, "SAFI Multicast");
188 break;
189 case SAFI_LABELED_UNICAST:
190 vty_out(vty, "SAFI Labeled-unicast");
191 break;
192 case SAFI_MPLS_VPN:
193 vty_out(vty, "SAFI MPLS-labeled VPN");
194 break;
195 case SAFI_ENCAP:
196 vty_out(vty, "SAFI ENCAP");
197 break;
198 case SAFI_FLOWSPEC:
199 vty_out(vty, "SAFI FLOWSPEC");
200 break;
201 case SAFI_EVPN:
202 vty_out(vty, "SAFI EVPN");
203 break;
204 default:
205 vty_out(vty, "SAFI Unknown %d ",
206 mpc.safi);
207 break;
208 }
209 vty_out(vty, "\n");
210 }
211 } else if (hdr->code >= 128) {
212 if (use_json)
213 json_object_int_add(
214 json_cap,
215 "capabilityErrorVendorSpecificCapabilityCode",
216 hdr->code);
217 else
218 vty_out(vty,
219 " Capability error: vendor specific capability code %d",
220 hdr->code);
221 } else {
222 if (use_json)
223 json_object_int_add(
224 json_cap,
225 "capabilityErrorUnknownCapabilityCode",
226 hdr->code);
227 else
228 vty_out(vty,
229 " Capability error: unknown capability code %d",
230 hdr->code);
231 }
232 pnt += hdr->length + 2;
233 }
234 if (use_json)
235 json_object_object_add(json_neigh, "capabilityErrors",
236 json_cap);
237 }
238
239 static void bgp_capability_mp_data(struct stream *s,
240 struct capability_mp_data *mpc)
241 {
242 mpc->afi = stream_getw(s);
243 mpc->reserved = stream_getc(s);
244 mpc->safi = stream_getc(s);
245 }
246
247 /* Set negotiated capability value. */
248 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
249 {
250 struct capability_mp_data mpc;
251 struct stream *s = BGP_INPUT(peer);
252 afi_t afi;
253 safi_t safi;
254
255 /* Verify length is 4 */
256 if (hdr->length != 4) {
257 flog_warn(
258 EC_BGP_CAPABILITY_INVALID_LENGTH,
259 "MP Cap: Received invalid length %d, non-multiple of 4",
260 hdr->length);
261 return -1;
262 }
263
264 bgp_capability_mp_data(s, &mpc);
265
266 if (bgp_debug_neighbor_events(peer))
267 zlog_debug("%s OPEN has MP_EXT CAP for afi/safi: %s/%s",
268 peer->host, iana_afi2str(mpc.afi),
269 iana_safi2str(mpc.safi));
270
271 /* Convert AFI, SAFI to internal values, check. */
272 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
273 return -1;
274
275 /* Now safi remapped, and afi/safi are valid array indices */
276 peer->afc_recv[afi][safi] = 1;
277
278 if (peer->afc[afi][safi])
279 peer->afc_nego[afi][safi] = 1;
280 else
281 return -1;
282
283 return 0;
284 }
285
286 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
287 iana_safi_t safi, uint8_t type,
288 uint8_t mode)
289 {
290 if (bgp_debug_neighbor_events(peer))
291 zlog_debug(
292 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
293 peer->host, afi, safi, type, mode);
294 }
295
296 static const struct message orf_type_str[] = {
297 {ORF_TYPE_PREFIX, "Prefixlist"},
298 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
299 {0}};
300
301 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
302 {ORF_MODE_SEND, "Send"},
303 {ORF_MODE_BOTH, "Both"},
304 {0}};
305
306 static int bgp_capability_orf_entry(struct peer *peer,
307 struct capability_header *hdr)
308 {
309 struct stream *s = BGP_INPUT(peer);
310 struct capability_mp_data mpc;
311 uint8_t num;
312 iana_afi_t pkt_afi;
313 afi_t afi;
314 iana_safi_t pkt_safi;
315 safi_t safi;
316 uint8_t type;
317 uint8_t mode;
318 uint16_t sm_cap = 0; /* capability send-mode receive */
319 uint16_t rm_cap = 0; /* capability receive-mode receive */
320 int i;
321
322 /* ORF Entry header */
323 bgp_capability_mp_data(s, &mpc);
324 num = stream_getc(s);
325 pkt_afi = mpc.afi;
326 pkt_safi = mpc.safi;
327
328 if (bgp_debug_neighbor_events(peer))
329 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
330 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
331
332 /* Convert AFI, SAFI to internal values, check. */
333 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
334 zlog_info(
335 "%s Addr-family %d/%d not supported."
336 " Ignoring the ORF capability",
337 peer->host, pkt_afi, pkt_safi);
338 return 0;
339 }
340
341 mpc.afi = pkt_afi;
342 mpc.safi = safi;
343
344 /* validate number field */
345 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
346 zlog_info(
347 "%s ORF Capability entry length error,"
348 " Cap length %u, num %u",
349 peer->host, hdr->length, num);
350 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
351 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
352 return -1;
353 }
354
355 for (i = 0; i < num; i++) {
356 type = stream_getc(s);
357 mode = stream_getc(s);
358
359 /* ORF Mode error check */
360 switch (mode) {
361 case ORF_MODE_BOTH:
362 case ORF_MODE_SEND:
363 case ORF_MODE_RECEIVE:
364 break;
365 default:
366 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
367 type, mode);
368 continue;
369 }
370 /* ORF Type and afi/safi error checks */
371 /* capcode versus type */
372 switch (hdr->code) {
373 case CAPABILITY_CODE_ORF:
374 switch (type) {
375 case ORF_TYPE_PREFIX:
376 break;
377 default:
378 bgp_capability_orf_not_support(
379 peer, pkt_afi, pkt_safi, type, mode);
380 continue;
381 }
382 break;
383 case CAPABILITY_CODE_ORF_OLD:
384 switch (type) {
385 case ORF_TYPE_PREFIX_OLD:
386 break;
387 default:
388 bgp_capability_orf_not_support(
389 peer, pkt_afi, pkt_safi, type, mode);
390 continue;
391 }
392 break;
393 default:
394 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
395 type, mode);
396 continue;
397 }
398
399 /* AFI vs SAFI */
400 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
401 || (afi == AFI_IP && safi == SAFI_MULTICAST)
402 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
403 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
404 type, mode);
405 continue;
406 }
407
408 if (bgp_debug_neighbor_events(peer))
409 zlog_debug(
410 "%s OPEN has %s ORF capability"
411 " as %s for afi/safi: %s/%s",
412 peer->host,
413 lookup_msg(orf_type_str, type, NULL),
414 lookup_msg(orf_mode_str, mode, NULL),
415 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
416
417 if (hdr->code == CAPABILITY_CODE_ORF) {
418 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
419 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
420 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
421 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
422 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
423 } else {
424 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
425 type, mode);
426 continue;
427 }
428
429 switch (mode) {
430 case ORF_MODE_BOTH:
431 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
432 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
433 break;
434 case ORF_MODE_SEND:
435 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
436 break;
437 case ORF_MODE_RECEIVE:
438 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
439 break;
440 }
441 }
442 return 0;
443 }
444
445 static int bgp_capability_restart(struct peer *peer,
446 struct capability_header *caphdr)
447 {
448 struct stream *s = BGP_INPUT(peer);
449 uint16_t restart_flag_time;
450 size_t end = stream_get_getp(s) + caphdr->length;
451
452 /* Verify length is a multiple of 4 */
453 if ((caphdr->length - 2) % 4) {
454 flog_warn(
455 EC_BGP_CAPABILITY_INVALID_LENGTH,
456 "Restart Cap: Received invalid length %d, non-multiple of 4",
457 caphdr->length);
458 return -1;
459 }
460
461 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
462 restart_flag_time = stream_getw(s);
463 if (CHECK_FLAG(restart_flag_time, RESTART_R_BIT))
464 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV);
465 else
466 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV);
467
468 UNSET_FLAG(restart_flag_time, 0xF000);
469 peer->v_gr_restart = restart_flag_time;
470
471 if (bgp_debug_neighbor_events(peer)) {
472 zlog_debug("%s OPEN has Graceful Restart capability",
473 peer->host);
474 zlog_debug("%s Peer has%srestarted. Restart Time : %d",
475 peer->host,
476 CHECK_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV)
477 ? " "
478 : " not ",
479 peer->v_gr_restart);
480 }
481
482 while (stream_get_getp(s) + 4 <= end) {
483 afi_t afi;
484 safi_t safi;
485 iana_afi_t pkt_afi = stream_getw(s);
486 iana_safi_t pkt_safi = stream_getc(s);
487 uint8_t flag = stream_getc(s);
488
489 /* Convert AFI, SAFI to internal values, check. */
490 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
491 if (bgp_debug_neighbor_events(peer))
492 zlog_debug(
493 "%s Addr-family %s/%s(afi/safi) not supported."
494 " Ignore the Graceful Restart capability for this AFI/SAFI",
495 peer->host, iana_afi2str(pkt_afi),
496 iana_safi2str(pkt_safi));
497 } else if (!peer->afc[afi][safi]) {
498 if (bgp_debug_neighbor_events(peer))
499 zlog_debug(
500 "%s Addr-family %s/%s(afi/safi) not enabled."
501 " Ignore the Graceful Restart capability",
502 peer->host, iana_afi2str(pkt_afi),
503 iana_safi2str(pkt_safi));
504 } else {
505 if (bgp_debug_neighbor_events(peer))
506 zlog_debug(
507 "%s Address family %s is%spreserved",
508 peer->host, get_afi_safi_str(afi, safi, false),
509 CHECK_FLAG(
510 peer->af_cap[afi][safi],
511 PEER_CAP_RESTART_AF_PRESERVE_RCV)
512 ? " "
513 : " not ");
514
515 SET_FLAG(peer->af_cap[afi][safi],
516 PEER_CAP_RESTART_AF_RCV);
517 if (CHECK_FLAG(flag, RESTART_F_BIT))
518 SET_FLAG(peer->af_cap[afi][safi],
519 PEER_CAP_RESTART_AF_PRESERVE_RCV);
520 }
521 }
522 return 0;
523 }
524
525 /* Unlike other capability parsing routines, this one returns 0 on error */
526 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
527 {
528 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
529
530 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
531 flog_err(EC_BGP_PKT_OPEN,
532 "%s AS4 capability has incorrect data length %d",
533 peer->host, hdr->length);
534 return 0;
535 }
536
537 as_t as4 = stream_getl(BGP_INPUT(peer));
538
539 if (BGP_DEBUG(as4, AS4))
540 zlog_debug(
541 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
542 peer->host, as4);
543 return as4;
544 }
545
546 static int bgp_capability_addpath(struct peer *peer,
547 struct capability_header *hdr)
548 {
549 struct stream *s = BGP_INPUT(peer);
550 size_t end = stream_get_getp(s) + hdr->length;
551
552 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
553
554 /* Verify length is a multiple of 4 */
555 if (hdr->length % 4) {
556 flog_warn(
557 EC_BGP_CAPABILITY_INVALID_LENGTH,
558 "Add Path: Received invalid length %d, non-multiple of 4",
559 hdr->length);
560 return -1;
561 }
562
563 while (stream_get_getp(s) + 4 <= end) {
564 afi_t afi;
565 safi_t safi;
566 iana_afi_t pkt_afi = stream_getw(s);
567 iana_safi_t pkt_safi = stream_getc(s);
568 uint8_t send_receive = stream_getc(s);
569
570 if (bgp_debug_neighbor_events(peer))
571 zlog_debug(
572 "%s OPEN has AddPath CAP for afi/safi: %s/%s%s%s",
573 peer->host, iana_afi2str(pkt_afi),
574 iana_safi2str(pkt_safi),
575 (send_receive & BGP_ADDPATH_RX) ? ", receive"
576 : "",
577 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
578 : "");
579
580 /* Convert AFI, SAFI to internal values, check. */
581 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
582 if (bgp_debug_neighbor_events(peer))
583 zlog_debug(
584 "%s Addr-family %s/%s(afi/safi) not supported."
585 " Ignore the Addpath Attribute for this AFI/SAFI",
586 peer->host, iana_afi2str(pkt_afi),
587 iana_safi2str(pkt_safi));
588 continue;
589 } else if (!peer->afc[afi][safi]) {
590 if (bgp_debug_neighbor_events(peer))
591 zlog_debug(
592 "%s Addr-family %s/%s(afi/safi) not enabled."
593 " Ignore the AddPath capability for this AFI/SAFI",
594 peer->host, iana_afi2str(pkt_afi),
595 iana_safi2str(pkt_safi));
596 continue;
597 }
598
599 if (send_receive & BGP_ADDPATH_RX)
600 SET_FLAG(peer->af_cap[afi][safi],
601 PEER_CAP_ADDPATH_AF_RX_RCV);
602
603 if (send_receive & BGP_ADDPATH_TX)
604 SET_FLAG(peer->af_cap[afi][safi],
605 PEER_CAP_ADDPATH_AF_TX_RCV);
606 }
607
608 return 0;
609 }
610
611 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
612 {
613 struct stream *s = BGP_INPUT(peer);
614 size_t end = stream_get_getp(s) + hdr->length;
615
616 /* Verify length is a multiple of 4 */
617 if (hdr->length % 6) {
618 flog_warn(
619 EC_BGP_CAPABILITY_INVALID_LENGTH,
620 "Extended NH: Received invalid length %d, non-multiple of 6",
621 hdr->length);
622 return -1;
623 }
624
625 while (stream_get_getp(s) + 6 <= end) {
626 iana_afi_t pkt_afi = stream_getw(s);
627 afi_t afi;
628 iana_safi_t pkt_safi = stream_getw(s);
629 safi_t safi;
630 iana_afi_t pkt_nh_afi = stream_getw(s);
631 afi_t nh_afi;
632
633 if (bgp_debug_neighbor_events(peer))
634 zlog_debug(
635 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
636 peer->host, iana_afi2str(pkt_afi),
637 iana_safi2str(pkt_safi), pkt_nh_afi);
638
639 /* Convert AFI, SAFI to internal values, check. */
640 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
641 if (bgp_debug_neighbor_events(peer))
642 zlog_debug(
643 "%s Addr-family %s/%s(afi/safi) not supported."
644 " Ignore the ENHE Attribute for this AFI/SAFI",
645 peer->host, iana_afi2str(pkt_afi),
646 iana_safi2str(pkt_safi));
647 continue;
648 }
649
650 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
651 * with
652 * the Nexthop AFI being IPv6. A future spec may introduce other
653 * possibilities, so we ignore other values with a log. Also,
654 * only
655 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
656 * (and expected).
657 */
658 nh_afi = afi_iana2int(pkt_nh_afi);
659
660 if (afi != AFI_IP || nh_afi != AFI_IP6
661 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
662 || safi == SAFI_LABELED_UNICAST)) {
663 flog_warn(
664 EC_BGP_CAPABILITY_INVALID_DATA,
665 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u "
666 "in Extended Next-hop capability, ignoring",
667 peer->host, iana_afi2str(pkt_afi),
668 iana_safi2str(pkt_safi), pkt_nh_afi);
669 continue;
670 }
671
672 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
673
674 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
675 SET_FLAG(peer->af_cap[afi][safi],
676 PEER_CAP_ENHE_AF_NEGO);
677 }
678
679 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
680
681 return 0;
682 }
683
684 static int bgp_capability_hostname(struct peer *peer,
685 struct capability_header *hdr)
686 {
687 struct stream *s = BGP_INPUT(peer);
688 char str[BGP_MAX_HOSTNAME + 1];
689 size_t end = stream_get_getp(s) + hdr->length;
690 uint8_t len;
691
692 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
693
694 len = stream_getc(s);
695 if (stream_get_getp(s) + len > end) {
696 flog_warn(
697 EC_BGP_CAPABILITY_INVALID_DATA,
698 "%s: Received malformed hostname capability from peer %s",
699 __FUNCTION__, peer->host);
700 return -1;
701 }
702
703 if (len > BGP_MAX_HOSTNAME) {
704 stream_get(str, s, BGP_MAX_HOSTNAME);
705 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
706 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
707 } else if (len)
708 stream_get(str, s, len);
709
710 if (len) {
711 str[len] = '\0';
712
713 if (peer->hostname != NULL) {
714 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
715 peer->hostname = NULL;
716 }
717
718 if (peer->domainname != NULL) {
719 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
720 peer->domainname = NULL;
721 }
722
723 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
724 }
725
726 if (stream_get_getp(s) + 1 > end) {
727 flog_warn(
728 EC_BGP_CAPABILITY_INVALID_DATA,
729 "%s: Received invalid domain name len (hostname capability) from peer %s",
730 __FUNCTION__, peer->host);
731 return -1;
732 }
733
734 len = stream_getc(s);
735 if (stream_get_getp(s) + len > end) {
736 flog_warn(
737 EC_BGP_CAPABILITY_INVALID_DATA,
738 "%s: Received runt domain name (hostname capability) from peer %s",
739 __FUNCTION__, peer->host);
740 return -1;
741 }
742
743 if (len > BGP_MAX_HOSTNAME) {
744 stream_get(str, s, BGP_MAX_HOSTNAME);
745 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
746 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
747 } else if (len)
748 stream_get(str, s, len);
749
750 if (len) {
751 str[len] = '\0';
752
753 if (peer->domainname != NULL) {
754 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
755 peer->domainname = NULL;
756 }
757
758 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
759 }
760
761 if (bgp_debug_neighbor_events(peer)) {
762 zlog_debug("%s received hostname %s, domainname %s", peer->host,
763 peer->hostname, peer->domainname);
764 }
765
766 return 0;
767 }
768
769 static const struct message capcode_str[] = {
770 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
771 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
772 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
773 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
774 {CAPABILITY_CODE_AS4, "4-octet AS number"},
775 {CAPABILITY_CODE_ADDPATH, "AddPath"},
776 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
777 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
778 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
779 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
780 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
781 {CAPABILITY_CODE_FQDN, "FQDN"},
782 {0}};
783
784 /* Minimum sizes for length field of each cap (so not inc. the header) */
785 static const size_t cap_minsizes[] = {
786 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
787 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
788 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
789 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
790 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
791 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
792 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
793 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
794 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
795 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
796 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
797 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
798 };
799
800 /* value the capability must be a multiple of.
801 * 0-data capabilities won't be checked against this.
802 * Other capabilities whose data doesn't fall on convenient boundaries for this
803 * table should be set to 1.
804 */
805 static const size_t cap_modsizes[] = {
806 [CAPABILITY_CODE_MP] = 4,
807 [CAPABILITY_CODE_REFRESH] = 1,
808 [CAPABILITY_CODE_ORF] = 1,
809 [CAPABILITY_CODE_RESTART] = 1,
810 [CAPABILITY_CODE_AS4] = 4,
811 [CAPABILITY_CODE_ADDPATH] = 4,
812 [CAPABILITY_CODE_DYNAMIC] = 1,
813 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
814 [CAPABILITY_CODE_ENHE] = 6,
815 [CAPABILITY_CODE_REFRESH_OLD] = 1,
816 [CAPABILITY_CODE_ORF_OLD] = 1,
817 [CAPABILITY_CODE_FQDN] = 1,
818 };
819
820 /**
821 * Parse given capability.
822 * XXX: This is reading into a stream, but not using stream API
823 *
824 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
825 * capabilities were encountered.
826 */
827 static int bgp_capability_parse(struct peer *peer, size_t length,
828 int *mp_capability, uint8_t **error)
829 {
830 int ret;
831 struct stream *s = BGP_INPUT(peer);
832 size_t end = stream_get_getp(s) + length;
833 uint16_t restart_flag_time = 0;
834
835 assert(STREAM_READABLE(s) >= length);
836
837 while (stream_get_getp(s) < end) {
838 size_t start;
839 uint8_t *sp = stream_pnt(s);
840 struct capability_header caphdr;
841
842 ret = 0;
843 /* We need at least capability code and capability length. */
844 if (stream_get_getp(s) + 2 > end) {
845 zlog_info("%s Capability length error (< header)",
846 peer->host);
847 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
848 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
849 return -1;
850 }
851
852 caphdr.code = stream_getc(s);
853 caphdr.length = stream_getc(s);
854 start = stream_get_getp(s);
855
856 /* Capability length check sanity check. */
857 if (start + caphdr.length > end) {
858 zlog_info("%s Capability length error (< length)",
859 peer->host);
860 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
861 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
862 return -1;
863 }
864
865 if (bgp_debug_neighbor_events(peer))
866 zlog_debug("%s OPEN has %s capability (%u), length %u",
867 peer->host,
868 lookup_msg(capcode_str, caphdr.code, NULL),
869 caphdr.code, caphdr.length);
870
871 /* Length sanity check, type-specific, for known capabilities */
872 switch (caphdr.code) {
873 case CAPABILITY_CODE_MP:
874 case CAPABILITY_CODE_REFRESH:
875 case CAPABILITY_CODE_REFRESH_OLD:
876 case CAPABILITY_CODE_ORF:
877 case CAPABILITY_CODE_ORF_OLD:
878 case CAPABILITY_CODE_RESTART:
879 case CAPABILITY_CODE_AS4:
880 case CAPABILITY_CODE_ADDPATH:
881 case CAPABILITY_CODE_DYNAMIC:
882 case CAPABILITY_CODE_DYNAMIC_OLD:
883 case CAPABILITY_CODE_ENHE:
884 case CAPABILITY_CODE_FQDN:
885 /* Check length. */
886 if (caphdr.length < cap_minsizes[caphdr.code]) {
887 zlog_info(
888 "%s %s Capability length error: got %u,"
889 " expected at least %u",
890 peer->host,
891 lookup_msg(capcode_str, caphdr.code,
892 NULL),
893 caphdr.length,
894 (unsigned)cap_minsizes[caphdr.code]);
895 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
896 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
897 return -1;
898 }
899 if (caphdr.length
900 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
901 zlog_info(
902 "%s %s Capability length error: got %u,"
903 " expected a multiple of %u",
904 peer->host,
905 lookup_msg(capcode_str, caphdr.code,
906 NULL),
907 caphdr.length,
908 (unsigned)cap_modsizes[caphdr.code]);
909 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
910 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
911 return -1;
912 }
913 /* we deliberately ignore unknown codes, see below */
914 default:
915 break;
916 }
917
918 switch (caphdr.code) {
919 case CAPABILITY_CODE_MP: {
920 *mp_capability = 1;
921
922 /* Ignore capability when override-capability is set. */
923 if (!CHECK_FLAG(peer->flags,
924 PEER_FLAG_OVERRIDE_CAPABILITY)) {
925 /* Set negotiated value. */
926 ret = bgp_capability_mp(peer, &caphdr);
927
928 /* Unsupported Capability. */
929 if (ret < 0) {
930 /* Store return data. */
931 memcpy(*error, sp, caphdr.length + 2);
932 *error += caphdr.length + 2;
933 }
934 ret = 0; /* Don't return error for this */
935 }
936 } break;
937 case CAPABILITY_CODE_REFRESH:
938 case CAPABILITY_CODE_REFRESH_OLD: {
939 /* BGP refresh capability */
940 if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
941 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
942 else
943 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
944 } break;
945 case CAPABILITY_CODE_ORF:
946 case CAPABILITY_CODE_ORF_OLD:
947 ret = bgp_capability_orf_entry(peer, &caphdr);
948 break;
949 case CAPABILITY_CODE_RESTART:
950 ret = bgp_capability_restart(peer, &caphdr);
951 break;
952 case CAPABILITY_CODE_DYNAMIC:
953 case CAPABILITY_CODE_DYNAMIC_OLD:
954 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
955 break;
956 case CAPABILITY_CODE_AS4:
957 /* Already handled as a special-case parsing of the
958 * capabilities
959 * at the beginning of OPEN processing. So we care not a
960 * jot
961 * for the value really, only error case.
962 */
963 if (!bgp_capability_as4(peer, &caphdr))
964 ret = -1;
965 break;
966 case CAPABILITY_CODE_ADDPATH:
967 ret = bgp_capability_addpath(peer, &caphdr);
968 break;
969 case CAPABILITY_CODE_ENHE:
970 ret = bgp_capability_enhe(peer, &caphdr);
971 break;
972 case CAPABILITY_CODE_FQDN:
973 ret = bgp_capability_hostname(peer, &caphdr);
974 break;
975 default:
976 if (caphdr.code > 128) {
977 /* We don't send Notification for unknown vendor
978 specific
979 capabilities. It seems reasonable for now...
980 */
981 flog_warn(EC_BGP_CAPABILITY_VENDOR,
982 "%s Vendor specific capability %d",
983 peer->host, caphdr.code);
984 } else {
985 flog_warn(
986 EC_BGP_CAPABILITY_UNKNOWN,
987 "%s unrecognized capability code: %d - ignored",
988 peer->host, caphdr.code);
989 memcpy(*error, sp, caphdr.length + 2);
990 *error += caphdr.length + 2;
991 }
992 }
993
994 if (ret < 0) {
995 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
996 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
997 return -1;
998 }
999 if (stream_get_getp(s) != (start + caphdr.length)) {
1000 if (stream_get_getp(s) > (start + caphdr.length))
1001 flog_warn(
1002 EC_BGP_CAPABILITY_INVALID_LENGTH,
1003 "%s Cap-parser for %s read past cap-length, %u!",
1004 peer->host,
1005 lookup_msg(capcode_str, caphdr.code,
1006 NULL),
1007 caphdr.length);
1008 stream_set_getp(s, start + caphdr.length);
1009 }
1010
1011 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1012 UNSET_FLAG(restart_flag_time, 0xF000);
1013 peer->v_gr_restart = restart_flag_time;
1014 }
1015
1016 }
1017 return 0;
1018 }
1019
1020 static int bgp_auth_parse(struct peer *peer, size_t length)
1021 {
1022 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1023 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1024 return -1;
1025 }
1026
1027 static int strict_capability_same(struct peer *peer)
1028 {
1029 int i, j;
1030
1031 for (i = AFI_IP; i < AFI_MAX; i++)
1032 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1033 if (peer->afc[i][j] != peer->afc_nego[i][j])
1034 return 0;
1035 return 1;
1036 }
1037
1038 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1039 * Returns 0 if no as4 found, as4cap value otherwise.
1040 */
1041 as_t peek_for_as4_capability(struct peer *peer, uint8_t length)
1042 {
1043 struct stream *s = BGP_INPUT(peer);
1044 size_t orig_getp = stream_get_getp(s);
1045 size_t end = orig_getp + length;
1046 as_t as4 = 0;
1047
1048 if (BGP_DEBUG(as4, AS4))
1049 zlog_debug(
1050 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u,"
1051 " peeking for as4",
1052 peer->host, length);
1053 /* the error cases we DONT handle, we ONLY try to read as4 out of
1054 * correctly formatted options.
1055 */
1056 while (stream_get_getp(s) < end) {
1057 uint8_t opt_type;
1058 uint8_t opt_length;
1059
1060 /* Check the length. */
1061 if (stream_get_getp(s) + 2 > end)
1062 goto end;
1063
1064 /* Fetch option type and length. */
1065 opt_type = stream_getc(s);
1066 opt_length = stream_getc(s);
1067
1068 /* Option length check. */
1069 if (stream_get_getp(s) + opt_length > end)
1070 goto end;
1071
1072 if (opt_type == BGP_OPEN_OPT_CAP) {
1073 unsigned long capd_start = stream_get_getp(s);
1074 unsigned long capd_end = capd_start + opt_length;
1075
1076 assert(capd_end <= end);
1077
1078 while (stream_get_getp(s) < capd_end) {
1079 struct capability_header hdr;
1080
1081 if (stream_get_getp(s) + 2 > capd_end)
1082 goto end;
1083
1084 hdr.code = stream_getc(s);
1085 hdr.length = stream_getc(s);
1086
1087 if ((stream_get_getp(s) + hdr.length)
1088 > capd_end)
1089 goto end;
1090
1091 if (hdr.code == CAPABILITY_CODE_AS4) {
1092 if (BGP_DEBUG(as4, AS4))
1093 zlog_debug(
1094 "[AS4] found AS4 capability, about to parse");
1095 as4 = bgp_capability_as4(peer, &hdr);
1096
1097 goto end;
1098 }
1099 stream_forward_getp(s, hdr.length);
1100 }
1101 }
1102 }
1103
1104 end:
1105 stream_set_getp(s, orig_getp);
1106 return as4;
1107 }
1108
1109 /**
1110 * Parse open option.
1111 *
1112 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1113 */
1114 int bgp_open_option_parse(struct peer *peer, uint8_t length, int *mp_capability)
1115 {
1116 int ret = 0;
1117 uint8_t *error;
1118 uint8_t error_data[BGP_MAX_PACKET_SIZE];
1119 struct stream *s = BGP_INPUT(peer);
1120 size_t end = stream_get_getp(s) + length;
1121
1122 error = error_data;
1123
1124 if (bgp_debug_neighbor_events(peer))
1125 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1126 peer->host, length);
1127
1128 while (stream_get_getp(s) < end) {
1129 uint8_t opt_type;
1130 uint8_t opt_length;
1131
1132 /* Must have at least an OPEN option header */
1133 if (STREAM_READABLE(s) < 2) {
1134 zlog_info("%s Option length error", peer->host);
1135 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1136 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1137 return -1;
1138 }
1139
1140 /* Fetch option type and length. */
1141 opt_type = stream_getc(s);
1142 opt_length = stream_getc(s);
1143
1144 /* Option length check. */
1145 if (STREAM_READABLE(s) < opt_length) {
1146 zlog_info("%s Option length error", peer->host);
1147 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1148 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1149 return -1;
1150 }
1151
1152 if (bgp_debug_neighbor_events(peer))
1153 zlog_debug(
1154 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1155 peer->host, opt_type,
1156 opt_type == BGP_OPEN_OPT_AUTH
1157 ? "Authentication"
1158 : opt_type == BGP_OPEN_OPT_CAP
1159 ? "Capability"
1160 : "Unknown",
1161 opt_length);
1162
1163 switch (opt_type) {
1164 case BGP_OPEN_OPT_AUTH:
1165 ret = bgp_auth_parse(peer, opt_length);
1166 break;
1167 case BGP_OPEN_OPT_CAP:
1168 ret = bgp_capability_parse(peer, opt_length,
1169 mp_capability, &error);
1170 break;
1171 default:
1172 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1173 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1174 ret = -1;
1175 break;
1176 }
1177
1178 /* Parse error. To accumulate all unsupported capability codes,
1179 bgp_capability_parse does not return -1 when encounter
1180 unsupported capability code. To detect that, please check
1181 error and erro_data pointer, like below. */
1182 if (ret < 0)
1183 return -1;
1184 }
1185
1186 /* All OPEN option is parsed. Check capability when strict compare
1187 flag is enabled.*/
1188 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1189 /* If Unsupported Capability exists. */
1190 if (error != error_data) {
1191 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1192 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1193 error_data,
1194 error - error_data);
1195 return -1;
1196 }
1197
1198 /* Check local capability does not negotiated with remote
1199 peer. */
1200 if (!strict_capability_same(peer)) {
1201 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1202 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1203 return -1;
1204 }
1205 }
1206
1207 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1208 error. */
1209 if (*mp_capability
1210 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1211 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1212 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1213 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1214 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1215 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1216 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1217 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1218 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1219 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1220 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1221 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1222 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1223 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1224 flog_err(EC_BGP_PKT_OPEN,
1225 "%s [Error] Configured AFI/SAFIs do not "
1226 "overlap with received MP capabilities",
1227 peer->host);
1228
1229 if (error != error_data)
1230 bgp_notify_send_with_data(
1231 peer, BGP_NOTIFY_OPEN_ERR,
1232 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1233 error - error_data);
1234 else
1235 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1236 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1237 return -1;
1238 }
1239 }
1240 return 0;
1241 }
1242
1243 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1244 afi_t afi, safi_t safi, uint8_t code)
1245 {
1246 uint8_t cap_len;
1247 uint8_t orf_len;
1248 unsigned long capp;
1249 unsigned long orfp;
1250 unsigned long numberp;
1251 int number_of_orfs = 0;
1252 iana_afi_t pkt_afi;
1253 iana_safi_t pkt_safi;
1254
1255 /* Convert AFI, SAFI to values for packet. */
1256 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1257
1258 stream_putc(s, BGP_OPEN_OPT_CAP);
1259 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1260 stream_putc(s, 0); /* Capability Length */
1261 stream_putc(s, code); /* Capability Code */
1262 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1263 stream_putc(s, 0); /* ORF Length */
1264 stream_putw(s, pkt_afi);
1265 stream_putc(s, 0);
1266 stream_putc(s, pkt_safi);
1267 numberp = stream_get_endp(s); /* Set Number Pointer */
1268 stream_putc(s, 0); /* Number of ORFs */
1269
1270 /* Address Prefix ORF */
1271 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1272 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1273 stream_putc(s, (code == CAPABILITY_CODE_ORF
1274 ? ORF_TYPE_PREFIX
1275 : ORF_TYPE_PREFIX_OLD));
1276
1277 if (CHECK_FLAG(peer->af_flags[afi][safi],
1278 PEER_FLAG_ORF_PREFIX_SM)
1279 && CHECK_FLAG(peer->af_flags[afi][safi],
1280 PEER_FLAG_ORF_PREFIX_RM)) {
1281 SET_FLAG(peer->af_cap[afi][safi],
1282 PEER_CAP_ORF_PREFIX_SM_ADV);
1283 SET_FLAG(peer->af_cap[afi][safi],
1284 PEER_CAP_ORF_PREFIX_RM_ADV);
1285 stream_putc(s, ORF_MODE_BOTH);
1286 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1287 PEER_FLAG_ORF_PREFIX_SM)) {
1288 SET_FLAG(peer->af_cap[afi][safi],
1289 PEER_CAP_ORF_PREFIX_SM_ADV);
1290 stream_putc(s, ORF_MODE_SEND);
1291 } else {
1292 SET_FLAG(peer->af_cap[afi][safi],
1293 PEER_CAP_ORF_PREFIX_RM_ADV);
1294 stream_putc(s, ORF_MODE_RECEIVE);
1295 }
1296 number_of_orfs++;
1297 }
1298
1299 /* Total Number of ORFs. */
1300 stream_putc_at(s, numberp, number_of_orfs);
1301
1302 /* Total ORF Len. */
1303 orf_len = stream_get_endp(s) - orfp - 1;
1304 stream_putc_at(s, orfp, orf_len);
1305
1306 /* Total Capability Len. */
1307 cap_len = stream_get_endp(s) - capp - 1;
1308 stream_putc_at(s, capp, cap_len);
1309 }
1310
1311 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1312 unsigned long cp)
1313 {
1314 int len;
1315 iana_afi_t pkt_afi;
1316 afi_t afi;
1317 safi_t safi;
1318 iana_safi_t pkt_safi;
1319 uint32_t restart_time;
1320 unsigned long capp = 0;
1321 unsigned long rcapp = 0;
1322
1323 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1324 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1325 return;
1326
1327 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1328 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1329 peer->host);
1330
1331 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1332 stream_putc(s, BGP_OPEN_OPT_CAP);
1333 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1334 stream_putc(s, 0); /* Capability Length */
1335 stream_putc(s, CAPABILITY_CODE_RESTART);
1336 /* Set Restart Capability Len Pointer */
1337 rcapp = stream_get_endp(s);
1338 stream_putc(s, 0);
1339 restart_time = peer->bgp->restart_time;
1340 if (peer->bgp->t_startup) {
1341 SET_FLAG(restart_time, RESTART_R_BIT);
1342 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_ADV);
1343
1344 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1345 zlog_debug("[BGP_GR] Sending R-Bit for Peer :%s :",
1346 peer->host);
1347 }
1348
1349 stream_putw(s, restart_time);
1350
1351 /* Send address-family specific graceful-restart capability
1352 * only when GR config is present
1353 */
1354 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1355 if (bgp_flag_check(peer->bgp, BGP_FLAG_GR_PRESERVE_FWD)
1356 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1357 zlog_debug("[BGP_GR] F bit Set");
1358
1359 FOREACH_AFI_SAFI (afi, safi) {
1360 if (!peer->afc[afi][safi])
1361 continue;
1362
1363 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1364 zlog_debug(
1365 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1366 afi, safi);
1367
1368 /* Convert AFI, SAFI to values for
1369 * packet.
1370 */
1371 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1372 &pkt_safi);
1373 stream_putw(s, pkt_afi);
1374 stream_putc(s, pkt_safi);
1375 if (bgp_flag_check(peer->bgp, BGP_FLAG_GR_PRESERVE_FWD))
1376 stream_putc(s, RESTART_F_BIT);
1377 else
1378 stream_putc(s, 0);
1379 }
1380 }
1381
1382 /* Total Graceful restart capability Len. */
1383 len = stream_get_endp(s) - rcapp - 1;
1384 stream_putc_at(s, rcapp, len);
1385
1386 /* Total Capability Len. */
1387 len = stream_get_endp(s) - capp - 1;
1388 stream_putc_at(s, capp, len);
1389 }
1390
1391 /* Fill in capability open option to the packet. */
1392 void bgp_open_capability(struct stream *s, struct peer *peer)
1393 {
1394 uint8_t len;
1395 unsigned long cp, capp, rcapp;
1396 iana_afi_t pkt_afi;
1397 afi_t afi;
1398 safi_t safi;
1399 iana_safi_t pkt_safi;
1400 as_t local_as;
1401 uint8_t afi_safi_count = 0;
1402 int adv_addpath_tx = 0;
1403
1404 /* Remember current pointer for Opt Parm Len. */
1405 cp = stream_get_endp(s);
1406
1407 /* Opt Parm Len. */
1408 stream_putc(s, 0);
1409
1410 /* Do not send capability. */
1411 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1412 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1413 return;
1414
1415 /* MP capability for configured AFI, SAFI */
1416 FOREACH_AFI_SAFI (afi, safi) {
1417 if (peer->afc[afi][safi]) {
1418 /* Convert AFI, SAFI to values for packet. */
1419 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1420 &pkt_safi);
1421
1422 peer->afc_adv[afi][safi] = 1;
1423 stream_putc(s, BGP_OPEN_OPT_CAP);
1424 stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1425 stream_putc(s, CAPABILITY_CODE_MP);
1426 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1427 stream_putw(s, pkt_afi);
1428 stream_putc(s, 0);
1429 stream_putc(s, pkt_safi);
1430
1431 /* Extended nexthop capability - currently
1432 * supporting RFC-5549 for
1433 * Link-Local peering only
1434 */
1435 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1436 && peer->su.sa.sa_family == AF_INET6
1437 && afi == AFI_IP
1438 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1439 || safi == SAFI_LABELED_UNICAST)) {
1440 /* RFC 5549 Extended Next Hop Encoding
1441 */
1442 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1443 stream_putc(s, BGP_OPEN_OPT_CAP);
1444 stream_putc(s, CAPABILITY_CODE_ENHE_LEN + 2);
1445 stream_putc(s, CAPABILITY_CODE_ENHE);
1446 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1447
1448 SET_FLAG(peer->af_cap[AFI_IP][safi],
1449 PEER_CAP_ENHE_AF_ADV);
1450 stream_putw(s, pkt_afi);
1451 stream_putw(s, pkt_safi);
1452 stream_putw(s, afi_int2iana(AFI_IP6));
1453
1454 if (CHECK_FLAG(peer->af_cap[afi][safi],
1455 PEER_CAP_ENHE_AF_RCV))
1456 SET_FLAG(peer->af_cap[afi][safi],
1457 PEER_CAP_ENHE_AF_NEGO);
1458 }
1459 }
1460 }
1461
1462 /* Route refresh. */
1463 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1464 stream_putc(s, BGP_OPEN_OPT_CAP);
1465 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1466 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1467 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1468 stream_putc(s, BGP_OPEN_OPT_CAP);
1469 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1470 stream_putc(s, CAPABILITY_CODE_REFRESH);
1471 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1472
1473 /* AS4 */
1474 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1475 stream_putc(s, BGP_OPEN_OPT_CAP);
1476 stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1477 stream_putc(s, CAPABILITY_CODE_AS4);
1478 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1479 if (peer->change_local_as)
1480 local_as = peer->change_local_as;
1481 else
1482 local_as = peer->local_as;
1483 stream_putl(s, local_as);
1484
1485 /* AddPath */
1486 FOREACH_AFI_SAFI (afi, safi) {
1487 if (peer->afc[afi][safi]) {
1488 afi_safi_count++;
1489
1490 /* Only advertise addpath TX if a feature that
1491 * will use it is
1492 * configured */
1493 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1494 adv_addpath_tx = 1;
1495 }
1496 }
1497
1498 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1499 stream_putc(s, BGP_OPEN_OPT_CAP);
1500 stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count) + 2);
1501 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1502 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1503
1504 FOREACH_AFI_SAFI (afi, safi) {
1505 if (peer->afc[afi][safi]) {
1506 /* Convert AFI, SAFI to values for packet. */
1507 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1508 &pkt_safi);
1509
1510 stream_putw(s, pkt_afi);
1511 stream_putc(s, pkt_safi);
1512
1513 if (adv_addpath_tx) {
1514 stream_putc(s, BGP_ADDPATH_RX | BGP_ADDPATH_TX);
1515 SET_FLAG(peer->af_cap[afi][safi],
1516 PEER_CAP_ADDPATH_AF_RX_ADV);
1517 SET_FLAG(peer->af_cap[afi][safi],
1518 PEER_CAP_ADDPATH_AF_TX_ADV);
1519 } else {
1520 stream_putc(s, BGP_ADDPATH_RX);
1521 SET_FLAG(peer->af_cap[afi][safi],
1522 PEER_CAP_ADDPATH_AF_RX_ADV);
1523 UNSET_FLAG(peer->af_cap[afi][safi],
1524 PEER_CAP_ADDPATH_AF_TX_ADV);
1525 }
1526 }
1527 }
1528
1529 /* ORF capability. */
1530 FOREACH_AFI_SAFI (afi, safi) {
1531 if (CHECK_FLAG(peer->af_flags[afi][safi],
1532 PEER_FLAG_ORF_PREFIX_SM)
1533 || CHECK_FLAG(peer->af_flags[afi][safi],
1534 PEER_FLAG_ORF_PREFIX_RM)) {
1535 bgp_open_capability_orf(s, peer, afi, safi,
1536 CAPABILITY_CODE_ORF_OLD);
1537 bgp_open_capability_orf(s, peer, afi, safi,
1538 CAPABILITY_CODE_ORF);
1539 }
1540 }
1541
1542 /* Dynamic capability. */
1543 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1544 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1545 stream_putc(s, BGP_OPEN_OPT_CAP);
1546 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1547 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1548 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1549 stream_putc(s, BGP_OPEN_OPT_CAP);
1550 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1551 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1552 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1553 }
1554
1555 /* Hostname capability */
1556 if (cmd_hostname_get()) {
1557 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1558 stream_putc(s, BGP_OPEN_OPT_CAP);
1559 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1560 stream_putc(s, 0); /* dummy len for now */
1561 stream_putc(s, CAPABILITY_CODE_FQDN);
1562 capp = stream_get_endp(s);
1563 stream_putc(s, 0); /* dummy len for now */
1564 len = strlen(cmd_hostname_get());
1565 if (len > BGP_MAX_HOSTNAME)
1566 len = BGP_MAX_HOSTNAME;
1567
1568 stream_putc(s, len);
1569 stream_put(s, cmd_hostname_get(), len);
1570 if (cmd_domainname_get()) {
1571 len = strlen(cmd_domainname_get());
1572 if (len > BGP_MAX_HOSTNAME)
1573 len = BGP_MAX_HOSTNAME;
1574
1575 stream_putc(s, len);
1576 stream_put(s, cmd_domainname_get(), len);
1577 } else
1578 stream_putc(s, 0); /* 0 length */
1579
1580 /* Set the lengths straight */
1581 len = stream_get_endp(s) - rcapp - 1;
1582 stream_putc_at(s, rcapp, len);
1583 len = stream_get_endp(s) - capp - 1;
1584 stream_putc_at(s, capp, len);
1585
1586 if (bgp_debug_neighbor_events(peer))
1587 zlog_debug(
1588 "%s Sending hostname cap with hn = %s, dn = %s",
1589 peer->host, cmd_hostname_get(),
1590 cmd_domainname_get());
1591 }
1592
1593 bgp_peer_send_gr_capability(s, peer, cp);
1594
1595 /* Total Opt Parm Len. */
1596 len = stream_get_endp(s) - cp - 1;
1597 stream_putc_at(s, cp, len);
1598 }
FRRouting mirror