]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: Ensure FRR has enough data to read 2 bytes in peek_for_as4_capability
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE, "Role"},
62 {0}};
63
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
82 };
83
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89 static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
104 [CAPABILITY_CODE_LLGR] = 1,
105 [CAPABILITY_CODE_ROLE] = 1,
106 };
107
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
117
118 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
120 {
121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 default:
171 json_object_int_add(
172 json_cap,
173 "capabilityErrorMultiProtocolAfiUnknown",
174 ntohs(mpc.afi));
175 break;
176 }
177 switch (safi) {
178 case SAFI_UNICAST:
179 json_object_string_add(
180 json_cap,
181 "capabilityErrorMultiProtocolSafi",
182 "unicast");
183 break;
184 case SAFI_MULTICAST:
185 json_object_string_add(
186 json_cap,
187 "capabilityErrorMultiProtocolSafi",
188 "multicast");
189 break;
190 case SAFI_LABELED_UNICAST:
191 json_object_string_add(
192 json_cap,
193 "capabilityErrorMultiProtocolSafi",
194 "labeled-unicast");
195 break;
196 case SAFI_MPLS_VPN:
197 json_object_string_add(
198 json_cap,
199 "capabilityErrorMultiProtocolSafi",
200 "MPLS-labeled VPN");
201 break;
202 case SAFI_ENCAP:
203 json_object_string_add(
204 json_cap,
205 "capabilityErrorMultiProtocolSafi",
206 "encap");
207 break;
208 case SAFI_EVPN:
209 json_object_string_add(
210 json_cap,
211 "capabilityErrorMultiProtocolSafi",
212 "EVPN");
213 break;
214 case SAFI_FLOWSPEC:
215 json_object_string_add(
216 json_cap,
217 "capabilityErrorMultiProtocolSafi",
218 "flowspec");
219 break;
220 default:
221 json_object_int_add(
222 json_cap,
223 "capabilityErrorMultiProtocolSafiUnknown",
224 mpc.safi);
225 break;
226 }
227 } else {
228 vty_out(vty,
229 " Capability error for: Multi protocol ");
230 switch (afi) {
231 case AFI_IP:
232 vty_out(vty, "AFI IPv4, ");
233 break;
234 case AFI_IP6:
235 vty_out(vty, "AFI IPv6, ");
236 break;
237 case AFI_L2VPN:
238 vty_out(vty, "AFI L2VPN, ");
239 break;
240 default:
241 vty_out(vty, "AFI Unknown %d, ",
242 ntohs(mpc.afi));
243 break;
244 }
245 switch (safi) {
246 case SAFI_UNICAST:
247 vty_out(vty, "SAFI Unicast");
248 break;
249 case SAFI_MULTICAST:
250 vty_out(vty, "SAFI Multicast");
251 break;
252 case SAFI_LABELED_UNICAST:
253 vty_out(vty, "SAFI Labeled-unicast");
254 break;
255 case SAFI_MPLS_VPN:
256 vty_out(vty, "SAFI MPLS-labeled VPN");
257 break;
258 case SAFI_ENCAP:
259 vty_out(vty, "SAFI ENCAP");
260 break;
261 case SAFI_FLOWSPEC:
262 vty_out(vty, "SAFI FLOWSPEC");
263 break;
264 case SAFI_EVPN:
265 vty_out(vty, "SAFI EVPN");
266 break;
267 default:
268 vty_out(vty, "SAFI Unknown %d ",
269 mpc.safi);
270 break;
271 }
272 vty_out(vty, "\n");
273 }
274 } else if (hdr->code >= 128) {
275 if (use_json)
276 json_object_int_add(
277 json_cap,
278 "capabilityErrorVendorSpecificCapabilityCode",
279 hdr->code);
280 else
281 vty_out(vty,
282 " Capability error: vendor specific capability code %d",
283 hdr->code);
284 } else {
285 if (use_json)
286 json_object_int_add(
287 json_cap,
288 "capabilityErrorUnknownCapabilityCode",
289 hdr->code);
290 else
291 vty_out(vty,
292 " Capability error: unknown capability code %d",
293 hdr->code);
294 }
295 pnt += hdr->length + 2;
296 }
297 if (use_json)
298 json_object_object_add(json_neigh, "capabilityErrors",
299 json_cap);
300 }
301
302 static void bgp_capability_mp_data(struct stream *s,
303 struct capability_mp_data *mpc)
304 {
305 mpc->afi = stream_getw(s);
306 mpc->reserved = stream_getc(s);
307 mpc->safi = stream_getc(s);
308 }
309
310 /* Set negotiated capability value. */
311 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
312 {
313 struct capability_mp_data mpc;
314 struct stream *s = BGP_INPUT(peer);
315 afi_t afi;
316 safi_t safi;
317
318 /* Verify length is 4 */
319 if (hdr->length != 4) {
320 flog_warn(
321 EC_BGP_CAPABILITY_INVALID_LENGTH,
322 "MP Cap: Received invalid length %d, non-multiple of 4",
323 hdr->length);
324 return -1;
325 }
326
327 bgp_capability_mp_data(s, &mpc);
328
329 if (bgp_debug_neighbor_events(peer))
330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
332 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
333
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
336 return -1;
337
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer->afc_recv[afi][safi] = 1;
340
341 if (peer->afc[afi][safi])
342 peer->afc_nego[afi][safi] = 1;
343 else
344 return -1;
345
346 return 0;
347 }
348
349 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
350 iana_safi_t safi, uint8_t type,
351 uint8_t mode)
352 {
353 if (bgp_debug_neighbor_events(peer))
354 zlog_debug(
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer->host, afi, safi, type, mode);
357 }
358
359 static const struct message orf_type_str[] = {
360 {ORF_TYPE_PREFIX, "Prefixlist"},
361 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
362 {0}};
363
364 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
365 {ORF_MODE_SEND, "Send"},
366 {ORF_MODE_BOTH, "Both"},
367 {0}};
368
369 static int bgp_capability_orf_entry(struct peer *peer,
370 struct capability_header *hdr)
371 {
372 struct stream *s = BGP_INPUT(peer);
373 struct capability_mp_data mpc;
374 uint8_t num;
375 iana_afi_t pkt_afi;
376 afi_t afi;
377 iana_safi_t pkt_safi;
378 safi_t safi;
379 uint8_t type;
380 uint8_t mode;
381 uint16_t sm_cap = 0; /* capability send-mode receive */
382 uint16_t rm_cap = 0; /* capability receive-mode receive */
383 int i;
384
385 /* ORF Entry header */
386 bgp_capability_mp_data(s, &mpc);
387 num = stream_getc(s);
388 pkt_afi = mpc.afi;
389 pkt_safi = mpc.safi;
390
391 if (bgp_debug_neighbor_events(peer))
392 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
393 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
394
395 /* Convert AFI, SAFI to internal values, check. */
396 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
397 zlog_info(
398 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
399 peer->host, pkt_afi, pkt_safi);
400 return 0;
401 }
402
403 mpc.afi = pkt_afi;
404 mpc.safi = safi;
405
406 /* validate number field */
407 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
408 zlog_info(
409 "%s ORF Capability entry length error, Cap length %u, num %u",
410 peer->host, hdr->length, num);
411 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
412 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
413 return -1;
414 }
415
416 for (i = 0; i < num; i++) {
417 type = stream_getc(s);
418 mode = stream_getc(s);
419
420 /* ORF Mode error check */
421 switch (mode) {
422 case ORF_MODE_BOTH:
423 case ORF_MODE_SEND:
424 case ORF_MODE_RECEIVE:
425 break;
426 default:
427 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
428 type, mode);
429 continue;
430 }
431 /* ORF Type and afi/safi error checks */
432 /* capcode versus type */
433 switch (hdr->code) {
434 case CAPABILITY_CODE_ORF:
435 switch (type) {
436 case ORF_TYPE_PREFIX:
437 break;
438 default:
439 bgp_capability_orf_not_support(
440 peer, pkt_afi, pkt_safi, type, mode);
441 continue;
442 }
443 break;
444 case CAPABILITY_CODE_ORF_OLD:
445 switch (type) {
446 case ORF_TYPE_PREFIX_OLD:
447 break;
448 default:
449 bgp_capability_orf_not_support(
450 peer, pkt_afi, pkt_safi, type, mode);
451 continue;
452 }
453 break;
454 default:
455 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
456 type, mode);
457 continue;
458 }
459
460 /* AFI vs SAFI */
461 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
462 || (afi == AFI_IP && safi == SAFI_MULTICAST)
463 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
464 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
465 type, mode);
466 continue;
467 }
468
469 if (bgp_debug_neighbor_events(peer))
470 zlog_debug(
471 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
472 peer->host,
473 lookup_msg(orf_type_str, type, NULL),
474 lookup_msg(orf_mode_str, mode, NULL),
475 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
476
477 if (hdr->code == CAPABILITY_CODE_ORF) {
478 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
479 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
480 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
481 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
482 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
483 } else {
484 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
485 type, mode);
486 continue;
487 }
488
489 switch (mode) {
490 case ORF_MODE_BOTH:
491 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
492 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
493 break;
494 case ORF_MODE_SEND:
495 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
496 break;
497 case ORF_MODE_RECEIVE:
498 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
499 break;
500 }
501 }
502 return 0;
503 }
504
505 static int bgp_capability_restart(struct peer *peer,
506 struct capability_header *caphdr)
507 {
508 struct stream *s = BGP_INPUT(peer);
509 uint16_t restart_flag_time;
510 size_t end = stream_get_getp(s) + caphdr->length;
511
512 /* Verify length is a multiple of 4 */
513 if ((caphdr->length - 2) % 4) {
514 flog_warn(
515 EC_BGP_CAPABILITY_INVALID_LENGTH,
516 "Restart Cap: Received invalid length %d, non-multiple of 4",
517 caphdr->length);
518 return -1;
519 }
520
521 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
522 restart_flag_time = stream_getw(s);
523
524 /* The most significant bit is defined in [RFC4724] as
525 * the Restart State ("R") bit.
526 */
527 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
528 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
529 else
530 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
531
532 /* The second most significant bit is defined in this
533 * document as the Graceful Notification ("N") bit.
534 */
535 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
536 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
537 else
538 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
539
540 UNSET_FLAG(restart_flag_time, 0xF000);
541 peer->v_gr_restart = restart_flag_time;
542
543 if (bgp_debug_neighbor_events(peer)) {
544 zlog_debug(
545 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
546 peer->host,
547 CHECK_FLAG(peer->cap,
548 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
549 ? " "
550 : " not ",
551 peer->v_gr_restart,
552 CHECK_FLAG(peer->cap,
553 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
554 ? "yes"
555 : "no");
556 }
557
558 while (stream_get_getp(s) + 4 <= end) {
559 afi_t afi;
560 safi_t safi;
561 iana_afi_t pkt_afi = stream_getw(s);
562 iana_safi_t pkt_safi = stream_getc(s);
563 uint8_t flag = stream_getc(s);
564
565 /* Convert AFI, SAFI to internal values, check. */
566 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
567 if (bgp_debug_neighbor_events(peer))
568 zlog_debug(
569 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
570 peer->host, iana_afi2str(pkt_afi),
571 iana_safi2str(pkt_safi));
572 } else if (!peer->afc[afi][safi]) {
573 if (bgp_debug_neighbor_events(peer))
574 zlog_debug(
575 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
576 peer->host, iana_afi2str(pkt_afi),
577 iana_safi2str(pkt_safi));
578 } else {
579 if (bgp_debug_neighbor_events(peer))
580 zlog_debug(
581 "%s Address family %s is%spreserved",
582 peer->host, get_afi_safi_str(afi, safi, false),
583 CHECK_FLAG(
584 peer->af_cap[afi][safi],
585 PEER_CAP_RESTART_AF_PRESERVE_RCV)
586 ? " "
587 : " not ");
588
589 SET_FLAG(peer->af_cap[afi][safi],
590 PEER_CAP_RESTART_AF_RCV);
591 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
592 SET_FLAG(peer->af_cap[afi][safi],
593 PEER_CAP_RESTART_AF_PRESERVE_RCV);
594 }
595 }
596 return 0;
597 }
598
599 static int bgp_capability_llgr(struct peer *peer,
600 struct capability_header *caphdr)
601 {
602 struct stream *s = BGP_INPUT(peer);
603 size_t end = stream_get_getp(s) + caphdr->length;
604
605 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
606
607 while (stream_get_getp(s) + 4 <= end) {
608 afi_t afi;
609 safi_t safi;
610 iana_afi_t pkt_afi = stream_getw(s);
611 iana_safi_t pkt_safi = stream_getc(s);
612 uint8_t flags = stream_getc(s);
613 uint32_t stale_time = stream_get3(s);
614
615 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
616 if (bgp_debug_neighbor_events(peer))
617 zlog_debug(
618 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
619 peer->host, iana_afi2str(pkt_afi),
620 iana_safi2str(pkt_safi));
621 } else if (!peer->afc[afi][safi]
622 || !CHECK_FLAG(peer->af_cap[afi][safi],
623 PEER_CAP_RESTART_AF_RCV)) {
624 if (bgp_debug_neighbor_events(peer))
625 zlog_debug(
626 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
627 peer->host, iana_afi2str(pkt_afi),
628 iana_safi2str(pkt_safi));
629 } else {
630 if (bgp_debug_neighbor_events(peer))
631 zlog_debug(
632 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
633 peer->host, iana_afi2str(pkt_afi),
634 iana_safi2str(pkt_safi), stale_time);
635
636 peer->llgr[afi][safi].flags = flags;
637 peer->llgr[afi][safi].stale_time =
638 MIN(stale_time, peer->bgp->llgr_stale_time);
639 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
640 }
641 }
642
643 return 0;
644 }
645
646 /* Unlike other capability parsing routines, this one returns 0 on error */
647 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
648 {
649 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
650
651 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
652 flog_err(EC_BGP_PKT_OPEN,
653 "%s AS4 capability has incorrect data length %d",
654 peer->host, hdr->length);
655 return 0;
656 }
657
658 as_t as4 = stream_getl(BGP_INPUT(peer));
659
660 if (BGP_DEBUG(as4, AS4))
661 zlog_debug(
662 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
663 peer->host, as4);
664 return as4;
665 }
666
667 static int bgp_capability_ext_message(struct peer *peer,
668 struct capability_header *hdr)
669 {
670 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
671 flog_err(
672 EC_BGP_PKT_OPEN,
673 "%s: BGP Extended Message capability has incorrect data length %d",
674 peer->host, hdr->length);
675 return -1;
676 }
677
678 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
679
680 return 0;
681 }
682
683 static int bgp_capability_addpath(struct peer *peer,
684 struct capability_header *hdr)
685 {
686 struct stream *s = BGP_INPUT(peer);
687 size_t end = stream_get_getp(s) + hdr->length;
688
689 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
690
691 /* Verify length is a multiple of 4 */
692 if (hdr->length % 4) {
693 flog_warn(
694 EC_BGP_CAPABILITY_INVALID_LENGTH,
695 "Add Path: Received invalid length %d, non-multiple of 4",
696 hdr->length);
697 return -1;
698 }
699
700 while (stream_get_getp(s) + 4 <= end) {
701 afi_t afi;
702 safi_t safi;
703 iana_afi_t pkt_afi = stream_getw(s);
704 iana_safi_t pkt_safi = stream_getc(s);
705 uint8_t send_receive = stream_getc(s);
706
707 if (bgp_debug_neighbor_events(peer))
708 zlog_debug(
709 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
710 peer->host,
711 lookup_msg(capcode_str, hdr->code, NULL),
712 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
713 (send_receive & BGP_ADDPATH_RX) ? ", receive"
714 : "",
715 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
716 : "");
717
718 /* Convert AFI, SAFI to internal values, check. */
719 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
720 if (bgp_debug_neighbor_events(peer))
721 zlog_debug(
722 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
723 peer->host, iana_afi2str(pkt_afi),
724 iana_safi2str(pkt_safi));
725 continue;
726 } else if (!peer->afc[afi][safi]) {
727 if (bgp_debug_neighbor_events(peer))
728 zlog_debug(
729 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
730 peer->host, iana_afi2str(pkt_afi),
731 iana_safi2str(pkt_safi));
732 continue;
733 }
734
735 if (send_receive & BGP_ADDPATH_RX)
736 SET_FLAG(peer->af_cap[afi][safi],
737 PEER_CAP_ADDPATH_AF_RX_RCV);
738
739 if (send_receive & BGP_ADDPATH_TX)
740 SET_FLAG(peer->af_cap[afi][safi],
741 PEER_CAP_ADDPATH_AF_TX_RCV);
742 }
743
744 return 0;
745 }
746
747 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
748 {
749 struct stream *s = BGP_INPUT(peer);
750 size_t end = stream_get_getp(s) + hdr->length;
751
752 /* Verify length is a multiple of 4 */
753 if (hdr->length % 6) {
754 flog_warn(
755 EC_BGP_CAPABILITY_INVALID_LENGTH,
756 "Extended NH: Received invalid length %d, non-multiple of 6",
757 hdr->length);
758 return -1;
759 }
760
761 while (stream_get_getp(s) + 6 <= end) {
762 iana_afi_t pkt_afi = stream_getw(s);
763 afi_t afi;
764 iana_safi_t pkt_safi = stream_getw(s);
765 safi_t safi;
766 iana_afi_t pkt_nh_afi = stream_getw(s);
767 afi_t nh_afi;
768
769 if (bgp_debug_neighbor_events(peer))
770 zlog_debug(
771 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
772 peer->host, iana_afi2str(pkt_afi),
773 iana_safi2str(pkt_safi), pkt_nh_afi);
774
775 /* Convert AFI, SAFI to internal values, check. */
776 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
777 if (bgp_debug_neighbor_events(peer))
778 zlog_debug(
779 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
780 peer->host, iana_afi2str(pkt_afi),
781 iana_safi2str(pkt_safi));
782 continue;
783 }
784
785 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
786 * with
787 * the Nexthop AFI being IPv6. A future spec may introduce other
788 * possibilities, so we ignore other values with a log. Also,
789 * only
790 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
791 * (and expected).
792 */
793 nh_afi = afi_iana2int(pkt_nh_afi);
794
795 if (afi != AFI_IP || nh_afi != AFI_IP6
796 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
797 || safi == SAFI_LABELED_UNICAST)) {
798 flog_warn(
799 EC_BGP_CAPABILITY_INVALID_DATA,
800 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
801 peer->host, iana_afi2str(pkt_afi),
802 iana_safi2str(pkt_safi), pkt_nh_afi);
803 continue;
804 }
805
806 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
807
808 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
809 SET_FLAG(peer->af_cap[afi][safi],
810 PEER_CAP_ENHE_AF_NEGO);
811 }
812
813 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
814
815 return 0;
816 }
817
818 static int bgp_capability_hostname(struct peer *peer,
819 struct capability_header *hdr)
820 {
821 struct stream *s = BGP_INPUT(peer);
822 char str[BGP_MAX_HOSTNAME + 1];
823 size_t end = stream_get_getp(s) + hdr->length;
824 uint8_t len;
825
826 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
827
828 len = stream_getc(s);
829 if (stream_get_getp(s) + len > end) {
830 flog_warn(
831 EC_BGP_CAPABILITY_INVALID_DATA,
832 "%s: Received malformed hostname capability from peer %s",
833 __func__, peer->host);
834 return -1;
835 }
836
837 if (len > BGP_MAX_HOSTNAME) {
838 stream_get(str, s, BGP_MAX_HOSTNAME);
839 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
840 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
841 } else if (len)
842 stream_get(str, s, len);
843
844 if (len) {
845 str[len] = '\0';
846
847 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
848 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
849
850 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
851 }
852
853 if (stream_get_getp(s) + 1 > end) {
854 flog_warn(
855 EC_BGP_CAPABILITY_INVALID_DATA,
856 "%s: Received invalid domain name len (hostname capability) from peer %s",
857 __func__, peer->host);
858 return -1;
859 }
860
861 len = stream_getc(s);
862 if (stream_get_getp(s) + len > end) {
863 flog_warn(
864 EC_BGP_CAPABILITY_INVALID_DATA,
865 "%s: Received runt domain name (hostname capability) from peer %s",
866 __func__, peer->host);
867 return -1;
868 }
869
870 if (len > BGP_MAX_HOSTNAME) {
871 stream_get(str, s, BGP_MAX_HOSTNAME);
872 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
873 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
874 } else if (len)
875 stream_get(str, s, len);
876
877 if (len) {
878 str[len] = '\0';
879
880 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
881
882 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
883 }
884
885 if (bgp_debug_neighbor_events(peer)) {
886 zlog_debug("%s received hostname %s, domainname %s", peer->host,
887 peer->hostname, peer->domainname);
888 }
889
890 return 0;
891 }
892
893 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
894 {
895 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
896 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
897 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
898 "Role: Received invalid length %d", hdr->length);
899 return -1;
900 }
901 uint8_t role = stream_getc(BGP_INPUT(peer));
902
903 peer->remote_role = role;
904 return 0;
905 }
906
907 /**
908 * Parse given capability.
909 * XXX: This is reading into a stream, but not using stream API
910 *
911 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
912 * capabilities were encountered.
913 */
914 static int bgp_capability_parse(struct peer *peer, size_t length,
915 int *mp_capability, uint8_t **error)
916 {
917 int ret;
918 struct stream *s = BGP_INPUT(peer);
919 size_t end = stream_get_getp(s) + length;
920 uint16_t restart_flag_time = 0;
921
922 assert(STREAM_READABLE(s) >= length);
923
924 while (stream_get_getp(s) < end) {
925 size_t start;
926 uint8_t *sp = stream_pnt(s);
927 struct capability_header caphdr;
928
929 ret = 0;
930 /* We need at least capability code and capability length. */
931 if (stream_get_getp(s) + 2 > end) {
932 zlog_info("%s Capability length error (< header)",
933 peer->host);
934 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
935 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
936 return -1;
937 }
938
939 caphdr.code = stream_getc(s);
940 caphdr.length = stream_getc(s);
941 start = stream_get_getp(s);
942
943 /* Capability length check sanity check. */
944 if (start + caphdr.length > end) {
945 zlog_info("%s Capability length error (< length)",
946 peer->host);
947 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
949 return -1;
950 }
951
952 if (bgp_debug_neighbor_events(peer))
953 zlog_debug("%s OPEN has %s capability (%u), length %u",
954 peer->host,
955 lookup_msg(capcode_str, caphdr.code, NULL),
956 caphdr.code, caphdr.length);
957
958 /* Length sanity check, type-specific, for known capabilities */
959 switch (caphdr.code) {
960 case CAPABILITY_CODE_MP:
961 case CAPABILITY_CODE_REFRESH:
962 case CAPABILITY_CODE_REFRESH_OLD:
963 case CAPABILITY_CODE_ORF:
964 case CAPABILITY_CODE_ORF_OLD:
965 case CAPABILITY_CODE_RESTART:
966 case CAPABILITY_CODE_AS4:
967 case CAPABILITY_CODE_ADDPATH:
968 case CAPABILITY_CODE_DYNAMIC:
969 case CAPABILITY_CODE_DYNAMIC_OLD:
970 case CAPABILITY_CODE_ENHE:
971 case CAPABILITY_CODE_FQDN:
972 case CAPABILITY_CODE_ENHANCED_RR:
973 case CAPABILITY_CODE_EXT_MESSAGE:
974 case CAPABILITY_CODE_ROLE:
975 /* Check length. */
976 if (caphdr.length < cap_minsizes[caphdr.code]) {
977 zlog_info(
978 "%s %s Capability length error: got %u, expected at least %u",
979 peer->host,
980 lookup_msg(capcode_str, caphdr.code,
981 NULL),
982 caphdr.length,
983 (unsigned)cap_minsizes[caphdr.code]);
984 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
985 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
986 return -1;
987 }
988 if (caphdr.length
989 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
990 zlog_info(
991 "%s %s Capability length error: got %u, expected a multiple of %u",
992 peer->host,
993 lookup_msg(capcode_str, caphdr.code,
994 NULL),
995 caphdr.length,
996 (unsigned)cap_modsizes[caphdr.code]);
997 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
999 return -1;
1000 }
1001 /* we deliberately ignore unknown codes, see below */
1002 default:
1003 break;
1004 }
1005
1006 switch (caphdr.code) {
1007 case CAPABILITY_CODE_MP: {
1008 *mp_capability = 1;
1009
1010 /* Ignore capability when override-capability is set. */
1011 if (!CHECK_FLAG(peer->flags,
1012 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1013 /* Set negotiated value. */
1014 ret = bgp_capability_mp(peer, &caphdr);
1015
1016 /* Unsupported Capability. */
1017 if (ret < 0) {
1018 /* Store return data. */
1019 memcpy(*error, sp, caphdr.length + 2);
1020 *error += caphdr.length + 2;
1021 }
1022 ret = 0; /* Don't return error for this */
1023 }
1024 } break;
1025 case CAPABILITY_CODE_ENHANCED_RR:
1026 case CAPABILITY_CODE_REFRESH:
1027 case CAPABILITY_CODE_REFRESH_OLD: {
1028 /* BGP refresh capability */
1029 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1030 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1031 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1032 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1033 else
1034 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1035 } break;
1036 case CAPABILITY_CODE_ORF:
1037 case CAPABILITY_CODE_ORF_OLD:
1038 ret = bgp_capability_orf_entry(peer, &caphdr);
1039 break;
1040 case CAPABILITY_CODE_RESTART:
1041 ret = bgp_capability_restart(peer, &caphdr);
1042 break;
1043 case CAPABILITY_CODE_LLGR:
1044 ret = bgp_capability_llgr(peer, &caphdr);
1045 break;
1046 case CAPABILITY_CODE_DYNAMIC:
1047 case CAPABILITY_CODE_DYNAMIC_OLD:
1048 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1049 break;
1050 case CAPABILITY_CODE_AS4:
1051 /* Already handled as a special-case parsing of the
1052 * capabilities
1053 * at the beginning of OPEN processing. So we care not a
1054 * jot
1055 * for the value really, only error case.
1056 */
1057 if (!bgp_capability_as4(peer, &caphdr))
1058 ret = -1;
1059 break;
1060 case CAPABILITY_CODE_ADDPATH:
1061 ret = bgp_capability_addpath(peer, &caphdr);
1062 break;
1063 case CAPABILITY_CODE_ENHE:
1064 ret = bgp_capability_enhe(peer, &caphdr);
1065 break;
1066 case CAPABILITY_CODE_EXT_MESSAGE:
1067 ret = bgp_capability_ext_message(peer, &caphdr);
1068 break;
1069 case CAPABILITY_CODE_FQDN:
1070 ret = bgp_capability_hostname(peer, &caphdr);
1071 break;
1072 case CAPABILITY_CODE_ROLE:
1073 ret = bgp_capability_role(peer, &caphdr);
1074 break;
1075 default:
1076 if (caphdr.code > 128) {
1077 /* We don't send Notification for unknown vendor
1078 specific
1079 capabilities. It seems reasonable for now...
1080 */
1081 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1082 "%s Vendor specific capability %d",
1083 peer->host, caphdr.code);
1084 } else {
1085 flog_warn(
1086 EC_BGP_CAPABILITY_UNKNOWN,
1087 "%s unrecognized capability code: %d - ignored",
1088 peer->host, caphdr.code);
1089 memcpy(*error, sp, caphdr.length + 2);
1090 *error += caphdr.length + 2;
1091 }
1092 }
1093
1094 if (ret < 0) {
1095 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1096 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1097 return -1;
1098 }
1099 if (stream_get_getp(s) != (start + caphdr.length)) {
1100 if (stream_get_getp(s) > (start + caphdr.length))
1101 flog_warn(
1102 EC_BGP_CAPABILITY_INVALID_LENGTH,
1103 "%s Cap-parser for %s read past cap-length, %u!",
1104 peer->host,
1105 lookup_msg(capcode_str, caphdr.code,
1106 NULL),
1107 caphdr.length);
1108 stream_set_getp(s, start + caphdr.length);
1109 }
1110
1111 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1112 UNSET_FLAG(restart_flag_time, 0xF000);
1113 peer->v_gr_restart = restart_flag_time;
1114 }
1115 }
1116 return 0;
1117 }
1118
1119 static int bgp_auth_parse(struct peer *peer, size_t length)
1120 {
1121 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1122 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1123 return -1;
1124 }
1125
1126 static bool strict_capability_same(struct peer *peer)
1127 {
1128 int i, j;
1129
1130 for (i = AFI_IP; i < AFI_MAX; i++)
1131 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1132 if (peer->afc[i][j] != peer->afc_nego[i][j])
1133 return false;
1134 return true;
1135 }
1136
1137
1138 static bool bgp_role_violation(struct peer *peer)
1139 {
1140 uint8_t local_role = peer->local_role;
1141 uint8_t remote_role = peer->remote_role;
1142
1143 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1144 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1145 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1146 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1147 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1148 (local_role == ROLE_RS_CLIENT &&
1149 remote_role == ROLE_RS_SERVER))) {
1150 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1151 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1152 return true;
1153 }
1154 if (remote_role == ROLE_UNDEFINED &&
1155 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1156 const char *err_msg =
1157 "Strict mode. Please set the role on your side.";
1158 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1159 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1160 (uint8_t *)err_msg, strlen(err_msg));
1161 return true;
1162 }
1163 return false;
1164 }
1165
1166
1167 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1168 * Returns 0 if no as4 found, as4cap value otherwise.
1169 */
1170 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1171 {
1172 struct stream *s = BGP_INPUT(peer);
1173 size_t orig_getp = stream_get_getp(s);
1174 size_t end = orig_getp + length;
1175 as_t as4 = 0;
1176
1177 if (BGP_DEBUG(as4, AS4))
1178 zlog_debug(
1179 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1180 peer->host, length);
1181 /* the error cases we DONT handle, we ONLY try to read as4 out of
1182 * correctly formatted options.
1183 */
1184 while (stream_get_getp(s) < end) {
1185 uint8_t opt_type;
1186 uint16_t opt_length;
1187
1188 /* Ensure we can read the option type */
1189 if (stream_get_getp(s) + 1 > end)
1190 goto end;
1191
1192 /* Fetch the option type */
1193 opt_type = stream_getc(s);
1194
1195 /*
1196 * Check the length and fetch the opt_length
1197 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1198 * then we do a getw which is 2 bytes. So we need to
1199 * ensure that we can read that as well
1200 */
1201 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1202 if (stream_get_getp(s) + 2 > end)
1203 goto end;
1204
1205 opt_length = stream_getw(s);
1206 } else {
1207 if (stream_get_getp(s) + 1 > end)
1208 goto end;
1209
1210 opt_length = stream_getc(s);
1211 }
1212
1213 /* Option length check. */
1214 if (stream_get_getp(s) + opt_length > end)
1215 goto end;
1216
1217 if (opt_type == BGP_OPEN_OPT_CAP) {
1218 unsigned long capd_start = stream_get_getp(s);
1219 unsigned long capd_end = capd_start + opt_length;
1220
1221 assert(capd_end <= end);
1222
1223 while (stream_get_getp(s) < capd_end) {
1224 struct capability_header hdr;
1225
1226 if (stream_get_getp(s) + 2 > capd_end)
1227 goto end;
1228
1229 hdr.code = stream_getc(s);
1230 hdr.length = stream_getc(s);
1231
1232 if ((stream_get_getp(s) + hdr.length)
1233 > capd_end)
1234 goto end;
1235
1236 if (hdr.code == CAPABILITY_CODE_AS4) {
1237 if (BGP_DEBUG(as4, AS4))
1238 zlog_debug(
1239 "[AS4] found AS4 capability, about to parse");
1240 as4 = bgp_capability_as4(peer, &hdr);
1241
1242 goto end;
1243 }
1244 stream_forward_getp(s, hdr.length);
1245 }
1246 }
1247 }
1248
1249 end:
1250 stream_set_getp(s, orig_getp);
1251 return as4;
1252 }
1253
1254 /**
1255 * Parse open option.
1256 *
1257 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1258 */
1259 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1260 int *mp_capability)
1261 {
1262 int ret = 0;
1263 uint8_t *error;
1264 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1265 struct stream *s = BGP_INPUT(peer);
1266 size_t end = stream_get_getp(s) + length;
1267
1268 error = error_data;
1269
1270 if (bgp_debug_neighbor_events(peer))
1271 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1272 peer->host, length);
1273
1274 /* Unset any previously received GR capability. */
1275 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1276
1277 while (stream_get_getp(s) < end) {
1278 uint8_t opt_type;
1279 uint16_t opt_length;
1280
1281 /* Must have at least an OPEN option header */
1282 if (STREAM_READABLE(s) < 2) {
1283 zlog_info("%s Option length error", peer->host);
1284 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1285 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1286 return -1;
1287 }
1288
1289 /* Fetch option type and length. */
1290 opt_type = stream_getc(s);
1291 opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1292 ? stream_getw(s)
1293 : stream_getc(s);
1294
1295 /* Option length check. */
1296 if (STREAM_READABLE(s) < opt_length) {
1297 zlog_info("%s Option length error (%d)", peer->host,
1298 opt_length);
1299 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1300 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1301 return -1;
1302 }
1303
1304 if (bgp_debug_neighbor_events(peer))
1305 zlog_debug(
1306 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1307 peer->host, opt_type,
1308 opt_type == BGP_OPEN_OPT_AUTH
1309 ? "Authentication"
1310 : opt_type == BGP_OPEN_OPT_CAP
1311 ? "Capability"
1312 : "Unknown",
1313 opt_length);
1314
1315 switch (opt_type) {
1316 case BGP_OPEN_OPT_AUTH:
1317 ret = bgp_auth_parse(peer, opt_length);
1318 break;
1319 case BGP_OPEN_OPT_CAP:
1320 ret = bgp_capability_parse(peer, opt_length,
1321 mp_capability, &error);
1322 break;
1323 default:
1324 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1325 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1326 ret = -1;
1327 break;
1328 }
1329
1330 /* Parse error. To accumulate all unsupported capability codes,
1331 bgp_capability_parse does not return -1 when encounter
1332 unsupported capability code. To detect that, please check
1333 error and erro_data pointer, like below. */
1334 if (ret < 0)
1335 return -1;
1336 }
1337
1338 /* All OPEN option is parsed. Check capability when strict compare
1339 flag is enabled.*/
1340 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1341 /* If Unsupported Capability exists. */
1342 if (error != error_data) {
1343 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1344 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1345 error_data,
1346 error - error_data);
1347 return -1;
1348 }
1349
1350 /* Check local capability does not negotiated with remote
1351 peer. */
1352 if (!strict_capability_same(peer)) {
1353 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1354 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1355 return -1;
1356 }
1357 }
1358
1359 /* Extended Message Support */
1360 peer->max_packet_size =
1361 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1362 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1363 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1364 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1365
1366 /* Check that roles are corresponding to each other */
1367 if (bgp_role_violation(peer))
1368 return -1;
1369
1370 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1371 error. */
1372 if (*mp_capability
1373 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1374 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1375 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1376 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1377 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1378 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1379 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1380 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1381 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1382 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1383 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1384 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1385 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1386 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1387 flog_err(EC_BGP_PKT_OPEN,
1388 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1389 peer->host);
1390
1391 if (error != error_data)
1392 bgp_notify_send_with_data(
1393 peer, BGP_NOTIFY_OPEN_ERR,
1394 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1395 error - error_data);
1396 else
1397 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1398 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1399 return -1;
1400 }
1401 }
1402 return 0;
1403 }
1404
1405 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1406 afi_t afi, safi_t safi, uint8_t code,
1407 bool ext_opt_params)
1408 {
1409 uint16_t cap_len;
1410 uint8_t orf_len;
1411 unsigned long capp;
1412 unsigned long orfp;
1413 unsigned long numberp;
1414 int number_of_orfs = 0;
1415 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1416 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1417
1418 /* Convert AFI, SAFI to values for packet. */
1419 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1420
1421 stream_putc(s, BGP_OPEN_OPT_CAP);
1422 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1423 ext_opt_params ? stream_putw(s, 0)
1424 : stream_putc(s, 0); /* Capability Length */
1425 stream_putc(s, code); /* Capability Code */
1426 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1427 stream_putc(s, 0); /* ORF Length */
1428 stream_putw(s, pkt_afi);
1429 stream_putc(s, 0);
1430 stream_putc(s, pkt_safi);
1431 numberp = stream_get_endp(s); /* Set Number Pointer */
1432 stream_putc(s, 0); /* Number of ORFs */
1433
1434 /* Address Prefix ORF */
1435 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1436 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1437 stream_putc(s, (code == CAPABILITY_CODE_ORF
1438 ? ORF_TYPE_PREFIX
1439 : ORF_TYPE_PREFIX_OLD));
1440
1441 if (CHECK_FLAG(peer->af_flags[afi][safi],
1442 PEER_FLAG_ORF_PREFIX_SM)
1443 && CHECK_FLAG(peer->af_flags[afi][safi],
1444 PEER_FLAG_ORF_PREFIX_RM)) {
1445 SET_FLAG(peer->af_cap[afi][safi],
1446 PEER_CAP_ORF_PREFIX_SM_ADV);
1447 SET_FLAG(peer->af_cap[afi][safi],
1448 PEER_CAP_ORF_PREFIX_RM_ADV);
1449 stream_putc(s, ORF_MODE_BOTH);
1450 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1451 PEER_FLAG_ORF_PREFIX_SM)) {
1452 SET_FLAG(peer->af_cap[afi][safi],
1453 PEER_CAP_ORF_PREFIX_SM_ADV);
1454 stream_putc(s, ORF_MODE_SEND);
1455 } else {
1456 SET_FLAG(peer->af_cap[afi][safi],
1457 PEER_CAP_ORF_PREFIX_RM_ADV);
1458 stream_putc(s, ORF_MODE_RECEIVE);
1459 }
1460 number_of_orfs++;
1461 }
1462
1463 /* Total Number of ORFs. */
1464 stream_putc_at(s, numberp, number_of_orfs);
1465
1466 /* Total ORF Len. */
1467 orf_len = stream_get_endp(s) - orfp - 1;
1468 stream_putc_at(s, orfp, orf_len);
1469
1470 /* Total Capability Len. */
1471 cap_len = stream_get_endp(s) - capp - 1;
1472 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1473 : stream_putc_at(s, capp, cap_len);
1474 }
1475
1476 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1477 bool ext_opt_params)
1478 {
1479 int len;
1480 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1481 afi_t afi;
1482 safi_t safi;
1483 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1484 uint32_t restart_time;
1485 unsigned long capp = 0;
1486 unsigned long rcapp = 0;
1487
1488 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1489 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1490 return;
1491
1492 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1493 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1494 peer->host);
1495
1496 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1497 stream_putc(s, BGP_OPEN_OPT_CAP);
1498 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1499 ext_opt_params ? stream_putw(s, 0)
1500 : stream_putc(s, 0); /* Capability Length */
1501 stream_putc(s, CAPABILITY_CODE_RESTART);
1502 /* Set Restart Capability Len Pointer */
1503 rcapp = stream_get_endp(s);
1504 stream_putc(s, 0);
1505 restart_time = peer->bgp->restart_time;
1506 if (peer->bgp->t_startup) {
1507 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1508 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1509 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1510 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1511 peer->host);
1512 }
1513
1514 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1515 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1516 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1517 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1518 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1519 peer->host);
1520 }
1521
1522 stream_putw(s, restart_time);
1523
1524 /* Send address-family specific graceful-restart capability
1525 * only when GR config is present
1526 */
1527 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1528 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1529 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1530 zlog_debug("[BGP_GR] F bit Set");
1531
1532 FOREACH_AFI_SAFI (afi, safi) {
1533 if (!peer->afc[afi][safi])
1534 continue;
1535
1536 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1537 zlog_debug(
1538 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1539 afi, safi);
1540
1541 /* Convert AFI, SAFI to values for
1542 * packet.
1543 */
1544 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1545 &pkt_safi);
1546 stream_putw(s, pkt_afi);
1547 stream_putc(s, pkt_safi);
1548 if (CHECK_FLAG(peer->bgp->flags,
1549 BGP_FLAG_GR_PRESERVE_FWD))
1550 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1551 else
1552 stream_putc(s, 0);
1553 }
1554 }
1555
1556 /* Total Graceful restart capability Len. */
1557 len = stream_get_endp(s) - rcapp - 1;
1558 stream_putc_at(s, rcapp, len);
1559
1560 /* Total Capability Len. */
1561 len = stream_get_endp(s) - capp - 1;
1562 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1563 : stream_putc_at(s, capp, len);
1564 }
1565
1566 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1567 bool ext_opt_params)
1568 {
1569 int len;
1570 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1571 afi_t afi;
1572 safi_t safi;
1573 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1574 unsigned long capp = 0;
1575 unsigned long rcapp = 0;
1576
1577 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1578 return;
1579
1580 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1581
1582 stream_putc(s, BGP_OPEN_OPT_CAP);
1583 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1584 ext_opt_params ? stream_putw(s, 0)
1585 : stream_putc(s, 0); /* Capability Length */
1586 stream_putc(s, CAPABILITY_CODE_LLGR);
1587
1588 rcapp = stream_get_endp(s);
1589 stream_putc(s, 0);
1590
1591 FOREACH_AFI_SAFI (afi, safi) {
1592 if (!peer->afc[afi][safi])
1593 continue;
1594
1595 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1596
1597 stream_putw(s, pkt_afi);
1598 stream_putc(s, pkt_safi);
1599 stream_putc(s, LLGR_F_BIT);
1600 stream_put3(s, peer->bgp->llgr_stale_time);
1601
1602 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1603 }
1604
1605 /* Total Long-lived Graceful Restart capability Len. */
1606 len = stream_get_endp(s) - rcapp - 1;
1607 stream_putc_at(s, rcapp, len);
1608
1609 /* Total Capability Len. */
1610 len = stream_get_endp(s) - capp - 1;
1611 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1612 : stream_putc_at(s, capp, len);
1613 }
1614
1615 /* Fill in capability open option to the packet. */
1616 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1617 bool ext_opt_params)
1618 {
1619 uint16_t len;
1620 unsigned long cp, capp, rcapp, eopl = 0;
1621 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1622 afi_t afi;
1623 safi_t safi;
1624 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1625 as_t local_as;
1626 uint8_t afi_safi_count = 0;
1627 int adv_addpath_tx = 0;
1628
1629 /* Non-Ext OP Len. */
1630 cp = stream_get_endp(s);
1631 stream_putc(s, 0);
1632
1633 if (ext_opt_params) {
1634 /* Non-Ext OP Len. */
1635 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1636
1637 /* Non-Ext OP Type */
1638 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1639
1640 /* Extended Opt. Parm. Length */
1641 eopl = stream_get_endp(s);
1642 stream_putw(s, 0);
1643 }
1644
1645 /* Do not send capability. */
1646 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1647 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1648 return 0;
1649
1650 /* MP capability for configured AFI, SAFI */
1651 FOREACH_AFI_SAFI (afi, safi) {
1652 if (peer->afc[afi][safi]) {
1653 /* Convert AFI, SAFI to values for packet. */
1654 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1655 &pkt_safi);
1656
1657 peer->afc_adv[afi][safi] = 1;
1658 stream_putc(s, BGP_OPEN_OPT_CAP);
1659 ext_opt_params
1660 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1661 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1662 stream_putc(s, CAPABILITY_CODE_MP);
1663 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1664 stream_putw(s, pkt_afi);
1665 stream_putc(s, 0);
1666 stream_putc(s, pkt_safi);
1667
1668 /* Extended nexthop capability - currently
1669 * supporting RFC-5549 for
1670 * Link-Local peering only
1671 */
1672 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1673 && peer->su.sa.sa_family == AF_INET6
1674 && afi == AFI_IP
1675 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1676 || safi == SAFI_LABELED_UNICAST)) {
1677 /* RFC 5549 Extended Next Hop Encoding
1678 */
1679 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1680 stream_putc(s, BGP_OPEN_OPT_CAP);
1681 ext_opt_params
1682 ? stream_putw(s,
1683 CAPABILITY_CODE_ENHE_LEN
1684 + 2)
1685 : stream_putc(s,
1686 CAPABILITY_CODE_ENHE_LEN
1687 + 2);
1688 stream_putc(s, CAPABILITY_CODE_ENHE);
1689 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1690
1691 SET_FLAG(peer->af_cap[AFI_IP][safi],
1692 PEER_CAP_ENHE_AF_ADV);
1693 stream_putw(s, pkt_afi);
1694 stream_putw(s, pkt_safi);
1695 stream_putw(s, afi_int2iana(AFI_IP6));
1696
1697 if (CHECK_FLAG(peer->af_cap[afi][safi],
1698 PEER_CAP_ENHE_AF_RCV))
1699 SET_FLAG(peer->af_cap[afi][safi],
1700 PEER_CAP_ENHE_AF_NEGO);
1701 }
1702 }
1703 }
1704
1705 /* Route refresh. */
1706 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1707 stream_putc(s, BGP_OPEN_OPT_CAP);
1708 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1709 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1710 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1711 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1712 stream_putc(s, BGP_OPEN_OPT_CAP);
1713 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1714 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1715 stream_putc(s, CAPABILITY_CODE_REFRESH);
1716 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1717
1718 /* Enhanced Route Refresh. */
1719 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1720 stream_putc(s, BGP_OPEN_OPT_CAP);
1721 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1722 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1723 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1724 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1725
1726 /* AS4 */
1727 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1728 stream_putc(s, BGP_OPEN_OPT_CAP);
1729 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1730 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1731 stream_putc(s, CAPABILITY_CODE_AS4);
1732 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1733 if (peer->change_local_as)
1734 local_as = peer->change_local_as;
1735 else
1736 local_as = peer->local_as;
1737 stream_putl(s, local_as);
1738
1739 /* Extended Message Support */
1740 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1741 stream_putc(s, BGP_OPEN_OPT_CAP);
1742 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1743 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1744 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1745 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1746
1747 /* Role*/
1748 if (peer->local_role != ROLE_UNDEFINED) {
1749 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1750 stream_putc(s, BGP_OPEN_OPT_CAP);
1751 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1752 stream_putc(s, CAPABILITY_CODE_ROLE);
1753 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1754 stream_putc(s, peer->local_role);
1755 }
1756
1757 /* AddPath */
1758 FOREACH_AFI_SAFI (afi, safi) {
1759 if (peer->afc[afi][safi]) {
1760 afi_safi_count++;
1761
1762 /* Only advertise addpath TX if a feature that
1763 * will use it is
1764 * configured */
1765 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1766 adv_addpath_tx = 1;
1767 }
1768 }
1769
1770 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1771 stream_putc(s, BGP_OPEN_OPT_CAP);
1772 ext_opt_params
1773 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1774 + 2)
1775 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1776 + 2);
1777 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1778 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1779
1780 FOREACH_AFI_SAFI (afi, safi) {
1781 if (peer->afc[afi][safi]) {
1782 bool adv_addpath_rx =
1783 !CHECK_FLAG(peer->af_flags[afi][safi],
1784 PEER_FLAG_DISABLE_ADDPATH_RX);
1785 uint8_t flags = 0;
1786
1787 /* Convert AFI, SAFI to values for packet. */
1788 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1789 &pkt_safi);
1790
1791 stream_putw(s, pkt_afi);
1792 stream_putc(s, pkt_safi);
1793
1794 if (adv_addpath_rx) {
1795 SET_FLAG(flags, BGP_ADDPATH_RX);
1796 SET_FLAG(peer->af_cap[afi][safi],
1797 PEER_CAP_ADDPATH_AF_RX_ADV);
1798 } else {
1799 UNSET_FLAG(peer->af_cap[afi][safi],
1800 PEER_CAP_ADDPATH_AF_RX_ADV);
1801 }
1802
1803 if (adv_addpath_tx) {
1804 SET_FLAG(flags, BGP_ADDPATH_TX);
1805 SET_FLAG(peer->af_cap[afi][safi],
1806 PEER_CAP_ADDPATH_AF_TX_ADV);
1807 } else {
1808 UNSET_FLAG(peer->af_cap[afi][safi],
1809 PEER_CAP_ADDPATH_AF_TX_ADV);
1810 }
1811
1812 stream_putc(s, flags);
1813 }
1814 }
1815
1816 /* ORF capability. */
1817 FOREACH_AFI_SAFI (afi, safi) {
1818 if (CHECK_FLAG(peer->af_flags[afi][safi],
1819 PEER_FLAG_ORF_PREFIX_SM)
1820 || CHECK_FLAG(peer->af_flags[afi][safi],
1821 PEER_FLAG_ORF_PREFIX_RM)) {
1822 bgp_open_capability_orf(s, peer, afi, safi,
1823 CAPABILITY_CODE_ORF_OLD,
1824 ext_opt_params);
1825 bgp_open_capability_orf(s, peer, afi, safi,
1826 CAPABILITY_CODE_ORF,
1827 ext_opt_params);
1828 }
1829 }
1830
1831 /* Dynamic capability. */
1832 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1833 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1834 stream_putc(s, BGP_OPEN_OPT_CAP);
1835 ext_opt_params
1836 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1837 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1838 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1839 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1840 stream_putc(s, BGP_OPEN_OPT_CAP);
1841 ext_opt_params
1842 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1843 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1844 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1845 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1846 }
1847
1848 /* Hostname capability */
1849 if (cmd_hostname_get()) {
1850 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1851 stream_putc(s, BGP_OPEN_OPT_CAP);
1852 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1853 ext_opt_params ? stream_putw(s, 0)
1854 : stream_putc(s, 0); /* Capability Length */
1855 stream_putc(s, CAPABILITY_CODE_FQDN);
1856 capp = stream_get_endp(s);
1857 stream_putc(s, 0); /* dummy len for now */
1858 len = strlen(cmd_hostname_get());
1859 if (len > BGP_MAX_HOSTNAME)
1860 len = BGP_MAX_HOSTNAME;
1861
1862 stream_putc(s, len);
1863 stream_put(s, cmd_hostname_get(), len);
1864 if (cmd_domainname_get()) {
1865 len = strlen(cmd_domainname_get());
1866 if (len > BGP_MAX_HOSTNAME)
1867 len = BGP_MAX_HOSTNAME;
1868
1869 stream_putc(s, len);
1870 stream_put(s, cmd_domainname_get(), len);
1871 } else
1872 stream_putc(s, 0); /* 0 length */
1873
1874 /* Set the lengths straight */
1875 len = stream_get_endp(s) - rcapp - 1;
1876 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1877 : stream_putc_at(s, rcapp, len);
1878
1879 len = stream_get_endp(s) - capp - 1;
1880 stream_putc_at(s, capp, len);
1881
1882 if (bgp_debug_neighbor_events(peer))
1883 zlog_debug(
1884 "%s Sending hostname cap with hn = %s, dn = %s",
1885 peer->host, cmd_hostname_get(),
1886 cmd_domainname_get());
1887 }
1888
1889 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1890 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1891
1892 /* Total Opt Parm Len. */
1893 len = stream_get_endp(s) - cp - 1;
1894
1895 if (ext_opt_params) {
1896 len = stream_get_endp(s) - eopl - 2;
1897 stream_putw_at(s, eopl, len);
1898 } else {
1899 stream_putc_at(s, cp, len);
1900 }
1901
1902 return len;
1903 }
FRRouting mirror