1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
45 static const struct message capcode_str
[] = {
46 {CAPABILITY_CODE_MP
, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH
, "Route Refresh"},
48 {CAPABILITY_CODE_ORF
, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART
, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4
, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH
, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC
, "Dynamic"},
53 {CAPABILITY_CODE_ENHE
, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD
, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD
, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD
, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN
, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR
, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE
, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR
, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE
, "Role"},
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes
[] = {
66 [CAPABILITY_CODE_MP
] = CAPABILITY_CODE_MP_LEN
,
67 [CAPABILITY_CODE_REFRESH
] = CAPABILITY_CODE_REFRESH_LEN
,
68 [CAPABILITY_CODE_ORF
] = CAPABILITY_CODE_ORF_LEN
,
69 [CAPABILITY_CODE_RESTART
] = CAPABILITY_CODE_RESTART_LEN
,
70 [CAPABILITY_CODE_AS4
] = CAPABILITY_CODE_AS4_LEN
,
71 [CAPABILITY_CODE_ADDPATH
] = CAPABILITY_CODE_ADDPATH_LEN
,
72 [CAPABILITY_CODE_DYNAMIC
] = CAPABILITY_CODE_DYNAMIC_LEN
,
73 [CAPABILITY_CODE_DYNAMIC_OLD
] = CAPABILITY_CODE_DYNAMIC_LEN
,
74 [CAPABILITY_CODE_ENHE
] = CAPABILITY_CODE_ENHE_LEN
,
75 [CAPABILITY_CODE_REFRESH_OLD
] = CAPABILITY_CODE_REFRESH_LEN
,
76 [CAPABILITY_CODE_ORF_OLD
] = CAPABILITY_CODE_ORF_LEN
,
77 [CAPABILITY_CODE_FQDN
] = CAPABILITY_CODE_MIN_FQDN_LEN
,
78 [CAPABILITY_CODE_ENHANCED_RR
] = CAPABILITY_CODE_ENHANCED_LEN
,
79 [CAPABILITY_CODE_EXT_MESSAGE
] = CAPABILITY_CODE_EXT_MESSAGE_LEN
,
80 [CAPABILITY_CODE_LLGR
] = CAPABILITY_CODE_LLGR_LEN
,
81 [CAPABILITY_CODE_ROLE
] = CAPABILITY_CODE_ROLE_LEN
,
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
89 static const size_t cap_modsizes
[] = {
90 [CAPABILITY_CODE_MP
] = 4,
91 [CAPABILITY_CODE_REFRESH
] = 1,
92 [CAPABILITY_CODE_ORF
] = 1,
93 [CAPABILITY_CODE_RESTART
] = 1,
94 [CAPABILITY_CODE_AS4
] = 4,
95 [CAPABILITY_CODE_ADDPATH
] = 4,
96 [CAPABILITY_CODE_DYNAMIC
] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD
] = 1,
98 [CAPABILITY_CODE_ENHE
] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD
] = 1,
100 [CAPABILITY_CODE_ORF_OLD
] = 1,
101 [CAPABILITY_CODE_FQDN
] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR
] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE
] = 1,
104 [CAPABILITY_CODE_LLGR
] = 1,
105 [CAPABILITY_CODE_ROLE
] = 1,
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
118 void bgp_capability_vty_out(struct vty
*vty
, struct peer
*peer
, bool use_json
,
119 json_object
*json_neigh
)
123 struct capability_mp_data mpc
;
124 struct capability_header
*hdr
;
125 json_object
*json_cap
= NULL
;
128 json_cap
= json_object_new_object();
130 pnt
= peer
->notify
.data
;
131 end
= pnt
+ peer
->notify
.length
;
134 if (pnt
+ sizeof(struct capability_mp_data
) + 2 > end
)
137 hdr
= (struct capability_header
*)pnt
;
138 if (pnt
+ hdr
->length
+ 2 > end
)
141 memcpy(&mpc
, pnt
+ 2, sizeof(struct capability_mp_data
));
143 if (hdr
->code
== CAPABILITY_CODE_MP
) {
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc
.afi
),
148 mpc
.safi
, &afi
, &safi
);
153 json_object_string_add(
155 "capabilityErrorMultiProtocolAfi",
159 json_object_string_add(
161 "capabilityErrorMultiProtocolAfi",
165 json_object_string_add(
167 "capabilityErrorMultiProtocolAfi",
173 "capabilityErrorMultiProtocolAfiUnknown",
179 json_object_string_add(
181 "capabilityErrorMultiProtocolSafi",
185 json_object_string_add(
187 "capabilityErrorMultiProtocolSafi",
190 case SAFI_LABELED_UNICAST
:
191 json_object_string_add(
193 "capabilityErrorMultiProtocolSafi",
197 json_object_string_add(
199 "capabilityErrorMultiProtocolSafi",
203 json_object_string_add(
205 "capabilityErrorMultiProtocolSafi",
209 json_object_string_add(
211 "capabilityErrorMultiProtocolSafi",
215 json_object_string_add(
217 "capabilityErrorMultiProtocolSafi",
223 "capabilityErrorMultiProtocolSafiUnknown",
229 " Capability error for: Multi protocol ");
232 vty_out(vty
, "AFI IPv4, ");
235 vty_out(vty
, "AFI IPv6, ");
238 vty_out(vty
, "AFI L2VPN, ");
241 vty_out(vty
, "AFI Unknown %d, ",
247 vty_out(vty
, "SAFI Unicast");
250 vty_out(vty
, "SAFI Multicast");
252 case SAFI_LABELED_UNICAST
:
253 vty_out(vty
, "SAFI Labeled-unicast");
256 vty_out(vty
, "SAFI MPLS-labeled VPN");
259 vty_out(vty
, "SAFI ENCAP");
262 vty_out(vty
, "SAFI FLOWSPEC");
265 vty_out(vty
, "SAFI EVPN");
268 vty_out(vty
, "SAFI Unknown %d ",
274 } else if (hdr
->code
>= 128) {
278 "capabilityErrorVendorSpecificCapabilityCode",
282 " Capability error: vendor specific capability code %d",
288 "capabilityErrorUnknownCapabilityCode",
292 " Capability error: unknown capability code %d",
295 pnt
+= hdr
->length
+ 2;
298 json_object_object_add(json_neigh
, "capabilityErrors",
302 static void bgp_capability_mp_data(struct stream
*s
,
303 struct capability_mp_data
*mpc
)
305 mpc
->afi
= stream_getw(s
);
306 mpc
->reserved
= stream_getc(s
);
307 mpc
->safi
= stream_getc(s
);
310 /* Set negotiated capability value. */
311 static int bgp_capability_mp(struct peer
*peer
, struct capability_header
*hdr
)
313 struct capability_mp_data mpc
;
314 struct stream
*s
= BGP_INPUT(peer
);
318 /* Verify length is 4 */
319 if (hdr
->length
!= 4) {
321 EC_BGP_CAPABILITY_INVALID_LENGTH
,
322 "MP Cap: Received invalid length %d, non-multiple of 4",
327 bgp_capability_mp_data(s
, &mpc
);
329 if (bgp_debug_neighbor_events(peer
))
330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer
->host
, lookup_msg(capcode_str
, hdr
->code
, NULL
),
332 iana_afi2str(mpc
.afi
), iana_safi2str(mpc
.safi
));
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc
.afi
, mpc
.safi
, &afi
, &safi
))
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer
->afc_recv
[afi
][safi
] = 1;
341 if (peer
->afc
[afi
][safi
])
342 peer
->afc_nego
[afi
][safi
] = 1;
349 static void bgp_capability_orf_not_support(struct peer
*peer
, iana_afi_t afi
,
350 iana_safi_t safi
, uint8_t type
,
353 if (bgp_debug_neighbor_events(peer
))
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer
->host
, afi
, safi
, type
, mode
);
359 static const struct message orf_type_str
[] = {
360 {ORF_TYPE_PREFIX
, "Prefixlist"},
361 {ORF_TYPE_PREFIX_OLD
, "Prefixlist (old)"},
364 static const struct message orf_mode_str
[] = {{ORF_MODE_RECEIVE
, "Receive"},
365 {ORF_MODE_SEND
, "Send"},
366 {ORF_MODE_BOTH
, "Both"},
369 static int bgp_capability_orf_entry(struct peer
*peer
,
370 struct capability_header
*hdr
)
372 struct stream
*s
= BGP_INPUT(peer
);
373 struct capability_mp_data mpc
;
377 iana_safi_t pkt_safi
;
381 uint16_t sm_cap
= 0; /* capability send-mode receive */
382 uint16_t rm_cap
= 0; /* capability receive-mode receive */
385 /* ORF Entry header */
386 bgp_capability_mp_data(s
, &mpc
);
387 num
= stream_getc(s
);
391 if (bgp_debug_neighbor_events(peer
))
392 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer
->host
,
393 iana_afi2str(mpc
.afi
), iana_safi2str(mpc
.safi
));
395 /* Convert AFI, SAFI to internal values, check. */
396 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
398 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
399 peer
->host
, pkt_afi
, pkt_safi
);
406 /* validate number field */
407 if (CAPABILITY_CODE_ORF_LEN
+ (num
* 2) > hdr
->length
) {
409 "%s ORF Capability entry length error, Cap length %u, num %u",
410 peer
->host
, hdr
->length
, num
);
411 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
412 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
416 for (i
= 0; i
< num
; i
++) {
417 type
= stream_getc(s
);
418 mode
= stream_getc(s
);
420 /* ORF Mode error check */
424 case ORF_MODE_RECEIVE
:
427 bgp_capability_orf_not_support(peer
, pkt_afi
, pkt_safi
,
431 /* ORF Type and afi/safi error checks */
432 /* capcode versus type */
434 case CAPABILITY_CODE_ORF
:
436 case ORF_TYPE_PREFIX
:
439 bgp_capability_orf_not_support(
440 peer
, pkt_afi
, pkt_safi
, type
, mode
);
444 case CAPABILITY_CODE_ORF_OLD
:
446 case ORF_TYPE_PREFIX_OLD
:
449 bgp_capability_orf_not_support(
450 peer
, pkt_afi
, pkt_safi
, type
, mode
);
455 bgp_capability_orf_not_support(peer
, pkt_afi
, pkt_safi
,
461 if (!((afi
== AFI_IP
&& safi
== SAFI_UNICAST
)
462 || (afi
== AFI_IP
&& safi
== SAFI_MULTICAST
)
463 || (afi
== AFI_IP6
&& safi
== SAFI_UNICAST
))) {
464 bgp_capability_orf_not_support(peer
, pkt_afi
, pkt_safi
,
469 if (bgp_debug_neighbor_events(peer
))
471 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
473 lookup_msg(orf_type_str
, type
, NULL
),
474 lookup_msg(orf_mode_str
, mode
, NULL
),
475 iana_afi2str(pkt_afi
), iana_safi2str(pkt_safi
));
477 if (hdr
->code
== CAPABILITY_CODE_ORF
) {
478 sm_cap
= PEER_CAP_ORF_PREFIX_SM_RCV
;
479 rm_cap
= PEER_CAP_ORF_PREFIX_RM_RCV
;
480 } else if (hdr
->code
== CAPABILITY_CODE_ORF_OLD
) {
481 sm_cap
= PEER_CAP_ORF_PREFIX_SM_OLD_RCV
;
482 rm_cap
= PEER_CAP_ORF_PREFIX_RM_OLD_RCV
;
484 bgp_capability_orf_not_support(peer
, pkt_afi
, pkt_safi
,
491 SET_FLAG(peer
->af_cap
[afi
][safi
], sm_cap
);
492 SET_FLAG(peer
->af_cap
[afi
][safi
], rm_cap
);
495 SET_FLAG(peer
->af_cap
[afi
][safi
], sm_cap
);
497 case ORF_MODE_RECEIVE
:
498 SET_FLAG(peer
->af_cap
[afi
][safi
], rm_cap
);
505 static int bgp_capability_restart(struct peer
*peer
,
506 struct capability_header
*caphdr
)
508 struct stream
*s
= BGP_INPUT(peer
);
509 uint16_t restart_flag_time
;
510 size_t end
= stream_get_getp(s
) + caphdr
->length
;
512 /* Verify length is a multiple of 4 */
513 if ((caphdr
->length
- 2) % 4) {
515 EC_BGP_CAPABILITY_INVALID_LENGTH
,
516 "Restart Cap: Received invalid length %d, non-multiple of 4",
521 SET_FLAG(peer
->cap
, PEER_CAP_RESTART_RCV
);
522 restart_flag_time
= stream_getw(s
);
524 /* The most significant bit is defined in [RFC4724] as
525 * the Restart State ("R") bit.
527 if (CHECK_FLAG(restart_flag_time
, GRACEFUL_RESTART_R_BIT
))
528 SET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV
);
530 UNSET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV
);
532 /* The second most significant bit is defined in this
533 * document as the Graceful Notification ("N") bit.
535 if (CHECK_FLAG(restart_flag_time
, GRACEFUL_RESTART_N_BIT
))
536 SET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV
);
538 UNSET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV
);
540 UNSET_FLAG(restart_flag_time
, 0xF000);
541 peer
->v_gr_restart
= restart_flag_time
;
543 if (bgp_debug_neighbor_events(peer
)) {
545 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
547 CHECK_FLAG(peer
->cap
,
548 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV
)
552 CHECK_FLAG(peer
->cap
,
553 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV
)
558 while (stream_get_getp(s
) + 4 <= end
) {
561 iana_afi_t pkt_afi
= stream_getw(s
);
562 iana_safi_t pkt_safi
= stream_getc(s
);
563 uint8_t flag
= stream_getc(s
);
565 /* Convert AFI, SAFI to internal values, check. */
566 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
567 if (bgp_debug_neighbor_events(peer
))
569 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
570 peer
->host
, iana_afi2str(pkt_afi
),
571 iana_safi2str(pkt_safi
));
572 } else if (!peer
->afc
[afi
][safi
]) {
573 if (bgp_debug_neighbor_events(peer
))
575 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
576 peer
->host
, iana_afi2str(pkt_afi
),
577 iana_safi2str(pkt_safi
));
579 if (bgp_debug_neighbor_events(peer
))
581 "%s Address family %s is%spreserved",
582 peer
->host
, get_afi_safi_str(afi
, safi
, false),
584 peer
->af_cap
[afi
][safi
],
585 PEER_CAP_RESTART_AF_PRESERVE_RCV
)
589 SET_FLAG(peer
->af_cap
[afi
][safi
],
590 PEER_CAP_RESTART_AF_RCV
);
591 if (CHECK_FLAG(flag
, GRACEFUL_RESTART_F_BIT
))
592 SET_FLAG(peer
->af_cap
[afi
][safi
],
593 PEER_CAP_RESTART_AF_PRESERVE_RCV
);
599 static int bgp_capability_llgr(struct peer
*peer
,
600 struct capability_header
*caphdr
)
602 struct stream
*s
= BGP_INPUT(peer
);
603 size_t end
= stream_get_getp(s
) + caphdr
->length
;
605 SET_FLAG(peer
->cap
, PEER_CAP_LLGR_RCV
);
607 while (stream_get_getp(s
) + 4 <= end
) {
610 iana_afi_t pkt_afi
= stream_getw(s
);
611 iana_safi_t pkt_safi
= stream_getc(s
);
612 uint8_t flags
= stream_getc(s
);
613 uint32_t stale_time
= stream_get3(s
);
615 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
616 if (bgp_debug_neighbor_events(peer
))
618 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
619 peer
->host
, iana_afi2str(pkt_afi
),
620 iana_safi2str(pkt_safi
));
621 } else if (!peer
->afc
[afi
][safi
]
622 || !CHECK_FLAG(peer
->af_cap
[afi
][safi
],
623 PEER_CAP_RESTART_AF_RCV
)) {
624 if (bgp_debug_neighbor_events(peer
))
626 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
627 peer
->host
, iana_afi2str(pkt_afi
),
628 iana_safi2str(pkt_safi
));
630 if (bgp_debug_neighbor_events(peer
))
632 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
633 peer
->host
, iana_afi2str(pkt_afi
),
634 iana_safi2str(pkt_safi
), stale_time
);
636 peer
->llgr
[afi
][safi
].flags
= flags
;
637 peer
->llgr
[afi
][safi
].stale_time
=
638 MIN(stale_time
, peer
->bgp
->llgr_stale_time
);
639 SET_FLAG(peer
->af_cap
[afi
][safi
], PEER_CAP_LLGR_AF_RCV
);
646 /* Unlike other capability parsing routines, this one returns 0 on error */
647 static as_t
bgp_capability_as4(struct peer
*peer
, struct capability_header
*hdr
)
649 SET_FLAG(peer
->cap
, PEER_CAP_AS4_RCV
);
651 if (hdr
->length
!= CAPABILITY_CODE_AS4_LEN
) {
652 flog_err(EC_BGP_PKT_OPEN
,
653 "%s AS4 capability has incorrect data length %d",
654 peer
->host
, hdr
->length
);
658 as_t as4
= stream_getl(BGP_INPUT(peer
));
660 if (BGP_DEBUG(as4
, AS4
))
662 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
667 static int bgp_capability_ext_message(struct peer
*peer
,
668 struct capability_header
*hdr
)
670 if (hdr
->length
!= CAPABILITY_CODE_EXT_MESSAGE_LEN
) {
673 "%s: BGP Extended Message capability has incorrect data length %d",
674 peer
->host
, hdr
->length
);
678 SET_FLAG(peer
->cap
, PEER_CAP_EXTENDED_MESSAGE_RCV
);
683 static int bgp_capability_addpath(struct peer
*peer
,
684 struct capability_header
*hdr
)
686 struct stream
*s
= BGP_INPUT(peer
);
687 size_t end
= stream_get_getp(s
) + hdr
->length
;
689 SET_FLAG(peer
->cap
, PEER_CAP_ADDPATH_RCV
);
691 /* Verify length is a multiple of 4 */
692 if (hdr
->length
% 4) {
694 EC_BGP_CAPABILITY_INVALID_LENGTH
,
695 "Add Path: Received invalid length %d, non-multiple of 4",
700 while (stream_get_getp(s
) + 4 <= end
) {
703 iana_afi_t pkt_afi
= stream_getw(s
);
704 iana_safi_t pkt_safi
= stream_getc(s
);
705 uint8_t send_receive
= stream_getc(s
);
707 if (bgp_debug_neighbor_events(peer
))
709 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
711 lookup_msg(capcode_str
, hdr
->code
, NULL
),
712 iana_afi2str(pkt_afi
), iana_safi2str(pkt_safi
),
713 (send_receive
& BGP_ADDPATH_RX
) ? ", receive"
715 (send_receive
& BGP_ADDPATH_TX
) ? ", transmit"
718 /* Convert AFI, SAFI to internal values, check. */
719 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
720 if (bgp_debug_neighbor_events(peer
))
722 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
723 peer
->host
, iana_afi2str(pkt_afi
),
724 iana_safi2str(pkt_safi
));
726 } else if (!peer
->afc
[afi
][safi
]) {
727 if (bgp_debug_neighbor_events(peer
))
729 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
730 peer
->host
, iana_afi2str(pkt_afi
),
731 iana_safi2str(pkt_safi
));
735 if (send_receive
& BGP_ADDPATH_RX
)
736 SET_FLAG(peer
->af_cap
[afi
][safi
],
737 PEER_CAP_ADDPATH_AF_RX_RCV
);
739 if (send_receive
& BGP_ADDPATH_TX
)
740 SET_FLAG(peer
->af_cap
[afi
][safi
],
741 PEER_CAP_ADDPATH_AF_TX_RCV
);
747 static int bgp_capability_enhe(struct peer
*peer
, struct capability_header
*hdr
)
749 struct stream
*s
= BGP_INPUT(peer
);
750 size_t end
= stream_get_getp(s
) + hdr
->length
;
752 /* Verify length is a multiple of 4 */
753 if (hdr
->length
% 6) {
755 EC_BGP_CAPABILITY_INVALID_LENGTH
,
756 "Extended NH: Received invalid length %d, non-multiple of 6",
761 while (stream_get_getp(s
) + 6 <= end
) {
762 iana_afi_t pkt_afi
= stream_getw(s
);
764 iana_safi_t pkt_safi
= stream_getw(s
);
766 iana_afi_t pkt_nh_afi
= stream_getw(s
);
769 if (bgp_debug_neighbor_events(peer
))
771 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
772 peer
->host
, iana_afi2str(pkt_afi
),
773 iana_safi2str(pkt_safi
), pkt_nh_afi
);
775 /* Convert AFI, SAFI to internal values, check. */
776 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
777 if (bgp_debug_neighbor_events(peer
))
779 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
780 peer
->host
, iana_afi2str(pkt_afi
),
781 iana_safi2str(pkt_safi
));
785 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
787 * the Nexthop AFI being IPv6. A future spec may introduce other
788 * possibilities, so we ignore other values with a log. Also,
790 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
793 nh_afi
= afi_iana2int(pkt_nh_afi
);
795 if (afi
!= AFI_IP
|| nh_afi
!= AFI_IP6
796 || !(safi
== SAFI_UNICAST
|| safi
== SAFI_MPLS_VPN
797 || safi
== SAFI_LABELED_UNICAST
)) {
799 EC_BGP_CAPABILITY_INVALID_DATA
,
800 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
801 peer
->host
, iana_afi2str(pkt_afi
),
802 iana_safi2str(pkt_safi
), pkt_nh_afi
);
806 SET_FLAG(peer
->af_cap
[afi
][safi
], PEER_CAP_ENHE_AF_RCV
);
808 if (CHECK_FLAG(peer
->af_cap
[afi
][safi
], PEER_CAP_ENHE_AF_ADV
))
809 SET_FLAG(peer
->af_cap
[afi
][safi
],
810 PEER_CAP_ENHE_AF_NEGO
);
813 SET_FLAG(peer
->cap
, PEER_CAP_ENHE_RCV
);
818 static int bgp_capability_hostname(struct peer
*peer
,
819 struct capability_header
*hdr
)
821 struct stream
*s
= BGP_INPUT(peer
);
822 char str
[BGP_MAX_HOSTNAME
+ 1];
823 size_t end
= stream_get_getp(s
) + hdr
->length
;
826 SET_FLAG(peer
->cap
, PEER_CAP_HOSTNAME_RCV
);
828 len
= stream_getc(s
);
829 if (stream_get_getp(s
) + len
> end
) {
831 EC_BGP_CAPABILITY_INVALID_DATA
,
832 "%s: Received malformed hostname capability from peer %s",
833 __func__
, peer
->host
);
837 if (len
> BGP_MAX_HOSTNAME
) {
838 stream_get(str
, s
, BGP_MAX_HOSTNAME
);
839 stream_forward_getp(s
, len
- BGP_MAX_HOSTNAME
);
840 len
= BGP_MAX_HOSTNAME
; /* to set the '\0' below */
842 stream_get(str
, s
, len
);
847 XFREE(MTYPE_BGP_PEER_HOST
, peer
->hostname
);
848 XFREE(MTYPE_BGP_PEER_HOST
, peer
->domainname
);
850 peer
->hostname
= XSTRDUP(MTYPE_BGP_PEER_HOST
, str
);
853 if (stream_get_getp(s
) + 1 > end
) {
855 EC_BGP_CAPABILITY_INVALID_DATA
,
856 "%s: Received invalid domain name len (hostname capability) from peer %s",
857 __func__
, peer
->host
);
861 len
= stream_getc(s
);
862 if (stream_get_getp(s
) + len
> end
) {
864 EC_BGP_CAPABILITY_INVALID_DATA
,
865 "%s: Received runt domain name (hostname capability) from peer %s",
866 __func__
, peer
->host
);
870 if (len
> BGP_MAX_HOSTNAME
) {
871 stream_get(str
, s
, BGP_MAX_HOSTNAME
);
872 stream_forward_getp(s
, len
- BGP_MAX_HOSTNAME
);
873 len
= BGP_MAX_HOSTNAME
; /* to set the '\0' below */
875 stream_get(str
, s
, len
);
880 XFREE(MTYPE_BGP_PEER_HOST
, peer
->domainname
);
882 peer
->domainname
= XSTRDUP(MTYPE_BGP_PEER_HOST
, str
);
885 if (bgp_debug_neighbor_events(peer
)) {
886 zlog_debug("%s received hostname %s, domainname %s", peer
->host
,
887 peer
->hostname
, peer
->domainname
);
893 static int bgp_capability_role(struct peer
*peer
, struct capability_header
*hdr
)
895 SET_FLAG(peer
->cap
, PEER_CAP_ROLE_RCV
);
896 if (hdr
->length
!= CAPABILITY_CODE_ROLE_LEN
) {
897 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH
,
898 "Role: Received invalid length %d", hdr
->length
);
901 uint8_t role
= stream_getc(BGP_INPUT(peer
));
903 peer
->remote_role
= role
;
908 * Parse given capability.
909 * XXX: This is reading into a stream, but not using stream API
911 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
912 * capabilities were encountered.
914 static int bgp_capability_parse(struct peer
*peer
, size_t length
,
915 int *mp_capability
, uint8_t **error
)
918 struct stream
*s
= BGP_INPUT(peer
);
919 size_t end
= stream_get_getp(s
) + length
;
920 uint16_t restart_flag_time
= 0;
922 assert(STREAM_READABLE(s
) >= length
);
924 while (stream_get_getp(s
) < end
) {
926 uint8_t *sp
= stream_pnt(s
);
927 struct capability_header caphdr
;
930 /* We need at least capability code and capability length. */
931 if (stream_get_getp(s
) + 2 > end
) {
932 zlog_info("%s Capability length error (< header)",
934 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
935 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
939 caphdr
.code
= stream_getc(s
);
940 caphdr
.length
= stream_getc(s
);
941 start
= stream_get_getp(s
);
943 /* Capability length check sanity check. */
944 if (start
+ caphdr
.length
> end
) {
945 zlog_info("%s Capability length error (< length)",
947 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
952 if (bgp_debug_neighbor_events(peer
))
953 zlog_debug("%s OPEN has %s capability (%u), length %u",
955 lookup_msg(capcode_str
, caphdr
.code
, NULL
),
956 caphdr
.code
, caphdr
.length
);
958 /* Length sanity check, type-specific, for known capabilities */
959 switch (caphdr
.code
) {
960 case CAPABILITY_CODE_MP
:
961 case CAPABILITY_CODE_REFRESH
:
962 case CAPABILITY_CODE_REFRESH_OLD
:
963 case CAPABILITY_CODE_ORF
:
964 case CAPABILITY_CODE_ORF_OLD
:
965 case CAPABILITY_CODE_RESTART
:
966 case CAPABILITY_CODE_AS4
:
967 case CAPABILITY_CODE_ADDPATH
:
968 case CAPABILITY_CODE_DYNAMIC
:
969 case CAPABILITY_CODE_DYNAMIC_OLD
:
970 case CAPABILITY_CODE_ENHE
:
971 case CAPABILITY_CODE_FQDN
:
972 case CAPABILITY_CODE_ENHANCED_RR
:
973 case CAPABILITY_CODE_EXT_MESSAGE
:
974 case CAPABILITY_CODE_ROLE
:
976 if (caphdr
.length
< cap_minsizes
[caphdr
.code
]) {
978 "%s %s Capability length error: got %u, expected at least %u",
980 lookup_msg(capcode_str
, caphdr
.code
,
983 (unsigned)cap_minsizes
[caphdr
.code
]);
984 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
985 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
989 && caphdr
.length
% cap_modsizes
[caphdr
.code
] != 0) {
991 "%s %s Capability length error: got %u, expected a multiple of %u",
993 lookup_msg(capcode_str
, caphdr
.code
,
996 (unsigned)cap_modsizes
[caphdr
.code
]);
997 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
1001 /* we deliberately ignore unknown codes, see below */
1006 switch (caphdr
.code
) {
1007 case CAPABILITY_CODE_MP
: {
1010 /* Ignore capability when override-capability is set. */
1011 if (!CHECK_FLAG(peer
->flags
,
1012 PEER_FLAG_OVERRIDE_CAPABILITY
)) {
1013 /* Set negotiated value. */
1014 ret
= bgp_capability_mp(peer
, &caphdr
);
1016 /* Unsupported Capability. */
1018 /* Store return data. */
1019 memcpy(*error
, sp
, caphdr
.length
+ 2);
1020 *error
+= caphdr
.length
+ 2;
1022 ret
= 0; /* Don't return error for this */
1025 case CAPABILITY_CODE_ENHANCED_RR
:
1026 case CAPABILITY_CODE_REFRESH
:
1027 case CAPABILITY_CODE_REFRESH_OLD
: {
1028 /* BGP refresh capability */
1029 if (caphdr
.code
== CAPABILITY_CODE_ENHANCED_RR
)
1030 SET_FLAG(peer
->cap
, PEER_CAP_ENHANCED_RR_RCV
);
1031 else if (caphdr
.code
== CAPABILITY_CODE_REFRESH_OLD
)
1032 SET_FLAG(peer
->cap
, PEER_CAP_REFRESH_OLD_RCV
);
1034 SET_FLAG(peer
->cap
, PEER_CAP_REFRESH_NEW_RCV
);
1036 case CAPABILITY_CODE_ORF
:
1037 case CAPABILITY_CODE_ORF_OLD
:
1038 ret
= bgp_capability_orf_entry(peer
, &caphdr
);
1040 case CAPABILITY_CODE_RESTART
:
1041 ret
= bgp_capability_restart(peer
, &caphdr
);
1043 case CAPABILITY_CODE_LLGR
:
1044 ret
= bgp_capability_llgr(peer
, &caphdr
);
1046 case CAPABILITY_CODE_DYNAMIC
:
1047 case CAPABILITY_CODE_DYNAMIC_OLD
:
1048 SET_FLAG(peer
->cap
, PEER_CAP_DYNAMIC_RCV
);
1050 case CAPABILITY_CODE_AS4
:
1051 /* Already handled as a special-case parsing of the
1053 * at the beginning of OPEN processing. So we care not a
1055 * for the value really, only error case.
1057 if (!bgp_capability_as4(peer
, &caphdr
))
1060 case CAPABILITY_CODE_ADDPATH
:
1061 ret
= bgp_capability_addpath(peer
, &caphdr
);
1063 case CAPABILITY_CODE_ENHE
:
1064 ret
= bgp_capability_enhe(peer
, &caphdr
);
1066 case CAPABILITY_CODE_EXT_MESSAGE
:
1067 ret
= bgp_capability_ext_message(peer
, &caphdr
);
1069 case CAPABILITY_CODE_FQDN
:
1070 ret
= bgp_capability_hostname(peer
, &caphdr
);
1072 case CAPABILITY_CODE_ROLE
:
1073 ret
= bgp_capability_role(peer
, &caphdr
);
1076 if (caphdr
.code
> 128) {
1077 /* We don't send Notification for unknown vendor
1079 capabilities. It seems reasonable for now...
1081 flog_warn(EC_BGP_CAPABILITY_VENDOR
,
1082 "%s Vendor specific capability %d",
1083 peer
->host
, caphdr
.code
);
1086 EC_BGP_CAPABILITY_UNKNOWN
,
1087 "%s unrecognized capability code: %d - ignored",
1088 peer
->host
, caphdr
.code
);
1089 memcpy(*error
, sp
, caphdr
.length
+ 2);
1090 *error
+= caphdr
.length
+ 2;
1095 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1096 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
1099 if (stream_get_getp(s
) != (start
+ caphdr
.length
)) {
1100 if (stream_get_getp(s
) > (start
+ caphdr
.length
))
1102 EC_BGP_CAPABILITY_INVALID_LENGTH
,
1103 "%s Cap-parser for %s read past cap-length, %u!",
1105 lookup_msg(capcode_str
, caphdr
.code
,
1108 stream_set_getp(s
, start
+ caphdr
.length
);
1111 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_RESTART_RCV
)) {
1112 UNSET_FLAG(restart_flag_time
, 0xF000);
1113 peer
->v_gr_restart
= restart_flag_time
;
1119 static int bgp_auth_parse(struct peer
*peer
, size_t length
)
1121 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1122 BGP_NOTIFY_OPEN_AUTH_FAILURE
);
1126 static bool strict_capability_same(struct peer
*peer
)
1130 for (i
= AFI_IP
; i
< AFI_MAX
; i
++)
1131 for (j
= SAFI_UNICAST
; j
< SAFI_MAX
; j
++)
1132 if (peer
->afc
[i
][j
] != peer
->afc_nego
[i
][j
])
1138 static bool bgp_role_violation(struct peer
*peer
)
1140 uint8_t local_role
= peer
->local_role
;
1141 uint8_t remote_role
= peer
->remote_role
;
1143 if (local_role
!= ROLE_UNDEFINED
&& remote_role
!= ROLE_UNDEFINED
&&
1144 !((local_role
== ROLE_PEER
&& remote_role
== ROLE_PEER
) ||
1145 (local_role
== ROLE_PROVIDER
&& remote_role
== ROLE_CUSTOMER
) ||
1146 (local_role
== ROLE_CUSTOMER
&& remote_role
== ROLE_PROVIDER
) ||
1147 (local_role
== ROLE_RS_SERVER
&& remote_role
== ROLE_RS_CLIENT
) ||
1148 (local_role
== ROLE_RS_CLIENT
&&
1149 remote_role
== ROLE_RS_SERVER
))) {
1150 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1151 BGP_NOTIFY_OPEN_ROLE_MISMATCH
);
1154 if (remote_role
== ROLE_UNDEFINED
&&
1155 CHECK_FLAG(peer
->flags
, PEER_FLAG_ROLE_STRICT_MODE
)) {
1156 const char *err_msg
=
1157 "Strict mode. Please set the role on your side.";
1158 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1159 BGP_NOTIFY_OPEN_ROLE_MISMATCH
,
1160 (uint8_t *)err_msg
, strlen(err_msg
));
1167 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1168 * Returns 0 if no as4 found, as4cap value otherwise.
1170 as_t
peek_for_as4_capability(struct peer
*peer
, uint16_t length
)
1172 struct stream
*s
= BGP_INPUT(peer
);
1173 size_t orig_getp
= stream_get_getp(s
);
1174 size_t end
= orig_getp
+ length
;
1177 if (BGP_DEBUG(as4
, AS4
))
1179 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1180 peer
->host
, length
);
1181 /* the error cases we DONT handle, we ONLY try to read as4 out of
1182 * correctly formatted options.
1184 while (stream_get_getp(s
) < end
) {
1186 uint16_t opt_length
;
1188 /* Ensure we can read the option type */
1189 if (stream_get_getp(s
) + 1 > end
)
1192 /* Fetch the option type */
1193 opt_type
= stream_getc(s
);
1196 * Check the length and fetch the opt_length
1197 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1198 * then we do a getw which is 2 bytes. So we need to
1199 * ensure that we can read that as well
1201 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer
)) {
1202 if (stream_get_getp(s
) + 2 > end
)
1205 opt_length
= stream_getw(s
);
1207 if (stream_get_getp(s
) + 1 > end
)
1210 opt_length
= stream_getc(s
);
1213 /* Option length check. */
1214 if (stream_get_getp(s
) + opt_length
> end
)
1217 if (opt_type
== BGP_OPEN_OPT_CAP
) {
1218 unsigned long capd_start
= stream_get_getp(s
);
1219 unsigned long capd_end
= capd_start
+ opt_length
;
1221 assert(capd_end
<= end
);
1223 while (stream_get_getp(s
) < capd_end
) {
1224 struct capability_header hdr
;
1226 if (stream_get_getp(s
) + 2 > capd_end
)
1229 hdr
.code
= stream_getc(s
);
1230 hdr
.length
= stream_getc(s
);
1232 if ((stream_get_getp(s
) + hdr
.length
)
1236 if (hdr
.code
== CAPABILITY_CODE_AS4
) {
1237 if (BGP_DEBUG(as4
, AS4
))
1239 "[AS4] found AS4 capability, about to parse");
1240 as4
= bgp_capability_as4(peer
, &hdr
);
1244 stream_forward_getp(s
, hdr
.length
);
1250 stream_set_getp(s
, orig_getp
);
1255 * Parse open option.
1257 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1259 int bgp_open_option_parse(struct peer
*peer
, uint16_t length
,
1264 uint8_t error_data
[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE
];
1265 struct stream
*s
= BGP_INPUT(peer
);
1266 size_t end
= stream_get_getp(s
) + length
;
1270 if (bgp_debug_neighbor_events(peer
))
1271 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1272 peer
->host
, length
);
1274 /* Unset any previously received GR capability. */
1275 UNSET_FLAG(peer
->cap
, PEER_CAP_RESTART_RCV
);
1277 while (stream_get_getp(s
) < end
) {
1279 uint16_t opt_length
;
1281 /* Must have at least an OPEN option header */
1282 if (STREAM_READABLE(s
) < 2) {
1283 zlog_info("%s Option length error", peer
->host
);
1284 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1285 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
1289 /* Fetch option type and length. */
1290 opt_type
= stream_getc(s
);
1291 opt_length
= BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer
)
1295 /* Option length check. */
1296 if (STREAM_READABLE(s
) < opt_length
) {
1297 zlog_info("%s Option length error (%d)", peer
->host
,
1299 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1300 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
1304 if (bgp_debug_neighbor_events(peer
))
1306 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1307 peer
->host
, opt_type
,
1308 opt_type
== BGP_OPEN_OPT_AUTH
1310 : opt_type
== BGP_OPEN_OPT_CAP
1316 case BGP_OPEN_OPT_AUTH
:
1317 ret
= bgp_auth_parse(peer
, opt_length
);
1319 case BGP_OPEN_OPT_CAP
:
1320 ret
= bgp_capability_parse(peer
, opt_length
,
1321 mp_capability
, &error
);
1324 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1325 BGP_NOTIFY_OPEN_UNSUP_PARAM
);
1330 /* Parse error. To accumulate all unsupported capability codes,
1331 bgp_capability_parse does not return -1 when encounter
1332 unsupported capability code. To detect that, please check
1333 error and erro_data pointer, like below. */
1338 /* All OPEN option is parsed. Check capability when strict compare
1340 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_STRICT_CAP_MATCH
)) {
1341 /* If Unsupported Capability exists. */
1342 if (error
!= error_data
) {
1343 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1344 BGP_NOTIFY_OPEN_UNSUP_CAPBL
,
1346 error
- error_data
);
1350 /* Check local capability does not negotiated with remote
1352 if (!strict_capability_same(peer
)) {
1353 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1354 BGP_NOTIFY_OPEN_UNSUP_CAPBL
);
1359 /* Extended Message Support */
1360 peer
->max_packet_size
=
1361 (CHECK_FLAG(peer
->cap
, PEER_CAP_EXTENDED_MESSAGE_RCV
)
1362 && CHECK_FLAG(peer
->cap
, PEER_CAP_EXTENDED_MESSAGE_ADV
))
1363 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1364 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE
;
1366 /* Check that roles are corresponding to each other */
1367 if (bgp_role_violation(peer
))
1370 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1373 && !CHECK_FLAG(peer
->flags
, PEER_FLAG_OVERRIDE_CAPABILITY
)) {
1374 if (!peer
->afc_nego
[AFI_IP
][SAFI_UNICAST
]
1375 && !peer
->afc_nego
[AFI_IP
][SAFI_MULTICAST
]
1376 && !peer
->afc_nego
[AFI_IP
][SAFI_LABELED_UNICAST
]
1377 && !peer
->afc_nego
[AFI_IP
][SAFI_MPLS_VPN
]
1378 && !peer
->afc_nego
[AFI_IP
][SAFI_ENCAP
]
1379 && !peer
->afc_nego
[AFI_IP
][SAFI_FLOWSPEC
]
1380 && !peer
->afc_nego
[AFI_IP6
][SAFI_UNICAST
]
1381 && !peer
->afc_nego
[AFI_IP6
][SAFI_MULTICAST
]
1382 && !peer
->afc_nego
[AFI_IP6
][SAFI_LABELED_UNICAST
]
1383 && !peer
->afc_nego
[AFI_IP6
][SAFI_MPLS_VPN
]
1384 && !peer
->afc_nego
[AFI_IP6
][SAFI_ENCAP
]
1385 && !peer
->afc_nego
[AFI_IP6
][SAFI_FLOWSPEC
]
1386 && !peer
->afc_nego
[AFI_L2VPN
][SAFI_EVPN
]) {
1387 flog_err(EC_BGP_PKT_OPEN
,
1388 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1391 if (error
!= error_data
)
1392 bgp_notify_send_with_data(
1393 peer
, BGP_NOTIFY_OPEN_ERR
,
1394 BGP_NOTIFY_OPEN_UNSUP_CAPBL
, error_data
,
1395 error
- error_data
);
1397 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
1398 BGP_NOTIFY_OPEN_UNSUP_CAPBL
);
1405 static void bgp_open_capability_orf(struct stream
*s
, struct peer
*peer
,
1406 afi_t afi
, safi_t safi
, uint8_t code
,
1407 bool ext_opt_params
)
1413 unsigned long numberp
;
1414 int number_of_orfs
= 0;
1415 iana_afi_t pkt_afi
= IANA_AFI_IPV4
;
1416 iana_safi_t pkt_safi
= IANA_SAFI_UNICAST
;
1418 /* Convert AFI, SAFI to values for packet. */
1419 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
1421 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1422 capp
= stream_get_endp(s
); /* Set Capability Len Pointer */
1423 ext_opt_params
? stream_putw(s
, 0)
1424 : stream_putc(s
, 0); /* Capability Length */
1425 stream_putc(s
, code
); /* Capability Code */
1426 orfp
= stream_get_endp(s
); /* Set ORF Len Pointer */
1427 stream_putc(s
, 0); /* ORF Length */
1428 stream_putw(s
, pkt_afi
);
1430 stream_putc(s
, pkt_safi
);
1431 numberp
= stream_get_endp(s
); /* Set Number Pointer */
1432 stream_putc(s
, 0); /* Number of ORFs */
1434 /* Address Prefix ORF */
1435 if (CHECK_FLAG(peer
->af_flags
[afi
][safi
], PEER_FLAG_ORF_PREFIX_SM
)
1436 || CHECK_FLAG(peer
->af_flags
[afi
][safi
], PEER_FLAG_ORF_PREFIX_RM
)) {
1437 stream_putc(s
, (code
== CAPABILITY_CODE_ORF
1439 : ORF_TYPE_PREFIX_OLD
));
1441 if (CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1442 PEER_FLAG_ORF_PREFIX_SM
)
1443 && CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1444 PEER_FLAG_ORF_PREFIX_RM
)) {
1445 SET_FLAG(peer
->af_cap
[afi
][safi
],
1446 PEER_CAP_ORF_PREFIX_SM_ADV
);
1447 SET_FLAG(peer
->af_cap
[afi
][safi
],
1448 PEER_CAP_ORF_PREFIX_RM_ADV
);
1449 stream_putc(s
, ORF_MODE_BOTH
);
1450 } else if (CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1451 PEER_FLAG_ORF_PREFIX_SM
)) {
1452 SET_FLAG(peer
->af_cap
[afi
][safi
],
1453 PEER_CAP_ORF_PREFIX_SM_ADV
);
1454 stream_putc(s
, ORF_MODE_SEND
);
1456 SET_FLAG(peer
->af_cap
[afi
][safi
],
1457 PEER_CAP_ORF_PREFIX_RM_ADV
);
1458 stream_putc(s
, ORF_MODE_RECEIVE
);
1463 /* Total Number of ORFs. */
1464 stream_putc_at(s
, numberp
, number_of_orfs
);
1466 /* Total ORF Len. */
1467 orf_len
= stream_get_endp(s
) - orfp
- 1;
1468 stream_putc_at(s
, orfp
, orf_len
);
1470 /* Total Capability Len. */
1471 cap_len
= stream_get_endp(s
) - capp
- 1;
1472 ext_opt_params
? stream_putw_at(s
, capp
, cap_len
)
1473 : stream_putc_at(s
, capp
, cap_len
);
1476 static void bgp_peer_send_gr_capability(struct stream
*s
, struct peer
*peer
,
1477 bool ext_opt_params
)
1480 iana_afi_t pkt_afi
= IANA_AFI_IPV4
;
1483 iana_safi_t pkt_safi
= IANA_SAFI_UNICAST
;
1484 uint32_t restart_time
;
1485 unsigned long capp
= 0;
1486 unsigned long rcapp
= 0;
1488 if (!CHECK_FLAG(peer
->flags
, PEER_FLAG_GRACEFUL_RESTART
)
1489 && !CHECK_FLAG(peer
->flags
, PEER_FLAG_GRACEFUL_RESTART_HELPER
))
1492 if (BGP_DEBUG(graceful_restart
, GRACEFUL_RESTART
))
1493 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1496 SET_FLAG(peer
->cap
, PEER_CAP_RESTART_ADV
);
1497 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1498 capp
= stream_get_endp(s
); /* Set Capability Len Pointer */
1499 ext_opt_params
? stream_putw(s
, 0)
1500 : stream_putc(s
, 0); /* Capability Length */
1501 stream_putc(s
, CAPABILITY_CODE_RESTART
);
1502 /* Set Restart Capability Len Pointer */
1503 rcapp
= stream_get_endp(s
);
1505 restart_time
= peer
->bgp
->restart_time
;
1506 if (peer
->bgp
->t_startup
) {
1507 SET_FLAG(restart_time
, GRACEFUL_RESTART_R_BIT
);
1508 SET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV
);
1509 if (BGP_DEBUG(graceful_restart
, GRACEFUL_RESTART
))
1510 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1514 if (CHECK_FLAG(peer
->bgp
->flags
, BGP_FLAG_GRACEFUL_NOTIFICATION
)) {
1515 SET_FLAG(restart_time
, GRACEFUL_RESTART_N_BIT
);
1516 SET_FLAG(peer
->cap
, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV
);
1517 if (BGP_DEBUG(graceful_restart
, GRACEFUL_RESTART
))
1518 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1522 stream_putw(s
, restart_time
);
1524 /* Send address-family specific graceful-restart capability
1525 * only when GR config is present
1527 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_GRACEFUL_RESTART
)) {
1528 if (CHECK_FLAG(peer
->bgp
->flags
, BGP_FLAG_GR_PRESERVE_FWD
)
1529 && BGP_DEBUG(graceful_restart
, GRACEFUL_RESTART
))
1530 zlog_debug("[BGP_GR] F bit Set");
1532 FOREACH_AFI_SAFI (afi
, safi
) {
1533 if (!peer
->afc
[afi
][safi
])
1536 if (BGP_DEBUG(graceful_restart
, GRACEFUL_RESTART
))
1538 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1541 /* Convert AFI, SAFI to values for
1544 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
,
1546 stream_putw(s
, pkt_afi
);
1547 stream_putc(s
, pkt_safi
);
1548 if (CHECK_FLAG(peer
->bgp
->flags
,
1549 BGP_FLAG_GR_PRESERVE_FWD
))
1550 stream_putc(s
, GRACEFUL_RESTART_F_BIT
);
1556 /* Total Graceful restart capability Len. */
1557 len
= stream_get_endp(s
) - rcapp
- 1;
1558 stream_putc_at(s
, rcapp
, len
);
1560 /* Total Capability Len. */
1561 len
= stream_get_endp(s
) - capp
- 1;
1562 ext_opt_params
? stream_putw_at(s
, capp
, len
- 1)
1563 : stream_putc_at(s
, capp
, len
);
1566 static void bgp_peer_send_llgr_capability(struct stream
*s
, struct peer
*peer
,
1567 bool ext_opt_params
)
1570 iana_afi_t pkt_afi
= IANA_AFI_IPV4
;
1573 iana_safi_t pkt_safi
= IANA_SAFI_UNICAST
;
1574 unsigned long capp
= 0;
1575 unsigned long rcapp
= 0;
1577 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_RESTART_ADV
))
1580 SET_FLAG(peer
->cap
, PEER_CAP_LLGR_ADV
);
1582 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1583 capp
= stream_get_endp(s
); /* Set Capability Len Pointer */
1584 ext_opt_params
? stream_putw(s
, 0)
1585 : stream_putc(s
, 0); /* Capability Length */
1586 stream_putc(s
, CAPABILITY_CODE_LLGR
);
1588 rcapp
= stream_get_endp(s
);
1591 FOREACH_AFI_SAFI (afi
, safi
) {
1592 if (!peer
->afc
[afi
][safi
])
1595 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
1597 stream_putw(s
, pkt_afi
);
1598 stream_putc(s
, pkt_safi
);
1599 stream_putc(s
, LLGR_F_BIT
);
1600 stream_put3(s
, peer
->bgp
->llgr_stale_time
);
1602 SET_FLAG(peer
->af_cap
[afi
][safi
], PEER_CAP_LLGR_AF_ADV
);
1605 /* Total Long-lived Graceful Restart capability Len. */
1606 len
= stream_get_endp(s
) - rcapp
- 1;
1607 stream_putc_at(s
, rcapp
, len
);
1609 /* Total Capability Len. */
1610 len
= stream_get_endp(s
) - capp
- 1;
1611 ext_opt_params
? stream_putw_at(s
, capp
, len
- 1)
1612 : stream_putc_at(s
, capp
, len
);
1615 /* Fill in capability open option to the packet. */
1616 uint16_t bgp_open_capability(struct stream
*s
, struct peer
*peer
,
1617 bool ext_opt_params
)
1620 unsigned long cp
, capp
, rcapp
, eopl
= 0;
1621 iana_afi_t pkt_afi
= IANA_AFI_IPV4
;
1624 iana_safi_t pkt_safi
= IANA_SAFI_UNICAST
;
1626 uint8_t afi_safi_count
= 0;
1627 int adv_addpath_tx
= 0;
1629 /* Non-Ext OP Len. */
1630 cp
= stream_get_endp(s
);
1633 if (ext_opt_params
) {
1634 /* Non-Ext OP Len. */
1635 stream_putc_at(s
, cp
, BGP_OPEN_NON_EXT_OPT_LEN
);
1637 /* Non-Ext OP Type */
1638 stream_putc(s
, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH
);
1640 /* Extended Opt. Parm. Length */
1641 eopl
= stream_get_endp(s
);
1645 /* Do not send capability. */
1646 if (!CHECK_FLAG(peer
->sflags
, PEER_STATUS_CAPABILITY_OPEN
)
1647 || CHECK_FLAG(peer
->flags
, PEER_FLAG_DONT_CAPABILITY
))
1650 /* MP capability for configured AFI, SAFI */
1651 FOREACH_AFI_SAFI (afi
, safi
) {
1652 if (peer
->afc
[afi
][safi
]) {
1653 /* Convert AFI, SAFI to values for packet. */
1654 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
,
1657 peer
->afc_adv
[afi
][safi
] = 1;
1658 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1660 ? stream_putw(s
, CAPABILITY_CODE_MP_LEN
+ 2)
1661 : stream_putc(s
, CAPABILITY_CODE_MP_LEN
+ 2);
1662 stream_putc(s
, CAPABILITY_CODE_MP
);
1663 stream_putc(s
, CAPABILITY_CODE_MP_LEN
);
1664 stream_putw(s
, pkt_afi
);
1666 stream_putc(s
, pkt_safi
);
1668 /* Extended nexthop capability - currently
1669 * supporting RFC-5549 for
1670 * Link-Local peering only
1672 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_CAPABILITY_ENHE
)
1673 && peer
->su
.sa
.sa_family
== AF_INET6
1675 && (safi
== SAFI_UNICAST
|| safi
== SAFI_MPLS_VPN
1676 || safi
== SAFI_LABELED_UNICAST
)) {
1677 /* RFC 5549 Extended Next Hop Encoding
1679 SET_FLAG(peer
->cap
, PEER_CAP_ENHE_ADV
);
1680 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1683 CAPABILITY_CODE_ENHE_LEN
1686 CAPABILITY_CODE_ENHE_LEN
1688 stream_putc(s
, CAPABILITY_CODE_ENHE
);
1689 stream_putc(s
, CAPABILITY_CODE_ENHE_LEN
);
1691 SET_FLAG(peer
->af_cap
[AFI_IP
][safi
],
1692 PEER_CAP_ENHE_AF_ADV
);
1693 stream_putw(s
, pkt_afi
);
1694 stream_putw(s
, pkt_safi
);
1695 stream_putw(s
, afi_int2iana(AFI_IP6
));
1697 if (CHECK_FLAG(peer
->af_cap
[afi
][safi
],
1698 PEER_CAP_ENHE_AF_RCV
))
1699 SET_FLAG(peer
->af_cap
[afi
][safi
],
1700 PEER_CAP_ENHE_AF_NEGO
);
1705 /* Route refresh. */
1706 SET_FLAG(peer
->cap
, PEER_CAP_REFRESH_ADV
);
1707 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1708 ext_opt_params
? stream_putw(s
, CAPABILITY_CODE_REFRESH_LEN
+ 2)
1709 : stream_putc(s
, CAPABILITY_CODE_REFRESH_LEN
+ 2);
1710 stream_putc(s
, CAPABILITY_CODE_REFRESH_OLD
);
1711 stream_putc(s
, CAPABILITY_CODE_REFRESH_LEN
);
1712 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1713 ext_opt_params
? stream_putw(s
, CAPABILITY_CODE_REFRESH_LEN
+ 2)
1714 : stream_putc(s
, CAPABILITY_CODE_REFRESH_LEN
+ 2);
1715 stream_putc(s
, CAPABILITY_CODE_REFRESH
);
1716 stream_putc(s
, CAPABILITY_CODE_REFRESH_LEN
);
1718 /* Enhanced Route Refresh. */
1719 SET_FLAG(peer
->cap
, PEER_CAP_ENHANCED_RR_ADV
);
1720 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1721 ext_opt_params
? stream_putw(s
, CAPABILITY_CODE_ENHANCED_LEN
+ 2)
1722 : stream_putc(s
, CAPABILITY_CODE_ENHANCED_LEN
+ 2);
1723 stream_putc(s
, CAPABILITY_CODE_ENHANCED_RR
);
1724 stream_putc(s
, CAPABILITY_CODE_ENHANCED_LEN
);
1727 SET_FLAG(peer
->cap
, PEER_CAP_AS4_ADV
);
1728 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1729 ext_opt_params
? stream_putw(s
, CAPABILITY_CODE_AS4_LEN
+ 2)
1730 : stream_putc(s
, CAPABILITY_CODE_AS4_LEN
+ 2);
1731 stream_putc(s
, CAPABILITY_CODE_AS4
);
1732 stream_putc(s
, CAPABILITY_CODE_AS4_LEN
);
1733 if (peer
->change_local_as
)
1734 local_as
= peer
->change_local_as
;
1736 local_as
= peer
->local_as
;
1737 stream_putl(s
, local_as
);
1739 /* Extended Message Support */
1740 SET_FLAG(peer
->cap
, PEER_CAP_EXTENDED_MESSAGE_ADV
);
1741 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1742 ext_opt_params
? stream_putw(s
, CAPABILITY_CODE_EXT_MESSAGE_LEN
+ 2)
1743 : stream_putc(s
, CAPABILITY_CODE_EXT_MESSAGE_LEN
+ 2);
1744 stream_putc(s
, CAPABILITY_CODE_EXT_MESSAGE
);
1745 stream_putc(s
, CAPABILITY_CODE_EXT_MESSAGE_LEN
);
1748 if (peer
->local_role
!= ROLE_UNDEFINED
) {
1749 SET_FLAG(peer
->cap
, PEER_CAP_ROLE_ADV
);
1750 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1751 stream_putc(s
, CAPABILITY_CODE_ROLE_LEN
+ 2);
1752 stream_putc(s
, CAPABILITY_CODE_ROLE
);
1753 stream_putc(s
, CAPABILITY_CODE_ROLE_LEN
);
1754 stream_putc(s
, peer
->local_role
);
1758 FOREACH_AFI_SAFI (afi
, safi
) {
1759 if (peer
->afc
[afi
][safi
]) {
1762 /* Only advertise addpath TX if a feature that
1765 if (peer
->addpath_type
[afi
][safi
] != BGP_ADDPATH_NONE
)
1770 SET_FLAG(peer
->cap
, PEER_CAP_ADDPATH_ADV
);
1771 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1773 ? stream_putw(s
, (CAPABILITY_CODE_ADDPATH_LEN
* afi_safi_count
)
1775 : stream_putc(s
, (CAPABILITY_CODE_ADDPATH_LEN
* afi_safi_count
)
1777 stream_putc(s
, CAPABILITY_CODE_ADDPATH
);
1778 stream_putc(s
, CAPABILITY_CODE_ADDPATH_LEN
* afi_safi_count
);
1780 FOREACH_AFI_SAFI (afi
, safi
) {
1781 if (peer
->afc
[afi
][safi
]) {
1782 bool adv_addpath_rx
=
1783 !CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1784 PEER_FLAG_DISABLE_ADDPATH_RX
);
1787 /* Convert AFI, SAFI to values for packet. */
1788 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
,
1791 stream_putw(s
, pkt_afi
);
1792 stream_putc(s
, pkt_safi
);
1794 if (adv_addpath_rx
) {
1795 SET_FLAG(flags
, BGP_ADDPATH_RX
);
1796 SET_FLAG(peer
->af_cap
[afi
][safi
],
1797 PEER_CAP_ADDPATH_AF_RX_ADV
);
1799 UNSET_FLAG(peer
->af_cap
[afi
][safi
],
1800 PEER_CAP_ADDPATH_AF_RX_ADV
);
1803 if (adv_addpath_tx
) {
1804 SET_FLAG(flags
, BGP_ADDPATH_TX
);
1805 SET_FLAG(peer
->af_cap
[afi
][safi
],
1806 PEER_CAP_ADDPATH_AF_TX_ADV
);
1808 UNSET_FLAG(peer
->af_cap
[afi
][safi
],
1809 PEER_CAP_ADDPATH_AF_TX_ADV
);
1812 stream_putc(s
, flags
);
1816 /* ORF capability. */
1817 FOREACH_AFI_SAFI (afi
, safi
) {
1818 if (CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1819 PEER_FLAG_ORF_PREFIX_SM
)
1820 || CHECK_FLAG(peer
->af_flags
[afi
][safi
],
1821 PEER_FLAG_ORF_PREFIX_RM
)) {
1822 bgp_open_capability_orf(s
, peer
, afi
, safi
,
1823 CAPABILITY_CODE_ORF_OLD
,
1825 bgp_open_capability_orf(s
, peer
, afi
, safi
,
1826 CAPABILITY_CODE_ORF
,
1831 /* Dynamic capability. */
1832 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_DYNAMIC_CAPABILITY
)) {
1833 SET_FLAG(peer
->cap
, PEER_CAP_DYNAMIC_ADV
);
1834 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1836 ? stream_putw(s
, CAPABILITY_CODE_DYNAMIC_LEN
+ 2)
1837 : stream_putc(s
, CAPABILITY_CODE_DYNAMIC_LEN
+ 2);
1838 stream_putc(s
, CAPABILITY_CODE_DYNAMIC_OLD
);
1839 stream_putc(s
, CAPABILITY_CODE_DYNAMIC_LEN
);
1840 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1842 ? stream_putw(s
, CAPABILITY_CODE_DYNAMIC_LEN
+ 2)
1843 : stream_putc(s
, CAPABILITY_CODE_DYNAMIC_LEN
+ 2);
1844 stream_putc(s
, CAPABILITY_CODE_DYNAMIC
);
1845 stream_putc(s
, CAPABILITY_CODE_DYNAMIC_LEN
);
1848 /* Hostname capability */
1849 if (cmd_hostname_get()) {
1850 SET_FLAG(peer
->cap
, PEER_CAP_HOSTNAME_ADV
);
1851 stream_putc(s
, BGP_OPEN_OPT_CAP
);
1852 rcapp
= stream_get_endp(s
); /* Ptr to length placeholder */
1853 ext_opt_params
? stream_putw(s
, 0)
1854 : stream_putc(s
, 0); /* Capability Length */
1855 stream_putc(s
, CAPABILITY_CODE_FQDN
);
1856 capp
= stream_get_endp(s
);
1857 stream_putc(s
, 0); /* dummy len for now */
1858 len
= strlen(cmd_hostname_get());
1859 if (len
> BGP_MAX_HOSTNAME
)
1860 len
= BGP_MAX_HOSTNAME
;
1862 stream_putc(s
, len
);
1863 stream_put(s
, cmd_hostname_get(), len
);
1864 if (cmd_domainname_get()) {
1865 len
= strlen(cmd_domainname_get());
1866 if (len
> BGP_MAX_HOSTNAME
)
1867 len
= BGP_MAX_HOSTNAME
;
1869 stream_putc(s
, len
);
1870 stream_put(s
, cmd_domainname_get(), len
);
1872 stream_putc(s
, 0); /* 0 length */
1874 /* Set the lengths straight */
1875 len
= stream_get_endp(s
) - rcapp
- 1;
1876 ext_opt_params
? stream_putw_at(s
, rcapp
, len
- 1)
1877 : stream_putc_at(s
, rcapp
, len
);
1879 len
= stream_get_endp(s
) - capp
- 1;
1880 stream_putc_at(s
, capp
, len
);
1882 if (bgp_debug_neighbor_events(peer
))
1884 "%s Sending hostname cap with hn = %s, dn = %s",
1885 peer
->host
, cmd_hostname_get(),
1886 cmd_domainname_get());
1889 bgp_peer_send_gr_capability(s
, peer
, ext_opt_params
);
1890 bgp_peer_send_llgr_capability(s
, peer
, ext_opt_params
);
1892 /* Total Opt Parm Len. */
1893 len
= stream_get_endp(s
) - cp
- 1;
1895 if (ext_opt_params
) {
1896 len
= stream_get_endp(s
) - eopl
- 2;
1897 stream_putw_at(s
, eopl
, len
);
1899 stream_putc_at(s
, cp
, len
);