]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12251 from donaldsharp/various_and_sundry
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE, "Role"},
62 {0}};
63
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
82 };
83
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89 static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
104 [CAPABILITY_CODE_LLGR] = 1,
105 [CAPABILITY_CODE_ROLE] = 1,
106 };
107
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
117
118 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
120 {
121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 default:
171 json_object_int_add(
172 json_cap,
173 "capabilityErrorMultiProtocolAfiUnknown",
174 ntohs(mpc.afi));
175 break;
176 }
177 switch (safi) {
178 case SAFI_UNICAST:
179 json_object_string_add(
180 json_cap,
181 "capabilityErrorMultiProtocolSafi",
182 "unicast");
183 break;
184 case SAFI_MULTICAST:
185 json_object_string_add(
186 json_cap,
187 "capabilityErrorMultiProtocolSafi",
188 "multicast");
189 break;
190 case SAFI_LABELED_UNICAST:
191 json_object_string_add(
192 json_cap,
193 "capabilityErrorMultiProtocolSafi",
194 "labeled-unicast");
195 break;
196 case SAFI_MPLS_VPN:
197 json_object_string_add(
198 json_cap,
199 "capabilityErrorMultiProtocolSafi",
200 "MPLS-labeled VPN");
201 break;
202 case SAFI_ENCAP:
203 json_object_string_add(
204 json_cap,
205 "capabilityErrorMultiProtocolSafi",
206 "encap");
207 break;
208 case SAFI_EVPN:
209 json_object_string_add(
210 json_cap,
211 "capabilityErrorMultiProtocolSafi",
212 "EVPN");
213 break;
214 case SAFI_FLOWSPEC:
215 json_object_string_add(
216 json_cap,
217 "capabilityErrorMultiProtocolSafi",
218 "flowspec");
219 break;
220 default:
221 json_object_int_add(
222 json_cap,
223 "capabilityErrorMultiProtocolSafiUnknown",
224 mpc.safi);
225 break;
226 }
227 } else {
228 vty_out(vty,
229 " Capability error for: Multi protocol ");
230 switch (afi) {
231 case AFI_IP:
232 vty_out(vty, "AFI IPv4, ");
233 break;
234 case AFI_IP6:
235 vty_out(vty, "AFI IPv6, ");
236 break;
237 case AFI_L2VPN:
238 vty_out(vty, "AFI L2VPN, ");
239 break;
240 default:
241 vty_out(vty, "AFI Unknown %d, ",
242 ntohs(mpc.afi));
243 break;
244 }
245 switch (safi) {
246 case SAFI_UNICAST:
247 vty_out(vty, "SAFI Unicast");
248 break;
249 case SAFI_MULTICAST:
250 vty_out(vty, "SAFI Multicast");
251 break;
252 case SAFI_LABELED_UNICAST:
253 vty_out(vty, "SAFI Labeled-unicast");
254 break;
255 case SAFI_MPLS_VPN:
256 vty_out(vty, "SAFI MPLS-labeled VPN");
257 break;
258 case SAFI_ENCAP:
259 vty_out(vty, "SAFI ENCAP");
260 break;
261 case SAFI_FLOWSPEC:
262 vty_out(vty, "SAFI FLOWSPEC");
263 break;
264 case SAFI_EVPN:
265 vty_out(vty, "SAFI EVPN");
266 break;
267 default:
268 vty_out(vty, "SAFI Unknown %d ",
269 mpc.safi);
270 break;
271 }
272 vty_out(vty, "\n");
273 }
274 } else if (hdr->code >= 128) {
275 if (use_json)
276 json_object_int_add(
277 json_cap,
278 "capabilityErrorVendorSpecificCapabilityCode",
279 hdr->code);
280 else
281 vty_out(vty,
282 " Capability error: vendor specific capability code %d",
283 hdr->code);
284 } else {
285 if (use_json)
286 json_object_int_add(
287 json_cap,
288 "capabilityErrorUnknownCapabilityCode",
289 hdr->code);
290 else
291 vty_out(vty,
292 " Capability error: unknown capability code %d",
293 hdr->code);
294 }
295 pnt += hdr->length + 2;
296 }
297 if (use_json)
298 json_object_object_add(json_neigh, "capabilityErrors",
299 json_cap);
300 }
301
302 static void bgp_capability_mp_data(struct stream *s,
303 struct capability_mp_data *mpc)
304 {
305 mpc->afi = stream_getw(s);
306 mpc->reserved = stream_getc(s);
307 mpc->safi = stream_getc(s);
308 }
309
310 /* Set negotiated capability value. */
311 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
312 {
313 struct capability_mp_data mpc;
314 struct stream *s = BGP_INPUT(peer);
315 afi_t afi;
316 safi_t safi;
317
318 /* Verify length is 4 */
319 if (hdr->length != 4) {
320 flog_warn(
321 EC_BGP_CAPABILITY_INVALID_LENGTH,
322 "MP Cap: Received invalid length %d, non-multiple of 4",
323 hdr->length);
324 return -1;
325 }
326
327 bgp_capability_mp_data(s, &mpc);
328
329 if (bgp_debug_neighbor_events(peer))
330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
332 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
333
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
336 return -1;
337
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer->afc_recv[afi][safi] = 1;
340
341 if (peer->afc[afi][safi])
342 peer->afc_nego[afi][safi] = 1;
343 else
344 return -1;
345
346 return 0;
347 }
348
349 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
350 iana_safi_t safi, uint8_t type,
351 uint8_t mode)
352 {
353 if (bgp_debug_neighbor_events(peer))
354 zlog_debug(
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer->host, afi, safi, type, mode);
357 }
358
359 static const struct message orf_type_str[] = {
360 {ORF_TYPE_RESERVED, "Reserved"},
361 {ORF_TYPE_PREFIX, "Prefixlist"},
362 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
363 {0}};
364
365 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
366 {ORF_MODE_SEND, "Send"},
367 {ORF_MODE_BOTH, "Both"},
368 {0}};
369
370 static int bgp_capability_orf_entry(struct peer *peer,
371 struct capability_header *hdr)
372 {
373 struct stream *s = BGP_INPUT(peer);
374 struct capability_mp_data mpc;
375 uint8_t num;
376 iana_afi_t pkt_afi;
377 afi_t afi;
378 iana_safi_t pkt_safi;
379 safi_t safi;
380 uint8_t type;
381 uint8_t mode;
382 uint16_t sm_cap = 0; /* capability send-mode receive */
383 uint16_t rm_cap = 0; /* capability receive-mode receive */
384 int i;
385
386 /* ORF Entry header */
387 bgp_capability_mp_data(s, &mpc);
388 num = stream_getc(s);
389 pkt_afi = mpc.afi;
390 pkt_safi = mpc.safi;
391
392 if (bgp_debug_neighbor_events(peer))
393 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
394 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
395
396 /* Convert AFI, SAFI to internal values, check. */
397 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
398 zlog_info(
399 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
400 peer->host, pkt_afi, pkt_safi);
401 return 0;
402 }
403
404 mpc.afi = pkt_afi;
405 mpc.safi = safi;
406
407 /* validate number field */
408 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
409 zlog_info(
410 "%s ORF Capability entry length error, Cap length %u, num %u",
411 peer->host, hdr->length, num);
412 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
413 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
414 return -1;
415 }
416
417 for (i = 0; i < num; i++) {
418 type = stream_getc(s);
419 mode = stream_getc(s);
420
421 /* ORF Mode error check */
422 switch (mode) {
423 case ORF_MODE_BOTH:
424 case ORF_MODE_SEND:
425 case ORF_MODE_RECEIVE:
426 break;
427 default:
428 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
429 type, mode);
430 continue;
431 }
432 /* ORF Type and afi/safi error checks */
433 /* capcode versus type */
434 switch (hdr->code) {
435 case CAPABILITY_CODE_ORF:
436 switch (type) {
437 case ORF_TYPE_RESERVED:
438 if (bgp_debug_neighbor_events(peer))
439 zlog_debug(
440 "%s Addr-family %d/%d has reserved ORF type, ignoring",
441 peer->host, afi, safi);
442 break;
443 case ORF_TYPE_PREFIX:
444 break;
445 default:
446 bgp_capability_orf_not_support(
447 peer, pkt_afi, pkt_safi, type, mode);
448 continue;
449 }
450 break;
451 case CAPABILITY_CODE_ORF_OLD:
452 switch (type) {
453 case ORF_TYPE_RESERVED:
454 if (bgp_debug_neighbor_events(peer))
455 zlog_debug(
456 "%s Addr-family %d/%d has reserved ORF type, ignoring",
457 peer->host, afi, safi);
458 break;
459 case ORF_TYPE_PREFIX_OLD:
460 break;
461 default:
462 bgp_capability_orf_not_support(
463 peer, pkt_afi, pkt_safi, type, mode);
464 continue;
465 }
466 break;
467 default:
468 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
469 type, mode);
470 continue;
471 }
472
473 /* AFI vs SAFI */
474 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
475 || (afi == AFI_IP && safi == SAFI_MULTICAST)
476 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
477 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
478 type, mode);
479 continue;
480 }
481
482 if (bgp_debug_neighbor_events(peer))
483 zlog_debug(
484 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
485 peer->host,
486 lookup_msg(orf_type_str, type, NULL),
487 lookup_msg(orf_mode_str, mode, NULL),
488 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
489
490 if (hdr->code == CAPABILITY_CODE_ORF) {
491 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
492 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
493 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
494 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
495 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
496 } else {
497 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
498 type, mode);
499 continue;
500 }
501
502 switch (mode) {
503 case ORF_MODE_BOTH:
504 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
505 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
506 break;
507 case ORF_MODE_SEND:
508 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
509 break;
510 case ORF_MODE_RECEIVE:
511 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
512 break;
513 }
514 }
515 return 0;
516 }
517
518 static int bgp_capability_restart(struct peer *peer,
519 struct capability_header *caphdr)
520 {
521 struct stream *s = BGP_INPUT(peer);
522 uint16_t restart_flag_time;
523 size_t end = stream_get_getp(s) + caphdr->length;
524
525 /* Verify length is a multiple of 4 */
526 if ((caphdr->length - 2) % 4) {
527 flog_warn(
528 EC_BGP_CAPABILITY_INVALID_LENGTH,
529 "Restart Cap: Received invalid length %d, non-multiple of 4",
530 caphdr->length);
531 return -1;
532 }
533
534 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
535 restart_flag_time = stream_getw(s);
536
537 /* The most significant bit is defined in [RFC4724] as
538 * the Restart State ("R") bit.
539 */
540 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
542 else
543 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
544
545 /* The second most significant bit is defined in this
546 * document as the Graceful Notification ("N") bit.
547 */
548 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
549 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
550 else
551 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
552
553 UNSET_FLAG(restart_flag_time, 0xF000);
554 peer->v_gr_restart = restart_flag_time;
555
556 if (bgp_debug_neighbor_events(peer)) {
557 zlog_debug(
558 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
559 peer->host,
560 CHECK_FLAG(peer->cap,
561 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
562 ? " "
563 : " not ",
564 peer->v_gr_restart,
565 CHECK_FLAG(peer->cap,
566 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
567 ? "yes"
568 : "no");
569 }
570
571 while (stream_get_getp(s) + 4 <= end) {
572 afi_t afi;
573 safi_t safi;
574 iana_afi_t pkt_afi = stream_getw(s);
575 iana_safi_t pkt_safi = stream_getc(s);
576 uint8_t flag = stream_getc(s);
577
578 /* Convert AFI, SAFI to internal values, check. */
579 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
580 if (bgp_debug_neighbor_events(peer))
581 zlog_debug(
582 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
583 peer->host, iana_afi2str(pkt_afi),
584 iana_safi2str(pkt_safi));
585 } else if (!peer->afc[afi][safi]) {
586 if (bgp_debug_neighbor_events(peer))
587 zlog_debug(
588 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
589 peer->host, iana_afi2str(pkt_afi),
590 iana_safi2str(pkt_safi));
591 } else {
592 if (bgp_debug_neighbor_events(peer))
593 zlog_debug(
594 "%s Address family %s is%spreserved",
595 peer->host, get_afi_safi_str(afi, safi, false),
596 CHECK_FLAG(
597 peer->af_cap[afi][safi],
598 PEER_CAP_RESTART_AF_PRESERVE_RCV)
599 ? " "
600 : " not ");
601
602 SET_FLAG(peer->af_cap[afi][safi],
603 PEER_CAP_RESTART_AF_RCV);
604 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
605 SET_FLAG(peer->af_cap[afi][safi],
606 PEER_CAP_RESTART_AF_PRESERVE_RCV);
607 }
608 }
609 return 0;
610 }
611
612 static int bgp_capability_llgr(struct peer *peer,
613 struct capability_header *caphdr)
614 {
615 struct stream *s = BGP_INPUT(peer);
616 size_t end = stream_get_getp(s) + caphdr->length;
617
618 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
619
620 while (stream_get_getp(s) + 4 <= end) {
621 afi_t afi;
622 safi_t safi;
623 iana_afi_t pkt_afi = stream_getw(s);
624 iana_safi_t pkt_safi = stream_getc(s);
625 uint8_t flags = stream_getc(s);
626 uint32_t stale_time = stream_get3(s);
627
628 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
629 if (bgp_debug_neighbor_events(peer))
630 zlog_debug(
631 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
632 peer->host, iana_afi2str(pkt_afi),
633 iana_safi2str(pkt_safi));
634 } else if (!peer->afc[afi][safi]
635 || !CHECK_FLAG(peer->af_cap[afi][safi],
636 PEER_CAP_RESTART_AF_RCV)) {
637 if (bgp_debug_neighbor_events(peer))
638 zlog_debug(
639 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
640 peer->host, iana_afi2str(pkt_afi),
641 iana_safi2str(pkt_safi));
642 } else {
643 if (bgp_debug_neighbor_events(peer))
644 zlog_debug(
645 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
646 peer->host, iana_afi2str(pkt_afi),
647 iana_safi2str(pkt_safi), stale_time);
648
649 peer->llgr[afi][safi].flags = flags;
650 peer->llgr[afi][safi].stale_time =
651 MIN(stale_time, peer->bgp->llgr_stale_time);
652 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
653 }
654 }
655
656 return 0;
657 }
658
659 /* Unlike other capability parsing routines, this one returns 0 on error */
660 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
661 {
662 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
663
664 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
665 flog_err(EC_BGP_PKT_OPEN,
666 "%s AS4 capability has incorrect data length %d",
667 peer->host, hdr->length);
668 return 0;
669 }
670
671 as_t as4 = stream_getl(BGP_INPUT(peer));
672
673 if (BGP_DEBUG(as4, AS4))
674 zlog_debug(
675 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
676 peer->host, as4);
677 return as4;
678 }
679
680 static int bgp_capability_ext_message(struct peer *peer,
681 struct capability_header *hdr)
682 {
683 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
684 flog_err(
685 EC_BGP_PKT_OPEN,
686 "%s: BGP Extended Message capability has incorrect data length %d",
687 peer->host, hdr->length);
688 return -1;
689 }
690
691 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
692
693 return 0;
694 }
695
696 static int bgp_capability_addpath(struct peer *peer,
697 struct capability_header *hdr)
698 {
699 struct stream *s = BGP_INPUT(peer);
700 size_t end = stream_get_getp(s) + hdr->length;
701
702 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
703
704 /* Verify length is a multiple of 4 */
705 if (hdr->length % 4) {
706 flog_warn(
707 EC_BGP_CAPABILITY_INVALID_LENGTH,
708 "Add Path: Received invalid length %d, non-multiple of 4",
709 hdr->length);
710 return -1;
711 }
712
713 while (stream_get_getp(s) + 4 <= end) {
714 afi_t afi;
715 safi_t safi;
716 iana_afi_t pkt_afi = stream_getw(s);
717 iana_safi_t pkt_safi = stream_getc(s);
718 uint8_t send_receive = stream_getc(s);
719
720 if (bgp_debug_neighbor_events(peer))
721 zlog_debug(
722 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
723 peer->host,
724 lookup_msg(capcode_str, hdr->code, NULL),
725 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
726 (send_receive & BGP_ADDPATH_RX) ? ", receive"
727 : "",
728 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
729 : "");
730
731 /* Convert AFI, SAFI to internal values, check. */
732 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
733 if (bgp_debug_neighbor_events(peer))
734 zlog_debug(
735 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
736 peer->host, iana_afi2str(pkt_afi),
737 iana_safi2str(pkt_safi));
738 continue;
739 } else if (!peer->afc[afi][safi]) {
740 if (bgp_debug_neighbor_events(peer))
741 zlog_debug(
742 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
743 peer->host, iana_afi2str(pkt_afi),
744 iana_safi2str(pkt_safi));
745 continue;
746 }
747
748 if (send_receive & BGP_ADDPATH_RX)
749 SET_FLAG(peer->af_cap[afi][safi],
750 PEER_CAP_ADDPATH_AF_RX_RCV);
751
752 if (send_receive & BGP_ADDPATH_TX)
753 SET_FLAG(peer->af_cap[afi][safi],
754 PEER_CAP_ADDPATH_AF_TX_RCV);
755 }
756
757 return 0;
758 }
759
760 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
761 {
762 struct stream *s = BGP_INPUT(peer);
763 size_t end = stream_get_getp(s) + hdr->length;
764
765 /* Verify length is a multiple of 4 */
766 if (hdr->length % 6) {
767 flog_warn(
768 EC_BGP_CAPABILITY_INVALID_LENGTH,
769 "Extended NH: Received invalid length %d, non-multiple of 6",
770 hdr->length);
771 return -1;
772 }
773
774 while (stream_get_getp(s) + 6 <= end) {
775 iana_afi_t pkt_afi = stream_getw(s);
776 afi_t afi;
777 iana_safi_t pkt_safi = stream_getw(s);
778 safi_t safi;
779 iana_afi_t pkt_nh_afi = stream_getw(s);
780 afi_t nh_afi;
781
782 if (bgp_debug_neighbor_events(peer))
783 zlog_debug(
784 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
785 peer->host, iana_afi2str(pkt_afi),
786 iana_safi2str(pkt_safi), pkt_nh_afi);
787
788 /* Convert AFI, SAFI to internal values, check. */
789 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
790 if (bgp_debug_neighbor_events(peer))
791 zlog_debug(
792 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
793 peer->host, iana_afi2str(pkt_afi),
794 iana_safi2str(pkt_safi));
795 continue;
796 }
797
798 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
799 * with
800 * the Nexthop AFI being IPv6. A future spec may introduce other
801 * possibilities, so we ignore other values with a log. Also,
802 * only
803 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
804 * (and expected).
805 */
806 nh_afi = afi_iana2int(pkt_nh_afi);
807
808 if (afi != AFI_IP || nh_afi != AFI_IP6
809 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
810 || safi == SAFI_LABELED_UNICAST)) {
811 flog_warn(
812 EC_BGP_CAPABILITY_INVALID_DATA,
813 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
814 peer->host, iana_afi2str(pkt_afi),
815 iana_safi2str(pkt_safi), pkt_nh_afi);
816 continue;
817 }
818
819 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
820
821 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
822 SET_FLAG(peer->af_cap[afi][safi],
823 PEER_CAP_ENHE_AF_NEGO);
824 }
825
826 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
827
828 return 0;
829 }
830
831 static int bgp_capability_hostname(struct peer *peer,
832 struct capability_header *hdr)
833 {
834 struct stream *s = BGP_INPUT(peer);
835 char str[BGP_MAX_HOSTNAME + 1];
836 size_t end = stream_get_getp(s) + hdr->length;
837 uint8_t len;
838
839 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
840
841 len = stream_getc(s);
842 if (stream_get_getp(s) + len > end) {
843 flog_warn(
844 EC_BGP_CAPABILITY_INVALID_DATA,
845 "%s: Received malformed hostname capability from peer %s",
846 __func__, peer->host);
847 return -1;
848 }
849
850 if (len > BGP_MAX_HOSTNAME) {
851 stream_get(str, s, BGP_MAX_HOSTNAME);
852 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
853 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
854 } else if (len)
855 stream_get(str, s, len);
856
857 if (len) {
858 str[len] = '\0';
859
860 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
861 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
862
863 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
864 }
865
866 if (stream_get_getp(s) + 1 > end) {
867 flog_warn(
868 EC_BGP_CAPABILITY_INVALID_DATA,
869 "%s: Received invalid domain name len (hostname capability) from peer %s",
870 __func__, peer->host);
871 return -1;
872 }
873
874 len = stream_getc(s);
875 if (stream_get_getp(s) + len > end) {
876 flog_warn(
877 EC_BGP_CAPABILITY_INVALID_DATA,
878 "%s: Received runt domain name (hostname capability) from peer %s",
879 __func__, peer->host);
880 return -1;
881 }
882
883 if (len > BGP_MAX_HOSTNAME) {
884 stream_get(str, s, BGP_MAX_HOSTNAME);
885 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
886 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
887 } else if (len)
888 stream_get(str, s, len);
889
890 if (len) {
891 str[len] = '\0';
892
893 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
894
895 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
896 }
897
898 if (bgp_debug_neighbor_events(peer)) {
899 zlog_debug("%s received hostname %s, domainname %s", peer->host,
900 peer->hostname, peer->domainname);
901 }
902
903 return 0;
904 }
905
906 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
907 {
908 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
909 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
910 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
911 "Role: Received invalid length %d", hdr->length);
912 return -1;
913 }
914 uint8_t role = stream_getc(BGP_INPUT(peer));
915
916 peer->remote_role = role;
917 return 0;
918 }
919
920 /**
921 * Parse given capability.
922 * XXX: This is reading into a stream, but not using stream API
923 *
924 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
925 * capabilities were encountered.
926 */
927 static int bgp_capability_parse(struct peer *peer, size_t length,
928 int *mp_capability, uint8_t **error)
929 {
930 int ret;
931 struct stream *s = BGP_INPUT(peer);
932 size_t end = stream_get_getp(s) + length;
933 uint16_t restart_flag_time = 0;
934
935 assert(STREAM_READABLE(s) >= length);
936
937 while (stream_get_getp(s) < end) {
938 size_t start;
939 uint8_t *sp = stream_pnt(s);
940 struct capability_header caphdr;
941
942 ret = 0;
943 /* We need at least capability code and capability length. */
944 if (stream_get_getp(s) + 2 > end) {
945 zlog_info("%s Capability length error (< header)",
946 peer->host);
947 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
949 return -1;
950 }
951
952 caphdr.code = stream_getc(s);
953 caphdr.length = stream_getc(s);
954 start = stream_get_getp(s);
955
956 /* Capability length check sanity check. */
957 if (start + caphdr.length > end) {
958 zlog_info("%s Capability length error (< length)",
959 peer->host);
960 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
961 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
962 return -1;
963 }
964
965 if (bgp_debug_neighbor_events(peer))
966 zlog_debug("%s OPEN has %s capability (%u), length %u",
967 peer->host,
968 lookup_msg(capcode_str, caphdr.code, NULL),
969 caphdr.code, caphdr.length);
970
971 /* Length sanity check, type-specific, for known capabilities */
972 switch (caphdr.code) {
973 case CAPABILITY_CODE_MP:
974 case CAPABILITY_CODE_REFRESH:
975 case CAPABILITY_CODE_REFRESH_OLD:
976 case CAPABILITY_CODE_ORF:
977 case CAPABILITY_CODE_ORF_OLD:
978 case CAPABILITY_CODE_RESTART:
979 case CAPABILITY_CODE_AS4:
980 case CAPABILITY_CODE_ADDPATH:
981 case CAPABILITY_CODE_DYNAMIC:
982 case CAPABILITY_CODE_DYNAMIC_OLD:
983 case CAPABILITY_CODE_ENHE:
984 case CAPABILITY_CODE_FQDN:
985 case CAPABILITY_CODE_ENHANCED_RR:
986 case CAPABILITY_CODE_EXT_MESSAGE:
987 case CAPABILITY_CODE_ROLE:
988 /* Check length. */
989 if (caphdr.length < cap_minsizes[caphdr.code]) {
990 zlog_info(
991 "%s %s Capability length error: got %u, expected at least %u",
992 peer->host,
993 lookup_msg(capcode_str, caphdr.code,
994 NULL),
995 caphdr.length,
996 (unsigned)cap_minsizes[caphdr.code]);
997 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
999 return -1;
1000 }
1001 if (caphdr.length
1002 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1003 zlog_info(
1004 "%s %s Capability length error: got %u, expected a multiple of %u",
1005 peer->host,
1006 lookup_msg(capcode_str, caphdr.code,
1007 NULL),
1008 caphdr.length,
1009 (unsigned)cap_modsizes[caphdr.code]);
1010 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1011 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1012 return -1;
1013 }
1014 /* we deliberately ignore unknown codes, see below */
1015 default:
1016 break;
1017 }
1018
1019 switch (caphdr.code) {
1020 case CAPABILITY_CODE_MP: {
1021 *mp_capability = 1;
1022
1023 /* Ignore capability when override-capability is set. */
1024 if (!CHECK_FLAG(peer->flags,
1025 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1026 /* Set negotiated value. */
1027 ret = bgp_capability_mp(peer, &caphdr);
1028
1029 /* Unsupported Capability. */
1030 if (ret < 0) {
1031 /* Store return data. */
1032 memcpy(*error, sp, caphdr.length + 2);
1033 *error += caphdr.length + 2;
1034 }
1035 ret = 0; /* Don't return error for this */
1036 }
1037 } break;
1038 case CAPABILITY_CODE_ENHANCED_RR:
1039 case CAPABILITY_CODE_REFRESH:
1040 case CAPABILITY_CODE_REFRESH_OLD: {
1041 /* BGP refresh capability */
1042 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1043 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1044 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1045 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1046 else
1047 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1048 } break;
1049 case CAPABILITY_CODE_ORF:
1050 case CAPABILITY_CODE_ORF_OLD:
1051 ret = bgp_capability_orf_entry(peer, &caphdr);
1052 break;
1053 case CAPABILITY_CODE_RESTART:
1054 ret = bgp_capability_restart(peer, &caphdr);
1055 break;
1056 case CAPABILITY_CODE_LLGR:
1057 ret = bgp_capability_llgr(peer, &caphdr);
1058 break;
1059 case CAPABILITY_CODE_DYNAMIC:
1060 case CAPABILITY_CODE_DYNAMIC_OLD:
1061 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1062 break;
1063 case CAPABILITY_CODE_AS4:
1064 /* Already handled as a special-case parsing of the
1065 * capabilities
1066 * at the beginning of OPEN processing. So we care not a
1067 * jot
1068 * for the value really, only error case.
1069 */
1070 if (!bgp_capability_as4(peer, &caphdr))
1071 ret = -1;
1072 break;
1073 case CAPABILITY_CODE_ADDPATH:
1074 ret = bgp_capability_addpath(peer, &caphdr);
1075 break;
1076 case CAPABILITY_CODE_ENHE:
1077 ret = bgp_capability_enhe(peer, &caphdr);
1078 break;
1079 case CAPABILITY_CODE_EXT_MESSAGE:
1080 ret = bgp_capability_ext_message(peer, &caphdr);
1081 break;
1082 case CAPABILITY_CODE_FQDN:
1083 ret = bgp_capability_hostname(peer, &caphdr);
1084 break;
1085 case CAPABILITY_CODE_ROLE:
1086 ret = bgp_capability_role(peer, &caphdr);
1087 break;
1088 default:
1089 if (caphdr.code > 128) {
1090 /* We don't send Notification for unknown vendor
1091 specific
1092 capabilities. It seems reasonable for now...
1093 */
1094 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1095 "%s Vendor specific capability %d",
1096 peer->host, caphdr.code);
1097 } else {
1098 flog_warn(
1099 EC_BGP_CAPABILITY_UNKNOWN,
1100 "%s unrecognized capability code: %d - ignored",
1101 peer->host, caphdr.code);
1102 memcpy(*error, sp, caphdr.length + 2);
1103 *error += caphdr.length + 2;
1104 }
1105 }
1106
1107 if (ret < 0) {
1108 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1109 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1110 return -1;
1111 }
1112 if (stream_get_getp(s) != (start + caphdr.length)) {
1113 if (stream_get_getp(s) > (start + caphdr.length))
1114 flog_warn(
1115 EC_BGP_CAPABILITY_INVALID_LENGTH,
1116 "%s Cap-parser for %s read past cap-length, %u!",
1117 peer->host,
1118 lookup_msg(capcode_str, caphdr.code,
1119 NULL),
1120 caphdr.length);
1121 stream_set_getp(s, start + caphdr.length);
1122 }
1123
1124 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1125 UNSET_FLAG(restart_flag_time, 0xF000);
1126 peer->v_gr_restart = restart_flag_time;
1127 }
1128 }
1129 return 0;
1130 }
1131
1132 static int bgp_auth_parse(struct peer *peer, size_t length)
1133 {
1134 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1135 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1136 return -1;
1137 }
1138
1139 static bool strict_capability_same(struct peer *peer)
1140 {
1141 int i, j;
1142
1143 for (i = AFI_IP; i < AFI_MAX; i++)
1144 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1145 if (peer->afc[i][j] != peer->afc_nego[i][j])
1146 return false;
1147 return true;
1148 }
1149
1150
1151 static bool bgp_role_violation(struct peer *peer)
1152 {
1153 uint8_t local_role = peer->local_role;
1154 uint8_t remote_role = peer->remote_role;
1155
1156 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1157 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1158 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1159 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1160 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1161 (local_role == ROLE_RS_CLIENT &&
1162 remote_role == ROLE_RS_SERVER))) {
1163 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1164 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1165 return true;
1166 }
1167 if (remote_role == ROLE_UNDEFINED &&
1168 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1169 const char *err_msg =
1170 "Strict mode. Please set the role on your side.";
1171 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1172 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1173 (uint8_t *)err_msg, strlen(err_msg));
1174 return true;
1175 }
1176 return false;
1177 }
1178
1179
1180 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1181 * Returns 0 if no as4 found, as4cap value otherwise.
1182 */
1183 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1184 {
1185 struct stream *s = BGP_INPUT(peer);
1186 size_t orig_getp = stream_get_getp(s);
1187 size_t end = orig_getp + length;
1188 as_t as4 = 0;
1189
1190 if (BGP_DEBUG(as4, AS4))
1191 zlog_debug(
1192 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1193 peer->host, length);
1194 /* the error cases we DONT handle, we ONLY try to read as4 out of
1195 * correctly formatted options.
1196 */
1197 while (stream_get_getp(s) < end) {
1198 uint8_t opt_type;
1199 uint16_t opt_length;
1200
1201 /* Ensure we can read the option type */
1202 if (stream_get_getp(s) + 1 > end)
1203 goto end;
1204
1205 /* Fetch the option type */
1206 opt_type = stream_getc(s);
1207
1208 /*
1209 * Check the length and fetch the opt_length
1210 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1211 * then we do a getw which is 2 bytes. So we need to
1212 * ensure that we can read that as well
1213 */
1214 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1215 if (stream_get_getp(s) + 2 > end)
1216 goto end;
1217
1218 opt_length = stream_getw(s);
1219 } else {
1220 if (stream_get_getp(s) + 1 > end)
1221 goto end;
1222
1223 opt_length = stream_getc(s);
1224 }
1225
1226 /* Option length check. */
1227 if (stream_get_getp(s) + opt_length > end)
1228 goto end;
1229
1230 if (opt_type == BGP_OPEN_OPT_CAP) {
1231 unsigned long capd_start = stream_get_getp(s);
1232 unsigned long capd_end = capd_start + opt_length;
1233
1234 assert(capd_end <= end);
1235
1236 while (stream_get_getp(s) < capd_end) {
1237 struct capability_header hdr;
1238
1239 if (stream_get_getp(s) + 2 > capd_end)
1240 goto end;
1241
1242 hdr.code = stream_getc(s);
1243 hdr.length = stream_getc(s);
1244
1245 if ((stream_get_getp(s) + hdr.length)
1246 > capd_end)
1247 goto end;
1248
1249 if (hdr.code == CAPABILITY_CODE_AS4) {
1250 if (BGP_DEBUG(as4, AS4))
1251 zlog_debug(
1252 "[AS4] found AS4 capability, about to parse");
1253 as4 = bgp_capability_as4(peer, &hdr);
1254
1255 goto end;
1256 }
1257 stream_forward_getp(s, hdr.length);
1258 }
1259 }
1260 }
1261
1262 end:
1263 stream_set_getp(s, orig_getp);
1264 return as4;
1265 }
1266
1267 /**
1268 * Parse open option.
1269 *
1270 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1271 */
1272 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1273 int *mp_capability)
1274 {
1275 int ret = 0;
1276 uint8_t *error;
1277 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1278 struct stream *s = BGP_INPUT(peer);
1279 size_t end = stream_get_getp(s) + length;
1280
1281 error = error_data;
1282
1283 if (bgp_debug_neighbor_events(peer))
1284 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1285 peer->host, length);
1286
1287 /* Unset any previously received GR capability. */
1288 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1289
1290 while (stream_get_getp(s) < end) {
1291 uint8_t opt_type;
1292 uint16_t opt_length;
1293
1294 /*
1295 * Check that we can read the opt_type and fetch it
1296 */
1297 if (STREAM_READABLE(s) < 1) {
1298 zlog_info("%s Option length error", peer->host);
1299 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1300 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1301 return -1;
1302 }
1303 opt_type = stream_getc(s);
1304
1305 /*
1306 * Check the length of the stream to ensure that
1307 * FRR can properly read the opt_length. Then read it
1308 */
1309 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1310 if (STREAM_READABLE(s) < 2) {
1311 zlog_info("%s Option length error", peer->host);
1312 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1313 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1314 return -1;
1315 }
1316
1317 opt_length = stream_getw(s);
1318 } else {
1319 if (STREAM_READABLE(s) < 1) {
1320 zlog_info("%s Option length error", peer->host);
1321 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1322 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1323 return -1;
1324 }
1325
1326 opt_length = stream_getc(s);
1327 }
1328
1329 /* Option length check. */
1330 if (STREAM_READABLE(s) < opt_length) {
1331 zlog_info("%s Option length error (%d)", peer->host,
1332 opt_length);
1333 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1334 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1335 return -1;
1336 }
1337
1338 if (bgp_debug_neighbor_events(peer))
1339 zlog_debug(
1340 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1341 peer->host, opt_type,
1342 opt_type == BGP_OPEN_OPT_AUTH
1343 ? "Authentication"
1344 : opt_type == BGP_OPEN_OPT_CAP
1345 ? "Capability"
1346 : "Unknown",
1347 opt_length);
1348
1349 switch (opt_type) {
1350 case BGP_OPEN_OPT_AUTH:
1351 ret = bgp_auth_parse(peer, opt_length);
1352 break;
1353 case BGP_OPEN_OPT_CAP:
1354 ret = bgp_capability_parse(peer, opt_length,
1355 mp_capability, &error);
1356 break;
1357 default:
1358 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1359 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1360 ret = -1;
1361 break;
1362 }
1363
1364 /* Parse error. To accumulate all unsupported capability codes,
1365 bgp_capability_parse does not return -1 when encounter
1366 unsupported capability code. To detect that, please check
1367 error and erro_data pointer, like below. */
1368 if (ret < 0)
1369 return -1;
1370 }
1371
1372 /* All OPEN option is parsed. Check capability when strict compare
1373 flag is enabled.*/
1374 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1375 /* If Unsupported Capability exists. */
1376 if (error != error_data) {
1377 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1378 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1379 error_data,
1380 error - error_data);
1381 return -1;
1382 }
1383
1384 /* Check local capability does not negotiated with remote
1385 peer. */
1386 if (!strict_capability_same(peer)) {
1387 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1388 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1389 return -1;
1390 }
1391 }
1392
1393 /* Extended Message Support */
1394 peer->max_packet_size =
1395 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1396 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1397 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1398 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1399
1400 /* Check that roles are corresponding to each other */
1401 if (bgp_role_violation(peer))
1402 return -1;
1403
1404 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1405 error. */
1406 if (*mp_capability
1407 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1408 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1409 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1410 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1411 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1412 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1413 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1414 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1415 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1416 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1417 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1418 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1419 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1420 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1421 flog_err(EC_BGP_PKT_OPEN,
1422 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1423 peer->host);
1424
1425 if (error != error_data)
1426 bgp_notify_send_with_data(
1427 peer, BGP_NOTIFY_OPEN_ERR,
1428 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1429 error - error_data);
1430 else
1431 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1432 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1433 return -1;
1434 }
1435 }
1436 return 0;
1437 }
1438
1439 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1440 afi_t afi, safi_t safi, uint8_t code,
1441 bool ext_opt_params)
1442 {
1443 uint16_t cap_len;
1444 uint8_t orf_len;
1445 unsigned long capp;
1446 unsigned long orfp;
1447 unsigned long numberp;
1448 int number_of_orfs = 0;
1449 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1450 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1451
1452 /* Convert AFI, SAFI to values for packet. */
1453 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1454
1455 stream_putc(s, BGP_OPEN_OPT_CAP);
1456 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1457 ext_opt_params ? stream_putw(s, 0)
1458 : stream_putc(s, 0); /* Capability Length */
1459 stream_putc(s, code); /* Capability Code */
1460 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1461 stream_putc(s, 0); /* ORF Length */
1462 stream_putw(s, pkt_afi);
1463 stream_putc(s, 0);
1464 stream_putc(s, pkt_safi);
1465 numberp = stream_get_endp(s); /* Set Number Pointer */
1466 stream_putc(s, 0); /* Number of ORFs */
1467
1468 /* Address Prefix ORF */
1469 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1470 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1471 stream_putc(s, (code == CAPABILITY_CODE_ORF
1472 ? ORF_TYPE_PREFIX
1473 : ORF_TYPE_PREFIX_OLD));
1474
1475 if (CHECK_FLAG(peer->af_flags[afi][safi],
1476 PEER_FLAG_ORF_PREFIX_SM)
1477 && CHECK_FLAG(peer->af_flags[afi][safi],
1478 PEER_FLAG_ORF_PREFIX_RM)) {
1479 SET_FLAG(peer->af_cap[afi][safi],
1480 PEER_CAP_ORF_PREFIX_SM_ADV);
1481 SET_FLAG(peer->af_cap[afi][safi],
1482 PEER_CAP_ORF_PREFIX_RM_ADV);
1483 stream_putc(s, ORF_MODE_BOTH);
1484 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1485 PEER_FLAG_ORF_PREFIX_SM)) {
1486 SET_FLAG(peer->af_cap[afi][safi],
1487 PEER_CAP_ORF_PREFIX_SM_ADV);
1488 stream_putc(s, ORF_MODE_SEND);
1489 } else {
1490 SET_FLAG(peer->af_cap[afi][safi],
1491 PEER_CAP_ORF_PREFIX_RM_ADV);
1492 stream_putc(s, ORF_MODE_RECEIVE);
1493 }
1494 number_of_orfs++;
1495 }
1496
1497 /* Total Number of ORFs. */
1498 stream_putc_at(s, numberp, number_of_orfs);
1499
1500 /* Total ORF Len. */
1501 orf_len = stream_get_endp(s) - orfp - 1;
1502 stream_putc_at(s, orfp, orf_len);
1503
1504 /* Total Capability Len. */
1505 cap_len = stream_get_endp(s) - capp - 1;
1506 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1507 : stream_putc_at(s, capp, cap_len);
1508 }
1509
1510 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1511 bool ext_opt_params)
1512 {
1513 int len;
1514 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1515 afi_t afi;
1516 safi_t safi;
1517 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1518 uint32_t restart_time;
1519 unsigned long capp = 0;
1520 unsigned long rcapp = 0;
1521
1522 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1523 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1524 return;
1525
1526 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1527 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1528 peer->host);
1529
1530 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1531 stream_putc(s, BGP_OPEN_OPT_CAP);
1532 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1533 ext_opt_params ? stream_putw(s, 0)
1534 : stream_putc(s, 0); /* Capability Length */
1535 stream_putc(s, CAPABILITY_CODE_RESTART);
1536 /* Set Restart Capability Len Pointer */
1537 rcapp = stream_get_endp(s);
1538 stream_putc(s, 0);
1539 restart_time = peer->bgp->restart_time;
1540 if (peer->bgp->t_startup) {
1541 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1542 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1543 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1544 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1545 peer->host);
1546 }
1547
1548 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1549 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1550 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1551 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1552 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1553 peer->host);
1554 }
1555
1556 stream_putw(s, restart_time);
1557
1558 /* Send address-family specific graceful-restart capability
1559 * only when GR config is present
1560 */
1561 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1562 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1563 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1564 zlog_debug("[BGP_GR] F bit Set");
1565
1566 FOREACH_AFI_SAFI (afi, safi) {
1567 if (!peer->afc[afi][safi])
1568 continue;
1569
1570 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1571 zlog_debug(
1572 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1573 afi, safi);
1574
1575 /* Convert AFI, SAFI to values for
1576 * packet.
1577 */
1578 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1579 &pkt_safi);
1580 stream_putw(s, pkt_afi);
1581 stream_putc(s, pkt_safi);
1582 if (CHECK_FLAG(peer->bgp->flags,
1583 BGP_FLAG_GR_PRESERVE_FWD))
1584 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1585 else
1586 stream_putc(s, 0);
1587 }
1588 }
1589
1590 /* Total Graceful restart capability Len. */
1591 len = stream_get_endp(s) - rcapp - 1;
1592 stream_putc_at(s, rcapp, len);
1593
1594 /* Total Capability Len. */
1595 len = stream_get_endp(s) - capp - 1;
1596 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1597 : stream_putc_at(s, capp, len);
1598 }
1599
1600 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1601 bool ext_opt_params)
1602 {
1603 int len;
1604 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1605 afi_t afi;
1606 safi_t safi;
1607 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1608 unsigned long capp = 0;
1609 unsigned long rcapp = 0;
1610
1611 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1612 return;
1613
1614 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1615
1616 stream_putc(s, BGP_OPEN_OPT_CAP);
1617 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1618 ext_opt_params ? stream_putw(s, 0)
1619 : stream_putc(s, 0); /* Capability Length */
1620 stream_putc(s, CAPABILITY_CODE_LLGR);
1621
1622 rcapp = stream_get_endp(s);
1623 stream_putc(s, 0);
1624
1625 FOREACH_AFI_SAFI (afi, safi) {
1626 if (!peer->afc[afi][safi])
1627 continue;
1628
1629 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1630
1631 stream_putw(s, pkt_afi);
1632 stream_putc(s, pkt_safi);
1633 stream_putc(s, LLGR_F_BIT);
1634 stream_put3(s, peer->bgp->llgr_stale_time);
1635
1636 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1637 }
1638
1639 /* Total Long-lived Graceful Restart capability Len. */
1640 len = stream_get_endp(s) - rcapp - 1;
1641 stream_putc_at(s, rcapp, len);
1642
1643 /* Total Capability Len. */
1644 len = stream_get_endp(s) - capp - 1;
1645 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1646 : stream_putc_at(s, capp, len);
1647 }
1648
1649 /* Fill in capability open option to the packet. */
1650 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1651 bool ext_opt_params)
1652 {
1653 uint16_t len;
1654 unsigned long cp, capp, rcapp, eopl = 0;
1655 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1656 afi_t afi;
1657 safi_t safi;
1658 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1659 as_t local_as;
1660 uint8_t afi_safi_count = 0;
1661 int adv_addpath_tx = 0;
1662
1663 /* Non-Ext OP Len. */
1664 cp = stream_get_endp(s);
1665 stream_putc(s, 0);
1666
1667 if (ext_opt_params) {
1668 /* Non-Ext OP Len. */
1669 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1670
1671 /* Non-Ext OP Type */
1672 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1673
1674 /* Extended Opt. Parm. Length */
1675 eopl = stream_get_endp(s);
1676 stream_putw(s, 0);
1677 }
1678
1679 /* Do not send capability. */
1680 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1681 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1682 return 0;
1683
1684 /* MP capability for configured AFI, SAFI */
1685 FOREACH_AFI_SAFI (afi, safi) {
1686 if (peer->afc[afi][safi]) {
1687 /* Convert AFI, SAFI to values for packet. */
1688 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1689 &pkt_safi);
1690
1691 peer->afc_adv[afi][safi] = 1;
1692 stream_putc(s, BGP_OPEN_OPT_CAP);
1693 ext_opt_params
1694 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1695 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1696 stream_putc(s, CAPABILITY_CODE_MP);
1697 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1698 stream_putw(s, pkt_afi);
1699 stream_putc(s, 0);
1700 stream_putc(s, pkt_safi);
1701
1702 /* Extended nexthop capability - currently
1703 * supporting RFC-5549 for
1704 * Link-Local peering only
1705 */
1706 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1707 && peer->su.sa.sa_family == AF_INET6
1708 && afi == AFI_IP
1709 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1710 || safi == SAFI_LABELED_UNICAST)) {
1711 /* RFC 5549 Extended Next Hop Encoding
1712 */
1713 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1714 stream_putc(s, BGP_OPEN_OPT_CAP);
1715 ext_opt_params
1716 ? stream_putw(s,
1717 CAPABILITY_CODE_ENHE_LEN
1718 + 2)
1719 : stream_putc(s,
1720 CAPABILITY_CODE_ENHE_LEN
1721 + 2);
1722 stream_putc(s, CAPABILITY_CODE_ENHE);
1723 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1724
1725 SET_FLAG(peer->af_cap[AFI_IP][safi],
1726 PEER_CAP_ENHE_AF_ADV);
1727 stream_putw(s, pkt_afi);
1728 stream_putw(s, pkt_safi);
1729 stream_putw(s, afi_int2iana(AFI_IP6));
1730
1731 if (CHECK_FLAG(peer->af_cap[afi][safi],
1732 PEER_CAP_ENHE_AF_RCV))
1733 SET_FLAG(peer->af_cap[afi][safi],
1734 PEER_CAP_ENHE_AF_NEGO);
1735 }
1736 }
1737 }
1738
1739 /* Route refresh. */
1740 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1741 stream_putc(s, BGP_OPEN_OPT_CAP);
1742 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1743 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1744 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1745 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1746 stream_putc(s, BGP_OPEN_OPT_CAP);
1747 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1748 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1749 stream_putc(s, CAPABILITY_CODE_REFRESH);
1750 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1751
1752 /* Enhanced Route Refresh. */
1753 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1754 stream_putc(s, BGP_OPEN_OPT_CAP);
1755 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1756 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1757 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1758 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1759
1760 /* AS4 */
1761 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1762 stream_putc(s, BGP_OPEN_OPT_CAP);
1763 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1764 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1765 stream_putc(s, CAPABILITY_CODE_AS4);
1766 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1767 if (peer->change_local_as)
1768 local_as = peer->change_local_as;
1769 else
1770 local_as = peer->local_as;
1771 stream_putl(s, local_as);
1772
1773 /* Extended Message Support */
1774 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1775 stream_putc(s, BGP_OPEN_OPT_CAP);
1776 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1777 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1778 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1779 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1780
1781 /* Role*/
1782 if (peer->local_role != ROLE_UNDEFINED) {
1783 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1784 stream_putc(s, BGP_OPEN_OPT_CAP);
1785 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1786 stream_putc(s, CAPABILITY_CODE_ROLE);
1787 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1788 stream_putc(s, peer->local_role);
1789 }
1790
1791 /* AddPath */
1792 FOREACH_AFI_SAFI (afi, safi) {
1793 if (peer->afc[afi][safi]) {
1794 afi_safi_count++;
1795
1796 /* Only advertise addpath TX if a feature that
1797 * will use it is
1798 * configured */
1799 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1800 adv_addpath_tx = 1;
1801 }
1802 }
1803
1804 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1805 stream_putc(s, BGP_OPEN_OPT_CAP);
1806 ext_opt_params
1807 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1808 + 2)
1809 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1810 + 2);
1811 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1812 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1813
1814 FOREACH_AFI_SAFI (afi, safi) {
1815 if (peer->afc[afi][safi]) {
1816 bool adv_addpath_rx =
1817 !CHECK_FLAG(peer->af_flags[afi][safi],
1818 PEER_FLAG_DISABLE_ADDPATH_RX);
1819 uint8_t flags = 0;
1820
1821 /* Convert AFI, SAFI to values for packet. */
1822 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1823 &pkt_safi);
1824
1825 stream_putw(s, pkt_afi);
1826 stream_putc(s, pkt_safi);
1827
1828 if (adv_addpath_rx) {
1829 SET_FLAG(flags, BGP_ADDPATH_RX);
1830 SET_FLAG(peer->af_cap[afi][safi],
1831 PEER_CAP_ADDPATH_AF_RX_ADV);
1832 } else {
1833 UNSET_FLAG(peer->af_cap[afi][safi],
1834 PEER_CAP_ADDPATH_AF_RX_ADV);
1835 }
1836
1837 if (adv_addpath_tx) {
1838 SET_FLAG(flags, BGP_ADDPATH_TX);
1839 SET_FLAG(peer->af_cap[afi][safi],
1840 PEER_CAP_ADDPATH_AF_TX_ADV);
1841 } else {
1842 UNSET_FLAG(peer->af_cap[afi][safi],
1843 PEER_CAP_ADDPATH_AF_TX_ADV);
1844 }
1845
1846 stream_putc(s, flags);
1847 }
1848 }
1849
1850 /* ORF capability. */
1851 FOREACH_AFI_SAFI (afi, safi) {
1852 if (CHECK_FLAG(peer->af_flags[afi][safi],
1853 PEER_FLAG_ORF_PREFIX_SM)
1854 || CHECK_FLAG(peer->af_flags[afi][safi],
1855 PEER_FLAG_ORF_PREFIX_RM)) {
1856 bgp_open_capability_orf(s, peer, afi, safi,
1857 CAPABILITY_CODE_ORF_OLD,
1858 ext_opt_params);
1859 bgp_open_capability_orf(s, peer, afi, safi,
1860 CAPABILITY_CODE_ORF,
1861 ext_opt_params);
1862 }
1863 }
1864
1865 /* Dynamic capability. */
1866 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1867 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1868 stream_putc(s, BGP_OPEN_OPT_CAP);
1869 ext_opt_params
1870 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1871 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1872 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1873 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1874 stream_putc(s, BGP_OPEN_OPT_CAP);
1875 ext_opt_params
1876 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1877 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1878 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1879 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1880 }
1881
1882 /* Hostname capability */
1883 if (cmd_hostname_get()) {
1884 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1885 stream_putc(s, BGP_OPEN_OPT_CAP);
1886 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1887 ext_opt_params ? stream_putw(s, 0)
1888 : stream_putc(s, 0); /* Capability Length */
1889 stream_putc(s, CAPABILITY_CODE_FQDN);
1890 capp = stream_get_endp(s);
1891 stream_putc(s, 0); /* dummy len for now */
1892 len = strlen(cmd_hostname_get());
1893 if (len > BGP_MAX_HOSTNAME)
1894 len = BGP_MAX_HOSTNAME;
1895
1896 stream_putc(s, len);
1897 stream_put(s, cmd_hostname_get(), len);
1898 if (cmd_domainname_get()) {
1899 len = strlen(cmd_domainname_get());
1900 if (len > BGP_MAX_HOSTNAME)
1901 len = BGP_MAX_HOSTNAME;
1902
1903 stream_putc(s, len);
1904 stream_put(s, cmd_domainname_get(), len);
1905 } else
1906 stream_putc(s, 0); /* 0 length */
1907
1908 /* Set the lengths straight */
1909 len = stream_get_endp(s) - rcapp - 1;
1910 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1911 : stream_putc_at(s, rcapp, len);
1912
1913 len = stream_get_endp(s) - capp - 1;
1914 stream_putc_at(s, capp, len);
1915
1916 if (bgp_debug_neighbor_events(peer))
1917 zlog_debug(
1918 "%s Sending hostname cap with hn = %s, dn = %s",
1919 peer->host, cmd_hostname_get(),
1920 cmd_domainname_get());
1921 }
1922
1923 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1924 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1925
1926 /* Total Opt Parm Len. */
1927 len = stream_get_endp(s) - cp - 1;
1928
1929 if (ext_opt_params) {
1930 len = stream_get_endp(s) - eopl - 2;
1931 stream_putw_at(s, eopl, len);
1932 } else {
1933 stream_putc_at(s, cp, len);
1934 }
1935
1936 return len;
1937 }
FRRouting mirror