]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12707 from donaldsharp/missed_enums
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE, "Role"},
62 {0}};
63
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
82 };
83
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89 static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
104 [CAPABILITY_CODE_LLGR] = 1,
105 [CAPABILITY_CODE_ROLE] = 1,
106 };
107
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
117
118 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
120 {
121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 case AFI_UNSPEC:
171 case AFI_MAX:
172 json_object_int_add(
173 json_cap,
174 "capabilityErrorMultiProtocolAfiUnknown",
175 ntohs(mpc.afi));
176 break;
177 }
178 switch (safi) {
179 case SAFI_UNICAST:
180 json_object_string_add(
181 json_cap,
182 "capabilityErrorMultiProtocolSafi",
183 "unicast");
184 break;
185 case SAFI_MULTICAST:
186 json_object_string_add(
187 json_cap,
188 "capabilityErrorMultiProtocolSafi",
189 "multicast");
190 break;
191 case SAFI_LABELED_UNICAST:
192 json_object_string_add(
193 json_cap,
194 "capabilityErrorMultiProtocolSafi",
195 "labeled-unicast");
196 break;
197 case SAFI_MPLS_VPN:
198 json_object_string_add(
199 json_cap,
200 "capabilityErrorMultiProtocolSafi",
201 "MPLS-labeled VPN");
202 break;
203 case SAFI_ENCAP:
204 json_object_string_add(
205 json_cap,
206 "capabilityErrorMultiProtocolSafi",
207 "encap");
208 break;
209 case SAFI_EVPN:
210 json_object_string_add(
211 json_cap,
212 "capabilityErrorMultiProtocolSafi",
213 "EVPN");
214 break;
215 case SAFI_FLOWSPEC:
216 json_object_string_add(
217 json_cap,
218 "capabilityErrorMultiProtocolSafi",
219 "flowspec");
220 break;
221 case SAFI_UNSPEC:
222 case SAFI_MAX:
223 json_object_int_add(
224 json_cap,
225 "capabilityErrorMultiProtocolSafiUnknown",
226 mpc.safi);
227 break;
228 }
229 } else {
230 vty_out(vty,
231 " Capability error for: Multi protocol ");
232 switch (afi) {
233 case AFI_IP:
234 vty_out(vty, "AFI IPv4, ");
235 break;
236 case AFI_IP6:
237 vty_out(vty, "AFI IPv6, ");
238 break;
239 case AFI_L2VPN:
240 vty_out(vty, "AFI L2VPN, ");
241 break;
242 case AFI_UNSPEC:
243 case AFI_MAX:
244 vty_out(vty, "AFI Unknown %d, ",
245 ntohs(mpc.afi));
246 break;
247 }
248 switch (safi) {
249 case SAFI_UNICAST:
250 vty_out(vty, "SAFI Unicast");
251 break;
252 case SAFI_MULTICAST:
253 vty_out(vty, "SAFI Multicast");
254 break;
255 case SAFI_LABELED_UNICAST:
256 vty_out(vty, "SAFI Labeled-unicast");
257 break;
258 case SAFI_MPLS_VPN:
259 vty_out(vty, "SAFI MPLS-labeled VPN");
260 break;
261 case SAFI_ENCAP:
262 vty_out(vty, "SAFI ENCAP");
263 break;
264 case SAFI_FLOWSPEC:
265 vty_out(vty, "SAFI FLOWSPEC");
266 break;
267 case SAFI_EVPN:
268 vty_out(vty, "SAFI EVPN");
269 break;
270 case SAFI_UNSPEC:
271 case SAFI_MAX:
272 vty_out(vty, "SAFI Unknown %d ",
273 mpc.safi);
274 break;
275 }
276 vty_out(vty, "\n");
277 }
278 } else if (hdr->code >= 128) {
279 if (use_json)
280 json_object_int_add(
281 json_cap,
282 "capabilityErrorVendorSpecificCapabilityCode",
283 hdr->code);
284 else
285 vty_out(vty,
286 " Capability error: vendor specific capability code %d",
287 hdr->code);
288 } else {
289 if (use_json)
290 json_object_int_add(
291 json_cap,
292 "capabilityErrorUnknownCapabilityCode",
293 hdr->code);
294 else
295 vty_out(vty,
296 " Capability error: unknown capability code %d",
297 hdr->code);
298 }
299 pnt += hdr->length + 2;
300 }
301 if (use_json)
302 json_object_object_add(json_neigh, "capabilityErrors",
303 json_cap);
304 }
305
306 static void bgp_capability_mp_data(struct stream *s,
307 struct capability_mp_data *mpc)
308 {
309 mpc->afi = stream_getw(s);
310 mpc->reserved = stream_getc(s);
311 mpc->safi = stream_getc(s);
312 }
313
314 /* Set negotiated capability value. */
315 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
316 {
317 struct capability_mp_data mpc;
318 struct stream *s = BGP_INPUT(peer);
319 afi_t afi;
320 safi_t safi;
321
322 /* Verify length is 4 */
323 if (hdr->length != 4) {
324 flog_warn(
325 EC_BGP_CAPABILITY_INVALID_LENGTH,
326 "MP Cap: Received invalid length %d, non-multiple of 4",
327 hdr->length);
328 return -1;
329 }
330
331 bgp_capability_mp_data(s, &mpc);
332
333 if (bgp_debug_neighbor_events(peer))
334 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
335 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
336 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
337
338 /* Convert AFI, SAFI to internal values, check. */
339 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
340 return -1;
341
342 /* Now safi remapped, and afi/safi are valid array indices */
343 peer->afc_recv[afi][safi] = 1;
344
345 if (peer->afc[afi][safi])
346 peer->afc_nego[afi][safi] = 1;
347 else
348 return -1;
349
350 return 0;
351 }
352
353 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
354 iana_safi_t safi, uint8_t type,
355 uint8_t mode)
356 {
357 if (bgp_debug_neighbor_events(peer))
358 zlog_debug(
359 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
360 peer->host, afi, safi, type, mode);
361 }
362
363 static const struct message orf_type_str[] = {
364 {ORF_TYPE_RESERVED, "Reserved"},
365 {ORF_TYPE_PREFIX, "Prefixlist"},
366 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
367 {0}};
368
369 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
370 {ORF_MODE_SEND, "Send"},
371 {ORF_MODE_BOTH, "Both"},
372 {0}};
373
374 static int bgp_capability_orf_entry(struct peer *peer,
375 struct capability_header *hdr)
376 {
377 struct stream *s = BGP_INPUT(peer);
378 struct capability_mp_data mpc;
379 uint8_t num;
380 iana_afi_t pkt_afi;
381 afi_t afi;
382 iana_safi_t pkt_safi;
383 safi_t safi;
384 uint8_t type;
385 uint8_t mode;
386 uint16_t sm_cap = 0; /* capability send-mode receive */
387 uint16_t rm_cap = 0; /* capability receive-mode receive */
388 int i;
389
390 /* ORF Entry header */
391 bgp_capability_mp_data(s, &mpc);
392 num = stream_getc(s);
393 pkt_afi = mpc.afi;
394 pkt_safi = mpc.safi;
395
396 if (bgp_debug_neighbor_events(peer))
397 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
398 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
399
400 /* Convert AFI, SAFI to internal values, check. */
401 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
402 zlog_info(
403 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
404 peer->host, pkt_afi, pkt_safi);
405 return 0;
406 }
407
408 mpc.afi = pkt_afi;
409 mpc.safi = safi;
410
411 /* validate number field */
412 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
413 zlog_info(
414 "%s ORF Capability entry length error, Cap length %u, num %u",
415 peer->host, hdr->length, num);
416 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
417 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
418 return -1;
419 }
420
421 for (i = 0; i < num; i++) {
422 type = stream_getc(s);
423 mode = stream_getc(s);
424
425 /* ORF Mode error check */
426 switch (mode) {
427 case ORF_MODE_BOTH:
428 case ORF_MODE_SEND:
429 case ORF_MODE_RECEIVE:
430 break;
431 default:
432 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
433 type, mode);
434 continue;
435 }
436 /* ORF Type and afi/safi error checks */
437 /* capcode versus type */
438 switch (hdr->code) {
439 case CAPABILITY_CODE_ORF:
440 switch (type) {
441 case ORF_TYPE_RESERVED:
442 if (bgp_debug_neighbor_events(peer))
443 zlog_debug(
444 "%s Addr-family %d/%d has reserved ORF type, ignoring",
445 peer->host, afi, safi);
446 break;
447 case ORF_TYPE_PREFIX:
448 break;
449 default:
450 bgp_capability_orf_not_support(
451 peer, pkt_afi, pkt_safi, type, mode);
452 continue;
453 }
454 break;
455 case CAPABILITY_CODE_ORF_OLD:
456 switch (type) {
457 case ORF_TYPE_RESERVED:
458 if (bgp_debug_neighbor_events(peer))
459 zlog_debug(
460 "%s Addr-family %d/%d has reserved ORF type, ignoring",
461 peer->host, afi, safi);
462 break;
463 case ORF_TYPE_PREFIX_OLD:
464 break;
465 default:
466 bgp_capability_orf_not_support(
467 peer, pkt_afi, pkt_safi, type, mode);
468 continue;
469 }
470 break;
471 default:
472 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
473 type, mode);
474 continue;
475 }
476
477 /* AFI vs SAFI */
478 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
479 || (afi == AFI_IP && safi == SAFI_MULTICAST)
480 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
481 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
482 type, mode);
483 continue;
484 }
485
486 if (bgp_debug_neighbor_events(peer))
487 zlog_debug(
488 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
489 peer->host,
490 lookup_msg(orf_type_str, type, NULL),
491 lookup_msg(orf_mode_str, mode, NULL),
492 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
493
494 if (hdr->code == CAPABILITY_CODE_ORF) {
495 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
496 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
497 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
498 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
499 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
500 } else {
501 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
502 type, mode);
503 continue;
504 }
505
506 switch (mode) {
507 case ORF_MODE_BOTH:
508 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
509 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
510 break;
511 case ORF_MODE_SEND:
512 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
513 break;
514 case ORF_MODE_RECEIVE:
515 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
516 break;
517 }
518 }
519 return 0;
520 }
521
522 static int bgp_capability_restart(struct peer *peer,
523 struct capability_header *caphdr)
524 {
525 struct stream *s = BGP_INPUT(peer);
526 uint16_t restart_flag_time;
527 size_t end = stream_get_getp(s) + caphdr->length;
528
529 /* Verify length is a multiple of 4 */
530 if ((caphdr->length - 2) % 4) {
531 flog_warn(
532 EC_BGP_CAPABILITY_INVALID_LENGTH,
533 "Restart Cap: Received invalid length %d, non-multiple of 4",
534 caphdr->length);
535 return -1;
536 }
537
538 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
539 restart_flag_time = stream_getw(s);
540
541 /* The most significant bit is defined in [RFC4724] as
542 * the Restart State ("R") bit.
543 */
544 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
545 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
546 else
547 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
548
549 /* The second most significant bit is defined in this
550 * document as the Graceful Notification ("N") bit.
551 */
552 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
553 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
554 else
555 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
556
557 UNSET_FLAG(restart_flag_time, 0xF000);
558 peer->v_gr_restart = restart_flag_time;
559
560 if (bgp_debug_neighbor_events(peer)) {
561 zlog_debug(
562 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
563 peer->host,
564 CHECK_FLAG(peer->cap,
565 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
566 ? " "
567 : " not ",
568 peer->v_gr_restart,
569 CHECK_FLAG(peer->cap,
570 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
571 ? "yes"
572 : "no");
573 }
574
575 while (stream_get_getp(s) + 4 <= end) {
576 afi_t afi;
577 safi_t safi;
578 iana_afi_t pkt_afi = stream_getw(s);
579 iana_safi_t pkt_safi = stream_getc(s);
580 uint8_t flag = stream_getc(s);
581
582 /* Convert AFI, SAFI to internal values, check. */
583 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
584 if (bgp_debug_neighbor_events(peer))
585 zlog_debug(
586 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
587 peer->host, iana_afi2str(pkt_afi),
588 iana_safi2str(pkt_safi));
589 } else if (!peer->afc[afi][safi]) {
590 if (bgp_debug_neighbor_events(peer))
591 zlog_debug(
592 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
593 peer->host, iana_afi2str(pkt_afi),
594 iana_safi2str(pkt_safi));
595 } else {
596 if (bgp_debug_neighbor_events(peer))
597 zlog_debug(
598 "%s Address family %s is%spreserved",
599 peer->host, get_afi_safi_str(afi, safi, false),
600 CHECK_FLAG(
601 peer->af_cap[afi][safi],
602 PEER_CAP_RESTART_AF_PRESERVE_RCV)
603 ? " "
604 : " not ");
605
606 SET_FLAG(peer->af_cap[afi][safi],
607 PEER_CAP_RESTART_AF_RCV);
608 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
609 SET_FLAG(peer->af_cap[afi][safi],
610 PEER_CAP_RESTART_AF_PRESERVE_RCV);
611 }
612 }
613 return 0;
614 }
615
616 static int bgp_capability_llgr(struct peer *peer,
617 struct capability_header *caphdr)
618 {
619 struct stream *s = BGP_INPUT(peer);
620 size_t end = stream_get_getp(s) + caphdr->length;
621
622 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
623
624 while (stream_get_getp(s) + 4 <= end) {
625 afi_t afi;
626 safi_t safi;
627 iana_afi_t pkt_afi = stream_getw(s);
628 iana_safi_t pkt_safi = stream_getc(s);
629 uint8_t flags = stream_getc(s);
630 uint32_t stale_time = stream_get3(s);
631
632 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
633 if (bgp_debug_neighbor_events(peer))
634 zlog_debug(
635 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
636 peer->host, iana_afi2str(pkt_afi),
637 iana_safi2str(pkt_safi));
638 } else if (!peer->afc[afi][safi]
639 || !CHECK_FLAG(peer->af_cap[afi][safi],
640 PEER_CAP_RESTART_AF_RCV)) {
641 if (bgp_debug_neighbor_events(peer))
642 zlog_debug(
643 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
644 peer->host, iana_afi2str(pkt_afi),
645 iana_safi2str(pkt_safi));
646 } else {
647 if (bgp_debug_neighbor_events(peer))
648 zlog_debug(
649 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
650 peer->host, iana_afi2str(pkt_afi),
651 iana_safi2str(pkt_safi), stale_time);
652
653 peer->llgr[afi][safi].flags = flags;
654 peer->llgr[afi][safi].stale_time =
655 MIN(stale_time, peer->bgp->llgr_stale_time);
656 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
657 }
658 }
659
660 return 0;
661 }
662
663 /* Unlike other capability parsing routines, this one returns 0 on error */
664 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
665 {
666 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
667
668 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
669 flog_err(EC_BGP_PKT_OPEN,
670 "%s AS4 capability has incorrect data length %d",
671 peer->host, hdr->length);
672 return 0;
673 }
674
675 as_t as4 = stream_getl(BGP_INPUT(peer));
676
677 if (BGP_DEBUG(as4, AS4))
678 zlog_debug(
679 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
680 peer->host, as4);
681 return as4;
682 }
683
684 static int bgp_capability_ext_message(struct peer *peer,
685 struct capability_header *hdr)
686 {
687 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
688 flog_err(
689 EC_BGP_PKT_OPEN,
690 "%s: BGP Extended Message capability has incorrect data length %d",
691 peer->host, hdr->length);
692 return -1;
693 }
694
695 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
696
697 return 0;
698 }
699
700 static int bgp_capability_addpath(struct peer *peer,
701 struct capability_header *hdr)
702 {
703 struct stream *s = BGP_INPUT(peer);
704 size_t end = stream_get_getp(s) + hdr->length;
705
706 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
707
708 /* Verify length is a multiple of 4 */
709 if (hdr->length % 4) {
710 flog_warn(
711 EC_BGP_CAPABILITY_INVALID_LENGTH,
712 "Add Path: Received invalid length %d, non-multiple of 4",
713 hdr->length);
714 return -1;
715 }
716
717 while (stream_get_getp(s) + 4 <= end) {
718 afi_t afi;
719 safi_t safi;
720 iana_afi_t pkt_afi = stream_getw(s);
721 iana_safi_t pkt_safi = stream_getc(s);
722 uint8_t send_receive = stream_getc(s);
723
724 if (bgp_debug_neighbor_events(peer))
725 zlog_debug(
726 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
727 peer->host,
728 lookup_msg(capcode_str, hdr->code, NULL),
729 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
730 (send_receive & BGP_ADDPATH_RX) ? ", receive"
731 : "",
732 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
733 : "");
734
735 /* Convert AFI, SAFI to internal values, check. */
736 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
737 if (bgp_debug_neighbor_events(peer))
738 zlog_debug(
739 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
740 peer->host, iana_afi2str(pkt_afi),
741 iana_safi2str(pkt_safi));
742 continue;
743 } else if (!peer->afc[afi][safi]) {
744 if (bgp_debug_neighbor_events(peer))
745 zlog_debug(
746 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
747 peer->host, iana_afi2str(pkt_afi),
748 iana_safi2str(pkt_safi));
749 continue;
750 }
751
752 if (send_receive & BGP_ADDPATH_RX)
753 SET_FLAG(peer->af_cap[afi][safi],
754 PEER_CAP_ADDPATH_AF_RX_RCV);
755
756 if (send_receive & BGP_ADDPATH_TX)
757 SET_FLAG(peer->af_cap[afi][safi],
758 PEER_CAP_ADDPATH_AF_TX_RCV);
759 }
760
761 return 0;
762 }
763
764 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
765 {
766 struct stream *s = BGP_INPUT(peer);
767 size_t end = stream_get_getp(s) + hdr->length;
768
769 /* Verify length is a multiple of 4 */
770 if (hdr->length % 6) {
771 flog_warn(
772 EC_BGP_CAPABILITY_INVALID_LENGTH,
773 "Extended NH: Received invalid length %d, non-multiple of 6",
774 hdr->length);
775 return -1;
776 }
777
778 while (stream_get_getp(s) + 6 <= end) {
779 iana_afi_t pkt_afi = stream_getw(s);
780 afi_t afi;
781 iana_safi_t pkt_safi = stream_getw(s);
782 safi_t safi;
783 iana_afi_t pkt_nh_afi = stream_getw(s);
784 afi_t nh_afi;
785
786 if (bgp_debug_neighbor_events(peer))
787 zlog_debug(
788 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
789 peer->host, iana_afi2str(pkt_afi),
790 iana_safi2str(pkt_safi), pkt_nh_afi);
791
792 /* Convert AFI, SAFI to internal values, check. */
793 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
794 if (bgp_debug_neighbor_events(peer))
795 zlog_debug(
796 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
797 peer->host, iana_afi2str(pkt_afi),
798 iana_safi2str(pkt_safi));
799 continue;
800 }
801
802 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
803 * with
804 * the Nexthop AFI being IPv6. A future spec may introduce other
805 * possibilities, so we ignore other values with a log. Also,
806 * only
807 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
808 * (and expected).
809 */
810 nh_afi = afi_iana2int(pkt_nh_afi);
811
812 if (afi != AFI_IP || nh_afi != AFI_IP6
813 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
814 || safi == SAFI_LABELED_UNICAST)) {
815 flog_warn(
816 EC_BGP_CAPABILITY_INVALID_DATA,
817 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
818 peer->host, iana_afi2str(pkt_afi),
819 iana_safi2str(pkt_safi), pkt_nh_afi);
820 continue;
821 }
822
823 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
824
825 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
826 SET_FLAG(peer->af_cap[afi][safi],
827 PEER_CAP_ENHE_AF_NEGO);
828 }
829
830 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
831
832 return 0;
833 }
834
835 static int bgp_capability_hostname(struct peer *peer,
836 struct capability_header *hdr)
837 {
838 struct stream *s = BGP_INPUT(peer);
839 char str[BGP_MAX_HOSTNAME + 1];
840 size_t end = stream_get_getp(s) + hdr->length;
841 uint8_t len;
842
843 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
844
845 len = stream_getc(s);
846 if (stream_get_getp(s) + len > end) {
847 flog_warn(
848 EC_BGP_CAPABILITY_INVALID_DATA,
849 "%s: Received malformed hostname capability from peer %s",
850 __func__, peer->host);
851 return -1;
852 }
853
854 if (len > BGP_MAX_HOSTNAME) {
855 stream_get(str, s, BGP_MAX_HOSTNAME);
856 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
857 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
858 } else if (len)
859 stream_get(str, s, len);
860
861 if (len) {
862 str[len] = '\0';
863
864 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
865 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
866
867 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
868 }
869
870 if (stream_get_getp(s) + 1 > end) {
871 flog_warn(
872 EC_BGP_CAPABILITY_INVALID_DATA,
873 "%s: Received invalid domain name len (hostname capability) from peer %s",
874 __func__, peer->host);
875 return -1;
876 }
877
878 len = stream_getc(s);
879 if (stream_get_getp(s) + len > end) {
880 flog_warn(
881 EC_BGP_CAPABILITY_INVALID_DATA,
882 "%s: Received runt domain name (hostname capability) from peer %s",
883 __func__, peer->host);
884 return -1;
885 }
886
887 if (len > BGP_MAX_HOSTNAME) {
888 stream_get(str, s, BGP_MAX_HOSTNAME);
889 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
890 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
891 } else if (len)
892 stream_get(str, s, len);
893
894 if (len) {
895 str[len] = '\0';
896
897 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
898
899 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
900 }
901
902 if (bgp_debug_neighbor_events(peer)) {
903 zlog_debug("%s received hostname %s, domainname %s", peer->host,
904 peer->hostname, peer->domainname);
905 }
906
907 return 0;
908 }
909
910 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
911 {
912 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
913 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
914 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
915 "Role: Received invalid length %d", hdr->length);
916 return -1;
917 }
918 uint8_t role = stream_getc(BGP_INPUT(peer));
919
920 peer->remote_role = role;
921 return 0;
922 }
923
924 /**
925 * Parse given capability.
926 * XXX: This is reading into a stream, but not using stream API
927 *
928 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
929 * capabilities were encountered.
930 */
931 static int bgp_capability_parse(struct peer *peer, size_t length,
932 int *mp_capability, uint8_t **error)
933 {
934 int ret;
935 struct stream *s = BGP_INPUT(peer);
936 size_t end = stream_get_getp(s) + length;
937 uint16_t restart_flag_time = 0;
938
939 assert(STREAM_READABLE(s) >= length);
940
941 while (stream_get_getp(s) < end) {
942 size_t start;
943 uint8_t *sp = stream_pnt(s);
944 struct capability_header caphdr;
945
946 ret = 0;
947 /* We need at least capability code and capability length. */
948 if (stream_get_getp(s) + 2 > end) {
949 zlog_info("%s Capability length error (< header)",
950 peer->host);
951 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
952 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
953 return -1;
954 }
955
956 caphdr.code = stream_getc(s);
957 caphdr.length = stream_getc(s);
958 start = stream_get_getp(s);
959
960 /* Capability length check sanity check. */
961 if (start + caphdr.length > end) {
962 zlog_info("%s Capability length error (< length)",
963 peer->host);
964 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
965 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
966 return -1;
967 }
968
969 if (bgp_debug_neighbor_events(peer))
970 zlog_debug("%s OPEN has %s capability (%u), length %u",
971 peer->host,
972 lookup_msg(capcode_str, caphdr.code, NULL),
973 caphdr.code, caphdr.length);
974
975 /* Length sanity check, type-specific, for known capabilities */
976 switch (caphdr.code) {
977 case CAPABILITY_CODE_MP:
978 case CAPABILITY_CODE_REFRESH:
979 case CAPABILITY_CODE_REFRESH_OLD:
980 case CAPABILITY_CODE_ORF:
981 case CAPABILITY_CODE_ORF_OLD:
982 case CAPABILITY_CODE_RESTART:
983 case CAPABILITY_CODE_AS4:
984 case CAPABILITY_CODE_ADDPATH:
985 case CAPABILITY_CODE_DYNAMIC:
986 case CAPABILITY_CODE_DYNAMIC_OLD:
987 case CAPABILITY_CODE_ENHE:
988 case CAPABILITY_CODE_FQDN:
989 case CAPABILITY_CODE_ENHANCED_RR:
990 case CAPABILITY_CODE_EXT_MESSAGE:
991 case CAPABILITY_CODE_ROLE:
992 /* Check length. */
993 if (caphdr.length < cap_minsizes[caphdr.code]) {
994 zlog_info(
995 "%s %s Capability length error: got %u, expected at least %u",
996 peer->host,
997 lookup_msg(capcode_str, caphdr.code,
998 NULL),
999 caphdr.length,
1000 (unsigned)cap_minsizes[caphdr.code]);
1001 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1002 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1003 return -1;
1004 }
1005 if (caphdr.length
1006 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1007 zlog_info(
1008 "%s %s Capability length error: got %u, expected a multiple of %u",
1009 peer->host,
1010 lookup_msg(capcode_str, caphdr.code,
1011 NULL),
1012 caphdr.length,
1013 (unsigned)cap_modsizes[caphdr.code]);
1014 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1015 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1016 return -1;
1017 }
1018 /* we deliberately ignore unknown codes, see below */
1019 default:
1020 break;
1021 }
1022
1023 switch (caphdr.code) {
1024 case CAPABILITY_CODE_MP: {
1025 *mp_capability = 1;
1026
1027 /* Ignore capability when override-capability is set. */
1028 if (!CHECK_FLAG(peer->flags,
1029 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1030 /* Set negotiated value. */
1031 ret = bgp_capability_mp(peer, &caphdr);
1032
1033 /* Unsupported Capability. */
1034 if (ret < 0) {
1035 /* Store return data. */
1036 memcpy(*error, sp, caphdr.length + 2);
1037 *error += caphdr.length + 2;
1038 }
1039 ret = 0; /* Don't return error for this */
1040 }
1041 } break;
1042 case CAPABILITY_CODE_ENHANCED_RR:
1043 case CAPABILITY_CODE_REFRESH:
1044 case CAPABILITY_CODE_REFRESH_OLD: {
1045 /* BGP refresh capability */
1046 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1047 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1048 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1049 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1050 else
1051 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1052 } break;
1053 case CAPABILITY_CODE_ORF:
1054 case CAPABILITY_CODE_ORF_OLD:
1055 ret = bgp_capability_orf_entry(peer, &caphdr);
1056 break;
1057 case CAPABILITY_CODE_RESTART:
1058 ret = bgp_capability_restart(peer, &caphdr);
1059 break;
1060 case CAPABILITY_CODE_LLGR:
1061 ret = bgp_capability_llgr(peer, &caphdr);
1062 break;
1063 case CAPABILITY_CODE_DYNAMIC:
1064 case CAPABILITY_CODE_DYNAMIC_OLD:
1065 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1066 break;
1067 case CAPABILITY_CODE_AS4:
1068 /* Already handled as a special-case parsing of the
1069 * capabilities
1070 * at the beginning of OPEN processing. So we care not a
1071 * jot
1072 * for the value really, only error case.
1073 */
1074 if (!bgp_capability_as4(peer, &caphdr))
1075 ret = -1;
1076 break;
1077 case CAPABILITY_CODE_ADDPATH:
1078 ret = bgp_capability_addpath(peer, &caphdr);
1079 break;
1080 case CAPABILITY_CODE_ENHE:
1081 ret = bgp_capability_enhe(peer, &caphdr);
1082 break;
1083 case CAPABILITY_CODE_EXT_MESSAGE:
1084 ret = bgp_capability_ext_message(peer, &caphdr);
1085 break;
1086 case CAPABILITY_CODE_FQDN:
1087 ret = bgp_capability_hostname(peer, &caphdr);
1088 break;
1089 case CAPABILITY_CODE_ROLE:
1090 ret = bgp_capability_role(peer, &caphdr);
1091 break;
1092 default:
1093 if (caphdr.code > 128) {
1094 /* We don't send Notification for unknown vendor
1095 specific
1096 capabilities. It seems reasonable for now...
1097 */
1098 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1099 "%s Vendor specific capability %d",
1100 peer->host, caphdr.code);
1101 } else {
1102 flog_warn(
1103 EC_BGP_CAPABILITY_UNKNOWN,
1104 "%s unrecognized capability code: %d - ignored",
1105 peer->host, caphdr.code);
1106 memcpy(*error, sp, caphdr.length + 2);
1107 *error += caphdr.length + 2;
1108 }
1109 }
1110
1111 if (ret < 0) {
1112 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1113 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1114 return -1;
1115 }
1116 if (stream_get_getp(s) != (start + caphdr.length)) {
1117 if (stream_get_getp(s) > (start + caphdr.length))
1118 flog_warn(
1119 EC_BGP_CAPABILITY_INVALID_LENGTH,
1120 "%s Cap-parser for %s read past cap-length, %u!",
1121 peer->host,
1122 lookup_msg(capcode_str, caphdr.code,
1123 NULL),
1124 caphdr.length);
1125 stream_set_getp(s, start + caphdr.length);
1126 }
1127
1128 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1129 UNSET_FLAG(restart_flag_time, 0xF000);
1130 peer->v_gr_restart = restart_flag_time;
1131 }
1132 }
1133 return 0;
1134 }
1135
1136 static bool strict_capability_same(struct peer *peer)
1137 {
1138 int i, j;
1139
1140 for (i = AFI_IP; i < AFI_MAX; i++)
1141 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1142 if (peer->afc[i][j] != peer->afc_nego[i][j])
1143 return false;
1144 return true;
1145 }
1146
1147
1148 static bool bgp_role_violation(struct peer *peer)
1149 {
1150 uint8_t local_role = peer->local_role;
1151 uint8_t remote_role = peer->remote_role;
1152
1153 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1154 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1155 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1156 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1157 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1158 (local_role == ROLE_RS_CLIENT &&
1159 remote_role == ROLE_RS_SERVER))) {
1160 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1161 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1162 return true;
1163 }
1164 if (remote_role == ROLE_UNDEFINED &&
1165 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1166 const char *err_msg =
1167 "Strict mode. Please set the role on your side.";
1168 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1169 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1170 (uint8_t *)err_msg, strlen(err_msg));
1171 return true;
1172 }
1173 return false;
1174 }
1175
1176
1177 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1178 * Returns 0 if no as4 found, as4cap value otherwise.
1179 */
1180 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1181 {
1182 struct stream *s = BGP_INPUT(peer);
1183 size_t orig_getp = stream_get_getp(s);
1184 size_t end = orig_getp + length;
1185 as_t as4 = 0;
1186
1187 if (BGP_DEBUG(as4, AS4))
1188 zlog_debug(
1189 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1190 peer->host, length);
1191 /* the error cases we DONT handle, we ONLY try to read as4 out of
1192 * correctly formatted options.
1193 */
1194 while (stream_get_getp(s) < end) {
1195 uint8_t opt_type;
1196 uint16_t opt_length;
1197
1198 /* Ensure we can read the option type */
1199 if (stream_get_getp(s) + 1 > end)
1200 goto end;
1201
1202 /* Fetch the option type */
1203 opt_type = stream_getc(s);
1204
1205 /*
1206 * Check the length and fetch the opt_length
1207 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1208 * then we do a getw which is 2 bytes. So we need to
1209 * ensure that we can read that as well
1210 */
1211 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1212 if (stream_get_getp(s) + 2 > end)
1213 goto end;
1214
1215 opt_length = stream_getw(s);
1216 } else {
1217 if (stream_get_getp(s) + 1 > end)
1218 goto end;
1219
1220 opt_length = stream_getc(s);
1221 }
1222
1223 /* Option length check. */
1224 if (stream_get_getp(s) + opt_length > end)
1225 goto end;
1226
1227 if (opt_type == BGP_OPEN_OPT_CAP) {
1228 unsigned long capd_start = stream_get_getp(s);
1229 unsigned long capd_end = capd_start + opt_length;
1230
1231 assert(capd_end <= end);
1232
1233 while (stream_get_getp(s) < capd_end) {
1234 struct capability_header hdr;
1235
1236 if (stream_get_getp(s) + 2 > capd_end)
1237 goto end;
1238
1239 hdr.code = stream_getc(s);
1240 hdr.length = stream_getc(s);
1241
1242 if ((stream_get_getp(s) + hdr.length)
1243 > capd_end)
1244 goto end;
1245
1246 if (hdr.code == CAPABILITY_CODE_AS4) {
1247 if (BGP_DEBUG(as4, AS4))
1248 zlog_debug(
1249 "[AS4] found AS4 capability, about to parse");
1250 as4 = bgp_capability_as4(peer, &hdr);
1251
1252 goto end;
1253 }
1254 stream_forward_getp(s, hdr.length);
1255 }
1256 }
1257 }
1258
1259 end:
1260 stream_set_getp(s, orig_getp);
1261 return as4;
1262 }
1263
1264 /**
1265 * Parse open option.
1266 *
1267 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1268 */
1269 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1270 int *mp_capability)
1271 {
1272 int ret = 0;
1273 uint8_t *error;
1274 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1275 struct stream *s = BGP_INPUT(peer);
1276 size_t end = stream_get_getp(s) + length;
1277
1278 error = error_data;
1279
1280 if (bgp_debug_neighbor_events(peer))
1281 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1282 peer->host, length);
1283
1284 /* Unset any previously received GR capability. */
1285 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1286
1287 while (stream_get_getp(s) < end) {
1288 uint8_t opt_type;
1289 uint16_t opt_length;
1290
1291 /*
1292 * Check that we can read the opt_type and fetch it
1293 */
1294 if (STREAM_READABLE(s) < 1) {
1295 zlog_info("%s Option length error", peer->host);
1296 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1297 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1298 return -1;
1299 }
1300 opt_type = stream_getc(s);
1301
1302 /*
1303 * Check the length of the stream to ensure that
1304 * FRR can properly read the opt_length. Then read it
1305 */
1306 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1307 if (STREAM_READABLE(s) < 2) {
1308 zlog_info("%s Option length error", peer->host);
1309 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1310 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1311 return -1;
1312 }
1313
1314 opt_length = stream_getw(s);
1315 } else {
1316 if (STREAM_READABLE(s) < 1) {
1317 zlog_info("%s Option length error", peer->host);
1318 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1319 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1320 return -1;
1321 }
1322
1323 opt_length = stream_getc(s);
1324 }
1325
1326 /* Option length check. */
1327 if (STREAM_READABLE(s) < opt_length) {
1328 zlog_info("%s Option length error (%d)", peer->host,
1329 opt_length);
1330 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1331 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1332 return -1;
1333 }
1334
1335 if (bgp_debug_neighbor_events(peer))
1336 zlog_debug(
1337 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1338 peer->host, opt_type,
1339 opt_type == BGP_OPEN_OPT_CAP ? "Capability"
1340 : "Unknown",
1341 opt_length);
1342
1343 switch (opt_type) {
1344 case BGP_OPEN_OPT_CAP:
1345 ret = bgp_capability_parse(peer, opt_length,
1346 mp_capability, &error);
1347 break;
1348 default:
1349 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1350 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1351 ret = -1;
1352 break;
1353 }
1354
1355 /* Parse error. To accumulate all unsupported capability codes,
1356 bgp_capability_parse does not return -1 when encounter
1357 unsupported capability code. To detect that, please check
1358 error and erro_data pointer, like below. */
1359 if (ret < 0)
1360 return -1;
1361 }
1362
1363 /* All OPEN option is parsed. Check capability when strict compare
1364 flag is enabled.*/
1365 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1366 /* If Unsupported Capability exists. */
1367 if (error != error_data) {
1368 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1369 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1370 error_data,
1371 error - error_data);
1372 return -1;
1373 }
1374
1375 /* Check local capability does not negotiated with remote
1376 peer. */
1377 if (!strict_capability_same(peer)) {
1378 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1379 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1380 return -1;
1381 }
1382 }
1383
1384 /* Extended Message Support */
1385 peer->max_packet_size =
1386 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1387 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1388 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1389 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1390
1391 /* Check that roles are corresponding to each other */
1392 if (bgp_role_violation(peer))
1393 return -1;
1394
1395 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1396 error. */
1397 if (*mp_capability
1398 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1399 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1400 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1401 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1402 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1403 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1404 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1405 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1406 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1407 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1408 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1409 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1410 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1411 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1412 flog_err(EC_BGP_PKT_OPEN,
1413 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1414 peer->host);
1415
1416 if (error != error_data)
1417 bgp_notify_send_with_data(
1418 peer, BGP_NOTIFY_OPEN_ERR,
1419 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1420 error - error_data);
1421 else
1422 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1423 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1424 return -1;
1425 }
1426 }
1427 return 0;
1428 }
1429
1430 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1431 afi_t afi, safi_t safi, uint8_t code,
1432 bool ext_opt_params)
1433 {
1434 uint16_t cap_len;
1435 uint8_t orf_len;
1436 unsigned long capp;
1437 unsigned long orfp;
1438 unsigned long numberp;
1439 int number_of_orfs = 0;
1440 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1441 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1442
1443 /* Convert AFI, SAFI to values for packet. */
1444 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1445
1446 stream_putc(s, BGP_OPEN_OPT_CAP);
1447 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1448 ext_opt_params ? stream_putw(s, 0)
1449 : stream_putc(s, 0); /* Capability Length */
1450 stream_putc(s, code); /* Capability Code */
1451 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1452 stream_putc(s, 0); /* ORF Length */
1453 stream_putw(s, pkt_afi);
1454 stream_putc(s, 0);
1455 stream_putc(s, pkt_safi);
1456 numberp = stream_get_endp(s); /* Set Number Pointer */
1457 stream_putc(s, 0); /* Number of ORFs */
1458
1459 /* Address Prefix ORF */
1460 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1461 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1462 stream_putc(s, (code == CAPABILITY_CODE_ORF
1463 ? ORF_TYPE_PREFIX
1464 : ORF_TYPE_PREFIX_OLD));
1465
1466 if (CHECK_FLAG(peer->af_flags[afi][safi],
1467 PEER_FLAG_ORF_PREFIX_SM)
1468 && CHECK_FLAG(peer->af_flags[afi][safi],
1469 PEER_FLAG_ORF_PREFIX_RM)) {
1470 SET_FLAG(peer->af_cap[afi][safi],
1471 PEER_CAP_ORF_PREFIX_SM_ADV);
1472 SET_FLAG(peer->af_cap[afi][safi],
1473 PEER_CAP_ORF_PREFIX_RM_ADV);
1474 stream_putc(s, ORF_MODE_BOTH);
1475 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1476 PEER_FLAG_ORF_PREFIX_SM)) {
1477 SET_FLAG(peer->af_cap[afi][safi],
1478 PEER_CAP_ORF_PREFIX_SM_ADV);
1479 stream_putc(s, ORF_MODE_SEND);
1480 } else {
1481 SET_FLAG(peer->af_cap[afi][safi],
1482 PEER_CAP_ORF_PREFIX_RM_ADV);
1483 stream_putc(s, ORF_MODE_RECEIVE);
1484 }
1485 number_of_orfs++;
1486 }
1487
1488 /* Total Number of ORFs. */
1489 stream_putc_at(s, numberp, number_of_orfs);
1490
1491 /* Total ORF Len. */
1492 orf_len = stream_get_endp(s) - orfp - 1;
1493 stream_putc_at(s, orfp, orf_len);
1494
1495 /* Total Capability Len. */
1496 cap_len = stream_get_endp(s) - capp - 1;
1497 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1498 : stream_putc_at(s, capp, cap_len);
1499 }
1500
1501 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1502 bool ext_opt_params)
1503 {
1504 int len;
1505 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1506 afi_t afi;
1507 safi_t safi;
1508 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1509 uint32_t restart_time;
1510 unsigned long capp = 0;
1511 unsigned long rcapp = 0;
1512
1513 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1514 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1515 return;
1516
1517 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1518 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1519 peer->host);
1520
1521 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1522 stream_putc(s, BGP_OPEN_OPT_CAP);
1523 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1524 ext_opt_params ? stream_putw(s, 0)
1525 : stream_putc(s, 0); /* Capability Length */
1526 stream_putc(s, CAPABILITY_CODE_RESTART);
1527 /* Set Restart Capability Len Pointer */
1528 rcapp = stream_get_endp(s);
1529 stream_putc(s, 0);
1530 restart_time = peer->bgp->restart_time;
1531 if (peer->bgp->t_startup) {
1532 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1533 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1534 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1535 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1536 peer->host);
1537 }
1538
1539 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1540 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1542 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1543 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1544 peer->host);
1545 }
1546
1547 stream_putw(s, restart_time);
1548
1549 /* Send address-family specific graceful-restart capability
1550 * only when GR config is present
1551 */
1552 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1553 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1554 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1555 zlog_debug("[BGP_GR] F bit Set");
1556
1557 FOREACH_AFI_SAFI (afi, safi) {
1558 if (!peer->afc[afi][safi])
1559 continue;
1560
1561 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1562 zlog_debug(
1563 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1564 afi, safi);
1565
1566 /* Convert AFI, SAFI to values for
1567 * packet.
1568 */
1569 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1570 &pkt_safi);
1571 stream_putw(s, pkt_afi);
1572 stream_putc(s, pkt_safi);
1573 if (CHECK_FLAG(peer->bgp->flags,
1574 BGP_FLAG_GR_PRESERVE_FWD))
1575 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1576 else
1577 stream_putc(s, 0);
1578 }
1579 }
1580
1581 /* Total Graceful restart capability Len. */
1582 len = stream_get_endp(s) - rcapp - 1;
1583 stream_putc_at(s, rcapp, len);
1584
1585 /* Total Capability Len. */
1586 len = stream_get_endp(s) - capp - 1;
1587 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1588 : stream_putc_at(s, capp, len);
1589 }
1590
1591 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1592 bool ext_opt_params)
1593 {
1594 int len;
1595 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1596 afi_t afi;
1597 safi_t safi;
1598 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1599 unsigned long capp = 0;
1600 unsigned long rcapp = 0;
1601
1602 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1603 return;
1604
1605 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1606
1607 stream_putc(s, BGP_OPEN_OPT_CAP);
1608 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1609 ext_opt_params ? stream_putw(s, 0)
1610 : stream_putc(s, 0); /* Capability Length */
1611 stream_putc(s, CAPABILITY_CODE_LLGR);
1612
1613 rcapp = stream_get_endp(s);
1614 stream_putc(s, 0);
1615
1616 FOREACH_AFI_SAFI (afi, safi) {
1617 if (!peer->afc[afi][safi])
1618 continue;
1619
1620 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1621
1622 stream_putw(s, pkt_afi);
1623 stream_putc(s, pkt_safi);
1624 stream_putc(s, LLGR_F_BIT);
1625 stream_put3(s, peer->bgp->llgr_stale_time);
1626
1627 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1628 }
1629
1630 /* Total Long-lived Graceful Restart capability Len. */
1631 len = stream_get_endp(s) - rcapp - 1;
1632 stream_putc_at(s, rcapp, len);
1633
1634 /* Total Capability Len. */
1635 len = stream_get_endp(s) - capp - 1;
1636 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1637 : stream_putc_at(s, capp, len);
1638 }
1639
1640 /* Fill in capability open option to the packet. */
1641 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1642 bool ext_opt_params)
1643 {
1644 uint16_t len;
1645 unsigned long cp, capp, rcapp, eopl = 0;
1646 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1647 afi_t afi;
1648 safi_t safi;
1649 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1650 as_t local_as;
1651 uint8_t afi_safi_count = 0;
1652 bool adv_addpath_tx = false;
1653
1654 /* Non-Ext OP Len. */
1655 cp = stream_get_endp(s);
1656 stream_putc(s, 0);
1657
1658 if (ext_opt_params) {
1659 /* Non-Ext OP Len. */
1660 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1661
1662 /* Non-Ext OP Type */
1663 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1664
1665 /* Extended Opt. Parm. Length */
1666 eopl = stream_get_endp(s);
1667 stream_putw(s, 0);
1668 }
1669
1670 /* Do not send capability. */
1671 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1672 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1673 return 0;
1674
1675 /* MP capability for configured AFI, SAFI */
1676 FOREACH_AFI_SAFI (afi, safi) {
1677 if (peer->afc[afi][safi]) {
1678 /* Convert AFI, SAFI to values for packet. */
1679 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1680 &pkt_safi);
1681
1682 peer->afc_adv[afi][safi] = 1;
1683 stream_putc(s, BGP_OPEN_OPT_CAP);
1684 ext_opt_params
1685 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1686 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1687 stream_putc(s, CAPABILITY_CODE_MP);
1688 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1689 stream_putw(s, pkt_afi);
1690 stream_putc(s, 0);
1691 stream_putc(s, pkt_safi);
1692
1693 /* Extended nexthop capability - currently
1694 * supporting RFC-5549 for
1695 * Link-Local peering only
1696 */
1697 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1698 && peer->su.sa.sa_family == AF_INET6
1699 && afi == AFI_IP
1700 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1701 || safi == SAFI_LABELED_UNICAST)) {
1702 /* RFC 5549 Extended Next Hop Encoding
1703 */
1704 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1705 stream_putc(s, BGP_OPEN_OPT_CAP);
1706 ext_opt_params
1707 ? stream_putw(s,
1708 CAPABILITY_CODE_ENHE_LEN
1709 + 2)
1710 : stream_putc(s,
1711 CAPABILITY_CODE_ENHE_LEN
1712 + 2);
1713 stream_putc(s, CAPABILITY_CODE_ENHE);
1714 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1715
1716 SET_FLAG(peer->af_cap[AFI_IP][safi],
1717 PEER_CAP_ENHE_AF_ADV);
1718 stream_putw(s, pkt_afi);
1719 stream_putw(s, pkt_safi);
1720 stream_putw(s, afi_int2iana(AFI_IP6));
1721
1722 if (CHECK_FLAG(peer->af_cap[afi][safi],
1723 PEER_CAP_ENHE_AF_RCV))
1724 SET_FLAG(peer->af_cap[afi][safi],
1725 PEER_CAP_ENHE_AF_NEGO);
1726 }
1727 }
1728 }
1729
1730 /* Route refresh. */
1731 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1732 stream_putc(s, BGP_OPEN_OPT_CAP);
1733 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1734 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1735 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1736 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1737 stream_putc(s, BGP_OPEN_OPT_CAP);
1738 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1739 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1740 stream_putc(s, CAPABILITY_CODE_REFRESH);
1741 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1742
1743 /* Enhanced Route Refresh. */
1744 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1745 stream_putc(s, BGP_OPEN_OPT_CAP);
1746 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1747 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1748 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1749 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1750
1751 /* AS4 */
1752 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1753 stream_putc(s, BGP_OPEN_OPT_CAP);
1754 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1755 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1756 stream_putc(s, CAPABILITY_CODE_AS4);
1757 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1758 if (peer->change_local_as)
1759 local_as = peer->change_local_as;
1760 else
1761 local_as = peer->local_as;
1762 stream_putl(s, local_as);
1763
1764 /* Extended Message Support */
1765 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1766 stream_putc(s, BGP_OPEN_OPT_CAP);
1767 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1768 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1769 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1770 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1771
1772 /* Role*/
1773 if (peer->local_role != ROLE_UNDEFINED) {
1774 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1775 stream_putc(s, BGP_OPEN_OPT_CAP);
1776 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1777 stream_putc(s, CAPABILITY_CODE_ROLE);
1778 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1779 stream_putc(s, peer->local_role);
1780 }
1781
1782 /* AddPath */
1783 FOREACH_AFI_SAFI (afi, safi) {
1784 if (peer->afc[afi][safi]) {
1785 afi_safi_count++;
1786
1787 /* Only advertise addpath TX if a feature that
1788 * will use it is
1789 * configured */
1790 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1791 adv_addpath_tx = true;
1792
1793 /* If we have enabled labeled unicast, we MUST check
1794 * against unicast SAFI because addpath IDs are
1795 * allocated under unicast SAFI, the same as the RIB
1796 * is managed in unicast SAFI.
1797 */
1798 if (safi == SAFI_LABELED_UNICAST)
1799 if (peer->addpath_type[afi][SAFI_UNICAST] !=
1800 BGP_ADDPATH_NONE)
1801 adv_addpath_tx = true;
1802 }
1803 }
1804
1805 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1806 stream_putc(s, BGP_OPEN_OPT_CAP);
1807 ext_opt_params
1808 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1809 + 2)
1810 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1811 + 2);
1812 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1813 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1814
1815 FOREACH_AFI_SAFI (afi, safi) {
1816 if (peer->afc[afi][safi]) {
1817 bool adv_addpath_rx =
1818 !CHECK_FLAG(peer->af_flags[afi][safi],
1819 PEER_FLAG_DISABLE_ADDPATH_RX);
1820 uint8_t flags = 0;
1821
1822 /* Convert AFI, SAFI to values for packet. */
1823 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1824 &pkt_safi);
1825
1826 stream_putw(s, pkt_afi);
1827 stream_putc(s, pkt_safi);
1828
1829 if (adv_addpath_rx) {
1830 SET_FLAG(flags, BGP_ADDPATH_RX);
1831 SET_FLAG(peer->af_cap[afi][safi],
1832 PEER_CAP_ADDPATH_AF_RX_ADV);
1833 } else {
1834 UNSET_FLAG(peer->af_cap[afi][safi],
1835 PEER_CAP_ADDPATH_AF_RX_ADV);
1836 }
1837
1838 if (adv_addpath_tx) {
1839 SET_FLAG(flags, BGP_ADDPATH_TX);
1840 SET_FLAG(peer->af_cap[afi][safi],
1841 PEER_CAP_ADDPATH_AF_TX_ADV);
1842 if (safi == SAFI_LABELED_UNICAST)
1843 SET_FLAG(
1844 peer->af_cap[afi][SAFI_UNICAST],
1845 PEER_CAP_ADDPATH_AF_TX_ADV);
1846 } else {
1847 UNSET_FLAG(peer->af_cap[afi][safi],
1848 PEER_CAP_ADDPATH_AF_TX_ADV);
1849 }
1850
1851 stream_putc(s, flags);
1852 }
1853 }
1854
1855 /* ORF capability. */
1856 FOREACH_AFI_SAFI (afi, safi) {
1857 if (CHECK_FLAG(peer->af_flags[afi][safi],
1858 PEER_FLAG_ORF_PREFIX_SM)
1859 || CHECK_FLAG(peer->af_flags[afi][safi],
1860 PEER_FLAG_ORF_PREFIX_RM)) {
1861 bgp_open_capability_orf(s, peer, afi, safi,
1862 CAPABILITY_CODE_ORF_OLD,
1863 ext_opt_params);
1864 bgp_open_capability_orf(s, peer, afi, safi,
1865 CAPABILITY_CODE_ORF,
1866 ext_opt_params);
1867 }
1868 }
1869
1870 /* Dynamic capability. */
1871 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1872 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1873 stream_putc(s, BGP_OPEN_OPT_CAP);
1874 ext_opt_params
1875 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1876 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1877 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1878 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1879 stream_putc(s, BGP_OPEN_OPT_CAP);
1880 ext_opt_params
1881 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1882 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1883 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1884 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1885 }
1886
1887 /* Hostname capability */
1888 if (cmd_hostname_get()) {
1889 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1890 stream_putc(s, BGP_OPEN_OPT_CAP);
1891 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1892 ext_opt_params ? stream_putw(s, 0)
1893 : stream_putc(s, 0); /* Capability Length */
1894 stream_putc(s, CAPABILITY_CODE_FQDN);
1895 capp = stream_get_endp(s);
1896 stream_putc(s, 0); /* dummy len for now */
1897 len = strlen(cmd_hostname_get());
1898 if (len > BGP_MAX_HOSTNAME)
1899 len = BGP_MAX_HOSTNAME;
1900
1901 stream_putc(s, len);
1902 stream_put(s, cmd_hostname_get(), len);
1903 if (cmd_domainname_get()) {
1904 len = strlen(cmd_domainname_get());
1905 if (len > BGP_MAX_HOSTNAME)
1906 len = BGP_MAX_HOSTNAME;
1907
1908 stream_putc(s, len);
1909 stream_put(s, cmd_domainname_get(), len);
1910 } else
1911 stream_putc(s, 0); /* 0 length */
1912
1913 /* Set the lengths straight */
1914 len = stream_get_endp(s) - rcapp - 1;
1915 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1916 : stream_putc_at(s, rcapp, len);
1917
1918 len = stream_get_endp(s) - capp - 1;
1919 stream_putc_at(s, capp, len);
1920
1921 if (bgp_debug_neighbor_events(peer))
1922 zlog_debug(
1923 "%s Sending hostname cap with hn = %s, dn = %s",
1924 peer->host, cmd_hostname_get(),
1925 cmd_domainname_get());
1926 }
1927
1928 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1929 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1930
1931 /* Total Opt Parm Len. */
1932 len = stream_get_endp(s) - cp - 1;
1933
1934 if (ext_opt_params) {
1935 len = stream_get_endp(s) - eopl - 2;
1936 stream_putw_at(s, eopl, len);
1937 } else {
1938 stream_putc_at(s, cp, len);
1939 }
1940
1941 return len;
1942 }
FRRouting mirror