]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #10405 from kanaya516/feature/adj-sid-yang
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE, "Role"},
62 {0}};
63
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
82 };
83
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89 static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
104 [CAPABILITY_CODE_LLGR] = 1,
105 [CAPABILITY_CODE_ROLE] = 1,
106 };
107
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
117
118 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
120 {
121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 default:
171 json_object_int_add(
172 json_cap,
173 "capabilityErrorMultiProtocolAfiUnknown",
174 ntohs(mpc.afi));
175 break;
176 }
177 switch (safi) {
178 case SAFI_UNICAST:
179 json_object_string_add(
180 json_cap,
181 "capabilityErrorMultiProtocolSafi",
182 "unicast");
183 break;
184 case SAFI_MULTICAST:
185 json_object_string_add(
186 json_cap,
187 "capabilityErrorMultiProtocolSafi",
188 "multicast");
189 break;
190 case SAFI_LABELED_UNICAST:
191 json_object_string_add(
192 json_cap,
193 "capabilityErrorMultiProtocolSafi",
194 "labeled-unicast");
195 break;
196 case SAFI_MPLS_VPN:
197 json_object_string_add(
198 json_cap,
199 "capabilityErrorMultiProtocolSafi",
200 "MPLS-labeled VPN");
201 break;
202 case SAFI_ENCAP:
203 json_object_string_add(
204 json_cap,
205 "capabilityErrorMultiProtocolSafi",
206 "encap");
207 break;
208 case SAFI_EVPN:
209 json_object_string_add(
210 json_cap,
211 "capabilityErrorMultiProtocolSafi",
212 "EVPN");
213 break;
214 case SAFI_FLOWSPEC:
215 json_object_string_add(
216 json_cap,
217 "capabilityErrorMultiProtocolSafi",
218 "flowspec");
219 break;
220 default:
221 json_object_int_add(
222 json_cap,
223 "capabilityErrorMultiProtocolSafiUnknown",
224 mpc.safi);
225 break;
226 }
227 } else {
228 vty_out(vty,
229 " Capability error for: Multi protocol ");
230 switch (afi) {
231 case AFI_IP:
232 vty_out(vty, "AFI IPv4, ");
233 break;
234 case AFI_IP6:
235 vty_out(vty, "AFI IPv6, ");
236 break;
237 case AFI_L2VPN:
238 vty_out(vty, "AFI L2VPN, ");
239 break;
240 default:
241 vty_out(vty, "AFI Unknown %d, ",
242 ntohs(mpc.afi));
243 break;
244 }
245 switch (safi) {
246 case SAFI_UNICAST:
247 vty_out(vty, "SAFI Unicast");
248 break;
249 case SAFI_MULTICAST:
250 vty_out(vty, "SAFI Multicast");
251 break;
252 case SAFI_LABELED_UNICAST:
253 vty_out(vty, "SAFI Labeled-unicast");
254 break;
255 case SAFI_MPLS_VPN:
256 vty_out(vty, "SAFI MPLS-labeled VPN");
257 break;
258 case SAFI_ENCAP:
259 vty_out(vty, "SAFI ENCAP");
260 break;
261 case SAFI_FLOWSPEC:
262 vty_out(vty, "SAFI FLOWSPEC");
263 break;
264 case SAFI_EVPN:
265 vty_out(vty, "SAFI EVPN");
266 break;
267 default:
268 vty_out(vty, "SAFI Unknown %d ",
269 mpc.safi);
270 break;
271 }
272 vty_out(vty, "\n");
273 }
274 } else if (hdr->code >= 128) {
275 if (use_json)
276 json_object_int_add(
277 json_cap,
278 "capabilityErrorVendorSpecificCapabilityCode",
279 hdr->code);
280 else
281 vty_out(vty,
282 " Capability error: vendor specific capability code %d",
283 hdr->code);
284 } else {
285 if (use_json)
286 json_object_int_add(
287 json_cap,
288 "capabilityErrorUnknownCapabilityCode",
289 hdr->code);
290 else
291 vty_out(vty,
292 " Capability error: unknown capability code %d",
293 hdr->code);
294 }
295 pnt += hdr->length + 2;
296 }
297 if (use_json)
298 json_object_object_add(json_neigh, "capabilityErrors",
299 json_cap);
300 }
301
302 static void bgp_capability_mp_data(struct stream *s,
303 struct capability_mp_data *mpc)
304 {
305 mpc->afi = stream_getw(s);
306 mpc->reserved = stream_getc(s);
307 mpc->safi = stream_getc(s);
308 }
309
310 /* Set negotiated capability value. */
311 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
312 {
313 struct capability_mp_data mpc;
314 struct stream *s = BGP_INPUT(peer);
315 afi_t afi;
316 safi_t safi;
317
318 /* Verify length is 4 */
319 if (hdr->length != 4) {
320 flog_warn(
321 EC_BGP_CAPABILITY_INVALID_LENGTH,
322 "MP Cap: Received invalid length %d, non-multiple of 4",
323 hdr->length);
324 return -1;
325 }
326
327 bgp_capability_mp_data(s, &mpc);
328
329 if (bgp_debug_neighbor_events(peer))
330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
332 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
333
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
336 return -1;
337
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer->afc_recv[afi][safi] = 1;
340
341 if (peer->afc[afi][safi])
342 peer->afc_nego[afi][safi] = 1;
343 else
344 return -1;
345
346 return 0;
347 }
348
349 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
350 iana_safi_t safi, uint8_t type,
351 uint8_t mode)
352 {
353 if (bgp_debug_neighbor_events(peer))
354 zlog_debug(
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer->host, afi, safi, type, mode);
357 }
358
359 static const struct message orf_type_str[] = {
360 {ORF_TYPE_RESERVED, "Reserved"},
361 {ORF_TYPE_PREFIX, "Prefixlist"},
362 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
363 {0}};
364
365 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
366 {ORF_MODE_SEND, "Send"},
367 {ORF_MODE_BOTH, "Both"},
368 {0}};
369
370 static int bgp_capability_orf_entry(struct peer *peer,
371 struct capability_header *hdr)
372 {
373 struct stream *s = BGP_INPUT(peer);
374 struct capability_mp_data mpc;
375 uint8_t num;
376 iana_afi_t pkt_afi;
377 afi_t afi;
378 iana_safi_t pkt_safi;
379 safi_t safi;
380 uint8_t type;
381 uint8_t mode;
382 uint16_t sm_cap = 0; /* capability send-mode receive */
383 uint16_t rm_cap = 0; /* capability receive-mode receive */
384 int i;
385
386 /* ORF Entry header */
387 bgp_capability_mp_data(s, &mpc);
388 num = stream_getc(s);
389 pkt_afi = mpc.afi;
390 pkt_safi = mpc.safi;
391
392 if (bgp_debug_neighbor_events(peer))
393 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
394 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
395
396 /* Convert AFI, SAFI to internal values, check. */
397 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
398 zlog_info(
399 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
400 peer->host, pkt_afi, pkt_safi);
401 return 0;
402 }
403
404 mpc.afi = pkt_afi;
405 mpc.safi = safi;
406
407 /* validate number field */
408 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
409 zlog_info(
410 "%s ORF Capability entry length error, Cap length %u, num %u",
411 peer->host, hdr->length, num);
412 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
413 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
414 return -1;
415 }
416
417 for (i = 0; i < num; i++) {
418 type = stream_getc(s);
419 mode = stream_getc(s);
420
421 /* ORF Mode error check */
422 switch (mode) {
423 case ORF_MODE_BOTH:
424 case ORF_MODE_SEND:
425 case ORF_MODE_RECEIVE:
426 break;
427 default:
428 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
429 type, mode);
430 continue;
431 }
432 /* ORF Type and afi/safi error checks */
433 /* capcode versus type */
434 switch (hdr->code) {
435 case CAPABILITY_CODE_ORF:
436 switch (type) {
437 case ORF_TYPE_RESERVED:
438 if (bgp_debug_neighbor_events(peer))
439 zlog_debug(
440 "%s Addr-family %d/%d has reserved ORF type, ignoring",
441 peer->host, afi, safi);
442 break;
443 case ORF_TYPE_PREFIX:
444 break;
445 default:
446 bgp_capability_orf_not_support(
447 peer, pkt_afi, pkt_safi, type, mode);
448 continue;
449 }
450 break;
451 case CAPABILITY_CODE_ORF_OLD:
452 switch (type) {
453 case ORF_TYPE_RESERVED:
454 if (bgp_debug_neighbor_events(peer))
455 zlog_debug(
456 "%s Addr-family %d/%d has reserved ORF type, ignoring",
457 peer->host, afi, safi);
458 break;
459 case ORF_TYPE_PREFIX_OLD:
460 break;
461 default:
462 bgp_capability_orf_not_support(
463 peer, pkt_afi, pkt_safi, type, mode);
464 continue;
465 }
466 break;
467 default:
468 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
469 type, mode);
470 continue;
471 }
472
473 /* AFI vs SAFI */
474 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
475 || (afi == AFI_IP && safi == SAFI_MULTICAST)
476 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
477 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
478 type, mode);
479 continue;
480 }
481
482 if (bgp_debug_neighbor_events(peer))
483 zlog_debug(
484 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
485 peer->host,
486 lookup_msg(orf_type_str, type, NULL),
487 lookup_msg(orf_mode_str, mode, NULL),
488 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
489
490 if (hdr->code == CAPABILITY_CODE_ORF) {
491 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
492 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
493 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
494 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
495 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
496 } else {
497 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
498 type, mode);
499 continue;
500 }
501
502 switch (mode) {
503 case ORF_MODE_BOTH:
504 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
505 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
506 break;
507 case ORF_MODE_SEND:
508 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
509 break;
510 case ORF_MODE_RECEIVE:
511 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
512 break;
513 }
514 }
515 return 0;
516 }
517
518 static int bgp_capability_restart(struct peer *peer,
519 struct capability_header *caphdr)
520 {
521 struct stream *s = BGP_INPUT(peer);
522 uint16_t restart_flag_time;
523 size_t end = stream_get_getp(s) + caphdr->length;
524
525 /* Verify length is a multiple of 4 */
526 if ((caphdr->length - 2) % 4) {
527 flog_warn(
528 EC_BGP_CAPABILITY_INVALID_LENGTH,
529 "Restart Cap: Received invalid length %d, non-multiple of 4",
530 caphdr->length);
531 return -1;
532 }
533
534 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
535 restart_flag_time = stream_getw(s);
536
537 /* The most significant bit is defined in [RFC4724] as
538 * the Restart State ("R") bit.
539 */
540 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
542 else
543 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
544
545 /* The second most significant bit is defined in this
546 * document as the Graceful Notification ("N") bit.
547 */
548 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
549 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
550 else
551 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
552
553 UNSET_FLAG(restart_flag_time, 0xF000);
554 peer->v_gr_restart = restart_flag_time;
555
556 if (bgp_debug_neighbor_events(peer)) {
557 zlog_debug(
558 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
559 peer->host,
560 CHECK_FLAG(peer->cap,
561 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
562 ? " "
563 : " not ",
564 peer->v_gr_restart,
565 CHECK_FLAG(peer->cap,
566 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
567 ? "yes"
568 : "no");
569 }
570
571 while (stream_get_getp(s) + 4 <= end) {
572 afi_t afi;
573 safi_t safi;
574 iana_afi_t pkt_afi = stream_getw(s);
575 iana_safi_t pkt_safi = stream_getc(s);
576 uint8_t flag = stream_getc(s);
577
578 /* Convert AFI, SAFI to internal values, check. */
579 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
580 if (bgp_debug_neighbor_events(peer))
581 zlog_debug(
582 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
583 peer->host, iana_afi2str(pkt_afi),
584 iana_safi2str(pkt_safi));
585 } else if (!peer->afc[afi][safi]) {
586 if (bgp_debug_neighbor_events(peer))
587 zlog_debug(
588 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
589 peer->host, iana_afi2str(pkt_afi),
590 iana_safi2str(pkt_safi));
591 } else {
592 if (bgp_debug_neighbor_events(peer))
593 zlog_debug(
594 "%s Address family %s is%spreserved",
595 peer->host, get_afi_safi_str(afi, safi, false),
596 CHECK_FLAG(
597 peer->af_cap[afi][safi],
598 PEER_CAP_RESTART_AF_PRESERVE_RCV)
599 ? " "
600 : " not ");
601
602 SET_FLAG(peer->af_cap[afi][safi],
603 PEER_CAP_RESTART_AF_RCV);
604 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
605 SET_FLAG(peer->af_cap[afi][safi],
606 PEER_CAP_RESTART_AF_PRESERVE_RCV);
607 }
608 }
609 return 0;
610 }
611
612 static int bgp_capability_llgr(struct peer *peer,
613 struct capability_header *caphdr)
614 {
615 struct stream *s = BGP_INPUT(peer);
616 size_t end = stream_get_getp(s) + caphdr->length;
617
618 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
619
620 while (stream_get_getp(s) + 4 <= end) {
621 afi_t afi;
622 safi_t safi;
623 iana_afi_t pkt_afi = stream_getw(s);
624 iana_safi_t pkt_safi = stream_getc(s);
625 uint8_t flags = stream_getc(s);
626 uint32_t stale_time = stream_get3(s);
627
628 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
629 if (bgp_debug_neighbor_events(peer))
630 zlog_debug(
631 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
632 peer->host, iana_afi2str(pkt_afi),
633 iana_safi2str(pkt_safi));
634 } else if (!peer->afc[afi][safi]
635 || !CHECK_FLAG(peer->af_cap[afi][safi],
636 PEER_CAP_RESTART_AF_RCV)) {
637 if (bgp_debug_neighbor_events(peer))
638 zlog_debug(
639 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
640 peer->host, iana_afi2str(pkt_afi),
641 iana_safi2str(pkt_safi));
642 } else {
643 if (bgp_debug_neighbor_events(peer))
644 zlog_debug(
645 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
646 peer->host, iana_afi2str(pkt_afi),
647 iana_safi2str(pkt_safi), stale_time);
648
649 peer->llgr[afi][safi].flags = flags;
650 peer->llgr[afi][safi].stale_time =
651 MIN(stale_time, peer->bgp->llgr_stale_time);
652 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
653 }
654 }
655
656 return 0;
657 }
658
659 /* Unlike other capability parsing routines, this one returns 0 on error */
660 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
661 {
662 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
663
664 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
665 flog_err(EC_BGP_PKT_OPEN,
666 "%s AS4 capability has incorrect data length %d",
667 peer->host, hdr->length);
668 return 0;
669 }
670
671 as_t as4 = stream_getl(BGP_INPUT(peer));
672
673 if (BGP_DEBUG(as4, AS4))
674 zlog_debug(
675 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
676 peer->host, as4);
677 return as4;
678 }
679
680 static int bgp_capability_ext_message(struct peer *peer,
681 struct capability_header *hdr)
682 {
683 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
684 flog_err(
685 EC_BGP_PKT_OPEN,
686 "%s: BGP Extended Message capability has incorrect data length %d",
687 peer->host, hdr->length);
688 return -1;
689 }
690
691 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
692
693 return 0;
694 }
695
696 static int bgp_capability_addpath(struct peer *peer,
697 struct capability_header *hdr)
698 {
699 struct stream *s = BGP_INPUT(peer);
700 size_t end = stream_get_getp(s) + hdr->length;
701
702 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
703
704 /* Verify length is a multiple of 4 */
705 if (hdr->length % 4) {
706 flog_warn(
707 EC_BGP_CAPABILITY_INVALID_LENGTH,
708 "Add Path: Received invalid length %d, non-multiple of 4",
709 hdr->length);
710 return -1;
711 }
712
713 while (stream_get_getp(s) + 4 <= end) {
714 afi_t afi;
715 safi_t safi;
716 iana_afi_t pkt_afi = stream_getw(s);
717 iana_safi_t pkt_safi = stream_getc(s);
718 uint8_t send_receive = stream_getc(s);
719
720 if (bgp_debug_neighbor_events(peer))
721 zlog_debug(
722 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
723 peer->host,
724 lookup_msg(capcode_str, hdr->code, NULL),
725 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
726 (send_receive & BGP_ADDPATH_RX) ? ", receive"
727 : "",
728 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
729 : "");
730
731 /* Convert AFI, SAFI to internal values, check. */
732 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
733 if (bgp_debug_neighbor_events(peer))
734 zlog_debug(
735 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
736 peer->host, iana_afi2str(pkt_afi),
737 iana_safi2str(pkt_safi));
738 continue;
739 } else if (!peer->afc[afi][safi]) {
740 if (bgp_debug_neighbor_events(peer))
741 zlog_debug(
742 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
743 peer->host, iana_afi2str(pkt_afi),
744 iana_safi2str(pkt_safi));
745 continue;
746 }
747
748 if (send_receive & BGP_ADDPATH_RX)
749 SET_FLAG(peer->af_cap[afi][safi],
750 PEER_CAP_ADDPATH_AF_RX_RCV);
751
752 if (send_receive & BGP_ADDPATH_TX)
753 SET_FLAG(peer->af_cap[afi][safi],
754 PEER_CAP_ADDPATH_AF_TX_RCV);
755 }
756
757 return 0;
758 }
759
760 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
761 {
762 struct stream *s = BGP_INPUT(peer);
763 size_t end = stream_get_getp(s) + hdr->length;
764
765 /* Verify length is a multiple of 4 */
766 if (hdr->length % 6) {
767 flog_warn(
768 EC_BGP_CAPABILITY_INVALID_LENGTH,
769 "Extended NH: Received invalid length %d, non-multiple of 6",
770 hdr->length);
771 return -1;
772 }
773
774 while (stream_get_getp(s) + 6 <= end) {
775 iana_afi_t pkt_afi = stream_getw(s);
776 afi_t afi;
777 iana_safi_t pkt_safi = stream_getw(s);
778 safi_t safi;
779 iana_afi_t pkt_nh_afi = stream_getw(s);
780 afi_t nh_afi;
781
782 if (bgp_debug_neighbor_events(peer))
783 zlog_debug(
784 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
785 peer->host, iana_afi2str(pkt_afi),
786 iana_safi2str(pkt_safi), pkt_nh_afi);
787
788 /* Convert AFI, SAFI to internal values, check. */
789 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
790 if (bgp_debug_neighbor_events(peer))
791 zlog_debug(
792 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
793 peer->host, iana_afi2str(pkt_afi),
794 iana_safi2str(pkt_safi));
795 continue;
796 }
797
798 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
799 * with
800 * the Nexthop AFI being IPv6. A future spec may introduce other
801 * possibilities, so we ignore other values with a log. Also,
802 * only
803 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
804 * (and expected).
805 */
806 nh_afi = afi_iana2int(pkt_nh_afi);
807
808 if (afi != AFI_IP || nh_afi != AFI_IP6
809 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
810 || safi == SAFI_LABELED_UNICAST)) {
811 flog_warn(
812 EC_BGP_CAPABILITY_INVALID_DATA,
813 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
814 peer->host, iana_afi2str(pkt_afi),
815 iana_safi2str(pkt_safi), pkt_nh_afi);
816 continue;
817 }
818
819 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
820
821 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
822 SET_FLAG(peer->af_cap[afi][safi],
823 PEER_CAP_ENHE_AF_NEGO);
824 }
825
826 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
827
828 return 0;
829 }
830
831 static int bgp_capability_hostname(struct peer *peer,
832 struct capability_header *hdr)
833 {
834 struct stream *s = BGP_INPUT(peer);
835 char str[BGP_MAX_HOSTNAME + 1];
836 size_t end = stream_get_getp(s) + hdr->length;
837 uint8_t len;
838
839 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
840
841 len = stream_getc(s);
842 if (stream_get_getp(s) + len > end) {
843 flog_warn(
844 EC_BGP_CAPABILITY_INVALID_DATA,
845 "%s: Received malformed hostname capability from peer %s",
846 __func__, peer->host);
847 return -1;
848 }
849
850 if (len > BGP_MAX_HOSTNAME) {
851 stream_get(str, s, BGP_MAX_HOSTNAME);
852 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
853 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
854 } else if (len)
855 stream_get(str, s, len);
856
857 if (len) {
858 str[len] = '\0';
859
860 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
861 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
862
863 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
864 }
865
866 if (stream_get_getp(s) + 1 > end) {
867 flog_warn(
868 EC_BGP_CAPABILITY_INVALID_DATA,
869 "%s: Received invalid domain name len (hostname capability) from peer %s",
870 __func__, peer->host);
871 return -1;
872 }
873
874 len = stream_getc(s);
875 if (stream_get_getp(s) + len > end) {
876 flog_warn(
877 EC_BGP_CAPABILITY_INVALID_DATA,
878 "%s: Received runt domain name (hostname capability) from peer %s",
879 __func__, peer->host);
880 return -1;
881 }
882
883 if (len > BGP_MAX_HOSTNAME) {
884 stream_get(str, s, BGP_MAX_HOSTNAME);
885 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
886 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
887 } else if (len)
888 stream_get(str, s, len);
889
890 if (len) {
891 str[len] = '\0';
892
893 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
894
895 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
896 }
897
898 if (bgp_debug_neighbor_events(peer)) {
899 zlog_debug("%s received hostname %s, domainname %s", peer->host,
900 peer->hostname, peer->domainname);
901 }
902
903 return 0;
904 }
905
906 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
907 {
908 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
909 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
910 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
911 "Role: Received invalid length %d", hdr->length);
912 return -1;
913 }
914 uint8_t role = stream_getc(BGP_INPUT(peer));
915
916 peer->remote_role = role;
917 return 0;
918 }
919
920 /**
921 * Parse given capability.
922 * XXX: This is reading into a stream, but not using stream API
923 *
924 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
925 * capabilities were encountered.
926 */
927 static int bgp_capability_parse(struct peer *peer, size_t length,
928 int *mp_capability, uint8_t **error)
929 {
930 int ret;
931 struct stream *s = BGP_INPUT(peer);
932 size_t end = stream_get_getp(s) + length;
933 uint16_t restart_flag_time = 0;
934
935 assert(STREAM_READABLE(s) >= length);
936
937 while (stream_get_getp(s) < end) {
938 size_t start;
939 uint8_t *sp = stream_pnt(s);
940 struct capability_header caphdr;
941
942 ret = 0;
943 /* We need at least capability code and capability length. */
944 if (stream_get_getp(s) + 2 > end) {
945 zlog_info("%s Capability length error (< header)",
946 peer->host);
947 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
949 return -1;
950 }
951
952 caphdr.code = stream_getc(s);
953 caphdr.length = stream_getc(s);
954 start = stream_get_getp(s);
955
956 /* Capability length check sanity check. */
957 if (start + caphdr.length > end) {
958 zlog_info("%s Capability length error (< length)",
959 peer->host);
960 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
961 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
962 return -1;
963 }
964
965 if (bgp_debug_neighbor_events(peer))
966 zlog_debug("%s OPEN has %s capability (%u), length %u",
967 peer->host,
968 lookup_msg(capcode_str, caphdr.code, NULL),
969 caphdr.code, caphdr.length);
970
971 /* Length sanity check, type-specific, for known capabilities */
972 switch (caphdr.code) {
973 case CAPABILITY_CODE_MP:
974 case CAPABILITY_CODE_REFRESH:
975 case CAPABILITY_CODE_REFRESH_OLD:
976 case CAPABILITY_CODE_ORF:
977 case CAPABILITY_CODE_ORF_OLD:
978 case CAPABILITY_CODE_RESTART:
979 case CAPABILITY_CODE_AS4:
980 case CAPABILITY_CODE_ADDPATH:
981 case CAPABILITY_CODE_DYNAMIC:
982 case CAPABILITY_CODE_DYNAMIC_OLD:
983 case CAPABILITY_CODE_ENHE:
984 case CAPABILITY_CODE_FQDN:
985 case CAPABILITY_CODE_ENHANCED_RR:
986 case CAPABILITY_CODE_EXT_MESSAGE:
987 case CAPABILITY_CODE_ROLE:
988 /* Check length. */
989 if (caphdr.length < cap_minsizes[caphdr.code]) {
990 zlog_info(
991 "%s %s Capability length error: got %u, expected at least %u",
992 peer->host,
993 lookup_msg(capcode_str, caphdr.code,
994 NULL),
995 caphdr.length,
996 (unsigned)cap_minsizes[caphdr.code]);
997 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
999 return -1;
1000 }
1001 if (caphdr.length
1002 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1003 zlog_info(
1004 "%s %s Capability length error: got %u, expected a multiple of %u",
1005 peer->host,
1006 lookup_msg(capcode_str, caphdr.code,
1007 NULL),
1008 caphdr.length,
1009 (unsigned)cap_modsizes[caphdr.code]);
1010 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1011 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1012 return -1;
1013 }
1014 /* we deliberately ignore unknown codes, see below */
1015 default:
1016 break;
1017 }
1018
1019 switch (caphdr.code) {
1020 case CAPABILITY_CODE_MP: {
1021 *mp_capability = 1;
1022
1023 /* Ignore capability when override-capability is set. */
1024 if (!CHECK_FLAG(peer->flags,
1025 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1026 /* Set negotiated value. */
1027 ret = bgp_capability_mp(peer, &caphdr);
1028
1029 /* Unsupported Capability. */
1030 if (ret < 0) {
1031 /* Store return data. */
1032 memcpy(*error, sp, caphdr.length + 2);
1033 *error += caphdr.length + 2;
1034 }
1035 ret = 0; /* Don't return error for this */
1036 }
1037 } break;
1038 case CAPABILITY_CODE_ENHANCED_RR:
1039 case CAPABILITY_CODE_REFRESH:
1040 case CAPABILITY_CODE_REFRESH_OLD: {
1041 /* BGP refresh capability */
1042 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1043 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1044 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1045 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1046 else
1047 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1048 } break;
1049 case CAPABILITY_CODE_ORF:
1050 case CAPABILITY_CODE_ORF_OLD:
1051 ret = bgp_capability_orf_entry(peer, &caphdr);
1052 break;
1053 case CAPABILITY_CODE_RESTART:
1054 ret = bgp_capability_restart(peer, &caphdr);
1055 break;
1056 case CAPABILITY_CODE_LLGR:
1057 ret = bgp_capability_llgr(peer, &caphdr);
1058 break;
1059 case CAPABILITY_CODE_DYNAMIC:
1060 case CAPABILITY_CODE_DYNAMIC_OLD:
1061 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1062 break;
1063 case CAPABILITY_CODE_AS4:
1064 /* Already handled as a special-case parsing of the
1065 * capabilities
1066 * at the beginning of OPEN processing. So we care not a
1067 * jot
1068 * for the value really, only error case.
1069 */
1070 if (!bgp_capability_as4(peer, &caphdr))
1071 ret = -1;
1072 break;
1073 case CAPABILITY_CODE_ADDPATH:
1074 ret = bgp_capability_addpath(peer, &caphdr);
1075 break;
1076 case CAPABILITY_CODE_ENHE:
1077 ret = bgp_capability_enhe(peer, &caphdr);
1078 break;
1079 case CAPABILITY_CODE_EXT_MESSAGE:
1080 ret = bgp_capability_ext_message(peer, &caphdr);
1081 break;
1082 case CAPABILITY_CODE_FQDN:
1083 ret = bgp_capability_hostname(peer, &caphdr);
1084 break;
1085 case CAPABILITY_CODE_ROLE:
1086 ret = bgp_capability_role(peer, &caphdr);
1087 break;
1088 default:
1089 if (caphdr.code > 128) {
1090 /* We don't send Notification for unknown vendor
1091 specific
1092 capabilities. It seems reasonable for now...
1093 */
1094 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1095 "%s Vendor specific capability %d",
1096 peer->host, caphdr.code);
1097 } else {
1098 flog_warn(
1099 EC_BGP_CAPABILITY_UNKNOWN,
1100 "%s unrecognized capability code: %d - ignored",
1101 peer->host, caphdr.code);
1102 memcpy(*error, sp, caphdr.length + 2);
1103 *error += caphdr.length + 2;
1104 }
1105 }
1106
1107 if (ret < 0) {
1108 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1109 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1110 return -1;
1111 }
1112 if (stream_get_getp(s) != (start + caphdr.length)) {
1113 if (stream_get_getp(s) > (start + caphdr.length))
1114 flog_warn(
1115 EC_BGP_CAPABILITY_INVALID_LENGTH,
1116 "%s Cap-parser for %s read past cap-length, %u!",
1117 peer->host,
1118 lookup_msg(capcode_str, caphdr.code,
1119 NULL),
1120 caphdr.length);
1121 stream_set_getp(s, start + caphdr.length);
1122 }
1123
1124 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1125 UNSET_FLAG(restart_flag_time, 0xF000);
1126 peer->v_gr_restart = restart_flag_time;
1127 }
1128 }
1129 return 0;
1130 }
1131
1132 static bool strict_capability_same(struct peer *peer)
1133 {
1134 int i, j;
1135
1136 for (i = AFI_IP; i < AFI_MAX; i++)
1137 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1138 if (peer->afc[i][j] != peer->afc_nego[i][j])
1139 return false;
1140 return true;
1141 }
1142
1143
1144 static bool bgp_role_violation(struct peer *peer)
1145 {
1146 uint8_t local_role = peer->local_role;
1147 uint8_t remote_role = peer->remote_role;
1148
1149 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1150 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1151 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1152 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1153 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1154 (local_role == ROLE_RS_CLIENT &&
1155 remote_role == ROLE_RS_SERVER))) {
1156 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1157 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1158 return true;
1159 }
1160 if (remote_role == ROLE_UNDEFINED &&
1161 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1162 const char *err_msg =
1163 "Strict mode. Please set the role on your side.";
1164 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1165 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1166 (uint8_t *)err_msg, strlen(err_msg));
1167 return true;
1168 }
1169 return false;
1170 }
1171
1172
1173 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1174 * Returns 0 if no as4 found, as4cap value otherwise.
1175 */
1176 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1177 {
1178 struct stream *s = BGP_INPUT(peer);
1179 size_t orig_getp = stream_get_getp(s);
1180 size_t end = orig_getp + length;
1181 as_t as4 = 0;
1182
1183 if (BGP_DEBUG(as4, AS4))
1184 zlog_debug(
1185 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1186 peer->host, length);
1187 /* the error cases we DONT handle, we ONLY try to read as4 out of
1188 * correctly formatted options.
1189 */
1190 while (stream_get_getp(s) < end) {
1191 uint8_t opt_type;
1192 uint16_t opt_length;
1193
1194 /* Ensure we can read the option type */
1195 if (stream_get_getp(s) + 1 > end)
1196 goto end;
1197
1198 /* Fetch the option type */
1199 opt_type = stream_getc(s);
1200
1201 /*
1202 * Check the length and fetch the opt_length
1203 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1204 * then we do a getw which is 2 bytes. So we need to
1205 * ensure that we can read that as well
1206 */
1207 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1208 if (stream_get_getp(s) + 2 > end)
1209 goto end;
1210
1211 opt_length = stream_getw(s);
1212 } else {
1213 if (stream_get_getp(s) + 1 > end)
1214 goto end;
1215
1216 opt_length = stream_getc(s);
1217 }
1218
1219 /* Option length check. */
1220 if (stream_get_getp(s) + opt_length > end)
1221 goto end;
1222
1223 if (opt_type == BGP_OPEN_OPT_CAP) {
1224 unsigned long capd_start = stream_get_getp(s);
1225 unsigned long capd_end = capd_start + opt_length;
1226
1227 assert(capd_end <= end);
1228
1229 while (stream_get_getp(s) < capd_end) {
1230 struct capability_header hdr;
1231
1232 if (stream_get_getp(s) + 2 > capd_end)
1233 goto end;
1234
1235 hdr.code = stream_getc(s);
1236 hdr.length = stream_getc(s);
1237
1238 if ((stream_get_getp(s) + hdr.length)
1239 > capd_end)
1240 goto end;
1241
1242 if (hdr.code == CAPABILITY_CODE_AS4) {
1243 if (BGP_DEBUG(as4, AS4))
1244 zlog_debug(
1245 "[AS4] found AS4 capability, about to parse");
1246 as4 = bgp_capability_as4(peer, &hdr);
1247
1248 goto end;
1249 }
1250 stream_forward_getp(s, hdr.length);
1251 }
1252 }
1253 }
1254
1255 end:
1256 stream_set_getp(s, orig_getp);
1257 return as4;
1258 }
1259
1260 /**
1261 * Parse open option.
1262 *
1263 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1264 */
1265 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1266 int *mp_capability)
1267 {
1268 int ret = 0;
1269 uint8_t *error;
1270 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1271 struct stream *s = BGP_INPUT(peer);
1272 size_t end = stream_get_getp(s) + length;
1273
1274 error = error_data;
1275
1276 if (bgp_debug_neighbor_events(peer))
1277 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1278 peer->host, length);
1279
1280 /* Unset any previously received GR capability. */
1281 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1282
1283 while (stream_get_getp(s) < end) {
1284 uint8_t opt_type;
1285 uint16_t opt_length;
1286
1287 /*
1288 * Check that we can read the opt_type and fetch it
1289 */
1290 if (STREAM_READABLE(s) < 1) {
1291 zlog_info("%s Option length error", peer->host);
1292 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1293 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1294 return -1;
1295 }
1296 opt_type = stream_getc(s);
1297
1298 /*
1299 * Check the length of the stream to ensure that
1300 * FRR can properly read the opt_length. Then read it
1301 */
1302 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1303 if (STREAM_READABLE(s) < 2) {
1304 zlog_info("%s Option length error", peer->host);
1305 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1306 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1307 return -1;
1308 }
1309
1310 opt_length = stream_getw(s);
1311 } else {
1312 if (STREAM_READABLE(s) < 1) {
1313 zlog_info("%s Option length error", peer->host);
1314 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1315 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1316 return -1;
1317 }
1318
1319 opt_length = stream_getc(s);
1320 }
1321
1322 /* Option length check. */
1323 if (STREAM_READABLE(s) < opt_length) {
1324 zlog_info("%s Option length error (%d)", peer->host,
1325 opt_length);
1326 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1327 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1328 return -1;
1329 }
1330
1331 if (bgp_debug_neighbor_events(peer))
1332 zlog_debug(
1333 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1334 peer->host, opt_type,
1335 opt_type == BGP_OPEN_OPT_CAP ? "Capability"
1336 : "Unknown",
1337 opt_length);
1338
1339 switch (opt_type) {
1340 case BGP_OPEN_OPT_CAP:
1341 ret = bgp_capability_parse(peer, opt_length,
1342 mp_capability, &error);
1343 break;
1344 default:
1345 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1346 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1347 ret = -1;
1348 break;
1349 }
1350
1351 /* Parse error. To accumulate all unsupported capability codes,
1352 bgp_capability_parse does not return -1 when encounter
1353 unsupported capability code. To detect that, please check
1354 error and erro_data pointer, like below. */
1355 if (ret < 0)
1356 return -1;
1357 }
1358
1359 /* All OPEN option is parsed. Check capability when strict compare
1360 flag is enabled.*/
1361 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1362 /* If Unsupported Capability exists. */
1363 if (error != error_data) {
1364 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1365 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1366 error_data,
1367 error - error_data);
1368 return -1;
1369 }
1370
1371 /* Check local capability does not negotiated with remote
1372 peer. */
1373 if (!strict_capability_same(peer)) {
1374 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1375 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1376 return -1;
1377 }
1378 }
1379
1380 /* Extended Message Support */
1381 peer->max_packet_size =
1382 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1383 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1384 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1385 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1386
1387 /* Check that roles are corresponding to each other */
1388 if (bgp_role_violation(peer))
1389 return -1;
1390
1391 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1392 error. */
1393 if (*mp_capability
1394 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1395 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1396 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1397 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1398 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1399 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1400 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1401 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1402 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1403 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1404 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1405 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1406 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1407 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1408 flog_err(EC_BGP_PKT_OPEN,
1409 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1410 peer->host);
1411
1412 if (error != error_data)
1413 bgp_notify_send_with_data(
1414 peer, BGP_NOTIFY_OPEN_ERR,
1415 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1416 error - error_data);
1417 else
1418 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1419 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1420 return -1;
1421 }
1422 }
1423 return 0;
1424 }
1425
1426 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1427 afi_t afi, safi_t safi, uint8_t code,
1428 bool ext_opt_params)
1429 {
1430 uint16_t cap_len;
1431 uint8_t orf_len;
1432 unsigned long capp;
1433 unsigned long orfp;
1434 unsigned long numberp;
1435 int number_of_orfs = 0;
1436 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1437 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1438
1439 /* Convert AFI, SAFI to values for packet. */
1440 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1441
1442 stream_putc(s, BGP_OPEN_OPT_CAP);
1443 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1444 ext_opt_params ? stream_putw(s, 0)
1445 : stream_putc(s, 0); /* Capability Length */
1446 stream_putc(s, code); /* Capability Code */
1447 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1448 stream_putc(s, 0); /* ORF Length */
1449 stream_putw(s, pkt_afi);
1450 stream_putc(s, 0);
1451 stream_putc(s, pkt_safi);
1452 numberp = stream_get_endp(s); /* Set Number Pointer */
1453 stream_putc(s, 0); /* Number of ORFs */
1454
1455 /* Address Prefix ORF */
1456 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1457 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1458 stream_putc(s, (code == CAPABILITY_CODE_ORF
1459 ? ORF_TYPE_PREFIX
1460 : ORF_TYPE_PREFIX_OLD));
1461
1462 if (CHECK_FLAG(peer->af_flags[afi][safi],
1463 PEER_FLAG_ORF_PREFIX_SM)
1464 && CHECK_FLAG(peer->af_flags[afi][safi],
1465 PEER_FLAG_ORF_PREFIX_RM)) {
1466 SET_FLAG(peer->af_cap[afi][safi],
1467 PEER_CAP_ORF_PREFIX_SM_ADV);
1468 SET_FLAG(peer->af_cap[afi][safi],
1469 PEER_CAP_ORF_PREFIX_RM_ADV);
1470 stream_putc(s, ORF_MODE_BOTH);
1471 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1472 PEER_FLAG_ORF_PREFIX_SM)) {
1473 SET_FLAG(peer->af_cap[afi][safi],
1474 PEER_CAP_ORF_PREFIX_SM_ADV);
1475 stream_putc(s, ORF_MODE_SEND);
1476 } else {
1477 SET_FLAG(peer->af_cap[afi][safi],
1478 PEER_CAP_ORF_PREFIX_RM_ADV);
1479 stream_putc(s, ORF_MODE_RECEIVE);
1480 }
1481 number_of_orfs++;
1482 }
1483
1484 /* Total Number of ORFs. */
1485 stream_putc_at(s, numberp, number_of_orfs);
1486
1487 /* Total ORF Len. */
1488 orf_len = stream_get_endp(s) - orfp - 1;
1489 stream_putc_at(s, orfp, orf_len);
1490
1491 /* Total Capability Len. */
1492 cap_len = stream_get_endp(s) - capp - 1;
1493 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1494 : stream_putc_at(s, capp, cap_len);
1495 }
1496
1497 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1498 bool ext_opt_params)
1499 {
1500 int len;
1501 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1502 afi_t afi;
1503 safi_t safi;
1504 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1505 uint32_t restart_time;
1506 unsigned long capp = 0;
1507 unsigned long rcapp = 0;
1508
1509 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1510 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1511 return;
1512
1513 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1514 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1515 peer->host);
1516
1517 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1518 stream_putc(s, BGP_OPEN_OPT_CAP);
1519 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1520 ext_opt_params ? stream_putw(s, 0)
1521 : stream_putc(s, 0); /* Capability Length */
1522 stream_putc(s, CAPABILITY_CODE_RESTART);
1523 /* Set Restart Capability Len Pointer */
1524 rcapp = stream_get_endp(s);
1525 stream_putc(s, 0);
1526 restart_time = peer->bgp->restart_time;
1527 if (peer->bgp->t_startup) {
1528 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1529 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1530 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1531 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1532 peer->host);
1533 }
1534
1535 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1536 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1537 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1538 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1539 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1540 peer->host);
1541 }
1542
1543 stream_putw(s, restart_time);
1544
1545 /* Send address-family specific graceful-restart capability
1546 * only when GR config is present
1547 */
1548 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1549 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1550 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1551 zlog_debug("[BGP_GR] F bit Set");
1552
1553 FOREACH_AFI_SAFI (afi, safi) {
1554 if (!peer->afc[afi][safi])
1555 continue;
1556
1557 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1558 zlog_debug(
1559 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1560 afi, safi);
1561
1562 /* Convert AFI, SAFI to values for
1563 * packet.
1564 */
1565 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1566 &pkt_safi);
1567 stream_putw(s, pkt_afi);
1568 stream_putc(s, pkt_safi);
1569 if (CHECK_FLAG(peer->bgp->flags,
1570 BGP_FLAG_GR_PRESERVE_FWD))
1571 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1572 else
1573 stream_putc(s, 0);
1574 }
1575 }
1576
1577 /* Total Graceful restart capability Len. */
1578 len = stream_get_endp(s) - rcapp - 1;
1579 stream_putc_at(s, rcapp, len);
1580
1581 /* Total Capability Len. */
1582 len = stream_get_endp(s) - capp - 1;
1583 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1584 : stream_putc_at(s, capp, len);
1585 }
1586
1587 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1588 bool ext_opt_params)
1589 {
1590 int len;
1591 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1592 afi_t afi;
1593 safi_t safi;
1594 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1595 unsigned long capp = 0;
1596 unsigned long rcapp = 0;
1597
1598 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1599 return;
1600
1601 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1602
1603 stream_putc(s, BGP_OPEN_OPT_CAP);
1604 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1605 ext_opt_params ? stream_putw(s, 0)
1606 : stream_putc(s, 0); /* Capability Length */
1607 stream_putc(s, CAPABILITY_CODE_LLGR);
1608
1609 rcapp = stream_get_endp(s);
1610 stream_putc(s, 0);
1611
1612 FOREACH_AFI_SAFI (afi, safi) {
1613 if (!peer->afc[afi][safi])
1614 continue;
1615
1616 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1617
1618 stream_putw(s, pkt_afi);
1619 stream_putc(s, pkt_safi);
1620 stream_putc(s, LLGR_F_BIT);
1621 stream_put3(s, peer->bgp->llgr_stale_time);
1622
1623 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1624 }
1625
1626 /* Total Long-lived Graceful Restart capability Len. */
1627 len = stream_get_endp(s) - rcapp - 1;
1628 stream_putc_at(s, rcapp, len);
1629
1630 /* Total Capability Len. */
1631 len = stream_get_endp(s) - capp - 1;
1632 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1633 : stream_putc_at(s, capp, len);
1634 }
1635
1636 /* Fill in capability open option to the packet. */
1637 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1638 bool ext_opt_params)
1639 {
1640 uint16_t len;
1641 unsigned long cp, capp, rcapp, eopl = 0;
1642 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1643 afi_t afi;
1644 safi_t safi;
1645 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1646 as_t local_as;
1647 uint8_t afi_safi_count = 0;
1648 bool adv_addpath_tx = false;
1649
1650 /* Non-Ext OP Len. */
1651 cp = stream_get_endp(s);
1652 stream_putc(s, 0);
1653
1654 if (ext_opt_params) {
1655 /* Non-Ext OP Len. */
1656 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1657
1658 /* Non-Ext OP Type */
1659 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1660
1661 /* Extended Opt. Parm. Length */
1662 eopl = stream_get_endp(s);
1663 stream_putw(s, 0);
1664 }
1665
1666 /* Do not send capability. */
1667 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1668 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1669 return 0;
1670
1671 /* MP capability for configured AFI, SAFI */
1672 FOREACH_AFI_SAFI (afi, safi) {
1673 if (peer->afc[afi][safi]) {
1674 /* Convert AFI, SAFI to values for packet. */
1675 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1676 &pkt_safi);
1677
1678 peer->afc_adv[afi][safi] = 1;
1679 stream_putc(s, BGP_OPEN_OPT_CAP);
1680 ext_opt_params
1681 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1682 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1683 stream_putc(s, CAPABILITY_CODE_MP);
1684 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1685 stream_putw(s, pkt_afi);
1686 stream_putc(s, 0);
1687 stream_putc(s, pkt_safi);
1688
1689 /* Extended nexthop capability - currently
1690 * supporting RFC-5549 for
1691 * Link-Local peering only
1692 */
1693 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1694 && peer->su.sa.sa_family == AF_INET6
1695 && afi == AFI_IP
1696 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1697 || safi == SAFI_LABELED_UNICAST)) {
1698 /* RFC 5549 Extended Next Hop Encoding
1699 */
1700 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1701 stream_putc(s, BGP_OPEN_OPT_CAP);
1702 ext_opt_params
1703 ? stream_putw(s,
1704 CAPABILITY_CODE_ENHE_LEN
1705 + 2)
1706 : stream_putc(s,
1707 CAPABILITY_CODE_ENHE_LEN
1708 + 2);
1709 stream_putc(s, CAPABILITY_CODE_ENHE);
1710 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1711
1712 SET_FLAG(peer->af_cap[AFI_IP][safi],
1713 PEER_CAP_ENHE_AF_ADV);
1714 stream_putw(s, pkt_afi);
1715 stream_putw(s, pkt_safi);
1716 stream_putw(s, afi_int2iana(AFI_IP6));
1717
1718 if (CHECK_FLAG(peer->af_cap[afi][safi],
1719 PEER_CAP_ENHE_AF_RCV))
1720 SET_FLAG(peer->af_cap[afi][safi],
1721 PEER_CAP_ENHE_AF_NEGO);
1722 }
1723 }
1724 }
1725
1726 /* Route refresh. */
1727 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1728 stream_putc(s, BGP_OPEN_OPT_CAP);
1729 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1730 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1731 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1732 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1733 stream_putc(s, BGP_OPEN_OPT_CAP);
1734 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1735 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1736 stream_putc(s, CAPABILITY_CODE_REFRESH);
1737 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1738
1739 /* Enhanced Route Refresh. */
1740 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1741 stream_putc(s, BGP_OPEN_OPT_CAP);
1742 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1743 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1744 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1745 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1746
1747 /* AS4 */
1748 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1749 stream_putc(s, BGP_OPEN_OPT_CAP);
1750 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1751 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1752 stream_putc(s, CAPABILITY_CODE_AS4);
1753 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1754 if (peer->change_local_as)
1755 local_as = peer->change_local_as;
1756 else
1757 local_as = peer->local_as;
1758 stream_putl(s, local_as);
1759
1760 /* Extended Message Support */
1761 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1762 stream_putc(s, BGP_OPEN_OPT_CAP);
1763 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1764 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1765 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1766 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1767
1768 /* Role*/
1769 if (peer->local_role != ROLE_UNDEFINED) {
1770 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1771 stream_putc(s, BGP_OPEN_OPT_CAP);
1772 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1773 stream_putc(s, CAPABILITY_CODE_ROLE);
1774 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1775 stream_putc(s, peer->local_role);
1776 }
1777
1778 /* AddPath */
1779 FOREACH_AFI_SAFI (afi, safi) {
1780 if (peer->afc[afi][safi]) {
1781 afi_safi_count++;
1782
1783 /* Only advertise addpath TX if a feature that
1784 * will use it is
1785 * configured */
1786 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1787 adv_addpath_tx = true;
1788
1789 /* If we have enabled labeled unicast, we MUST check
1790 * against unicast SAFI because addpath IDs are
1791 * allocated under unicast SAFI, the same as the RIB
1792 * is managed in unicast SAFI.
1793 */
1794 if (safi == SAFI_LABELED_UNICAST)
1795 if (peer->addpath_type[afi][SAFI_UNICAST] !=
1796 BGP_ADDPATH_NONE)
1797 adv_addpath_tx = true;
1798 }
1799 }
1800
1801 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1802 stream_putc(s, BGP_OPEN_OPT_CAP);
1803 ext_opt_params
1804 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1805 + 2)
1806 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1807 + 2);
1808 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1809 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1810
1811 FOREACH_AFI_SAFI (afi, safi) {
1812 if (peer->afc[afi][safi]) {
1813 bool adv_addpath_rx =
1814 !CHECK_FLAG(peer->af_flags[afi][safi],
1815 PEER_FLAG_DISABLE_ADDPATH_RX);
1816 uint8_t flags = 0;
1817
1818 /* Convert AFI, SAFI to values for packet. */
1819 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1820 &pkt_safi);
1821
1822 stream_putw(s, pkt_afi);
1823 stream_putc(s, pkt_safi);
1824
1825 if (adv_addpath_rx) {
1826 SET_FLAG(flags, BGP_ADDPATH_RX);
1827 SET_FLAG(peer->af_cap[afi][safi],
1828 PEER_CAP_ADDPATH_AF_RX_ADV);
1829 } else {
1830 UNSET_FLAG(peer->af_cap[afi][safi],
1831 PEER_CAP_ADDPATH_AF_RX_ADV);
1832 }
1833
1834 if (adv_addpath_tx) {
1835 SET_FLAG(flags, BGP_ADDPATH_TX);
1836 SET_FLAG(peer->af_cap[afi][safi],
1837 PEER_CAP_ADDPATH_AF_TX_ADV);
1838 if (safi == SAFI_LABELED_UNICAST)
1839 SET_FLAG(
1840 peer->af_cap[afi][SAFI_UNICAST],
1841 PEER_CAP_ADDPATH_AF_TX_ADV);
1842 } else {
1843 UNSET_FLAG(peer->af_cap[afi][safi],
1844 PEER_CAP_ADDPATH_AF_TX_ADV);
1845 }
1846
1847 stream_putc(s, flags);
1848 }
1849 }
1850
1851 /* ORF capability. */
1852 FOREACH_AFI_SAFI (afi, safi) {
1853 if (CHECK_FLAG(peer->af_flags[afi][safi],
1854 PEER_FLAG_ORF_PREFIX_SM)
1855 || CHECK_FLAG(peer->af_flags[afi][safi],
1856 PEER_FLAG_ORF_PREFIX_RM)) {
1857 bgp_open_capability_orf(s, peer, afi, safi,
1858 CAPABILITY_CODE_ORF_OLD,
1859 ext_opt_params);
1860 bgp_open_capability_orf(s, peer, afi, safi,
1861 CAPABILITY_CODE_ORF,
1862 ext_opt_params);
1863 }
1864 }
1865
1866 /* Dynamic capability. */
1867 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1868 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1869 stream_putc(s, BGP_OPEN_OPT_CAP);
1870 ext_opt_params
1871 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1872 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1873 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1874 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1875 stream_putc(s, BGP_OPEN_OPT_CAP);
1876 ext_opt_params
1877 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1878 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1879 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1880 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1881 }
1882
1883 /* Hostname capability */
1884 if (cmd_hostname_get()) {
1885 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1886 stream_putc(s, BGP_OPEN_OPT_CAP);
1887 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1888 ext_opt_params ? stream_putw(s, 0)
1889 : stream_putc(s, 0); /* Capability Length */
1890 stream_putc(s, CAPABILITY_CODE_FQDN);
1891 capp = stream_get_endp(s);
1892 stream_putc(s, 0); /* dummy len for now */
1893 len = strlen(cmd_hostname_get());
1894 if (len > BGP_MAX_HOSTNAME)
1895 len = BGP_MAX_HOSTNAME;
1896
1897 stream_putc(s, len);
1898 stream_put(s, cmd_hostname_get(), len);
1899 if (cmd_domainname_get()) {
1900 len = strlen(cmd_domainname_get());
1901 if (len > BGP_MAX_HOSTNAME)
1902 len = BGP_MAX_HOSTNAME;
1903
1904 stream_putc(s, len);
1905 stream_put(s, cmd_domainname_get(), len);
1906 } else
1907 stream_putc(s, 0); /* 0 length */
1908
1909 /* Set the lengths straight */
1910 len = stream_get_endp(s) - rcapp - 1;
1911 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1912 : stream_putc_at(s, rcapp, len);
1913
1914 len = stream_get_endp(s) - capp - 1;
1915 stream_putc_at(s, capp, len);
1916
1917 if (bgp_debug_neighbor_events(peer))
1918 zlog_debug(
1919 "%s Sending hostname cap with hn = %s, dn = %s",
1920 peer->host, cmd_hostname_get(),
1921 cmd_domainname_get());
1922 }
1923
1924 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1925 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1926
1927 /* Total Opt Parm Len. */
1928 len = stream_get_endp(s) - cp - 1;
1929
1930 if (ext_opt_params) {
1931 len = stream_get_endp(s) - eopl - 2;
1932 stream_putw_at(s, eopl, len);
1933 } else {
1934 stream_putc_at(s, cp, len);
1935 }
1936
1937 return len;
1938 }
FRRouting mirror