]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12034 from opensourcerouting/fix/gr_hard_notification
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_errors.h"
38 #include "bgpd/bgp_fsm.h"
39 #include "bgpd/bgp_packet.h"
40 #include "bgpd/bgp_open.h"
41 #include "bgpd/bgp_aspath.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_memory.h"
44
45 static const struct message capcode_str[] = {
46 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
47 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
48 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
49 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
50 {CAPABILITY_CODE_AS4, "4-octet AS number"},
51 {CAPABILITY_CODE_ADDPATH, "AddPath"},
52 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
53 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
54 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
55 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
56 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
57 {CAPABILITY_CODE_FQDN, "FQDN"},
58 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
59 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
60 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
61 {CAPABILITY_CODE_ROLE, "Role"},
62 {0}};
63
64 /* Minimum sizes for length field of each cap (so not inc. the header) */
65 static const size_t cap_minsizes[] = {
66 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
67 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
68 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
69 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
70 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
71 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
72 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
73 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
74 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
75 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
76 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
77 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
78 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
79 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
80 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
81 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
82 };
83
84 /* value the capability must be a multiple of.
85 * 0-data capabilities won't be checked against this.
86 * Other capabilities whose data doesn't fall on convenient boundaries for this
87 * table should be set to 1.
88 */
89 static const size_t cap_modsizes[] = {
90 [CAPABILITY_CODE_MP] = 4,
91 [CAPABILITY_CODE_REFRESH] = 1,
92 [CAPABILITY_CODE_ORF] = 1,
93 [CAPABILITY_CODE_RESTART] = 1,
94 [CAPABILITY_CODE_AS4] = 4,
95 [CAPABILITY_CODE_ADDPATH] = 4,
96 [CAPABILITY_CODE_DYNAMIC] = 1,
97 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
98 [CAPABILITY_CODE_ENHE] = 6,
99 [CAPABILITY_CODE_REFRESH_OLD] = 1,
100 [CAPABILITY_CODE_ORF_OLD] = 1,
101 [CAPABILITY_CODE_FQDN] = 1,
102 [CAPABILITY_CODE_ENHANCED_RR] = 1,
103 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
104 [CAPABILITY_CODE_LLGR] = 1,
105 [CAPABILITY_CODE_ROLE] = 1,
106 };
107
108 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
109 negotiate remote peer supports extentions or not. But if
110 remote-peer doesn't supports negotiation process itself. We would
111 like to do manual configuration.
112
113 So there is many configurable point. First of all we want set each
114 peer whether we send capability negotiation to the peer or not.
115 Next, if we send capability to the peer we want to set my capability
116 inforation at each peer. */
117
118 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
119 json_object *json_neigh)
120 {
121 char *pnt;
122 char *end;
123 struct capability_mp_data mpc;
124 struct capability_header *hdr;
125 json_object *json_cap = NULL;
126
127 if (use_json)
128 json_cap = json_object_new_object();
129
130 pnt = peer->notify.data;
131 end = pnt + peer->notify.length;
132
133 while (pnt < end) {
134 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
135 return;
136
137 hdr = (struct capability_header *)pnt;
138 if (pnt + hdr->length + 2 > end)
139 return;
140
141 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
142
143 if (hdr->code == CAPABILITY_CODE_MP) {
144 afi_t afi;
145 safi_t safi;
146
147 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
148 mpc.safi, &afi, &safi);
149
150 if (use_json) {
151 switch (afi) {
152 case AFI_IP:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "IPv4");
157 break;
158 case AFI_IP6:
159 json_object_string_add(
160 json_cap,
161 "capabilityErrorMultiProtocolAfi",
162 "IPv6");
163 break;
164 case AFI_L2VPN:
165 json_object_string_add(
166 json_cap,
167 "capabilityErrorMultiProtocolAfi",
168 "L2VPN");
169 break;
170 default:
171 json_object_int_add(
172 json_cap,
173 "capabilityErrorMultiProtocolAfiUnknown",
174 ntohs(mpc.afi));
175 break;
176 }
177 switch (safi) {
178 case SAFI_UNICAST:
179 json_object_string_add(
180 json_cap,
181 "capabilityErrorMultiProtocolSafi",
182 "unicast");
183 break;
184 case SAFI_MULTICAST:
185 json_object_string_add(
186 json_cap,
187 "capabilityErrorMultiProtocolSafi",
188 "multicast");
189 break;
190 case SAFI_LABELED_UNICAST:
191 json_object_string_add(
192 json_cap,
193 "capabilityErrorMultiProtocolSafi",
194 "labeled-unicast");
195 break;
196 case SAFI_MPLS_VPN:
197 json_object_string_add(
198 json_cap,
199 "capabilityErrorMultiProtocolSafi",
200 "MPLS-labeled VPN");
201 break;
202 case SAFI_ENCAP:
203 json_object_string_add(
204 json_cap,
205 "capabilityErrorMultiProtocolSafi",
206 "encap");
207 break;
208 case SAFI_EVPN:
209 json_object_string_add(
210 json_cap,
211 "capabilityErrorMultiProtocolSafi",
212 "EVPN");
213 break;
214 case SAFI_FLOWSPEC:
215 json_object_string_add(
216 json_cap,
217 "capabilityErrorMultiProtocolSafi",
218 "flowspec");
219 break;
220 default:
221 json_object_int_add(
222 json_cap,
223 "capabilityErrorMultiProtocolSafiUnknown",
224 mpc.safi);
225 break;
226 }
227 } else {
228 vty_out(vty,
229 " Capability error for: Multi protocol ");
230 switch (afi) {
231 case AFI_IP:
232 vty_out(vty, "AFI IPv4, ");
233 break;
234 case AFI_IP6:
235 vty_out(vty, "AFI IPv6, ");
236 break;
237 case AFI_L2VPN:
238 vty_out(vty, "AFI L2VPN, ");
239 break;
240 default:
241 vty_out(vty, "AFI Unknown %d, ",
242 ntohs(mpc.afi));
243 break;
244 }
245 switch (safi) {
246 case SAFI_UNICAST:
247 vty_out(vty, "SAFI Unicast");
248 break;
249 case SAFI_MULTICAST:
250 vty_out(vty, "SAFI Multicast");
251 break;
252 case SAFI_LABELED_UNICAST:
253 vty_out(vty, "SAFI Labeled-unicast");
254 break;
255 case SAFI_MPLS_VPN:
256 vty_out(vty, "SAFI MPLS-labeled VPN");
257 break;
258 case SAFI_ENCAP:
259 vty_out(vty, "SAFI ENCAP");
260 break;
261 case SAFI_FLOWSPEC:
262 vty_out(vty, "SAFI FLOWSPEC");
263 break;
264 case SAFI_EVPN:
265 vty_out(vty, "SAFI EVPN");
266 break;
267 default:
268 vty_out(vty, "SAFI Unknown %d ",
269 mpc.safi);
270 break;
271 }
272 vty_out(vty, "\n");
273 }
274 } else if (hdr->code >= 128) {
275 if (use_json)
276 json_object_int_add(
277 json_cap,
278 "capabilityErrorVendorSpecificCapabilityCode",
279 hdr->code);
280 else
281 vty_out(vty,
282 " Capability error: vendor specific capability code %d",
283 hdr->code);
284 } else {
285 if (use_json)
286 json_object_int_add(
287 json_cap,
288 "capabilityErrorUnknownCapabilityCode",
289 hdr->code);
290 else
291 vty_out(vty,
292 " Capability error: unknown capability code %d",
293 hdr->code);
294 }
295 pnt += hdr->length + 2;
296 }
297 if (use_json)
298 json_object_object_add(json_neigh, "capabilityErrors",
299 json_cap);
300 }
301
302 static void bgp_capability_mp_data(struct stream *s,
303 struct capability_mp_data *mpc)
304 {
305 mpc->afi = stream_getw(s);
306 mpc->reserved = stream_getc(s);
307 mpc->safi = stream_getc(s);
308 }
309
310 /* Set negotiated capability value. */
311 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
312 {
313 struct capability_mp_data mpc;
314 struct stream *s = BGP_INPUT(peer);
315 afi_t afi;
316 safi_t safi;
317
318 /* Verify length is 4 */
319 if (hdr->length != 4) {
320 flog_warn(
321 EC_BGP_CAPABILITY_INVALID_LENGTH,
322 "MP Cap: Received invalid length %d, non-multiple of 4",
323 hdr->length);
324 return -1;
325 }
326
327 bgp_capability_mp_data(s, &mpc);
328
329 if (bgp_debug_neighbor_events(peer))
330 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
331 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
332 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
333
334 /* Convert AFI, SAFI to internal values, check. */
335 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
336 return -1;
337
338 /* Now safi remapped, and afi/safi are valid array indices */
339 peer->afc_recv[afi][safi] = 1;
340
341 if (peer->afc[afi][safi])
342 peer->afc_nego[afi][safi] = 1;
343 else
344 return -1;
345
346 return 0;
347 }
348
349 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
350 iana_safi_t safi, uint8_t type,
351 uint8_t mode)
352 {
353 if (bgp_debug_neighbor_events(peer))
354 zlog_debug(
355 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
356 peer->host, afi, safi, type, mode);
357 }
358
359 static const struct message orf_type_str[] = {
360 {ORF_TYPE_PREFIX, "Prefixlist"},
361 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
362 {0}};
363
364 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
365 {ORF_MODE_SEND, "Send"},
366 {ORF_MODE_BOTH, "Both"},
367 {0}};
368
369 static int bgp_capability_orf_entry(struct peer *peer,
370 struct capability_header *hdr)
371 {
372 struct stream *s = BGP_INPUT(peer);
373 struct capability_mp_data mpc;
374 uint8_t num;
375 iana_afi_t pkt_afi;
376 afi_t afi;
377 iana_safi_t pkt_safi;
378 safi_t safi;
379 uint8_t type;
380 uint8_t mode;
381 uint16_t sm_cap = 0; /* capability send-mode receive */
382 uint16_t rm_cap = 0; /* capability receive-mode receive */
383 int i;
384
385 /* ORF Entry header */
386 bgp_capability_mp_data(s, &mpc);
387 num = stream_getc(s);
388 pkt_afi = mpc.afi;
389 pkt_safi = mpc.safi;
390
391 if (bgp_debug_neighbor_events(peer))
392 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
393 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
394
395 /* Convert AFI, SAFI to internal values, check. */
396 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
397 zlog_info(
398 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
399 peer->host, pkt_afi, pkt_safi);
400 return 0;
401 }
402
403 mpc.afi = pkt_afi;
404 mpc.safi = safi;
405
406 /* validate number field */
407 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
408 zlog_info(
409 "%s ORF Capability entry length error, Cap length %u, num %u",
410 peer->host, hdr->length, num);
411 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
412 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
413 return -1;
414 }
415
416 for (i = 0; i < num; i++) {
417 type = stream_getc(s);
418 mode = stream_getc(s);
419
420 /* ORF Mode error check */
421 switch (mode) {
422 case ORF_MODE_BOTH:
423 case ORF_MODE_SEND:
424 case ORF_MODE_RECEIVE:
425 break;
426 default:
427 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
428 type, mode);
429 continue;
430 }
431 /* ORF Type and afi/safi error checks */
432 /* capcode versus type */
433 switch (hdr->code) {
434 case CAPABILITY_CODE_ORF:
435 switch (type) {
436 case ORF_TYPE_PREFIX:
437 break;
438 default:
439 bgp_capability_orf_not_support(
440 peer, pkt_afi, pkt_safi, type, mode);
441 continue;
442 }
443 break;
444 case CAPABILITY_CODE_ORF_OLD:
445 switch (type) {
446 case ORF_TYPE_PREFIX_OLD:
447 break;
448 default:
449 bgp_capability_orf_not_support(
450 peer, pkt_afi, pkt_safi, type, mode);
451 continue;
452 }
453 break;
454 default:
455 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
456 type, mode);
457 continue;
458 }
459
460 /* AFI vs SAFI */
461 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
462 || (afi == AFI_IP && safi == SAFI_MULTICAST)
463 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
464 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
465 type, mode);
466 continue;
467 }
468
469 if (bgp_debug_neighbor_events(peer))
470 zlog_debug(
471 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
472 peer->host,
473 lookup_msg(orf_type_str, type, NULL),
474 lookup_msg(orf_mode_str, mode, NULL),
475 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
476
477 if (hdr->code == CAPABILITY_CODE_ORF) {
478 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
479 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
480 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
481 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
482 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
483 } else {
484 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
485 type, mode);
486 continue;
487 }
488
489 switch (mode) {
490 case ORF_MODE_BOTH:
491 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
492 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
493 break;
494 case ORF_MODE_SEND:
495 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
496 break;
497 case ORF_MODE_RECEIVE:
498 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
499 break;
500 }
501 }
502 return 0;
503 }
504
505 static int bgp_capability_restart(struct peer *peer,
506 struct capability_header *caphdr)
507 {
508 struct stream *s = BGP_INPUT(peer);
509 uint16_t restart_flag_time;
510 size_t end = stream_get_getp(s) + caphdr->length;
511
512 /* Verify length is a multiple of 4 */
513 if ((caphdr->length - 2) % 4) {
514 flog_warn(
515 EC_BGP_CAPABILITY_INVALID_LENGTH,
516 "Restart Cap: Received invalid length %d, non-multiple of 4",
517 caphdr->length);
518 return -1;
519 }
520
521 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
522 restart_flag_time = stream_getw(s);
523
524 /* The most significant bit is defined in [RFC4724] as
525 * the Restart State ("R") bit.
526 */
527 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
528 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
529 else
530 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
531
532 /* The second most significant bit is defined in this
533 * document as the Graceful Notification ("N") bit.
534 */
535 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
536 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
537 else
538 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
539
540 UNSET_FLAG(restart_flag_time, 0xF000);
541 peer->v_gr_restart = restart_flag_time;
542
543 if (bgp_debug_neighbor_events(peer)) {
544 zlog_debug(
545 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
546 peer->host,
547 CHECK_FLAG(peer->cap,
548 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
549 ? " "
550 : " not ",
551 peer->v_gr_restart,
552 CHECK_FLAG(peer->cap,
553 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
554 ? "yes"
555 : "no");
556 }
557
558 while (stream_get_getp(s) + 4 <= end) {
559 afi_t afi;
560 safi_t safi;
561 iana_afi_t pkt_afi = stream_getw(s);
562 iana_safi_t pkt_safi = stream_getc(s);
563 uint8_t flag = stream_getc(s);
564
565 /* Convert AFI, SAFI to internal values, check. */
566 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
567 if (bgp_debug_neighbor_events(peer))
568 zlog_debug(
569 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
570 peer->host, iana_afi2str(pkt_afi),
571 iana_safi2str(pkt_safi));
572 } else if (!peer->afc[afi][safi]) {
573 if (bgp_debug_neighbor_events(peer))
574 zlog_debug(
575 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
576 peer->host, iana_afi2str(pkt_afi),
577 iana_safi2str(pkt_safi));
578 } else {
579 if (bgp_debug_neighbor_events(peer))
580 zlog_debug(
581 "%s Address family %s is%spreserved",
582 peer->host, get_afi_safi_str(afi, safi, false),
583 CHECK_FLAG(
584 peer->af_cap[afi][safi],
585 PEER_CAP_RESTART_AF_PRESERVE_RCV)
586 ? " "
587 : " not ");
588
589 SET_FLAG(peer->af_cap[afi][safi],
590 PEER_CAP_RESTART_AF_RCV);
591 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
592 SET_FLAG(peer->af_cap[afi][safi],
593 PEER_CAP_RESTART_AF_PRESERVE_RCV);
594 }
595 }
596 return 0;
597 }
598
599 static int bgp_capability_llgr(struct peer *peer,
600 struct capability_header *caphdr)
601 {
602 struct stream *s = BGP_INPUT(peer);
603 size_t end = stream_get_getp(s) + caphdr->length;
604
605 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
606
607 while (stream_get_getp(s) + 4 <= end) {
608 afi_t afi;
609 safi_t safi;
610 iana_afi_t pkt_afi = stream_getw(s);
611 iana_safi_t pkt_safi = stream_getc(s);
612 uint8_t flags = stream_getc(s);
613 uint32_t stale_time = stream_get3(s);
614
615 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
616 if (bgp_debug_neighbor_events(peer))
617 zlog_debug(
618 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
619 peer->host, iana_afi2str(pkt_afi),
620 iana_safi2str(pkt_safi));
621 } else if (!peer->afc[afi][safi]
622 || !CHECK_FLAG(peer->af_cap[afi][safi],
623 PEER_CAP_RESTART_AF_RCV)) {
624 if (bgp_debug_neighbor_events(peer))
625 zlog_debug(
626 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
627 peer->host, iana_afi2str(pkt_afi),
628 iana_safi2str(pkt_safi));
629 } else {
630 if (bgp_debug_neighbor_events(peer))
631 zlog_debug(
632 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
633 peer->host, iana_afi2str(pkt_afi),
634 iana_safi2str(pkt_safi), stale_time);
635
636 peer->llgr[afi][safi].flags = flags;
637 peer->llgr[afi][safi].stale_time =
638 MIN(stale_time, peer->bgp->llgr_stale_time);
639 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
640 }
641 }
642
643 return 0;
644 }
645
646 /* Unlike other capability parsing routines, this one returns 0 on error */
647 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
648 {
649 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
650
651 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
652 flog_err(EC_BGP_PKT_OPEN,
653 "%s AS4 capability has incorrect data length %d",
654 peer->host, hdr->length);
655 return 0;
656 }
657
658 as_t as4 = stream_getl(BGP_INPUT(peer));
659
660 if (BGP_DEBUG(as4, AS4))
661 zlog_debug(
662 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
663 peer->host, as4);
664 return as4;
665 }
666
667 static int bgp_capability_ext_message(struct peer *peer,
668 struct capability_header *hdr)
669 {
670 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
671 flog_err(
672 EC_BGP_PKT_OPEN,
673 "%s: BGP Extended Message capability has incorrect data length %d",
674 peer->host, hdr->length);
675 return -1;
676 }
677
678 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
679
680 return 0;
681 }
682
683 static int bgp_capability_addpath(struct peer *peer,
684 struct capability_header *hdr)
685 {
686 struct stream *s = BGP_INPUT(peer);
687 size_t end = stream_get_getp(s) + hdr->length;
688
689 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
690
691 /* Verify length is a multiple of 4 */
692 if (hdr->length % 4) {
693 flog_warn(
694 EC_BGP_CAPABILITY_INVALID_LENGTH,
695 "Add Path: Received invalid length %d, non-multiple of 4",
696 hdr->length);
697 return -1;
698 }
699
700 while (stream_get_getp(s) + 4 <= end) {
701 afi_t afi;
702 safi_t safi;
703 iana_afi_t pkt_afi = stream_getw(s);
704 iana_safi_t pkt_safi = stream_getc(s);
705 uint8_t send_receive = stream_getc(s);
706
707 if (bgp_debug_neighbor_events(peer))
708 zlog_debug(
709 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
710 peer->host,
711 lookup_msg(capcode_str, hdr->code, NULL),
712 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
713 (send_receive & BGP_ADDPATH_RX) ? ", receive"
714 : "",
715 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
716 : "");
717
718 /* Convert AFI, SAFI to internal values, check. */
719 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
720 if (bgp_debug_neighbor_events(peer))
721 zlog_debug(
722 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
723 peer->host, iana_afi2str(pkt_afi),
724 iana_safi2str(pkt_safi));
725 continue;
726 } else if (!peer->afc[afi][safi]) {
727 if (bgp_debug_neighbor_events(peer))
728 zlog_debug(
729 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
730 peer->host, iana_afi2str(pkt_afi),
731 iana_safi2str(pkt_safi));
732 continue;
733 }
734
735 if (send_receive & BGP_ADDPATH_RX)
736 SET_FLAG(peer->af_cap[afi][safi],
737 PEER_CAP_ADDPATH_AF_RX_RCV);
738
739 if (send_receive & BGP_ADDPATH_TX)
740 SET_FLAG(peer->af_cap[afi][safi],
741 PEER_CAP_ADDPATH_AF_TX_RCV);
742 }
743
744 return 0;
745 }
746
747 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
748 {
749 struct stream *s = BGP_INPUT(peer);
750 size_t end = stream_get_getp(s) + hdr->length;
751
752 /* Verify length is a multiple of 4 */
753 if (hdr->length % 6) {
754 flog_warn(
755 EC_BGP_CAPABILITY_INVALID_LENGTH,
756 "Extended NH: Received invalid length %d, non-multiple of 6",
757 hdr->length);
758 return -1;
759 }
760
761 while (stream_get_getp(s) + 6 <= end) {
762 iana_afi_t pkt_afi = stream_getw(s);
763 afi_t afi;
764 iana_safi_t pkt_safi = stream_getw(s);
765 safi_t safi;
766 iana_afi_t pkt_nh_afi = stream_getw(s);
767 afi_t nh_afi;
768
769 if (bgp_debug_neighbor_events(peer))
770 zlog_debug(
771 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
772 peer->host, iana_afi2str(pkt_afi),
773 iana_safi2str(pkt_safi), pkt_nh_afi);
774
775 /* Convert AFI, SAFI to internal values, check. */
776 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
777 if (bgp_debug_neighbor_events(peer))
778 zlog_debug(
779 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
780 peer->host, iana_afi2str(pkt_afi),
781 iana_safi2str(pkt_safi));
782 continue;
783 }
784
785 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
786 * with
787 * the Nexthop AFI being IPv6. A future spec may introduce other
788 * possibilities, so we ignore other values with a log. Also,
789 * only
790 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
791 * (and expected).
792 */
793 nh_afi = afi_iana2int(pkt_nh_afi);
794
795 if (afi != AFI_IP || nh_afi != AFI_IP6
796 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
797 || safi == SAFI_LABELED_UNICAST)) {
798 flog_warn(
799 EC_BGP_CAPABILITY_INVALID_DATA,
800 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
801 peer->host, iana_afi2str(pkt_afi),
802 iana_safi2str(pkt_safi), pkt_nh_afi);
803 continue;
804 }
805
806 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
807
808 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
809 SET_FLAG(peer->af_cap[afi][safi],
810 PEER_CAP_ENHE_AF_NEGO);
811 }
812
813 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
814
815 return 0;
816 }
817
818 static int bgp_capability_hostname(struct peer *peer,
819 struct capability_header *hdr)
820 {
821 struct stream *s = BGP_INPUT(peer);
822 char str[BGP_MAX_HOSTNAME + 1];
823 size_t end = stream_get_getp(s) + hdr->length;
824 uint8_t len;
825
826 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
827
828 len = stream_getc(s);
829 if (stream_get_getp(s) + len > end) {
830 flog_warn(
831 EC_BGP_CAPABILITY_INVALID_DATA,
832 "%s: Received malformed hostname capability from peer %s",
833 __func__, peer->host);
834 return -1;
835 }
836
837 if (len > BGP_MAX_HOSTNAME) {
838 stream_get(str, s, BGP_MAX_HOSTNAME);
839 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
840 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
841 } else if (len)
842 stream_get(str, s, len);
843
844 if (len) {
845 str[len] = '\0';
846
847 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
848 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
849
850 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
851 }
852
853 if (stream_get_getp(s) + 1 > end) {
854 flog_warn(
855 EC_BGP_CAPABILITY_INVALID_DATA,
856 "%s: Received invalid domain name len (hostname capability) from peer %s",
857 __func__, peer->host);
858 return -1;
859 }
860
861 len = stream_getc(s);
862 if (stream_get_getp(s) + len > end) {
863 flog_warn(
864 EC_BGP_CAPABILITY_INVALID_DATA,
865 "%s: Received runt domain name (hostname capability) from peer %s",
866 __func__, peer->host);
867 return -1;
868 }
869
870 if (len > BGP_MAX_HOSTNAME) {
871 stream_get(str, s, BGP_MAX_HOSTNAME);
872 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
873 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
874 } else if (len)
875 stream_get(str, s, len);
876
877 if (len) {
878 str[len] = '\0';
879
880 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
881
882 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
883 }
884
885 if (bgp_debug_neighbor_events(peer)) {
886 zlog_debug("%s received hostname %s, domainname %s", peer->host,
887 peer->hostname, peer->domainname);
888 }
889
890 return 0;
891 }
892
893 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
894 {
895 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
896 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
897 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
898 "Role: Received invalid length %d", hdr->length);
899 return -1;
900 }
901 uint8_t role = stream_getc(BGP_INPUT(peer));
902
903 peer->remote_role = role;
904 return 0;
905 }
906
907 /**
908 * Parse given capability.
909 * XXX: This is reading into a stream, but not using stream API
910 *
911 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
912 * capabilities were encountered.
913 */
914 static int bgp_capability_parse(struct peer *peer, size_t length,
915 int *mp_capability, uint8_t **error)
916 {
917 int ret;
918 struct stream *s = BGP_INPUT(peer);
919 size_t end = stream_get_getp(s) + length;
920 uint16_t restart_flag_time = 0;
921
922 assert(STREAM_READABLE(s) >= length);
923
924 while (stream_get_getp(s) < end) {
925 size_t start;
926 uint8_t *sp = stream_pnt(s);
927 struct capability_header caphdr;
928
929 ret = 0;
930 /* We need at least capability code and capability length. */
931 if (stream_get_getp(s) + 2 > end) {
932 zlog_info("%s Capability length error (< header)",
933 peer->host);
934 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
935 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
936 return -1;
937 }
938
939 caphdr.code = stream_getc(s);
940 caphdr.length = stream_getc(s);
941 start = stream_get_getp(s);
942
943 /* Capability length check sanity check. */
944 if (start + caphdr.length > end) {
945 zlog_info("%s Capability length error (< length)",
946 peer->host);
947 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
948 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
949 return -1;
950 }
951
952 if (bgp_debug_neighbor_events(peer))
953 zlog_debug("%s OPEN has %s capability (%u), length %u",
954 peer->host,
955 lookup_msg(capcode_str, caphdr.code, NULL),
956 caphdr.code, caphdr.length);
957
958 /* Length sanity check, type-specific, for known capabilities */
959 switch (caphdr.code) {
960 case CAPABILITY_CODE_MP:
961 case CAPABILITY_CODE_REFRESH:
962 case CAPABILITY_CODE_REFRESH_OLD:
963 case CAPABILITY_CODE_ORF:
964 case CAPABILITY_CODE_ORF_OLD:
965 case CAPABILITY_CODE_RESTART:
966 case CAPABILITY_CODE_AS4:
967 case CAPABILITY_CODE_ADDPATH:
968 case CAPABILITY_CODE_DYNAMIC:
969 case CAPABILITY_CODE_DYNAMIC_OLD:
970 case CAPABILITY_CODE_ENHE:
971 case CAPABILITY_CODE_FQDN:
972 case CAPABILITY_CODE_ENHANCED_RR:
973 case CAPABILITY_CODE_EXT_MESSAGE:
974 case CAPABILITY_CODE_ROLE:
975 /* Check length. */
976 if (caphdr.length < cap_minsizes[caphdr.code]) {
977 zlog_info(
978 "%s %s Capability length error: got %u, expected at least %u",
979 peer->host,
980 lookup_msg(capcode_str, caphdr.code,
981 NULL),
982 caphdr.length,
983 (unsigned)cap_minsizes[caphdr.code]);
984 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
985 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
986 return -1;
987 }
988 if (caphdr.length
989 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
990 zlog_info(
991 "%s %s Capability length error: got %u, expected a multiple of %u",
992 peer->host,
993 lookup_msg(capcode_str, caphdr.code,
994 NULL),
995 caphdr.length,
996 (unsigned)cap_modsizes[caphdr.code]);
997 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
998 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
999 return -1;
1000 }
1001 /* we deliberately ignore unknown codes, see below */
1002 default:
1003 break;
1004 }
1005
1006 switch (caphdr.code) {
1007 case CAPABILITY_CODE_MP: {
1008 *mp_capability = 1;
1009
1010 /* Ignore capability when override-capability is set. */
1011 if (!CHECK_FLAG(peer->flags,
1012 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1013 /* Set negotiated value. */
1014 ret = bgp_capability_mp(peer, &caphdr);
1015
1016 /* Unsupported Capability. */
1017 if (ret < 0) {
1018 /* Store return data. */
1019 memcpy(*error, sp, caphdr.length + 2);
1020 *error += caphdr.length + 2;
1021 }
1022 ret = 0; /* Don't return error for this */
1023 }
1024 } break;
1025 case CAPABILITY_CODE_ENHANCED_RR:
1026 case CAPABILITY_CODE_REFRESH:
1027 case CAPABILITY_CODE_REFRESH_OLD: {
1028 /* BGP refresh capability */
1029 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1030 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1031 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1032 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1033 else
1034 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1035 } break;
1036 case CAPABILITY_CODE_ORF:
1037 case CAPABILITY_CODE_ORF_OLD:
1038 ret = bgp_capability_orf_entry(peer, &caphdr);
1039 break;
1040 case CAPABILITY_CODE_RESTART:
1041 ret = bgp_capability_restart(peer, &caphdr);
1042 break;
1043 case CAPABILITY_CODE_LLGR:
1044 ret = bgp_capability_llgr(peer, &caphdr);
1045 break;
1046 case CAPABILITY_CODE_DYNAMIC:
1047 case CAPABILITY_CODE_DYNAMIC_OLD:
1048 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1049 break;
1050 case CAPABILITY_CODE_AS4:
1051 /* Already handled as a special-case parsing of the
1052 * capabilities
1053 * at the beginning of OPEN processing. So we care not a
1054 * jot
1055 * for the value really, only error case.
1056 */
1057 if (!bgp_capability_as4(peer, &caphdr))
1058 ret = -1;
1059 break;
1060 case CAPABILITY_CODE_ADDPATH:
1061 ret = bgp_capability_addpath(peer, &caphdr);
1062 break;
1063 case CAPABILITY_CODE_ENHE:
1064 ret = bgp_capability_enhe(peer, &caphdr);
1065 break;
1066 case CAPABILITY_CODE_EXT_MESSAGE:
1067 ret = bgp_capability_ext_message(peer, &caphdr);
1068 break;
1069 case CAPABILITY_CODE_FQDN:
1070 ret = bgp_capability_hostname(peer, &caphdr);
1071 break;
1072 case CAPABILITY_CODE_ROLE:
1073 ret = bgp_capability_role(peer, &caphdr);
1074 break;
1075 default:
1076 if (caphdr.code > 128) {
1077 /* We don't send Notification for unknown vendor
1078 specific
1079 capabilities. It seems reasonable for now...
1080 */
1081 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1082 "%s Vendor specific capability %d",
1083 peer->host, caphdr.code);
1084 } else {
1085 flog_warn(
1086 EC_BGP_CAPABILITY_UNKNOWN,
1087 "%s unrecognized capability code: %d - ignored",
1088 peer->host, caphdr.code);
1089 memcpy(*error, sp, caphdr.length + 2);
1090 *error += caphdr.length + 2;
1091 }
1092 }
1093
1094 if (ret < 0) {
1095 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1096 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1097 return -1;
1098 }
1099 if (stream_get_getp(s) != (start + caphdr.length)) {
1100 if (stream_get_getp(s) > (start + caphdr.length))
1101 flog_warn(
1102 EC_BGP_CAPABILITY_INVALID_LENGTH,
1103 "%s Cap-parser for %s read past cap-length, %u!",
1104 peer->host,
1105 lookup_msg(capcode_str, caphdr.code,
1106 NULL),
1107 caphdr.length);
1108 stream_set_getp(s, start + caphdr.length);
1109 }
1110
1111 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1112 UNSET_FLAG(restart_flag_time, 0xF000);
1113 peer->v_gr_restart = restart_flag_time;
1114 }
1115 }
1116 return 0;
1117 }
1118
1119 static int bgp_auth_parse(struct peer *peer, size_t length)
1120 {
1121 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1122 BGP_NOTIFY_OPEN_AUTH_FAILURE);
1123 return -1;
1124 }
1125
1126 static bool strict_capability_same(struct peer *peer)
1127 {
1128 int i, j;
1129
1130 for (i = AFI_IP; i < AFI_MAX; i++)
1131 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1132 if (peer->afc[i][j] != peer->afc_nego[i][j])
1133 return false;
1134 return true;
1135 }
1136
1137
1138 static bool bgp_role_violation(struct peer *peer)
1139 {
1140 uint8_t local_role = peer->local_role;
1141 uint8_t remote_role = peer->remote_role;
1142
1143 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1144 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1145 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1146 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1147 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1148 (local_role == ROLE_RS_CLIENT &&
1149 remote_role == ROLE_RS_SERVER))) {
1150 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1151 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1152 return true;
1153 }
1154 if (remote_role == ROLE_UNDEFINED &&
1155 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1156 const char *err_msg =
1157 "Strict mode. Please set the role on your side.";
1158 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1159 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1160 (uint8_t *)err_msg, strlen(err_msg));
1161 return true;
1162 }
1163 return false;
1164 }
1165
1166
1167 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1168 * Returns 0 if no as4 found, as4cap value otherwise.
1169 */
1170 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1171 {
1172 struct stream *s = BGP_INPUT(peer);
1173 size_t orig_getp = stream_get_getp(s);
1174 size_t end = orig_getp + length;
1175 as_t as4 = 0;
1176
1177 if (BGP_DEBUG(as4, AS4))
1178 zlog_debug(
1179 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1180 peer->host, length);
1181 /* the error cases we DONT handle, we ONLY try to read as4 out of
1182 * correctly formatted options.
1183 */
1184 while (stream_get_getp(s) < end) {
1185 uint8_t opt_type;
1186 uint16_t opt_length;
1187
1188 /* Ensure we can read the option type */
1189 if (stream_get_getp(s) + 1 > end)
1190 goto end;
1191
1192 /* Fetch the option type */
1193 opt_type = stream_getc(s);
1194
1195 /*
1196 * Check the length and fetch the opt_length
1197 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1198 * then we do a getw which is 2 bytes. So we need to
1199 * ensure that we can read that as well
1200 */
1201 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1202 if (stream_get_getp(s) + 2 > end)
1203 goto end;
1204
1205 opt_length = stream_getw(s);
1206 } else {
1207 if (stream_get_getp(s) + 1 > end)
1208 goto end;
1209
1210 opt_length = stream_getc(s);
1211 }
1212
1213 /* Option length check. */
1214 if (stream_get_getp(s) + opt_length > end)
1215 goto end;
1216
1217 if (opt_type == BGP_OPEN_OPT_CAP) {
1218 unsigned long capd_start = stream_get_getp(s);
1219 unsigned long capd_end = capd_start + opt_length;
1220
1221 assert(capd_end <= end);
1222
1223 while (stream_get_getp(s) < capd_end) {
1224 struct capability_header hdr;
1225
1226 if (stream_get_getp(s) + 2 > capd_end)
1227 goto end;
1228
1229 hdr.code = stream_getc(s);
1230 hdr.length = stream_getc(s);
1231
1232 if ((stream_get_getp(s) + hdr.length)
1233 > capd_end)
1234 goto end;
1235
1236 if (hdr.code == CAPABILITY_CODE_AS4) {
1237 if (BGP_DEBUG(as4, AS4))
1238 zlog_debug(
1239 "[AS4] found AS4 capability, about to parse");
1240 as4 = bgp_capability_as4(peer, &hdr);
1241
1242 goto end;
1243 }
1244 stream_forward_getp(s, hdr.length);
1245 }
1246 }
1247 }
1248
1249 end:
1250 stream_set_getp(s, orig_getp);
1251 return as4;
1252 }
1253
1254 /**
1255 * Parse open option.
1256 *
1257 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1258 */
1259 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1260 int *mp_capability)
1261 {
1262 int ret = 0;
1263 uint8_t *error;
1264 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1265 struct stream *s = BGP_INPUT(peer);
1266 size_t end = stream_get_getp(s) + length;
1267
1268 error = error_data;
1269
1270 if (bgp_debug_neighbor_events(peer))
1271 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1272 peer->host, length);
1273
1274 /* Unset any previously received GR capability. */
1275 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1276
1277 while (stream_get_getp(s) < end) {
1278 uint8_t opt_type;
1279 uint16_t opt_length;
1280
1281 /*
1282 * Check that we can read the opt_type and fetch it
1283 */
1284 if (STREAM_READABLE(s) < 1) {
1285 zlog_info("%s Option length error", peer->host);
1286 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1287 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1288 return -1;
1289 }
1290 opt_type = stream_getc(s);
1291
1292 /*
1293 * Check the length of the stream to ensure that
1294 * FRR can properly read the opt_length. Then read it
1295 */
1296 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1297 if (STREAM_READABLE(s) < 2) {
1298 zlog_info("%s Option length error", peer->host);
1299 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1300 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1301 return -1;
1302 }
1303
1304 opt_length = stream_getw(s);
1305 } else {
1306 if (STREAM_READABLE(s) < 1) {
1307 zlog_info("%s Option length error", peer->host);
1308 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1309 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1310 return -1;
1311 }
1312
1313 opt_length = stream_getc(s);
1314 }
1315
1316 /* Option length check. */
1317 if (STREAM_READABLE(s) < opt_length) {
1318 zlog_info("%s Option length error (%d)", peer->host,
1319 opt_length);
1320 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1321 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1322 return -1;
1323 }
1324
1325 if (bgp_debug_neighbor_events(peer))
1326 zlog_debug(
1327 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1328 peer->host, opt_type,
1329 opt_type == BGP_OPEN_OPT_AUTH
1330 ? "Authentication"
1331 : opt_type == BGP_OPEN_OPT_CAP
1332 ? "Capability"
1333 : "Unknown",
1334 opt_length);
1335
1336 switch (opt_type) {
1337 case BGP_OPEN_OPT_AUTH:
1338 ret = bgp_auth_parse(peer, opt_length);
1339 break;
1340 case BGP_OPEN_OPT_CAP:
1341 ret = bgp_capability_parse(peer, opt_length,
1342 mp_capability, &error);
1343 break;
1344 default:
1345 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1346 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1347 ret = -1;
1348 break;
1349 }
1350
1351 /* Parse error. To accumulate all unsupported capability codes,
1352 bgp_capability_parse does not return -1 when encounter
1353 unsupported capability code. To detect that, please check
1354 error and erro_data pointer, like below. */
1355 if (ret < 0)
1356 return -1;
1357 }
1358
1359 /* All OPEN option is parsed. Check capability when strict compare
1360 flag is enabled.*/
1361 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1362 /* If Unsupported Capability exists. */
1363 if (error != error_data) {
1364 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1365 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1366 error_data,
1367 error - error_data);
1368 return -1;
1369 }
1370
1371 /* Check local capability does not negotiated with remote
1372 peer. */
1373 if (!strict_capability_same(peer)) {
1374 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1375 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1376 return -1;
1377 }
1378 }
1379
1380 /* Extended Message Support */
1381 peer->max_packet_size =
1382 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1383 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1384 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1385 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1386
1387 /* Check that roles are corresponding to each other */
1388 if (bgp_role_violation(peer))
1389 return -1;
1390
1391 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1392 error. */
1393 if (*mp_capability
1394 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1395 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1396 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1397 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1398 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1399 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1400 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1401 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1402 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1403 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1404 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1405 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1406 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1407 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1408 flog_err(EC_BGP_PKT_OPEN,
1409 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1410 peer->host);
1411
1412 if (error != error_data)
1413 bgp_notify_send_with_data(
1414 peer, BGP_NOTIFY_OPEN_ERR,
1415 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1416 error - error_data);
1417 else
1418 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1419 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1420 return -1;
1421 }
1422 }
1423 return 0;
1424 }
1425
1426 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1427 afi_t afi, safi_t safi, uint8_t code,
1428 bool ext_opt_params)
1429 {
1430 uint16_t cap_len;
1431 uint8_t orf_len;
1432 unsigned long capp;
1433 unsigned long orfp;
1434 unsigned long numberp;
1435 int number_of_orfs = 0;
1436 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1437 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1438
1439 /* Convert AFI, SAFI to values for packet. */
1440 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1441
1442 stream_putc(s, BGP_OPEN_OPT_CAP);
1443 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1444 ext_opt_params ? stream_putw(s, 0)
1445 : stream_putc(s, 0); /* Capability Length */
1446 stream_putc(s, code); /* Capability Code */
1447 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1448 stream_putc(s, 0); /* ORF Length */
1449 stream_putw(s, pkt_afi);
1450 stream_putc(s, 0);
1451 stream_putc(s, pkt_safi);
1452 numberp = stream_get_endp(s); /* Set Number Pointer */
1453 stream_putc(s, 0); /* Number of ORFs */
1454
1455 /* Address Prefix ORF */
1456 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1457 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1458 stream_putc(s, (code == CAPABILITY_CODE_ORF
1459 ? ORF_TYPE_PREFIX
1460 : ORF_TYPE_PREFIX_OLD));
1461
1462 if (CHECK_FLAG(peer->af_flags[afi][safi],
1463 PEER_FLAG_ORF_PREFIX_SM)
1464 && CHECK_FLAG(peer->af_flags[afi][safi],
1465 PEER_FLAG_ORF_PREFIX_RM)) {
1466 SET_FLAG(peer->af_cap[afi][safi],
1467 PEER_CAP_ORF_PREFIX_SM_ADV);
1468 SET_FLAG(peer->af_cap[afi][safi],
1469 PEER_CAP_ORF_PREFIX_RM_ADV);
1470 stream_putc(s, ORF_MODE_BOTH);
1471 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1472 PEER_FLAG_ORF_PREFIX_SM)) {
1473 SET_FLAG(peer->af_cap[afi][safi],
1474 PEER_CAP_ORF_PREFIX_SM_ADV);
1475 stream_putc(s, ORF_MODE_SEND);
1476 } else {
1477 SET_FLAG(peer->af_cap[afi][safi],
1478 PEER_CAP_ORF_PREFIX_RM_ADV);
1479 stream_putc(s, ORF_MODE_RECEIVE);
1480 }
1481 number_of_orfs++;
1482 }
1483
1484 /* Total Number of ORFs. */
1485 stream_putc_at(s, numberp, number_of_orfs);
1486
1487 /* Total ORF Len. */
1488 orf_len = stream_get_endp(s) - orfp - 1;
1489 stream_putc_at(s, orfp, orf_len);
1490
1491 /* Total Capability Len. */
1492 cap_len = stream_get_endp(s) - capp - 1;
1493 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1494 : stream_putc_at(s, capp, cap_len);
1495 }
1496
1497 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1498 bool ext_opt_params)
1499 {
1500 int len;
1501 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1502 afi_t afi;
1503 safi_t safi;
1504 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1505 uint32_t restart_time;
1506 unsigned long capp = 0;
1507 unsigned long rcapp = 0;
1508
1509 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1510 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1511 return;
1512
1513 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1514 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1515 peer->host);
1516
1517 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1518 stream_putc(s, BGP_OPEN_OPT_CAP);
1519 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1520 ext_opt_params ? stream_putw(s, 0)
1521 : stream_putc(s, 0); /* Capability Length */
1522 stream_putc(s, CAPABILITY_CODE_RESTART);
1523 /* Set Restart Capability Len Pointer */
1524 rcapp = stream_get_endp(s);
1525 stream_putc(s, 0);
1526 restart_time = peer->bgp->restart_time;
1527 if (peer->bgp->t_startup) {
1528 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1529 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1530 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1531 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1532 peer->host);
1533 }
1534
1535 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1536 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1537 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1538 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1539 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1540 peer->host);
1541 }
1542
1543 stream_putw(s, restart_time);
1544
1545 /* Send address-family specific graceful-restart capability
1546 * only when GR config is present
1547 */
1548 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1549 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1550 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1551 zlog_debug("[BGP_GR] F bit Set");
1552
1553 FOREACH_AFI_SAFI (afi, safi) {
1554 if (!peer->afc[afi][safi])
1555 continue;
1556
1557 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1558 zlog_debug(
1559 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1560 afi, safi);
1561
1562 /* Convert AFI, SAFI to values for
1563 * packet.
1564 */
1565 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1566 &pkt_safi);
1567 stream_putw(s, pkt_afi);
1568 stream_putc(s, pkt_safi);
1569 if (CHECK_FLAG(peer->bgp->flags,
1570 BGP_FLAG_GR_PRESERVE_FWD))
1571 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1572 else
1573 stream_putc(s, 0);
1574 }
1575 }
1576
1577 /* Total Graceful restart capability Len. */
1578 len = stream_get_endp(s) - rcapp - 1;
1579 stream_putc_at(s, rcapp, len);
1580
1581 /* Total Capability Len. */
1582 len = stream_get_endp(s) - capp - 1;
1583 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1584 : stream_putc_at(s, capp, len);
1585 }
1586
1587 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1588 bool ext_opt_params)
1589 {
1590 int len;
1591 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1592 afi_t afi;
1593 safi_t safi;
1594 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1595 unsigned long capp = 0;
1596 unsigned long rcapp = 0;
1597
1598 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1599 return;
1600
1601 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1602
1603 stream_putc(s, BGP_OPEN_OPT_CAP);
1604 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1605 ext_opt_params ? stream_putw(s, 0)
1606 : stream_putc(s, 0); /* Capability Length */
1607 stream_putc(s, CAPABILITY_CODE_LLGR);
1608
1609 rcapp = stream_get_endp(s);
1610 stream_putc(s, 0);
1611
1612 FOREACH_AFI_SAFI (afi, safi) {
1613 if (!peer->afc[afi][safi])
1614 continue;
1615
1616 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1617
1618 stream_putw(s, pkt_afi);
1619 stream_putc(s, pkt_safi);
1620 stream_putc(s, LLGR_F_BIT);
1621 stream_put3(s, peer->bgp->llgr_stale_time);
1622
1623 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1624 }
1625
1626 /* Total Long-lived Graceful Restart capability Len. */
1627 len = stream_get_endp(s) - rcapp - 1;
1628 stream_putc_at(s, rcapp, len);
1629
1630 /* Total Capability Len. */
1631 len = stream_get_endp(s) - capp - 1;
1632 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1633 : stream_putc_at(s, capp, len);
1634 }
1635
1636 /* Fill in capability open option to the packet. */
1637 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1638 bool ext_opt_params)
1639 {
1640 uint16_t len;
1641 unsigned long cp, capp, rcapp, eopl = 0;
1642 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1643 afi_t afi;
1644 safi_t safi;
1645 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1646 as_t local_as;
1647 uint8_t afi_safi_count = 0;
1648 int adv_addpath_tx = 0;
1649
1650 /* Non-Ext OP Len. */
1651 cp = stream_get_endp(s);
1652 stream_putc(s, 0);
1653
1654 if (ext_opt_params) {
1655 /* Non-Ext OP Len. */
1656 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1657
1658 /* Non-Ext OP Type */
1659 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1660
1661 /* Extended Opt. Parm. Length */
1662 eopl = stream_get_endp(s);
1663 stream_putw(s, 0);
1664 }
1665
1666 /* Do not send capability. */
1667 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1668 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1669 return 0;
1670
1671 /* MP capability for configured AFI, SAFI */
1672 FOREACH_AFI_SAFI (afi, safi) {
1673 if (peer->afc[afi][safi]) {
1674 /* Convert AFI, SAFI to values for packet. */
1675 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1676 &pkt_safi);
1677
1678 peer->afc_adv[afi][safi] = 1;
1679 stream_putc(s, BGP_OPEN_OPT_CAP);
1680 ext_opt_params
1681 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1682 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1683 stream_putc(s, CAPABILITY_CODE_MP);
1684 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1685 stream_putw(s, pkt_afi);
1686 stream_putc(s, 0);
1687 stream_putc(s, pkt_safi);
1688
1689 /* Extended nexthop capability - currently
1690 * supporting RFC-5549 for
1691 * Link-Local peering only
1692 */
1693 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1694 && peer->su.sa.sa_family == AF_INET6
1695 && afi == AFI_IP
1696 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1697 || safi == SAFI_LABELED_UNICAST)) {
1698 /* RFC 5549 Extended Next Hop Encoding
1699 */
1700 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1701 stream_putc(s, BGP_OPEN_OPT_CAP);
1702 ext_opt_params
1703 ? stream_putw(s,
1704 CAPABILITY_CODE_ENHE_LEN
1705 + 2)
1706 : stream_putc(s,
1707 CAPABILITY_CODE_ENHE_LEN
1708 + 2);
1709 stream_putc(s, CAPABILITY_CODE_ENHE);
1710 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1711
1712 SET_FLAG(peer->af_cap[AFI_IP][safi],
1713 PEER_CAP_ENHE_AF_ADV);
1714 stream_putw(s, pkt_afi);
1715 stream_putw(s, pkt_safi);
1716 stream_putw(s, afi_int2iana(AFI_IP6));
1717
1718 if (CHECK_FLAG(peer->af_cap[afi][safi],
1719 PEER_CAP_ENHE_AF_RCV))
1720 SET_FLAG(peer->af_cap[afi][safi],
1721 PEER_CAP_ENHE_AF_NEGO);
1722 }
1723 }
1724 }
1725
1726 /* Route refresh. */
1727 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1728 stream_putc(s, BGP_OPEN_OPT_CAP);
1729 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1730 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1731 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1732 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1733 stream_putc(s, BGP_OPEN_OPT_CAP);
1734 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1735 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1736 stream_putc(s, CAPABILITY_CODE_REFRESH);
1737 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1738
1739 /* Enhanced Route Refresh. */
1740 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1741 stream_putc(s, BGP_OPEN_OPT_CAP);
1742 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1743 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1744 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1745 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1746
1747 /* AS4 */
1748 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1749 stream_putc(s, BGP_OPEN_OPT_CAP);
1750 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1751 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1752 stream_putc(s, CAPABILITY_CODE_AS4);
1753 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1754 if (peer->change_local_as)
1755 local_as = peer->change_local_as;
1756 else
1757 local_as = peer->local_as;
1758 stream_putl(s, local_as);
1759
1760 /* Extended Message Support */
1761 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1762 stream_putc(s, BGP_OPEN_OPT_CAP);
1763 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1764 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1765 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1766 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1767
1768 /* Role*/
1769 if (peer->local_role != ROLE_UNDEFINED) {
1770 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1771 stream_putc(s, BGP_OPEN_OPT_CAP);
1772 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1773 stream_putc(s, CAPABILITY_CODE_ROLE);
1774 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1775 stream_putc(s, peer->local_role);
1776 }
1777
1778 /* AddPath */
1779 FOREACH_AFI_SAFI (afi, safi) {
1780 if (peer->afc[afi][safi]) {
1781 afi_safi_count++;
1782
1783 /* Only advertise addpath TX if a feature that
1784 * will use it is
1785 * configured */
1786 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1787 adv_addpath_tx = 1;
1788 }
1789 }
1790
1791 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1792 stream_putc(s, BGP_OPEN_OPT_CAP);
1793 ext_opt_params
1794 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1795 + 2)
1796 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1797 + 2);
1798 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1799 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1800
1801 FOREACH_AFI_SAFI (afi, safi) {
1802 if (peer->afc[afi][safi]) {
1803 bool adv_addpath_rx =
1804 !CHECK_FLAG(peer->af_flags[afi][safi],
1805 PEER_FLAG_DISABLE_ADDPATH_RX);
1806 uint8_t flags = 0;
1807
1808 /* Convert AFI, SAFI to values for packet. */
1809 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1810 &pkt_safi);
1811
1812 stream_putw(s, pkt_afi);
1813 stream_putc(s, pkt_safi);
1814
1815 if (adv_addpath_rx) {
1816 SET_FLAG(flags, BGP_ADDPATH_RX);
1817 SET_FLAG(peer->af_cap[afi][safi],
1818 PEER_CAP_ADDPATH_AF_RX_ADV);
1819 } else {
1820 UNSET_FLAG(peer->af_cap[afi][safi],
1821 PEER_CAP_ADDPATH_AF_RX_ADV);
1822 }
1823
1824 if (adv_addpath_tx) {
1825 SET_FLAG(flags, BGP_ADDPATH_TX);
1826 SET_FLAG(peer->af_cap[afi][safi],
1827 PEER_CAP_ADDPATH_AF_TX_ADV);
1828 } else {
1829 UNSET_FLAG(peer->af_cap[afi][safi],
1830 PEER_CAP_ADDPATH_AF_TX_ADV);
1831 }
1832
1833 stream_putc(s, flags);
1834 }
1835 }
1836
1837 /* ORF capability. */
1838 FOREACH_AFI_SAFI (afi, safi) {
1839 if (CHECK_FLAG(peer->af_flags[afi][safi],
1840 PEER_FLAG_ORF_PREFIX_SM)
1841 || CHECK_FLAG(peer->af_flags[afi][safi],
1842 PEER_FLAG_ORF_PREFIX_RM)) {
1843 bgp_open_capability_orf(s, peer, afi, safi,
1844 CAPABILITY_CODE_ORF_OLD,
1845 ext_opt_params);
1846 bgp_open_capability_orf(s, peer, afi, safi,
1847 CAPABILITY_CODE_ORF,
1848 ext_opt_params);
1849 }
1850 }
1851
1852 /* Dynamic capability. */
1853 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1854 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1855 stream_putc(s, BGP_OPEN_OPT_CAP);
1856 ext_opt_params
1857 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1858 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1859 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1860 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1861 stream_putc(s, BGP_OPEN_OPT_CAP);
1862 ext_opt_params
1863 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1864 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1865 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1866 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1867 }
1868
1869 /* Hostname capability */
1870 if (cmd_hostname_get()) {
1871 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1872 stream_putc(s, BGP_OPEN_OPT_CAP);
1873 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1874 ext_opt_params ? stream_putw(s, 0)
1875 : stream_putc(s, 0); /* Capability Length */
1876 stream_putc(s, CAPABILITY_CODE_FQDN);
1877 capp = stream_get_endp(s);
1878 stream_putc(s, 0); /* dummy len for now */
1879 len = strlen(cmd_hostname_get());
1880 if (len > BGP_MAX_HOSTNAME)
1881 len = BGP_MAX_HOSTNAME;
1882
1883 stream_putc(s, len);
1884 stream_put(s, cmd_hostname_get(), len);
1885 if (cmd_domainname_get()) {
1886 len = strlen(cmd_domainname_get());
1887 if (len > BGP_MAX_HOSTNAME)
1888 len = BGP_MAX_HOSTNAME;
1889
1890 stream_putc(s, len);
1891 stream_put(s, cmd_domainname_get(), len);
1892 } else
1893 stream_putc(s, 0); /* 0 length */
1894
1895 /* Set the lengths straight */
1896 len = stream_get_endp(s) - rcapp - 1;
1897 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1898 : stream_putc_at(s, rcapp, len);
1899
1900 len = stream_get_endp(s) - capp - 1;
1901 stream_putc_at(s, capp, len);
1902
1903 if (bgp_debug_neighbor_events(peer))
1904 zlog_debug(
1905 "%s Sending hostname cap with hn = %s, dn = %s",
1906 peer->host, cmd_hostname_get(),
1907 cmd_domainname_get());
1908 }
1909
1910 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1911 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1912
1913 /* Total Opt Parm Len. */
1914 len = stream_get_endp(s) - cp - 1;
1915
1916 if (ext_opt_params) {
1917 len = stream_get_endp(s) - eopl - 2;
1918 stream_putw_at(s, eopl, len);
1919 } else {
1920 stream_putc_at(s, cp, len);
1921 }
1922
1923 return len;
1924 }
FRRouting mirror