]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8637 from opensourcerouting/pim-vrf-acl-fixes
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 * Contains utility functions for constructing and consuming BGP messages.
3 * Copyright (C) 2017 Cumulus Networks
4 * Copyright (C) 1999 Kunihiro Ishiguro
5 *
6 * This file is part of GNU Zebra.
7 *
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
11 * later version.
12 *
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 */
22
23 #include <zebra.h>
24 #include <sys/time.h>
25
26 #include "thread.h"
27 #include "stream.h"
28 #include "network.h"
29 #include "prefix.h"
30 #include "command.h"
31 #include "log.h"
32 #include "memory.h"
33 #include "sockunion.h" /* for inet_ntop () */
34 #include "sockopt.h"
35 #include "linklist.h"
36 #include "plist.h"
37 #include "queue.h"
38 #include "filter.h"
39 #include "lib_errors.h"
40
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_table.h"
43 #include "bgpd/bgp_dump.h"
44 #include "bgpd/bgp_bmp.h"
45 #include "bgpd/bgp_attr.h"
46 #include "bgpd/bgp_debug.h"
47 #include "bgpd/bgp_errors.h"
48 #include "bgpd/bgp_fsm.h"
49 #include "bgpd/bgp_route.h"
50 #include "bgpd/bgp_packet.h"
51 #include "bgpd/bgp_open.h"
52 #include "bgpd/bgp_aspath.h"
53 #include "bgpd/bgp_community.h"
54 #include "bgpd/bgp_ecommunity.h"
55 #include "bgpd/bgp_lcommunity.h"
56 #include "bgpd/bgp_network.h"
57 #include "bgpd/bgp_mplsvpn.h"
58 #include "bgpd/bgp_evpn.h"
59 #include "bgpd/bgp_advertise.h"
60 #include "bgpd/bgp_vty.h"
61 #include "bgpd/bgp_updgrp.h"
62 #include "bgpd/bgp_label.h"
63 #include "bgpd/bgp_io.h"
64 #include "bgpd/bgp_keepalives.h"
65 #include "bgpd/bgp_flowspec.h"
66 #include "bgpd/bgp_trace.h"
67
68 DEFINE_HOOK(bgp_packet_dump,
69 (struct peer *peer, uint8_t type, bgp_size_t size,
70 struct stream *s),
71 (peer, type, size, s));
72
73 DEFINE_HOOK(bgp_packet_send,
74 (struct peer *peer, uint8_t type, bgp_size_t size,
75 struct stream *s),
76 (peer, type, size, s));
77
78 /**
79 * Sets marker and type fields for a BGP message.
80 *
81 * @param s the stream containing the packet
82 * @param type the packet type
83 * @return the size of the stream
84 */
85 int bgp_packet_set_marker(struct stream *s, uint8_t type)
86 {
87 int i;
88
89 /* Fill in marker. */
90 for (i = 0; i < BGP_MARKER_SIZE; i++)
91 stream_putc(s, 0xff);
92
93 /* Dummy total length. This field is should be filled in later on. */
94 stream_putw(s, 0);
95
96 /* BGP packet type. */
97 stream_putc(s, type);
98
99 /* Return current stream size. */
100 return stream_get_endp(s);
101 }
102
103 /**
104 * Sets size field for a BGP message.
105 *
106 * Size field is set to the size of the stream passed.
107 *
108 * @param s the stream containing the packet
109 * @return the size of the stream
110 */
111 int bgp_packet_set_size(struct stream *s)
112 {
113 int cp;
114
115 /* Preserve current pointer. */
116 cp = stream_get_endp(s);
117 stream_putw_at(s, BGP_MARKER_SIZE, cp);
118
119 return cp;
120 }
121
122 /*
123 * Push a packet onto the beginning of the peer's output queue.
124 * This function acquires the peer's write mutex before proceeding.
125 */
126 static void bgp_packet_add(struct peer *peer, struct stream *s)
127 {
128 frr_with_mutex(&peer->io_mtx) {
129 stream_fifo_push(peer->obuf, s);
130 }
131 }
132
133 static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi,
134 safi_t safi)
135 {
136 struct stream *s;
137 iana_afi_t pkt_afi;
138 iana_safi_t pkt_safi;
139
140 if (DISABLE_BGP_ANNOUNCE)
141 return NULL;
142
143 if (bgp_debug_neighbor_events(peer))
144 zlog_debug("send End-of-RIB for %s to %s",
145 get_afi_safi_str(afi, safi, false), peer->host);
146
147 s = stream_new(peer->max_packet_size);
148
149 /* Make BGP update packet. */
150 bgp_packet_set_marker(s, BGP_MSG_UPDATE);
151
152 /* Unfeasible Routes Length */
153 stream_putw(s, 0);
154
155 if (afi == AFI_IP && safi == SAFI_UNICAST) {
156 /* Total Path Attribute Length */
157 stream_putw(s, 0);
158 } else {
159 /* Convert AFI, SAFI to values for packet. */
160 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
161
162 /* Total Path Attribute Length */
163 stream_putw(s, 6);
164 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
165 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
166 stream_putc(s, 3);
167 stream_putw(s, pkt_afi);
168 stream_putc(s, pkt_safi);
169 }
170
171 bgp_packet_set_size(s);
172 return s;
173 }
174
175 /* Called when there is a change in the EOR(implicit or explicit) status of a
176 * peer. Ends the update-delay if all expected peers are done with EORs. */
177 void bgp_check_update_delay(struct bgp *bgp)
178 {
179 struct listnode *node, *nnode;
180 struct peer *peer = NULL;
181
182 if (bgp_debug_neighbor_events(peer))
183 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
184 bgp->established, bgp->restarted_peers,
185 bgp->implicit_eors, bgp->explicit_eors);
186
187 if (bgp->established
188 <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) {
189 /*
190 * This is an extra sanity check to make sure we wait for all
191 * the eligible configured peers. This check is performed if
192 * establish wait timer is on, or establish wait option is not
193 * given with the update-delay command
194 */
195 if (bgp->t_establish_wait
196 || (bgp->v_establish_wait == bgp->v_update_delay))
197 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
198 if (CHECK_FLAG(peer->flags,
199 PEER_FLAG_CONFIG_NODE)
200 && !CHECK_FLAG(peer->flags,
201 PEER_FLAG_SHUTDOWN)
202 && !CHECK_FLAG(peer->bgp->flags,
203 BGP_FLAG_SHUTDOWN)
204 && !peer->update_delay_over) {
205 if (bgp_debug_neighbor_events(peer))
206 zlog_debug(
207 " Peer %s pending, continuing read-only mode",
208 peer->host);
209 return;
210 }
211 }
212
213 zlog_info(
214 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
215 bgp->restarted_peers, bgp->implicit_eors,
216 bgp->explicit_eors);
217 bgp_update_delay_end(bgp);
218 }
219 }
220
221 /*
222 * Called if peer is known to have restarted. The restart-state bit in
223 * Graceful-Restart capability is used for that
224 */
225 void bgp_update_restarted_peers(struct peer *peer)
226 {
227 if (!bgp_update_delay_active(peer->bgp))
228 return; /* BGP update delay has ended */
229 if (peer->update_delay_over)
230 return; /* This peer has already been considered */
231
232 if (bgp_debug_neighbor_events(peer))
233 zlog_debug("Peer %s: Checking restarted", peer->host);
234
235 if (peer_established(peer)) {
236 peer->update_delay_over = 1;
237 peer->bgp->restarted_peers++;
238 bgp_check_update_delay(peer->bgp);
239 }
240 }
241
242 /*
243 * Called as peer receives a keep-alive. Determines if this occurence can be
244 * taken as an implicit EOR for this peer.
245 * NOTE: The very first keep-alive after the Established state of a peer is
246 * considered implicit EOR for the update-delay purposes
247 */
248 void bgp_update_implicit_eors(struct peer *peer)
249 {
250 if (!bgp_update_delay_active(peer->bgp))
251 return; /* BGP update delay has ended */
252 if (peer->update_delay_over)
253 return; /* This peer has already been considered */
254
255 if (bgp_debug_neighbor_events(peer))
256 zlog_debug("Peer %s: Checking implicit EORs", peer->host);
257
258 if (peer_established(peer)) {
259 peer->update_delay_over = 1;
260 peer->bgp->implicit_eors++;
261 bgp_check_update_delay(peer->bgp);
262 }
263 }
264
265 /*
266 * Should be called only when there is a change in the EOR_RECEIVED status
267 * for any afi/safi on a peer.
268 */
269 static void bgp_update_explicit_eors(struct peer *peer)
270 {
271 afi_t afi;
272 safi_t safi;
273
274 if (!bgp_update_delay_active(peer->bgp))
275 return; /* BGP update delay has ended */
276 if (peer->update_delay_over)
277 return; /* This peer has already been considered */
278
279 if (bgp_debug_neighbor_events(peer))
280 zlog_debug("Peer %s: Checking explicit EORs", peer->host);
281
282 FOREACH_AFI_SAFI (afi, safi) {
283 if (peer->afc_nego[afi][safi]
284 && !CHECK_FLAG(peer->af_sflags[afi][safi],
285 PEER_STATUS_EOR_RECEIVED)) {
286 if (bgp_debug_neighbor_events(peer))
287 zlog_debug(
288 " afi %d safi %d didn't receive EOR",
289 afi, safi);
290 return;
291 }
292 }
293
294 peer->update_delay_over = 1;
295 peer->bgp->explicit_eors++;
296 bgp_check_update_delay(peer->bgp);
297 }
298
299 /**
300 * Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers.
301 *
302 * mp_withdraw, if set, is used to nullify attr structure on most of the
303 * calling safi function and for evpn, passed as parameter
304 */
305 int bgp_nlri_parse(struct peer *peer, struct attr *attr,
306 struct bgp_nlri *packet, int mp_withdraw)
307 {
308 switch (packet->safi) {
309 case SAFI_UNICAST:
310 case SAFI_MULTICAST:
311 return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr,
312 packet);
313 case SAFI_LABELED_UNICAST:
314 return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr,
315 packet);
316 case SAFI_MPLS_VPN:
317 return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr,
318 packet);
319 case SAFI_EVPN:
320 return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw);
321 case SAFI_FLOWSPEC:
322 return bgp_nlri_parse_flowspec(peer, attr, packet, mp_withdraw);
323 }
324 return BGP_NLRI_PARSE_ERROR;
325 }
326
327 /*
328 * Checks a variety of conditions to determine whether the peer needs to be
329 * rescheduled for packet generation again, and does so if necessary.
330 *
331 * @param peer to check for rescheduling
332 */
333 static void bgp_write_proceed_actions(struct peer *peer)
334 {
335 afi_t afi;
336 safi_t safi;
337 struct peer_af *paf;
338 struct bpacket *next_pkt;
339 struct update_subgroup *subgrp;
340
341 FOREACH_AFI_SAFI (afi, safi) {
342 paf = peer_af_find(peer, afi, safi);
343 if (!paf)
344 continue;
345 subgrp = paf->subgroup;
346 if (!subgrp)
347 continue;
348
349 next_pkt = paf->next_pkt_to_send;
350 if (next_pkt && next_pkt->buffer) {
351 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
352 bgp_generate_updgrp_packets, 0);
353 return;
354 }
355
356 /* No packets readily available for AFI/SAFI, are there
357 * subgroup packets
358 * that need to be generated? */
359 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
360 SUBGRP_PKTQ(subgrp))
361 || subgroup_packets_to_build(subgrp)) {
362 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
363 bgp_generate_updgrp_packets, 0);
364 return;
365 }
366
367 /* No packets to send, see if EOR is pending */
368 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
369 if (!subgrp->t_coalesce && peer->afc_nego[afi][safi]
370 && peer->synctime
371 && !CHECK_FLAG(peer->af_sflags[afi][safi],
372 PEER_STATUS_EOR_SEND)
373 && safi != SAFI_MPLS_VPN) {
374 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
375 bgp_generate_updgrp_packets, 0);
376 return;
377 }
378 }
379 }
380 }
381
382 /*
383 * Generate advertisement information (withdraws, updates, EOR) from each
384 * update group a peer belongs to, encode this information into packets, and
385 * enqueue the packets onto the peer's output buffer.
386 */
387 int bgp_generate_updgrp_packets(struct thread *thread)
388 {
389 struct peer *peer = THREAD_ARG(thread);
390
391 struct stream *s;
392 struct peer_af *paf;
393 struct bpacket *next_pkt;
394 uint32_t wpq;
395 uint32_t generated = 0;
396 afi_t afi;
397 safi_t safi;
398
399 wpq = atomic_load_explicit(&peer->bgp->wpkt_quanta,
400 memory_order_relaxed);
401
402 /*
403 * The code beyond this part deals with update packets, proceed only
404 * if peer is Established and updates are not on hold (as part of
405 * update-delay processing).
406 */
407 if (!peer_established(peer))
408 return 0;
409
410 if ((peer->bgp->main_peers_update_hold)
411 || bgp_update_delay_active(peer->bgp))
412 return 0;
413
414 if (peer->t_routeadv)
415 return 0;
416
417 do {
418 s = NULL;
419 FOREACH_AFI_SAFI (afi, safi) {
420 paf = peer_af_find(peer, afi, safi);
421 if (!paf || !PAF_SUBGRP(paf))
422 continue;
423 next_pkt = paf->next_pkt_to_send;
424
425 /*
426 * Try to generate a packet for the peer if we are at
427 * the end of the list. Always try to push out
428 * WITHDRAWs first.
429 */
430 if (!next_pkt || !next_pkt->buffer) {
431 next_pkt = subgroup_withdraw_packet(
432 PAF_SUBGRP(paf));
433 if (!next_pkt || !next_pkt->buffer)
434 subgroup_update_packet(PAF_SUBGRP(paf));
435 next_pkt = paf->next_pkt_to_send;
436 }
437
438 /*
439 * If we still don't have a packet to send to the peer,
440 * then try to find out out if we have to send eor or
441 * if not, skip to the next AFI, SAFI. Don't send the
442 * EOR prematurely; if the subgroup's coalesce timer is
443 * running, the adjacency-out structure is not created
444 * yet.
445 */
446 if (!next_pkt || !next_pkt->buffer) {
447 if (!paf->t_announce_route) {
448 /* Make sure we supress BGP UPDATES
449 * for normal processing later again.
450 */
451 UNSET_FLAG(paf->subgroup->sflags,
452 SUBGRP_STATUS_FORCE_UPDATES);
453
454 /* If route-refresh BoRR message was
455 * already sent and we are done with
456 * re-announcing tables for a decent
457 * afi/safi, we ready to send
458 * EoRR request.
459 */
460 if (CHECK_FLAG(
461 peer->af_sflags[afi][safi],
462 PEER_STATUS_BORR_SEND)) {
463 bgp_route_refresh_send(
464 peer, afi, safi, 0, 0,
465 0,
466 BGP_ROUTE_REFRESH_EORR);
467
468 SET_FLAG(peer->af_sflags[afi]
469 [safi],
470 PEER_STATUS_EORR_SEND);
471 UNSET_FLAG(
472 peer->af_sflags[afi]
473 [safi],
474 PEER_STATUS_BORR_SEND);
475
476 if (bgp_debug_neighbor_events(
477 peer))
478 zlog_debug(
479 "%s sending route-refresh (EoRR) for %s/%s",
480 peer->host,
481 afi2str(afi),
482 safi2str(safi));
483 }
484 }
485
486 if (CHECK_FLAG(peer->cap,
487 PEER_CAP_RESTART_RCV)) {
488 if (!(PAF_SUBGRP(paf))->t_coalesce
489 && peer->afc_nego[afi][safi]
490 && peer->synctime
491 && !CHECK_FLAG(
492 peer->af_sflags[afi][safi],
493 PEER_STATUS_EOR_SEND)) {
494 /* If EOR is disabled,
495 * the message is not sent
496 */
497 if (BGP_SEND_EOR(peer->bgp, afi,
498 safi)) {
499 SET_FLAG(
500 peer->af_sflags
501 [afi]
502 [safi],
503 PEER_STATUS_EOR_SEND);
504
505 /* Update EOR
506 * send time
507 */
508 peer->eor_stime[afi]
509 [safi] =
510 monotime(NULL);
511
512 BGP_UPDATE_EOR_PKT(
513 peer, afi, safi,
514 s);
515 }
516 }
517 }
518 continue;
519 }
520
521 /* Update packet send time */
522 peer->pkt_stime[afi][safi] = monotime(NULL);
523
524 /* Found a packet template to send, overwrite
525 * packet with appropriate attributes from peer
526 * and advance peer */
527 s = bpacket_reformat_for_peer(next_pkt, paf);
528 bgp_packet_add(peer, s);
529 bpacket_queue_advance_peer(paf);
530 }
531 } while (s && (++generated < wpq));
532
533 if (generated)
534 bgp_writes_on(peer);
535
536 bgp_write_proceed_actions(peer);
537
538 return 0;
539 }
540
541 /*
542 * Creates a BGP Keepalive packet and appends it to the peer's output queue.
543 */
544 void bgp_keepalive_send(struct peer *peer)
545 {
546 struct stream *s;
547
548 s = stream_new(BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE);
549
550 /* Make keepalive packet. */
551 bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE);
552
553 /* Set packet size. */
554 (void)bgp_packet_set_size(s);
555
556 /* Dump packet if debug option is set. */
557 /* bgp_packet_dump (s); */
558
559 if (bgp_debug_keepalive(peer))
560 zlog_debug("%s sending KEEPALIVE", peer->host);
561
562 /* Add packet to the peer. */
563 bgp_packet_add(peer, s);
564
565 bgp_writes_on(peer);
566 }
567
568 /*
569 * Creates a BGP Open packet and appends it to the peer's output queue.
570 * Sets capabilities as necessary.
571 */
572 void bgp_open_send(struct peer *peer)
573 {
574 struct stream *s;
575 uint16_t send_holdtime;
576 as_t local_as;
577
578 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
579 send_holdtime = peer->holdtime;
580 else
581 send_holdtime = peer->bgp->default_holdtime;
582
583 /* local-as Change */
584 if (peer->change_local_as)
585 local_as = peer->change_local_as;
586 else
587 local_as = peer->local_as;
588
589 s = stream_new(BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE);
590
591 /* Make open packet. */
592 bgp_packet_set_marker(s, BGP_MSG_OPEN);
593
594 /* Set open packet values. */
595 stream_putc(s, BGP_VERSION_4); /* BGP version */
596 stream_putw(s, (local_as <= BGP_AS_MAX) ? (uint16_t)local_as
597 : BGP_AS_TRANS);
598 stream_putw(s, send_holdtime); /* Hold Time */
599 stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */
600
601 /* Set capability code. */
602 bgp_open_capability(s, peer);
603
604 /* Set BGP packet length. */
605 (void)bgp_packet_set_size(s);
606
607 if (bgp_debug_neighbor_events(peer))
608 zlog_debug(
609 "%s sending OPEN, version %d, my as %u, holdtime %d, id %pI4",
610 peer->host, BGP_VERSION_4, local_as, send_holdtime,
611 &peer->local_id);
612
613 /* Dump packet if debug option is set. */
614 /* bgp_packet_dump (s); */
615 hook_call(bgp_packet_send, peer, BGP_MSG_OPEN, stream_get_endp(s), s);
616
617 /* Add packet to the peer. */
618 bgp_packet_add(peer, s);
619
620 bgp_writes_on(peer);
621 }
622
623 /*
624 * Writes NOTIFICATION message directly to a peer socket without waiting for
625 * the I/O thread.
626 *
627 * There must be exactly one stream on the peer->obuf FIFO, and the data within
628 * this stream must match the format of a BGP NOTIFICATION message.
629 * Transmission is best-effort.
630 *
631 * @requires peer->io_mtx
632 * @param peer
633 * @return 0
634 */
635 static void bgp_write_notify(struct peer *peer)
636 {
637 int ret, val;
638 uint8_t type;
639 struct stream *s;
640
641 /* There should be at least one packet. */
642 s = stream_fifo_pop(peer->obuf);
643
644 if (!s)
645 return;
646
647 assert(stream_get_endp(s) >= BGP_HEADER_SIZE);
648
649 /* Stop collecting data within the socket */
650 sockopt_cork(peer->fd, 0);
651
652 /*
653 * socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
654 * we only care about getting a clean shutdown at this point.
655 */
656 ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s));
657
658 /*
659 * only connection reset/close gets counted as TCP_fatal_error, failure
660 * to write the entire NOTIFY doesn't get different FSM treatment
661 */
662 if (ret <= 0) {
663 stream_free(s);
664 BGP_EVENT_ADD(peer, TCP_fatal_error);
665 return;
666 }
667
668 /* Disable Nagle, make NOTIFY packet go out right away */
669 val = 1;
670 (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val,
671 sizeof(val));
672
673 /* Retrieve BGP packet type. */
674 stream_set_getp(s, BGP_MARKER_SIZE + 2);
675 type = stream_getc(s);
676
677 assert(type == BGP_MSG_NOTIFY);
678
679 /* Type should be notify. */
680 atomic_fetch_add_explicit(&peer->notify_out, 1, memory_order_relaxed);
681 peer->notify_out++;
682
683 /* Double start timer. */
684 peer->v_start *= 2;
685
686 /* Overflow check. */
687 if (peer->v_start >= (60 * 2))
688 peer->v_start = (60 * 2);
689
690 /*
691 * Handle Graceful Restart case where the state changes to
692 * Connect instead of Idle
693 */
694 BGP_EVENT_ADD(peer, BGP_Stop);
695
696 stream_free(s);
697 }
698
699 /*
700 * Creates a BGP Notify and appends it to the peer's output queue.
701 *
702 * This function attempts to write the packet from the thread it is called
703 * from, to ensure the packet gets out ASAP.
704 *
705 * This function may be called from multiple threads. Since the function
706 * modifies I/O buffer(s) in the peer, these are locked for the duration of the
707 * call to prevent tampering from other threads.
708 *
709 * Delivery of the NOTIFICATION is attempted once and is best-effort. After
710 * return, the peer structure *must* be reset; no assumptions about session
711 * state are valid.
712 *
713 * @param peer
714 * @param code BGP error code
715 * @param sub_code BGP error subcode
716 * @param data Data portion
717 * @param datalen length of data portion
718 */
719 void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
720 uint8_t sub_code, uint8_t *data, size_t datalen)
721 {
722 struct stream *s;
723
724 /* Lock I/O mutex to prevent other threads from pushing packets */
725 frr_mutex_lock_autounlock(&peer->io_mtx);
726 /* ============================================== */
727
728 /* Allocate new stream. */
729 s = stream_new(peer->max_packet_size);
730
731 /* Make notify packet. */
732 bgp_packet_set_marker(s, BGP_MSG_NOTIFY);
733
734 /* Set notify packet values. */
735 stream_putc(s, code); /* BGP notify code */
736 stream_putc(s, sub_code); /* BGP notify sub_code */
737
738 /* If notify data is present. */
739 if (data)
740 stream_write(s, data, datalen);
741
742 /* Set BGP packet length. */
743 bgp_packet_set_size(s);
744
745 /* wipe output buffer */
746 stream_fifo_clean(peer->obuf);
747
748 /*
749 * If possible, store last packet for debugging purposes. This check is
750 * in place because we are sometimes called with a doppelganger peer,
751 * who tends to have a plethora of fields nulled out.
752 */
753 if (peer->curr) {
754 size_t packetsize = stream_get_endp(peer->curr);
755 assert(packetsize <= peer->max_packet_size);
756 memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
757 peer->last_reset_cause_size = packetsize;
758 }
759
760 /* For debug */
761 {
762 struct bgp_notify bgp_notify;
763 int first = 0;
764 int i;
765 char c[4];
766
767 bgp_notify.code = code;
768 bgp_notify.subcode = sub_code;
769 bgp_notify.data = NULL;
770 bgp_notify.length = datalen;
771 bgp_notify.raw_data = data;
772
773 peer->notify.code = bgp_notify.code;
774 peer->notify.subcode = bgp_notify.subcode;
775
776 if (bgp_notify.length && data) {
777 bgp_notify.data =
778 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
779 for (i = 0; i < bgp_notify.length; i++)
780 if (first) {
781 snprintf(c, sizeof(c), " %02x",
782 data[i]);
783
784 strlcat(bgp_notify.data, c,
785 bgp_notify.length);
786
787 } else {
788 first = 1;
789 snprintf(c, sizeof(c), "%02x", data[i]);
790
791 strlcpy(bgp_notify.data, c,
792 bgp_notify.length);
793 }
794 }
795 bgp_notify_print(peer, &bgp_notify, "sending");
796
797 if (bgp_notify.data) {
798 XFREE(MTYPE_TMP, bgp_notify.data);
799 bgp_notify.length = 0;
800 }
801 }
802
803 /* peer reset cause */
804 if (code == BGP_NOTIFY_CEASE) {
805 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
806 peer->last_reset = PEER_DOWN_USER_RESET;
807 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
808 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
809 else
810 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
811 } else
812 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
813
814 /* Add packet to peer's output queue */
815 stream_fifo_push(peer->obuf, s);
816
817 bgp_peer_gr_flags_update(peer);
818 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp,
819 peer->bgp->peer);
820
821 bgp_write_notify(peer);
822 }
823
824 /*
825 * Creates a BGP Notify and appends it to the peer's output queue.
826 *
827 * This function attempts to write the packet from the thread it is called
828 * from, to ensure the packet gets out ASAP.
829 *
830 * @param peer
831 * @param code BGP error code
832 * @param sub_code BGP error subcode
833 */
834 void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code)
835 {
836 bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
837 }
838
839 /*
840 * Creates BGP Route Refresh packet and appends it to the peer's output queue.
841 *
842 * @param peer
843 * @param afi Address Family Identifier
844 * @param safi Subsequent Address Family Identifier
845 * @param orf_type Outbound Route Filtering type
846 * @param when_to_refresh Whether to refresh immediately or defer
847 * @param remove Whether to remove ORF for specified AFI/SAFI
848 */
849 void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
850 uint8_t orf_type, uint8_t when_to_refresh,
851 int remove, uint8_t subtype)
852 {
853 struct stream *s;
854 struct bgp_filter *filter;
855 int orf_refresh = 0;
856 iana_afi_t pkt_afi;
857 iana_safi_t pkt_safi;
858
859 if (DISABLE_BGP_ANNOUNCE)
860 return;
861
862 filter = &peer->filter[afi][safi];
863
864 /* Convert AFI, SAFI to values for packet. */
865 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
866
867 s = stream_new(peer->max_packet_size);
868
869 /* Make BGP update packet. */
870 if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV))
871 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW);
872 else
873 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD);
874
875 /* Encode Route Refresh message. */
876 stream_putw(s, pkt_afi);
877 if (subtype)
878 stream_putc(s, subtype);
879 else
880 stream_putc(s, 0);
881 stream_putc(s, pkt_safi);
882
883 if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD)
884 if (remove || filter->plist[FILTER_IN].plist) {
885 uint16_t orf_len;
886 unsigned long orfp;
887
888 orf_refresh = 1;
889 stream_putc(s, when_to_refresh);
890 stream_putc(s, orf_type);
891 orfp = stream_get_endp(s);
892 stream_putw(s, 0);
893
894 if (remove) {
895 UNSET_FLAG(peer->af_sflags[afi][safi],
896 PEER_STATUS_ORF_PREFIX_SEND);
897 stream_putc(s, ORF_COMMON_PART_REMOVE_ALL);
898 if (bgp_debug_neighbor_events(peer))
899 zlog_debug(
900 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %s/%s",
901 peer->host, orf_type,
902 (when_to_refresh == REFRESH_DEFER
903 ? "defer"
904 : "immediate"),
905 iana_afi2str(pkt_afi),
906 iana_safi2str(pkt_safi));
907 } else {
908 SET_FLAG(peer->af_sflags[afi][safi],
909 PEER_STATUS_ORF_PREFIX_SEND);
910 prefix_bgp_orf_entry(
911 s, filter->plist[FILTER_IN].plist,
912 ORF_COMMON_PART_ADD,
913 ORF_COMMON_PART_PERMIT,
914 ORF_COMMON_PART_DENY);
915 if (bgp_debug_neighbor_events(peer))
916 zlog_debug(
917 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %s/%s",
918 peer->host, orf_type,
919 (when_to_refresh == REFRESH_DEFER
920 ? "defer"
921 : "immediate"),
922 iana_afi2str(pkt_afi),
923 iana_safi2str(pkt_safi));
924 }
925
926 /* Total ORF Entry Len. */
927 orf_len = stream_get_endp(s) - orfp - 2;
928 stream_putw_at(s, orfp, orf_len);
929 }
930
931 /* Set packet size. */
932 (void)bgp_packet_set_size(s);
933
934 if (bgp_debug_neighbor_events(peer)) {
935 if (!orf_refresh)
936 zlog_debug("%s sending REFRESH_REQ for afi/safi: %s/%s",
937 peer->host, iana_afi2str(pkt_afi),
938 iana_safi2str(pkt_safi));
939 }
940
941 /* Add packet to the peer. */
942 bgp_packet_add(peer, s);
943
944 bgp_writes_on(peer);
945 }
946
947 /*
948 * Create a BGP Capability packet and append it to the peer's output queue.
949 *
950 * @param peer
951 * @param afi Address Family Identifier
952 * @param safi Subsequent Address Family Identifier
953 * @param capability_code BGP Capability Code
954 * @param action Set or Remove capability
955 */
956 void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi,
957 int capability_code, int action)
958 {
959 struct stream *s;
960 iana_afi_t pkt_afi;
961 iana_safi_t pkt_safi;
962
963 /* Convert AFI, SAFI to values for packet. */
964 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
965
966 s = stream_new(peer->max_packet_size);
967
968 /* Make BGP update packet. */
969 bgp_packet_set_marker(s, BGP_MSG_CAPABILITY);
970
971 /* Encode MP_EXT capability. */
972 if (capability_code == CAPABILITY_CODE_MP) {
973 stream_putc(s, action);
974 stream_putc(s, CAPABILITY_CODE_MP);
975 stream_putc(s, CAPABILITY_CODE_MP_LEN);
976 stream_putw(s, pkt_afi);
977 stream_putc(s, 0);
978 stream_putc(s, pkt_safi);
979
980 if (bgp_debug_neighbor_events(peer))
981 zlog_debug(
982 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s",
983 peer->host,
984 action == CAPABILITY_ACTION_SET ? "Advertising"
985 : "Removing",
986 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
987 }
988
989 /* Set packet size. */
990 (void)bgp_packet_set_size(s);
991
992 /* Add packet to the peer. */
993 bgp_packet_add(peer, s);
994
995 bgp_writes_on(peer);
996 }
997
998 /* RFC1771 6.8 Connection collision detection. */
999 static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
1000 {
1001 struct peer *peer;
1002
1003 /*
1004 * Upon receipt of an OPEN message, the local system must examine
1005 * all of its connections that are in the OpenConfirm state. A BGP
1006 * speaker may also examine connections in an OpenSent state if it
1007 * knows the BGP Identifier of the peer by means outside of the
1008 * protocol. If among these connections there is a connection to a
1009 * remote BGP speaker whose BGP Identifier equals the one in the
1010 * OPEN message, then the local system performs the following
1011 * collision resolution procedure:
1012 */
1013 peer = new->doppelganger;
1014 if (peer == NULL)
1015 return 0;
1016
1017 /*
1018 * Do not accept the new connection in Established or Clearing
1019 * states. Note that a peer GR is handled by closing the existing
1020 * connection upon receipt of new one.
1021 */
1022 if (peer_established(peer) || peer->status == Clearing) {
1023 bgp_notify_send(new, BGP_NOTIFY_CEASE,
1024 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1025 return -1;
1026 }
1027
1028 if ((peer->status != OpenConfirm) && (peer->status != OpenSent))
1029 return 0;
1030
1031 /*
1032 * 1. The BGP Identifier of the local system is
1033 * compared to the BGP Identifier of the remote
1034 * system (as specified in the OPEN message).
1035 *
1036 * If the BGP Identifiers of the peers
1037 * involved in the connection collision
1038 * are identical, then the connection
1039 * initiated by the BGP speaker with the
1040 * larger AS number is preserved.
1041 */
1042 if (ntohl(peer->local_id.s_addr) < ntohl(remote_id.s_addr)
1043 || (ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)
1044 && peer->local_as < peer->as))
1045 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER)) {
1046 /*
1047 * 2. If the value of the local BGP
1048 * Identifier is less than the remote one,
1049 * the local system closes BGP connection
1050 * that already exists (the one that is
1051 * already in the OpenConfirm state),
1052 * and accepts BGP connection initiated by
1053 * the remote system.
1054 */
1055 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1056 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1057 return 1;
1058 } else {
1059 bgp_notify_send(new, BGP_NOTIFY_CEASE,
1060 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1061 return -1;
1062 }
1063 else {
1064 if (ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)
1065 && peer->local_as == peer->as)
1066 flog_err(EC_BGP_ROUTER_ID_SAME,
1067 "Peer's router-id %pI4 is the same as ours",
1068 &remote_id);
1069
1070 /*
1071 * 3. Otherwise, the local system closes newly
1072 * created BGP connection (the one associated with the
1073 * newly received OPEN message), and continues to use
1074 * the existing one (the one that is already in the
1075 * OpenConfirm state).
1076 */
1077 if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER)) {
1078 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1079 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1080 return 1;
1081 } else {
1082 bgp_notify_send(new, BGP_NOTIFY_CEASE,
1083 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1084 return -1;
1085 }
1086 }
1087 }
1088
1089 /* Packet processing routines ---------------------------------------------- */
1090 /*
1091 * This is a family of functions designed to be called from
1092 * bgp_process_packet(). These functions all share similar behavior and should
1093 * adhere to the following invariants and restrictions:
1094 *
1095 * Return codes
1096 * ------------
1097 * The return code of any one of those functions should be one of the FSM event
1098 * codes specified in bgpd.h. If a NOTIFY was sent, this event code MUST be
1099 * BGP_Stop. Otherwise, the code SHOULD correspond to the function's expected
1100 * packet type. For example, bgp_open_receive() should return BGP_Stop upon
1101 * error and Receive_OPEN_message otherwise.
1102 *
1103 * If no action is necessary, the correct return code is BGP_PACKET_NOOP as
1104 * defined below.
1105 *
1106 * Side effects
1107 * ------------
1108 * - May send NOTIFY messages
1109 * - May not modify peer->status
1110 * - May not call bgp_event_update()
1111 */
1112
1113 #define BGP_PACKET_NOOP 0
1114
1115 /**
1116 * Process BGP OPEN message for peer.
1117 *
1118 * If any errors are encountered in the OPEN message, immediately sends NOTIFY
1119 * and returns BGP_Stop.
1120 *
1121 * @param peer
1122 * @param size size of the packet
1123 * @return as in summary
1124 */
1125 static int bgp_open_receive(struct peer *peer, bgp_size_t size)
1126 {
1127 int ret;
1128 uint8_t version;
1129 uint8_t optlen;
1130 uint16_t holdtime;
1131 uint16_t send_holdtime;
1132 as_t remote_as;
1133 as_t as4 = 0, as4_be;
1134 struct in_addr remote_id;
1135 int mp_capability;
1136 uint8_t notify_data_remote_as[2];
1137 uint8_t notify_data_remote_as4[4];
1138 uint8_t notify_data_remote_id[4];
1139 uint16_t *holdtime_ptr;
1140
1141 /* Parse open packet. */
1142 version = stream_getc(peer->curr);
1143 memcpy(notify_data_remote_as, stream_pnt(peer->curr), 2);
1144 remote_as = stream_getw(peer->curr);
1145 holdtime_ptr = (uint16_t *)stream_pnt(peer->curr);
1146 holdtime = stream_getw(peer->curr);
1147 memcpy(notify_data_remote_id, stream_pnt(peer->curr), 4);
1148 remote_id.s_addr = stream_get_ipv4(peer->curr);
1149
1150 /* Receive OPEN message log */
1151 if (bgp_debug_neighbor_events(peer))
1152 zlog_debug(
1153 "%s rcv OPEN, version %d, remote-as (in open) %u, holdtime %d, id %pI4",
1154 peer->host, version, remote_as, holdtime, &remote_id);
1155
1156 /* BEGIN to read the capability here, but dont do it yet */
1157 mp_capability = 0;
1158 optlen = stream_getc(peer->curr);
1159
1160 if (optlen != 0) {
1161 /* If not enough bytes, it is an error. */
1162 if (STREAM_READABLE(peer->curr) < optlen) {
1163 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1164 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1165 return BGP_Stop;
1166 }
1167
1168 /* We need the as4 capability value *right now* because
1169 * if it is there, we have not got the remote_as yet, and
1170 * without
1171 * that we do not know which peer is connecting to us now.
1172 */
1173 as4 = peek_for_as4_capability(peer, optlen);
1174 }
1175
1176 as4_be = htonl(as4);
1177 memcpy(notify_data_remote_as4, &as4_be, 4);
1178
1179 /* Just in case we have a silly peer who sends AS4 capability set to 0
1180 */
1181 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {
1182 flog_err(EC_BGP_PKT_OPEN,
1183 "%s bad OPEN, got AS4 capability, but AS4 set to 0",
1184 peer->host);
1185 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1186 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1187 notify_data_remote_as4, 4);
1188 return BGP_Stop;
1189 }
1190
1191 /* Codification of AS 0 Processing */
1192 if (remote_as == BGP_AS_ZERO) {
1193 flog_err(EC_BGP_PKT_OPEN, "%s bad OPEN, got AS set to 0",
1194 peer->host);
1195 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1196 BGP_NOTIFY_OPEN_BAD_PEER_AS);
1197 return BGP_Stop;
1198 }
1199
1200 if (remote_as == BGP_AS_TRANS) {
1201 /* Take the AS4 from the capability. We must have received the
1202 * capability now! Otherwise we have a asn16 peer who uses
1203 * BGP_AS_TRANS, for some unknown reason.
1204 */
1205 if (as4 == BGP_AS_TRANS) {
1206 flog_err(
1207 EC_BGP_PKT_OPEN,
1208 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
1209 peer->host);
1210 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1211 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1212 notify_data_remote_as4, 4);
1213 return BGP_Stop;
1214 }
1215
1216 if (!as4 && BGP_DEBUG(as4, AS4))
1217 zlog_debug(
1218 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4. Odd, but proceeding.",
1219 peer->host);
1220 else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4))
1221 zlog_debug(
1222 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits in 2-bytes, very odd peer.",
1223 peer->host, as4);
1224 if (as4)
1225 remote_as = as4;
1226 } else {
1227 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
1228 */
1229 /* If we have got the capability, peer->as4cap must match
1230 * remote_as */
1231 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)
1232 && as4 != remote_as) {
1233 /* raise error, log this, close session */
1234 flog_err(
1235 EC_BGP_PKT_OPEN,
1236 "%s bad OPEN, got AS4 capability, but remote_as %u mismatch with 16bit 'myasn' %u in open",
1237 peer->host, as4, remote_as);
1238 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1239 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1240 notify_data_remote_as4, 4);
1241 return BGP_Stop;
1242 }
1243 }
1244
1245 /* rfc6286:
1246 * If the BGP Identifier field of the OPEN message
1247 * is zero, or if it is the same as the BGP Identifier
1248 * of the local BGP speaker and the message is from an
1249 * internal peer, then the Error Subcode is set to
1250 * "Bad BGP Identifier".
1251 */
1252 if (remote_id.s_addr == INADDR_ANY
1253 || (peer->sort == BGP_PEER_IBGP
1254 && ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr))) {
1255 if (bgp_debug_neighbor_events(peer))
1256 zlog_debug("%s bad OPEN, wrong router identifier %pI4",
1257 peer->host, &remote_id);
1258 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1259 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1260 notify_data_remote_id, 4);
1261 return BGP_Stop;
1262 }
1263
1264 /* Peer BGP version check. */
1265 if (version != BGP_VERSION_4) {
1266 uint16_t maxver = htons(BGP_VERSION_4);
1267 /* XXX this reply may not be correct if version < 4 XXX */
1268 if (bgp_debug_neighbor_events(peer))
1269 zlog_debug(
1270 "%s bad protocol version, remote requested %d, local request %d",
1271 peer->host, version, BGP_VERSION_4);
1272 /* Data must be in network byte order here */
1273 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1274 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1275 (uint8_t *)&maxver, 2);
1276 return BGP_Stop;
1277 }
1278
1279 /* Check neighbor as number. */
1280 if (peer->as_type == AS_UNSPECIFIED) {
1281 if (bgp_debug_neighbor_events(peer))
1282 zlog_debug(
1283 "%s bad OPEN, remote AS is unspecified currently",
1284 peer->host);
1285 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1286 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1287 notify_data_remote_as, 2);
1288 return BGP_Stop;
1289 } else if (peer->as_type == AS_INTERNAL) {
1290 if (remote_as != peer->bgp->as) {
1291 if (bgp_debug_neighbor_events(peer))
1292 zlog_debug(
1293 "%s bad OPEN, remote AS is %u, internal specified",
1294 peer->host, remote_as);
1295 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1296 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1297 notify_data_remote_as, 2);
1298 return BGP_Stop;
1299 }
1300 peer->as = peer->local_as;
1301 } else if (peer->as_type == AS_EXTERNAL) {
1302 if (remote_as == peer->bgp->as) {
1303 if (bgp_debug_neighbor_events(peer))
1304 zlog_debug(
1305 "%s bad OPEN, remote AS is %u, external specified",
1306 peer->host, remote_as);
1307 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1308 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1309 notify_data_remote_as, 2);
1310 return BGP_Stop;
1311 }
1312 peer->as = remote_as;
1313 } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) {
1314 if (bgp_debug_neighbor_events(peer))
1315 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1316 peer->host, remote_as, peer->as);
1317 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1318 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1319 notify_data_remote_as, 2);
1320 return BGP_Stop;
1321 }
1322
1323 /*
1324 * When collision is detected and this peer is closed.
1325 * Return immediately.
1326 */
1327 ret = bgp_collision_detect(peer, remote_id);
1328 if (ret < 0)
1329 return BGP_Stop;
1330
1331 /* Get sockname. */
1332 if (bgp_getsockname(peer) < 0) {
1333 flog_err_sys(EC_LIB_SOCKET,
1334 "%s: bgp_getsockname() failed for peer: %s",
1335 __func__, peer->host);
1336 return BGP_Stop;
1337 }
1338
1339 /* Set remote router-id */
1340 peer->remote_id = remote_id;
1341
1342 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1343 calculate the value of the Hold Timer by using the smaller of its
1344 configured Hold Time and the Hold Time received in the OPEN message.
1345 The Hold Time MUST be either zero or at least three seconds. An
1346 implementation may reject connections on the basis of the Hold Time.
1347 */
1348
1349 if (holdtime < 3 && holdtime != 0) {
1350 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1351 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1352 (uint8_t *)holdtime_ptr, 2);
1353 return BGP_Stop;
1354 }
1355
1356 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1357 would be one third of the Hold Time interval. KEEPALIVE messages
1358 MUST NOT be sent more frequently than one per second. An
1359 implementation MAY adjust the rate at which it sends KEEPALIVE
1360 messages as a function of the Hold Time interval. */
1361
1362 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
1363 send_holdtime = peer->holdtime;
1364 else
1365 send_holdtime = peer->bgp->default_holdtime;
1366
1367 if (holdtime < send_holdtime)
1368 peer->v_holdtime = holdtime;
1369 else
1370 peer->v_holdtime = send_holdtime;
1371
1372 /* Set effective keepalive to 1/3 the effective holdtime.
1373 * Use configured keeplive when < effective keepalive.
1374 */
1375 peer->v_keepalive = peer->v_holdtime / 3;
1376 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER)) {
1377 if (peer->keepalive && peer->keepalive < peer->v_keepalive)
1378 peer->v_keepalive = peer->keepalive;
1379 } else {
1380 if (peer->bgp->default_keepalive
1381 && peer->bgp->default_keepalive < peer->v_keepalive)
1382 peer->v_keepalive = peer->bgp->default_keepalive;
1383 }
1384
1385 /* Open option part parse. */
1386 if (optlen != 0) {
1387 if (bgp_open_option_parse(peer, optlen, &mp_capability) < 0)
1388 return BGP_Stop;
1389 } else {
1390 if (bgp_debug_neighbor_events(peer))
1391 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1392 peer->host);
1393 }
1394
1395 /*
1396 * Assume that the peer supports the locally configured set of
1397 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1398 * capabilities, or if 'override-capability' is configured.
1399 */
1400 if (!mp_capability
1401 || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1402 peer->afc_nego[AFI_IP][SAFI_UNICAST] =
1403 peer->afc[AFI_IP][SAFI_UNICAST];
1404 peer->afc_nego[AFI_IP][SAFI_MULTICAST] =
1405 peer->afc[AFI_IP][SAFI_MULTICAST];
1406 peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] =
1407 peer->afc[AFI_IP][SAFI_LABELED_UNICAST];
1408 peer->afc_nego[AFI_IP][SAFI_FLOWSPEC] =
1409 peer->afc[AFI_IP][SAFI_FLOWSPEC];
1410 peer->afc_nego[AFI_IP6][SAFI_UNICAST] =
1411 peer->afc[AFI_IP6][SAFI_UNICAST];
1412 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] =
1413 peer->afc[AFI_IP6][SAFI_MULTICAST];
1414 peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] =
1415 peer->afc[AFI_IP6][SAFI_LABELED_UNICAST];
1416 peer->afc_nego[AFI_L2VPN][SAFI_EVPN] =
1417 peer->afc[AFI_L2VPN][SAFI_EVPN];
1418 peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC] =
1419 peer->afc[AFI_IP6][SAFI_FLOWSPEC];
1420 }
1421
1422 /* Verify valid local address present based on negotiated
1423 * address-families. */
1424 if (peer->afc_nego[AFI_IP][SAFI_UNICAST]
1425 || peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1426 || peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1427 || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1428 || peer->afc_nego[AFI_IP][SAFI_ENCAP]) {
1429 if (peer->nexthop.v4.s_addr == INADDR_ANY) {
1430 #if defined(HAVE_CUMULUS)
1431 zlog_warn("%s: No local IPv4 addr, BGP routing may not work",
1432 peer->host);
1433 #endif
1434 }
1435 }
1436 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1437 || peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1438 || peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1439 || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1440 || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) {
1441 if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) {
1442 #if defined(HAVE_CUMULUS)
1443 zlog_warn("%s: No local IPv6 address, BGP routing may not work",
1444 peer->host);
1445 #endif
1446 }
1447 }
1448 peer->rtt = sockopt_tcp_rtt(peer->fd);
1449
1450 return Receive_OPEN_message;
1451 }
1452
1453 /**
1454 * Process BGP KEEPALIVE message for peer.
1455 *
1456 * @param peer
1457 * @param size size of the packet
1458 * @return as in summary
1459 */
1460 static int bgp_keepalive_receive(struct peer *peer, bgp_size_t size)
1461 {
1462 if (bgp_debug_keepalive(peer))
1463 zlog_debug("%s KEEPALIVE rcvd", peer->host);
1464
1465 bgp_update_implicit_eors(peer);
1466
1467 peer->rtt = sockopt_tcp_rtt(peer->fd);
1468
1469 /* If the peer's RTT is higher than expected, shutdown
1470 * the peer automatically.
1471 */
1472 if (CHECK_FLAG(peer->flags, PEER_FLAG_RTT_SHUTDOWN)
1473 && peer->rtt > peer->rtt_expected) {
1474
1475 peer->rtt_keepalive_rcv++;
1476
1477 if (peer->rtt_keepalive_rcv > peer->rtt_keepalive_conf) {
1478 zlog_warn(
1479 "%s shutdown due to high round-trip-time (%dms > %dms)",
1480 peer->host, peer->rtt, peer->rtt_expected);
1481 peer_flag_set(peer, PEER_FLAG_SHUTDOWN);
1482 }
1483 } else {
1484 if (peer->rtt_keepalive_rcv)
1485 peer->rtt_keepalive_rcv--;
1486 }
1487
1488 return Receive_KEEPALIVE_message;
1489 }
1490
1491 static int bgp_refresh_stalepath_timer_expire(struct thread *thread)
1492 {
1493 struct peer_af *paf;
1494
1495 paf = THREAD_ARG(thread);
1496
1497 afi_t afi = paf->afi;
1498 safi_t safi = paf->safi;
1499 struct peer *peer = paf->peer;
1500
1501 peer->t_refresh_stalepath = NULL;
1502
1503 if (peer->nsf[afi][safi])
1504 bgp_clear_stale_route(peer, afi, safi);
1505
1506 if (bgp_debug_neighbor_events(peer))
1507 zlog_debug("%s: route-refresh (BoRR) timer for %s/%s expired",
1508 peer->host, afi2str(afi), safi2str(safi));
1509
1510 bgp_timer_set(peer);
1511
1512 return 0;
1513 }
1514
1515 /**
1516 * Process BGP UPDATE message for peer.
1517 *
1518 * Parses UPDATE and creates attribute object.
1519 *
1520 * @param peer
1521 * @param size size of the packet
1522 * @return as in summary
1523 */
1524 static int bgp_update_receive(struct peer *peer, bgp_size_t size)
1525 {
1526 int ret, nlri_ret;
1527 uint8_t *end;
1528 struct stream *s;
1529 struct attr attr;
1530 bgp_size_t attribute_len;
1531 bgp_size_t update_len;
1532 bgp_size_t withdraw_len;
1533 bool restart = false;
1534
1535 enum NLRI_TYPES {
1536 NLRI_UPDATE,
1537 NLRI_WITHDRAW,
1538 NLRI_MP_UPDATE,
1539 NLRI_MP_WITHDRAW,
1540 NLRI_TYPE_MAX
1541 };
1542 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1543
1544 /* Status must be Established. */
1545 if (!peer_established(peer)) {
1546 flog_err(EC_BGP_INVALID_STATUS,
1547 "%s [FSM] Update packet received under status %s",
1548 peer->host,
1549 lookup_msg(bgp_status_msg, peer->status, NULL));
1550 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1551 bgp_fsm_error_subcode(peer->status));
1552 return BGP_Stop;
1553 }
1554
1555 /* Set initial values. */
1556 memset(&attr, 0, sizeof(struct attr));
1557 attr.label_index = BGP_INVALID_LABEL_INDEX;
1558 attr.label = MPLS_INVALID_LABEL;
1559 memset(&nlris, 0, sizeof(nlris));
1560 memset(peer->rcvd_attr_str, 0, BUFSIZ);
1561 peer->rcvd_attr_printed = 0;
1562
1563 s = peer->curr;
1564 end = stream_pnt(s) + size;
1565
1566 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1567 Length is too large (i.e., if Unfeasible Routes Length + Total
1568 Attribute Length + 23 exceeds the message Length), then the Error
1569 Subcode is set to Malformed Attribute List. */
1570 if (stream_pnt(s) + 2 > end) {
1571 flog_err(EC_BGP_UPDATE_RCV,
1572 "%s [Error] Update packet error (packet length is short for unfeasible length)",
1573 peer->host);
1574 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1575 BGP_NOTIFY_UPDATE_MAL_ATTR);
1576 return BGP_Stop;
1577 }
1578
1579 /* Unfeasible Route Length. */
1580 withdraw_len = stream_getw(s);
1581
1582 /* Unfeasible Route Length check. */
1583 if (stream_pnt(s) + withdraw_len > end) {
1584 flog_err(EC_BGP_UPDATE_RCV,
1585 "%s [Error] Update packet error (packet unfeasible length overflow %d)",
1586 peer->host, withdraw_len);
1587 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1588 BGP_NOTIFY_UPDATE_MAL_ATTR);
1589 return BGP_Stop;
1590 }
1591
1592 /* Unfeasible Route packet format check. */
1593 if (withdraw_len > 0) {
1594 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1595 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1596 nlris[NLRI_WITHDRAW].nlri = stream_pnt(s);
1597 nlris[NLRI_WITHDRAW].length = withdraw_len;
1598 stream_forward_getp(s, withdraw_len);
1599 }
1600
1601 /* Attribute total length check. */
1602 if (stream_pnt(s) + 2 > end) {
1603 flog_warn(
1604 EC_BGP_UPDATE_PACKET_SHORT,
1605 "%s [Error] Packet Error (update packet is short for attribute length)",
1606 peer->host);
1607 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1608 BGP_NOTIFY_UPDATE_MAL_ATTR);
1609 return BGP_Stop;
1610 }
1611
1612 /* Fetch attribute total length. */
1613 attribute_len = stream_getw(s);
1614
1615 /* Attribute length check. */
1616 if (stream_pnt(s) + attribute_len > end) {
1617 flog_warn(
1618 EC_BGP_UPDATE_PACKET_LONG,
1619 "%s [Error] Packet Error (update packet attribute length overflow %d)",
1620 peer->host, attribute_len);
1621 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1622 BGP_NOTIFY_UPDATE_MAL_ATTR);
1623 return BGP_Stop;
1624 }
1625
1626 /* Certain attribute parsing errors should not be considered bad enough
1627 * to reset the session for, most particularly any partial/optional
1628 * attributes that have 'tunneled' over speakers that don't understand
1629 * them. Instead we withdraw only the prefix concerned.
1630 *
1631 * Complicates the flow a little though..
1632 */
1633 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1634 /* This define morphs the update case into a withdraw when lower levels
1635 * have signalled an error condition where this is best.
1636 */
1637 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1638
1639 /* Parse attribute when it exists. */
1640 if (attribute_len) {
1641 attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len,
1642 &nlris[NLRI_MP_UPDATE],
1643 &nlris[NLRI_MP_WITHDRAW]);
1644 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) {
1645 bgp_attr_unintern_sub(&attr);
1646 return BGP_Stop;
1647 }
1648 }
1649
1650 /* Logging the attribute. */
1651 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW
1652 || BGP_DEBUG(update, UPDATE_IN)
1653 || BGP_DEBUG(update, UPDATE_PREFIX)) {
1654 ret = bgp_dump_attr(&attr, peer->rcvd_attr_str,
1655 sizeof(peer->rcvd_attr_str));
1656
1657 peer->stat_upd_7606++;
1658
1659 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1660 flog_err(
1661 EC_BGP_UPDATE_RCV,
1662 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1663 peer->host);
1664
1665 if (ret && bgp_debug_update(peer, NULL, NULL, 1)) {
1666 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer->host,
1667 peer->rcvd_attr_str);
1668 peer->rcvd_attr_printed = 1;
1669 }
1670 }
1671
1672 /* Network Layer Reachability Information. */
1673 update_len = end - stream_pnt(s);
1674
1675 if (update_len) {
1676 /* Set NLRI portion to structure. */
1677 nlris[NLRI_UPDATE].afi = AFI_IP;
1678 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1679 nlris[NLRI_UPDATE].nlri = stream_pnt(s);
1680 nlris[NLRI_UPDATE].length = update_len;
1681 stream_forward_getp(s, update_len);
1682
1683 if (CHECK_FLAG(attr.flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI))) {
1684 /*
1685 * We skipped nexthop attribute validation earlier so
1686 * validate the nexthop now.
1687 */
1688 if (bgp_attr_nexthop_valid(peer, &attr) < 0) {
1689 bgp_attr_unintern_sub(&attr);
1690 return BGP_Stop;
1691 }
1692 }
1693 }
1694
1695 if (BGP_DEBUG(update, UPDATE_IN))
1696 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1697 peer->host, withdraw_len, attribute_len, update_len);
1698
1699 /* Parse any given NLRIs */
1700 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) {
1701 if (!nlris[i].nlri)
1702 continue;
1703
1704 /* NLRI is processed iff the peer if configured for the specific
1705 * afi/safi */
1706 if (!peer->afc[nlris[i].afi][nlris[i].safi]) {
1707 zlog_info(
1708 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1709 peer->host, nlris[i].afi, nlris[i].safi);
1710 continue;
1711 }
1712
1713 /* EoR handled later */
1714 if (nlris[i].length == 0)
1715 continue;
1716
1717 switch (i) {
1718 case NLRI_UPDATE:
1719 case NLRI_MP_UPDATE:
1720 nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG,
1721 &nlris[i], 0);
1722 break;
1723 case NLRI_WITHDRAW:
1724 case NLRI_MP_WITHDRAW:
1725 nlri_ret = bgp_nlri_parse(peer, &attr, &nlris[i], 1);
1726 break;
1727 default:
1728 nlri_ret = BGP_NLRI_PARSE_ERROR;
1729 }
1730
1731 if (nlri_ret < BGP_NLRI_PARSE_OK
1732 && nlri_ret != BGP_NLRI_PARSE_ERROR_PREFIX_OVERFLOW) {
1733 flog_err(EC_BGP_UPDATE_RCV,
1734 "%s [Error] Error parsing NLRI", peer->host);
1735 if (peer_established(peer))
1736 bgp_notify_send(
1737 peer, BGP_NOTIFY_UPDATE_ERR,
1738 i <= NLRI_WITHDRAW
1739 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1740 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1741 bgp_attr_unintern_sub(&attr);
1742 return BGP_Stop;
1743 }
1744 }
1745
1746 /* EoR checks
1747 *
1748 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1749 * and MP EoR should have only an empty MP_UNREACH
1750 */
1751 if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
1752 || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
1753 afi_t afi = 0;
1754 safi_t safi;
1755 struct graceful_restart_info *gr_info;
1756
1757 /* Restarting router */
1758 if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)
1759 && BGP_PEER_RESTARTING_MODE(peer))
1760 restart = true;
1761
1762 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1763 * checked
1764 * update and withdraw NLRI lengths are 0.
1765 */
1766 if (!attribute_len) {
1767 afi = AFI_IP;
1768 safi = SAFI_UNICAST;
1769 } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)
1770 && nlris[NLRI_MP_WITHDRAW].length == 0) {
1771 afi = nlris[NLRI_MP_WITHDRAW].afi;
1772 safi = nlris[NLRI_MP_WITHDRAW].safi;
1773 } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
1774 afi = nlris[NLRI_MP_UPDATE].afi;
1775 safi = nlris[NLRI_MP_UPDATE].safi;
1776 }
1777
1778 if (afi && peer->afc[afi][safi]) {
1779 struct vrf *vrf = vrf_lookup_by_id(peer->bgp->vrf_id);
1780
1781 /* End-of-RIB received */
1782 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
1783 PEER_STATUS_EOR_RECEIVED)) {
1784 SET_FLAG(peer->af_sflags[afi][safi],
1785 PEER_STATUS_EOR_RECEIVED);
1786 bgp_update_explicit_eors(peer);
1787 /* Update graceful restart information */
1788 gr_info = &(peer->bgp->gr_info[afi][safi]);
1789 if (restart)
1790 gr_info->eor_received++;
1791 /* If EOR received from all peers and selection
1792 * deferral timer is running, cancel the timer
1793 * and invoke the best path calculation
1794 */
1795 if (gr_info->eor_required
1796 == gr_info->eor_received) {
1797 if (bgp_debug_neighbor_events(peer))
1798 zlog_debug(
1799 "%s %d, %s %d",
1800 "EOR REQ",
1801 gr_info->eor_required,
1802 "EOR RCV",
1803 gr_info->eor_received);
1804 BGP_TIMER_OFF(
1805 gr_info->t_select_deferral);
1806 gr_info->eor_required = 0;
1807 gr_info->eor_received = 0;
1808 /* Best path selection */
1809 if (bgp_best_path_select_defer(
1810 peer->bgp, afi, safi)
1811 < 0)
1812 return BGP_Stop;
1813 }
1814 }
1815
1816 /* NSF delete stale route */
1817 if (peer->nsf[afi][safi])
1818 bgp_clear_stale_route(peer, afi, safi);
1819
1820 zlog_info(
1821 "%s: rcvd End-of-RIB for %s from %s in vrf %s",
1822 __func__, get_afi_safi_str(afi, safi, false),
1823 peer->host, vrf ? vrf->name : VRF_DEFAULT_NAME);
1824 }
1825 }
1826
1827 /* Everything is done. We unintern temporary structures which
1828 interned in bgp_attr_parse(). */
1829 bgp_attr_unintern_sub(&attr);
1830
1831 peer->update_time = bgp_clock();
1832
1833 /* Notify BGP Conditional advertisement scanner process */
1834 peer->advmap_table_change = true;
1835
1836 return Receive_UPDATE_message;
1837 }
1838
1839 /**
1840 * Process BGP NOTIFY message for peer.
1841 *
1842 * @param peer
1843 * @param size size of the packet
1844 * @return as in summary
1845 */
1846 static int bgp_notify_receive(struct peer *peer, bgp_size_t size)
1847 {
1848 struct bgp_notify bgp_notify;
1849
1850 if (peer->notify.data) {
1851 XFREE(MTYPE_TMP, peer->notify.data);
1852 peer->notify.length = 0;
1853 }
1854
1855 bgp_notify.code = stream_getc(peer->curr);
1856 bgp_notify.subcode = stream_getc(peer->curr);
1857 bgp_notify.length = size - 2;
1858 bgp_notify.data = NULL;
1859 bgp_notify.raw_data = NULL;
1860
1861 /* Preserv notify code and sub code. */
1862 peer->notify.code = bgp_notify.code;
1863 peer->notify.subcode = bgp_notify.subcode;
1864 /* For further diagnostic record returned Data. */
1865 if (bgp_notify.length) {
1866 peer->notify.length = size - 2;
1867 peer->notify.data = XMALLOC(MTYPE_TMP, size - 2);
1868 memcpy(peer->notify.data, stream_pnt(peer->curr), size - 2);
1869 }
1870
1871 /* For debug */
1872 {
1873 int i;
1874 int first = 0;
1875 char c[4];
1876
1877 if (bgp_notify.length) {
1878 bgp_notify.data =
1879 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
1880 for (i = 0; i < bgp_notify.length; i++)
1881 if (first) {
1882 snprintf(c, sizeof(c), " %02x",
1883 stream_getc(peer->curr));
1884
1885 strlcat(bgp_notify.data, c,
1886 bgp_notify.length * 3);
1887
1888 } else {
1889 first = 1;
1890 snprintf(c, sizeof(c), "%02x",
1891 stream_getc(peer->curr));
1892
1893 strlcpy(bgp_notify.data, c,
1894 bgp_notify.length * 3);
1895 }
1896 bgp_notify.raw_data = (uint8_t *)peer->notify.data;
1897 }
1898
1899 bgp_notify_print(peer, &bgp_notify, "received");
1900 if (bgp_notify.data) {
1901 XFREE(MTYPE_TMP, bgp_notify.data);
1902 bgp_notify.length = 0;
1903 }
1904 }
1905
1906 /* peer count update */
1907 atomic_fetch_add_explicit(&peer->notify_in, 1, memory_order_relaxed);
1908
1909 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1910
1911 /* We have to check for Notify with Unsupported Optional Parameter.
1912 in that case we fallback to open without the capability option.
1913 But this done in bgp_stop. We just mark it here to avoid changing
1914 the fsm tables. */
1915 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR
1916 && bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM)
1917 UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1918
1919 bgp_peer_gr_flags_update(peer);
1920 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp,
1921 peer->bgp->peer);
1922
1923 return Receive_NOTIFICATION_message;
1924 }
1925
1926 /**
1927 * Process BGP ROUTEREFRESH message for peer.
1928 *
1929 * @param peer
1930 * @param size size of the packet
1931 * @return as in summary
1932 */
1933 static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
1934 {
1935 iana_afi_t pkt_afi;
1936 afi_t afi;
1937 iana_safi_t pkt_safi;
1938 safi_t safi;
1939 struct stream *s;
1940 struct peer_af *paf;
1941 struct update_group *updgrp;
1942 struct peer *updgrp_peer;
1943 uint8_t subtype;
1944 bgp_size_t msg_length =
1945 size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE);
1946
1947 /* If peer does not have the capability, send notification. */
1948 if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) {
1949 flog_err(EC_BGP_NO_CAP,
1950 "%s [Error] BGP route refresh is not enabled",
1951 peer->host);
1952 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
1953 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1954 return BGP_Stop;
1955 }
1956
1957 /* Status must be Established. */
1958 if (!peer_established(peer)) {
1959 flog_err(
1960 EC_BGP_INVALID_STATUS,
1961 "%s [Error] Route refresh packet received under status %s",
1962 peer->host,
1963 lookup_msg(bgp_status_msg, peer->status, NULL));
1964 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1965 bgp_fsm_error_subcode(peer->status));
1966 return BGP_Stop;
1967 }
1968
1969 s = peer->curr;
1970
1971 /* Parse packet. */
1972 pkt_afi = stream_getw(s);
1973 subtype = stream_getc(s);
1974 pkt_safi = stream_getc(s);
1975
1976 /* Convert AFI, SAFI to internal values and check. */
1977 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1978 zlog_info(
1979 "%s REFRESH_REQ for unrecognized afi/safi: %s/%s - ignored",
1980 peer->host, iana_afi2str(pkt_afi),
1981 iana_safi2str(pkt_safi));
1982 return BGP_PACKET_NOOP;
1983 }
1984
1985 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) {
1986 uint8_t *end;
1987 uint8_t when_to_refresh;
1988 uint8_t orf_type;
1989 uint16_t orf_len;
1990
1991 if (subtype) {
1992 /* If the length, excluding the fixed-size message
1993 * header, of the received ROUTE-REFRESH message with
1994 * Message Subtype 1 and 2 is not 4, then the BGP
1995 * speaker MUST send a NOTIFICATION message with the
1996 * Error Code of "ROUTE-REFRESH Message Error" and the
1997 * subcode of "Invalid Message Length".
1998 */
1999 if (msg_length != 4) {
2000 zlog_err(
2001 "%s Enhanced Route Refresh message length error",
2002 peer->host);
2003 bgp_notify_send(
2004 peer, BGP_NOTIFY_ROUTE_REFRESH_ERR,
2005 BGP_NOTIFY_ROUTE_REFRESH_INVALID_MSG_LEN);
2006 }
2007
2008 /* When the BGP speaker receives a ROUTE-REFRESH message
2009 * with a "Message Subtype" field other than 0, 1, or 2,
2010 * it MUST ignore the received ROUTE-REFRESH message.
2011 */
2012 if (subtype > 2)
2013 zlog_err(
2014 "%s Enhanced Route Refresh invalid subtype",
2015 peer->host);
2016 }
2017
2018 if (msg_length < 5) {
2019 zlog_info("%s ORF route refresh length error",
2020 peer->host);
2021 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2022 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2023 return BGP_Stop;
2024 }
2025
2026 when_to_refresh = stream_getc(s);
2027 end = stream_pnt(s) + (size - 5);
2028
2029 while ((stream_pnt(s) + 2) < end) {
2030 orf_type = stream_getc(s);
2031 orf_len = stream_getw(s);
2032
2033 /* orf_len in bounds? */
2034 if ((stream_pnt(s) + orf_len) > end)
2035 break; /* XXX: Notify instead?? */
2036 if (orf_type == ORF_TYPE_PREFIX
2037 || orf_type == ORF_TYPE_PREFIX_OLD) {
2038 uint8_t *p_pnt = stream_pnt(s);
2039 uint8_t *p_end = stream_pnt(s) + orf_len;
2040 struct orf_prefix orfp;
2041 uint8_t common = 0;
2042 uint32_t seq;
2043 int psize;
2044 char name[BUFSIZ];
2045 int ret = CMD_SUCCESS;
2046
2047 if (bgp_debug_neighbor_events(peer)) {
2048 zlog_debug(
2049 "%s rcvd Prefixlist ORF(%d) length %d",
2050 peer->host, orf_type, orf_len);
2051 }
2052
2053 /* we're going to read at least 1 byte of common
2054 * ORF header,
2055 * and 7 bytes of ORF Address-filter entry from
2056 * the stream
2057 */
2058 if (orf_len < 7)
2059 break;
2060
2061 /* ORF prefix-list name */
2062 snprintf(name, sizeof(name), "%s.%d.%d",
2063 peer->host, afi, safi);
2064
2065 while (p_pnt < p_end) {
2066 /* If the ORF entry is malformed, want
2067 * to read as much of it
2068 * as possible without going beyond the
2069 * bounds of the entry,
2070 * to maximise debug information.
2071 */
2072 int ok;
2073 memset(&orfp, 0,
2074 sizeof(struct orf_prefix));
2075 common = *p_pnt++;
2076 /* after ++: p_pnt <= p_end */
2077 if (common
2078 & ORF_COMMON_PART_REMOVE_ALL) {
2079 if (bgp_debug_neighbor_events(
2080 peer))
2081 zlog_debug(
2082 "%s rcvd Remove-All pfxlist ORF request",
2083 peer->host);
2084 prefix_bgp_orf_remove_all(afi,
2085 name);
2086 break;
2087 }
2088 ok = ((uint32_t)(p_end - p_pnt)
2089 >= sizeof(uint32_t));
2090 if (ok) {
2091 memcpy(&seq, p_pnt,
2092 sizeof(uint32_t));
2093 p_pnt += sizeof(uint32_t);
2094 orfp.seq = ntohl(seq);
2095 } else
2096 p_pnt = p_end;
2097
2098 /* val checked in prefix_bgp_orf_set */
2099 if (p_pnt < p_end)
2100 orfp.ge = *p_pnt++;
2101
2102 /* val checked in prefix_bgp_orf_set */
2103 if (p_pnt < p_end)
2104 orfp.le = *p_pnt++;
2105
2106 if ((ok = (p_pnt < p_end)))
2107 orfp.p.prefixlen = *p_pnt++;
2108
2109 /* afi checked already */
2110 orfp.p.family = afi2family(afi);
2111
2112 /* 0 if not ok */
2113 psize = PSIZE(orfp.p.prefixlen);
2114 /* valid for family ? */
2115 if (psize > prefix_blen(&orfp.p)) {
2116 ok = 0;
2117 psize = prefix_blen(&orfp.p);
2118 }
2119 /* valid for packet ? */
2120 if (psize > (p_end - p_pnt)) {
2121 ok = 0;
2122 psize = p_end - p_pnt;
2123 }
2124
2125 if (psize > 0)
2126 memcpy(&orfp.p.u.prefix, p_pnt,
2127 psize);
2128 p_pnt += psize;
2129
2130 if (bgp_debug_neighbor_events(peer)) {
2131 char buf[INET6_BUFSIZ];
2132
2133 zlog_debug(
2134 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
2135 peer->host,
2136 (common & ORF_COMMON_PART_REMOVE
2137 ? "Remove"
2138 : "Add"),
2139 (common & ORF_COMMON_PART_DENY
2140 ? "deny"
2141 : "permit"),
2142 orfp.seq,
2143 inet_ntop(
2144 orfp.p.family,
2145 &orfp.p.u.prefix,
2146 buf,
2147 INET6_BUFSIZ),
2148 orfp.p.prefixlen,
2149 orfp.ge, orfp.le,
2150 ok ? "" : " MALFORMED");
2151 }
2152
2153 if (ok)
2154 ret = prefix_bgp_orf_set(
2155 name, afi, &orfp,
2156 (common & ORF_COMMON_PART_DENY
2157 ? 0
2158 : 1),
2159 (common & ORF_COMMON_PART_REMOVE
2160 ? 0
2161 : 1));
2162
2163 if (!ok || (ok && ret != CMD_SUCCESS)) {
2164 zlog_info(
2165 "%s Received misformatted prefixlist ORF. Remove All pfxlist",
2166 peer->host);
2167 prefix_bgp_orf_remove_all(afi,
2168 name);
2169 break;
2170 }
2171 }
2172
2173 peer->orf_plist[afi][safi] =
2174 prefix_bgp_orf_lookup(afi, name);
2175 }
2176 stream_forward_getp(s, orf_len);
2177 }
2178 if (bgp_debug_neighbor_events(peer))
2179 zlog_debug("%s rcvd Refresh %s ORF request", peer->host,
2180 when_to_refresh == REFRESH_DEFER
2181 ? "Defer"
2182 : "Immediate");
2183 if (when_to_refresh == REFRESH_DEFER)
2184 return BGP_PACKET_NOOP;
2185 }
2186
2187 /* First update is deferred until ORF or ROUTE-REFRESH is received */
2188 if (CHECK_FLAG(peer->af_sflags[afi][safi],
2189 PEER_STATUS_ORF_WAIT_REFRESH))
2190 UNSET_FLAG(peer->af_sflags[afi][safi],
2191 PEER_STATUS_ORF_WAIT_REFRESH);
2192
2193 paf = peer_af_find(peer, afi, safi);
2194 if (paf && paf->subgroup) {
2195 if (peer->orf_plist[afi][safi]) {
2196 updgrp = PAF_UPDGRP(paf);
2197 updgrp_peer = UPDGRP_PEER(updgrp);
2198 updgrp_peer->orf_plist[afi][safi] =
2199 peer->orf_plist[afi][safi];
2200 }
2201
2202 /* Avoid supressing duplicate routes later
2203 * when processing in subgroup_announce_table().
2204 */
2205 SET_FLAG(paf->subgroup->sflags, SUBGRP_STATUS_FORCE_UPDATES);
2206
2207 /* If the peer is configured for default-originate clear the
2208 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
2209 * re-advertise the
2210 * default
2211 */
2212 if (CHECK_FLAG(paf->subgroup->sflags,
2213 SUBGRP_STATUS_DEFAULT_ORIGINATE))
2214 UNSET_FLAG(paf->subgroup->sflags,
2215 SUBGRP_STATUS_DEFAULT_ORIGINATE);
2216 }
2217
2218 if (subtype == BGP_ROUTE_REFRESH_BORR) {
2219 /* A BGP speaker that has received the Graceful Restart
2220 * Capability from its neighbor MUST ignore any BoRRs for
2221 * an <AFI, SAFI> from the neighbor before the speaker
2222 * receives the EoR for the given <AFI, SAFI> from the
2223 * neighbor.
2224 */
2225 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)
2226 && !CHECK_FLAG(peer->af_sflags[afi][safi],
2227 PEER_STATUS_EOR_RECEIVED)) {
2228 if (bgp_debug_neighbor_events(peer))
2229 zlog_debug(
2230 "%s rcvd route-refresh (BoRR) for %s/%s before EoR",
2231 peer->host, afi2str(afi),
2232 safi2str(safi));
2233 return BGP_PACKET_NOOP;
2234 }
2235
2236 if (peer->t_refresh_stalepath) {
2237 if (bgp_debug_neighbor_events(peer))
2238 zlog_debug(
2239 "%s rcvd route-refresh (BoRR) for %s/%s, whereas BoRR already received",
2240 peer->host, afi2str(afi),
2241 safi2str(safi));
2242 return BGP_PACKET_NOOP;
2243 }
2244
2245 SET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_BORR_RECEIVED);
2246 UNSET_FLAG(peer->af_sflags[afi][safi],
2247 PEER_STATUS_EORR_RECEIVED);
2248
2249 /* When a BGP speaker receives a BoRR message from
2250 * a peer, it MUST mark all the routes with the given
2251 * Address Family Identifier and Subsequent Address
2252 * Family Identifier, <AFI, SAFI> [RFC2918], from
2253 * that peer as stale.
2254 */
2255 if (peer_active_nego(peer)) {
2256 SET_FLAG(peer->af_sflags[afi][safi],
2257 PEER_STATUS_ENHANCED_REFRESH);
2258 bgp_set_stale_route(peer, afi, safi);
2259 }
2260
2261 if (peer_established(peer))
2262 thread_add_timer(bm->master,
2263 bgp_refresh_stalepath_timer_expire,
2264 paf, peer->bgp->stalepath_time,
2265 &peer->t_refresh_stalepath);
2266
2267 if (bgp_debug_neighbor_events(peer))
2268 zlog_debug(
2269 "%s rcvd route-refresh (BoRR) for %s/%s, triggering timer for %u seconds",
2270 peer->host, afi2str(afi), safi2str(safi),
2271 peer->bgp->stalepath_time);
2272 } else if (subtype == BGP_ROUTE_REFRESH_EORR) {
2273 if (!peer->t_refresh_stalepath) {
2274 zlog_err(
2275 "%s rcvd route-refresh (EoRR) for %s/%s, whereas no BoRR received",
2276 peer->host, afi2str(afi), safi2str(safi));
2277 return BGP_PACKET_NOOP;
2278 }
2279
2280 BGP_TIMER_OFF(peer->t_refresh_stalepath);
2281
2282 SET_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EORR_RECEIVED);
2283 UNSET_FLAG(peer->af_sflags[afi][safi],
2284 PEER_STATUS_BORR_RECEIVED);
2285
2286 if (bgp_debug_neighbor_events(peer))
2287 zlog_debug(
2288 "%s rcvd route-refresh (EoRR) for %s/%s, stopping BoRR timer",
2289 peer->host, afi2str(afi), safi2str(safi));
2290
2291 if (peer->nsf[afi][safi])
2292 bgp_clear_stale_route(peer, afi, safi);
2293 } else {
2294 if (bgp_debug_neighbor_events(peer))
2295 zlog_debug("%s rcvd route-refresh (REQUEST) for %s/%s",
2296 peer->host, afi2str(afi), safi2str(safi));
2297
2298 /* In response to a "normal route refresh request" from the
2299 * peer, the speaker MUST send a BoRR message.
2300 */
2301 if (CHECK_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV)) {
2302 /* For a BGP speaker that supports the BGP Graceful
2303 * Restart, it MUST NOT send a BoRR for an <AFI, SAFI>
2304 * to a neighbor before it sends the EoR for the
2305 * <AFI, SAFI> to the neighbor.
2306 */
2307 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
2308 PEER_STATUS_EOR_SEND)) {
2309 if (bgp_debug_neighbor_events(peer))
2310 zlog_debug(
2311 "%s rcvd route-refresh (REQUEST) for %s/%s before EoR",
2312 peer->host, afi2str(afi),
2313 safi2str(safi));
2314 return BGP_PACKET_NOOP;
2315 }
2316
2317 bgp_route_refresh_send(peer, afi, safi, 0, 0, 0,
2318 BGP_ROUTE_REFRESH_BORR);
2319
2320 if (bgp_debug_neighbor_events(peer))
2321 zlog_debug(
2322 "%s sending route-refresh (BoRR) for %s/%s",
2323 peer->host, afi2str(afi),
2324 safi2str(safi));
2325
2326 /* Set flag Ready-To-Send to know when we can send EoRR
2327 * message.
2328 */
2329 SET_FLAG(peer->af_sflags[afi][safi],
2330 PEER_STATUS_BORR_SEND);
2331 UNSET_FLAG(peer->af_sflags[afi][safi],
2332 PEER_STATUS_EORR_SEND);
2333 }
2334 }
2335
2336 /* Perform route refreshment to the peer */
2337 bgp_announce_route(peer, afi, safi);
2338
2339 /* No FSM action necessary */
2340 return BGP_PACKET_NOOP;
2341 }
2342
2343 /**
2344 * Parse BGP CAPABILITY message for peer.
2345 *
2346 * @param peer
2347 * @param size size of the packet
2348 * @return as in summary
2349 */
2350 static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
2351 bgp_size_t length)
2352 {
2353 uint8_t *end;
2354 struct capability_mp_data mpc;
2355 struct capability_header *hdr;
2356 uint8_t action;
2357 iana_afi_t pkt_afi;
2358 afi_t afi;
2359 iana_safi_t pkt_safi;
2360 safi_t safi;
2361
2362 end = pnt + length;
2363
2364 while (pnt < end) {
2365 /* We need at least action, capability code and capability
2366 * length. */
2367 if (pnt + 3 > end) {
2368 zlog_info("%s Capability length error", peer->host);
2369 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2370 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2371 return BGP_Stop;
2372 }
2373 action = *pnt;
2374 hdr = (struct capability_header *)(pnt + 1);
2375
2376 /* Action value check. */
2377 if (action != CAPABILITY_ACTION_SET
2378 && action != CAPABILITY_ACTION_UNSET) {
2379 zlog_info("%s Capability Action Value error %d",
2380 peer->host, action);
2381 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2382 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2383 return BGP_Stop;
2384 }
2385
2386 if (bgp_debug_neighbor_events(peer))
2387 zlog_debug(
2388 "%s CAPABILITY has action: %d, code: %u, length %u",
2389 peer->host, action, hdr->code, hdr->length);
2390
2391 /* Capability length check. */
2392 if ((pnt + hdr->length + 3) > end) {
2393 zlog_info("%s Capability length error", peer->host);
2394 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2395 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2396 return BGP_Stop;
2397 }
2398
2399 /* Fetch structure to the byte stream. */
2400 memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
2401 pnt += hdr->length + 3;
2402
2403 /* We know MP Capability Code. */
2404 if (hdr->code == CAPABILITY_CODE_MP) {
2405 pkt_afi = ntohs(mpc.afi);
2406 pkt_safi = mpc.safi;
2407
2408 /* Ignore capability when override-capability is set. */
2409 if (CHECK_FLAG(peer->flags,
2410 PEER_FLAG_OVERRIDE_CAPABILITY))
2411 continue;
2412
2413 /* Convert AFI, SAFI to internal values. */
2414 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi,
2415 &safi)) {
2416 if (bgp_debug_neighbor_events(peer))
2417 zlog_debug(
2418 "%s Dynamic Capability MP_EXT afi/safi invalid (%s/%s)",
2419 peer->host,
2420 iana_afi2str(pkt_afi),
2421 iana_safi2str(pkt_safi));
2422 continue;
2423 }
2424
2425 /* Address family check. */
2426 if (bgp_debug_neighbor_events(peer))
2427 zlog_debug(
2428 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s",
2429 peer->host,
2430 action == CAPABILITY_ACTION_SET
2431 ? "Advertising"
2432 : "Removing",
2433 iana_afi2str(pkt_afi),
2434 iana_safi2str(pkt_safi));
2435
2436 if (action == CAPABILITY_ACTION_SET) {
2437 peer->afc_recv[afi][safi] = 1;
2438 if (peer->afc[afi][safi]) {
2439 peer->afc_nego[afi][safi] = 1;
2440 bgp_announce_route(peer, afi, safi);
2441 }
2442 } else {
2443 peer->afc_recv[afi][safi] = 0;
2444 peer->afc_nego[afi][safi] = 0;
2445
2446 if (peer_active_nego(peer))
2447 bgp_clear_route(peer, afi, safi);
2448 else
2449 return BGP_Stop;
2450 }
2451 } else {
2452 flog_warn(
2453 EC_BGP_UNRECOGNIZED_CAPABILITY,
2454 "%s unrecognized capability code: %d - ignored",
2455 peer->host, hdr->code);
2456 }
2457 }
2458
2459 /* No FSM action necessary */
2460 return BGP_PACKET_NOOP;
2461 }
2462
2463 /**
2464 * Parse BGP CAPABILITY message for peer.
2465 *
2466 * Exported for unit testing.
2467 *
2468 * @param peer
2469 * @param size size of the packet
2470 * @return as in summary
2471 */
2472 int bgp_capability_receive(struct peer *peer, bgp_size_t size)
2473 {
2474 uint8_t *pnt;
2475
2476 /* Fetch pointer. */
2477 pnt = stream_pnt(peer->curr);
2478
2479 if (bgp_debug_neighbor_events(peer))
2480 zlog_debug("%s rcv CAPABILITY", peer->host);
2481
2482 /* If peer does not have the capability, send notification. */
2483 if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) {
2484 flog_err(EC_BGP_NO_CAP,
2485 "%s [Error] BGP dynamic capability is not enabled",
2486 peer->host);
2487 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2488 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2489 return BGP_Stop;
2490 }
2491
2492 /* Status must be Established. */
2493 if (!peer_established(peer)) {
2494 flog_err(
2495 EC_BGP_NO_CAP,
2496 "%s [Error] Dynamic capability packet received under status %s",
2497 peer->host,
2498 lookup_msg(bgp_status_msg, peer->status, NULL));
2499 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
2500 bgp_fsm_error_subcode(peer->status));
2501 return BGP_Stop;
2502 }
2503
2504 /* Parse packet. */
2505 return bgp_capability_msg_parse(peer, pnt, size);
2506 }
2507
2508 /**
2509 * Processes a peer's input buffer.
2510 *
2511 * This function sidesteps the event loop and directly calls bgp_event_update()
2512 * after processing each BGP message. This is necessary to ensure proper
2513 * ordering of FSM events and unifies the behavior that was present previously,
2514 * whereby some of the packet handling functions would update the FSM and some
2515 * would not, making event flow difficult to understand. Please think twice
2516 * before hacking this.
2517 *
2518 * Thread type: THREAD_EVENT
2519 * @param thread
2520 * @return 0
2521 */
2522 int bgp_process_packet(struct thread *thread)
2523 {
2524 /* Yes first of all get peer pointer. */
2525 struct peer *peer; // peer
2526 uint32_t rpkt_quanta_old; // how many packets to read
2527 int fsm_update_result; // return code of bgp_event_update()
2528 int mprc; // message processing return code
2529
2530 peer = THREAD_ARG(thread);
2531 rpkt_quanta_old = atomic_load_explicit(&peer->bgp->rpkt_quanta,
2532 memory_order_relaxed);
2533 fsm_update_result = 0;
2534
2535 /* Guard against scheduled events that occur after peer deletion. */
2536 if (peer->status == Deleted || peer->status == Clearing)
2537 return 0;
2538
2539 unsigned int processed = 0;
2540
2541 while (processed < rpkt_quanta_old) {
2542 uint8_t type = 0;
2543 bgp_size_t size;
2544 char notify_data_length[2];
2545
2546 frr_with_mutex(&peer->io_mtx) {
2547 peer->curr = stream_fifo_pop(peer->ibuf);
2548 }
2549
2550 if (peer->curr == NULL) // no packets to process, hmm...
2551 return 0;
2552
2553 /* skip the marker and copy the packet length */
2554 stream_forward_getp(peer->curr, BGP_MARKER_SIZE);
2555 memcpy(notify_data_length, stream_pnt(peer->curr), 2);
2556
2557 /* read in the packet length and type */
2558 size = stream_getw(peer->curr);
2559 type = stream_getc(peer->curr);
2560
2561 hook_call(bgp_packet_dump, peer, type, size, peer->curr);
2562
2563 /* adjust size to exclude the marker + length + type */
2564 size -= BGP_HEADER_SIZE;
2565
2566 /* Read rest of the packet and call each sort of packet routine
2567 */
2568 switch (type) {
2569 case BGP_MSG_OPEN:
2570 frrtrace(2, frr_bgp, open_process, peer, size);
2571 atomic_fetch_add_explicit(&peer->open_in, 1,
2572 memory_order_relaxed);
2573 mprc = bgp_open_receive(peer, size);
2574 if (mprc == BGP_Stop)
2575 flog_err(
2576 EC_BGP_PKT_OPEN,
2577 "%s: BGP OPEN receipt failed for peer: %s",
2578 __func__, peer->host);
2579 break;
2580 case BGP_MSG_UPDATE:
2581 frrtrace(2, frr_bgp, update_process, peer, size);
2582 atomic_fetch_add_explicit(&peer->update_in, 1,
2583 memory_order_relaxed);
2584 peer->readtime = monotime(NULL);
2585 mprc = bgp_update_receive(peer, size);
2586 if (mprc == BGP_Stop)
2587 flog_err(
2588 EC_BGP_UPDATE_RCV,
2589 "%s: BGP UPDATE receipt failed for peer: %s",
2590 __func__, peer->host);
2591 break;
2592 case BGP_MSG_NOTIFY:
2593 frrtrace(2, frr_bgp, notification_process, peer, size);
2594 atomic_fetch_add_explicit(&peer->notify_in, 1,
2595 memory_order_relaxed);
2596 mprc = bgp_notify_receive(peer, size);
2597 if (mprc == BGP_Stop)
2598 flog_err(
2599 EC_BGP_NOTIFY_RCV,
2600 "%s: BGP NOTIFY receipt failed for peer: %s",
2601 __func__, peer->host);
2602 break;
2603 case BGP_MSG_KEEPALIVE:
2604 frrtrace(2, frr_bgp, keepalive_process, peer, size);
2605 peer->readtime = monotime(NULL);
2606 atomic_fetch_add_explicit(&peer->keepalive_in, 1,
2607 memory_order_relaxed);
2608 mprc = bgp_keepalive_receive(peer, size);
2609 if (mprc == BGP_Stop)
2610 flog_err(
2611 EC_BGP_KEEP_RCV,
2612 "%s: BGP KEEPALIVE receipt failed for peer: %s",
2613 __func__, peer->host);
2614 break;
2615 case BGP_MSG_ROUTE_REFRESH_NEW:
2616 case BGP_MSG_ROUTE_REFRESH_OLD:
2617 frrtrace(2, frr_bgp, refresh_process, peer, size);
2618 atomic_fetch_add_explicit(&peer->refresh_in, 1,
2619 memory_order_relaxed);
2620 mprc = bgp_route_refresh_receive(peer, size);
2621 if (mprc == BGP_Stop)
2622 flog_err(
2623 EC_BGP_RFSH_RCV,
2624 "%s: BGP ROUTEREFRESH receipt failed for peer: %s",
2625 __func__, peer->host);
2626 break;
2627 case BGP_MSG_CAPABILITY:
2628 frrtrace(2, frr_bgp, capability_process, peer, size);
2629 atomic_fetch_add_explicit(&peer->dynamic_cap_in, 1,
2630 memory_order_relaxed);
2631 mprc = bgp_capability_receive(peer, size);
2632 if (mprc == BGP_Stop)
2633 flog_err(
2634 EC_BGP_CAP_RCV,
2635 "%s: BGP CAPABILITY receipt failed for peer: %s",
2636 __func__, peer->host);
2637 break;
2638 default:
2639 /* Suppress uninitialized variable warning */
2640 mprc = 0;
2641 (void)mprc;
2642 /*
2643 * The message type should have been sanitized before
2644 * we ever got here. Receipt of a message with an
2645 * invalid header at this point is indicative of a
2646 * security issue.
2647 */
2648 assert (!"Message of invalid type received during input processing");
2649 }
2650
2651 /* delete processed packet */
2652 stream_free(peer->curr);
2653 peer->curr = NULL;
2654 processed++;
2655
2656 /* Update FSM */
2657 if (mprc != BGP_PACKET_NOOP)
2658 fsm_update_result = bgp_event_update(peer, mprc);
2659 else
2660 continue;
2661
2662 /*
2663 * If peer was deleted, do not process any more packets. This
2664 * is usually due to executing BGP_Stop or a stub deletion.
2665 */
2666 if (fsm_update_result == FSM_PEER_TRANSFERRED
2667 || fsm_update_result == FSM_PEER_STOPPED)
2668 break;
2669 }
2670
2671 if (fsm_update_result != FSM_PEER_TRANSFERRED
2672 && fsm_update_result != FSM_PEER_STOPPED) {
2673 frr_with_mutex(&peer->io_mtx) {
2674 // more work to do, come back later
2675 if (peer->ibuf->count > 0)
2676 thread_add_event(
2677 bm->master, bgp_process_packet, peer, 0,
2678 &peer->t_process_packet);
2679 }
2680 }
2681
2682 return 0;
2683 }
2684
2685 /* Send EOR when routes are processed by selection deferral timer */
2686 void bgp_send_delayed_eor(struct bgp *bgp)
2687 {
2688 struct peer *peer;
2689 struct listnode *node, *nnode;
2690
2691 /* EOR message sent in bgp_write_proceed_actions */
2692 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer))
2693 bgp_write_proceed_actions(peer);
2694 }
2695
2696 /*
2697 * Task callback to handle socket error encountered in the io pthread. We avoid
2698 * having the io pthread try to enqueue fsm events or mess with the peer
2699 * struct.
2700 */
2701 int bgp_packet_process_error(struct thread *thread)
2702 {
2703 struct peer *peer;
2704 int code;
2705
2706 peer = THREAD_ARG(thread);
2707 code = THREAD_VAL(thread);
2708
2709 if (bgp_debug_neighbor_events(peer))
2710 zlog_debug("%s [Event] BGP error %d on fd %d",
2711 peer->host, peer->fd, code);
2712
2713 /* Closed connection or error on the socket */
2714 if (peer_established(peer)) {
2715 if ((CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
2716 || CHECK_FLAG(peer->flags,
2717 PEER_FLAG_GRACEFUL_RESTART_HELPER))
2718 && CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) {
2719 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2720 SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT);
2721 } else
2722 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2723 }
2724
2725 bgp_event_update(peer, code);
2726
2727 return 0;
2728 }
FRRouting mirror