]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #760 from opensourcerouting/rpm-non-redhat-fix
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 Copyright (C) 1999 Kunihiro Ishiguro
3
4 This file is part of GNU Zebra.
5
6 GNU Zebra is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the Free
18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 02111-1307, USA. */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "stream.h"
25 #include "network.h"
26 #include "prefix.h"
27 #include "command.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "sockunion.h" /* for inet_ntop () */
31 #include "sockopt.h"
32 #include "linklist.h"
33 #include "plist.h"
34 #include "queue.h"
35 #include "filter.h"
36
37 #include "bgpd/bgpd.h"
38 #include "bgpd/bgp_table.h"
39 #include "bgpd/bgp_dump.h"
40 #include "bgpd/bgp_attr.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_fsm.h"
43 #include "bgpd/bgp_route.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_open.h"
46 #include "bgpd/bgp_aspath.h"
47 #include "bgpd/bgp_community.h"
48 #include "bgpd/bgp_ecommunity.h"
49 #include "bgpd/bgp_network.h"
50 #include "bgpd/bgp_mplsvpn.h"
51 #include "bgpd/bgp_encap.h"
52 #include "bgpd/bgp_advertise.h"
53 #include "bgpd/bgp_vty.h"
54 #include "bgpd/bgp_updgrp.h"
55
56 /* Set up BGP packet marker and packet type. */
57 int
58 bgp_packet_set_marker (struct stream *s, u_char type)
59 {
60 int i;
61
62 /* Fill in marker. */
63 for (i = 0; i < BGP_MARKER_SIZE; i++)
64 stream_putc (s, 0xff);
65
66 /* Dummy total length. This field is should be filled in later on. */
67 stream_putw (s, 0);
68
69 /* BGP packet type. */
70 stream_putc (s, type);
71
72 /* Return current stream size. */
73 return stream_get_endp (s);
74 }
75
76 /* Set BGP packet header size entry. If size is zero then use current
77 stream size. */
78 int
79 bgp_packet_set_size (struct stream *s)
80 {
81 int cp;
82
83 /* Preserve current pointer. */
84 cp = stream_get_endp (s);
85 stream_putw_at (s, BGP_MARKER_SIZE, cp);
86
87 return cp;
88 }
89
90 /* Add new packet to the peer. */
91 void
92 bgp_packet_add (struct peer *peer, struct stream *s)
93 {
94 /* Add packet to the end of list. */
95 stream_fifo_push (peer->obuf, s);
96 }
97
98 /* Free first packet. */
99 static void
100 bgp_packet_delete (struct peer *peer)
101 {
102 stream_free (stream_fifo_pop (peer->obuf));
103 }
104
105 /* Check file descriptor whether connect is established. */
106 int
107 bgp_connect_check (struct peer *peer, int change_state)
108 {
109 int status;
110 socklen_t slen;
111 int ret;
112
113 /* Anyway I have to reset read and write thread. */
114 BGP_READ_OFF (peer->t_read);
115 BGP_WRITE_OFF (peer->t_write);
116
117 /* Check file descriptor. */
118 slen = sizeof (status);
119 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *) &status, &slen);
120
121 /* If getsockopt is fail, this is fatal error. */
122 if (ret < 0)
123 {
124 zlog_info ("can't get sockopt for nonblocking connect");
125 BGP_EVENT_ADD (peer, TCP_fatal_error);
126 return -1;
127 }
128
129 /* When status is 0 then TCP connection is established. */
130 if (status == 0)
131 {
132 BGP_EVENT_ADD (peer, TCP_connection_open);
133 return 1;
134 }
135 else
136 {
137 if (bgp_debug_neighbor_events(peer))
138 zlog_debug ("%s [Event] Connect failed (%s)",
139 peer->host, safe_strerror (errno));
140 if (change_state)
141 BGP_EVENT_ADD (peer, TCP_connection_open_failed);
142 return 0;
143 }
144 }
145
146 static struct stream *
147 bgp_update_packet_eor (struct peer *peer, afi_t afi, safi_t safi)
148 {
149 struct stream *s;
150
151 if (DISABLE_BGP_ANNOUNCE)
152 return NULL;
153
154 if (bgp_debug_neighbor_events(peer))
155 zlog_debug ("send End-of-RIB for %s to %s", afi_safi_print (afi, safi), peer->host);
156
157 s = stream_new (BGP_MAX_PACKET_SIZE);
158
159 /* Make BGP update packet. */
160 bgp_packet_set_marker (s, BGP_MSG_UPDATE);
161
162 /* Unfeasible Routes Length */
163 stream_putw (s, 0);
164
165 if (afi == AFI_IP && safi == SAFI_UNICAST)
166 {
167 /* Total Path Attribute Length */
168 stream_putw (s, 0);
169 }
170 else
171 {
172 /* Total Path Attribute Length */
173 stream_putw (s, 6);
174 stream_putc (s, BGP_ATTR_FLAG_OPTIONAL);
175 stream_putc (s, BGP_ATTR_MP_UNREACH_NLRI);
176 stream_putc (s, 3);
177 stream_putw (s, afi);
178 stream_putc (s, safi);
179 }
180
181 bgp_packet_set_size (s);
182 bgp_packet_add (peer, s);
183 return s;
184 }
185
186 /* Get next packet to be written. */
187 static struct stream *
188 bgp_write_packet (struct peer *peer)
189 {
190 struct stream *s = NULL;
191 struct peer_af *paf;
192 struct bpacket *next_pkt;
193 afi_t afi;
194 safi_t safi;
195
196 s = stream_fifo_head (peer->obuf);
197 if (s)
198 return s;
199
200 /*
201 * The code beyond this part deals with update packets, proceed only
202 * if peer is Established and updates are not on hold (as part of
203 * update-delay post processing).
204 */
205 if (peer->status != Established)
206 return NULL;
207
208 if (peer->bgp && peer->bgp->main_peers_update_hold)
209 return NULL;
210
211 for (afi = AFI_IP; afi < AFI_MAX; afi++)
212 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
213 {
214 paf = peer_af_find (peer, afi, safi);
215 if (!paf || !PAF_SUBGRP(paf))
216 continue;
217 next_pkt = paf->next_pkt_to_send;
218
219 /* Try to generate a packet for the peer if we are at the end of
220 * the list. Always try to push out WITHDRAWs first. */
221 if (!next_pkt || !next_pkt->buffer)
222 {
223 next_pkt = subgroup_withdraw_packet(PAF_SUBGRP(paf));
224 if (!next_pkt || !next_pkt->buffer)
225 subgroup_update_packet (PAF_SUBGRP(paf));
226 next_pkt = paf->next_pkt_to_send;
227 }
228
229 /* If we still don't have a packet to send to the peer, then
230 * try to find out out if we have to send eor or if not, skip to
231 * the next AFI, SAFI.
232 * Don't send the EOR prematurely... if the subgroup's coalesce
233 * timer is running, the adjacency-out structure is not created
234 * yet.
235 */
236 if (!next_pkt || !next_pkt->buffer)
237 {
238 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
239 {
240 if (!(PAF_SUBGRP(paf))->t_coalesce &&
241 peer->afc_nego[afi][safi] && peer->synctime
242 && ! CHECK_FLAG (peer->af_sflags[afi][safi],
243 PEER_STATUS_EOR_SEND)
244 && safi != SAFI_MPLS_VPN)
245 {
246 SET_FLAG (peer->af_sflags[afi][safi],
247 PEER_STATUS_EOR_SEND);
248 return bgp_update_packet_eor (peer, afi, safi);
249 }
250
251 }
252 continue;
253 }
254
255
256 /*
257 * Found a packet template to send, overwrite packet with appropriate
258 * attributes from peer and advance peer
259 */
260 s = bpacket_reformat_for_peer (next_pkt, paf);
261 bpacket_queue_advance_peer (paf);
262 return s;
263 }
264
265 return NULL;
266 }
267
268 /* The next action for the peer from a write perspective */
269 static void
270 bgp_write_proceed_actions (struct peer *peer)
271 {
272 afi_t afi;
273 safi_t safi;
274 struct peer_af *paf;
275 struct bpacket *next_pkt;
276 int fullq_found = 0;
277 struct update_subgroup *subgrp;
278
279 if (stream_fifo_head (peer->obuf))
280 {
281 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
282 return;
283 }
284
285 for (afi = AFI_IP; afi < AFI_MAX; afi++)
286 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
287 {
288 paf = peer_af_find (peer, afi, safi);
289 if (!paf)
290 continue;
291 subgrp = paf->subgroup;
292 if (!subgrp)
293 continue;
294
295 next_pkt = paf->next_pkt_to_send;
296 if (next_pkt && next_pkt->buffer)
297 {
298 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
299 return;
300 }
301
302 /* No packets readily available for AFI/SAFI, are there subgroup packets
303 * that need to be generated? */
304 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
305 SUBGRP_PKTQ(subgrp)))
306 fullq_found = 1;
307 else if (subgroup_packets_to_build (subgrp))
308 {
309 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
310 return;
311 }
312
313 /* No packets to send, see if EOR is pending */
314 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
315 {
316 if (!subgrp->t_coalesce &&
317 peer->afc_nego[afi][safi] &&
318 peer->synctime &&
319 !CHECK_FLAG(peer->af_sflags[afi][safi],
320 PEER_STATUS_EOR_SEND) &&
321 safi != SAFI_MPLS_VPN)
322 {
323 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
324 return;
325 }
326
327 }
328 }
329 if (fullq_found)
330 {
331 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
332 return;
333 }
334 }
335
336 /* Write packet to the peer. */
337 int
338 bgp_write (struct thread *thread)
339 {
340 struct peer *peer;
341 u_char type;
342 struct stream *s;
343 int num;
344 int update_last_write = 0;
345 unsigned int count = 0;
346 unsigned int oc = 0;
347
348 /* Yes first of all get peer pointer. */
349 peer = THREAD_ARG (thread);
350 peer->t_write = NULL;
351
352 /* For non-blocking IO check. */
353 if (peer->status == Connect)
354 {
355 bgp_connect_check (peer, 1);
356 return 0;
357 }
358
359 s = bgp_write_packet (peer);
360 if (!s)
361 {
362 bgp_write_proceed_actions (peer);
363 return 0;
364 }
365
366 sockopt_cork (peer->fd, 1);
367
368 oc = peer->update_out;
369
370 /* Nonblocking write until TCP output buffer is full. */
371 do
372 {
373 int writenum;
374
375 /* Number of bytes to be sent. */
376 writenum = stream_get_endp (s) - stream_get_getp (s);
377
378 /* Call write() system call. */
379 num = write (peer->fd, STREAM_PNT (s), writenum);
380 if (num < 0)
381 {
382 /* write failed either retry needed or error */
383 if (ERRNO_IO_RETRY(errno))
384 break;
385
386 BGP_EVENT_ADD (peer, TCP_fatal_error);
387 return 0;
388 }
389
390 if (num != writenum)
391 {
392 /* Partial write */
393 stream_forward_getp (s, num);
394 break;
395 }
396
397 /* Retrieve BGP packet type. */
398 stream_set_getp (s, BGP_MARKER_SIZE + 2);
399 type = stream_getc (s);
400
401 switch (type)
402 {
403 case BGP_MSG_OPEN:
404 peer->open_out++;
405 break;
406 case BGP_MSG_UPDATE:
407 peer->update_out++;
408 break;
409 case BGP_MSG_NOTIFY:
410 peer->notify_out++;
411 /* Double start timer. */
412 peer->v_start *= 2;
413
414 /* Overflow check. */
415 if (peer->v_start >= (60 * 2))
416 peer->v_start = (60 * 2);
417
418 /* Flush any existing events */
419 BGP_EVENT_ADD (peer, BGP_Stop);
420 goto done;
421
422 case BGP_MSG_KEEPALIVE:
423 peer->keepalive_out++;
424 break;
425 case BGP_MSG_ROUTE_REFRESH_NEW:
426 case BGP_MSG_ROUTE_REFRESH_OLD:
427 peer->refresh_out++;
428 break;
429 case BGP_MSG_CAPABILITY:
430 peer->dynamic_cap_out++;
431 break;
432 }
433
434 /* OK we send packet so delete it. */
435 bgp_packet_delete (peer);
436 update_last_write = 1;
437 }
438 while (++count < peer->bgp->wpkt_quanta &&
439 (s = bgp_write_packet (peer)) != NULL);
440
441 bgp_write_proceed_actions (peer);
442
443 done:
444 /* Update last_update if UPDATEs were written. */
445 if (peer->update_out > oc)
446 peer->last_update = bgp_clock ();
447
448 /* If we TXed any flavor of packet update last_write */
449 if (update_last_write)
450 peer->last_write = bgp_clock ();
451
452 sockopt_cork (peer->fd, 0);
453 return 0;
454 }
455
456 /* This is only for sending NOTIFICATION message to neighbor. */
457 static int
458 bgp_write_notify (struct peer *peer)
459 {
460 int ret, val;
461 u_char type;
462 struct stream *s;
463
464 /* There should be at least one packet. */
465 s = stream_fifo_head (peer->obuf);
466 if (!s)
467 return 0;
468 assert (stream_get_endp (s) >= BGP_HEADER_SIZE);
469
470 /* Stop collecting data within the socket */
471 sockopt_cork (peer->fd, 0);
472
473 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
474 * we only care about getting a clean shutdown at this point. */
475 ret = write (peer->fd, STREAM_DATA (s), stream_get_endp (s));
476
477 /* only connection reset/close gets counted as TCP_fatal_error, failure
478 * to write the entire NOTIFY doesn't get different FSM treatment */
479 if (ret <= 0)
480 {
481 BGP_EVENT_ADD (peer, TCP_fatal_error);
482 return 0;
483 }
484
485 /* Disable Nagle, make NOTIFY packet go out right away */
486 val = 1;
487 (void) setsockopt (peer->fd, IPPROTO_TCP, TCP_NODELAY,
488 (char *) &val, sizeof (val));
489
490 /* Retrieve BGP packet type. */
491 stream_set_getp (s, BGP_MARKER_SIZE + 2);
492 type = stream_getc (s);
493
494 assert (type == BGP_MSG_NOTIFY);
495
496 /* Type should be notify. */
497 peer->notify_out++;
498
499 /* Double start timer. */
500 peer->v_start *= 2;
501
502 /* Overflow check. */
503 if (peer->v_start >= (60 * 2))
504 peer->v_start = (60 * 2);
505
506 /* Handle Graceful Restart case where the state changes to
507 Connect instead of Idle */
508 BGP_EVENT_ADD (peer, BGP_Stop);
509
510 return 0;
511 }
512
513 /* Make keepalive packet and send it to the peer. */
514 void
515 bgp_keepalive_send (struct peer *peer)
516 {
517 struct stream *s;
518
519 s = stream_new (BGP_MAX_PACKET_SIZE);
520
521 /* Make keepalive packet. */
522 bgp_packet_set_marker (s, BGP_MSG_KEEPALIVE);
523
524 /* Set packet size. */
525 (void)bgp_packet_set_size (s);
526
527 /* Dump packet if debug option is set. */
528 /* bgp_packet_dump (s); */
529
530 if (bgp_debug_keepalive(peer))
531 zlog_debug ("%s sending KEEPALIVE", peer->host);
532
533 /* Add packet to the peer. */
534 bgp_packet_add (peer, s);
535
536 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
537 }
538
539 /* Make open packet and send it to the peer. */
540 void
541 bgp_open_send (struct peer *peer)
542 {
543 struct stream *s;
544 u_int16_t send_holdtime;
545 as_t local_as;
546
547 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
548 send_holdtime = peer->holdtime;
549 else
550 send_holdtime = peer->bgp->default_holdtime;
551
552 /* local-as Change */
553 if (peer->change_local_as)
554 local_as = peer->change_local_as;
555 else
556 local_as = peer->local_as;
557
558 s = stream_new (BGP_MAX_PACKET_SIZE);
559
560 /* Make open packet. */
561 bgp_packet_set_marker (s, BGP_MSG_OPEN);
562
563 /* Set open packet values. */
564 stream_putc (s, BGP_VERSION_4); /* BGP version */
565 stream_putw (s, (local_as <= BGP_AS_MAX) ? (u_int16_t) local_as
566 : BGP_AS_TRANS);
567 stream_putw (s, send_holdtime); /* Hold Time */
568 stream_put_in_addr (s, &peer->local_id); /* BGP Identifier */
569
570 /* Set capability code. */
571 bgp_open_capability (s, peer);
572
573 /* Set BGP packet length. */
574 (void)bgp_packet_set_size (s);
575
576 if (bgp_debug_neighbor_events(peer))
577 zlog_debug ("%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
578 peer->host, BGP_VERSION_4, local_as,
579 send_holdtime, inet_ntoa (peer->local_id));
580
581 /* Dump packet if debug option is set. */
582 /* bgp_packet_dump (s); */
583
584 /* Add packet to the peer. */
585 bgp_packet_add (peer, s);
586
587 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
588 }
589
590 /* Send BGP notify packet with data potion. */
591 void
592 bgp_notify_send_with_data (struct peer *peer, u_char code, u_char sub_code,
593 u_char *data, size_t datalen)
594 {
595 struct stream *s;
596 int length;
597
598 /* Allocate new stream. */
599 s = stream_new (BGP_MAX_PACKET_SIZE);
600
601 /* Make nitify packet. */
602 bgp_packet_set_marker (s, BGP_MSG_NOTIFY);
603
604 /* Set notify packet values. */
605 stream_putc (s, code); /* BGP notify code */
606 stream_putc (s, sub_code); /* BGP notify sub_code */
607
608 /* If notify data is present. */
609 if (data)
610 stream_write (s, data, datalen);
611
612 /* Set BGP packet length. */
613 length = bgp_packet_set_size (s);
614
615 /* Add packet to the peer. */
616 stream_fifo_clean (peer->obuf);
617 bgp_packet_add (peer, s);
618
619 /* For debug */
620 {
621 struct bgp_notify bgp_notify;
622 int first = 0;
623 int i;
624 char c[4];
625
626 bgp_notify.code = code;
627 bgp_notify.subcode = sub_code;
628 bgp_notify.data = NULL;
629 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
630
631 peer->notify.code = bgp_notify.code;
632 peer->notify.subcode = bgp_notify.subcode;
633
634 if (bgp_notify.length)
635 {
636 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
637 for (i = 0; i < bgp_notify.length; i++)
638 if (first)
639 {
640 sprintf (c, " %02x", data[i]);
641 strcat (bgp_notify.data, c);
642 }
643 else
644 {
645 first = 1;
646 sprintf (c, "%02x", data[i]);
647 strcpy (bgp_notify.data, c);
648 }
649 }
650 bgp_notify_print (peer, &bgp_notify, "sending");
651
652 if (bgp_notify.data)
653 {
654 XFREE (MTYPE_TMP, bgp_notify.data);
655 bgp_notify.data = NULL;
656 bgp_notify.length = 0;
657 }
658 }
659
660 /* peer reset cause */
661 if (code == BGP_NOTIFY_CEASE)
662 {
663 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
664 peer->last_reset = PEER_DOWN_USER_RESET;
665 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
666 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
667 else
668 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
669 }
670 else
671 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
672
673 /* Call immediately. */
674 BGP_WRITE_OFF (peer->t_write);
675
676 bgp_write_notify (peer);
677 }
678
679 /* Send BGP notify packet. */
680 void
681 bgp_notify_send (struct peer *peer, u_char code, u_char sub_code)
682 {
683 bgp_notify_send_with_data (peer, code, sub_code, NULL, 0);
684 }
685
686 /* Send route refresh message to the peer. */
687 void
688 bgp_route_refresh_send (struct peer *peer, afi_t afi, safi_t safi,
689 u_char orf_type, u_char when_to_refresh, int remove)
690 {
691 struct stream *s;
692 struct bgp_filter *filter;
693 int orf_refresh = 0;
694
695 if (DISABLE_BGP_ANNOUNCE)
696 return;
697
698 filter = &peer->filter[afi][safi];
699
700 /* Adjust safi code. */
701 if (safi == SAFI_MPLS_VPN)
702 safi = SAFI_MPLS_LABELED_VPN;
703
704 s = stream_new (BGP_MAX_PACKET_SIZE);
705
706 /* Make BGP update packet. */
707 if (CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV))
708 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_NEW);
709 else
710 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_OLD);
711
712 /* Encode Route Refresh message. */
713 stream_putw (s, afi);
714 stream_putc (s, 0);
715 stream_putc (s, safi);
716
717 if (orf_type == ORF_TYPE_PREFIX
718 || orf_type == ORF_TYPE_PREFIX_OLD)
719 if (remove || filter->plist[FILTER_IN].plist)
720 {
721 u_int16_t orf_len;
722 unsigned long orfp;
723
724 orf_refresh = 1;
725 stream_putc (s, when_to_refresh);
726 stream_putc (s, orf_type);
727 orfp = stream_get_endp (s);
728 stream_putw (s, 0);
729
730 if (remove)
731 {
732 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
733 stream_putc (s, ORF_COMMON_PART_REMOVE_ALL);
734 if (bgp_debug_neighbor_events(peer))
735 zlog_debug ("%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
736 peer->host, orf_type,
737 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
738 afi, safi);
739 }
740 else
741 {
742 SET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
743 prefix_bgp_orf_entry (s, filter->plist[FILTER_IN].plist,
744 ORF_COMMON_PART_ADD, ORF_COMMON_PART_PERMIT,
745 ORF_COMMON_PART_DENY);
746 if (bgp_debug_neighbor_events(peer))
747 zlog_debug ("%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
748 peer->host, orf_type,
749 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
750 afi, safi);
751 }
752
753 /* Total ORF Entry Len. */
754 orf_len = stream_get_endp (s) - orfp - 2;
755 stream_putw_at (s, orfp, orf_len);
756 }
757
758 /* Set packet size. */
759 (void)bgp_packet_set_size (s);
760
761 if (bgp_debug_neighbor_events(peer))
762 {
763 if (! orf_refresh)
764 zlog_debug ("%s sending REFRESH_REQ for afi/safi: %d/%d",
765 peer->host, afi, safi);
766 }
767
768 /* Add packet to the peer. */
769 bgp_packet_add (peer, s);
770
771 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
772 }
773
774 /* Send capability message to the peer. */
775 void
776 bgp_capability_send (struct peer *peer, afi_t afi, safi_t safi,
777 int capability_code, int action)
778 {
779 struct stream *s;
780
781 /* Adjust safi code. */
782 if (safi == SAFI_MPLS_VPN)
783 safi = SAFI_MPLS_LABELED_VPN;
784
785 s = stream_new (BGP_MAX_PACKET_SIZE);
786
787 /* Make BGP update packet. */
788 bgp_packet_set_marker (s, BGP_MSG_CAPABILITY);
789
790 /* Encode MP_EXT capability. */
791 if (capability_code == CAPABILITY_CODE_MP)
792 {
793 stream_putc (s, action);
794 stream_putc (s, CAPABILITY_CODE_MP);
795 stream_putc (s, CAPABILITY_CODE_MP_LEN);
796 stream_putw (s, afi);
797 stream_putc (s, 0);
798 stream_putc (s, safi);
799
800 if (bgp_debug_neighbor_events(peer))
801 zlog_debug ("%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
802 peer->host, action == CAPABILITY_ACTION_SET ?
803 "Advertising" : "Removing", afi, safi);
804 }
805
806 /* Set packet size. */
807 (void)bgp_packet_set_size (s);
808
809 /* Add packet to the peer. */
810 bgp_packet_add (peer, s);
811
812 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
813 }
814
815 /* RFC1771 6.8 Connection collision detection. */
816 static int
817 bgp_collision_detect (struct peer *new, struct in_addr remote_id)
818 {
819 struct peer *peer;
820
821 /* Upon receipt of an OPEN message, the local system must examine
822 all of its connections that are in the OpenConfirm state. A BGP
823 speaker may also examine connections in an OpenSent state if it
824 knows the BGP Identifier of the peer by means outside of the
825 protocol. If among these connections there is a connection to a
826 remote BGP speaker whose BGP Identifier equals the one in the
827 OPEN message, then the local system performs the following
828 collision resolution procedure: */
829
830 if ((peer = new->doppelganger) != NULL)
831 {
832 /* Do not accept the new connection in Established or Clearing states.
833 * Note that a peer GR is handled by closing the existing connection
834 * upon receipt of new one.
835 */
836 if (peer->status == Established || peer->status == Clearing)
837 {
838 bgp_notify_send (new, BGP_NOTIFY_CEASE,
839 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
840 return (-1);
841 }
842 else if ((peer->status == OpenConfirm) || (peer->status == OpenSent))
843 {
844 /* 1. The BGP Identifier of the local system is compared to
845 the BGP Identifier of the remote system (as specified in
846 the OPEN message). */
847
848 if (ntohl (peer->local_id.s_addr) < ntohl (remote_id.s_addr))
849 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
850 {
851 /* 2. If the value of the local BGP Identifier is less
852 than the remote one, the local system closes BGP
853 connection that already exists (the one that is
854 already in the OpenConfirm state), and accepts BGP
855 connection initiated by the remote system. */
856 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
857 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
858 return 1;
859 }
860 else
861 {
862 bgp_notify_send (new, BGP_NOTIFY_CEASE,
863 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
864 return -1;
865 }
866 else
867 {
868 /* 3. Otherwise, the local system closes newly created
869 BGP connection (the one associated with the newly
870 received OPEN message), and continues to use the
871 existing one (the one that is already in the
872 OpenConfirm state). */
873 if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
874 {
875 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
876 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
877 return 1;
878 }
879 else
880 {
881 bgp_notify_send (new, BGP_NOTIFY_CEASE,
882 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
883 return -1;
884 }
885 }
886 }
887 }
888 return 0;
889 }
890
891 static int
892 bgp_open_receive (struct peer *peer, bgp_size_t size)
893 {
894 int ret;
895 u_char version;
896 u_char optlen;
897 u_int16_t holdtime;
898 u_int16_t send_holdtime;
899 as_t remote_as;
900 as_t as4 = 0;
901 struct in_addr remote_id;
902 int mp_capability;
903 u_int8_t notify_data_remote_as[2];
904 u_int8_t notify_data_remote_as4[4];
905 u_int8_t notify_data_remote_id[4];
906 u_int16_t *holdtime_ptr;
907
908 /* Parse open packet. */
909 version = stream_getc (peer->ibuf);
910 memcpy (notify_data_remote_as, stream_pnt (peer->ibuf), 2);
911 remote_as = stream_getw (peer->ibuf);
912 holdtime_ptr = (u_int16_t *)stream_pnt (peer->ibuf);
913 holdtime = stream_getw (peer->ibuf);
914 memcpy (notify_data_remote_id, stream_pnt (peer->ibuf), 4);
915 remote_id.s_addr = stream_get_ipv4 (peer->ibuf);
916
917 /* Receive OPEN message log */
918 if (bgp_debug_neighbor_events(peer))
919 zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %u,"
920 " holdtime %d, id %s",
921 peer->host, version, remote_as, holdtime,
922 inet_ntoa (remote_id));
923
924 /* BEGIN to read the capability here, but dont do it yet */
925 mp_capability = 0;
926 optlen = stream_getc (peer->ibuf);
927
928 if (optlen != 0)
929 {
930 /* If not enough bytes, it is an error. */
931 if (STREAM_READABLE(peer->ibuf) < optlen)
932 {
933 bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR,
934 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
935 return -1;
936 }
937
938 /* We need the as4 capability value *right now* because
939 * if it is there, we have not got the remote_as yet, and without
940 * that we do not know which peer is connecting to us now.
941 */
942 as4 = peek_for_as4_capability (peer, optlen);
943 memcpy (notify_data_remote_as4, &as4, 4);
944 }
945
946 /* Just in case we have a silly peer who sends AS4 capability set to 0 */
947 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV) && !as4)
948 {
949 zlog_err ("%s bad OPEN, got AS4 capability, but AS4 set to 0",
950 peer->host);
951 bgp_notify_send_with_data (peer,
952 BGP_NOTIFY_OPEN_ERR,
953 BGP_NOTIFY_OPEN_BAD_PEER_AS,
954 notify_data_remote_as4, 4);
955 return -1;
956 }
957
958 if (remote_as == BGP_AS_TRANS)
959 {
960 /* Take the AS4 from the capability. We must have received the
961 * capability now! Otherwise we have a asn16 peer who uses
962 * BGP_AS_TRANS, for some unknown reason.
963 */
964 if (as4 == BGP_AS_TRANS)
965 {
966 zlog_err ("%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
967 peer->host);
968 bgp_notify_send_with_data (peer,
969 BGP_NOTIFY_OPEN_ERR,
970 BGP_NOTIFY_OPEN_BAD_PEER_AS,
971 notify_data_remote_as4, 4);
972 return -1;
973 }
974
975 if (!as4 && BGP_DEBUG (as4, AS4))
976 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
977 " Odd, but proceeding.", peer->host);
978 else if (as4 < BGP_AS_MAX && BGP_DEBUG (as4, AS4))
979 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
980 "in 2-bytes, very odd peer.", peer->host, as4);
981 if (as4)
982 remote_as = as4;
983 }
984 else
985 {
986 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX */
987 /* If we have got the capability, peer->as4cap must match remote_as */
988 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV)
989 && as4 != remote_as)
990 {
991 /* raise error, log this, close session */
992 zlog_err ("%s bad OPEN, got AS4 capability, but remote_as %u"
993 " mismatch with 16bit 'myasn' %u in open",
994 peer->host, as4, remote_as);
995 bgp_notify_send_with_data (peer,
996 BGP_NOTIFY_OPEN_ERR,
997 BGP_NOTIFY_OPEN_BAD_PEER_AS,
998 notify_data_remote_as4, 4);
999 return -1;
1000 }
1001 }
1002
1003 /* remote router-id check. */
1004 if (remote_id.s_addr == 0
1005 || IPV4_CLASS_DE (ntohl (remote_id.s_addr))
1006 || ntohl (peer->local_id.s_addr) == ntohl (remote_id.s_addr))
1007 {
1008 if (bgp_debug_neighbor_events(peer))
1009 zlog_debug ("%s bad OPEN, wrong router identifier %s",
1010 peer->host, inet_ntoa (remote_id));
1011 bgp_notify_send_with_data (peer,
1012 BGP_NOTIFY_OPEN_ERR,
1013 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1014 notify_data_remote_id, 4);
1015 return -1;
1016 }
1017
1018 /* Set remote router-id */
1019 peer->remote_id = remote_id;
1020
1021 /* Peer BGP version check. */
1022 if (version != BGP_VERSION_4)
1023 {
1024 u_int16_t maxver = htons(BGP_VERSION_4);
1025 /* XXX this reply may not be correct if version < 4 XXX */
1026 if (bgp_debug_neighbor_events(peer))
1027 zlog_debug ("%s bad protocol version, remote requested %d, local request %d",
1028 peer->host, version, BGP_VERSION_4);
1029 /* Data must be in network byte order here */
1030 bgp_notify_send_with_data (peer,
1031 BGP_NOTIFY_OPEN_ERR,
1032 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1033 (u_int8_t *) &maxver, 2);
1034 return -1;
1035 }
1036
1037 /* Check neighbor as number. */
1038 if (peer->as_type == AS_UNSPECIFIED)
1039 {
1040 if (bgp_debug_neighbor_events(peer))
1041 zlog_debug("%s bad OPEN, remote AS is unspecified currently", peer->host);
1042 bgp_notify_send_with_data(peer,
1043 BGP_NOTIFY_OPEN_ERR,
1044 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1045 notify_data_remote_as, 2);
1046 return -1;
1047 }
1048 else if (peer->as_type == AS_INTERNAL)
1049 {
1050 if (remote_as != peer->bgp->as)
1051 {
1052 if (bgp_debug_neighbor_events(peer))
1053 zlog_debug ("%s bad OPEN, remote AS is %u, internal specified",
1054 peer->host, remote_as);
1055 bgp_notify_send_with_data (peer,
1056 BGP_NOTIFY_OPEN_ERR,
1057 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1058 notify_data_remote_as, 2);
1059 return -1;
1060 }
1061 peer->as = peer->local_as;
1062 }
1063 else if (peer->as_type == AS_EXTERNAL)
1064 {
1065 if (remote_as == peer->bgp->as)
1066 {
1067 if (bgp_debug_neighbor_events(peer))
1068 zlog_debug ("%s bad OPEN, remote AS is %u, external specified",
1069 peer->host, remote_as);
1070 bgp_notify_send_with_data (peer,
1071 BGP_NOTIFY_OPEN_ERR,
1072 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1073 notify_data_remote_as, 2);
1074 return -1;
1075 }
1076 peer->as = remote_as;
1077 }
1078 else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as))
1079 {
1080 if (bgp_debug_neighbor_events(peer))
1081 zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
1082 peer->host, remote_as, peer->as);
1083 bgp_notify_send_with_data (peer,
1084 BGP_NOTIFY_OPEN_ERR,
1085 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1086 notify_data_remote_as, 2);
1087 return -1;
1088 }
1089
1090 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1091 calculate the value of the Hold Timer by using the smaller of its
1092 configured Hold Time and the Hold Time received in the OPEN message.
1093 The Hold Time MUST be either zero or at least three seconds. An
1094 implementation may reject connections on the basis of the Hold Time. */
1095
1096 if (holdtime < 3 && holdtime != 0)
1097 {
1098 bgp_notify_send_with_data (peer,
1099 BGP_NOTIFY_OPEN_ERR,
1100 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1101 (u_char *)holdtime_ptr, 2);
1102 return -1;
1103 }
1104
1105 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1106 would be one third of the Hold Time interval. KEEPALIVE messages
1107 MUST NOT be sent more frequently than one per second. An
1108 implementation MAY adjust the rate at which it sends KEEPALIVE
1109 messages as a function of the Hold Time interval. */
1110
1111 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1112 send_holdtime = peer->holdtime;
1113 else
1114 send_holdtime = peer->bgp->default_holdtime;
1115
1116 if (holdtime < send_holdtime)
1117 peer->v_holdtime = holdtime;
1118 else
1119 peer->v_holdtime = send_holdtime;
1120
1121 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1122 peer->v_keepalive = peer->keepalive;
1123 else
1124 peer->v_keepalive = peer->v_holdtime / 3;
1125
1126 /* Open option part parse. */
1127 if (optlen != 0)
1128 {
1129 if ((ret = bgp_open_option_parse (peer, optlen, &mp_capability)) < 0)
1130 return ret;
1131 }
1132 else
1133 {
1134 if (bgp_debug_neighbor_events(peer))
1135 zlog_debug ("%s rcvd OPEN w/ OPTION parameter len: 0",
1136 peer->host);
1137 }
1138
1139 /*
1140 * Assume that the peer supports the locally configured set of
1141 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1142 * capabilities, or if 'override-capability' is configured.
1143 */
1144 if (! mp_capability ||
1145 CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1146 {
1147 peer->afc_nego[AFI_IP][SAFI_UNICAST] = peer->afc[AFI_IP][SAFI_UNICAST];
1148 peer->afc_nego[AFI_IP][SAFI_MULTICAST] = peer->afc[AFI_IP][SAFI_MULTICAST];
1149 peer->afc_nego[AFI_IP6][SAFI_UNICAST] = peer->afc[AFI_IP6][SAFI_UNICAST];
1150 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = peer->afc[AFI_IP6][SAFI_MULTICAST];
1151 }
1152
1153 /* When collision is detected and this peer is closed. Retrun
1154 immidiately. */
1155 ret = bgp_collision_detect (peer, remote_id);
1156 if (ret < 0)
1157 return ret;
1158
1159 /* Get sockname. */
1160 if ((ret = bgp_getsockname (peer)) < 0)
1161 {
1162 zlog_err("%s: bgp_getsockname() failed for peer: %s", __FUNCTION__,
1163 peer->host);
1164 return (ret);
1165 }
1166
1167 /* Verify valid local address present based on negotiated address-families. */
1168 if (peer->afc_nego[AFI_IP][SAFI_UNICAST] ||
1169 peer->afc_nego[AFI_IP][SAFI_MULTICAST] ||
1170 peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] ||
1171 peer->afc_nego[AFI_IP][SAFI_ENCAP])
1172 {
1173 if (!peer->nexthop.v4.s_addr)
1174 {
1175 #if defined (HAVE_CUMULUS)
1176 zlog_err ("%s: No local IPv4 addr resetting connection, fd %d",
1177 peer->host, peer->fd);
1178 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1179 return -1;
1180 #endif
1181 }
1182 }
1183 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST] ||
1184 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] ||
1185 peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN] ||
1186 peer->afc_nego[AFI_IP6][SAFI_ENCAP])
1187 {
1188 if (IN6_IS_ADDR_UNSPECIFIED (&peer->nexthop.v6_global))
1189 {
1190 #if defined (HAVE_CUMULUS)
1191 zlog_err ("%s: No local IPv6 addr resetting connection, fd %d",
1192 peer->host, peer->fd);
1193 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1194 return -1;
1195 #endif
1196 }
1197 }
1198 peer->rtt = sockopt_tcp_rtt (peer->fd);
1199
1200 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0)
1201 {
1202 zlog_err("%s: BGP event update failed for peer: %s", __FUNCTION__,
1203 peer->host);
1204 /* DD: bgp send notify and reset state */
1205 return (ret);
1206 }
1207
1208 peer->packet_size = 0;
1209 if (peer->ibuf)
1210 stream_reset (peer->ibuf);
1211
1212 return 0;
1213 }
1214
1215 /* Called when there is a change in the EOR(implicit or explicit) status of a peer.
1216 Ends the update-delay if all expected peers are done with EORs. */
1217 void
1218 bgp_check_update_delay(struct bgp *bgp)
1219 {
1220 struct listnode *node, *nnode;
1221 struct peer *peer = NULL;
1222
1223 if (bgp_debug_neighbor_events(peer))
1224 zlog_debug ("Checking update delay, T: %d R: %d I:%d E: %d", bgp->established,
1225 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1226
1227 if (bgp->established <=
1228 bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors)
1229 {
1230 /* This is an extra sanity check to make sure we wait for all the
1231 eligible configured peers. This check is performed if establish wait
1232 timer is on, or establish wait option is not given with the
1233 update-delay command */
1234 if (bgp->t_establish_wait ||
1235 (bgp->v_establish_wait == bgp->v_update_delay))
1236 for (ALL_LIST_ELEMENTS (bgp->peer, node, nnode, peer))
1237 {
1238 if (CHECK_FLAG(peer->flags, PEER_FLAG_CONFIG_NODE)
1239 && !CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)
1240 && !peer->update_delay_over)
1241 {
1242 if (bgp_debug_neighbor_events(peer))
1243 zlog_debug (" Peer %s pending, continuing read-only mode",
1244 peer->host);
1245 return;
1246 }
1247 }
1248
1249 zlog_info ("Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1250 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1251 bgp_update_delay_end(bgp);
1252 }
1253 }
1254
1255 /* Called if peer is known to have restarted. The restart-state bit in
1256 Graceful-Restart capability is used for that */
1257 void
1258 bgp_update_restarted_peers (struct peer *peer)
1259 {
1260 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1261 if (peer->update_delay_over) return; /* This peer has already been considered */
1262
1263 if (bgp_debug_neighbor_events(peer))
1264 zlog_debug ("Peer %s: Checking restarted", peer->host);
1265
1266 if (peer->status == Established)
1267 {
1268 peer->update_delay_over = 1;
1269 peer->bgp->restarted_peers++;
1270 bgp_check_update_delay(peer->bgp);
1271 }
1272 }
1273
1274 /* Called as peer receives a keep-alive. Determines if this occurence can be
1275 taken as an implicit EOR for this peer.
1276 NOTE: The very first keep-alive after the Established state of a peer is
1277 considered implicit EOR for the update-delay purposes */
1278 void
1279 bgp_update_implicit_eors (struct peer *peer)
1280 {
1281 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1282 if (peer->update_delay_over) return; /* This peer has already been considered */
1283
1284 if (bgp_debug_neighbor_events(peer))
1285 zlog_debug ("Peer %s: Checking implicit EORs", peer->host);
1286
1287 if (peer->status == Established)
1288 {
1289 peer->update_delay_over = 1;
1290 peer->bgp->implicit_eors++;
1291 bgp_check_update_delay(peer->bgp);
1292 }
1293 }
1294
1295 /* Should be called only when there is a change in the EOR_RECEIVED status
1296 for any afi/safi on a peer */
1297 static void
1298 bgp_update_explicit_eors (struct peer *peer)
1299 {
1300 afi_t afi;
1301 safi_t safi;
1302
1303 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1304 if (peer->update_delay_over) return; /* This peer has already been considered */
1305
1306 if (bgp_debug_neighbor_events(peer))
1307 zlog_debug ("Peer %s: Checking explicit EORs", peer->host);
1308
1309 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1310 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
1311 {
1312 if (peer->afc_nego[afi][safi] &&
1313 !CHECK_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1314 {
1315 if (bgp_debug_neighbor_events(peer))
1316 zlog_debug (" afi %d safi %d didnt receive EOR", afi, safi);
1317 return;
1318 }
1319 }
1320
1321 peer->update_delay_over = 1;
1322 peer->bgp->explicit_eors++;
1323 bgp_check_update_delay(peer->bgp);
1324 }
1325
1326 /* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers */
1327 int
1328 bgp_nlri_parse (struct peer *peer, struct attr *attr, struct bgp_nlri *packet)
1329 {
1330 switch (packet->safi)
1331 {
1332 case SAFI_UNICAST:
1333 case SAFI_MULTICAST:
1334 return bgp_nlri_parse_ip (peer, attr, packet);
1335 case SAFI_MPLS_VPN:
1336 case SAFI_MPLS_LABELED_VPN:
1337 return bgp_nlri_parse_vpn (peer, attr, packet);
1338 case SAFI_ENCAP:
1339 return bgp_nlri_parse_encap (peer, attr, packet);
1340 }
1341 return -1;
1342 }
1343
1344 /* Parse BGP Update packet and make attribute object. */
1345 static int
1346 bgp_update_receive (struct peer *peer, bgp_size_t size)
1347 {
1348 int ret, nlri_ret;
1349 u_char *end;
1350 struct stream *s;
1351 struct attr attr;
1352 struct attr_extra extra;
1353 bgp_size_t attribute_len;
1354 bgp_size_t update_len;
1355 bgp_size_t withdraw_len;
1356
1357 enum NLRI_TYPES {
1358 NLRI_UPDATE,
1359 NLRI_WITHDRAW,
1360 NLRI_MP_UPDATE,
1361 NLRI_MP_WITHDRAW,
1362 NLRI_TYPE_MAX
1363 };
1364 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1365
1366 /* Status must be Established. */
1367 if (peer->status != Established)
1368 {
1369 zlog_err ("%s [FSM] Update packet received under status %s",
1370 peer->host, LOOKUP (bgp_status_msg, peer->status));
1371 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1372 return -1;
1373 }
1374
1375 /* Set initial values. */
1376 memset (&attr, 0, sizeof (struct attr));
1377 memset (&extra, 0, sizeof (struct attr_extra));
1378 memset (&nlris, 0, sizeof (nlris));
1379 attr.extra = &extra;
1380 memset (peer->rcvd_attr_str, 0, BUFSIZ);
1381 peer->rcvd_attr_printed = 0;
1382
1383 s = peer->ibuf;
1384 end = stream_pnt (s) + size;
1385
1386 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1387 Length is too large (i.e., if Unfeasible Routes Length + Total
1388 Attribute Length + 23 exceeds the message Length), then the Error
1389 Subcode is set to Malformed Attribute List. */
1390 if (stream_pnt (s) + 2 > end)
1391 {
1392 zlog_err ("%s [Error] Update packet error"
1393 " (packet length is short for unfeasible length)",
1394 peer->host);
1395 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1396 BGP_NOTIFY_UPDATE_MAL_ATTR);
1397 return -1;
1398 }
1399
1400 /* Unfeasible Route Length. */
1401 withdraw_len = stream_getw (s);
1402
1403 /* Unfeasible Route Length check. */
1404 if (stream_pnt (s) + withdraw_len > end)
1405 {
1406 zlog_err ("%s [Error] Update packet error"
1407 " (packet unfeasible length overflow %d)",
1408 peer->host, withdraw_len);
1409 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1410 BGP_NOTIFY_UPDATE_MAL_ATTR);
1411 return -1;
1412 }
1413
1414 /* Unfeasible Route packet format check. */
1415 if (withdraw_len > 0)
1416 {
1417 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1418 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1419 nlris[NLRI_WITHDRAW].nlri = stream_pnt (s);
1420 nlris[NLRI_WITHDRAW].length = withdraw_len;
1421 stream_forward_getp (s, withdraw_len);
1422 }
1423
1424 /* Attribute total length check. */
1425 if (stream_pnt (s) + 2 > end)
1426 {
1427 zlog_warn ("%s [Error] Packet Error"
1428 " (update packet is short for attribute length)",
1429 peer->host);
1430 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1431 BGP_NOTIFY_UPDATE_MAL_ATTR);
1432 return -1;
1433 }
1434
1435 /* Fetch attribute total length. */
1436 attribute_len = stream_getw (s);
1437
1438 /* Attribute length check. */
1439 if (stream_pnt (s) + attribute_len > end)
1440 {
1441 zlog_warn ("%s [Error] Packet Error"
1442 " (update packet attribute length overflow %d)",
1443 peer->host, attribute_len);
1444 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1445 BGP_NOTIFY_UPDATE_MAL_ATTR);
1446 return -1;
1447 }
1448
1449 /* Certain attribute parsing errors should not be considered bad enough
1450 * to reset the session for, most particularly any partial/optional
1451 * attributes that have 'tunneled' over speakers that don't understand
1452 * them. Instead we withdraw only the prefix concerned.
1453 *
1454 * Complicates the flow a little though..
1455 */
1456 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1457 /* This define morphs the update case into a withdraw when lower levels
1458 * have signalled an error condition where this is best.
1459 */
1460 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1461
1462 /* Parse attribute when it exists. */
1463 if (attribute_len)
1464 {
1465 attr_parse_ret = bgp_attr_parse (peer, &attr, attribute_len,
1466 &nlris[NLRI_MP_UPDATE], &nlris[NLRI_MP_WITHDRAW]);
1467 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR)
1468 {
1469 bgp_attr_unintern_sub (&attr);
1470 return -1;
1471 }
1472 }
1473
1474 /* Logging the attribute. */
1475 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW ||
1476 BGP_DEBUG (update, UPDATE_IN) ||
1477 BGP_DEBUG (update, UPDATE_PREFIX))
1478 {
1479 ret = bgp_dump_attr (peer, &attr, peer->rcvd_attr_str, BUFSIZ);
1480
1481 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1482 zlog_err ("%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1483 peer->host);
1484
1485 if (ret && bgp_debug_update(peer, NULL, NULL, 1))
1486 {
1487 zlog_debug ("%s rcvd UPDATE w/ attr: %s", peer->host, peer->rcvd_attr_str);
1488 peer->rcvd_attr_printed = 1;
1489 }
1490 }
1491
1492 /* Network Layer Reachability Information. */
1493 update_len = end - stream_pnt (s);
1494
1495 if (update_len)
1496 {
1497 /* Set NLRI portion to structure. */
1498 nlris[NLRI_UPDATE].afi = AFI_IP;
1499 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1500 nlris[NLRI_UPDATE].nlri = stream_pnt (s);
1501 nlris[NLRI_UPDATE].length = update_len;
1502 stream_forward_getp (s, update_len);
1503 }
1504
1505 if (BGP_DEBUG (update, UPDATE_IN))
1506 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1507 peer->host, withdraw_len, attribute_len, update_len);
1508
1509 /* Parse any given NLRIs */
1510 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++)
1511 {
1512 if (!nlris[i].nlri)
1513 continue;
1514
1515 /* We use afi and safi as indices into tables and what not. It would
1516 * be impossible, at this time, to support unknown afi/safis. And
1517 * anyway, the peer needs to be configured to enable the afi/safi
1518 * explicitly which requires UI support.
1519 *
1520 * Ignore unknown afi/safi NLRIs.
1521 *
1522 * Note: This means nlri[x].afi/safi still can not be trusted for
1523 * indexing later in this function!
1524 *
1525 * Note2: This will also remap the wire code-point for VPN safi to the
1526 * internal safi_t point, as needs be.
1527 */
1528 if(!bgp_afi_safi_valid_indices (nlris[i].afi, &nlris[i].safi))
1529 {
1530 zlog_info ("%s [Info] UPDATE with unsupported AFI/SAFI %u/%u",
1531 peer->host, nlris[i].afi, nlris[i].safi);
1532 continue;
1533 }
1534
1535 /* NLRI is processed iff the peer if configured for the specific afi/safi */
1536 if (!peer->afc[nlris[i].afi][nlris[i].safi])
1537 {
1538 zlog_info ("%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1539 peer->host, nlris[i].afi, nlris[i].safi);
1540 continue;
1541 }
1542
1543 /* EoR handled later */
1544 if (nlris[i].length == 0)
1545 continue;
1546
1547 switch (i)
1548 {
1549 case NLRI_UPDATE:
1550 case NLRI_MP_UPDATE:
1551 nlri_ret = bgp_nlri_parse (peer, NLRI_ATTR_ARG, &nlris[i]);
1552 break;
1553 case NLRI_WITHDRAW:
1554 case NLRI_MP_WITHDRAW:
1555 nlri_ret = bgp_nlri_parse (peer, NULL, &nlris[i]);
1556 break;
1557 default:
1558 nlri_ret = -1;
1559 }
1560
1561 if (nlri_ret < 0)
1562 {
1563 zlog_err("%s [Error] Error parsing NLRI", peer->host);
1564 if (peer->status == Established)
1565 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1566 i <= NLRI_WITHDRAW ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1567 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1568 bgp_attr_unintern_sub (&attr);
1569 return -1;
1570 }
1571 }
1572
1573 /* EoR checks
1574 *
1575 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1576 * and MP EoR should have only an empty MP_UNREACH
1577 */
1578 if (!update_len && !withdraw_len
1579 && nlris[NLRI_MP_UPDATE].length == 0)
1580 {
1581 afi_t afi = 0;
1582 safi_t safi;
1583
1584 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already checked
1585 * update and withdraw NLRI lengths are 0.
1586 */
1587 if (!attribute_len)
1588 {
1589 afi = AFI_IP;
1590 safi = SAFI_UNICAST;
1591 }
1592 else if (attr.flag & ATTR_FLAG_BIT (BGP_ATTR_MP_UNREACH_NLRI)
1593 && nlris[NLRI_MP_WITHDRAW].length == 0
1594 && bgp_afi_safi_valid_indices (nlris[NLRI_MP_WITHDRAW].afi,
1595 &nlris[NLRI_MP_WITHDRAW].safi))
1596 {
1597 afi = nlris[NLRI_MP_WITHDRAW].afi;
1598 safi = nlris[NLRI_MP_WITHDRAW].safi;
1599 }
1600
1601 if (afi && peer->afc[afi][safi])
1602 {
1603 /* End-of-RIB received */
1604 if (!CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1605 {
1606 SET_FLAG (peer->af_sflags[afi][safi],
1607 PEER_STATUS_EOR_RECEIVED);
1608 bgp_update_explicit_eors(peer);
1609 }
1610
1611 /* NSF delete stale route */
1612 if (peer->nsf[afi][safi])
1613 bgp_clear_stale_route (peer, afi, safi);
1614
1615 if (bgp_debug_neighbor_events(peer))
1616 {
1617 zlog_debug ("rcvd End-of-RIB for %s from %s",
1618 afi_safi_print (afi, safi), peer->host);
1619 }
1620 }
1621 }
1622
1623 /* Everything is done. We unintern temporary structures which
1624 interned in bgp_attr_parse(). */
1625 bgp_attr_unintern_sub (&attr);
1626
1627 /* If peering is stopped due to some reason, do not generate BGP
1628 event. */
1629 if (peer->status != Established)
1630 return 0;
1631
1632 /* Increment packet counter. */
1633 peer->update_in++;
1634 peer->update_time = bgp_clock ();
1635
1636 /* Rearm holdtime timer */
1637 BGP_TIMER_OFF (peer->t_holdtime);
1638 bgp_timer_set (peer);
1639
1640 return 0;
1641 }
1642
1643 /* Notify message treatment function. */
1644 static void
1645 bgp_notify_receive (struct peer *peer, bgp_size_t size)
1646 {
1647 struct bgp_notify bgp_notify;
1648
1649 if (peer->notify.data)
1650 {
1651 XFREE (MTYPE_TMP, peer->notify.data);
1652 peer->notify.data = NULL;
1653 peer->notify.length = 0;
1654 }
1655
1656 bgp_notify.code = stream_getc (peer->ibuf);
1657 bgp_notify.subcode = stream_getc (peer->ibuf);
1658 bgp_notify.length = size - 2;
1659 bgp_notify.data = NULL;
1660
1661 /* Preserv notify code and sub code. */
1662 peer->notify.code = bgp_notify.code;
1663 peer->notify.subcode = bgp_notify.subcode;
1664 /* For further diagnostic record returned Data. */
1665 if (bgp_notify.length)
1666 {
1667 peer->notify.length = size - 2;
1668 peer->notify.data = XMALLOC (MTYPE_TMP, size - 2);
1669 memcpy (peer->notify.data, stream_pnt (peer->ibuf), size - 2);
1670 }
1671
1672 /* For debug */
1673 {
1674 int i;
1675 int first = 0;
1676 char c[4];
1677
1678 if (bgp_notify.length)
1679 {
1680 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
1681 for (i = 0; i < bgp_notify.length; i++)
1682 if (first)
1683 {
1684 sprintf (c, " %02x", stream_getc (peer->ibuf));
1685 strcat (bgp_notify.data, c);
1686 }
1687 else
1688 {
1689 first = 1;
1690 sprintf (c, "%02x", stream_getc (peer->ibuf));
1691 strcpy (bgp_notify.data, c);
1692 }
1693 }
1694
1695 bgp_notify_print(peer, &bgp_notify, "received");
1696 if (bgp_notify.data)
1697 {
1698 XFREE (MTYPE_TMP, bgp_notify.data);
1699 bgp_notify.data = NULL;
1700 bgp_notify.length = 0;
1701 }
1702 }
1703
1704 /* peer count update */
1705 peer->notify_in++;
1706
1707 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1708
1709 /* We have to check for Notify with Unsupported Optional Parameter.
1710 in that case we fallback to open without the capability option.
1711 But this done in bgp_stop. We just mark it here to avoid changing
1712 the fsm tables. */
1713 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR &&
1714 bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM )
1715 UNSET_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1716
1717 BGP_EVENT_ADD (peer, Receive_NOTIFICATION_message);
1718 }
1719
1720 /* Keepalive treatment function -- get keepalive send keepalive */
1721 static void
1722 bgp_keepalive_receive (struct peer *peer, bgp_size_t size)
1723 {
1724 if (bgp_debug_keepalive(peer))
1725 zlog_debug ("%s KEEPALIVE rcvd", peer->host);
1726
1727 BGP_EVENT_ADD (peer, Receive_KEEPALIVE_message);
1728 }
1729
1730 /* Route refresh message is received. */
1731 static void
1732 bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
1733 {
1734 afi_t afi;
1735 safi_t safi;
1736 struct stream *s;
1737 struct peer_af *paf;
1738 struct update_group *updgrp;
1739 struct peer *updgrp_peer;
1740
1741 /* If peer does not have the capability, send notification. */
1742 if (! CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_ADV))
1743 {
1744 zlog_err ("%s [Error] BGP route refresh is not enabled",
1745 peer->host);
1746 bgp_notify_send (peer,
1747 BGP_NOTIFY_HEADER_ERR,
1748 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1749 return;
1750 }
1751
1752 /* Status must be Established. */
1753 if (peer->status != Established)
1754 {
1755 zlog_err ("%s [Error] Route refresh packet received under status %s",
1756 peer->host, LOOKUP (bgp_status_msg, peer->status));
1757 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1758 return;
1759 }
1760
1761 s = peer->ibuf;
1762
1763 /* Parse packet. */
1764 afi = stream_getw (s);
1765 (void)stream_getc (s);
1766 safi = stream_getc (s);
1767
1768 if (bgp_debug_update(peer, NULL, NULL, 0))
1769 zlog_debug ("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1770 peer->host, afi, safi);
1771
1772 /* Check AFI and SAFI. */
1773 if ((afi != AFI_IP && afi != AFI_IP6)
1774 || (safi != SAFI_UNICAST && safi != SAFI_MULTICAST
1775 && safi != SAFI_MPLS_LABELED_VPN))
1776 {
1777 zlog_info ("%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1778 peer->host, afi, safi);
1779 return;
1780 }
1781
1782 /* Adjust safi code. */
1783 if (safi == SAFI_MPLS_LABELED_VPN)
1784 safi = SAFI_MPLS_VPN;
1785
1786 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1787 {
1788 u_char *end;
1789 u_char when_to_refresh;
1790 u_char orf_type;
1791 u_int16_t orf_len;
1792
1793 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) < 5)
1794 {
1795 zlog_info ("%s ORF route refresh length error", peer->host);
1796 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1797 return;
1798 }
1799
1800 when_to_refresh = stream_getc (s);
1801 end = stream_pnt (s) + (size - 5);
1802
1803 while ((stream_pnt (s) + 2) < end)
1804 {
1805 orf_type = stream_getc (s);
1806 orf_len = stream_getw (s);
1807
1808 /* orf_len in bounds? */
1809 if ((stream_pnt (s) + orf_len) > end)
1810 break; /* XXX: Notify instead?? */
1811 if (orf_type == ORF_TYPE_PREFIX
1812 || orf_type == ORF_TYPE_PREFIX_OLD)
1813 {
1814 uint8_t *p_pnt = stream_pnt (s);
1815 uint8_t *p_end = stream_pnt (s) + orf_len;
1816 struct orf_prefix orfp;
1817 u_char common = 0;
1818 u_int32_t seq;
1819 int psize;
1820 char name[BUFSIZ];
1821 int ret = CMD_SUCCESS;
1822
1823 if (bgp_debug_neighbor_events(peer))
1824 {
1825 zlog_debug ("%s rcvd Prefixlist ORF(%d) length %d",
1826 peer->host, orf_type, orf_len);
1827 }
1828
1829 /* we're going to read at least 1 byte of common ORF header,
1830 * and 7 bytes of ORF Address-filter entry from the stream
1831 */
1832 if (orf_len < 7)
1833 break;
1834
1835 /* ORF prefix-list name */
1836 sprintf (name, "%s.%d.%d", peer->host, afi, safi);
1837
1838 while (p_pnt < p_end)
1839 {
1840 /* If the ORF entry is malformed, want to read as much of it
1841 * as possible without going beyond the bounds of the entry,
1842 * to maximise debug information.
1843 */
1844 int ok;
1845 memset (&orfp, 0, sizeof (struct orf_prefix));
1846 common = *p_pnt++;
1847 /* after ++: p_pnt <= p_end */
1848 if (common & ORF_COMMON_PART_REMOVE_ALL)
1849 {
1850 if (bgp_debug_neighbor_events(peer))
1851 zlog_debug ("%s rcvd Remove-All pfxlist ORF request", peer->host);
1852 prefix_bgp_orf_remove_all (afi, name);
1853 break;
1854 }
1855 ok = ((u_int32_t)(p_end - p_pnt) >= sizeof(u_int32_t)) ;
1856 if (ok)
1857 {
1858 memcpy (&seq, p_pnt, sizeof (u_int32_t));
1859 p_pnt += sizeof (u_int32_t);
1860 orfp.seq = ntohl (seq);
1861 }
1862 else
1863 p_pnt = p_end ;
1864
1865 if ((ok = (p_pnt < p_end)))
1866 orfp.ge = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1867 if ((ok = (p_pnt < p_end)))
1868 orfp.le = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1869 if ((ok = (p_pnt < p_end)))
1870 orfp.p.prefixlen = *p_pnt++ ;
1871 orfp.p.family = afi2family (afi); /* afi checked already */
1872
1873 psize = PSIZE (orfp.p.prefixlen); /* 0 if not ok */
1874 if (psize > prefix_blen(&orfp.p)) /* valid for family ? */
1875 {
1876 ok = 0 ;
1877 psize = prefix_blen(&orfp.p) ;
1878 }
1879 if (psize > (p_end - p_pnt)) /* valid for packet ? */
1880 {
1881 ok = 0 ;
1882 psize = p_end - p_pnt ;
1883 }
1884
1885 if (psize > 0)
1886 memcpy (&orfp.p.u.prefix, p_pnt, psize);
1887 p_pnt += psize;
1888
1889 if (bgp_debug_neighbor_events(peer))
1890 {
1891 char buf[INET6_BUFSIZ];
1892
1893 zlog_debug ("%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1894 peer->host,
1895 (common & ORF_COMMON_PART_REMOVE ? "Remove" : "Add"),
1896 (common & ORF_COMMON_PART_DENY ? "deny" : "permit"),
1897 orfp.seq,
1898 inet_ntop (orfp.p.family, &orfp.p.u.prefix, buf, INET6_BUFSIZ),
1899 orfp.p.prefixlen, orfp.ge, orfp.le,
1900 ok ? "" : " MALFORMED");
1901 }
1902
1903 if (ok)
1904 ret = prefix_bgp_orf_set (name, afi, &orfp,
1905 (common & ORF_COMMON_PART_DENY ? 0 : 1 ),
1906 (common & ORF_COMMON_PART_REMOVE ? 0 : 1));
1907
1908 if (!ok || (ok && ret != CMD_SUCCESS))
1909 {
1910 zlog_info ("%s Received misformatted prefixlist ORF."
1911 " Remove All pfxlist", peer->host);
1912 prefix_bgp_orf_remove_all (afi, name);
1913 break;
1914 }
1915 }
1916
1917 peer->orf_plist[afi][safi] = prefix_bgp_orf_lookup (afi, name);
1918 }
1919 stream_forward_getp (s, orf_len);
1920 }
1921 if (bgp_debug_neighbor_events(peer))
1922 zlog_debug ("%s rcvd Refresh %s ORF request", peer->host,
1923 when_to_refresh == REFRESH_DEFER ? "Defer" : "Immediate");
1924 if (when_to_refresh == REFRESH_DEFER)
1925 return;
1926 }
1927
1928 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1929 if (CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH))
1930 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH);
1931
1932 paf = peer_af_find (peer, afi, safi);
1933 if (paf && paf->subgroup)
1934 {
1935 if (peer->orf_plist[afi][safi])
1936 {
1937 updgrp = PAF_UPDGRP(paf);
1938 updgrp_peer = UPDGRP_PEER(updgrp);
1939 updgrp_peer->orf_plist[afi][safi] = peer->orf_plist[afi][safi];
1940 }
1941
1942 /* If the peer is configured for default-originate clear the
1943 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
1944 * default
1945 */
1946 if (CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
1947 UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
1948 }
1949
1950 /* Perform route refreshment to the peer */
1951 bgp_announce_route (peer, afi, safi);
1952 }
1953
1954 static int
1955 bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
1956 {
1957 u_char *end;
1958 struct capability_mp_data mpc;
1959 struct capability_header *hdr;
1960 u_char action;
1961 afi_t afi;
1962 safi_t safi;
1963
1964 end = pnt + length;
1965
1966 while (pnt < end)
1967 {
1968 /* We need at least action, capability code and capability length. */
1969 if (pnt + 3 > end)
1970 {
1971 zlog_info ("%s Capability length error", peer->host);
1972 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1973 return -1;
1974 }
1975 action = *pnt;
1976 hdr = (struct capability_header *)(pnt + 1);
1977
1978 /* Action value check. */
1979 if (action != CAPABILITY_ACTION_SET
1980 && action != CAPABILITY_ACTION_UNSET)
1981 {
1982 zlog_info ("%s Capability Action Value error %d",
1983 peer->host, action);
1984 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1985 return -1;
1986 }
1987
1988 if (bgp_debug_neighbor_events(peer))
1989 zlog_debug ("%s CAPABILITY has action: %d, code: %u, length %u",
1990 peer->host, action, hdr->code, hdr->length);
1991
1992 /* Capability length check. */
1993 if ((pnt + hdr->length + 3) > end)
1994 {
1995 zlog_info ("%s Capability length error", peer->host);
1996 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1997 return -1;
1998 }
1999
2000 /* Fetch structure to the byte stream. */
2001 memcpy (&mpc, pnt + 3, sizeof (struct capability_mp_data));
2002
2003 /* We know MP Capability Code. */
2004 if (hdr->code == CAPABILITY_CODE_MP)
2005 {
2006 afi = ntohs (mpc.afi);
2007 safi = mpc.safi;
2008
2009 /* Ignore capability when override-capability is set. */
2010 if (CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
2011 continue;
2012
2013 if (!bgp_afi_safi_valid_indices (afi, &safi))
2014 {
2015 if (bgp_debug_neighbor_events(peer))
2016 zlog_debug ("%s Dynamic Capability MP_EXT afi/safi invalid "
2017 "(%u/%u)", peer->host, afi, safi);
2018 continue;
2019 }
2020
2021 /* Address family check. */
2022 if (bgp_debug_neighbor_events(peer))
2023 zlog_debug ("%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2024 peer->host,
2025 action == CAPABILITY_ACTION_SET
2026 ? "Advertising" : "Removing",
2027 ntohs(mpc.afi) , mpc.safi);
2028
2029 if (action == CAPABILITY_ACTION_SET)
2030 {
2031 peer->afc_recv[afi][safi] = 1;
2032 if (peer->afc[afi][safi])
2033 {
2034 peer->afc_nego[afi][safi] = 1;
2035 bgp_announce_route (peer, afi, safi);
2036 }
2037 }
2038 else
2039 {
2040 peer->afc_recv[afi][safi] = 0;
2041 peer->afc_nego[afi][safi] = 0;
2042
2043 if (peer_active_nego (peer))
2044 bgp_clear_route (peer, afi, safi);
2045 else
2046 BGP_EVENT_ADD (peer, BGP_Stop);
2047 }
2048 }
2049 else
2050 {
2051 zlog_warn ("%s unrecognized capability code: %d - ignored",
2052 peer->host, hdr->code);
2053 }
2054 pnt += hdr->length + 3;
2055 }
2056 return 0;
2057 }
2058
2059 /* Dynamic Capability is received.
2060 *
2061 * This is exported for unit-test purposes
2062 */
2063 int
2064 bgp_capability_receive (struct peer *peer, bgp_size_t size)
2065 {
2066 u_char *pnt;
2067
2068 /* Fetch pointer. */
2069 pnt = stream_pnt (peer->ibuf);
2070
2071 if (bgp_debug_neighbor_events(peer))
2072 zlog_debug ("%s rcv CAPABILITY", peer->host);
2073
2074 /* If peer does not have the capability, send notification. */
2075 if (! CHECK_FLAG (peer->cap, PEER_CAP_DYNAMIC_ADV))
2076 {
2077 zlog_err ("%s [Error] BGP dynamic capability is not enabled",
2078 peer->host);
2079 bgp_notify_send (peer,
2080 BGP_NOTIFY_HEADER_ERR,
2081 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2082 return -1;
2083 }
2084
2085 /* Status must be Established. */
2086 if (peer->status != Established)
2087 {
2088 zlog_err ("%s [Error] Dynamic capability packet received under status %s",
2089 peer->host, LOOKUP (bgp_status_msg, peer->status));
2090 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
2091 return -1;
2092 }
2093
2094 /* Parse packet. */
2095 return bgp_capability_msg_parse (peer, pnt, size);
2096 }
2097
2098 /* BGP read utility function. */
2099 static int
2100 bgp_read_packet (struct peer *peer)
2101 {
2102 int nbytes;
2103 int readsize;
2104
2105 readsize = peer->packet_size - stream_get_endp (peer->ibuf);
2106
2107 /* If size is zero then return. */
2108 if (! readsize)
2109 return 0;
2110
2111 /* Read packet from fd. */
2112 nbytes = stream_read_try (peer->ibuf, peer->fd, readsize);
2113
2114 /* If read byte is smaller than zero then error occured. */
2115 if (nbytes < 0)
2116 {
2117 /* Transient error should retry */
2118 if (nbytes == -2)
2119 return -1;
2120
2121 zlog_err ("%s [Error] bgp_read_packet error: %s",
2122 peer->host, safe_strerror (errno));
2123
2124 if (peer->status == Established)
2125 {
2126 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2127 {
2128 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2129 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2130 }
2131 else
2132 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2133 }
2134
2135 BGP_EVENT_ADD (peer, TCP_fatal_error);
2136 return -1;
2137 }
2138
2139 /* When read byte is zero : clear bgp peer and return */
2140 if (nbytes == 0)
2141 {
2142 if (bgp_debug_neighbor_events(peer))
2143 zlog_debug ("%s [Event] BGP connection closed fd %d",
2144 peer->host, peer->fd);
2145
2146 if (peer->status == Established)
2147 {
2148 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2149 {
2150 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2151 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2152 }
2153 else
2154 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2155 }
2156
2157 BGP_EVENT_ADD (peer, TCP_connection_closed);
2158 return -1;
2159 }
2160
2161 /* We read partial packet. */
2162 if (stream_get_endp (peer->ibuf) != peer->packet_size)
2163 return -1;
2164
2165 return 0;
2166 }
2167
2168 /* Marker check. */
2169 static int
2170 bgp_marker_all_one (struct stream *s, int length)
2171 {
2172 int i;
2173
2174 for (i = 0; i < length; i++)
2175 if (s->data[i] != 0xff)
2176 return 0;
2177
2178 return 1;
2179 }
2180
2181 /* Recent thread time.
2182 On same clock base as bgp_clock (MONOTONIC)
2183 but can be time of last context switch to bgp_read thread. */
2184 static time_t
2185 bgp_recent_clock (void)
2186 {
2187 return recent_relative_time().tv_sec;
2188 }
2189
2190 /* Starting point of packet process function. */
2191 int
2192 bgp_read (struct thread *thread)
2193 {
2194 int ret;
2195 u_char type = 0;
2196 struct peer *peer;
2197 bgp_size_t size;
2198 char notify_data_length[2];
2199 u_int32_t notify_out;
2200
2201 /* Yes first of all get peer pointer. */
2202 peer = THREAD_ARG (thread);
2203 peer->t_read = NULL;
2204
2205 /* Note notify_out so we can check later to see if we sent another one */
2206 notify_out = peer->notify_out;
2207
2208 /* For non-blocking IO check. */
2209 if (peer->status == Connect)
2210 {
2211 bgp_connect_check (peer, 1);
2212 goto done;
2213 }
2214 else
2215 {
2216 if (peer->fd < 0)
2217 {
2218 zlog_err ("bgp_read peer's fd is negative value %d", peer->fd);
2219 return -1;
2220 }
2221 BGP_READ_ON (peer->t_read, bgp_read, peer->fd);
2222 }
2223
2224 /* Read packet header to determine type of the packet */
2225 if (peer->packet_size == 0)
2226 peer->packet_size = BGP_HEADER_SIZE;
2227
2228 if (stream_get_endp (peer->ibuf) < BGP_HEADER_SIZE)
2229 {
2230 ret = bgp_read_packet (peer);
2231
2232 /* Header read error or partial read packet. */
2233 if (ret < 0)
2234 goto done;
2235
2236 /* Get size and type. */
2237 stream_forward_getp (peer->ibuf, BGP_MARKER_SIZE);
2238 memcpy (notify_data_length, stream_pnt (peer->ibuf), 2);
2239 size = stream_getw (peer->ibuf);
2240 type = stream_getc (peer->ibuf);
2241
2242 /* Marker check */
2243 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2244 && ! bgp_marker_all_one (peer->ibuf, BGP_MARKER_SIZE))
2245 {
2246 bgp_notify_send (peer,
2247 BGP_NOTIFY_HEADER_ERR,
2248 BGP_NOTIFY_HEADER_NOT_SYNC);
2249 goto done;
2250 }
2251
2252 /* BGP type check. */
2253 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2254 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2255 && type != BGP_MSG_ROUTE_REFRESH_NEW
2256 && type != BGP_MSG_ROUTE_REFRESH_OLD
2257 && type != BGP_MSG_CAPABILITY)
2258 {
2259 if (bgp_debug_neighbor_events(peer))
2260 zlog_debug ("%s unknown message type 0x%02x",
2261 peer->host, type);
2262 bgp_notify_send_with_data (peer,
2263 BGP_NOTIFY_HEADER_ERR,
2264 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2265 &type, 1);
2266 goto done;
2267 }
2268 /* Mimimum packet length check. */
2269 if ((size < BGP_HEADER_SIZE)
2270 || (size > BGP_MAX_PACKET_SIZE)
2271 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2272 || (type == BGP_MSG_UPDATE && size < BGP_MSG_UPDATE_MIN_SIZE)
2273 || (type == BGP_MSG_NOTIFY && size < BGP_MSG_NOTIFY_MIN_SIZE)
2274 || (type == BGP_MSG_KEEPALIVE && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2275 || (type == BGP_MSG_ROUTE_REFRESH_NEW && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2276 || (type == BGP_MSG_ROUTE_REFRESH_OLD && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2277 || (type == BGP_MSG_CAPABILITY && size < BGP_MSG_CAPABILITY_MIN_SIZE))
2278 {
2279 if (bgp_debug_neighbor_events(peer))
2280 zlog_debug ("%s bad message length - %d for %s",
2281 peer->host, size,
2282 type == 128 ? "ROUTE-REFRESH" :
2283 bgp_type_str[(int) type]);
2284 bgp_notify_send_with_data (peer,
2285 BGP_NOTIFY_HEADER_ERR,
2286 BGP_NOTIFY_HEADER_BAD_MESLEN,
2287 (u_char *) notify_data_length, 2);
2288 goto done;
2289 }
2290
2291 /* Adjust size to message length. */
2292 peer->packet_size = size;
2293 }
2294
2295 ret = bgp_read_packet (peer);
2296 if (ret < 0)
2297 goto done;
2298
2299 /* Get size and type again. */
2300 (void)stream_getw_from (peer->ibuf, BGP_MARKER_SIZE);
2301 type = stream_getc_from (peer->ibuf, BGP_MARKER_SIZE + 2);
2302
2303 /* BGP packet dump function. */
2304 bgp_dump_packet (peer, type, peer->ibuf);
2305
2306 size = (peer->packet_size - BGP_HEADER_SIZE);
2307
2308 /* Read rest of the packet and call each sort of packet routine */
2309 switch (type)
2310 {
2311 case BGP_MSG_OPEN:
2312 peer->open_in++;
2313 bgp_open_receive (peer, size); /* XXX return value ignored! */
2314 break;
2315 case BGP_MSG_UPDATE:
2316 peer->readtime = bgp_recent_clock ();
2317 bgp_update_receive (peer, size);
2318 break;
2319 case BGP_MSG_NOTIFY:
2320 bgp_notify_receive (peer, size);
2321 break;
2322 case BGP_MSG_KEEPALIVE:
2323 peer->readtime = bgp_recent_clock ();
2324 bgp_keepalive_receive (peer, size);
2325 break;
2326 case BGP_MSG_ROUTE_REFRESH_NEW:
2327 case BGP_MSG_ROUTE_REFRESH_OLD:
2328 peer->refresh_in++;
2329 bgp_route_refresh_receive (peer, size);
2330 break;
2331 case BGP_MSG_CAPABILITY:
2332 peer->dynamic_cap_in++;
2333 bgp_capability_receive (peer, size);
2334 break;
2335 }
2336
2337 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2338 * of the packet for troubleshooting purposes
2339 */
2340 if (notify_out < peer->notify_out)
2341 {
2342 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2343 peer->last_reset_cause_size = peer->packet_size;
2344 notify_out = peer->notify_out;
2345 }
2346
2347 /* Clear input buffer. */
2348 peer->packet_size = 0;
2349 if (peer->ibuf)
2350 stream_reset (peer->ibuf);
2351
2352 done:
2353 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2354 * of the packet for troubleshooting purposes
2355 */
2356 if (notify_out < peer->notify_out)
2357 {
2358 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2359 peer->last_reset_cause_size = peer->packet_size;
2360 }
2361
2362 return 0;
2363 }
FRRouting mirror