]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #6011 from patrasar/pim-no-msdp-group-cmd
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 * Contains utility functions for constructing and consuming BGP messages.
3 * Copyright (C) 2017 Cumulus Networks
4 * Copyright (C) 1999 Kunihiro Ishiguro
5 *
6 * This file is part of GNU Zebra.
7 *
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
11 * later version.
12 *
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 */
22
23 #include <zebra.h>
24 #include <sys/time.h>
25
26 #include "thread.h"
27 #include "stream.h"
28 #include "network.h"
29 #include "prefix.h"
30 #include "command.h"
31 #include "log.h"
32 #include "memory.h"
33 #include "sockunion.h" /* for inet_ntop () */
34 #include "sockopt.h"
35 #include "linklist.h"
36 #include "plist.h"
37 #include "queue.h"
38 #include "filter.h"
39 #include "lib_errors.h"
40
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_table.h"
43 #include "bgpd/bgp_dump.h"
44 #include "bgpd/bgp_bmp.h"
45 #include "bgpd/bgp_attr.h"
46 #include "bgpd/bgp_debug.h"
47 #include "bgpd/bgp_errors.h"
48 #include "bgpd/bgp_fsm.h"
49 #include "bgpd/bgp_route.h"
50 #include "bgpd/bgp_packet.h"
51 #include "bgpd/bgp_open.h"
52 #include "bgpd/bgp_aspath.h"
53 #include "bgpd/bgp_community.h"
54 #include "bgpd/bgp_ecommunity.h"
55 #include "bgpd/bgp_lcommunity.h"
56 #include "bgpd/bgp_network.h"
57 #include "bgpd/bgp_mplsvpn.h"
58 #include "bgpd/bgp_evpn.h"
59 #include "bgpd/bgp_advertise.h"
60 #include "bgpd/bgp_vty.h"
61 #include "bgpd/bgp_updgrp.h"
62 #include "bgpd/bgp_label.h"
63 #include "bgpd/bgp_io.h"
64 #include "bgpd/bgp_keepalives.h"
65 #include "bgpd/bgp_flowspec.h"
66
67 DEFINE_HOOK(bgp_packet_dump,
68 (struct peer *peer, uint8_t type, bgp_size_t size,
69 struct stream *s),
70 (peer, type, size, s))
71
72 DEFINE_HOOK(bgp_packet_send,
73 (struct peer *peer, uint8_t type, bgp_size_t size,
74 struct stream *s),
75 (peer, type, size, s))
76
77 /**
78 * Sets marker and type fields for a BGP message.
79 *
80 * @param s the stream containing the packet
81 * @param type the packet type
82 * @return the size of the stream
83 */
84 int bgp_packet_set_marker(struct stream *s, uint8_t type)
85 {
86 int i;
87
88 /* Fill in marker. */
89 for (i = 0; i < BGP_MARKER_SIZE; i++)
90 stream_putc(s, 0xff);
91
92 /* Dummy total length. This field is should be filled in later on. */
93 stream_putw(s, 0);
94
95 /* BGP packet type. */
96 stream_putc(s, type);
97
98 /* Return current stream size. */
99 return stream_get_endp(s);
100 }
101
102 /**
103 * Sets size field for a BGP message.
104 *
105 * Size field is set to the size of the stream passed.
106 *
107 * @param s the stream containing the packet
108 * @return the size of the stream
109 */
110 int bgp_packet_set_size(struct stream *s)
111 {
112 int cp;
113
114 /* Preserve current pointer. */
115 cp = stream_get_endp(s);
116 stream_putw_at(s, BGP_MARKER_SIZE, cp);
117
118 return cp;
119 }
120
121 /*
122 * Push a packet onto the beginning of the peer's output queue.
123 * This function acquires the peer's write mutex before proceeding.
124 */
125 static void bgp_packet_add(struct peer *peer, struct stream *s)
126 {
127 frr_with_mutex(&peer->io_mtx) {
128 stream_fifo_push(peer->obuf, s);
129 }
130 }
131
132 static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi,
133 safi_t safi)
134 {
135 struct stream *s;
136 iana_afi_t pkt_afi;
137 iana_safi_t pkt_safi;
138
139 if (DISABLE_BGP_ANNOUNCE)
140 return NULL;
141
142 if (bgp_debug_neighbor_events(peer))
143 zlog_debug("send End-of-RIB for %s to %s",
144 get_afi_safi_str(afi, safi, false), peer->host);
145
146 s = stream_new(BGP_MAX_PACKET_SIZE);
147
148 /* Make BGP update packet. */
149 bgp_packet_set_marker(s, BGP_MSG_UPDATE);
150
151 /* Unfeasible Routes Length */
152 stream_putw(s, 0);
153
154 if (afi == AFI_IP && safi == SAFI_UNICAST) {
155 /* Total Path Attribute Length */
156 stream_putw(s, 0);
157 } else {
158 /* Convert AFI, SAFI to values for packet. */
159 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
160
161 /* Total Path Attribute Length */
162 stream_putw(s, 6);
163 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
164 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
165 stream_putc(s, 3);
166 stream_putw(s, pkt_afi);
167 stream_putc(s, pkt_safi);
168 }
169
170 bgp_packet_set_size(s);
171 return s;
172 }
173
174 /* Called when there is a change in the EOR(implicit or explicit) status of a
175 * peer. Ends the update-delay if all expected peers are done with EORs. */
176 void bgp_check_update_delay(struct bgp *bgp)
177 {
178 struct listnode *node, *nnode;
179 struct peer *peer = NULL;
180
181 if (bgp_debug_neighbor_events(peer))
182 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
183 bgp->established, bgp->restarted_peers,
184 bgp->implicit_eors, bgp->explicit_eors);
185
186 if (bgp->established
187 <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) {
188 /*
189 * This is an extra sanity check to make sure we wait for all
190 * the eligible configured peers. This check is performed if
191 * establish wait timer is on, or establish wait option is not
192 * given with the update-delay command
193 */
194 if (bgp->t_establish_wait
195 || (bgp->v_establish_wait == bgp->v_update_delay))
196 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
197 if (CHECK_FLAG(peer->flags,
198 PEER_FLAG_CONFIG_NODE)
199 && !CHECK_FLAG(peer->flags,
200 PEER_FLAG_SHUTDOWN)
201 && !peer->update_delay_over) {
202 if (bgp_debug_neighbor_events(peer))
203 zlog_debug(
204 " Peer %s pending, continuing read-only mode",
205 peer->host);
206 return;
207 }
208 }
209
210 zlog_info(
211 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
212 bgp->restarted_peers, bgp->implicit_eors,
213 bgp->explicit_eors);
214 bgp_update_delay_end(bgp);
215 }
216 }
217
218 /*
219 * Called if peer is known to have restarted. The restart-state bit in
220 * Graceful-Restart capability is used for that
221 */
222 void bgp_update_restarted_peers(struct peer *peer)
223 {
224 if (!bgp_update_delay_active(peer->bgp))
225 return; /* BGP update delay has ended */
226 if (peer->update_delay_over)
227 return; /* This peer has already been considered */
228
229 if (bgp_debug_neighbor_events(peer))
230 zlog_debug("Peer %s: Checking restarted", peer->host);
231
232 if (peer->status == Established) {
233 peer->update_delay_over = 1;
234 peer->bgp->restarted_peers++;
235 bgp_check_update_delay(peer->bgp);
236 }
237 }
238
239 /*
240 * Called as peer receives a keep-alive. Determines if this occurence can be
241 * taken as an implicit EOR for this peer.
242 * NOTE: The very first keep-alive after the Established state of a peer is
243 * considered implicit EOR for the update-delay purposes
244 */
245 void bgp_update_implicit_eors(struct peer *peer)
246 {
247 if (!bgp_update_delay_active(peer->bgp))
248 return; /* BGP update delay has ended */
249 if (peer->update_delay_over)
250 return; /* This peer has already been considered */
251
252 if (bgp_debug_neighbor_events(peer))
253 zlog_debug("Peer %s: Checking implicit EORs", peer->host);
254
255 if (peer->status == Established) {
256 peer->update_delay_over = 1;
257 peer->bgp->implicit_eors++;
258 bgp_check_update_delay(peer->bgp);
259 }
260 }
261
262 /*
263 * Should be called only when there is a change in the EOR_RECEIVED status
264 * for any afi/safi on a peer.
265 */
266 static void bgp_update_explicit_eors(struct peer *peer)
267 {
268 afi_t afi;
269 safi_t safi;
270
271 if (!bgp_update_delay_active(peer->bgp))
272 return; /* BGP update delay has ended */
273 if (peer->update_delay_over)
274 return; /* This peer has already been considered */
275
276 if (bgp_debug_neighbor_events(peer))
277 zlog_debug("Peer %s: Checking explicit EORs", peer->host);
278
279 for (afi = AFI_IP; afi < AFI_MAX; afi++)
280 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
281 if (peer->afc_nego[afi][safi]
282 && !CHECK_FLAG(peer->af_sflags[afi][safi],
283 PEER_STATUS_EOR_RECEIVED)) {
284 if (bgp_debug_neighbor_events(peer))
285 zlog_debug(
286 " afi %d safi %d didn't receive EOR",
287 afi, safi);
288 return;
289 }
290 }
291
292 peer->update_delay_over = 1;
293 peer->bgp->explicit_eors++;
294 bgp_check_update_delay(peer->bgp);
295 }
296
297 /**
298 * Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers.
299 *
300 * mp_withdraw, if set, is used to nullify attr structure on most of the
301 * calling safi function and for evpn, passed as parameter
302 */
303 int bgp_nlri_parse(struct peer *peer, struct attr *attr,
304 struct bgp_nlri *packet, int mp_withdraw)
305 {
306 switch (packet->safi) {
307 case SAFI_UNICAST:
308 case SAFI_MULTICAST:
309 return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr,
310 packet);
311 case SAFI_LABELED_UNICAST:
312 return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr,
313 packet);
314 case SAFI_MPLS_VPN:
315 return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr,
316 packet);
317 case SAFI_EVPN:
318 return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw);
319 case SAFI_FLOWSPEC:
320 return bgp_nlri_parse_flowspec(peer, attr, packet, mp_withdraw);
321 }
322 return BGP_NLRI_PARSE_ERROR;
323 }
324
325 /*
326 * Checks a variety of conditions to determine whether the peer needs to be
327 * rescheduled for packet generation again, and does so if necessary.
328 *
329 * @param peer to check for rescheduling
330 */
331 static void bgp_write_proceed_actions(struct peer *peer)
332 {
333 afi_t afi;
334 safi_t safi;
335 struct peer_af *paf;
336 struct bpacket *next_pkt;
337 struct update_subgroup *subgrp;
338
339 FOREACH_AFI_SAFI (afi, safi) {
340 paf = peer_af_find(peer, afi, safi);
341 if (!paf)
342 continue;
343 subgrp = paf->subgroup;
344 if (!subgrp)
345 continue;
346
347 next_pkt = paf->next_pkt_to_send;
348 if (next_pkt && next_pkt->buffer) {
349 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
350 bgp_generate_updgrp_packets, 0);
351 return;
352 }
353
354 /* No packets readily available for AFI/SAFI, are there
355 * subgroup packets
356 * that need to be generated? */
357 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
358 SUBGRP_PKTQ(subgrp))
359 || subgroup_packets_to_build(subgrp)) {
360 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
361 bgp_generate_updgrp_packets, 0);
362 return;
363 }
364
365 /* No packets to send, see if EOR is pending */
366 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
367 if (!subgrp->t_coalesce && peer->afc_nego[afi][safi]
368 && peer->synctime
369 && !CHECK_FLAG(peer->af_sflags[afi][safi],
370 PEER_STATUS_EOR_SEND)
371 && safi != SAFI_MPLS_VPN) {
372 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
373 bgp_generate_updgrp_packets, 0);
374 return;
375 }
376 }
377 }
378 }
379
380 /*
381 * Generate advertisement information (withdraws, updates, EOR) from each
382 * update group a peer belongs to, encode this information into packets, and
383 * enqueue the packets onto the peer's output buffer.
384 */
385 int bgp_generate_updgrp_packets(struct thread *thread)
386 {
387 struct peer *peer = THREAD_ARG(thread);
388
389 struct stream *s;
390 struct peer_af *paf;
391 struct bpacket *next_pkt;
392 uint32_t wpq;
393 uint32_t generated = 0;
394 afi_t afi;
395 safi_t safi;
396
397 wpq = atomic_load_explicit(&peer->bgp->wpkt_quanta,
398 memory_order_relaxed);
399
400 /*
401 * The code beyond this part deals with update packets, proceed only
402 * if peer is Established and updates are not on hold (as part of
403 * update-delay post processing).
404 */
405 if (peer->status != Established)
406 return 0;
407
408 if (peer->bgp->main_peers_update_hold)
409 return 0;
410
411 do {
412 s = NULL;
413 FOREACH_AFI_SAFI (afi, safi) {
414 paf = peer_af_find(peer, afi, safi);
415 if (!paf || !PAF_SUBGRP(paf))
416 continue;
417 next_pkt = paf->next_pkt_to_send;
418
419 /*
420 * Try to generate a packet for the peer if we are at
421 * the end of the list. Always try to push out
422 * WITHDRAWs first.
423 */
424 if (!next_pkt || !next_pkt->buffer) {
425 next_pkt = subgroup_withdraw_packet(
426 PAF_SUBGRP(paf));
427 if (!next_pkt || !next_pkt->buffer)
428 subgroup_update_packet(PAF_SUBGRP(paf));
429 next_pkt = paf->next_pkt_to_send;
430 }
431
432 /*
433 * If we still don't have a packet to send to the peer,
434 * then try to find out out if we have to send eor or
435 * if not, skip to the next AFI, SAFI. Don't send the
436 * EOR prematurely; if the subgroup's coalesce timer is
437 * running, the adjacency-out structure is not created
438 * yet.
439 */
440 if (!next_pkt || !next_pkt->buffer) {
441 if (CHECK_FLAG(peer->cap,
442 PEER_CAP_RESTART_RCV)) {
443 if (!(PAF_SUBGRP(paf))->t_coalesce
444 && peer->afc_nego[afi][safi]
445 && peer->synctime
446 && !CHECK_FLAG(
447 peer->af_sflags[afi][safi],
448 PEER_STATUS_EOR_SEND)) {
449 /* If EOR is disabled,
450 * the message is not sent
451 */
452 if (BGP_SEND_EOR(peer->bgp, afi,
453 safi)) {
454 SET_FLAG(
455 peer->af_sflags
456 [afi]
457 [safi],
458 PEER_STATUS_EOR_SEND);
459
460 /* Update EOR
461 * send time
462 */
463 peer->eor_stime[afi]
464 [safi] =
465 monotime(NULL);
466
467 BGP_UPDATE_EOR_PKT(
468 peer, afi, safi,
469 s);
470 }
471 }
472 }
473 continue;
474 }
475
476 /* Update packet send time */
477 peer->pkt_stime[afi][safi] = monotime(NULL);
478
479 /* Found a packet template to send, overwrite
480 * packet with appropriate attributes from peer
481 * and advance peer */
482 s = bpacket_reformat_for_peer(next_pkt, paf);
483 bgp_packet_add(peer, s);
484 bpacket_queue_advance_peer(paf);
485 }
486 } while (s && (++generated < wpq));
487
488 if (generated)
489 bgp_writes_on(peer);
490
491 bgp_write_proceed_actions(peer);
492
493 return 0;
494 }
495
496 /*
497 * Creates a BGP Keepalive packet and appends it to the peer's output queue.
498 */
499 void bgp_keepalive_send(struct peer *peer)
500 {
501 struct stream *s;
502
503 s = stream_new(BGP_MAX_PACKET_SIZE);
504
505 /* Make keepalive packet. */
506 bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE);
507
508 /* Set packet size. */
509 (void)bgp_packet_set_size(s);
510
511 /* Dump packet if debug option is set. */
512 /* bgp_packet_dump (s); */
513
514 if (bgp_debug_keepalive(peer))
515 zlog_debug("%s sending KEEPALIVE", peer->host);
516
517 /* Add packet to the peer. */
518 bgp_packet_add(peer, s);
519
520 bgp_writes_on(peer);
521 }
522
523 /*
524 * Creates a BGP Open packet and appends it to the peer's output queue.
525 * Sets capabilities as necessary.
526 */
527 void bgp_open_send(struct peer *peer)
528 {
529 struct stream *s;
530 uint16_t send_holdtime;
531 as_t local_as;
532
533 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
534 send_holdtime = peer->holdtime;
535 else
536 send_holdtime = peer->bgp->default_holdtime;
537
538 /* local-as Change */
539 if (peer->change_local_as)
540 local_as = peer->change_local_as;
541 else
542 local_as = peer->local_as;
543
544 s = stream_new(BGP_MAX_PACKET_SIZE);
545
546 /* Make open packet. */
547 bgp_packet_set_marker(s, BGP_MSG_OPEN);
548
549 /* Set open packet values. */
550 stream_putc(s, BGP_VERSION_4); /* BGP version */
551 stream_putw(s, (local_as <= BGP_AS_MAX) ? (uint16_t)local_as
552 : BGP_AS_TRANS);
553 stream_putw(s, send_holdtime); /* Hold Time */
554 stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */
555
556 /* Set capability code. */
557 bgp_open_capability(s, peer);
558
559 /* Set BGP packet length. */
560 (void)bgp_packet_set_size(s);
561
562 if (bgp_debug_neighbor_events(peer))
563 zlog_debug(
564 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
565 peer->host, BGP_VERSION_4, local_as, send_holdtime,
566 inet_ntoa(peer->local_id));
567
568 /* Dump packet if debug option is set. */
569 /* bgp_packet_dump (s); */
570 hook_call(bgp_packet_send, peer, BGP_MSG_OPEN, stream_get_endp(s), s);
571
572 /* Add packet to the peer. */
573 bgp_packet_add(peer, s);
574
575 bgp_writes_on(peer);
576 }
577
578 /*
579 * Writes NOTIFICATION message directly to a peer socket without waiting for
580 * the I/O thread.
581 *
582 * There must be exactly one stream on the peer->obuf FIFO, and the data within
583 * this stream must match the format of a BGP NOTIFICATION message.
584 * Transmission is best-effort.
585 *
586 * @requires peer->io_mtx
587 * @param peer
588 * @return 0
589 */
590 static void bgp_write_notify(struct peer *peer)
591 {
592 int ret, val;
593 uint8_t type;
594 struct stream *s;
595
596 /* There should be at least one packet. */
597 s = stream_fifo_pop(peer->obuf);
598
599 if (!s)
600 return;
601
602 assert(stream_get_endp(s) >= BGP_HEADER_SIZE);
603
604 /* Stop collecting data within the socket */
605 sockopt_cork(peer->fd, 0);
606
607 /*
608 * socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
609 * we only care about getting a clean shutdown at this point.
610 */
611 ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s));
612
613 /*
614 * only connection reset/close gets counted as TCP_fatal_error, failure
615 * to write the entire NOTIFY doesn't get different FSM treatment
616 */
617 if (ret <= 0) {
618 stream_free(s);
619 BGP_EVENT_ADD(peer, TCP_fatal_error);
620 return;
621 }
622
623 /* Disable Nagle, make NOTIFY packet go out right away */
624 val = 1;
625 (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val,
626 sizeof(val));
627
628 /* Retrieve BGP packet type. */
629 stream_set_getp(s, BGP_MARKER_SIZE + 2);
630 type = stream_getc(s);
631
632 assert(type == BGP_MSG_NOTIFY);
633
634 /* Type should be notify. */
635 atomic_fetch_add_explicit(&peer->notify_out, 1, memory_order_relaxed);
636 peer->notify_out++;
637
638 /* Double start timer. */
639 peer->v_start *= 2;
640
641 /* Overflow check. */
642 if (peer->v_start >= (60 * 2))
643 peer->v_start = (60 * 2);
644
645 /*
646 * Handle Graceful Restart case where the state changes to
647 * Connect instead of Idle
648 */
649 BGP_EVENT_ADD(peer, BGP_Stop);
650
651 stream_free(s);
652 }
653
654 /*
655 * Creates a BGP Notify and appends it to the peer's output queue.
656 *
657 * This function attempts to write the packet from the thread it is called
658 * from, to ensure the packet gets out ASAP.
659 *
660 * This function may be called from multiple threads. Since the function
661 * modifies I/O buffer(s) in the peer, these are locked for the duration of the
662 * call to prevent tampering from other threads.
663 *
664 * Delivery of the NOTIFICATION is attempted once and is best-effort. After
665 * return, the peer structure *must* be reset; no assumptions about session
666 * state are valid.
667 *
668 * @param peer
669 * @param code BGP error code
670 * @param sub_code BGP error subcode
671 * @param data Data portion
672 * @param datalen length of data portion
673 */
674 void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
675 uint8_t sub_code, uint8_t *data, size_t datalen)
676 {
677 struct stream *s;
678
679 /* Lock I/O mutex to prevent other threads from pushing packets */
680 frr_mutex_lock_autounlock(&peer->io_mtx);
681 /* ============================================== */
682
683 /* Allocate new stream. */
684 s = stream_new(BGP_MAX_PACKET_SIZE);
685
686 /* Make notify packet. */
687 bgp_packet_set_marker(s, BGP_MSG_NOTIFY);
688
689 /* Set notify packet values. */
690 stream_putc(s, code); /* BGP notify code */
691 stream_putc(s, sub_code); /* BGP notify sub_code */
692
693 /* If notify data is present. */
694 if (data)
695 stream_write(s, data, datalen);
696
697 /* Set BGP packet length. */
698 bgp_packet_set_size(s);
699
700 /* wipe output buffer */
701 stream_fifo_clean(peer->obuf);
702
703 /*
704 * If possible, store last packet for debugging purposes. This check is
705 * in place because we are sometimes called with a doppelganger peer,
706 * who tends to have a plethora of fields nulled out.
707 */
708 if (peer->curr) {
709 size_t packetsize = stream_get_endp(peer->curr);
710 assert(packetsize <= sizeof(peer->last_reset_cause));
711 memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
712 peer->last_reset_cause_size = packetsize;
713 }
714
715 /* For debug */
716 {
717 struct bgp_notify bgp_notify;
718 int first = 0;
719 int i;
720 char c[4];
721
722 bgp_notify.code = code;
723 bgp_notify.subcode = sub_code;
724 bgp_notify.data = NULL;
725 bgp_notify.length = datalen;
726 bgp_notify.raw_data = data;
727
728 peer->notify.code = bgp_notify.code;
729 peer->notify.subcode = bgp_notify.subcode;
730
731 if (bgp_notify.length && data) {
732 bgp_notify.data =
733 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
734 for (i = 0; i < bgp_notify.length; i++)
735 if (first) {
736 snprintf(c, sizeof(c), " %02x",
737 data[i]);
738
739 strlcat(bgp_notify.data, c,
740 bgp_notify.length);
741
742 } else {
743 first = 1;
744 snprintf(c, sizeof(c), "%02x", data[i]);
745
746 strlcpy(bgp_notify.data, c,
747 bgp_notify.length);
748 }
749 }
750 bgp_notify_print(peer, &bgp_notify, "sending");
751
752 if (bgp_notify.data) {
753 XFREE(MTYPE_TMP, bgp_notify.data);
754 bgp_notify.length = 0;
755 }
756 }
757
758 /* peer reset cause */
759 if (code == BGP_NOTIFY_CEASE) {
760 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
761 peer->last_reset = PEER_DOWN_USER_RESET;
762 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
763 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
764 else
765 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
766 } else
767 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
768
769 /* Add packet to peer's output queue */
770 stream_fifo_push(peer->obuf, s);
771
772 bgp_peer_gr_flags_update(peer);
773 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp,
774 peer->bgp->peer);
775
776 bgp_write_notify(peer);
777 }
778
779 /*
780 * Creates a BGP Notify and appends it to the peer's output queue.
781 *
782 * This function attempts to write the packet from the thread it is called
783 * from, to ensure the packet gets out ASAP.
784 *
785 * @param peer
786 * @param code BGP error code
787 * @param sub_code BGP error subcode
788 */
789 void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code)
790 {
791 bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
792 }
793
794 /*
795 * Creates BGP Route Refresh packet and appends it to the peer's output queue.
796 *
797 * @param peer
798 * @param afi Address Family Identifier
799 * @param safi Subsequent Address Family Identifier
800 * @param orf_type Outbound Route Filtering type
801 * @param when_to_refresh Whether to refresh immediately or defer
802 * @param remove Whether to remove ORF for specified AFI/SAFI
803 */
804 void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
805 uint8_t orf_type, uint8_t when_to_refresh,
806 int remove)
807 {
808 struct stream *s;
809 struct bgp_filter *filter;
810 int orf_refresh = 0;
811 iana_afi_t pkt_afi;
812 iana_safi_t pkt_safi;
813
814 if (DISABLE_BGP_ANNOUNCE)
815 return;
816
817 filter = &peer->filter[afi][safi];
818
819 /* Convert AFI, SAFI to values for packet. */
820 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
821
822 s = stream_new(BGP_MAX_PACKET_SIZE);
823
824 /* Make BGP update packet. */
825 if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV))
826 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW);
827 else
828 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD);
829
830 /* Encode Route Refresh message. */
831 stream_putw(s, pkt_afi);
832 stream_putc(s, 0);
833 stream_putc(s, pkt_safi);
834
835 if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD)
836 if (remove || filter->plist[FILTER_IN].plist) {
837 uint16_t orf_len;
838 unsigned long orfp;
839
840 orf_refresh = 1;
841 stream_putc(s, when_to_refresh);
842 stream_putc(s, orf_type);
843 orfp = stream_get_endp(s);
844 stream_putw(s, 0);
845
846 if (remove) {
847 UNSET_FLAG(peer->af_sflags[afi][safi],
848 PEER_STATUS_ORF_PREFIX_SEND);
849 stream_putc(s, ORF_COMMON_PART_REMOVE_ALL);
850 if (bgp_debug_neighbor_events(peer))
851 zlog_debug(
852 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %s/%s",
853 peer->host, orf_type,
854 (when_to_refresh == REFRESH_DEFER
855 ? "defer"
856 : "immediate"),
857 iana_afi2str(pkt_afi),
858 iana_safi2str(pkt_safi));
859 } else {
860 SET_FLAG(peer->af_sflags[afi][safi],
861 PEER_STATUS_ORF_PREFIX_SEND);
862 prefix_bgp_orf_entry(
863 s, filter->plist[FILTER_IN].plist,
864 ORF_COMMON_PART_ADD,
865 ORF_COMMON_PART_PERMIT,
866 ORF_COMMON_PART_DENY);
867 if (bgp_debug_neighbor_events(peer))
868 zlog_debug(
869 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %s/%s",
870 peer->host, orf_type,
871 (when_to_refresh == REFRESH_DEFER
872 ? "defer"
873 : "immediate"),
874 iana_afi2str(pkt_afi),
875 iana_safi2str(pkt_safi));
876 }
877
878 /* Total ORF Entry Len. */
879 orf_len = stream_get_endp(s) - orfp - 2;
880 stream_putw_at(s, orfp, orf_len);
881 }
882
883 /* Set packet size. */
884 (void)bgp_packet_set_size(s);
885
886 if (bgp_debug_neighbor_events(peer)) {
887 if (!orf_refresh)
888 zlog_debug("%s sending REFRESH_REQ for afi/safi: %s/%s",
889 peer->host, iana_afi2str(pkt_afi),
890 iana_safi2str(pkt_safi));
891 }
892
893 /* Add packet to the peer. */
894 bgp_packet_add(peer, s);
895
896 bgp_writes_on(peer);
897 }
898
899 /*
900 * Create a BGP Capability packet and append it to the peer's output queue.
901 *
902 * @param peer
903 * @param afi Address Family Identifier
904 * @param safi Subsequent Address Family Identifier
905 * @param capability_code BGP Capability Code
906 * @param action Set or Remove capability
907 */
908 void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi,
909 int capability_code, int action)
910 {
911 struct stream *s;
912 iana_afi_t pkt_afi;
913 iana_safi_t pkt_safi;
914
915 /* Convert AFI, SAFI to values for packet. */
916 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
917
918 s = stream_new(BGP_MAX_PACKET_SIZE);
919
920 /* Make BGP update packet. */
921 bgp_packet_set_marker(s, BGP_MSG_CAPABILITY);
922
923 /* Encode MP_EXT capability. */
924 if (capability_code == CAPABILITY_CODE_MP) {
925 stream_putc(s, action);
926 stream_putc(s, CAPABILITY_CODE_MP);
927 stream_putc(s, CAPABILITY_CODE_MP_LEN);
928 stream_putw(s, pkt_afi);
929 stream_putc(s, 0);
930 stream_putc(s, pkt_safi);
931
932 if (bgp_debug_neighbor_events(peer))
933 zlog_debug(
934 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s",
935 peer->host,
936 action == CAPABILITY_ACTION_SET ? "Advertising"
937 : "Removing",
938 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
939 }
940
941 /* Set packet size. */
942 (void)bgp_packet_set_size(s);
943
944 /* Add packet to the peer. */
945 bgp_packet_add(peer, s);
946
947 bgp_writes_on(peer);
948 }
949
950 /* RFC1771 6.8 Connection collision detection. */
951 static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
952 {
953 struct peer *peer;
954
955 /* Upon receipt of an OPEN message, the local system must examine
956 all of its connections that are in the OpenConfirm state. A BGP
957 speaker may also examine connections in an OpenSent state if it
958 knows the BGP Identifier of the peer by means outside of the
959 protocol. If among these connections there is a connection to a
960 remote BGP speaker whose BGP Identifier equals the one in the
961 OPEN message, then the local system performs the following
962 collision resolution procedure: */
963
964 if ((peer = new->doppelganger) != NULL) {
965 /* Do not accept the new connection in Established or Clearing
966 * states.
967 * Note that a peer GR is handled by closing the existing
968 * connection
969 * upon receipt of new one.
970 */
971 if (peer->status == Established || peer->status == Clearing) {
972 bgp_notify_send(new, BGP_NOTIFY_CEASE,
973 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
974 return -1;
975 } else if ((peer->status == OpenConfirm)
976 || (peer->status == OpenSent)) {
977 /* 1. The BGP Identifier of the local system is
978 * compared to the BGP Identifier of the remote
979 * system (as specified in the OPEN message).
980 *
981 * If the BGP Identifiers of the peers
982 * involved in the connection collision
983 * are identical, then the connection
984 * initiated by the BGP speaker with the
985 * larger AS number is preserved.
986 */
987 if (ntohl(peer->local_id.s_addr)
988 < ntohl(remote_id.s_addr)
989 || (ntohl(peer->local_id.s_addr)
990 == ntohl(remote_id.s_addr)
991 && peer->local_as < peer->as))
992 if (!CHECK_FLAG(peer->sflags,
993 PEER_STATUS_ACCEPT_PEER)) {
994 /* 2. If the value of the local BGP
995 Identifier is less
996 than the remote one, the local system
997 closes BGP
998 connection that already exists (the
999 one that is
1000 already in the OpenConfirm state),
1001 and accepts BGP
1002 connection initiated by the remote
1003 system. */
1004 bgp_notify_send(
1005 peer, BGP_NOTIFY_CEASE,
1006 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1007 return 1;
1008 } else {
1009 bgp_notify_send(
1010 new, BGP_NOTIFY_CEASE,
1011 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1012 return -1;
1013 }
1014 else {
1015 if (ntohl(peer->local_id.s_addr)
1016 == ntohl(remote_id.s_addr)
1017 && peer->local_as == peer->as)
1018 flog_err(
1019 EC_BGP_ROUTER_ID_SAME,
1020 "Peer's router-id %s is the same as ours",
1021 inet_ntoa(remote_id));
1022
1023 /* 3. Otherwise, the local system closes newly
1024 created
1025 BGP connection (the one associated with the
1026 newly
1027 received OPEN message), and continues to use
1028 the
1029 existing one (the one that is already in the
1030 OpenConfirm state). */
1031 if (CHECK_FLAG(peer->sflags,
1032 PEER_STATUS_ACCEPT_PEER)) {
1033 bgp_notify_send(
1034 peer, BGP_NOTIFY_CEASE,
1035 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1036 return 1;
1037 } else {
1038 bgp_notify_send(
1039 new, BGP_NOTIFY_CEASE,
1040 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1041 return -1;
1042 }
1043 }
1044 }
1045 }
1046 return 0;
1047 }
1048
1049 /* Packet processing routines ---------------------------------------------- */
1050 /*
1051 * This is a family of functions designed to be called from
1052 * bgp_process_packet(). These functions all share similar behavior and should
1053 * adhere to the following invariants and restrictions:
1054 *
1055 * Return codes
1056 * ------------
1057 * The return code of any one of those functions should be one of the FSM event
1058 * codes specified in bgpd.h. If a NOTIFY was sent, this event code MUST be
1059 * BGP_Stop. Otherwise, the code SHOULD correspond to the function's expected
1060 * packet type. For example, bgp_open_receive() should return BGP_Stop upon
1061 * error and Receive_OPEN_message otherwise.
1062 *
1063 * If no action is necessary, the correct return code is BGP_PACKET_NOOP as
1064 * defined below.
1065 *
1066 * Side effects
1067 * ------------
1068 * - May send NOTIFY messages
1069 * - May not modify peer->status
1070 * - May not call bgp_event_update()
1071 */
1072
1073 #define BGP_PACKET_NOOP 0
1074
1075 /**
1076 * Process BGP OPEN message for peer.
1077 *
1078 * If any errors are encountered in the OPEN message, immediately sends NOTIFY
1079 * and returns BGP_Stop.
1080 *
1081 * @param peer
1082 * @param size size of the packet
1083 * @return as in summary
1084 */
1085 static int bgp_open_receive(struct peer *peer, bgp_size_t size)
1086 {
1087 int ret;
1088 uint8_t version;
1089 uint8_t optlen;
1090 uint16_t holdtime;
1091 uint16_t send_holdtime;
1092 as_t remote_as;
1093 as_t as4 = 0, as4_be;
1094 struct in_addr remote_id;
1095 int mp_capability;
1096 uint8_t notify_data_remote_as[2];
1097 uint8_t notify_data_remote_as4[4];
1098 uint8_t notify_data_remote_id[4];
1099 uint16_t *holdtime_ptr;
1100
1101 /* Parse open packet. */
1102 version = stream_getc(peer->curr);
1103 memcpy(notify_data_remote_as, stream_pnt(peer->curr), 2);
1104 remote_as = stream_getw(peer->curr);
1105 holdtime_ptr = (uint16_t *)stream_pnt(peer->curr);
1106 holdtime = stream_getw(peer->curr);
1107 memcpy(notify_data_remote_id, stream_pnt(peer->curr), 4);
1108 remote_id.s_addr = stream_get_ipv4(peer->curr);
1109
1110 /* Receive OPEN message log */
1111 if (bgp_debug_neighbor_events(peer))
1112 zlog_debug(
1113 "%s rcv OPEN, version %d, remote-as (in open) %u,"
1114 " holdtime %d, id %s",
1115 peer->host, version, remote_as, holdtime,
1116 inet_ntoa(remote_id));
1117
1118 /* BEGIN to read the capability here, but dont do it yet */
1119 mp_capability = 0;
1120 optlen = stream_getc(peer->curr);
1121
1122 if (optlen != 0) {
1123 /* If not enough bytes, it is an error. */
1124 if (STREAM_READABLE(peer->curr) < optlen) {
1125 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1126 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1127 return BGP_Stop;
1128 }
1129
1130 /* We need the as4 capability value *right now* because
1131 * if it is there, we have not got the remote_as yet, and
1132 * without
1133 * that we do not know which peer is connecting to us now.
1134 */
1135 as4 = peek_for_as4_capability(peer, optlen);
1136 }
1137
1138 as4_be = htonl(as4);
1139 memcpy(notify_data_remote_as4, &as4_be, 4);
1140
1141 /* Just in case we have a silly peer who sends AS4 capability set to 0
1142 */
1143 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {
1144 flog_err(EC_BGP_PKT_OPEN,
1145 "%s bad OPEN, got AS4 capability, but AS4 set to 0",
1146 peer->host);
1147 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1148 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1149 notify_data_remote_as4, 4);
1150 return BGP_Stop;
1151 }
1152
1153 /* Codification of AS 0 Processing */
1154 if (remote_as == BGP_AS_ZERO) {
1155 flog_err(EC_BGP_PKT_OPEN, "%s bad OPEN, got AS set to 0",
1156 peer->host);
1157 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1158 BGP_NOTIFY_OPEN_BAD_PEER_AS);
1159 return BGP_Stop;
1160 }
1161
1162 if (remote_as == BGP_AS_TRANS) {
1163 /* Take the AS4 from the capability. We must have received the
1164 * capability now! Otherwise we have a asn16 peer who uses
1165 * BGP_AS_TRANS, for some unknown reason.
1166 */
1167 if (as4 == BGP_AS_TRANS) {
1168 flog_err(
1169 EC_BGP_PKT_OPEN,
1170 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
1171 peer->host);
1172 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1173 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1174 notify_data_remote_as4, 4);
1175 return BGP_Stop;
1176 }
1177
1178 if (!as4 && BGP_DEBUG(as4, AS4))
1179 zlog_debug(
1180 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
1181 " Odd, but proceeding.",
1182 peer->host);
1183 else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4))
1184 zlog_debug(
1185 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
1186 "in 2-bytes, very odd peer.",
1187 peer->host, as4);
1188 if (as4)
1189 remote_as = as4;
1190 } else {
1191 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
1192 */
1193 /* If we have got the capability, peer->as4cap must match
1194 * remote_as */
1195 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)
1196 && as4 != remote_as) {
1197 /* raise error, log this, close session */
1198 flog_err(
1199 EC_BGP_PKT_OPEN,
1200 "%s bad OPEN, got AS4 capability, but remote_as %u"
1201 " mismatch with 16bit 'myasn' %u in open",
1202 peer->host, as4, remote_as);
1203 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1204 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1205 notify_data_remote_as4, 4);
1206 return BGP_Stop;
1207 }
1208 }
1209
1210 /* rfc6286:
1211 * If the BGP Identifier field of the OPEN message
1212 * is zero, or if it is the same as the BGP Identifier
1213 * of the local BGP speaker and the message is from an
1214 * internal peer, then the Error Subcode is set to
1215 * "Bad BGP Identifier".
1216 */
1217 if (remote_id.s_addr == INADDR_ANY
1218 || IPV4_CLASS_DE(ntohl(remote_id.s_addr))
1219 || (peer->sort == BGP_PEER_IBGP
1220 && ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr))) {
1221 if (bgp_debug_neighbor_events(peer))
1222 zlog_debug("%s bad OPEN, wrong router identifier %s",
1223 peer->host, inet_ntoa(remote_id));
1224 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1225 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1226 notify_data_remote_id, 4);
1227 return BGP_Stop;
1228 }
1229
1230 /* Set remote router-id */
1231 peer->remote_id = remote_id;
1232
1233 /* Peer BGP version check. */
1234 if (version != BGP_VERSION_4) {
1235 uint16_t maxver = htons(BGP_VERSION_4);
1236 /* XXX this reply may not be correct if version < 4 XXX */
1237 if (bgp_debug_neighbor_events(peer))
1238 zlog_debug(
1239 "%s bad protocol version, remote requested %d, local request %d",
1240 peer->host, version, BGP_VERSION_4);
1241 /* Data must be in network byte order here */
1242 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1243 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1244 (uint8_t *)&maxver, 2);
1245 return BGP_Stop;
1246 }
1247
1248 /* Check neighbor as number. */
1249 if (peer->as_type == AS_UNSPECIFIED) {
1250 if (bgp_debug_neighbor_events(peer))
1251 zlog_debug(
1252 "%s bad OPEN, remote AS is unspecified currently",
1253 peer->host);
1254 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1255 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1256 notify_data_remote_as, 2);
1257 return BGP_Stop;
1258 } else if (peer->as_type == AS_INTERNAL) {
1259 if (remote_as != peer->bgp->as) {
1260 if (bgp_debug_neighbor_events(peer))
1261 zlog_debug(
1262 "%s bad OPEN, remote AS is %u, internal specified",
1263 peer->host, remote_as);
1264 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1265 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1266 notify_data_remote_as, 2);
1267 return BGP_Stop;
1268 }
1269 peer->as = peer->local_as;
1270 } else if (peer->as_type == AS_EXTERNAL) {
1271 if (remote_as == peer->bgp->as) {
1272 if (bgp_debug_neighbor_events(peer))
1273 zlog_debug(
1274 "%s bad OPEN, remote AS is %u, external specified",
1275 peer->host, remote_as);
1276 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1277 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1278 notify_data_remote_as, 2);
1279 return BGP_Stop;
1280 }
1281 peer->as = remote_as;
1282 } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) {
1283 if (bgp_debug_neighbor_events(peer))
1284 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1285 peer->host, remote_as, peer->as);
1286 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1287 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1288 notify_data_remote_as, 2);
1289 return BGP_Stop;
1290 }
1291
1292 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1293 calculate the value of the Hold Timer by using the smaller of its
1294 configured Hold Time and the Hold Time received in the OPEN message.
1295 The Hold Time MUST be either zero or at least three seconds. An
1296 implementation may reject connections on the basis of the Hold Time.
1297 */
1298
1299 if (holdtime < 3 && holdtime != 0) {
1300 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1301 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1302 (uint8_t *)holdtime_ptr, 2);
1303 return BGP_Stop;
1304 }
1305
1306 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1307 would be one third of the Hold Time interval. KEEPALIVE messages
1308 MUST NOT be sent more frequently than one per second. An
1309 implementation MAY adjust the rate at which it sends KEEPALIVE
1310 messages as a function of the Hold Time interval. */
1311
1312 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
1313 send_holdtime = peer->holdtime;
1314 else
1315 send_holdtime = peer->bgp->default_holdtime;
1316
1317 if (holdtime < send_holdtime)
1318 peer->v_holdtime = holdtime;
1319 else
1320 peer->v_holdtime = send_holdtime;
1321
1322 if ((CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
1323 && (peer->keepalive < peer->v_holdtime / 3))
1324 peer->v_keepalive = peer->keepalive;
1325 else
1326 peer->v_keepalive = peer->v_holdtime / 3;
1327
1328 /* Open option part parse. */
1329 if (optlen != 0) {
1330 if (bgp_open_option_parse(peer, optlen, &mp_capability) < 0)
1331 return BGP_Stop;
1332 } else {
1333 if (bgp_debug_neighbor_events(peer))
1334 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1335 peer->host);
1336 }
1337
1338 /*
1339 * Assume that the peer supports the locally configured set of
1340 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1341 * capabilities, or if 'override-capability' is configured.
1342 */
1343 if (!mp_capability
1344 || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1345 peer->afc_nego[AFI_IP][SAFI_UNICAST] =
1346 peer->afc[AFI_IP][SAFI_UNICAST];
1347 peer->afc_nego[AFI_IP][SAFI_MULTICAST] =
1348 peer->afc[AFI_IP][SAFI_MULTICAST];
1349 peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] =
1350 peer->afc[AFI_IP][SAFI_LABELED_UNICAST];
1351 peer->afc_nego[AFI_IP][SAFI_FLOWSPEC] =
1352 peer->afc[AFI_IP][SAFI_FLOWSPEC];
1353 peer->afc_nego[AFI_IP6][SAFI_UNICAST] =
1354 peer->afc[AFI_IP6][SAFI_UNICAST];
1355 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] =
1356 peer->afc[AFI_IP6][SAFI_MULTICAST];
1357 peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] =
1358 peer->afc[AFI_IP6][SAFI_LABELED_UNICAST];
1359 peer->afc_nego[AFI_L2VPN][SAFI_EVPN] =
1360 peer->afc[AFI_L2VPN][SAFI_EVPN];
1361 peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC] =
1362 peer->afc[AFI_IP6][SAFI_FLOWSPEC];
1363 }
1364
1365 /* When collision is detected and this peer is closed.
1366 * Return immediately.
1367 */
1368 ret = bgp_collision_detect(peer, remote_id);
1369 if (ret < 0)
1370 return BGP_Stop;
1371
1372 /* Get sockname. */
1373 if (bgp_getsockname(peer) < 0) {
1374 flog_err_sys(EC_LIB_SOCKET,
1375 "%s: bgp_getsockname() failed for peer: %s",
1376 __func__, peer->host);
1377 return BGP_Stop;
1378 }
1379
1380 /* Verify valid local address present based on negotiated
1381 * address-families. */
1382 if (peer->afc_nego[AFI_IP][SAFI_UNICAST]
1383 || peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1384 || peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1385 || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1386 || peer->afc_nego[AFI_IP][SAFI_ENCAP]) {
1387 if (peer->nexthop.v4.s_addr == INADDR_ANY) {
1388 #if defined(HAVE_CUMULUS)
1389 flog_err(
1390 EC_BGP_SND_FAIL,
1391 "%s: No local IPv4 addr resetting connection, fd %d",
1392 peer->host, peer->fd);
1393 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1394 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1395 return BGP_Stop;
1396 #endif
1397 }
1398 }
1399 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1400 || peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1401 || peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1402 || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1403 || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) {
1404 if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) {
1405 #if defined(HAVE_CUMULUS)
1406 flog_err(
1407 EC_BGP_SND_FAIL,
1408 "%s: No local IPv6 addr resetting connection, fd %d",
1409 peer->host, peer->fd);
1410 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1411 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1412 return BGP_Stop;
1413 #endif
1414 }
1415 }
1416 peer->rtt = sockopt_tcp_rtt(peer->fd);
1417
1418 return Receive_OPEN_message;
1419 }
1420
1421 /**
1422 * Process BGP KEEPALIVE message for peer.
1423 *
1424 * @param peer
1425 * @param size size of the packet
1426 * @return as in summary
1427 */
1428 static int bgp_keepalive_receive(struct peer *peer, bgp_size_t size)
1429 {
1430 if (bgp_debug_keepalive(peer))
1431 zlog_debug("%s KEEPALIVE rcvd", peer->host);
1432
1433 bgp_update_implicit_eors(peer);
1434
1435 return Receive_KEEPALIVE_message;
1436 }
1437
1438
1439 /**
1440 * Process BGP UPDATE message for peer.
1441 *
1442 * Parses UPDATE and creates attribute object.
1443 *
1444 * @param peer
1445 * @param size size of the packet
1446 * @return as in summary
1447 */
1448 static int bgp_update_receive(struct peer *peer, bgp_size_t size)
1449 {
1450 int ret, nlri_ret;
1451 uint8_t *end;
1452 struct stream *s;
1453 struct attr attr;
1454 bgp_size_t attribute_len;
1455 bgp_size_t update_len;
1456 bgp_size_t withdraw_len;
1457 bool restart = false;
1458
1459 enum NLRI_TYPES {
1460 NLRI_UPDATE,
1461 NLRI_WITHDRAW,
1462 NLRI_MP_UPDATE,
1463 NLRI_MP_WITHDRAW,
1464 NLRI_TYPE_MAX
1465 };
1466 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1467
1468 /* Status must be Established. */
1469 if (peer->status != Established) {
1470 flog_err(EC_BGP_INVALID_STATUS,
1471 "%s [FSM] Update packet received under status %s",
1472 peer->host,
1473 lookup_msg(bgp_status_msg, peer->status, NULL));
1474 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1475 bgp_fsm_error_subcode(peer->status));
1476 return BGP_Stop;
1477 }
1478
1479 /* Set initial values. */
1480 memset(&attr, 0, sizeof(struct attr));
1481 attr.label_index = BGP_INVALID_LABEL_INDEX;
1482 attr.label = MPLS_INVALID_LABEL;
1483 memset(&nlris, 0, sizeof(nlris));
1484 memset(peer->rcvd_attr_str, 0, BUFSIZ);
1485 peer->rcvd_attr_printed = 0;
1486
1487 s = peer->curr;
1488 end = stream_pnt(s) + size;
1489
1490 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1491 Length is too large (i.e., if Unfeasible Routes Length + Total
1492 Attribute Length + 23 exceeds the message Length), then the Error
1493 Subcode is set to Malformed Attribute List. */
1494 if (stream_pnt(s) + 2 > end) {
1495 flog_err(EC_BGP_UPDATE_RCV,
1496 "%s [Error] Update packet error"
1497 " (packet length is short for unfeasible length)",
1498 peer->host);
1499 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1500 BGP_NOTIFY_UPDATE_MAL_ATTR);
1501 return BGP_Stop;
1502 }
1503
1504 /* Unfeasible Route Length. */
1505 withdraw_len = stream_getw(s);
1506
1507 /* Unfeasible Route Length check. */
1508 if (stream_pnt(s) + withdraw_len > end) {
1509 flog_err(EC_BGP_UPDATE_RCV,
1510 "%s [Error] Update packet error"
1511 " (packet unfeasible length overflow %d)",
1512 peer->host, withdraw_len);
1513 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1514 BGP_NOTIFY_UPDATE_MAL_ATTR);
1515 return BGP_Stop;
1516 }
1517
1518 /* Unfeasible Route packet format check. */
1519 if (withdraw_len > 0) {
1520 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1521 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1522 nlris[NLRI_WITHDRAW].nlri = stream_pnt(s);
1523 nlris[NLRI_WITHDRAW].length = withdraw_len;
1524 stream_forward_getp(s, withdraw_len);
1525 }
1526
1527 /* Attribute total length check. */
1528 if (stream_pnt(s) + 2 > end) {
1529 flog_warn(
1530 EC_BGP_UPDATE_PACKET_SHORT,
1531 "%s [Error] Packet Error (update packet is short for attribute length)",
1532 peer->host);
1533 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1534 BGP_NOTIFY_UPDATE_MAL_ATTR);
1535 return BGP_Stop;
1536 }
1537
1538 /* Fetch attribute total length. */
1539 attribute_len = stream_getw(s);
1540
1541 /* Attribute length check. */
1542 if (stream_pnt(s) + attribute_len > end) {
1543 flog_warn(
1544 EC_BGP_UPDATE_PACKET_LONG,
1545 "%s [Error] Packet Error (update packet attribute length overflow %d)",
1546 peer->host, attribute_len);
1547 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1548 BGP_NOTIFY_UPDATE_MAL_ATTR);
1549 return BGP_Stop;
1550 }
1551
1552 /* Certain attribute parsing errors should not be considered bad enough
1553 * to reset the session for, most particularly any partial/optional
1554 * attributes that have 'tunneled' over speakers that don't understand
1555 * them. Instead we withdraw only the prefix concerned.
1556 *
1557 * Complicates the flow a little though..
1558 */
1559 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1560 /* This define morphs the update case into a withdraw when lower levels
1561 * have signalled an error condition where this is best.
1562 */
1563 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1564
1565 /* Parse attribute when it exists. */
1566 if (attribute_len) {
1567 attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len,
1568 &nlris[NLRI_MP_UPDATE],
1569 &nlris[NLRI_MP_WITHDRAW]);
1570 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) {
1571 bgp_attr_unintern_sub(&attr);
1572 return BGP_Stop;
1573 }
1574 }
1575
1576 /* Logging the attribute. */
1577 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW
1578 || BGP_DEBUG(update, UPDATE_IN)
1579 || BGP_DEBUG(update, UPDATE_PREFIX)) {
1580 ret = bgp_dump_attr(&attr, peer->rcvd_attr_str, BUFSIZ);
1581
1582 peer->stat_upd_7606++;
1583
1584 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1585 flog_err(
1586 EC_BGP_UPDATE_RCV,
1587 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1588 peer->host);
1589
1590 if (ret && bgp_debug_update(peer, NULL, NULL, 1)) {
1591 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer->host,
1592 peer->rcvd_attr_str);
1593 peer->rcvd_attr_printed = 1;
1594 }
1595 }
1596
1597 /* Network Layer Reachability Information. */
1598 update_len = end - stream_pnt(s);
1599
1600 if (update_len) {
1601 /* Set NLRI portion to structure. */
1602 nlris[NLRI_UPDATE].afi = AFI_IP;
1603 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1604 nlris[NLRI_UPDATE].nlri = stream_pnt(s);
1605 nlris[NLRI_UPDATE].length = update_len;
1606 stream_forward_getp(s, update_len);
1607
1608 if (CHECK_FLAG(attr.flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI))) {
1609 /*
1610 * We skipped nexthop attribute validation earlier so
1611 * validate the nexthop now.
1612 */
1613 if (bgp_attr_nexthop_valid(peer, &attr) < 0) {
1614 bgp_attr_unintern_sub(&attr);
1615 return BGP_Stop;
1616 }
1617 }
1618 }
1619
1620 if (BGP_DEBUG(update, UPDATE_IN))
1621 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1622 peer->host, withdraw_len, attribute_len, update_len);
1623
1624 /* Parse any given NLRIs */
1625 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) {
1626 if (!nlris[i].nlri)
1627 continue;
1628
1629 /* NLRI is processed iff the peer if configured for the specific
1630 * afi/safi */
1631 if (!peer->afc[nlris[i].afi][nlris[i].safi]) {
1632 zlog_info(
1633 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1634 peer->host, nlris[i].afi, nlris[i].safi);
1635 continue;
1636 }
1637
1638 /* EoR handled later */
1639 if (nlris[i].length == 0)
1640 continue;
1641
1642 switch (i) {
1643 case NLRI_UPDATE:
1644 case NLRI_MP_UPDATE:
1645 nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG,
1646 &nlris[i], 0);
1647 break;
1648 case NLRI_WITHDRAW:
1649 case NLRI_MP_WITHDRAW:
1650 nlri_ret = bgp_nlri_parse(peer, &attr, &nlris[i], 1);
1651 break;
1652 default:
1653 nlri_ret = BGP_NLRI_PARSE_ERROR;
1654 }
1655
1656 if (nlri_ret < BGP_NLRI_PARSE_OK
1657 && nlri_ret != BGP_NLRI_PARSE_ERROR_PREFIX_OVERFLOW) {
1658 flog_err(EC_BGP_UPDATE_RCV,
1659 "%s [Error] Error parsing NLRI", peer->host);
1660 if (peer->status == Established)
1661 bgp_notify_send(
1662 peer, BGP_NOTIFY_UPDATE_ERR,
1663 i <= NLRI_WITHDRAW
1664 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1665 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1666 bgp_attr_unintern_sub(&attr);
1667 return BGP_Stop;
1668 }
1669 }
1670
1671 /* EoR checks
1672 *
1673 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1674 * and MP EoR should have only an empty MP_UNREACH
1675 */
1676 if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
1677 || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
1678 afi_t afi = 0;
1679 safi_t safi;
1680 struct graceful_restart_info *gr_info;
1681
1682 /* Restarting router */
1683 if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)
1684 && BGP_PEER_RESTARTING_MODE(peer))
1685 restart = true;
1686
1687 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1688 * checked
1689 * update and withdraw NLRI lengths are 0.
1690 */
1691 if (!attribute_len) {
1692 afi = AFI_IP;
1693 safi = SAFI_UNICAST;
1694 } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)
1695 && nlris[NLRI_MP_WITHDRAW].length == 0) {
1696 afi = nlris[NLRI_MP_WITHDRAW].afi;
1697 safi = nlris[NLRI_MP_WITHDRAW].safi;
1698 } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
1699 afi = nlris[NLRI_MP_UPDATE].afi;
1700 safi = nlris[NLRI_MP_UPDATE].safi;
1701 }
1702
1703 if (afi && peer->afc[afi][safi]) {
1704 struct vrf *vrf = vrf_lookup_by_id(peer->bgp->vrf_id);
1705
1706 /* End-of-RIB received */
1707 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
1708 PEER_STATUS_EOR_RECEIVED)) {
1709 SET_FLAG(peer->af_sflags[afi][safi],
1710 PEER_STATUS_EOR_RECEIVED);
1711 bgp_update_explicit_eors(peer);
1712 /* Update graceful restart information */
1713 gr_info = &(peer->bgp->gr_info[afi][safi]);
1714 if (restart)
1715 gr_info->eor_received++;
1716 /* If EOR received from all peers and selection
1717 * deferral timer is running, cancel the timer
1718 * and invoke the best path calculation
1719 */
1720 if (gr_info->eor_required
1721 == gr_info->eor_received) {
1722 if (bgp_debug_neighbor_events(peer))
1723 zlog_debug(
1724 "%s %d, %s %d",
1725 "EOR REQ",
1726 gr_info->eor_required,
1727 "EOR RCV",
1728 gr_info->eor_received);
1729 BGP_TIMER_OFF(
1730 gr_info->t_select_deferral);
1731 gr_info->eor_required = 0;
1732 gr_info->eor_received = 0;
1733 /* Best path selection */
1734 if (bgp_best_path_select_defer(
1735 peer->bgp, afi, safi)
1736 < 0)
1737 return BGP_Stop;
1738 }
1739 }
1740
1741 /* NSF delete stale route */
1742 if (peer->nsf[afi][safi])
1743 bgp_clear_stale_route(peer, afi, safi);
1744
1745 zlog_info(
1746 "%s: rcvd End-of-RIB for %s from %s in vrf %s",
1747 __func__, get_afi_safi_str(afi, safi, false),
1748 peer->host, vrf ? vrf->name : VRF_DEFAULT_NAME);
1749 }
1750 }
1751
1752 /* Everything is done. We unintern temporary structures which
1753 interned in bgp_attr_parse(). */
1754 bgp_attr_unintern_sub(&attr);
1755
1756 peer->update_time = bgp_clock();
1757
1758 /* Rearm holdtime timer */
1759 BGP_TIMER_OFF(peer->t_holdtime);
1760 bgp_timer_set(peer);
1761
1762 return Receive_UPDATE_message;
1763 }
1764
1765 /**
1766 * Process BGP NOTIFY message for peer.
1767 *
1768 * @param peer
1769 * @param size size of the packet
1770 * @return as in summary
1771 */
1772 static int bgp_notify_receive(struct peer *peer, bgp_size_t size)
1773 {
1774 struct bgp_notify bgp_notify;
1775
1776 if (peer->notify.data) {
1777 XFREE(MTYPE_TMP, peer->notify.data);
1778 peer->notify.length = 0;
1779 }
1780
1781 bgp_notify.code = stream_getc(peer->curr);
1782 bgp_notify.subcode = stream_getc(peer->curr);
1783 bgp_notify.length = size - 2;
1784 bgp_notify.data = NULL;
1785
1786 /* Preserv notify code and sub code. */
1787 peer->notify.code = bgp_notify.code;
1788 peer->notify.subcode = bgp_notify.subcode;
1789 /* For further diagnostic record returned Data. */
1790 if (bgp_notify.length) {
1791 peer->notify.length = size - 2;
1792 peer->notify.data = XMALLOC(MTYPE_TMP, size - 2);
1793 memcpy(peer->notify.data, stream_pnt(peer->curr), size - 2);
1794 }
1795
1796 /* For debug */
1797 {
1798 int i;
1799 int first = 0;
1800 char c[4];
1801
1802 if (bgp_notify.length) {
1803 bgp_notify.data =
1804 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
1805 for (i = 0; i < bgp_notify.length; i++)
1806 if (first) {
1807 snprintf(c, sizeof(c), " %02x",
1808 stream_getc(peer->curr));
1809
1810 strlcat(bgp_notify.data, c,
1811 bgp_notify.length * 3);
1812
1813 } else {
1814 first = 1;
1815 snprintf(c, sizeof(c), "%02x",
1816 stream_getc(peer->curr));
1817
1818 strlcpy(bgp_notify.data, c,
1819 bgp_notify.length * 3);
1820 }
1821 bgp_notify.raw_data = (uint8_t *)peer->notify.data;
1822 }
1823
1824 bgp_notify_print(peer, &bgp_notify, "received");
1825 if (bgp_notify.data) {
1826 XFREE(MTYPE_TMP, bgp_notify.data);
1827 bgp_notify.length = 0;
1828 }
1829 }
1830
1831 /* peer count update */
1832 atomic_fetch_add_explicit(&peer->notify_in, 1, memory_order_relaxed);
1833
1834 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1835
1836 /* We have to check for Notify with Unsupported Optional Parameter.
1837 in that case we fallback to open without the capability option.
1838 But this done in bgp_stop. We just mark it here to avoid changing
1839 the fsm tables. */
1840 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR
1841 && bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM)
1842 UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1843
1844 bgp_peer_gr_flags_update(peer);
1845 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp,
1846 peer->bgp->peer);
1847
1848 return Receive_NOTIFICATION_message;
1849 }
1850
1851 /**
1852 * Process BGP ROUTEREFRESH message for peer.
1853 *
1854 * @param peer
1855 * @param size size of the packet
1856 * @return as in summary
1857 */
1858 static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
1859 {
1860 iana_afi_t pkt_afi;
1861 afi_t afi;
1862 iana_safi_t pkt_safi;
1863 safi_t safi;
1864 struct stream *s;
1865 struct peer_af *paf;
1866 struct update_group *updgrp;
1867 struct peer *updgrp_peer;
1868
1869 /* If peer does not have the capability, send notification. */
1870 if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) {
1871 flog_err(EC_BGP_NO_CAP,
1872 "%s [Error] BGP route refresh is not enabled",
1873 peer->host);
1874 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
1875 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1876 return BGP_Stop;
1877 }
1878
1879 /* Status must be Established. */
1880 if (peer->status != Established) {
1881 flog_err(
1882 EC_BGP_INVALID_STATUS,
1883 "%s [Error] Route refresh packet received under status %s",
1884 peer->host,
1885 lookup_msg(bgp_status_msg, peer->status, NULL));
1886 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1887 bgp_fsm_error_subcode(peer->status));
1888 return BGP_Stop;
1889 }
1890
1891 s = peer->curr;
1892
1893 /* Parse packet. */
1894 pkt_afi = stream_getw(s);
1895 (void)stream_getc(s);
1896 pkt_safi = stream_getc(s);
1897
1898 if (bgp_debug_update(peer, NULL, NULL, 0))
1899 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %s/%s",
1900 peer->host, iana_afi2str(pkt_afi),
1901 iana_safi2str(pkt_safi));
1902
1903 /* Convert AFI, SAFI to internal values and check. */
1904 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1905 zlog_info(
1906 "%s REFRESH_REQ for unrecognized afi/safi: %s/%s - ignored",
1907 peer->host, iana_afi2str(pkt_afi),
1908 iana_safi2str(pkt_safi));
1909 return BGP_PACKET_NOOP;
1910 }
1911
1912 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) {
1913 uint8_t *end;
1914 uint8_t when_to_refresh;
1915 uint8_t orf_type;
1916 uint16_t orf_len;
1917
1918 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1919 < 5) {
1920 zlog_info("%s ORF route refresh length error",
1921 peer->host);
1922 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1923 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1924 return BGP_Stop;
1925 }
1926
1927 when_to_refresh = stream_getc(s);
1928 end = stream_pnt(s) + (size - 5);
1929
1930 while ((stream_pnt(s) + 2) < end) {
1931 orf_type = stream_getc(s);
1932 orf_len = stream_getw(s);
1933
1934 /* orf_len in bounds? */
1935 if ((stream_pnt(s) + orf_len) > end)
1936 break; /* XXX: Notify instead?? */
1937 if (orf_type == ORF_TYPE_PREFIX
1938 || orf_type == ORF_TYPE_PREFIX_OLD) {
1939 uint8_t *p_pnt = stream_pnt(s);
1940 uint8_t *p_end = stream_pnt(s) + orf_len;
1941 struct orf_prefix orfp;
1942 uint8_t common = 0;
1943 uint32_t seq;
1944 int psize;
1945 char name[BUFSIZ];
1946 int ret = CMD_SUCCESS;
1947
1948 if (bgp_debug_neighbor_events(peer)) {
1949 zlog_debug(
1950 "%s rcvd Prefixlist ORF(%d) length %d",
1951 peer->host, orf_type, orf_len);
1952 }
1953
1954 /* we're going to read at least 1 byte of common
1955 * ORF header,
1956 * and 7 bytes of ORF Address-filter entry from
1957 * the stream
1958 */
1959 if (orf_len < 7)
1960 break;
1961
1962 /* ORF prefix-list name */
1963 sprintf(name, "%s.%d.%d", peer->host, afi,
1964 safi);
1965
1966 while (p_pnt < p_end) {
1967 /* If the ORF entry is malformed, want
1968 * to read as much of it
1969 * as possible without going beyond the
1970 * bounds of the entry,
1971 * to maximise debug information.
1972 */
1973 int ok;
1974 memset(&orfp, 0,
1975 sizeof(struct orf_prefix));
1976 common = *p_pnt++;
1977 /* after ++: p_pnt <= p_end */
1978 if (common
1979 & ORF_COMMON_PART_REMOVE_ALL) {
1980 if (bgp_debug_neighbor_events(
1981 peer))
1982 zlog_debug(
1983 "%s rcvd Remove-All pfxlist ORF request",
1984 peer->host);
1985 prefix_bgp_orf_remove_all(afi,
1986 name);
1987 break;
1988 }
1989 ok = ((uint32_t)(p_end - p_pnt)
1990 >= sizeof(uint32_t));
1991 if (ok) {
1992 memcpy(&seq, p_pnt,
1993 sizeof(uint32_t));
1994 p_pnt += sizeof(uint32_t);
1995 orfp.seq = ntohl(seq);
1996 } else
1997 p_pnt = p_end;
1998
1999 /* val checked in prefix_bgp_orf_set */
2000 if (p_pnt < p_end)
2001 orfp.ge = *p_pnt++;
2002
2003 /* val checked in prefix_bgp_orf_set */
2004 if (p_pnt < p_end)
2005 orfp.le = *p_pnt++;
2006
2007 if ((ok = (p_pnt < p_end)))
2008 orfp.p.prefixlen = *p_pnt++;
2009
2010 /* afi checked already */
2011 orfp.p.family = afi2family(afi);
2012
2013 /* 0 if not ok */
2014 psize = PSIZE(orfp.p.prefixlen);
2015 /* valid for family ? */
2016 if (psize > prefix_blen(&orfp.p)) {
2017 ok = 0;
2018 psize = prefix_blen(&orfp.p);
2019 }
2020 /* valid for packet ? */
2021 if (psize > (p_end - p_pnt)) {
2022 ok = 0;
2023 psize = p_end - p_pnt;
2024 }
2025
2026 if (psize > 0)
2027 memcpy(&orfp.p.u.prefix, p_pnt,
2028 psize);
2029 p_pnt += psize;
2030
2031 if (bgp_debug_neighbor_events(peer)) {
2032 char buf[INET6_BUFSIZ];
2033
2034 zlog_debug(
2035 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
2036 peer->host,
2037 (common & ORF_COMMON_PART_REMOVE
2038 ? "Remove"
2039 : "Add"),
2040 (common & ORF_COMMON_PART_DENY
2041 ? "deny"
2042 : "permit"),
2043 orfp.seq,
2044 inet_ntop(
2045 orfp.p.family,
2046 &orfp.p.u.prefix,
2047 buf,
2048 INET6_BUFSIZ),
2049 orfp.p.prefixlen,
2050 orfp.ge, orfp.le,
2051 ok ? "" : " MALFORMED");
2052 }
2053
2054 if (ok)
2055 ret = prefix_bgp_orf_set(
2056 name, afi, &orfp,
2057 (common & ORF_COMMON_PART_DENY
2058 ? 0
2059 : 1),
2060 (common & ORF_COMMON_PART_REMOVE
2061 ? 0
2062 : 1));
2063
2064 if (!ok || (ok && ret != CMD_SUCCESS)) {
2065 zlog_info(
2066 "%s Received misformatted prefixlist ORF."
2067 " Remove All pfxlist",
2068 peer->host);
2069 prefix_bgp_orf_remove_all(afi,
2070 name);
2071 break;
2072 }
2073 }
2074
2075 peer->orf_plist[afi][safi] =
2076 prefix_bgp_orf_lookup(afi, name);
2077 }
2078 stream_forward_getp(s, orf_len);
2079 }
2080 if (bgp_debug_neighbor_events(peer))
2081 zlog_debug("%s rcvd Refresh %s ORF request", peer->host,
2082 when_to_refresh == REFRESH_DEFER
2083 ? "Defer"
2084 : "Immediate");
2085 if (when_to_refresh == REFRESH_DEFER)
2086 return BGP_PACKET_NOOP;
2087 }
2088
2089 /* First update is deferred until ORF or ROUTE-REFRESH is received */
2090 if (CHECK_FLAG(peer->af_sflags[afi][safi],
2091 PEER_STATUS_ORF_WAIT_REFRESH))
2092 UNSET_FLAG(peer->af_sflags[afi][safi],
2093 PEER_STATUS_ORF_WAIT_REFRESH);
2094
2095 paf = peer_af_find(peer, afi, safi);
2096 if (paf && paf->subgroup) {
2097 if (peer->orf_plist[afi][safi]) {
2098 updgrp = PAF_UPDGRP(paf);
2099 updgrp_peer = UPDGRP_PEER(updgrp);
2100 updgrp_peer->orf_plist[afi][safi] =
2101 peer->orf_plist[afi][safi];
2102 }
2103
2104 /* If the peer is configured for default-originate clear the
2105 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
2106 * re-advertise the
2107 * default
2108 */
2109 if (CHECK_FLAG(paf->subgroup->sflags,
2110 SUBGRP_STATUS_DEFAULT_ORIGINATE))
2111 UNSET_FLAG(paf->subgroup->sflags,
2112 SUBGRP_STATUS_DEFAULT_ORIGINATE);
2113 }
2114
2115 /* Perform route refreshment to the peer */
2116 bgp_announce_route(peer, afi, safi);
2117
2118 /* No FSM action necessary */
2119 return BGP_PACKET_NOOP;
2120 }
2121
2122 /**
2123 * Parse BGP CAPABILITY message for peer.
2124 *
2125 * @param peer
2126 * @param size size of the packet
2127 * @return as in summary
2128 */
2129 static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
2130 bgp_size_t length)
2131 {
2132 uint8_t *end;
2133 struct capability_mp_data mpc;
2134 struct capability_header *hdr;
2135 uint8_t action;
2136 iana_afi_t pkt_afi;
2137 afi_t afi;
2138 iana_safi_t pkt_safi;
2139 safi_t safi;
2140
2141 end = pnt + length;
2142
2143 while (pnt < end) {
2144 /* We need at least action, capability code and capability
2145 * length. */
2146 if (pnt + 3 > end) {
2147 zlog_info("%s Capability length error", peer->host);
2148 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2149 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2150 return BGP_Stop;
2151 }
2152 action = *pnt;
2153 hdr = (struct capability_header *)(pnt + 1);
2154
2155 /* Action value check. */
2156 if (action != CAPABILITY_ACTION_SET
2157 && action != CAPABILITY_ACTION_UNSET) {
2158 zlog_info("%s Capability Action Value error %d",
2159 peer->host, action);
2160 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2161 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2162 return BGP_Stop;
2163 }
2164
2165 if (bgp_debug_neighbor_events(peer))
2166 zlog_debug(
2167 "%s CAPABILITY has action: %d, code: %u, length %u",
2168 peer->host, action, hdr->code, hdr->length);
2169
2170 /* Capability length check. */
2171 if ((pnt + hdr->length + 3) > end) {
2172 zlog_info("%s Capability length error", peer->host);
2173 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2174 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2175 return BGP_Stop;
2176 }
2177
2178 /* Fetch structure to the byte stream. */
2179 memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
2180 pnt += hdr->length + 3;
2181
2182 /* We know MP Capability Code. */
2183 if (hdr->code == CAPABILITY_CODE_MP) {
2184 pkt_afi = ntohs(mpc.afi);
2185 pkt_safi = mpc.safi;
2186
2187 /* Ignore capability when override-capability is set. */
2188 if (CHECK_FLAG(peer->flags,
2189 PEER_FLAG_OVERRIDE_CAPABILITY))
2190 continue;
2191
2192 /* Convert AFI, SAFI to internal values. */
2193 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi,
2194 &safi)) {
2195 if (bgp_debug_neighbor_events(peer))
2196 zlog_debug(
2197 "%s Dynamic Capability MP_EXT afi/safi invalid "
2198 "(%s/%s)",
2199 peer->host,
2200 iana_afi2str(pkt_afi),
2201 iana_safi2str(pkt_safi));
2202 continue;
2203 }
2204
2205 /* Address family check. */
2206 if (bgp_debug_neighbor_events(peer))
2207 zlog_debug(
2208 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2209 peer->host,
2210 action == CAPABILITY_ACTION_SET
2211 ? "Advertising"
2212 : "Removing",
2213 pkt_afi, pkt_safi);
2214
2215 if (action == CAPABILITY_ACTION_SET) {
2216 peer->afc_recv[afi][safi] = 1;
2217 if (peer->afc[afi][safi]) {
2218 peer->afc_nego[afi][safi] = 1;
2219 bgp_announce_route(peer, afi, safi);
2220 }
2221 } else {
2222 peer->afc_recv[afi][safi] = 0;
2223 peer->afc_nego[afi][safi] = 0;
2224
2225 if (peer_active_nego(peer))
2226 bgp_clear_route(peer, afi, safi);
2227 else
2228 return BGP_Stop;
2229 }
2230 } else {
2231 flog_warn(
2232 EC_BGP_UNRECOGNIZED_CAPABILITY,
2233 "%s unrecognized capability code: %d - ignored",
2234 peer->host, hdr->code);
2235 }
2236 }
2237
2238 /* No FSM action necessary */
2239 return BGP_PACKET_NOOP;
2240 }
2241
2242 /**
2243 * Parse BGP CAPABILITY message for peer.
2244 *
2245 * Exported for unit testing.
2246 *
2247 * @param peer
2248 * @param size size of the packet
2249 * @return as in summary
2250 */
2251 int bgp_capability_receive(struct peer *peer, bgp_size_t size)
2252 {
2253 uint8_t *pnt;
2254
2255 /* Fetch pointer. */
2256 pnt = stream_pnt(peer->curr);
2257
2258 if (bgp_debug_neighbor_events(peer))
2259 zlog_debug("%s rcv CAPABILITY", peer->host);
2260
2261 /* If peer does not have the capability, send notification. */
2262 if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) {
2263 flog_err(EC_BGP_NO_CAP,
2264 "%s [Error] BGP dynamic capability is not enabled",
2265 peer->host);
2266 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2267 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2268 return BGP_Stop;
2269 }
2270
2271 /* Status must be Established. */
2272 if (peer->status != Established) {
2273 flog_err(
2274 EC_BGP_NO_CAP,
2275 "%s [Error] Dynamic capability packet received under status %s",
2276 peer->host,
2277 lookup_msg(bgp_status_msg, peer->status, NULL));
2278 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
2279 bgp_fsm_error_subcode(peer->status));
2280 return BGP_Stop;
2281 }
2282
2283 /* Parse packet. */
2284 return bgp_capability_msg_parse(peer, pnt, size);
2285 }
2286
2287 /**
2288 * Processes a peer's input buffer.
2289 *
2290 * This function sidesteps the event loop and directly calls bgp_event_update()
2291 * after processing each BGP message. This is necessary to ensure proper
2292 * ordering of FSM events and unifies the behavior that was present previously,
2293 * whereby some of the packet handling functions would update the FSM and some
2294 * would not, making event flow difficult to understand. Please think twice
2295 * before hacking this.
2296 *
2297 * Thread type: THREAD_EVENT
2298 * @param thread
2299 * @return 0
2300 */
2301 int bgp_process_packet(struct thread *thread)
2302 {
2303 /* Yes first of all get peer pointer. */
2304 struct peer *peer; // peer
2305 uint32_t rpkt_quanta_old; // how many packets to read
2306 int fsm_update_result; // return code of bgp_event_update()
2307 int mprc; // message processing return code
2308
2309 peer = THREAD_ARG(thread);
2310 rpkt_quanta_old = atomic_load_explicit(&peer->bgp->rpkt_quanta,
2311 memory_order_relaxed);
2312 fsm_update_result = 0;
2313
2314 /* Guard against scheduled events that occur after peer deletion. */
2315 if (peer->status == Deleted || peer->status == Clearing)
2316 return 0;
2317
2318 unsigned int processed = 0;
2319
2320 while (processed < rpkt_quanta_old) {
2321 uint8_t type = 0;
2322 bgp_size_t size;
2323 char notify_data_length[2];
2324
2325 frr_with_mutex(&peer->io_mtx) {
2326 peer->curr = stream_fifo_pop(peer->ibuf);
2327 }
2328
2329 if (peer->curr == NULL) // no packets to process, hmm...
2330 return 0;
2331
2332 /* skip the marker and copy the packet length */
2333 stream_forward_getp(peer->curr, BGP_MARKER_SIZE);
2334 memcpy(notify_data_length, stream_pnt(peer->curr), 2);
2335
2336 /* read in the packet length and type */
2337 size = stream_getw(peer->curr);
2338 type = stream_getc(peer->curr);
2339
2340 hook_call(bgp_packet_dump, peer, type, size, peer->curr);
2341
2342 /* adjust size to exclude the marker + length + type */
2343 size -= BGP_HEADER_SIZE;
2344
2345 /* Read rest of the packet and call each sort of packet routine
2346 */
2347 switch (type) {
2348 case BGP_MSG_OPEN:
2349 atomic_fetch_add_explicit(&peer->open_in, 1,
2350 memory_order_relaxed);
2351 mprc = bgp_open_receive(peer, size);
2352 if (mprc == BGP_Stop)
2353 flog_err(
2354 EC_BGP_PKT_OPEN,
2355 "%s: BGP OPEN receipt failed for peer: %s",
2356 __func__, peer->host);
2357 break;
2358 case BGP_MSG_UPDATE:
2359 atomic_fetch_add_explicit(&peer->update_in, 1,
2360 memory_order_relaxed);
2361 peer->readtime = monotime(NULL);
2362 mprc = bgp_update_receive(peer, size);
2363 if (mprc == BGP_Stop)
2364 flog_err(
2365 EC_BGP_UPDATE_RCV,
2366 "%s: BGP UPDATE receipt failed for peer: %s",
2367 __func__, peer->host);
2368 break;
2369 case BGP_MSG_NOTIFY:
2370 atomic_fetch_add_explicit(&peer->notify_in, 1,
2371 memory_order_relaxed);
2372 mprc = bgp_notify_receive(peer, size);
2373 if (mprc == BGP_Stop)
2374 flog_err(
2375 EC_BGP_NOTIFY_RCV,
2376 "%s: BGP NOTIFY receipt failed for peer: %s",
2377 __func__, peer->host);
2378 break;
2379 case BGP_MSG_KEEPALIVE:
2380 peer->readtime = monotime(NULL);
2381 atomic_fetch_add_explicit(&peer->keepalive_in, 1,
2382 memory_order_relaxed);
2383 mprc = bgp_keepalive_receive(peer, size);
2384 if (mprc == BGP_Stop)
2385 flog_err(
2386 EC_BGP_KEEP_RCV,
2387 "%s: BGP KEEPALIVE receipt failed for peer: %s",
2388 __func__, peer->host);
2389 break;
2390 case BGP_MSG_ROUTE_REFRESH_NEW:
2391 case BGP_MSG_ROUTE_REFRESH_OLD:
2392 atomic_fetch_add_explicit(&peer->refresh_in, 1,
2393 memory_order_relaxed);
2394 mprc = bgp_route_refresh_receive(peer, size);
2395 if (mprc == BGP_Stop)
2396 flog_err(
2397 EC_BGP_RFSH_RCV,
2398 "%s: BGP ROUTEREFRESH receipt failed for peer: %s",
2399 __func__, peer->host);
2400 break;
2401 case BGP_MSG_CAPABILITY:
2402 atomic_fetch_add_explicit(&peer->dynamic_cap_in, 1,
2403 memory_order_relaxed);
2404 mprc = bgp_capability_receive(peer, size);
2405 if (mprc == BGP_Stop)
2406 flog_err(
2407 EC_BGP_CAP_RCV,
2408 "%s: BGP CAPABILITY receipt failed for peer: %s",
2409 __func__, peer->host);
2410 break;
2411 default:
2412 /* Suppress uninitialized variable warning */
2413 mprc = 0;
2414 (void)mprc;
2415 /*
2416 * The message type should have been sanitized before
2417 * we ever got here. Receipt of a message with an
2418 * invalid header at this point is indicative of a
2419 * security issue.
2420 */
2421 assert (!"Message of invalid type received during input processing");
2422 }
2423
2424 /* delete processed packet */
2425 stream_free(peer->curr);
2426 peer->curr = NULL;
2427 processed++;
2428
2429 /* Update FSM */
2430 if (mprc != BGP_PACKET_NOOP)
2431 fsm_update_result = bgp_event_update(peer, mprc);
2432 else
2433 continue;
2434
2435 /*
2436 * If peer was deleted, do not process any more packets. This
2437 * is usually due to executing BGP_Stop or a stub deletion.
2438 */
2439 if (fsm_update_result == FSM_PEER_TRANSFERRED
2440 || fsm_update_result == FSM_PEER_STOPPED)
2441 break;
2442 }
2443
2444 if (fsm_update_result != FSM_PEER_TRANSFERRED
2445 && fsm_update_result != FSM_PEER_STOPPED) {
2446 frr_with_mutex(&peer->io_mtx) {
2447 // more work to do, come back later
2448 if (peer->ibuf->count > 0)
2449 thread_add_timer_msec(
2450 bm->master, bgp_process_packet, peer, 0,
2451 &peer->t_process_packet);
2452 }
2453 }
2454
2455 return 0;
2456 }
2457
2458 /* Send EOR when routes are processed by selection deferral timer */
2459 void bgp_send_delayed_eor(struct bgp *bgp)
2460 {
2461 struct peer *peer;
2462 struct listnode *node, *nnode;
2463
2464 /* EOR message sent in bgp_write_proceed_actions */
2465 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer))
2466 bgp_write_proceed_actions(peer);
2467 }
FRRouting mirror