]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: labeled unicast config
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 Copyright (C) 1999 Kunihiro Ishiguro
3
4 This file is part of GNU Zebra.
5
6 GNU Zebra is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the Free
18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 02111-1307, USA. */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "stream.h"
25 #include "network.h"
26 #include "prefix.h"
27 #include "command.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "sockunion.h" /* for inet_ntop () */
31 #include "sockopt.h"
32 #include "linklist.h"
33 #include "plist.h"
34 #include "queue.h"
35 #include "filter.h"
36
37 #include "bgpd/bgpd.h"
38 #include "bgpd/bgp_table.h"
39 #include "bgpd/bgp_dump.h"
40 #include "bgpd/bgp_attr.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_fsm.h"
43 #include "bgpd/bgp_route.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_open.h"
46 #include "bgpd/bgp_aspath.h"
47 #include "bgpd/bgp_community.h"
48 #include "bgpd/bgp_ecommunity.h"
49 #include "bgpd/bgp_lcommunity.h"
50 #include "bgpd/bgp_network.h"
51 #include "bgpd/bgp_mplsvpn.h"
52 #include "bgpd/bgp_evpn.h"
53 #include "bgpd/bgp_encap.h"
54 #include "bgpd/bgp_evpn.h"
55 #include "bgpd/bgp_advertise.h"
56 #include "bgpd/bgp_vty.h"
57 #include "bgpd/bgp_updgrp.h"
58
59 /* Set up BGP packet marker and packet type. */
60 int
61 bgp_packet_set_marker (struct stream *s, u_char type)
62 {
63 int i;
64
65 /* Fill in marker. */
66 for (i = 0; i < BGP_MARKER_SIZE; i++)
67 stream_putc (s, 0xff);
68
69 /* Dummy total length. This field is should be filled in later on. */
70 stream_putw (s, 0);
71
72 /* BGP packet type. */
73 stream_putc (s, type);
74
75 /* Return current stream size. */
76 return stream_get_endp (s);
77 }
78
79 /* Set BGP packet header size entry. If size is zero then use current
80 stream size. */
81 int
82 bgp_packet_set_size (struct stream *s)
83 {
84 int cp;
85
86 /* Preserve current pointer. */
87 cp = stream_get_endp (s);
88 stream_putw_at (s, BGP_MARKER_SIZE, cp);
89
90 return cp;
91 }
92
93 /* Add new packet to the peer. */
94 void
95 bgp_packet_add (struct peer *peer, struct stream *s)
96 {
97 /* Add packet to the end of list. */
98 stream_fifo_push (peer->obuf, s);
99 }
100
101 /* Free first packet. */
102 static void
103 bgp_packet_delete (struct peer *peer)
104 {
105 stream_free (stream_fifo_pop (peer->obuf));
106 }
107
108 /* Check file descriptor whether connect is established. */
109 int
110 bgp_connect_check (struct peer *peer, int change_state)
111 {
112 int status;
113 socklen_t slen;
114 int ret;
115
116 /* Anyway I have to reset read and write thread. */
117 BGP_READ_OFF (peer->t_read);
118 BGP_WRITE_OFF (peer->t_write);
119
120 /* Check file descriptor. */
121 slen = sizeof (status);
122 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *) &status, &slen);
123
124 /* If getsockopt is fail, this is fatal error. */
125 if (ret < 0)
126 {
127 zlog_info ("can't get sockopt for nonblocking connect");
128 BGP_EVENT_ADD (peer, TCP_fatal_error);
129 return -1;
130 }
131
132 /* When status is 0 then TCP connection is established. */
133 if (status == 0)
134 {
135 BGP_EVENT_ADD (peer, TCP_connection_open);
136 return 1;
137 }
138 else
139 {
140 if (bgp_debug_neighbor_events(peer))
141 zlog_debug ("%s [Event] Connect failed (%s)",
142 peer->host, safe_strerror (errno));
143 if (change_state)
144 BGP_EVENT_ADD (peer, TCP_connection_open_failed);
145 return 0;
146 }
147 }
148
149 static struct stream *
150 bgp_update_packet_eor (struct peer *peer, afi_t afi, safi_t safi)
151 {
152 struct stream *s;
153 iana_afi_t pkt_afi;
154 safi_t pkt_safi;
155
156 if (DISABLE_BGP_ANNOUNCE)
157 return NULL;
158
159 if (bgp_debug_neighbor_events(peer))
160 zlog_debug ("send End-of-RIB for %s to %s", afi_safi_print (afi, safi), peer->host);
161
162 s = stream_new (BGP_MAX_PACKET_SIZE);
163
164 /* Make BGP update packet. */
165 bgp_packet_set_marker (s, BGP_MSG_UPDATE);
166
167 /* Unfeasible Routes Length */
168 stream_putw (s, 0);
169
170 if (afi == AFI_IP && safi == SAFI_UNICAST)
171 {
172 /* Total Path Attribute Length */
173 stream_putw (s, 0);
174 }
175 else
176 {
177 /* Convert AFI, SAFI to values for packet. */
178 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
179
180 /* Total Path Attribute Length */
181 stream_putw (s, 6);
182 stream_putc (s, BGP_ATTR_FLAG_OPTIONAL);
183 stream_putc (s, BGP_ATTR_MP_UNREACH_NLRI);
184 stream_putc (s, 3);
185 stream_putw (s, pkt_afi);
186 stream_putc (s, pkt_safi);
187 }
188
189 bgp_packet_set_size (s);
190 bgp_packet_add (peer, s);
191 return s;
192 }
193
194 /* Get next packet to be written. */
195 static struct stream *
196 bgp_write_packet (struct peer *peer)
197 {
198 struct stream *s = NULL;
199 struct peer_af *paf;
200 struct bpacket *next_pkt;
201 afi_t afi;
202 safi_t safi;
203
204 s = stream_fifo_head (peer->obuf);
205 if (s)
206 return s;
207
208 /*
209 * The code beyond this part deals with update packets, proceed only
210 * if peer is Established and updates are not on hold (as part of
211 * update-delay post processing).
212 */
213 if (peer->status != Established)
214 return NULL;
215
216 if (peer->bgp && peer->bgp->main_peers_update_hold)
217 return NULL;
218
219 for (afi = AFI_IP; afi < AFI_MAX; afi++)
220 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
221 {
222 paf = peer_af_find (peer, afi, safi);
223 if (!paf || !PAF_SUBGRP(paf))
224 continue;
225 next_pkt = paf->next_pkt_to_send;
226
227 /* Try to generate a packet for the peer if we are at the end of
228 * the list. Always try to push out WITHDRAWs first. */
229 if (!next_pkt || !next_pkt->buffer)
230 {
231 next_pkt = subgroup_withdraw_packet(PAF_SUBGRP(paf));
232 if (!next_pkt || !next_pkt->buffer)
233 subgroup_update_packet (PAF_SUBGRP(paf));
234 next_pkt = paf->next_pkt_to_send;
235 }
236
237 /* If we still don't have a packet to send to the peer, then
238 * try to find out out if we have to send eor or if not, skip to
239 * the next AFI, SAFI.
240 * Don't send the EOR prematurely... if the subgroup's coalesce
241 * timer is running, the adjacency-out structure is not created
242 * yet.
243 */
244 if (!next_pkt || !next_pkt->buffer)
245 {
246 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
247 {
248 if (!(PAF_SUBGRP(paf))->t_coalesce &&
249 peer->afc_nego[afi][safi] && peer->synctime
250 && ! CHECK_FLAG (peer->af_sflags[afi][safi],
251 PEER_STATUS_EOR_SEND)
252 && safi != SAFI_EVPN)
253 {
254 SET_FLAG (peer->af_sflags[afi][safi],
255 PEER_STATUS_EOR_SEND);
256 return bgp_update_packet_eor (peer, afi, safi);
257 }
258 }
259 continue;
260 }
261
262
263 /*
264 * Found a packet template to send, overwrite packet with appropriate
265 * attributes from peer and advance peer
266 */
267 s = bpacket_reformat_for_peer (next_pkt, paf);
268 bpacket_queue_advance_peer (paf);
269 return s;
270 }
271
272 return NULL;
273 }
274
275 /* The next action for the peer from a write perspective */
276 static void
277 bgp_write_proceed_actions (struct peer *peer)
278 {
279 afi_t afi;
280 safi_t safi;
281 struct peer_af *paf;
282 struct bpacket *next_pkt;
283 int fullq_found = 0;
284 struct update_subgroup *subgrp;
285
286 if (stream_fifo_head (peer->obuf))
287 {
288 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
289 return;
290 }
291
292 for (afi = AFI_IP; afi < AFI_MAX; afi++)
293 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
294 {
295 paf = peer_af_find (peer, afi, safi);
296 if (!paf)
297 continue;
298 subgrp = paf->subgroup;
299 if (!subgrp)
300 continue;
301
302 next_pkt = paf->next_pkt_to_send;
303 if (next_pkt && next_pkt->buffer)
304 {
305 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
306 return;
307 }
308
309 /* No packets readily available for AFI/SAFI, are there subgroup packets
310 * that need to be generated? */
311 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
312 SUBGRP_PKTQ(subgrp)))
313 fullq_found = 1;
314 else if (subgroup_packets_to_build (subgrp))
315 {
316 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
317 return;
318 }
319
320 /* No packets to send, see if EOR is pending */
321 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
322 {
323 if (!subgrp->t_coalesce &&
324 peer->afc_nego[afi][safi] &&
325 peer->synctime &&
326 !CHECK_FLAG(peer->af_sflags[afi][safi],
327 PEER_STATUS_EOR_SEND) &&
328 safi != SAFI_MPLS_VPN)
329 {
330 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
331 return;
332 }
333
334 }
335 }
336 if (fullq_found)
337 {
338 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
339 return;
340 }
341 }
342
343 /* Write packet to the peer. */
344 int
345 bgp_write (struct thread *thread)
346 {
347 struct peer *peer;
348 u_char type;
349 struct stream *s;
350 int num;
351 int update_last_write = 0;
352 unsigned int count = 0;
353 unsigned int oc = 0;
354
355 /* Yes first of all get peer pointer. */
356 peer = THREAD_ARG (thread);
357 peer->t_write = NULL;
358
359 /* For non-blocking IO check. */
360 if (peer->status == Connect)
361 {
362 bgp_connect_check (peer, 1);
363 return 0;
364 }
365
366 s = bgp_write_packet (peer);
367 if (!s)
368 {
369 bgp_write_proceed_actions (peer);
370 return 0;
371 }
372
373 sockopt_cork (peer->fd, 1);
374
375 oc = peer->update_out;
376
377 /* Nonblocking write until TCP output buffer is full. */
378 do
379 {
380 int writenum;
381
382 /* Number of bytes to be sent. */
383 writenum = stream_get_endp (s) - stream_get_getp (s);
384
385 /* Call write() system call. */
386 num = write (peer->fd, STREAM_PNT (s), writenum);
387 if (num < 0)
388 {
389 /* write failed either retry needed or error */
390 if (ERRNO_IO_RETRY(errno))
391 break;
392
393 BGP_EVENT_ADD (peer, TCP_fatal_error);
394 return 0;
395 }
396
397 if (num != writenum)
398 {
399 /* Partial write */
400 stream_forward_getp (s, num);
401 break;
402 }
403
404 /* Retrieve BGP packet type. */
405 stream_set_getp (s, BGP_MARKER_SIZE + 2);
406 type = stream_getc (s);
407
408 switch (type)
409 {
410 case BGP_MSG_OPEN:
411 peer->open_out++;
412 break;
413 case BGP_MSG_UPDATE:
414 peer->update_out++;
415 break;
416 case BGP_MSG_NOTIFY:
417 peer->notify_out++;
418 /* Double start timer. */
419 peer->v_start *= 2;
420
421 /* Overflow check. */
422 if (peer->v_start >= (60 * 2))
423 peer->v_start = (60 * 2);
424
425 /* Flush any existing events */
426 BGP_EVENT_ADD (peer, BGP_Stop);
427 goto done;
428
429 case BGP_MSG_KEEPALIVE:
430 peer->keepalive_out++;
431 break;
432 case BGP_MSG_ROUTE_REFRESH_NEW:
433 case BGP_MSG_ROUTE_REFRESH_OLD:
434 peer->refresh_out++;
435 break;
436 case BGP_MSG_CAPABILITY:
437 peer->dynamic_cap_out++;
438 break;
439 }
440
441 /* OK we send packet so delete it. */
442 bgp_packet_delete (peer);
443 update_last_write = 1;
444 }
445 while (++count < peer->bgp->wpkt_quanta &&
446 (s = bgp_write_packet (peer)) != NULL);
447
448 bgp_write_proceed_actions (peer);
449
450 done:
451 /* Update last_update if UPDATEs were written. */
452 if (peer->update_out > oc)
453 peer->last_update = bgp_clock ();
454
455 /* If we TXed any flavor of packet update last_write */
456 if (update_last_write)
457 peer->last_write = bgp_clock ();
458
459 sockopt_cork (peer->fd, 0);
460 return 0;
461 }
462
463 /* This is only for sending NOTIFICATION message to neighbor. */
464 static int
465 bgp_write_notify (struct peer *peer)
466 {
467 int ret, val;
468 u_char type;
469 struct stream *s;
470
471 /* There should be at least one packet. */
472 s = stream_fifo_head (peer->obuf);
473 if (!s)
474 return 0;
475 assert (stream_get_endp (s) >= BGP_HEADER_SIZE);
476
477 /* Stop collecting data within the socket */
478 sockopt_cork (peer->fd, 0);
479
480 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
481 * we only care about getting a clean shutdown at this point. */
482 ret = write (peer->fd, STREAM_DATA (s), stream_get_endp (s));
483
484 /* only connection reset/close gets counted as TCP_fatal_error, failure
485 * to write the entire NOTIFY doesn't get different FSM treatment */
486 if (ret <= 0)
487 {
488 BGP_EVENT_ADD (peer, TCP_fatal_error);
489 return 0;
490 }
491
492 /* Disable Nagle, make NOTIFY packet go out right away */
493 val = 1;
494 (void) setsockopt (peer->fd, IPPROTO_TCP, TCP_NODELAY,
495 (char *) &val, sizeof (val));
496
497 /* Retrieve BGP packet type. */
498 stream_set_getp (s, BGP_MARKER_SIZE + 2);
499 type = stream_getc (s);
500
501 assert (type == BGP_MSG_NOTIFY);
502
503 /* Type should be notify. */
504 peer->notify_out++;
505
506 /* Double start timer. */
507 peer->v_start *= 2;
508
509 /* Overflow check. */
510 if (peer->v_start >= (60 * 2))
511 peer->v_start = (60 * 2);
512
513 /* Handle Graceful Restart case where the state changes to
514 Connect instead of Idle */
515 BGP_EVENT_ADD (peer, BGP_Stop);
516
517 return 0;
518 }
519
520 /* Make keepalive packet and send it to the peer. */
521 void
522 bgp_keepalive_send (struct peer *peer)
523 {
524 struct stream *s;
525
526 s = stream_new (BGP_MAX_PACKET_SIZE);
527
528 /* Make keepalive packet. */
529 bgp_packet_set_marker (s, BGP_MSG_KEEPALIVE);
530
531 /* Set packet size. */
532 (void)bgp_packet_set_size (s);
533
534 /* Dump packet if debug option is set. */
535 /* bgp_packet_dump (s); */
536
537 if (bgp_debug_keepalive(peer))
538 zlog_debug ("%s sending KEEPALIVE", peer->host);
539
540 /* Add packet to the peer. */
541 bgp_packet_add (peer, s);
542
543 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
544 }
545
546 /* Make open packet and send it to the peer. */
547 void
548 bgp_open_send (struct peer *peer)
549 {
550 struct stream *s;
551 u_int16_t send_holdtime;
552 as_t local_as;
553
554 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
555 send_holdtime = peer->holdtime;
556 else
557 send_holdtime = peer->bgp->default_holdtime;
558
559 /* local-as Change */
560 if (peer->change_local_as)
561 local_as = peer->change_local_as;
562 else
563 local_as = peer->local_as;
564
565 s = stream_new (BGP_MAX_PACKET_SIZE);
566
567 /* Make open packet. */
568 bgp_packet_set_marker (s, BGP_MSG_OPEN);
569
570 /* Set open packet values. */
571 stream_putc (s, BGP_VERSION_4); /* BGP version */
572 stream_putw (s, (local_as <= BGP_AS_MAX) ? (u_int16_t) local_as
573 : BGP_AS_TRANS);
574 stream_putw (s, send_holdtime); /* Hold Time */
575 stream_put_in_addr (s, &peer->local_id); /* BGP Identifier */
576
577 /* Set capability code. */
578 bgp_open_capability (s, peer);
579
580 /* Set BGP packet length. */
581 (void)bgp_packet_set_size (s);
582
583 if (bgp_debug_neighbor_events(peer))
584 zlog_debug ("%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
585 peer->host, BGP_VERSION_4, local_as,
586 send_holdtime, inet_ntoa (peer->local_id));
587
588 /* Dump packet if debug option is set. */
589 /* bgp_packet_dump (s); */
590
591 /* Add packet to the peer. */
592 bgp_packet_add (peer, s);
593
594 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
595 }
596
597 /* Send BGP notify packet with data potion. */
598 void
599 bgp_notify_send_with_data (struct peer *peer, u_char code, u_char sub_code,
600 u_char *data, size_t datalen)
601 {
602 struct stream *s;
603 int length;
604
605 /* Allocate new stream. */
606 s = stream_new (BGP_MAX_PACKET_SIZE);
607
608 /* Make nitify packet. */
609 bgp_packet_set_marker (s, BGP_MSG_NOTIFY);
610
611 /* Set notify packet values. */
612 stream_putc (s, code); /* BGP notify code */
613 stream_putc (s, sub_code); /* BGP notify sub_code */
614
615 /* If notify data is present. */
616 if (data)
617 stream_write (s, data, datalen);
618
619 /* Set BGP packet length. */
620 length = bgp_packet_set_size (s);
621
622 /* Add packet to the peer. */
623 stream_fifo_clean (peer->obuf);
624 bgp_packet_add (peer, s);
625
626 /* For debug */
627 {
628 struct bgp_notify bgp_notify;
629 int first = 0;
630 int i;
631 char c[4];
632
633 bgp_notify.code = code;
634 bgp_notify.subcode = sub_code;
635 bgp_notify.data = NULL;
636 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
637 bgp_notify.raw_data = data;
638
639 peer->notify.code = bgp_notify.code;
640 peer->notify.subcode = bgp_notify.subcode;
641
642 if (bgp_notify.length)
643 {
644 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
645 for (i = 0; i < bgp_notify.length; i++)
646 if (first)
647 {
648 sprintf (c, " %02x", data[i]);
649 strcat (bgp_notify.data, c);
650 }
651 else
652 {
653 first = 1;
654 sprintf (c, "%02x", data[i]);
655 strcpy (bgp_notify.data, c);
656 }
657 }
658 bgp_notify_print (peer, &bgp_notify, "sending");
659
660 if (bgp_notify.data)
661 {
662 XFREE (MTYPE_TMP, bgp_notify.data);
663 bgp_notify.data = NULL;
664 bgp_notify.length = 0;
665 }
666 }
667
668 /* peer reset cause */
669 if (code == BGP_NOTIFY_CEASE)
670 {
671 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
672 peer->last_reset = PEER_DOWN_USER_RESET;
673 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
674 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
675 else
676 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
677 }
678 else
679 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
680
681 /* Call immediately. */
682 BGP_WRITE_OFF (peer->t_write);
683
684 bgp_write_notify (peer);
685 }
686
687 /* Send BGP notify packet. */
688 void
689 bgp_notify_send (struct peer *peer, u_char code, u_char sub_code)
690 {
691 bgp_notify_send_with_data (peer, code, sub_code, NULL, 0);
692 }
693
694 /* Send route refresh message to the peer. */
695 void
696 bgp_route_refresh_send (struct peer *peer, afi_t afi, safi_t safi,
697 u_char orf_type, u_char when_to_refresh, int remove)
698 {
699 struct stream *s;
700 struct bgp_filter *filter;
701 int orf_refresh = 0;
702 iana_afi_t pkt_afi;
703 safi_t pkt_safi;
704
705 if (DISABLE_BGP_ANNOUNCE)
706 return;
707
708 filter = &peer->filter[afi][safi];
709
710 /* Convert AFI, SAFI to values for packet. */
711 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
712
713 s = stream_new (BGP_MAX_PACKET_SIZE);
714
715 /* Make BGP update packet. */
716 if (CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV))
717 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_NEW);
718 else
719 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_OLD);
720
721 /* Encode Route Refresh message. */
722 stream_putw (s, pkt_afi);
723 stream_putc (s, 0);
724 stream_putc (s, pkt_safi);
725
726 if (orf_type == ORF_TYPE_PREFIX
727 || orf_type == ORF_TYPE_PREFIX_OLD)
728 if (remove || filter->plist[FILTER_IN].plist)
729 {
730 u_int16_t orf_len;
731 unsigned long orfp;
732
733 orf_refresh = 1;
734 stream_putc (s, when_to_refresh);
735 stream_putc (s, orf_type);
736 orfp = stream_get_endp (s);
737 stream_putw (s, 0);
738
739 if (remove)
740 {
741 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
742 stream_putc (s, ORF_COMMON_PART_REMOVE_ALL);
743 if (bgp_debug_neighbor_events(peer))
744 zlog_debug ("%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
745 peer->host, orf_type,
746 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
747 pkt_afi, pkt_safi);
748 }
749 else
750 {
751 SET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
752 prefix_bgp_orf_entry (s, filter->plist[FILTER_IN].plist,
753 ORF_COMMON_PART_ADD, ORF_COMMON_PART_PERMIT,
754 ORF_COMMON_PART_DENY);
755 if (bgp_debug_neighbor_events(peer))
756 zlog_debug ("%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
757 peer->host, orf_type,
758 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
759 pkt_afi, pkt_safi);
760 }
761
762 /* Total ORF Entry Len. */
763 orf_len = stream_get_endp (s) - orfp - 2;
764 stream_putw_at (s, orfp, orf_len);
765 }
766
767 /* Set packet size. */
768 (void)bgp_packet_set_size (s);
769
770 if (bgp_debug_neighbor_events(peer))
771 {
772 if (! orf_refresh)
773 zlog_debug ("%s sending REFRESH_REQ for afi/safi: %d/%d",
774 peer->host, pkt_afi, pkt_safi);
775 }
776
777 /* Add packet to the peer. */
778 bgp_packet_add (peer, s);
779
780 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
781 }
782
783 /* Send capability message to the peer. */
784 void
785 bgp_capability_send (struct peer *peer, afi_t afi, safi_t safi,
786 int capability_code, int action)
787 {
788 struct stream *s;
789 iana_afi_t pkt_afi;
790 safi_t pkt_safi;
791
792 /* Convert AFI, SAFI to values for packet. */
793 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
794
795 s = stream_new (BGP_MAX_PACKET_SIZE);
796
797 /* Make BGP update packet. */
798 bgp_packet_set_marker (s, BGP_MSG_CAPABILITY);
799
800 /* Encode MP_EXT capability. */
801 if (capability_code == CAPABILITY_CODE_MP)
802 {
803 stream_putc (s, action);
804 stream_putc (s, CAPABILITY_CODE_MP);
805 stream_putc (s, CAPABILITY_CODE_MP_LEN);
806 stream_putw (s, pkt_afi);
807 stream_putc (s, 0);
808 stream_putc (s, pkt_safi);
809
810 if (bgp_debug_neighbor_events(peer))
811 zlog_debug ("%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
812 peer->host, action == CAPABILITY_ACTION_SET ?
813 "Advertising" : "Removing", pkt_afi, pkt_safi);
814 }
815
816 /* Set packet size. */
817 (void)bgp_packet_set_size (s);
818
819 /* Add packet to the peer. */
820 bgp_packet_add (peer, s);
821
822 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
823 }
824
825 /* RFC1771 6.8 Connection collision detection. */
826 static int
827 bgp_collision_detect (struct peer *new, struct in_addr remote_id)
828 {
829 struct peer *peer;
830
831 /* Upon receipt of an OPEN message, the local system must examine
832 all of its connections that are in the OpenConfirm state. A BGP
833 speaker may also examine connections in an OpenSent state if it
834 knows the BGP Identifier of the peer by means outside of the
835 protocol. If among these connections there is a connection to a
836 remote BGP speaker whose BGP Identifier equals the one in the
837 OPEN message, then the local system performs the following
838 collision resolution procedure: */
839
840 if ((peer = new->doppelganger) != NULL)
841 {
842 /* Do not accept the new connection in Established or Clearing states.
843 * Note that a peer GR is handled by closing the existing connection
844 * upon receipt of new one.
845 */
846 if (peer->status == Established || peer->status == Clearing)
847 {
848 bgp_notify_send (new, BGP_NOTIFY_CEASE,
849 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
850 return (-1);
851 }
852 else if ((peer->status == OpenConfirm) || (peer->status == OpenSent))
853 {
854 /* 1. The BGP Identifier of the local system is compared to
855 the BGP Identifier of the remote system (as specified in
856 the OPEN message). */
857
858 if (ntohl (peer->local_id.s_addr) < ntohl (remote_id.s_addr))
859 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
860 {
861 /* 2. If the value of the local BGP Identifier is less
862 than the remote one, the local system closes BGP
863 connection that already exists (the one that is
864 already in the OpenConfirm state), and accepts BGP
865 connection initiated by the remote system. */
866 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
867 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
868 return 1;
869 }
870 else
871 {
872 bgp_notify_send (new, BGP_NOTIFY_CEASE,
873 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
874 return -1;
875 }
876 else
877 {
878 /* 3. Otherwise, the local system closes newly created
879 BGP connection (the one associated with the newly
880 received OPEN message), and continues to use the
881 existing one (the one that is already in the
882 OpenConfirm state). */
883 if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
884 {
885 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
886 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
887 return 1;
888 }
889 else
890 {
891 bgp_notify_send (new, BGP_NOTIFY_CEASE,
892 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
893 return -1;
894 }
895 }
896 }
897 }
898 return 0;
899 }
900
901 static int
902 bgp_open_receive (struct peer *peer, bgp_size_t size)
903 {
904 int ret;
905 u_char version;
906 u_char optlen;
907 u_int16_t holdtime;
908 u_int16_t send_holdtime;
909 as_t remote_as;
910 as_t as4 = 0;
911 struct in_addr remote_id;
912 int mp_capability;
913 u_int8_t notify_data_remote_as[2];
914 u_int8_t notify_data_remote_as4[4];
915 u_int8_t notify_data_remote_id[4];
916 u_int16_t *holdtime_ptr;
917
918 /* Parse open packet. */
919 version = stream_getc (peer->ibuf);
920 memcpy (notify_data_remote_as, stream_pnt (peer->ibuf), 2);
921 remote_as = stream_getw (peer->ibuf);
922 holdtime_ptr = (u_int16_t *)stream_pnt (peer->ibuf);
923 holdtime = stream_getw (peer->ibuf);
924 memcpy (notify_data_remote_id, stream_pnt (peer->ibuf), 4);
925 remote_id.s_addr = stream_get_ipv4 (peer->ibuf);
926
927 /* Receive OPEN message log */
928 if (bgp_debug_neighbor_events(peer))
929 zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %u,"
930 " holdtime %d, id %s",
931 peer->host, version, remote_as, holdtime,
932 inet_ntoa (remote_id));
933
934 /* BEGIN to read the capability here, but dont do it yet */
935 mp_capability = 0;
936 optlen = stream_getc (peer->ibuf);
937
938 if (optlen != 0)
939 {
940 /* If not enough bytes, it is an error. */
941 if (STREAM_READABLE(peer->ibuf) < optlen)
942 {
943 bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR,
944 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
945 return -1;
946 }
947
948 /* We need the as4 capability value *right now* because
949 * if it is there, we have not got the remote_as yet, and without
950 * that we do not know which peer is connecting to us now.
951 */
952 as4 = peek_for_as4_capability (peer, optlen);
953 memcpy (notify_data_remote_as4, &as4, 4);
954 }
955
956 /* Just in case we have a silly peer who sends AS4 capability set to 0 */
957 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV) && !as4)
958 {
959 zlog_err ("%s bad OPEN, got AS4 capability, but AS4 set to 0",
960 peer->host);
961 bgp_notify_send_with_data (peer,
962 BGP_NOTIFY_OPEN_ERR,
963 BGP_NOTIFY_OPEN_BAD_PEER_AS,
964 notify_data_remote_as4, 4);
965 return -1;
966 }
967
968 if (remote_as == BGP_AS_TRANS)
969 {
970 /* Take the AS4 from the capability. We must have received the
971 * capability now! Otherwise we have a asn16 peer who uses
972 * BGP_AS_TRANS, for some unknown reason.
973 */
974 if (as4 == BGP_AS_TRANS)
975 {
976 zlog_err ("%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
977 peer->host);
978 bgp_notify_send_with_data (peer,
979 BGP_NOTIFY_OPEN_ERR,
980 BGP_NOTIFY_OPEN_BAD_PEER_AS,
981 notify_data_remote_as4, 4);
982 return -1;
983 }
984
985 if (!as4 && BGP_DEBUG (as4, AS4))
986 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
987 " Odd, but proceeding.", peer->host);
988 else if (as4 < BGP_AS_MAX && BGP_DEBUG (as4, AS4))
989 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
990 "in 2-bytes, very odd peer.", peer->host, as4);
991 if (as4)
992 remote_as = as4;
993 }
994 else
995 {
996 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX */
997 /* If we have got the capability, peer->as4cap must match remote_as */
998 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV)
999 && as4 != remote_as)
1000 {
1001 /* raise error, log this, close session */
1002 zlog_err ("%s bad OPEN, got AS4 capability, but remote_as %u"
1003 " mismatch with 16bit 'myasn' %u in open",
1004 peer->host, as4, remote_as);
1005 bgp_notify_send_with_data (peer,
1006 BGP_NOTIFY_OPEN_ERR,
1007 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1008 notify_data_remote_as4, 4);
1009 return -1;
1010 }
1011 }
1012
1013 /* remote router-id check. */
1014 if (remote_id.s_addr == 0
1015 || IPV4_CLASS_DE (ntohl (remote_id.s_addr))
1016 || ntohl (peer->local_id.s_addr) == ntohl (remote_id.s_addr))
1017 {
1018 if (bgp_debug_neighbor_events(peer))
1019 zlog_debug ("%s bad OPEN, wrong router identifier %s",
1020 peer->host, inet_ntoa (remote_id));
1021 bgp_notify_send_with_data (peer,
1022 BGP_NOTIFY_OPEN_ERR,
1023 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1024 notify_data_remote_id, 4);
1025 return -1;
1026 }
1027
1028 /* Set remote router-id */
1029 peer->remote_id = remote_id;
1030
1031 /* Peer BGP version check. */
1032 if (version != BGP_VERSION_4)
1033 {
1034 u_int16_t maxver = htons(BGP_VERSION_4);
1035 /* XXX this reply may not be correct if version < 4 XXX */
1036 if (bgp_debug_neighbor_events(peer))
1037 zlog_debug ("%s bad protocol version, remote requested %d, local request %d",
1038 peer->host, version, BGP_VERSION_4);
1039 /* Data must be in network byte order here */
1040 bgp_notify_send_with_data (peer,
1041 BGP_NOTIFY_OPEN_ERR,
1042 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1043 (u_int8_t *) &maxver, 2);
1044 return -1;
1045 }
1046
1047 /* Check neighbor as number. */
1048 if (peer->as_type == AS_UNSPECIFIED)
1049 {
1050 if (bgp_debug_neighbor_events(peer))
1051 zlog_debug("%s bad OPEN, remote AS is unspecified currently", peer->host);
1052 bgp_notify_send_with_data(peer,
1053 BGP_NOTIFY_OPEN_ERR,
1054 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1055 notify_data_remote_as, 2);
1056 return -1;
1057 }
1058 else if (peer->as_type == AS_INTERNAL)
1059 {
1060 if (remote_as != peer->bgp->as)
1061 {
1062 if (bgp_debug_neighbor_events(peer))
1063 zlog_debug ("%s bad OPEN, remote AS is %u, internal specified",
1064 peer->host, remote_as);
1065 bgp_notify_send_with_data (peer,
1066 BGP_NOTIFY_OPEN_ERR,
1067 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1068 notify_data_remote_as, 2);
1069 return -1;
1070 }
1071 peer->as = peer->local_as;
1072 }
1073 else if (peer->as_type == AS_EXTERNAL)
1074 {
1075 if (remote_as == peer->bgp->as)
1076 {
1077 if (bgp_debug_neighbor_events(peer))
1078 zlog_debug ("%s bad OPEN, remote AS is %u, external specified",
1079 peer->host, remote_as);
1080 bgp_notify_send_with_data (peer,
1081 BGP_NOTIFY_OPEN_ERR,
1082 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1083 notify_data_remote_as, 2);
1084 return -1;
1085 }
1086 peer->as = remote_as;
1087 }
1088 else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as))
1089 {
1090 if (bgp_debug_neighbor_events(peer))
1091 zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
1092 peer->host, remote_as, peer->as);
1093 bgp_notify_send_with_data (peer,
1094 BGP_NOTIFY_OPEN_ERR,
1095 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1096 notify_data_remote_as, 2);
1097 return -1;
1098 }
1099
1100 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1101 calculate the value of the Hold Timer by using the smaller of its
1102 configured Hold Time and the Hold Time received in the OPEN message.
1103 The Hold Time MUST be either zero or at least three seconds. An
1104 implementation may reject connections on the basis of the Hold Time. */
1105
1106 if (holdtime < 3 && holdtime != 0)
1107 {
1108 bgp_notify_send_with_data (peer,
1109 BGP_NOTIFY_OPEN_ERR,
1110 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1111 (u_char *)holdtime_ptr, 2);
1112 return -1;
1113 }
1114
1115 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1116 would be one third of the Hold Time interval. KEEPALIVE messages
1117 MUST NOT be sent more frequently than one per second. An
1118 implementation MAY adjust the rate at which it sends KEEPALIVE
1119 messages as a function of the Hold Time interval. */
1120
1121 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1122 send_holdtime = peer->holdtime;
1123 else
1124 send_holdtime = peer->bgp->default_holdtime;
1125
1126 if (holdtime < send_holdtime)
1127 peer->v_holdtime = holdtime;
1128 else
1129 peer->v_holdtime = send_holdtime;
1130
1131 peer->v_keepalive = peer->v_holdtime / 3;
1132
1133 /* Open option part parse. */
1134 if (optlen != 0)
1135 {
1136 if ((ret = bgp_open_option_parse (peer, optlen, &mp_capability)) < 0)
1137 return ret;
1138 }
1139 else
1140 {
1141 if (bgp_debug_neighbor_events(peer))
1142 zlog_debug ("%s rcvd OPEN w/ OPTION parameter len: 0",
1143 peer->host);
1144 }
1145
1146 /*
1147 * Assume that the peer supports the locally configured set of
1148 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1149 * capabilities, or if 'override-capability' is configured.
1150 */
1151 if (! mp_capability ||
1152 CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1153 {
1154 peer->afc_nego[AFI_IP][SAFI_UNICAST] = peer->afc[AFI_IP][SAFI_UNICAST];
1155 peer->afc_nego[AFI_IP][SAFI_MULTICAST] = peer->afc[AFI_IP][SAFI_MULTICAST];
1156 peer->afc_nego[AFI_IP6][SAFI_UNICAST] = peer->afc[AFI_IP6][SAFI_UNICAST];
1157 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = peer->afc[AFI_IP6][SAFI_MULTICAST];
1158 }
1159
1160 /* When collision is detected and this peer is closed. Retrun
1161 immidiately. */
1162 ret = bgp_collision_detect (peer, remote_id);
1163 if (ret < 0)
1164 return ret;
1165
1166 /* Get sockname. */
1167 if ((ret = bgp_getsockname (peer)) < 0)
1168 {
1169 zlog_err("%s: bgp_getsockname() failed for peer: %s", __FUNCTION__,
1170 peer->host);
1171 return (ret);
1172 }
1173
1174 /* Verify valid local address present based on negotiated address-families. */
1175 if (peer->afc_nego[AFI_IP][SAFI_UNICAST] ||
1176 peer->afc_nego[AFI_IP][SAFI_MULTICAST] ||
1177 peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] ||
1178 peer->afc_nego[AFI_IP][SAFI_ENCAP])
1179 {
1180 if (!peer->nexthop.v4.s_addr)
1181 {
1182 #if defined (HAVE_CUMULUS)
1183 zlog_err ("%s: No local IPv4 addr resetting connection, fd %d",
1184 peer->host, peer->fd);
1185 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1186 return -1;
1187 #endif
1188 }
1189 }
1190 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST] ||
1191 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] ||
1192 peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN] ||
1193 peer->afc_nego[AFI_IP6][SAFI_ENCAP])
1194 {
1195 if (IN6_IS_ADDR_UNSPECIFIED (&peer->nexthop.v6_global))
1196 {
1197 #if defined (HAVE_CUMULUS)
1198 zlog_err ("%s: No local IPv6 addr resetting connection, fd %d",
1199 peer->host, peer->fd);
1200 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1201 return -1;
1202 #endif
1203 }
1204 }
1205 peer->rtt = sockopt_tcp_rtt (peer->fd);
1206
1207 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0)
1208 {
1209 zlog_err("%s: BGP event update failed for peer: %s", __FUNCTION__,
1210 peer->host);
1211 /* DD: bgp send notify and reset state */
1212 return (ret);
1213 }
1214
1215 peer->packet_size = 0;
1216 if (peer->ibuf)
1217 stream_reset (peer->ibuf);
1218
1219 return 0;
1220 }
1221
1222 /* Called when there is a change in the EOR(implicit or explicit) status of a peer.
1223 Ends the update-delay if all expected peers are done with EORs. */
1224 void
1225 bgp_check_update_delay(struct bgp *bgp)
1226 {
1227 struct listnode *node, *nnode;
1228 struct peer *peer = NULL;
1229
1230 if (bgp_debug_neighbor_events(peer))
1231 zlog_debug ("Checking update delay, T: %d R: %d I:%d E: %d", bgp->established,
1232 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1233
1234 if (bgp->established <=
1235 bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors)
1236 {
1237 /* This is an extra sanity check to make sure we wait for all the
1238 eligible configured peers. This check is performed if establish wait
1239 timer is on, or establish wait option is not given with the
1240 update-delay command */
1241 if (bgp->t_establish_wait ||
1242 (bgp->v_establish_wait == bgp->v_update_delay))
1243 for (ALL_LIST_ELEMENTS (bgp->peer, node, nnode, peer))
1244 {
1245 if (CHECK_FLAG(peer->flags, PEER_FLAG_CONFIG_NODE)
1246 && !CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)
1247 && !peer->update_delay_over)
1248 {
1249 if (bgp_debug_neighbor_events(peer))
1250 zlog_debug (" Peer %s pending, continuing read-only mode",
1251 peer->host);
1252 return;
1253 }
1254 }
1255
1256 zlog_info ("Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1257 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1258 bgp_update_delay_end(bgp);
1259 }
1260 }
1261
1262 /* Called if peer is known to have restarted. The restart-state bit in
1263 Graceful-Restart capability is used for that */
1264 void
1265 bgp_update_restarted_peers (struct peer *peer)
1266 {
1267 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1268 if (peer->update_delay_over) return; /* This peer has already been considered */
1269
1270 if (bgp_debug_neighbor_events(peer))
1271 zlog_debug ("Peer %s: Checking restarted", peer->host);
1272
1273 if (peer->status == Established)
1274 {
1275 peer->update_delay_over = 1;
1276 peer->bgp->restarted_peers++;
1277 bgp_check_update_delay(peer->bgp);
1278 }
1279 }
1280
1281 /* Called as peer receives a keep-alive. Determines if this occurence can be
1282 taken as an implicit EOR for this peer.
1283 NOTE: The very first keep-alive after the Established state of a peer is
1284 considered implicit EOR for the update-delay purposes */
1285 void
1286 bgp_update_implicit_eors (struct peer *peer)
1287 {
1288 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1289 if (peer->update_delay_over) return; /* This peer has already been considered */
1290
1291 if (bgp_debug_neighbor_events(peer))
1292 zlog_debug ("Peer %s: Checking implicit EORs", peer->host);
1293
1294 if (peer->status == Established)
1295 {
1296 peer->update_delay_over = 1;
1297 peer->bgp->implicit_eors++;
1298 bgp_check_update_delay(peer->bgp);
1299 }
1300 }
1301
1302 /* Should be called only when there is a change in the EOR_RECEIVED status
1303 for any afi/safi on a peer */
1304 static void
1305 bgp_update_explicit_eors (struct peer *peer)
1306 {
1307 afi_t afi;
1308 safi_t safi;
1309
1310 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1311 if (peer->update_delay_over) return; /* This peer has already been considered */
1312
1313 if (bgp_debug_neighbor_events(peer))
1314 zlog_debug ("Peer %s: Checking explicit EORs", peer->host);
1315
1316 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1317 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
1318 {
1319 if (peer->afc_nego[afi][safi] &&
1320 !CHECK_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1321 {
1322 if (bgp_debug_neighbor_events(peer))
1323 zlog_debug (" afi %d safi %d didnt receive EOR", afi, safi);
1324 return;
1325 }
1326 }
1327
1328 peer->update_delay_over = 1;
1329 peer->bgp->explicit_eors++;
1330 bgp_check_update_delay(peer->bgp);
1331 }
1332
1333 /* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers
1334 * mp_withdraw, if set, is used to nullify attr structure on most of the calling safi function
1335 * and for evpn, passed as parameter
1336 */
1337 int
1338 bgp_nlri_parse (struct peer *peer, struct attr *attr, struct bgp_nlri *packet, int mp_withdraw)
1339 {
1340 switch (packet->safi)
1341 {
1342 case SAFI_UNICAST:
1343 case SAFI_MULTICAST:
1344 return bgp_nlri_parse_ip (peer, mp_withdraw?NULL:attr, packet);
1345 case SAFI_MPLS_VPN:
1346 return bgp_nlri_parse_vpn (peer, mp_withdraw?NULL:attr, packet);
1347 case SAFI_ENCAP:
1348 return bgp_nlri_parse_encap (peer, mp_withdraw?NULL:attr, packet);
1349 case SAFI_EVPN:
1350 return bgp_nlri_parse_evpn (peer, attr, packet, mp_withdraw);
1351 }
1352 return -1;
1353 }
1354
1355 /* Parse BGP Update packet and make attribute object. */
1356 static int
1357 bgp_update_receive (struct peer *peer, bgp_size_t size)
1358 {
1359 int ret, nlri_ret;
1360 u_char *end;
1361 struct stream *s;
1362 struct attr attr;
1363 struct attr_extra extra;
1364 bgp_size_t attribute_len;
1365 bgp_size_t update_len;
1366 bgp_size_t withdraw_len;
1367
1368 enum NLRI_TYPES {
1369 NLRI_UPDATE,
1370 NLRI_WITHDRAW,
1371 NLRI_MP_UPDATE,
1372 NLRI_MP_WITHDRAW,
1373 NLRI_TYPE_MAX
1374 };
1375 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1376
1377 /* Status must be Established. */
1378 if (peer->status != Established)
1379 {
1380 zlog_err ("%s [FSM] Update packet received under status %s",
1381 peer->host, LOOKUP (bgp_status_msg, peer->status));
1382 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1383 return -1;
1384 }
1385
1386 /* Set initial values. */
1387 memset (&attr, 0, sizeof (struct attr));
1388 memset (&extra, 0, sizeof (struct attr_extra));
1389 memset (&nlris, 0, sizeof (nlris));
1390 attr.extra = &extra;
1391 memset (peer->rcvd_attr_str, 0, BUFSIZ);
1392 peer->rcvd_attr_printed = 0;
1393
1394 s = peer->ibuf;
1395 end = stream_pnt (s) + size;
1396
1397 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1398 Length is too large (i.e., if Unfeasible Routes Length + Total
1399 Attribute Length + 23 exceeds the message Length), then the Error
1400 Subcode is set to Malformed Attribute List. */
1401 if (stream_pnt (s) + 2 > end)
1402 {
1403 zlog_err ("%s [Error] Update packet error"
1404 " (packet length is short for unfeasible length)",
1405 peer->host);
1406 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1407 BGP_NOTIFY_UPDATE_MAL_ATTR);
1408 return -1;
1409 }
1410
1411 /* Unfeasible Route Length. */
1412 withdraw_len = stream_getw (s);
1413
1414 /* Unfeasible Route Length check. */
1415 if (stream_pnt (s) + withdraw_len > end)
1416 {
1417 zlog_err ("%s [Error] Update packet error"
1418 " (packet unfeasible length overflow %d)",
1419 peer->host, withdraw_len);
1420 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1421 BGP_NOTIFY_UPDATE_MAL_ATTR);
1422 return -1;
1423 }
1424
1425 /* Unfeasible Route packet format check. */
1426 if (withdraw_len > 0)
1427 {
1428 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1429 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1430 nlris[NLRI_WITHDRAW].nlri = stream_pnt (s);
1431 nlris[NLRI_WITHDRAW].length = withdraw_len;
1432 stream_forward_getp (s, withdraw_len);
1433 }
1434
1435 /* Attribute total length check. */
1436 if (stream_pnt (s) + 2 > end)
1437 {
1438 zlog_warn ("%s [Error] Packet Error"
1439 " (update packet is short for attribute length)",
1440 peer->host);
1441 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1442 BGP_NOTIFY_UPDATE_MAL_ATTR);
1443 return -1;
1444 }
1445
1446 /* Fetch attribute total length. */
1447 attribute_len = stream_getw (s);
1448
1449 /* Attribute length check. */
1450 if (stream_pnt (s) + attribute_len > end)
1451 {
1452 zlog_warn ("%s [Error] Packet Error"
1453 " (update packet attribute length overflow %d)",
1454 peer->host, attribute_len);
1455 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1456 BGP_NOTIFY_UPDATE_MAL_ATTR);
1457 return -1;
1458 }
1459
1460 /* Certain attribute parsing errors should not be considered bad enough
1461 * to reset the session for, most particularly any partial/optional
1462 * attributes that have 'tunneled' over speakers that don't understand
1463 * them. Instead we withdraw only the prefix concerned.
1464 *
1465 * Complicates the flow a little though..
1466 */
1467 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1468 /* This define morphs the update case into a withdraw when lower levels
1469 * have signalled an error condition where this is best.
1470 */
1471 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1472
1473 /* Parse attribute when it exists. */
1474 if (attribute_len)
1475 {
1476 attr_parse_ret = bgp_attr_parse (peer, &attr, attribute_len,
1477 &nlris[NLRI_MP_UPDATE], &nlris[NLRI_MP_WITHDRAW]);
1478 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR)
1479 {
1480 bgp_attr_unintern_sub (&attr);
1481 return -1;
1482 }
1483 }
1484
1485 /* Logging the attribute. */
1486 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW ||
1487 BGP_DEBUG (update, UPDATE_IN) ||
1488 BGP_DEBUG (update, UPDATE_PREFIX))
1489 {
1490 ret = bgp_dump_attr (peer, &attr, peer->rcvd_attr_str, BUFSIZ);
1491
1492 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1493 zlog_err ("%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1494 peer->host);
1495
1496 if (ret && bgp_debug_update(peer, NULL, NULL, 1))
1497 {
1498 zlog_debug ("%s rcvd UPDATE w/ attr: %s", peer->host, peer->rcvd_attr_str);
1499 peer->rcvd_attr_printed = 1;
1500 }
1501 }
1502
1503 /* Network Layer Reachability Information. */
1504 update_len = end - stream_pnt (s);
1505
1506 if (update_len)
1507 {
1508 /* Set NLRI portion to structure. */
1509 nlris[NLRI_UPDATE].afi = AFI_IP;
1510 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1511 nlris[NLRI_UPDATE].nlri = stream_pnt (s);
1512 nlris[NLRI_UPDATE].length = update_len;
1513 stream_forward_getp (s, update_len);
1514 }
1515
1516 if (BGP_DEBUG (update, UPDATE_IN))
1517 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1518 peer->host, withdraw_len, attribute_len, update_len);
1519
1520 /* Parse any given NLRIs */
1521 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++)
1522 {
1523 if (!nlris[i].nlri)
1524 continue;
1525
1526 /* NLRI is processed iff the peer if configured for the specific afi/safi */
1527 if (!peer->afc[nlris[i].afi][nlris[i].safi])
1528 {
1529 zlog_info ("%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1530 peer->host, nlris[i].afi, nlris[i].safi);
1531 continue;
1532 }
1533
1534 /* EoR handled later */
1535 if (nlris[i].length == 0)
1536 continue;
1537
1538 switch (i)
1539 {
1540 case NLRI_UPDATE:
1541 case NLRI_MP_UPDATE:
1542 nlri_ret = bgp_nlri_parse (peer, NLRI_ATTR_ARG, &nlris[i], 0);
1543 break;
1544 case NLRI_WITHDRAW:
1545 case NLRI_MP_WITHDRAW:
1546 nlri_ret = bgp_nlri_parse (peer, &attr, &nlris[i], 1);
1547 break;
1548 default:
1549 nlri_ret = -1;
1550 }
1551
1552 if (nlri_ret < 0)
1553 {
1554 zlog_err("%s [Error] Error parsing NLRI", peer->host);
1555 if (peer->status == Established)
1556 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1557 i <= NLRI_WITHDRAW ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1558 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1559 bgp_attr_unintern_sub (&attr);
1560 return -1;
1561 }
1562 }
1563
1564 /* EoR checks
1565 *
1566 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1567 * and MP EoR should have only an empty MP_UNREACH
1568 */
1569 if (!update_len && !withdraw_len
1570 && nlris[NLRI_MP_UPDATE].length == 0)
1571 {
1572 afi_t afi = 0;
1573 safi_t safi;
1574
1575 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already checked
1576 * update and withdraw NLRI lengths are 0.
1577 */
1578 if (!attribute_len)
1579 {
1580 afi = AFI_IP;
1581 safi = SAFI_UNICAST;
1582 }
1583 else if (attr.flag & ATTR_FLAG_BIT (BGP_ATTR_MP_UNREACH_NLRI)
1584 && nlris[NLRI_MP_WITHDRAW].length == 0)
1585 {
1586 afi = nlris[NLRI_MP_WITHDRAW].afi;
1587 safi = nlris[NLRI_MP_WITHDRAW].safi;
1588 }
1589
1590 if (afi && peer->afc[afi][safi])
1591 {
1592 /* End-of-RIB received */
1593 if (!CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1594 {
1595 SET_FLAG (peer->af_sflags[afi][safi],
1596 PEER_STATUS_EOR_RECEIVED);
1597 bgp_update_explicit_eors(peer);
1598 }
1599
1600 /* NSF delete stale route */
1601 if (peer->nsf[afi][safi])
1602 bgp_clear_stale_route (peer, afi, safi);
1603
1604 if (bgp_debug_neighbor_events(peer))
1605 {
1606 zlog_debug ("rcvd End-of-RIB for %s from %s",
1607 afi_safi_print (afi, safi), peer->host);
1608 }
1609 }
1610 }
1611
1612 /* Everything is done. We unintern temporary structures which
1613 interned in bgp_attr_parse(). */
1614 bgp_attr_unintern_sub (&attr);
1615
1616 /* If peering is stopped due to some reason, do not generate BGP
1617 event. */
1618 if (peer->status != Established)
1619 return 0;
1620
1621 /* Increment packet counter. */
1622 peer->update_in++;
1623 peer->update_time = bgp_clock ();
1624
1625 /* Rearm holdtime timer */
1626 BGP_TIMER_OFF (peer->t_holdtime);
1627 bgp_timer_set (peer);
1628
1629 return 0;
1630 }
1631
1632 /* Notify message treatment function. */
1633 static void
1634 bgp_notify_receive (struct peer *peer, bgp_size_t size)
1635 {
1636 struct bgp_notify bgp_notify;
1637
1638 if (peer->notify.data)
1639 {
1640 XFREE (MTYPE_TMP, peer->notify.data);
1641 peer->notify.data = NULL;
1642 peer->notify.length = 0;
1643 }
1644
1645 bgp_notify.code = stream_getc (peer->ibuf);
1646 bgp_notify.subcode = stream_getc (peer->ibuf);
1647 bgp_notify.length = size - 2;
1648 bgp_notify.data = NULL;
1649
1650 /* Preserv notify code and sub code. */
1651 peer->notify.code = bgp_notify.code;
1652 peer->notify.subcode = bgp_notify.subcode;
1653 /* For further diagnostic record returned Data. */
1654 if (bgp_notify.length)
1655 {
1656 peer->notify.length = size - 2;
1657 peer->notify.data = XMALLOC (MTYPE_TMP, size - 2);
1658 memcpy (peer->notify.data, stream_pnt (peer->ibuf), size - 2);
1659 }
1660
1661 /* For debug */
1662 {
1663 int i;
1664 int first = 0;
1665 char c[4];
1666
1667 if (bgp_notify.length)
1668 {
1669 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
1670 for (i = 0; i < bgp_notify.length; i++)
1671 if (first)
1672 {
1673 sprintf (c, " %02x", stream_getc (peer->ibuf));
1674 strcat (bgp_notify.data, c);
1675 }
1676 else
1677 {
1678 first = 1;
1679 sprintf (c, "%02x", stream_getc (peer->ibuf));
1680 strcpy (bgp_notify.data, c);
1681 }
1682 bgp_notify.raw_data = (u_char*)peer->notify.data;
1683 }
1684
1685 bgp_notify_print(peer, &bgp_notify, "received");
1686 if (bgp_notify.data)
1687 {
1688 XFREE (MTYPE_TMP, bgp_notify.data);
1689 bgp_notify.data = NULL;
1690 bgp_notify.length = 0;
1691 }
1692 }
1693
1694 /* peer count update */
1695 peer->notify_in++;
1696
1697 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1698
1699 /* We have to check for Notify with Unsupported Optional Parameter.
1700 in that case we fallback to open without the capability option.
1701 But this done in bgp_stop. We just mark it here to avoid changing
1702 the fsm tables. */
1703 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR &&
1704 bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM )
1705 UNSET_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1706
1707 BGP_EVENT_ADD (peer, Receive_NOTIFICATION_message);
1708 }
1709
1710 /* Keepalive treatment function -- get keepalive send keepalive */
1711 static void
1712 bgp_keepalive_receive (struct peer *peer, bgp_size_t size)
1713 {
1714 if (bgp_debug_keepalive(peer))
1715 zlog_debug ("%s KEEPALIVE rcvd", peer->host);
1716
1717 BGP_EVENT_ADD (peer, Receive_KEEPALIVE_message);
1718 }
1719
1720 /* Route refresh message is received. */
1721 static void
1722 bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
1723 {
1724 iana_afi_t pkt_afi;
1725 afi_t afi;
1726 safi_t pkt_safi, safi;
1727 struct stream *s;
1728 struct peer_af *paf;
1729 struct update_group *updgrp;
1730 struct peer *updgrp_peer;
1731
1732 /* If peer does not have the capability, send notification. */
1733 if (! CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_ADV))
1734 {
1735 zlog_err ("%s [Error] BGP route refresh is not enabled",
1736 peer->host);
1737 bgp_notify_send (peer,
1738 BGP_NOTIFY_HEADER_ERR,
1739 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1740 return;
1741 }
1742
1743 /* Status must be Established. */
1744 if (peer->status != Established)
1745 {
1746 zlog_err ("%s [Error] Route refresh packet received under status %s",
1747 peer->host, LOOKUP (bgp_status_msg, peer->status));
1748 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1749 return;
1750 }
1751
1752 s = peer->ibuf;
1753
1754 /* Parse packet. */
1755 pkt_afi = stream_getw (s);
1756 (void)stream_getc (s);
1757 pkt_safi = stream_getc (s);
1758
1759 if (bgp_debug_update(peer, NULL, NULL, 0))
1760 zlog_debug ("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1761 peer->host, pkt_afi, pkt_safi);
1762
1763 /* Convert AFI, SAFI to internal values and check. */
1764 if (bgp_map_afi_safi_iana2int (pkt_afi, pkt_safi, &afi, &safi))
1765 {
1766 zlog_info ("%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1767 peer->host, pkt_afi, pkt_safi);
1768 return;
1769 }
1770
1771 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1772 {
1773 u_char *end;
1774 u_char when_to_refresh;
1775 u_char orf_type;
1776 u_int16_t orf_len;
1777
1778 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) < 5)
1779 {
1780 zlog_info ("%s ORF route refresh length error", peer->host);
1781 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1782 return;
1783 }
1784
1785 when_to_refresh = stream_getc (s);
1786 end = stream_pnt (s) + (size - 5);
1787
1788 while ((stream_pnt (s) + 2) < end)
1789 {
1790 orf_type = stream_getc (s);
1791 orf_len = stream_getw (s);
1792
1793 /* orf_len in bounds? */
1794 if ((stream_pnt (s) + orf_len) > end)
1795 break; /* XXX: Notify instead?? */
1796 if (orf_type == ORF_TYPE_PREFIX
1797 || orf_type == ORF_TYPE_PREFIX_OLD)
1798 {
1799 uint8_t *p_pnt = stream_pnt (s);
1800 uint8_t *p_end = stream_pnt (s) + orf_len;
1801 struct orf_prefix orfp;
1802 u_char common = 0;
1803 u_int32_t seq;
1804 int psize;
1805 char name[BUFSIZ];
1806 int ret = CMD_SUCCESS;
1807
1808 if (bgp_debug_neighbor_events(peer))
1809 {
1810 zlog_debug ("%s rcvd Prefixlist ORF(%d) length %d",
1811 peer->host, orf_type, orf_len);
1812 }
1813
1814 /* we're going to read at least 1 byte of common ORF header,
1815 * and 7 bytes of ORF Address-filter entry from the stream
1816 */
1817 if (orf_len < 7)
1818 break;
1819
1820 /* ORF prefix-list name */
1821 sprintf (name, "%s.%d.%d", peer->host, afi, safi);
1822
1823 while (p_pnt < p_end)
1824 {
1825 /* If the ORF entry is malformed, want to read as much of it
1826 * as possible without going beyond the bounds of the entry,
1827 * to maximise debug information.
1828 */
1829 int ok;
1830 memset (&orfp, 0, sizeof (struct orf_prefix));
1831 common = *p_pnt++;
1832 /* after ++: p_pnt <= p_end */
1833 if (common & ORF_COMMON_PART_REMOVE_ALL)
1834 {
1835 if (bgp_debug_neighbor_events(peer))
1836 zlog_debug ("%s rcvd Remove-All pfxlist ORF request", peer->host);
1837 prefix_bgp_orf_remove_all (afi, name);
1838 break;
1839 }
1840 ok = ((u_int32_t)(p_end - p_pnt) >= sizeof(u_int32_t)) ;
1841 if (ok)
1842 {
1843 memcpy (&seq, p_pnt, sizeof (u_int32_t));
1844 p_pnt += sizeof (u_int32_t);
1845 orfp.seq = ntohl (seq);
1846 }
1847 else
1848 p_pnt = p_end ;
1849
1850 if ((ok = (p_pnt < p_end)))
1851 orfp.ge = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1852 if ((ok = (p_pnt < p_end)))
1853 orfp.le = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1854 if ((ok = (p_pnt < p_end)))
1855 orfp.p.prefixlen = *p_pnt++ ;
1856 orfp.p.family = afi2family (afi); /* afi checked already */
1857
1858 psize = PSIZE (orfp.p.prefixlen); /* 0 if not ok */
1859 if (psize > prefix_blen(&orfp.p)) /* valid for family ? */
1860 {
1861 ok = 0 ;
1862 psize = prefix_blen(&orfp.p) ;
1863 }
1864 if (psize > (p_end - p_pnt)) /* valid for packet ? */
1865 {
1866 ok = 0 ;
1867 psize = p_end - p_pnt ;
1868 }
1869
1870 if (psize > 0)
1871 memcpy (&orfp.p.u.prefix, p_pnt, psize);
1872 p_pnt += psize;
1873
1874 if (bgp_debug_neighbor_events(peer))
1875 {
1876 char buf[INET6_BUFSIZ];
1877
1878 zlog_debug ("%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1879 peer->host,
1880 (common & ORF_COMMON_PART_REMOVE ? "Remove" : "Add"),
1881 (common & ORF_COMMON_PART_DENY ? "deny" : "permit"),
1882 orfp.seq,
1883 inet_ntop (orfp.p.family, &orfp.p.u.prefix, buf, INET6_BUFSIZ),
1884 orfp.p.prefixlen, orfp.ge, orfp.le,
1885 ok ? "" : " MALFORMED");
1886 }
1887
1888 if (ok)
1889 ret = prefix_bgp_orf_set (name, afi, &orfp,
1890 (common & ORF_COMMON_PART_DENY ? 0 : 1 ),
1891 (common & ORF_COMMON_PART_REMOVE ? 0 : 1));
1892
1893 if (!ok || (ok && ret != CMD_SUCCESS))
1894 {
1895 zlog_info ("%s Received misformatted prefixlist ORF."
1896 " Remove All pfxlist", peer->host);
1897 prefix_bgp_orf_remove_all (afi, name);
1898 break;
1899 }
1900 }
1901
1902 peer->orf_plist[afi][safi] = prefix_bgp_orf_lookup (afi, name);
1903 }
1904 stream_forward_getp (s, orf_len);
1905 }
1906 if (bgp_debug_neighbor_events(peer))
1907 zlog_debug ("%s rcvd Refresh %s ORF request", peer->host,
1908 when_to_refresh == REFRESH_DEFER ? "Defer" : "Immediate");
1909 if (when_to_refresh == REFRESH_DEFER)
1910 return;
1911 }
1912
1913 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1914 if (CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH))
1915 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH);
1916
1917 paf = peer_af_find (peer, afi, safi);
1918 if (paf && paf->subgroup)
1919 {
1920 if (peer->orf_plist[afi][safi])
1921 {
1922 updgrp = PAF_UPDGRP(paf);
1923 updgrp_peer = UPDGRP_PEER(updgrp);
1924 updgrp_peer->orf_plist[afi][safi] = peer->orf_plist[afi][safi];
1925 }
1926
1927 /* If the peer is configured for default-originate clear the
1928 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
1929 * default
1930 */
1931 if (CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
1932 UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
1933 }
1934
1935 /* Perform route refreshment to the peer */
1936 bgp_announce_route (peer, afi, safi);
1937 }
1938
1939 static int
1940 bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
1941 {
1942 u_char *end;
1943 struct capability_mp_data mpc;
1944 struct capability_header *hdr;
1945 u_char action;
1946 iana_afi_t pkt_afi;
1947 afi_t afi;
1948 safi_t pkt_safi, safi;
1949
1950 end = pnt + length;
1951
1952 while (pnt < end)
1953 {
1954 /* We need at least action, capability code and capability length. */
1955 if (pnt + 3 > end)
1956 {
1957 zlog_info ("%s Capability length error", peer->host);
1958 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1959 return -1;
1960 }
1961 action = *pnt;
1962 hdr = (struct capability_header *)(pnt + 1);
1963
1964 /* Action value check. */
1965 if (action != CAPABILITY_ACTION_SET
1966 && action != CAPABILITY_ACTION_UNSET)
1967 {
1968 zlog_info ("%s Capability Action Value error %d",
1969 peer->host, action);
1970 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1971 return -1;
1972 }
1973
1974 if (bgp_debug_neighbor_events(peer))
1975 zlog_debug ("%s CAPABILITY has action: %d, code: %u, length %u",
1976 peer->host, action, hdr->code, hdr->length);
1977
1978 /* Capability length check. */
1979 if ((pnt + hdr->length + 3) > end)
1980 {
1981 zlog_info ("%s Capability length error", peer->host);
1982 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1983 return -1;
1984 }
1985
1986 /* Fetch structure to the byte stream. */
1987 memcpy (&mpc, pnt + 3, sizeof (struct capability_mp_data));
1988
1989 /* We know MP Capability Code. */
1990 if (hdr->code == CAPABILITY_CODE_MP)
1991 {
1992 pkt_afi = ntohs (mpc.afi);
1993 pkt_safi = mpc.safi;
1994
1995 /* Ignore capability when override-capability is set. */
1996 if (CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1997 continue;
1998
1999 /* Convert AFI, SAFI to internal values. */
2000 if (bgp_map_afi_safi_iana2int (pkt_afi, pkt_safi, &afi, &safi))
2001 {
2002 if (bgp_debug_neighbor_events(peer))
2003 zlog_debug ("%s Dynamic Capability MP_EXT afi/safi invalid "
2004 "(%u/%u)", peer->host, pkt_afi, pkt_safi);
2005 continue;
2006 }
2007
2008 /* Address family check. */
2009 if (bgp_debug_neighbor_events(peer))
2010 zlog_debug ("%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2011 peer->host,
2012 action == CAPABILITY_ACTION_SET
2013 ? "Advertising" : "Removing",
2014 pkt_afi, pkt_safi);
2015
2016 if (action == CAPABILITY_ACTION_SET)
2017 {
2018 peer->afc_recv[afi][safi] = 1;
2019 if (peer->afc[afi][safi])
2020 {
2021 peer->afc_nego[afi][safi] = 1;
2022 bgp_announce_route (peer, afi, safi);
2023 }
2024 }
2025 else
2026 {
2027 peer->afc_recv[afi][safi] = 0;
2028 peer->afc_nego[afi][safi] = 0;
2029
2030 if (peer_active_nego (peer))
2031 bgp_clear_route (peer, afi, safi);
2032 else
2033 BGP_EVENT_ADD (peer, BGP_Stop);
2034 }
2035 }
2036 else
2037 {
2038 zlog_warn ("%s unrecognized capability code: %d - ignored",
2039 peer->host, hdr->code);
2040 }
2041 pnt += hdr->length + 3;
2042 }
2043 return 0;
2044 }
2045
2046 /* Dynamic Capability is received.
2047 *
2048 * This is exported for unit-test purposes
2049 */
2050 int
2051 bgp_capability_receive (struct peer *peer, bgp_size_t size)
2052 {
2053 u_char *pnt;
2054
2055 /* Fetch pointer. */
2056 pnt = stream_pnt (peer->ibuf);
2057
2058 if (bgp_debug_neighbor_events(peer))
2059 zlog_debug ("%s rcv CAPABILITY", peer->host);
2060
2061 /* If peer does not have the capability, send notification. */
2062 if (! CHECK_FLAG (peer->cap, PEER_CAP_DYNAMIC_ADV))
2063 {
2064 zlog_err ("%s [Error] BGP dynamic capability is not enabled",
2065 peer->host);
2066 bgp_notify_send (peer,
2067 BGP_NOTIFY_HEADER_ERR,
2068 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2069 return -1;
2070 }
2071
2072 /* Status must be Established. */
2073 if (peer->status != Established)
2074 {
2075 zlog_err ("%s [Error] Dynamic capability packet received under status %s",
2076 peer->host, LOOKUP (bgp_status_msg, peer->status));
2077 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
2078 return -1;
2079 }
2080
2081 /* Parse packet. */
2082 return bgp_capability_msg_parse (peer, pnt, size);
2083 }
2084
2085 /* BGP read utility function. */
2086 static int
2087 bgp_read_packet (struct peer *peer)
2088 {
2089 int nbytes;
2090 int readsize;
2091
2092 readsize = peer->packet_size - stream_get_endp (peer->ibuf);
2093
2094 /* If size is zero then return. */
2095 if (! readsize)
2096 return 0;
2097
2098 /* Read packet from fd. */
2099 nbytes = stream_read_try (peer->ibuf, peer->fd, readsize);
2100
2101 /* If read byte is smaller than zero then error occured. */
2102 if (nbytes < 0)
2103 {
2104 /* Transient error should retry */
2105 if (nbytes == -2)
2106 return -1;
2107
2108 zlog_err ("%s [Error] bgp_read_packet error: %s",
2109 peer->host, safe_strerror (errno));
2110
2111 if (peer->status == Established)
2112 {
2113 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2114 {
2115 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2116 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2117 }
2118 else
2119 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2120 }
2121
2122 BGP_EVENT_ADD (peer, TCP_fatal_error);
2123 return -1;
2124 }
2125
2126 /* When read byte is zero : clear bgp peer and return */
2127 if (nbytes == 0)
2128 {
2129 if (bgp_debug_neighbor_events(peer))
2130 zlog_debug ("%s [Event] BGP connection closed fd %d",
2131 peer->host, peer->fd);
2132
2133 if (peer->status == Established)
2134 {
2135 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2136 {
2137 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2138 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2139 }
2140 else
2141 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2142 }
2143
2144 BGP_EVENT_ADD (peer, TCP_connection_closed);
2145 return -1;
2146 }
2147
2148 /* We read partial packet. */
2149 if (stream_get_endp (peer->ibuf) != peer->packet_size)
2150 return -1;
2151
2152 return 0;
2153 }
2154
2155 /* Marker check. */
2156 static int
2157 bgp_marker_all_one (struct stream *s, int length)
2158 {
2159 int i;
2160
2161 for (i = 0; i < length; i++)
2162 if (s->data[i] != 0xff)
2163 return 0;
2164
2165 return 1;
2166 }
2167
2168 /* Starting point of packet process function. */
2169 int
2170 bgp_read (struct thread *thread)
2171 {
2172 int ret;
2173 u_char type = 0;
2174 struct peer *peer;
2175 bgp_size_t size;
2176 char notify_data_length[2];
2177 u_int32_t notify_out;
2178
2179 /* Yes first of all get peer pointer. */
2180 peer = THREAD_ARG (thread);
2181 peer->t_read = NULL;
2182
2183 /* Note notify_out so we can check later to see if we sent another one */
2184 notify_out = peer->notify_out;
2185
2186 /* For non-blocking IO check. */
2187 if (peer->status == Connect)
2188 {
2189 bgp_connect_check (peer, 1);
2190 goto done;
2191 }
2192 else
2193 {
2194 if (peer->fd < 0)
2195 {
2196 zlog_err ("bgp_read peer's fd is negative value %d", peer->fd);
2197 return -1;
2198 }
2199 BGP_READ_ON (peer->t_read, bgp_read, peer->fd);
2200 }
2201
2202 /* Read packet header to determine type of the packet */
2203 if (peer->packet_size == 0)
2204 peer->packet_size = BGP_HEADER_SIZE;
2205
2206 if (stream_get_endp (peer->ibuf) < BGP_HEADER_SIZE)
2207 {
2208 ret = bgp_read_packet (peer);
2209
2210 /* Header read error or partial read packet. */
2211 if (ret < 0)
2212 goto done;
2213
2214 /* Get size and type. */
2215 stream_forward_getp (peer->ibuf, BGP_MARKER_SIZE);
2216 memcpy (notify_data_length, stream_pnt (peer->ibuf), 2);
2217 size = stream_getw (peer->ibuf);
2218 type = stream_getc (peer->ibuf);
2219
2220 /* Marker check */
2221 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2222 && ! bgp_marker_all_one (peer->ibuf, BGP_MARKER_SIZE))
2223 {
2224 bgp_notify_send (peer,
2225 BGP_NOTIFY_HEADER_ERR,
2226 BGP_NOTIFY_HEADER_NOT_SYNC);
2227 goto done;
2228 }
2229
2230 /* BGP type check. */
2231 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2232 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2233 && type != BGP_MSG_ROUTE_REFRESH_NEW
2234 && type != BGP_MSG_ROUTE_REFRESH_OLD
2235 && type != BGP_MSG_CAPABILITY)
2236 {
2237 if (bgp_debug_neighbor_events(peer))
2238 zlog_debug ("%s unknown message type 0x%02x",
2239 peer->host, type);
2240 bgp_notify_send_with_data (peer,
2241 BGP_NOTIFY_HEADER_ERR,
2242 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2243 &type, 1);
2244 goto done;
2245 }
2246 /* Mimimum packet length check. */
2247 if ((size < BGP_HEADER_SIZE)
2248 || (size > BGP_MAX_PACKET_SIZE)
2249 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2250 || (type == BGP_MSG_UPDATE && size < BGP_MSG_UPDATE_MIN_SIZE)
2251 || (type == BGP_MSG_NOTIFY && size < BGP_MSG_NOTIFY_MIN_SIZE)
2252 || (type == BGP_MSG_KEEPALIVE && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2253 || (type == BGP_MSG_ROUTE_REFRESH_NEW && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2254 || (type == BGP_MSG_ROUTE_REFRESH_OLD && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2255 || (type == BGP_MSG_CAPABILITY && size < BGP_MSG_CAPABILITY_MIN_SIZE))
2256 {
2257 if (bgp_debug_neighbor_events(peer))
2258 zlog_debug ("%s bad message length - %d for %s",
2259 peer->host, size,
2260 type == 128 ? "ROUTE-REFRESH" :
2261 bgp_type_str[(int) type]);
2262 bgp_notify_send_with_data (peer,
2263 BGP_NOTIFY_HEADER_ERR,
2264 BGP_NOTIFY_HEADER_BAD_MESLEN,
2265 (u_char *) notify_data_length, 2);
2266 goto done;
2267 }
2268
2269 /* Adjust size to message length. */
2270 peer->packet_size = size;
2271 }
2272
2273 ret = bgp_read_packet (peer);
2274 if (ret < 0)
2275 goto done;
2276
2277 /* Get size and type again. */
2278 (void)stream_getw_from (peer->ibuf, BGP_MARKER_SIZE);
2279 type = stream_getc_from (peer->ibuf, BGP_MARKER_SIZE + 2);
2280
2281 /* BGP packet dump function. */
2282 bgp_dump_packet (peer, type, peer->ibuf);
2283
2284 size = (peer->packet_size - BGP_HEADER_SIZE);
2285
2286 /* Read rest of the packet and call each sort of packet routine */
2287 switch (type)
2288 {
2289 case BGP_MSG_OPEN:
2290 peer->open_in++;
2291 bgp_open_receive (peer, size); /* XXX return value ignored! */
2292 break;
2293 case BGP_MSG_UPDATE:
2294 peer->readtime = monotime (NULL);
2295 bgp_update_receive (peer, size);
2296 break;
2297 case BGP_MSG_NOTIFY:
2298 bgp_notify_receive (peer, size);
2299 break;
2300 case BGP_MSG_KEEPALIVE:
2301 peer->readtime = monotime (NULL);
2302 bgp_keepalive_receive (peer, size);
2303 break;
2304 case BGP_MSG_ROUTE_REFRESH_NEW:
2305 case BGP_MSG_ROUTE_REFRESH_OLD:
2306 peer->refresh_in++;
2307 bgp_route_refresh_receive (peer, size);
2308 break;
2309 case BGP_MSG_CAPABILITY:
2310 peer->dynamic_cap_in++;
2311 bgp_capability_receive (peer, size);
2312 break;
2313 }
2314
2315 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2316 * of the packet for troubleshooting purposes
2317 */
2318 if (notify_out < peer->notify_out)
2319 {
2320 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2321 peer->last_reset_cause_size = peer->packet_size;
2322 notify_out = peer->notify_out;
2323 }
2324
2325 /* Clear input buffer. */
2326 peer->packet_size = 0;
2327 if (peer->ibuf)
2328 stream_reset (peer->ibuf);
2329
2330 done:
2331 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2332 * of the packet for troubleshooting purposes
2333 */
2334 if (notify_out < peer->notify_out)
2335 {
2336 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2337 peer->last_reset_cause_size = peer->packet_size;
2338 }
2339
2340 return 0;
2341 }
FRRouting mirror