]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:


9e813746945b492c0b0a52c302ca7db442045fcb
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 Copyright (C) 1999 Kunihiro Ishiguro
3
4 This file is part of GNU Zebra.
5
6 GNU Zebra is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the Free
18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 02111-1307, USA. */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "stream.h"
25 #include "network.h"
26 #include "prefix.h"
27 #include "command.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "sockunion.h" /* for inet_ntop () */
31 #include "sockopt.h"
32 #include "linklist.h"
33 #include "plist.h"
34 #include "queue.h"
35 #include "filter.h"
36
37 #include "bgpd/bgpd.h"
38 #include "bgpd/bgp_table.h"
39 #include "bgpd/bgp_dump.h"
40 #include "bgpd/bgp_attr.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_fsm.h"
43 #include "bgpd/bgp_route.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_open.h"
46 #include "bgpd/bgp_aspath.h"
47 #include "bgpd/bgp_community.h"
48 #include "bgpd/bgp_ecommunity.h"
49 #include "bgpd/bgp_lcommunity.h"
50 #include "bgpd/bgp_network.h"
51 #include "bgpd/bgp_mplsvpn.h"
52 #include "bgpd/bgp_evpn.h"
53 #include "bgpd/bgp_encap.h"
54 #include "bgpd/bgp_evpn.h"
55 #include "bgpd/bgp_advertise.h"
56 #include "bgpd/bgp_vty.h"
57 #include "bgpd/bgp_updgrp.h"
58
59 /* Set up BGP packet marker and packet type. */
60 int
61 bgp_packet_set_marker (struct stream *s, u_char type)
62 {
63 int i;
64
65 /* Fill in marker. */
66 for (i = 0; i < BGP_MARKER_SIZE; i++)
67 stream_putc (s, 0xff);
68
69 /* Dummy total length. This field is should be filled in later on. */
70 stream_putw (s, 0);
71
72 /* BGP packet type. */
73 stream_putc (s, type);
74
75 /* Return current stream size. */
76 return stream_get_endp (s);
77 }
78
79 /* Set BGP packet header size entry. If size is zero then use current
80 stream size. */
81 int
82 bgp_packet_set_size (struct stream *s)
83 {
84 int cp;
85
86 /* Preserve current pointer. */
87 cp = stream_get_endp (s);
88 stream_putw_at (s, BGP_MARKER_SIZE, cp);
89
90 return cp;
91 }
92
93 /* Add new packet to the peer. */
94 void
95 bgp_packet_add (struct peer *peer, struct stream *s)
96 {
97 /* Add packet to the end of list. */
98 stream_fifo_push (peer->obuf, s);
99 }
100
101 /* Free first packet. */
102 static void
103 bgp_packet_delete (struct peer *peer)
104 {
105 stream_free (stream_fifo_pop (peer->obuf));
106 }
107
108 /* Check file descriptor whether connect is established. */
109 int
110 bgp_connect_check (struct peer *peer, int change_state)
111 {
112 int status;
113 socklen_t slen;
114 int ret;
115
116 /* Anyway I have to reset read and write thread. */
117 BGP_READ_OFF (peer->t_read);
118 BGP_WRITE_OFF (peer->t_write);
119
120 /* Check file descriptor. */
121 slen = sizeof (status);
122 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *) &status, &slen);
123
124 /* If getsockopt is fail, this is fatal error. */
125 if (ret < 0)
126 {
127 zlog_info ("can't get sockopt for nonblocking connect");
128 BGP_EVENT_ADD (peer, TCP_fatal_error);
129 return -1;
130 }
131
132 /* When status is 0 then TCP connection is established. */
133 if (status == 0)
134 {
135 BGP_EVENT_ADD (peer, TCP_connection_open);
136 return 1;
137 }
138 else
139 {
140 if (bgp_debug_neighbor_events(peer))
141 zlog_debug ("%s [Event] Connect failed (%s)",
142 peer->host, safe_strerror (errno));
143 if (change_state)
144 BGP_EVENT_ADD (peer, TCP_connection_open_failed);
145 return 0;
146 }
147 }
148
149 static struct stream *
150 bgp_update_packet_eor (struct peer *peer, afi_t afi, safi_t safi)
151 {
152 struct stream *s;
153 iana_afi_t pkt_afi;
154 safi_t pkt_safi;
155
156 if (DISABLE_BGP_ANNOUNCE)
157 return NULL;
158
159 if (bgp_debug_neighbor_events(peer))
160 zlog_debug ("send End-of-RIB for %s to %s", afi_safi_print (afi, safi), peer->host);
161
162 s = stream_new (BGP_MAX_PACKET_SIZE);
163
164 /* Make BGP update packet. */
165 bgp_packet_set_marker (s, BGP_MSG_UPDATE);
166
167 /* Unfeasible Routes Length */
168 stream_putw (s, 0);
169
170 if (afi == AFI_IP && safi == SAFI_UNICAST)
171 {
172 /* Total Path Attribute Length */
173 stream_putw (s, 0);
174 }
175 else
176 {
177 /* Convert AFI, SAFI to values for packet. */
178 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
179
180 /* Total Path Attribute Length */
181 stream_putw (s, 6);
182 stream_putc (s, BGP_ATTR_FLAG_OPTIONAL);
183 stream_putc (s, BGP_ATTR_MP_UNREACH_NLRI);
184 stream_putc (s, 3);
185 stream_putw (s, pkt_afi);
186 stream_putc (s, pkt_safi);
187 }
188
189 bgp_packet_set_size (s);
190 bgp_packet_add (peer, s);
191 return s;
192 }
193
194 /* Get next packet to be written. */
195 static struct stream *
196 bgp_write_packet (struct peer *peer)
197 {
198 struct stream *s = NULL;
199 struct peer_af *paf;
200 struct bpacket *next_pkt;
201 afi_t afi;
202 safi_t safi;
203
204 s = stream_fifo_head (peer->obuf);
205 if (s)
206 return s;
207
208 /*
209 * The code beyond this part deals with update packets, proceed only
210 * if peer is Established and updates are not on hold (as part of
211 * update-delay post processing).
212 */
213 if (peer->status != Established)
214 return NULL;
215
216 if (peer->bgp && peer->bgp->main_peers_update_hold)
217 return NULL;
218
219 for (afi = AFI_IP; afi < AFI_MAX; afi++)
220 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
221 {
222 paf = peer_af_find (peer, afi, safi);
223 if (!paf || !PAF_SUBGRP(paf))
224 continue;
225 next_pkt = paf->next_pkt_to_send;
226
227 /* Try to generate a packet for the peer if we are at the end of
228 * the list. Always try to push out WITHDRAWs first. */
229 if (!next_pkt || !next_pkt->buffer)
230 {
231 next_pkt = subgroup_withdraw_packet(PAF_SUBGRP(paf));
232 if (!next_pkt || !next_pkt->buffer)
233 subgroup_update_packet (PAF_SUBGRP(paf));
234 next_pkt = paf->next_pkt_to_send;
235 }
236
237 /* If we still don't have a packet to send to the peer, then
238 * try to find out out if we have to send eor or if not, skip to
239 * the next AFI, SAFI.
240 * Don't send the EOR prematurely... if the subgroup's coalesce
241 * timer is running, the adjacency-out structure is not created
242 * yet.
243 */
244 if (!next_pkt || !next_pkt->buffer)
245 {
246 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
247 {
248 if (!(PAF_SUBGRP(paf))->t_coalesce &&
249 peer->afc_nego[afi][safi] && peer->synctime
250 && ! CHECK_FLAG (peer->af_sflags[afi][safi],
251 PEER_STATUS_EOR_SEND)
252 && safi != SAFI_EVPN)
253 {
254 SET_FLAG (peer->af_sflags[afi][safi],
255 PEER_STATUS_EOR_SEND);
256 return bgp_update_packet_eor (peer, afi, safi);
257 }
258 }
259 continue;
260 }
261
262
263 /*
264 * Found a packet template to send, overwrite packet with appropriate
265 * attributes from peer and advance peer
266 */
267 s = bpacket_reformat_for_peer (next_pkt, paf);
268 bpacket_queue_advance_peer (paf);
269 return s;
270 }
271
272 return NULL;
273 }
274
275 /* The next action for the peer from a write perspective */
276 static void
277 bgp_write_proceed_actions (struct peer *peer)
278 {
279 afi_t afi;
280 safi_t safi;
281 struct peer_af *paf;
282 struct bpacket *next_pkt;
283 int fullq_found = 0;
284 struct update_subgroup *subgrp;
285
286 if (stream_fifo_head (peer->obuf))
287 {
288 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
289 return;
290 }
291
292 for (afi = AFI_IP; afi < AFI_MAX; afi++)
293 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
294 {
295 paf = peer_af_find (peer, afi, safi);
296 if (!paf)
297 continue;
298 subgrp = paf->subgroup;
299 if (!subgrp)
300 continue;
301
302 next_pkt = paf->next_pkt_to_send;
303 if (next_pkt && next_pkt->buffer)
304 {
305 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
306 return;
307 }
308
309 /* No packets readily available for AFI/SAFI, are there subgroup packets
310 * that need to be generated? */
311 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
312 SUBGRP_PKTQ(subgrp)))
313 fullq_found = 1;
314 else if (subgroup_packets_to_build (subgrp))
315 {
316 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
317 return;
318 }
319
320 /* No packets to send, see if EOR is pending */
321 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
322 {
323 if (!subgrp->t_coalesce &&
324 peer->afc_nego[afi][safi] &&
325 peer->synctime &&
326 !CHECK_FLAG(peer->af_sflags[afi][safi],
327 PEER_STATUS_EOR_SEND) &&
328 safi != SAFI_MPLS_VPN)
329 {
330 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
331 return;
332 }
333
334 }
335 }
336 if (fullq_found)
337 {
338 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
339 return;
340 }
341 }
342
343 /* Write packet to the peer. */
344 int
345 bgp_write (struct thread *thread)
346 {
347 struct peer *peer;
348 u_char type;
349 struct stream *s;
350 int num;
351 int update_last_write = 0;
352 unsigned int count = 0;
353 unsigned int oc = 0;
354
355 /* Yes first of all get peer pointer. */
356 peer = THREAD_ARG (thread);
357 peer->t_write = NULL;
358
359 /* For non-blocking IO check. */
360 if (peer->status == Connect)
361 {
362 bgp_connect_check (peer, 1);
363 return 0;
364 }
365
366 s = bgp_write_packet (peer);
367 if (!s)
368 {
369 bgp_write_proceed_actions (peer);
370 return 0;
371 }
372
373 sockopt_cork (peer->fd, 1);
374
375 oc = peer->update_out;
376
377 /* Nonblocking write until TCP output buffer is full. */
378 do
379 {
380 int writenum;
381
382 /* Number of bytes to be sent. */
383 writenum = stream_get_endp (s) - stream_get_getp (s);
384
385 /* Call write() system call. */
386 num = write (peer->fd, STREAM_PNT (s), writenum);
387 if (num < 0)
388 {
389 /* write failed either retry needed or error */
390 if (ERRNO_IO_RETRY(errno))
391 break;
392
393 BGP_EVENT_ADD (peer, TCP_fatal_error);
394 return 0;
395 }
396
397 if (num != writenum)
398 {
399 /* Partial write */
400 stream_forward_getp (s, num);
401 break;
402 }
403
404 /* Retrieve BGP packet type. */
405 stream_set_getp (s, BGP_MARKER_SIZE + 2);
406 type = stream_getc (s);
407
408 switch (type)
409 {
410 case BGP_MSG_OPEN:
411 peer->open_out++;
412 break;
413 case BGP_MSG_UPDATE:
414 peer->update_out++;
415 break;
416 case BGP_MSG_NOTIFY:
417 peer->notify_out++;
418 /* Double start timer. */
419 peer->v_start *= 2;
420
421 /* Overflow check. */
422 if (peer->v_start >= (60 * 2))
423 peer->v_start = (60 * 2);
424
425 /* Flush any existing events */
426 BGP_EVENT_ADD (peer, BGP_Stop);
427 goto done;
428
429 case BGP_MSG_KEEPALIVE:
430 peer->keepalive_out++;
431 break;
432 case BGP_MSG_ROUTE_REFRESH_NEW:
433 case BGP_MSG_ROUTE_REFRESH_OLD:
434 peer->refresh_out++;
435 break;
436 case BGP_MSG_CAPABILITY:
437 peer->dynamic_cap_out++;
438 break;
439 }
440
441 /* OK we send packet so delete it. */
442 bgp_packet_delete (peer);
443 update_last_write = 1;
444 }
445 while (++count < peer->bgp->wpkt_quanta &&
446 (s = bgp_write_packet (peer)) != NULL);
447
448 bgp_write_proceed_actions (peer);
449
450 done:
451 /* Update last_update if UPDATEs were written. */
452 if (peer->update_out > oc)
453 peer->last_update = bgp_clock ();
454
455 /* If we TXed any flavor of packet update last_write */
456 if (update_last_write)
457 peer->last_write = bgp_clock ();
458
459 sockopt_cork (peer->fd, 0);
460 return 0;
461 }
462
463 /* This is only for sending NOTIFICATION message to neighbor. */
464 static int
465 bgp_write_notify (struct peer *peer)
466 {
467 int ret, val;
468 u_char type;
469 struct stream *s;
470
471 /* There should be at least one packet. */
472 s = stream_fifo_head (peer->obuf);
473 if (!s)
474 return 0;
475 assert (stream_get_endp (s) >= BGP_HEADER_SIZE);
476
477 /* Stop collecting data within the socket */
478 sockopt_cork (peer->fd, 0);
479
480 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
481 * we only care about getting a clean shutdown at this point. */
482 ret = write (peer->fd, STREAM_DATA (s), stream_get_endp (s));
483
484 /* only connection reset/close gets counted as TCP_fatal_error, failure
485 * to write the entire NOTIFY doesn't get different FSM treatment */
486 if (ret <= 0)
487 {
488 BGP_EVENT_ADD (peer, TCP_fatal_error);
489 return 0;
490 }
491
492 /* Disable Nagle, make NOTIFY packet go out right away */
493 val = 1;
494 (void) setsockopt (peer->fd, IPPROTO_TCP, TCP_NODELAY,
495 (char *) &val, sizeof (val));
496
497 /* Retrieve BGP packet type. */
498 stream_set_getp (s, BGP_MARKER_SIZE + 2);
499 type = stream_getc (s);
500
501 assert (type == BGP_MSG_NOTIFY);
502
503 /* Type should be notify. */
504 peer->notify_out++;
505
506 /* Double start timer. */
507 peer->v_start *= 2;
508
509 /* Overflow check. */
510 if (peer->v_start >= (60 * 2))
511 peer->v_start = (60 * 2);
512
513 /* Handle Graceful Restart case where the state changes to
514 Connect instead of Idle */
515 BGP_EVENT_ADD (peer, BGP_Stop);
516
517 return 0;
518 }
519
520 /* Make keepalive packet and send it to the peer. */
521 void
522 bgp_keepalive_send (struct peer *peer)
523 {
524 struct stream *s;
525
526 s = stream_new (BGP_MAX_PACKET_SIZE);
527
528 /* Make keepalive packet. */
529 bgp_packet_set_marker (s, BGP_MSG_KEEPALIVE);
530
531 /* Set packet size. */
532 (void)bgp_packet_set_size (s);
533
534 /* Dump packet if debug option is set. */
535 /* bgp_packet_dump (s); */
536
537 if (bgp_debug_keepalive(peer))
538 zlog_debug ("%s sending KEEPALIVE", peer->host);
539
540 /* Add packet to the peer. */
541 bgp_packet_add (peer, s);
542
543 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
544 }
545
546 /* Make open packet and send it to the peer. */
547 void
548 bgp_open_send (struct peer *peer)
549 {
550 struct stream *s;
551 u_int16_t send_holdtime;
552 as_t local_as;
553
554 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
555 send_holdtime = peer->holdtime;
556 else
557 send_holdtime = peer->bgp->default_holdtime;
558
559 /* local-as Change */
560 if (peer->change_local_as)
561 local_as = peer->change_local_as;
562 else
563 local_as = peer->local_as;
564
565 s = stream_new (BGP_MAX_PACKET_SIZE);
566
567 /* Make open packet. */
568 bgp_packet_set_marker (s, BGP_MSG_OPEN);
569
570 /* Set open packet values. */
571 stream_putc (s, BGP_VERSION_4); /* BGP version */
572 stream_putw (s, (local_as <= BGP_AS_MAX) ? (u_int16_t) local_as
573 : BGP_AS_TRANS);
574 stream_putw (s, send_holdtime); /* Hold Time */
575 stream_put_in_addr (s, &peer->local_id); /* BGP Identifier */
576
577 /* Set capability code. */
578 bgp_open_capability (s, peer);
579
580 /* Set BGP packet length. */
581 (void)bgp_packet_set_size (s);
582
583 if (bgp_debug_neighbor_events(peer))
584 zlog_debug ("%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
585 peer->host, BGP_VERSION_4, local_as,
586 send_holdtime, inet_ntoa (peer->local_id));
587
588 /* Dump packet if debug option is set. */
589 /* bgp_packet_dump (s); */
590
591 /* Add packet to the peer. */
592 bgp_packet_add (peer, s);
593
594 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
595 }
596
597 /* Send BGP notify packet with data potion. */
598 void
599 bgp_notify_send_with_data (struct peer *peer, u_char code, u_char sub_code,
600 u_char *data, size_t datalen)
601 {
602 struct stream *s;
603 int length;
604
605 /* Allocate new stream. */
606 s = stream_new (BGP_MAX_PACKET_SIZE);
607
608 /* Make nitify packet. */
609 bgp_packet_set_marker (s, BGP_MSG_NOTIFY);
610
611 /* Set notify packet values. */
612 stream_putc (s, code); /* BGP notify code */
613 stream_putc (s, sub_code); /* BGP notify sub_code */
614
615 /* If notify data is present. */
616 if (data)
617 stream_write (s, data, datalen);
618
619 /* Set BGP packet length. */
620 length = bgp_packet_set_size (s);
621
622 /* Add packet to the peer. */
623 stream_fifo_clean (peer->obuf);
624 bgp_packet_add (peer, s);
625
626 /* For debug */
627 {
628 struct bgp_notify bgp_notify;
629 int first = 0;
630 int i;
631 char c[4];
632
633 bgp_notify.code = code;
634 bgp_notify.subcode = sub_code;
635 bgp_notify.data = NULL;
636 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
637 bgp_notify.raw_data = data;
638
639 peer->notify.code = bgp_notify.code;
640 peer->notify.subcode = bgp_notify.subcode;
641
642 if (bgp_notify.length)
643 {
644 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
645 for (i = 0; i < bgp_notify.length; i++)
646 if (first)
647 {
648 sprintf (c, " %02x", data[i]);
649 strcat (bgp_notify.data, c);
650 }
651 else
652 {
653 first = 1;
654 sprintf (c, "%02x", data[i]);
655 strcpy (bgp_notify.data, c);
656 }
657 }
658 bgp_notify_print (peer, &bgp_notify, "sending");
659
660 if (bgp_notify.data)
661 {
662 XFREE (MTYPE_TMP, bgp_notify.data);
663 bgp_notify.data = NULL;
664 bgp_notify.length = 0;
665 }
666 }
667
668 /* peer reset cause */
669 if (code == BGP_NOTIFY_CEASE)
670 {
671 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
672 peer->last_reset = PEER_DOWN_USER_RESET;
673 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
674 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
675 else
676 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
677 }
678 else
679 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
680
681 /* Call immediately. */
682 BGP_WRITE_OFF (peer->t_write);
683
684 bgp_write_notify (peer);
685 }
686
687 /* Send BGP notify packet. */
688 void
689 bgp_notify_send (struct peer *peer, u_char code, u_char sub_code)
690 {
691 bgp_notify_send_with_data (peer, code, sub_code, NULL, 0);
692 }
693
694 /* Send route refresh message to the peer. */
695 void
696 bgp_route_refresh_send (struct peer *peer, afi_t afi, safi_t safi,
697 u_char orf_type, u_char when_to_refresh, int remove)
698 {
699 struct stream *s;
700 struct bgp_filter *filter;
701 int orf_refresh = 0;
702 iana_afi_t pkt_afi;
703 safi_t pkt_safi;
704
705 if (DISABLE_BGP_ANNOUNCE)
706 return;
707
708 filter = &peer->filter[afi][safi];
709
710 /* Convert AFI, SAFI to values for packet. */
711 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
712
713 s = stream_new (BGP_MAX_PACKET_SIZE);
714
715 /* Make BGP update packet. */
716 if (CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV))
717 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_NEW);
718 else
719 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_OLD);
720
721 /* Encode Route Refresh message. */
722 stream_putw (s, pkt_afi);
723 stream_putc (s, 0);
724 stream_putc (s, pkt_safi);
725
726 if (orf_type == ORF_TYPE_PREFIX
727 || orf_type == ORF_TYPE_PREFIX_OLD)
728 if (remove || filter->plist[FILTER_IN].plist)
729 {
730 u_int16_t orf_len;
731 unsigned long orfp;
732
733 orf_refresh = 1;
734 stream_putc (s, when_to_refresh);
735 stream_putc (s, orf_type);
736 orfp = stream_get_endp (s);
737 stream_putw (s, 0);
738
739 if (remove)
740 {
741 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
742 stream_putc (s, ORF_COMMON_PART_REMOVE_ALL);
743 if (bgp_debug_neighbor_events(peer))
744 zlog_debug ("%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
745 peer->host, orf_type,
746 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
747 pkt_afi, pkt_safi);
748 }
749 else
750 {
751 SET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
752 prefix_bgp_orf_entry (s, filter->plist[FILTER_IN].plist,
753 ORF_COMMON_PART_ADD, ORF_COMMON_PART_PERMIT,
754 ORF_COMMON_PART_DENY);
755 if (bgp_debug_neighbor_events(peer))
756 zlog_debug ("%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
757 peer->host, orf_type,
758 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
759 pkt_afi, pkt_safi);
760 }
761
762 /* Total ORF Entry Len. */
763 orf_len = stream_get_endp (s) - orfp - 2;
764 stream_putw_at (s, orfp, orf_len);
765 }
766
767 /* Set packet size. */
768 (void)bgp_packet_set_size (s);
769
770 if (bgp_debug_neighbor_events(peer))
771 {
772 if (! orf_refresh)
773 zlog_debug ("%s sending REFRESH_REQ for afi/safi: %d/%d",
774 peer->host, pkt_afi, pkt_safi);
775 }
776
777 /* Add packet to the peer. */
778 bgp_packet_add (peer, s);
779
780 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
781 }
782
783 /* Send capability message to the peer. */
784 void
785 bgp_capability_send (struct peer *peer, afi_t afi, safi_t safi,
786 int capability_code, int action)
787 {
788 struct stream *s;
789 iana_afi_t pkt_afi;
790 safi_t pkt_safi;
791
792 /* Convert AFI, SAFI to values for packet. */
793 bgp_map_afi_safi_int2iana (afi, safi, &pkt_afi, &pkt_safi);
794
795 s = stream_new (BGP_MAX_PACKET_SIZE);
796
797 /* Make BGP update packet. */
798 bgp_packet_set_marker (s, BGP_MSG_CAPABILITY);
799
800 /* Encode MP_EXT capability. */
801 if (capability_code == CAPABILITY_CODE_MP)
802 {
803 stream_putc (s, action);
804 stream_putc (s, CAPABILITY_CODE_MP);
805 stream_putc (s, CAPABILITY_CODE_MP_LEN);
806 stream_putw (s, pkt_afi);
807 stream_putc (s, 0);
808 stream_putc (s, pkt_safi);
809
810 if (bgp_debug_neighbor_events(peer))
811 zlog_debug ("%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
812 peer->host, action == CAPABILITY_ACTION_SET ?
813 "Advertising" : "Removing", pkt_afi, pkt_safi);
814 }
815
816 /* Set packet size. */
817 (void)bgp_packet_set_size (s);
818
819 /* Add packet to the peer. */
820 bgp_packet_add (peer, s);
821
822 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
823 }
824
825 /* RFC1771 6.8 Connection collision detection. */
826 static int
827 bgp_collision_detect (struct peer *new, struct in_addr remote_id)
828 {
829 struct peer *peer;
830
831 /* Upon receipt of an OPEN message, the local system must examine
832 all of its connections that are in the OpenConfirm state. A BGP
833 speaker may also examine connections in an OpenSent state if it
834 knows the BGP Identifier of the peer by means outside of the
835 protocol. If among these connections there is a connection to a
836 remote BGP speaker whose BGP Identifier equals the one in the
837 OPEN message, then the local system performs the following
838 collision resolution procedure: */
839
840 if ((peer = new->doppelganger) != NULL)
841 {
842 /* Do not accept the new connection in Established or Clearing states.
843 * Note that a peer GR is handled by closing the existing connection
844 * upon receipt of new one.
845 */
846 if (peer->status == Established || peer->status == Clearing)
847 {
848 bgp_notify_send (new, BGP_NOTIFY_CEASE,
849 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
850 return (-1);
851 }
852 else if ((peer->status == OpenConfirm) || (peer->status == OpenSent))
853 {
854 /* 1. The BGP Identifier of the local system is compared to
855 the BGP Identifier of the remote system (as specified in
856 the OPEN message). */
857
858 if (ntohl (peer->local_id.s_addr) < ntohl (remote_id.s_addr))
859 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
860 {
861 /* 2. If the value of the local BGP Identifier is less
862 than the remote one, the local system closes BGP
863 connection that already exists (the one that is
864 already in the OpenConfirm state), and accepts BGP
865 connection initiated by the remote system. */
866 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
867 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
868 return 1;
869 }
870 else
871 {
872 bgp_notify_send (new, BGP_NOTIFY_CEASE,
873 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
874 return -1;
875 }
876 else
877 {
878 /* 3. Otherwise, the local system closes newly created
879 BGP connection (the one associated with the newly
880 received OPEN message), and continues to use the
881 existing one (the one that is already in the
882 OpenConfirm state). */
883 if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
884 {
885 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
886 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
887 return 1;
888 }
889 else
890 {
891 bgp_notify_send (new, BGP_NOTIFY_CEASE,
892 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
893 return -1;
894 }
895 }
896 }
897 }
898 return 0;
899 }
900
901 static int
902 bgp_open_receive (struct peer *peer, bgp_size_t size)
903 {
904 int ret;
905 u_char version;
906 u_char optlen;
907 u_int16_t holdtime;
908 u_int16_t send_holdtime;
909 as_t remote_as;
910 as_t as4 = 0;
911 struct in_addr remote_id;
912 int mp_capability;
913 u_int8_t notify_data_remote_as[2];
914 u_int8_t notify_data_remote_as4[4];
915 u_int8_t notify_data_remote_id[4];
916 u_int16_t *holdtime_ptr;
917
918 /* Parse open packet. */
919 version = stream_getc (peer->ibuf);
920 memcpy (notify_data_remote_as, stream_pnt (peer->ibuf), 2);
921 remote_as = stream_getw (peer->ibuf);
922 holdtime_ptr = (u_int16_t *)stream_pnt (peer->ibuf);
923 holdtime = stream_getw (peer->ibuf);
924 memcpy (notify_data_remote_id, stream_pnt (peer->ibuf), 4);
925 remote_id.s_addr = stream_get_ipv4 (peer->ibuf);
926
927 /* Receive OPEN message log */
928 if (bgp_debug_neighbor_events(peer))
929 zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %u,"
930 " holdtime %d, id %s",
931 peer->host, version, remote_as, holdtime,
932 inet_ntoa (remote_id));
933
934 /* BEGIN to read the capability here, but dont do it yet */
935 mp_capability = 0;
936 optlen = stream_getc (peer->ibuf);
937
938 if (optlen != 0)
939 {
940 /* If not enough bytes, it is an error. */
941 if (STREAM_READABLE(peer->ibuf) < optlen)
942 {
943 bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR,
944 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
945 return -1;
946 }
947
948 /* We need the as4 capability value *right now* because
949 * if it is there, we have not got the remote_as yet, and without
950 * that we do not know which peer is connecting to us now.
951 */
952 as4 = peek_for_as4_capability (peer, optlen);
953 memcpy (notify_data_remote_as4, &as4, 4);
954 }
955
956 /* Just in case we have a silly peer who sends AS4 capability set to 0 */
957 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV) && !as4)
958 {
959 zlog_err ("%s bad OPEN, got AS4 capability, but AS4 set to 0",
960 peer->host);
961 bgp_notify_send_with_data (peer,
962 BGP_NOTIFY_OPEN_ERR,
963 BGP_NOTIFY_OPEN_BAD_PEER_AS,
964 notify_data_remote_as4, 4);
965 return -1;
966 }
967
968 if (remote_as == BGP_AS_TRANS)
969 {
970 /* Take the AS4 from the capability. We must have received the
971 * capability now! Otherwise we have a asn16 peer who uses
972 * BGP_AS_TRANS, for some unknown reason.
973 */
974 if (as4 == BGP_AS_TRANS)
975 {
976 zlog_err ("%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
977 peer->host);
978 bgp_notify_send_with_data (peer,
979 BGP_NOTIFY_OPEN_ERR,
980 BGP_NOTIFY_OPEN_BAD_PEER_AS,
981 notify_data_remote_as4, 4);
982 return -1;
983 }
984
985 if (!as4 && BGP_DEBUG (as4, AS4))
986 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
987 " Odd, but proceeding.", peer->host);
988 else if (as4 < BGP_AS_MAX && BGP_DEBUG (as4, AS4))
989 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
990 "in 2-bytes, very odd peer.", peer->host, as4);
991 if (as4)
992 remote_as = as4;
993 }
994 else
995 {
996 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX */
997 /* If we have got the capability, peer->as4cap must match remote_as */
998 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV)
999 && as4 != remote_as)
1000 {
1001 /* raise error, log this, close session */
1002 zlog_err ("%s bad OPEN, got AS4 capability, but remote_as %u"
1003 " mismatch with 16bit 'myasn' %u in open",
1004 peer->host, as4, remote_as);
1005 bgp_notify_send_with_data (peer,
1006 BGP_NOTIFY_OPEN_ERR,
1007 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1008 notify_data_remote_as4, 4);
1009 return -1;
1010 }
1011 }
1012
1013 /* remote router-id check. */
1014 if (remote_id.s_addr == 0
1015 || IPV4_CLASS_DE (ntohl (remote_id.s_addr))
1016 || ntohl (peer->local_id.s_addr) == ntohl (remote_id.s_addr))
1017 {
1018 if (bgp_debug_neighbor_events(peer))
1019 zlog_debug ("%s bad OPEN, wrong router identifier %s",
1020 peer->host, inet_ntoa (remote_id));
1021 bgp_notify_send_with_data (peer,
1022 BGP_NOTIFY_OPEN_ERR,
1023 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1024 notify_data_remote_id, 4);
1025 return -1;
1026 }
1027
1028 /* Set remote router-id */
1029 peer->remote_id = remote_id;
1030
1031 /* Peer BGP version check. */
1032 if (version != BGP_VERSION_4)
1033 {
1034 u_int16_t maxver = htons(BGP_VERSION_4);
1035 /* XXX this reply may not be correct if version < 4 XXX */
1036 if (bgp_debug_neighbor_events(peer))
1037 zlog_debug ("%s bad protocol version, remote requested %d, local request %d",
1038 peer->host, version, BGP_VERSION_4);
1039 /* Data must be in network byte order here */
1040 bgp_notify_send_with_data (peer,
1041 BGP_NOTIFY_OPEN_ERR,
1042 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1043 (u_int8_t *) &maxver, 2);
1044 return -1;
1045 }
1046
1047 /* Check neighbor as number. */
1048 if (peer->as_type == AS_UNSPECIFIED)
1049 {
1050 if (bgp_debug_neighbor_events(peer))
1051 zlog_debug("%s bad OPEN, remote AS is unspecified currently", peer->host);
1052 bgp_notify_send_with_data(peer,
1053 BGP_NOTIFY_OPEN_ERR,
1054 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1055 notify_data_remote_as, 2);
1056 return -1;
1057 }
1058 else if (peer->as_type == AS_INTERNAL)
1059 {
1060 if (remote_as != peer->bgp->as)
1061 {
1062 if (bgp_debug_neighbor_events(peer))
1063 zlog_debug ("%s bad OPEN, remote AS is %u, internal specified",
1064 peer->host, remote_as);
1065 bgp_notify_send_with_data (peer,
1066 BGP_NOTIFY_OPEN_ERR,
1067 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1068 notify_data_remote_as, 2);
1069 return -1;
1070 }
1071 peer->as = peer->local_as;
1072 }
1073 else if (peer->as_type == AS_EXTERNAL)
1074 {
1075 if (remote_as == peer->bgp->as)
1076 {
1077 if (bgp_debug_neighbor_events(peer))
1078 zlog_debug ("%s bad OPEN, remote AS is %u, external specified",
1079 peer->host, remote_as);
1080 bgp_notify_send_with_data (peer,
1081 BGP_NOTIFY_OPEN_ERR,
1082 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1083 notify_data_remote_as, 2);
1084 return -1;
1085 }
1086 peer->as = remote_as;
1087 }
1088 else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as))
1089 {
1090 if (bgp_debug_neighbor_events(peer))
1091 zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
1092 peer->host, remote_as, peer->as);
1093 bgp_notify_send_with_data (peer,
1094 BGP_NOTIFY_OPEN_ERR,
1095 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1096 notify_data_remote_as, 2);
1097 return -1;
1098 }
1099
1100 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1101 calculate the value of the Hold Timer by using the smaller of its
1102 configured Hold Time and the Hold Time received in the OPEN message.
1103 The Hold Time MUST be either zero or at least three seconds. An
1104 implementation may reject connections on the basis of the Hold Time. */
1105
1106 if (holdtime < 3 && holdtime != 0)
1107 {
1108 bgp_notify_send_with_data (peer,
1109 BGP_NOTIFY_OPEN_ERR,
1110 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1111 (u_char *)holdtime_ptr, 2);
1112 return -1;
1113 }
1114
1115 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1116 would be one third of the Hold Time interval. KEEPALIVE messages
1117 MUST NOT be sent more frequently than one per second. An
1118 implementation MAY adjust the rate at which it sends KEEPALIVE
1119 messages as a function of the Hold Time interval. */
1120
1121 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1122 send_holdtime = peer->holdtime;
1123 else
1124 send_holdtime = peer->bgp->default_holdtime;
1125
1126 if (holdtime < send_holdtime)
1127 peer->v_holdtime = holdtime;
1128 else
1129 peer->v_holdtime = send_holdtime;
1130
1131 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1132 peer->v_keepalive = peer->keepalive;
1133 else
1134 peer->v_keepalive = peer->v_holdtime / 3;
1135
1136 /* Open option part parse. */
1137 if (optlen != 0)
1138 {
1139 if ((ret = bgp_open_option_parse (peer, optlen, &mp_capability)) < 0)
1140 return ret;
1141 }
1142 else
1143 {
1144 if (bgp_debug_neighbor_events(peer))
1145 zlog_debug ("%s rcvd OPEN w/ OPTION parameter len: 0",
1146 peer->host);
1147 }
1148
1149 /*
1150 * Assume that the peer supports the locally configured set of
1151 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1152 * capabilities, or if 'override-capability' is configured.
1153 */
1154 if (! mp_capability ||
1155 CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1156 {
1157 peer->afc_nego[AFI_IP][SAFI_UNICAST] = peer->afc[AFI_IP][SAFI_UNICAST];
1158 peer->afc_nego[AFI_IP][SAFI_MULTICAST] = peer->afc[AFI_IP][SAFI_MULTICAST];
1159 peer->afc_nego[AFI_IP6][SAFI_UNICAST] = peer->afc[AFI_IP6][SAFI_UNICAST];
1160 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = peer->afc[AFI_IP6][SAFI_MULTICAST];
1161 }
1162
1163 /* When collision is detected and this peer is closed. Retrun
1164 immidiately. */
1165 ret = bgp_collision_detect (peer, remote_id);
1166 if (ret < 0)
1167 return ret;
1168
1169 /* Get sockname. */
1170 if ((ret = bgp_getsockname (peer)) < 0)
1171 {
1172 zlog_err("%s: bgp_getsockname() failed for peer: %s", __FUNCTION__,
1173 peer->host);
1174 return (ret);
1175 }
1176
1177 /* Verify valid local address present based on negotiated address-families. */
1178 if (peer->afc_nego[AFI_IP][SAFI_UNICAST] ||
1179 peer->afc_nego[AFI_IP][SAFI_MULTICAST] ||
1180 peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] ||
1181 peer->afc_nego[AFI_IP][SAFI_ENCAP])
1182 {
1183 if (!peer->nexthop.v4.s_addr)
1184 {
1185 #if defined (HAVE_CUMULUS)
1186 zlog_err ("%s: No local IPv4 addr resetting connection, fd %d",
1187 peer->host, peer->fd);
1188 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1189 return -1;
1190 #endif
1191 }
1192 }
1193 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST] ||
1194 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] ||
1195 peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN] ||
1196 peer->afc_nego[AFI_IP6][SAFI_ENCAP])
1197 {
1198 if (IN6_IS_ADDR_UNSPECIFIED (&peer->nexthop.v6_global))
1199 {
1200 #if defined (HAVE_CUMULUS)
1201 zlog_err ("%s: No local IPv6 addr resetting connection, fd %d",
1202 peer->host, peer->fd);
1203 bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1204 return -1;
1205 #endif
1206 }
1207 }
1208 peer->rtt = sockopt_tcp_rtt (peer->fd);
1209
1210 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0)
1211 {
1212 zlog_err("%s: BGP event update failed for peer: %s", __FUNCTION__,
1213 peer->host);
1214 /* DD: bgp send notify and reset state */
1215 return (ret);
1216 }
1217
1218 peer->packet_size = 0;
1219 if (peer->ibuf)
1220 stream_reset (peer->ibuf);
1221
1222 return 0;
1223 }
1224
1225 /* Called when there is a change in the EOR(implicit or explicit) status of a peer.
1226 Ends the update-delay if all expected peers are done with EORs. */
1227 void
1228 bgp_check_update_delay(struct bgp *bgp)
1229 {
1230 struct listnode *node, *nnode;
1231 struct peer *peer = NULL;
1232
1233 if (bgp_debug_neighbor_events(peer))
1234 zlog_debug ("Checking update delay, T: %d R: %d I:%d E: %d", bgp->established,
1235 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1236
1237 if (bgp->established <=
1238 bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors)
1239 {
1240 /* This is an extra sanity check to make sure we wait for all the
1241 eligible configured peers. This check is performed if establish wait
1242 timer is on, or establish wait option is not given with the
1243 update-delay command */
1244 if (bgp->t_establish_wait ||
1245 (bgp->v_establish_wait == bgp->v_update_delay))
1246 for (ALL_LIST_ELEMENTS (bgp->peer, node, nnode, peer))
1247 {
1248 if (CHECK_FLAG(peer->flags, PEER_FLAG_CONFIG_NODE)
1249 && !CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)
1250 && !peer->update_delay_over)
1251 {
1252 if (bgp_debug_neighbor_events(peer))
1253 zlog_debug (" Peer %s pending, continuing read-only mode",
1254 peer->host);
1255 return;
1256 }
1257 }
1258
1259 zlog_info ("Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1260 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1261 bgp_update_delay_end(bgp);
1262 }
1263 }
1264
1265 /* Called if peer is known to have restarted. The restart-state bit in
1266 Graceful-Restart capability is used for that */
1267 void
1268 bgp_update_restarted_peers (struct peer *peer)
1269 {
1270 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1271 if (peer->update_delay_over) return; /* This peer has already been considered */
1272
1273 if (bgp_debug_neighbor_events(peer))
1274 zlog_debug ("Peer %s: Checking restarted", peer->host);
1275
1276 if (peer->status == Established)
1277 {
1278 peer->update_delay_over = 1;
1279 peer->bgp->restarted_peers++;
1280 bgp_check_update_delay(peer->bgp);
1281 }
1282 }
1283
1284 /* Called as peer receives a keep-alive. Determines if this occurence can be
1285 taken as an implicit EOR for this peer.
1286 NOTE: The very first keep-alive after the Established state of a peer is
1287 considered implicit EOR for the update-delay purposes */
1288 void
1289 bgp_update_implicit_eors (struct peer *peer)
1290 {
1291 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1292 if (peer->update_delay_over) return; /* This peer has already been considered */
1293
1294 if (bgp_debug_neighbor_events(peer))
1295 zlog_debug ("Peer %s: Checking implicit EORs", peer->host);
1296
1297 if (peer->status == Established)
1298 {
1299 peer->update_delay_over = 1;
1300 peer->bgp->implicit_eors++;
1301 bgp_check_update_delay(peer->bgp);
1302 }
1303 }
1304
1305 /* Should be called only when there is a change in the EOR_RECEIVED status
1306 for any afi/safi on a peer */
1307 static void
1308 bgp_update_explicit_eors (struct peer *peer)
1309 {
1310 afi_t afi;
1311 safi_t safi;
1312
1313 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1314 if (peer->update_delay_over) return; /* This peer has already been considered */
1315
1316 if (bgp_debug_neighbor_events(peer))
1317 zlog_debug ("Peer %s: Checking explicit EORs", peer->host);
1318
1319 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1320 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
1321 {
1322 if (peer->afc_nego[afi][safi] &&
1323 !CHECK_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1324 {
1325 if (bgp_debug_neighbor_events(peer))
1326 zlog_debug (" afi %d safi %d didnt receive EOR", afi, safi);
1327 return;
1328 }
1329 }
1330
1331 peer->update_delay_over = 1;
1332 peer->bgp->explicit_eors++;
1333 bgp_check_update_delay(peer->bgp);
1334 }
1335
1336 /* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers
1337 * mp_withdraw, if set, is used to nullify attr structure on most of the calling safi function
1338 * and for evpn, passed as parameter
1339 */
1340 int
1341 bgp_nlri_parse (struct peer *peer, struct attr *attr, struct bgp_nlri *packet, int mp_withdraw)
1342 {
1343 switch (packet->safi)
1344 {
1345 case SAFI_UNICAST:
1346 case SAFI_MULTICAST:
1347 return bgp_nlri_parse_ip (peer, mp_withdraw?NULL:attr, packet);
1348 case SAFI_MPLS_VPN:
1349 return bgp_nlri_parse_vpn (peer, mp_withdraw?NULL:attr, packet);
1350 case SAFI_EVPN:
1351 return bgp_nlri_parse_evpn (peer, attr, packet, mp_withdraw);
1352 }
1353 return -1;
1354 }
1355
1356 /* Parse BGP Update packet and make attribute object. */
1357 static int
1358 bgp_update_receive (struct peer *peer, bgp_size_t size)
1359 {
1360 int ret, nlri_ret;
1361 u_char *end;
1362 struct stream *s;
1363 struct attr attr;
1364 struct attr_extra extra;
1365 bgp_size_t attribute_len;
1366 bgp_size_t update_len;
1367 bgp_size_t withdraw_len;
1368
1369 enum NLRI_TYPES {
1370 NLRI_UPDATE,
1371 NLRI_WITHDRAW,
1372 NLRI_MP_UPDATE,
1373 NLRI_MP_WITHDRAW,
1374 NLRI_TYPE_MAX
1375 };
1376 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1377
1378 /* Status must be Established. */
1379 if (peer->status != Established)
1380 {
1381 zlog_err ("%s [FSM] Update packet received under status %s",
1382 peer->host, LOOKUP (bgp_status_msg, peer->status));
1383 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1384 return -1;
1385 }
1386
1387 /* Set initial values. */
1388 memset (&attr, 0, sizeof (struct attr));
1389 memset (&extra, 0, sizeof (struct attr_extra));
1390 memset (&nlris, 0, sizeof (nlris));
1391 attr.extra = &extra;
1392 memset (peer->rcvd_attr_str, 0, BUFSIZ);
1393 peer->rcvd_attr_printed = 0;
1394
1395 s = peer->ibuf;
1396 end = stream_pnt (s) + size;
1397
1398 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1399 Length is too large (i.e., if Unfeasible Routes Length + Total
1400 Attribute Length + 23 exceeds the message Length), then the Error
1401 Subcode is set to Malformed Attribute List. */
1402 if (stream_pnt (s) + 2 > end)
1403 {
1404 zlog_err ("%s [Error] Update packet error"
1405 " (packet length is short for unfeasible length)",
1406 peer->host);
1407 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1408 BGP_NOTIFY_UPDATE_MAL_ATTR);
1409 return -1;
1410 }
1411
1412 /* Unfeasible Route Length. */
1413 withdraw_len = stream_getw (s);
1414
1415 /* Unfeasible Route Length check. */
1416 if (stream_pnt (s) + withdraw_len > end)
1417 {
1418 zlog_err ("%s [Error] Update packet error"
1419 " (packet unfeasible length overflow %d)",
1420 peer->host, withdraw_len);
1421 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1422 BGP_NOTIFY_UPDATE_MAL_ATTR);
1423 return -1;
1424 }
1425
1426 /* Unfeasible Route packet format check. */
1427 if (withdraw_len > 0)
1428 {
1429 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1430 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1431 nlris[NLRI_WITHDRAW].nlri = stream_pnt (s);
1432 nlris[NLRI_WITHDRAW].length = withdraw_len;
1433 stream_forward_getp (s, withdraw_len);
1434 }
1435
1436 /* Attribute total length check. */
1437 if (stream_pnt (s) + 2 > end)
1438 {
1439 zlog_warn ("%s [Error] Packet Error"
1440 " (update packet is short for attribute length)",
1441 peer->host);
1442 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1443 BGP_NOTIFY_UPDATE_MAL_ATTR);
1444 return -1;
1445 }
1446
1447 /* Fetch attribute total length. */
1448 attribute_len = stream_getw (s);
1449
1450 /* Attribute length check. */
1451 if (stream_pnt (s) + attribute_len > end)
1452 {
1453 zlog_warn ("%s [Error] Packet Error"
1454 " (update packet attribute length overflow %d)",
1455 peer->host, attribute_len);
1456 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1457 BGP_NOTIFY_UPDATE_MAL_ATTR);
1458 return -1;
1459 }
1460
1461 /* Certain attribute parsing errors should not be considered bad enough
1462 * to reset the session for, most particularly any partial/optional
1463 * attributes that have 'tunneled' over speakers that don't understand
1464 * them. Instead we withdraw only the prefix concerned.
1465 *
1466 * Complicates the flow a little though..
1467 */
1468 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1469 /* This define morphs the update case into a withdraw when lower levels
1470 * have signalled an error condition where this is best.
1471 */
1472 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1473
1474 /* Parse attribute when it exists. */
1475 if (attribute_len)
1476 {
1477 attr_parse_ret = bgp_attr_parse (peer, &attr, attribute_len,
1478 &nlris[NLRI_MP_UPDATE], &nlris[NLRI_MP_WITHDRAW]);
1479 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR)
1480 {
1481 bgp_attr_unintern_sub (&attr);
1482 return -1;
1483 }
1484 }
1485
1486 /* Logging the attribute. */
1487 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW ||
1488 BGP_DEBUG (update, UPDATE_IN) ||
1489 BGP_DEBUG (update, UPDATE_PREFIX))
1490 {
1491 ret = bgp_dump_attr (peer, &attr, peer->rcvd_attr_str, BUFSIZ);
1492
1493 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1494 zlog_err ("%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1495 peer->host);
1496
1497 if (ret && bgp_debug_update(peer, NULL, NULL, 1))
1498 {
1499 zlog_debug ("%s rcvd UPDATE w/ attr: %s", peer->host, peer->rcvd_attr_str);
1500 peer->rcvd_attr_printed = 1;
1501 }
1502 }
1503
1504 /* Network Layer Reachability Information. */
1505 update_len = end - stream_pnt (s);
1506
1507 if (update_len)
1508 {
1509 /* Set NLRI portion to structure. */
1510 nlris[NLRI_UPDATE].afi = AFI_IP;
1511 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1512 nlris[NLRI_UPDATE].nlri = stream_pnt (s);
1513 nlris[NLRI_UPDATE].length = update_len;
1514 stream_forward_getp (s, update_len);
1515 }
1516
1517 if (BGP_DEBUG (update, UPDATE_IN))
1518 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1519 peer->host, withdraw_len, attribute_len, update_len);
1520
1521 /* Parse any given NLRIs */
1522 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++)
1523 {
1524 if (!nlris[i].nlri)
1525 continue;
1526
1527 /* NLRI is processed iff the peer if configured for the specific afi/safi */
1528 if (!peer->afc[nlris[i].afi][nlris[i].safi])
1529 {
1530 zlog_info ("%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1531 peer->host, nlris[i].afi, nlris[i].safi);
1532 continue;
1533 }
1534
1535 /* EoR handled later */
1536 if (nlris[i].length == 0)
1537 continue;
1538
1539 switch (i)
1540 {
1541 case NLRI_UPDATE:
1542 case NLRI_MP_UPDATE:
1543 nlri_ret = bgp_nlri_parse (peer, NLRI_ATTR_ARG, &nlris[i], 0);
1544 break;
1545 case NLRI_WITHDRAW:
1546 case NLRI_MP_WITHDRAW:
1547 nlri_ret = bgp_nlri_parse (peer, &attr, &nlris[i], 1);
1548 break;
1549 default:
1550 nlri_ret = -1;
1551 }
1552
1553 if (nlri_ret < 0)
1554 {
1555 zlog_err("%s [Error] Error parsing NLRI", peer->host);
1556 if (peer->status == Established)
1557 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1558 i <= NLRI_WITHDRAW ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1559 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1560 bgp_attr_unintern_sub (&attr);
1561 return -1;
1562 }
1563 }
1564
1565 /* EoR checks
1566 *
1567 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1568 * and MP EoR should have only an empty MP_UNREACH
1569 */
1570 if (!update_len && !withdraw_len
1571 && nlris[NLRI_MP_UPDATE].length == 0)
1572 {
1573 afi_t afi = 0;
1574 safi_t safi;
1575
1576 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already checked
1577 * update and withdraw NLRI lengths are 0.
1578 */
1579 if (!attribute_len)
1580 {
1581 afi = AFI_IP;
1582 safi = SAFI_UNICAST;
1583 }
1584 else if (attr.flag & ATTR_FLAG_BIT (BGP_ATTR_MP_UNREACH_NLRI)
1585 && nlris[NLRI_MP_WITHDRAW].length == 0)
1586 {
1587 afi = nlris[NLRI_MP_WITHDRAW].afi;
1588 safi = nlris[NLRI_MP_WITHDRAW].safi;
1589 }
1590
1591 if (afi && peer->afc[afi][safi])
1592 {
1593 /* End-of-RIB received */
1594 if (!CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1595 {
1596 SET_FLAG (peer->af_sflags[afi][safi],
1597 PEER_STATUS_EOR_RECEIVED);
1598 bgp_update_explicit_eors(peer);
1599 }
1600
1601 /* NSF delete stale route */
1602 if (peer->nsf[afi][safi])
1603 bgp_clear_stale_route (peer, afi, safi);
1604
1605 if (bgp_debug_neighbor_events(peer))
1606 {
1607 zlog_debug ("rcvd End-of-RIB for %s from %s",
1608 afi_safi_print (afi, safi), peer->host);
1609 }
1610 }
1611 }
1612
1613 /* Everything is done. We unintern temporary structures which
1614 interned in bgp_attr_parse(). */
1615 bgp_attr_unintern_sub (&attr);
1616
1617 /* If peering is stopped due to some reason, do not generate BGP
1618 event. */
1619 if (peer->status != Established)
1620 return 0;
1621
1622 /* Increment packet counter. */
1623 peer->update_in++;
1624 peer->update_time = bgp_clock ();
1625
1626 /* Rearm holdtime timer */
1627 BGP_TIMER_OFF (peer->t_holdtime);
1628 bgp_timer_set (peer);
1629
1630 return 0;
1631 }
1632
1633 /* Notify message treatment function. */
1634 static void
1635 bgp_notify_receive (struct peer *peer, bgp_size_t size)
1636 {
1637 struct bgp_notify bgp_notify;
1638
1639 if (peer->notify.data)
1640 {
1641 XFREE (MTYPE_TMP, peer->notify.data);
1642 peer->notify.data = NULL;
1643 peer->notify.length = 0;
1644 }
1645
1646 bgp_notify.code = stream_getc (peer->ibuf);
1647 bgp_notify.subcode = stream_getc (peer->ibuf);
1648 bgp_notify.length = size - 2;
1649 bgp_notify.data = NULL;
1650
1651 /* Preserv notify code and sub code. */
1652 peer->notify.code = bgp_notify.code;
1653 peer->notify.subcode = bgp_notify.subcode;
1654 /* For further diagnostic record returned Data. */
1655 if (bgp_notify.length)
1656 {
1657 peer->notify.length = size - 2;
1658 peer->notify.data = XMALLOC (MTYPE_TMP, size - 2);
1659 memcpy (peer->notify.data, stream_pnt (peer->ibuf), size - 2);
1660 }
1661
1662 /* For debug */
1663 {
1664 int i;
1665 int first = 0;
1666 char c[4];
1667
1668 if (bgp_notify.length)
1669 {
1670 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
1671 for (i = 0; i < bgp_notify.length; i++)
1672 if (first)
1673 {
1674 sprintf (c, " %02x", stream_getc (peer->ibuf));
1675 strcat (bgp_notify.data, c);
1676 }
1677 else
1678 {
1679 first = 1;
1680 sprintf (c, "%02x", stream_getc (peer->ibuf));
1681 strcpy (bgp_notify.data, c);
1682 }
1683 bgp_notify.raw_data = (u_char*)peer->notify.data;
1684 }
1685
1686 bgp_notify_print(peer, &bgp_notify, "received");
1687 if (bgp_notify.data)
1688 {
1689 XFREE (MTYPE_TMP, bgp_notify.data);
1690 bgp_notify.data = NULL;
1691 bgp_notify.length = 0;
1692 }
1693 }
1694
1695 /* peer count update */
1696 peer->notify_in++;
1697
1698 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1699
1700 /* We have to check for Notify with Unsupported Optional Parameter.
1701 in that case we fallback to open without the capability option.
1702 But this done in bgp_stop. We just mark it here to avoid changing
1703 the fsm tables. */
1704 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR &&
1705 bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM )
1706 UNSET_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1707
1708 BGP_EVENT_ADD (peer, Receive_NOTIFICATION_message);
1709 }
1710
1711 /* Keepalive treatment function -- get keepalive send keepalive */
1712 static void
1713 bgp_keepalive_receive (struct peer *peer, bgp_size_t size)
1714 {
1715 if (bgp_debug_keepalive(peer))
1716 zlog_debug ("%s KEEPALIVE rcvd", peer->host);
1717
1718 BGP_EVENT_ADD (peer, Receive_KEEPALIVE_message);
1719 }
1720
1721 /* Route refresh message is received. */
1722 static void
1723 bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
1724 {
1725 iana_afi_t pkt_afi;
1726 afi_t afi;
1727 safi_t pkt_safi, safi;
1728 struct stream *s;
1729 struct peer_af *paf;
1730 struct update_group *updgrp;
1731 struct peer *updgrp_peer;
1732
1733 /* If peer does not have the capability, send notification. */
1734 if (! CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_ADV))
1735 {
1736 zlog_err ("%s [Error] BGP route refresh is not enabled",
1737 peer->host);
1738 bgp_notify_send (peer,
1739 BGP_NOTIFY_HEADER_ERR,
1740 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1741 return;
1742 }
1743
1744 /* Status must be Established. */
1745 if (peer->status != Established)
1746 {
1747 zlog_err ("%s [Error] Route refresh packet received under status %s",
1748 peer->host, LOOKUP (bgp_status_msg, peer->status));
1749 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1750 return;
1751 }
1752
1753 s = peer->ibuf;
1754
1755 /* Parse packet. */
1756 pkt_afi = stream_getw (s);
1757 (void)stream_getc (s);
1758 pkt_safi = stream_getc (s);
1759
1760 if (bgp_debug_update(peer, NULL, NULL, 0))
1761 zlog_debug ("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1762 peer->host, pkt_afi, pkt_safi);
1763
1764 /* Convert AFI, SAFI to internal values and check. */
1765 if (bgp_map_afi_safi_iana2int (pkt_afi, pkt_safi, &afi, &safi))
1766 {
1767 zlog_info ("%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1768 peer->host, pkt_afi, pkt_safi);
1769 return;
1770 }
1771
1772 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1773 {
1774 u_char *end;
1775 u_char when_to_refresh;
1776 u_char orf_type;
1777 u_int16_t orf_len;
1778
1779 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) < 5)
1780 {
1781 zlog_info ("%s ORF route refresh length error", peer->host);
1782 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1783 return;
1784 }
1785
1786 when_to_refresh = stream_getc (s);
1787 end = stream_pnt (s) + (size - 5);
1788
1789 while ((stream_pnt (s) + 2) < end)
1790 {
1791 orf_type = stream_getc (s);
1792 orf_len = stream_getw (s);
1793
1794 /* orf_len in bounds? */
1795 if ((stream_pnt (s) + orf_len) > end)
1796 break; /* XXX: Notify instead?? */
1797 if (orf_type == ORF_TYPE_PREFIX
1798 || orf_type == ORF_TYPE_PREFIX_OLD)
1799 {
1800 uint8_t *p_pnt = stream_pnt (s);
1801 uint8_t *p_end = stream_pnt (s) + orf_len;
1802 struct orf_prefix orfp;
1803 u_char common = 0;
1804 u_int32_t seq;
1805 int psize;
1806 char name[BUFSIZ];
1807 int ret = CMD_SUCCESS;
1808
1809 if (bgp_debug_neighbor_events(peer))
1810 {
1811 zlog_debug ("%s rcvd Prefixlist ORF(%d) length %d",
1812 peer->host, orf_type, orf_len);
1813 }
1814
1815 /* we're going to read at least 1 byte of common ORF header,
1816 * and 7 bytes of ORF Address-filter entry from the stream
1817 */
1818 if (orf_len < 7)
1819 break;
1820
1821 /* ORF prefix-list name */
1822 sprintf (name, "%s.%d.%d", peer->host, afi, safi);
1823
1824 while (p_pnt < p_end)
1825 {
1826 /* If the ORF entry is malformed, want to read as much of it
1827 * as possible without going beyond the bounds of the entry,
1828 * to maximise debug information.
1829 */
1830 int ok;
1831 memset (&orfp, 0, sizeof (struct orf_prefix));
1832 common = *p_pnt++;
1833 /* after ++: p_pnt <= p_end */
1834 if (common & ORF_COMMON_PART_REMOVE_ALL)
1835 {
1836 if (bgp_debug_neighbor_events(peer))
1837 zlog_debug ("%s rcvd Remove-All pfxlist ORF request", peer->host);
1838 prefix_bgp_orf_remove_all (afi, name);
1839 break;
1840 }
1841 ok = ((u_int32_t)(p_end - p_pnt) >= sizeof(u_int32_t)) ;
1842 if (ok)
1843 {
1844 memcpy (&seq, p_pnt, sizeof (u_int32_t));
1845 p_pnt += sizeof (u_int32_t);
1846 orfp.seq = ntohl (seq);
1847 }
1848 else
1849 p_pnt = p_end ;
1850
1851 if ((ok = (p_pnt < p_end)))
1852 orfp.ge = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1853 if ((ok = (p_pnt < p_end)))
1854 orfp.le = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1855 if ((ok = (p_pnt < p_end)))
1856 orfp.p.prefixlen = *p_pnt++ ;
1857 orfp.p.family = afi2family (afi); /* afi checked already */
1858
1859 psize = PSIZE (orfp.p.prefixlen); /* 0 if not ok */
1860 if (psize > prefix_blen(&orfp.p)) /* valid for family ? */
1861 {
1862 ok = 0 ;
1863 psize = prefix_blen(&orfp.p) ;
1864 }
1865 if (psize > (p_end - p_pnt)) /* valid for packet ? */
1866 {
1867 ok = 0 ;
1868 psize = p_end - p_pnt ;
1869 }
1870
1871 if (psize > 0)
1872 memcpy (&orfp.p.u.prefix, p_pnt, psize);
1873 p_pnt += psize;
1874
1875 if (bgp_debug_neighbor_events(peer))
1876 {
1877 char buf[INET6_BUFSIZ];
1878
1879 zlog_debug ("%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1880 peer->host,
1881 (common & ORF_COMMON_PART_REMOVE ? "Remove" : "Add"),
1882 (common & ORF_COMMON_PART_DENY ? "deny" : "permit"),
1883 orfp.seq,
1884 inet_ntop (orfp.p.family, &orfp.p.u.prefix, buf, INET6_BUFSIZ),
1885 orfp.p.prefixlen, orfp.ge, orfp.le,
1886 ok ? "" : " MALFORMED");
1887 }
1888
1889 if (ok)
1890 ret = prefix_bgp_orf_set (name, afi, &orfp,
1891 (common & ORF_COMMON_PART_DENY ? 0 : 1 ),
1892 (common & ORF_COMMON_PART_REMOVE ? 0 : 1));
1893
1894 if (!ok || (ok && ret != CMD_SUCCESS))
1895 {
1896 zlog_info ("%s Received misformatted prefixlist ORF."
1897 " Remove All pfxlist", peer->host);
1898 prefix_bgp_orf_remove_all (afi, name);
1899 break;
1900 }
1901 }
1902
1903 peer->orf_plist[afi][safi] = prefix_bgp_orf_lookup (afi, name);
1904 }
1905 stream_forward_getp (s, orf_len);
1906 }
1907 if (bgp_debug_neighbor_events(peer))
1908 zlog_debug ("%s rcvd Refresh %s ORF request", peer->host,
1909 when_to_refresh == REFRESH_DEFER ? "Defer" : "Immediate");
1910 if (when_to_refresh == REFRESH_DEFER)
1911 return;
1912 }
1913
1914 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1915 if (CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH))
1916 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH);
1917
1918 paf = peer_af_find (peer, afi, safi);
1919 if (paf && paf->subgroup)
1920 {
1921 if (peer->orf_plist[afi][safi])
1922 {
1923 updgrp = PAF_UPDGRP(paf);
1924 updgrp_peer = UPDGRP_PEER(updgrp);
1925 updgrp_peer->orf_plist[afi][safi] = peer->orf_plist[afi][safi];
1926 }
1927
1928 /* If the peer is configured for default-originate clear the
1929 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
1930 * default
1931 */
1932 if (CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
1933 UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
1934 }
1935
1936 /* Perform route refreshment to the peer */
1937 bgp_announce_route (peer, afi, safi);
1938 }
1939
1940 static int
1941 bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
1942 {
1943 u_char *end;
1944 struct capability_mp_data mpc;
1945 struct capability_header *hdr;
1946 u_char action;
1947 iana_afi_t pkt_afi;
1948 afi_t afi;
1949 safi_t pkt_safi, safi;
1950
1951 end = pnt + length;
1952
1953 while (pnt < end)
1954 {
1955 /* We need at least action, capability code and capability length. */
1956 if (pnt + 3 > end)
1957 {
1958 zlog_info ("%s Capability length error", peer->host);
1959 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1960 return -1;
1961 }
1962 action = *pnt;
1963 hdr = (struct capability_header *)(pnt + 1);
1964
1965 /* Action value check. */
1966 if (action != CAPABILITY_ACTION_SET
1967 && action != CAPABILITY_ACTION_UNSET)
1968 {
1969 zlog_info ("%s Capability Action Value error %d",
1970 peer->host, action);
1971 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1972 return -1;
1973 }
1974
1975 if (bgp_debug_neighbor_events(peer))
1976 zlog_debug ("%s CAPABILITY has action: %d, code: %u, length %u",
1977 peer->host, action, hdr->code, hdr->length);
1978
1979 /* Capability length check. */
1980 if ((pnt + hdr->length + 3) > end)
1981 {
1982 zlog_info ("%s Capability length error", peer->host);
1983 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1984 return -1;
1985 }
1986
1987 /* Fetch structure to the byte stream. */
1988 memcpy (&mpc, pnt + 3, sizeof (struct capability_mp_data));
1989
1990 /* We know MP Capability Code. */
1991 if (hdr->code == CAPABILITY_CODE_MP)
1992 {
1993 pkt_afi = ntohs (mpc.afi);
1994 pkt_safi = mpc.safi;
1995
1996 /* Ignore capability when override-capability is set. */
1997 if (CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1998 continue;
1999
2000 /* Convert AFI, SAFI to internal values. */
2001 if (bgp_map_afi_safi_iana2int (pkt_afi, pkt_safi, &afi, &safi))
2002 {
2003 if (bgp_debug_neighbor_events(peer))
2004 zlog_debug ("%s Dynamic Capability MP_EXT afi/safi invalid "
2005 "(%u/%u)", peer->host, pkt_afi, pkt_safi);
2006 continue;
2007 }
2008
2009 /* Address family check. */
2010 if (bgp_debug_neighbor_events(peer))
2011 zlog_debug ("%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2012 peer->host,
2013 action == CAPABILITY_ACTION_SET
2014 ? "Advertising" : "Removing",
2015 pkt_afi, pkt_safi);
2016
2017 if (action == CAPABILITY_ACTION_SET)
2018 {
2019 peer->afc_recv[afi][safi] = 1;
2020 if (peer->afc[afi][safi])
2021 {
2022 peer->afc_nego[afi][safi] = 1;
2023 bgp_announce_route (peer, afi, safi);
2024 }
2025 }
2026 else
2027 {
2028 peer->afc_recv[afi][safi] = 0;
2029 peer->afc_nego[afi][safi] = 0;
2030
2031 if (peer_active_nego (peer))
2032 bgp_clear_route (peer, afi, safi);
2033 else
2034 BGP_EVENT_ADD (peer, BGP_Stop);
2035 }
2036 }
2037 else
2038 {
2039 zlog_warn ("%s unrecognized capability code: %d - ignored",
2040 peer->host, hdr->code);
2041 }
2042 pnt += hdr->length + 3;
2043 }
2044 return 0;
2045 }
2046
2047 /* Dynamic Capability is received.
2048 *
2049 * This is exported for unit-test purposes
2050 */
2051 int
2052 bgp_capability_receive (struct peer *peer, bgp_size_t size)
2053 {
2054 u_char *pnt;
2055
2056 /* Fetch pointer. */
2057 pnt = stream_pnt (peer->ibuf);
2058
2059 if (bgp_debug_neighbor_events(peer))
2060 zlog_debug ("%s rcv CAPABILITY", peer->host);
2061
2062 /* If peer does not have the capability, send notification. */
2063 if (! CHECK_FLAG (peer->cap, PEER_CAP_DYNAMIC_ADV))
2064 {
2065 zlog_err ("%s [Error] BGP dynamic capability is not enabled",
2066 peer->host);
2067 bgp_notify_send (peer,
2068 BGP_NOTIFY_HEADER_ERR,
2069 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2070 return -1;
2071 }
2072
2073 /* Status must be Established. */
2074 if (peer->status != Established)
2075 {
2076 zlog_err ("%s [Error] Dynamic capability packet received under status %s",
2077 peer->host, LOOKUP (bgp_status_msg, peer->status));
2078 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
2079 return -1;
2080 }
2081
2082 /* Parse packet. */
2083 return bgp_capability_msg_parse (peer, pnt, size);
2084 }
2085
2086 /* BGP read utility function. */
2087 static int
2088 bgp_read_packet (struct peer *peer)
2089 {
2090 int nbytes;
2091 int readsize;
2092
2093 readsize = peer->packet_size - stream_get_endp (peer->ibuf);
2094
2095 /* If size is zero then return. */
2096 if (! readsize)
2097 return 0;
2098
2099 /* Read packet from fd. */
2100 nbytes = stream_read_try (peer->ibuf, peer->fd, readsize);
2101
2102 /* If read byte is smaller than zero then error occured. */
2103 if (nbytes < 0)
2104 {
2105 /* Transient error should retry */
2106 if (nbytes == -2)
2107 return -1;
2108
2109 zlog_err ("%s [Error] bgp_read_packet error: %s",
2110 peer->host, safe_strerror (errno));
2111
2112 if (peer->status == Established)
2113 {
2114 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2115 {
2116 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2117 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2118 }
2119 else
2120 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2121 }
2122
2123 BGP_EVENT_ADD (peer, TCP_fatal_error);
2124 return -1;
2125 }
2126
2127 /* When read byte is zero : clear bgp peer and return */
2128 if (nbytes == 0)
2129 {
2130 if (bgp_debug_neighbor_events(peer))
2131 zlog_debug ("%s [Event] BGP connection closed fd %d",
2132 peer->host, peer->fd);
2133
2134 if (peer->status == Established)
2135 {
2136 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2137 {
2138 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2139 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2140 }
2141 else
2142 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2143 }
2144
2145 BGP_EVENT_ADD (peer, TCP_connection_closed);
2146 return -1;
2147 }
2148
2149 /* We read partial packet. */
2150 if (stream_get_endp (peer->ibuf) != peer->packet_size)
2151 return -1;
2152
2153 return 0;
2154 }
2155
2156 /* Marker check. */
2157 static int
2158 bgp_marker_all_one (struct stream *s, int length)
2159 {
2160 int i;
2161
2162 for (i = 0; i < length; i++)
2163 if (s->data[i] != 0xff)
2164 return 0;
2165
2166 return 1;
2167 }
2168
2169 /* Starting point of packet process function. */
2170 int
2171 bgp_read (struct thread *thread)
2172 {
2173 int ret;
2174 u_char type = 0;
2175 struct peer *peer;
2176 bgp_size_t size;
2177 char notify_data_length[2];
2178 u_int32_t notify_out;
2179
2180 /* Yes first of all get peer pointer. */
2181 peer = THREAD_ARG (thread);
2182 peer->t_read = NULL;
2183
2184 /* Note notify_out so we can check later to see if we sent another one */
2185 notify_out = peer->notify_out;
2186
2187 /* For non-blocking IO check. */
2188 if (peer->status == Connect)
2189 {
2190 bgp_connect_check (peer, 1);
2191 goto done;
2192 }
2193 else
2194 {
2195 if (peer->fd < 0)
2196 {
2197 zlog_err ("bgp_read peer's fd is negative value %d", peer->fd);
2198 return -1;
2199 }
2200 BGP_READ_ON (peer->t_read, bgp_read, peer->fd);
2201 }
2202
2203 /* Read packet header to determine type of the packet */
2204 if (peer->packet_size == 0)
2205 peer->packet_size = BGP_HEADER_SIZE;
2206
2207 if (stream_get_endp (peer->ibuf) < BGP_HEADER_SIZE)
2208 {
2209 ret = bgp_read_packet (peer);
2210
2211 /* Header read error or partial read packet. */
2212 if (ret < 0)
2213 goto done;
2214
2215 /* Get size and type. */
2216 stream_forward_getp (peer->ibuf, BGP_MARKER_SIZE);
2217 memcpy (notify_data_length, stream_pnt (peer->ibuf), 2);
2218 size = stream_getw (peer->ibuf);
2219 type = stream_getc (peer->ibuf);
2220
2221 /* Marker check */
2222 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2223 && ! bgp_marker_all_one (peer->ibuf, BGP_MARKER_SIZE))
2224 {
2225 bgp_notify_send (peer,
2226 BGP_NOTIFY_HEADER_ERR,
2227 BGP_NOTIFY_HEADER_NOT_SYNC);
2228 goto done;
2229 }
2230
2231 /* BGP type check. */
2232 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2233 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2234 && type != BGP_MSG_ROUTE_REFRESH_NEW
2235 && type != BGP_MSG_ROUTE_REFRESH_OLD
2236 && type != BGP_MSG_CAPABILITY)
2237 {
2238 if (bgp_debug_neighbor_events(peer))
2239 zlog_debug ("%s unknown message type 0x%02x",
2240 peer->host, type);
2241 bgp_notify_send_with_data (peer,
2242 BGP_NOTIFY_HEADER_ERR,
2243 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2244 &type, 1);
2245 goto done;
2246 }
2247 /* Mimimum packet length check. */
2248 if ((size < BGP_HEADER_SIZE)
2249 || (size > BGP_MAX_PACKET_SIZE)
2250 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2251 || (type == BGP_MSG_UPDATE && size < BGP_MSG_UPDATE_MIN_SIZE)
2252 || (type == BGP_MSG_NOTIFY && size < BGP_MSG_NOTIFY_MIN_SIZE)
2253 || (type == BGP_MSG_KEEPALIVE && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2254 || (type == BGP_MSG_ROUTE_REFRESH_NEW && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2255 || (type == BGP_MSG_ROUTE_REFRESH_OLD && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2256 || (type == BGP_MSG_CAPABILITY && size < BGP_MSG_CAPABILITY_MIN_SIZE))
2257 {
2258 if (bgp_debug_neighbor_events(peer))
2259 zlog_debug ("%s bad message length - %d for %s",
2260 peer->host, size,
2261 type == 128 ? "ROUTE-REFRESH" :
2262 bgp_type_str[(int) type]);
2263 bgp_notify_send_with_data (peer,
2264 BGP_NOTIFY_HEADER_ERR,
2265 BGP_NOTIFY_HEADER_BAD_MESLEN,
2266 (u_char *) notify_data_length, 2);
2267 goto done;
2268 }
2269
2270 /* Adjust size to message length. */
2271 peer->packet_size = size;
2272 }
2273
2274 ret = bgp_read_packet (peer);
2275 if (ret < 0)
2276 goto done;
2277
2278 /* Get size and type again. */
2279 (void)stream_getw_from (peer->ibuf, BGP_MARKER_SIZE);
2280 type = stream_getc_from (peer->ibuf, BGP_MARKER_SIZE + 2);
2281
2282 /* BGP packet dump function. */
2283 bgp_dump_packet (peer, type, peer->ibuf);
2284
2285 size = (peer->packet_size - BGP_HEADER_SIZE);
2286
2287 /* Read rest of the packet and call each sort of packet routine */
2288 switch (type)
2289 {
2290 case BGP_MSG_OPEN:
2291 peer->open_in++;
2292 bgp_open_receive (peer, size); /* XXX return value ignored! */
2293 break;
2294 case BGP_MSG_UPDATE:
2295 peer->readtime = monotime (NULL);
2296 bgp_update_receive (peer, size);
2297 break;
2298 case BGP_MSG_NOTIFY:
2299 bgp_notify_receive (peer, size);
2300 break;
2301 case BGP_MSG_KEEPALIVE:
2302 peer->readtime = monotime (NULL);
2303 bgp_keepalive_receive (peer, size);
2304 break;
2305 case BGP_MSG_ROUTE_REFRESH_NEW:
2306 case BGP_MSG_ROUTE_REFRESH_OLD:
2307 peer->refresh_in++;
2308 bgp_route_refresh_receive (peer, size);
2309 break;
2310 case BGP_MSG_CAPABILITY:
2311 peer->dynamic_cap_in++;
2312 bgp_capability_receive (peer, size);
2313 break;
2314 }
2315
2316 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2317 * of the packet for troubleshooting purposes
2318 */
2319 if (notify_out < peer->notify_out)
2320 {
2321 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2322 peer->last_reset_cause_size = peer->packet_size;
2323 notify_out = peer->notify_out;
2324 }
2325
2326 /* Clear input buffer. */
2327 peer->packet_size = 0;
2328 if (peer->ibuf)
2329 stream_reset (peer->ibuf);
2330
2331 done:
2332 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2333 * of the packet for troubleshooting purposes
2334 */
2335 if (notify_out < peer->notify_out)
2336 {
2337 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2338 peer->last_reset_cause_size = peer->packet_size;
2339 }
2340
2341 return 0;
2342 }
FRRouting mirror