]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: Adding BGP GR Global & Per Neighbour FSM changes
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 * Contains utility functions for constructing and consuming BGP messages.
3 * Copyright (C) 2017 Cumulus Networks
4 * Copyright (C) 1999 Kunihiro Ishiguro
5 *
6 * This file is part of GNU Zebra.
7 *
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
11 * later version.
12 *
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 */
22
23 #include <zebra.h>
24 #include <sys/time.h>
25
26 #include "thread.h"
27 #include "stream.h"
28 #include "network.h"
29 #include "prefix.h"
30 #include "command.h"
31 #include "log.h"
32 #include "memory.h"
33 #include "sockunion.h" /* for inet_ntop () */
34 #include "sockopt.h"
35 #include "linklist.h"
36 #include "plist.h"
37 #include "queue.h"
38 #include "filter.h"
39 #include "lib_errors.h"
40
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_table.h"
43 #include "bgpd/bgp_dump.h"
44 #include "bgpd/bgp_bmp.h"
45 #include "bgpd/bgp_attr.h"
46 #include "bgpd/bgp_debug.h"
47 #include "bgpd/bgp_errors.h"
48 #include "bgpd/bgp_fsm.h"
49 #include "bgpd/bgp_route.h"
50 #include "bgpd/bgp_packet.h"
51 #include "bgpd/bgp_open.h"
52 #include "bgpd/bgp_aspath.h"
53 #include "bgpd/bgp_community.h"
54 #include "bgpd/bgp_ecommunity.h"
55 #include "bgpd/bgp_lcommunity.h"
56 #include "bgpd/bgp_network.h"
57 #include "bgpd/bgp_mplsvpn.h"
58 #include "bgpd/bgp_evpn.h"
59 #include "bgpd/bgp_advertise.h"
60 #include "bgpd/bgp_vty.h"
61 #include "bgpd/bgp_updgrp.h"
62 #include "bgpd/bgp_label.h"
63 #include "bgpd/bgp_io.h"
64 #include "bgpd/bgp_keepalives.h"
65 #include "bgpd/bgp_flowspec.h"
66
67 DEFINE_HOOK(bgp_packet_dump,
68 (struct peer *peer, uint8_t type, bgp_size_t size,
69 struct stream *s),
70 (peer, type, size, s))
71
72 DEFINE_HOOK(bgp_packet_send,
73 (struct peer *peer, uint8_t type, bgp_size_t size,
74 struct stream *s),
75 (peer, type, size, s))
76
77 /**
78 * Sets marker and type fields for a BGP message.
79 *
80 * @param s the stream containing the packet
81 * @param type the packet type
82 * @return the size of the stream
83 */
84 int bgp_packet_set_marker(struct stream *s, uint8_t type)
85 {
86 int i;
87
88 /* Fill in marker. */
89 for (i = 0; i < BGP_MARKER_SIZE; i++)
90 stream_putc(s, 0xff);
91
92 /* Dummy total length. This field is should be filled in later on. */
93 stream_putw(s, 0);
94
95 /* BGP packet type. */
96 stream_putc(s, type);
97
98 /* Return current stream size. */
99 return stream_get_endp(s);
100 }
101
102 /**
103 * Sets size field for a BGP message.
104 *
105 * Size field is set to the size of the stream passed.
106 *
107 * @param s the stream containing the packet
108 * @return the size of the stream
109 */
110 int bgp_packet_set_size(struct stream *s)
111 {
112 int cp;
113
114 /* Preserve current pointer. */
115 cp = stream_get_endp(s);
116 stream_putw_at(s, BGP_MARKER_SIZE, cp);
117
118 return cp;
119 }
120
121 /*
122 * Push a packet onto the beginning of the peer's output queue.
123 * This function acquires the peer's write mutex before proceeding.
124 */
125 static void bgp_packet_add(struct peer *peer, struct stream *s)
126 {
127 frr_with_mutex(&peer->io_mtx) {
128 stream_fifo_push(peer->obuf, s);
129 }
130 }
131
132 static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi,
133 safi_t safi)
134 {
135 struct stream *s;
136 iana_afi_t pkt_afi;
137 iana_safi_t pkt_safi;
138
139 if (DISABLE_BGP_ANNOUNCE)
140 return NULL;
141
142 if (bgp_debug_neighbor_events(peer))
143 zlog_debug("send End-of-RIB for %s to %s",
144 get_afi_safi_str(afi, safi, false), peer->host);
145
146 s = stream_new(BGP_MAX_PACKET_SIZE);
147
148 /* Make BGP update packet. */
149 bgp_packet_set_marker(s, BGP_MSG_UPDATE);
150
151 /* Unfeasible Routes Length */
152 stream_putw(s, 0);
153
154 if (afi == AFI_IP && safi == SAFI_UNICAST) {
155 /* Total Path Attribute Length */
156 stream_putw(s, 0);
157 } else {
158 /* Convert AFI, SAFI to values for packet. */
159 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
160
161 /* Total Path Attribute Length */
162 stream_putw(s, 6);
163 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
164 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
165 stream_putc(s, 3);
166 stream_putw(s, pkt_afi);
167 stream_putc(s, pkt_safi);
168 }
169
170 bgp_packet_set_size(s);
171 return s;
172 }
173
174 /* Called when there is a change in the EOR(implicit or explicit) status of a
175 * peer. Ends the update-delay if all expected peers are done with EORs. */
176 void bgp_check_update_delay(struct bgp *bgp)
177 {
178 struct listnode *node, *nnode;
179 struct peer *peer = NULL;
180
181 if (bgp_debug_neighbor_events(peer))
182 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
183 bgp->established, bgp->restarted_peers,
184 bgp->implicit_eors, bgp->explicit_eors);
185
186 if (bgp->established
187 <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) {
188 /*
189 * This is an extra sanity check to make sure we wait for all
190 * the eligible configured peers. This check is performed if
191 * establish wait timer is on, or establish wait option is not
192 * given with the update-delay command
193 */
194 if (bgp->t_establish_wait
195 || (bgp->v_establish_wait == bgp->v_update_delay))
196 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
197 if (CHECK_FLAG(peer->flags,
198 PEER_FLAG_CONFIG_NODE)
199 && !CHECK_FLAG(peer->flags,
200 PEER_FLAG_SHUTDOWN)
201 && !peer->update_delay_over) {
202 if (bgp_debug_neighbor_events(peer))
203 zlog_debug(
204 " Peer %s pending, continuing read-only mode",
205 peer->host);
206 return;
207 }
208 }
209
210 zlog_info(
211 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
212 bgp->restarted_peers, bgp->implicit_eors,
213 bgp->explicit_eors);
214 bgp_update_delay_end(bgp);
215 }
216 }
217
218 /*
219 * Called if peer is known to have restarted. The restart-state bit in
220 * Graceful-Restart capability is used for that
221 */
222 void bgp_update_restarted_peers(struct peer *peer)
223 {
224 if (!bgp_update_delay_active(peer->bgp))
225 return; /* BGP update delay has ended */
226 if (peer->update_delay_over)
227 return; /* This peer has already been considered */
228
229 if (bgp_debug_neighbor_events(peer))
230 zlog_debug("Peer %s: Checking restarted", peer->host);
231
232 if (peer->status == Established) {
233 peer->update_delay_over = 1;
234 peer->bgp->restarted_peers++;
235 bgp_check_update_delay(peer->bgp);
236 }
237 }
238
239 /*
240 * Called as peer receives a keep-alive. Determines if this occurence can be
241 * taken as an implicit EOR for this peer.
242 * NOTE: The very first keep-alive after the Established state of a peer is
243 * considered implicit EOR for the update-delay purposes
244 */
245 void bgp_update_implicit_eors(struct peer *peer)
246 {
247 if (!bgp_update_delay_active(peer->bgp))
248 return; /* BGP update delay has ended */
249 if (peer->update_delay_over)
250 return; /* This peer has already been considered */
251
252 if (bgp_debug_neighbor_events(peer))
253 zlog_debug("Peer %s: Checking implicit EORs", peer->host);
254
255 if (peer->status == Established) {
256 peer->update_delay_over = 1;
257 peer->bgp->implicit_eors++;
258 bgp_check_update_delay(peer->bgp);
259 }
260 }
261
262 /*
263 * Should be called only when there is a change in the EOR_RECEIVED status
264 * for any afi/safi on a peer.
265 */
266 static void bgp_update_explicit_eors(struct peer *peer)
267 {
268 afi_t afi;
269 safi_t safi;
270
271 if (!bgp_update_delay_active(peer->bgp))
272 return; /* BGP update delay has ended */
273 if (peer->update_delay_over)
274 return; /* This peer has already been considered */
275
276 if (bgp_debug_neighbor_events(peer))
277 zlog_debug("Peer %s: Checking explicit EORs", peer->host);
278
279 for (afi = AFI_IP; afi < AFI_MAX; afi++)
280 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
281 if (peer->afc_nego[afi][safi]
282 && !CHECK_FLAG(peer->af_sflags[afi][safi],
283 PEER_STATUS_EOR_RECEIVED)) {
284 if (bgp_debug_neighbor_events(peer))
285 zlog_debug(
286 " afi %d safi %d didn't receive EOR",
287 afi, safi);
288 return;
289 }
290 }
291
292 peer->update_delay_over = 1;
293 peer->bgp->explicit_eors++;
294 bgp_check_update_delay(peer->bgp);
295 }
296
297 /**
298 * Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers.
299 *
300 * mp_withdraw, if set, is used to nullify attr structure on most of the
301 * calling safi function and for evpn, passed as parameter
302 */
303 int bgp_nlri_parse(struct peer *peer, struct attr *attr,
304 struct bgp_nlri *packet, int mp_withdraw)
305 {
306 switch (packet->safi) {
307 case SAFI_UNICAST:
308 case SAFI_MULTICAST:
309 return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr,
310 packet);
311 case SAFI_LABELED_UNICAST:
312 return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr,
313 packet);
314 case SAFI_MPLS_VPN:
315 return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr,
316 packet);
317 case SAFI_EVPN:
318 return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw);
319 case SAFI_FLOWSPEC:
320 return bgp_nlri_parse_flowspec(peer, attr, packet, mp_withdraw);
321 }
322 return BGP_NLRI_PARSE_ERROR;
323 }
324
325 /*
326 * Checks a variety of conditions to determine whether the peer needs to be
327 * rescheduled for packet generation again, and does so if necessary.
328 *
329 * @param peer to check for rescheduling
330 */
331 static void bgp_write_proceed_actions(struct peer *peer)
332 {
333 afi_t afi;
334 safi_t safi;
335 struct peer_af *paf;
336 struct bpacket *next_pkt;
337 struct update_subgroup *subgrp;
338
339 FOREACH_AFI_SAFI (afi, safi) {
340 paf = peer_af_find(peer, afi, safi);
341 if (!paf)
342 continue;
343 subgrp = paf->subgroup;
344 if (!subgrp)
345 continue;
346
347 next_pkt = paf->next_pkt_to_send;
348 if (next_pkt && next_pkt->buffer) {
349 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
350 bgp_generate_updgrp_packets, 0);
351 return;
352 }
353
354 /* No packets readily available for AFI/SAFI, are there
355 * subgroup packets
356 * that need to be generated? */
357 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
358 SUBGRP_PKTQ(subgrp))
359 || subgroup_packets_to_build(subgrp)) {
360 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
361 bgp_generate_updgrp_packets, 0);
362 return;
363 }
364
365 /* No packets to send, see if EOR is pending */
366 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
367 if (!subgrp->t_coalesce && peer->afc_nego[afi][safi]
368 && peer->synctime
369 && !CHECK_FLAG(peer->af_sflags[afi][safi],
370 PEER_STATUS_EOR_SEND)
371 && safi != SAFI_MPLS_VPN) {
372 BGP_TIMER_ON(peer->t_generate_updgrp_packets,
373 bgp_generate_updgrp_packets, 0);
374 return;
375 }
376 }
377 }
378 }
379
380 /*
381 * Generate advertisement information (withdraws, updates, EOR) from each
382 * update group a peer belongs to, encode this information into packets, and
383 * enqueue the packets onto the peer's output buffer.
384 */
385 int bgp_generate_updgrp_packets(struct thread *thread)
386 {
387 struct peer *peer = THREAD_ARG(thread);
388
389 struct stream *s;
390 struct peer_af *paf;
391 struct bpacket *next_pkt;
392 uint32_t wpq;
393 uint32_t generated = 0;
394 afi_t afi;
395 safi_t safi;
396
397 wpq = atomic_load_explicit(&peer->bgp->wpkt_quanta,
398 memory_order_relaxed);
399
400 /*
401 * The code beyond this part deals with update packets, proceed only
402 * if peer is Established and updates are not on hold (as part of
403 * update-delay post processing).
404 */
405 if (peer->status != Established)
406 return 0;
407
408 if (peer->bgp->main_peers_update_hold)
409 return 0;
410
411 do {
412 s = NULL;
413 FOREACH_AFI_SAFI (afi, safi) {
414 paf = peer_af_find(peer, afi, safi);
415 if (!paf || !PAF_SUBGRP(paf))
416 continue;
417 next_pkt = paf->next_pkt_to_send;
418
419 /*
420 * Try to generate a packet for the peer if we are at
421 * the end of the list. Always try to push out
422 * WITHDRAWs first.
423 */
424 if (!next_pkt || !next_pkt->buffer) {
425 next_pkt = subgroup_withdraw_packet(
426 PAF_SUBGRP(paf));
427 if (!next_pkt || !next_pkt->buffer)
428 subgroup_update_packet(PAF_SUBGRP(paf));
429 next_pkt = paf->next_pkt_to_send;
430 }
431
432 /*
433 * If we still don't have a packet to send to the peer,
434 * then try to find out out if we have to send eor or
435 * if not, skip to the next AFI, SAFI. Don't send the
436 * EOR prematurely; if the subgroup's coalesce timer is
437 * running, the adjacency-out structure is not created
438 * yet.
439 */
440 if (!next_pkt || !next_pkt->buffer) {
441 if (CHECK_FLAG(peer->cap,
442 PEER_CAP_RESTART_RCV)) {
443 if (!(PAF_SUBGRP(paf))->t_coalesce
444 && peer->afc_nego[afi][safi]
445 && peer->synctime
446 && !CHECK_FLAG(
447 peer->af_sflags[afi]
448 [safi],
449 PEER_STATUS_EOR_SEND)) {
450 SET_FLAG(peer->af_sflags[afi]
451 [safi],
452 PEER_STATUS_EOR_SEND);
453
454 if ((s = bgp_update_packet_eor(
455 peer, afi,
456 safi))) {
457 bgp_packet_add(peer, s);
458 }
459 }
460 }
461 continue;
462 }
463
464
465 /* Found a packet template to send, overwrite
466 * packet with appropriate attributes from peer
467 * and advance peer */
468 s = bpacket_reformat_for_peer(next_pkt, paf);
469 bgp_packet_add(peer, s);
470 bpacket_queue_advance_peer(paf);
471 }
472 } while (s && (++generated < wpq));
473
474 if (generated)
475 bgp_writes_on(peer);
476
477 bgp_write_proceed_actions(peer);
478
479 return 0;
480 }
481
482 /*
483 * Creates a BGP Keepalive packet and appends it to the peer's output queue.
484 */
485 void bgp_keepalive_send(struct peer *peer)
486 {
487 struct stream *s;
488
489 s = stream_new(BGP_MAX_PACKET_SIZE);
490
491 /* Make keepalive packet. */
492 bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE);
493
494 /* Set packet size. */
495 (void)bgp_packet_set_size(s);
496
497 /* Dump packet if debug option is set. */
498 /* bgp_packet_dump (s); */
499
500 if (bgp_debug_keepalive(peer))
501 zlog_debug("%s sending KEEPALIVE", peer->host);
502
503 /* Add packet to the peer. */
504 bgp_packet_add(peer, s);
505
506 bgp_writes_on(peer);
507 }
508
509 /*
510 * Creates a BGP Open packet and appends it to the peer's output queue.
511 * Sets capabilities as necessary.
512 */
513 void bgp_open_send(struct peer *peer)
514 {
515 struct stream *s;
516 uint16_t send_holdtime;
517 as_t local_as;
518
519 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
520 send_holdtime = peer->holdtime;
521 else
522 send_holdtime = peer->bgp->default_holdtime;
523
524 /* local-as Change */
525 if (peer->change_local_as)
526 local_as = peer->change_local_as;
527 else
528 local_as = peer->local_as;
529
530 s = stream_new(BGP_MAX_PACKET_SIZE);
531
532 /* Make open packet. */
533 bgp_packet_set_marker(s, BGP_MSG_OPEN);
534
535 /* Set open packet values. */
536 stream_putc(s, BGP_VERSION_4); /* BGP version */
537 stream_putw(s, (local_as <= BGP_AS_MAX) ? (uint16_t)local_as
538 : BGP_AS_TRANS);
539 stream_putw(s, send_holdtime); /* Hold Time */
540 stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */
541
542 /* Set capability code. */
543 bgp_open_capability(s, peer);
544
545 /* Set BGP packet length. */
546 (void)bgp_packet_set_size(s);
547
548 if (bgp_debug_neighbor_events(peer))
549 zlog_debug(
550 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
551 peer->host, BGP_VERSION_4, local_as, send_holdtime,
552 inet_ntoa(peer->local_id));
553
554 /* Dump packet if debug option is set. */
555 /* bgp_packet_dump (s); */
556 hook_call(bgp_packet_send, peer, BGP_MSG_OPEN, stream_get_endp(s), s);
557
558 /* Add packet to the peer. */
559 bgp_packet_add(peer, s);
560
561 bgp_writes_on(peer);
562 }
563
564 /*
565 * Writes NOTIFICATION message directly to a peer socket without waiting for
566 * the I/O thread.
567 *
568 * There must be exactly one stream on the peer->obuf FIFO, and the data within
569 * this stream must match the format of a BGP NOTIFICATION message.
570 * Transmission is best-effort.
571 *
572 * @requires peer->io_mtx
573 * @param peer
574 * @return 0
575 */
576 static int bgp_write_notify(struct peer *peer)
577 {
578 int ret, val;
579 uint8_t type;
580 struct stream *s;
581
582 /* There should be at least one packet. */
583 s = stream_fifo_pop(peer->obuf);
584
585 if (!s)
586 return 0;
587
588 assert(stream_get_endp(s) >= BGP_HEADER_SIZE);
589
590 /* Stop collecting data within the socket */
591 sockopt_cork(peer->fd, 0);
592
593 /*
594 * socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
595 * we only care about getting a clean shutdown at this point.
596 */
597 ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s));
598
599 /*
600 * only connection reset/close gets counted as TCP_fatal_error, failure
601 * to write the entire NOTIFY doesn't get different FSM treatment
602 */
603 if (ret <= 0) {
604 stream_free(s);
605 BGP_EVENT_ADD(peer, TCP_fatal_error);
606 return 0;
607 }
608
609 /* Disable Nagle, make NOTIFY packet go out right away */
610 val = 1;
611 (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val,
612 sizeof(val));
613
614 /* Retrieve BGP packet type. */
615 stream_set_getp(s, BGP_MARKER_SIZE + 2);
616 type = stream_getc(s);
617
618 assert(type == BGP_MSG_NOTIFY);
619
620 /* Type should be notify. */
621 atomic_fetch_add_explicit(&peer->notify_out, 1, memory_order_relaxed);
622 peer->notify_out++;
623
624 /* Double start timer. */
625 peer->v_start *= 2;
626
627 /* Overflow check. */
628 if (peer->v_start >= (60 * 2))
629 peer->v_start = (60 * 2);
630
631 /*
632 * Handle Graceful Restart case where the state changes to
633 * Connect instead of Idle
634 */
635 BGP_EVENT_ADD(peer, BGP_Stop);
636
637 stream_free(s);
638
639 return 0;
640 }
641
642 /*
643 * Creates a BGP Notify and appends it to the peer's output queue.
644 *
645 * This function attempts to write the packet from the thread it is called
646 * from, to ensure the packet gets out ASAP.
647 *
648 * This function may be called from multiple threads. Since the function
649 * modifies I/O buffer(s) in the peer, these are locked for the duration of the
650 * call to prevent tampering from other threads.
651 *
652 * Delivery of the NOTIFICATION is attempted once and is best-effort. After
653 * return, the peer structure *must* be reset; no assumptions about session
654 * state are valid.
655 *
656 * @param peer
657 * @param code BGP error code
658 * @param sub_code BGP error subcode
659 * @param data Data portion
660 * @param datalen length of data portion
661 */
662 void bgp_notify_send_with_data(struct peer *peer, uint8_t code,
663 uint8_t sub_code, uint8_t *data, size_t datalen)
664 {
665 struct stream *s;
666
667 /* Lock I/O mutex to prevent other threads from pushing packets */
668 frr_mutex_lock_autounlock(&peer->io_mtx);
669 /* ============================================== */
670
671 /* Allocate new stream. */
672 s = stream_new(BGP_MAX_PACKET_SIZE);
673
674 /* Make notify packet. */
675 bgp_packet_set_marker(s, BGP_MSG_NOTIFY);
676
677 /* Set notify packet values. */
678 stream_putc(s, code); /* BGP notify code */
679 stream_putc(s, sub_code); /* BGP notify sub_code */
680
681 /* If notify data is present. */
682 if (data)
683 stream_write(s, data, datalen);
684
685 /* Set BGP packet length. */
686 bgp_packet_set_size(s);
687
688 /* wipe output buffer */
689 stream_fifo_clean(peer->obuf);
690
691 /*
692 * If possible, store last packet for debugging purposes. This check is
693 * in place because we are sometimes called with a doppelganger peer,
694 * who tends to have a plethora of fields nulled out.
695 */
696 if (peer->curr) {
697 size_t packetsize = stream_get_endp(peer->curr);
698 assert(packetsize <= sizeof(peer->last_reset_cause));
699 memcpy(peer->last_reset_cause, peer->curr->data, packetsize);
700 peer->last_reset_cause_size = packetsize;
701 }
702
703 /* For debug */
704 {
705 struct bgp_notify bgp_notify;
706 int first = 0;
707 int i;
708 char c[4];
709
710 bgp_notify.code = code;
711 bgp_notify.subcode = sub_code;
712 bgp_notify.data = NULL;
713 bgp_notify.length = datalen;
714 bgp_notify.raw_data = data;
715
716 peer->notify.code = bgp_notify.code;
717 peer->notify.subcode = bgp_notify.subcode;
718
719 if (bgp_notify.length && data) {
720 bgp_notify.data =
721 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
722 for (i = 0; i < bgp_notify.length; i++)
723 if (first) {
724 snprintf(c, sizeof(c), " %02x",
725 data[i]);
726 strlcat(bgp_notify.data, c,
727 bgp_notify.length);
728 } else {
729 first = 1;
730 snprintf(c, sizeof(c), "%02x", data[i]);
731 strlcpy(bgp_notify.data, c,
732 bgp_notify.length);
733 }
734 }
735 bgp_notify_print(peer, &bgp_notify, "sending");
736
737 if (bgp_notify.data) {
738 XFREE(MTYPE_TMP, bgp_notify.data);
739 bgp_notify.data = NULL;
740 bgp_notify.length = 0;
741 }
742 }
743
744 /* peer reset cause */
745 if (code == BGP_NOTIFY_CEASE) {
746 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
747 peer->last_reset = PEER_DOWN_USER_RESET;
748 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
749 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
750 else
751 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
752 } else
753 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
754
755 /* Add packet to peer's output queue */
756 stream_fifo_push(peer->obuf, s);
757
758 bgp_write_notify(peer);
759 }
760
761 /*
762 * Creates a BGP Notify and appends it to the peer's output queue.
763 *
764 * This function attempts to write the packet from the thread it is called
765 * from, to ensure the packet gets out ASAP.
766 *
767 * @param peer
768 * @param code BGP error code
769 * @param sub_code BGP error subcode
770 */
771 void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code)
772 {
773 bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
774 }
775
776 /*
777 * Creates BGP Route Refresh packet and appends it to the peer's output queue.
778 *
779 * @param peer
780 * @param afi Address Family Identifier
781 * @param safi Subsequent Address Family Identifier
782 * @param orf_type Outbound Route Filtering type
783 * @param when_to_refresh Whether to refresh immediately or defer
784 * @param remove Whether to remove ORF for specified AFI/SAFI
785 */
786 void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
787 uint8_t orf_type, uint8_t when_to_refresh,
788 int remove)
789 {
790 struct stream *s;
791 struct bgp_filter *filter;
792 int orf_refresh = 0;
793 iana_afi_t pkt_afi;
794 iana_safi_t pkt_safi;
795
796 if (DISABLE_BGP_ANNOUNCE)
797 return;
798
799 filter = &peer->filter[afi][safi];
800
801 /* Convert AFI, SAFI to values for packet. */
802 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
803
804 s = stream_new(BGP_MAX_PACKET_SIZE);
805
806 /* Make BGP update packet. */
807 if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV))
808 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW);
809 else
810 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD);
811
812 /* Encode Route Refresh message. */
813 stream_putw(s, pkt_afi);
814 stream_putc(s, 0);
815 stream_putc(s, pkt_safi);
816
817 if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD)
818 if (remove || filter->plist[FILTER_IN].plist) {
819 uint16_t orf_len;
820 unsigned long orfp;
821
822 orf_refresh = 1;
823 stream_putc(s, when_to_refresh);
824 stream_putc(s, orf_type);
825 orfp = stream_get_endp(s);
826 stream_putw(s, 0);
827
828 if (remove) {
829 UNSET_FLAG(peer->af_sflags[afi][safi],
830 PEER_STATUS_ORF_PREFIX_SEND);
831 stream_putc(s, ORF_COMMON_PART_REMOVE_ALL);
832 if (bgp_debug_neighbor_events(peer))
833 zlog_debug(
834 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %s/%s",
835 peer->host, orf_type,
836 (when_to_refresh == REFRESH_DEFER
837 ? "defer"
838 : "immediate"),
839 iana_afi2str(pkt_afi),
840 iana_safi2str(pkt_safi));
841 } else {
842 SET_FLAG(peer->af_sflags[afi][safi],
843 PEER_STATUS_ORF_PREFIX_SEND);
844 prefix_bgp_orf_entry(
845 s, filter->plist[FILTER_IN].plist,
846 ORF_COMMON_PART_ADD,
847 ORF_COMMON_PART_PERMIT,
848 ORF_COMMON_PART_DENY);
849 if (bgp_debug_neighbor_events(peer))
850 zlog_debug(
851 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %s/%s",
852 peer->host, orf_type,
853 (when_to_refresh == REFRESH_DEFER
854 ? "defer"
855 : "immediate"),
856 iana_afi2str(pkt_afi),
857 iana_safi2str(pkt_safi));
858 }
859
860 /* Total ORF Entry Len. */
861 orf_len = stream_get_endp(s) - orfp - 2;
862 stream_putw_at(s, orfp, orf_len);
863 }
864
865 /* Set packet size. */
866 (void)bgp_packet_set_size(s);
867
868 if (bgp_debug_neighbor_events(peer)) {
869 if (!orf_refresh)
870 zlog_debug("%s sending REFRESH_REQ for afi/safi: %s/%s",
871 peer->host, iana_afi2str(pkt_afi),
872 iana_safi2str(pkt_safi));
873 }
874
875 /* Add packet to the peer. */
876 bgp_packet_add(peer, s);
877
878 bgp_writes_on(peer);
879 }
880
881 /*
882 * Create a BGP Capability packet and append it to the peer's output queue.
883 *
884 * @param peer
885 * @param afi Address Family Identifier
886 * @param safi Subsequent Address Family Identifier
887 * @param capability_code BGP Capability Code
888 * @param action Set or Remove capability
889 */
890 void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi,
891 int capability_code, int action)
892 {
893 struct stream *s;
894 iana_afi_t pkt_afi;
895 iana_safi_t pkt_safi;
896
897 /* Convert AFI, SAFI to values for packet. */
898 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
899
900 s = stream_new(BGP_MAX_PACKET_SIZE);
901
902 /* Make BGP update packet. */
903 bgp_packet_set_marker(s, BGP_MSG_CAPABILITY);
904
905 /* Encode MP_EXT capability. */
906 if (capability_code == CAPABILITY_CODE_MP) {
907 stream_putc(s, action);
908 stream_putc(s, CAPABILITY_CODE_MP);
909 stream_putc(s, CAPABILITY_CODE_MP_LEN);
910 stream_putw(s, pkt_afi);
911 stream_putc(s, 0);
912 stream_putc(s, pkt_safi);
913
914 if (bgp_debug_neighbor_events(peer))
915 zlog_debug(
916 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %s/%s",
917 peer->host,
918 action == CAPABILITY_ACTION_SET ? "Advertising"
919 : "Removing",
920 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
921 }
922
923 /* Set packet size. */
924 (void)bgp_packet_set_size(s);
925
926 /* Add packet to the peer. */
927 bgp_packet_add(peer, s);
928
929 bgp_writes_on(peer);
930 }
931
932 /* RFC1771 6.8 Connection collision detection. */
933 static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
934 {
935 struct peer *peer;
936
937 /* Upon receipt of an OPEN message, the local system must examine
938 all of its connections that are in the OpenConfirm state. A BGP
939 speaker may also examine connections in an OpenSent state if it
940 knows the BGP Identifier of the peer by means outside of the
941 protocol. If among these connections there is a connection to a
942 remote BGP speaker whose BGP Identifier equals the one in the
943 OPEN message, then the local system performs the following
944 collision resolution procedure: */
945
946 if ((peer = new->doppelganger) != NULL) {
947 /* Do not accept the new connection in Established or Clearing
948 * states.
949 * Note that a peer GR is handled by closing the existing
950 * connection
951 * upon receipt of new one.
952 */
953 if (peer->status == Established || peer->status == Clearing) {
954 bgp_notify_send(new, BGP_NOTIFY_CEASE,
955 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
956 return (-1);
957 } else if ((peer->status == OpenConfirm)
958 || (peer->status == OpenSent)) {
959 /* 1. The BGP Identifier of the local system is compared
960 to
961 the BGP Identifier of the remote system (as specified
962 in
963 the OPEN message). */
964
965 if (ntohl(peer->local_id.s_addr)
966 < ntohl(remote_id.s_addr))
967 if (!CHECK_FLAG(peer->sflags,
968 PEER_STATUS_ACCEPT_PEER)) {
969 /* 2. If the value of the local BGP
970 Identifier is less
971 than the remote one, the local system
972 closes BGP
973 connection that already exists (the
974 one that is
975 already in the OpenConfirm state),
976 and accepts BGP
977 connection initiated by the remote
978 system. */
979 bgp_notify_send(
980 peer, BGP_NOTIFY_CEASE,
981 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
982 return 1;
983 } else {
984 bgp_notify_send(
985 new, BGP_NOTIFY_CEASE,
986 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
987 return -1;
988 }
989 else {
990 /* 3. Otherwise, the local system closes newly
991 created
992 BGP connection (the one associated with the
993 newly
994 received OPEN message), and continues to use
995 the
996 existing one (the one that is already in the
997 OpenConfirm state). */
998 if (CHECK_FLAG(peer->sflags,
999 PEER_STATUS_ACCEPT_PEER)) {
1000 bgp_notify_send(
1001 peer, BGP_NOTIFY_CEASE,
1002 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1003 return 1;
1004 } else {
1005 bgp_notify_send(
1006 new, BGP_NOTIFY_CEASE,
1007 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
1008 return -1;
1009 }
1010 }
1011 }
1012 }
1013 return 0;
1014 }
1015
1016 /* Packet processing routines ---------------------------------------------- */
1017 /*
1018 * This is a family of functions designed to be called from
1019 * bgp_process_packet(). These functions all share similar behavior and should
1020 * adhere to the following invariants and restrictions:
1021 *
1022 * Return codes
1023 * ------------
1024 * The return code of any one of those functions should be one of the FSM event
1025 * codes specified in bgpd.h. If a NOTIFY was sent, this event code MUST be
1026 * BGP_Stop. Otherwise, the code SHOULD correspond to the function's expected
1027 * packet type. For example, bgp_open_receive() should return BGP_Stop upon
1028 * error and Receive_OPEN_message otherwise.
1029 *
1030 * If no action is necessary, the correct return code is BGP_PACKET_NOOP as
1031 * defined below.
1032 *
1033 * Side effects
1034 * ------------
1035 * - May send NOTIFY messages
1036 * - May not modify peer->status
1037 * - May not call bgp_event_update()
1038 */
1039
1040 #define BGP_PACKET_NOOP 0
1041
1042 /**
1043 * Process BGP OPEN message for peer.
1044 *
1045 * If any errors are encountered in the OPEN message, immediately sends NOTIFY
1046 * and returns BGP_Stop.
1047 *
1048 * @param peer
1049 * @param size size of the packet
1050 * @return as in summary
1051 */
1052 static int bgp_open_receive(struct peer *peer, bgp_size_t size)
1053 {
1054 int ret;
1055 uint8_t version;
1056 uint8_t optlen;
1057 uint16_t holdtime;
1058 uint16_t send_holdtime;
1059 as_t remote_as;
1060 as_t as4 = 0, as4_be;
1061 struct in_addr remote_id;
1062 int mp_capability;
1063 uint8_t notify_data_remote_as[2];
1064 uint8_t notify_data_remote_as4[4];
1065 uint8_t notify_data_remote_id[4];
1066 uint16_t *holdtime_ptr;
1067
1068 /* Parse open packet. */
1069 version = stream_getc(peer->curr);
1070 memcpy(notify_data_remote_as, stream_pnt(peer->curr), 2);
1071 remote_as = stream_getw(peer->curr);
1072 holdtime_ptr = (uint16_t *)stream_pnt(peer->curr);
1073 holdtime = stream_getw(peer->curr);
1074 memcpy(notify_data_remote_id, stream_pnt(peer->curr), 4);
1075 remote_id.s_addr = stream_get_ipv4(peer->curr);
1076
1077 /* Receive OPEN message log */
1078 if (bgp_debug_neighbor_events(peer))
1079 zlog_debug(
1080 "%s rcv OPEN, version %d, remote-as (in open) %u,"
1081 " holdtime %d, id %s",
1082 peer->host, version, remote_as, holdtime,
1083 inet_ntoa(remote_id));
1084
1085 /* BEGIN to read the capability here, but dont do it yet */
1086 mp_capability = 0;
1087 optlen = stream_getc(peer->curr);
1088
1089 if (optlen != 0) {
1090 /* If not enough bytes, it is an error. */
1091 if (STREAM_READABLE(peer->curr) < optlen) {
1092 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1093 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1094 return BGP_Stop;
1095 }
1096
1097 /* We need the as4 capability value *right now* because
1098 * if it is there, we have not got the remote_as yet, and
1099 * without
1100 * that we do not know which peer is connecting to us now.
1101 */
1102 as4 = peek_for_as4_capability(peer, optlen);
1103 }
1104
1105 as4_be = htonl(as4);
1106 memcpy(notify_data_remote_as4, &as4_be, 4);
1107
1108 /* Just in case we have a silly peer who sends AS4 capability set to 0
1109 */
1110 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {
1111 flog_err(EC_BGP_PKT_OPEN,
1112 "%s bad OPEN, got AS4 capability, but AS4 set to 0",
1113 peer->host);
1114 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1115 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1116 notify_data_remote_as4, 4);
1117 return BGP_Stop;
1118 }
1119
1120 if (remote_as == BGP_AS_TRANS) {
1121 /* Take the AS4 from the capability. We must have received the
1122 * capability now! Otherwise we have a asn16 peer who uses
1123 * BGP_AS_TRANS, for some unknown reason.
1124 */
1125 if (as4 == BGP_AS_TRANS) {
1126 flog_err(
1127 EC_BGP_PKT_OPEN,
1128 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
1129 peer->host);
1130 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1131 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1132 notify_data_remote_as4, 4);
1133 return BGP_Stop;
1134 }
1135
1136 if (!as4 && BGP_DEBUG(as4, AS4))
1137 zlog_debug(
1138 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
1139 " Odd, but proceeding.",
1140 peer->host);
1141 else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4))
1142 zlog_debug(
1143 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
1144 "in 2-bytes, very odd peer.",
1145 peer->host, as4);
1146 if (as4)
1147 remote_as = as4;
1148 } else {
1149 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
1150 */
1151 /* If we have got the capability, peer->as4cap must match
1152 * remote_as */
1153 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)
1154 && as4 != remote_as) {
1155 /* raise error, log this, close session */
1156 flog_err(
1157 EC_BGP_PKT_OPEN,
1158 "%s bad OPEN, got AS4 capability, but remote_as %u"
1159 " mismatch with 16bit 'myasn' %u in open",
1160 peer->host, as4, remote_as);
1161 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1162 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1163 notify_data_remote_as4, 4);
1164 return BGP_Stop;
1165 }
1166 }
1167
1168 /* remote router-id check. */
1169 if (remote_id.s_addr == 0 || IPV4_CLASS_DE(ntohl(remote_id.s_addr))
1170 || ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)) {
1171 if (bgp_debug_neighbor_events(peer))
1172 zlog_debug("%s bad OPEN, wrong router identifier %s",
1173 peer->host, inet_ntoa(remote_id));
1174 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1175 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1176 notify_data_remote_id, 4);
1177 return BGP_Stop;
1178 }
1179
1180 /* Set remote router-id */
1181 peer->remote_id = remote_id;
1182
1183 /* Peer BGP version check. */
1184 if (version != BGP_VERSION_4) {
1185 uint16_t maxver = htons(BGP_VERSION_4);
1186 /* XXX this reply may not be correct if version < 4 XXX */
1187 if (bgp_debug_neighbor_events(peer))
1188 zlog_debug(
1189 "%s bad protocol version, remote requested %d, local request %d",
1190 peer->host, version, BGP_VERSION_4);
1191 /* Data must be in network byte order here */
1192 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1193 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1194 (uint8_t *)&maxver, 2);
1195 return BGP_Stop;
1196 }
1197
1198 /* Check neighbor as number. */
1199 if (peer->as_type == AS_UNSPECIFIED) {
1200 if (bgp_debug_neighbor_events(peer))
1201 zlog_debug(
1202 "%s bad OPEN, remote AS is unspecified currently",
1203 peer->host);
1204 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1205 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1206 notify_data_remote_as, 2);
1207 return BGP_Stop;
1208 } else if (peer->as_type == AS_INTERNAL) {
1209 if (remote_as != peer->bgp->as) {
1210 if (bgp_debug_neighbor_events(peer))
1211 zlog_debug(
1212 "%s bad OPEN, remote AS is %u, internal specified",
1213 peer->host, remote_as);
1214 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1215 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1216 notify_data_remote_as, 2);
1217 return BGP_Stop;
1218 }
1219 peer->as = peer->local_as;
1220 } else if (peer->as_type == AS_EXTERNAL) {
1221 if (remote_as == peer->bgp->as) {
1222 if (bgp_debug_neighbor_events(peer))
1223 zlog_debug(
1224 "%s bad OPEN, remote AS is %u, external specified",
1225 peer->host, remote_as);
1226 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1227 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1228 notify_data_remote_as, 2);
1229 return BGP_Stop;
1230 }
1231 peer->as = remote_as;
1232 } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) {
1233 if (bgp_debug_neighbor_events(peer))
1234 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1235 peer->host, remote_as, peer->as);
1236 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1237 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1238 notify_data_remote_as, 2);
1239 return BGP_Stop;
1240 }
1241
1242 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1243 calculate the value of the Hold Timer by using the smaller of its
1244 configured Hold Time and the Hold Time received in the OPEN message.
1245 The Hold Time MUST be either zero or at least three seconds. An
1246 implementation may reject connections on the basis of the Hold Time.
1247 */
1248
1249 if (holdtime < 3 && holdtime != 0) {
1250 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1251 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1252 (uint8_t *)holdtime_ptr, 2);
1253 return BGP_Stop;
1254 }
1255
1256 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1257 would be one third of the Hold Time interval. KEEPALIVE messages
1258 MUST NOT be sent more frequently than one per second. An
1259 implementation MAY adjust the rate at which it sends KEEPALIVE
1260 messages as a function of the Hold Time interval. */
1261
1262 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
1263 send_holdtime = peer->holdtime;
1264 else
1265 send_holdtime = peer->bgp->default_holdtime;
1266
1267 if (holdtime < send_holdtime)
1268 peer->v_holdtime = holdtime;
1269 else
1270 peer->v_holdtime = send_holdtime;
1271
1272 if ((CHECK_FLAG(peer->flags, PEER_FLAG_TIMER))
1273 && (peer->keepalive < peer->v_holdtime / 3))
1274 peer->v_keepalive = peer->keepalive;
1275 else
1276 peer->v_keepalive = peer->v_holdtime / 3;
1277
1278 /* Open option part parse. */
1279 if (optlen != 0) {
1280 if ((ret = bgp_open_option_parse(peer, optlen, &mp_capability))
1281 < 0)
1282 return BGP_Stop;
1283 } else {
1284 if (bgp_debug_neighbor_events(peer))
1285 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1286 peer->host);
1287 }
1288
1289 /*
1290 * Assume that the peer supports the locally configured set of
1291 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1292 * capabilities, or if 'override-capability' is configured.
1293 */
1294 if (!mp_capability
1295 || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1296 peer->afc_nego[AFI_IP][SAFI_UNICAST] =
1297 peer->afc[AFI_IP][SAFI_UNICAST];
1298 peer->afc_nego[AFI_IP][SAFI_MULTICAST] =
1299 peer->afc[AFI_IP][SAFI_MULTICAST];
1300 peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] =
1301 peer->afc[AFI_IP][SAFI_LABELED_UNICAST];
1302 peer->afc_nego[AFI_IP][SAFI_FLOWSPEC] =
1303 peer->afc[AFI_IP][SAFI_FLOWSPEC];
1304 peer->afc_nego[AFI_IP6][SAFI_UNICAST] =
1305 peer->afc[AFI_IP6][SAFI_UNICAST];
1306 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] =
1307 peer->afc[AFI_IP6][SAFI_MULTICAST];
1308 peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] =
1309 peer->afc[AFI_IP6][SAFI_LABELED_UNICAST];
1310 peer->afc_nego[AFI_L2VPN][SAFI_EVPN] =
1311 peer->afc[AFI_L2VPN][SAFI_EVPN];
1312 peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC] =
1313 peer->afc[AFI_IP6][SAFI_FLOWSPEC];
1314 }
1315
1316 /* When collision is detected and this peer is closed. Retrun
1317 immidiately. */
1318 ret = bgp_collision_detect(peer, remote_id);
1319 if (ret < 0)
1320 return BGP_Stop;
1321
1322 /* Get sockname. */
1323 if ((ret = bgp_getsockname(peer)) < 0) {
1324 flog_err_sys(EC_LIB_SOCKET,
1325 "%s: bgp_getsockname() failed for peer: %s",
1326 __FUNCTION__, peer->host);
1327 return BGP_Stop;
1328 }
1329
1330 /* Verify valid local address present based on negotiated
1331 * address-families. */
1332 if (peer->afc_nego[AFI_IP][SAFI_UNICAST]
1333 || peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1334 || peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1335 || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1336 || peer->afc_nego[AFI_IP][SAFI_ENCAP]) {
1337 if (!peer->nexthop.v4.s_addr) {
1338 #if defined(HAVE_CUMULUS)
1339 flog_err(
1340 EC_BGP_SND_FAIL,
1341 "%s: No local IPv4 addr resetting connection, fd %d",
1342 peer->host, peer->fd);
1343 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1344 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1345 return BGP_Stop;
1346 #endif
1347 }
1348 }
1349 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1350 || peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1351 || peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1352 || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1353 || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) {
1354 if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) {
1355 #if defined(HAVE_CUMULUS)
1356 flog_err(
1357 EC_BGP_SND_FAIL,
1358 "%s: No local IPv6 addr resetting connection, fd %d",
1359 peer->host, peer->fd);
1360 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1361 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1362 return BGP_Stop;
1363 #endif
1364 }
1365 }
1366 peer->rtt = sockopt_tcp_rtt(peer->fd);
1367
1368 return Receive_OPEN_message;
1369 }
1370
1371 /**
1372 * Process BGP KEEPALIVE message for peer.
1373 *
1374 * @param peer
1375 * @param size size of the packet
1376 * @return as in summary
1377 */
1378 static int bgp_keepalive_receive(struct peer *peer, bgp_size_t size)
1379 {
1380 if (bgp_debug_keepalive(peer))
1381 zlog_debug("%s KEEPALIVE rcvd", peer->host);
1382
1383 bgp_update_implicit_eors(peer);
1384
1385 return Receive_KEEPALIVE_message;
1386 }
1387
1388
1389 /**
1390 * Process BGP UPDATE message for peer.
1391 *
1392 * Parses UPDATE and creates attribute object.
1393 *
1394 * @param peer
1395 * @param size size of the packet
1396 * @return as in summary
1397 */
1398 static int bgp_update_receive(struct peer *peer, bgp_size_t size)
1399 {
1400 int ret, nlri_ret;
1401 uint8_t *end;
1402 struct stream *s;
1403 struct attr attr;
1404 bgp_size_t attribute_len;
1405 bgp_size_t update_len;
1406 bgp_size_t withdraw_len;
1407
1408 enum NLRI_TYPES {
1409 NLRI_UPDATE,
1410 NLRI_WITHDRAW,
1411 NLRI_MP_UPDATE,
1412 NLRI_MP_WITHDRAW,
1413 NLRI_TYPE_MAX
1414 };
1415 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1416
1417 /* Status must be Established. */
1418 if (peer->status != Established) {
1419 flog_err(EC_BGP_INVALID_STATUS,
1420 "%s [FSM] Update packet received under status %s",
1421 peer->host,
1422 lookup_msg(bgp_status_msg, peer->status, NULL));
1423 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1424 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1425 return BGP_Stop;
1426 }
1427
1428 /* Set initial values. */
1429 memset(&attr, 0, sizeof(struct attr));
1430 attr.label_index = BGP_INVALID_LABEL_INDEX;
1431 attr.label = MPLS_INVALID_LABEL;
1432 memset(&nlris, 0, sizeof(nlris));
1433 memset(peer->rcvd_attr_str, 0, BUFSIZ);
1434 peer->rcvd_attr_printed = 0;
1435
1436 s = peer->curr;
1437 end = stream_pnt(s) + size;
1438
1439 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1440 Length is too large (i.e., if Unfeasible Routes Length + Total
1441 Attribute Length + 23 exceeds the message Length), then the Error
1442 Subcode is set to Malformed Attribute List. */
1443 if (stream_pnt(s) + 2 > end) {
1444 flog_err(EC_BGP_UPDATE_RCV,
1445 "%s [Error] Update packet error"
1446 " (packet length is short for unfeasible length)",
1447 peer->host);
1448 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1449 BGP_NOTIFY_UPDATE_MAL_ATTR);
1450 return BGP_Stop;
1451 }
1452
1453 /* Unfeasible Route Length. */
1454 withdraw_len = stream_getw(s);
1455
1456 /* Unfeasible Route Length check. */
1457 if (stream_pnt(s) + withdraw_len > end) {
1458 flog_err(EC_BGP_UPDATE_RCV,
1459 "%s [Error] Update packet error"
1460 " (packet unfeasible length overflow %d)",
1461 peer->host, withdraw_len);
1462 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1463 BGP_NOTIFY_UPDATE_MAL_ATTR);
1464 return BGP_Stop;
1465 }
1466
1467 /* Unfeasible Route packet format check. */
1468 if (withdraw_len > 0) {
1469 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1470 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1471 nlris[NLRI_WITHDRAW].nlri = stream_pnt(s);
1472 nlris[NLRI_WITHDRAW].length = withdraw_len;
1473 stream_forward_getp(s, withdraw_len);
1474 }
1475
1476 /* Attribute total length check. */
1477 if (stream_pnt(s) + 2 > end) {
1478 flog_warn(
1479 EC_BGP_UPDATE_PACKET_SHORT,
1480 "%s [Error] Packet Error (update packet is short for attribute length)",
1481 peer->host);
1482 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1483 BGP_NOTIFY_UPDATE_MAL_ATTR);
1484 return BGP_Stop;
1485 }
1486
1487 /* Fetch attribute total length. */
1488 attribute_len = stream_getw(s);
1489
1490 /* Attribute length check. */
1491 if (stream_pnt(s) + attribute_len > end) {
1492 flog_warn(
1493 EC_BGP_UPDATE_PACKET_LONG,
1494 "%s [Error] Packet Error (update packet attribute length overflow %d)",
1495 peer->host, attribute_len);
1496 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1497 BGP_NOTIFY_UPDATE_MAL_ATTR);
1498 return BGP_Stop;
1499 }
1500
1501 /* Certain attribute parsing errors should not be considered bad enough
1502 * to reset the session for, most particularly any partial/optional
1503 * attributes that have 'tunneled' over speakers that don't understand
1504 * them. Instead we withdraw only the prefix concerned.
1505 *
1506 * Complicates the flow a little though..
1507 */
1508 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1509 /* This define morphs the update case into a withdraw when lower levels
1510 * have signalled an error condition where this is best.
1511 */
1512 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1513
1514 /* Parse attribute when it exists. */
1515 if (attribute_len) {
1516 attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len,
1517 &nlris[NLRI_MP_UPDATE],
1518 &nlris[NLRI_MP_WITHDRAW]);
1519 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) {
1520 bgp_attr_unintern_sub(&attr);
1521 return BGP_Stop;
1522 }
1523 }
1524
1525 /* Logging the attribute. */
1526 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW
1527 || BGP_DEBUG(update, UPDATE_IN)
1528 || BGP_DEBUG(update, UPDATE_PREFIX)) {
1529 ret = bgp_dump_attr(&attr, peer->rcvd_attr_str, BUFSIZ);
1530
1531 peer->stat_upd_7606++;
1532
1533 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1534 flog_err(
1535 EC_BGP_UPDATE_RCV,
1536 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1537 peer->host);
1538
1539 if (ret && bgp_debug_update(peer, NULL, NULL, 1)) {
1540 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer->host,
1541 peer->rcvd_attr_str);
1542 peer->rcvd_attr_printed = 1;
1543 }
1544 }
1545
1546 /* Network Layer Reachability Information. */
1547 update_len = end - stream_pnt(s);
1548
1549 if (update_len) {
1550 /* Set NLRI portion to structure. */
1551 nlris[NLRI_UPDATE].afi = AFI_IP;
1552 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1553 nlris[NLRI_UPDATE].nlri = stream_pnt(s);
1554 nlris[NLRI_UPDATE].length = update_len;
1555 stream_forward_getp(s, update_len);
1556
1557 if (CHECK_FLAG(attr.flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI))) {
1558 /*
1559 * We skipped nexthop attribute validation earlier so
1560 * validate the nexthop now.
1561 */
1562 if (bgp_attr_nexthop_valid(peer, &attr) < 0) {
1563 bgp_attr_unintern_sub(&attr);
1564 return BGP_Stop;
1565 }
1566 }
1567 }
1568
1569 if (BGP_DEBUG(update, UPDATE_IN))
1570 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1571 peer->host, withdraw_len, attribute_len, update_len);
1572
1573 /* Parse any given NLRIs */
1574 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) {
1575 if (!nlris[i].nlri)
1576 continue;
1577
1578 /* NLRI is processed iff the peer if configured for the specific
1579 * afi/safi */
1580 if (!peer->afc[nlris[i].afi][nlris[i].safi]) {
1581 zlog_info(
1582 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1583 peer->host, nlris[i].afi, nlris[i].safi);
1584 continue;
1585 }
1586
1587 /* EoR handled later */
1588 if (nlris[i].length == 0)
1589 continue;
1590
1591 switch (i) {
1592 case NLRI_UPDATE:
1593 case NLRI_MP_UPDATE:
1594 nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG,
1595 &nlris[i], 0);
1596 break;
1597 case NLRI_WITHDRAW:
1598 case NLRI_MP_WITHDRAW:
1599 nlri_ret = bgp_nlri_parse(peer, &attr, &nlris[i], 1);
1600 break;
1601 default:
1602 nlri_ret = BGP_NLRI_PARSE_ERROR;
1603 }
1604
1605 if (nlri_ret < BGP_NLRI_PARSE_OK
1606 && nlri_ret != BGP_NLRI_PARSE_ERROR_PREFIX_OVERFLOW) {
1607 flog_err(EC_BGP_UPDATE_RCV,
1608 "%s [Error] Error parsing NLRI", peer->host);
1609 if (peer->status == Established)
1610 bgp_notify_send(
1611 peer, BGP_NOTIFY_UPDATE_ERR,
1612 i <= NLRI_WITHDRAW
1613 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1614 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1615 bgp_attr_unintern_sub(&attr);
1616 return BGP_Stop;
1617 }
1618 }
1619
1620 /* EoR checks
1621 *
1622 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1623 * and MP EoR should have only an empty MP_UNREACH
1624 */
1625 if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
1626 || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
1627 afi_t afi = 0;
1628 safi_t safi;
1629
1630 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1631 * checked
1632 * update and withdraw NLRI lengths are 0.
1633 */
1634 if (!attribute_len) {
1635 afi = AFI_IP;
1636 safi = SAFI_UNICAST;
1637 } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)
1638 && nlris[NLRI_MP_WITHDRAW].length == 0) {
1639 afi = nlris[NLRI_MP_WITHDRAW].afi;
1640 safi = nlris[NLRI_MP_WITHDRAW].safi;
1641 } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
1642 afi = nlris[NLRI_MP_UPDATE].afi;
1643 safi = nlris[NLRI_MP_UPDATE].safi;
1644 }
1645
1646 if (afi && peer->afc[afi][safi]) {
1647 struct vrf *vrf = vrf_lookup_by_id(peer->bgp->vrf_id);
1648
1649 /* End-of-RIB received */
1650 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
1651 PEER_STATUS_EOR_RECEIVED)) {
1652 SET_FLAG(peer->af_sflags[afi][safi],
1653 PEER_STATUS_EOR_RECEIVED);
1654 bgp_update_explicit_eors(peer);
1655 }
1656
1657 /* NSF delete stale route */
1658 if (peer->nsf[afi][safi])
1659 bgp_clear_stale_route(peer, afi, safi);
1660
1661 zlog_info(
1662 "%s: rcvd End-of-RIB for %s from %s in vrf %s",
1663 __func__, get_afi_safi_str(afi, safi, false),
1664 peer->host, vrf ? vrf->name : VRF_DEFAULT_NAME);
1665 }
1666 }
1667
1668 /* Everything is done. We unintern temporary structures which
1669 interned in bgp_attr_parse(). */
1670 bgp_attr_unintern_sub(&attr);
1671
1672 peer->update_time = bgp_clock();
1673
1674 /* Rearm holdtime timer */
1675 BGP_TIMER_OFF(peer->t_holdtime);
1676 bgp_timer_set(peer);
1677
1678 return Receive_UPDATE_message;
1679 }
1680
1681 /**
1682 * Process BGP NOTIFY message for peer.
1683 *
1684 * @param peer
1685 * @param size size of the packet
1686 * @return as in summary
1687 */
1688 static int bgp_notify_receive(struct peer *peer, bgp_size_t size)
1689 {
1690 struct bgp_notify bgp_notify;
1691
1692 if (peer->notify.data) {
1693 XFREE(MTYPE_TMP, peer->notify.data);
1694 peer->notify.data = NULL;
1695 peer->notify.length = 0;
1696 }
1697
1698 bgp_notify.code = stream_getc(peer->curr);
1699 bgp_notify.subcode = stream_getc(peer->curr);
1700 bgp_notify.length = size - 2;
1701 bgp_notify.data = NULL;
1702
1703 /* Preserv notify code and sub code. */
1704 peer->notify.code = bgp_notify.code;
1705 peer->notify.subcode = bgp_notify.subcode;
1706 /* For further diagnostic record returned Data. */
1707 if (bgp_notify.length) {
1708 peer->notify.length = size - 2;
1709 peer->notify.data = XMALLOC(MTYPE_TMP, size - 2);
1710 memcpy(peer->notify.data, stream_pnt(peer->curr), size - 2);
1711 }
1712
1713 /* For debug */
1714 {
1715 int i;
1716 int first = 0;
1717 char c[4];
1718
1719 if (bgp_notify.length) {
1720 bgp_notify.data =
1721 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
1722 for (i = 0; i < bgp_notify.length; i++)
1723 if (first) {
1724 snprintf(c, sizeof(c), " %02x",
1725 stream_getc(peer->curr));
1726 strlcat(bgp_notify.data, c,
1727 bgp_notify.length);
1728 } else {
1729 first = 1;
1730 snprintf(c, sizeof(c), "%02x",
1731 stream_getc(peer->curr));
1732 strlcpy(bgp_notify.data, c,
1733 bgp_notify.length);
1734 }
1735 bgp_notify.raw_data = (uint8_t *)peer->notify.data;
1736 }
1737
1738 bgp_notify_print(peer, &bgp_notify, "received");
1739 if (bgp_notify.data) {
1740 XFREE(MTYPE_TMP, bgp_notify.data);
1741 bgp_notify.data = NULL;
1742 bgp_notify.length = 0;
1743 }
1744 }
1745
1746 /* peer count update */
1747 atomic_fetch_add_explicit(&peer->notify_in, 1, memory_order_relaxed);
1748
1749 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1750
1751 /* We have to check for Notify with Unsupported Optional Parameter.
1752 in that case we fallback to open without the capability option.
1753 But this done in bgp_stop. We just mark it here to avoid changing
1754 the fsm tables. */
1755 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR
1756 && bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM)
1757 UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1758
1759 return Receive_NOTIFICATION_message;
1760 }
1761
1762 /**
1763 * Process BGP ROUTEREFRESH message for peer.
1764 *
1765 * @param peer
1766 * @param size size of the packet
1767 * @return as in summary
1768 */
1769 static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
1770 {
1771 iana_afi_t pkt_afi;
1772 afi_t afi;
1773 iana_safi_t pkt_safi;
1774 safi_t safi;
1775 struct stream *s;
1776 struct peer_af *paf;
1777 struct update_group *updgrp;
1778 struct peer *updgrp_peer;
1779
1780 /* If peer does not have the capability, send notification. */
1781 if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) {
1782 flog_err(EC_BGP_NO_CAP,
1783 "%s [Error] BGP route refresh is not enabled",
1784 peer->host);
1785 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
1786 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1787 return BGP_Stop;
1788 }
1789
1790 /* Status must be Established. */
1791 if (peer->status != Established) {
1792 flog_err(
1793 EC_BGP_INVALID_STATUS,
1794 "%s [Error] Route refresh packet received under status %s",
1795 peer->host,
1796 lookup_msg(bgp_status_msg, peer->status, NULL));
1797 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
1798 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1799 return BGP_Stop;
1800 }
1801
1802 s = peer->curr;
1803
1804 /* Parse packet. */
1805 pkt_afi = stream_getw(s);
1806 (void)stream_getc(s);
1807 pkt_safi = stream_getc(s);
1808
1809 if (bgp_debug_update(peer, NULL, NULL, 0))
1810 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %s/%s",
1811 peer->host, iana_afi2str(pkt_afi),
1812 iana_safi2str(pkt_safi));
1813
1814 /* Convert AFI, SAFI to internal values and check. */
1815 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1816 zlog_info(
1817 "%s REFRESH_REQ for unrecognized afi/safi: %s/%s - ignored",
1818 peer->host, iana_afi2str(pkt_afi),
1819 iana_safi2str(pkt_safi));
1820 return BGP_PACKET_NOOP;
1821 }
1822
1823 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) {
1824 uint8_t *end;
1825 uint8_t when_to_refresh;
1826 uint8_t orf_type;
1827 uint16_t orf_len;
1828
1829 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1830 < 5) {
1831 zlog_info("%s ORF route refresh length error",
1832 peer->host);
1833 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1834 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1835 return BGP_Stop;
1836 }
1837
1838 when_to_refresh = stream_getc(s);
1839 end = stream_pnt(s) + (size - 5);
1840
1841 while ((stream_pnt(s) + 2) < end) {
1842 orf_type = stream_getc(s);
1843 orf_len = stream_getw(s);
1844
1845 /* orf_len in bounds? */
1846 if ((stream_pnt(s) + orf_len) > end)
1847 break; /* XXX: Notify instead?? */
1848 if (orf_type == ORF_TYPE_PREFIX
1849 || orf_type == ORF_TYPE_PREFIX_OLD) {
1850 uint8_t *p_pnt = stream_pnt(s);
1851 uint8_t *p_end = stream_pnt(s) + orf_len;
1852 struct orf_prefix orfp;
1853 uint8_t common = 0;
1854 uint32_t seq;
1855 int psize;
1856 char name[BUFSIZ];
1857 int ret = CMD_SUCCESS;
1858
1859 if (bgp_debug_neighbor_events(peer)) {
1860 zlog_debug(
1861 "%s rcvd Prefixlist ORF(%d) length %d",
1862 peer->host, orf_type, orf_len);
1863 }
1864
1865 /* we're going to read at least 1 byte of common
1866 * ORF header,
1867 * and 7 bytes of ORF Address-filter entry from
1868 * the stream
1869 */
1870 if (orf_len < 7)
1871 break;
1872
1873 /* ORF prefix-list name */
1874 sprintf(name, "%s.%d.%d", peer->host, afi,
1875 safi);
1876
1877 while (p_pnt < p_end) {
1878 /* If the ORF entry is malformed, want
1879 * to read as much of it
1880 * as possible without going beyond the
1881 * bounds of the entry,
1882 * to maximise debug information.
1883 */
1884 int ok;
1885 memset(&orfp, 0,
1886 sizeof(struct orf_prefix));
1887 common = *p_pnt++;
1888 /* after ++: p_pnt <= p_end */
1889 if (common
1890 & ORF_COMMON_PART_REMOVE_ALL) {
1891 if (bgp_debug_neighbor_events(
1892 peer))
1893 zlog_debug(
1894 "%s rcvd Remove-All pfxlist ORF request",
1895 peer->host);
1896 prefix_bgp_orf_remove_all(afi,
1897 name);
1898 break;
1899 }
1900 ok = ((uint32_t)(p_end - p_pnt)
1901 >= sizeof(uint32_t));
1902 if (ok) {
1903 memcpy(&seq, p_pnt,
1904 sizeof(uint32_t));
1905 p_pnt += sizeof(uint32_t);
1906 orfp.seq = ntohl(seq);
1907 } else
1908 p_pnt = p_end;
1909
1910 if ((ok = (p_pnt < p_end)))
1911 orfp.ge =
1912 *p_pnt++; /* value
1913 checked in
1914 prefix_bgp_orf_set()
1915 */
1916 if ((ok = (p_pnt < p_end)))
1917 orfp.le =
1918 *p_pnt++; /* value
1919 checked in
1920 prefix_bgp_orf_set()
1921 */
1922 if ((ok = (p_pnt < p_end)))
1923 orfp.p.prefixlen = *p_pnt++;
1924 orfp.p.family = afi2family(
1925 afi); /* afi checked already */
1926
1927 psize = PSIZE(
1928 orfp.p.prefixlen); /* 0 if not
1929 ok */
1930 if (psize
1931 > prefix_blen(
1932 &orfp.p)) /* valid for
1933 family ? */
1934 {
1935 ok = 0;
1936 psize = prefix_blen(&orfp.p);
1937 }
1938 if (psize
1939 > (p_end - p_pnt)) /* valid for
1940 packet ? */
1941 {
1942 ok = 0;
1943 psize = p_end - p_pnt;
1944 }
1945
1946 if (psize > 0)
1947 memcpy(&orfp.p.u.prefix, p_pnt,
1948 psize);
1949 p_pnt += psize;
1950
1951 if (bgp_debug_neighbor_events(peer)) {
1952 char buf[INET6_BUFSIZ];
1953
1954 zlog_debug(
1955 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1956 peer->host,
1957 (common & ORF_COMMON_PART_REMOVE
1958 ? "Remove"
1959 : "Add"),
1960 (common & ORF_COMMON_PART_DENY
1961 ? "deny"
1962 : "permit"),
1963 orfp.seq,
1964 inet_ntop(
1965 orfp.p.family,
1966 &orfp.p.u.prefix,
1967 buf,
1968 INET6_BUFSIZ),
1969 orfp.p.prefixlen,
1970 orfp.ge, orfp.le,
1971 ok ? "" : " MALFORMED");
1972 }
1973
1974 if (ok)
1975 ret = prefix_bgp_orf_set(
1976 name, afi, &orfp,
1977 (common & ORF_COMMON_PART_DENY
1978 ? 0
1979 : 1),
1980 (common & ORF_COMMON_PART_REMOVE
1981 ? 0
1982 : 1));
1983
1984 if (!ok || (ok && ret != CMD_SUCCESS)) {
1985 zlog_info(
1986 "%s Received misformatted prefixlist ORF."
1987 " Remove All pfxlist",
1988 peer->host);
1989 prefix_bgp_orf_remove_all(afi,
1990 name);
1991 break;
1992 }
1993 }
1994
1995 peer->orf_plist[afi][safi] =
1996 prefix_bgp_orf_lookup(afi, name);
1997 }
1998 stream_forward_getp(s, orf_len);
1999 }
2000 if (bgp_debug_neighbor_events(peer))
2001 zlog_debug("%s rcvd Refresh %s ORF request", peer->host,
2002 when_to_refresh == REFRESH_DEFER
2003 ? "Defer"
2004 : "Immediate");
2005 if (when_to_refresh == REFRESH_DEFER)
2006 return BGP_PACKET_NOOP;
2007 }
2008
2009 /* First update is deferred until ORF or ROUTE-REFRESH is received */
2010 if (CHECK_FLAG(peer->af_sflags[afi][safi],
2011 PEER_STATUS_ORF_WAIT_REFRESH))
2012 UNSET_FLAG(peer->af_sflags[afi][safi],
2013 PEER_STATUS_ORF_WAIT_REFRESH);
2014
2015 paf = peer_af_find(peer, afi, safi);
2016 if (paf && paf->subgroup) {
2017 if (peer->orf_plist[afi][safi]) {
2018 updgrp = PAF_UPDGRP(paf);
2019 updgrp_peer = UPDGRP_PEER(updgrp);
2020 updgrp_peer->orf_plist[afi][safi] =
2021 peer->orf_plist[afi][safi];
2022 }
2023
2024 /* If the peer is configured for default-originate clear the
2025 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
2026 * re-advertise the
2027 * default
2028 */
2029 if (CHECK_FLAG(paf->subgroup->sflags,
2030 SUBGRP_STATUS_DEFAULT_ORIGINATE))
2031 UNSET_FLAG(paf->subgroup->sflags,
2032 SUBGRP_STATUS_DEFAULT_ORIGINATE);
2033 }
2034
2035 /* Perform route refreshment to the peer */
2036 bgp_announce_route(peer, afi, safi);
2037
2038 /* No FSM action necessary */
2039 return BGP_PACKET_NOOP;
2040 }
2041
2042 /**
2043 * Parse BGP CAPABILITY message for peer.
2044 *
2045 * @param peer
2046 * @param size size of the packet
2047 * @return as in summary
2048 */
2049 static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
2050 bgp_size_t length)
2051 {
2052 uint8_t *end;
2053 struct capability_mp_data mpc;
2054 struct capability_header *hdr;
2055 uint8_t action;
2056 iana_afi_t pkt_afi;
2057 afi_t afi;
2058 iana_safi_t pkt_safi;
2059 safi_t safi;
2060
2061 end = pnt + length;
2062
2063 while (pnt < end) {
2064 /* We need at least action, capability code and capability
2065 * length. */
2066 if (pnt + 3 > end) {
2067 zlog_info("%s Capability length error", peer->host);
2068 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2069 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2070 return BGP_Stop;
2071 }
2072 action = *pnt;
2073 hdr = (struct capability_header *)(pnt + 1);
2074
2075 /* Action value check. */
2076 if (action != CAPABILITY_ACTION_SET
2077 && action != CAPABILITY_ACTION_UNSET) {
2078 zlog_info("%s Capability Action Value error %d",
2079 peer->host, action);
2080 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2081 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2082 return BGP_Stop;
2083 }
2084
2085 if (bgp_debug_neighbor_events(peer))
2086 zlog_debug(
2087 "%s CAPABILITY has action: %d, code: %u, length %u",
2088 peer->host, action, hdr->code, hdr->length);
2089
2090 /* Capability length check. */
2091 if ((pnt + hdr->length + 3) > end) {
2092 zlog_info("%s Capability length error", peer->host);
2093 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
2094 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2095 return BGP_Stop;
2096 }
2097
2098 /* Fetch structure to the byte stream. */
2099 memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
2100 pnt += hdr->length + 3;
2101
2102 /* We know MP Capability Code. */
2103 if (hdr->code == CAPABILITY_CODE_MP) {
2104 pkt_afi = ntohs(mpc.afi);
2105 pkt_safi = mpc.safi;
2106
2107 /* Ignore capability when override-capability is set. */
2108 if (CHECK_FLAG(peer->flags,
2109 PEER_FLAG_OVERRIDE_CAPABILITY))
2110 continue;
2111
2112 /* Convert AFI, SAFI to internal values. */
2113 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi,
2114 &safi)) {
2115 if (bgp_debug_neighbor_events(peer))
2116 zlog_debug(
2117 "%s Dynamic Capability MP_EXT afi/safi invalid "
2118 "(%s/%s)",
2119 peer->host,
2120 iana_afi2str(pkt_afi),
2121 iana_safi2str(pkt_safi));
2122 continue;
2123 }
2124
2125 /* Address family check. */
2126 if (bgp_debug_neighbor_events(peer))
2127 zlog_debug(
2128 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2129 peer->host,
2130 action == CAPABILITY_ACTION_SET
2131 ? "Advertising"
2132 : "Removing",
2133 pkt_afi, pkt_safi);
2134
2135 if (action == CAPABILITY_ACTION_SET) {
2136 peer->afc_recv[afi][safi] = 1;
2137 if (peer->afc[afi][safi]) {
2138 peer->afc_nego[afi][safi] = 1;
2139 bgp_announce_route(peer, afi, safi);
2140 }
2141 } else {
2142 peer->afc_recv[afi][safi] = 0;
2143 peer->afc_nego[afi][safi] = 0;
2144
2145 if (peer_active_nego(peer))
2146 bgp_clear_route(peer, afi, safi);
2147 else
2148 return BGP_Stop;
2149 }
2150 } else {
2151 flog_warn(
2152 EC_BGP_UNRECOGNIZED_CAPABILITY,
2153 "%s unrecognized capability code: %d - ignored",
2154 peer->host, hdr->code);
2155 }
2156 }
2157
2158 /* No FSM action necessary */
2159 return BGP_PACKET_NOOP;
2160 }
2161
2162 /**
2163 * Parse BGP CAPABILITY message for peer.
2164 *
2165 * Exported for unit testing.
2166 *
2167 * @param peer
2168 * @param size size of the packet
2169 * @return as in summary
2170 */
2171 int bgp_capability_receive(struct peer *peer, bgp_size_t size)
2172 {
2173 uint8_t *pnt;
2174
2175 /* Fetch pointer. */
2176 pnt = stream_pnt(peer->curr);
2177
2178 if (bgp_debug_neighbor_events(peer))
2179 zlog_debug("%s rcv CAPABILITY", peer->host);
2180
2181 /* If peer does not have the capability, send notification. */
2182 if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) {
2183 flog_err(EC_BGP_NO_CAP,
2184 "%s [Error] BGP dynamic capability is not enabled",
2185 peer->host);
2186 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2187 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2188 return BGP_Stop;
2189 }
2190
2191 /* Status must be Established. */
2192 if (peer->status != Established) {
2193 flog_err(
2194 EC_BGP_NO_CAP,
2195 "%s [Error] Dynamic capability packet received under status %s",
2196 peer->host,
2197 lookup_msg(bgp_status_msg, peer->status, NULL));
2198 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR,
2199 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
2200 return BGP_Stop;
2201 }
2202
2203 /* Parse packet. */
2204 return bgp_capability_msg_parse(peer, pnt, size);
2205 }
2206
2207 /**
2208 * Processes a peer's input buffer.
2209 *
2210 * This function sidesteps the event loop and directly calls bgp_event_update()
2211 * after processing each BGP message. This is necessary to ensure proper
2212 * ordering of FSM events and unifies the behavior that was present previously,
2213 * whereby some of the packet handling functions would update the FSM and some
2214 * would not, making event flow difficult to understand. Please think twice
2215 * before hacking this.
2216 *
2217 * Thread type: THREAD_EVENT
2218 * @param thread
2219 * @return 0
2220 */
2221 int bgp_process_packet(struct thread *thread)
2222 {
2223 /* Yes first of all get peer pointer. */
2224 struct peer *peer; // peer
2225 uint32_t rpkt_quanta_old; // how many packets to read
2226 int fsm_update_result; // return code of bgp_event_update()
2227 int mprc; // message processing return code
2228
2229 peer = THREAD_ARG(thread);
2230 rpkt_quanta_old = atomic_load_explicit(&peer->bgp->rpkt_quanta,
2231 memory_order_relaxed);
2232 fsm_update_result = 0;
2233
2234 /* Guard against scheduled events that occur after peer deletion. */
2235 if (peer->status == Deleted || peer->status == Clearing)
2236 return 0;
2237
2238 unsigned int processed = 0;
2239
2240 while (processed < rpkt_quanta_old) {
2241 uint8_t type = 0;
2242 bgp_size_t size;
2243 char notify_data_length[2];
2244
2245 frr_with_mutex(&peer->io_mtx) {
2246 peer->curr = stream_fifo_pop(peer->ibuf);
2247 }
2248
2249 if (peer->curr == NULL) // no packets to process, hmm...
2250 return 0;
2251
2252 /* skip the marker and copy the packet length */
2253 stream_forward_getp(peer->curr, BGP_MARKER_SIZE);
2254 memcpy(notify_data_length, stream_pnt(peer->curr), 2);
2255
2256 /* read in the packet length and type */
2257 size = stream_getw(peer->curr);
2258 type = stream_getc(peer->curr);
2259
2260 hook_call(bgp_packet_dump, peer, type, size, peer->curr);
2261
2262 /* adjust size to exclude the marker + length + type */
2263 size -= BGP_HEADER_SIZE;
2264
2265 /* Read rest of the packet and call each sort of packet routine
2266 */
2267 switch (type) {
2268 case BGP_MSG_OPEN:
2269 atomic_fetch_add_explicit(&peer->open_in, 1,
2270 memory_order_relaxed);
2271 mprc = bgp_open_receive(peer, size);
2272 if (mprc == BGP_Stop)
2273 flog_err(
2274 EC_BGP_PKT_OPEN,
2275 "%s: BGP OPEN receipt failed for peer: %s",
2276 __FUNCTION__, peer->host);
2277 break;
2278 case BGP_MSG_UPDATE:
2279 atomic_fetch_add_explicit(&peer->update_in, 1,
2280 memory_order_relaxed);
2281 peer->readtime = monotime(NULL);
2282 mprc = bgp_update_receive(peer, size);
2283 if (mprc == BGP_Stop)
2284 flog_err(
2285 EC_BGP_UPDATE_RCV,
2286 "%s: BGP UPDATE receipt failed for peer: %s",
2287 __FUNCTION__, peer->host);
2288 break;
2289 case BGP_MSG_NOTIFY:
2290 atomic_fetch_add_explicit(&peer->notify_in, 1,
2291 memory_order_relaxed);
2292 mprc = bgp_notify_receive(peer, size);
2293 if (mprc == BGP_Stop)
2294 flog_err(
2295 EC_BGP_NOTIFY_RCV,
2296 "%s: BGP NOTIFY receipt failed for peer: %s",
2297 __FUNCTION__, peer->host);
2298 break;
2299 case BGP_MSG_KEEPALIVE:
2300 peer->readtime = monotime(NULL);
2301 atomic_fetch_add_explicit(&peer->keepalive_in, 1,
2302 memory_order_relaxed);
2303 mprc = bgp_keepalive_receive(peer, size);
2304 if (mprc == BGP_Stop)
2305 flog_err(
2306 EC_BGP_KEEP_RCV,
2307 "%s: BGP KEEPALIVE receipt failed for peer: %s",
2308 __FUNCTION__, peer->host);
2309 break;
2310 case BGP_MSG_ROUTE_REFRESH_NEW:
2311 case BGP_MSG_ROUTE_REFRESH_OLD:
2312 atomic_fetch_add_explicit(&peer->refresh_in, 1,
2313 memory_order_relaxed);
2314 mprc = bgp_route_refresh_receive(peer, size);
2315 if (mprc == BGP_Stop)
2316 flog_err(
2317 EC_BGP_RFSH_RCV,
2318 "%s: BGP ROUTEREFRESH receipt failed for peer: %s",
2319 __FUNCTION__, peer->host);
2320 break;
2321 case BGP_MSG_CAPABILITY:
2322 atomic_fetch_add_explicit(&peer->dynamic_cap_in, 1,
2323 memory_order_relaxed);
2324 mprc = bgp_capability_receive(peer, size);
2325 if (mprc == BGP_Stop)
2326 flog_err(
2327 EC_BGP_CAP_RCV,
2328 "%s: BGP CAPABILITY receipt failed for peer: %s",
2329 __FUNCTION__, peer->host);
2330 break;
2331 default:
2332 /* Suppress uninitialized variable warning */
2333 mprc = 0;
2334 (void)mprc;
2335 /*
2336 * The message type should have been sanitized before
2337 * we ever got here. Receipt of a message with an
2338 * invalid header at this point is indicative of a
2339 * security issue.
2340 */
2341 assert (!"Message of invalid type received during input processing");
2342 }
2343
2344 /* delete processed packet */
2345 stream_free(peer->curr);
2346 peer->curr = NULL;
2347 processed++;
2348
2349 /* Update FSM */
2350 if (mprc != BGP_PACKET_NOOP)
2351 fsm_update_result = bgp_event_update(peer, mprc);
2352 else
2353 continue;
2354
2355 /*
2356 * If peer was deleted, do not process any more packets. This
2357 * is usually due to executing BGP_Stop or a stub deletion.
2358 */
2359 if (fsm_update_result == FSM_PEER_TRANSFERRED
2360 || fsm_update_result == FSM_PEER_STOPPED)
2361 break;
2362 }
2363
2364 if (fsm_update_result != FSM_PEER_TRANSFERRED
2365 && fsm_update_result != FSM_PEER_STOPPED) {
2366 frr_with_mutex(&peer->io_mtx) {
2367 // more work to do, come back later
2368 if (peer->ibuf->count > 0)
2369 thread_add_timer_msec(
2370 bm->master, bgp_process_packet, peer, 0,
2371 &peer->t_process_packet);
2372 }
2373 }
2374
2375 return 0;
2376 }
FRRouting mirror