]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: bgpd-warnings.patch
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 Copyright (C) 1999 Kunihiro Ishiguro
3
4 This file is part of GNU Zebra.
5
6 GNU Zebra is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the Free
18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 02111-1307, USA. */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "stream.h"
25 #include "network.h"
26 #include "prefix.h"
27 #include "command.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "sockunion.h" /* for inet_ntop () */
31 #include "linklist.h"
32 #include "plist.h"
33 #include "queue.h"
34
35 #include "bgpd/bgpd.h"
36 #include "bgpd/bgp_table.h"
37 #include "bgpd/bgp_dump.h"
38 #include "bgpd/bgp_attr.h"
39 #include "bgpd/bgp_debug.h"
40 #include "bgpd/bgp_fsm.h"
41 #include "bgpd/bgp_route.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_open.h"
44 #include "bgpd/bgp_aspath.h"
45 #include "bgpd/bgp_community.h"
46 #include "bgpd/bgp_ecommunity.h"
47 #include "bgpd/bgp_network.h"
48 #include "bgpd/bgp_mplsvpn.h"
49 #include "bgpd/bgp_advertise.h"
50 #include "bgpd/bgp_vty.h"
51 #include "bgpd/bgp_updgrp.h"
52
53 int stream_put_prefix (struct stream *, struct prefix *);
54
55 /* Set up BGP packet marker and packet type. */
56 int
57 bgp_packet_set_marker (struct stream *s, u_char type)
58 {
59 int i;
60
61 /* Fill in marker. */
62 for (i = 0; i < BGP_MARKER_SIZE; i++)
63 stream_putc (s, 0xff);
64
65 /* Dummy total length. This field is should be filled in later on. */
66 stream_putw (s, 0);
67
68 /* BGP packet type. */
69 stream_putc (s, type);
70
71 /* Return current stream size. */
72 return stream_get_endp (s);
73 }
74
75 /* Set BGP packet header size entry. If size is zero then use current
76 stream size. */
77 int
78 bgp_packet_set_size (struct stream *s)
79 {
80 int cp;
81
82 /* Preserve current pointer. */
83 cp = stream_get_endp (s);
84 stream_putw_at (s, BGP_MARKER_SIZE, cp);
85
86 return cp;
87 }
88
89 /* Add new packet to the peer. */
90 void
91 bgp_packet_add (struct peer *peer, struct stream *s)
92 {
93 /* Add packet to the end of list. */
94 stream_fifo_push (peer->obuf, s);
95 }
96
97 /* Free first packet. */
98 static void
99 bgp_packet_delete (struct peer *peer)
100 {
101 stream_free (stream_fifo_pop (peer->obuf));
102 }
103
104 /* Check file descriptor whether connect is established. */
105 int
106 bgp_connect_check (struct peer *peer, int change_state)
107 {
108 int status;
109 socklen_t slen;
110 int ret;
111
112 /* Anyway I have to reset read and write thread. */
113 BGP_READ_OFF (peer->t_read);
114 BGP_WRITE_OFF (peer->t_write);
115
116 /* Check file descriptor. */
117 slen = sizeof (status);
118 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *) &status, &slen);
119
120 /* If getsockopt is fail, this is fatal error. */
121 if (ret < 0)
122 {
123 zlog_info ("can't get sockopt for nonblocking connect");
124 BGP_EVENT_ADD (peer, TCP_fatal_error);
125 return -1;
126 }
127
128 /* When status is 0 then TCP connection is established. */
129 if (status == 0)
130 {
131 BGP_EVENT_ADD (peer, TCP_connection_open);
132 return 1;
133 }
134 else
135 {
136 if (bgp_debug_neighbor_events(peer))
137 zlog_debug ("%s [Event] Connect failed (%s)",
138 peer->host, safe_strerror (errno));
139 if (change_state)
140 BGP_EVENT_ADD (peer, TCP_connection_open_failed);
141 return 0;
142 }
143 }
144
145 static struct stream *
146 bgp_update_packet_eor (struct peer *peer, afi_t afi, safi_t safi)
147 {
148 struct stream *s;
149 struct stream *packet;
150
151 if (DISABLE_BGP_ANNOUNCE)
152 return NULL;
153
154 if (bgp_debug_neighbor_events(peer))
155 zlog_debug ("send End-of-RIB for %s to %s", afi_safi_print (afi, safi), peer->host);
156
157 s = stream_new (BGP_MAX_PACKET_SIZE);
158
159 /* Make BGP update packet. */
160 bgp_packet_set_marker (s, BGP_MSG_UPDATE);
161
162 /* Unfeasible Routes Length */
163 stream_putw (s, 0);
164
165 if (afi == AFI_IP && safi == SAFI_UNICAST)
166 {
167 /* Total Path Attribute Length */
168 stream_putw (s, 0);
169 }
170 else
171 {
172 /* Total Path Attribute Length */
173 stream_putw (s, 6);
174 stream_putc (s, BGP_ATTR_FLAG_OPTIONAL);
175 stream_putc (s, BGP_ATTR_MP_UNREACH_NLRI);
176 stream_putc (s, 3);
177 stream_putw (s, afi);
178 stream_putc (s, safi);
179 }
180
181 bgp_packet_set_size (s);
182 packet = stream_dup (s);
183 bgp_packet_add (peer, packet);
184 stream_free (s);
185 return packet;
186 }
187
188 /* Get next packet to be written. */
189 static struct stream *
190 bgp_write_packet (struct peer *peer)
191 {
192 struct stream *s = NULL;
193 struct peer_af *paf;
194 struct bpacket *next_pkt;
195 afi_t afi;
196 safi_t safi;
197
198 s = stream_fifo_head (peer->obuf);
199 if (s)
200 return s;
201
202 /*
203 * The code beyond this part deals with update packets, proceed only
204 * if peer is Established and updates are not on hold (as part of
205 * update-delay post processing).
206 */
207 if (peer->status != Established)
208 return NULL;
209
210 if (peer->bgp && (peer->bgp->main_peers_update_hold ||
211 peer->bgp->rsclient_peers_update_hold))
212 return NULL;
213
214 for (afi = AFI_IP; afi < AFI_MAX; afi++)
215 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
216 {
217 paf = peer_af_find (peer, afi, safi);
218 if (!paf || !PAF_SUBGRP(paf))
219 continue;
220 next_pkt = paf->next_pkt_to_send;
221
222 /* Try to generate a packet for the peer if we are at the end of
223 * the list. Always try to push out WITHDRAWs first. */
224 if (!next_pkt || !next_pkt->buffer)
225 {
226 next_pkt = subgroup_withdraw_packet(PAF_SUBGRP(paf));
227 if (!next_pkt || !next_pkt->buffer)
228 subgroup_update_packet (PAF_SUBGRP(paf));
229 next_pkt = paf->next_pkt_to_send;
230 }
231
232 /* If we still don't have a packet to send to the peer, then
233 * try to find out out if we have to send eor or if not, skip to
234 * the next AFI, SAFI.
235 * Don't send the EOR prematurely... if the subgroup's coalesce
236 * timer is running, the adjacency-out structure is not created
237 * yet.
238 */
239 if (!next_pkt || !next_pkt->buffer)
240 {
241 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
242 {
243 if (!(PAF_SUBGRP(paf))->t_coalesce &&
244 peer->afc_nego[afi][safi] && peer->synctime
245 && ! CHECK_FLAG (peer->af_sflags[afi][safi],
246 PEER_STATUS_EOR_SEND)
247 && safi != SAFI_MPLS_VPN)
248 {
249 SET_FLAG (peer->af_sflags[afi][safi],
250 PEER_STATUS_EOR_SEND);
251 return bgp_update_packet_eor (peer, afi, safi);
252 }
253
254 }
255 continue;
256 }
257
258
259 /*
260 * Found a packet template to send, overwrite packet with appropriate
261 * attributes from peer and advance peer
262 */
263 s = bpacket_reformat_for_peer (next_pkt, paf);
264 bpacket_queue_advance_peer (paf);
265 if (bgp_debug_update(peer, NULL, NULL, 0))
266 zlog_debug ("u%" PRIu64 ":s%" PRIu64 "%s send UPDATE len %zu ",
267 PAF_SUBGRP(paf)->update_group->id, PAF_SUBGRP(paf)->id,
268 peer->host, (stream_get_endp(s) - stream_get_getp(s)));
269 return s;
270 }
271
272 return NULL;
273 }
274
275 /* The next action for the peer from a write perspective */
276 static void
277 bgp_write_proceed_actions (struct peer *peer)
278 {
279 afi_t afi;
280 safi_t safi;
281 struct peer_af *paf;
282 struct bpacket *next_pkt;
283 int fullq_found = 0;
284 struct update_subgroup *subgrp;
285
286 if (stream_fifo_head (peer->obuf))
287 {
288 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
289 return;
290 }
291
292 for (afi = AFI_IP; afi < AFI_MAX; afi++)
293 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
294 {
295 paf = peer_af_find (peer, afi, safi);
296 if (!paf)
297 continue;
298 subgrp = paf->subgroup;
299 if (!subgrp)
300 continue;
301
302 next_pkt = paf->next_pkt_to_send;
303 if (next_pkt && next_pkt->buffer)
304 {
305 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
306 return;
307 }
308
309 /* No packets readily available for AFI/SAFI, are there subgroup packets
310 * that need to be generated? */
311 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
312 SUBGRP_PKTQ(subgrp)))
313 fullq_found = 1;
314 else if (subgroup_packets_to_build (subgrp))
315 {
316 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
317 return;
318 }
319
320 /* No packets to send, see if EOR is pending */
321 if (CHECK_FLAG (peer->cap, PEER_CAP_RESTART_RCV))
322 {
323 if (!subgrp->t_coalesce &&
324 peer->afc_nego[afi][safi] &&
325 peer->synctime &&
326 !CHECK_FLAG(peer->af_sflags[afi][safi],
327 PEER_STATUS_EOR_SEND) &&
328 safi != SAFI_MPLS_VPN)
329 {
330 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
331 return;
332 }
333
334 }
335 }
336 if (fullq_found)
337 {
338 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
339 return;
340 }
341 }
342
343 /* Write packet to the peer. */
344 int
345 bgp_write (struct thread *thread)
346 {
347 struct peer *peer;
348 u_char type;
349 struct stream *s;
350 int num;
351 unsigned int count = 0;
352 unsigned int oc = 0;
353
354 /* Yes first of all get peer pointer. */
355 peer = THREAD_ARG (thread);
356 peer->t_write = NULL;
357
358 /* For non-blocking IO check. */
359 if (peer->status == Connect)
360 {
361 bgp_connect_check (peer, 1);
362 return 0;
363 }
364
365 s = bgp_write_packet (peer);
366 if (!s)
367 {
368 bgp_write_proceed_actions (peer);
369 return 0;
370 }
371
372 sockopt_cork (peer->fd, 1);
373
374 oc = peer->update_out;
375
376 /* Nonblocking write until TCP output buffer is full. */
377 do
378 {
379 int writenum;
380
381 /* Number of bytes to be sent. */
382 writenum = stream_get_endp (s) - stream_get_getp (s);
383
384 /* Call write() system call. */
385 num = write (peer->fd, STREAM_PNT (s), writenum);
386 if (num < 0)
387 {
388 /* write failed either retry needed or error */
389 if (ERRNO_IO_RETRY(errno))
390 break;
391
392 BGP_EVENT_ADD (peer, TCP_fatal_error);
393 return 0;
394 }
395
396 if (num != writenum)
397 {
398 /* Partial write */
399 stream_forward_getp (s, num);
400 break;
401 }
402
403 /* Retrieve BGP packet type. */
404 stream_set_getp (s, BGP_MARKER_SIZE + 2);
405 type = stream_getc (s);
406
407 switch (type)
408 {
409 case BGP_MSG_OPEN:
410 peer->open_out++;
411 break;
412 case BGP_MSG_UPDATE:
413 peer->update_out++;
414 break;
415 case BGP_MSG_NOTIFY:
416 peer->notify_out++;
417 /* Double start timer. */
418 peer->v_start *= 2;
419
420 /* Overflow check. */
421 if (peer->v_start >= (60 * 2))
422 peer->v_start = (60 * 2);
423
424 /* Flush any existing events */
425 BGP_EVENT_ADD (peer, BGP_Stop);
426 goto done;
427
428 case BGP_MSG_KEEPALIVE:
429 peer->keepalive_out++;
430 break;
431 case BGP_MSG_ROUTE_REFRESH_NEW:
432 case BGP_MSG_ROUTE_REFRESH_OLD:
433 peer->refresh_out++;
434 break;
435 case BGP_MSG_CAPABILITY:
436 peer->dynamic_cap_out++;
437 break;
438 }
439
440 /* OK we send packet so delete it. */
441 bgp_packet_delete (peer);
442 }
443 while (++count < peer->bgp->wpkt_quanta &&
444 (s = bgp_write_packet (peer)) != NULL);
445
446 bgp_write_proceed_actions (peer);
447
448 done:
449 /* Update the last write if some updates were written. */
450 if (peer->update_out > oc)
451 peer->last_write = bgp_clock ();
452
453 sockopt_cork (peer->fd, 0);
454 return 0;
455 }
456
457 /* This is only for sending NOTIFICATION message to neighbor. */
458 static int
459 bgp_write_notify (struct peer *peer)
460 {
461 int ret, val;
462 u_char type;
463 struct stream *s;
464
465 /* There should be at least one packet. */
466 s = stream_fifo_head (peer->obuf);
467 if (!s)
468 return 0;
469 assert (stream_get_endp (s) >= BGP_HEADER_SIZE);
470
471 /* Stop collecting data within the socket */
472 sockopt_cork (peer->fd, 0);
473
474 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
475 * we only care about getting a clean shutdown at this point. */
476 ret = write (peer->fd, STREAM_DATA (s), stream_get_endp (s));
477
478 /* only connection reset/close gets counted as TCP_fatal_error, failure
479 * to write the entire NOTIFY doesn't get different FSM treatment */
480 if (ret <= 0)
481 {
482 BGP_EVENT_ADD (peer, TCP_fatal_error);
483 return 0;
484 }
485
486 /* Disable Nagle, make NOTIFY packet go out right away */
487 val = 1;
488 (void) setsockopt (peer->fd, IPPROTO_TCP, TCP_NODELAY,
489 (char *) &val, sizeof (val));
490
491 /* Retrieve BGP packet type. */
492 stream_set_getp (s, BGP_MARKER_SIZE + 2);
493 type = stream_getc (s);
494
495 assert (type == BGP_MSG_NOTIFY);
496
497 /* Type should be notify. */
498 peer->notify_out++;
499
500 /* Double start timer. */
501 peer->v_start *= 2;
502
503 /* Overflow check. */
504 if (peer->v_start >= (60 * 2))
505 peer->v_start = (60 * 2);
506
507 /* Handle Graceful Restart case where the state changes to
508 Connect instead of Idle */
509 BGP_EVENT_ADD (peer, BGP_Stop);
510
511 return 0;
512 }
513
514 /* Make keepalive packet and send it to the peer. */
515 void
516 bgp_keepalive_send (struct peer *peer)
517 {
518 struct stream *s;
519
520 s = stream_new (BGP_MAX_PACKET_SIZE);
521
522 /* Make keepalive packet. */
523 bgp_packet_set_marker (s, BGP_MSG_KEEPALIVE);
524
525 /* Set packet size. */
526 (void)bgp_packet_set_size (s);
527
528 /* Dump packet if debug option is set. */
529 /* bgp_packet_dump (s); */
530
531 if (bgp_debug_keepalive(peer))
532 zlog_debug ("%s sending KEEPALIVE", peer->host);
533
534 /* Add packet to the peer. */
535 bgp_packet_add (peer, s);
536
537 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
538 }
539
540 /* Make open packet and send it to the peer. */
541 void
542 bgp_open_send (struct peer *peer)
543 {
544 struct stream *s;
545 u_int16_t send_holdtime;
546 as_t local_as;
547
548 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
549 send_holdtime = peer->holdtime;
550 else
551 send_holdtime = peer->bgp->default_holdtime;
552
553 /* local-as Change */
554 if (peer->change_local_as)
555 local_as = peer->change_local_as;
556 else
557 local_as = peer->local_as;
558
559 s = stream_new (BGP_MAX_PACKET_SIZE);
560
561 /* Make open packet. */
562 bgp_packet_set_marker (s, BGP_MSG_OPEN);
563
564 /* Set open packet values. */
565 stream_putc (s, BGP_VERSION_4); /* BGP version */
566 stream_putw (s, (local_as <= BGP_AS_MAX) ? (u_int16_t) local_as
567 : BGP_AS_TRANS);
568 stream_putw (s, send_holdtime); /* Hold Time */
569 stream_put_in_addr (s, &peer->local_id); /* BGP Identifier */
570
571 /* Set capability code. */
572 bgp_open_capability (s, peer);
573
574 /* Set BGP packet length. */
575 (void)bgp_packet_set_size (s);
576
577 if (bgp_debug_neighbor_events(peer))
578 zlog_debug ("%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
579 peer->host, BGP_VERSION_4, local_as,
580 send_holdtime, inet_ntoa (peer->local_id));
581
582 /* Dump packet if debug option is set. */
583 /* bgp_packet_dump (s); */
584
585 /* Add packet to the peer. */
586 bgp_packet_add (peer, s);
587
588 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
589 }
590
591 /* Send BGP notify packet with data potion. */
592 void
593 bgp_notify_send_with_data (struct peer *peer, u_char code, u_char sub_code,
594 u_char *data, size_t datalen)
595 {
596 struct stream *s;
597 int length;
598
599 /* Allocate new stream. */
600 s = stream_new (BGP_MAX_PACKET_SIZE);
601
602 /* Make nitify packet. */
603 bgp_packet_set_marker (s, BGP_MSG_NOTIFY);
604
605 /* Set notify packet values. */
606 stream_putc (s, code); /* BGP notify code */
607 stream_putc (s, sub_code); /* BGP notify sub_code */
608
609 /* If notify data is present. */
610 if (data)
611 stream_write (s, data, datalen);
612
613 /* Set BGP packet length. */
614 length = bgp_packet_set_size (s);
615
616 /* Add packet to the peer. */
617 stream_fifo_clean (peer->obuf);
618 bgp_packet_add (peer, s);
619
620 /* For debug */
621 {
622 struct bgp_notify bgp_notify;
623 int first = 0;
624 int i;
625 char c[4];
626
627 bgp_notify.code = code;
628 bgp_notify.subcode = sub_code;
629 bgp_notify.data = NULL;
630 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
631
632 if (bgp_notify.length)
633 {
634 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
635 for (i = 0; i < bgp_notify.length; i++)
636 if (first)
637 {
638 sprintf (c, " %02x", data[i]);
639 strcat (bgp_notify.data, c);
640 }
641 else
642 {
643 first = 1;
644 sprintf (c, "%02x", data[i]);
645 strcpy (bgp_notify.data, c);
646 }
647 }
648 bgp_notify_print (peer, &bgp_notify, "sending");
649 if (bgp_notify.data)
650 XFREE (MTYPE_TMP, bgp_notify.data);
651 }
652
653 /* peer reset cause */
654 if (sub_code != BGP_NOTIFY_CEASE_CONFIG_CHANGE)
655 {
656 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
657 peer->last_reset = PEER_DOWN_USER_RESET;
658 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
659 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
660 else
661 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
662 }
663
664 /* Call immediately. */
665 BGP_WRITE_OFF (peer->t_write);
666
667 bgp_write_notify (peer);
668 }
669
670 /* Send BGP notify packet. */
671 void
672 bgp_notify_send (struct peer *peer, u_char code, u_char sub_code)
673 {
674 bgp_notify_send_with_data (peer, code, sub_code, NULL, 0);
675 }
676
677 /* Send route refresh message to the peer. */
678 void
679 bgp_route_refresh_send (struct peer *peer, afi_t afi, safi_t safi,
680 u_char orf_type, u_char when_to_refresh, int remove)
681 {
682 struct stream *s;
683 struct stream *packet;
684 struct bgp_filter *filter;
685 int orf_refresh = 0;
686
687 if (DISABLE_BGP_ANNOUNCE)
688 return;
689
690 filter = &peer->filter[afi][safi];
691
692 /* Adjust safi code. */
693 if (safi == SAFI_MPLS_VPN)
694 safi = SAFI_MPLS_LABELED_VPN;
695
696 s = stream_new (BGP_MAX_PACKET_SIZE);
697
698 /* Make BGP update packet. */
699 if (CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV))
700 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_NEW);
701 else
702 bgp_packet_set_marker (s, BGP_MSG_ROUTE_REFRESH_OLD);
703
704 /* Encode Route Refresh message. */
705 stream_putw (s, afi);
706 stream_putc (s, 0);
707 stream_putc (s, safi);
708
709 if (orf_type == ORF_TYPE_PREFIX
710 || orf_type == ORF_TYPE_PREFIX_OLD)
711 if (remove || filter->plist[FILTER_IN].plist)
712 {
713 u_int16_t orf_len;
714 unsigned long orfp;
715
716 orf_refresh = 1;
717 stream_putc (s, when_to_refresh);
718 stream_putc (s, orf_type);
719 orfp = stream_get_endp (s);
720 stream_putw (s, 0);
721
722 if (remove)
723 {
724 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
725 stream_putc (s, ORF_COMMON_PART_REMOVE_ALL);
726 if (bgp_debug_neighbor_events(peer))
727 zlog_debug ("%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
728 peer->host, orf_type,
729 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
730 afi, safi);
731 }
732 else
733 {
734 SET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_PREFIX_SEND);
735 prefix_bgp_orf_entry (s, filter->plist[FILTER_IN].plist,
736 ORF_COMMON_PART_ADD, ORF_COMMON_PART_PERMIT,
737 ORF_COMMON_PART_DENY);
738 if (bgp_debug_neighbor_events(peer))
739 zlog_debug ("%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
740 peer->host, orf_type,
741 (when_to_refresh == REFRESH_DEFER ? "defer" : "immediate"),
742 afi, safi);
743 }
744
745 /* Total ORF Entry Len. */
746 orf_len = stream_get_endp (s) - orfp - 2;
747 stream_putw_at (s, orfp, orf_len);
748 }
749
750 /* Set packet size. */
751 (void)bgp_packet_set_size (s);
752
753 if (bgp_debug_neighbor_events(peer))
754 {
755 if (! orf_refresh)
756 zlog_debug ("%s sending REFRESH_REQ for afi/safi: %d/%d",
757 peer->host, afi, safi);
758 }
759
760 /* Make real packet. */
761 packet = stream_dup (s);
762 stream_free (s);
763
764 /* Add packet to the peer. */
765 bgp_packet_add (peer, packet);
766
767 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
768 }
769
770 /* Send capability message to the peer. */
771 void
772 bgp_capability_send (struct peer *peer, afi_t afi, safi_t safi,
773 int capability_code, int action)
774 {
775 struct stream *s;
776 struct stream *packet;
777
778 /* Adjust safi code. */
779 if (safi == SAFI_MPLS_VPN)
780 safi = SAFI_MPLS_LABELED_VPN;
781
782 s = stream_new (BGP_MAX_PACKET_SIZE);
783
784 /* Make BGP update packet. */
785 bgp_packet_set_marker (s, BGP_MSG_CAPABILITY);
786
787 /* Encode MP_EXT capability. */
788 if (capability_code == CAPABILITY_CODE_MP)
789 {
790 stream_putc (s, action);
791 stream_putc (s, CAPABILITY_CODE_MP);
792 stream_putc (s, CAPABILITY_CODE_MP_LEN);
793 stream_putw (s, afi);
794 stream_putc (s, 0);
795 stream_putc (s, safi);
796
797 if (bgp_debug_neighbor_events(peer))
798 zlog_debug ("%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
799 peer->host, action == CAPABILITY_ACTION_SET ?
800 "Advertising" : "Removing", afi, safi);
801 }
802
803 /* Set packet size. */
804 (void)bgp_packet_set_size (s);
805
806 /* Make real packet. */
807 packet = stream_dup (s);
808 stream_free (s);
809
810 /* Add packet to the peer. */
811 bgp_packet_add (peer, packet);
812
813 BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd);
814 }
815
816 /* RFC1771 6.8 Connection collision detection. */
817 static int
818 bgp_collision_detect (struct peer *new, struct in_addr remote_id)
819 {
820 struct peer *peer;
821
822 /* Upon receipt of an OPEN message, the local system must examine
823 all of its connections that are in the OpenConfirm state. A BGP
824 speaker may also examine connections in an OpenSent state if it
825 knows the BGP Identifier of the peer by means outside of the
826 protocol. If among these connections there is a connection to a
827 remote BGP speaker whose BGP Identifier equals the one in the
828 OPEN message, then the local system performs the following
829 collision resolution procedure: */
830
831 if ((peer = new->doppelganger) != NULL)
832 {
833 /* Do not accept the new connection in Established or Clearing states.
834 * Note that a peer GR is handled by closing the existing connection
835 * upon receipt of new one.
836 */
837 if (peer->status == Established || peer->status == Clearing)
838 {
839 bgp_notify_send (new, BGP_NOTIFY_CEASE,
840 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
841 return (-1);
842 }
843 else if ((peer->status == OpenConfirm) || (peer->status == OpenSent))
844 {
845 /* 1. The BGP Identifier of the local system is compared to
846 the BGP Identifier of the remote system (as specified in
847 the OPEN message). */
848
849 if (ntohl (peer->local_id.s_addr) < ntohl (remote_id.s_addr))
850 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
851 {
852 /* 2. If the value of the local BGP Identifier is less
853 than the remote one, the local system closes BGP
854 connection that already exists (the one that is
855 already in the OpenConfirm state), and accepts BGP
856 connection initiated by the remote system. */
857 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
858 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
859 return 1;
860 }
861 else
862 {
863 bgp_notify_send (new, BGP_NOTIFY_CEASE,
864 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
865 return -1;
866 }
867 else
868 {
869 /* 3. Otherwise, the local system closes newly created
870 BGP connection (the one associated with the newly
871 received OPEN message), and continues to use the
872 existing one (the one that is already in the
873 OpenConfirm state). */
874 if (CHECK_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER))
875 {
876 bgp_notify_send (peer, BGP_NOTIFY_CEASE,
877 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
878 return 1;
879 }
880 else
881 {
882 bgp_notify_send (new, BGP_NOTIFY_CEASE,
883 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
884 return -1;
885 }
886 }
887 }
888 }
889 return 0;
890 }
891
892 static int
893 bgp_open_receive (struct peer *peer, bgp_size_t size)
894 {
895 int ret;
896 u_char version;
897 u_char optlen;
898 u_int16_t holdtime;
899 u_int16_t send_holdtime;
900 as_t remote_as;
901 as_t as4 = 0;
902 struct in_addr remote_id;
903 int mp_capability;
904 u_int8_t notify_data_remote_as[2];
905 u_int8_t notify_data_remote_as4[4];
906 u_int8_t notify_data_remote_id[4];
907 u_int16_t *holdtime_ptr;
908
909 /* Parse open packet. */
910 version = stream_getc (peer->ibuf);
911 memcpy (notify_data_remote_as, stream_pnt (peer->ibuf), 2);
912 remote_as = stream_getw (peer->ibuf);
913 holdtime_ptr = (u_int16_t *)stream_pnt (peer->ibuf);
914 holdtime = stream_getw (peer->ibuf);
915 memcpy (notify_data_remote_id, stream_pnt (peer->ibuf), 4);
916 remote_id.s_addr = stream_get_ipv4 (peer->ibuf);
917
918 /* Receive OPEN message log */
919 if (bgp_debug_neighbor_events(peer))
920 zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %u,"
921 " holdtime %d, id %s",
922 peer->host, version, remote_as, holdtime,
923 inet_ntoa (remote_id));
924
925 /* BEGIN to read the capability here, but dont do it yet */
926 mp_capability = 0;
927 optlen = stream_getc (peer->ibuf);
928
929 if (optlen != 0)
930 {
931 /* We need the as4 capability value *right now* because
932 * if it is there, we have not got the remote_as yet, and without
933 * that we do not know which peer is connecting to us now.
934 */
935 as4 = peek_for_as4_capability (peer, optlen);
936 memcpy (notify_data_remote_as4, &as4, 4);
937 }
938
939 /* Just in case we have a silly peer who sends AS4 capability set to 0 */
940 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV) && !as4)
941 {
942 zlog_err ("%s bad OPEN, got AS4 capability, but AS4 set to 0",
943 peer->host);
944 bgp_notify_send_with_data (peer,
945 BGP_NOTIFY_OPEN_ERR,
946 BGP_NOTIFY_OPEN_BAD_PEER_AS,
947 notify_data_remote_as4, 4);
948 return -1;
949 }
950
951 if (remote_as == BGP_AS_TRANS)
952 {
953 /* Take the AS4 from the capability. We must have received the
954 * capability now! Otherwise we have a asn16 peer who uses
955 * BGP_AS_TRANS, for some unknown reason.
956 */
957 if (as4 == BGP_AS_TRANS)
958 {
959 zlog_err ("%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
960 peer->host);
961 bgp_notify_send_with_data (peer,
962 BGP_NOTIFY_OPEN_ERR,
963 BGP_NOTIFY_OPEN_BAD_PEER_AS,
964 notify_data_remote_as4, 4);
965 return -1;
966 }
967
968 if (!as4 && BGP_DEBUG (as4, AS4))
969 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
970 " Odd, but proceeding.", peer->host);
971 else if (as4 < BGP_AS_MAX && BGP_DEBUG (as4, AS4))
972 zlog_debug ("%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
973 "in 2-bytes, very odd peer.", peer->host, as4);
974 if (as4)
975 remote_as = as4;
976 }
977 else
978 {
979 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX */
980 /* If we have got the capability, peer->as4cap must match remote_as */
981 if (CHECK_FLAG (peer->cap, PEER_CAP_AS4_RCV)
982 && as4 != remote_as)
983 {
984 /* raise error, log this, close session */
985 zlog_err ("%s bad OPEN, got AS4 capability, but remote_as %u"
986 " mismatch with 16bit 'myasn' %u in open",
987 peer->host, as4, remote_as);
988 bgp_notify_send_with_data (peer,
989 BGP_NOTIFY_OPEN_ERR,
990 BGP_NOTIFY_OPEN_BAD_PEER_AS,
991 notify_data_remote_as4, 4);
992 return -1;
993 }
994 }
995
996 /* remote router-id check. */
997 if (remote_id.s_addr == 0
998 || IPV4_CLASS_DE (ntohl (remote_id.s_addr))
999 || ntohl (peer->local_id.s_addr) == ntohl (remote_id.s_addr))
1000 {
1001 if (bgp_debug_neighbor_events(peer))
1002 zlog_debug ("%s bad OPEN, wrong router identifier %s",
1003 peer->host, inet_ntoa (remote_id));
1004 bgp_notify_send_with_data (peer,
1005 BGP_NOTIFY_OPEN_ERR,
1006 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1007 notify_data_remote_id, 4);
1008 return -1;
1009 }
1010
1011 /* Set remote router-id */
1012 peer->remote_id = remote_id;
1013
1014 /* Peer BGP version check. */
1015 if (version != BGP_VERSION_4)
1016 {
1017 u_int16_t maxver = htons(BGP_VERSION_4);
1018 /* XXX this reply may not be correct if version < 4 XXX */
1019 if (bgp_debug_neighbor_events(peer))
1020 zlog_debug ("%s bad protocol version, remote requested %d, local request %d",
1021 peer->host, version, BGP_VERSION_4);
1022 /* Data must be in network byte order here */
1023 bgp_notify_send_with_data (peer,
1024 BGP_NOTIFY_OPEN_ERR,
1025 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1026 (u_int8_t *) &maxver, 2);
1027 return -1;
1028 }
1029
1030 /* Check neighbor as number. */
1031 if (peer->as_type == AS_INTERNAL)
1032 {
1033 if (remote_as != peer->bgp->as)
1034 {
1035 if (bgp_debug_neighbor_events(peer))
1036 zlog_debug ("%s bad OPEN, remote AS is %u, internal specified",
1037 peer->host, remote_as);
1038 bgp_notify_send_with_data (peer,
1039 BGP_NOTIFY_OPEN_ERR,
1040 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1041 notify_data_remote_as, 2);
1042 return -1;
1043 }
1044 peer->as = peer->local_as;
1045 }
1046 else if (peer->as_type == AS_EXTERNAL)
1047 {
1048 if (remote_as == peer->bgp->as)
1049 {
1050 if (bgp_debug_neighbor_events(peer))
1051 zlog_debug ("%s bad OPEN, remote AS is %u, external specified",
1052 peer->host, remote_as);
1053 bgp_notify_send_with_data (peer,
1054 BGP_NOTIFY_OPEN_ERR,
1055 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1056 notify_data_remote_as, 2);
1057 return -1;
1058 }
1059 peer->as = remote_as;
1060 }
1061 else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as))
1062 {
1063 if (bgp_debug_neighbor_events(peer))
1064 zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
1065 peer->host, remote_as, peer->as);
1066 bgp_notify_send_with_data (peer,
1067 BGP_NOTIFY_OPEN_ERR,
1068 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1069 notify_data_remote_as, 2);
1070 return -1;
1071 }
1072
1073 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1074 calculate the value of the Hold Timer by using the smaller of its
1075 configured Hold Time and the Hold Time received in the OPEN message.
1076 The Hold Time MUST be either zero or at least three seconds. An
1077 implementation may reject connections on the basis of the Hold Time. */
1078
1079 if (holdtime < 3 && holdtime != 0)
1080 {
1081 bgp_notify_send_with_data (peer,
1082 BGP_NOTIFY_OPEN_ERR,
1083 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1084 (u_char *)holdtime_ptr, 2);
1085 return -1;
1086 }
1087
1088 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1089 would be one third of the Hold Time interval. KEEPALIVE messages
1090 MUST NOT be sent more frequently than one per second. An
1091 implementation MAY adjust the rate at which it sends KEEPALIVE
1092 messages as a function of the Hold Time interval. */
1093
1094 if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER))
1095 send_holdtime = peer->holdtime;
1096 else
1097 send_holdtime = peer->bgp->default_holdtime;
1098
1099 if (holdtime < send_holdtime)
1100 peer->v_holdtime = holdtime;
1101 else
1102 peer->v_holdtime = send_holdtime;
1103
1104 peer->v_keepalive = peer->v_holdtime / 3;
1105
1106 /* Open option part parse. */
1107 if (optlen != 0)
1108 {
1109 if ((ret = bgp_open_option_parse (peer, optlen, &mp_capability)) < 0)
1110 {
1111 bgp_notify_send (peer,
1112 BGP_NOTIFY_OPEN_ERR,
1113 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME);
1114 return ret;
1115 }
1116 }
1117 else
1118 {
1119 if (bgp_debug_neighbor_events(peer))
1120 zlog_debug ("%s rcvd OPEN w/ OPTION parameter len: 0",
1121 peer->host);
1122 }
1123
1124 /*
1125 * Assume that the peer supports the locally configured set of
1126 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1127 * capabilities, or if 'override-capability' is configured.
1128 */
1129 if (! mp_capability ||
1130 CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
1131 {
1132 peer->afc_nego[AFI_IP][SAFI_UNICAST] = peer->afc[AFI_IP][SAFI_UNICAST];
1133 peer->afc_nego[AFI_IP][SAFI_MULTICAST] = peer->afc[AFI_IP][SAFI_MULTICAST];
1134 peer->afc_nego[AFI_IP6][SAFI_UNICAST] = peer->afc[AFI_IP6][SAFI_UNICAST];
1135 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = peer->afc[AFI_IP6][SAFI_MULTICAST];
1136 }
1137
1138 /* When collision is detected and this peer is closed. Retrun
1139 immidiately. */
1140 ret = bgp_collision_detect (peer, remote_id);
1141 if (ret < 0)
1142 return ret;
1143
1144 /* Get sockname. */
1145 if ((ret = bgp_getsockname (peer)) < 0)
1146 {
1147 zlog_err("%s: bgp_getsockname() failed for peer: %s", __FUNCTION__,
1148 peer->host);
1149 return (ret);
1150 }
1151
1152 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0)
1153 {
1154 zlog_err("%s: BGP event update failed for peer: %s", __FUNCTION__,
1155 peer->host);
1156 /* DD: bgp send notify and reset state */
1157 return (ret);
1158 }
1159
1160 peer->packet_size = 0;
1161 if (peer->ibuf)
1162 stream_reset (peer->ibuf);
1163
1164 return 0;
1165 }
1166
1167 /* Called when there is a change in the EOR(implicit or explicit) status of a peer.
1168 Ends the update-delay if all expected peers are done with EORs. */
1169 void
1170 bgp_check_update_delay(struct bgp *bgp)
1171 {
1172 struct listnode *node, *nnode;
1173 struct peer *peer = NULL;
1174
1175 if (bgp_debug_neighbor_events(peer))
1176 zlog_debug ("Checking update delay, T: %d R: %d I:%d E: %d", bgp->established,
1177 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1178
1179 if (bgp->established <=
1180 bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors)
1181 {
1182 /* This is an extra sanity check to make sure we wait for all the
1183 eligible configured peers. This check is performed if establish wait
1184 timer is on, or establish wait option is not given with the
1185 update-delay command */
1186 if (bgp->t_establish_wait ||
1187 (bgp->v_establish_wait == bgp->v_update_delay))
1188 for (ALL_LIST_ELEMENTS (bgp->peer, node, nnode, peer))
1189 {
1190 if (CHECK_FLAG(peer->flags, PEER_FLAG_CONFIG_NODE)
1191 && !CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)
1192 && !peer->update_delay_over)
1193 {
1194 if (bgp_debug_neighbor_events(peer))
1195 zlog_debug (" Peer %s pending, continuing read-only mode",
1196 peer->host);
1197 return;
1198 }
1199 }
1200
1201 zlog_info ("Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1202 bgp->restarted_peers, bgp->implicit_eors, bgp->explicit_eors);
1203 bgp_update_delay_end(bgp);
1204 }
1205 }
1206
1207 /* Called if peer is known to have restarted. The restart-state bit in
1208 Graceful-Restart capability is used for that */
1209 void
1210 bgp_update_restarted_peers (struct peer *peer)
1211 {
1212 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1213 if (peer->update_delay_over) return; /* This peer has already been considered */
1214
1215 if (bgp_debug_neighbor_events(peer))
1216 zlog_debug ("Peer %s: Checking restarted", peer->host);
1217
1218 if (peer->status == Established)
1219 {
1220 peer->update_delay_over = 1;
1221 peer->bgp->restarted_peers++;
1222 bgp_check_update_delay(peer->bgp);
1223 }
1224 }
1225
1226 /* Called as peer receives a keep-alive. Determines if this occurence can be
1227 taken as an implicit EOR for this peer.
1228 NOTE: The very first keep-alive after the Established state of a peer is
1229 considered implicit EOR for the update-delay purposes */
1230 void
1231 bgp_update_implicit_eors (struct peer *peer)
1232 {
1233 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1234 if (peer->update_delay_over) return; /* This peer has already been considered */
1235
1236 if (bgp_debug_neighbor_events(peer))
1237 zlog_debug ("Peer %s: Checking implicit EORs", peer->host);
1238
1239 if (peer->status == Established)
1240 {
1241 peer->update_delay_over = 1;
1242 peer->bgp->implicit_eors++;
1243 bgp_check_update_delay(peer->bgp);
1244 }
1245 }
1246
1247 /* Should be called only when there is a change in the EOR_RECEIVED status
1248 for any afi/safi on a peer */
1249 static void
1250 bgp_update_explicit_eors (struct peer *peer)
1251 {
1252 afi_t afi;
1253 safi_t safi;
1254
1255 if (!bgp_update_delay_active(peer->bgp)) return; /* BGP update delay has ended */
1256 if (peer->update_delay_over) return; /* This peer has already been considered */
1257
1258 if (bgp_debug_neighbor_events(peer))
1259 zlog_debug ("Peer %s: Checking explicit EORs", peer->host);
1260
1261 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1262 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++)
1263 {
1264 if (peer->afc_nego[afi][safi] &&
1265 !CHECK_FLAG(peer->af_sflags[afi][safi], PEER_STATUS_EOR_RECEIVED))
1266 {
1267 if (bgp_debug_neighbor_events(peer))
1268 zlog_debug (" afi %d safi %d didnt receive EOR", afi, safi);
1269 return;
1270 }
1271 }
1272
1273 peer->update_delay_over = 1;
1274 peer->bgp->explicit_eors++;
1275 bgp_check_update_delay(peer->bgp);
1276 }
1277
1278 /* Parse BGP Update packet and make attribute object. */
1279 static int
1280 bgp_update_receive (struct peer *peer, bgp_size_t size)
1281 {
1282 int ret;
1283 u_char *end;
1284 struct stream *s;
1285 struct attr attr;
1286 struct attr_extra extra;
1287 bgp_size_t attribute_len;
1288 bgp_size_t update_len;
1289 bgp_size_t withdraw_len;
1290 struct bgp_nlri update;
1291 struct bgp_nlri withdraw;
1292 struct bgp_nlri mp_update;
1293 struct bgp_nlri mp_withdraw;
1294 int num_pfx_adv, num_pfx_wd;
1295
1296 /* Status must be Established. */
1297 if (peer->status != Established)
1298 {
1299 zlog_err ("%s [FSM] Update packet received under status %s",
1300 peer->host, LOOKUP (bgp_status_msg, peer->status));
1301 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1302 return -1;
1303 }
1304
1305 /* Set initial values. */
1306 memset (&attr, 0, sizeof (struct attr));
1307 memset (&extra, 0, sizeof (struct attr_extra));
1308 memset (&update, 0, sizeof (struct bgp_nlri));
1309 memset (&withdraw, 0, sizeof (struct bgp_nlri));
1310 memset (&mp_update, 0, sizeof (struct bgp_nlri));
1311 memset (&mp_withdraw, 0, sizeof (struct bgp_nlri));
1312 attr.extra = &extra;
1313 num_pfx_adv = num_pfx_wd = 0;
1314 memset (peer->rcvd_attr_str, 0, BUFSIZ);
1315 peer->rcvd_attr_printed = 0;
1316
1317 s = peer->ibuf;
1318 end = stream_pnt (s) + size;
1319
1320 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1321 Length is too large (i.e., if Unfeasible Routes Length + Total
1322 Attribute Length + 23 exceeds the message Length), then the Error
1323 Subcode is set to Malformed Attribute List. */
1324 if (stream_pnt (s) + 2 > end)
1325 {
1326 zlog_err ("%s [Error] Update packet error"
1327 " (packet length is short for unfeasible length)",
1328 peer->host);
1329 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1330 BGP_NOTIFY_UPDATE_MAL_ATTR);
1331 return -1;
1332 }
1333
1334 /* Unfeasible Route Length. */
1335 withdraw_len = stream_getw (s);
1336
1337 /* Unfeasible Route Length check. */
1338 if (stream_pnt (s) + withdraw_len > end)
1339 {
1340 zlog_err ("%s [Error] Update packet error"
1341 " (packet unfeasible length overflow %d)",
1342 peer->host, withdraw_len);
1343 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1344 BGP_NOTIFY_UPDATE_MAL_ATTR);
1345 return -1;
1346 }
1347
1348 /* Unfeasible Route packet format check. */
1349 if (withdraw_len > 0)
1350 {
1351 ret = bgp_nlri_sanity_check (peer, AFI_IP, SAFI_UNICAST, stream_pnt (s),
1352 withdraw_len, &num_pfx_wd);
1353 if (ret < 0)
1354 return -1;
1355
1356 withdraw.afi = AFI_IP;
1357 withdraw.safi = SAFI_UNICAST;
1358 withdraw.nlri = stream_pnt (s);
1359 withdraw.length = withdraw_len;
1360 stream_forward_getp (s, withdraw_len);
1361 }
1362
1363 /* Attribute total length check. */
1364 if (stream_pnt (s) + 2 > end)
1365 {
1366 zlog_warn ("%s [Error] Packet Error"
1367 " (update packet is short for attribute length)",
1368 peer->host);
1369 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1370 BGP_NOTIFY_UPDATE_MAL_ATTR);
1371 return -1;
1372 }
1373
1374 /* Fetch attribute total length. */
1375 attribute_len = stream_getw (s);
1376
1377 /* Attribute length check. */
1378 if (stream_pnt (s) + attribute_len > end)
1379 {
1380 zlog_warn ("%s [Error] Packet Error"
1381 " (update packet attribute length overflow %d)",
1382 peer->host, attribute_len);
1383 bgp_notify_send (peer, BGP_NOTIFY_UPDATE_ERR,
1384 BGP_NOTIFY_UPDATE_MAL_ATTR);
1385 return -1;
1386 }
1387
1388 /* Certain attribute parsing errors should not be considered bad enough
1389 * to reset the session for, most particularly any partial/optional
1390 * attributes that have 'tunneled' over speakers that don't understand
1391 * them. Instead we withdraw only the prefix concerned.
1392 *
1393 * Complicates the flow a little though..
1394 */
1395 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1396 /* This define morphs the update case into a withdraw when lower levels
1397 * have signalled an error condition where this is best.
1398 */
1399 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1400
1401 /* Parse attribute when it exists. */
1402 if (attribute_len)
1403 {
1404 attr_parse_ret = bgp_attr_parse (peer, &attr, attribute_len,
1405 &mp_update, &mp_withdraw);
1406 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR)
1407 {
1408 bgp_attr_unintern_sub (&attr);
1409 return -1;
1410 }
1411 }
1412
1413 /* Logging the attribute. */
1414 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW ||
1415 BGP_DEBUG (update, UPDATE_IN) ||
1416 BGP_DEBUG (update, UPDATE_PREFIX))
1417 {
1418 ret = bgp_dump_attr (peer, &attr, peer->rcvd_attr_str, BUFSIZ);
1419
1420 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1421 zlog_err ("%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1422 peer->host);
1423
1424 if (ret && bgp_debug_update(peer, NULL, NULL, 1))
1425 {
1426 zlog_debug ("%s rcvd UPDATE w/ attr: %s", peer->host, peer->rcvd_attr_str);
1427 peer->rcvd_attr_printed = 1;
1428 }
1429 }
1430
1431 /* Network Layer Reachability Information. */
1432 update_len = end - stream_pnt (s);
1433
1434 if (update_len)
1435 {
1436 /* Check NLRI packet format and prefix length. */
1437 ret = bgp_nlri_sanity_check (peer, AFI_IP, SAFI_UNICAST, stream_pnt (s),
1438 update_len, &num_pfx_adv);
1439 if (ret < 0)
1440 {
1441 bgp_attr_unintern_sub (&attr);
1442 return -1;
1443 }
1444
1445 /* Set NLRI portion to structure. */
1446 update.afi = AFI_IP;
1447 update.safi = SAFI_UNICAST;
1448 update.nlri = stream_pnt (s);
1449 update.length = update_len;
1450 stream_forward_getp (s, update_len);
1451 }
1452
1453 if (BGP_DEBUG (update, UPDATE_IN))
1454 zlog_debug("%s rcvd UPDATE wlen %d wpfx %d attrlen %d alen %d apfx %d",
1455 peer->host, withdraw_len, num_pfx_wd, attribute_len,
1456 update_len, num_pfx_adv);
1457
1458 /* NLRI is processed only when the peer is configured specific
1459 Address Family and Subsequent Address Family. */
1460 if (peer->afc[AFI_IP][SAFI_UNICAST])
1461 {
1462 if (withdraw.length)
1463 bgp_nlri_parse (peer, NULL, &withdraw);
1464
1465 if (update.length)
1466 {
1467 /* We check well-known attribute only for IPv4 unicast
1468 update. */
1469 ret = bgp_attr_check (peer, &attr);
1470 if (ret < 0)
1471 {
1472 bgp_attr_unintern_sub (&attr);
1473 return -1;
1474 }
1475
1476 bgp_nlri_parse (peer, NLRI_ATTR_ARG, &update);
1477 }
1478
1479 if (mp_update.length
1480 && mp_update.afi == AFI_IP
1481 && mp_update.safi == SAFI_UNICAST)
1482 bgp_nlri_parse (peer, NLRI_ATTR_ARG, &mp_update);
1483
1484 if (mp_withdraw.length
1485 && mp_withdraw.afi == AFI_IP
1486 && mp_withdraw.safi == SAFI_UNICAST)
1487 bgp_nlri_parse (peer, NULL, &mp_withdraw);
1488
1489 if (! attribute_len && ! withdraw_len)
1490 {
1491 /* End-of-RIB received */
1492 if (!CHECK_FLAG(peer->af_sflags[AFI_IP][SAFI_UNICAST],
1493 PEER_STATUS_EOR_RECEIVED))
1494 {
1495 SET_FLAG (peer->af_sflags[AFI_IP][SAFI_UNICAST],
1496 PEER_STATUS_EOR_RECEIVED);
1497 bgp_update_explicit_eors(peer);
1498 }
1499
1500 /* NSF delete stale route */
1501 if (peer->nsf[AFI_IP][SAFI_UNICAST])
1502 bgp_clear_stale_route (peer, AFI_IP, SAFI_UNICAST);
1503
1504 if (bgp_debug_neighbor_events(peer))
1505 zlog_debug ("rcvd End-of-RIB for IPv4 Unicast from %s", peer->host);
1506 }
1507 }
1508 if (peer->afc[AFI_IP][SAFI_MULTICAST])
1509 {
1510 if (mp_update.length
1511 && mp_update.afi == AFI_IP
1512 && mp_update.safi == SAFI_MULTICAST)
1513 bgp_nlri_parse (peer, NLRI_ATTR_ARG, &mp_update);
1514
1515 if (mp_withdraw.length
1516 && mp_withdraw.afi == AFI_IP
1517 && mp_withdraw.safi == SAFI_MULTICAST)
1518 bgp_nlri_parse (peer, NULL, &mp_withdraw);
1519
1520 if (! withdraw_len
1521 && mp_withdraw.afi == AFI_IP
1522 && mp_withdraw.safi == SAFI_MULTICAST
1523 && mp_withdraw.length == 0)
1524 {
1525 /* End-of-RIB received */
1526 if (!CHECK_FLAG (peer->af_sflags[AFI_IP][SAFI_MULTICAST],
1527 PEER_STATUS_EOR_RECEIVED))
1528 {
1529 SET_FLAG (peer->af_sflags[AFI_IP][SAFI_MULTICAST],
1530 PEER_STATUS_EOR_RECEIVED);
1531 bgp_update_explicit_eors(peer);
1532 }
1533
1534 /* NSF delete stale route */
1535 if (peer->nsf[AFI_IP][SAFI_MULTICAST])
1536 bgp_clear_stale_route (peer, AFI_IP, SAFI_MULTICAST);
1537
1538 if (bgp_debug_neighbor_events(peer))
1539 zlog_debug ("rcvd End-of-RIB for IPv4 Multicast from %s", peer->host);
1540 }
1541 }
1542 if (peer->afc[AFI_IP6][SAFI_UNICAST])
1543 {
1544 if (mp_update.length
1545 && mp_update.afi == AFI_IP6
1546 && mp_update.safi == SAFI_UNICAST)
1547 bgp_nlri_parse (peer, NLRI_ATTR_ARG, &mp_update);
1548
1549 if (mp_withdraw.length
1550 && mp_withdraw.afi == AFI_IP6
1551 && mp_withdraw.safi == SAFI_UNICAST)
1552 bgp_nlri_parse (peer, NULL, &mp_withdraw);
1553
1554 if (! withdraw_len
1555 && mp_withdraw.afi == AFI_IP6
1556 && mp_withdraw.safi == SAFI_UNICAST
1557 && mp_withdraw.length == 0)
1558 {
1559 /* End-of-RIB received */
1560 if (!CHECK_FLAG (peer->af_sflags[AFI_IP6][SAFI_UNICAST],
1561 PEER_STATUS_EOR_RECEIVED))
1562 {
1563 SET_FLAG (peer->af_sflags[AFI_IP6][SAFI_UNICAST], PEER_STATUS_EOR_RECEIVED);
1564 bgp_update_explicit_eors(peer);
1565 }
1566
1567 /* NSF delete stale route */
1568 if (peer->nsf[AFI_IP6][SAFI_UNICAST])
1569 bgp_clear_stale_route (peer, AFI_IP6, SAFI_UNICAST);
1570
1571 if (bgp_debug_neighbor_events(peer))
1572 zlog_debug ("rcvd End-of-RIB for IPv6 Unicast from %s", peer->host);
1573 }
1574 }
1575 if (peer->afc[AFI_IP6][SAFI_MULTICAST])
1576 {
1577 if (mp_update.length
1578 && mp_update.afi == AFI_IP6
1579 && mp_update.safi == SAFI_MULTICAST)
1580 bgp_nlri_parse (peer, NLRI_ATTR_ARG, &mp_update);
1581
1582 if (mp_withdraw.length
1583 && mp_withdraw.afi == AFI_IP6
1584 && mp_withdraw.safi == SAFI_MULTICAST)
1585 bgp_nlri_parse (peer, NULL, &mp_withdraw);
1586
1587 if (! withdraw_len
1588 && mp_withdraw.afi == AFI_IP6
1589 && mp_withdraw.safi == SAFI_MULTICAST
1590 && mp_withdraw.length == 0)
1591 {
1592 /* End-of-RIB received */
1593 if (!CHECK_FLAG (peer->af_sflags[AFI_IP6][SAFI_MULTICAST],
1594 PEER_STATUS_EOR_RECEIVED))
1595 {
1596 SET_FLAG (peer->af_sflags[AFI_IP6][SAFI_MULTICAST], PEER_STATUS_EOR_RECEIVED);
1597 bgp_update_explicit_eors(peer);
1598 }
1599
1600
1601 /* NSF delete stale route */
1602 if (peer->nsf[AFI_IP6][SAFI_MULTICAST])
1603 bgp_clear_stale_route (peer, AFI_IP6, SAFI_MULTICAST);
1604
1605 if (bgp_debug_neighbor_events(peer))
1606 zlog_debug ("rcvd End-of-RIB for IPv6 Multicast from %s", peer->host);
1607 }
1608 }
1609 if (peer->afc[AFI_IP][SAFI_MPLS_VPN])
1610 {
1611 if (mp_update.length
1612 && mp_update.afi == AFI_IP
1613 && mp_update.safi == SAFI_MPLS_LABELED_VPN)
1614 bgp_nlri_parse_vpnv4 (peer, NLRI_ATTR_ARG, &mp_update);
1615
1616 if (mp_withdraw.length
1617 && mp_withdraw.afi == AFI_IP
1618 && mp_withdraw.safi == SAFI_MPLS_LABELED_VPN)
1619 bgp_nlri_parse_vpnv4 (peer, NULL, &mp_withdraw);
1620
1621 if (! withdraw_len
1622 && mp_withdraw.afi == AFI_IP
1623 && mp_withdraw.safi == SAFI_MPLS_LABELED_VPN
1624 && mp_withdraw.length == 0)
1625 {
1626
1627 /* End-of-RIB received */
1628 if (!CHECK_FLAG (peer->af_sflags[AFI_IP][SAFI_MPLS_VPN],
1629 PEER_STATUS_EOR_RECEIVED))
1630 {
1631 SET_FLAG (peer->af_sflags[AFI_IP][SAFI_MPLS_VPN], PEER_STATUS_EOR_RECEIVED);
1632 bgp_update_explicit_eors(peer);
1633 }
1634
1635 if (bgp_debug_neighbor_events(peer))
1636 zlog_debug ("rcvd End-of-RIB for VPNv4 Unicast from %s", peer->host);
1637 }
1638 }
1639
1640 /* Everything is done. We unintern temporary structures which
1641 interned in bgp_attr_parse(). */
1642 bgp_attr_unintern_sub (&attr);
1643
1644 /* If peering is stopped due to some reason, do not generate BGP
1645 event. */
1646 if (peer->status != Established)
1647 return 0;
1648
1649 /* Increment packet counter. */
1650 peer->update_in++;
1651 peer->update_time = bgp_clock ();
1652
1653 /* Rearm holdtime timer */
1654 BGP_TIMER_OFF (peer->t_holdtime);
1655 bgp_timer_set (peer);
1656
1657 return 0;
1658 }
1659
1660 /* Notify message treatment function. */
1661 static void
1662 bgp_notify_receive (struct peer *peer, bgp_size_t size)
1663 {
1664 struct bgp_notify bgp_notify;
1665
1666 if (peer->notify.data)
1667 {
1668 XFREE (MTYPE_TMP, peer->notify.data);
1669 peer->notify.data = NULL;
1670 peer->notify.length = 0;
1671 }
1672
1673 bgp_notify.code = stream_getc (peer->ibuf);
1674 bgp_notify.subcode = stream_getc (peer->ibuf);
1675 bgp_notify.length = size - 2;
1676 bgp_notify.data = NULL;
1677
1678 /* Preserv notify code and sub code. */
1679 peer->notify.code = bgp_notify.code;
1680 peer->notify.subcode = bgp_notify.subcode;
1681 /* For further diagnostic record returned Data. */
1682 if (bgp_notify.length)
1683 {
1684 peer->notify.length = size - 2;
1685 peer->notify.data = XMALLOC (MTYPE_TMP, size - 2);
1686 memcpy (peer->notify.data, stream_pnt (peer->ibuf), size - 2);
1687 }
1688
1689 /* For debug */
1690 {
1691 int i;
1692 int first = 0;
1693 char c[4];
1694
1695 if (bgp_notify.length)
1696 {
1697 bgp_notify.data = XMALLOC (MTYPE_TMP, bgp_notify.length * 3);
1698 for (i = 0; i < bgp_notify.length; i++)
1699 if (first)
1700 {
1701 sprintf (c, " %02x", stream_getc (peer->ibuf));
1702 strcat (bgp_notify.data, c);
1703 }
1704 else
1705 {
1706 first = 1;
1707 sprintf (c, "%02x", stream_getc (peer->ibuf));
1708 strcpy (bgp_notify.data, c);
1709 }
1710 }
1711
1712 bgp_notify_print(peer, &bgp_notify, "received");
1713 if (bgp_notify.data)
1714 XFREE (MTYPE_TMP, bgp_notify.data);
1715 }
1716
1717 /* peer count update */
1718 peer->notify_in++;
1719
1720 if (peer->status == Established)
1721 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1722
1723 /* We have to check for Notify with Unsupported Optional Parameter.
1724 in that case we fallback to open without the capability option.
1725 But this done in bgp_stop. We just mark it here to avoid changing
1726 the fsm tables. */
1727 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR &&
1728 bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM )
1729 UNSET_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1730
1731 BGP_EVENT_ADD (peer, Receive_NOTIFICATION_message);
1732 }
1733
1734 /* Keepalive treatment function -- get keepalive send keepalive */
1735 static void
1736 bgp_keepalive_receive (struct peer *peer, bgp_size_t size)
1737 {
1738 if (bgp_debug_keepalive(peer))
1739 zlog_debug ("%s KEEPALIVE rcvd", peer->host);
1740
1741 BGP_EVENT_ADD (peer, Receive_KEEPALIVE_message);
1742 }
1743
1744 /* Route refresh message is received. */
1745 static void
1746 bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
1747 {
1748 afi_t afi;
1749 safi_t safi;
1750 struct stream *s;
1751 struct peer_af *paf;
1752
1753 /* If peer does not have the capability, send notification. */
1754 if (! CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_ADV))
1755 {
1756 zlog_err ("%s [Error] BGP route refresh is not enabled",
1757 peer->host);
1758 bgp_notify_send (peer,
1759 BGP_NOTIFY_HEADER_ERR,
1760 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1761 return;
1762 }
1763
1764 /* Status must be Established. */
1765 if (peer->status != Established)
1766 {
1767 zlog_err ("%s [Error] Route refresh packet received under status %s",
1768 peer->host, LOOKUP (bgp_status_msg, peer->status));
1769 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
1770 return;
1771 }
1772
1773 s = peer->ibuf;
1774
1775 /* Parse packet. */
1776 afi = stream_getw (s);
1777 (void)stream_getc (s);
1778 safi = stream_getc (s);
1779
1780 if (bgp_debug_update(peer, NULL, NULL, 0))
1781 zlog_debug ("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1782 peer->host, afi, safi);
1783
1784 /* Check AFI and SAFI. */
1785 if ((afi != AFI_IP && afi != AFI_IP6)
1786 || (safi != SAFI_UNICAST && safi != SAFI_MULTICAST
1787 && safi != SAFI_MPLS_LABELED_VPN))
1788 {
1789 zlog_info ("%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1790 peer->host, afi, safi);
1791 return;
1792 }
1793
1794 /* Adjust safi code. */
1795 if (safi == SAFI_MPLS_LABELED_VPN)
1796 safi = SAFI_MPLS_VPN;
1797
1798 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1799 {
1800 u_char *end;
1801 u_char when_to_refresh;
1802 u_char orf_type;
1803 u_int16_t orf_len;
1804
1805 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) < 5)
1806 {
1807 zlog_info ("%s ORF route refresh length error", peer->host);
1808 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1809 return;
1810 }
1811
1812 when_to_refresh = stream_getc (s);
1813 end = stream_pnt (s) + (size - 5);
1814
1815 while ((stream_pnt (s) + 2) < end)
1816 {
1817 orf_type = stream_getc (s);
1818 orf_len = stream_getw (s);
1819
1820 /* orf_len in bounds? */
1821 if ((stream_pnt (s) + orf_len) > end)
1822 break; /* XXX: Notify instead?? */
1823 if (orf_type == ORF_TYPE_PREFIX
1824 || orf_type == ORF_TYPE_PREFIX_OLD)
1825 {
1826 u_char *p_pnt = stream_pnt (s);
1827 u_char *p_end = stream_pnt (s) + orf_len;
1828 struct orf_prefix orfp;
1829 u_char common = 0;
1830 u_int32_t seq;
1831 int psize;
1832 char name[BUFSIZ];
1833 int ret = CMD_SUCCESS;
1834
1835 if (bgp_debug_neighbor_events(peer))
1836 {
1837 zlog_debug ("%s rcvd Prefixlist ORF(%d) length %d",
1838 peer->host, orf_type, orf_len);
1839 }
1840
1841 /* we're going to read at least 1 byte of common ORF header,
1842 * and 7 bytes of ORF Address-filter entry from the stream
1843 */
1844 if (orf_len < 7)
1845 break;
1846
1847 /* ORF prefix-list name */
1848 sprintf (name, "%s.%d.%d", peer->host, afi, safi);
1849
1850 while (p_pnt < p_end)
1851 {
1852 /* If the ORF entry is malformed, want to read as much of it
1853 * as possible without going beyond the bounds of the entry,
1854 * to maximise debug information.
1855 */
1856 int ok;
1857 memset (&orfp, 0, sizeof (struct orf_prefix));
1858 common = *p_pnt++;
1859 /* after ++: p_pnt <= p_end */
1860 if (common & ORF_COMMON_PART_REMOVE_ALL)
1861 {
1862 if (bgp_debug_neighbor_events(peer))
1863 zlog_debug ("%s rcvd Remove-All pfxlist ORF request", peer->host);
1864 prefix_bgp_orf_remove_all (name);
1865 break;
1866 }
1867 ok = ((u_int32_t)(p_end - p_pnt) >= sizeof(u_int32_t)) ;
1868 if (ok)
1869 {
1870 memcpy (&seq, p_pnt, sizeof (u_int32_t));
1871 p_pnt += sizeof (u_int32_t);
1872 orfp.seq = ntohl (seq);
1873 }
1874 else
1875 p_pnt = p_end ;
1876
1877 if ((ok = (p_pnt < p_end)))
1878 orfp.ge = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1879 if ((ok = (p_pnt < p_end)))
1880 orfp.le = *p_pnt++ ; /* value checked in prefix_bgp_orf_set() */
1881 if ((ok = (p_pnt < p_end)))
1882 orfp.p.prefixlen = *p_pnt++ ;
1883 orfp.p.family = afi2family (afi); /* afi checked already */
1884
1885 psize = PSIZE (orfp.p.prefixlen); /* 0 if not ok */
1886 if (psize > prefix_blen(&orfp.p)) /* valid for family ? */
1887 {
1888 ok = 0 ;
1889 psize = prefix_blen(&orfp.p) ;
1890 }
1891 if (psize > (p_end - p_pnt)) /* valid for packet ? */
1892 {
1893 ok = 0 ;
1894 psize = p_end - p_pnt ;
1895 }
1896
1897 if (psize > 0)
1898 memcpy (&orfp.p.u.prefix, p_pnt, psize);
1899 p_pnt += psize;
1900
1901 if (bgp_debug_neighbor_events(peer))
1902 {
1903 char buf[INET6_BUFSIZ];
1904
1905 zlog_debug ("%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1906 peer->host,
1907 (common & ORF_COMMON_PART_REMOVE ? "Remove" : "Add"),
1908 (common & ORF_COMMON_PART_DENY ? "deny" : "permit"),
1909 orfp.seq,
1910 inet_ntop (orfp.p.family, &orfp.p.u.prefix, buf, INET6_BUFSIZ),
1911 orfp.p.prefixlen, orfp.ge, orfp.le,
1912 ok ? "" : " MALFORMED");
1913 }
1914
1915 if (ok)
1916 ret = prefix_bgp_orf_set (name, afi, &orfp,
1917 (common & ORF_COMMON_PART_DENY ? 0 : 1 ),
1918 (common & ORF_COMMON_PART_REMOVE ? 0 : 1));
1919
1920 if (!ok || (ret != CMD_SUCCESS))
1921 {
1922 zlog_info ("%s Received misformatted prefixlist ORF."
1923 " Remove All pfxlist", peer->host);
1924 prefix_bgp_orf_remove_all (name);
1925 break;
1926 }
1927 }
1928 peer->orf_plist[afi][safi] =
1929 prefix_list_lookup (AFI_ORF_PREFIX, name);
1930 }
1931 stream_forward_getp (s, orf_len);
1932 }
1933 if (bgp_debug_neighbor_events(peer))
1934 zlog_debug ("%s rcvd Refresh %s ORF request", peer->host,
1935 when_to_refresh == REFRESH_DEFER ? "Defer" : "Immediate");
1936 if (when_to_refresh == REFRESH_DEFER)
1937 return;
1938 }
1939
1940 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1941 if (CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH))
1942 UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH);
1943
1944 /* If the peer is configured for default-originate clear the
1945 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
1946 * default
1947 */
1948 paf = peer_af_find (peer, afi, safi);
1949 if (paf && paf->subgroup &&
1950 CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
1951 UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
1952
1953 /* Perform route refreshment to the peer */
1954 bgp_announce_route (peer, afi, safi);
1955 }
1956
1957 static int
1958 bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
1959 {
1960 u_char *end;
1961 struct capability_mp_data mpc;
1962 struct capability_header *hdr;
1963 u_char action;
1964 afi_t afi;
1965 safi_t safi;
1966
1967 end = pnt + length;
1968
1969 while (pnt < end)
1970 {
1971 /* We need at least action, capability code and capability length. */
1972 if (pnt + 3 > end)
1973 {
1974 zlog_info ("%s Capability length error", peer->host);
1975 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1976 return -1;
1977 }
1978 action = *pnt;
1979 hdr = (struct capability_header *)(pnt + 1);
1980
1981 /* Action value check. */
1982 if (action != CAPABILITY_ACTION_SET
1983 && action != CAPABILITY_ACTION_UNSET)
1984 {
1985 zlog_info ("%s Capability Action Value error %d",
1986 peer->host, action);
1987 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
1988 return -1;
1989 }
1990
1991 if (bgp_debug_neighbor_events(peer))
1992 zlog_debug ("%s CAPABILITY has action: %d, code: %u, length %u",
1993 peer->host, action, hdr->code, hdr->length);
1994
1995 /* Capability length check. */
1996 if ((pnt + hdr->length + 3) > end)
1997 {
1998 zlog_info ("%s Capability length error", peer->host);
1999 bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
2000 return -1;
2001 }
2002
2003 /* Fetch structure to the byte stream. */
2004 memcpy (&mpc, pnt + 3, sizeof (struct capability_mp_data));
2005
2006 /* We know MP Capability Code. */
2007 if (hdr->code == CAPABILITY_CODE_MP)
2008 {
2009 afi = ntohs (mpc.afi);
2010 safi = mpc.safi;
2011
2012 /* Ignore capability when override-capability is set. */
2013 if (CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
2014 continue;
2015
2016 if (!bgp_afi_safi_valid_indices (afi, &safi))
2017 {
2018 if (bgp_debug_neighbor_events(peer))
2019 zlog_debug ("%s Dynamic Capability MP_EXT afi/safi invalid "
2020 "(%u/%u)", peer->host, afi, safi);
2021 continue;
2022 }
2023
2024 /* Address family check. */
2025 if (bgp_debug_neighbor_events(peer))
2026 zlog_debug ("%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2027 peer->host,
2028 action == CAPABILITY_ACTION_SET
2029 ? "Advertising" : "Removing",
2030 ntohs(mpc.afi) , mpc.safi);
2031
2032 if (action == CAPABILITY_ACTION_SET)
2033 {
2034 peer->afc_recv[afi][safi] = 1;
2035 if (peer->afc[afi][safi])
2036 {
2037 peer->afc_nego[afi][safi] = 1;
2038 bgp_announce_route (peer, afi, safi);
2039 }
2040 }
2041 else
2042 {
2043 peer->afc_recv[afi][safi] = 0;
2044 peer->afc_nego[afi][safi] = 0;
2045
2046 if (peer_active_nego (peer))
2047 bgp_clear_route (peer, afi, safi, BGP_CLEAR_ROUTE_NORMAL);
2048 else
2049 BGP_EVENT_ADD (peer, BGP_Stop);
2050 }
2051 }
2052 else
2053 {
2054 zlog_warn ("%s unrecognized capability code: %d - ignored",
2055 peer->host, hdr->code);
2056 }
2057 pnt += hdr->length + 3;
2058 }
2059 return 0;
2060 }
2061
2062 /* Dynamic Capability is received.
2063 *
2064 * This is exported for unit-test purposes
2065 */
2066 int
2067 bgp_capability_receive (struct peer *peer, bgp_size_t size)
2068 {
2069 u_char *pnt;
2070
2071 /* Fetch pointer. */
2072 pnt = stream_pnt (peer->ibuf);
2073
2074 if (bgp_debug_neighbor_events(peer))
2075 zlog_debug ("%s rcv CAPABILITY", peer->host);
2076
2077 /* If peer does not have the capability, send notification. */
2078 if (! CHECK_FLAG (peer->cap, PEER_CAP_DYNAMIC_ADV))
2079 {
2080 zlog_err ("%s [Error] BGP dynamic capability is not enabled",
2081 peer->host);
2082 bgp_notify_send (peer,
2083 BGP_NOTIFY_HEADER_ERR,
2084 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2085 return -1;
2086 }
2087
2088 /* Status must be Established. */
2089 if (peer->status != Established)
2090 {
2091 zlog_err ("%s [Error] Dynamic capability packet received under status %s",
2092 peer->host, LOOKUP (bgp_status_msg, peer->status));
2093 bgp_notify_send (peer, BGP_NOTIFY_FSM_ERR, 0);
2094 return -1;
2095 }
2096
2097 /* Parse packet. */
2098 return bgp_capability_msg_parse (peer, pnt, size);
2099 }
2100
2101 /* BGP read utility function. */
2102 static int
2103 bgp_read_packet (struct peer *peer)
2104 {
2105 int nbytes;
2106 int readsize;
2107
2108 readsize = peer->packet_size - stream_get_endp (peer->ibuf);
2109
2110 /* If size is zero then return. */
2111 if (! readsize)
2112 return 0;
2113
2114 /* Read packet from fd. */
2115 nbytes = stream_read_try (peer->ibuf, peer->fd, readsize);
2116
2117 /* If read byte is smaller than zero then error occured. */
2118 if (nbytes < 0)
2119 {
2120 /* Transient error should retry */
2121 if (nbytes == -2)
2122 return -1;
2123
2124 zlog_err ("%s [Error] bgp_read_packet error: %s",
2125 peer->host, safe_strerror (errno));
2126
2127 if (peer->status == Established)
2128 {
2129 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2130 {
2131 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2132 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2133 }
2134 else
2135 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2136 }
2137
2138 BGP_EVENT_ADD (peer, TCP_fatal_error);
2139 return -1;
2140 }
2141
2142 /* When read byte is zero : clear bgp peer and return */
2143 if (nbytes == 0)
2144 {
2145 if (bgp_debug_neighbor_events(peer))
2146 zlog_debug ("%s [Event] BGP connection closed fd %d",
2147 peer->host, peer->fd);
2148
2149 if (peer->status == Established)
2150 {
2151 if (CHECK_FLAG (peer->sflags, PEER_STATUS_NSF_MODE))
2152 {
2153 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2154 SET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT);
2155 }
2156 else
2157 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2158 }
2159
2160 BGP_EVENT_ADD (peer, TCP_connection_closed);
2161 return -1;
2162 }
2163
2164 /* We read partial packet. */
2165 if (stream_get_endp (peer->ibuf) != peer->packet_size)
2166 return -1;
2167
2168 return 0;
2169 }
2170
2171 /* Marker check. */
2172 static int
2173 bgp_marker_all_one (struct stream *s, int length)
2174 {
2175 int i;
2176
2177 for (i = 0; i < length; i++)
2178 if (s->data[i] != 0xff)
2179 return 0;
2180
2181 return 1;
2182 }
2183
2184 /* Recent thread time.
2185 On same clock base as bgp_clock (MONOTONIC)
2186 but can be time of last context switch to bgp_read thread. */
2187 static time_t
2188 bgp_recent_clock (void)
2189 {
2190 return recent_relative_time().tv_sec;
2191 }
2192
2193 /* Starting point of packet process function. */
2194 int
2195 bgp_read (struct thread *thread)
2196 {
2197 int ret;
2198 u_char type = 0;
2199 struct peer *peer;
2200 bgp_size_t size;
2201 char notify_data_length[2];
2202 u_int32_t notify_out;
2203
2204 /* Yes first of all get peer pointer. */
2205 peer = THREAD_ARG (thread);
2206 peer->t_read = NULL;
2207
2208 /* Note notify_out so we can check later to see if we sent another one */
2209 notify_out = peer->notify_out;
2210
2211 /* For non-blocking IO check. */
2212 if (peer->status == Connect)
2213 {
2214 bgp_connect_check (peer, 1);
2215 goto done;
2216 }
2217 else
2218 {
2219 if (peer->fd < 0)
2220 {
2221 zlog_err ("bgp_read peer's fd is negative value %d", peer->fd);
2222 return -1;
2223 }
2224 BGP_READ_ON (peer->t_read, bgp_read, peer->fd);
2225 }
2226
2227 /* Read packet header to determine type of the packet */
2228 if (peer->packet_size == 0)
2229 peer->packet_size = BGP_HEADER_SIZE;
2230
2231 if (stream_get_endp (peer->ibuf) < BGP_HEADER_SIZE)
2232 {
2233 ret = bgp_read_packet (peer);
2234
2235 /* Header read error or partial read packet. */
2236 if (ret < 0)
2237 goto done;
2238
2239 /* Get size and type. */
2240 stream_forward_getp (peer->ibuf, BGP_MARKER_SIZE);
2241 memcpy (notify_data_length, stream_pnt (peer->ibuf), 2);
2242 size = stream_getw (peer->ibuf);
2243 type = stream_getc (peer->ibuf);
2244
2245 /* Marker check */
2246 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2247 && ! bgp_marker_all_one (peer->ibuf, BGP_MARKER_SIZE))
2248 {
2249 bgp_notify_send (peer,
2250 BGP_NOTIFY_HEADER_ERR,
2251 BGP_NOTIFY_HEADER_NOT_SYNC);
2252 goto done;
2253 }
2254
2255 /* BGP type check. */
2256 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2257 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2258 && type != BGP_MSG_ROUTE_REFRESH_NEW
2259 && type != BGP_MSG_ROUTE_REFRESH_OLD
2260 && type != BGP_MSG_CAPABILITY)
2261 {
2262 if (bgp_debug_neighbor_events(peer))
2263 zlog_debug ("%s unknown message type 0x%02x",
2264 peer->host, type);
2265 bgp_notify_send_with_data (peer,
2266 BGP_NOTIFY_HEADER_ERR,
2267 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2268 &type, 1);
2269 goto done;
2270 }
2271 /* Mimimum packet length check. */
2272 if ((size < BGP_HEADER_SIZE)
2273 || (size > BGP_MAX_PACKET_SIZE)
2274 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2275 || (type == BGP_MSG_UPDATE && size < BGP_MSG_UPDATE_MIN_SIZE)
2276 || (type == BGP_MSG_NOTIFY && size < BGP_MSG_NOTIFY_MIN_SIZE)
2277 || (type == BGP_MSG_KEEPALIVE && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2278 || (type == BGP_MSG_ROUTE_REFRESH_NEW && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2279 || (type == BGP_MSG_ROUTE_REFRESH_OLD && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2280 || (type == BGP_MSG_CAPABILITY && size < BGP_MSG_CAPABILITY_MIN_SIZE))
2281 {
2282 if (bgp_debug_neighbor_events(peer))
2283 zlog_debug ("%s bad message length - %d for %s",
2284 peer->host, size,
2285 type == 128 ? "ROUTE-REFRESH" :
2286 bgp_type_str[(int) type]);
2287 bgp_notify_send_with_data (peer,
2288 BGP_NOTIFY_HEADER_ERR,
2289 BGP_NOTIFY_HEADER_BAD_MESLEN,
2290 (u_char *) notify_data_length, 2);
2291 goto done;
2292 }
2293
2294 /* Adjust size to message length. */
2295 peer->packet_size = size;
2296 }
2297
2298 ret = bgp_read_packet (peer);
2299 if (ret < 0)
2300 goto done;
2301
2302 /* Get size and type again. */
2303 size = stream_getw_from (peer->ibuf, BGP_MARKER_SIZE);
2304 type = stream_getc_from (peer->ibuf, BGP_MARKER_SIZE + 2);
2305
2306 /* BGP packet dump function. */
2307 bgp_dump_packet (peer, type, peer->ibuf);
2308
2309 size = (peer->packet_size - BGP_HEADER_SIZE);
2310
2311 /* Read rest of the packet and call each sort of packet routine */
2312 switch (type)
2313 {
2314 case BGP_MSG_OPEN:
2315 peer->open_in++;
2316 bgp_open_receive (peer, size); /* XXX return value ignored! */
2317 break;
2318 case BGP_MSG_UPDATE:
2319 peer->readtime = bgp_recent_clock ();
2320 bgp_update_receive (peer, size);
2321 break;
2322 case BGP_MSG_NOTIFY:
2323 bgp_notify_receive (peer, size);
2324 break;
2325 case BGP_MSG_KEEPALIVE:
2326 peer->readtime = bgp_recent_clock ();
2327 bgp_keepalive_receive (peer, size);
2328 break;
2329 case BGP_MSG_ROUTE_REFRESH_NEW:
2330 case BGP_MSG_ROUTE_REFRESH_OLD:
2331 peer->refresh_in++;
2332 bgp_route_refresh_receive (peer, size);
2333 break;
2334 case BGP_MSG_CAPABILITY:
2335 peer->dynamic_cap_in++;
2336 bgp_capability_receive (peer, size);
2337 break;
2338 }
2339
2340 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2341 * of the packet for troubleshooting purposes
2342 */
2343 if (notify_out < peer->notify_out)
2344 {
2345 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2346 peer->last_reset_cause_size = peer->packet_size;
2347 notify_out = peer->notify_out;
2348 }
2349
2350 /* Clear input buffer. */
2351 peer->packet_size = 0;
2352 if (peer->ibuf)
2353 stream_reset (peer->ibuf);
2354
2355 done:
2356 /* If reading this packet caused us to send a NOTIFICATION then store a copy
2357 * of the packet for troubleshooting purposes
2358 */
2359 if (notify_out < peer->notify_out)
2360 {
2361 memcpy(peer->last_reset_cause, peer->ibuf->data, peer->packet_size);
2362 peer->last_reset_cause_size = peer->packet_size;
2363 }
2364
2365 return 0;
2366 }
FRRouting mirror