1 /* BGP packet management routine.
2 * Contains utility functions for constructing and consuming BGP messages.
3 * Copyright (C) 2017 Cumulus Networks
4 * Copyright (C) 1999 Kunihiro Ishiguro
6 * This file is part of GNU Zebra.
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
33 #include "sockunion.h" /* for inet_ntop () */
40 #include "bgpd/bgpd.h"
41 #include "bgpd/bgp_table.h"
42 #include "bgpd/bgp_dump.h"
43 #include "bgpd/bgp_attr.h"
44 #include "bgpd/bgp_debug.h"
45 #include "bgpd/bgp_fsm.h"
46 #include "bgpd/bgp_route.h"
47 #include "bgpd/bgp_packet.h"
48 #include "bgpd/bgp_open.h"
49 #include "bgpd/bgp_aspath.h"
50 #include "bgpd/bgp_community.h"
51 #include "bgpd/bgp_ecommunity.h"
52 #include "bgpd/bgp_lcommunity.h"
53 #include "bgpd/bgp_network.h"
54 #include "bgpd/bgp_mplsvpn.h"
55 #include "bgpd/bgp_evpn.h"
56 #include "bgpd/bgp_advertise.h"
57 #include "bgpd/bgp_vty.h"
58 #include "bgpd/bgp_updgrp.h"
59 #include "bgpd/bgp_label.h"
60 #include "bgpd/bgp_io.h"
62 /* Linked list of active peers */
63 static pthread_mutex_t
*plist_mtx
;
64 static pthread_cond_t
*write_cond
;
65 static struct list
*plist
;
67 /* periodically scheduled thread to generate update-group updates */
68 static struct thread
*t_generate_updgrp_packets
;
70 bool bgp_packet_writes_thread_run
= false;
72 /* Set up BGP packet marker and packet type. */
73 int bgp_packet_set_marker(struct stream
*s
, u_char type
)
78 for (i
= 0; i
< BGP_MARKER_SIZE
; i
++)
81 /* Dummy total length. This field is should be filled in later on. */
84 /* BGP packet type. */
87 /* Return current stream size. */
88 return stream_get_endp(s
);
91 /* Set BGP packet header size entry. If size is zero then use current
93 int bgp_packet_set_size(struct stream
*s
)
97 /* Preserve current pointer. */
98 cp
= stream_get_endp(s
);
99 stream_putw_at(s
, BGP_MARKER_SIZE
, cp
);
105 * Push a packet onto the beginning of the peer's output queue.
106 * This function acquires the peer's write mutex before proceeding.
108 static void bgp_packet_add(struct peer
*peer
, struct stream
*s
)
110 pthread_mutex_lock(&peer
->obuf_mtx
);
111 stream_fifo_push(peer
->obuf
, s
);
112 pthread_mutex_unlock(&peer
->obuf_mtx
);
117 static struct stream
*bgp_update_packet_eor(struct peer
*peer
, afi_t afi
,
122 iana_safi_t pkt_safi
;
124 if (DISABLE_BGP_ANNOUNCE
)
127 if (bgp_debug_neighbor_events(peer
))
128 zlog_debug("send End-of-RIB for %s to %s",
129 afi_safi_print(afi
, safi
), peer
->host
);
131 s
= stream_new(BGP_MAX_PACKET_SIZE
);
133 /* Make BGP update packet. */
134 bgp_packet_set_marker(s
, BGP_MSG_UPDATE
);
136 /* Unfeasible Routes Length */
139 if (afi
== AFI_IP
&& safi
== SAFI_UNICAST
) {
140 /* Total Path Attribute Length */
143 /* Convert AFI, SAFI to values for packet. */
144 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
146 /* Total Path Attribute Length */
148 stream_putc(s
, BGP_ATTR_FLAG_OPTIONAL
);
149 stream_putc(s
, BGP_ATTR_MP_UNREACH_NLRI
);
151 stream_putw(s
, pkt_afi
);
152 stream_putc(s
, pkt_safi
);
155 bgp_packet_set_size(s
);
160 * Enqueue onto the peer's output buffer any packets which are pending for the
161 * update group it is a member of.
163 * XXX: Severely needs performance work.
165 int bgp_generate_updgrp_packets(struct thread
*thread
)
167 struct peer
*peer
= THREAD_ARG(thread
);
168 peer
->t_generate_updgrp_packets
= NULL
;
172 struct bpacket
*next_pkt
;
177 * The code beyond this part deals with update packets, proceed only
178 * if peer is Established and updates are not on hold (as part of
179 * update-delay post processing).
181 if (peer
->status
!= Established
)
184 if (peer
->bgp
&& peer
->bgp
->main_peers_update_hold
)
189 for (afi
= AFI_IP
; afi
< AFI_MAX
; afi
++)
190 for (safi
= SAFI_UNICAST
; safi
< SAFI_MAX
; safi
++) {
191 paf
= peer_af_find(peer
, afi
, safi
);
192 if (!paf
|| !PAF_SUBGRP(paf
))
194 next_pkt
= paf
->next_pkt_to_send
;
196 /* Try to generate a packet for the peer if we
198 * the list. Always try to push out WITHDRAWs
200 if (!next_pkt
|| !next_pkt
->buffer
) {
201 next_pkt
= subgroup_withdraw_packet(
203 if (!next_pkt
|| !next_pkt
->buffer
)
204 subgroup_update_packet(
206 next_pkt
= paf
->next_pkt_to_send
;
209 /* If we still don't have a packet to send to
211 * try to find out out if we have to send eor or
213 * the next AFI, SAFI.
214 * Don't send the EOR prematurely... if the
215 * subgroup's coalesce
216 * timer is running, the adjacency-out structure
220 if (!next_pkt
|| !next_pkt
->buffer
) {
221 if (CHECK_FLAG(peer
->cap
,
222 PEER_CAP_RESTART_RCV
)) {
223 if (!(PAF_SUBGRP(paf
))
225 && peer
->afc_nego
[afi
][safi
]
231 PEER_STATUS_EOR_SEND
)) {
236 PEER_STATUS_EOR_SEND
);
238 if ((s
= bgp_update_packet_eor(
250 /* Found a packet template to send, overwrite
251 * packet with appropriate
252 * attributes from peer and advance peer */
253 s
= bpacket_reformat_for_peer(next_pkt
, paf
);
254 bgp_packet_add(peer
, s
);
255 bpacket_queue_advance_peer(paf
);
263 * Creates a BGP Keepalive packet and appends it to the peer's output queue.
265 void bgp_keepalive_send(struct peer
*peer
)
269 s
= stream_new(BGP_MAX_PACKET_SIZE
);
271 /* Make keepalive packet. */
272 bgp_packet_set_marker(s
, BGP_MSG_KEEPALIVE
);
274 /* Set packet size. */
275 (void)bgp_packet_set_size(s
);
277 /* Dump packet if debug option is set. */
278 /* bgp_packet_dump (s); */
280 if (bgp_debug_keepalive(peer
))
281 zlog_debug("%s sending KEEPALIVE", peer
->host
);
283 /* Add packet to the peer. */
284 bgp_packet_add(peer
, s
);
288 * Creates a BGP Open packet and appends it to the peer's output queue.
289 * Sets capabilities as necessary.
291 void bgp_open_send(struct peer
*peer
)
294 u_int16_t send_holdtime
;
297 if (PEER_OR_GROUP_TIMER_SET(peer
))
298 send_holdtime
= peer
->holdtime
;
300 send_holdtime
= peer
->bgp
->default_holdtime
;
302 /* local-as Change */
303 if (peer
->change_local_as
)
304 local_as
= peer
->change_local_as
;
306 local_as
= peer
->local_as
;
308 s
= stream_new(BGP_MAX_PACKET_SIZE
);
310 /* Make open packet. */
311 bgp_packet_set_marker(s
, BGP_MSG_OPEN
);
313 /* Set open packet values. */
314 stream_putc(s
, BGP_VERSION_4
); /* BGP version */
316 (local_as
<= BGP_AS_MAX
) ? (u_int16_t
)local_as
318 stream_putw(s
, send_holdtime
); /* Hold Time */
319 stream_put_in_addr(s
, &peer
->local_id
); /* BGP Identifier */
321 /* Set capability code. */
322 bgp_open_capability(s
, peer
);
324 /* Set BGP packet length. */
325 (void)bgp_packet_set_size(s
);
327 if (bgp_debug_neighbor_events(peer
))
329 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
330 peer
->host
, BGP_VERSION_4
, local_as
, send_holdtime
,
331 inet_ntoa(peer
->local_id
));
333 /* Dump packet if debug option is set. */
334 /* bgp_packet_dump (s); */
336 /* Add packet to the peer. */
337 bgp_packet_add(peer
, s
);
341 * Creates a BGP Notify and appends it to the peer's output queue.
343 * This function awakens the write thread to ensure the packet
347 * @param code BGP error code
348 * @param sub_code BGP error subcode
349 * @param data Data portion
350 * @param datalen length of data portion
352 void bgp_notify_send_with_data(struct peer
*peer
, u_char code
, u_char sub_code
,
353 u_char
*data
, size_t datalen
)
358 /* Allocate new stream. */
359 s
= stream_new(BGP_MAX_PACKET_SIZE
);
361 /* Make notify packet. */
362 bgp_packet_set_marker(s
, BGP_MSG_NOTIFY
);
364 /* Set notify packet values. */
365 stream_putc(s
, code
); /* BGP notify code */
366 stream_putc(s
, sub_code
); /* BGP notify sub_code */
368 /* If notify data is present. */
370 stream_write(s
, data
, datalen
);
372 /* Set BGP packet length. */
373 length
= bgp_packet_set_size(s
);
375 /* Add packet to the peer. */
376 pthread_mutex_lock(&peer
->obuf_mtx
);
377 stream_fifo_clean(peer
->obuf
);
378 pthread_mutex_unlock(&peer
->obuf_mtx
);
382 struct bgp_notify bgp_notify
;
387 bgp_notify
.code
= code
;
388 bgp_notify
.subcode
= sub_code
;
389 bgp_notify
.data
= NULL
;
390 bgp_notify
.length
= length
- BGP_MSG_NOTIFY_MIN_SIZE
;
391 bgp_notify
.raw_data
= data
;
393 peer
->notify
.code
= bgp_notify
.code
;
394 peer
->notify
.subcode
= bgp_notify
.subcode
;
396 if (bgp_notify
.length
) {
398 XMALLOC(MTYPE_TMP
, bgp_notify
.length
* 3);
399 for (i
= 0; i
< bgp_notify
.length
; i
++)
401 sprintf(c
, " %02x", data
[i
]);
402 strcat(bgp_notify
.data
, c
);
405 sprintf(c
, "%02x", data
[i
]);
406 strcpy(bgp_notify
.data
, c
);
409 bgp_notify_print(peer
, &bgp_notify
, "sending");
411 if (bgp_notify
.data
) {
412 XFREE(MTYPE_TMP
, bgp_notify
.data
);
413 bgp_notify
.data
= NULL
;
414 bgp_notify
.length
= 0;
418 /* peer reset cause */
419 if (code
== BGP_NOTIFY_CEASE
) {
420 if (sub_code
== BGP_NOTIFY_CEASE_ADMIN_RESET
)
421 peer
->last_reset
= PEER_DOWN_USER_RESET
;
422 else if (sub_code
== BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN
)
423 peer
->last_reset
= PEER_DOWN_USER_SHUTDOWN
;
425 peer
->last_reset
= PEER_DOWN_NOTIFY_SEND
;
427 peer
->last_reset
= PEER_DOWN_NOTIFY_SEND
;
429 /* Add packet to peer's output queue */
430 bgp_packet_add(peer
, s
);
431 /* Wake up the write thread to get the notify out ASAP */
436 * Creates a BGP Notify and appends it to the peer's output queue.
438 * This function awakens the write thread to ensure the packet
442 * @param code BGP error code
443 * @param sub_code BGP error subcode
445 void bgp_notify_send(struct peer
*peer
, u_char code
, u_char sub_code
)
447 bgp_notify_send_with_data(peer
, code
, sub_code
, NULL
, 0);
451 * Creates BGP Route Refresh packet and appends it to the peer's output queue.
454 * @param afi Address Family Identifier
455 * @param safi Subsequent Address Family Identifier
456 * @param orf_type Outbound Route Filtering type
457 * @param when_to_refresh Whether to refresh immediately or defer
458 * @param remove Whether to remove ORF for specified AFI/SAFI
460 void bgp_route_refresh_send(struct peer
*peer
, afi_t afi
, safi_t safi
,
461 u_char orf_type
, u_char when_to_refresh
, int remove
)
464 struct bgp_filter
*filter
;
467 iana_safi_t pkt_safi
;
469 if (DISABLE_BGP_ANNOUNCE
)
472 filter
= &peer
->filter
[afi
][safi
];
474 /* Convert AFI, SAFI to values for packet. */
475 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
477 s
= stream_new(BGP_MAX_PACKET_SIZE
);
479 /* Make BGP update packet. */
480 if (CHECK_FLAG(peer
->cap
, PEER_CAP_REFRESH_NEW_RCV
))
481 bgp_packet_set_marker(s
, BGP_MSG_ROUTE_REFRESH_NEW
);
483 bgp_packet_set_marker(s
, BGP_MSG_ROUTE_REFRESH_OLD
);
485 /* Encode Route Refresh message. */
486 stream_putw(s
, pkt_afi
);
488 stream_putc(s
, pkt_safi
);
490 if (orf_type
== ORF_TYPE_PREFIX
|| orf_type
== ORF_TYPE_PREFIX_OLD
)
491 if (remove
|| filter
->plist
[FILTER_IN
].plist
) {
496 stream_putc(s
, when_to_refresh
);
497 stream_putc(s
, orf_type
);
498 orfp
= stream_get_endp(s
);
502 UNSET_FLAG(peer
->af_sflags
[afi
][safi
],
503 PEER_STATUS_ORF_PREFIX_SEND
);
504 stream_putc(s
, ORF_COMMON_PART_REMOVE_ALL
);
505 if (bgp_debug_neighbor_events(peer
))
507 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
508 peer
->host
, orf_type
,
509 (when_to_refresh
== REFRESH_DEFER
514 SET_FLAG(peer
->af_sflags
[afi
][safi
],
515 PEER_STATUS_ORF_PREFIX_SEND
);
516 prefix_bgp_orf_entry(
517 s
, filter
->plist
[FILTER_IN
].plist
,
519 ORF_COMMON_PART_PERMIT
,
520 ORF_COMMON_PART_DENY
);
521 if (bgp_debug_neighbor_events(peer
))
523 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
524 peer
->host
, orf_type
,
525 (when_to_refresh
== REFRESH_DEFER
531 /* Total ORF Entry Len. */
532 orf_len
= stream_get_endp(s
) - orfp
- 2;
533 stream_putw_at(s
, orfp
, orf_len
);
536 /* Set packet size. */
537 (void)bgp_packet_set_size(s
);
539 if (bgp_debug_neighbor_events(peer
)) {
541 zlog_debug("%s sending REFRESH_REQ for afi/safi: %d/%d",
542 peer
->host
, pkt_afi
, pkt_safi
);
545 /* Add packet to the peer. */
546 bgp_packet_add(peer
, s
);
550 * Create a BGP Capability packet and append it to the peer's output queue.
553 * @param afi Address Family Identifier
554 * @param safi Subsequent Address Family Identifier
555 * @param capability_code BGP Capability Code
556 * @param action Set or Remove capability
558 void bgp_capability_send(struct peer
*peer
, afi_t afi
, safi_t safi
,
559 int capability_code
, int action
)
563 iana_safi_t pkt_safi
;
565 /* Convert AFI, SAFI to values for packet. */
566 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
568 s
= stream_new(BGP_MAX_PACKET_SIZE
);
570 /* Make BGP update packet. */
571 bgp_packet_set_marker(s
, BGP_MSG_CAPABILITY
);
573 /* Encode MP_EXT capability. */
574 if (capability_code
== CAPABILITY_CODE_MP
) {
575 stream_putc(s
, action
);
576 stream_putc(s
, CAPABILITY_CODE_MP
);
577 stream_putc(s
, CAPABILITY_CODE_MP_LEN
);
578 stream_putw(s
, pkt_afi
);
580 stream_putc(s
, pkt_safi
);
582 if (bgp_debug_neighbor_events(peer
))
584 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
586 action
== CAPABILITY_ACTION_SET
? "Advertising"
591 /* Set packet size. */
592 (void)bgp_packet_set_size(s
);
594 /* Add packet to the peer. */
595 bgp_packet_add(peer
, s
);
598 /* RFC1771 6.8 Connection collision detection. */
599 static int bgp_collision_detect(struct peer
*new, struct in_addr remote_id
)
603 /* Upon receipt of an OPEN message, the local system must examine
604 all of its connections that are in the OpenConfirm state. A BGP
605 speaker may also examine connections in an OpenSent state if it
606 knows the BGP Identifier of the peer by means outside of the
607 protocol. If among these connections there is a connection to a
608 remote BGP speaker whose BGP Identifier equals the one in the
609 OPEN message, then the local system performs the following
610 collision resolution procedure: */
612 if ((peer
= new->doppelganger
) != NULL
) {
613 /* Do not accept the new connection in Established or Clearing
615 * Note that a peer GR is handled by closing the existing
617 * upon receipt of new one.
619 if (peer
->status
== Established
|| peer
->status
== Clearing
) {
620 bgp_notify_send(new, BGP_NOTIFY_CEASE
,
621 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
623 } else if ((peer
->status
== OpenConfirm
)
624 || (peer
->status
== OpenSent
)) {
625 /* 1. The BGP Identifier of the local system is compared
627 the BGP Identifier of the remote system (as specified
629 the OPEN message). */
631 if (ntohl(peer
->local_id
.s_addr
)
632 < ntohl(remote_id
.s_addr
))
633 if (!CHECK_FLAG(peer
->sflags
,
634 PEER_STATUS_ACCEPT_PEER
)) {
635 /* 2. If the value of the local BGP
637 than the remote one, the local system
639 connection that already exists (the
641 already in the OpenConfirm state),
643 connection initiated by the remote
646 peer
, BGP_NOTIFY_CEASE
,
647 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
651 new, BGP_NOTIFY_CEASE
,
652 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
656 /* 3. Otherwise, the local system closes newly
658 BGP connection (the one associated with the
660 received OPEN message), and continues to use
662 existing one (the one that is already in the
663 OpenConfirm state). */
664 if (CHECK_FLAG(peer
->sflags
,
665 PEER_STATUS_ACCEPT_PEER
)) {
667 peer
, BGP_NOTIFY_CEASE
,
668 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
672 new, BGP_NOTIFY_CEASE
,
673 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
682 static int bgp_open_receive(struct peer
*peer
, bgp_size_t size
)
688 u_int16_t send_holdtime
;
691 struct in_addr remote_id
;
693 u_int8_t notify_data_remote_as
[2];
694 u_int8_t notify_data_remote_as4
[4];
695 u_int8_t notify_data_remote_id
[4];
696 u_int16_t
*holdtime_ptr
;
698 /* Parse open packet. */
699 version
= stream_getc(peer
->ibuf
);
700 memcpy(notify_data_remote_as
, stream_pnt(peer
->ibuf
), 2);
701 remote_as
= stream_getw(peer
->ibuf
);
702 holdtime_ptr
= (u_int16_t
*)stream_pnt(peer
->ibuf
);
703 holdtime
= stream_getw(peer
->ibuf
);
704 memcpy(notify_data_remote_id
, stream_pnt(peer
->ibuf
), 4);
705 remote_id
.s_addr
= stream_get_ipv4(peer
->ibuf
);
707 /* Receive OPEN message log */
708 if (bgp_debug_neighbor_events(peer
))
710 "%s rcv OPEN, version %d, remote-as (in open) %u,"
711 " holdtime %d, id %s",
712 peer
->host
, version
, remote_as
, holdtime
,
713 inet_ntoa(remote_id
));
715 /* BEGIN to read the capability here, but dont do it yet */
717 optlen
= stream_getc(peer
->ibuf
);
720 /* If not enough bytes, it is an error. */
721 if (STREAM_READABLE(peer
->ibuf
) < optlen
) {
722 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
723 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
727 /* We need the as4 capability value *right now* because
728 * if it is there, we have not got the remote_as yet, and
730 * that we do not know which peer is connecting to us now.
732 as4
= peek_for_as4_capability(peer
, optlen
);
733 memcpy(notify_data_remote_as4
, &as4
, 4);
736 /* Just in case we have a silly peer who sends AS4 capability set to 0
738 if (CHECK_FLAG(peer
->cap
, PEER_CAP_AS4_RCV
) && !as4
) {
739 zlog_err("%s bad OPEN, got AS4 capability, but AS4 set to 0",
741 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
742 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
743 notify_data_remote_as4
, 4);
747 if (remote_as
== BGP_AS_TRANS
) {
748 /* Take the AS4 from the capability. We must have received the
749 * capability now! Otherwise we have a asn16 peer who uses
750 * BGP_AS_TRANS, for some unknown reason.
752 if (as4
== BGP_AS_TRANS
) {
754 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
756 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
757 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
758 notify_data_remote_as4
, 4);
762 if (!as4
&& BGP_DEBUG(as4
, AS4
))
764 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
765 " Odd, but proceeding.",
767 else if (as4
< BGP_AS_MAX
&& BGP_DEBUG(as4
, AS4
))
769 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
770 "in 2-bytes, very odd peer.",
775 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
777 /* If we have got the capability, peer->as4cap must match
779 if (CHECK_FLAG(peer
->cap
, PEER_CAP_AS4_RCV
)
780 && as4
!= remote_as
) {
781 /* raise error, log this, close session */
783 "%s bad OPEN, got AS4 capability, but remote_as %u"
784 " mismatch with 16bit 'myasn' %u in open",
785 peer
->host
, as4
, remote_as
);
786 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
787 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
788 notify_data_remote_as4
, 4);
793 /* remote router-id check. */
794 if (remote_id
.s_addr
== 0 || IPV4_CLASS_DE(ntohl(remote_id
.s_addr
))
795 || ntohl(peer
->local_id
.s_addr
) == ntohl(remote_id
.s_addr
)) {
796 if (bgp_debug_neighbor_events(peer
))
797 zlog_debug("%s bad OPEN, wrong router identifier %s",
798 peer
->host
, inet_ntoa(remote_id
));
799 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
800 BGP_NOTIFY_OPEN_BAD_BGP_IDENT
,
801 notify_data_remote_id
, 4);
805 /* Set remote router-id */
806 peer
->remote_id
= remote_id
;
808 /* Peer BGP version check. */
809 if (version
!= BGP_VERSION_4
) {
810 u_int16_t maxver
= htons(BGP_VERSION_4
);
811 /* XXX this reply may not be correct if version < 4 XXX */
812 if (bgp_debug_neighbor_events(peer
))
814 "%s bad protocol version, remote requested %d, local request %d",
815 peer
->host
, version
, BGP_VERSION_4
);
816 /* Data must be in network byte order here */
817 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
818 BGP_NOTIFY_OPEN_UNSUP_VERSION
,
819 (u_int8_t
*)&maxver
, 2);
823 /* Check neighbor as number. */
824 if (peer
->as_type
== AS_UNSPECIFIED
) {
825 if (bgp_debug_neighbor_events(peer
))
827 "%s bad OPEN, remote AS is unspecified currently",
829 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
830 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
831 notify_data_remote_as
, 2);
833 } else if (peer
->as_type
== AS_INTERNAL
) {
834 if (remote_as
!= peer
->bgp
->as
) {
835 if (bgp_debug_neighbor_events(peer
))
837 "%s bad OPEN, remote AS is %u, internal specified",
838 peer
->host
, remote_as
);
839 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
840 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
841 notify_data_remote_as
, 2);
844 peer
->as
= peer
->local_as
;
845 } else if (peer
->as_type
== AS_EXTERNAL
) {
846 if (remote_as
== peer
->bgp
->as
) {
847 if (bgp_debug_neighbor_events(peer
))
849 "%s bad OPEN, remote AS is %u, external specified",
850 peer
->host
, remote_as
);
851 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
852 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
853 notify_data_remote_as
, 2);
856 peer
->as
= remote_as
;
857 } else if ((peer
->as_type
== AS_SPECIFIED
) && (remote_as
!= peer
->as
)) {
858 if (bgp_debug_neighbor_events(peer
))
859 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
860 peer
->host
, remote_as
, peer
->as
);
861 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
862 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
863 notify_data_remote_as
, 2);
867 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
868 calculate the value of the Hold Timer by using the smaller of its
869 configured Hold Time and the Hold Time received in the OPEN message.
870 The Hold Time MUST be either zero or at least three seconds. An
871 implementation may reject connections on the basis of the Hold Time.
874 if (holdtime
< 3 && holdtime
!= 0) {
875 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
876 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME
,
877 (u_char
*)holdtime_ptr
, 2);
881 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
882 would be one third of the Hold Time interval. KEEPALIVE messages
883 MUST NOT be sent more frequently than one per second. An
884 implementation MAY adjust the rate at which it sends KEEPALIVE
885 messages as a function of the Hold Time interval. */
887 if (PEER_OR_GROUP_TIMER_SET(peer
))
888 send_holdtime
= peer
->holdtime
;
890 send_holdtime
= peer
->bgp
->default_holdtime
;
892 if (holdtime
< send_holdtime
)
893 peer
->v_holdtime
= holdtime
;
895 peer
->v_holdtime
= send_holdtime
;
897 if ((PEER_OR_GROUP_TIMER_SET(peer
))
898 && (peer
->keepalive
< peer
->v_holdtime
/ 3))
899 peer
->v_keepalive
= peer
->keepalive
;
901 peer
->v_keepalive
= peer
->v_holdtime
/ 3;
903 /* Open option part parse. */
905 if ((ret
= bgp_open_option_parse(peer
, optlen
, &mp_capability
))
909 if (bgp_debug_neighbor_events(peer
))
910 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
915 * Assume that the peer supports the locally configured set of
916 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
917 * capabilities, or if 'override-capability' is configured.
920 || CHECK_FLAG(peer
->flags
, PEER_FLAG_OVERRIDE_CAPABILITY
)) {
921 peer
->afc_nego
[AFI_IP
][SAFI_UNICAST
] =
922 peer
->afc
[AFI_IP
][SAFI_UNICAST
];
923 peer
->afc_nego
[AFI_IP
][SAFI_MULTICAST
] =
924 peer
->afc
[AFI_IP
][SAFI_MULTICAST
];
925 peer
->afc_nego
[AFI_IP
][SAFI_LABELED_UNICAST
] =
926 peer
->afc
[AFI_IP
][SAFI_LABELED_UNICAST
];
927 peer
->afc_nego
[AFI_IP6
][SAFI_UNICAST
] =
928 peer
->afc
[AFI_IP6
][SAFI_UNICAST
];
929 peer
->afc_nego
[AFI_IP6
][SAFI_MULTICAST
] =
930 peer
->afc
[AFI_IP6
][SAFI_MULTICAST
];
931 peer
->afc_nego
[AFI_IP6
][SAFI_LABELED_UNICAST
] =
932 peer
->afc
[AFI_IP6
][SAFI_LABELED_UNICAST
];
933 peer
->afc_nego
[AFI_L2VPN
][SAFI_EVPN
] =
934 peer
->afc
[AFI_L2VPN
][SAFI_EVPN
];
937 /* When collision is detected and this peer is closed. Retrun
939 ret
= bgp_collision_detect(peer
, remote_id
);
944 if ((ret
= bgp_getsockname(peer
)) < 0) {
945 zlog_err("%s: bgp_getsockname() failed for peer: %s",
946 __FUNCTION__
, peer
->host
);
950 /* Verify valid local address present based on negotiated
951 * address-families. */
952 if (peer
->afc_nego
[AFI_IP
][SAFI_UNICAST
]
953 || peer
->afc_nego
[AFI_IP
][SAFI_LABELED_UNICAST
]
954 || peer
->afc_nego
[AFI_IP
][SAFI_MULTICAST
]
955 || peer
->afc_nego
[AFI_IP
][SAFI_MPLS_VPN
]
956 || peer
->afc_nego
[AFI_IP
][SAFI_ENCAP
]) {
957 if (!peer
->nexthop
.v4
.s_addr
) {
958 #if defined(HAVE_CUMULUS)
960 "%s: No local IPv4 addr resetting connection, fd %d",
961 peer
->host
, peer
->fd
);
962 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
,
963 BGP_NOTIFY_SUBCODE_UNSPECIFIC
);
968 if (peer
->afc_nego
[AFI_IP6
][SAFI_UNICAST
]
969 || peer
->afc_nego
[AFI_IP6
][SAFI_LABELED_UNICAST
]
970 || peer
->afc_nego
[AFI_IP6
][SAFI_MULTICAST
]
971 || peer
->afc_nego
[AFI_IP6
][SAFI_MPLS_VPN
]
972 || peer
->afc_nego
[AFI_IP6
][SAFI_ENCAP
]) {
973 if (IN6_IS_ADDR_UNSPECIFIED(&peer
->nexthop
.v6_global
)) {
974 #if defined(HAVE_CUMULUS)
976 "%s: No local IPv6 addr resetting connection, fd %d",
977 peer
->host
, peer
->fd
);
978 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
,
979 BGP_NOTIFY_SUBCODE_UNSPECIFIC
);
984 peer
->rtt
= sockopt_tcp_rtt(peer
->fd
);
986 if ((ret
= bgp_event_update(peer
, Receive_OPEN_message
)) < 0) {
987 zlog_err("%s: BGP event update failed for peer: %s",
988 __FUNCTION__
, peer
->host
);
989 /* DD: bgp send notify and reset state */
993 peer
->packet_size
= 0;
995 stream_reset(peer
->ibuf
);
1000 /* Called when there is a change in the EOR(implicit or explicit) status of a
1002 Ends the update-delay if all expected peers are done with EORs. */
1003 void bgp_check_update_delay(struct bgp
*bgp
)
1005 struct listnode
*node
, *nnode
;
1006 struct peer
*peer
= NULL
;
1008 if (bgp_debug_neighbor_events(peer
))
1009 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
1010 bgp
->established
, bgp
->restarted_peers
,
1011 bgp
->implicit_eors
, bgp
->explicit_eors
);
1013 if (bgp
->established
1014 <= bgp
->restarted_peers
+ bgp
->implicit_eors
+ bgp
->explicit_eors
) {
1015 /* This is an extra sanity check to make sure we wait for all
1017 eligible configured peers. This check is performed if
1019 timer is on, or establish wait option is not given with the
1020 update-delay command */
1021 if (bgp
->t_establish_wait
1022 || (bgp
->v_establish_wait
== bgp
->v_update_delay
))
1023 for (ALL_LIST_ELEMENTS(bgp
->peer
, node
, nnode
, peer
)) {
1024 if (CHECK_FLAG(peer
->flags
,
1025 PEER_FLAG_CONFIG_NODE
)
1026 && !CHECK_FLAG(peer
->flags
,
1028 && !peer
->update_delay_over
) {
1029 if (bgp_debug_neighbor_events(peer
))
1031 " Peer %s pending, continuing read-only mode",
1038 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1039 bgp
->restarted_peers
, bgp
->implicit_eors
,
1040 bgp
->explicit_eors
);
1041 bgp_update_delay_end(bgp
);
1045 /* Called if peer is known to have restarted. The restart-state bit in
1046 Graceful-Restart capability is used for that */
1047 void bgp_update_restarted_peers(struct peer
*peer
)
1049 if (!bgp_update_delay_active(peer
->bgp
))
1050 return; /* BGP update delay has ended */
1051 if (peer
->update_delay_over
)
1052 return; /* This peer has already been considered */
1054 if (bgp_debug_neighbor_events(peer
))
1055 zlog_debug("Peer %s: Checking restarted", peer
->host
);
1057 if (peer
->status
== Established
) {
1058 peer
->update_delay_over
= 1;
1059 peer
->bgp
->restarted_peers
++;
1060 bgp_check_update_delay(peer
->bgp
);
1064 /* Called as peer receives a keep-alive. Determines if this occurence can be
1065 taken as an implicit EOR for this peer.
1066 NOTE: The very first keep-alive after the Established state of a peer is
1067 considered implicit EOR for the update-delay purposes */
1068 void bgp_update_implicit_eors(struct peer
*peer
)
1070 if (!bgp_update_delay_active(peer
->bgp
))
1071 return; /* BGP update delay has ended */
1072 if (peer
->update_delay_over
)
1073 return; /* This peer has already been considered */
1075 if (bgp_debug_neighbor_events(peer
))
1076 zlog_debug("Peer %s: Checking implicit EORs", peer
->host
);
1078 if (peer
->status
== Established
) {
1079 peer
->update_delay_over
= 1;
1080 peer
->bgp
->implicit_eors
++;
1081 bgp_check_update_delay(peer
->bgp
);
1085 /* Should be called only when there is a change in the EOR_RECEIVED status
1086 for any afi/safi on a peer */
1087 static void bgp_update_explicit_eors(struct peer
*peer
)
1092 if (!bgp_update_delay_active(peer
->bgp
))
1093 return; /* BGP update delay has ended */
1094 if (peer
->update_delay_over
)
1095 return; /* This peer has already been considered */
1097 if (bgp_debug_neighbor_events(peer
))
1098 zlog_debug("Peer %s: Checking explicit EORs", peer
->host
);
1100 FOREACH_AFI_SAFI (afi
, safi
) {
1101 if (peer
->afc_nego
[afi
][safi
]
1102 && !CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
1103 PEER_STATUS_EOR_RECEIVED
)) {
1104 if (bgp_debug_neighbor_events(peer
))
1106 " afi %d safi %d didnt receive EOR",
1112 peer
->update_delay_over
= 1;
1113 peer
->bgp
->explicit_eors
++;
1114 bgp_check_update_delay(peer
->bgp
);
1117 /* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers
1118 * mp_withdraw, if set, is used to nullify attr structure on most of the calling
1120 * and for evpn, passed as parameter
1122 int bgp_nlri_parse(struct peer
*peer
, struct attr
*attr
,
1123 struct bgp_nlri
*packet
, int mp_withdraw
)
1125 switch (packet
->safi
) {
1127 case SAFI_MULTICAST
:
1128 return bgp_nlri_parse_ip(peer
, mp_withdraw
? NULL
: attr
,
1130 case SAFI_LABELED_UNICAST
:
1131 return bgp_nlri_parse_label(peer
, mp_withdraw
? NULL
: attr
,
1134 return bgp_nlri_parse_vpn(peer
, mp_withdraw
? NULL
: attr
,
1137 return bgp_nlri_parse_evpn(peer
, attr
, packet
, mp_withdraw
);
1143 /* Parse BGP Update packet and make attribute object. */
1144 static int bgp_update_receive(struct peer
*peer
, bgp_size_t size
)
1150 bgp_size_t attribute_len
;
1151 bgp_size_t update_len
;
1152 bgp_size_t withdraw_len
;
1161 struct bgp_nlri nlris
[NLRI_TYPE_MAX
];
1163 /* Status must be Established. */
1164 if (peer
->status
!= Established
) {
1165 zlog_err("%s [FSM] Update packet received under status %s",
1167 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
1168 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
1172 /* Set initial values. */
1173 memset(&attr
, 0, sizeof(struct attr
));
1174 attr
.label_index
= BGP_INVALID_LABEL_INDEX
;
1175 attr
.label
= MPLS_INVALID_LABEL
;
1176 memset(&nlris
, 0, sizeof(nlris
));
1177 memset(peer
->rcvd_attr_str
, 0, BUFSIZ
);
1178 peer
->rcvd_attr_printed
= 0;
1181 end
= stream_pnt(s
) + size
;
1183 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1184 Length is too large (i.e., if Unfeasible Routes Length + Total
1185 Attribute Length + 23 exceeds the message Length), then the Error
1186 Subcode is set to Malformed Attribute List. */
1187 if (stream_pnt(s
) + 2 > end
) {
1189 "%s [Error] Update packet error"
1190 " (packet length is short for unfeasible length)",
1192 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1193 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1197 /* Unfeasible Route Length. */
1198 withdraw_len
= stream_getw(s
);
1200 /* Unfeasible Route Length check. */
1201 if (stream_pnt(s
) + withdraw_len
> end
) {
1203 "%s [Error] Update packet error"
1204 " (packet unfeasible length overflow %d)",
1205 peer
->host
, withdraw_len
);
1206 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1207 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1211 /* Unfeasible Route packet format check. */
1212 if (withdraw_len
> 0) {
1213 nlris
[NLRI_WITHDRAW
].afi
= AFI_IP
;
1214 nlris
[NLRI_WITHDRAW
].safi
= SAFI_UNICAST
;
1215 nlris
[NLRI_WITHDRAW
].nlri
= stream_pnt(s
);
1216 nlris
[NLRI_WITHDRAW
].length
= withdraw_len
;
1217 stream_forward_getp(s
, withdraw_len
);
1220 /* Attribute total length check. */
1221 if (stream_pnt(s
) + 2 > end
) {
1223 "%s [Error] Packet Error"
1224 " (update packet is short for attribute length)",
1226 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1227 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1231 /* Fetch attribute total length. */
1232 attribute_len
= stream_getw(s
);
1234 /* Attribute length check. */
1235 if (stream_pnt(s
) + attribute_len
> end
) {
1237 "%s [Error] Packet Error"
1238 " (update packet attribute length overflow %d)",
1239 peer
->host
, attribute_len
);
1240 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1241 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1245 /* Certain attribute parsing errors should not be considered bad enough
1246 * to reset the session for, most particularly any partial/optional
1247 * attributes that have 'tunneled' over speakers that don't understand
1248 * them. Instead we withdraw only the prefix concerned.
1250 * Complicates the flow a little though..
1252 bgp_attr_parse_ret_t attr_parse_ret
= BGP_ATTR_PARSE_PROCEED
;
1253 /* This define morphs the update case into a withdraw when lower levels
1254 * have signalled an error condition where this is best.
1256 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1258 /* Parse attribute when it exists. */
1259 if (attribute_len
) {
1260 attr_parse_ret
= bgp_attr_parse(peer
, &attr
, attribute_len
,
1261 &nlris
[NLRI_MP_UPDATE
],
1262 &nlris
[NLRI_MP_WITHDRAW
]);
1263 if (attr_parse_ret
== BGP_ATTR_PARSE_ERROR
) {
1264 bgp_attr_unintern_sub(&attr
);
1269 /* Logging the attribute. */
1270 if (attr_parse_ret
== BGP_ATTR_PARSE_WITHDRAW
1271 || BGP_DEBUG(update
, UPDATE_IN
)
1272 || BGP_DEBUG(update
, UPDATE_PREFIX
)) {
1273 ret
= bgp_dump_attr(&attr
, peer
->rcvd_attr_str
, BUFSIZ
);
1275 if (attr_parse_ret
== BGP_ATTR_PARSE_WITHDRAW
)
1277 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1280 if (ret
&& bgp_debug_update(peer
, NULL
, NULL
, 1)) {
1281 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer
->host
,
1282 peer
->rcvd_attr_str
);
1283 peer
->rcvd_attr_printed
= 1;
1287 /* Network Layer Reachability Information. */
1288 update_len
= end
- stream_pnt(s
);
1291 /* Set NLRI portion to structure. */
1292 nlris
[NLRI_UPDATE
].afi
= AFI_IP
;
1293 nlris
[NLRI_UPDATE
].safi
= SAFI_UNICAST
;
1294 nlris
[NLRI_UPDATE
].nlri
= stream_pnt(s
);
1295 nlris
[NLRI_UPDATE
].length
= update_len
;
1296 stream_forward_getp(s
, update_len
);
1299 if (BGP_DEBUG(update
, UPDATE_IN
))
1300 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1301 peer
->host
, withdraw_len
, attribute_len
, update_len
);
1303 /* Parse any given NLRIs */
1304 for (int i
= NLRI_UPDATE
; i
< NLRI_TYPE_MAX
; i
++) {
1308 /* NLRI is processed iff the peer if configured for the specific
1310 if (!peer
->afc
[nlris
[i
].afi
][nlris
[i
].safi
]) {
1312 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1313 peer
->host
, nlris
[i
].afi
, nlris
[i
].safi
);
1317 /* EoR handled later */
1318 if (nlris
[i
].length
== 0)
1323 case NLRI_MP_UPDATE
:
1324 nlri_ret
= bgp_nlri_parse(peer
, NLRI_ATTR_ARG
,
1328 case NLRI_MP_WITHDRAW
:
1329 nlri_ret
= bgp_nlri_parse(peer
, &attr
, &nlris
[i
], 1);
1336 zlog_err("%s [Error] Error parsing NLRI", peer
->host
);
1337 if (peer
->status
== Established
)
1339 peer
, BGP_NOTIFY_UPDATE_ERR
,
1341 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1342 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR
);
1343 bgp_attr_unintern_sub(&attr
);
1350 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1351 * and MP EoR should have only an empty MP_UNREACH
1353 if ((!update_len
&& !withdraw_len
&&
1354 nlris
[NLRI_MP_UPDATE
].length
== 0) ||
1355 (attr_parse_ret
== BGP_ATTR_PARSE_EOR
)) {
1359 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1361 * update and withdraw NLRI lengths are 0.
1363 if (!attribute_len
) {
1365 safi
= SAFI_UNICAST
;
1366 } else if (attr
.flag
& ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI
)
1367 && nlris
[NLRI_MP_WITHDRAW
].length
== 0) {
1368 afi
= nlris
[NLRI_MP_WITHDRAW
].afi
;
1369 safi
= nlris
[NLRI_MP_WITHDRAW
].safi
;
1370 } else if (attr_parse_ret
== BGP_ATTR_PARSE_EOR
) {
1371 afi
= nlris
[NLRI_MP_UPDATE
].afi
;
1372 safi
= nlris
[NLRI_MP_UPDATE
].safi
;
1375 if (afi
&& peer
->afc
[afi
][safi
]) {
1376 /* End-of-RIB received */
1377 if (!CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
1378 PEER_STATUS_EOR_RECEIVED
)) {
1379 SET_FLAG(peer
->af_sflags
[afi
][safi
],
1380 PEER_STATUS_EOR_RECEIVED
);
1381 bgp_update_explicit_eors(peer
);
1384 /* NSF delete stale route */
1385 if (peer
->nsf
[afi
][safi
])
1386 bgp_clear_stale_route(peer
, afi
, safi
);
1388 if (bgp_debug_neighbor_events(peer
)) {
1389 zlog_debug("rcvd End-of-RIB for %s from %s",
1390 afi_safi_print(afi
, safi
),
1396 /* Everything is done. We unintern temporary structures which
1397 interned in bgp_attr_parse(). */
1398 bgp_attr_unintern_sub(&attr
);
1400 /* If peering is stopped due to some reason, do not generate BGP
1402 if (peer
->status
!= Established
)
1405 /* Increment packet counter. */
1407 peer
->update_time
= bgp_clock();
1409 /* Rearm holdtime timer */
1410 BGP_TIMER_OFF(peer
->t_holdtime
);
1411 bgp_timer_set(peer
);
1416 /* Notify message treatment function. */
1417 static void bgp_notify_receive(struct peer
*peer
, bgp_size_t size
)
1419 struct bgp_notify bgp_notify
;
1421 if (peer
->notify
.data
) {
1422 XFREE(MTYPE_TMP
, peer
->notify
.data
);
1423 peer
->notify
.data
= NULL
;
1424 peer
->notify
.length
= 0;
1427 bgp_notify
.code
= stream_getc(peer
->ibuf
);
1428 bgp_notify
.subcode
= stream_getc(peer
->ibuf
);
1429 bgp_notify
.length
= size
- 2;
1430 bgp_notify
.data
= NULL
;
1432 /* Preserv notify code and sub code. */
1433 peer
->notify
.code
= bgp_notify
.code
;
1434 peer
->notify
.subcode
= bgp_notify
.subcode
;
1435 /* For further diagnostic record returned Data. */
1436 if (bgp_notify
.length
) {
1437 peer
->notify
.length
= size
- 2;
1438 peer
->notify
.data
= XMALLOC(MTYPE_TMP
, size
- 2);
1439 memcpy(peer
->notify
.data
, stream_pnt(peer
->ibuf
), size
- 2);
1448 if (bgp_notify
.length
) {
1450 XMALLOC(MTYPE_TMP
, bgp_notify
.length
* 3);
1451 for (i
= 0; i
< bgp_notify
.length
; i
++)
1454 stream_getc(peer
->ibuf
));
1455 strcat(bgp_notify
.data
, c
);
1459 stream_getc(peer
->ibuf
));
1460 strcpy(bgp_notify
.data
, c
);
1462 bgp_notify
.raw_data
= (u_char
*)peer
->notify
.data
;
1465 bgp_notify_print(peer
, &bgp_notify
, "received");
1466 if (bgp_notify
.data
) {
1467 XFREE(MTYPE_TMP
, bgp_notify
.data
);
1468 bgp_notify
.data
= NULL
;
1469 bgp_notify
.length
= 0;
1473 /* peer count update */
1476 peer
->last_reset
= PEER_DOWN_NOTIFY_RECEIVED
;
1478 /* We have to check for Notify with Unsupported Optional Parameter.
1479 in that case we fallback to open without the capability option.
1480 But this done in bgp_stop. We just mark it here to avoid changing
1482 if (bgp_notify
.code
== BGP_NOTIFY_OPEN_ERR
1483 && bgp_notify
.subcode
== BGP_NOTIFY_OPEN_UNSUP_PARAM
)
1484 UNSET_FLAG(peer
->sflags
, PEER_STATUS_CAPABILITY_OPEN
);
1486 BGP_EVENT_ADD(peer
, Receive_NOTIFICATION_message
);
1489 /* Keepalive treatment function -- get keepalive send keepalive */
1490 static void bgp_keepalive_receive(struct peer
*peer
, bgp_size_t size
)
1492 if (bgp_debug_keepalive(peer
))
1493 zlog_debug("%s KEEPALIVE rcvd", peer
->host
);
1495 BGP_EVENT_ADD(peer
, Receive_KEEPALIVE_message
);
1498 /* Route refresh message is received. */
1499 static void bgp_route_refresh_receive(struct peer
*peer
, bgp_size_t size
)
1503 iana_safi_t pkt_safi
;
1506 struct peer_af
*paf
;
1507 struct update_group
*updgrp
;
1508 struct peer
*updgrp_peer
;
1510 /* If peer does not have the capability, send notification. */
1511 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_REFRESH_ADV
)) {
1512 zlog_err("%s [Error] BGP route refresh is not enabled",
1514 bgp_notify_send(peer
, BGP_NOTIFY_HEADER_ERR
,
1515 BGP_NOTIFY_HEADER_BAD_MESTYPE
);
1519 /* Status must be Established. */
1520 if (peer
->status
!= Established
) {
1522 "%s [Error] Route refresh packet received under status %s",
1524 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
1525 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
1532 pkt_afi
= stream_getw(s
);
1533 (void)stream_getc(s
);
1534 pkt_safi
= stream_getc(s
);
1536 if (bgp_debug_update(peer
, NULL
, NULL
, 0))
1537 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1538 peer
->host
, pkt_afi
, pkt_safi
);
1540 /* Convert AFI, SAFI to internal values and check. */
1541 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
1543 "%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1544 peer
->host
, pkt_afi
, pkt_safi
);
1548 if (size
!= BGP_MSG_ROUTE_REFRESH_MIN_SIZE
- BGP_HEADER_SIZE
) {
1550 u_char when_to_refresh
;
1554 if (size
- (BGP_MSG_ROUTE_REFRESH_MIN_SIZE
- BGP_HEADER_SIZE
)
1556 zlog_info("%s ORF route refresh length error",
1558 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1562 when_to_refresh
= stream_getc(s
);
1563 end
= stream_pnt(s
) + (size
- 5);
1565 while ((stream_pnt(s
) + 2) < end
) {
1566 orf_type
= stream_getc(s
);
1567 orf_len
= stream_getw(s
);
1569 /* orf_len in bounds? */
1570 if ((stream_pnt(s
) + orf_len
) > end
)
1571 break; /* XXX: Notify instead?? */
1572 if (orf_type
== ORF_TYPE_PREFIX
1573 || orf_type
== ORF_TYPE_PREFIX_OLD
) {
1574 uint8_t *p_pnt
= stream_pnt(s
);
1575 uint8_t *p_end
= stream_pnt(s
) + orf_len
;
1576 struct orf_prefix orfp
;
1581 int ret
= CMD_SUCCESS
;
1583 if (bgp_debug_neighbor_events(peer
)) {
1585 "%s rcvd Prefixlist ORF(%d) length %d",
1586 peer
->host
, orf_type
, orf_len
);
1589 /* we're going to read at least 1 byte of common
1591 * and 7 bytes of ORF Address-filter entry from
1597 /* ORF prefix-list name */
1598 sprintf(name
, "%s.%d.%d", peer
->host
, afi
,
1601 while (p_pnt
< p_end
) {
1602 /* If the ORF entry is malformed, want
1603 * to read as much of it
1604 * as possible without going beyond the
1605 * bounds of the entry,
1606 * to maximise debug information.
1610 sizeof(struct orf_prefix
));
1612 /* after ++: p_pnt <= p_end */
1614 & ORF_COMMON_PART_REMOVE_ALL
) {
1615 if (bgp_debug_neighbor_events(
1618 "%s rcvd Remove-All pfxlist ORF request",
1620 prefix_bgp_orf_remove_all(afi
,
1624 ok
= ((u_int32_t
)(p_end
- p_pnt
)
1625 >= sizeof(u_int32_t
));
1629 p_pnt
+= sizeof(u_int32_t
);
1630 orfp
.seq
= ntohl(seq
);
1634 if ((ok
= (p_pnt
< p_end
)))
1638 prefix_bgp_orf_set()
1640 if ((ok
= (p_pnt
< p_end
)))
1644 prefix_bgp_orf_set()
1646 if ((ok
= (p_pnt
< p_end
)))
1647 orfp
.p
.prefixlen
= *p_pnt
++;
1648 orfp
.p
.family
= afi2family(
1649 afi
); /* afi checked already */
1652 orfp
.p
.prefixlen
); /* 0 if not
1656 &orfp
.p
)) /* valid for
1660 psize
= prefix_blen(&orfp
.p
);
1663 > (p_end
- p_pnt
)) /* valid for
1667 psize
= p_end
- p_pnt
;
1671 memcpy(&orfp
.p
.u
.prefix
, p_pnt
,
1675 if (bgp_debug_neighbor_events(peer
)) {
1676 char buf
[INET6_BUFSIZ
];
1679 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1681 (common
& ORF_COMMON_PART_REMOVE
1684 (common
& ORF_COMMON_PART_DENY
1695 ok
? "" : " MALFORMED");
1699 ret
= prefix_bgp_orf_set(
1701 (common
& ORF_COMMON_PART_DENY
1704 (common
& ORF_COMMON_PART_REMOVE
1708 if (!ok
|| (ok
&& ret
!= CMD_SUCCESS
)) {
1710 "%s Received misformatted prefixlist ORF."
1711 " Remove All pfxlist",
1713 prefix_bgp_orf_remove_all(afi
,
1719 peer
->orf_plist
[afi
][safi
] =
1720 prefix_bgp_orf_lookup(afi
, name
);
1722 stream_forward_getp(s
, orf_len
);
1724 if (bgp_debug_neighbor_events(peer
))
1725 zlog_debug("%s rcvd Refresh %s ORF request", peer
->host
,
1726 when_to_refresh
== REFRESH_DEFER
1729 if (when_to_refresh
== REFRESH_DEFER
)
1733 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1734 if (CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
1735 PEER_STATUS_ORF_WAIT_REFRESH
))
1736 UNSET_FLAG(peer
->af_sflags
[afi
][safi
],
1737 PEER_STATUS_ORF_WAIT_REFRESH
);
1739 paf
= peer_af_find(peer
, afi
, safi
);
1740 if (paf
&& paf
->subgroup
) {
1741 if (peer
->orf_plist
[afi
][safi
]) {
1742 updgrp
= PAF_UPDGRP(paf
);
1743 updgrp_peer
= UPDGRP_PEER(updgrp
);
1744 updgrp_peer
->orf_plist
[afi
][safi
] =
1745 peer
->orf_plist
[afi
][safi
];
1748 /* If the peer is configured for default-originate clear the
1749 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
1753 if (CHECK_FLAG(paf
->subgroup
->sflags
,
1754 SUBGRP_STATUS_DEFAULT_ORIGINATE
))
1755 UNSET_FLAG(paf
->subgroup
->sflags
,
1756 SUBGRP_STATUS_DEFAULT_ORIGINATE
);
1759 /* Perform route refreshment to the peer */
1760 bgp_announce_route(peer
, afi
, safi
);
1763 static int bgp_capability_msg_parse(struct peer
*peer
, u_char
*pnt
,
1767 struct capability_mp_data mpc
;
1768 struct capability_header
*hdr
;
1772 iana_safi_t pkt_safi
;
1778 /* We need at least action, capability code and capability
1780 if (pnt
+ 3 > end
) {
1781 zlog_info("%s Capability length error", peer
->host
);
1782 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1786 hdr
= (struct capability_header
*)(pnt
+ 1);
1788 /* Action value check. */
1789 if (action
!= CAPABILITY_ACTION_SET
1790 && action
!= CAPABILITY_ACTION_UNSET
) {
1791 zlog_info("%s Capability Action Value error %d",
1792 peer
->host
, action
);
1793 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1797 if (bgp_debug_neighbor_events(peer
))
1799 "%s CAPABILITY has action: %d, code: %u, length %u",
1800 peer
->host
, action
, hdr
->code
, hdr
->length
);
1802 /* Capability length check. */
1803 if ((pnt
+ hdr
->length
+ 3) > end
) {
1804 zlog_info("%s Capability length error", peer
->host
);
1805 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1809 /* Fetch structure to the byte stream. */
1810 memcpy(&mpc
, pnt
+ 3, sizeof(struct capability_mp_data
));
1811 pnt
+= hdr
->length
+ 3;
1813 /* We know MP Capability Code. */
1814 if (hdr
->code
== CAPABILITY_CODE_MP
) {
1815 pkt_afi
= ntohs(mpc
.afi
);
1816 pkt_safi
= mpc
.safi
;
1818 /* Ignore capability when override-capability is set. */
1819 if (CHECK_FLAG(peer
->flags
,
1820 PEER_FLAG_OVERRIDE_CAPABILITY
))
1823 /* Convert AFI, SAFI to internal values. */
1824 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
,
1826 if (bgp_debug_neighbor_events(peer
))
1828 "%s Dynamic Capability MP_EXT afi/safi invalid "
1830 peer
->host
, pkt_afi
, pkt_safi
);
1834 /* Address family check. */
1835 if (bgp_debug_neighbor_events(peer
))
1837 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
1839 action
== CAPABILITY_ACTION_SET
1844 if (action
== CAPABILITY_ACTION_SET
) {
1845 peer
->afc_recv
[afi
][safi
] = 1;
1846 if (peer
->afc
[afi
][safi
]) {
1847 peer
->afc_nego
[afi
][safi
] = 1;
1848 bgp_announce_route(peer
, afi
, safi
);
1851 peer
->afc_recv
[afi
][safi
] = 0;
1852 peer
->afc_nego
[afi
][safi
] = 0;
1854 if (peer_active_nego(peer
))
1855 bgp_clear_route(peer
, afi
, safi
);
1857 BGP_EVENT_ADD(peer
, BGP_Stop
);
1861 "%s unrecognized capability code: %d - ignored",
1862 peer
->host
, hdr
->code
);
1868 /* Dynamic Capability is received.
1870 * This is exported for unit-test purposes
1872 int bgp_capability_receive(struct peer
*peer
, bgp_size_t size
)
1876 /* Fetch pointer. */
1877 pnt
= stream_pnt(peer
->ibuf
);
1879 if (bgp_debug_neighbor_events(peer
))
1880 zlog_debug("%s rcv CAPABILITY", peer
->host
);
1882 /* If peer does not have the capability, send notification. */
1883 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_DYNAMIC_ADV
)) {
1884 zlog_err("%s [Error] BGP dynamic capability is not enabled",
1886 bgp_notify_send(peer
, BGP_NOTIFY_HEADER_ERR
,
1887 BGP_NOTIFY_HEADER_BAD_MESTYPE
);
1891 /* Status must be Established. */
1892 if (peer
->status
!= Established
) {
1894 "%s [Error] Dynamic capability packet received under status %s",
1896 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
1897 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
1902 return bgp_capability_msg_parse(peer
, pnt
, size
);
1905 /* BGP read utility function. */
1906 static int bgp_read_packet(struct peer
*peer
)
1911 readsize
= peer
->packet_size
- stream_get_endp(peer
->ibuf
);
1913 /* If size is zero then return. */
1917 /* Read packet from fd. */
1918 nbytes
= stream_read_try(peer
->ibuf
, peer
->fd
, readsize
);
1920 /* If read byte is smaller than zero then error occured. */
1922 /* Transient error should retry */
1926 zlog_err("%s [Error] bgp_read_packet error: %s", peer
->host
,
1927 safe_strerror(errno
));
1929 if (peer
->status
== Established
) {
1930 if (CHECK_FLAG(peer
->sflags
, PEER_STATUS_NSF_MODE
)) {
1931 peer
->last_reset
= PEER_DOWN_NSF_CLOSE_SESSION
;
1932 SET_FLAG(peer
->sflags
, PEER_STATUS_NSF_WAIT
);
1934 peer
->last_reset
= PEER_DOWN_CLOSE_SESSION
;
1937 BGP_EVENT_ADD(peer
, TCP_fatal_error
);
1941 /* When read byte is zero : clear bgp peer and return */
1943 if (bgp_debug_neighbor_events(peer
))
1944 zlog_debug("%s [Event] BGP connection closed fd %d",
1945 peer
->host
, peer
->fd
);
1947 if (peer
->status
== Established
) {
1948 if (CHECK_FLAG(peer
->sflags
, PEER_STATUS_NSF_MODE
)) {
1949 peer
->last_reset
= PEER_DOWN_NSF_CLOSE_SESSION
;
1950 SET_FLAG(peer
->sflags
, PEER_STATUS_NSF_WAIT
);
1952 peer
->last_reset
= PEER_DOWN_CLOSE_SESSION
;
1955 BGP_EVENT_ADD(peer
, TCP_connection_closed
);
1959 /* We read partial packet. */
1960 if (stream_get_endp(peer
->ibuf
) != peer
->packet_size
)
1967 static int bgp_marker_all_one(struct stream
*s
, int length
)
1971 for (i
= 0; i
< length
; i
++)
1972 if (s
->data
[i
] != 0xff)
1978 /* Starting point of packet process function. */
1979 int bgp_read(struct thread
*thread
)
1985 char notify_data_length
[2];
1986 u_int32_t notify_out
;
1988 /* Yes first of all get peer pointer. */
1989 peer
= THREAD_ARG(thread
);
1990 peer
->t_read
= NULL
;
1992 /* Note notify_out so we can check later to see if we sent another one
1994 notify_out
= peer
->notify_out
;
1997 zlog_err("bgp_read(): peer's fd is negative value %d",
2002 BGP_READ_ON(peer
->t_read
, bgp_read
, peer
->fd
);
2004 /* Read packet header to determine type of the packet */
2005 if (peer
->packet_size
== 0)
2006 peer
->packet_size
= BGP_HEADER_SIZE
;
2008 if (stream_get_endp(peer
->ibuf
) < BGP_HEADER_SIZE
) {
2009 ret
= bgp_read_packet(peer
);
2011 /* Header read error or partial read packet. */
2015 /* Get size and type. */
2016 stream_forward_getp(peer
->ibuf
, BGP_MARKER_SIZE
);
2017 memcpy(notify_data_length
, stream_pnt(peer
->ibuf
), 2);
2018 size
= stream_getw(peer
->ibuf
);
2019 type
= stream_getc(peer
->ibuf
);
2022 if (((type
== BGP_MSG_OPEN
) || (type
== BGP_MSG_KEEPALIVE
))
2023 && !bgp_marker_all_one(peer
->ibuf
, BGP_MARKER_SIZE
)) {
2024 bgp_notify_send(peer
, BGP_NOTIFY_HEADER_ERR
,
2025 BGP_NOTIFY_HEADER_NOT_SYNC
);
2029 /* BGP type check. */
2030 if (type
!= BGP_MSG_OPEN
&& type
!= BGP_MSG_UPDATE
2031 && type
!= BGP_MSG_NOTIFY
&& type
!= BGP_MSG_KEEPALIVE
2032 && type
!= BGP_MSG_ROUTE_REFRESH_NEW
2033 && type
!= BGP_MSG_ROUTE_REFRESH_OLD
2034 && type
!= BGP_MSG_CAPABILITY
) {
2035 if (bgp_debug_neighbor_events(peer
))
2036 zlog_debug("%s unknown message type 0x%02x",
2038 bgp_notify_send_with_data(peer
, BGP_NOTIFY_HEADER_ERR
,
2039 BGP_NOTIFY_HEADER_BAD_MESTYPE
,
2043 /* Mimimum packet length check. */
2044 if ((size
< BGP_HEADER_SIZE
) || (size
> BGP_MAX_PACKET_SIZE
)
2045 || (type
== BGP_MSG_OPEN
&& size
< BGP_MSG_OPEN_MIN_SIZE
)
2046 || (type
== BGP_MSG_UPDATE
2047 && size
< BGP_MSG_UPDATE_MIN_SIZE
)
2048 || (type
== BGP_MSG_NOTIFY
2049 && size
< BGP_MSG_NOTIFY_MIN_SIZE
)
2050 || (type
== BGP_MSG_KEEPALIVE
2051 && size
!= BGP_MSG_KEEPALIVE_MIN_SIZE
)
2052 || (type
== BGP_MSG_ROUTE_REFRESH_NEW
2053 && size
< BGP_MSG_ROUTE_REFRESH_MIN_SIZE
)
2054 || (type
== BGP_MSG_ROUTE_REFRESH_OLD
2055 && size
< BGP_MSG_ROUTE_REFRESH_MIN_SIZE
)
2056 || (type
== BGP_MSG_CAPABILITY
2057 && size
< BGP_MSG_CAPABILITY_MIN_SIZE
)) {
2058 if (bgp_debug_neighbor_events(peer
))
2059 zlog_debug("%s bad message length - %d for %s",
2063 : bgp_type_str
[(int)type
]);
2064 bgp_notify_send_with_data(peer
, BGP_NOTIFY_HEADER_ERR
,
2065 BGP_NOTIFY_HEADER_BAD_MESLEN
,
2066 (u_char
*)notify_data_length
,
2071 /* Adjust size to message length. */
2072 peer
->packet_size
= size
;
2075 ret
= bgp_read_packet(peer
);
2079 /* Get size and type again. */
2080 (void)stream_getw_from(peer
->ibuf
, BGP_MARKER_SIZE
);
2081 type
= stream_getc_from(peer
->ibuf
, BGP_MARKER_SIZE
+ 2);
2083 /* BGP packet dump function. */
2084 bgp_dump_packet(peer
, type
, peer
->ibuf
);
2086 size
= (peer
->packet_size
- BGP_HEADER_SIZE
);
2088 /* Read rest of the packet and call each sort of packet routine */
2092 bgp_open_receive(peer
, size
); /* XXX return value ignored! */
2094 case BGP_MSG_UPDATE
:
2095 peer
->readtime
= monotime(NULL
);
2096 bgp_update_receive(peer
, size
);
2098 case BGP_MSG_NOTIFY
:
2099 bgp_notify_receive(peer
, size
);
2101 case BGP_MSG_KEEPALIVE
:
2102 peer
->readtime
= monotime(NULL
);
2103 bgp_keepalive_receive(peer
, size
);
2105 case BGP_MSG_ROUTE_REFRESH_NEW
:
2106 case BGP_MSG_ROUTE_REFRESH_OLD
:
2108 bgp_route_refresh_receive(peer
, size
);
2110 case BGP_MSG_CAPABILITY
:
2111 peer
->dynamic_cap_in
++;
2112 bgp_capability_receive(peer
, size
);
2116 /* If reading this packet caused us to send a NOTIFICATION then store a
2118 * of the packet for troubleshooting purposes
2120 if (notify_out
< peer
->notify_out
) {
2121 memcpy(peer
->last_reset_cause
, peer
->ibuf
->data
,
2123 peer
->last_reset_cause_size
= peer
->packet_size
;
2124 notify_out
= peer
->notify_out
;
2127 /* Clear input buffer. */
2128 peer
->packet_size
= 0;
2130 stream_reset(peer
->ibuf
);
2133 /* If reading this packet caused us to send a NOTIFICATION then store a
2135 * of the packet for troubleshooting purposes
2137 if (notify_out
< peer
->notify_out
) {
2138 memcpy(peer
->last_reset_cause
, peer
->ibuf
->data
,
2140 peer
->last_reset_cause_size
= peer
->packet_size
;