]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #839 from Orange-OpenSource/TE
[mirror_frr.git] / bgpd / bgp_packet.c
1 /* BGP packet management routine.
2 * Copyright (C) 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "stream.h"
25 #include "network.h"
26 #include "prefix.h"
27 #include "command.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "sockunion.h" /* for inet_ntop () */
31 #include "sockopt.h"
32 #include "linklist.h"
33 #include "plist.h"
34 #include "queue.h"
35 #include "filter.h"
36
37 #include "bgpd/bgpd.h"
38 #include "bgpd/bgp_table.h"
39 #include "bgpd/bgp_dump.h"
40 #include "bgpd/bgp_attr.h"
41 #include "bgpd/bgp_debug.h"
42 #include "bgpd/bgp_fsm.h"
43 #include "bgpd/bgp_route.h"
44 #include "bgpd/bgp_packet.h"
45 #include "bgpd/bgp_open.h"
46 #include "bgpd/bgp_aspath.h"
47 #include "bgpd/bgp_community.h"
48 #include "bgpd/bgp_ecommunity.h"
49 #include "bgpd/bgp_lcommunity.h"
50 #include "bgpd/bgp_network.h"
51 #include "bgpd/bgp_mplsvpn.h"
52 #include "bgpd/bgp_evpn.h"
53 #include "bgpd/bgp_advertise.h"
54 #include "bgpd/bgp_vty.h"
55 #include "bgpd/bgp_updgrp.h"
56 #include "bgpd/bgp_label.h"
57
58 /* Set up BGP packet marker and packet type. */
59 int bgp_packet_set_marker(struct stream *s, u_char type)
60 {
61 int i;
62
63 /* Fill in marker. */
64 for (i = 0; i < BGP_MARKER_SIZE; i++)
65 stream_putc(s, 0xff);
66
67 /* Dummy total length. This field is should be filled in later on. */
68 stream_putw(s, 0);
69
70 /* BGP packet type. */
71 stream_putc(s, type);
72
73 /* Return current stream size. */
74 return stream_get_endp(s);
75 }
76
77 /* Set BGP packet header size entry. If size is zero then use current
78 stream size. */
79 int bgp_packet_set_size(struct stream *s)
80 {
81 int cp;
82
83 /* Preserve current pointer. */
84 cp = stream_get_endp(s);
85 stream_putw_at(s, BGP_MARKER_SIZE, cp);
86
87 return cp;
88 }
89
90 /* Add new packet to the peer. */
91 void bgp_packet_add(struct peer *peer, struct stream *s)
92 {
93 /* Add packet to the end of list. */
94 stream_fifo_push(peer->obuf, s);
95 }
96
97 /* Free first packet. */
98 static void bgp_packet_delete(struct peer *peer)
99 {
100 stream_free(stream_fifo_pop(peer->obuf));
101 }
102
103 /* Check file descriptor whether connect is established. */
104 int bgp_connect_check(struct peer *peer, int change_state)
105 {
106 int status;
107 socklen_t slen;
108 int ret;
109
110 /* Anyway I have to reset read and write thread. */
111 BGP_READ_OFF(peer->t_read);
112 BGP_WRITE_OFF(peer->t_write);
113
114 /* Check file descriptor. */
115 slen = sizeof(status);
116 ret = getsockopt(peer->fd, SOL_SOCKET, SO_ERROR, (void *)&status,
117 &slen);
118
119 /* If getsockopt is fail, this is fatal error. */
120 if (ret < 0) {
121 zlog_info("can't get sockopt for nonblocking connect");
122 BGP_EVENT_ADD(peer, TCP_fatal_error);
123 return -1;
124 }
125
126 /* When status is 0 then TCP connection is established. */
127 if (status == 0) {
128 BGP_EVENT_ADD(peer, TCP_connection_open);
129 return 1;
130 } else {
131 if (bgp_debug_neighbor_events(peer))
132 zlog_debug("%s [Event] Connect failed (%s)", peer->host,
133 safe_strerror(errno));
134 if (change_state)
135 BGP_EVENT_ADD(peer, TCP_connection_open_failed);
136 return 0;
137 }
138 }
139
140 static struct stream *bgp_update_packet_eor(struct peer *peer, afi_t afi,
141 safi_t safi)
142 {
143 struct stream *s;
144 iana_afi_t pkt_afi;
145 safi_t pkt_safi;
146
147 if (DISABLE_BGP_ANNOUNCE)
148 return NULL;
149
150 if (bgp_debug_neighbor_events(peer))
151 zlog_debug("send End-of-RIB for %s to %s",
152 afi_safi_print(afi, safi), peer->host);
153
154 s = stream_new(BGP_MAX_PACKET_SIZE);
155
156 /* Make BGP update packet. */
157 bgp_packet_set_marker(s, BGP_MSG_UPDATE);
158
159 /* Unfeasible Routes Length */
160 stream_putw(s, 0);
161
162 if (afi == AFI_IP && safi == SAFI_UNICAST) {
163 /* Total Path Attribute Length */
164 stream_putw(s, 0);
165 } else {
166 /* Convert AFI, SAFI to values for packet. */
167 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
168
169 /* Total Path Attribute Length */
170 stream_putw(s, 6);
171 stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
172 stream_putc(s, BGP_ATTR_MP_UNREACH_NLRI);
173 stream_putc(s, 3);
174 stream_putw(s, pkt_afi);
175 stream_putc(s, pkt_safi);
176 }
177
178 bgp_packet_set_size(s);
179 bgp_packet_add(peer, s);
180 return s;
181 }
182
183 /* Get next packet to be written. */
184 static struct stream *bgp_write_packet(struct peer *peer)
185 {
186 struct stream *s = NULL;
187 struct peer_af *paf;
188 struct bpacket *next_pkt;
189 afi_t afi;
190 safi_t safi;
191
192 s = stream_fifo_head(peer->obuf);
193 if (s)
194 return s;
195
196 /*
197 * The code beyond this part deals with update packets, proceed only
198 * if peer is Established and updates are not on hold (as part of
199 * update-delay post processing).
200 */
201 if (peer->status != Established)
202 return NULL;
203
204 if (peer->bgp && peer->bgp->main_peers_update_hold)
205 return NULL;
206
207 for (afi = AFI_IP; afi < AFI_MAX; afi++)
208 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
209 paf = peer_af_find(peer, afi, safi);
210 if (!paf || !PAF_SUBGRP(paf))
211 continue;
212 next_pkt = paf->next_pkt_to_send;
213
214 /* Try to generate a packet for the peer if we are at
215 * the end of
216 * the list. Always try to push out WITHDRAWs first. */
217 if (!next_pkt || !next_pkt->buffer) {
218 next_pkt = subgroup_withdraw_packet(
219 PAF_SUBGRP(paf));
220 if (!next_pkt || !next_pkt->buffer)
221 subgroup_update_packet(PAF_SUBGRP(paf));
222 next_pkt = paf->next_pkt_to_send;
223 }
224
225 /* If we still don't have a packet to send to the peer,
226 * then
227 * try to find out out if we have to send eor or if not,
228 * skip to
229 * the next AFI, SAFI.
230 * Don't send the EOR prematurely... if the subgroup's
231 * coalesce
232 * timer is running, the adjacency-out structure is not
233 * created
234 * yet.
235 */
236 if (!next_pkt || !next_pkt->buffer) {
237 if (CHECK_FLAG(peer->cap,
238 PEER_CAP_RESTART_RCV)) {
239 if (!(PAF_SUBGRP(paf))->t_coalesce
240 && peer->afc_nego[afi][safi]
241 && peer->synctime
242 && !CHECK_FLAG(
243 peer->af_sflags[afi]
244 [safi],
245 PEER_STATUS_EOR_SEND)) {
246 SET_FLAG(peer->af_sflags[afi]
247 [safi],
248 PEER_STATUS_EOR_SEND);
249 return bgp_update_packet_eor(
250 peer, afi, safi);
251 }
252 }
253 continue;
254 }
255
256
257 /*
258 * Found a packet template to send, overwrite packet
259 * with appropriate
260 * attributes from peer and advance peer
261 */
262 s = bpacket_reformat_for_peer(next_pkt, paf);
263 bpacket_queue_advance_peer(paf);
264 return s;
265 }
266
267 return NULL;
268 }
269
270 /* The next action for the peer from a write perspective */
271 static void bgp_write_proceed_actions(struct peer *peer)
272 {
273 afi_t afi;
274 safi_t safi;
275 struct peer_af *paf;
276 struct bpacket *next_pkt;
277 int fullq_found = 0;
278 struct update_subgroup *subgrp;
279
280 if (stream_fifo_head(peer->obuf)) {
281 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
282 return;
283 }
284
285 for (afi = AFI_IP; afi < AFI_MAX; afi++)
286 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
287 paf = peer_af_find(peer, afi, safi);
288 if (!paf)
289 continue;
290 subgrp = paf->subgroup;
291 if (!subgrp)
292 continue;
293
294 next_pkt = paf->next_pkt_to_send;
295 if (next_pkt && next_pkt->buffer) {
296 BGP_WRITE_ON(peer->t_write, bgp_write,
297 peer->fd);
298 return;
299 }
300
301 /* No packets readily available for AFI/SAFI, are there
302 * subgroup packets
303 * that need to be generated? */
304 if (bpacket_queue_is_full(SUBGRP_INST(subgrp),
305 SUBGRP_PKTQ(subgrp)))
306 fullq_found = 1;
307 else if (subgroup_packets_to_build(subgrp)) {
308 BGP_WRITE_ON(peer->t_write, bgp_write,
309 peer->fd);
310 return;
311 }
312
313 /* No packets to send, see if EOR is pending */
314 if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
315 if (!subgrp->t_coalesce
316 && peer->afc_nego[afi][safi]
317 && peer->synctime
318 && !CHECK_FLAG(peer->af_sflags[afi][safi],
319 PEER_STATUS_EOR_SEND)
320 && safi != SAFI_MPLS_VPN) {
321 BGP_WRITE_ON(peer->t_write, bgp_write,
322 peer->fd);
323 return;
324 }
325 }
326 }
327 if (fullq_found) {
328 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
329 return;
330 }
331 }
332
333 /* Write packet to the peer. */
334 int bgp_write(struct thread *thread)
335 {
336 struct peer *peer;
337 u_char type;
338 struct stream *s;
339 int num;
340 int update_last_write = 0;
341 unsigned int count = 0;
342 unsigned int oc = 0;
343
344 /* Yes first of all get peer pointer. */
345 peer = THREAD_ARG(thread);
346 peer->t_write = NULL;
347
348 /* For non-blocking IO check. */
349 if (peer->status == Connect) {
350 bgp_connect_check(peer, 1);
351 return 0;
352 }
353
354 s = bgp_write_packet(peer);
355 if (!s) {
356 bgp_write_proceed_actions(peer);
357 return 0;
358 }
359
360 sockopt_cork(peer->fd, 1);
361
362 oc = peer->update_out;
363
364 /* Nonblocking write until TCP output buffer is full. */
365 do {
366 int writenum;
367
368 /* Number of bytes to be sent. */
369 writenum = stream_get_endp(s) - stream_get_getp(s);
370
371 /* Call write() system call. */
372 num = write(peer->fd, STREAM_PNT(s), writenum);
373 if (num < 0) {
374 /* write failed either retry needed or error */
375 if (ERRNO_IO_RETRY(errno))
376 break;
377
378 BGP_EVENT_ADD(peer, TCP_fatal_error);
379 return 0;
380 }
381
382 if (num != writenum) {
383 /* Partial write */
384 stream_forward_getp(s, num);
385 break;
386 }
387
388 /* Retrieve BGP packet type. */
389 stream_set_getp(s, BGP_MARKER_SIZE + 2);
390 type = stream_getc(s);
391
392 switch (type) {
393 case BGP_MSG_OPEN:
394 peer->open_out++;
395 break;
396 case BGP_MSG_UPDATE:
397 peer->update_out++;
398 break;
399 case BGP_MSG_NOTIFY:
400 peer->notify_out++;
401 /* Double start timer. */
402 peer->v_start *= 2;
403
404 /* Overflow check. */
405 if (peer->v_start >= (60 * 2))
406 peer->v_start = (60 * 2);
407
408 /* Flush any existing events */
409 BGP_EVENT_ADD(peer, BGP_Stop);
410 goto done;
411
412 case BGP_MSG_KEEPALIVE:
413 peer->keepalive_out++;
414 break;
415 case BGP_MSG_ROUTE_REFRESH_NEW:
416 case BGP_MSG_ROUTE_REFRESH_OLD:
417 peer->refresh_out++;
418 break;
419 case BGP_MSG_CAPABILITY:
420 peer->dynamic_cap_out++;
421 break;
422 }
423
424 /* OK we send packet so delete it. */
425 bgp_packet_delete(peer);
426 update_last_write = 1;
427 } while (++count < peer->bgp->wpkt_quanta
428 && (s = bgp_write_packet(peer)) != NULL);
429
430 bgp_write_proceed_actions(peer);
431
432 done:
433 /* Update last_update if UPDATEs were written. */
434 if (peer->update_out > oc)
435 peer->last_update = bgp_clock();
436
437 /* If we TXed any flavor of packet update last_write */
438 if (update_last_write)
439 peer->last_write = bgp_clock();
440
441 sockopt_cork(peer->fd, 0);
442 return 0;
443 }
444
445 /* This is only for sending NOTIFICATION message to neighbor. */
446 static int bgp_write_notify(struct peer *peer)
447 {
448 int ret, val;
449 u_char type;
450 struct stream *s;
451
452 /* There should be at least one packet. */
453 s = stream_fifo_head(peer->obuf);
454 if (!s)
455 return 0;
456 assert(stream_get_endp(s) >= BGP_HEADER_SIZE);
457
458 /* Stop collecting data within the socket */
459 sockopt_cork(peer->fd, 0);
460
461 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
462 * we only care about getting a clean shutdown at this point. */
463 ret = write(peer->fd, STREAM_DATA(s), stream_get_endp(s));
464
465 /* only connection reset/close gets counted as TCP_fatal_error, failure
466 * to write the entire NOTIFY doesn't get different FSM treatment */
467 if (ret <= 0) {
468 BGP_EVENT_ADD(peer, TCP_fatal_error);
469 return 0;
470 }
471
472 /* Disable Nagle, make NOTIFY packet go out right away */
473 val = 1;
474 (void)setsockopt(peer->fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val,
475 sizeof(val));
476
477 /* Retrieve BGP packet type. */
478 stream_set_getp(s, BGP_MARKER_SIZE + 2);
479 type = stream_getc(s);
480
481 assert(type == BGP_MSG_NOTIFY);
482
483 /* Type should be notify. */
484 peer->notify_out++;
485
486 /* Double start timer. */
487 peer->v_start *= 2;
488
489 /* Overflow check. */
490 if (peer->v_start >= (60 * 2))
491 peer->v_start = (60 * 2);
492
493 /* Handle Graceful Restart case where the state changes to
494 Connect instead of Idle */
495 BGP_EVENT_ADD(peer, BGP_Stop);
496
497 return 0;
498 }
499
500 /* Make keepalive packet and send it to the peer. */
501 void bgp_keepalive_send(struct peer *peer)
502 {
503 struct stream *s;
504
505 s = stream_new(BGP_MAX_PACKET_SIZE);
506
507 /* Make keepalive packet. */
508 bgp_packet_set_marker(s, BGP_MSG_KEEPALIVE);
509
510 /* Set packet size. */
511 (void)bgp_packet_set_size(s);
512
513 /* Dump packet if debug option is set. */
514 /* bgp_packet_dump (s); */
515
516 if (bgp_debug_keepalive(peer))
517 zlog_debug("%s sending KEEPALIVE", peer->host);
518
519 /* Add packet to the peer. */
520 bgp_packet_add(peer, s);
521
522 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
523 }
524
525 /* Make open packet and send it to the peer. */
526 void bgp_open_send(struct peer *peer)
527 {
528 struct stream *s;
529 u_int16_t send_holdtime;
530 as_t local_as;
531
532 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
533 send_holdtime = peer->holdtime;
534 else
535 send_holdtime = peer->bgp->default_holdtime;
536
537 /* local-as Change */
538 if (peer->change_local_as)
539 local_as = peer->change_local_as;
540 else
541 local_as = peer->local_as;
542
543 s = stream_new(BGP_MAX_PACKET_SIZE);
544
545 /* Make open packet. */
546 bgp_packet_set_marker(s, BGP_MSG_OPEN);
547
548 /* Set open packet values. */
549 stream_putc(s, BGP_VERSION_4); /* BGP version */
550 stream_putw(s,
551 (local_as <= BGP_AS_MAX) ? (u_int16_t)local_as
552 : BGP_AS_TRANS);
553 stream_putw(s, send_holdtime); /* Hold Time */
554 stream_put_in_addr(s, &peer->local_id); /* BGP Identifier */
555
556 /* Set capability code. */
557 bgp_open_capability(s, peer);
558
559 /* Set BGP packet length. */
560 (void)bgp_packet_set_size(s);
561
562 if (bgp_debug_neighbor_events(peer))
563 zlog_debug(
564 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
565 peer->host, BGP_VERSION_4, local_as, send_holdtime,
566 inet_ntoa(peer->local_id));
567
568 /* Dump packet if debug option is set. */
569 /* bgp_packet_dump (s); */
570
571 /* Add packet to the peer. */
572 bgp_packet_add(peer, s);
573
574 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
575 }
576
577 /* Send BGP notify packet with data potion. */
578 void bgp_notify_send_with_data(struct peer *peer, u_char code, u_char sub_code,
579 u_char *data, size_t datalen)
580 {
581 struct stream *s;
582 int length;
583
584 /* Allocate new stream. */
585 s = stream_new(BGP_MAX_PACKET_SIZE);
586
587 /* Make nitify packet. */
588 bgp_packet_set_marker(s, BGP_MSG_NOTIFY);
589
590 /* Set notify packet values. */
591 stream_putc(s, code); /* BGP notify code */
592 stream_putc(s, sub_code); /* BGP notify sub_code */
593
594 /* If notify data is present. */
595 if (data)
596 stream_write(s, data, datalen);
597
598 /* Set BGP packet length. */
599 length = bgp_packet_set_size(s);
600
601 /* Add packet to the peer. */
602 stream_fifo_clean(peer->obuf);
603 bgp_packet_add(peer, s);
604
605 /* For debug */
606 {
607 struct bgp_notify bgp_notify;
608 int first = 0;
609 int i;
610 char c[4];
611
612 bgp_notify.code = code;
613 bgp_notify.subcode = sub_code;
614 bgp_notify.data = NULL;
615 bgp_notify.length = length - BGP_MSG_NOTIFY_MIN_SIZE;
616 bgp_notify.raw_data = data;
617
618 peer->notify.code = bgp_notify.code;
619 peer->notify.subcode = bgp_notify.subcode;
620
621 if (bgp_notify.length) {
622 bgp_notify.data =
623 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
624 for (i = 0; i < bgp_notify.length; i++)
625 if (first) {
626 sprintf(c, " %02x", data[i]);
627 strcat(bgp_notify.data, c);
628 } else {
629 first = 1;
630 sprintf(c, "%02x", data[i]);
631 strcpy(bgp_notify.data, c);
632 }
633 }
634 bgp_notify_print(peer, &bgp_notify, "sending");
635
636 if (bgp_notify.data) {
637 XFREE(MTYPE_TMP, bgp_notify.data);
638 bgp_notify.data = NULL;
639 bgp_notify.length = 0;
640 }
641 }
642
643 /* peer reset cause */
644 if (code == BGP_NOTIFY_CEASE) {
645 if (sub_code == BGP_NOTIFY_CEASE_ADMIN_RESET)
646 peer->last_reset = PEER_DOWN_USER_RESET;
647 else if (sub_code == BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN)
648 peer->last_reset = PEER_DOWN_USER_SHUTDOWN;
649 else
650 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
651 } else
652 peer->last_reset = PEER_DOWN_NOTIFY_SEND;
653
654 /* Call immediately. */
655 BGP_WRITE_OFF(peer->t_write);
656
657 bgp_write_notify(peer);
658 }
659
660 /* Send BGP notify packet. */
661 void bgp_notify_send(struct peer *peer, u_char code, u_char sub_code)
662 {
663 bgp_notify_send_with_data(peer, code, sub_code, NULL, 0);
664 }
665
666 /* Send route refresh message to the peer. */
667 void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi,
668 u_char orf_type, u_char when_to_refresh, int remove)
669 {
670 struct stream *s;
671 struct bgp_filter *filter;
672 int orf_refresh = 0;
673 iana_afi_t pkt_afi;
674 safi_t pkt_safi;
675
676 if (DISABLE_BGP_ANNOUNCE)
677 return;
678
679 filter = &peer->filter[afi][safi];
680
681 /* Convert AFI, SAFI to values for packet. */
682 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
683
684 s = stream_new(BGP_MAX_PACKET_SIZE);
685
686 /* Make BGP update packet. */
687 if (CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV))
688 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_NEW);
689 else
690 bgp_packet_set_marker(s, BGP_MSG_ROUTE_REFRESH_OLD);
691
692 /* Encode Route Refresh message. */
693 stream_putw(s, pkt_afi);
694 stream_putc(s, 0);
695 stream_putc(s, pkt_safi);
696
697 if (orf_type == ORF_TYPE_PREFIX || orf_type == ORF_TYPE_PREFIX_OLD)
698 if (remove || filter->plist[FILTER_IN].plist) {
699 u_int16_t orf_len;
700 unsigned long orfp;
701
702 orf_refresh = 1;
703 stream_putc(s, when_to_refresh);
704 stream_putc(s, orf_type);
705 orfp = stream_get_endp(s);
706 stream_putw(s, 0);
707
708 if (remove) {
709 UNSET_FLAG(peer->af_sflags[afi][safi],
710 PEER_STATUS_ORF_PREFIX_SEND);
711 stream_putc(s, ORF_COMMON_PART_REMOVE_ALL);
712 if (bgp_debug_neighbor_events(peer))
713 zlog_debug(
714 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
715 peer->host, orf_type,
716 (when_to_refresh == REFRESH_DEFER
717 ? "defer"
718 : "immediate"),
719 pkt_afi, pkt_safi);
720 } else {
721 SET_FLAG(peer->af_sflags[afi][safi],
722 PEER_STATUS_ORF_PREFIX_SEND);
723 prefix_bgp_orf_entry(
724 s, filter->plist[FILTER_IN].plist,
725 ORF_COMMON_PART_ADD,
726 ORF_COMMON_PART_PERMIT,
727 ORF_COMMON_PART_DENY);
728 if (bgp_debug_neighbor_events(peer))
729 zlog_debug(
730 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
731 peer->host, orf_type,
732 (when_to_refresh == REFRESH_DEFER
733 ? "defer"
734 : "immediate"),
735 pkt_afi, pkt_safi);
736 }
737
738 /* Total ORF Entry Len. */
739 orf_len = stream_get_endp(s) - orfp - 2;
740 stream_putw_at(s, orfp, orf_len);
741 }
742
743 /* Set packet size. */
744 (void)bgp_packet_set_size(s);
745
746 if (bgp_debug_neighbor_events(peer)) {
747 if (!orf_refresh)
748 zlog_debug("%s sending REFRESH_REQ for afi/safi: %d/%d",
749 peer->host, pkt_afi, pkt_safi);
750 }
751
752 /* Add packet to the peer. */
753 bgp_packet_add(peer, s);
754
755 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
756 }
757
758 /* Send capability message to the peer. */
759 void bgp_capability_send(struct peer *peer, afi_t afi, safi_t safi,
760 int capability_code, int action)
761 {
762 struct stream *s;
763 iana_afi_t pkt_afi;
764 safi_t pkt_safi;
765
766 /* Convert AFI, SAFI to values for packet. */
767 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
768
769 s = stream_new(BGP_MAX_PACKET_SIZE);
770
771 /* Make BGP update packet. */
772 bgp_packet_set_marker(s, BGP_MSG_CAPABILITY);
773
774 /* Encode MP_EXT capability. */
775 if (capability_code == CAPABILITY_CODE_MP) {
776 stream_putc(s, action);
777 stream_putc(s, CAPABILITY_CODE_MP);
778 stream_putc(s, CAPABILITY_CODE_MP_LEN);
779 stream_putw(s, pkt_afi);
780 stream_putc(s, 0);
781 stream_putc(s, pkt_safi);
782
783 if (bgp_debug_neighbor_events(peer))
784 zlog_debug(
785 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
786 peer->host,
787 action == CAPABILITY_ACTION_SET ? "Advertising"
788 : "Removing",
789 pkt_afi, pkt_safi);
790 }
791
792 /* Set packet size. */
793 (void)bgp_packet_set_size(s);
794
795 /* Add packet to the peer. */
796 bgp_packet_add(peer, s);
797
798 BGP_WRITE_ON(peer->t_write, bgp_write, peer->fd);
799 }
800
801 /* RFC1771 6.8 Connection collision detection. */
802 static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
803 {
804 struct peer *peer;
805
806 /* Upon receipt of an OPEN message, the local system must examine
807 all of its connections that are in the OpenConfirm state. A BGP
808 speaker may also examine connections in an OpenSent state if it
809 knows the BGP Identifier of the peer by means outside of the
810 protocol. If among these connections there is a connection to a
811 remote BGP speaker whose BGP Identifier equals the one in the
812 OPEN message, then the local system performs the following
813 collision resolution procedure: */
814
815 if ((peer = new->doppelganger) != NULL) {
816 /* Do not accept the new connection in Established or Clearing
817 * states.
818 * Note that a peer GR is handled by closing the existing
819 * connection
820 * upon receipt of new one.
821 */
822 if (peer->status == Established || peer->status == Clearing) {
823 bgp_notify_send(new, BGP_NOTIFY_CEASE,
824 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
825 return (-1);
826 } else if ((peer->status == OpenConfirm)
827 || (peer->status == OpenSent)) {
828 /* 1. The BGP Identifier of the local system is compared
829 to
830 the BGP Identifier of the remote system (as specified
831 in
832 the OPEN message). */
833
834 if (ntohl(peer->local_id.s_addr)
835 < ntohl(remote_id.s_addr))
836 if (!CHECK_FLAG(peer->sflags,
837 PEER_STATUS_ACCEPT_PEER)) {
838 /* 2. If the value of the local BGP
839 Identifier is less
840 than the remote one, the local system
841 closes BGP
842 connection that already exists (the
843 one that is
844 already in the OpenConfirm state),
845 and accepts BGP
846 connection initiated by the remote
847 system. */
848 bgp_notify_send(
849 peer, BGP_NOTIFY_CEASE,
850 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
851 return 1;
852 } else {
853 bgp_notify_send(
854 new, BGP_NOTIFY_CEASE,
855 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
856 return -1;
857 }
858 else {
859 /* 3. Otherwise, the local system closes newly
860 created
861 BGP connection (the one associated with the
862 newly
863 received OPEN message), and continues to use
864 the
865 existing one (the one that is already in the
866 OpenConfirm state). */
867 if (CHECK_FLAG(peer->sflags,
868 PEER_STATUS_ACCEPT_PEER)) {
869 bgp_notify_send(
870 peer, BGP_NOTIFY_CEASE,
871 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
872 return 1;
873 } else {
874 bgp_notify_send(
875 new, BGP_NOTIFY_CEASE,
876 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION);
877 return -1;
878 }
879 }
880 }
881 }
882 return 0;
883 }
884
885 static int bgp_open_receive(struct peer *peer, bgp_size_t size)
886 {
887 int ret;
888 u_char version;
889 u_char optlen;
890 u_int16_t holdtime;
891 u_int16_t send_holdtime;
892 as_t remote_as;
893 as_t as4 = 0;
894 struct in_addr remote_id;
895 int mp_capability;
896 u_int8_t notify_data_remote_as[2];
897 u_int8_t notify_data_remote_as4[4];
898 u_int8_t notify_data_remote_id[4];
899 u_int16_t *holdtime_ptr;
900
901 /* Parse open packet. */
902 version = stream_getc(peer->ibuf);
903 memcpy(notify_data_remote_as, stream_pnt(peer->ibuf), 2);
904 remote_as = stream_getw(peer->ibuf);
905 holdtime_ptr = (u_int16_t *)stream_pnt(peer->ibuf);
906 holdtime = stream_getw(peer->ibuf);
907 memcpy(notify_data_remote_id, stream_pnt(peer->ibuf), 4);
908 remote_id.s_addr = stream_get_ipv4(peer->ibuf);
909
910 /* Receive OPEN message log */
911 if (bgp_debug_neighbor_events(peer))
912 zlog_debug(
913 "%s rcv OPEN, version %d, remote-as (in open) %u,"
914 " holdtime %d, id %s",
915 peer->host, version, remote_as, holdtime,
916 inet_ntoa(remote_id));
917
918 /* BEGIN to read the capability here, but dont do it yet */
919 mp_capability = 0;
920 optlen = stream_getc(peer->ibuf);
921
922 if (optlen != 0) {
923 /* If not enough bytes, it is an error. */
924 if (STREAM_READABLE(peer->ibuf) < optlen) {
925 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
926 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
927 return -1;
928 }
929
930 /* We need the as4 capability value *right now* because
931 * if it is there, we have not got the remote_as yet, and
932 * without
933 * that we do not know which peer is connecting to us now.
934 */
935 as4 = peek_for_as4_capability(peer, optlen);
936 memcpy(notify_data_remote_as4, &as4, 4);
937 }
938
939 /* Just in case we have a silly peer who sends AS4 capability set to 0
940 */
941 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV) && !as4) {
942 zlog_err("%s bad OPEN, got AS4 capability, but AS4 set to 0",
943 peer->host);
944 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
945 BGP_NOTIFY_OPEN_BAD_PEER_AS,
946 notify_data_remote_as4, 4);
947 return -1;
948 }
949
950 if (remote_as == BGP_AS_TRANS) {
951 /* Take the AS4 from the capability. We must have received the
952 * capability now! Otherwise we have a asn16 peer who uses
953 * BGP_AS_TRANS, for some unknown reason.
954 */
955 if (as4 == BGP_AS_TRANS) {
956 zlog_err(
957 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
958 peer->host);
959 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
960 BGP_NOTIFY_OPEN_BAD_PEER_AS,
961 notify_data_remote_as4, 4);
962 return -1;
963 }
964
965 if (!as4 && BGP_DEBUG(as4, AS4))
966 zlog_debug(
967 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
968 " Odd, but proceeding.",
969 peer->host);
970 else if (as4 < BGP_AS_MAX && BGP_DEBUG(as4, AS4))
971 zlog_debug(
972 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
973 "in 2-bytes, very odd peer.",
974 peer->host, as4);
975 if (as4)
976 remote_as = as4;
977 } else {
978 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
979 */
980 /* If we have got the capability, peer->as4cap must match
981 * remote_as */
982 if (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)
983 && as4 != remote_as) {
984 /* raise error, log this, close session */
985 zlog_err(
986 "%s bad OPEN, got AS4 capability, but remote_as %u"
987 " mismatch with 16bit 'myasn' %u in open",
988 peer->host, as4, remote_as);
989 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
990 BGP_NOTIFY_OPEN_BAD_PEER_AS,
991 notify_data_remote_as4, 4);
992 return -1;
993 }
994 }
995
996 /* remote router-id check. */
997 if (remote_id.s_addr == 0 || IPV4_CLASS_DE(ntohl(remote_id.s_addr))
998 || ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)) {
999 if (bgp_debug_neighbor_events(peer))
1000 zlog_debug("%s bad OPEN, wrong router identifier %s",
1001 peer->host, inet_ntoa(remote_id));
1002 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1003 BGP_NOTIFY_OPEN_BAD_BGP_IDENT,
1004 notify_data_remote_id, 4);
1005 return -1;
1006 }
1007
1008 /* Set remote router-id */
1009 peer->remote_id = remote_id;
1010
1011 /* Peer BGP version check. */
1012 if (version != BGP_VERSION_4) {
1013 u_int16_t maxver = htons(BGP_VERSION_4);
1014 /* XXX this reply may not be correct if version < 4 XXX */
1015 if (bgp_debug_neighbor_events(peer))
1016 zlog_debug(
1017 "%s bad protocol version, remote requested %d, local request %d",
1018 peer->host, version, BGP_VERSION_4);
1019 /* Data must be in network byte order here */
1020 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1021 BGP_NOTIFY_OPEN_UNSUP_VERSION,
1022 (u_int8_t *)&maxver, 2);
1023 return -1;
1024 }
1025
1026 /* Check neighbor as number. */
1027 if (peer->as_type == AS_UNSPECIFIED) {
1028 if (bgp_debug_neighbor_events(peer))
1029 zlog_debug(
1030 "%s bad OPEN, remote AS is unspecified currently",
1031 peer->host);
1032 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1033 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1034 notify_data_remote_as, 2);
1035 return -1;
1036 } else if (peer->as_type == AS_INTERNAL) {
1037 if (remote_as != peer->bgp->as) {
1038 if (bgp_debug_neighbor_events(peer))
1039 zlog_debug(
1040 "%s bad OPEN, remote AS is %u, internal specified",
1041 peer->host, remote_as);
1042 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1043 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1044 notify_data_remote_as, 2);
1045 return -1;
1046 }
1047 peer->as = peer->local_as;
1048 } else if (peer->as_type == AS_EXTERNAL) {
1049 if (remote_as == peer->bgp->as) {
1050 if (bgp_debug_neighbor_events(peer))
1051 zlog_debug(
1052 "%s bad OPEN, remote AS is %u, external specified",
1053 peer->host, remote_as);
1054 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1055 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1056 notify_data_remote_as, 2);
1057 return -1;
1058 }
1059 peer->as = remote_as;
1060 } else if ((peer->as_type == AS_SPECIFIED) && (remote_as != peer->as)) {
1061 if (bgp_debug_neighbor_events(peer))
1062 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1063 peer->host, remote_as, peer->as);
1064 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1065 BGP_NOTIFY_OPEN_BAD_PEER_AS,
1066 notify_data_remote_as, 2);
1067 return -1;
1068 }
1069
1070 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1071 calculate the value of the Hold Timer by using the smaller of its
1072 configured Hold Time and the Hold Time received in the OPEN message.
1073 The Hold Time MUST be either zero or at least three seconds. An
1074 implementation may reject connections on the basis of the Hold Time.
1075 */
1076
1077 if (holdtime < 3 && holdtime != 0) {
1078 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1079 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
1080 (u_char *)holdtime_ptr, 2);
1081 return -1;
1082 }
1083
1084 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1085 would be one third of the Hold Time interval. KEEPALIVE messages
1086 MUST NOT be sent more frequently than one per second. An
1087 implementation MAY adjust the rate at which it sends KEEPALIVE
1088 messages as a function of the Hold Time interval. */
1089
1090 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
1091 send_holdtime = peer->holdtime;
1092 else
1093 send_holdtime = peer->bgp->default_holdtime;
1094
1095 if (holdtime < send_holdtime)
1096 peer->v_holdtime = holdtime;
1097 else
1098 peer->v_holdtime = send_holdtime;
1099
1100 if (CHECK_FLAG(peer->config, PEER_CONFIG_TIMER))
1101 peer->v_keepalive = peer->keepalive;
1102 else
1103 peer->v_keepalive = peer->v_holdtime / 3;
1104
1105 /* Open option part parse. */
1106 if (optlen != 0) {
1107 if ((ret = bgp_open_option_parse(peer, optlen, &mp_capability))
1108 < 0)
1109 return ret;
1110 } else {
1111 if (bgp_debug_neighbor_events(peer))
1112 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1113 peer->host);
1114 }
1115
1116 /*
1117 * Assume that the peer supports the locally configured set of
1118 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1119 * capabilities, or if 'override-capability' is configured.
1120 */
1121 if (!mp_capability
1122 || CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1123 peer->afc_nego[AFI_IP][SAFI_UNICAST] =
1124 peer->afc[AFI_IP][SAFI_UNICAST];
1125 peer->afc_nego[AFI_IP][SAFI_MULTICAST] =
1126 peer->afc[AFI_IP][SAFI_MULTICAST];
1127 peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST] =
1128 peer->afc[AFI_IP][SAFI_LABELED_UNICAST];
1129 peer->afc_nego[AFI_IP6][SAFI_UNICAST] =
1130 peer->afc[AFI_IP6][SAFI_UNICAST];
1131 peer->afc_nego[AFI_IP6][SAFI_MULTICAST] =
1132 peer->afc[AFI_IP6][SAFI_MULTICAST];
1133 peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST] =
1134 peer->afc[AFI_IP6][SAFI_LABELED_UNICAST];
1135 peer->afc_nego[AFI_L2VPN][SAFI_EVPN] =
1136 peer->afc[AFI_L2VPN][SAFI_EVPN];
1137 }
1138
1139 /* When collision is detected and this peer is closed. Retrun
1140 immidiately. */
1141 ret = bgp_collision_detect(peer, remote_id);
1142 if (ret < 0)
1143 return ret;
1144
1145 /* Get sockname. */
1146 if ((ret = bgp_getsockname(peer)) < 0) {
1147 zlog_err("%s: bgp_getsockname() failed for peer: %s",
1148 __FUNCTION__, peer->host);
1149 return (ret);
1150 }
1151
1152 /* Verify valid local address present based on negotiated
1153 * address-families. */
1154 if (peer->afc_nego[AFI_IP][SAFI_UNICAST]
1155 || peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1156 || peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1157 || peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1158 || peer->afc_nego[AFI_IP][SAFI_ENCAP]) {
1159 if (!peer->nexthop.v4.s_addr) {
1160 #if defined(HAVE_CUMULUS)
1161 zlog_err(
1162 "%s: No local IPv4 addr resetting connection, fd %d",
1163 peer->host, peer->fd);
1164 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1165 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1166 return -1;
1167 #endif
1168 }
1169 }
1170 if (peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1171 || peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1172 || peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1173 || peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1174 || peer->afc_nego[AFI_IP6][SAFI_ENCAP]) {
1175 if (IN6_IS_ADDR_UNSPECIFIED(&peer->nexthop.v6_global)) {
1176 #if defined(HAVE_CUMULUS)
1177 zlog_err(
1178 "%s: No local IPv6 addr resetting connection, fd %d",
1179 peer->host, peer->fd);
1180 bgp_notify_send(peer, BGP_NOTIFY_CEASE,
1181 BGP_NOTIFY_SUBCODE_UNSPECIFIC);
1182 return -1;
1183 #endif
1184 }
1185 }
1186 peer->rtt = sockopt_tcp_rtt(peer->fd);
1187
1188 if ((ret = bgp_event_update(peer, Receive_OPEN_message)) < 0) {
1189 zlog_err("%s: BGP event update failed for peer: %s",
1190 __FUNCTION__, peer->host);
1191 /* DD: bgp send notify and reset state */
1192 return (ret);
1193 }
1194
1195 peer->packet_size = 0;
1196 if (peer->ibuf)
1197 stream_reset(peer->ibuf);
1198
1199 return 0;
1200 }
1201
1202 /* Called when there is a change in the EOR(implicit or explicit) status of a
1203 peer.
1204 Ends the update-delay if all expected peers are done with EORs. */
1205 void bgp_check_update_delay(struct bgp *bgp)
1206 {
1207 struct listnode *node, *nnode;
1208 struct peer *peer = NULL;
1209
1210 if (bgp_debug_neighbor_events(peer))
1211 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
1212 bgp->established, bgp->restarted_peers,
1213 bgp->implicit_eors, bgp->explicit_eors);
1214
1215 if (bgp->established
1216 <= bgp->restarted_peers + bgp->implicit_eors + bgp->explicit_eors) {
1217 /* This is an extra sanity check to make sure we wait for all
1218 the
1219 eligible configured peers. This check is performed if
1220 establish wait
1221 timer is on, or establish wait option is not given with the
1222 update-delay command */
1223 if (bgp->t_establish_wait
1224 || (bgp->v_establish_wait == bgp->v_update_delay))
1225 for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
1226 if (CHECK_FLAG(peer->flags,
1227 PEER_FLAG_CONFIG_NODE)
1228 && !CHECK_FLAG(peer->flags,
1229 PEER_FLAG_SHUTDOWN)
1230 && !peer->update_delay_over) {
1231 if (bgp_debug_neighbor_events(peer))
1232 zlog_debug(
1233 " Peer %s pending, continuing read-only mode",
1234 peer->host);
1235 return;
1236 }
1237 }
1238
1239 zlog_info(
1240 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
1241 bgp->restarted_peers, bgp->implicit_eors,
1242 bgp->explicit_eors);
1243 bgp_update_delay_end(bgp);
1244 }
1245 }
1246
1247 /* Called if peer is known to have restarted. The restart-state bit in
1248 Graceful-Restart capability is used for that */
1249 void bgp_update_restarted_peers(struct peer *peer)
1250 {
1251 if (!bgp_update_delay_active(peer->bgp))
1252 return; /* BGP update delay has ended */
1253 if (peer->update_delay_over)
1254 return; /* This peer has already been considered */
1255
1256 if (bgp_debug_neighbor_events(peer))
1257 zlog_debug("Peer %s: Checking restarted", peer->host);
1258
1259 if (peer->status == Established) {
1260 peer->update_delay_over = 1;
1261 peer->bgp->restarted_peers++;
1262 bgp_check_update_delay(peer->bgp);
1263 }
1264 }
1265
1266 /* Called as peer receives a keep-alive. Determines if this occurence can be
1267 taken as an implicit EOR for this peer.
1268 NOTE: The very first keep-alive after the Established state of a peer is
1269 considered implicit EOR for the update-delay purposes */
1270 void bgp_update_implicit_eors(struct peer *peer)
1271 {
1272 if (!bgp_update_delay_active(peer->bgp))
1273 return; /* BGP update delay has ended */
1274 if (peer->update_delay_over)
1275 return; /* This peer has already been considered */
1276
1277 if (bgp_debug_neighbor_events(peer))
1278 zlog_debug("Peer %s: Checking implicit EORs", peer->host);
1279
1280 if (peer->status == Established) {
1281 peer->update_delay_over = 1;
1282 peer->bgp->implicit_eors++;
1283 bgp_check_update_delay(peer->bgp);
1284 }
1285 }
1286
1287 /* Should be called only when there is a change in the EOR_RECEIVED status
1288 for any afi/safi on a peer */
1289 static void bgp_update_explicit_eors(struct peer *peer)
1290 {
1291 afi_t afi;
1292 safi_t safi;
1293
1294 if (!bgp_update_delay_active(peer->bgp))
1295 return; /* BGP update delay has ended */
1296 if (peer->update_delay_over)
1297 return; /* This peer has already been considered */
1298
1299 if (bgp_debug_neighbor_events(peer))
1300 zlog_debug("Peer %s: Checking explicit EORs", peer->host);
1301
1302 for (afi = AFI_IP; afi < AFI_MAX; afi++)
1303 for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) {
1304 if (peer->afc_nego[afi][safi]
1305 && !CHECK_FLAG(peer->af_sflags[afi][safi],
1306 PEER_STATUS_EOR_RECEIVED)) {
1307 if (bgp_debug_neighbor_events(peer))
1308 zlog_debug(
1309 " afi %d safi %d didnt receive EOR",
1310 afi, safi);
1311 return;
1312 }
1313 }
1314
1315 peer->update_delay_over = 1;
1316 peer->bgp->explicit_eors++;
1317 bgp_check_update_delay(peer->bgp);
1318 }
1319
1320 /* Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers
1321 * mp_withdraw, if set, is used to nullify attr structure on most of the calling
1322 * safi function
1323 * and for evpn, passed as parameter
1324 */
1325 int bgp_nlri_parse(struct peer *peer, struct attr *attr,
1326 struct bgp_nlri *packet, int mp_withdraw)
1327 {
1328 switch (packet->safi) {
1329 case SAFI_UNICAST:
1330 case SAFI_MULTICAST:
1331 return bgp_nlri_parse_ip(peer, mp_withdraw ? NULL : attr,
1332 packet);
1333 case SAFI_LABELED_UNICAST:
1334 return bgp_nlri_parse_label(peer, mp_withdraw ? NULL : attr,
1335 packet);
1336 case SAFI_MPLS_VPN:
1337 return bgp_nlri_parse_vpn(peer, mp_withdraw ? NULL : attr,
1338 packet);
1339 case SAFI_EVPN:
1340 return bgp_nlri_parse_evpn(peer, attr, packet, mp_withdraw);
1341 }
1342 return -1;
1343 }
1344
1345 /* Parse BGP Update packet and make attribute object. */
1346 static int bgp_update_receive(struct peer *peer, bgp_size_t size)
1347 {
1348 int ret, nlri_ret;
1349 u_char *end;
1350 struct stream *s;
1351 struct attr attr;
1352 bgp_size_t attribute_len;
1353 bgp_size_t update_len;
1354 bgp_size_t withdraw_len;
1355
1356 enum NLRI_TYPES {
1357 NLRI_UPDATE,
1358 NLRI_WITHDRAW,
1359 NLRI_MP_UPDATE,
1360 NLRI_MP_WITHDRAW,
1361 NLRI_TYPE_MAX
1362 };
1363 struct bgp_nlri nlris[NLRI_TYPE_MAX];
1364
1365 /* Status must be Established. */
1366 if (peer->status != Established) {
1367 zlog_err("%s [FSM] Update packet received under status %s",
1368 peer->host,
1369 lookup_msg(bgp_status_msg, peer->status, NULL));
1370 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
1371 return -1;
1372 }
1373
1374 /* Set initial values. */
1375 memset(&attr, 0, sizeof(struct attr));
1376 attr.label_index = BGP_INVALID_LABEL_INDEX;
1377 attr.label = MPLS_INVALID_LABEL;
1378 memset(&nlris, 0, sizeof(nlris));
1379 memset(peer->rcvd_attr_str, 0, BUFSIZ);
1380 peer->rcvd_attr_printed = 0;
1381
1382 s = peer->ibuf;
1383 end = stream_pnt(s) + size;
1384
1385 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1386 Length is too large (i.e., if Unfeasible Routes Length + Total
1387 Attribute Length + 23 exceeds the message Length), then the Error
1388 Subcode is set to Malformed Attribute List. */
1389 if (stream_pnt(s) + 2 > end) {
1390 zlog_err(
1391 "%s [Error] Update packet error"
1392 " (packet length is short for unfeasible length)",
1393 peer->host);
1394 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1395 BGP_NOTIFY_UPDATE_MAL_ATTR);
1396 return -1;
1397 }
1398
1399 /* Unfeasible Route Length. */
1400 withdraw_len = stream_getw(s);
1401
1402 /* Unfeasible Route Length check. */
1403 if (stream_pnt(s) + withdraw_len > end) {
1404 zlog_err(
1405 "%s [Error] Update packet error"
1406 " (packet unfeasible length overflow %d)",
1407 peer->host, withdraw_len);
1408 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1409 BGP_NOTIFY_UPDATE_MAL_ATTR);
1410 return -1;
1411 }
1412
1413 /* Unfeasible Route packet format check. */
1414 if (withdraw_len > 0) {
1415 nlris[NLRI_WITHDRAW].afi = AFI_IP;
1416 nlris[NLRI_WITHDRAW].safi = SAFI_UNICAST;
1417 nlris[NLRI_WITHDRAW].nlri = stream_pnt(s);
1418 nlris[NLRI_WITHDRAW].length = withdraw_len;
1419 stream_forward_getp(s, withdraw_len);
1420 }
1421
1422 /* Attribute total length check. */
1423 if (stream_pnt(s) + 2 > end) {
1424 zlog_warn(
1425 "%s [Error] Packet Error"
1426 " (update packet is short for attribute length)",
1427 peer->host);
1428 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1429 BGP_NOTIFY_UPDATE_MAL_ATTR);
1430 return -1;
1431 }
1432
1433 /* Fetch attribute total length. */
1434 attribute_len = stream_getw(s);
1435
1436 /* Attribute length check. */
1437 if (stream_pnt(s) + attribute_len > end) {
1438 zlog_warn(
1439 "%s [Error] Packet Error"
1440 " (update packet attribute length overflow %d)",
1441 peer->host, attribute_len);
1442 bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
1443 BGP_NOTIFY_UPDATE_MAL_ATTR);
1444 return -1;
1445 }
1446
1447 /* Certain attribute parsing errors should not be considered bad enough
1448 * to reset the session for, most particularly any partial/optional
1449 * attributes that have 'tunneled' over speakers that don't understand
1450 * them. Instead we withdraw only the prefix concerned.
1451 *
1452 * Complicates the flow a little though..
1453 */
1454 bgp_attr_parse_ret_t attr_parse_ret = BGP_ATTR_PARSE_PROCEED;
1455 /* This define morphs the update case into a withdraw when lower levels
1456 * have signalled an error condition where this is best.
1457 */
1458 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1459
1460 /* Parse attribute when it exists. */
1461 if (attribute_len) {
1462 attr_parse_ret = bgp_attr_parse(peer, &attr, attribute_len,
1463 &nlris[NLRI_MP_UPDATE],
1464 &nlris[NLRI_MP_WITHDRAW]);
1465 if (attr_parse_ret == BGP_ATTR_PARSE_ERROR) {
1466 bgp_attr_unintern_sub(&attr);
1467 return -1;
1468 }
1469 }
1470
1471 /* Logging the attribute. */
1472 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW
1473 || BGP_DEBUG(update, UPDATE_IN)
1474 || BGP_DEBUG(update, UPDATE_PREFIX)) {
1475 ret = bgp_dump_attr(&attr, peer->rcvd_attr_str, BUFSIZ);
1476
1477 if (attr_parse_ret == BGP_ATTR_PARSE_WITHDRAW)
1478 zlog_err(
1479 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1480 peer->host);
1481
1482 if (ret && bgp_debug_update(peer, NULL, NULL, 1)) {
1483 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer->host,
1484 peer->rcvd_attr_str);
1485 peer->rcvd_attr_printed = 1;
1486 }
1487 }
1488
1489 /* Network Layer Reachability Information. */
1490 update_len = end - stream_pnt(s);
1491
1492 if (update_len) {
1493 /* Set NLRI portion to structure. */
1494 nlris[NLRI_UPDATE].afi = AFI_IP;
1495 nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
1496 nlris[NLRI_UPDATE].nlri = stream_pnt(s);
1497 nlris[NLRI_UPDATE].length = update_len;
1498 stream_forward_getp(s, update_len);
1499 }
1500
1501 if (BGP_DEBUG(update, UPDATE_IN))
1502 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1503 peer->host, withdraw_len, attribute_len, update_len);
1504
1505 /* Parse any given NLRIs */
1506 for (int i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) {
1507 if (!nlris[i].nlri)
1508 continue;
1509
1510 /* NLRI is processed iff the peer if configured for the specific
1511 * afi/safi */
1512 if (!peer->afc[nlris[i].afi][nlris[i].safi]) {
1513 zlog_info(
1514 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1515 peer->host, nlris[i].afi, nlris[i].safi);
1516 continue;
1517 }
1518
1519 /* EoR handled later */
1520 if (nlris[i].length == 0)
1521 continue;
1522
1523 switch (i) {
1524 case NLRI_UPDATE:
1525 case NLRI_MP_UPDATE:
1526 nlri_ret = bgp_nlri_parse(peer, NLRI_ATTR_ARG,
1527 &nlris[i], 0);
1528 break;
1529 case NLRI_WITHDRAW:
1530 case NLRI_MP_WITHDRAW:
1531 nlri_ret = bgp_nlri_parse(peer, &attr, &nlris[i], 1);
1532 break;
1533 default:
1534 nlri_ret = -1;
1535 }
1536
1537 if (nlri_ret < 0) {
1538 zlog_err("%s [Error] Error parsing NLRI", peer->host);
1539 if (peer->status == Established)
1540 bgp_notify_send(
1541 peer, BGP_NOTIFY_UPDATE_ERR,
1542 i <= NLRI_WITHDRAW
1543 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1544 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR);
1545 bgp_attr_unintern_sub(&attr);
1546 return -1;
1547 }
1548 }
1549
1550 /* EoR checks
1551 *
1552 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1553 * and MP EoR should have only an empty MP_UNREACH
1554 */
1555 if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) {
1556 afi_t afi = 0;
1557 safi_t safi;
1558
1559 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1560 * checked
1561 * update and withdraw NLRI lengths are 0.
1562 */
1563 if (!attribute_len) {
1564 afi = AFI_IP;
1565 safi = SAFI_UNICAST;
1566 } else if (attr.flag & ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)
1567 && nlris[NLRI_MP_WITHDRAW].length == 0) {
1568 afi = nlris[NLRI_MP_WITHDRAW].afi;
1569 safi = nlris[NLRI_MP_WITHDRAW].safi;
1570 }
1571
1572 if (afi && peer->afc[afi][safi]) {
1573 /* End-of-RIB received */
1574 if (!CHECK_FLAG(peer->af_sflags[afi][safi],
1575 PEER_STATUS_EOR_RECEIVED)) {
1576 SET_FLAG(peer->af_sflags[afi][safi],
1577 PEER_STATUS_EOR_RECEIVED);
1578 bgp_update_explicit_eors(peer);
1579 }
1580
1581 /* NSF delete stale route */
1582 if (peer->nsf[afi][safi])
1583 bgp_clear_stale_route(peer, afi, safi);
1584
1585 if (bgp_debug_neighbor_events(peer)) {
1586 zlog_debug("rcvd End-of-RIB for %s from %s",
1587 afi_safi_print(afi, safi),
1588 peer->host);
1589 }
1590 }
1591 }
1592
1593 /* Everything is done. We unintern temporary structures which
1594 interned in bgp_attr_parse(). */
1595 bgp_attr_unintern_sub(&attr);
1596
1597 /* If peering is stopped due to some reason, do not generate BGP
1598 event. */
1599 if (peer->status != Established)
1600 return 0;
1601
1602 /* Increment packet counter. */
1603 peer->update_in++;
1604 peer->update_time = bgp_clock();
1605
1606 /* Rearm holdtime timer */
1607 BGP_TIMER_OFF(peer->t_holdtime);
1608 bgp_timer_set(peer);
1609
1610 return 0;
1611 }
1612
1613 /* Notify message treatment function. */
1614 static void bgp_notify_receive(struct peer *peer, bgp_size_t size)
1615 {
1616 struct bgp_notify bgp_notify;
1617
1618 if (peer->notify.data) {
1619 XFREE(MTYPE_TMP, peer->notify.data);
1620 peer->notify.data = NULL;
1621 peer->notify.length = 0;
1622 }
1623
1624 bgp_notify.code = stream_getc(peer->ibuf);
1625 bgp_notify.subcode = stream_getc(peer->ibuf);
1626 bgp_notify.length = size - 2;
1627 bgp_notify.data = NULL;
1628
1629 /* Preserv notify code and sub code. */
1630 peer->notify.code = bgp_notify.code;
1631 peer->notify.subcode = bgp_notify.subcode;
1632 /* For further diagnostic record returned Data. */
1633 if (bgp_notify.length) {
1634 peer->notify.length = size - 2;
1635 peer->notify.data = XMALLOC(MTYPE_TMP, size - 2);
1636 memcpy(peer->notify.data, stream_pnt(peer->ibuf), size - 2);
1637 }
1638
1639 /* For debug */
1640 {
1641 int i;
1642 int first = 0;
1643 char c[4];
1644
1645 if (bgp_notify.length) {
1646 bgp_notify.data =
1647 XMALLOC(MTYPE_TMP, bgp_notify.length * 3);
1648 for (i = 0; i < bgp_notify.length; i++)
1649 if (first) {
1650 sprintf(c, " %02x",
1651 stream_getc(peer->ibuf));
1652 strcat(bgp_notify.data, c);
1653 } else {
1654 first = 1;
1655 sprintf(c, "%02x",
1656 stream_getc(peer->ibuf));
1657 strcpy(bgp_notify.data, c);
1658 }
1659 bgp_notify.raw_data = (u_char *)peer->notify.data;
1660 }
1661
1662 bgp_notify_print(peer, &bgp_notify, "received");
1663 if (bgp_notify.data) {
1664 XFREE(MTYPE_TMP, bgp_notify.data);
1665 bgp_notify.data = NULL;
1666 bgp_notify.length = 0;
1667 }
1668 }
1669
1670 /* peer count update */
1671 peer->notify_in++;
1672
1673 peer->last_reset = PEER_DOWN_NOTIFY_RECEIVED;
1674
1675 /* We have to check for Notify with Unsupported Optional Parameter.
1676 in that case we fallback to open without the capability option.
1677 But this done in bgp_stop. We just mark it here to avoid changing
1678 the fsm tables. */
1679 if (bgp_notify.code == BGP_NOTIFY_OPEN_ERR
1680 && bgp_notify.subcode == BGP_NOTIFY_OPEN_UNSUP_PARAM)
1681 UNSET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
1682
1683 BGP_EVENT_ADD(peer, Receive_NOTIFICATION_message);
1684 }
1685
1686 /* Keepalive treatment function -- get keepalive send keepalive */
1687 static void bgp_keepalive_receive(struct peer *peer, bgp_size_t size)
1688 {
1689 if (bgp_debug_keepalive(peer))
1690 zlog_debug("%s KEEPALIVE rcvd", peer->host);
1691
1692 BGP_EVENT_ADD(peer, Receive_KEEPALIVE_message);
1693 }
1694
1695 /* Route refresh message is received. */
1696 static void bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
1697 {
1698 iana_afi_t pkt_afi;
1699 afi_t afi;
1700 safi_t pkt_safi, safi;
1701 struct stream *s;
1702 struct peer_af *paf;
1703 struct update_group *updgrp;
1704 struct peer *updgrp_peer;
1705
1706 /* If peer does not have the capability, send notification. */
1707 if (!CHECK_FLAG(peer->cap, PEER_CAP_REFRESH_ADV)) {
1708 zlog_err("%s [Error] BGP route refresh is not enabled",
1709 peer->host);
1710 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
1711 BGP_NOTIFY_HEADER_BAD_MESTYPE);
1712 return;
1713 }
1714
1715 /* Status must be Established. */
1716 if (peer->status != Established) {
1717 zlog_err(
1718 "%s [Error] Route refresh packet received under status %s",
1719 peer->host,
1720 lookup_msg(bgp_status_msg, peer->status, NULL));
1721 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
1722 return;
1723 }
1724
1725 s = peer->ibuf;
1726
1727 /* Parse packet. */
1728 pkt_afi = stream_getw(s);
1729 (void)stream_getc(s);
1730 pkt_safi = stream_getc(s);
1731
1732 if (bgp_debug_update(peer, NULL, NULL, 0))
1733 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1734 peer->host, pkt_afi, pkt_safi);
1735
1736 /* Convert AFI, SAFI to internal values and check. */
1737 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
1738 zlog_info(
1739 "%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1740 peer->host, pkt_afi, pkt_safi);
1741 return;
1742 }
1743
1744 if (size != BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE) {
1745 u_char *end;
1746 u_char when_to_refresh;
1747 u_char orf_type;
1748 u_int16_t orf_len;
1749
1750 if (size - (BGP_MSG_ROUTE_REFRESH_MIN_SIZE - BGP_HEADER_SIZE)
1751 < 5) {
1752 zlog_info("%s ORF route refresh length error",
1753 peer->host);
1754 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1755 return;
1756 }
1757
1758 when_to_refresh = stream_getc(s);
1759 end = stream_pnt(s) + (size - 5);
1760
1761 while ((stream_pnt(s) + 2) < end) {
1762 orf_type = stream_getc(s);
1763 orf_len = stream_getw(s);
1764
1765 /* orf_len in bounds? */
1766 if ((stream_pnt(s) + orf_len) > end)
1767 break; /* XXX: Notify instead?? */
1768 if (orf_type == ORF_TYPE_PREFIX
1769 || orf_type == ORF_TYPE_PREFIX_OLD) {
1770 uint8_t *p_pnt = stream_pnt(s);
1771 uint8_t *p_end = stream_pnt(s) + orf_len;
1772 struct orf_prefix orfp;
1773 u_char common = 0;
1774 u_int32_t seq;
1775 int psize;
1776 char name[BUFSIZ];
1777 int ret = CMD_SUCCESS;
1778
1779 if (bgp_debug_neighbor_events(peer)) {
1780 zlog_debug(
1781 "%s rcvd Prefixlist ORF(%d) length %d",
1782 peer->host, orf_type, orf_len);
1783 }
1784
1785 /* we're going to read at least 1 byte of common
1786 * ORF header,
1787 * and 7 bytes of ORF Address-filter entry from
1788 * the stream
1789 */
1790 if (orf_len < 7)
1791 break;
1792
1793 /* ORF prefix-list name */
1794 sprintf(name, "%s.%d.%d", peer->host, afi,
1795 safi);
1796
1797 while (p_pnt < p_end) {
1798 /* If the ORF entry is malformed, want
1799 * to read as much of it
1800 * as possible without going beyond the
1801 * bounds of the entry,
1802 * to maximise debug information.
1803 */
1804 int ok;
1805 memset(&orfp, 0,
1806 sizeof(struct orf_prefix));
1807 common = *p_pnt++;
1808 /* after ++: p_pnt <= p_end */
1809 if (common
1810 & ORF_COMMON_PART_REMOVE_ALL) {
1811 if (bgp_debug_neighbor_events(
1812 peer))
1813 zlog_debug(
1814 "%s rcvd Remove-All pfxlist ORF request",
1815 peer->host);
1816 prefix_bgp_orf_remove_all(afi,
1817 name);
1818 break;
1819 }
1820 ok = ((u_int32_t)(p_end - p_pnt)
1821 >= sizeof(u_int32_t));
1822 if (ok) {
1823 memcpy(&seq, p_pnt,
1824 sizeof(u_int32_t));
1825 p_pnt += sizeof(u_int32_t);
1826 orfp.seq = ntohl(seq);
1827 } else
1828 p_pnt = p_end;
1829
1830 if ((ok = (p_pnt < p_end)))
1831 orfp.ge =
1832 *p_pnt++; /* value
1833 checked in
1834 prefix_bgp_orf_set()
1835 */
1836 if ((ok = (p_pnt < p_end)))
1837 orfp.le =
1838 *p_pnt++; /* value
1839 checked in
1840 prefix_bgp_orf_set()
1841 */
1842 if ((ok = (p_pnt < p_end)))
1843 orfp.p.prefixlen = *p_pnt++;
1844 orfp.p.family = afi2family(
1845 afi); /* afi checked already */
1846
1847 psize = PSIZE(
1848 orfp.p.prefixlen); /* 0 if not
1849 ok */
1850 if (psize
1851 > prefix_blen(
1852 &orfp.p)) /* valid for
1853 family ? */
1854 {
1855 ok = 0;
1856 psize = prefix_blen(&orfp.p);
1857 }
1858 if (psize
1859 > (p_end - p_pnt)) /* valid for
1860 packet ? */
1861 {
1862 ok = 0;
1863 psize = p_end - p_pnt;
1864 }
1865
1866 if (psize > 0)
1867 memcpy(&orfp.p.u.prefix, p_pnt,
1868 psize);
1869 p_pnt += psize;
1870
1871 if (bgp_debug_neighbor_events(peer)) {
1872 char buf[INET6_BUFSIZ];
1873
1874 zlog_debug(
1875 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1876 peer->host,
1877 (common & ORF_COMMON_PART_REMOVE
1878 ? "Remove"
1879 : "Add"),
1880 (common & ORF_COMMON_PART_DENY
1881 ? "deny"
1882 : "permit"),
1883 orfp.seq,
1884 inet_ntop(
1885 orfp.p.family,
1886 &orfp.p.u.prefix,
1887 buf,
1888 INET6_BUFSIZ),
1889 orfp.p.prefixlen,
1890 orfp.ge, orfp.le,
1891 ok ? "" : " MALFORMED");
1892 }
1893
1894 if (ok)
1895 ret = prefix_bgp_orf_set(
1896 name, afi, &orfp,
1897 (common & ORF_COMMON_PART_DENY
1898 ? 0
1899 : 1),
1900 (common & ORF_COMMON_PART_REMOVE
1901 ? 0
1902 : 1));
1903
1904 if (!ok || (ok && ret != CMD_SUCCESS)) {
1905 zlog_info(
1906 "%s Received misformatted prefixlist ORF."
1907 " Remove All pfxlist",
1908 peer->host);
1909 prefix_bgp_orf_remove_all(afi,
1910 name);
1911 break;
1912 }
1913 }
1914
1915 peer->orf_plist[afi][safi] =
1916 prefix_bgp_orf_lookup(afi, name);
1917 }
1918 stream_forward_getp(s, orf_len);
1919 }
1920 if (bgp_debug_neighbor_events(peer))
1921 zlog_debug("%s rcvd Refresh %s ORF request", peer->host,
1922 when_to_refresh == REFRESH_DEFER
1923 ? "Defer"
1924 : "Immediate");
1925 if (when_to_refresh == REFRESH_DEFER)
1926 return;
1927 }
1928
1929 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1930 if (CHECK_FLAG(peer->af_sflags[afi][safi],
1931 PEER_STATUS_ORF_WAIT_REFRESH))
1932 UNSET_FLAG(peer->af_sflags[afi][safi],
1933 PEER_STATUS_ORF_WAIT_REFRESH);
1934
1935 paf = peer_af_find(peer, afi, safi);
1936 if (paf && paf->subgroup) {
1937 if (peer->orf_plist[afi][safi]) {
1938 updgrp = PAF_UPDGRP(paf);
1939 updgrp_peer = UPDGRP_PEER(updgrp);
1940 updgrp_peer->orf_plist[afi][safi] =
1941 peer->orf_plist[afi][safi];
1942 }
1943
1944 /* If the peer is configured for default-originate clear the
1945 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
1946 * re-advertise the
1947 * default
1948 */
1949 if (CHECK_FLAG(paf->subgroup->sflags,
1950 SUBGRP_STATUS_DEFAULT_ORIGINATE))
1951 UNSET_FLAG(paf->subgroup->sflags,
1952 SUBGRP_STATUS_DEFAULT_ORIGINATE);
1953 }
1954
1955 /* Perform route refreshment to the peer */
1956 bgp_announce_route(peer, afi, safi);
1957 }
1958
1959 static int bgp_capability_msg_parse(struct peer *peer, u_char *pnt,
1960 bgp_size_t length)
1961 {
1962 u_char *end;
1963 struct capability_mp_data mpc;
1964 struct capability_header *hdr;
1965 u_char action;
1966 iana_afi_t pkt_afi;
1967 afi_t afi;
1968 safi_t pkt_safi, safi;
1969
1970 end = pnt + length;
1971
1972 while (pnt < end) {
1973 /* We need at least action, capability code and capability
1974 * length. */
1975 if (pnt + 3 > end) {
1976 zlog_info("%s Capability length error", peer->host);
1977 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1978 return -1;
1979 }
1980 action = *pnt;
1981 hdr = (struct capability_header *)(pnt + 1);
1982
1983 /* Action value check. */
1984 if (action != CAPABILITY_ACTION_SET
1985 && action != CAPABILITY_ACTION_UNSET) {
1986 zlog_info("%s Capability Action Value error %d",
1987 peer->host, action);
1988 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
1989 return -1;
1990 }
1991
1992 if (bgp_debug_neighbor_events(peer))
1993 zlog_debug(
1994 "%s CAPABILITY has action: %d, code: %u, length %u",
1995 peer->host, action, hdr->code, hdr->length);
1996
1997 /* Capability length check. */
1998 if ((pnt + hdr->length + 3) > end) {
1999 zlog_info("%s Capability length error", peer->host);
2000 bgp_notify_send(peer, BGP_NOTIFY_CEASE, 0);
2001 return -1;
2002 }
2003
2004 /* Fetch structure to the byte stream. */
2005 memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
2006
2007 /* We know MP Capability Code. */
2008 if (hdr->code == CAPABILITY_CODE_MP) {
2009 pkt_afi = ntohs(mpc.afi);
2010 pkt_safi = mpc.safi;
2011
2012 /* Ignore capability when override-capability is set. */
2013 if (CHECK_FLAG(peer->flags,
2014 PEER_FLAG_OVERRIDE_CAPABILITY))
2015 continue;
2016
2017 /* Convert AFI, SAFI to internal values. */
2018 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi,
2019 &safi)) {
2020 if (bgp_debug_neighbor_events(peer))
2021 zlog_debug(
2022 "%s Dynamic Capability MP_EXT afi/safi invalid "
2023 "(%u/%u)",
2024 peer->host, pkt_afi, pkt_safi);
2025 continue;
2026 }
2027
2028 /* Address family check. */
2029 if (bgp_debug_neighbor_events(peer))
2030 zlog_debug(
2031 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
2032 peer->host,
2033 action == CAPABILITY_ACTION_SET
2034 ? "Advertising"
2035 : "Removing",
2036 pkt_afi, pkt_safi);
2037
2038 if (action == CAPABILITY_ACTION_SET) {
2039 peer->afc_recv[afi][safi] = 1;
2040 if (peer->afc[afi][safi]) {
2041 peer->afc_nego[afi][safi] = 1;
2042 bgp_announce_route(peer, afi, safi);
2043 }
2044 } else {
2045 peer->afc_recv[afi][safi] = 0;
2046 peer->afc_nego[afi][safi] = 0;
2047
2048 if (peer_active_nego(peer))
2049 bgp_clear_route(peer, afi, safi);
2050 else
2051 BGP_EVENT_ADD(peer, BGP_Stop);
2052 }
2053 } else {
2054 zlog_warn(
2055 "%s unrecognized capability code: %d - ignored",
2056 peer->host, hdr->code);
2057 }
2058 pnt += hdr->length + 3;
2059 }
2060 return 0;
2061 }
2062
2063 /* Dynamic Capability is received.
2064 *
2065 * This is exported for unit-test purposes
2066 */
2067 int bgp_capability_receive(struct peer *peer, bgp_size_t size)
2068 {
2069 u_char *pnt;
2070
2071 /* Fetch pointer. */
2072 pnt = stream_pnt(peer->ibuf);
2073
2074 if (bgp_debug_neighbor_events(peer))
2075 zlog_debug("%s rcv CAPABILITY", peer->host);
2076
2077 /* If peer does not have the capability, send notification. */
2078 if (!CHECK_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV)) {
2079 zlog_err("%s [Error] BGP dynamic capability is not enabled",
2080 peer->host);
2081 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2082 BGP_NOTIFY_HEADER_BAD_MESTYPE);
2083 return -1;
2084 }
2085
2086 /* Status must be Established. */
2087 if (peer->status != Established) {
2088 zlog_err(
2089 "%s [Error] Dynamic capability packet received under status %s",
2090 peer->host,
2091 lookup_msg(bgp_status_msg, peer->status, NULL));
2092 bgp_notify_send(peer, BGP_NOTIFY_FSM_ERR, 0);
2093 return -1;
2094 }
2095
2096 /* Parse packet. */
2097 return bgp_capability_msg_parse(peer, pnt, size);
2098 }
2099
2100 /* BGP read utility function. */
2101 static int bgp_read_packet(struct peer *peer)
2102 {
2103 int nbytes;
2104 int readsize;
2105
2106 readsize = peer->packet_size - stream_get_endp(peer->ibuf);
2107
2108 /* If size is zero then return. */
2109 if (!readsize)
2110 return 0;
2111
2112 /* Read packet from fd. */
2113 nbytes = stream_read_try(peer->ibuf, peer->fd, readsize);
2114
2115 /* If read byte is smaller than zero then error occured. */
2116 if (nbytes < 0) {
2117 /* Transient error should retry */
2118 if (nbytes == -2)
2119 return -1;
2120
2121 zlog_err("%s [Error] bgp_read_packet error: %s", peer->host,
2122 safe_strerror(errno));
2123
2124 if (peer->status == Established) {
2125 if (CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) {
2126 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2127 SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT);
2128 } else
2129 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2130 }
2131
2132 BGP_EVENT_ADD(peer, TCP_fatal_error);
2133 return -1;
2134 }
2135
2136 /* When read byte is zero : clear bgp peer and return */
2137 if (nbytes == 0) {
2138 if (bgp_debug_neighbor_events(peer))
2139 zlog_debug("%s [Event] BGP connection closed fd %d",
2140 peer->host, peer->fd);
2141
2142 if (peer->status == Established) {
2143 if (CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_MODE)) {
2144 peer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
2145 SET_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT);
2146 } else
2147 peer->last_reset = PEER_DOWN_CLOSE_SESSION;
2148 }
2149
2150 BGP_EVENT_ADD(peer, TCP_connection_closed);
2151 return -1;
2152 }
2153
2154 /* We read partial packet. */
2155 if (stream_get_endp(peer->ibuf) != peer->packet_size)
2156 return -1;
2157
2158 return 0;
2159 }
2160
2161 /* Marker check. */
2162 static int bgp_marker_all_one(struct stream *s, int length)
2163 {
2164 int i;
2165
2166 for (i = 0; i < length; i++)
2167 if (s->data[i] != 0xff)
2168 return 0;
2169
2170 return 1;
2171 }
2172
2173 /* Starting point of packet process function. */
2174 int bgp_read(struct thread *thread)
2175 {
2176 int ret;
2177 u_char type = 0;
2178 struct peer *peer;
2179 bgp_size_t size;
2180 char notify_data_length[2];
2181 u_int32_t notify_out;
2182
2183 /* Yes first of all get peer pointer. */
2184 peer = THREAD_ARG(thread);
2185 peer->t_read = NULL;
2186
2187 /* Note notify_out so we can check later to see if we sent another one
2188 */
2189 notify_out = peer->notify_out;
2190
2191 /* For non-blocking IO check. */
2192 if (peer->status == Connect) {
2193 bgp_connect_check(peer, 1);
2194 goto done;
2195 } else {
2196 if (peer->fd < 0) {
2197 zlog_err("bgp_read peer's fd is negative value %d",
2198 peer->fd);
2199 return -1;
2200 }
2201 BGP_READ_ON(peer->t_read, bgp_read, peer->fd);
2202 }
2203
2204 /* Read packet header to determine type of the packet */
2205 if (peer->packet_size == 0)
2206 peer->packet_size = BGP_HEADER_SIZE;
2207
2208 if (stream_get_endp(peer->ibuf) < BGP_HEADER_SIZE) {
2209 ret = bgp_read_packet(peer);
2210
2211 /* Header read error or partial read packet. */
2212 if (ret < 0)
2213 goto done;
2214
2215 /* Get size and type. */
2216 stream_forward_getp(peer->ibuf, BGP_MARKER_SIZE);
2217 memcpy(notify_data_length, stream_pnt(peer->ibuf), 2);
2218 size = stream_getw(peer->ibuf);
2219 type = stream_getc(peer->ibuf);
2220
2221 /* Marker check */
2222 if (((type == BGP_MSG_OPEN) || (type == BGP_MSG_KEEPALIVE))
2223 && !bgp_marker_all_one(peer->ibuf, BGP_MARKER_SIZE)) {
2224 bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR,
2225 BGP_NOTIFY_HEADER_NOT_SYNC);
2226 goto done;
2227 }
2228
2229 /* BGP type check. */
2230 if (type != BGP_MSG_OPEN && type != BGP_MSG_UPDATE
2231 && type != BGP_MSG_NOTIFY && type != BGP_MSG_KEEPALIVE
2232 && type != BGP_MSG_ROUTE_REFRESH_NEW
2233 && type != BGP_MSG_ROUTE_REFRESH_OLD
2234 && type != BGP_MSG_CAPABILITY) {
2235 if (bgp_debug_neighbor_events(peer))
2236 zlog_debug("%s unknown message type 0x%02x",
2237 peer->host, type);
2238 bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
2239 BGP_NOTIFY_HEADER_BAD_MESTYPE,
2240 &type, 1);
2241 goto done;
2242 }
2243 /* Mimimum packet length check. */
2244 if ((size < BGP_HEADER_SIZE) || (size > BGP_MAX_PACKET_SIZE)
2245 || (type == BGP_MSG_OPEN && size < BGP_MSG_OPEN_MIN_SIZE)
2246 || (type == BGP_MSG_UPDATE
2247 && size < BGP_MSG_UPDATE_MIN_SIZE)
2248 || (type == BGP_MSG_NOTIFY
2249 && size < BGP_MSG_NOTIFY_MIN_SIZE)
2250 || (type == BGP_MSG_KEEPALIVE
2251 && size != BGP_MSG_KEEPALIVE_MIN_SIZE)
2252 || (type == BGP_MSG_ROUTE_REFRESH_NEW
2253 && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2254 || (type == BGP_MSG_ROUTE_REFRESH_OLD
2255 && size < BGP_MSG_ROUTE_REFRESH_MIN_SIZE)
2256 || (type == BGP_MSG_CAPABILITY
2257 && size < BGP_MSG_CAPABILITY_MIN_SIZE)) {
2258 if (bgp_debug_neighbor_events(peer))
2259 zlog_debug("%s bad message length - %d for %s",
2260 peer->host, size,
2261 type == 128
2262 ? "ROUTE-REFRESH"
2263 : bgp_type_str[(int)type]);
2264 bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR,
2265 BGP_NOTIFY_HEADER_BAD_MESLEN,
2266 (u_char *)notify_data_length,
2267 2);
2268 goto done;
2269 }
2270
2271 /* Adjust size to message length. */
2272 peer->packet_size = size;
2273 }
2274
2275 ret = bgp_read_packet(peer);
2276 if (ret < 0)
2277 goto done;
2278
2279 /* Get size and type again. */
2280 (void)stream_getw_from(peer->ibuf, BGP_MARKER_SIZE);
2281 type = stream_getc_from(peer->ibuf, BGP_MARKER_SIZE + 2);
2282
2283 /* BGP packet dump function. */
2284 bgp_dump_packet(peer, type, peer->ibuf);
2285
2286 size = (peer->packet_size - BGP_HEADER_SIZE);
2287
2288 /* Read rest of the packet and call each sort of packet routine */
2289 switch (type) {
2290 case BGP_MSG_OPEN:
2291 peer->open_in++;
2292 bgp_open_receive(peer, size); /* XXX return value ignored! */
2293 break;
2294 case BGP_MSG_UPDATE:
2295 peer->readtime = monotime(NULL);
2296 bgp_update_receive(peer, size);
2297 break;
2298 case BGP_MSG_NOTIFY:
2299 bgp_notify_receive(peer, size);
2300 break;
2301 case BGP_MSG_KEEPALIVE:
2302 peer->readtime = monotime(NULL);
2303 bgp_keepalive_receive(peer, size);
2304 break;
2305 case BGP_MSG_ROUTE_REFRESH_NEW:
2306 case BGP_MSG_ROUTE_REFRESH_OLD:
2307 peer->refresh_in++;
2308 bgp_route_refresh_receive(peer, size);
2309 break;
2310 case BGP_MSG_CAPABILITY:
2311 peer->dynamic_cap_in++;
2312 bgp_capability_receive(peer, size);
2313 break;
2314 }
2315
2316 /* If reading this packet caused us to send a NOTIFICATION then store a
2317 * copy
2318 * of the packet for troubleshooting purposes
2319 */
2320 if (notify_out < peer->notify_out) {
2321 memcpy(peer->last_reset_cause, peer->ibuf->data,
2322 peer->packet_size);
2323 peer->last_reset_cause_size = peer->packet_size;
2324 notify_out = peer->notify_out;
2325 }
2326
2327 /* Clear input buffer. */
2328 peer->packet_size = 0;
2329 if (peer->ibuf)
2330 stream_reset(peer->ibuf);
2331
2332 done:
2333 /* If reading this packet caused us to send a NOTIFICATION then store a
2334 * copy
2335 * of the packet for troubleshooting purposes
2336 */
2337 if (notify_out < peer->notify_out) {
2338 memcpy(peer->last_reset_cause, peer->ibuf->data,
2339 peer->packet_size);
2340 peer->last_reset_cause_size = peer->packet_size;
2341 }
2342
2343 return 0;
2344 }
FRRouting mirror