1 /* BGP packet management routine.
2 * Contains utility functions for constructing and consuming BGP messages.
3 * Copyright (C) 2017 Cumulus Networks
4 * Copyright (C) 1999 Kunihiro Ishiguro
6 * This file is part of GNU Zebra.
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
33 #include "sockunion.h" /* for inet_ntop () */
40 #include "bgpd/bgpd.h"
41 #include "bgpd/bgp_table.h"
42 #include "bgpd/bgp_dump.h"
43 #include "bgpd/bgp_attr.h"
44 #include "bgpd/bgp_debug.h"
45 #include "bgpd/bgp_fsm.h"
46 #include "bgpd/bgp_route.h"
47 #include "bgpd/bgp_packet.h"
48 #include "bgpd/bgp_open.h"
49 #include "bgpd/bgp_aspath.h"
50 #include "bgpd/bgp_community.h"
51 #include "bgpd/bgp_ecommunity.h"
52 #include "bgpd/bgp_lcommunity.h"
53 #include "bgpd/bgp_network.h"
54 #include "bgpd/bgp_mplsvpn.h"
55 #include "bgpd/bgp_evpn.h"
56 #include "bgpd/bgp_advertise.h"
57 #include "bgpd/bgp_vty.h"
58 #include "bgpd/bgp_updgrp.h"
59 #include "bgpd/bgp_label.h"
60 #include "bgpd/bgp_io.h"
63 * Sets marker and type fields for a BGP message.
65 * @param s the stream containing the packet
66 * @param type the packet type
67 * @return the size of the stream
69 int bgp_packet_set_marker(struct stream
*s
, u_char type
)
74 for (i
= 0; i
< BGP_MARKER_SIZE
; i
++)
77 /* Dummy total length. This field is should be filled in later on. */
80 /* BGP packet type. */
83 /* Return current stream size. */
84 return stream_get_endp(s
);
88 * Sets size field for a BGP message.
90 * Size field is set to the size of the stream passed.
92 * @param s the stream containing the packet
93 * @return the size of the stream
95 int bgp_packet_set_size(struct stream
*s
)
99 /* Preserve current pointer. */
100 cp
= stream_get_endp(s
);
101 stream_putw_at(s
, BGP_MARKER_SIZE
, cp
);
107 * Push a packet onto the beginning of the peer's output queue.
108 * This function acquires the peer's write mutex before proceeding.
110 static void bgp_packet_add(struct peer
*peer
, struct stream
*s
)
112 pthread_mutex_lock(&peer
->io_mtx
);
113 stream_fifo_push(peer
->obuf
, s
);
114 pthread_mutex_unlock(&peer
->io_mtx
);
117 static struct stream
*bgp_update_packet_eor(struct peer
*peer
, afi_t afi
,
122 iana_safi_t pkt_safi
;
124 if (DISABLE_BGP_ANNOUNCE
)
127 if (bgp_debug_neighbor_events(peer
))
128 zlog_debug("send End-of-RIB for %s to %s",
129 afi_safi_print(afi
, safi
), peer
->host
);
131 s
= stream_new(BGP_MAX_PACKET_SIZE
);
133 /* Make BGP update packet. */
134 bgp_packet_set_marker(s
, BGP_MSG_UPDATE
);
136 /* Unfeasible Routes Length */
139 if (afi
== AFI_IP
&& safi
== SAFI_UNICAST
) {
140 /* Total Path Attribute Length */
143 /* Convert AFI, SAFI to values for packet. */
144 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
146 /* Total Path Attribute Length */
148 stream_putc(s
, BGP_ATTR_FLAG_OPTIONAL
);
149 stream_putc(s
, BGP_ATTR_MP_UNREACH_NLRI
);
151 stream_putw(s
, pkt_afi
);
152 stream_putc(s
, pkt_safi
);
155 bgp_packet_set_size(s
);
159 /* Called when there is a change in the EOR(implicit or explicit) status of a
160 * peer. Ends the update-delay if all expected peers are done with EORs. */
161 void bgp_check_update_delay(struct bgp
*bgp
)
163 struct listnode
*node
, *nnode
;
164 struct peer
*peer
= NULL
;
166 if (bgp_debug_neighbor_events(peer
))
167 zlog_debug("Checking update delay, T: %d R: %d I:%d E: %d",
168 bgp
->established
, bgp
->restarted_peers
,
169 bgp
->implicit_eors
, bgp
->explicit_eors
);
172 <= bgp
->restarted_peers
+ bgp
->implicit_eors
+ bgp
->explicit_eors
) {
173 /* This is an extra sanity check to make sure we wait for all
175 eligible configured peers. This check is performed if
177 timer is on, or establish wait option is not given with the
178 update-delay command */
179 if (bgp
->t_establish_wait
180 || (bgp
->v_establish_wait
== bgp
->v_update_delay
))
181 for (ALL_LIST_ELEMENTS(bgp
->peer
, node
, nnode
, peer
)) {
182 if (CHECK_FLAG(peer
->flags
,
183 PEER_FLAG_CONFIG_NODE
)
184 && !CHECK_FLAG(peer
->flags
,
186 && !peer
->update_delay_over
) {
187 if (bgp_debug_neighbor_events(peer
))
189 " Peer %s pending, continuing read-only mode",
196 "Update delay ended, restarted: %d, EORs implicit: %d, explicit: %d",
197 bgp
->restarted_peers
, bgp
->implicit_eors
,
199 bgp_update_delay_end(bgp
);
203 /* Called if peer is known to have restarted. The restart-state bit in
204 Graceful-Restart capability is used for that */
205 void bgp_update_restarted_peers(struct peer
*peer
)
207 if (!bgp_update_delay_active(peer
->bgp
))
208 return; /* BGP update delay has ended */
209 if (peer
->update_delay_over
)
210 return; /* This peer has already been considered */
212 if (bgp_debug_neighbor_events(peer
))
213 zlog_debug("Peer %s: Checking restarted", peer
->host
);
215 if (peer
->status
== Established
) {
216 peer
->update_delay_over
= 1;
217 peer
->bgp
->restarted_peers
++;
218 bgp_check_update_delay(peer
->bgp
);
222 /* Called as peer receives a keep-alive. Determines if this occurence can be
223 taken as an implicit EOR for this peer.
224 NOTE: The very first keep-alive after the Established state of a peer is
225 considered implicit EOR for the update-delay purposes */
226 void bgp_update_implicit_eors(struct peer
*peer
)
228 if (!bgp_update_delay_active(peer
->bgp
))
229 return; /* BGP update delay has ended */
230 if (peer
->update_delay_over
)
231 return; /* This peer has already been considered */
233 if (bgp_debug_neighbor_events(peer
))
234 zlog_debug("Peer %s: Checking implicit EORs", peer
->host
);
236 if (peer
->status
== Established
) {
237 peer
->update_delay_over
= 1;
238 peer
->bgp
->implicit_eors
++;
239 bgp_check_update_delay(peer
->bgp
);
243 /* Should be called only when there is a change in the EOR_RECEIVED status
244 for any afi/safi on a peer */
245 static void bgp_update_explicit_eors(struct peer
*peer
)
250 if (!bgp_update_delay_active(peer
->bgp
))
251 return; /* BGP update delay has ended */
252 if (peer
->update_delay_over
)
253 return; /* This peer has already been considered */
255 if (bgp_debug_neighbor_events(peer
))
256 zlog_debug("Peer %s: Checking explicit EORs", peer
->host
);
258 for (afi
= AFI_IP
; afi
< AFI_MAX
; afi
++)
259 for (safi
= SAFI_UNICAST
; safi
< SAFI_MAX
; safi
++) {
260 if (peer
->afc_nego
[afi
][safi
]
261 && !CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
262 PEER_STATUS_EOR_RECEIVED
)) {
263 if (bgp_debug_neighbor_events(peer
))
265 " afi %d safi %d didnt receive EOR",
271 peer
->update_delay_over
= 1;
272 peer
->bgp
->explicit_eors
++;
273 bgp_check_update_delay(peer
->bgp
);
277 * Frontend for NLRI parsing, to fan-out to AFI/SAFI specific parsers.
279 * mp_withdraw, if set, is used to nullify attr structure on most of the
280 * calling safi function and for evpn, passed as parameter
282 int bgp_nlri_parse(struct peer
*peer
, struct attr
*attr
,
283 struct bgp_nlri
*packet
, int mp_withdraw
)
285 switch (packet
->safi
) {
288 return bgp_nlri_parse_ip(peer
, mp_withdraw
? NULL
: attr
,
290 case SAFI_LABELED_UNICAST
:
291 return bgp_nlri_parse_label(peer
, mp_withdraw
? NULL
: attr
,
294 return bgp_nlri_parse_vpn(peer
, mp_withdraw
? NULL
: attr
,
297 return bgp_nlri_parse_evpn(peer
, attr
, packet
, mp_withdraw
);
303 * Enqueue onto the peer's output buffer any packets which are pending for the
304 * update group it is a member of.
306 * XXX: Severely needs performance work.
308 int bgp_generate_updgrp_packets(struct thread
*thread
)
310 struct peer
*peer
= THREAD_ARG(thread
);
314 struct bpacket
*next_pkt
;
319 * The code beyond this part deals with update packets, proceed only
320 * if peer is Established and updates are not on hold (as part of
321 * update-delay post processing).
323 if (peer
->status
!= Established
)
326 if (peer
->bgp
&& peer
->bgp
->main_peers_update_hold
)
331 for (afi
= AFI_IP
; afi
< AFI_MAX
; afi
++)
332 for (safi
= SAFI_UNICAST
; safi
< SAFI_MAX
; safi
++) {
333 paf
= peer_af_find(peer
, afi
, safi
);
334 if (!paf
|| !PAF_SUBGRP(paf
))
336 next_pkt
= paf
->next_pkt_to_send
;
338 /* Try to generate a packet for the peer if we
340 * the list. Always try to push out WITHDRAWs
342 if (!next_pkt
|| !next_pkt
->buffer
) {
343 next_pkt
= subgroup_withdraw_packet(
345 if (!next_pkt
|| !next_pkt
->buffer
)
346 subgroup_update_packet(
348 next_pkt
= paf
->next_pkt_to_send
;
351 /* If we still don't have a packet to send to
353 * try to find out out if we have to send eor or
355 * the next AFI, SAFI.
356 * Don't send the EOR prematurely... if the
357 * subgroup's coalesce
358 * timer is running, the adjacency-out structure
362 if (!next_pkt
|| !next_pkt
->buffer
) {
363 if (CHECK_FLAG(peer
->cap
,
364 PEER_CAP_RESTART_RCV
)) {
365 if (!(PAF_SUBGRP(paf
))
367 && peer
->afc_nego
[afi
][safi
]
373 PEER_STATUS_EOR_SEND
)) {
378 PEER_STATUS_EOR_SEND
);
380 if ((s
= bgp_update_packet_eor(
395 /* Found a packet template to send, overwrite
396 * packet with appropriate
397 * attributes from peer and advance peer */
398 s
= bpacket_reformat_for_peer(next_pkt
, paf
);
399 bgp_packet_add(peer
, s
);
401 bpacket_queue_advance_peer(paf
);
409 * Creates a BGP Keepalive packet and appends it to the peer's output queue.
411 void bgp_keepalive_send(struct peer
*peer
)
415 s
= stream_new(BGP_MAX_PACKET_SIZE
);
417 /* Make keepalive packet. */
418 bgp_packet_set_marker(s
, BGP_MSG_KEEPALIVE
);
420 /* Set packet size. */
421 (void)bgp_packet_set_size(s
);
423 /* Dump packet if debug option is set. */
424 /* bgp_packet_dump (s); */
426 if (bgp_debug_keepalive(peer
))
427 zlog_debug("%s sending KEEPALIVE", peer
->host
);
429 /* Add packet to the peer. */
430 bgp_packet_add(peer
, s
);
436 * Creates a BGP Open packet and appends it to the peer's output queue.
437 * Sets capabilities as necessary.
439 void bgp_open_send(struct peer
*peer
)
442 u_int16_t send_holdtime
;
445 if (PEER_OR_GROUP_TIMER_SET(peer
))
446 send_holdtime
= peer
->holdtime
;
448 send_holdtime
= peer
->bgp
->default_holdtime
;
450 /* local-as Change */
451 if (peer
->change_local_as
)
452 local_as
= peer
->change_local_as
;
454 local_as
= peer
->local_as
;
456 s
= stream_new(BGP_MAX_PACKET_SIZE
);
458 /* Make open packet. */
459 bgp_packet_set_marker(s
, BGP_MSG_OPEN
);
461 /* Set open packet values. */
462 stream_putc(s
, BGP_VERSION_4
); /* BGP version */
464 (local_as
<= BGP_AS_MAX
) ? (u_int16_t
)local_as
466 stream_putw(s
, send_holdtime
); /* Hold Time */
467 stream_put_in_addr(s
, &peer
->local_id
); /* BGP Identifier */
469 /* Set capability code. */
470 bgp_open_capability(s
, peer
);
472 /* Set BGP packet length. */
473 (void)bgp_packet_set_size(s
);
475 if (bgp_debug_neighbor_events(peer
))
477 "%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
478 peer
->host
, BGP_VERSION_4
, local_as
, send_holdtime
,
479 inet_ntoa(peer
->local_id
));
481 /* Dump packet if debug option is set. */
482 /* bgp_packet_dump (s); */
484 /* Add packet to the peer. */
485 bgp_packet_add(peer
, s
);
490 /* This is only for sending NOTIFICATION message to neighbor. */
491 static int bgp_write_notify(struct peer
*peer
)
497 pthread_mutex_lock(&peer
->io_mtx
);
499 /* There should be at least one packet. */
500 s
= stream_fifo_pop(peer
->obuf
);
503 assert(stream_get_endp(s
) >= BGP_HEADER_SIZE
);
505 pthread_mutex_unlock(&peer
->io_mtx
);
507 /* Stop collecting data within the socket */
508 sockopt_cork(peer
->fd
, 0);
510 /* socket is in nonblocking mode, if we can't deliver the NOTIFY, well,
511 * we only care about getting a clean shutdown at this point. */
512 ret
= write(peer
->fd
, STREAM_DATA(s
), stream_get_endp(s
));
514 /* only connection reset/close gets counted as TCP_fatal_error, failure
515 * to write the entire NOTIFY doesn't get different FSM treatment */
518 BGP_EVENT_ADD(peer
, TCP_fatal_error
);
522 /* Disable Nagle, make NOTIFY packet go out right away */
524 (void)setsockopt(peer
->fd
, IPPROTO_TCP
, TCP_NODELAY
, (char *)&val
,
527 /* Retrieve BGP packet type. */
528 stream_set_getp(s
, BGP_MARKER_SIZE
+ 2);
529 type
= stream_getc(s
);
531 assert(type
== BGP_MSG_NOTIFY
);
533 /* Type should be notify. */
536 /* Double start timer. */
539 /* Overflow check. */
540 if (peer
->v_start
>= (60 * 2))
541 peer
->v_start
= (60 * 2);
543 /* Handle Graceful Restart case where the state changes to
544 Connect instead of Idle */
545 BGP_EVENT_ADD(peer
, BGP_Stop
);
553 * Creates a BGP Notify and appends it to the peer's output queue.
555 * This function awakens the write thread to ensure the packet
559 * @param code BGP error code
560 * @param sub_code BGP error subcode
561 * @param data Data portion
562 * @param datalen length of data portion
564 void bgp_notify_send_with_data(struct peer
*peer
, u_char code
, u_char sub_code
,
565 u_char
*data
, size_t datalen
)
570 /* Allocate new stream. */
571 s
= stream_new(BGP_MAX_PACKET_SIZE
);
573 /* Make notify packet. */
574 bgp_packet_set_marker(s
, BGP_MSG_NOTIFY
);
576 /* Set notify packet values. */
577 stream_putc(s
, code
); /* BGP notify code */
578 stream_putc(s
, sub_code
); /* BGP notify sub_code */
580 /* If notify data is present. */
582 stream_write(s
, data
, datalen
);
584 /* Set BGP packet length. */
585 length
= bgp_packet_set_size(s
);
587 /* wipe output buffer */
588 pthread_mutex_lock(&peer
->io_mtx
);
590 stream_fifo_clean(peer
->obuf
);
592 pthread_mutex_unlock(&peer
->io_mtx
);
594 /* If possible, store last packet for debugging purposes. This check is
596 * place because we are sometimes called with a doppelganger peer, who
598 * to have a plethora of fields nulled out. */
599 if (peer
->curr
&& peer
->last_reset_cause_size
) {
600 size_t packetsize
= stream_get_endp(peer
->curr
);
601 assert(packetsize
<= peer
->last_reset_cause_size
);
602 memcpy(peer
->last_reset_cause
, peer
->curr
->data
, packetsize
);
603 peer
->last_reset_cause_size
= packetsize
;
608 struct bgp_notify bgp_notify
;
613 bgp_notify
.code
= code
;
614 bgp_notify
.subcode
= sub_code
;
615 bgp_notify
.data
= NULL
;
616 bgp_notify
.length
= length
- BGP_MSG_NOTIFY_MIN_SIZE
;
617 bgp_notify
.raw_data
= data
;
619 peer
->notify
.code
= bgp_notify
.code
;
620 peer
->notify
.subcode
= bgp_notify
.subcode
;
622 if (bgp_notify
.length
) {
624 XMALLOC(MTYPE_TMP
, bgp_notify
.length
* 3);
625 for (i
= 0; i
< bgp_notify
.length
; i
++)
627 sprintf(c
, " %02x", data
[i
]);
628 strcat(bgp_notify
.data
, c
);
631 sprintf(c
, "%02x", data
[i
]);
632 strcpy(bgp_notify
.data
, c
);
635 bgp_notify_print(peer
, &bgp_notify
, "sending");
637 if (bgp_notify
.data
) {
638 XFREE(MTYPE_TMP
, bgp_notify
.data
);
639 bgp_notify
.data
= NULL
;
640 bgp_notify
.length
= 0;
644 /* peer reset cause */
645 if (code
== BGP_NOTIFY_CEASE
) {
646 if (sub_code
== BGP_NOTIFY_CEASE_ADMIN_RESET
)
647 peer
->last_reset
= PEER_DOWN_USER_RESET
;
648 else if (sub_code
== BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN
)
649 peer
->last_reset
= PEER_DOWN_USER_SHUTDOWN
;
651 peer
->last_reset
= PEER_DOWN_NOTIFY_SEND
;
653 peer
->last_reset
= PEER_DOWN_NOTIFY_SEND
;
655 /* Add packet to peer's output queue */
656 bgp_packet_add(peer
, s
);
658 bgp_write_notify(peer
);
662 * Creates a BGP Notify and appends it to the peer's output queue.
664 * This function awakens the write thread to ensure the packet
668 * @param code BGP error code
669 * @param sub_code BGP error subcode
671 void bgp_notify_send(struct peer
*peer
, u_char code
, u_char sub_code
)
673 bgp_notify_send_with_data(peer
, code
, sub_code
, NULL
, 0);
677 * Creates BGP Route Refresh packet and appends it to the peer's output queue.
680 * @param afi Address Family Identifier
681 * @param safi Subsequent Address Family Identifier
682 * @param orf_type Outbound Route Filtering type
683 * @param when_to_refresh Whether to refresh immediately or defer
684 * @param remove Whether to remove ORF for specified AFI/SAFI
686 void bgp_route_refresh_send(struct peer
*peer
, afi_t afi
, safi_t safi
,
687 u_char orf_type
, u_char when_to_refresh
, int remove
)
690 struct bgp_filter
*filter
;
693 iana_safi_t pkt_safi
;
695 if (DISABLE_BGP_ANNOUNCE
)
698 filter
= &peer
->filter
[afi
][safi
];
700 /* Convert AFI, SAFI to values for packet. */
701 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
703 s
= stream_new(BGP_MAX_PACKET_SIZE
);
705 /* Make BGP update packet. */
706 if (CHECK_FLAG(peer
->cap
, PEER_CAP_REFRESH_NEW_RCV
))
707 bgp_packet_set_marker(s
, BGP_MSG_ROUTE_REFRESH_NEW
);
709 bgp_packet_set_marker(s
, BGP_MSG_ROUTE_REFRESH_OLD
);
711 /* Encode Route Refresh message. */
712 stream_putw(s
, pkt_afi
);
714 stream_putc(s
, pkt_safi
);
716 if (orf_type
== ORF_TYPE_PREFIX
|| orf_type
== ORF_TYPE_PREFIX_OLD
)
717 if (remove
|| filter
->plist
[FILTER_IN
].plist
) {
722 stream_putc(s
, when_to_refresh
);
723 stream_putc(s
, orf_type
);
724 orfp
= stream_get_endp(s
);
728 UNSET_FLAG(peer
->af_sflags
[afi
][safi
],
729 PEER_STATUS_ORF_PREFIX_SEND
);
730 stream_putc(s
, ORF_COMMON_PART_REMOVE_ALL
);
731 if (bgp_debug_neighbor_events(peer
))
733 "%s sending REFRESH_REQ to remove ORF(%d) (%s) for afi/safi: %d/%d",
734 peer
->host
, orf_type
,
735 (when_to_refresh
== REFRESH_DEFER
740 SET_FLAG(peer
->af_sflags
[afi
][safi
],
741 PEER_STATUS_ORF_PREFIX_SEND
);
742 prefix_bgp_orf_entry(
743 s
, filter
->plist
[FILTER_IN
].plist
,
745 ORF_COMMON_PART_PERMIT
,
746 ORF_COMMON_PART_DENY
);
747 if (bgp_debug_neighbor_events(peer
))
749 "%s sending REFRESH_REQ with pfxlist ORF(%d) (%s) for afi/safi: %d/%d",
750 peer
->host
, orf_type
,
751 (when_to_refresh
== REFRESH_DEFER
757 /* Total ORF Entry Len. */
758 orf_len
= stream_get_endp(s
) - orfp
- 2;
759 stream_putw_at(s
, orfp
, orf_len
);
762 /* Set packet size. */
763 (void)bgp_packet_set_size(s
);
765 if (bgp_debug_neighbor_events(peer
)) {
767 zlog_debug("%s sending REFRESH_REQ for afi/safi: %d/%d",
768 peer
->host
, pkt_afi
, pkt_safi
);
771 /* Add packet to the peer. */
772 bgp_packet_add(peer
, s
);
778 * Create a BGP Capability packet and append it to the peer's output queue.
781 * @param afi Address Family Identifier
782 * @param safi Subsequent Address Family Identifier
783 * @param capability_code BGP Capability Code
784 * @param action Set or Remove capability
786 void bgp_capability_send(struct peer
*peer
, afi_t afi
, safi_t safi
,
787 int capability_code
, int action
)
791 iana_safi_t pkt_safi
;
793 /* Convert AFI, SAFI to values for packet. */
794 bgp_map_afi_safi_int2iana(afi
, safi
, &pkt_afi
, &pkt_safi
);
796 s
= stream_new(BGP_MAX_PACKET_SIZE
);
798 /* Make BGP update packet. */
799 bgp_packet_set_marker(s
, BGP_MSG_CAPABILITY
);
801 /* Encode MP_EXT capability. */
802 if (capability_code
== CAPABILITY_CODE_MP
) {
803 stream_putc(s
, action
);
804 stream_putc(s
, CAPABILITY_CODE_MP
);
805 stream_putc(s
, CAPABILITY_CODE_MP_LEN
);
806 stream_putw(s
, pkt_afi
);
808 stream_putc(s
, pkt_safi
);
810 if (bgp_debug_neighbor_events(peer
))
812 "%s sending CAPABILITY has %s MP_EXT CAP for afi/safi: %d/%d",
814 action
== CAPABILITY_ACTION_SET
? "Advertising"
819 /* Set packet size. */
820 (void)bgp_packet_set_size(s
);
822 /* Add packet to the peer. */
823 bgp_packet_add(peer
, s
);
828 /* RFC1771 6.8 Connection collision detection. */
829 static int bgp_collision_detect(struct peer
*new, struct in_addr remote_id
)
833 /* Upon receipt of an OPEN message, the local system must examine
834 all of its connections that are in the OpenConfirm state. A BGP
835 speaker may also examine connections in an OpenSent state if it
836 knows the BGP Identifier of the peer by means outside of the
837 protocol. If among these connections there is a connection to a
838 remote BGP speaker whose BGP Identifier equals the one in the
839 OPEN message, then the local system performs the following
840 collision resolution procedure: */
842 if ((peer
= new->doppelganger
) != NULL
) {
843 /* Do not accept the new connection in Established or Clearing
845 * Note that a peer GR is handled by closing the existing
847 * upon receipt of new one.
849 if (peer
->status
== Established
|| peer
->status
== Clearing
) {
850 bgp_notify_send(new, BGP_NOTIFY_CEASE
,
851 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
853 } else if ((peer
->status
== OpenConfirm
)
854 || (peer
->status
== OpenSent
)) {
855 /* 1. The BGP Identifier of the local system is compared
857 the BGP Identifier of the remote system (as specified
859 the OPEN message). */
861 if (ntohl(peer
->local_id
.s_addr
)
862 < ntohl(remote_id
.s_addr
))
863 if (!CHECK_FLAG(peer
->sflags
,
864 PEER_STATUS_ACCEPT_PEER
)) {
865 /* 2. If the value of the local BGP
867 than the remote one, the local system
869 connection that already exists (the
871 already in the OpenConfirm state),
873 connection initiated by the remote
876 peer
, BGP_NOTIFY_CEASE
,
877 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
881 new, BGP_NOTIFY_CEASE
,
882 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
886 /* 3. Otherwise, the local system closes newly
888 BGP connection (the one associated with the
890 received OPEN message), and continues to use
892 existing one (the one that is already in the
893 OpenConfirm state). */
894 if (CHECK_FLAG(peer
->sflags
,
895 PEER_STATUS_ACCEPT_PEER
)) {
897 peer
, BGP_NOTIFY_CEASE
,
898 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
902 new, BGP_NOTIFY_CEASE
,
903 BGP_NOTIFY_CEASE_COLLISION_RESOLUTION
);
912 /* Packet processing routines ---------------------------------------------- */
914 * This is a family of functions designed to be called from
915 * bgp_process_packet(). These functions all share similar behavior and should
916 * adhere to the following invariants and restrictions:
920 * The return code of any one of those functions should be one of the FSM event
921 * codes specified in bgpd.h. If a NOTIFY was sent, this event code MUST be
922 * BGP_Stop. Otherwise, the code SHOULD correspond to the function's expected
923 * packet type. For example, bgp_open_receive() should return BGP_Stop upon
924 * error and Receive_OPEN_message otherwise.
926 * If no action is necessary, the correct return code is BGP_PACKET_NOOP as
931 * - May send NOTIFY messages
932 * - May not modify peer->status
933 * - May not call bgp_event_update()
936 #define BGP_PACKET_NOOP 0
939 * Process BGP OPEN message for peer.
941 * If any errors are encountered in the OPEN message, immediately sends NOTIFY
942 * and returns BGP_Stop.
945 * @param size size of the packet
946 * @return as in summary
948 static int bgp_open_receive(struct peer
*peer
, bgp_size_t size
)
954 u_int16_t send_holdtime
;
957 struct in_addr remote_id
;
959 u_int8_t notify_data_remote_as
[2];
960 u_int8_t notify_data_remote_as4
[4];
961 u_int8_t notify_data_remote_id
[4];
962 u_int16_t
*holdtime_ptr
;
964 /* Parse open packet. */
965 version
= stream_getc(peer
->curr
);
966 memcpy(notify_data_remote_as
, stream_pnt(peer
->curr
), 2);
967 remote_as
= stream_getw(peer
->curr
);
968 holdtime_ptr
= (u_int16_t
*)stream_pnt(peer
->curr
);
969 holdtime
= stream_getw(peer
->curr
);
970 memcpy(notify_data_remote_id
, stream_pnt(peer
->curr
), 4);
971 remote_id
.s_addr
= stream_get_ipv4(peer
->curr
);
973 /* Receive OPEN message log */
974 if (bgp_debug_neighbor_events(peer
))
976 "%s rcv OPEN, version %d, remote-as (in open) %u,"
977 " holdtime %d, id %s",
978 peer
->host
, version
, remote_as
, holdtime
,
979 inet_ntoa(remote_id
));
981 /* BEGIN to read the capability here, but dont do it yet */
983 optlen
= stream_getc(peer
->curr
);
986 /* If not enough bytes, it is an error. */
987 if (STREAM_READABLE(peer
->curr
) < optlen
) {
988 bgp_notify_send(peer
, BGP_NOTIFY_OPEN_ERR
,
989 BGP_NOTIFY_OPEN_MALFORMED_ATTR
);
993 /* We need the as4 capability value *right now* because
994 * if it is there, we have not got the remote_as yet, and
996 * that we do not know which peer is connecting to us now.
998 as4
= peek_for_as4_capability(peer
, optlen
);
999 memcpy(notify_data_remote_as4
, &as4
, 4);
1002 /* Just in case we have a silly peer who sends AS4 capability set to 0
1004 if (CHECK_FLAG(peer
->cap
, PEER_CAP_AS4_RCV
) && !as4
) {
1005 zlog_err("%s bad OPEN, got AS4 capability, but AS4 set to 0",
1007 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1008 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1009 notify_data_remote_as4
, 4);
1013 if (remote_as
== BGP_AS_TRANS
) {
1014 /* Take the AS4 from the capability. We must have received the
1015 * capability now! Otherwise we have a asn16 peer who uses
1016 * BGP_AS_TRANS, for some unknown reason.
1018 if (as4
== BGP_AS_TRANS
) {
1020 "%s [AS4] NEW speaker using AS_TRANS for AS4, not allowed",
1022 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1023 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1024 notify_data_remote_as4
, 4);
1028 if (!as4
&& BGP_DEBUG(as4
, AS4
))
1030 "%s [AS4] OPEN remote_as is AS_TRANS, but no AS4."
1031 " Odd, but proceeding.",
1033 else if (as4
< BGP_AS_MAX
&& BGP_DEBUG(as4
, AS4
))
1035 "%s [AS4] OPEN remote_as is AS_TRANS, but AS4 (%u) fits "
1036 "in 2-bytes, very odd peer.",
1041 /* We may have a partner with AS4 who has an asno < BGP_AS_MAX
1043 /* If we have got the capability, peer->as4cap must match
1045 if (CHECK_FLAG(peer
->cap
, PEER_CAP_AS4_RCV
)
1046 && as4
!= remote_as
) {
1047 /* raise error, log this, close session */
1049 "%s bad OPEN, got AS4 capability, but remote_as %u"
1050 " mismatch with 16bit 'myasn' %u in open",
1051 peer
->host
, as4
, remote_as
);
1052 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1053 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1054 notify_data_remote_as4
, 4);
1059 /* remote router-id check. */
1060 if (remote_id
.s_addr
== 0 || IPV4_CLASS_DE(ntohl(remote_id
.s_addr
))
1061 || ntohl(peer
->local_id
.s_addr
) == ntohl(remote_id
.s_addr
)) {
1062 if (bgp_debug_neighbor_events(peer
))
1063 zlog_debug("%s bad OPEN, wrong router identifier %s",
1064 peer
->host
, inet_ntoa(remote_id
));
1065 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1066 BGP_NOTIFY_OPEN_BAD_BGP_IDENT
,
1067 notify_data_remote_id
, 4);
1071 /* Set remote router-id */
1072 peer
->remote_id
= remote_id
;
1074 /* Peer BGP version check. */
1075 if (version
!= BGP_VERSION_4
) {
1076 u_int16_t maxver
= htons(BGP_VERSION_4
);
1077 /* XXX this reply may not be correct if version < 4 XXX */
1078 if (bgp_debug_neighbor_events(peer
))
1080 "%s bad protocol version, remote requested %d, local request %d",
1081 peer
->host
, version
, BGP_VERSION_4
);
1082 /* Data must be in network byte order here */
1083 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1084 BGP_NOTIFY_OPEN_UNSUP_VERSION
,
1085 (u_int8_t
*)&maxver
, 2);
1089 /* Check neighbor as number. */
1090 if (peer
->as_type
== AS_UNSPECIFIED
) {
1091 if (bgp_debug_neighbor_events(peer
))
1093 "%s bad OPEN, remote AS is unspecified currently",
1095 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1096 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1097 notify_data_remote_as
, 2);
1099 } else if (peer
->as_type
== AS_INTERNAL
) {
1100 if (remote_as
!= peer
->bgp
->as
) {
1101 if (bgp_debug_neighbor_events(peer
))
1103 "%s bad OPEN, remote AS is %u, internal specified",
1104 peer
->host
, remote_as
);
1105 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1106 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1107 notify_data_remote_as
, 2);
1110 peer
->as
= peer
->local_as
;
1111 } else if (peer
->as_type
== AS_EXTERNAL
) {
1112 if (remote_as
== peer
->bgp
->as
) {
1113 if (bgp_debug_neighbor_events(peer
))
1115 "%s bad OPEN, remote AS is %u, external specified",
1116 peer
->host
, remote_as
);
1117 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1118 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1119 notify_data_remote_as
, 2);
1122 peer
->as
= remote_as
;
1123 } else if ((peer
->as_type
== AS_SPECIFIED
) && (remote_as
!= peer
->as
)) {
1124 if (bgp_debug_neighbor_events(peer
))
1125 zlog_debug("%s bad OPEN, remote AS is %u, expected %u",
1126 peer
->host
, remote_as
, peer
->as
);
1127 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1128 BGP_NOTIFY_OPEN_BAD_PEER_AS
,
1129 notify_data_remote_as
, 2);
1133 /* From the rfc: Upon receipt of an OPEN message, a BGP speaker MUST
1134 calculate the value of the Hold Timer by using the smaller of its
1135 configured Hold Time and the Hold Time received in the OPEN message.
1136 The Hold Time MUST be either zero or at least three seconds. An
1137 implementation may reject connections on the basis of the Hold Time.
1140 if (holdtime
< 3 && holdtime
!= 0) {
1141 bgp_notify_send_with_data(peer
, BGP_NOTIFY_OPEN_ERR
,
1142 BGP_NOTIFY_OPEN_UNACEP_HOLDTIME
,
1143 (u_char
*)holdtime_ptr
, 2);
1147 /* From the rfc: A reasonable maximum time between KEEPALIVE messages
1148 would be one third of the Hold Time interval. KEEPALIVE messages
1149 MUST NOT be sent more frequently than one per second. An
1150 implementation MAY adjust the rate at which it sends KEEPALIVE
1151 messages as a function of the Hold Time interval. */
1153 if (PEER_OR_GROUP_TIMER_SET(peer
))
1154 send_holdtime
= peer
->holdtime
;
1156 send_holdtime
= peer
->bgp
->default_holdtime
;
1158 if (holdtime
< send_holdtime
)
1159 peer
->v_holdtime
= holdtime
;
1161 peer
->v_holdtime
= send_holdtime
;
1163 if ((PEER_OR_GROUP_TIMER_SET(peer
))
1164 && (peer
->keepalive
< peer
->v_holdtime
/ 3))
1165 peer
->v_keepalive
= peer
->keepalive
;
1167 peer
->v_keepalive
= peer
->v_holdtime
/ 3;
1169 /* Open option part parse. */
1171 if ((ret
= bgp_open_option_parse(peer
, optlen
, &mp_capability
))
1175 if (bgp_debug_neighbor_events(peer
))
1176 zlog_debug("%s rcvd OPEN w/ OPTION parameter len: 0",
1181 * Assume that the peer supports the locally configured set of
1182 * AFI/SAFIs if the peer did not send us any Mulitiprotocol
1183 * capabilities, or if 'override-capability' is configured.
1186 || CHECK_FLAG(peer
->flags
, PEER_FLAG_OVERRIDE_CAPABILITY
)) {
1187 peer
->afc_nego
[AFI_IP
][SAFI_UNICAST
] =
1188 peer
->afc
[AFI_IP
][SAFI_UNICAST
];
1189 peer
->afc_nego
[AFI_IP
][SAFI_MULTICAST
] =
1190 peer
->afc
[AFI_IP
][SAFI_MULTICAST
];
1191 peer
->afc_nego
[AFI_IP
][SAFI_LABELED_UNICAST
] =
1192 peer
->afc
[AFI_IP
][SAFI_LABELED_UNICAST
];
1193 peer
->afc_nego
[AFI_IP6
][SAFI_UNICAST
] =
1194 peer
->afc
[AFI_IP6
][SAFI_UNICAST
];
1195 peer
->afc_nego
[AFI_IP6
][SAFI_MULTICAST
] =
1196 peer
->afc
[AFI_IP6
][SAFI_MULTICAST
];
1197 peer
->afc_nego
[AFI_IP6
][SAFI_LABELED_UNICAST
] =
1198 peer
->afc
[AFI_IP6
][SAFI_LABELED_UNICAST
];
1199 peer
->afc_nego
[AFI_L2VPN
][SAFI_EVPN
] =
1200 peer
->afc
[AFI_L2VPN
][SAFI_EVPN
];
1203 /* When collision is detected and this peer is closed. Retrun
1205 ret
= bgp_collision_detect(peer
, remote_id
);
1210 if ((ret
= bgp_getsockname(peer
)) < 0) {
1211 zlog_err("%s: bgp_getsockname() failed for peer: %s",
1212 __FUNCTION__
, peer
->host
);
1216 /* Verify valid local address present based on negotiated
1217 * address-families. */
1218 if (peer
->afc_nego
[AFI_IP
][SAFI_UNICAST
]
1219 || peer
->afc_nego
[AFI_IP
][SAFI_LABELED_UNICAST
]
1220 || peer
->afc_nego
[AFI_IP
][SAFI_MULTICAST
]
1221 || peer
->afc_nego
[AFI_IP
][SAFI_MPLS_VPN
]
1222 || peer
->afc_nego
[AFI_IP
][SAFI_ENCAP
]) {
1223 if (!peer
->nexthop
.v4
.s_addr
) {
1224 #if defined(HAVE_CUMULUS)
1226 "%s: No local IPv4 addr resetting connection, fd %d",
1227 peer
->host
, peer
->fd
);
1228 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
,
1229 BGP_NOTIFY_SUBCODE_UNSPECIFIC
);
1234 if (peer
->afc_nego
[AFI_IP6
][SAFI_UNICAST
]
1235 || peer
->afc_nego
[AFI_IP6
][SAFI_LABELED_UNICAST
]
1236 || peer
->afc_nego
[AFI_IP6
][SAFI_MULTICAST
]
1237 || peer
->afc_nego
[AFI_IP6
][SAFI_MPLS_VPN
]
1238 || peer
->afc_nego
[AFI_IP6
][SAFI_ENCAP
]) {
1239 if (IN6_IS_ADDR_UNSPECIFIED(&peer
->nexthop
.v6_global
)) {
1240 #if defined(HAVE_CUMULUS)
1242 "%s: No local IPv6 addr resetting connection, fd %d",
1243 peer
->host
, peer
->fd
);
1244 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
,
1245 BGP_NOTIFY_SUBCODE_UNSPECIFIC
);
1250 peer
->rtt
= sockopt_tcp_rtt(peer
->fd
);
1252 return Receive_OPEN_message
;
1256 * Process BGP KEEPALIVE message for peer.
1259 * @param size size of the packet
1260 * @return as in summary
1262 static int bgp_keepalive_receive(struct peer
*peer
, bgp_size_t size
)
1264 if (bgp_debug_keepalive(peer
))
1265 zlog_debug("%s KEEPALIVE rcvd", peer
->host
);
1267 bgp_update_implicit_eors(peer
);
1269 return Receive_KEEPALIVE_message
;
1274 * Process BGP UPDATE message for peer.
1276 * Parses UPDATE and creates attribute object.
1279 * @param size size of the packet
1280 * @return as in summary
1282 static int bgp_update_receive(struct peer
*peer
, bgp_size_t size
)
1288 bgp_size_t attribute_len
;
1289 bgp_size_t update_len
;
1290 bgp_size_t withdraw_len
;
1299 struct bgp_nlri nlris
[NLRI_TYPE_MAX
];
1301 /* Status must be Established. */
1302 if (peer
->status
!= Established
) {
1303 zlog_err("%s [FSM] Update packet received under status %s",
1305 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
1306 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
1310 /* Set initial values. */
1311 memset(&attr
, 0, sizeof(struct attr
));
1312 attr
.label_index
= BGP_INVALID_LABEL_INDEX
;
1313 attr
.label
= MPLS_INVALID_LABEL
;
1314 memset(&nlris
, 0, sizeof(nlris
));
1315 memset(peer
->rcvd_attr_str
, 0, BUFSIZ
);
1316 peer
->rcvd_attr_printed
= 0;
1319 end
= stream_pnt(s
) + size
;
1321 /* RFC1771 6.3 If the Unfeasible Routes Length or Total Attribute
1322 Length is too large (i.e., if Unfeasible Routes Length + Total
1323 Attribute Length + 23 exceeds the message Length), then the Error
1324 Subcode is set to Malformed Attribute List. */
1325 if (stream_pnt(s
) + 2 > end
) {
1327 "%s [Error] Update packet error"
1328 " (packet length is short for unfeasible length)",
1330 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1331 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1335 /* Unfeasible Route Length. */
1336 withdraw_len
= stream_getw(s
);
1338 /* Unfeasible Route Length check. */
1339 if (stream_pnt(s
) + withdraw_len
> end
) {
1341 "%s [Error] Update packet error"
1342 " (packet unfeasible length overflow %d)",
1343 peer
->host
, withdraw_len
);
1344 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1345 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1349 /* Unfeasible Route packet format check. */
1350 if (withdraw_len
> 0) {
1351 nlris
[NLRI_WITHDRAW
].afi
= AFI_IP
;
1352 nlris
[NLRI_WITHDRAW
].safi
= SAFI_UNICAST
;
1353 nlris
[NLRI_WITHDRAW
].nlri
= stream_pnt(s
);
1354 nlris
[NLRI_WITHDRAW
].length
= withdraw_len
;
1355 stream_forward_getp(s
, withdraw_len
);
1358 /* Attribute total length check. */
1359 if (stream_pnt(s
) + 2 > end
) {
1361 "%s [Error] Packet Error"
1362 " (update packet is short for attribute length)",
1364 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1365 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1369 /* Fetch attribute total length. */
1370 attribute_len
= stream_getw(s
);
1372 /* Attribute length check. */
1373 if (stream_pnt(s
) + attribute_len
> end
) {
1375 "%s [Error] Packet Error"
1376 " (update packet attribute length overflow %d)",
1377 peer
->host
, attribute_len
);
1378 bgp_notify_send(peer
, BGP_NOTIFY_UPDATE_ERR
,
1379 BGP_NOTIFY_UPDATE_MAL_ATTR
);
1383 /* Certain attribute parsing errors should not be considered bad enough
1384 * to reset the session for, most particularly any partial/optional
1385 * attributes that have 'tunneled' over speakers that don't understand
1386 * them. Instead we withdraw only the prefix concerned.
1388 * Complicates the flow a little though..
1390 bgp_attr_parse_ret_t attr_parse_ret
= BGP_ATTR_PARSE_PROCEED
;
1391 /* This define morphs the update case into a withdraw when lower levels
1392 * have signalled an error condition where this is best.
1394 #define NLRI_ATTR_ARG (attr_parse_ret != BGP_ATTR_PARSE_WITHDRAW ? &attr : NULL)
1396 /* Parse attribute when it exists. */
1397 if (attribute_len
) {
1398 attr_parse_ret
= bgp_attr_parse(peer
, &attr
, attribute_len
,
1399 &nlris
[NLRI_MP_UPDATE
],
1400 &nlris
[NLRI_MP_WITHDRAW
]);
1401 if (attr_parse_ret
== BGP_ATTR_PARSE_ERROR
) {
1402 bgp_attr_unintern_sub(&attr
);
1407 /* Logging the attribute. */
1408 if (attr_parse_ret
== BGP_ATTR_PARSE_WITHDRAW
1409 || BGP_DEBUG(update
, UPDATE_IN
)
1410 || BGP_DEBUG(update
, UPDATE_PREFIX
)) {
1411 ret
= bgp_dump_attr(&attr
, peer
->rcvd_attr_str
, BUFSIZ
);
1413 if (attr_parse_ret
== BGP_ATTR_PARSE_WITHDRAW
)
1415 "%s rcvd UPDATE with errors in attr(s)!! Withdrawing route.",
1418 if (ret
&& bgp_debug_update(peer
, NULL
, NULL
, 1)) {
1419 zlog_debug("%s rcvd UPDATE w/ attr: %s", peer
->host
,
1420 peer
->rcvd_attr_str
);
1421 peer
->rcvd_attr_printed
= 1;
1425 /* Network Layer Reachability Information. */
1426 update_len
= end
- stream_pnt(s
);
1429 /* Set NLRI portion to structure. */
1430 nlris
[NLRI_UPDATE
].afi
= AFI_IP
;
1431 nlris
[NLRI_UPDATE
].safi
= SAFI_UNICAST
;
1432 nlris
[NLRI_UPDATE
].nlri
= stream_pnt(s
);
1433 nlris
[NLRI_UPDATE
].length
= update_len
;
1434 stream_forward_getp(s
, update_len
);
1437 if (BGP_DEBUG(update
, UPDATE_IN
))
1438 zlog_debug("%s rcvd UPDATE wlen %d attrlen %d alen %d",
1439 peer
->host
, withdraw_len
, attribute_len
, update_len
);
1441 /* Parse any given NLRIs */
1442 for (int i
= NLRI_UPDATE
; i
< NLRI_TYPE_MAX
; i
++) {
1446 /* NLRI is processed iff the peer if configured for the specific
1448 if (!peer
->afc
[nlris
[i
].afi
][nlris
[i
].safi
]) {
1450 "%s [Info] UPDATE for non-enabled AFI/SAFI %u/%u",
1451 peer
->host
, nlris
[i
].afi
, nlris
[i
].safi
);
1455 /* EoR handled later */
1456 if (nlris
[i
].length
== 0)
1461 case NLRI_MP_UPDATE
:
1462 nlri_ret
= bgp_nlri_parse(peer
, NLRI_ATTR_ARG
,
1466 case NLRI_MP_WITHDRAW
:
1467 nlri_ret
= bgp_nlri_parse(peer
, &attr
, &nlris
[i
], 1);
1474 zlog_err("%s [Error] Error parsing NLRI", peer
->host
);
1475 if (peer
->status
== Established
)
1477 peer
, BGP_NOTIFY_UPDATE_ERR
,
1479 ? BGP_NOTIFY_UPDATE_INVAL_NETWORK
1480 : BGP_NOTIFY_UPDATE_OPT_ATTR_ERR
);
1481 bgp_attr_unintern_sub(&attr
);
1488 * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
1489 * and MP EoR should have only an empty MP_UNREACH
1491 if ((!update_len
&& !withdraw_len
&&
1492 nlris
[NLRI_MP_UPDATE
].length
== 0) ||
1493 (attr_parse_ret
== BGP_ATTR_PARSE_EOR
)) {
1497 /* Non-MP IPv4/Unicast is a completely emtpy UPDATE - already
1499 * update and withdraw NLRI lengths are 0.
1501 if (!attribute_len
) {
1503 safi
= SAFI_UNICAST
;
1504 } else if (attr
.flag
& ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI
)
1505 && nlris
[NLRI_MP_WITHDRAW
].length
== 0) {
1506 afi
= nlris
[NLRI_MP_WITHDRAW
].afi
;
1507 safi
= nlris
[NLRI_MP_WITHDRAW
].safi
;
1508 } else if (attr_parse_ret
== BGP_ATTR_PARSE_EOR
) {
1509 afi
= nlris
[NLRI_MP_UPDATE
].afi
;
1510 safi
= nlris
[NLRI_MP_UPDATE
].safi
;
1513 if (afi
&& peer
->afc
[afi
][safi
]) {
1514 /* End-of-RIB received */
1515 if (!CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
1516 PEER_STATUS_EOR_RECEIVED
)) {
1517 SET_FLAG(peer
->af_sflags
[afi
][safi
],
1518 PEER_STATUS_EOR_RECEIVED
);
1519 bgp_update_explicit_eors(peer
);
1522 /* NSF delete stale route */
1523 if (peer
->nsf
[afi
][safi
])
1524 bgp_clear_stale_route(peer
, afi
, safi
);
1526 if (bgp_debug_neighbor_events(peer
)) {
1527 zlog_debug("rcvd End-of-RIB for %s from %s",
1528 afi_safi_print(afi
, safi
),
1534 /* Everything is done. We unintern temporary structures which
1535 interned in bgp_attr_parse(). */
1536 bgp_attr_unintern_sub(&attr
);
1538 peer
->update_time
= bgp_clock();
1540 /* Rearm holdtime timer */
1541 BGP_TIMER_OFF(peer
->t_holdtime
);
1542 bgp_timer_set(peer
);
1544 return Receive_UPDATE_message
;
1548 * Process BGP NOTIFY message for peer.
1551 * @param size size of the packet
1552 * @return as in summary
1554 static int bgp_notify_receive(struct peer
*peer
, bgp_size_t size
)
1556 struct bgp_notify bgp_notify
;
1558 if (peer
->notify
.data
) {
1559 XFREE(MTYPE_TMP
, peer
->notify
.data
);
1560 peer
->notify
.data
= NULL
;
1561 peer
->notify
.length
= 0;
1564 bgp_notify
.code
= stream_getc(peer
->curr
);
1565 bgp_notify
.subcode
= stream_getc(peer
->curr
);
1566 bgp_notify
.length
= size
- 2;
1567 bgp_notify
.data
= NULL
;
1569 /* Preserv notify code and sub code. */
1570 peer
->notify
.code
= bgp_notify
.code
;
1571 peer
->notify
.subcode
= bgp_notify
.subcode
;
1572 /* For further diagnostic record returned Data. */
1573 if (bgp_notify
.length
) {
1574 peer
->notify
.length
= size
- 2;
1575 peer
->notify
.data
= XMALLOC(MTYPE_TMP
, size
- 2);
1576 memcpy(peer
->notify
.data
, stream_pnt(peer
->curr
), size
- 2);
1585 if (bgp_notify
.length
) {
1587 XMALLOC(MTYPE_TMP
, bgp_notify
.length
* 3);
1588 for (i
= 0; i
< bgp_notify
.length
; i
++)
1591 stream_getc(peer
->curr
));
1592 strcat(bgp_notify
.data
, c
);
1596 stream_getc(peer
->curr
));
1597 strcpy(bgp_notify
.data
, c
);
1599 bgp_notify
.raw_data
= (u_char
*)peer
->notify
.data
;
1602 bgp_notify_print(peer
, &bgp_notify
, "received");
1603 if (bgp_notify
.data
) {
1604 XFREE(MTYPE_TMP
, bgp_notify
.data
);
1605 bgp_notify
.data
= NULL
;
1606 bgp_notify
.length
= 0;
1610 /* peer count update */
1613 peer
->last_reset
= PEER_DOWN_NOTIFY_RECEIVED
;
1615 /* We have to check for Notify with Unsupported Optional Parameter.
1616 in that case we fallback to open without the capability option.
1617 But this done in bgp_stop. We just mark it here to avoid changing
1619 if (bgp_notify
.code
== BGP_NOTIFY_OPEN_ERR
1620 && bgp_notify
.subcode
== BGP_NOTIFY_OPEN_UNSUP_PARAM
)
1621 UNSET_FLAG(peer
->sflags
, PEER_STATUS_CAPABILITY_OPEN
);
1623 return Receive_NOTIFICATION_message
;
1627 * Process BGP ROUTEREFRESH message for peer.
1630 * @param size size of the packet
1631 * @return as in summary
1633 static int bgp_route_refresh_receive(struct peer
*peer
, bgp_size_t size
)
1637 iana_safi_t pkt_safi
;
1640 struct peer_af
*paf
;
1641 struct update_group
*updgrp
;
1642 struct peer
*updgrp_peer
;
1644 /* If peer does not have the capability, send notification. */
1645 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_REFRESH_ADV
)) {
1646 zlog_err("%s [Error] BGP route refresh is not enabled",
1648 bgp_notify_send(peer
, BGP_NOTIFY_HEADER_ERR
,
1649 BGP_NOTIFY_HEADER_BAD_MESTYPE
);
1653 /* Status must be Established. */
1654 if (peer
->status
!= Established
) {
1656 "%s [Error] Route refresh packet received under status %s",
1658 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
1659 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
1666 pkt_afi
= stream_getw(s
);
1667 (void)stream_getc(s
);
1668 pkt_safi
= stream_getc(s
);
1670 if (bgp_debug_update(peer
, NULL
, NULL
, 0))
1671 zlog_debug("%s rcvd REFRESH_REQ for afi/safi: %d/%d",
1672 peer
->host
, pkt_afi
, pkt_safi
);
1674 /* Convert AFI, SAFI to internal values and check. */
1675 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
, &safi
)) {
1677 "%s REFRESH_REQ for unrecognized afi/safi: %d/%d - ignored",
1678 peer
->host
, pkt_afi
, pkt_safi
);
1679 return BGP_PACKET_NOOP
;
1682 if (size
!= BGP_MSG_ROUTE_REFRESH_MIN_SIZE
- BGP_HEADER_SIZE
) {
1684 u_char when_to_refresh
;
1688 if (size
- (BGP_MSG_ROUTE_REFRESH_MIN_SIZE
- BGP_HEADER_SIZE
)
1690 zlog_info("%s ORF route refresh length error",
1692 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1696 when_to_refresh
= stream_getc(s
);
1697 end
= stream_pnt(s
) + (size
- 5);
1699 while ((stream_pnt(s
) + 2) < end
) {
1700 orf_type
= stream_getc(s
);
1701 orf_len
= stream_getw(s
);
1703 /* orf_len in bounds? */
1704 if ((stream_pnt(s
) + orf_len
) > end
)
1705 break; /* XXX: Notify instead?? */
1706 if (orf_type
== ORF_TYPE_PREFIX
1707 || orf_type
== ORF_TYPE_PREFIX_OLD
) {
1708 uint8_t *p_pnt
= stream_pnt(s
);
1709 uint8_t *p_end
= stream_pnt(s
) + orf_len
;
1710 struct orf_prefix orfp
;
1715 int ret
= CMD_SUCCESS
;
1717 if (bgp_debug_neighbor_events(peer
)) {
1719 "%s rcvd Prefixlist ORF(%d) length %d",
1720 peer
->host
, orf_type
, orf_len
);
1723 /* we're going to read at least 1 byte of common
1725 * and 7 bytes of ORF Address-filter entry from
1731 /* ORF prefix-list name */
1732 sprintf(name
, "%s.%d.%d", peer
->host
, afi
,
1735 while (p_pnt
< p_end
) {
1736 /* If the ORF entry is malformed, want
1737 * to read as much of it
1738 * as possible without going beyond the
1739 * bounds of the entry,
1740 * to maximise debug information.
1744 sizeof(struct orf_prefix
));
1746 /* after ++: p_pnt <= p_end */
1748 & ORF_COMMON_PART_REMOVE_ALL
) {
1749 if (bgp_debug_neighbor_events(
1752 "%s rcvd Remove-All pfxlist ORF request",
1754 prefix_bgp_orf_remove_all(afi
,
1758 ok
= ((u_int32_t
)(p_end
- p_pnt
)
1759 >= sizeof(u_int32_t
));
1763 p_pnt
+= sizeof(u_int32_t
);
1764 orfp
.seq
= ntohl(seq
);
1768 if ((ok
= (p_pnt
< p_end
)))
1772 prefix_bgp_orf_set()
1774 if ((ok
= (p_pnt
< p_end
)))
1778 prefix_bgp_orf_set()
1780 if ((ok
= (p_pnt
< p_end
)))
1781 orfp
.p
.prefixlen
= *p_pnt
++;
1782 orfp
.p
.family
= afi2family(
1783 afi
); /* afi checked already */
1786 orfp
.p
.prefixlen
); /* 0 if not
1790 &orfp
.p
)) /* valid for
1794 psize
= prefix_blen(&orfp
.p
);
1797 > (p_end
- p_pnt
)) /* valid for
1801 psize
= p_end
- p_pnt
;
1805 memcpy(&orfp
.p
.u
.prefix
, p_pnt
,
1809 if (bgp_debug_neighbor_events(peer
)) {
1810 char buf
[INET6_BUFSIZ
];
1813 "%s rcvd %s %s seq %u %s/%d ge %d le %d%s",
1815 (common
& ORF_COMMON_PART_REMOVE
1818 (common
& ORF_COMMON_PART_DENY
1829 ok
? "" : " MALFORMED");
1833 ret
= prefix_bgp_orf_set(
1835 (common
& ORF_COMMON_PART_DENY
1838 (common
& ORF_COMMON_PART_REMOVE
1842 if (!ok
|| (ok
&& ret
!= CMD_SUCCESS
)) {
1844 "%s Received misformatted prefixlist ORF."
1845 " Remove All pfxlist",
1847 prefix_bgp_orf_remove_all(afi
,
1853 peer
->orf_plist
[afi
][safi
] =
1854 prefix_bgp_orf_lookup(afi
, name
);
1856 stream_forward_getp(s
, orf_len
);
1858 if (bgp_debug_neighbor_events(peer
))
1859 zlog_debug("%s rcvd Refresh %s ORF request", peer
->host
,
1860 when_to_refresh
== REFRESH_DEFER
1863 if (when_to_refresh
== REFRESH_DEFER
)
1864 return BGP_PACKET_NOOP
;
1867 /* First update is deferred until ORF or ROUTE-REFRESH is received */
1868 if (CHECK_FLAG(peer
->af_sflags
[afi
][safi
],
1869 PEER_STATUS_ORF_WAIT_REFRESH
))
1870 UNSET_FLAG(peer
->af_sflags
[afi
][safi
],
1871 PEER_STATUS_ORF_WAIT_REFRESH
);
1873 paf
= peer_af_find(peer
, afi
, safi
);
1874 if (paf
&& paf
->subgroup
) {
1875 if (peer
->orf_plist
[afi
][safi
]) {
1876 updgrp
= PAF_UPDGRP(paf
);
1877 updgrp_peer
= UPDGRP_PEER(updgrp
);
1878 updgrp_peer
->orf_plist
[afi
][safi
] =
1879 peer
->orf_plist
[afi
][safi
];
1882 /* If the peer is configured for default-originate clear the
1883 * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will
1887 if (CHECK_FLAG(paf
->subgroup
->sflags
,
1888 SUBGRP_STATUS_DEFAULT_ORIGINATE
))
1889 UNSET_FLAG(paf
->subgroup
->sflags
,
1890 SUBGRP_STATUS_DEFAULT_ORIGINATE
);
1893 /* Perform route refreshment to the peer */
1894 bgp_announce_route(peer
, afi
, safi
);
1896 /* No FSM action necessary */
1897 return BGP_PACKET_NOOP
;
1901 * Parse BGP CAPABILITY message for peer.
1904 * @param size size of the packet
1905 * @return as in summary
1907 static int bgp_capability_msg_parse(struct peer
*peer
, u_char
*pnt
,
1911 struct capability_mp_data mpc
;
1912 struct capability_header
*hdr
;
1916 iana_safi_t pkt_safi
;
1922 /* We need at least action, capability code and capability
1924 if (pnt
+ 3 > end
) {
1925 zlog_info("%s Capability length error", peer
->host
);
1926 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1930 hdr
= (struct capability_header
*)(pnt
+ 1);
1932 /* Action value check. */
1933 if (action
!= CAPABILITY_ACTION_SET
1934 && action
!= CAPABILITY_ACTION_UNSET
) {
1935 zlog_info("%s Capability Action Value error %d",
1936 peer
->host
, action
);
1937 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1941 if (bgp_debug_neighbor_events(peer
))
1943 "%s CAPABILITY has action: %d, code: %u, length %u",
1944 peer
->host
, action
, hdr
->code
, hdr
->length
);
1946 /* Capability length check. */
1947 if ((pnt
+ hdr
->length
+ 3) > end
) {
1948 zlog_info("%s Capability length error", peer
->host
);
1949 bgp_notify_send(peer
, BGP_NOTIFY_CEASE
, 0);
1953 /* Fetch structure to the byte stream. */
1954 memcpy(&mpc
, pnt
+ 3, sizeof(struct capability_mp_data
));
1955 pnt
+= hdr
->length
+ 3;
1957 /* We know MP Capability Code. */
1958 if (hdr
->code
== CAPABILITY_CODE_MP
) {
1959 pkt_afi
= ntohs(mpc
.afi
);
1960 pkt_safi
= mpc
.safi
;
1962 /* Ignore capability when override-capability is set. */
1963 if (CHECK_FLAG(peer
->flags
,
1964 PEER_FLAG_OVERRIDE_CAPABILITY
))
1967 /* Convert AFI, SAFI to internal values. */
1968 if (bgp_map_afi_safi_iana2int(pkt_afi
, pkt_safi
, &afi
,
1970 if (bgp_debug_neighbor_events(peer
))
1972 "%s Dynamic Capability MP_EXT afi/safi invalid "
1974 peer
->host
, pkt_afi
, pkt_safi
);
1978 /* Address family check. */
1979 if (bgp_debug_neighbor_events(peer
))
1981 "%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u",
1983 action
== CAPABILITY_ACTION_SET
1988 if (action
== CAPABILITY_ACTION_SET
) {
1989 peer
->afc_recv
[afi
][safi
] = 1;
1990 if (peer
->afc
[afi
][safi
]) {
1991 peer
->afc_nego
[afi
][safi
] = 1;
1992 bgp_announce_route(peer
, afi
, safi
);
1995 peer
->afc_recv
[afi
][safi
] = 0;
1996 peer
->afc_nego
[afi
][safi
] = 0;
1998 if (peer_active_nego(peer
))
1999 bgp_clear_route(peer
, afi
, safi
);
2005 "%s unrecognized capability code: %d - ignored",
2006 peer
->host
, hdr
->code
);
2010 /* No FSM action necessary */
2011 return BGP_PACKET_NOOP
;
2015 * Parse BGP CAPABILITY message for peer.
2017 * Exported for unit testing.
2020 * @param size size of the packet
2021 * @return as in summary
2023 int bgp_capability_receive(struct peer
*peer
, bgp_size_t size
)
2027 /* Fetch pointer. */
2028 pnt
= stream_pnt(peer
->curr
);
2030 if (bgp_debug_neighbor_events(peer
))
2031 zlog_debug("%s rcv CAPABILITY", peer
->host
);
2033 /* If peer does not have the capability, send notification. */
2034 if (!CHECK_FLAG(peer
->cap
, PEER_CAP_DYNAMIC_ADV
)) {
2035 zlog_err("%s [Error] BGP dynamic capability is not enabled",
2037 bgp_notify_send(peer
, BGP_NOTIFY_HEADER_ERR
,
2038 BGP_NOTIFY_HEADER_BAD_MESTYPE
);
2042 /* Status must be Established. */
2043 if (peer
->status
!= Established
) {
2045 "%s [Error] Dynamic capability packet received under status %s",
2047 lookup_msg(bgp_status_msg
, peer
->status
, NULL
));
2048 bgp_notify_send(peer
, BGP_NOTIFY_FSM_ERR
, 0);
2053 return bgp_capability_msg_parse(peer
, pnt
, size
);
2057 * Processes a peer's input buffer.
2059 * This function sidesteps the event loop and directly calls bgp_event_update()
2060 * after processing each BGP message. This is necessary to ensure proper
2061 * ordering of FSM events and unifies the behavior that was present previously,
2062 * whereby some of the packet handling functions would update the FSM and some
2063 * would not, making event flow difficult to understand. Please think twice
2064 * before hacking this.
2066 * Thread type: THREAD_EVENT
2070 int bgp_process_packet(struct thread
*thread
)
2072 /* Yes first of all get peer pointer. */
2073 struct peer
*peer
; // peer
2074 uint32_t rpkt_quanta_old
; // how many packets to read
2075 int fsm_update_result
; // return code of bgp_event_update()
2076 int mprc
; // message processing return code
2078 peer
= THREAD_ARG(thread
);
2079 rpkt_quanta_old
= atomic_load_explicit(&peer
->bgp
->rpkt_quanta
,
2080 memory_order_relaxed
);
2081 fsm_update_result
= 0;
2083 /* Guard against scheduled events that occur after peer deletion. */
2084 if (peer
->status
== Deleted
|| peer
->status
== Clearing
)
2087 unsigned int processed
= 0;
2089 while (processed
< rpkt_quanta_old
) {
2092 char notify_data_length
[2];
2094 pthread_mutex_lock(&peer
->io_mtx
);
2096 peer
->curr
= stream_fifo_pop(peer
->ibuf
);
2098 pthread_mutex_unlock(&peer
->io_mtx
);
2100 if (peer
->curr
== NULL
) // no packets to process, hmm...
2103 /* skip the marker and copy the packet length */
2104 stream_forward_getp(peer
->curr
, BGP_MARKER_SIZE
);
2105 memcpy(notify_data_length
, stream_pnt(peer
->curr
), 2);
2107 /* read in the packet length and type */
2108 size
= stream_getw(peer
->curr
);
2109 type
= stream_getc(peer
->curr
);
2111 /* BGP packet dump function. */
2112 bgp_dump_packet(peer
, type
, peer
->curr
);
2114 /* adjust size to exclude the marker + length + type */
2115 size
-= BGP_HEADER_SIZE
;
2117 /* Read rest of the packet and call each sort of packet routine
2122 mprc
= bgp_open_receive(peer
, size
);
2123 if (mprc
== BGP_Stop
)
2125 "%s: BGP OPEN receipt failed for peer: %s",
2126 __FUNCTION__
, peer
->host
);
2128 case BGP_MSG_UPDATE
:
2130 peer
->readtime
= monotime(NULL
);
2131 mprc
= bgp_update_receive(peer
, size
);
2132 if (mprc
== BGP_Stop
)
2134 "%s: BGP UPDATE receipt failed for peer: %s",
2135 __FUNCTION__
, peer
->host
);
2137 case BGP_MSG_NOTIFY
:
2139 mprc
= bgp_notify_receive(peer
, size
);
2140 if (mprc
== BGP_Stop
)
2142 "%s: BGP NOTIFY receipt failed for peer: %s",
2143 __FUNCTION__
, peer
->host
);
2145 case BGP_MSG_KEEPALIVE
:
2146 peer
->readtime
= monotime(NULL
);
2147 peer
->keepalive_in
++;
2148 mprc
= bgp_keepalive_receive(peer
, size
);
2149 if (mprc
== BGP_Stop
)
2151 "%s: BGP KEEPALIVE receipt failed for peer: %s",
2152 __FUNCTION__
, peer
->host
);
2154 case BGP_MSG_ROUTE_REFRESH_NEW
:
2155 case BGP_MSG_ROUTE_REFRESH_OLD
:
2157 mprc
= bgp_route_refresh_receive(peer
, size
);
2158 if (mprc
== BGP_Stop
)
2160 "%s: BGP ROUTEREFRESH receipt failed for peer: %s",
2161 __FUNCTION__
, peer
->host
);
2163 case BGP_MSG_CAPABILITY
:
2164 peer
->dynamic_cap_in
++;
2165 mprc
= bgp_capability_receive(peer
, size
);
2166 if (mprc
== BGP_Stop
)
2168 "%s: BGP CAPABILITY receipt failed for peer: %s",
2169 __FUNCTION__
, peer
->host
);
2172 /* The message type should have been sanitized before we
2174 * here. Receipt of a message with an invalid header at
2176 * indicative of a security issue. */
2177 assert (!"Message of invalid type received during input processing");
2180 /* delete processed packet */
2181 stream_free(peer
->curr
);
2186 if (mprc
!= BGP_PACKET_NOOP
)
2187 fsm_update_result
= bgp_event_update(peer
, mprc
);
2191 /* If peer was deleted, do not process any more packets. This is
2193 * due to executing BGP_Stop or a stub deletion. */
2194 if (fsm_update_result
== FSM_PEER_TRANSFERRED
2195 || fsm_update_result
== FSM_PEER_STOPPED
)
2199 if (fsm_update_result
!= FSM_PEER_TRANSFERRED
2200 && fsm_update_result
!= FSM_PEER_STOPPED
) {
2201 pthread_mutex_lock(&peer
->io_mtx
);
2203 if (peer
->ibuf
->count
2204 > 0) // more work to do, come back later
2205 thread_add_event(bm
->master
, bgp_process_packet
,
2208 pthread_mutex_unlock(&peer
->io_mtx
);