]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12953 from donaldsharp/struct_event
[mirror_frr.git] / bgpd / bgp_open.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* BGP open message handling
3 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
4 */
5
6 #include <zebra.h>
7
8 #include "linklist.h"
9 #include "prefix.h"
10 #include "stream.h"
11 #include "frrevent.h"
12 #include "log.h"
13 #include "command.h"
14 #include "memory.h"
15 #include "queue.h"
16 #include "filter.h"
17
18 #include "lib/json.h"
19 #include "bgpd/bgpd.h"
20 #include "bgpd/bgp_attr.h"
21 #include "bgpd/bgp_debug.h"
22 #include "bgpd/bgp_errors.h"
23 #include "bgpd/bgp_fsm.h"
24 #include "bgpd/bgp_packet.h"
25 #include "bgpd/bgp_open.h"
26 #include "bgpd/bgp_aspath.h"
27 #include "bgpd/bgp_vty.h"
28 #include "bgpd/bgp_memory.h"
29
30 static const struct message capcode_str[] = {
31 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
32 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
33 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
34 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
35 {CAPABILITY_CODE_AS4, "4-octet AS number"},
36 {CAPABILITY_CODE_ADDPATH, "AddPath"},
37 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
38 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
39 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
40 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
41 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
42 {CAPABILITY_CODE_FQDN, "FQDN"},
43 {CAPABILITY_CODE_ENHANCED_RR, "Enhanced Route Refresh"},
44 {CAPABILITY_CODE_EXT_MESSAGE, "BGP Extended Message"},
45 {CAPABILITY_CODE_LLGR, "Long-lived BGP Graceful Restart"},
46 {CAPABILITY_CODE_ROLE, "Role"},
47 {CAPABILITY_CODE_SOFT_VERSION, "Software Version"},
48 {0}};
49
50 /* Minimum sizes for length field of each cap (so not inc. the header) */
51 static const size_t cap_minsizes[] = {
52 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
53 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
54 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
55 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
56 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
57 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
58 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
59 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
60 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
61 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
62 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
63 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
64 [CAPABILITY_CODE_ENHANCED_RR] = CAPABILITY_CODE_ENHANCED_LEN,
65 [CAPABILITY_CODE_EXT_MESSAGE] = CAPABILITY_CODE_EXT_MESSAGE_LEN,
66 [CAPABILITY_CODE_LLGR] = CAPABILITY_CODE_LLGR_LEN,
67 [CAPABILITY_CODE_ROLE] = CAPABILITY_CODE_ROLE_LEN,
68 [CAPABILITY_CODE_SOFT_VERSION] = CAPABILITY_CODE_SOFT_VERSION_LEN,
69 };
70
71 /* value the capability must be a multiple of.
72 * 0-data capabilities won't be checked against this.
73 * Other capabilities whose data doesn't fall on convenient boundaries for this
74 * table should be set to 1.
75 */
76 static const size_t cap_modsizes[] = {
77 [CAPABILITY_CODE_MP] = 4,
78 [CAPABILITY_CODE_REFRESH] = 1,
79 [CAPABILITY_CODE_ORF] = 1,
80 [CAPABILITY_CODE_RESTART] = 1,
81 [CAPABILITY_CODE_AS4] = 4,
82 [CAPABILITY_CODE_ADDPATH] = 4,
83 [CAPABILITY_CODE_DYNAMIC] = 1,
84 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
85 [CAPABILITY_CODE_ENHE] = 6,
86 [CAPABILITY_CODE_REFRESH_OLD] = 1,
87 [CAPABILITY_CODE_ORF_OLD] = 1,
88 [CAPABILITY_CODE_FQDN] = 1,
89 [CAPABILITY_CODE_ENHANCED_RR] = 1,
90 [CAPABILITY_CODE_EXT_MESSAGE] = 1,
91 [CAPABILITY_CODE_LLGR] = 1,
92 [CAPABILITY_CODE_ROLE] = 1,
93 [CAPABILITY_CODE_SOFT_VERSION] = 1,
94 };
95
96 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
97 negotiate remote peer supports extentions or not. But if
98 remote-peer doesn't supports negotiation process itself. We would
99 like to do manual configuration.
100
101 So there is many configurable point. First of all we want set each
102 peer whether we send capability negotiation to the peer or not.
103 Next, if we send capability to the peer we want to set my capability
104 inforation at each peer. */
105
106 void bgp_capability_vty_out(struct vty *vty, struct peer *peer, bool use_json,
107 json_object *json_neigh)
108 {
109 char *pnt;
110 char *end;
111 struct capability_mp_data mpc;
112 struct capability_header *hdr;
113 json_object *json_cap = NULL;
114
115 if (use_json)
116 json_cap = json_object_new_object();
117
118 pnt = peer->notify.data;
119 end = pnt + peer->notify.length;
120
121 while (pnt < end) {
122 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
123 return;
124
125 hdr = (struct capability_header *)pnt;
126 if (pnt + hdr->length + 2 > end)
127 return;
128
129 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
130
131 if (hdr->code == CAPABILITY_CODE_MP) {
132 afi_t afi;
133 safi_t safi;
134
135 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
136 mpc.safi, &afi, &safi);
137
138 if (use_json) {
139 switch (afi) {
140 case AFI_IP:
141 json_object_string_add(
142 json_cap,
143 "capabilityErrorMultiProtocolAfi",
144 "IPv4");
145 break;
146 case AFI_IP6:
147 json_object_string_add(
148 json_cap,
149 "capabilityErrorMultiProtocolAfi",
150 "IPv6");
151 break;
152 case AFI_L2VPN:
153 json_object_string_add(
154 json_cap,
155 "capabilityErrorMultiProtocolAfi",
156 "L2VPN");
157 break;
158 case AFI_UNSPEC:
159 case AFI_MAX:
160 json_object_int_add(
161 json_cap,
162 "capabilityErrorMultiProtocolAfiUnknown",
163 ntohs(mpc.afi));
164 break;
165 }
166 switch (safi) {
167 case SAFI_UNICAST:
168 json_object_string_add(
169 json_cap,
170 "capabilityErrorMultiProtocolSafi",
171 "unicast");
172 break;
173 case SAFI_MULTICAST:
174 json_object_string_add(
175 json_cap,
176 "capabilityErrorMultiProtocolSafi",
177 "multicast");
178 break;
179 case SAFI_LABELED_UNICAST:
180 json_object_string_add(
181 json_cap,
182 "capabilityErrorMultiProtocolSafi",
183 "labeled-unicast");
184 break;
185 case SAFI_MPLS_VPN:
186 json_object_string_add(
187 json_cap,
188 "capabilityErrorMultiProtocolSafi",
189 "MPLS-labeled VPN");
190 break;
191 case SAFI_ENCAP:
192 json_object_string_add(
193 json_cap,
194 "capabilityErrorMultiProtocolSafi",
195 "encap");
196 break;
197 case SAFI_EVPN:
198 json_object_string_add(
199 json_cap,
200 "capabilityErrorMultiProtocolSafi",
201 "EVPN");
202 break;
203 case SAFI_FLOWSPEC:
204 json_object_string_add(
205 json_cap,
206 "capabilityErrorMultiProtocolSafi",
207 "flowspec");
208 break;
209 case SAFI_UNSPEC:
210 case SAFI_MAX:
211 json_object_int_add(
212 json_cap,
213 "capabilityErrorMultiProtocolSafiUnknown",
214 mpc.safi);
215 break;
216 }
217 } else {
218 vty_out(vty,
219 " Capability error for: Multi protocol ");
220 switch (afi) {
221 case AFI_IP:
222 vty_out(vty, "AFI IPv4, ");
223 break;
224 case AFI_IP6:
225 vty_out(vty, "AFI IPv6, ");
226 break;
227 case AFI_L2VPN:
228 vty_out(vty, "AFI L2VPN, ");
229 break;
230 case AFI_UNSPEC:
231 case AFI_MAX:
232 vty_out(vty, "AFI Unknown %d, ",
233 ntohs(mpc.afi));
234 break;
235 }
236 switch (safi) {
237 case SAFI_UNICAST:
238 vty_out(vty, "SAFI Unicast");
239 break;
240 case SAFI_MULTICAST:
241 vty_out(vty, "SAFI Multicast");
242 break;
243 case SAFI_LABELED_UNICAST:
244 vty_out(vty, "SAFI Labeled-unicast");
245 break;
246 case SAFI_MPLS_VPN:
247 vty_out(vty, "SAFI MPLS-labeled VPN");
248 break;
249 case SAFI_ENCAP:
250 vty_out(vty, "SAFI ENCAP");
251 break;
252 case SAFI_FLOWSPEC:
253 vty_out(vty, "SAFI FLOWSPEC");
254 break;
255 case SAFI_EVPN:
256 vty_out(vty, "SAFI EVPN");
257 break;
258 case SAFI_UNSPEC:
259 case SAFI_MAX:
260 vty_out(vty, "SAFI Unknown %d ",
261 mpc.safi);
262 break;
263 }
264 vty_out(vty, "\n");
265 }
266 } else if (hdr->code >= 128) {
267 if (use_json)
268 json_object_int_add(
269 json_cap,
270 "capabilityErrorVendorSpecificCapabilityCode",
271 hdr->code);
272 else
273 vty_out(vty,
274 " Capability error: vendor specific capability code %d",
275 hdr->code);
276 } else {
277 if (use_json)
278 json_object_int_add(
279 json_cap,
280 "capabilityErrorUnknownCapabilityCode",
281 hdr->code);
282 else
283 vty_out(vty,
284 " Capability error: unknown capability code %d",
285 hdr->code);
286 }
287 pnt += hdr->length + 2;
288 }
289 if (use_json)
290 json_object_object_add(json_neigh, "capabilityErrors",
291 json_cap);
292 }
293
294 static void bgp_capability_mp_data(struct stream *s,
295 struct capability_mp_data *mpc)
296 {
297 mpc->afi = stream_getw(s);
298 mpc->reserved = stream_getc(s);
299 mpc->safi = stream_getc(s);
300 }
301
302 /* Set negotiated capability value. */
303 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
304 {
305 struct capability_mp_data mpc;
306 struct stream *s = BGP_INPUT(peer);
307 afi_t afi;
308 safi_t safi;
309
310 /* Verify length is 4 */
311 if (hdr->length != 4) {
312 flog_warn(
313 EC_BGP_CAPABILITY_INVALID_LENGTH,
314 "MP Cap: Received invalid length %d, non-multiple of 4",
315 hdr->length);
316 return -1;
317 }
318
319 bgp_capability_mp_data(s, &mpc);
320
321 if (bgp_debug_neighbor_events(peer))
322 zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s",
323 peer->host, lookup_msg(capcode_str, hdr->code, NULL),
324 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
325
326 /* Convert AFI, SAFI to internal values, check. */
327 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
328 return -1;
329
330 /* Now safi remapped, and afi/safi are valid array indices */
331 peer->afc_recv[afi][safi] = 1;
332
333 if (peer->afc[afi][safi])
334 peer->afc_nego[afi][safi] = 1;
335 else
336 return -1;
337
338 return 0;
339 }
340
341 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
342 iana_safi_t safi, uint8_t type,
343 uint8_t mode)
344 {
345 if (bgp_debug_neighbor_events(peer))
346 zlog_debug(
347 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
348 peer->host, afi, safi, type, mode);
349 }
350
351 static const struct message orf_type_str[] = {
352 {ORF_TYPE_RESERVED, "Reserved"},
353 {ORF_TYPE_PREFIX, "Prefixlist"},
354 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
355 {0}};
356
357 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
358 {ORF_MODE_SEND, "Send"},
359 {ORF_MODE_BOTH, "Both"},
360 {0}};
361
362 static int bgp_capability_orf_entry(struct peer *peer,
363 struct capability_header *hdr)
364 {
365 struct stream *s = BGP_INPUT(peer);
366 struct capability_mp_data mpc;
367 uint8_t num;
368 iana_afi_t pkt_afi;
369 afi_t afi;
370 iana_safi_t pkt_safi;
371 safi_t safi;
372 uint8_t type;
373 uint8_t mode;
374 uint16_t sm_cap = 0; /* capability send-mode receive */
375 uint16_t rm_cap = 0; /* capability receive-mode receive */
376 int i;
377
378 /* ORF Entry header */
379 bgp_capability_mp_data(s, &mpc);
380 num = stream_getc(s);
381 pkt_afi = mpc.afi;
382 pkt_safi = mpc.safi;
383
384 if (bgp_debug_neighbor_events(peer))
385 zlog_debug("%s ORF Cap entry for afi/safi: %s/%s", peer->host,
386 iana_afi2str(mpc.afi), iana_safi2str(mpc.safi));
387
388 /* Convert AFI, SAFI to internal values, check. */
389 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
390 zlog_info(
391 "%s Addr-family %d/%d not supported. Ignoring the ORF capability",
392 peer->host, pkt_afi, pkt_safi);
393 return 0;
394 }
395
396 mpc.afi = pkt_afi;
397 mpc.safi = safi;
398
399 /* validate number field */
400 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
401 zlog_info(
402 "%s ORF Capability entry length error, Cap length %u, num %u",
403 peer->host, hdr->length, num);
404 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
405 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
406 return -1;
407 }
408
409 for (i = 0; i < num; i++) {
410 type = stream_getc(s);
411 mode = stream_getc(s);
412
413 /* ORF Mode error check */
414 switch (mode) {
415 case ORF_MODE_BOTH:
416 case ORF_MODE_SEND:
417 case ORF_MODE_RECEIVE:
418 break;
419 default:
420 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
421 type, mode);
422 continue;
423 }
424 /* ORF Type and afi/safi error checks */
425 /* capcode versus type */
426 switch (hdr->code) {
427 case CAPABILITY_CODE_ORF:
428 switch (type) {
429 case ORF_TYPE_RESERVED:
430 if (bgp_debug_neighbor_events(peer))
431 zlog_debug(
432 "%s Addr-family %d/%d has reserved ORF type, ignoring",
433 peer->host, afi, safi);
434 break;
435 case ORF_TYPE_PREFIX:
436 break;
437 default:
438 bgp_capability_orf_not_support(
439 peer, pkt_afi, pkt_safi, type, mode);
440 continue;
441 }
442 break;
443 case CAPABILITY_CODE_ORF_OLD:
444 switch (type) {
445 case ORF_TYPE_RESERVED:
446 if (bgp_debug_neighbor_events(peer))
447 zlog_debug(
448 "%s Addr-family %d/%d has reserved ORF type, ignoring",
449 peer->host, afi, safi);
450 break;
451 case ORF_TYPE_PREFIX_OLD:
452 break;
453 default:
454 bgp_capability_orf_not_support(
455 peer, pkt_afi, pkt_safi, type, mode);
456 continue;
457 }
458 break;
459 default:
460 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
461 type, mode);
462 continue;
463 }
464
465 /* AFI vs SAFI */
466 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
467 || (afi == AFI_IP && safi == SAFI_MULTICAST)
468 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
469 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
470 type, mode);
471 continue;
472 }
473
474 if (bgp_debug_neighbor_events(peer))
475 zlog_debug(
476 "%s OPEN has %s ORF capability as %s for afi/safi: %s/%s",
477 peer->host,
478 lookup_msg(orf_type_str, type, NULL),
479 lookup_msg(orf_mode_str, mode, NULL),
480 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi));
481
482 if (hdr->code == CAPABILITY_CODE_ORF) {
483 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
484 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
485 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
486 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
487 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
488 } else {
489 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
490 type, mode);
491 continue;
492 }
493
494 switch (mode) {
495 case ORF_MODE_BOTH:
496 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
497 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
498 break;
499 case ORF_MODE_SEND:
500 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
501 break;
502 case ORF_MODE_RECEIVE:
503 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
504 break;
505 }
506 }
507 return 0;
508 }
509
510 static int bgp_capability_restart(struct peer *peer,
511 struct capability_header *caphdr)
512 {
513 struct stream *s = BGP_INPUT(peer);
514 uint16_t restart_flag_time;
515 size_t end = stream_get_getp(s) + caphdr->length;
516
517 /* Verify length is a multiple of 4 */
518 if ((caphdr->length - 2) % 4) {
519 flog_warn(
520 EC_BGP_CAPABILITY_INVALID_LENGTH,
521 "Restart Cap: Received invalid length %d, non-multiple of 4",
522 caphdr->length);
523 return -1;
524 }
525
526 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
527 restart_flag_time = stream_getw(s);
528
529 /* The most significant bit is defined in [RFC4724] as
530 * the Restart State ("R") bit.
531 */
532 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_R_BIT))
533 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
534 else
535 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV);
536
537 /* The second most significant bit is defined in this
538 * document as the Graceful Notification ("N") bit.
539 */
540 if (CHECK_FLAG(restart_flag_time, GRACEFUL_RESTART_N_BIT))
541 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
542 else
543 UNSET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV);
544
545 UNSET_FLAG(restart_flag_time, 0xF000);
546 peer->v_gr_restart = restart_flag_time;
547
548 if (bgp_debug_neighbor_events(peer)) {
549 zlog_debug(
550 "%s Peer has%srestarted. Restart Time: %d, N-bit set: %s",
551 peer->host,
552 CHECK_FLAG(peer->cap,
553 PEER_CAP_GRACEFUL_RESTART_R_BIT_RCV)
554 ? " "
555 : " not ",
556 peer->v_gr_restart,
557 CHECK_FLAG(peer->cap,
558 PEER_CAP_GRACEFUL_RESTART_N_BIT_RCV)
559 ? "yes"
560 : "no");
561 }
562
563 while (stream_get_getp(s) + 4 <= end) {
564 afi_t afi;
565 safi_t safi;
566 iana_afi_t pkt_afi = stream_getw(s);
567 iana_safi_t pkt_safi = stream_getc(s);
568 uint8_t flag = stream_getc(s);
569
570 /* Convert AFI, SAFI to internal values, check. */
571 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
572 if (bgp_debug_neighbor_events(peer))
573 zlog_debug(
574 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Graceful Restart capability for this AFI/SAFI",
575 peer->host, iana_afi2str(pkt_afi),
576 iana_safi2str(pkt_safi));
577 } else if (!peer->afc[afi][safi]) {
578 if (bgp_debug_neighbor_events(peer))
579 zlog_debug(
580 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Graceful Restart capability",
581 peer->host, iana_afi2str(pkt_afi),
582 iana_safi2str(pkt_safi));
583 } else {
584 if (bgp_debug_neighbor_events(peer))
585 zlog_debug(
586 "%s Address family %s is%spreserved",
587 peer->host, get_afi_safi_str(afi, safi, false),
588 CHECK_FLAG(
589 peer->af_cap[afi][safi],
590 PEER_CAP_RESTART_AF_PRESERVE_RCV)
591 ? " "
592 : " not ");
593
594 SET_FLAG(peer->af_cap[afi][safi],
595 PEER_CAP_RESTART_AF_RCV);
596 if (CHECK_FLAG(flag, GRACEFUL_RESTART_F_BIT))
597 SET_FLAG(peer->af_cap[afi][safi],
598 PEER_CAP_RESTART_AF_PRESERVE_RCV);
599 }
600 }
601 return 0;
602 }
603
604 static int bgp_capability_llgr(struct peer *peer,
605 struct capability_header *caphdr)
606 {
607 /*
608 * +--------------------------------------------------+
609 * | Address Family Identifier (16 bits) |
610 * +--------------------------------------------------+
611 * | Subsequent Address Family Identifier (8 bits) |
612 * +--------------------------------------------------+
613 * | Flags for Address Family (8 bits) |
614 * +--------------------------------------------------+
615 * | Long-lived Stale Time (24 bits) |
616 * +--------------------------------------------------+
617 */
618 #define BGP_CAP_LLGR_MIN_PACKET_LEN 7
619 struct stream *s = BGP_INPUT(peer);
620 size_t end = stream_get_getp(s) + caphdr->length;
621
622 SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
623
624 while (stream_get_getp(s) + BGP_CAP_LLGR_MIN_PACKET_LEN <= end) {
625 afi_t afi;
626 safi_t safi;
627 iana_afi_t pkt_afi = stream_getw(s);
628 iana_safi_t pkt_safi = stream_getc(s);
629 uint8_t flags = stream_getc(s);
630 uint32_t stale_time = stream_get3(s);
631
632 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
633 if (bgp_debug_neighbor_events(peer))
634 zlog_debug(
635 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Long-lived Graceful Restart capability for this AFI/SAFI",
636 peer->host, iana_afi2str(pkt_afi),
637 iana_safi2str(pkt_safi));
638 } else if (!peer->afc[afi][safi]
639 || !CHECK_FLAG(peer->af_cap[afi][safi],
640 PEER_CAP_RESTART_AF_RCV)) {
641 if (bgp_debug_neighbor_events(peer))
642 zlog_debug(
643 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the Long-lived Graceful Restart capability",
644 peer->host, iana_afi2str(pkt_afi),
645 iana_safi2str(pkt_safi));
646 } else {
647 if (bgp_debug_neighbor_events(peer))
648 zlog_debug(
649 "%s Addr-family %s/%s(afi/safi) Long-lived Graceful Restart capability stale time %u sec",
650 peer->host, iana_afi2str(pkt_afi),
651 iana_safi2str(pkt_safi), stale_time);
652
653 peer->llgr[afi][safi].flags = flags;
654 peer->llgr[afi][safi].stale_time =
655 MIN(stale_time, peer->bgp->llgr_stale_time);
656 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_RCV);
657 }
658 }
659
660 return 0;
661 }
662
663 /* Unlike other capability parsing routines, this one returns 0 on error */
664 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
665 {
666 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
667
668 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
669 flog_err(EC_BGP_PKT_OPEN,
670 "%s AS4 capability has incorrect data length %d",
671 peer->host, hdr->length);
672 return 0;
673 }
674
675 as_t as4 = stream_getl(BGP_INPUT(peer));
676
677 if (BGP_DEBUG(as4, AS4))
678 zlog_debug(
679 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
680 peer->host, as4);
681 return as4;
682 }
683
684 static int bgp_capability_ext_message(struct peer *peer,
685 struct capability_header *hdr)
686 {
687 if (hdr->length != CAPABILITY_CODE_EXT_MESSAGE_LEN) {
688 flog_err(
689 EC_BGP_PKT_OPEN,
690 "%s: BGP Extended Message capability has incorrect data length %d",
691 peer->host, hdr->length);
692 return -1;
693 }
694
695 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV);
696
697 return 0;
698 }
699
700 static int bgp_capability_addpath(struct peer *peer,
701 struct capability_header *hdr)
702 {
703 struct stream *s = BGP_INPUT(peer);
704 size_t end = stream_get_getp(s) + hdr->length;
705
706 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
707
708 /* Verify length is a multiple of 4 */
709 if (hdr->length % 4) {
710 flog_warn(
711 EC_BGP_CAPABILITY_INVALID_LENGTH,
712 "Add Path: Received invalid length %d, non-multiple of 4",
713 hdr->length);
714 return -1;
715 }
716
717 while (stream_get_getp(s) + 4 <= end) {
718 afi_t afi;
719 safi_t safi;
720 iana_afi_t pkt_afi = stream_getw(s);
721 iana_safi_t pkt_safi = stream_getc(s);
722 uint8_t send_receive = stream_getc(s);
723
724 if (bgp_debug_neighbor_events(peer))
725 zlog_debug(
726 "%s OPEN has %s capability for afi/safi: %s/%s%s%s",
727 peer->host,
728 lookup_msg(capcode_str, hdr->code, NULL),
729 iana_afi2str(pkt_afi), iana_safi2str(pkt_safi),
730 (send_receive & BGP_ADDPATH_RX) ? ", receive"
731 : "",
732 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
733 : "");
734
735 /* Convert AFI, SAFI to internal values, check. */
736 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
737 if (bgp_debug_neighbor_events(peer))
738 zlog_debug(
739 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the Addpath Attribute for this AFI/SAFI",
740 peer->host, iana_afi2str(pkt_afi),
741 iana_safi2str(pkt_safi));
742 continue;
743 } else if (!peer->afc[afi][safi]) {
744 if (bgp_debug_neighbor_events(peer))
745 zlog_debug(
746 "%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
747 peer->host, iana_afi2str(pkt_afi),
748 iana_safi2str(pkt_safi));
749 continue;
750 }
751
752 if (send_receive & BGP_ADDPATH_RX)
753 SET_FLAG(peer->af_cap[afi][safi],
754 PEER_CAP_ADDPATH_AF_RX_RCV);
755
756 if (send_receive & BGP_ADDPATH_TX)
757 SET_FLAG(peer->af_cap[afi][safi],
758 PEER_CAP_ADDPATH_AF_TX_RCV);
759 }
760
761 return 0;
762 }
763
764 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
765 {
766 struct stream *s = BGP_INPUT(peer);
767 size_t end = stream_get_getp(s) + hdr->length;
768
769 /* Verify length is a multiple of 4 */
770 if (hdr->length % 6) {
771 flog_warn(
772 EC_BGP_CAPABILITY_INVALID_LENGTH,
773 "Extended NH: Received invalid length %d, non-multiple of 6",
774 hdr->length);
775 return -1;
776 }
777
778 while (stream_get_getp(s) + 6 <= end) {
779 iana_afi_t pkt_afi = stream_getw(s);
780 afi_t afi;
781 iana_safi_t pkt_safi = stream_getw(s);
782 safi_t safi;
783 iana_afi_t pkt_nh_afi = stream_getw(s);
784 afi_t nh_afi;
785
786 if (bgp_debug_neighbor_events(peer))
787 zlog_debug(
788 "%s Received with afi/safi/next-hop afi: %s/%s/%u",
789 peer->host, iana_afi2str(pkt_afi),
790 iana_safi2str(pkt_safi), pkt_nh_afi);
791
792 /* Convert AFI, SAFI to internal values, check. */
793 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
794 if (bgp_debug_neighbor_events(peer))
795 zlog_debug(
796 "%s Addr-family %s/%s(afi/safi) not supported. Ignore the ENHE Attribute for this AFI/SAFI",
797 peer->host, iana_afi2str(pkt_afi),
798 iana_safi2str(pkt_safi));
799 continue;
800 }
801
802 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
803 * with
804 * the Nexthop AFI being IPv6. A future spec may introduce other
805 * possibilities, so we ignore other values with a log. Also,
806 * only
807 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
808 * (and expected).
809 */
810 nh_afi = afi_iana2int(pkt_nh_afi);
811
812 if (afi != AFI_IP || nh_afi != AFI_IP6
813 || !(safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
814 || safi == SAFI_LABELED_UNICAST)) {
815 flog_warn(
816 EC_BGP_CAPABILITY_INVALID_DATA,
817 "%s Unexpected afi/safi/next-hop afi: %s/%s/%u in Extended Next-hop capability, ignoring",
818 peer->host, iana_afi2str(pkt_afi),
819 iana_safi2str(pkt_safi), pkt_nh_afi);
820 continue;
821 }
822
823 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
824
825 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
826 SET_FLAG(peer->af_cap[afi][safi],
827 PEER_CAP_ENHE_AF_NEGO);
828 }
829
830 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
831
832 return 0;
833 }
834
835 static int bgp_capability_hostname(struct peer *peer,
836 struct capability_header *hdr)
837 {
838 struct stream *s = BGP_INPUT(peer);
839 char str[BGP_MAX_HOSTNAME + 1];
840 size_t end = stream_get_getp(s) + hdr->length;
841 uint8_t len;
842
843 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
844
845 len = stream_getc(s);
846 if (stream_get_getp(s) + len > end) {
847 flog_warn(
848 EC_BGP_CAPABILITY_INVALID_DATA,
849 "%s: Received malformed hostname capability from peer %s",
850 __func__, peer->host);
851 return -1;
852 }
853
854 if (len > BGP_MAX_HOSTNAME) {
855 stream_get(str, s, BGP_MAX_HOSTNAME);
856 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
857 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
858 } else if (len)
859 stream_get(str, s, len);
860
861 if (len) {
862 str[len] = '\0';
863
864 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
865 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
866
867 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
868 }
869
870 if (stream_get_getp(s) + 1 > end) {
871 flog_warn(
872 EC_BGP_CAPABILITY_INVALID_DATA,
873 "%s: Received invalid domain name len (hostname capability) from peer %s",
874 __func__, peer->host);
875 return -1;
876 }
877
878 len = stream_getc(s);
879 if (stream_get_getp(s) + len > end) {
880 flog_warn(
881 EC_BGP_CAPABILITY_INVALID_DATA,
882 "%s: Received runt domain name (hostname capability) from peer %s",
883 __func__, peer->host);
884 return -1;
885 }
886
887 if (len > BGP_MAX_HOSTNAME) {
888 stream_get(str, s, BGP_MAX_HOSTNAME);
889 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
890 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
891 } else if (len)
892 stream_get(str, s, len);
893
894 if (len) {
895 str[len] = '\0';
896
897 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
898
899 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
900 }
901
902 if (bgp_debug_neighbor_events(peer)) {
903 zlog_debug("%s received hostname %s, domainname %s", peer->host,
904 peer->hostname, peer->domainname);
905 }
906
907 return 0;
908 }
909
910 static int bgp_capability_role(struct peer *peer, struct capability_header *hdr)
911 {
912 SET_FLAG(peer->cap, PEER_CAP_ROLE_RCV);
913 if (hdr->length != CAPABILITY_CODE_ROLE_LEN) {
914 flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
915 "Role: Received invalid length %d", hdr->length);
916 return -1;
917 }
918 uint8_t role = stream_getc(BGP_INPUT(peer));
919
920 peer->remote_role = role;
921 return 0;
922 }
923
924 static int bgp_capability_software_version(struct peer *peer,
925 struct capability_header *hdr)
926 {
927 struct stream *s = BGP_INPUT(peer);
928 char str[BGP_MAX_SOFT_VERSION + 1];
929 size_t end = stream_get_getp(s) + hdr->length;
930 uint8_t len;
931
932 SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV);
933
934 len = stream_getc(s);
935 if (stream_get_getp(s) + len > end) {
936 flog_warn(
937 EC_BGP_CAPABILITY_INVALID_DATA,
938 "%s: Received malformed Software Version capability from peer %s",
939 __func__, peer->host);
940 return -1;
941 }
942
943 if (len) {
944 stream_get(str, s, len);
945 str[len] = '\0';
946
947 XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version);
948
949 peer->soft_version = XSTRDUP(MTYPE_BGP_SOFT_VERSION, str);
950
951 if (bgp_debug_neighbor_events(peer))
952 zlog_debug("%s sent Software Version: %s", peer->host,
953 peer->soft_version);
954 }
955
956 return 0;
957 }
958
959 /**
960 * Parse given capability.
961 * XXX: This is reading into a stream, but not using stream API
962 *
963 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
964 * capabilities were encountered.
965 */
966 static int bgp_capability_parse(struct peer *peer, size_t length,
967 int *mp_capability, uint8_t **error)
968 {
969 int ret;
970 struct stream *s = BGP_INPUT(peer);
971 size_t end = stream_get_getp(s) + length;
972 uint16_t restart_flag_time = 0;
973
974 assert(STREAM_READABLE(s) >= length);
975
976 while (stream_get_getp(s) < end) {
977 size_t start;
978 uint8_t *sp = stream_pnt(s);
979 struct capability_header caphdr;
980
981 ret = 0;
982 /* We need at least capability code and capability length. */
983 if (stream_get_getp(s) + 2 > end) {
984 zlog_info("%s Capability length error (< header)",
985 peer->host);
986 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
987 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
988 return -1;
989 }
990
991 caphdr.code = stream_getc(s);
992 caphdr.length = stream_getc(s);
993 start = stream_get_getp(s);
994
995 /* Capability length check sanity check. */
996 if (start + caphdr.length > end) {
997 zlog_info("%s Capability length error (< length)",
998 peer->host);
999 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1000 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1001 return -1;
1002 }
1003
1004 if (bgp_debug_neighbor_events(peer))
1005 zlog_debug("%s OPEN has %s capability (%u), length %u",
1006 peer->host,
1007 lookup_msg(capcode_str, caphdr.code, NULL),
1008 caphdr.code, caphdr.length);
1009
1010 /* Length sanity check, type-specific, for known capabilities */
1011 switch (caphdr.code) {
1012 case CAPABILITY_CODE_MP:
1013 case CAPABILITY_CODE_REFRESH:
1014 case CAPABILITY_CODE_REFRESH_OLD:
1015 case CAPABILITY_CODE_ORF:
1016 case CAPABILITY_CODE_ORF_OLD:
1017 case CAPABILITY_CODE_RESTART:
1018 case CAPABILITY_CODE_AS4:
1019 case CAPABILITY_CODE_ADDPATH:
1020 case CAPABILITY_CODE_DYNAMIC:
1021 case CAPABILITY_CODE_DYNAMIC_OLD:
1022 case CAPABILITY_CODE_ENHE:
1023 case CAPABILITY_CODE_FQDN:
1024 case CAPABILITY_CODE_ENHANCED_RR:
1025 case CAPABILITY_CODE_EXT_MESSAGE:
1026 case CAPABILITY_CODE_ROLE:
1027 case CAPABILITY_CODE_SOFT_VERSION:
1028 /* Check length. */
1029 if (caphdr.length < cap_minsizes[caphdr.code]) {
1030 zlog_info(
1031 "%s %s Capability length error: got %u, expected at least %u",
1032 peer->host,
1033 lookup_msg(capcode_str, caphdr.code,
1034 NULL),
1035 caphdr.length,
1036 (unsigned)cap_minsizes[caphdr.code]);
1037 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1038 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1039 return -1;
1040 }
1041 if (caphdr.length
1042 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
1043 zlog_info(
1044 "%s %s Capability length error: got %u, expected a multiple of %u",
1045 peer->host,
1046 lookup_msg(capcode_str, caphdr.code,
1047 NULL),
1048 caphdr.length,
1049 (unsigned)cap_modsizes[caphdr.code]);
1050 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1051 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1052 return -1;
1053 }
1054 /* we deliberately ignore unknown codes, see below */
1055 default:
1056 break;
1057 }
1058
1059 switch (caphdr.code) {
1060 case CAPABILITY_CODE_MP: {
1061 *mp_capability = 1;
1062
1063 /* Ignore capability when override-capability is set. */
1064 if (!CHECK_FLAG(peer->flags,
1065 PEER_FLAG_OVERRIDE_CAPABILITY)) {
1066 /* Set negotiated value. */
1067 ret = bgp_capability_mp(peer, &caphdr);
1068
1069 /* Unsupported Capability. */
1070 if (ret < 0) {
1071 /* Store return data. */
1072 memcpy(*error, sp, caphdr.length + 2);
1073 *error += caphdr.length + 2;
1074 }
1075 ret = 0; /* Don't return error for this */
1076 }
1077 } break;
1078 case CAPABILITY_CODE_ENHANCED_RR:
1079 case CAPABILITY_CODE_REFRESH:
1080 case CAPABILITY_CODE_REFRESH_OLD: {
1081 /* BGP refresh capability */
1082 if (caphdr.code == CAPABILITY_CODE_ENHANCED_RR)
1083 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_RCV);
1084 else if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
1085 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
1086 else
1087 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
1088 } break;
1089 case CAPABILITY_CODE_ORF:
1090 case CAPABILITY_CODE_ORF_OLD:
1091 ret = bgp_capability_orf_entry(peer, &caphdr);
1092 break;
1093 case CAPABILITY_CODE_RESTART:
1094 ret = bgp_capability_restart(peer, &caphdr);
1095 break;
1096 case CAPABILITY_CODE_LLGR:
1097 ret = bgp_capability_llgr(peer, &caphdr);
1098 break;
1099 case CAPABILITY_CODE_DYNAMIC:
1100 case CAPABILITY_CODE_DYNAMIC_OLD:
1101 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
1102 break;
1103 case CAPABILITY_CODE_AS4:
1104 /* Already handled as a special-case parsing of the
1105 * capabilities
1106 * at the beginning of OPEN processing. So we care not a
1107 * jot
1108 * for the value really, only error case.
1109 */
1110 if (!bgp_capability_as4(peer, &caphdr))
1111 ret = -1;
1112 break;
1113 case CAPABILITY_CODE_ADDPATH:
1114 ret = bgp_capability_addpath(peer, &caphdr);
1115 break;
1116 case CAPABILITY_CODE_ENHE:
1117 ret = bgp_capability_enhe(peer, &caphdr);
1118 break;
1119 case CAPABILITY_CODE_EXT_MESSAGE:
1120 ret = bgp_capability_ext_message(peer, &caphdr);
1121 break;
1122 case CAPABILITY_CODE_FQDN:
1123 ret = bgp_capability_hostname(peer, &caphdr);
1124 break;
1125 case CAPABILITY_CODE_ROLE:
1126 ret = bgp_capability_role(peer, &caphdr);
1127 break;
1128 case CAPABILITY_CODE_SOFT_VERSION:
1129 ret = bgp_capability_software_version(peer, &caphdr);
1130 break;
1131 default:
1132 if (caphdr.code > 128) {
1133 /* We don't send Notification for unknown vendor
1134 specific
1135 capabilities. It seems reasonable for now...
1136 */
1137 flog_warn(EC_BGP_CAPABILITY_VENDOR,
1138 "%s Vendor specific capability %d",
1139 peer->host, caphdr.code);
1140 } else {
1141 flog_warn(
1142 EC_BGP_CAPABILITY_UNKNOWN,
1143 "%s unrecognized capability code: %d - ignored",
1144 peer->host, caphdr.code);
1145 memcpy(*error, sp, caphdr.length + 2);
1146 *error += caphdr.length + 2;
1147 }
1148 }
1149
1150 if (ret < 0) {
1151 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1152 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1153 return -1;
1154 }
1155 if (stream_get_getp(s) != (start + caphdr.length)) {
1156 if (stream_get_getp(s) > (start + caphdr.length))
1157 flog_warn(
1158 EC_BGP_CAPABILITY_INVALID_LENGTH,
1159 "%s Cap-parser for %s read past cap-length, %u!",
1160 peer->host,
1161 lookup_msg(capcode_str, caphdr.code,
1162 NULL),
1163 caphdr.length);
1164 stream_set_getp(s, start + caphdr.length);
1165 }
1166
1167 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV)) {
1168 UNSET_FLAG(restart_flag_time, 0xF000);
1169 peer->v_gr_restart = restart_flag_time;
1170 }
1171 }
1172 return 0;
1173 }
1174
1175 static bool strict_capability_same(struct peer *peer)
1176 {
1177 int i, j;
1178
1179 for (i = AFI_IP; i < AFI_MAX; i++)
1180 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
1181 if (peer->afc[i][j] != peer->afc_nego[i][j])
1182 return false;
1183 return true;
1184 }
1185
1186
1187 static bool bgp_role_violation(struct peer *peer)
1188 {
1189 uint8_t local_role = peer->local_role;
1190 uint8_t remote_role = peer->remote_role;
1191
1192 if (local_role != ROLE_UNDEFINED && remote_role != ROLE_UNDEFINED &&
1193 !((local_role == ROLE_PEER && remote_role == ROLE_PEER) ||
1194 (local_role == ROLE_PROVIDER && remote_role == ROLE_CUSTOMER) ||
1195 (local_role == ROLE_CUSTOMER && remote_role == ROLE_PROVIDER) ||
1196 (local_role == ROLE_RS_SERVER && remote_role == ROLE_RS_CLIENT) ||
1197 (local_role == ROLE_RS_CLIENT &&
1198 remote_role == ROLE_RS_SERVER))) {
1199 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1200 BGP_NOTIFY_OPEN_ROLE_MISMATCH);
1201 return true;
1202 }
1203 if (remote_role == ROLE_UNDEFINED &&
1204 CHECK_FLAG(peer->flags, PEER_FLAG_ROLE_STRICT_MODE)) {
1205 const char *err_msg =
1206 "Strict mode. Please set the role on your side.";
1207 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1208 BGP_NOTIFY_OPEN_ROLE_MISMATCH,
1209 (uint8_t *)err_msg, strlen(err_msg));
1210 return true;
1211 }
1212 return false;
1213 }
1214
1215
1216 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1217 * Returns 0 if no as4 found, as4cap value otherwise.
1218 */
1219 as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
1220 {
1221 struct stream *s = BGP_INPUT(peer);
1222 size_t orig_getp = stream_get_getp(s);
1223 size_t end = orig_getp + length;
1224 as_t as4 = 0;
1225
1226 if (BGP_DEBUG(as4, AS4))
1227 zlog_debug(
1228 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u, peeking for as4",
1229 peer->host, length);
1230 /* the error cases we DONT handle, we ONLY try to read as4 out of
1231 * correctly formatted options.
1232 */
1233 while (stream_get_getp(s) < end) {
1234 uint8_t opt_type;
1235 uint16_t opt_length;
1236
1237 /* Ensure we can read the option type */
1238 if (stream_get_getp(s) + 1 > end)
1239 goto end;
1240
1241 /* Fetch the option type */
1242 opt_type = stream_getc(s);
1243
1244 /*
1245 * Check the length and fetch the opt_length
1246 * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
1247 * then we do a getw which is 2 bytes. So we need to
1248 * ensure that we can read that as well
1249 */
1250 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1251 if (stream_get_getp(s) + 2 > end)
1252 goto end;
1253
1254 opt_length = stream_getw(s);
1255 } else {
1256 if (stream_get_getp(s) + 1 > end)
1257 goto end;
1258
1259 opt_length = stream_getc(s);
1260 }
1261
1262 /* Option length check. */
1263 if (stream_get_getp(s) + opt_length > end)
1264 goto end;
1265
1266 if (opt_type == BGP_OPEN_OPT_CAP) {
1267 unsigned long capd_start = stream_get_getp(s);
1268 unsigned long capd_end = capd_start + opt_length;
1269
1270 assert(capd_end <= end);
1271
1272 while (stream_get_getp(s) < capd_end) {
1273 struct capability_header hdr;
1274
1275 if (stream_get_getp(s) + 2 > capd_end)
1276 goto end;
1277
1278 hdr.code = stream_getc(s);
1279 hdr.length = stream_getc(s);
1280
1281 if ((stream_get_getp(s) + hdr.length)
1282 > capd_end)
1283 goto end;
1284
1285 if (hdr.code == CAPABILITY_CODE_AS4) {
1286 if (BGP_DEBUG(as4, AS4))
1287 zlog_debug(
1288 "[AS4] found AS4 capability, about to parse");
1289 as4 = bgp_capability_as4(peer, &hdr);
1290
1291 goto end;
1292 }
1293 stream_forward_getp(s, hdr.length);
1294 }
1295 }
1296 }
1297
1298 end:
1299 stream_set_getp(s, orig_getp);
1300 return as4;
1301 }
1302
1303 /**
1304 * Parse open option.
1305 *
1306 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1307 */
1308 int bgp_open_option_parse(struct peer *peer, uint16_t length,
1309 int *mp_capability)
1310 {
1311 int ret = 0;
1312 uint8_t *error;
1313 uint8_t error_data[BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE];
1314 struct stream *s = BGP_INPUT(peer);
1315 size_t end = stream_get_getp(s) + length;
1316
1317 error = error_data;
1318
1319 if (bgp_debug_neighbor_events(peer))
1320 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1321 peer->host, length);
1322
1323 /* Unset any previously received GR capability. */
1324 UNSET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
1325
1326 while (stream_get_getp(s) < end) {
1327 uint8_t opt_type;
1328 uint16_t opt_length;
1329
1330 /*
1331 * Check that we can read the opt_type and fetch it
1332 */
1333 if (STREAM_READABLE(s) < 1) {
1334 zlog_info("%s Option length error", peer->host);
1335 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1336 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1337 return -1;
1338 }
1339 opt_type = stream_getc(s);
1340
1341 /*
1342 * Check the length of the stream to ensure that
1343 * FRR can properly read the opt_length. Then read it
1344 */
1345 if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
1346 if (STREAM_READABLE(s) < 2) {
1347 zlog_info("%s Option length error", peer->host);
1348 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1349 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1350 return -1;
1351 }
1352
1353 opt_length = stream_getw(s);
1354 } else {
1355 if (STREAM_READABLE(s) < 1) {
1356 zlog_info("%s Option length error", peer->host);
1357 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1358 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1359 return -1;
1360 }
1361
1362 opt_length = stream_getc(s);
1363 }
1364
1365 /* Option length check. */
1366 if (STREAM_READABLE(s) < opt_length) {
1367 zlog_info("%s Option length error (%d)", peer->host,
1368 opt_length);
1369 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1370 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1371 return -1;
1372 }
1373
1374 if (bgp_debug_neighbor_events(peer))
1375 zlog_debug(
1376 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1377 peer->host, opt_type,
1378 opt_type == BGP_OPEN_OPT_CAP ? "Capability"
1379 : "Unknown",
1380 opt_length);
1381
1382 switch (opt_type) {
1383 case BGP_OPEN_OPT_CAP:
1384 ret = bgp_capability_parse(peer, opt_length,
1385 mp_capability, &error);
1386 break;
1387 default:
1388 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1389 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1390 ret = -1;
1391 break;
1392 }
1393
1394 /* Parse error. To accumulate all unsupported capability codes,
1395 bgp_capability_parse does not return -1 when encounter
1396 unsupported capability code. To detect that, please check
1397 error and erro_data pointer, like below. */
1398 if (ret < 0)
1399 return -1;
1400 }
1401
1402 /* All OPEN option is parsed. Check capability when strict compare
1403 flag is enabled.*/
1404 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1405 /* If Unsupported Capability exists. */
1406 if (error != error_data) {
1407 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1408 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1409 error_data,
1410 error - error_data);
1411 return -1;
1412 }
1413
1414 /* Check local capability does not negotiated with remote
1415 peer. */
1416 if (!strict_capability_same(peer)) {
1417 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1418 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1419 return -1;
1420 }
1421 }
1422
1423 /* Extended Message Support */
1424 peer->max_packet_size =
1425 (CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_RCV)
1426 && CHECK_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV))
1427 ? BGP_EXTENDED_MESSAGE_MAX_PACKET_SIZE
1428 : BGP_STANDARD_MESSAGE_MAX_PACKET_SIZE;
1429
1430 /* Check that roles are corresponding to each other */
1431 if (bgp_role_violation(peer))
1432 return -1;
1433
1434 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1435 error. */
1436 if (*mp_capability
1437 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1438 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1439 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1440 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1441 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1442 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1443 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1444 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1445 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1446 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1447 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1448 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1449 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1450 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1451 flog_err(EC_BGP_PKT_OPEN,
1452 "%s [Error] Configured AFI/SAFIs do not overlap with received MP capabilities",
1453 peer->host);
1454
1455 if (error != error_data)
1456 bgp_notify_send_with_data(
1457 peer, BGP_NOTIFY_OPEN_ERR,
1458 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1459 error - error_data);
1460 else
1461 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1462 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1463 return -1;
1464 }
1465 }
1466 return 0;
1467 }
1468
1469 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1470 afi_t afi, safi_t safi, uint8_t code,
1471 bool ext_opt_params)
1472 {
1473 uint16_t cap_len;
1474 uint8_t orf_len;
1475 unsigned long capp;
1476 unsigned long orfp;
1477 unsigned long numberp;
1478 int number_of_orfs = 0;
1479 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1480 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1481
1482 /* Convert AFI, SAFI to values for packet. */
1483 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1484
1485 stream_putc(s, BGP_OPEN_OPT_CAP);
1486 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1487 ext_opt_params ? stream_putw(s, 0)
1488 : stream_putc(s, 0); /* Capability Length */
1489 stream_putc(s, code); /* Capability Code */
1490 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1491 stream_putc(s, 0); /* ORF Length */
1492 stream_putw(s, pkt_afi);
1493 stream_putc(s, 0);
1494 stream_putc(s, pkt_safi);
1495 numberp = stream_get_endp(s); /* Set Number Pointer */
1496 stream_putc(s, 0); /* Number of ORFs */
1497
1498 /* Address Prefix ORF */
1499 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1500 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1501 stream_putc(s, (code == CAPABILITY_CODE_ORF
1502 ? ORF_TYPE_PREFIX
1503 : ORF_TYPE_PREFIX_OLD));
1504
1505 if (CHECK_FLAG(peer->af_flags[afi][safi],
1506 PEER_FLAG_ORF_PREFIX_SM)
1507 && CHECK_FLAG(peer->af_flags[afi][safi],
1508 PEER_FLAG_ORF_PREFIX_RM)) {
1509 SET_FLAG(peer->af_cap[afi][safi],
1510 PEER_CAP_ORF_PREFIX_SM_ADV);
1511 SET_FLAG(peer->af_cap[afi][safi],
1512 PEER_CAP_ORF_PREFIX_RM_ADV);
1513 stream_putc(s, ORF_MODE_BOTH);
1514 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1515 PEER_FLAG_ORF_PREFIX_SM)) {
1516 SET_FLAG(peer->af_cap[afi][safi],
1517 PEER_CAP_ORF_PREFIX_SM_ADV);
1518 stream_putc(s, ORF_MODE_SEND);
1519 } else {
1520 SET_FLAG(peer->af_cap[afi][safi],
1521 PEER_CAP_ORF_PREFIX_RM_ADV);
1522 stream_putc(s, ORF_MODE_RECEIVE);
1523 }
1524 number_of_orfs++;
1525 }
1526
1527 /* Total Number of ORFs. */
1528 stream_putc_at(s, numberp, number_of_orfs);
1529
1530 /* Total ORF Len. */
1531 orf_len = stream_get_endp(s) - orfp - 1;
1532 stream_putc_at(s, orfp, orf_len);
1533
1534 /* Total Capability Len. */
1535 cap_len = stream_get_endp(s) - capp - 1;
1536 ext_opt_params ? stream_putw_at(s, capp, cap_len)
1537 : stream_putc_at(s, capp, cap_len);
1538 }
1539
1540 static void bgp_peer_send_gr_capability(struct stream *s, struct peer *peer,
1541 bool ext_opt_params)
1542 {
1543 int len;
1544 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1545 afi_t afi;
1546 safi_t safi;
1547 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1548 uint32_t restart_time;
1549 unsigned long capp = 0;
1550 unsigned long rcapp = 0;
1551
1552 if (!CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)
1553 && !CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART_HELPER))
1554 return;
1555
1556 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1557 zlog_debug("[BGP_GR] Sending helper Capability for Peer :%s :",
1558 peer->host);
1559
1560 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1561 stream_putc(s, BGP_OPEN_OPT_CAP);
1562 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1563 ext_opt_params ? stream_putw(s, 0)
1564 : stream_putc(s, 0); /* Capability Length */
1565 stream_putc(s, CAPABILITY_CODE_RESTART);
1566 /* Set Restart Capability Len Pointer */
1567 rcapp = stream_get_endp(s);
1568 stream_putc(s, 0);
1569 restart_time = peer->bgp->restart_time;
1570 if (peer->bgp->t_startup) {
1571 SET_FLAG(restart_time, GRACEFUL_RESTART_R_BIT);
1572 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_R_BIT_ADV);
1573 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1574 zlog_debug("[BGP_GR] Sending R-Bit for peer: %s",
1575 peer->host);
1576 }
1577
1578 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GRACEFUL_NOTIFICATION)) {
1579 SET_FLAG(restart_time, GRACEFUL_RESTART_N_BIT);
1580 SET_FLAG(peer->cap, PEER_CAP_GRACEFUL_RESTART_N_BIT_ADV);
1581 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1582 zlog_debug("[BGP_GR] Sending N-Bit for peer: %s",
1583 peer->host);
1584 }
1585
1586 stream_putw(s, restart_time);
1587
1588 /* Send address-family specific graceful-restart capability
1589 * only when GR config is present
1590 */
1591 if (CHECK_FLAG(peer->flags, PEER_FLAG_GRACEFUL_RESTART)) {
1592 if (CHECK_FLAG(peer->bgp->flags, BGP_FLAG_GR_PRESERVE_FWD)
1593 && BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1594 zlog_debug("[BGP_GR] F bit Set");
1595
1596 FOREACH_AFI_SAFI (afi, safi) {
1597 if (!peer->afc[afi][safi])
1598 continue;
1599
1600 if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART))
1601 zlog_debug(
1602 "[BGP_GR] Sending GR Capability for AFI :%d :, SAFI :%d:",
1603 afi, safi);
1604
1605 /* Convert AFI, SAFI to values for
1606 * packet.
1607 */
1608 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1609 &pkt_safi);
1610 stream_putw(s, pkt_afi);
1611 stream_putc(s, pkt_safi);
1612 if (CHECK_FLAG(peer->bgp->flags,
1613 BGP_FLAG_GR_PRESERVE_FWD))
1614 stream_putc(s, GRACEFUL_RESTART_F_BIT);
1615 else
1616 stream_putc(s, 0);
1617 }
1618 }
1619
1620 /* Total Graceful restart capability Len. */
1621 len = stream_get_endp(s) - rcapp - 1;
1622 stream_putc_at(s, rcapp, len);
1623
1624 /* Total Capability Len. */
1625 len = stream_get_endp(s) - capp - 1;
1626 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1627 : stream_putc_at(s, capp, len);
1628 }
1629
1630 static void bgp_peer_send_llgr_capability(struct stream *s, struct peer *peer,
1631 bool ext_opt_params)
1632 {
1633 int len;
1634 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1635 afi_t afi;
1636 safi_t safi;
1637 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1638 unsigned long capp = 0;
1639 unsigned long rcapp = 0;
1640
1641 if (!CHECK_FLAG(peer->cap, PEER_CAP_RESTART_ADV))
1642 return;
1643
1644 SET_FLAG(peer->cap, PEER_CAP_LLGR_ADV);
1645
1646 stream_putc(s, BGP_OPEN_OPT_CAP);
1647 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1648 ext_opt_params ? stream_putw(s, 0)
1649 : stream_putc(s, 0); /* Capability Length */
1650 stream_putc(s, CAPABILITY_CODE_LLGR);
1651
1652 rcapp = stream_get_endp(s);
1653 stream_putc(s, 0);
1654
1655 FOREACH_AFI_SAFI (afi, safi) {
1656 if (!peer->afc[afi][safi])
1657 continue;
1658
1659 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1660
1661 stream_putw(s, pkt_afi);
1662 stream_putc(s, pkt_safi);
1663 stream_putc(s, LLGR_F_BIT);
1664 stream_put3(s, peer->bgp->llgr_stale_time);
1665
1666 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_LLGR_AF_ADV);
1667 }
1668
1669 /* Total Long-lived Graceful Restart capability Len. */
1670 len = stream_get_endp(s) - rcapp - 1;
1671 stream_putc_at(s, rcapp, len);
1672
1673 /* Total Capability Len. */
1674 len = stream_get_endp(s) - capp - 1;
1675 ext_opt_params ? stream_putw_at(s, capp, len - 1)
1676 : stream_putc_at(s, capp, len);
1677 }
1678
1679 /* Fill in capability open option to the packet. */
1680 uint16_t bgp_open_capability(struct stream *s, struct peer *peer,
1681 bool ext_opt_params)
1682 {
1683 uint16_t len;
1684 unsigned long cp, capp, rcapp, eopl = 0;
1685 iana_afi_t pkt_afi = IANA_AFI_IPV4;
1686 afi_t afi;
1687 safi_t safi;
1688 iana_safi_t pkt_safi = IANA_SAFI_UNICAST;
1689 as_t local_as;
1690 uint8_t afi_safi_count = 0;
1691 bool adv_addpath_tx = false;
1692
1693 /* Non-Ext OP Len. */
1694 cp = stream_get_endp(s);
1695 stream_putc(s, 0);
1696
1697 if (ext_opt_params) {
1698 /* Non-Ext OP Len. */
1699 stream_putc_at(s, cp, BGP_OPEN_NON_EXT_OPT_LEN);
1700
1701 /* Non-Ext OP Type */
1702 stream_putc(s, BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH);
1703
1704 /* Extended Opt. Parm. Length */
1705 eopl = stream_get_endp(s);
1706 stream_putw(s, 0);
1707 }
1708
1709 /* Do not send capability. */
1710 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1711 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1712 return 0;
1713
1714 /* MP capability for configured AFI, SAFI */
1715 FOREACH_AFI_SAFI (afi, safi) {
1716 if (peer->afc[afi][safi]) {
1717 /* Convert AFI, SAFI to values for packet. */
1718 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1719 &pkt_safi);
1720
1721 peer->afc_adv[afi][safi] = 1;
1722 stream_putc(s, BGP_OPEN_OPT_CAP);
1723 ext_opt_params
1724 ? stream_putw(s, CAPABILITY_CODE_MP_LEN + 2)
1725 : stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1726 stream_putc(s, CAPABILITY_CODE_MP);
1727 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1728 stream_putw(s, pkt_afi);
1729 stream_putc(s, 0);
1730 stream_putc(s, pkt_safi);
1731
1732 /* Extended nexthop capability - currently
1733 * supporting RFC-5549 for
1734 * Link-Local peering only
1735 */
1736 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1737 && peer->su.sa.sa_family == AF_INET6
1738 && afi == AFI_IP
1739 && (safi == SAFI_UNICAST || safi == SAFI_MPLS_VPN
1740 || safi == SAFI_LABELED_UNICAST)) {
1741 /* RFC 5549 Extended Next Hop Encoding
1742 */
1743 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1744 stream_putc(s, BGP_OPEN_OPT_CAP);
1745 ext_opt_params
1746 ? stream_putw(s,
1747 CAPABILITY_CODE_ENHE_LEN
1748 + 2)
1749 : stream_putc(s,
1750 CAPABILITY_CODE_ENHE_LEN
1751 + 2);
1752 stream_putc(s, CAPABILITY_CODE_ENHE);
1753 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1754
1755 SET_FLAG(peer->af_cap[AFI_IP][safi],
1756 PEER_CAP_ENHE_AF_ADV);
1757 stream_putw(s, pkt_afi);
1758 stream_putw(s, pkt_safi);
1759 stream_putw(s, afi_int2iana(AFI_IP6));
1760
1761 if (CHECK_FLAG(peer->af_cap[afi][safi],
1762 PEER_CAP_ENHE_AF_RCV))
1763 SET_FLAG(peer->af_cap[afi][safi],
1764 PEER_CAP_ENHE_AF_NEGO);
1765 }
1766 }
1767 }
1768
1769 /* Route refresh. */
1770 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1771 stream_putc(s, BGP_OPEN_OPT_CAP);
1772 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1773 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1774 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1775 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1776 stream_putc(s, BGP_OPEN_OPT_CAP);
1777 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_REFRESH_LEN + 2)
1778 : stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1779 stream_putc(s, CAPABILITY_CODE_REFRESH);
1780 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1781
1782 /* Enhanced Route Refresh. */
1783 SET_FLAG(peer->cap, PEER_CAP_ENHANCED_RR_ADV);
1784 stream_putc(s, BGP_OPEN_OPT_CAP);
1785 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_ENHANCED_LEN + 2)
1786 : stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN + 2);
1787 stream_putc(s, CAPABILITY_CODE_ENHANCED_RR);
1788 stream_putc(s, CAPABILITY_CODE_ENHANCED_LEN);
1789
1790 /* AS4 */
1791 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1792 stream_putc(s, BGP_OPEN_OPT_CAP);
1793 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_AS4_LEN + 2)
1794 : stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1795 stream_putc(s, CAPABILITY_CODE_AS4);
1796 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1797 if (peer->change_local_as)
1798 local_as = peer->change_local_as;
1799 else
1800 local_as = peer->local_as;
1801 stream_putl(s, local_as);
1802
1803 /* Extended Message Support */
1804 SET_FLAG(peer->cap, PEER_CAP_EXTENDED_MESSAGE_ADV);
1805 stream_putc(s, BGP_OPEN_OPT_CAP);
1806 ext_opt_params ? stream_putw(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2)
1807 : stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN + 2);
1808 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE);
1809 stream_putc(s, CAPABILITY_CODE_EXT_MESSAGE_LEN);
1810
1811 /* Role*/
1812 if (peer->local_role != ROLE_UNDEFINED) {
1813 SET_FLAG(peer->cap, PEER_CAP_ROLE_ADV);
1814 stream_putc(s, BGP_OPEN_OPT_CAP);
1815 stream_putc(s, CAPABILITY_CODE_ROLE_LEN + 2);
1816 stream_putc(s, CAPABILITY_CODE_ROLE);
1817 stream_putc(s, CAPABILITY_CODE_ROLE_LEN);
1818 stream_putc(s, peer->local_role);
1819 }
1820
1821 /* AddPath */
1822 FOREACH_AFI_SAFI (afi, safi) {
1823 if (peer->afc[afi][safi]) {
1824 afi_safi_count++;
1825
1826 /* Only advertise addpath TX if a feature that
1827 * will use it is
1828 * configured */
1829 if (peer->addpath_type[afi][safi] != BGP_ADDPATH_NONE)
1830 adv_addpath_tx = true;
1831
1832 /* If we have enabled labeled unicast, we MUST check
1833 * against unicast SAFI because addpath IDs are
1834 * allocated under unicast SAFI, the same as the RIB
1835 * is managed in unicast SAFI.
1836 */
1837 if (safi == SAFI_LABELED_UNICAST)
1838 if (peer->addpath_type[afi][SAFI_UNICAST] !=
1839 BGP_ADDPATH_NONE)
1840 adv_addpath_tx = true;
1841 }
1842 }
1843
1844 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1845 stream_putc(s, BGP_OPEN_OPT_CAP);
1846 ext_opt_params
1847 ? stream_putw(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1848 + 2)
1849 : stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count)
1850 + 2);
1851 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1852 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1853
1854 FOREACH_AFI_SAFI (afi, safi) {
1855 if (peer->afc[afi][safi]) {
1856 bool adv_addpath_rx =
1857 !CHECK_FLAG(peer->af_flags[afi][safi],
1858 PEER_FLAG_DISABLE_ADDPATH_RX);
1859 uint8_t flags = 0;
1860
1861 /* Convert AFI, SAFI to values for packet. */
1862 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1863 &pkt_safi);
1864
1865 stream_putw(s, pkt_afi);
1866 stream_putc(s, pkt_safi);
1867
1868 if (adv_addpath_rx) {
1869 SET_FLAG(flags, BGP_ADDPATH_RX);
1870 SET_FLAG(peer->af_cap[afi][safi],
1871 PEER_CAP_ADDPATH_AF_RX_ADV);
1872 } else {
1873 UNSET_FLAG(peer->af_cap[afi][safi],
1874 PEER_CAP_ADDPATH_AF_RX_ADV);
1875 }
1876
1877 if (adv_addpath_tx) {
1878 SET_FLAG(flags, BGP_ADDPATH_TX);
1879 SET_FLAG(peer->af_cap[afi][safi],
1880 PEER_CAP_ADDPATH_AF_TX_ADV);
1881 if (safi == SAFI_LABELED_UNICAST)
1882 SET_FLAG(
1883 peer->af_cap[afi][SAFI_UNICAST],
1884 PEER_CAP_ADDPATH_AF_TX_ADV);
1885 } else {
1886 UNSET_FLAG(peer->af_cap[afi][safi],
1887 PEER_CAP_ADDPATH_AF_TX_ADV);
1888 }
1889
1890 stream_putc(s, flags);
1891 }
1892 }
1893
1894 /* ORF capability. */
1895 FOREACH_AFI_SAFI (afi, safi) {
1896 if (CHECK_FLAG(peer->af_flags[afi][safi],
1897 PEER_FLAG_ORF_PREFIX_SM)
1898 || CHECK_FLAG(peer->af_flags[afi][safi],
1899 PEER_FLAG_ORF_PREFIX_RM)) {
1900 bgp_open_capability_orf(s, peer, afi, safi,
1901 CAPABILITY_CODE_ORF_OLD,
1902 ext_opt_params);
1903 bgp_open_capability_orf(s, peer, afi, safi,
1904 CAPABILITY_CODE_ORF,
1905 ext_opt_params);
1906 }
1907 }
1908
1909 /* Dynamic capability. */
1910 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1911 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1912 stream_putc(s, BGP_OPEN_OPT_CAP);
1913 ext_opt_params
1914 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1915 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1916 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1917 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1918 stream_putc(s, BGP_OPEN_OPT_CAP);
1919 ext_opt_params
1920 ? stream_putw(s, CAPABILITY_CODE_DYNAMIC_LEN + 2)
1921 : stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1922 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1923 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1924 }
1925
1926 /* Hostname capability */
1927 if (cmd_hostname_get()) {
1928 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1929 stream_putc(s, BGP_OPEN_OPT_CAP);
1930 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1931 ext_opt_params ? stream_putw(s, 0)
1932 : stream_putc(s, 0); /* Capability Length */
1933 stream_putc(s, CAPABILITY_CODE_FQDN);
1934 capp = stream_get_endp(s);
1935 stream_putc(s, 0); /* dummy len for now */
1936 len = strlen(cmd_hostname_get());
1937 if (len > BGP_MAX_HOSTNAME)
1938 len = BGP_MAX_HOSTNAME;
1939
1940 stream_putc(s, len);
1941 stream_put(s, cmd_hostname_get(), len);
1942 if (cmd_domainname_get()) {
1943 len = strlen(cmd_domainname_get());
1944 if (len > BGP_MAX_HOSTNAME)
1945 len = BGP_MAX_HOSTNAME;
1946
1947 stream_putc(s, len);
1948 stream_put(s, cmd_domainname_get(), len);
1949 } else
1950 stream_putc(s, 0); /* 0 length */
1951
1952 /* Set the lengths straight */
1953 len = stream_get_endp(s) - rcapp - 1;
1954 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
1955 : stream_putc_at(s, rcapp, len);
1956
1957 len = stream_get_endp(s) - capp - 1;
1958 stream_putc_at(s, capp, len);
1959
1960 if (bgp_debug_neighbor_events(peer))
1961 zlog_debug(
1962 "%s Sending hostname cap with hn = %s, dn = %s",
1963 peer->host, cmd_hostname_get(),
1964 cmd_domainname_get());
1965 }
1966
1967 bgp_peer_send_gr_capability(s, peer, ext_opt_params);
1968 bgp_peer_send_llgr_capability(s, peer, ext_opt_params);
1969
1970 /* Software Version capability
1971 * An implementation is REQUIRED Extended Optional Parameters
1972 * Length for BGP OPEN Message support as defined in [RFC9072].
1973 * The inclusion of the Software Version Capability is OPTIONAL.
1974 * If an implementation supports the inclusion of the capability,
1975 * the implementation MUST include a configuration switch to enable
1976 * or disable its use, and that switch MUST be off by default.
1977 */
1978 if (peergroup_flag_check(peer, PEER_FLAG_CAPABILITY_SOFT_VERSION) ||
1979 peer->sort == BGP_PEER_IBGP) {
1980 SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_ADV);
1981 stream_putc(s, BGP_OPEN_OPT_CAP);
1982 rcapp = stream_get_endp(s);
1983 ext_opt_params ? stream_putw(s, 0)
1984 : stream_putc(s, 0); /* Capability Length */
1985 stream_putc(s, CAPABILITY_CODE_SOFT_VERSION);
1986 capp = stream_get_endp(s);
1987 stream_putc(s, 0); /* dummy placeholder len */
1988
1989 /* The Capability Length SHOULD be no greater than 64.
1990 * This is the limit to allow other capabilities as much
1991 * space as they require.
1992 */
1993 len = strlen(cmd_software_version_get());
1994 if (len > BGP_MAX_SOFT_VERSION)
1995 len = BGP_MAX_SOFT_VERSION;
1996
1997 stream_putc(s, len);
1998 stream_put(s, cmd_software_version_get(), len);
1999
2000 /* Software Version capability Len. */
2001 len = stream_get_endp(s) - rcapp - 1;
2002 ext_opt_params ? stream_putw_at(s, rcapp, len - 1)
2003 : stream_putc_at(s, rcapp, len);
2004
2005 /* Total Capability Len. */
2006 len = stream_get_endp(s) - capp - 1;
2007 stream_putc_at(s, capp, len);
2008
2009 if (bgp_debug_neighbor_events(peer))
2010 zlog_debug("%s Sending Software Version cap, value: %s",
2011 peer->host, cmd_software_version_get());
2012 }
2013
2014 /* Total Opt Parm Len. */
2015 len = stream_get_endp(s) - cp - 1;
2016
2017 if (ext_opt_params) {
2018 len = stream_get_endp(s) - eopl - 2;
2019 stream_putw_at(s, eopl, len);
2020 } else {
2021 stream_putc_at(s, cp, len);
2022 }
2023
2024 return len;
2025 }
FRRouting mirror