]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_open.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2576 from pacovn/Coverity_1399228_Logically_dead_code
[mirror_frr.git] / bgpd / bgp_open.c
1 /* BGP open message handling
2 * Copyright (C) 1998, 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "linklist.h"
24 #include "prefix.h"
25 #include "stream.h"
26 #include "thread.h"
27 #include "log.h"
28 #include "command.h"
29 #include "memory.h"
30 #include "queue.h"
31 #include "filter.h"
32
33 #include "lib/json.h"
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_attr.h"
36 #include "bgpd/bgp_debug.h"
37 #include "bgpd/bgp_fsm.h"
38 #include "bgpd/bgp_packet.h"
39 #include "bgpd/bgp_open.h"
40 #include "bgpd/bgp_aspath.h"
41 #include "bgpd/bgp_vty.h"
42 #include "bgpd/bgp_memory.h"
43
44 /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
45 negotiate remote peer supports extentions or not. But if
46 remote-peer doesn't supports negotiation process itself. We would
47 like to do manual configuration.
48
49 So there is many configurable point. First of all we want set each
50 peer whether we send capability negotiation to the peer or not.
51 Next, if we send capability to the peer we want to set my capabilty
52 inforation at each peer. */
53
54 void bgp_capability_vty_out(struct vty *vty, struct peer *peer,
55 uint8_t use_json, json_object *json_neigh)
56 {
57 char *pnt;
58 char *end;
59 struct capability_mp_data mpc;
60 struct capability_header *hdr;
61 json_object *json_cap = NULL;
62
63 if (use_json)
64 json_cap = json_object_new_object();
65
66 pnt = peer->notify.data;
67 end = pnt + peer->notify.length;
68
69 while (pnt < end) {
70 if (pnt + sizeof(struct capability_mp_data) + 2 > end)
71 return;
72
73 hdr = (struct capability_header *)pnt;
74 if (pnt + hdr->length + 2 > end)
75 return;
76
77 memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data));
78
79 if (hdr->code == CAPABILITY_CODE_MP) {
80 afi_t afi;
81 safi_t safi;
82
83 (void)bgp_map_afi_safi_iana2int(ntohs(mpc.afi),
84 mpc.safi, &afi, &safi);
85
86 if (use_json) {
87 switch (afi) {
88 case AFI_IP:
89 json_object_string_add(
90 json_cap,
91 "capabilityErrorMultiProtocolAfi",
92 "IPv4");
93 break;
94 case AFI_IP6:
95 json_object_string_add(
96 json_cap,
97 "capabilityErrorMultiProtocolAfi",
98 "IPv6");
99 break;
100 case AFI_L2VPN:
101 json_object_string_add(
102 json_cap,
103 "capabilityErrorMultiProtocolAfi",
104 "L2VPN");
105 break;
106 default:
107 json_object_int_add(
108 json_cap,
109 "capabilityErrorMultiProtocolAfiUnknown",
110 ntohs(mpc.afi));
111 break;
112 }
113 switch (safi) {
114 case SAFI_UNICAST:
115 json_object_string_add(
116 json_cap,
117 "capabilityErrorMultiProtocolSafi",
118 "unicast");
119 break;
120 case SAFI_MULTICAST:
121 json_object_string_add(
122 json_cap,
123 "capabilityErrorMultiProtocolSafi",
124 "multicast");
125 break;
126 case SAFI_LABELED_UNICAST:
127 json_object_string_add(
128 json_cap,
129 "capabilityErrorMultiProtocolSafi",
130 "labeled-unicast");
131 break;
132 case SAFI_MPLS_VPN:
133 json_object_string_add(
134 json_cap,
135 "capabilityErrorMultiProtocolSafi",
136 "MPLS-labeled VPN");
137 break;
138 case SAFI_ENCAP:
139 json_object_string_add(
140 json_cap,
141 "capabilityErrorMultiProtocolSafi",
142 "encap");
143 break;
144 case SAFI_EVPN:
145 json_object_string_add(
146 json_cap,
147 "capabilityErrorMultiProtocolSafi",
148 "EVPN");
149 break;
150 case SAFI_FLOWSPEC:
151 json_object_string_add(
152 json_cap,
153 "capabilityErrorMultiProtocolSafi",
154 "flowspec");
155 break;
156 default:
157 json_object_int_add(
158 json_cap,
159 "capabilityErrorMultiProtocolSafiUnknown",
160 mpc.safi);
161 break;
162 }
163 } else {
164 vty_out(vty,
165 " Capability error for: Multi protocol ");
166 switch (afi) {
167 case AFI_IP:
168 vty_out(vty, "AFI IPv4, ");
169 break;
170 case AFI_IP6:
171 vty_out(vty, "AFI IPv6, ");
172 break;
173 case AFI_L2VPN:
174 vty_out(vty, "AFI L2VPN, ");
175 break;
176 default:
177 vty_out(vty, "AFI Unknown %d, ",
178 ntohs(mpc.afi));
179 break;
180 }
181 switch (safi) {
182 case SAFI_UNICAST:
183 vty_out(vty, "SAFI Unicast");
184 break;
185 case SAFI_MULTICAST:
186 vty_out(vty, "SAFI Multicast");
187 break;
188 case SAFI_LABELED_UNICAST:
189 vty_out(vty, "SAFI Labeled-unicast");
190 break;
191 case SAFI_MPLS_VPN:
192 vty_out(vty, "SAFI MPLS-labeled VPN");
193 break;
194 case SAFI_ENCAP:
195 vty_out(vty, "SAFI ENCAP");
196 break;
197 case SAFI_FLOWSPEC:
198 vty_out(vty, "SAFI FLOWSPEC");
199 break;
200 case SAFI_EVPN:
201 vty_out(vty, "SAFI EVPN");
202 break;
203 default:
204 vty_out(vty, "SAFI Unknown %d ",
205 mpc.safi);
206 break;
207 }
208 vty_out(vty, "\n");
209 }
210 } else if (hdr->code >= 128) {
211 if (use_json)
212 json_object_int_add(
213 json_cap,
214 "capabilityErrorVendorSpecificCapabilityCode",
215 hdr->code);
216 else
217 vty_out(vty,
218 " Capability error: vendor specific capability code %d",
219 hdr->code);
220 } else {
221 if (use_json)
222 json_object_int_add(
223 json_cap,
224 "capabilityErrorUnknownCapabilityCode",
225 hdr->code);
226 else
227 vty_out(vty,
228 " Capability error: unknown capability code %d",
229 hdr->code);
230 }
231 pnt += hdr->length + 2;
232 }
233 if (use_json)
234 json_object_object_add(json_neigh, "capabilityErrors",
235 json_cap);
236 }
237
238 static void bgp_capability_mp_data(struct stream *s,
239 struct capability_mp_data *mpc)
240 {
241 mpc->afi = stream_getw(s);
242 mpc->reserved = stream_getc(s);
243 mpc->safi = stream_getc(s);
244 }
245
246 /* Set negotiated capability value. */
247 static int bgp_capability_mp(struct peer *peer, struct capability_header *hdr)
248 {
249 struct capability_mp_data mpc;
250 struct stream *s = BGP_INPUT(peer);
251 afi_t afi;
252 safi_t safi;
253
254 /* Verify length is 4 */
255 if (hdr->length != 4) {
256 zlog_warn(
257 "MP Cap: Received invalid length %d, non-multiple of 4",
258 hdr->length);
259 return -1;
260 }
261
262 bgp_capability_mp_data(s, &mpc);
263
264 if (bgp_debug_neighbor_events(peer))
265 zlog_debug("%s OPEN has MP_EXT CAP for afi/safi: %u/%u",
266 peer->host, mpc.afi, mpc.safi);
267
268 /* Convert AFI, SAFI to internal values, check. */
269 if (bgp_map_afi_safi_iana2int(mpc.afi, mpc.safi, &afi, &safi))
270 return -1;
271
272 /* Now safi remapped, and afi/safi are valid array indices */
273 peer->afc_recv[afi][safi] = 1;
274
275 if (peer->afc[afi][safi])
276 peer->afc_nego[afi][safi] = 1;
277 else
278 return -1;
279
280 return 0;
281 }
282
283 static void bgp_capability_orf_not_support(struct peer *peer, iana_afi_t afi,
284 iana_safi_t safi, uint8_t type,
285 uint8_t mode)
286 {
287 if (bgp_debug_neighbor_events(peer))
288 zlog_debug(
289 "%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
290 peer->host, afi, safi, type, mode);
291 }
292
293 static const struct message orf_type_str[] = {
294 {ORF_TYPE_PREFIX, "Prefixlist"},
295 {ORF_TYPE_PREFIX_OLD, "Prefixlist (old)"},
296 {0}};
297
298 static const struct message orf_mode_str[] = {{ORF_MODE_RECEIVE, "Receive"},
299 {ORF_MODE_SEND, "Send"},
300 {ORF_MODE_BOTH, "Both"},
301 {0}};
302
303 static int bgp_capability_orf_entry(struct peer *peer,
304 struct capability_header *hdr)
305 {
306 struct stream *s = BGP_INPUT(peer);
307 struct capability_mp_data mpc;
308 uint8_t num;
309 iana_afi_t pkt_afi;
310 afi_t afi;
311 iana_safi_t pkt_safi;
312 safi_t safi;
313 uint8_t type;
314 uint8_t mode;
315 uint16_t sm_cap = 0; /* capability send-mode receive */
316 uint16_t rm_cap = 0; /* capability receive-mode receive */
317 int i;
318
319 /* ORF Entry header */
320 bgp_capability_mp_data(s, &mpc);
321 num = stream_getc(s);
322 pkt_afi = mpc.afi;
323 pkt_safi = mpc.safi;
324
325 if (bgp_debug_neighbor_events(peer))
326 zlog_debug("%s ORF Cap entry for afi/safi: %u/%u", peer->host,
327 mpc.afi, mpc.safi);
328
329 /* Convert AFI, SAFI to internal values, check. */
330 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
331 zlog_info(
332 "%s Addr-family %d/%d not supported."
333 " Ignoring the ORF capability",
334 peer->host, pkt_afi, pkt_safi);
335 return 0;
336 }
337
338 mpc.afi = pkt_afi;
339 mpc.safi = safi;
340
341 /* validate number field */
342 if (CAPABILITY_CODE_ORF_LEN + (num * 2) > hdr->length) {
343 zlog_info(
344 "%s ORF Capability entry length error,"
345 " Cap length %u, num %u",
346 peer->host, hdr->length, num);
347 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
348 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
349 return -1;
350 }
351
352 for (i = 0; i < num; i++) {
353 type = stream_getc(s);
354 mode = stream_getc(s);
355
356 /* ORF Mode error check */
357 switch (mode) {
358 case ORF_MODE_BOTH:
359 case ORF_MODE_SEND:
360 case ORF_MODE_RECEIVE:
361 break;
362 default:
363 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
364 type, mode);
365 continue;
366 }
367 /* ORF Type and afi/safi error checks */
368 /* capcode versus type */
369 switch (hdr->code) {
370 case CAPABILITY_CODE_ORF:
371 switch (type) {
372 case ORF_TYPE_PREFIX:
373 break;
374 default:
375 bgp_capability_orf_not_support(
376 peer, pkt_afi, pkt_safi, type, mode);
377 continue;
378 }
379 break;
380 case CAPABILITY_CODE_ORF_OLD:
381 switch (type) {
382 case ORF_TYPE_PREFIX_OLD:
383 break;
384 default:
385 bgp_capability_orf_not_support(
386 peer, pkt_afi, pkt_safi, type, mode);
387 continue;
388 }
389 break;
390 default:
391 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
392 type, mode);
393 continue;
394 }
395
396 /* AFI vs SAFI */
397 if (!((afi == AFI_IP && safi == SAFI_UNICAST)
398 || (afi == AFI_IP && safi == SAFI_MULTICAST)
399 || (afi == AFI_IP6 && safi == SAFI_UNICAST))) {
400 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
401 type, mode);
402 continue;
403 }
404
405 if (bgp_debug_neighbor_events(peer))
406 zlog_debug(
407 "%s OPEN has %s ORF capability"
408 " as %s for afi/safi: %d/%d",
409 peer->host,
410 lookup_msg(orf_type_str, type, NULL),
411 lookup_msg(orf_mode_str, mode, NULL), pkt_afi,
412 pkt_safi);
413
414 if (hdr->code == CAPABILITY_CODE_ORF) {
415 sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
416 rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
417 } else if (hdr->code == CAPABILITY_CODE_ORF_OLD) {
418 sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
419 rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
420 } else {
421 bgp_capability_orf_not_support(peer, pkt_afi, pkt_safi,
422 type, mode);
423 continue;
424 }
425
426 switch (mode) {
427 case ORF_MODE_BOTH:
428 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
429 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
430 break;
431 case ORF_MODE_SEND:
432 SET_FLAG(peer->af_cap[afi][safi], sm_cap);
433 break;
434 case ORF_MODE_RECEIVE:
435 SET_FLAG(peer->af_cap[afi][safi], rm_cap);
436 break;
437 }
438 }
439 return 0;
440 }
441
442 static int bgp_capability_restart(struct peer *peer,
443 struct capability_header *caphdr)
444 {
445 struct stream *s = BGP_INPUT(peer);
446 uint16_t restart_flag_time;
447 size_t end = stream_get_getp(s) + caphdr->length;
448
449 /* Verify length is a multiple of 4 */
450 if ((caphdr->length - 2) % 4) {
451 zlog_warn(
452 "Restart Cap: Received invalid length %d, non-multiple of 4",
453 caphdr->length);
454 return -1;
455 }
456
457 SET_FLAG(peer->cap, PEER_CAP_RESTART_RCV);
458 restart_flag_time = stream_getw(s);
459 if (CHECK_FLAG(restart_flag_time, RESTART_R_BIT))
460 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV);
461
462 UNSET_FLAG(restart_flag_time, 0xF000);
463 peer->v_gr_restart = restart_flag_time;
464
465 if (bgp_debug_neighbor_events(peer)) {
466 zlog_debug("%s OPEN has Graceful Restart capability",
467 peer->host);
468 zlog_debug("%s Peer has%srestarted. Restart Time : %d",
469 peer->host,
470 CHECK_FLAG(peer->cap, PEER_CAP_RESTART_BIT_RCV)
471 ? " "
472 : " not ",
473 peer->v_gr_restart);
474 }
475
476 while (stream_get_getp(s) + 4 <= end) {
477 afi_t afi;
478 safi_t safi;
479 iana_afi_t pkt_afi = stream_getw(s);
480 iana_safi_t pkt_safi = stream_getc(s);
481 uint8_t flag = stream_getc(s);
482
483 /* Convert AFI, SAFI to internal values, check. */
484 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
485 if (bgp_debug_neighbor_events(peer))
486 zlog_debug(
487 "%s Addr-family %d/%d(afi/safi) not supported."
488 " Ignore the Graceful Restart capability for this AFI/SAFI",
489 peer->host, pkt_afi, pkt_safi);
490 } else if (!peer->afc[afi][safi]) {
491 if (bgp_debug_neighbor_events(peer))
492 zlog_debug(
493 "%s Addr-family %d/%d(afi/safi) not enabled."
494 " Ignore the Graceful Restart capability",
495 peer->host, pkt_afi, pkt_safi);
496 } else {
497 if (bgp_debug_neighbor_events(peer))
498 zlog_debug(
499 "%s Address family %s is%spreserved",
500 peer->host, afi_safi_print(afi, safi),
501 CHECK_FLAG(
502 peer->af_cap[afi][safi],
503 PEER_CAP_RESTART_AF_PRESERVE_RCV)
504 ? " "
505 : " not ");
506
507 SET_FLAG(peer->af_cap[afi][safi],
508 PEER_CAP_RESTART_AF_RCV);
509 if (CHECK_FLAG(flag, RESTART_F_BIT))
510 SET_FLAG(peer->af_cap[afi][safi],
511 PEER_CAP_RESTART_AF_PRESERVE_RCV);
512 }
513 }
514 return 0;
515 }
516
517 /* Unlike other capability parsing routines, this one returns 0 on error */
518 static as_t bgp_capability_as4(struct peer *peer, struct capability_header *hdr)
519 {
520 SET_FLAG(peer->cap, PEER_CAP_AS4_RCV);
521
522 if (hdr->length != CAPABILITY_CODE_AS4_LEN) {
523 zlog_err("%s AS4 capability has incorrect data length %d",
524 peer->host, hdr->length);
525 return 0;
526 }
527
528 as_t as4 = stream_getl(BGP_INPUT(peer));
529
530 if (BGP_DEBUG(as4, AS4))
531 zlog_debug(
532 "%s [AS4] about to set cap PEER_CAP_AS4_RCV, got as4 %u",
533 peer->host, as4);
534 return as4;
535 }
536
537 static int bgp_capability_addpath(struct peer *peer,
538 struct capability_header *hdr)
539 {
540 struct stream *s = BGP_INPUT(peer);
541 size_t end = stream_get_getp(s) + hdr->length;
542
543 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_RCV);
544
545 /* Verify length is a multiple of 4 */
546 if (hdr->length % 4) {
547 zlog_warn(
548 "Add Path: Received invalid length %d, non-multiple of 4",
549 hdr->length);
550 return -1;
551 }
552
553 while (stream_get_getp(s) + 4 <= end) {
554 afi_t afi;
555 safi_t safi;
556 iana_afi_t pkt_afi = stream_getw(s);
557 iana_safi_t pkt_safi = stream_getc(s);
558 uint8_t send_receive = stream_getc(s);
559
560 if (bgp_debug_neighbor_events(peer))
561 zlog_debug(
562 "%s OPEN has AddPath CAP for afi/safi: %u/%u%s%s",
563 peer->host, pkt_afi, pkt_safi,
564 (send_receive & BGP_ADDPATH_RX) ? ", receive"
565 : "",
566 (send_receive & BGP_ADDPATH_TX) ? ", transmit"
567 : "");
568
569 /* Convert AFI, SAFI to internal values, check. */
570 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
571 if (bgp_debug_neighbor_events(peer))
572 zlog_debug(
573 "%s Addr-family %d/%d(afi/safi) not supported."
574 " Ignore the Addpath Attribute for this AFI/SAFI",
575 peer->host, pkt_afi, pkt_safi);
576 continue;
577 } else if (!peer->afc[afi][safi]) {
578 if (bgp_debug_neighbor_events(peer))
579 zlog_debug(
580 "%s Addr-family %d/%d(afi/safi) not enabled."
581 " Ignore the AddPath capability for this AFI/SAFI",
582 peer->host, pkt_afi, pkt_safi);
583 continue;
584 }
585
586 if (send_receive & BGP_ADDPATH_RX)
587 SET_FLAG(peer->af_cap[afi][safi],
588 PEER_CAP_ADDPATH_AF_RX_RCV);
589
590 if (send_receive & BGP_ADDPATH_TX)
591 SET_FLAG(peer->af_cap[afi][safi],
592 PEER_CAP_ADDPATH_AF_TX_RCV);
593 }
594
595 return 0;
596 }
597
598 static int bgp_capability_enhe(struct peer *peer, struct capability_header *hdr)
599 {
600 struct stream *s = BGP_INPUT(peer);
601 size_t end = stream_get_getp(s) + hdr->length;
602
603 /* Verify length is a multiple of 4 */
604 if (hdr->length % 6) {
605 zlog_warn(
606 "Extended NH: Received invalid length %d, non-multiple of 6",
607 hdr->length);
608 return -1;
609 }
610
611 while (stream_get_getp(s) + 6 <= end) {
612 iana_afi_t pkt_afi = stream_getw(s);
613 afi_t afi;
614 iana_safi_t pkt_safi = stream_getw(s);
615 safi_t safi;
616 iana_afi_t pkt_nh_afi = stream_getw(s);
617 afi_t nh_afi;
618
619 if (bgp_debug_neighbor_events(peer))
620 zlog_debug(
621 "%s Received with afi/safi/next-hop afi: %u/%u/%u",
622 peer->host, pkt_afi, pkt_safi, pkt_nh_afi);
623
624 /* Convert AFI, SAFI to internal values, check. */
625 if (bgp_map_afi_safi_iana2int(pkt_afi, pkt_safi, &afi, &safi)) {
626 if (bgp_debug_neighbor_events(peer))
627 zlog_debug(
628 "%s Addr-family %d/%d(afi/safi) not supported."
629 " Ignore the ENHE Attribute for this AFI/SAFI",
630 peer->host, pkt_afi, pkt_safi);
631 continue;
632 }
633
634 /* RFC 5549 specifies use of this capability only for IPv4 AFI,
635 * with
636 * the Nexthop AFI being IPv6. A future spec may introduce other
637 * possibilities, so we ignore other values with a log. Also,
638 * only
639 * SAFI_UNICAST and SAFI_LABELED_UNICAST are currently supported
640 * (and expected).
641 */
642 nh_afi = afi_iana2int(pkt_nh_afi);
643
644 if (afi != AFI_IP || nh_afi != AFI_IP6
645 || !(safi == SAFI_UNICAST
646 || safi == SAFI_LABELED_UNICAST)) {
647 zlog_warn(
648 "%s Unexpected afi/safi/next-hop afi: %u/%u/%u "
649 "in Extended Next-hop capability, ignoring",
650 peer->host, pkt_afi, pkt_safi, pkt_nh_afi);
651 continue;
652 }
653
654 SET_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_RCV);
655
656 if (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ENHE_AF_ADV))
657 SET_FLAG(peer->af_cap[afi][safi],
658 PEER_CAP_ENHE_AF_NEGO);
659 }
660
661 SET_FLAG(peer->cap, PEER_CAP_ENHE_RCV);
662
663 return 0;
664 }
665
666 static int bgp_capability_hostname(struct peer *peer,
667 struct capability_header *hdr)
668 {
669 struct stream *s = BGP_INPUT(peer);
670 char str[BGP_MAX_HOSTNAME + 1];
671 size_t end = stream_get_getp(s) + hdr->length;
672 uint8_t len;
673
674 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_RCV);
675
676 len = stream_getc(s);
677 if (stream_get_getp(s) + len > end) {
678 zlog_warn(
679 "%s: Received malformed hostname capability from peer %s",
680 __FUNCTION__, peer->host);
681 return -1;
682 }
683
684 if (len > BGP_MAX_HOSTNAME) {
685 stream_get(str, s, BGP_MAX_HOSTNAME);
686 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
687 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
688 } else if (len)
689 stream_get(str, s, len);
690
691 if (len) {
692 str[len] = '\0';
693
694 if (peer->hostname != NULL) {
695 XFREE(MTYPE_BGP_PEER_HOST, peer->hostname);
696 peer->hostname = NULL;
697 }
698
699 if (peer->domainname != NULL) {
700 XFREE(MTYPE_BGP_PEER_HOST, peer->domainname);
701 peer->domainname = NULL;
702 }
703
704 peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
705 }
706
707 if (stream_get_getp(s) + 1 > end) {
708 zlog_warn(
709 "%s: Received invalid domain name len (hostname capability) from peer %s",
710 __FUNCTION__, peer->host);
711 return -1;
712 }
713
714 len = stream_getc(s);
715 if (stream_get_getp(s) + len > end) {
716 zlog_warn(
717 "%s: Received runt domain name (hostname capability) from peer %s",
718 __FUNCTION__, peer->host);
719 return -1;
720 }
721
722 if (len > BGP_MAX_HOSTNAME) {
723 stream_get(str, s, BGP_MAX_HOSTNAME);
724 stream_forward_getp(s, len - BGP_MAX_HOSTNAME);
725 len = BGP_MAX_HOSTNAME; /* to set the '\0' below */
726 } else if (len)
727 stream_get(str, s, len);
728
729 if (len) {
730 str[len] = '\0';
731 peer->domainname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
732 }
733
734 if (bgp_debug_neighbor_events(peer)) {
735 zlog_debug("%s received hostname %s, domainname %s", peer->host,
736 peer->hostname, peer->domainname);
737 }
738
739 return 0;
740 }
741
742 static const struct message capcode_str[] = {
743 {CAPABILITY_CODE_MP, "MultiProtocol Extensions"},
744 {CAPABILITY_CODE_REFRESH, "Route Refresh"},
745 {CAPABILITY_CODE_ORF, "Cooperative Route Filtering"},
746 {CAPABILITY_CODE_RESTART, "Graceful Restart"},
747 {CAPABILITY_CODE_AS4, "4-octet AS number"},
748 {CAPABILITY_CODE_ADDPATH, "AddPath"},
749 {CAPABILITY_CODE_DYNAMIC, "Dynamic"},
750 {CAPABILITY_CODE_ENHE, "Extended Next Hop Encoding"},
751 {CAPABILITY_CODE_DYNAMIC_OLD, "Dynamic (Old)"},
752 {CAPABILITY_CODE_REFRESH_OLD, "Route Refresh (Old)"},
753 {CAPABILITY_CODE_ORF_OLD, "ORF (Old)"},
754 {CAPABILITY_CODE_FQDN, "FQDN"},
755 {0}};
756
757 /* Minimum sizes for length field of each cap (so not inc. the header) */
758 static const size_t cap_minsizes[] = {
759 [CAPABILITY_CODE_MP] = CAPABILITY_CODE_MP_LEN,
760 [CAPABILITY_CODE_REFRESH] = CAPABILITY_CODE_REFRESH_LEN,
761 [CAPABILITY_CODE_ORF] = CAPABILITY_CODE_ORF_LEN,
762 [CAPABILITY_CODE_RESTART] = CAPABILITY_CODE_RESTART_LEN,
763 [CAPABILITY_CODE_AS4] = CAPABILITY_CODE_AS4_LEN,
764 [CAPABILITY_CODE_ADDPATH] = CAPABILITY_CODE_ADDPATH_LEN,
765 [CAPABILITY_CODE_DYNAMIC] = CAPABILITY_CODE_DYNAMIC_LEN,
766 [CAPABILITY_CODE_DYNAMIC_OLD] = CAPABILITY_CODE_DYNAMIC_LEN,
767 [CAPABILITY_CODE_ENHE] = CAPABILITY_CODE_ENHE_LEN,
768 [CAPABILITY_CODE_REFRESH_OLD] = CAPABILITY_CODE_REFRESH_LEN,
769 [CAPABILITY_CODE_ORF_OLD] = CAPABILITY_CODE_ORF_LEN,
770 [CAPABILITY_CODE_FQDN] = CAPABILITY_CODE_MIN_FQDN_LEN,
771 };
772
773 /* value the capability must be a multiple of.
774 * 0-data capabilities won't be checked against this.
775 * Other capabilities whose data doesn't fall on convenient boundaries for this
776 * table should be set to 1.
777 */
778 static const size_t cap_modsizes[] = {
779 [CAPABILITY_CODE_MP] = 4,
780 [CAPABILITY_CODE_REFRESH] = 1,
781 [CAPABILITY_CODE_ORF] = 1,
782 [CAPABILITY_CODE_RESTART] = 1,
783 [CAPABILITY_CODE_AS4] = 4,
784 [CAPABILITY_CODE_ADDPATH] = 4,
785 [CAPABILITY_CODE_DYNAMIC] = 1,
786 [CAPABILITY_CODE_DYNAMIC_OLD] = 1,
787 [CAPABILITY_CODE_ENHE] = 6,
788 [CAPABILITY_CODE_REFRESH_OLD] = 1,
789 [CAPABILITY_CODE_ORF_OLD] = 1,
790 [CAPABILITY_CODE_FQDN] = 1,
791 };
792
793 /**
794 * Parse given capability.
795 * XXX: This is reading into a stream, but not using stream API
796 *
797 * @param[out] mp_capability Set to 1 on return iff one or more Multiprotocol
798 * capabilities were encountered.
799 */
800 static int bgp_capability_parse(struct peer *peer, size_t length,
801 int *mp_capability, uint8_t **error)
802 {
803 int ret;
804 struct stream *s = BGP_INPUT(peer);
805 size_t end = stream_get_getp(s) + length;
806
807 assert(STREAM_READABLE(s) >= length);
808
809 while (stream_get_getp(s) < end) {
810 size_t start;
811 uint8_t *sp = stream_pnt(s);
812 struct capability_header caphdr;
813
814 ret = 0;
815 /* We need at least capability code and capability length. */
816 if (stream_get_getp(s) + 2 > end) {
817 zlog_info("%s Capability length error (< header)",
818 peer->host);
819 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
820 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
821 return -1;
822 }
823
824 caphdr.code = stream_getc(s);
825 caphdr.length = stream_getc(s);
826 start = stream_get_getp(s);
827
828 /* Capability length check sanity check. */
829 if (start + caphdr.length > end) {
830 zlog_info("%s Capability length error (< length)",
831 peer->host);
832 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
833 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
834 return -1;
835 }
836
837 if (bgp_debug_neighbor_events(peer))
838 zlog_debug("%s OPEN has %s capability (%u), length %u",
839 peer->host,
840 lookup_msg(capcode_str, caphdr.code, NULL),
841 caphdr.code, caphdr.length);
842
843 /* Length sanity check, type-specific, for known capabilities */
844 switch (caphdr.code) {
845 case CAPABILITY_CODE_MP:
846 case CAPABILITY_CODE_REFRESH:
847 case CAPABILITY_CODE_REFRESH_OLD:
848 case CAPABILITY_CODE_ORF:
849 case CAPABILITY_CODE_ORF_OLD:
850 case CAPABILITY_CODE_RESTART:
851 case CAPABILITY_CODE_AS4:
852 case CAPABILITY_CODE_ADDPATH:
853 case CAPABILITY_CODE_DYNAMIC:
854 case CAPABILITY_CODE_DYNAMIC_OLD:
855 case CAPABILITY_CODE_ENHE:
856 case CAPABILITY_CODE_FQDN:
857 /* Check length. */
858 if (caphdr.length < cap_minsizes[caphdr.code]) {
859 zlog_info(
860 "%s %s Capability length error: got %u,"
861 " expected at least %u",
862 peer->host,
863 lookup_msg(capcode_str, caphdr.code,
864 NULL),
865 caphdr.length,
866 (unsigned)cap_minsizes[caphdr.code]);
867 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
868 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
869 return -1;
870 }
871 if (caphdr.length
872 && caphdr.length % cap_modsizes[caphdr.code] != 0) {
873 zlog_info(
874 "%s %s Capability length error: got %u,"
875 " expected a multiple of %u",
876 peer->host,
877 lookup_msg(capcode_str, caphdr.code,
878 NULL),
879 caphdr.length,
880 (unsigned)cap_modsizes[caphdr.code]);
881 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
882 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
883 return -1;
884 }
885 /* we deliberately ignore unknown codes, see below */
886 default:
887 break;
888 }
889
890 switch (caphdr.code) {
891 case CAPABILITY_CODE_MP: {
892 *mp_capability = 1;
893
894 /* Ignore capability when override-capability is set. */
895 if (!CHECK_FLAG(peer->flags,
896 PEER_FLAG_OVERRIDE_CAPABILITY)) {
897 /* Set negotiated value. */
898 ret = bgp_capability_mp(peer, &caphdr);
899
900 /* Unsupported Capability. */
901 if (ret < 0) {
902 /* Store return data. */
903 memcpy(*error, sp, caphdr.length + 2);
904 *error += caphdr.length + 2;
905 }
906 ret = 0; /* Don't return error for this */
907 }
908 } break;
909 case CAPABILITY_CODE_REFRESH:
910 case CAPABILITY_CODE_REFRESH_OLD: {
911 /* BGP refresh capability */
912 if (caphdr.code == CAPABILITY_CODE_REFRESH_OLD)
913 SET_FLAG(peer->cap, PEER_CAP_REFRESH_OLD_RCV);
914 else
915 SET_FLAG(peer->cap, PEER_CAP_REFRESH_NEW_RCV);
916 } break;
917 case CAPABILITY_CODE_ORF:
918 case CAPABILITY_CODE_ORF_OLD:
919 ret = bgp_capability_orf_entry(peer, &caphdr);
920 break;
921 case CAPABILITY_CODE_RESTART:
922 ret = bgp_capability_restart(peer, &caphdr);
923 break;
924 case CAPABILITY_CODE_DYNAMIC:
925 case CAPABILITY_CODE_DYNAMIC_OLD:
926 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_RCV);
927 break;
928 case CAPABILITY_CODE_AS4:
929 /* Already handled as a special-case parsing of the
930 * capabilities
931 * at the beginning of OPEN processing. So we care not a
932 * jot
933 * for the value really, only error case.
934 */
935 if (!bgp_capability_as4(peer, &caphdr))
936 ret = -1;
937 break;
938 case CAPABILITY_CODE_ADDPATH:
939 ret = bgp_capability_addpath(peer, &caphdr);
940 break;
941 case CAPABILITY_CODE_ENHE:
942 ret = bgp_capability_enhe(peer, &caphdr);
943 break;
944 case CAPABILITY_CODE_FQDN:
945 ret = bgp_capability_hostname(peer, &caphdr);
946 break;
947 default:
948 if (caphdr.code > 128) {
949 /* We don't send Notification for unknown vendor
950 specific
951 capabilities. It seems reasonable for now...
952 */
953 zlog_warn("%s Vendor specific capability %d",
954 peer->host, caphdr.code);
955 } else {
956 zlog_warn(
957 "%s unrecognized capability code: %d - ignored",
958 peer->host, caphdr.code);
959 memcpy(*error, sp, caphdr.length + 2);
960 *error += caphdr.length + 2;
961 }
962 }
963
964 if (ret < 0) {
965 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
966 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
967 return -1;
968 }
969 if (stream_get_getp(s) != (start + caphdr.length)) {
970 if (stream_get_getp(s) > (start + caphdr.length))
971 zlog_warn(
972 "%s Cap-parser for %s read past cap-length, %u!",
973 peer->host,
974 lookup_msg(capcode_str, caphdr.code,
975 NULL),
976 caphdr.length);
977 stream_set_getp(s, start + caphdr.length);
978 }
979 }
980 return 0;
981 }
982
983 static int bgp_auth_parse(struct peer *peer, size_t length)
984 {
985 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
986 BGP_NOTIFY_OPEN_AUTH_FAILURE);
987 return -1;
988 }
989
990 static int strict_capability_same(struct peer *peer)
991 {
992 int i, j;
993
994 for (i = AFI_IP; i < AFI_MAX; i++)
995 for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
996 if (peer->afc[i][j] != peer->afc_nego[i][j])
997 return 0;
998 return 1;
999 }
1000
1001 /* peek into option, stores ASN to *as4 if the AS4 capability was found.
1002 * Returns 0 if no as4 found, as4cap value otherwise.
1003 */
1004 as_t peek_for_as4_capability(struct peer *peer, uint8_t length)
1005 {
1006 struct stream *s = BGP_INPUT(peer);
1007 size_t orig_getp = stream_get_getp(s);
1008 size_t end = orig_getp + length;
1009 as_t as4 = 0;
1010
1011 if (BGP_DEBUG(as4, AS4))
1012 zlog_info(
1013 "%s [AS4] rcv OPEN w/ OPTION parameter len: %u,"
1014 " peeking for as4",
1015 peer->host, length);
1016 /* the error cases we DONT handle, we ONLY try to read as4 out of
1017 * correctly formatted options.
1018 */
1019 while (stream_get_getp(s) < end) {
1020 uint8_t opt_type;
1021 uint8_t opt_length;
1022
1023 /* Check the length. */
1024 if (stream_get_getp(s) + 2 > end)
1025 goto end;
1026
1027 /* Fetch option type and length. */
1028 opt_type = stream_getc(s);
1029 opt_length = stream_getc(s);
1030
1031 /* Option length check. */
1032 if (stream_get_getp(s) + opt_length > end)
1033 goto end;
1034
1035 if (opt_type == BGP_OPEN_OPT_CAP) {
1036 unsigned long capd_start = stream_get_getp(s);
1037 unsigned long capd_end = capd_start + opt_length;
1038
1039 assert(capd_end <= end);
1040
1041 while (stream_get_getp(s) < capd_end) {
1042 struct capability_header hdr;
1043
1044 if (stream_get_getp(s) + 2 > capd_end)
1045 goto end;
1046
1047 hdr.code = stream_getc(s);
1048 hdr.length = stream_getc(s);
1049
1050 if ((stream_get_getp(s) + hdr.length)
1051 > capd_end)
1052 goto end;
1053
1054 if (hdr.code == CAPABILITY_CODE_AS4) {
1055 if (BGP_DEBUG(as4, AS4))
1056 zlog_info(
1057 "[AS4] found AS4 capability, about to parse");
1058 as4 = bgp_capability_as4(peer, &hdr);
1059
1060 goto end;
1061 }
1062 stream_forward_getp(s, hdr.length);
1063 }
1064 }
1065 }
1066
1067 end:
1068 stream_set_getp(s, orig_getp);
1069 return as4;
1070 }
1071
1072 /**
1073 * Parse open option.
1074 *
1075 * @param[out] mp_capability @see bgp_capability_parse() for semantics.
1076 */
1077 int bgp_open_option_parse(struct peer *peer, uint8_t length, int *mp_capability)
1078 {
1079 int ret = 0;
1080 uint8_t *error;
1081 uint8_t error_data[BGP_MAX_PACKET_SIZE];
1082 struct stream *s = BGP_INPUT(peer);
1083 size_t end = stream_get_getp(s) + length;
1084
1085 error = error_data;
1086
1087 if (bgp_debug_neighbor_events(peer))
1088 zlog_debug("%s rcv OPEN w/ OPTION parameter len: %u",
1089 peer->host, length);
1090
1091 while (stream_get_getp(s) < end) {
1092 uint8_t opt_type;
1093 uint8_t opt_length;
1094
1095 /* Must have at least an OPEN option header */
1096 if (STREAM_READABLE(s) < 2) {
1097 zlog_info("%s Option length error", peer->host);
1098 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1099 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1100 return -1;
1101 }
1102
1103 /* Fetch option type and length. */
1104 opt_type = stream_getc(s);
1105 opt_length = stream_getc(s);
1106
1107 /* Option length check. */
1108 if (STREAM_READABLE(s) < opt_length) {
1109 zlog_info("%s Option length error", peer->host);
1110 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1111 BGP_NOTIFY_OPEN_MALFORMED_ATTR);
1112 return -1;
1113 }
1114
1115 if (bgp_debug_neighbor_events(peer))
1116 zlog_debug(
1117 "%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
1118 peer->host, opt_type,
1119 opt_type == BGP_OPEN_OPT_AUTH
1120 ? "Authentication"
1121 : opt_type == BGP_OPEN_OPT_CAP
1122 ? "Capability"
1123 : "Unknown",
1124 opt_length);
1125
1126 switch (opt_type) {
1127 case BGP_OPEN_OPT_AUTH:
1128 ret = bgp_auth_parse(peer, opt_length);
1129 break;
1130 case BGP_OPEN_OPT_CAP:
1131 ret = bgp_capability_parse(peer, opt_length,
1132 mp_capability, &error);
1133 break;
1134 default:
1135 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1136 BGP_NOTIFY_OPEN_UNSUP_PARAM);
1137 ret = -1;
1138 break;
1139 }
1140
1141 /* Parse error. To accumulate all unsupported capability codes,
1142 bgp_capability_parse does not return -1 when encounter
1143 unsupported capability code. To detect that, please check
1144 error and erro_data pointer, like below. */
1145 if (ret < 0)
1146 return -1;
1147 }
1148
1149 /* All OPEN option is parsed. Check capability when strict compare
1150 flag is enabled.*/
1151 if (CHECK_FLAG(peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) {
1152 /* If Unsupported Capability exists. */
1153 if (error != error_data) {
1154 bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
1155 BGP_NOTIFY_OPEN_UNSUP_CAPBL,
1156 error_data,
1157 error - error_data);
1158 return -1;
1159 }
1160
1161 /* Check local capability does not negotiated with remote
1162 peer. */
1163 if (!strict_capability_same(peer)) {
1164 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1165 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1166 return -1;
1167 }
1168 }
1169
1170 /* Check there are no common AFI/SAFIs and send Unsupported Capability
1171 error. */
1172 if (*mp_capability
1173 && !CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) {
1174 if (!peer->afc_nego[AFI_IP][SAFI_UNICAST]
1175 && !peer->afc_nego[AFI_IP][SAFI_MULTICAST]
1176 && !peer->afc_nego[AFI_IP][SAFI_LABELED_UNICAST]
1177 && !peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
1178 && !peer->afc_nego[AFI_IP][SAFI_ENCAP]
1179 && !peer->afc_nego[AFI_IP][SAFI_FLOWSPEC]
1180 && !peer->afc_nego[AFI_IP6][SAFI_UNICAST]
1181 && !peer->afc_nego[AFI_IP6][SAFI_MULTICAST]
1182 && !peer->afc_nego[AFI_IP6][SAFI_LABELED_UNICAST]
1183 && !peer->afc_nego[AFI_IP6][SAFI_MPLS_VPN]
1184 && !peer->afc_nego[AFI_IP6][SAFI_ENCAP]
1185 && !peer->afc_nego[AFI_IP6][SAFI_FLOWSPEC]
1186 && !peer->afc_nego[AFI_L2VPN][SAFI_EVPN]) {
1187 zlog_err(
1188 "%s [Error] Configured AFI/SAFIs do not "
1189 "overlap with received MP capabilities",
1190 peer->host);
1191
1192 if (error != error_data)
1193 bgp_notify_send_with_data(
1194 peer, BGP_NOTIFY_OPEN_ERR,
1195 BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data,
1196 error - error_data);
1197 else
1198 bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
1199 BGP_NOTIFY_OPEN_UNSUP_CAPBL);
1200 return -1;
1201 }
1202 }
1203 return 0;
1204 }
1205
1206 static void bgp_open_capability_orf(struct stream *s, struct peer *peer,
1207 afi_t afi, safi_t safi, uint8_t code)
1208 {
1209 uint8_t cap_len;
1210 uint8_t orf_len;
1211 unsigned long capp;
1212 unsigned long orfp;
1213 unsigned long numberp;
1214 int number_of_orfs = 0;
1215 iana_afi_t pkt_afi;
1216 iana_safi_t pkt_safi;
1217
1218 /* Convert AFI, SAFI to values for packet. */
1219 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi, &pkt_safi);
1220
1221 stream_putc(s, BGP_OPEN_OPT_CAP);
1222 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1223 stream_putc(s, 0); /* Capability Length */
1224 stream_putc(s, code); /* Capability Code */
1225 orfp = stream_get_endp(s); /* Set ORF Len Pointer */
1226 stream_putc(s, 0); /* ORF Length */
1227 stream_putw(s, pkt_afi);
1228 stream_putc(s, 0);
1229 stream_putc(s, pkt_safi);
1230 numberp = stream_get_endp(s); /* Set Number Pointer */
1231 stream_putc(s, 0); /* Number of ORFs */
1232
1233 /* Address Prefix ORF */
1234 if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
1235 || CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM)) {
1236 stream_putc(s, (code == CAPABILITY_CODE_ORF
1237 ? ORF_TYPE_PREFIX
1238 : ORF_TYPE_PREFIX_OLD));
1239
1240 if (CHECK_FLAG(peer->af_flags[afi][safi],
1241 PEER_FLAG_ORF_PREFIX_SM)
1242 && CHECK_FLAG(peer->af_flags[afi][safi],
1243 PEER_FLAG_ORF_PREFIX_RM)) {
1244 SET_FLAG(peer->af_cap[afi][safi],
1245 PEER_CAP_ORF_PREFIX_SM_ADV);
1246 SET_FLAG(peer->af_cap[afi][safi],
1247 PEER_CAP_ORF_PREFIX_RM_ADV);
1248 stream_putc(s, ORF_MODE_BOTH);
1249 } else if (CHECK_FLAG(peer->af_flags[afi][safi],
1250 PEER_FLAG_ORF_PREFIX_SM)) {
1251 SET_FLAG(peer->af_cap[afi][safi],
1252 PEER_CAP_ORF_PREFIX_SM_ADV);
1253 stream_putc(s, ORF_MODE_SEND);
1254 } else {
1255 SET_FLAG(peer->af_cap[afi][safi],
1256 PEER_CAP_ORF_PREFIX_RM_ADV);
1257 stream_putc(s, ORF_MODE_RECEIVE);
1258 }
1259 number_of_orfs++;
1260 }
1261
1262 /* Total Number of ORFs. */
1263 stream_putc_at(s, numberp, number_of_orfs);
1264
1265 /* Total ORF Len. */
1266 orf_len = stream_get_endp(s) - orfp - 1;
1267 stream_putc_at(s, orfp, orf_len);
1268
1269 /* Total Capability Len. */
1270 cap_len = stream_get_endp(s) - capp - 1;
1271 stream_putc_at(s, capp, cap_len);
1272 }
1273
1274 /* Fill in capability open option to the packet. */
1275 void bgp_open_capability(struct stream *s, struct peer *peer)
1276 {
1277 uint8_t len;
1278 unsigned long cp, capp, rcapp;
1279 iana_afi_t pkt_afi;
1280 afi_t afi;
1281 safi_t safi;
1282 iana_safi_t pkt_safi;
1283 as_t local_as;
1284 uint32_t restart_time;
1285 uint8_t afi_safi_count = 0;
1286 int adv_addpath_tx = 0;
1287
1288 /* Remember current pointer for Opt Parm Len. */
1289 cp = stream_get_endp(s);
1290
1291 /* Opt Parm Len. */
1292 stream_putc(s, 0);
1293
1294 /* Do not send capability. */
1295 if (!CHECK_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
1296 || CHECK_FLAG(peer->flags, PEER_FLAG_DONT_CAPABILITY))
1297 return;
1298
1299 /* MP capability for configured AFI, SAFI */
1300 FOREACH_AFI_SAFI (afi, safi) {
1301 if (peer->afc[afi][safi]) {
1302 /* Convert AFI, SAFI to values for packet. */
1303 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1304 &pkt_safi);
1305
1306 peer->afc_adv[afi][safi] = 1;
1307 stream_putc(s, BGP_OPEN_OPT_CAP);
1308 stream_putc(s, CAPABILITY_CODE_MP_LEN + 2);
1309 stream_putc(s, CAPABILITY_CODE_MP);
1310 stream_putc(s, CAPABILITY_CODE_MP_LEN);
1311 stream_putw(s, pkt_afi);
1312 stream_putc(s, 0);
1313 stream_putc(s, pkt_safi);
1314
1315 /* Extended nexthop capability - currently
1316 * supporting RFC-5549 for
1317 * Link-Local peering only
1318 */
1319 if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE)
1320 && peer->su.sa.sa_family == AF_INET6
1321 && IN6_IS_ADDR_LINKLOCAL(&peer->su.sin6.sin6_addr)
1322 && afi == AFI_IP
1323 && (safi == SAFI_UNICAST
1324 || safi == SAFI_LABELED_UNICAST)) {
1325 /* RFC 5549 Extended Next Hop Encoding
1326 */
1327 SET_FLAG(peer->cap, PEER_CAP_ENHE_ADV);
1328 stream_putc(s, BGP_OPEN_OPT_CAP);
1329 stream_putc(s, CAPABILITY_CODE_ENHE_LEN + 2);
1330 stream_putc(s, CAPABILITY_CODE_ENHE);
1331 stream_putc(s, CAPABILITY_CODE_ENHE_LEN);
1332
1333 SET_FLAG(peer->af_cap[AFI_IP][safi],
1334 PEER_CAP_ENHE_AF_ADV);
1335 stream_putw(s, pkt_afi);
1336 stream_putw(s, pkt_safi);
1337 stream_putw(s, afi_int2iana(AFI_IP6));
1338
1339 if (CHECK_FLAG(peer->af_cap[afi][safi],
1340 PEER_CAP_ENHE_AF_RCV))
1341 SET_FLAG(peer->af_cap[afi][safi],
1342 PEER_CAP_ENHE_AF_NEGO);
1343 }
1344 }
1345 }
1346
1347 /* Route refresh. */
1348 SET_FLAG(peer->cap, PEER_CAP_REFRESH_ADV);
1349 stream_putc(s, BGP_OPEN_OPT_CAP);
1350 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1351 stream_putc(s, CAPABILITY_CODE_REFRESH_OLD);
1352 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1353 stream_putc(s, BGP_OPEN_OPT_CAP);
1354 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN + 2);
1355 stream_putc(s, CAPABILITY_CODE_REFRESH);
1356 stream_putc(s, CAPABILITY_CODE_REFRESH_LEN);
1357
1358 /* AS4 */
1359 SET_FLAG(peer->cap, PEER_CAP_AS4_ADV);
1360 stream_putc(s, BGP_OPEN_OPT_CAP);
1361 stream_putc(s, CAPABILITY_CODE_AS4_LEN + 2);
1362 stream_putc(s, CAPABILITY_CODE_AS4);
1363 stream_putc(s, CAPABILITY_CODE_AS4_LEN);
1364 if (peer->change_local_as)
1365 local_as = peer->change_local_as;
1366 else
1367 local_as = peer->local_as;
1368 stream_putl(s, local_as);
1369
1370 /* AddPath */
1371 FOREACH_AFI_SAFI (afi, safi) {
1372 if (peer->afc[afi][safi]) {
1373 afi_safi_count++;
1374
1375 /* Only advertise addpath TX if a feature that
1376 * will use it is
1377 * configured */
1378 if (CHECK_FLAG(peer->af_flags[afi][safi],
1379 PEER_FLAG_ADDPATH_TX_ALL_PATHS)
1380 || CHECK_FLAG(peer->af_flags[afi][safi],
1381 PEER_FLAG_ADDPATH_TX_BESTPATH_PER_AS))
1382 adv_addpath_tx = 1;
1383 }
1384 }
1385
1386 SET_FLAG(peer->cap, PEER_CAP_ADDPATH_ADV);
1387 stream_putc(s, BGP_OPEN_OPT_CAP);
1388 stream_putc(s, (CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count) + 2);
1389 stream_putc(s, CAPABILITY_CODE_ADDPATH);
1390 stream_putc(s, CAPABILITY_CODE_ADDPATH_LEN * afi_safi_count);
1391
1392 FOREACH_AFI_SAFI (afi, safi) {
1393 if (peer->afc[afi][safi]) {
1394 /* Convert AFI, SAFI to values for packet. */
1395 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1396 &pkt_safi);
1397
1398 stream_putw(s, pkt_afi);
1399 stream_putc(s, pkt_safi);
1400
1401 if (adv_addpath_tx) {
1402 stream_putc(s, BGP_ADDPATH_RX | BGP_ADDPATH_TX);
1403 SET_FLAG(peer->af_cap[afi][safi],
1404 PEER_CAP_ADDPATH_AF_RX_ADV);
1405 SET_FLAG(peer->af_cap[afi][safi],
1406 PEER_CAP_ADDPATH_AF_TX_ADV);
1407 } else {
1408 stream_putc(s, BGP_ADDPATH_RX);
1409 SET_FLAG(peer->af_cap[afi][safi],
1410 PEER_CAP_ADDPATH_AF_RX_ADV);
1411 UNSET_FLAG(peer->af_cap[afi][safi],
1412 PEER_CAP_ADDPATH_AF_TX_ADV);
1413 }
1414 }
1415 }
1416
1417 /* ORF capability. */
1418 FOREACH_AFI_SAFI (afi, safi) {
1419 if (CHECK_FLAG(peer->af_flags[afi][safi],
1420 PEER_FLAG_ORF_PREFIX_SM)
1421 || CHECK_FLAG(peer->af_flags[afi][safi],
1422 PEER_FLAG_ORF_PREFIX_RM)) {
1423 bgp_open_capability_orf(s, peer, afi, safi,
1424 CAPABILITY_CODE_ORF_OLD);
1425 bgp_open_capability_orf(s, peer, afi, safi,
1426 CAPABILITY_CODE_ORF);
1427 }
1428 }
1429
1430 /* Dynamic capability. */
1431 if (CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY)) {
1432 SET_FLAG(peer->cap, PEER_CAP_DYNAMIC_ADV);
1433 stream_putc(s, BGP_OPEN_OPT_CAP);
1434 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1435 stream_putc(s, CAPABILITY_CODE_DYNAMIC_OLD);
1436 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1437 stream_putc(s, BGP_OPEN_OPT_CAP);
1438 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
1439 stream_putc(s, CAPABILITY_CODE_DYNAMIC);
1440 stream_putc(s, CAPABILITY_CODE_DYNAMIC_LEN);
1441 }
1442
1443 /* Hostname capability */
1444 if (cmd_hostname_get()) {
1445 SET_FLAG(peer->cap, PEER_CAP_HOSTNAME_ADV);
1446 stream_putc(s, BGP_OPEN_OPT_CAP);
1447 rcapp = stream_get_endp(s); /* Ptr to length placeholder */
1448 stream_putc(s, 0); /* dummy len for now */
1449 stream_putc(s, CAPABILITY_CODE_FQDN);
1450 capp = stream_get_endp(s);
1451 stream_putc(s, 0); /* dummy len for now */
1452 len = strlen(cmd_hostname_get());
1453 if (len > BGP_MAX_HOSTNAME)
1454 len = BGP_MAX_HOSTNAME;
1455
1456 stream_putc(s, len);
1457 stream_put(s, cmd_hostname_get(), len);
1458 if (cmd_domainname_get()) {
1459 len = strlen(cmd_domainname_get());
1460 if (len > BGP_MAX_HOSTNAME)
1461 len = BGP_MAX_HOSTNAME;
1462
1463 stream_putc(s, len);
1464 stream_put(s, cmd_domainname_get(), len);
1465 } else
1466 stream_putc(s, 0); /* 0 length */
1467
1468 /* Set the lengths straight */
1469 len = stream_get_endp(s) - rcapp - 1;
1470 stream_putc_at(s, rcapp, len);
1471 len = stream_get_endp(s) - capp - 1;
1472 stream_putc_at(s, capp, len);
1473
1474 if (bgp_debug_neighbor_events(peer))
1475 zlog_debug(
1476 "%s Sending hostname cap with hn = %s, dn = %s",
1477 peer->host, cmd_hostname_get(),
1478 cmd_domainname_get());
1479 }
1480
1481 /* Sending base graceful-restart capability irrespective of the config
1482 */
1483 SET_FLAG(peer->cap, PEER_CAP_RESTART_ADV);
1484 stream_putc(s, BGP_OPEN_OPT_CAP);
1485 capp = stream_get_endp(s); /* Set Capability Len Pointer */
1486 stream_putc(s, 0); /* Capability Length */
1487 stream_putc(s, CAPABILITY_CODE_RESTART);
1488 rcapp = stream_get_endp(s); /* Set Restart Capability Len Pointer */
1489 stream_putc(s, 0);
1490 restart_time = peer->bgp->restart_time;
1491 if (peer->bgp->t_startup) {
1492 SET_FLAG(restart_time, RESTART_R_BIT);
1493 SET_FLAG(peer->cap, PEER_CAP_RESTART_BIT_ADV);
1494 }
1495 stream_putw(s, restart_time);
1496
1497 /* Send address-family specific graceful-restart capability only when GR
1498 config
1499 is present */
1500 if (bgp_flag_check(peer->bgp, BGP_FLAG_GRACEFUL_RESTART)) {
1501 FOREACH_AFI_SAFI (afi, safi) {
1502 if (peer->afc[afi][safi]) {
1503 /* Convert AFI, SAFI to values for
1504 * packet. */
1505 bgp_map_afi_safi_int2iana(afi, safi, &pkt_afi,
1506 &pkt_safi);
1507 stream_putw(s, pkt_afi);
1508 stream_putc(s, pkt_safi);
1509 if (bgp_flag_check(peer->bgp,
1510 BGP_FLAG_GR_PRESERVE_FWD))
1511 stream_putc(s, RESTART_F_BIT);
1512 else
1513 stream_putc(s, 0);
1514 }
1515 }
1516 }
1517
1518 /* Total Graceful restart capability Len. */
1519 len = stream_get_endp(s) - rcapp - 1;
1520 stream_putc_at(s, rcapp, len);
1521
1522 /* Total Capability Len. */
1523 len = stream_get_endp(s) - capp - 1;
1524 stream_putc_at(s, capp, len);
1525
1526 /* Total Opt Parm Len. */
1527 len = stream_get_endp(s) - cp - 1;
1528 stream_putc_at(s, cp, len);
1529 }
FRRouting mirror