]>
git.ipfire.org Git - thirdparty/bird.git/blob - proto/bgp/packets.c
2 * BIRD -- BGP Packet Processing
4 * (c) 2000 Martin Mares <mj@ucw.cz>
5 * (c) 2008--2016 Ondrej Zajicek <santiago@crfreenet.org>
6 * (c) 2008--2016 CZ.NIC z.s.p.o.
8 * Can be freely distributed and used under the terms of the GNU GPL.
15 #include "nest/bird.h"
16 #include "nest/iface.h"
17 #include "nest/protocol.h"
18 #include "nest/route.h"
19 #include "nest/attrs.h"
20 #include "proto/mrt/mrt.h"
21 #include "conf/conf.h"
22 #include "lib/unaligned.h"
23 #include "lib/flowspec.h"
24 #include "lib/socket.h"
31 #define BGP_RR_REQUEST 0
32 #define BGP_RR_BEGIN 1
35 #define BGP_NLRI_MAX (4 + 1 + 32)
37 #define BGP_MPLS_BOS 1 /* Bottom-of-stack bit */
38 #define BGP_MPLS_MAX 10 /* Max number of labels that 24*n <= 255 */
39 #define BGP_MPLS_NULL 3 /* Implicit NULL label */
40 #define BGP_MPLS_MAGIC 0x800000 /* Magic withdraw label value, RFC 3107 3 */
43 static struct tbf rl_rcv_update
= TBF_DEFAULT_LOG_LIMITS
;
44 static struct tbf rl_snd_update
= TBF_DEFAULT_LOG_LIMITS
;
46 /* Table for state -> RFC 6608 FSM error subcodes */
47 static byte fsm_err_subcode
[BS_MAX
] = {
54 static struct bgp_channel
*
55 bgp_get_channel(struct bgp_proto
*p
, u32 afi
)
59 for (i
= 0; i
< p
->channel_count
; i
++)
60 if (p
->afi_map
[i
] == afi
)
61 return p
->channel_map
[i
];
67 put_af3(byte
*buf
, u32 id
)
69 put_u16(buf
, id
>> 16);
74 put_af4(byte
*buf
, u32 id
)
76 put_u16(buf
, id
>> 16);
84 return (get_u16(buf
) << 16) | buf
[2];
90 return (get_u16(buf
) << 16) | buf
[3];
94 init_mrt_bgp_data(struct bgp_conn
*conn
, struct mrt_bgp_data
*d
)
96 struct bgp_proto
*p
= conn
->bgp
;
97 int p_ok
= conn
->state
>= BS_OPENCONFIRM
;
99 memset(d
, 0, sizeof(struct mrt_bgp_data
));
100 d
->peer_as
= p
->remote_as
;
101 d
->local_as
= p
->local_as
;
102 d
->index
= (p
->neigh
&& p
->neigh
->iface
) ? p
->neigh
->iface
->index
: 0;
103 d
->af
= ipa_is_ip4(p
->remote_ip
) ? BGP_AFI_IPV4
: BGP_AFI_IPV6
;
104 d
->peer_ip
= conn
->sk
? conn
->sk
->daddr
: IPA_NONE
;
105 d
->local_ip
= conn
->sk
? conn
->sk
->saddr
: IPA_NONE
;
106 d
->as4
= p_ok
? p
->as4_session
: 0;
109 static uint
bgp_find_update_afi(byte
*pos
, uint len
);
112 bgp_estimate_add_path(struct bgp_proto
*p
, byte
*pkt
, uint len
)
114 /* No need to estimate it for other messages than UPDATE */
115 if (pkt
[18] != PKT_UPDATE
)
118 /* 1 -> no channel, 2 -> all channels, 3 -> some channels */
119 if (p
->summary_add_path_rx
< 3)
120 return p
->summary_add_path_rx
== 2;
122 uint afi
= bgp_find_update_afi(pkt
, len
);
123 struct bgp_channel
*c
= bgp_get_channel(p
, afi
);
126 /* Either frame error (if !afi) or unknown AFI/SAFI,
127 will be reported later in regular parsing */
128 BGP_TRACE(D_PACKETS
, "MRT processing noticed invalid packet");
132 return c
->add_path_rx
;
136 bgp_dump_message(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
138 struct mrt_bgp_data d
;
139 init_mrt_bgp_data(conn
, &d
);
143 d
.add_path
= bgp_estimate_add_path(conn
->bgp
, pkt
, len
);
145 mrt_dump_bgp_message(&d
);
149 bgp_dump_state_change(struct bgp_conn
*conn
, uint old
, uint
new)
151 struct mrt_bgp_data d
;
152 init_mrt_bgp_data(conn
, &d
);
157 mrt_dump_bgp_state_change(&d
);
161 bgp_create_notification(struct bgp_conn
*conn
, byte
*buf
)
163 struct bgp_proto
*p
= conn
->bgp
;
165 BGP_TRACE(D_PACKETS
, "Sending NOTIFICATION(code=%d.%d)", conn
->notify_code
, conn
->notify_subcode
);
166 buf
[0] = conn
->notify_code
;
167 buf
[1] = conn
->notify_subcode
;
168 memcpy(buf
+2, conn
->notify_data
, conn
->notify_size
);
169 return buf
+ 2 + conn
->notify_size
;
173 /* Capability negotiation as per RFC 5492 */
175 const struct bgp_af_caps
*
176 bgp_find_af_caps(struct bgp_caps
*caps
, u32 afi
)
178 struct bgp_af_caps
*ac
;
180 WALK_AF_CAPS(caps
, ac
)
187 static struct bgp_af_caps
*
188 bgp_get_af_caps(struct bgp_caps
*caps
, u32 afi
)
190 struct bgp_af_caps
*ac
;
192 WALK_AF_CAPS(caps
, ac
)
196 ac
= &caps
->af_data
[caps
->af_count
++];
197 memset(ac
, 0, sizeof(struct bgp_af_caps
));
204 bgp_af_caps_cmp(const void *X
, const void *Y
)
206 const struct bgp_af_caps
*x
= X
, *y
= Y
;
207 return (x
->afi
< y
->afi
) ? -1 : (x
->afi
> y
->afi
) ? 1 : 0;
212 bgp_prepare_capabilities(struct bgp_conn
*conn
)
214 struct bgp_proto
*p
= conn
->bgp
;
215 struct bgp_channel
*c
;
216 struct bgp_caps
*caps
;
217 struct bgp_af_caps
*ac
;
219 if (!p
->cf
->capabilities
)
221 /* Just prepare empty local_caps */
222 conn
->local_caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
));
226 /* Prepare bgp_caps structure */
227 int n
= list_length(&p
->p
.channels
);
228 caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
) + n
* sizeof(struct bgp_af_caps
));
229 conn
->local_caps
= caps
;
231 caps
->as4_support
= p
->cf
->enable_as4
;
232 caps
->ext_messages
= p
->cf
->enable_extended_messages
;
233 caps
->route_refresh
= p
->cf
->enable_refresh
;
234 caps
->enhanced_refresh
= p
->cf
->enable_refresh
;
236 if (caps
->as4_support
)
237 caps
->as4_number
= p
->public_as
;
242 caps
->gr_time
= p
->cf
->gr_time
;
243 caps
->gr_flags
= p
->p
.gr_recovery
? BGP_GRF_RESTART
: 0;
246 if (p
->cf
->llgr_mode
)
247 caps
->llgr_aware
= 1;
249 /* Allocate and fill per-AF fields */
250 WALK_LIST(c
, p
->p
.channels
)
252 ac
= &caps
->af_data
[caps
->af_count
++];
256 ac
->ext_next_hop
= bgp_channel_is_ipv4(c
) && c
->cf
->ext_next_hop
;
257 caps
->any_ext_next_hop
|= ac
->ext_next_hop
;
259 ac
->add_path
= c
->cf
->add_path
;
260 caps
->any_add_path
|= ac
->add_path
;
266 if (p
->p
.gr_recovery
)
267 ac
->gr_af_flags
|= BGP_GRF_FORWARDING
;
270 if (c
->cf
->llgr_able
)
273 ac
->llgr_time
= c
->cf
->llgr_time
;
275 if (p
->p
.gr_recovery
)
276 ac
->llgr_flags
|= BGP_LLGRF_FORWARDING
;
280 /* Sort capability fields by AFI/SAFI */
281 qsort(caps
->af_data
, caps
->af_count
, sizeof(struct bgp_af_caps
), bgp_af_caps_cmp
);
285 bgp_write_capabilities(struct bgp_conn
*conn
, byte
*buf
)
287 struct bgp_proto
*p
= conn
->bgp
;
288 struct bgp_caps
*caps
= conn
->local_caps
;
289 struct bgp_af_caps
*ac
;
290 byte
*buf_head
= buf
;
293 /* Create capability list in buffer */
296 * Note that max length is ~ 22+21*af_count. With max 12 channels that is
297 * 274. Option limit is 253 and buffer size is 4096, so we cannot overflow
298 * unless we add new capabilities or more AFs. XXXXX
301 WALK_AF_CAPS(caps
, ac
)
304 *buf
++ = 1; /* Capability 1: Multiprotocol extensions */
305 *buf
++ = 4; /* Capability data length */
306 put_af4(buf
, ac
->afi
);
310 if (caps
->route_refresh
)
312 *buf
++ = 2; /* Capability 2: Support for route refresh */
313 *buf
++ = 0; /* Capability data length */
316 if (caps
->any_ext_next_hop
)
318 *buf
++ = 5; /* Capability 5: Support for extended next hop */
319 *buf
++ = 0; /* Capability data length, will be fixed later */
322 WALK_AF_CAPS(caps
, ac
)
323 if (ac
->ext_next_hop
)
325 put_af4(buf
, ac
->afi
);
326 put_u16(buf
+4, BGP_AFI_IPV6
);
330 data
[-1] = buf
- data
;
333 if (caps
->ext_messages
)
335 *buf
++ = 6; /* Capability 6: Support for extended messages */
336 *buf
++ = 0; /* Capability data length */
341 *buf
++ = 64; /* Capability 64: Support for graceful restart */
342 *buf
++ = 0; /* Capability data length, will be fixed later */
345 put_u16(buf
, caps
->gr_time
);
346 buf
[0] |= caps
->gr_flags
;
349 WALK_AF_CAPS(caps
, ac
)
352 put_af3(buf
, ac
->afi
);
353 buf
[3] = ac
->gr_af_flags
;
357 data
[-1] = buf
- data
;
360 if (caps
->as4_support
)
362 *buf
++ = 65; /* Capability 65: Support for 4-octet AS number */
363 *buf
++ = 4; /* Capability data length */
364 put_u32(buf
, p
->public_as
);
368 if (caps
->any_add_path
)
370 *buf
++ = 69; /* Capability 69: Support for ADD-PATH */
371 *buf
++ = 0; /* Capability data length, will be fixed later */
374 WALK_AF_CAPS(caps
, ac
)
377 put_af3(buf
, ac
->afi
);
378 buf
[3] = ac
->add_path
;
382 data
[-1] = buf
- data
;
385 if (caps
->enhanced_refresh
)
387 *buf
++ = 70; /* Capability 70: Support for enhanced route refresh */
388 *buf
++ = 0; /* Capability data length */
391 if (caps
->llgr_aware
)
393 *buf
++ = 71; /* Capability 71: Support for long-lived graceful restart */
394 *buf
++ = 0; /* Capability data length, will be fixed later */
397 WALK_AF_CAPS(caps
, ac
)
400 put_af3(buf
, ac
->afi
);
401 buf
[3] = ac
->llgr_flags
;
402 put_u24(buf
+4, ac
->llgr_time
);
406 data
[-1] = buf
- data
;
409 caps
->length
= buf
- buf_head
;
415 bgp_read_capabilities(struct bgp_conn
*conn
, struct bgp_caps
*caps
, byte
*pos
, int len
)
417 struct bgp_proto
*p
= conn
->bgp
;
418 struct bgp_af_caps
*ac
;
426 if (len
< 2 || len
< (2 + pos
[1]))
429 /* Capability length */
432 /* Capability type */
435 case 1: /* Multiprotocol capability, RFC 4760 */
440 ac
= bgp_get_af_caps(caps
, af
);
444 case 2: /* Route refresh capability, RFC 2918 */
448 caps
->route_refresh
= 1;
451 case 5: /* Extended next hop encoding capability, RFC 5549 */
455 for (i
= 0; i
< cl
; i
+= 6)
457 /* Specified only for IPv4 prefixes with IPv6 next hops */
458 if ((get_u16(pos
+2+i
+0) != BGP_AFI_IPV4
) ||
459 (get_u16(pos
+2+i
+4) != BGP_AFI_IPV6
))
462 af
= get_af4(pos
+2+i
);
463 ac
= bgp_get_af_caps(caps
, af
);
464 ac
->ext_next_hop
= 1;
468 case 6: /* Extended message length capability, RFC draft */
472 caps
->ext_messages
= 1;
475 case 64: /* Graceful restart capability, RFC 4724 */
479 /* Only the last instance is valid */
480 WALK_AF_CAPS(caps
, ac
)
487 caps
->gr_flags
= pos
[2] & 0xf0;
488 caps
->gr_time
= get_u16(pos
+ 2) & 0x0fff;
490 for (i
= 2; i
< cl
; i
+= 4)
492 af
= get_af3(pos
+2+i
);
493 ac
= bgp_get_af_caps(caps
, af
);
495 ac
->gr_af_flags
= pos
[2+i
+3];
499 case 65: /* AS4 capability, RFC 6793 */
503 caps
->as4_support
= 1;
504 caps
->as4_number
= get_u32(pos
+ 2);
507 case 69: /* ADD-PATH capability, RFC 7911 */
511 for (i
= 0; i
< cl
; i
+= 4)
513 byte val
= pos
[2+i
+3];
514 if (!val
|| (val
> BGP_ADD_PATH_FULL
))
516 log(L_WARN
"%s: Got ADD-PATH capability with unknown value %u, ignoring",
522 for (i
= 0; i
< cl
; i
+= 4)
524 af
= get_af3(pos
+2+i
);
525 ac
= bgp_get_af_caps(caps
, af
);
526 ac
->add_path
= pos
[2+i
+3];
530 case 70: /* Enhanced route refresh capability, RFC 7313 */
534 caps
->enhanced_refresh
= 1;
537 case 71: /* Long lived graceful restart capability, RFC draft */
541 /* Presumably, only the last instance is valid */
542 WALK_AF_CAPS(caps
, ac
)
549 caps
->llgr_aware
= 1;
551 for (i
= 0; i
< cl
; i
+= 7)
553 af
= get_af3(pos
+2+i
);
554 ac
= bgp_get_af_caps(caps
, af
);
556 ac
->llgr_flags
= pos
[2+i
+3];
557 ac
->llgr_time
= get_u24(pos
+ 2+i
+4);
561 /* We can safely ignore all other capabilities */
564 ADVANCE(pos
, len
, 2 + cl
);
567 /* The LLGR capability must be advertised together with the GR capability,
568 otherwise it must be disregarded */
569 if (!caps
->gr_aware
&& caps
->llgr_aware
)
571 caps
->llgr_aware
= 0;
572 WALK_AF_CAPS(caps
, ac
)
583 bgp_error(conn
, 2, 0, NULL
, 0);
588 bgp_check_capabilities(struct bgp_conn
*conn
)
590 struct bgp_proto
*p
= conn
->bgp
;
591 struct bgp_caps
*local
= conn
->local_caps
;
592 struct bgp_caps
*remote
= conn
->remote_caps
;
593 struct bgp_channel
*c
;
596 /* This is partially overlapping with bgp_conn_enter_established_state(),
597 but we need to run this just after we receive OPEN message */
599 WALK_LIST(c
, p
->p
.channels
)
601 const struct bgp_af_caps
*loc
= bgp_find_af_caps(local
, c
->afi
);
602 const struct bgp_af_caps
*rem
= bgp_find_af_caps(remote
, c
->afi
);
604 /* Find out whether this channel will be active */
605 int active
= loc
&& loc
->ready
&&
606 ((rem
&& rem
->ready
) || (!remote
->length
&& (c
->afi
== BGP_AF_IPV4
)));
608 /* Mandatory must be active */
609 if (c
->cf
->mandatory
&& !active
)
616 /* We need at least one channel active */
624 bgp_read_options(struct bgp_conn
*conn
, byte
*pos
, int len
)
626 struct bgp_proto
*p
= conn
->bgp
;
627 struct bgp_caps
*caps
;
630 /* Max number of announced AFIs is limited by max option length (255) */
631 caps
= alloca(sizeof(struct bgp_caps
) + 64 * sizeof(struct bgp_af_caps
));
632 memset(caps
, 0, sizeof(struct bgp_caps
));
636 if ((len
< 2) || (len
< (2 + pos
[1])))
637 { bgp_error(conn
, 2, 0, NULL
, 0); return -1; }
642 /* BGP capabilities, RFC 5492 */
643 if (p
->cf
->capabilities
)
644 bgp_read_capabilities(conn
, caps
, pos
+ 2, ol
);
649 bgp_error(conn
, 2, 4, pos
, ol
); /* FIXME: ol or ol+2 ? */
653 ADVANCE(pos
, len
, 2 + ol
);
656 uint n
= sizeof(struct bgp_caps
) + caps
->af_count
* sizeof(struct bgp_af_caps
);
657 conn
->remote_caps
= mb_allocz(p
->p
.pool
, n
);
658 memcpy(conn
->remote_caps
, caps
, n
);
664 bgp_create_open(struct bgp_conn
*conn
, byte
*buf
)
666 struct bgp_proto
*p
= conn
->bgp
;
668 BGP_TRACE(D_PACKETS
, "Sending OPEN(ver=%d,as=%d,hold=%d,id=%08x)",
669 BGP_VERSION
, p
->public_as
, p
->cf
->hold_time
, p
->local_id
);
671 buf
[0] = BGP_VERSION
;
672 put_u16(buf
+1, (p
->public_as
< 0xFFFF) ? p
->public_as
: AS_TRANS
);
673 put_u16(buf
+3, p
->cf
->hold_time
);
674 put_u32(buf
+5, p
->local_id
);
676 if (p
->cf
->capabilities
)
678 /* Prepare local_caps and write capabilities to buffer */
679 byte
*end
= bgp_write_capabilities(conn
, buf
+12);
680 uint len
= end
- (buf
+12);
682 buf
[9] = len
+ 2; /* Optional parameters length */
683 buf
[10] = 2; /* Option 2: Capability list */
684 buf
[11] = len
; /* Option data length */
690 buf
[9] = 0; /* No optional parameters */
698 bgp_rx_open(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
700 struct bgp_proto
*p
= conn
->bgp
;
701 struct bgp_conn
*other
;
705 if (conn
->state
!= BS_OPENSENT
)
706 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
708 /* Check message contents */
709 if (len
< 29 || len
!= 29 + (uint
) pkt
[28])
710 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
712 if (pkt
[19] != BGP_VERSION
)
713 { u16 val
= BGP_VERSION
; bgp_error(conn
, 2, 1, (byte
*) &val
, 2); return; }
715 asn
= get_u16(pkt
+20);
716 hold
= get_u16(pkt
+22);
717 id
= get_u32(pkt
+24);
718 BGP_TRACE(D_PACKETS
, "Got OPEN(as=%d,hold=%d,id=%R)", asn
, hold
, id
);
720 if (bgp_read_options(conn
, pkt
+29, pkt
[28]) < 0)
723 if (hold
> 0 && hold
< 3)
724 { bgp_error(conn
, 2, 6, pkt
+22, 2); return; }
726 /* RFC 6286 2.2 - router ID is nonzero and AS-wide unique */
727 if (!id
|| (p
->is_internal
&& id
== p
->local_id
))
728 { bgp_error(conn
, 2, 3, pkt
+24, -4); return; }
730 /* RFC 5492 4 - check for required capabilities */
731 if (p
->cf
->capabilities
&& !bgp_check_capabilities(conn
))
732 { bgp_error(conn
, 2, 7, NULL
, 0); return; }
734 struct bgp_caps
*caps
= conn
->remote_caps
;
736 if (caps
->as4_support
)
738 u32 as4
= caps
->as4_number
;
740 if ((as4
!= asn
) && (asn
!= AS_TRANS
))
741 log(L_WARN
"%s: Peer advertised inconsistent AS numbers", p
->p
.name
);
743 /* When remote ASN is unspecified, it must be external one */
744 if (p
->remote_as
? (as4
!= p
->remote_as
) : (as4
== p
->local_as
))
745 { as4
= htonl(as4
); bgp_error(conn
, 2, 2, (byte
*) &as4
, 4); return; }
747 conn
->received_as
= as4
;
751 if (p
->remote_as
? (asn
!= p
->remote_as
) : (asn
== p
->local_as
))
752 { bgp_error(conn
, 2, 2, pkt
+20, 2); return; }
754 conn
->received_as
= asn
;
757 /* Check the other connection */
758 other
= (conn
== &p
->outgoing_conn
) ? &p
->incoming_conn
: &p
->outgoing_conn
;
759 switch (other
->state
)
763 /* Stop outgoing connection attempts */
764 bgp_conn_enter_idle_state(other
);
774 * Description of collision detection rules in RFC 4271 is confusing and
775 * contradictory, but it is essentially:
777 * 1. Router with higher ID is dominant
778 * 2. If both have the same ID, router with higher ASN is dominant [RFC6286]
779 * 3. When both connections are in OpenConfirm state, one initiated by
780 * the dominant router is kept.
782 * The first line in the expression below evaluates whether the neighbor
783 * is dominant, the second line whether the new connection was initiated
784 * by the neighbor. If both are true (or both are false), we keep the new
785 * connection, otherwise we keep the old one.
787 if (((p
->local_id
< id
) || ((p
->local_id
== id
) && (p
->public_as
< p
->remote_as
)))
788 == (conn
== &p
->incoming_conn
))
790 /* Should close the other connection */
791 BGP_TRACE(D_EVENTS
, "Connection collision, giving up the other connection");
792 bgp_error(other
, 6, 7, NULL
, 0);
797 /* Should close this connection */
798 BGP_TRACE(D_EVENTS
, "Connection collision, giving up this connection");
799 bgp_error(conn
, 6, 7, NULL
, 0);
803 bug("bgp_rx_open: Unknown state");
806 /* Update our local variables */
807 conn
->hold_time
= MIN(hold
, p
->cf
->hold_time
);
808 conn
->keepalive_time
= p
->cf
->keepalive_time
? : conn
->hold_time
/ 3;
809 conn
->as4_session
= conn
->local_caps
->as4_support
&& caps
->as4_support
;
810 conn
->ext_messages
= conn
->local_caps
->ext_messages
&& caps
->ext_messages
;
813 DBG("BGP: Hold timer set to %d, keepalive to %d, AS to %d, ID to %x, AS4 session to %d\n",
814 conn
->hold_time
, conn
->keepalive_time
, p
->remote_as
, p
->remote_id
, conn
->as4_session
);
816 bgp_schedule_packet(conn
, NULL
, PKT_KEEPALIVE
);
817 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
818 bgp_conn_enter_openconfirm_state(conn
);
826 #define REPORT(msg, args...) \
827 ({ log(L_REMOTE "%s: " msg, s->proto->p.name, ## args); })
829 #define DISCARD(msg, args...) \
830 ({ REPORT(msg, ## args); return; })
832 #define WITHDRAW(msg, args...) \
833 ({ REPORT(msg, ## args); s->err_withdraw = 1; return; })
835 #define BAD_AFI "Unexpected AF <%u/%u> in UPDATE"
836 #define BAD_NEXT_HOP "Invalid NEXT_HOP attribute"
837 #define NO_NEXT_HOP "Missing NEXT_HOP attribute"
838 #define NO_LABEL_STACK "Missing MPLS stack"
842 bgp_apply_next_hop(struct bgp_parse_state
*s
, rta
*a
, ip_addr gw
, ip_addr ll
)
844 struct bgp_proto
*p
= s
->proto
;
845 struct bgp_channel
*c
= s
->channel
;
847 if (c
->cf
->gw_mode
== GW_DIRECT
)
849 neighbor
*nbr
= NULL
;
851 /* GW_DIRECT -> single_hop -> p->neigh != NULL */
853 nbr
= neigh_find(&p
->p
, gw
, NULL
, 0);
854 else if (ipa_nonzero(ll
))
855 nbr
= neigh_find(&p
->p
, ll
, p
->neigh
->iface
, 0);
857 if (!nbr
|| (nbr
->scope
== SCOPE_HOST
))
858 WITHDRAW(BAD_NEXT_HOP
);
860 a
->dest
= RTD_UNICAST
;
861 a
->nh
.gw
= nbr
->addr
;
862 a
->nh
.iface
= nbr
->iface
;
864 else /* GW_RECURSIVE */
867 WITHDRAW(BAD_NEXT_HOP
);
869 rtable
*tab
= ipa_is_ip4(gw
) ? c
->igp_table_ip4
: c
->igp_table_ip6
;
870 s
->hostentry
= rt_get_hostentry(tab
, gw
, ll
, c
->c
.table
);
873 rta_apply_hostentry(a
, s
->hostentry
, NULL
);
875 /* With MPLS, hostentry is applied later in bgp_apply_mpls_labels() */
880 bgp_apply_mpls_labels(struct bgp_parse_state
*s
, rta
*a
, u32
*labels
, uint lnum
)
882 if (lnum
> MPLS_MAX_LABEL_STACK
)
884 REPORT("Too many MPLS labels ($u)", lnum
);
886 a
->dest
= RTD_UNREACHABLE
;
888 a
->nh
= (struct nexthop
) { };
892 /* Handle implicit NULL as empty MPLS stack */
893 if ((lnum
== 1) && (labels
[0] == BGP_MPLS_NULL
))
896 if (s
->channel
->cf
->gw_mode
== GW_DIRECT
)
899 memcpy(a
->nh
.label
, labels
, 4*lnum
);
901 else /* GW_RECURSIVE */
906 memcpy(ms
.stack
, labels
, 4*lnum
);
907 rta_apply_hostentry(a
, s
->hostentry
, &ms
);
913 bgp_match_src(struct bgp_export_state
*s
, int mode
)
917 case NH_NO
: return 0;
918 case NH_ALL
: return 1;
919 case NH_IBGP
: return s
->src
&& s
->src
->is_internal
;
920 case NH_EBGP
: return s
->src
&& !s
->src
->is_internal
;
926 bgp_use_next_hop(struct bgp_export_state
*s
, eattr
*a
)
928 struct bgp_proto
*p
= s
->proto
;
929 struct bgp_channel
*c
= s
->channel
;
930 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
932 /* Handle next hop self option */
933 if (c
->cf
->next_hop_self
&& bgp_match_src(s
, c
->cf
->next_hop_self
))
936 /* Handle next hop keep option */
937 if (c
->cf
->next_hop_keep
&& bgp_match_src(s
, c
->cf
->next_hop_keep
))
940 /* Keep it when explicitly set in export filter */
941 if (a
->type
& EAF_FRESH
)
944 /* Check for non-matching AF */
945 if ((ipa_is_ip4(*nh
) != bgp_channel_is_ipv4(c
)) && !c
->ext_next_hop
)
948 /* Keep it when exported to internal peers */
949 if (p
->is_interior
&& ipa_nonzero(*nh
))
952 /* Keep it when forwarded between single-hop BGPs on the same iface */
953 struct iface
*ifa
= (s
->src
&& s
->src
->neigh
) ? s
->src
->neigh
->iface
: NULL
;
954 return p
->neigh
&& (p
->neigh
->iface
== ifa
);
958 bgp_use_gateway(struct bgp_export_state
*s
)
960 struct bgp_proto
*p
= s
->proto
;
961 struct bgp_channel
*c
= s
->channel
;
962 rta
*ra
= s
->route
->attrs
;
964 /* Handle next hop self option - also applies to gateway */
965 if (c
->cf
->next_hop_self
&& bgp_match_src(s
, c
->cf
->next_hop_self
))
968 /* We need one valid global gateway */
969 if ((ra
->dest
!= RTD_UNICAST
) || ra
->nh
.next
|| ipa_zero(ra
->nh
.gw
) || ipa_is_link_local(ra
->nh
.gw
))
972 /* Check for non-matching AF */
973 if ((ipa_is_ip4(ra
->nh
.gw
) != bgp_channel_is_ipv4(c
)) && !c
->ext_next_hop
)
976 /* Use it when exported to internal peers */
980 /* Use it when forwarded to single-hop BGP peer on on the same iface */
981 return p
->neigh
&& (p
->neigh
->iface
== ra
->nh
.iface
);
985 bgp_update_next_hop_ip(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
987 if (!a
|| !bgp_use_next_hop(s
, a
))
989 if (bgp_use_gateway(s
))
991 rta
*ra
= s
->route
->attrs
;
992 ip_addr nh
[1] = { ra
->nh
.gw
};
993 bgp_set_attr_data(to
, s
->pool
, BA_NEXT_HOP
, 0, nh
, 16);
997 u32 implicit_null
= BGP_MPLS_NULL
;
998 u32
*labels
= ra
->nh
.labels
? ra
->nh
.label
: &implicit_null
;
999 uint lnum
= ra
->nh
.labels
? ra
->nh
.labels
: 1;
1000 bgp_set_attr_data(to
, s
->pool
, BA_MPLS_LABEL_STACK
, 0, labels
, lnum
* 4);
1005 ip_addr nh
[2] = { s
->channel
->next_hop_addr
, s
->channel
->link_addr
};
1006 bgp_set_attr_data(to
, s
->pool
, BA_NEXT_HOP
, 0, nh
, ipa_nonzero(nh
[1]) ? 32 : 16);
1008 /* TODO: Use local MPLS assigned label */
1011 u32 implicit_null
= BGP_MPLS_NULL
;
1012 bgp_set_attr_data(to
, s
->pool
, BA_MPLS_LABEL_STACK
, 0, &implicit_null
, 4);
1017 /* Check if next hop is valid */
1018 a
= bgp_find_attr(*to
, BA_NEXT_HOP
);
1020 WITHDRAW(NO_NEXT_HOP
);
1022 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1023 ip_addr peer
= s
->proto
->remote_ip
;
1024 uint len
= a
->u
.ptr
->length
;
1026 /* Forbid zero next hop */
1027 if (ipa_zero(nh
[0]) && ((len
!= 32) || ipa_zero(nh
[1])))
1028 WITHDRAW(BAD_NEXT_HOP
);
1030 /* Forbid next hop equal to neighbor IP */
1031 if (ipa_equal(peer
, nh
[0]) || ((len
== 32) && ipa_equal(peer
, nh
[1])))
1032 WITHDRAW(BAD_NEXT_HOP
);
1034 /* Forbid next hop with non-matching AF */
1035 if ((ipa_is_ip4(nh
[0]) != bgp_channel_is_ipv4(s
->channel
)) &&
1036 !s
->channel
->ext_next_hop
)
1037 WITHDRAW(BAD_NEXT_HOP
);
1039 /* Just check if MPLS stack */
1040 if (s
->mpls
&& !bgp_find_attr(*to
, BA_MPLS_LABEL_STACK
))
1041 WITHDRAW(NO_LABEL_STACK
);
1045 bgp_encode_next_hop_ip(struct bgp_write_state
*s
, eattr
*a
, byte
*buf
, uint size UNUSED
)
1047 /* This function is used only for MP-BGP, see bgp_encode_next_hop() for IPv4 BGP */
1048 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1049 uint len
= a
->u
.ptr
->length
;
1051 ASSERT((len
== 16) || (len
== 32));
1054 * Both IPv4 and IPv6 next hops can be used (with ext_next_hop enabled). This
1055 * is specified in RFC 5549 for IPv4 and in RFC 4798 for IPv6. The difference
1056 * is that IPv4 address is directly encoded with IPv4 NLRI, but as IPv4-mapped
1057 * IPv6 address with IPv6 NLRI.
1060 if (bgp_channel_is_ipv4(s
->channel
) && ipa_is_ip4(nh
[0]))
1062 put_ip4(buf
, ipa_to_ip4(nh
[0]));
1066 put_ip6(buf
, ipa_to_ip6(nh
[0]));
1069 put_ip6(buf
+16, ipa_to_ip6(nh
[1]));
1075 bgp_decode_next_hop_ip(struct bgp_parse_state
*s
, byte
*data
, uint len
, rta
*a
)
1077 struct bgp_channel
*c
= s
->channel
;
1078 struct adata
*ad
= lp_alloc_adata(s
->pool
, 32);
1079 ip_addr
*nh
= (void *) ad
->data
;
1083 nh
[0] = ipa_from_ip4(get_ip4(data
));
1088 nh
[0] = ipa_from_ip6(get_ip6(data
));
1091 if (ipa_is_link_local(nh
[0]))
1092 { nh
[1] = nh
[0]; nh
[0] = IPA_NONE
; }
1096 nh
[0] = ipa_from_ip6(get_ip6(data
));
1097 nh
[1] = ipa_from_ip6(get_ip6(data
+16));
1099 if (ipa_is_ip4(nh
[0]) || !ip6_is_link_local(nh
[1]))
1103 bgp_parse_error(s
, 9);
1105 if (ipa_zero(nh
[1]))
1108 if ((bgp_channel_is_ipv4(c
) != ipa_is_ip4(nh
[0])) && !c
->ext_next_hop
)
1109 WITHDRAW(BAD_NEXT_HOP
);
1111 // XXXX validate next hop
1113 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_NEXT_HOP
, 0, ad
);
1114 bgp_apply_next_hop(s
, a
, nh
[0], nh
[1]);
1118 bgp_encode_next_hop_vpn(struct bgp_write_state
*s
, eattr
*a
, byte
*buf
, uint size UNUSED
)
1120 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1121 uint len
= a
->u
.ptr
->length
;
1123 ASSERT((len
== 16) || (len
== 32));
1126 * Both IPv4 and IPv6 next hops can be used (with ext_next_hop enabled). This
1127 * is specified in RFC 5549 for VPNv4 and in RFC 4659 for VPNv6. The difference
1128 * is that IPv4 address is directly encoded with VPNv4 NLRI, but as IPv4-mapped
1129 * IPv6 address with VPNv6 NLRI.
1132 if (bgp_channel_is_ipv4(s
->channel
) && ipa_is_ip4(nh
[0]))
1134 put_u64(buf
, 0); /* VPN RD is 0 */
1135 put_ip4(buf
+8, ipa_to_ip4(nh
[0]));
1139 put_u64(buf
, 0); /* VPN RD is 0 */
1140 put_ip6(buf
+8, ipa_to_ip6(nh
[0]));
1145 put_u64(buf
+24, 0); /* VPN RD is 0 */
1146 put_ip6(buf
+32, ipa_to_ip6(nh
[1]));
1152 bgp_decode_next_hop_vpn(struct bgp_parse_state
*s
, byte
*data
, uint len
, rta
*a
)
1154 struct bgp_channel
*c
= s
->channel
;
1155 struct adata
*ad
= lp_alloc_adata(s
->pool
, 32);
1156 ip_addr
*nh
= (void *) ad
->data
;
1160 nh
[0] = ipa_from_ip4(get_ip4(data
+8));
1165 nh
[0] = ipa_from_ip6(get_ip6(data
+8));
1168 if (ipa_is_link_local(nh
[0]))
1169 { nh
[1] = nh
[0]; nh
[0] = IPA_NONE
; }
1173 nh
[0] = ipa_from_ip6(get_ip6(data
+8));
1174 nh
[1] = ipa_from_ip6(get_ip6(data
+32));
1176 if (ipa_is_ip4(nh
[0]) || !ip6_is_link_local(nh
[1]))
1180 bgp_parse_error(s
, 9);
1182 if (ipa_zero(nh
[1]))
1185 /* XXXX which error */
1186 if ((get_u64(data
) != 0) || ((len
== 48) && (get_u64(data
+24) != 0)))
1187 bgp_parse_error(s
, 9);
1189 if ((bgp_channel_is_ipv4(c
) != ipa_is_ip4(nh
[0])) && !c
->ext_next_hop
)
1190 WITHDRAW(BAD_NEXT_HOP
);
1192 // XXXX validate next hop
1194 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_NEXT_HOP
, 0, ad
);
1195 bgp_apply_next_hop(s
, a
, nh
[0], nh
[1]);
1201 bgp_encode_next_hop_none(struct bgp_write_state
*s UNUSED
, eattr
*a UNUSED
, byte
*buf UNUSED
, uint size UNUSED
)
1207 bgp_decode_next_hop_none(struct bgp_parse_state
*s UNUSED
, byte
*data UNUSED
, uint len UNUSED
, rta
*a UNUSED
)
1210 * Although we expect no next hop and RFC 7606 7.11 states that attribute
1211 * MP_REACH_NLRI with unexpected next hop length is considered malformed,
1212 * FlowSpec RFC 5575 4 states that next hop shall be ignored on receipt.
1219 bgp_update_next_hop_none(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
1221 /* NEXT_HOP shall not pass */
1223 bgp_unset_attr(to
, s
->pool
, BA_NEXT_HOP
);
1232 bgp_rte_update(struct bgp_parse_state
*s
, net_addr
*n
, u32 path_id
, rta
*a0
)
1234 if (path_id
!= s
->last_id
)
1236 s
->last_src
= rt_get_source(&s
->proto
->p
, path_id
);
1237 s
->last_id
= path_id
;
1239 rta_free(s
->cached_rta
);
1240 s
->cached_rta
= NULL
;
1245 /* Route withdraw */
1246 rte_update3(&s
->channel
->c
, n
, NULL
, s
->last_src
);
1250 /* Prepare cached route attributes */
1251 if (s
->cached_rta
== NULL
)
1253 a0
->src
= s
->last_src
;
1255 /* Workaround for rta_lookup() breaking eattrs */
1256 ea_list
*ea
= a0
->eattrs
;
1257 s
->cached_rta
= rta_lookup(a0
);
1261 rta
*a
= rta_clone(s
->cached_rta
);
1262 rte
*e
= rte_get_temp(a
);
1265 e
->u
.bgp
.suppressed
= 0;
1266 e
->u
.bgp
.stale
= -1;
1267 rte_update3(&s
->channel
->c
, n
, e
, s
->last_src
);
1271 bgp_encode_mpls_labels(struct bgp_write_state
*s UNUSED
, adata
*mpls
, byte
**pos
, uint
*size
, byte
*pxlen
)
1274 u32
*labels
= mpls
? (u32
*) mpls
->data
: &dummy
;
1275 uint lnum
= mpls
? (mpls
->length
/ 4) : 1;
1277 for (uint i
= 0; i
< lnum
; i
++)
1279 put_u24(*pos
, labels
[i
] << 4);
1280 ADVANCE(*pos
, *size
, 3);
1283 /* Add bottom-of-stack flag */
1284 (*pos
)[-1] |= BGP_MPLS_BOS
;
1286 *pxlen
+= 24 * lnum
;
1290 bgp_decode_mpls_labels(struct bgp_parse_state
*s
, byte
**pos
, uint
*len
, uint
*pxlen
, rta
*a
)
1292 u32 labels
[BGP_MPLS_MAX
], label
;
1297 bgp_parse_error(s
, 1);
1299 label
= get_u24(*pos
);
1300 labels
[lnum
++] = label
>> 4;
1301 ADVANCE(*pos
, *len
, 3);
1304 /* RFC 8277 2.4 - withdraw does not have variable-size MPLS stack but
1305 fixed-size 24-bit Compatibility field, which MUST be ignored */
1306 if (!a
&& !s
->err_withdraw
)
1309 while (!(label
& BGP_MPLS_BOS
));
1314 /* Attach MPLS attribute unless we already have one */
1315 if (!s
->mpls_labels
)
1317 s
->mpls_labels
= lp_alloc_adata(s
->pool
, 4*BGP_MPLS_MAX
);
1318 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_MPLS_LABEL_STACK
, 0, s
->mpls_labels
);
1321 /* Overwrite data in the attribute */
1322 s
->mpls_labels
->length
= 4*lnum
;
1323 memcpy(s
->mpls_labels
->data
, labels
, 4*lnum
);
1325 /* Update next hop entry in rta */
1326 bgp_apply_mpls_labels(s
, a
, labels
, lnum
);
1328 /* Attributes were changed, invalidate cached entry */
1329 rta_free(s
->cached_rta
);
1330 s
->cached_rta
= NULL
;
1336 bgp_encode_nlri_ip4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1340 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1342 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1343 struct net_addr_ip4
*net
= (void *) px
->net
;
1345 /* Encode path ID */
1348 put_u32(pos
, px
->path_id
);
1349 ADVANCE(pos
, size
, 4);
1352 /* Encode prefix length */
1354 ADVANCE(pos
, size
, 1);
1356 /* Encode MPLS labels */
1358 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1360 /* Encode prefix body */
1361 ip4_addr a
= ip4_hton(net
->prefix
);
1362 uint b
= (net
->pxlen
+ 7) / 8;
1364 ADVANCE(pos
, size
, b
);
1366 bgp_free_prefix(s
->channel
, px
);
1373 bgp_decode_nlri_ip4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1380 /* Decode path ID */
1384 bgp_parse_error(s
, 1);
1386 path_id
= get_u32(pos
);
1387 ADVANCE(pos
, len
, 4);
1390 /* Decode prefix length */
1392 ADVANCE(pos
, len
, 1);
1394 if (len
< ((l
+ 7) / 8))
1395 bgp_parse_error(s
, 1);
1397 /* Decode MPLS labels */
1399 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1401 if (l
> IP4_MAX_PREFIX_LENGTH
)
1402 bgp_parse_error(s
, 10);
1404 /* Decode prefix body */
1405 ip4_addr addr
= IP4_NONE
;
1406 uint b
= (l
+ 7) / 8;
1407 memcpy(&addr
, pos
, b
);
1408 ADVANCE(pos
, len
, b
);
1410 net
= NET_ADDR_IP4(ip4_ntoh(addr
), l
);
1411 net_normalize_ip4(&net
);
1413 // XXXX validate prefix
1415 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1421 bgp_encode_nlri_ip6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1425 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1427 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1428 struct net_addr_ip6
*net
= (void *) px
->net
;
1430 /* Encode path ID */
1433 put_u32(pos
, px
->path_id
);
1434 ADVANCE(pos
, size
, 4);
1437 /* Encode prefix length */
1439 ADVANCE(pos
, size
, 1);
1441 /* Encode MPLS labels */
1443 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1445 /* Encode prefix body */
1446 ip6_addr a
= ip6_hton(net
->prefix
);
1447 uint b
= (net
->pxlen
+ 7) / 8;
1449 ADVANCE(pos
, size
, b
);
1451 bgp_free_prefix(s
->channel
, px
);
1458 bgp_decode_nlri_ip6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1465 /* Decode path ID */
1469 bgp_parse_error(s
, 1);
1471 path_id
= get_u32(pos
);
1472 ADVANCE(pos
, len
, 4);
1475 /* Decode prefix length */
1477 ADVANCE(pos
, len
, 1);
1479 if (len
< ((l
+ 7) / 8))
1480 bgp_parse_error(s
, 1);
1482 /* Decode MPLS labels */
1484 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1486 if (l
> IP6_MAX_PREFIX_LENGTH
)
1487 bgp_parse_error(s
, 10);
1489 /* Decode prefix body */
1490 ip6_addr addr
= IP6_NONE
;
1491 uint b
= (l
+ 7) / 8;
1492 memcpy(&addr
, pos
, b
);
1493 ADVANCE(pos
, len
, b
);
1495 net
= NET_ADDR_IP6(ip6_ntoh(addr
), l
);
1496 net_normalize_ip6(&net
);
1498 // XXXX validate prefix
1500 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1505 bgp_encode_nlri_vpn4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1509 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1511 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1512 struct net_addr_vpn4
*net
= (void *) px
->net
;
1514 /* Encode path ID */
1517 put_u32(pos
, px
->path_id
);
1518 ADVANCE(pos
, size
, 4);
1521 /* Encode prefix length */
1522 *pos
= 64 + net
->pxlen
;
1523 ADVANCE(pos
, size
, 1);
1525 /* Encode MPLS labels */
1527 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1529 /* Encode route distinguisher */
1530 put_u64(pos
, net
->rd
);
1531 ADVANCE(pos
, size
, 8);
1533 /* Encode prefix body */
1534 ip4_addr a
= ip4_hton(net
->prefix
);
1535 uint b
= (net
->pxlen
+ 7) / 8;
1537 ADVANCE(pos
, size
, b
);
1539 bgp_free_prefix(s
->channel
, px
);
1546 bgp_decode_nlri_vpn4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1553 /* Decode path ID */
1557 bgp_parse_error(s
, 1);
1559 path_id
= get_u32(pos
);
1560 ADVANCE(pos
, len
, 4);
1563 /* Decode prefix length */
1565 ADVANCE(pos
, len
, 1);
1567 if (len
< ((l
+ 7) / 8))
1568 bgp_parse_error(s
, 1);
1570 /* Decode MPLS labels */
1572 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1574 /* Decode route distinguisher */
1576 bgp_parse_error(s
, 1);
1578 u64 rd
= get_u64(pos
);
1579 ADVANCE(pos
, len
, 8);
1582 if (l
> IP4_MAX_PREFIX_LENGTH
)
1583 bgp_parse_error(s
, 10);
1585 /* Decode prefix body */
1586 ip4_addr addr
= IP4_NONE
;
1587 uint b
= (l
+ 7) / 8;
1588 memcpy(&addr
, pos
, b
);
1589 ADVANCE(pos
, len
, b
);
1591 net
= NET_ADDR_VPN4(ip4_ntoh(addr
), l
, rd
);
1592 net_normalize_vpn4(&net
);
1594 // XXXX validate prefix
1596 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1602 bgp_encode_nlri_vpn6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1606 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1608 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1609 struct net_addr_vpn6
*net
= (void *) px
->net
;
1611 /* Encode path ID */
1614 put_u32(pos
, px
->path_id
);
1615 ADVANCE(pos
, size
, 4);
1618 /* Encode prefix length */
1619 *pos
= 64 + net
->pxlen
;
1620 ADVANCE(pos
, size
, 1);
1622 /* Encode MPLS labels */
1624 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1626 /* Encode route distinguisher */
1627 put_u64(pos
, net
->rd
);
1628 ADVANCE(pos
, size
, 8);
1630 /* Encode prefix body */
1631 ip6_addr a
= ip6_hton(net
->prefix
);
1632 uint b
= (net
->pxlen
+ 7) / 8;
1634 ADVANCE(pos
, size
, b
);
1636 bgp_free_prefix(s
->channel
, px
);
1643 bgp_decode_nlri_vpn6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1650 /* Decode path ID */
1654 bgp_parse_error(s
, 1);
1656 path_id
= get_u32(pos
);
1657 ADVANCE(pos
, len
, 4);
1660 /* Decode prefix length */
1662 ADVANCE(pos
, len
, 1);
1664 if (len
< ((l
+ 7) / 8))
1665 bgp_parse_error(s
, 1);
1667 /* Decode MPLS labels */
1669 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1671 /* Decode route distinguisher */
1673 bgp_parse_error(s
, 1);
1675 u64 rd
= get_u64(pos
);
1676 ADVANCE(pos
, len
, 8);
1679 if (l
> IP6_MAX_PREFIX_LENGTH
)
1680 bgp_parse_error(s
, 10);
1682 /* Decode prefix body */
1683 ip6_addr addr
= IP6_NONE
;
1684 uint b
= (l
+ 7) / 8;
1685 memcpy(&addr
, pos
, b
);
1686 ADVANCE(pos
, len
, b
);
1688 net
= NET_ADDR_VPN6(ip6_ntoh(addr
), l
, rd
);
1689 net_normalize_vpn6(&net
);
1691 // XXXX validate prefix
1693 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1699 bgp_encode_nlri_flow4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1703 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= 4))
1705 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1706 struct net_addr_flow4
*net
= (void *) px
->net
;
1707 uint flen
= net
->length
- sizeof(net_addr_flow4
);
1709 /* Encode path ID */
1712 put_u32(pos
, px
->path_id
);
1713 ADVANCE(pos
, size
, 4);
1719 /* Copy whole flow data including length */
1720 memcpy(pos
, net
->data
, flen
);
1721 ADVANCE(pos
, size
, flen
);
1723 bgp_free_prefix(s
->channel
, px
);
1730 bgp_decode_nlri_flow4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1736 /* Decode path ID */
1740 bgp_parse_error(s
, 1);
1742 path_id
= get_u32(pos
);
1743 ADVANCE(pos
, len
, 4);
1747 bgp_parse_error(s
, 1);
1749 /* Decode flow length */
1750 uint hlen
= flow_hdr_length(pos
);
1751 uint dlen
= flow_read_length(pos
);
1752 uint flen
= hlen
+ dlen
;
1753 byte
*data
= pos
+ hlen
;
1756 bgp_parse_error(s
, 1);
1758 /* Validate flow data */
1759 enum flow_validated_state r
= flow4_validate(data
, dlen
);
1760 if (r
!= FLOW_ST_VALID
)
1762 log(L_REMOTE
"%s: Invalid flow route: %s", s
->proto
->p
.name
, flow_validated_state_str(r
));
1763 bgp_parse_error(s
, 1);
1766 if (data
[0] != FLOW_TYPE_DST_PREFIX
)
1768 log(L_REMOTE
"%s: No dst prefix at first pos", s
->proto
->p
.name
);
1769 bgp_parse_error(s
, 1);
1772 /* Decode dst prefix */
1773 ip4_addr px
= IP4_NONE
;
1774 uint pxlen
= data
[1];
1776 // FIXME: Use some generic function
1777 memcpy(&px
, data
+2, BYTES(pxlen
));
1778 px
= ip4_and(ip4_ntoh(px
), ip4_mkmask(pxlen
));
1780 /* Prepare the flow */
1781 net_addr
*n
= alloca(sizeof(struct net_addr_flow4
) + flen
);
1782 net_fill_flow4(n
, px
, pxlen
, pos
, flen
);
1783 ADVANCE(pos
, len
, flen
);
1785 bgp_rte_update(s
, n
, path_id
, a
);
1791 bgp_encode_nlri_flow6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1795 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= 4))
1797 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1798 struct net_addr_flow6
*net
= (void *) px
->net
;
1799 uint flen
= net
->length
- sizeof(net_addr_flow6
);
1801 /* Encode path ID */
1804 put_u32(pos
, px
->path_id
);
1805 ADVANCE(pos
, size
, 4);
1811 /* Copy whole flow data including length */
1812 memcpy(pos
, net
->data
, flen
);
1813 ADVANCE(pos
, size
, flen
);
1815 bgp_free_prefix(s
->channel
, px
);
1822 bgp_decode_nlri_flow6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1828 /* Decode path ID */
1832 bgp_parse_error(s
, 1);
1834 path_id
= get_u32(pos
);
1835 ADVANCE(pos
, len
, 4);
1839 bgp_parse_error(s
, 1);
1841 /* Decode flow length */
1842 uint hlen
= flow_hdr_length(pos
);
1843 uint dlen
= flow_read_length(pos
);
1844 uint flen
= hlen
+ dlen
;
1845 byte
*data
= pos
+ hlen
;
1848 bgp_parse_error(s
, 1);
1850 /* Validate flow data */
1851 enum flow_validated_state r
= flow6_validate(data
, dlen
);
1852 if (r
!= FLOW_ST_VALID
)
1854 log(L_REMOTE
"%s: Invalid flow route: %s", s
->proto
->p
.name
, flow_validated_state_str(r
));
1855 bgp_parse_error(s
, 1);
1858 if (data
[0] != FLOW_TYPE_DST_PREFIX
)
1860 log(L_REMOTE
"%s: No dst prefix at first pos", s
->proto
->p
.name
);
1861 bgp_parse_error(s
, 1);
1864 /* Decode dst prefix */
1865 ip6_addr px
= IP6_NONE
;
1866 uint pxlen
= data
[1];
1868 // FIXME: Use some generic function
1869 memcpy(&px
, data
+2, BYTES(pxlen
));
1870 px
= ip6_and(ip6_ntoh(px
), ip6_mkmask(pxlen
));
1872 /* Prepare the flow */
1873 net_addr
*n
= alloca(sizeof(struct net_addr_flow6
) + flen
);
1874 net_fill_flow6(n
, px
, pxlen
, pos
, flen
);
1875 ADVANCE(pos
, len
, flen
);
1877 bgp_rte_update(s
, n
, path_id
, a
);
1882 static const struct bgp_af_desc bgp_af_table
[] = {
1887 .encode_nlri
= bgp_encode_nlri_ip4
,
1888 .decode_nlri
= bgp_decode_nlri_ip4
,
1889 .encode_next_hop
= bgp_encode_next_hop_ip
,
1890 .decode_next_hop
= bgp_decode_next_hop_ip
,
1891 .update_next_hop
= bgp_update_next_hop_ip
,
1894 .afi
= BGP_AF_IPV4_MC
,
1897 .encode_nlri
= bgp_encode_nlri_ip4
,
1898 .decode_nlri
= bgp_decode_nlri_ip4
,
1899 .encode_next_hop
= bgp_encode_next_hop_ip
,
1900 .decode_next_hop
= bgp_decode_next_hop_ip
,
1901 .update_next_hop
= bgp_update_next_hop_ip
,
1904 .afi
= BGP_AF_IPV4_MPLS
,
1907 .name
= "ipv4-mpls",
1908 .encode_nlri
= bgp_encode_nlri_ip4
,
1909 .decode_nlri
= bgp_decode_nlri_ip4
,
1910 .encode_next_hop
= bgp_encode_next_hop_ip
,
1911 .decode_next_hop
= bgp_decode_next_hop_ip
,
1912 .update_next_hop
= bgp_update_next_hop_ip
,
1918 .encode_nlri
= bgp_encode_nlri_ip6
,
1919 .decode_nlri
= bgp_decode_nlri_ip6
,
1920 .encode_next_hop
= bgp_encode_next_hop_ip
,
1921 .decode_next_hop
= bgp_decode_next_hop_ip
,
1922 .update_next_hop
= bgp_update_next_hop_ip
,
1925 .afi
= BGP_AF_IPV6_MC
,
1928 .encode_nlri
= bgp_encode_nlri_ip6
,
1929 .decode_nlri
= bgp_decode_nlri_ip6
,
1930 .encode_next_hop
= bgp_encode_next_hop_ip
,
1931 .decode_next_hop
= bgp_decode_next_hop_ip
,
1932 .update_next_hop
= bgp_update_next_hop_ip
,
1935 .afi
= BGP_AF_IPV6_MPLS
,
1938 .name
= "ipv6-mpls",
1939 .encode_nlri
= bgp_encode_nlri_ip6
,
1940 .decode_nlri
= bgp_decode_nlri_ip6
,
1941 .encode_next_hop
= bgp_encode_next_hop_ip
,
1942 .decode_next_hop
= bgp_decode_next_hop_ip
,
1943 .update_next_hop
= bgp_update_next_hop_ip
,
1946 .afi
= BGP_AF_VPN4_MPLS
,
1949 .name
= "vpn4-mpls",
1950 .encode_nlri
= bgp_encode_nlri_vpn4
,
1951 .decode_nlri
= bgp_decode_nlri_vpn4
,
1952 .encode_next_hop
= bgp_encode_next_hop_vpn
,
1953 .decode_next_hop
= bgp_decode_next_hop_vpn
,
1954 .update_next_hop
= bgp_update_next_hop_ip
,
1957 .afi
= BGP_AF_VPN6_MPLS
,
1960 .name
= "vpn6-mpls",
1961 .encode_nlri
= bgp_encode_nlri_vpn6
,
1962 .decode_nlri
= bgp_decode_nlri_vpn6
,
1963 .encode_next_hop
= bgp_encode_next_hop_vpn
,
1964 .decode_next_hop
= bgp_decode_next_hop_vpn
,
1965 .update_next_hop
= bgp_update_next_hop_ip
,
1968 .afi
= BGP_AF_VPN4_MC
,
1971 .encode_nlri
= bgp_encode_nlri_vpn4
,
1972 .decode_nlri
= bgp_decode_nlri_vpn4
,
1973 .encode_next_hop
= bgp_encode_next_hop_vpn
,
1974 .decode_next_hop
= bgp_decode_next_hop_vpn
,
1975 .update_next_hop
= bgp_update_next_hop_ip
,
1978 .afi
= BGP_AF_VPN6_MC
,
1981 .encode_nlri
= bgp_encode_nlri_vpn6
,
1982 .decode_nlri
= bgp_decode_nlri_vpn6
,
1983 .encode_next_hop
= bgp_encode_next_hop_vpn
,
1984 .decode_next_hop
= bgp_decode_next_hop_vpn
,
1985 .update_next_hop
= bgp_update_next_hop_ip
,
1988 .afi
= BGP_AF_FLOW4
,
1992 .encode_nlri
= bgp_encode_nlri_flow4
,
1993 .decode_nlri
= bgp_decode_nlri_flow4
,
1994 .encode_next_hop
= bgp_encode_next_hop_none
,
1995 .decode_next_hop
= bgp_decode_next_hop_none
,
1996 .update_next_hop
= bgp_update_next_hop_none
,
1999 .afi
= BGP_AF_FLOW6
,
2003 .encode_nlri
= bgp_encode_nlri_flow6
,
2004 .decode_nlri
= bgp_decode_nlri_flow6
,
2005 .encode_next_hop
= bgp_encode_next_hop_none
,
2006 .decode_next_hop
= bgp_decode_next_hop_none
,
2007 .update_next_hop
= bgp_update_next_hop_none
,
2011 const struct bgp_af_desc
*
2012 bgp_get_af_desc(u32 afi
)
2015 for (i
= 0; i
< ARRAY_SIZE(bgp_af_table
); i
++)
2016 if (bgp_af_table
[i
].afi
== afi
)
2017 return &bgp_af_table
[i
];
2023 bgp_encode_nlri(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2025 return s
->channel
->desc
->encode_nlri(s
, buck
, buf
, end
- buf
);
2029 bgp_encode_next_hop(struct bgp_write_state
*s
, eattr
*nh
, byte
*buf
)
2031 return s
->channel
->desc
->encode_next_hop(s
, nh
, buf
, 255);
2035 bgp_update_next_hop(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
2037 s
->channel
->desc
->update_next_hop(s
, a
, to
);
2040 #define MAX_ATTRS_LENGTH (end-buf+BGP_HEADER_LENGTH - 1024)
2043 bgp_create_ip_reach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2046 * 2 B Withdrawn Routes Length (zero)
2047 * --- IPv4 Withdrawn Routes NLRI (unused)
2048 * 2 B Total Path Attribute Length
2049 * var Path Attributes
2050 * var IPv4 Network Layer Reachability Information
2055 la
= bgp_encode_attrs(s
, buck
->eattrs
, buf
+4, buf
+ MAX_ATTRS_LENGTH
);
2058 /* Attribute list too long */
2059 bgp_withdraw_bucket(s
->channel
, buck
);
2066 lr
= bgp_encode_nlri(s
, buck
, buf
+4+la
, end
);
2072 bgp_create_mp_reach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2075 * 2 B IPv4 Withdrawn Routes Length (zero)
2076 * --- IPv4 Withdrawn Routes NLRI (unused)
2077 * 2 B Total Path Attribute Length
2078 * 1 B MP_REACH_NLRI hdr - Attribute Flags
2079 * 1 B MP_REACH_NLRI hdr - Attribute Type Code
2080 * 2 B MP_REACH_NLRI hdr - Length of Attribute Data
2081 * 2 B MP_REACH_NLRI data - Address Family Identifier
2082 * 1 B MP_REACH_NLRI data - Subsequent Address Family Identifier
2083 * 1 B MP_REACH_NLRI data - Length of Next Hop Network Address
2084 * var MP_REACH_NLRI data - Network Address of Next Hop
2085 * 1 B MP_REACH_NLRI data - Reserved (zero)
2086 * var MP_REACH_NLRI data - Network Layer Reachability Information
2087 * var Rest of Path Attributes
2088 * --- IPv4 Network Layer Reachability Information (unused)
2091 int lh
, lr
, la
; /* Lengths of next hop, NLRI and attributes */
2093 /* Begin of MP_REACH_NLRI atribute */
2094 buf
[4] = BAF_OPTIONAL
| BAF_EXT_LEN
;
2095 buf
[5] = BA_MP_REACH_NLRI
;
2096 put_u16(buf
+6, 0); /* Will be fixed later */
2097 put_af3(buf
+8, s
->channel
->afi
);
2100 /* Encode attributes to temporary buffer */
2101 byte
*abuf
= alloca(MAX_ATTRS_LENGTH
);
2102 la
= bgp_encode_attrs(s
, buck
->eattrs
, abuf
, abuf
+ MAX_ATTRS_LENGTH
);
2105 /* Attribute list too long */
2106 bgp_withdraw_bucket(s
->channel
, buck
);
2110 /* Encode the next hop */
2111 lh
= bgp_encode_next_hop(s
, s
->mp_next_hop
, pos
+1);
2115 /* Reserved field */
2118 /* Encode the NLRI */
2119 lr
= bgp_encode_nlri(s
, buck
, pos
, end
- la
);
2122 /* End of MP_REACH_NLRI atribute, update data length */
2123 put_u16(buf
+6, pos
-buf
-8);
2125 /* Copy remaining attributes */
2126 memcpy(pos
, abuf
, la
);
2129 /* Initial UPDATE fields */
2131 put_u16(buf
+2, pos
-buf
-4);
2136 #undef MAX_ATTRS_LENGTH
2139 bgp_create_ip_unreach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2142 * 2 B Withdrawn Routes Length
2143 * var IPv4 Withdrawn Routes NLRI
2144 * 2 B Total Path Attribute Length (zero)
2145 * --- Path Attributes (unused)
2146 * --- IPv4 Network Layer Reachability Information (unused)
2149 uint len
= bgp_encode_nlri(s
, buck
, buf
+2, end
);
2151 put_u16(buf
+0, len
);
2152 put_u16(buf
+2+len
, 0);
2158 bgp_create_mp_unreach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2161 * 2 B Withdrawn Routes Length (zero)
2162 * --- IPv4 Withdrawn Routes NLRI (unused)
2163 * 2 B Total Path Attribute Length
2164 * 1 B MP_UNREACH_NLRI hdr - Attribute Flags
2165 * 1 B MP_UNREACH_NLRI hdr - Attribute Type Code
2166 * 2 B MP_UNREACH_NLRI hdr - Length of Attribute Data
2167 * 2 B MP_UNREACH_NLRI data - Address Family Identifier
2168 * 1 B MP_UNREACH_NLRI data - Subsequent Address Family Identifier
2169 * var MP_UNREACH_NLRI data - Network Layer Reachability Information
2170 * --- IPv4 Network Layer Reachability Information (unused)
2173 uint len
= bgp_encode_nlri(s
, buck
, buf
+11, end
);
2176 put_u16(buf
+2, 7+len
);
2178 /* Begin of MP_UNREACH_NLRI atribute */
2179 buf
[4] = BAF_OPTIONAL
| BAF_EXT_LEN
;
2180 buf
[5] = BA_MP_UNREACH_NLRI
;
2181 put_u16(buf
+6, 3+len
);
2182 put_af3(buf
+8, s
->channel
->afi
);
2188 bgp_create_update(struct bgp_channel
*c
, byte
*buf
)
2190 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2191 struct bgp_bucket
*buck
;
2192 byte
*end
= buf
+ (bgp_max_packet_length(p
->conn
) - BGP_HEADER_LENGTH
);
2197 /* Initialize write state */
2198 struct bgp_write_state s
= {
2201 .pool
= bgp_linpool
,
2202 .mp_reach
= (c
->afi
!= BGP_AF_IPV4
) || c
->ext_next_hop
,
2203 .as4_session
= p
->as4_session
,
2204 .add_path
= c
->add_path_tx
,
2205 .mpls
= c
->desc
->mpls
,
2208 /* Try unreachable bucket */
2209 if ((buck
= c
->withdraw_bucket
) && !EMPTY_LIST(buck
->prefixes
))
2211 res
= (c
->afi
== BGP_AF_IPV4
) && !c
->ext_next_hop
?
2212 bgp_create_ip_unreach(&s
, buck
, buf
, end
):
2213 bgp_create_mp_unreach(&s
, buck
, buf
, end
);
2218 /* Try reachable buckets */
2219 if (!EMPTY_LIST(c
->bucket_queue
))
2221 buck
= HEAD(c
->bucket_queue
);
2223 /* Cleanup empty buckets */
2224 if (EMPTY_LIST(buck
->prefixes
))
2226 bgp_free_bucket(c
, buck
);
2231 bgp_create_ip_reach(&s
, buck
, buf
, end
):
2232 bgp_create_mp_reach(&s
, buck
, buf
, end
);
2234 if (EMPTY_LIST(buck
->prefixes
))
2235 bgp_free_bucket(c
, buck
);
2237 bgp_defer_bucket(c
, buck
);
2245 /* No more prefixes to send */
2249 BGP_TRACE_RL(&rl_snd_update
, D_PACKETS
, "Sending UPDATE");
2256 bgp_create_ip_end_mark(struct bgp_channel
*c UNUSED
, byte
*buf
)
2258 /* Empty update packet */
2265 bgp_create_mp_end_mark(struct bgp_channel
*c
, byte
*buf
)
2268 put_u16(buf
+2, 6); /* length 4--9 */
2270 /* Empty MP_UNREACH_NLRI atribute */
2271 buf
[4] = BAF_OPTIONAL
;
2272 buf
[5] = BA_MP_UNREACH_NLRI
;
2273 buf
[6] = 3; /* Length 7--9 */
2274 put_af3(buf
+7, c
->afi
);
2280 bgp_create_end_mark(struct bgp_channel
*c
, byte
*buf
)
2282 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2284 BGP_TRACE(D_PACKETS
, "Sending END-OF-RIB");
2286 return (c
->afi
== BGP_AF_IPV4
) ?
2287 bgp_create_ip_end_mark(c
, buf
):
2288 bgp_create_mp_end_mark(c
, buf
);
2292 bgp_rx_end_mark(struct bgp_parse_state
*s
, u32 afi
)
2294 struct bgp_proto
*p
= s
->proto
;
2295 struct bgp_channel
*c
= bgp_get_channel(p
, afi
);
2297 BGP_TRACE(D_PACKETS
, "Got END-OF-RIB");
2300 DISCARD(BAD_AFI
, BGP_AFI(afi
), BGP_SAFI(afi
));
2302 if (c
->load_state
== BFS_LOADING
)
2303 c
->load_state
= BFS_NONE
;
2305 if (p
->p
.gr_recovery
)
2306 channel_graceful_restart_unlock(&c
->c
);
2309 bgp_graceful_restart_done(c
);
2313 bgp_decode_nlri(struct bgp_parse_state
*s
, u32 afi
, byte
*nlri
, uint len
, ea_list
*ea
, byte
*nh
, uint nh_len
)
2315 struct bgp_channel
*c
= bgp_get_channel(s
->proto
, afi
);
2319 DISCARD(BAD_AFI
, BGP_AFI(afi
), BGP_SAFI(afi
));
2322 s
->add_path
= c
->add_path_rx
;
2323 s
->mpls
= c
->desc
->mpls
;
2326 s
->last_src
= s
->proto
->p
.main_source
;
2329 * IPv4 BGP and MP-BGP may be used together in one update, therefore we do not
2330 * add BA_NEXT_HOP in bgp_decode_attrs(), but we add it here independently for
2331 * IPv4 BGP and MP-BGP. We undo the attribute (and possibly others attached by
2332 * decode_next_hop hooks) by restoring a->eattrs afterwards.
2337 a
= allocz(RTA_MAX_SIZE
);
2339 a
->source
= RTS_BGP
;
2340 a
->scope
= SCOPE_UNIVERSE
;
2341 a
->from
= s
->proto
->remote_ip
;
2344 c
->desc
->decode_next_hop(s
, nh
, nh_len
, a
);
2346 /* Handle withdraw during next hop decoding */
2347 if (s
->err_withdraw
)
2351 c
->desc
->decode_nlri(s
, nlri
, len
, a
);
2353 rta_free(s
->cached_rta
);
2354 s
->cached_rta
= NULL
;
2358 bgp_rx_update(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
2360 struct bgp_proto
*p
= conn
->bgp
;
2363 BGP_TRACE_RL(&rl_rcv_update
, D_PACKETS
, "Got UPDATE");
2365 /* Workaround for some BGP implementations that skip initial KEEPALIVE */
2366 if (conn
->state
== BS_OPENCONFIRM
)
2367 bgp_conn_enter_established_state(conn
);
2369 if (conn
->state
!= BS_ESTABLISHED
)
2370 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
2372 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
2374 /* Initialize parse state */
2375 struct bgp_parse_state s
= {
2377 .pool
= bgp_linpool
,
2378 .as4_session
= p
->as4_session
,
2381 /* Parse error handler */
2382 if (setjmp(s
.err_jmpbuf
))
2384 bgp_error(conn
, 3, s
.err_subcode
, NULL
, 0);
2388 /* Check minimal length */
2390 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
2392 /* Skip fixed header */
2396 * UPDATE message format
2398 * 2 B IPv4 Withdrawn Routes Length
2399 * var IPv4 Withdrawn Routes NLRI
2400 * 2 B Total Path Attribute Length
2401 * var Path Attributes
2402 * var IPv4 Reachable Routes NLRI
2405 s
.ip_unreach_len
= get_u16(pkt
+ pos
);
2406 s
.ip_unreach_nlri
= pkt
+ pos
+ 2;
2407 pos
+= 2 + s
.ip_unreach_len
;
2410 bgp_parse_error(&s
, 1);
2412 s
.attr_len
= get_u16(pkt
+ pos
);
2413 s
.attrs
= pkt
+ pos
+ 2;
2414 pos
+= 2 + s
.attr_len
;
2417 bgp_parse_error(&s
, 1);
2419 s
.ip_reach_len
= len
- pos
;
2420 s
.ip_reach_nlri
= pkt
+ pos
;
2424 ea
= bgp_decode_attrs(&s
, s
.attrs
, s
.attr_len
);
2428 /* Check for End-of-RIB marker */
2429 if (!s
.attr_len
&& !s
.ip_unreach_len
&& !s
.ip_reach_len
)
2430 { bgp_rx_end_mark(&s
, BGP_AF_IPV4
); goto done
; }
2432 /* Check for MP End-of-RIB marker */
2433 if ((s
.attr_len
< 8) && !s
.ip_unreach_len
&& !s
.ip_reach_len
&&
2434 !s
.mp_reach_len
&& !s
.mp_unreach_len
&& s
.mp_unreach_af
)
2435 { bgp_rx_end_mark(&s
, s
.mp_unreach_af
); goto done
; }
2437 if (s
.ip_unreach_len
)
2438 bgp_decode_nlri(&s
, BGP_AF_IPV4
, s
.ip_unreach_nlri
, s
.ip_unreach_len
, NULL
, NULL
, 0);
2440 if (s
.mp_unreach_len
)
2441 bgp_decode_nlri(&s
, s
.mp_unreach_af
, s
.mp_unreach_nlri
, s
.mp_unreach_len
, NULL
, NULL
, 0);
2444 bgp_decode_nlri(&s
, BGP_AF_IPV4
, s
.ip_reach_nlri
, s
.ip_reach_len
,
2445 ea
, s
.ip_next_hop_data
, s
.ip_next_hop_len
);
2448 bgp_decode_nlri(&s
, s
.mp_reach_af
, s
.mp_reach_nlri
, s
.mp_reach_len
,
2449 ea
, s
.mp_next_hop_data
, s
.mp_next_hop_len
);
2452 rta_free(s
.cached_rta
);
2458 bgp_find_update_afi(byte
*pos
, uint len
)
2461 * This is stripped-down version of bgp_rx_update(), bgp_decode_attrs() and
2462 * bgp_decode_mp_[un]reach_nlri() used by MRT code in order to find out which
2463 * AFI/SAFI is associated with incoming UPDATE. Returns 0 for framing errors.
2468 /* Assume there is no withrawn NLRI, read lengths and move to attribute list */
2469 uint wlen
= get_u16(pos
+ 19);
2470 uint alen
= get_u16(pos
+ 21);
2471 ADVANCE(pos
, len
, 23);
2473 /* Either non-zero withdrawn NLRI, non-zero reachable NLRI, or IPv4 End-of-RIB */
2474 if ((wlen
!= 0) || (alen
< len
) || !alen
)
2480 /* Process attribute list (alen == len) */
2486 uint flags
= pos
[0];
2488 ADVANCE(pos
, len
, 2);
2490 uint ll
= !(flags
& BAF_EXT_LEN
) ? 1 : 2;
2494 /* Read attribute length and move to attribute body */
2495 alen
= (ll
== 1) ? get_u8(pos
) : get_u16(pos
);
2496 ADVANCE(pos
, len
, ll
);
2502 if ((code
== BA_MP_REACH_NLRI
) || (code
== BA_MP_UNREACH_NLRI
))
2507 return BGP_AF(get_u16(pos
), pos
[2]);
2510 /* Move to the next attribute */
2511 ADVANCE(pos
, len
, alen
);
2514 /* No basic or MP NLRI, but there are some attributes -> error */
2523 static inline byte
*
2524 bgp_create_route_refresh(struct bgp_channel
*c
, byte
*buf
)
2526 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2528 BGP_TRACE(D_PACKETS
, "Sending ROUTE-REFRESH");
2530 /* Original route refresh request, RFC 2918 */
2531 put_af4(buf
, c
->afi
);
2532 buf
[2] = BGP_RR_REQUEST
;
2537 static inline byte
*
2538 bgp_create_begin_refresh(struct bgp_channel
*c
, byte
*buf
)
2540 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2542 BGP_TRACE(D_PACKETS
, "Sending BEGIN-OF-RR");
2544 /* Demarcation of beginning of route refresh (BoRR), RFC 7313 */
2545 put_af4(buf
, c
->afi
);
2546 buf
[2] = BGP_RR_BEGIN
;
2551 static inline byte
*
2552 bgp_create_end_refresh(struct bgp_channel
*c
, byte
*buf
)
2554 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2556 BGP_TRACE(D_PACKETS
, "Sending END-OF-RR");
2558 /* Demarcation of ending of route refresh (EoRR), RFC 7313 */
2559 put_af4(buf
, c
->afi
);
2560 buf
[2] = BGP_RR_END
;
2566 bgp_rx_route_refresh(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
2568 struct bgp_proto
*p
= conn
->bgp
;
2570 if (conn
->state
!= BS_ESTABLISHED
)
2571 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
2573 if (!conn
->local_caps
->route_refresh
)
2574 { bgp_error(conn
, 1, 3, pkt
+18, 1); return; }
2576 if (len
< (BGP_HEADER_LENGTH
+ 4))
2577 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
2579 if (len
> (BGP_HEADER_LENGTH
+ 4))
2580 { bgp_error(conn
, 7, 1, pkt
, MIN(len
, 2048)); return; }
2582 struct bgp_channel
*c
= bgp_get_channel(p
, get_af4(pkt
+19));
2585 log(L_WARN
"%s: Got ROUTE-REFRESH subtype %u for AF %u.%u, ignoring",
2586 p
->p
.name
, pkt
[21], get_u16(pkt
+19), pkt
[22]);
2590 /* RFC 7313 redefined reserved field as RR message subtype */
2591 uint subtype
= p
->enhanced_refresh
? pkt
[21] : BGP_RR_REQUEST
;
2595 case BGP_RR_REQUEST
:
2596 BGP_TRACE(D_PACKETS
, "Got ROUTE-REFRESH");
2597 channel_request_feeding(&c
->c
);
2601 BGP_TRACE(D_PACKETS
, "Got BEGIN-OF-RR");
2602 bgp_refresh_begin(c
);
2606 BGP_TRACE(D_PACKETS
, "Got END-OF-RR");
2611 log(L_WARN
"%s: Got ROUTE-REFRESH message with unknown subtype %u, ignoring",
2612 p
->p
.name
, subtype
);
2617 static inline struct bgp_channel
*
2618 bgp_get_channel_to_send(struct bgp_proto
*p
, struct bgp_conn
*conn
)
2620 uint i
= conn
->last_channel
;
2622 /* Try the last channel, but at most several times */
2623 if ((conn
->channels_to_send
& (1 << i
)) &&
2624 (conn
->last_channel_count
< 16))
2627 /* Find channel with non-zero channels_to_send */
2631 if (i
>= p
->channel_count
)
2634 while (! (conn
->channels_to_send
& (1 << i
)));
2636 /* Use that channel */
2637 conn
->last_channel
= i
;
2638 conn
->last_channel_count
= 0;
2641 conn
->last_channel_count
++;
2642 return p
->channel_map
[i
];
2646 bgp_send(struct bgp_conn
*conn
, uint type
, uint len
)
2648 sock
*sk
= conn
->sk
;
2649 byte
*buf
= sk
->tbuf
;
2651 memset(buf
, 0xff, 16); /* Marker */
2652 put_u16(buf
+16, len
);
2655 return sk_send(sk
, len
);
2659 * bgp_fire_tx - transmit packets
2662 * Whenever the transmit buffers of the underlying TCP connection
2663 * are free and we have any packets queued for sending, the socket functions
2664 * call bgp_fire_tx() which takes care of selecting the highest priority packet
2665 * queued (Notification > Keepalive > Open > Update), assembling its header
2666 * and body and sending it to the connection.
2669 bgp_fire_tx(struct bgp_conn
*conn
)
2671 struct bgp_proto
*p
= conn
->bgp
;
2672 struct bgp_channel
*c
;
2673 byte
*buf
, *pkt
, *end
;
2679 buf
= conn
->sk
->tbuf
;
2680 pkt
= buf
+ BGP_HEADER_LENGTH
;
2681 s
= conn
->packets_to_send
;
2683 if (s
& (1 << PKT_SCHEDULE_CLOSE
))
2685 /* We can finally close connection and enter idle state */
2686 bgp_conn_enter_idle_state(conn
);
2689 if (s
& (1 << PKT_NOTIFICATION
))
2691 conn
->packets_to_send
= 1 << PKT_SCHEDULE_CLOSE
;
2692 end
= bgp_create_notification(conn
, pkt
);
2693 return bgp_send(conn
, PKT_NOTIFICATION
, end
- buf
);
2695 else if (s
& (1 << PKT_OPEN
))
2697 conn
->packets_to_send
&= ~(1 << PKT_OPEN
);
2698 end
= bgp_create_open(conn
, pkt
);
2699 return bgp_send(conn
, PKT_OPEN
, end
- buf
);
2701 else if (s
& (1 << PKT_KEEPALIVE
))
2703 conn
->packets_to_send
&= ~(1 << PKT_KEEPALIVE
);
2704 BGP_TRACE(D_PACKETS
, "Sending KEEPALIVE");
2705 bgp_start_timer(conn
->keepalive_timer
, conn
->keepalive_time
);
2706 return bgp_send(conn
, PKT_KEEPALIVE
, BGP_HEADER_LENGTH
);
2708 else while (conn
->channels_to_send
)
2710 c
= bgp_get_channel_to_send(p
, conn
);
2711 s
= c
->packets_to_send
;
2713 if (s
& (1 << PKT_ROUTE_REFRESH
))
2715 c
->packets_to_send
&= ~(1 << PKT_ROUTE_REFRESH
);
2716 end
= bgp_create_route_refresh(c
, pkt
);
2717 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2719 else if (s
& (1 << PKT_BEGIN_REFRESH
))
2721 /* BoRR is a subtype of RR, but uses separate bit in packets_to_send */
2722 c
->packets_to_send
&= ~(1 << PKT_BEGIN_REFRESH
);
2723 end
= bgp_create_begin_refresh(c
, pkt
);
2724 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2726 else if (s
& (1 << PKT_UPDATE
))
2728 end
= bgp_create_update(c
, pkt
);
2730 return bgp_send(conn
, PKT_UPDATE
, end
- buf
);
2732 /* No update to send, perhaps we need to send End-of-RIB or EoRR */
2733 c
->packets_to_send
= 0;
2734 conn
->channels_to_send
&= ~(1 << c
->index
);
2736 if (c
->feed_state
== BFS_LOADED
)
2738 c
->feed_state
= BFS_NONE
;
2739 end
= bgp_create_end_mark(c
, pkt
);
2740 return bgp_send(conn
, PKT_UPDATE
, end
- buf
);
2743 else if (c
->feed_state
== BFS_REFRESHED
)
2745 c
->feed_state
= BFS_NONE
;
2746 end
= bgp_create_end_refresh(c
, pkt
);
2747 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2751 bug("Channel packets_to_send: %x", s
);
2753 c
->packets_to_send
= 0;
2754 conn
->channels_to_send
&= ~(1 << c
->index
);
2761 * bgp_schedule_packet - schedule a packet for transmission
2764 * @type: packet type
2766 * Schedule a packet of type @type to be sent as soon as possible.
2769 bgp_schedule_packet(struct bgp_conn
*conn
, struct bgp_channel
*c
, int type
)
2773 DBG("BGP: Scheduling packet type %d\n", type
);
2777 if (! conn
->channels_to_send
)
2779 conn
->last_channel
= c
->index
;
2780 conn
->last_channel_count
= 0;
2783 c
->packets_to_send
|= 1 << type
;
2784 conn
->channels_to_send
|= 1 << c
->index
;
2787 conn
->packets_to_send
|= 1 << type
;
2789 if ((conn
->sk
->tpos
== conn
->sk
->tbuf
) && !ev_active(conn
->tx_ev
))
2790 ev_schedule(conn
->tx_ev
);
2793 bgp_kick_tx(void *vconn
)
2795 struct bgp_conn
*conn
= vconn
;
2797 DBG("BGP: kicking TX\n");
2799 while (--max
&& (bgp_fire_tx(conn
) > 0))
2802 if (!max
&& !ev_active(conn
->tx_ev
))
2803 ev_schedule(conn
->tx_ev
);
2809 struct bgp_conn
*conn
= sk
->data
;
2811 DBG("BGP: TX hook\n");
2813 while (--max
&& (bgp_fire_tx(conn
) > 0))
2816 if (!max
&& !ev_active(conn
->tx_ev
))
2817 ev_schedule(conn
->tx_ev
);
2824 } bgp_msg_table
[] = {
2825 { 1, 0, "Invalid message header" },
2826 { 1, 1, "Connection not synchronized" },
2827 { 1, 2, "Bad message length" },
2828 { 1, 3, "Bad message type" },
2829 { 2, 0, "Invalid OPEN message" },
2830 { 2, 1, "Unsupported version number" },
2831 { 2, 2, "Bad peer AS" },
2832 { 2, 3, "Bad BGP identifier" },
2833 { 2, 4, "Unsupported optional parameter" },
2834 { 2, 5, "Authentication failure" },
2835 { 2, 6, "Unacceptable hold time" },
2836 { 2, 7, "Required capability missing" }, /* [RFC5492] */
2837 { 2, 8, "No supported AFI/SAFI" }, /* This error msg is nonstandard */
2838 { 3, 0, "Invalid UPDATE message" },
2839 { 3, 1, "Malformed attribute list" },
2840 { 3, 2, "Unrecognized well-known attribute" },
2841 { 3, 3, "Missing mandatory attribute" },
2842 { 3, 4, "Invalid attribute flags" },
2843 { 3, 5, "Invalid attribute length" },
2844 { 3, 6, "Invalid ORIGIN attribute" },
2845 { 3, 7, "AS routing loop" }, /* Deprecated */
2846 { 3, 8, "Invalid NEXT_HOP attribute" },
2847 { 3, 9, "Optional attribute error" },
2848 { 3, 10, "Invalid network field" },
2849 { 3, 11, "Malformed AS_PATH" },
2850 { 4, 0, "Hold timer expired" },
2851 { 5, 0, "Finite state machine error" }, /* Subcodes are according to [RFC6608] */
2852 { 5, 1, "Unexpected message in OpenSent state" },
2853 { 5, 2, "Unexpected message in OpenConfirm state" },
2854 { 5, 3, "Unexpected message in Established state" },
2855 { 6, 0, "Cease" }, /* Subcodes are according to [RFC4486] */
2856 { 6, 1, "Maximum number of prefixes reached" },
2857 { 6, 2, "Administrative shutdown" },
2858 { 6, 3, "Peer de-configured" },
2859 { 6, 4, "Administrative reset" },
2860 { 6, 5, "Connection rejected" },
2861 { 6, 6, "Other configuration change" },
2862 { 6, 7, "Connection collision resolution" },
2863 { 6, 8, "Out of Resources" },
2864 { 7, 0, "Invalid ROUTE-REFRESH message" }, /* [RFC7313] */
2865 { 7, 1, "Invalid ROUTE-REFRESH message length" } /* [RFC7313] */
2869 * bgp_error_dsc - return BGP error description
2870 * @code: BGP error code
2871 * @subcode: BGP error subcode
2873 * bgp_error_dsc() returns error description for BGP errors
2874 * which might be static string or given temporary buffer.
2877 bgp_error_dsc(uint code
, uint subcode
)
2879 static char buff
[32];
2882 for (i
=0; i
< ARRAY_SIZE(bgp_msg_table
); i
++)
2883 if (bgp_msg_table
[i
].major
== code
&& bgp_msg_table
[i
].minor
== subcode
)
2884 return bgp_msg_table
[i
].msg
;
2886 bsprintf(buff
, "Unknown error %u.%u", code
, subcode
);
2890 /* RFC 8203 - shutdown communication message */
2892 bgp_handle_message(struct bgp_proto
*p
, byte
*data
, uint len
, byte
**bp
)
2894 byte
*msg
= data
+ 1;
2895 uint msg_len
= data
[0];
2898 /* Handle zero length message */
2902 /* Handle proper message */
2903 if ((msg_len
> 255) && (msg_len
+ 1 > len
))
2906 /* Some elementary cleanup */
2907 for (i
= 0; i
< msg_len
; i
++)
2911 proto_set_message(&p
->p
, msg
, msg_len
);
2912 *bp
+= bsprintf(*bp
, ": \"%s\"", p
->p
.message
);
2917 bgp_log_error(struct bgp_proto
*p
, u8
class, char *msg
, uint code
, uint subcode
, byte
*data
, uint len
)
2919 byte argbuf
[256], *t
= argbuf
;
2922 /* Don't report Cease messages generated by myself */
2923 if (code
== 6 && class == BE_BGP_TX
)
2926 /* Reset shutdown message */
2927 if ((code
== 6) && ((subcode
== 2) || (subcode
== 4)))
2928 proto_set_message(&p
->p
, NULL
, 0);
2932 /* Bad peer AS - we would like to print the AS */
2933 if ((code
== 2) && (subcode
== 2) && ((len
== 2) || (len
== 4)))
2935 t
+= bsprintf(t
, ": %u", (len
== 2) ? get_u16(data
) : get_u32(data
));
2939 /* RFC 8203 - shutdown communication */
2940 if (((code
== 6) && ((subcode
== 2) || (subcode
== 4))))
2941 if (bgp_handle_message(p
, data
, len
, &t
))
2948 for (i
=0; i
<len
; i
++)
2949 t
+= bsprintf(t
, "%02x", data
[i
]);
2954 const byte
*dsc
= bgp_error_dsc(code
, subcode
);
2955 log(L_REMOTE
"%s: %s: %s%s", p
->p
.name
, msg
, dsc
, argbuf
);
2959 bgp_rx_notification(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
2961 struct bgp_proto
*p
= conn
->bgp
;
2964 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
2966 uint code
= pkt
[19];
2967 uint subcode
= pkt
[20];
2968 int err
= (code
!= 6);
2970 bgp_log_error(p
, BE_BGP_RX
, "Received", code
, subcode
, pkt
+21, len
-21);
2971 bgp_store_error(p
, conn
, BE_BGP_RX
, (code
<< 16) | subcode
);
2973 bgp_conn_enter_close_state(conn
);
2974 bgp_schedule_packet(conn
, NULL
, PKT_SCHEDULE_CLOSE
);
2978 bgp_update_startup_delay(p
);
2979 bgp_stop(p
, 0, NULL
, 0);
2983 uint subcode_bit
= 1 << ((subcode
<= 8) ? subcode
: 0);
2984 if (p
->cf
->disable_after_cease
& subcode_bit
)
2986 log(L_INFO
"%s: Disabled after Cease notification", p
->p
.name
);
2987 p
->startup_delay
= 0;
2994 bgp_rx_keepalive(struct bgp_conn
*conn
)
2996 struct bgp_proto
*p
= conn
->bgp
;
2998 BGP_TRACE(D_PACKETS
, "Got KEEPALIVE");
2999 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
3001 if (conn
->state
== BS_OPENCONFIRM
)
3002 { bgp_conn_enter_established_state(conn
); return; }
3004 if (conn
->state
!= BS_ESTABLISHED
)
3005 bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0);
3010 * bgp_rx_packet - handle a received packet
3011 * @conn: BGP connection
3012 * @pkt: start of the packet
3015 * bgp_rx_packet() takes a newly received packet and calls the corresponding
3016 * packet handler according to the packet type.
3019 bgp_rx_packet(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
3021 byte type
= pkt
[18];
3023 DBG("BGP: Got packet %02x (%d bytes)\n", type
, len
);
3025 if (conn
->bgp
->p
.mrtdump
& MD_MESSAGES
)
3026 bgp_dump_message(conn
, pkt
, len
);
3030 case PKT_OPEN
: return bgp_rx_open(conn
, pkt
, len
);
3031 case PKT_UPDATE
: return bgp_rx_update(conn
, pkt
, len
);
3032 case PKT_NOTIFICATION
: return bgp_rx_notification(conn
, pkt
, len
);
3033 case PKT_KEEPALIVE
: return bgp_rx_keepalive(conn
);
3034 case PKT_ROUTE_REFRESH
: return bgp_rx_route_refresh(conn
, pkt
, len
);
3035 default: bgp_error(conn
, 1, 3, pkt
+18, 1);
3040 * bgp_rx - handle received data
3042 * @size: amount of data received
3044 * bgp_rx() is called by the socket layer whenever new data arrive from
3045 * the underlying TCP connection. It assembles the data fragments to packets,
3046 * checks their headers and framing and passes complete packets to
3050 bgp_rx(sock
*sk
, uint size
)
3052 struct bgp_conn
*conn
= sk
->data
;
3053 byte
*pkt_start
= sk
->rbuf
;
3054 byte
*end
= pkt_start
+ size
;
3057 DBG("BGP: RX hook: Got %d bytes\n", size
);
3058 while (end
>= pkt_start
+ BGP_HEADER_LENGTH
)
3060 if ((conn
->state
== BS_CLOSE
) || (conn
->sk
!= sk
))
3063 if (pkt_start
[i
] != 0xff)
3065 bgp_error(conn
, 1, 1, NULL
, 0);
3068 len
= get_u16(pkt_start
+16);
3069 if ((len
< BGP_HEADER_LENGTH
) || (len
> bgp_max_packet_length(conn
)))
3071 bgp_error(conn
, 1, 2, pkt_start
+16, 2);
3074 if (end
< pkt_start
+ len
)
3076 bgp_rx_packet(conn
, pkt_start
, len
);
3079 if (pkt_start
!= sk
->rbuf
)
3081 memmove(sk
->rbuf
, pkt_start
, end
- pkt_start
);
3082 sk
->rpos
= sk
->rbuf
+ (end
- pkt_start
);