]>
git.ipfire.org Git - thirdparty/bird.git/blob - proto/bgp/packets.c
2 * BIRD -- BGP Packet Processing
4 * (c) 2000 Martin Mares <mj@ucw.cz>
5 * (c) 2008--2016 Ondrej Zajicek <santiago@crfreenet.org>
6 * (c) 2008--2016 CZ.NIC z.s.p.o.
8 * Can be freely distributed and used under the terms of the GNU GPL.
15 #include "nest/bird.h"
16 #include "nest/iface.h"
17 #include "nest/protocol.h"
18 #include "nest/route.h"
19 #include "nest/attrs.h"
20 #include "proto/mrt/mrt.h"
21 #include "conf/conf.h"
22 #include "lib/unaligned.h"
23 #include "lib/flowspec.h"
24 #include "lib/socket.h"
31 #define BGP_RR_REQUEST 0
32 #define BGP_RR_BEGIN 1
35 #define BGP_NLRI_MAX (4 + 1 + 32)
37 #define BGP_MPLS_BOS 1 /* Bottom-of-stack bit */
38 #define BGP_MPLS_MAX 10 /* Max number of labels that 24*n <= 255 */
39 #define BGP_MPLS_NULL 3 /* Implicit NULL label */
40 #define BGP_MPLS_MAGIC 0x800000 /* Magic withdraw label value, RFC 3107 3 */
43 static struct tbf rl_rcv_update
= TBF_DEFAULT_LOG_LIMITS
;
44 static struct tbf rl_snd_update
= TBF_DEFAULT_LOG_LIMITS
;
46 /* Table for state -> RFC 6608 FSM error subcodes */
47 static byte fsm_err_subcode
[BS_MAX
] = {
54 static struct bgp_channel
*
55 bgp_get_channel(struct bgp_proto
*p
, u32 afi
)
59 for (i
= 0; i
< p
->channel_count
; i
++)
60 if (p
->afi_map
[i
] == afi
)
61 return p
->channel_map
[i
];
67 put_af3(byte
*buf
, u32 id
)
69 put_u16(buf
, id
>> 16);
74 put_af4(byte
*buf
, u32 id
)
76 put_u16(buf
, id
>> 16);
84 return (get_u16(buf
) << 16) | buf
[2];
90 return (get_u16(buf
) << 16) | buf
[3];
94 init_mrt_bgp_data(struct bgp_conn
*conn
, struct mrt_bgp_data
*d
)
96 struct bgp_proto
*p
= conn
->bgp
;
97 int p_ok
= conn
->state
>= BS_OPENCONFIRM
;
99 memset(d
, 0, sizeof(struct mrt_bgp_data
));
100 d
->peer_as
= p
->remote_as
;
101 d
->local_as
= p
->local_as
;
102 d
->index
= (p
->neigh
&& p
->neigh
->iface
) ? p
->neigh
->iface
->index
: 0;
103 d
->af
= ipa_is_ip4(p
->remote_ip
) ? BGP_AFI_IPV4
: BGP_AFI_IPV6
;
104 d
->peer_ip
= conn
->sk
? conn
->sk
->daddr
: IPA_NONE
;
105 d
->local_ip
= conn
->sk
? conn
->sk
->saddr
: IPA_NONE
;
106 d
->as4
= p_ok
? p
->as4_session
: 0;
109 static uint
bgp_find_update_afi(byte
*pos
, uint len
);
112 bgp_estimate_add_path(struct bgp_proto
*p
, byte
*pkt
, uint len
)
114 /* No need to estimate it for other messages than UPDATE */
115 if (pkt
[18] != PKT_UPDATE
)
118 /* 1 -> no channel, 2 -> all channels, 3 -> some channels */
119 if (p
->summary_add_path_rx
< 3)
120 return p
->summary_add_path_rx
== 2;
122 uint afi
= bgp_find_update_afi(pkt
, len
);
123 struct bgp_channel
*c
= bgp_get_channel(p
, afi
);
126 /* Either frame error (if !afi) or unknown AFI/SAFI,
127 will be reported later in regular parsing */
128 BGP_TRACE(D_PACKETS
, "MRT processing noticed invalid packet");
132 return c
->add_path_rx
;
136 bgp_dump_message(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
138 struct mrt_bgp_data d
;
139 init_mrt_bgp_data(conn
, &d
);
143 d
.add_path
= bgp_estimate_add_path(conn
->bgp
, pkt
, len
);
145 mrt_dump_bgp_message(&d
);
149 bgp_dump_state_change(struct bgp_conn
*conn
, uint old
, uint
new)
151 struct mrt_bgp_data d
;
152 init_mrt_bgp_data(conn
, &d
);
157 mrt_dump_bgp_state_change(&d
);
161 bgp_create_notification(struct bgp_conn
*conn
, byte
*buf
)
163 struct bgp_proto
*p
= conn
->bgp
;
165 BGP_TRACE(D_PACKETS
, "Sending NOTIFICATION(code=%d.%d)", conn
->notify_code
, conn
->notify_subcode
);
166 buf
[0] = conn
->notify_code
;
167 buf
[1] = conn
->notify_subcode
;
168 memcpy(buf
+2, conn
->notify_data
, conn
->notify_size
);
169 return buf
+ 2 + conn
->notify_size
;
173 /* Capability negotiation as per RFC 5492 */
175 const struct bgp_af_caps
*
176 bgp_find_af_caps(struct bgp_caps
*caps
, u32 afi
)
178 struct bgp_af_caps
*ac
;
180 WALK_AF_CAPS(caps
, ac
)
187 static struct bgp_af_caps
*
188 bgp_get_af_caps(struct bgp_caps
**pcaps
, u32 afi
)
190 struct bgp_caps
*caps
= *pcaps
;
191 struct bgp_af_caps
*ac
;
193 WALK_AF_CAPS(caps
, ac
)
197 uint n
= caps
->af_count
;
199 *pcaps
= caps
= mb_realloc(caps
, sizeof(struct bgp_caps
) +
200 (2 * n
) * sizeof(struct bgp_af_caps
));
202 ac
= &caps
->af_data
[caps
->af_count
++];
203 memset(ac
, 0, sizeof(struct bgp_af_caps
));
210 bgp_af_caps_cmp(const void *X
, const void *Y
)
212 const struct bgp_af_caps
*x
= X
, *y
= Y
;
213 return (x
->afi
< y
->afi
) ? -1 : (x
->afi
> y
->afi
) ? 1 : 0;
218 bgp_prepare_capabilities(struct bgp_conn
*conn
)
220 struct bgp_proto
*p
= conn
->bgp
;
221 struct bgp_channel
*c
;
222 struct bgp_caps
*caps
;
223 struct bgp_af_caps
*ac
;
225 if (!p
->cf
->capabilities
)
227 /* Just prepare empty local_caps */
228 conn
->local_caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
));
232 /* Prepare bgp_caps structure */
233 int n
= list_length(&p
->p
.channels
);
234 caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
) + n
* sizeof(struct bgp_af_caps
));
235 conn
->local_caps
= caps
;
237 caps
->as4_support
= p
->cf
->enable_as4
;
238 caps
->ext_messages
= p
->cf
->enable_extended_messages
;
239 caps
->route_refresh
= p
->cf
->enable_refresh
;
240 caps
->enhanced_refresh
= p
->cf
->enable_refresh
;
242 if (caps
->as4_support
)
243 caps
->as4_number
= p
->public_as
;
248 caps
->gr_time
= p
->cf
->gr_time
;
249 caps
->gr_flags
= p
->p
.gr_recovery
? BGP_GRF_RESTART
: 0;
252 if (p
->cf
->llgr_mode
)
253 caps
->llgr_aware
= 1;
255 /* Allocate and fill per-AF fields */
256 WALK_LIST(c
, p
->p
.channels
)
258 ac
= &caps
->af_data
[caps
->af_count
++];
262 ac
->ext_next_hop
= bgp_channel_is_ipv4(c
) && c
->cf
->ext_next_hop
;
263 caps
->any_ext_next_hop
|= ac
->ext_next_hop
;
265 ac
->add_path
= c
->cf
->add_path
;
266 caps
->any_add_path
|= ac
->add_path
;
272 if (p
->p
.gr_recovery
)
273 ac
->gr_af_flags
|= BGP_GRF_FORWARDING
;
276 if (c
->cf
->llgr_able
)
279 ac
->llgr_time
= c
->cf
->llgr_time
;
281 if (p
->p
.gr_recovery
)
282 ac
->llgr_flags
|= BGP_LLGRF_FORWARDING
;
286 /* Sort capability fields by AFI/SAFI */
287 qsort(caps
->af_data
, caps
->af_count
, sizeof(struct bgp_af_caps
), bgp_af_caps_cmp
);
291 bgp_write_capabilities(struct bgp_conn
*conn
, byte
*buf
)
293 struct bgp_proto
*p
= conn
->bgp
;
294 struct bgp_caps
*caps
= conn
->local_caps
;
295 struct bgp_af_caps
*ac
;
296 byte
*buf_head
= buf
;
299 /* Create capability list in buffer */
302 * Note that max length is ~ 22+21*af_count. With max 12 channels that is
303 * 274. We are limited just by buffer size (4096, minus header), as we support
304 * extended optional parameres. Therefore, we have enough space for expansion.
307 WALK_AF_CAPS(caps
, ac
)
310 *buf
++ = 1; /* Capability 1: Multiprotocol extensions */
311 *buf
++ = 4; /* Capability data length */
312 put_af4(buf
, ac
->afi
);
316 if (caps
->route_refresh
)
318 *buf
++ = 2; /* Capability 2: Support for route refresh */
319 *buf
++ = 0; /* Capability data length */
322 if (caps
->any_ext_next_hop
)
324 *buf
++ = 5; /* Capability 5: Support for extended next hop */
325 *buf
++ = 0; /* Capability data length, will be fixed later */
328 WALK_AF_CAPS(caps
, ac
)
329 if (ac
->ext_next_hop
)
331 put_af4(buf
, ac
->afi
);
332 put_u16(buf
+4, BGP_AFI_IPV6
);
336 data
[-1] = buf
- data
;
339 if (caps
->ext_messages
)
341 *buf
++ = 6; /* Capability 6: Support for extended messages */
342 *buf
++ = 0; /* Capability data length */
347 *buf
++ = 64; /* Capability 64: Support for graceful restart */
348 *buf
++ = 0; /* Capability data length, will be fixed later */
351 put_u16(buf
, caps
->gr_time
);
352 buf
[0] |= caps
->gr_flags
;
355 WALK_AF_CAPS(caps
, ac
)
358 put_af3(buf
, ac
->afi
);
359 buf
[3] = ac
->gr_af_flags
;
363 data
[-1] = buf
- data
;
366 if (caps
->as4_support
)
368 *buf
++ = 65; /* Capability 65: Support for 4-octet AS number */
369 *buf
++ = 4; /* Capability data length */
370 put_u32(buf
, p
->public_as
);
374 if (caps
->any_add_path
)
376 *buf
++ = 69; /* Capability 69: Support for ADD-PATH */
377 *buf
++ = 0; /* Capability data length, will be fixed later */
380 WALK_AF_CAPS(caps
, ac
)
383 put_af3(buf
, ac
->afi
);
384 buf
[3] = ac
->add_path
;
388 data
[-1] = buf
- data
;
391 if (caps
->enhanced_refresh
)
393 *buf
++ = 70; /* Capability 70: Support for enhanced route refresh */
394 *buf
++ = 0; /* Capability data length */
397 if (caps
->llgr_aware
)
399 *buf
++ = 71; /* Capability 71: Support for long-lived graceful restart */
400 *buf
++ = 0; /* Capability data length, will be fixed later */
403 WALK_AF_CAPS(caps
, ac
)
406 put_af3(buf
, ac
->afi
);
407 buf
[3] = ac
->llgr_flags
;
408 put_u24(buf
+4, ac
->llgr_time
);
412 data
[-1] = buf
- data
;
415 caps
->length
= buf
- buf_head
;
421 bgp_read_capabilities(struct bgp_conn
*conn
, byte
*pos
, int len
)
423 struct bgp_proto
*p
= conn
->bgp
;
424 struct bgp_caps
*caps
;
425 struct bgp_af_caps
*ac
;
429 if (!conn
->remote_caps
)
430 caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
) + sizeof(struct bgp_af_caps
));
433 caps
= conn
->remote_caps
;
434 conn
->remote_caps
= NULL
;
441 if (len
< 2 || len
< (2 + pos
[1]))
444 /* Capability length */
447 /* Capability type */
450 case 1: /* Multiprotocol capability, RFC 4760 */
455 ac
= bgp_get_af_caps(&caps
, af
);
459 case 2: /* Route refresh capability, RFC 2918 */
463 caps
->route_refresh
= 1;
466 case 5: /* Extended next hop encoding capability, RFC 5549 */
470 for (i
= 0; i
< cl
; i
+= 6)
472 /* Specified only for IPv4 prefixes with IPv6 next hops */
473 if ((get_u16(pos
+2+i
+0) != BGP_AFI_IPV4
) ||
474 (get_u16(pos
+2+i
+4) != BGP_AFI_IPV6
))
477 af
= get_af4(pos
+2+i
);
478 ac
= bgp_get_af_caps(&caps
, af
);
479 ac
->ext_next_hop
= 1;
483 case 6: /* Extended message length capability, RFC draft */
487 caps
->ext_messages
= 1;
490 case 64: /* Graceful restart capability, RFC 4724 */
494 /* Only the last instance is valid */
495 WALK_AF_CAPS(caps
, ac
)
502 caps
->gr_flags
= pos
[2] & 0xf0;
503 caps
->gr_time
= get_u16(pos
+ 2) & 0x0fff;
505 for (i
= 2; i
< cl
; i
+= 4)
507 af
= get_af3(pos
+2+i
);
508 ac
= bgp_get_af_caps(&caps
, af
);
510 ac
->gr_af_flags
= pos
[2+i
+3];
514 case 65: /* AS4 capability, RFC 6793 */
518 caps
->as4_support
= 1;
519 caps
->as4_number
= get_u32(pos
+ 2);
522 case 69: /* ADD-PATH capability, RFC 7911 */
526 for (i
= 0; i
< cl
; i
+= 4)
528 byte val
= pos
[2+i
+3];
529 if (!val
|| (val
> BGP_ADD_PATH_FULL
))
531 log(L_WARN
"%s: Got ADD-PATH capability with unknown value %u, ignoring",
537 for (i
= 0; i
< cl
; i
+= 4)
539 af
= get_af3(pos
+2+i
);
540 ac
= bgp_get_af_caps(&caps
, af
);
541 ac
->add_path
= pos
[2+i
+3];
545 case 70: /* Enhanced route refresh capability, RFC 7313 */
549 caps
->enhanced_refresh
= 1;
552 case 71: /* Long lived graceful restart capability, RFC draft */
556 /* Presumably, only the last instance is valid */
557 WALK_AF_CAPS(caps
, ac
)
564 caps
->llgr_aware
= 1;
566 for (i
= 0; i
< cl
; i
+= 7)
568 af
= get_af3(pos
+2+i
);
569 ac
= bgp_get_af_caps(&caps
, af
);
571 ac
->llgr_flags
= pos
[2+i
+3];
572 ac
->llgr_time
= get_u24(pos
+ 2+i
+4);
576 /* We can safely ignore all other capabilities */
579 ADVANCE(pos
, len
, 2 + cl
);
582 /* The LLGR capability must be advertised together with the GR capability,
583 otherwise it must be disregarded */
584 if (!caps
->gr_aware
&& caps
->llgr_aware
)
586 caps
->llgr_aware
= 0;
587 WALK_AF_CAPS(caps
, ac
)
595 conn
->remote_caps
= caps
;
600 bgp_error(conn
, 2, 0, NULL
, 0);
605 bgp_check_capabilities(struct bgp_conn
*conn
)
607 struct bgp_proto
*p
= conn
->bgp
;
608 struct bgp_caps
*local
= conn
->local_caps
;
609 struct bgp_caps
*remote
= conn
->remote_caps
;
610 struct bgp_channel
*c
;
613 /* This is partially overlapping with bgp_conn_enter_established_state(),
614 but we need to run this just after we receive OPEN message */
616 WALK_LIST(c
, p
->p
.channels
)
618 const struct bgp_af_caps
*loc
= bgp_find_af_caps(local
, c
->afi
);
619 const struct bgp_af_caps
*rem
= bgp_find_af_caps(remote
, c
->afi
);
621 /* Find out whether this channel will be active */
622 int active
= loc
&& loc
->ready
&&
623 ((rem
&& rem
->ready
) || (!remote
->length
&& (c
->afi
== BGP_AF_IPV4
)));
625 /* Mandatory must be active */
626 if (c
->cf
->mandatory
&& !active
)
633 /* We need at least one channel active */
641 bgp_read_options(struct bgp_conn
*conn
, byte
*pos
, uint len
, uint rest
)
643 struct bgp_proto
*p
= conn
->bgp
;
646 /* Handle extended length (draft-ietf-idr-ext-opt-param-07) */
647 if ((len
> 0) && (rest
> 0) && (pos
[0] == 255))
652 /* Update pos/len to describe optional data */
653 len
= get_u16(pos
+1);
659 /* Verify that optional data fits into OPEN packet */
663 /* Length of option parameter header */
664 uint hlen
= ext
? 3 : 2;
671 uint otype
= get_u8(pos
);
672 uint olen
= ext
? get_u16(pos
+1) : get_u8(pos
+1);
674 if (len
< (hlen
+ olen
))
679 /* BGP capabilities, RFC 5492 */
680 if (p
->cf
->capabilities
)
681 if (bgp_read_capabilities(conn
, pos
+ hlen
, olen
) < 0)
687 bgp_error(conn
, 2, 4, pos
, hlen
+ olen
);
691 ADVANCE(pos
, len
, hlen
+ olen
);
694 /* Prepare empty caps if no capability option was announced */
695 if (!conn
->remote_caps
)
696 conn
->remote_caps
= mb_allocz(p
->p
.pool
, sizeof(struct bgp_caps
));
701 bgp_error(conn
, 2, 0, NULL
, 0);
706 bgp_create_open(struct bgp_conn
*conn
, byte
*buf
)
708 struct bgp_proto
*p
= conn
->bgp
;
710 BGP_TRACE(D_PACKETS
, "Sending OPEN(ver=%d,as=%d,hold=%d,id=%08x)",
711 BGP_VERSION
, p
->public_as
, p
->cf
->hold_time
, p
->local_id
);
713 buf
[0] = BGP_VERSION
;
714 put_u16(buf
+1, (p
->public_as
< 0xFFFF) ? p
->public_as
: AS_TRANS
);
715 put_u16(buf
+3, p
->cf
->hold_time
);
716 put_u32(buf
+5, p
->local_id
);
718 if (p
->cf
->capabilities
)
720 /* Prepare local_caps and write capabilities to buffer */
722 byte
*end
= bgp_write_capabilities(conn
, pos
);
723 uint len
= end
- pos
;
727 buf
[9] = len
+ 2; /* Optional parameters length */
728 buf
[10] = 2; /* Option 2: Capability list */
729 buf
[11] = len
; /* Option data length */
731 else /* draft-ietf-idr-ext-opt-param-07 */
733 /* Move capabilities 4 B forward */
734 memmove(buf
+ 16, pos
, len
);
738 buf
[9] = 255; /* Non-ext OP length, fake */
739 buf
[10] = 255; /* Non-ext OP type, signals extended length */
740 put_u16(buf
+11, len
+ 3); /* Extended optional parameters length */
741 buf
[13] = 2; /* Option 2: Capability list */
742 put_u16(buf
+14, len
); /* Option extended data length */
749 buf
[9] = 0; /* No optional parameters */
757 bgp_rx_open(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
759 struct bgp_proto
*p
= conn
->bgp
;
760 struct bgp_conn
*other
;
764 if (conn
->state
!= BS_OPENSENT
)
765 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
767 /* Check message length */
769 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
771 if (pkt
[19] != BGP_VERSION
)
772 { u16 val
= BGP_VERSION
; bgp_error(conn
, 2, 1, (byte
*) &val
, 2); return; }
774 asn
= get_u16(pkt
+20);
775 hold
= get_u16(pkt
+22);
776 id
= get_u32(pkt
+24);
777 BGP_TRACE(D_PACKETS
, "Got OPEN(as=%d,hold=%d,id=%R)", asn
, hold
, id
);
779 if (bgp_read_options(conn
, pkt
+29, pkt
[28], len
-29) < 0)
782 if (hold
> 0 && hold
< 3)
783 { bgp_error(conn
, 2, 6, pkt
+22, 2); return; }
785 /* RFC 6286 2.2 - router ID is nonzero and AS-wide unique */
786 if (!id
|| (p
->is_internal
&& id
== p
->local_id
))
787 { bgp_error(conn
, 2, 3, pkt
+24, -4); return; }
789 /* RFC 5492 4 - check for required capabilities */
790 if (p
->cf
->capabilities
&& !bgp_check_capabilities(conn
))
791 { bgp_error(conn
, 2, 7, NULL
, 0); return; }
793 struct bgp_caps
*caps
= conn
->remote_caps
;
795 if (caps
->as4_support
)
797 u32 as4
= caps
->as4_number
;
799 if ((as4
!= asn
) && (asn
!= AS_TRANS
))
800 log(L_WARN
"%s: Peer advertised inconsistent AS numbers", p
->p
.name
);
802 /* When remote ASN is unspecified, it must be external one */
803 if (p
->remote_as
? (as4
!= p
->remote_as
) : (as4
== p
->local_as
))
804 { as4
= htonl(as4
); bgp_error(conn
, 2, 2, (byte
*) &as4
, 4); return; }
806 conn
->received_as
= as4
;
810 if (p
->remote_as
? (asn
!= p
->remote_as
) : (asn
== p
->local_as
))
811 { bgp_error(conn
, 2, 2, pkt
+20, 2); return; }
813 conn
->received_as
= asn
;
816 /* Check the other connection */
817 other
= (conn
== &p
->outgoing_conn
) ? &p
->incoming_conn
: &p
->outgoing_conn
;
818 switch (other
->state
)
822 /* Stop outgoing connection attempts */
823 bgp_conn_enter_idle_state(other
);
833 * Description of collision detection rules in RFC 4271 is confusing and
834 * contradictory, but it is essentially:
836 * 1. Router with higher ID is dominant
837 * 2. If both have the same ID, router with higher ASN is dominant [RFC6286]
838 * 3. When both connections are in OpenConfirm state, one initiated by
839 * the dominant router is kept.
841 * The first line in the expression below evaluates whether the neighbor
842 * is dominant, the second line whether the new connection was initiated
843 * by the neighbor. If both are true (or both are false), we keep the new
844 * connection, otherwise we keep the old one.
846 if (((p
->local_id
< id
) || ((p
->local_id
== id
) && (p
->public_as
< p
->remote_as
)))
847 == (conn
== &p
->incoming_conn
))
849 /* Should close the other connection */
850 BGP_TRACE(D_EVENTS
, "Connection collision, giving up the other connection");
851 bgp_error(other
, 6, 7, NULL
, 0);
856 /* Should close this connection */
857 BGP_TRACE(D_EVENTS
, "Connection collision, giving up this connection");
858 bgp_error(conn
, 6, 7, NULL
, 0);
862 bug("bgp_rx_open: Unknown state");
865 /* Update our local variables */
866 conn
->hold_time
= MIN(hold
, p
->cf
->hold_time
);
867 conn
->keepalive_time
= p
->cf
->keepalive_time
? : conn
->hold_time
/ 3;
868 conn
->as4_session
= conn
->local_caps
->as4_support
&& caps
->as4_support
;
869 conn
->ext_messages
= conn
->local_caps
->ext_messages
&& caps
->ext_messages
;
872 DBG("BGP: Hold timer set to %d, keepalive to %d, AS to %d, ID to %x, AS4 session to %d\n",
873 conn
->hold_time
, conn
->keepalive_time
, p
->remote_as
, p
->remote_id
, conn
->as4_session
);
875 bgp_schedule_packet(conn
, NULL
, PKT_KEEPALIVE
);
876 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
877 bgp_conn_enter_openconfirm_state(conn
);
885 #define REPORT(msg, args...) \
886 ({ log(L_REMOTE "%s: " msg, s->proto->p.name, ## args); })
888 #define DISCARD(msg, args...) \
889 ({ REPORT(msg, ## args); return; })
891 #define WITHDRAW(msg, args...) \
892 ({ REPORT(msg, ## args); s->err_withdraw = 1; return; })
894 #define BAD_AFI "Unexpected AF <%u/%u> in UPDATE"
895 #define BAD_NEXT_HOP "Invalid NEXT_HOP attribute"
896 #define NO_NEXT_HOP "Missing NEXT_HOP attribute"
897 #define NO_LABEL_STACK "Missing MPLS stack"
901 bgp_apply_next_hop(struct bgp_parse_state
*s
, rta
*a
, ip_addr gw
, ip_addr ll
)
903 struct bgp_proto
*p
= s
->proto
;
904 struct bgp_channel
*c
= s
->channel
;
906 if (c
->cf
->gw_mode
== GW_DIRECT
)
908 neighbor
*nbr
= NULL
;
910 /* GW_DIRECT -> single_hop -> p->neigh != NULL */
912 nbr
= neigh_find(&p
->p
, gw
, NULL
, 0);
913 else if (ipa_nonzero(ll
))
914 nbr
= neigh_find(&p
->p
, ll
, p
->neigh
->iface
, 0);
916 if (!nbr
|| (nbr
->scope
== SCOPE_HOST
))
917 WITHDRAW(BAD_NEXT_HOP
);
919 a
->dest
= RTD_UNICAST
;
920 a
->nh
.gw
= nbr
->addr
;
921 a
->nh
.iface
= nbr
->iface
;
922 a
->igp_metric
= c
->cf
->cost
;
924 else /* GW_RECURSIVE */
927 WITHDRAW(BAD_NEXT_HOP
);
929 rtable
*tab
= ipa_is_ip4(gw
) ? c
->igp_table_ip4
: c
->igp_table_ip6
;
930 s
->hostentry
= rt_get_hostentry(tab
, gw
, ll
, c
->c
.table
);
933 rta_apply_hostentry(a
, s
->hostentry
, NULL
);
935 /* With MPLS, hostentry is applied later in bgp_apply_mpls_labels() */
940 bgp_apply_mpls_labels(struct bgp_parse_state
*s
, rta
*a
, u32
*labels
, uint lnum
)
942 if (lnum
> MPLS_MAX_LABEL_STACK
)
944 REPORT("Too many MPLS labels ($u)", lnum
);
946 a
->dest
= RTD_UNREACHABLE
;
948 a
->nh
= (struct nexthop
) { };
952 /* Handle implicit NULL as empty MPLS stack */
953 if ((lnum
== 1) && (labels
[0] == BGP_MPLS_NULL
))
956 if (s
->channel
->cf
->gw_mode
== GW_DIRECT
)
959 memcpy(a
->nh
.label
, labels
, 4*lnum
);
961 else /* GW_RECURSIVE */
966 memcpy(ms
.stack
, labels
, 4*lnum
);
967 rta_apply_hostentry(a
, s
->hostentry
, &ms
);
973 bgp_match_src(struct bgp_export_state
*s
, int mode
)
977 case NH_NO
: return 0;
978 case NH_ALL
: return 1;
979 case NH_IBGP
: return s
->src
&& s
->src
->is_internal
;
980 case NH_EBGP
: return s
->src
&& !s
->src
->is_internal
;
986 bgp_use_next_hop(struct bgp_export_state
*s
, eattr
*a
)
988 struct bgp_proto
*p
= s
->proto
;
989 struct bgp_channel
*c
= s
->channel
;
990 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
992 /* Handle next hop self option */
993 if (c
->cf
->next_hop_self
&& bgp_match_src(s
, c
->cf
->next_hop_self
))
996 /* Handle next hop keep option */
997 if (c
->cf
->next_hop_keep
&& bgp_match_src(s
, c
->cf
->next_hop_keep
))
1000 /* Keep it when explicitly set in export filter */
1001 if (a
->type
& EAF_FRESH
)
1004 /* Check for non-matching AF */
1005 if ((ipa_is_ip4(*nh
) != bgp_channel_is_ipv4(c
)) && !c
->ext_next_hop
)
1008 /* Keep it when exported to internal peers */
1009 if (p
->is_interior
&& ipa_nonzero(*nh
))
1012 /* Keep it when forwarded between single-hop BGPs on the same iface */
1013 struct iface
*ifa
= (s
->src
&& s
->src
->neigh
) ? s
->src
->neigh
->iface
: NULL
;
1014 return p
->neigh
&& (p
->neigh
->iface
== ifa
);
1018 bgp_use_gateway(struct bgp_export_state
*s
)
1020 struct bgp_proto
*p
= s
->proto
;
1021 struct bgp_channel
*c
= s
->channel
;
1022 rta
*ra
= s
->route
->attrs
;
1024 /* Handle next hop self option - also applies to gateway */
1025 if (c
->cf
->next_hop_self
&& bgp_match_src(s
, c
->cf
->next_hop_self
))
1028 /* We need one valid global gateway */
1029 if ((ra
->dest
!= RTD_UNICAST
) || ra
->nh
.next
|| ipa_zero(ra
->nh
.gw
) || ipa_is_link_local(ra
->nh
.gw
))
1032 /* Check for non-matching AF */
1033 if ((ipa_is_ip4(ra
->nh
.gw
) != bgp_channel_is_ipv4(c
)) && !c
->ext_next_hop
)
1036 /* Use it when exported to internal peers */
1040 /* Use it when forwarded to single-hop BGP peer on on the same iface */
1041 return p
->neigh
&& (p
->neigh
->iface
== ra
->nh
.iface
);
1045 bgp_update_next_hop_ip(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
1047 if (!a
|| !bgp_use_next_hop(s
, a
))
1049 if (bgp_use_gateway(s
))
1051 rta
*ra
= s
->route
->attrs
;
1052 ip_addr nh
[1] = { ra
->nh
.gw
};
1053 bgp_set_attr_data(to
, s
->pool
, BA_NEXT_HOP
, 0, nh
, 16);
1057 u32 implicit_null
= BGP_MPLS_NULL
;
1058 u32
*labels
= ra
->nh
.labels
? ra
->nh
.label
: &implicit_null
;
1059 uint lnum
= ra
->nh
.labels
? ra
->nh
.labels
: 1;
1060 bgp_set_attr_data(to
, s
->pool
, BA_MPLS_LABEL_STACK
, 0, labels
, lnum
* 4);
1065 ip_addr nh
[2] = { s
->channel
->next_hop_addr
, s
->channel
->link_addr
};
1066 bgp_set_attr_data(to
, s
->pool
, BA_NEXT_HOP
, 0, nh
, ipa_nonzero(nh
[1]) ? 32 : 16);
1067 s
->local_next_hop
= 1;
1069 /* TODO: Use local MPLS assigned label */
1072 u32 implicit_null
= BGP_MPLS_NULL
;
1073 bgp_set_attr_data(to
, s
->pool
, BA_MPLS_LABEL_STACK
, 0, &implicit_null
, 4);
1078 /* Check if next hop is valid */
1079 a
= bgp_find_attr(*to
, BA_NEXT_HOP
);
1081 WITHDRAW(NO_NEXT_HOP
);
1083 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1084 ip_addr peer
= s
->proto
->remote_ip
;
1085 uint len
= a
->u
.ptr
->length
;
1087 /* Forbid zero next hop */
1088 if (ipa_zero(nh
[0]) && ((len
!= 32) || ipa_zero(nh
[1])))
1089 WITHDRAW(BAD_NEXT_HOP
);
1091 /* Forbid next hop equal to neighbor IP */
1092 if (ipa_equal(peer
, nh
[0]) || ((len
== 32) && ipa_equal(peer
, nh
[1])))
1093 WITHDRAW(BAD_NEXT_HOP
);
1095 /* Forbid next hop with non-matching AF */
1096 if ((ipa_is_ip4(nh
[0]) != bgp_channel_is_ipv4(s
->channel
)) &&
1097 !s
->channel
->ext_next_hop
)
1098 WITHDRAW(BAD_NEXT_HOP
);
1100 /* Just check if MPLS stack */
1101 if (s
->mpls
&& !bgp_find_attr(*to
, BA_MPLS_LABEL_STACK
))
1102 WITHDRAW(NO_LABEL_STACK
);
1106 bgp_encode_next_hop_ip(struct bgp_write_state
*s
, eattr
*a
, byte
*buf
, uint size UNUSED
)
1108 /* This function is used only for MP-BGP, see bgp_encode_next_hop() for IPv4 BGP */
1109 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1110 uint len
= a
->u
.ptr
->length
;
1112 ASSERT((len
== 16) || (len
== 32));
1115 * Both IPv4 and IPv6 next hops can be used (with ext_next_hop enabled). This
1116 * is specified in RFC 5549 for IPv4 and in RFC 4798 for IPv6. The difference
1117 * is that IPv4 address is directly encoded with IPv4 NLRI, but as IPv4-mapped
1118 * IPv6 address with IPv6 NLRI.
1121 if (bgp_channel_is_ipv4(s
->channel
) && ipa_is_ip4(nh
[0]))
1123 put_ip4(buf
, ipa_to_ip4(nh
[0]));
1127 put_ip6(buf
, ipa_to_ip6(nh
[0]));
1130 put_ip6(buf
+16, ipa_to_ip6(nh
[1]));
1136 bgp_decode_next_hop_ip(struct bgp_parse_state
*s
, byte
*data
, uint len
, rta
*a
)
1138 struct bgp_channel
*c
= s
->channel
;
1139 struct adata
*ad
= lp_alloc_adata(s
->pool
, 32);
1140 ip_addr
*nh
= (void *) ad
->data
;
1144 nh
[0] = ipa_from_ip4(get_ip4(data
));
1149 nh
[0] = ipa_from_ip6(get_ip6(data
));
1152 if (ipa_is_link_local(nh
[0]))
1153 { nh
[1] = nh
[0]; nh
[0] = IPA_NONE
; }
1157 nh
[0] = ipa_from_ip6(get_ip6(data
));
1158 nh
[1] = ipa_from_ip6(get_ip6(data
+16));
1160 if (ipa_is_link_local(nh
[0]))
1161 { nh
[1] = nh
[0]; nh
[0] = IPA_NONE
; }
1163 if (ipa_is_ip4(nh
[0]) || !ipa_is_link_local(nh
[1]))
1167 bgp_parse_error(s
, 9);
1169 if (ipa_zero(nh
[1]))
1172 if ((bgp_channel_is_ipv4(c
) != ipa_is_ip4(nh
[0])) && !c
->ext_next_hop
)
1173 WITHDRAW(BAD_NEXT_HOP
);
1175 // XXXX validate next hop
1177 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_NEXT_HOP
, 0, ad
);
1178 bgp_apply_next_hop(s
, a
, nh
[0], nh
[1]);
1182 bgp_encode_next_hop_vpn(struct bgp_write_state
*s
, eattr
*a
, byte
*buf
, uint size UNUSED
)
1184 ip_addr
*nh
= (void *) a
->u
.ptr
->data
;
1185 uint len
= a
->u
.ptr
->length
;
1187 ASSERT((len
== 16) || (len
== 32));
1190 * Both IPv4 and IPv6 next hops can be used (with ext_next_hop enabled). This
1191 * is specified in RFC 5549 for VPNv4 and in RFC 4659 for VPNv6. The difference
1192 * is that IPv4 address is directly encoded with VPNv4 NLRI, but as IPv4-mapped
1193 * IPv6 address with VPNv6 NLRI.
1196 if (bgp_channel_is_ipv4(s
->channel
) && ipa_is_ip4(nh
[0]))
1198 put_u64(buf
, 0); /* VPN RD is 0 */
1199 put_ip4(buf
+8, ipa_to_ip4(nh
[0]));
1203 put_u64(buf
, 0); /* VPN RD is 0 */
1204 put_ip6(buf
+8, ipa_to_ip6(nh
[0]));
1209 put_u64(buf
+24, 0); /* VPN RD is 0 */
1210 put_ip6(buf
+32, ipa_to_ip6(nh
[1]));
1216 bgp_decode_next_hop_vpn(struct bgp_parse_state
*s
, byte
*data
, uint len
, rta
*a
)
1218 struct bgp_channel
*c
= s
->channel
;
1219 struct adata
*ad
= lp_alloc_adata(s
->pool
, 32);
1220 ip_addr
*nh
= (void *) ad
->data
;
1224 nh
[0] = ipa_from_ip4(get_ip4(data
+8));
1229 nh
[0] = ipa_from_ip6(get_ip6(data
+8));
1232 if (ipa_is_link_local(nh
[0]))
1233 { nh
[1] = nh
[0]; nh
[0] = IPA_NONE
; }
1237 nh
[0] = ipa_from_ip6(get_ip6(data
+8));
1238 nh
[1] = ipa_from_ip6(get_ip6(data
+32));
1240 if (ipa_is_ip4(nh
[0]) || !ip6_is_link_local(nh
[1]))
1244 bgp_parse_error(s
, 9);
1246 if (ipa_zero(nh
[1]))
1249 /* XXXX which error */
1250 if ((get_u64(data
) != 0) || ((len
== 48) && (get_u64(data
+24) != 0)))
1251 bgp_parse_error(s
, 9);
1253 if ((bgp_channel_is_ipv4(c
) != ipa_is_ip4(nh
[0])) && !c
->ext_next_hop
)
1254 WITHDRAW(BAD_NEXT_HOP
);
1256 // XXXX validate next hop
1258 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_NEXT_HOP
, 0, ad
);
1259 bgp_apply_next_hop(s
, a
, nh
[0], nh
[1]);
1265 bgp_encode_next_hop_none(struct bgp_write_state
*s UNUSED
, eattr
*a UNUSED
, byte
*buf UNUSED
, uint size UNUSED
)
1271 bgp_decode_next_hop_none(struct bgp_parse_state
*s UNUSED
, byte
*data UNUSED
, uint len UNUSED
, rta
*a UNUSED
)
1274 * Although we expect no next hop and RFC 7606 7.11 states that attribute
1275 * MP_REACH_NLRI with unexpected next hop length is considered malformed,
1276 * FlowSpec RFC 5575 4 states that next hop shall be ignored on receipt.
1283 bgp_update_next_hop_none(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
1285 /* NEXT_HOP shall not pass */
1287 bgp_unset_attr(to
, s
->pool
, BA_NEXT_HOP
);
1296 bgp_rte_update(struct bgp_parse_state
*s
, net_addr
*n
, u32 path_id
, rta
*a0
)
1298 if (path_id
!= s
->last_id
)
1300 s
->last_src
= rt_get_source(&s
->proto
->p
, path_id
);
1301 s
->last_id
= path_id
;
1303 rta_free(s
->cached_rta
);
1304 s
->cached_rta
= NULL
;
1309 /* Route withdraw */
1310 rte_update3(&s
->channel
->c
, n
, NULL
, s
->last_src
);
1314 /* Prepare cached route attributes */
1315 if (s
->cached_rta
== NULL
)
1317 a0
->src
= s
->last_src
;
1319 /* Workaround for rta_lookup() breaking eattrs */
1320 ea_list
*ea
= a0
->eattrs
;
1321 s
->cached_rta
= rta_lookup(a0
);
1325 rta
*a
= rta_clone(s
->cached_rta
);
1326 rte
*e
= rte_get_temp(a
);
1329 e
->u
.bgp
.suppressed
= 0;
1330 e
->u
.bgp
.stale
= -1;
1331 rte_update3(&s
->channel
->c
, n
, e
, s
->last_src
);
1335 bgp_encode_mpls_labels(struct bgp_write_state
*s UNUSED
, const adata
*mpls
, byte
**pos
, uint
*size
, byte
*pxlen
)
1337 const u32 dummy
= 0;
1338 const u32
*labels
= mpls
? (const u32
*) mpls
->data
: &dummy
;
1339 uint lnum
= mpls
? (mpls
->length
/ 4) : 1;
1341 for (uint i
= 0; i
< lnum
; i
++)
1343 put_u24(*pos
, labels
[i
] << 4);
1344 ADVANCE(*pos
, *size
, 3);
1347 /* Add bottom-of-stack flag */
1348 (*pos
)[-1] |= BGP_MPLS_BOS
;
1350 *pxlen
+= 24 * lnum
;
1354 bgp_decode_mpls_labels(struct bgp_parse_state
*s
, byte
**pos
, uint
*len
, uint
*pxlen
, rta
*a
)
1356 u32 labels
[BGP_MPLS_MAX
], label
;
1361 bgp_parse_error(s
, 1);
1363 label
= get_u24(*pos
);
1364 labels
[lnum
++] = label
>> 4;
1365 ADVANCE(*pos
, *len
, 3);
1368 /* RFC 8277 2.4 - withdraw does not have variable-size MPLS stack but
1369 fixed-size 24-bit Compatibility field, which MUST be ignored */
1370 if (!a
&& !s
->err_withdraw
)
1373 while (!(label
& BGP_MPLS_BOS
));
1378 /* Attach MPLS attribute unless we already have one */
1379 if (!s
->mpls_labels
)
1381 s
->mpls_labels
= lp_alloc_adata(s
->pool
, 4*BGP_MPLS_MAX
);
1382 bgp_set_attr_ptr(&(a
->eattrs
), s
->pool
, BA_MPLS_LABEL_STACK
, 0, s
->mpls_labels
);
1385 /* Overwrite data in the attribute */
1386 s
->mpls_labels
->length
= 4*lnum
;
1387 memcpy(s
->mpls_labels
->data
, labels
, 4*lnum
);
1389 /* Update next hop entry in rta */
1390 bgp_apply_mpls_labels(s
, a
, labels
, lnum
);
1392 /* Attributes were changed, invalidate cached entry */
1393 rta_free(s
->cached_rta
);
1394 s
->cached_rta
= NULL
;
1400 bgp_encode_nlri_ip4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1404 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1406 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1407 struct net_addr_ip4
*net
= (void *) px
->net
;
1409 /* Encode path ID */
1412 put_u32(pos
, px
->path_id
);
1413 ADVANCE(pos
, size
, 4);
1416 /* Encode prefix length */
1418 ADVANCE(pos
, size
, 1);
1420 /* Encode MPLS labels */
1422 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1424 /* Encode prefix body */
1425 ip4_addr a
= ip4_hton(net
->prefix
);
1426 uint b
= (net
->pxlen
+ 7) / 8;
1428 ADVANCE(pos
, size
, b
);
1430 bgp_free_prefix(s
->channel
, px
);
1437 bgp_decode_nlri_ip4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1444 /* Decode path ID */
1448 bgp_parse_error(s
, 1);
1450 path_id
= get_u32(pos
);
1451 ADVANCE(pos
, len
, 4);
1454 /* Decode prefix length */
1456 ADVANCE(pos
, len
, 1);
1458 if (len
< ((l
+ 7) / 8))
1459 bgp_parse_error(s
, 1);
1461 /* Decode MPLS labels */
1463 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1465 if (l
> IP4_MAX_PREFIX_LENGTH
)
1466 bgp_parse_error(s
, 10);
1468 /* Decode prefix body */
1469 ip4_addr addr
= IP4_NONE
;
1470 uint b
= (l
+ 7) / 8;
1471 memcpy(&addr
, pos
, b
);
1472 ADVANCE(pos
, len
, b
);
1474 net
= NET_ADDR_IP4(ip4_ntoh(addr
), l
);
1475 net_normalize_ip4(&net
);
1477 // XXXX validate prefix
1479 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1485 bgp_encode_nlri_ip6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1489 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1491 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1492 struct net_addr_ip6
*net
= (void *) px
->net
;
1494 /* Encode path ID */
1497 put_u32(pos
, px
->path_id
);
1498 ADVANCE(pos
, size
, 4);
1501 /* Encode prefix length */
1503 ADVANCE(pos
, size
, 1);
1505 /* Encode MPLS labels */
1507 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1509 /* Encode prefix body */
1510 ip6_addr a
= ip6_hton(net
->prefix
);
1511 uint b
= (net
->pxlen
+ 7) / 8;
1513 ADVANCE(pos
, size
, b
);
1515 bgp_free_prefix(s
->channel
, px
);
1522 bgp_decode_nlri_ip6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1529 /* Decode path ID */
1533 bgp_parse_error(s
, 1);
1535 path_id
= get_u32(pos
);
1536 ADVANCE(pos
, len
, 4);
1539 /* Decode prefix length */
1541 ADVANCE(pos
, len
, 1);
1543 if (len
< ((l
+ 7) / 8))
1544 bgp_parse_error(s
, 1);
1546 /* Decode MPLS labels */
1548 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1550 if (l
> IP6_MAX_PREFIX_LENGTH
)
1551 bgp_parse_error(s
, 10);
1553 /* Decode prefix body */
1554 ip6_addr addr
= IP6_NONE
;
1555 uint b
= (l
+ 7) / 8;
1556 memcpy(&addr
, pos
, b
);
1557 ADVANCE(pos
, len
, b
);
1559 net
= NET_ADDR_IP6(ip6_ntoh(addr
), l
);
1560 net_normalize_ip6(&net
);
1562 // XXXX validate prefix
1564 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1569 bgp_encode_nlri_vpn4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1573 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1575 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1576 struct net_addr_vpn4
*net
= (void *) px
->net
;
1578 /* Encode path ID */
1581 put_u32(pos
, px
->path_id
);
1582 ADVANCE(pos
, size
, 4);
1585 /* Encode prefix length */
1586 *pos
= 64 + net
->pxlen
;
1587 ADVANCE(pos
, size
, 1);
1589 /* Encode MPLS labels */
1591 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1593 /* Encode route distinguisher */
1594 put_u64(pos
, net
->rd
);
1595 ADVANCE(pos
, size
, 8);
1597 /* Encode prefix body */
1598 ip4_addr a
= ip4_hton(net
->prefix
);
1599 uint b
= (net
->pxlen
+ 7) / 8;
1601 ADVANCE(pos
, size
, b
);
1603 bgp_free_prefix(s
->channel
, px
);
1610 bgp_decode_nlri_vpn4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1617 /* Decode path ID */
1621 bgp_parse_error(s
, 1);
1623 path_id
= get_u32(pos
);
1624 ADVANCE(pos
, len
, 4);
1627 /* Decode prefix length */
1629 ADVANCE(pos
, len
, 1);
1631 if (len
< ((l
+ 7) / 8))
1632 bgp_parse_error(s
, 1);
1634 /* Decode MPLS labels */
1636 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1638 /* Decode route distinguisher */
1640 bgp_parse_error(s
, 1);
1642 u64 rd
= get_u64(pos
);
1643 ADVANCE(pos
, len
, 8);
1646 if (l
> IP4_MAX_PREFIX_LENGTH
)
1647 bgp_parse_error(s
, 10);
1649 /* Decode prefix body */
1650 ip4_addr addr
= IP4_NONE
;
1651 uint b
= (l
+ 7) / 8;
1652 memcpy(&addr
, pos
, b
);
1653 ADVANCE(pos
, len
, b
);
1655 net
= NET_ADDR_VPN4(ip4_ntoh(addr
), l
, rd
);
1656 net_normalize_vpn4(&net
);
1658 // XXXX validate prefix
1660 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1666 bgp_encode_nlri_vpn6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1670 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= BGP_NLRI_MAX
))
1672 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1673 struct net_addr_vpn6
*net
= (void *) px
->net
;
1675 /* Encode path ID */
1678 put_u32(pos
, px
->path_id
);
1679 ADVANCE(pos
, size
, 4);
1682 /* Encode prefix length */
1683 *pos
= 64 + net
->pxlen
;
1684 ADVANCE(pos
, size
, 1);
1686 /* Encode MPLS labels */
1688 bgp_encode_mpls_labels(s
, s
->mpls_labels
, &pos
, &size
, pos
- 1);
1690 /* Encode route distinguisher */
1691 put_u64(pos
, net
->rd
);
1692 ADVANCE(pos
, size
, 8);
1694 /* Encode prefix body */
1695 ip6_addr a
= ip6_hton(net
->prefix
);
1696 uint b
= (net
->pxlen
+ 7) / 8;
1698 ADVANCE(pos
, size
, b
);
1700 bgp_free_prefix(s
->channel
, px
);
1707 bgp_decode_nlri_vpn6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1714 /* Decode path ID */
1718 bgp_parse_error(s
, 1);
1720 path_id
= get_u32(pos
);
1721 ADVANCE(pos
, len
, 4);
1724 /* Decode prefix length */
1726 ADVANCE(pos
, len
, 1);
1728 if (len
< ((l
+ 7) / 8))
1729 bgp_parse_error(s
, 1);
1731 /* Decode MPLS labels */
1733 bgp_decode_mpls_labels(s
, &pos
, &len
, &l
, a
);
1735 /* Decode route distinguisher */
1737 bgp_parse_error(s
, 1);
1739 u64 rd
= get_u64(pos
);
1740 ADVANCE(pos
, len
, 8);
1743 if (l
> IP6_MAX_PREFIX_LENGTH
)
1744 bgp_parse_error(s
, 10);
1746 /* Decode prefix body */
1747 ip6_addr addr
= IP6_NONE
;
1748 uint b
= (l
+ 7) / 8;
1749 memcpy(&addr
, pos
, b
);
1750 ADVANCE(pos
, len
, b
);
1752 net
= NET_ADDR_VPN6(ip6_ntoh(addr
), l
, rd
);
1753 net_normalize_vpn6(&net
);
1755 // XXXX validate prefix
1757 bgp_rte_update(s
, (net_addr
*) &net
, path_id
, a
);
1763 bgp_encode_nlri_flow4(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1767 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= 4))
1769 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1770 struct net_addr_flow4
*net
= (void *) px
->net
;
1771 uint flen
= net
->length
- sizeof(net_addr_flow4
);
1773 /* Encode path ID */
1776 put_u32(pos
, px
->path_id
);
1777 ADVANCE(pos
, size
, 4);
1783 /* Copy whole flow data including length */
1784 memcpy(pos
, net
->data
, flen
);
1785 ADVANCE(pos
, size
, flen
);
1787 bgp_free_prefix(s
->channel
, px
);
1794 bgp_decode_nlri_flow4(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1800 /* Decode path ID */
1804 bgp_parse_error(s
, 1);
1806 path_id
= get_u32(pos
);
1807 ADVANCE(pos
, len
, 4);
1811 bgp_parse_error(s
, 1);
1813 /* Decode flow length */
1814 uint hlen
= flow_hdr_length(pos
);
1815 uint dlen
= flow_read_length(pos
);
1816 uint flen
= hlen
+ dlen
;
1817 byte
*data
= pos
+ hlen
;
1820 bgp_parse_error(s
, 1);
1822 /* Validate flow data */
1823 enum flow_validated_state r
= flow4_validate(data
, dlen
);
1824 if (r
!= FLOW_ST_VALID
)
1826 log(L_REMOTE
"%s: Invalid flow route: %s", s
->proto
->p
.name
, flow_validated_state_str(r
));
1827 bgp_parse_error(s
, 1);
1830 ip4_addr px
= IP4_NONE
;
1833 /* Decode dst prefix */
1834 if (data
[0] == FLOW_TYPE_DST_PREFIX
)
1836 px
= flow_read_ip4_part(data
);
1837 pxlen
= flow_read_pxlen(data
);
1840 /* Prepare the flow */
1841 net_addr
*n
= alloca(sizeof(struct net_addr_flow4
) + flen
);
1842 net_fill_flow4(n
, px
, pxlen
, pos
, flen
);
1843 ADVANCE(pos
, len
, flen
);
1845 bgp_rte_update(s
, n
, path_id
, a
);
1851 bgp_encode_nlri_flow6(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, uint size
)
1855 while (!EMPTY_LIST(buck
->prefixes
) && (size
>= 4))
1857 struct bgp_prefix
*px
= HEAD(buck
->prefixes
);
1858 struct net_addr_flow6
*net
= (void *) px
->net
;
1859 uint flen
= net
->length
- sizeof(net_addr_flow6
);
1861 /* Encode path ID */
1864 put_u32(pos
, px
->path_id
);
1865 ADVANCE(pos
, size
, 4);
1871 /* Copy whole flow data including length */
1872 memcpy(pos
, net
->data
, flen
);
1873 ADVANCE(pos
, size
, flen
);
1875 bgp_free_prefix(s
->channel
, px
);
1882 bgp_decode_nlri_flow6(struct bgp_parse_state
*s
, byte
*pos
, uint len
, rta
*a
)
1888 /* Decode path ID */
1892 bgp_parse_error(s
, 1);
1894 path_id
= get_u32(pos
);
1895 ADVANCE(pos
, len
, 4);
1899 bgp_parse_error(s
, 1);
1901 /* Decode flow length */
1902 uint hlen
= flow_hdr_length(pos
);
1903 uint dlen
= flow_read_length(pos
);
1904 uint flen
= hlen
+ dlen
;
1905 byte
*data
= pos
+ hlen
;
1908 bgp_parse_error(s
, 1);
1910 /* Validate flow data */
1911 enum flow_validated_state r
= flow6_validate(data
, dlen
);
1912 if (r
!= FLOW_ST_VALID
)
1914 log(L_REMOTE
"%s: Invalid flow route: %s", s
->proto
->p
.name
, flow_validated_state_str(r
));
1915 bgp_parse_error(s
, 1);
1918 ip6_addr px
= IP6_NONE
;
1921 /* Decode dst prefix */
1922 if (data
[0] == FLOW_TYPE_DST_PREFIX
)
1924 px
= flow_read_ip6_part(data
);
1925 pxlen
= flow_read_pxlen(data
);
1928 /* Prepare the flow */
1929 net_addr
*n
= alloca(sizeof(struct net_addr_flow6
) + flen
);
1930 net_fill_flow6(n
, px
, pxlen
, pos
, flen
);
1931 ADVANCE(pos
, len
, flen
);
1933 bgp_rte_update(s
, n
, path_id
, a
);
1938 static const struct bgp_af_desc bgp_af_table
[] = {
1943 .encode_nlri
= bgp_encode_nlri_ip4
,
1944 .decode_nlri
= bgp_decode_nlri_ip4
,
1945 .encode_next_hop
= bgp_encode_next_hop_ip
,
1946 .decode_next_hop
= bgp_decode_next_hop_ip
,
1947 .update_next_hop
= bgp_update_next_hop_ip
,
1950 .afi
= BGP_AF_IPV4_MC
,
1953 .encode_nlri
= bgp_encode_nlri_ip4
,
1954 .decode_nlri
= bgp_decode_nlri_ip4
,
1955 .encode_next_hop
= bgp_encode_next_hop_ip
,
1956 .decode_next_hop
= bgp_decode_next_hop_ip
,
1957 .update_next_hop
= bgp_update_next_hop_ip
,
1960 .afi
= BGP_AF_IPV4_MPLS
,
1963 .name
= "ipv4-mpls",
1964 .encode_nlri
= bgp_encode_nlri_ip4
,
1965 .decode_nlri
= bgp_decode_nlri_ip4
,
1966 .encode_next_hop
= bgp_encode_next_hop_ip
,
1967 .decode_next_hop
= bgp_decode_next_hop_ip
,
1968 .update_next_hop
= bgp_update_next_hop_ip
,
1974 .encode_nlri
= bgp_encode_nlri_ip6
,
1975 .decode_nlri
= bgp_decode_nlri_ip6
,
1976 .encode_next_hop
= bgp_encode_next_hop_ip
,
1977 .decode_next_hop
= bgp_decode_next_hop_ip
,
1978 .update_next_hop
= bgp_update_next_hop_ip
,
1981 .afi
= BGP_AF_IPV6_MC
,
1984 .encode_nlri
= bgp_encode_nlri_ip6
,
1985 .decode_nlri
= bgp_decode_nlri_ip6
,
1986 .encode_next_hop
= bgp_encode_next_hop_ip
,
1987 .decode_next_hop
= bgp_decode_next_hop_ip
,
1988 .update_next_hop
= bgp_update_next_hop_ip
,
1991 .afi
= BGP_AF_IPV6_MPLS
,
1994 .name
= "ipv6-mpls",
1995 .encode_nlri
= bgp_encode_nlri_ip6
,
1996 .decode_nlri
= bgp_decode_nlri_ip6
,
1997 .encode_next_hop
= bgp_encode_next_hop_ip
,
1998 .decode_next_hop
= bgp_decode_next_hop_ip
,
1999 .update_next_hop
= bgp_update_next_hop_ip
,
2002 .afi
= BGP_AF_VPN4_MPLS
,
2005 .name
= "vpn4-mpls",
2006 .encode_nlri
= bgp_encode_nlri_vpn4
,
2007 .decode_nlri
= bgp_decode_nlri_vpn4
,
2008 .encode_next_hop
= bgp_encode_next_hop_vpn
,
2009 .decode_next_hop
= bgp_decode_next_hop_vpn
,
2010 .update_next_hop
= bgp_update_next_hop_ip
,
2013 .afi
= BGP_AF_VPN6_MPLS
,
2016 .name
= "vpn6-mpls",
2017 .encode_nlri
= bgp_encode_nlri_vpn6
,
2018 .decode_nlri
= bgp_decode_nlri_vpn6
,
2019 .encode_next_hop
= bgp_encode_next_hop_vpn
,
2020 .decode_next_hop
= bgp_decode_next_hop_vpn
,
2021 .update_next_hop
= bgp_update_next_hop_ip
,
2024 .afi
= BGP_AF_VPN4_MC
,
2027 .encode_nlri
= bgp_encode_nlri_vpn4
,
2028 .decode_nlri
= bgp_decode_nlri_vpn4
,
2029 .encode_next_hop
= bgp_encode_next_hop_vpn
,
2030 .decode_next_hop
= bgp_decode_next_hop_vpn
,
2031 .update_next_hop
= bgp_update_next_hop_ip
,
2034 .afi
= BGP_AF_VPN6_MC
,
2037 .encode_nlri
= bgp_encode_nlri_vpn6
,
2038 .decode_nlri
= bgp_decode_nlri_vpn6
,
2039 .encode_next_hop
= bgp_encode_next_hop_vpn
,
2040 .decode_next_hop
= bgp_decode_next_hop_vpn
,
2041 .update_next_hop
= bgp_update_next_hop_ip
,
2044 .afi
= BGP_AF_FLOW4
,
2048 .encode_nlri
= bgp_encode_nlri_flow4
,
2049 .decode_nlri
= bgp_decode_nlri_flow4
,
2050 .encode_next_hop
= bgp_encode_next_hop_none
,
2051 .decode_next_hop
= bgp_decode_next_hop_none
,
2052 .update_next_hop
= bgp_update_next_hop_none
,
2055 .afi
= BGP_AF_FLOW6
,
2059 .encode_nlri
= bgp_encode_nlri_flow6
,
2060 .decode_nlri
= bgp_decode_nlri_flow6
,
2061 .encode_next_hop
= bgp_encode_next_hop_none
,
2062 .decode_next_hop
= bgp_decode_next_hop_none
,
2063 .update_next_hop
= bgp_update_next_hop_none
,
2067 const struct bgp_af_desc
*
2068 bgp_get_af_desc(u32 afi
)
2071 for (i
= 0; i
< ARRAY_SIZE(bgp_af_table
); i
++)
2072 if (bgp_af_table
[i
].afi
== afi
)
2073 return &bgp_af_table
[i
];
2079 bgp_encode_nlri(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2081 return s
->channel
->desc
->encode_nlri(s
, buck
, buf
, end
- buf
);
2085 bgp_encode_next_hop(struct bgp_write_state
*s
, eattr
*nh
, byte
*buf
)
2087 return s
->channel
->desc
->encode_next_hop(s
, nh
, buf
, 255);
2091 bgp_update_next_hop(struct bgp_export_state
*s
, eattr
*a
, ea_list
**to
)
2093 s
->channel
->desc
->update_next_hop(s
, a
, to
);
2096 #define MAX_ATTRS_LENGTH (end-buf+BGP_HEADER_LENGTH - 1024)
2099 bgp_create_ip_reach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2102 * 2 B Withdrawn Routes Length (zero)
2103 * --- IPv4 Withdrawn Routes NLRI (unused)
2104 * 2 B Total Path Attribute Length
2105 * var Path Attributes
2106 * var IPv4 Network Layer Reachability Information
2111 la
= bgp_encode_attrs(s
, buck
->eattrs
, buf
+4, buf
+ MAX_ATTRS_LENGTH
);
2114 /* Attribute list too long */
2115 bgp_withdraw_bucket(s
->channel
, buck
);
2122 lr
= bgp_encode_nlri(s
, buck
, buf
+4+la
, end
);
2128 bgp_create_mp_reach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2131 * 2 B IPv4 Withdrawn Routes Length (zero)
2132 * --- IPv4 Withdrawn Routes NLRI (unused)
2133 * 2 B Total Path Attribute Length
2134 * 1 B MP_REACH_NLRI hdr - Attribute Flags
2135 * 1 B MP_REACH_NLRI hdr - Attribute Type Code
2136 * 2 B MP_REACH_NLRI hdr - Length of Attribute Data
2137 * 2 B MP_REACH_NLRI data - Address Family Identifier
2138 * 1 B MP_REACH_NLRI data - Subsequent Address Family Identifier
2139 * 1 B MP_REACH_NLRI data - Length of Next Hop Network Address
2140 * var MP_REACH_NLRI data - Network Address of Next Hop
2141 * 1 B MP_REACH_NLRI data - Reserved (zero)
2142 * var MP_REACH_NLRI data - Network Layer Reachability Information
2143 * var Rest of Path Attributes
2144 * --- IPv4 Network Layer Reachability Information (unused)
2147 int lh
, lr
, la
; /* Lengths of next hop, NLRI and attributes */
2149 /* Begin of MP_REACH_NLRI atribute */
2150 buf
[4] = BAF_OPTIONAL
| BAF_EXT_LEN
;
2151 buf
[5] = BA_MP_REACH_NLRI
;
2152 put_u16(buf
+6, 0); /* Will be fixed later */
2153 put_af3(buf
+8, s
->channel
->afi
);
2156 /* Encode attributes to temporary buffer */
2157 byte
*abuf
= alloca(MAX_ATTRS_LENGTH
);
2158 la
= bgp_encode_attrs(s
, buck
->eattrs
, abuf
, abuf
+ MAX_ATTRS_LENGTH
);
2161 /* Attribute list too long */
2162 bgp_withdraw_bucket(s
->channel
, buck
);
2166 /* Encode the next hop */
2167 lh
= bgp_encode_next_hop(s
, s
->mp_next_hop
, pos
+1);
2171 /* Reserved field */
2174 /* Encode the NLRI */
2175 lr
= bgp_encode_nlri(s
, buck
, pos
, end
- la
);
2178 /* End of MP_REACH_NLRI atribute, update data length */
2179 put_u16(buf
+6, pos
-buf
-8);
2181 /* Copy remaining attributes */
2182 memcpy(pos
, abuf
, la
);
2185 /* Initial UPDATE fields */
2187 put_u16(buf
+2, pos
-buf
-4);
2192 #undef MAX_ATTRS_LENGTH
2195 bgp_create_ip_unreach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2198 * 2 B Withdrawn Routes Length
2199 * var IPv4 Withdrawn Routes NLRI
2200 * 2 B Total Path Attribute Length (zero)
2201 * --- Path Attributes (unused)
2202 * --- IPv4 Network Layer Reachability Information (unused)
2205 uint len
= bgp_encode_nlri(s
, buck
, buf
+2, end
);
2207 put_u16(buf
+0, len
);
2208 put_u16(buf
+2+len
, 0);
2214 bgp_create_mp_unreach(struct bgp_write_state
*s
, struct bgp_bucket
*buck
, byte
*buf
, byte
*end
)
2217 * 2 B Withdrawn Routes Length (zero)
2218 * --- IPv4 Withdrawn Routes NLRI (unused)
2219 * 2 B Total Path Attribute Length
2220 * 1 B MP_UNREACH_NLRI hdr - Attribute Flags
2221 * 1 B MP_UNREACH_NLRI hdr - Attribute Type Code
2222 * 2 B MP_UNREACH_NLRI hdr - Length of Attribute Data
2223 * 2 B MP_UNREACH_NLRI data - Address Family Identifier
2224 * 1 B MP_UNREACH_NLRI data - Subsequent Address Family Identifier
2225 * var MP_UNREACH_NLRI data - Network Layer Reachability Information
2226 * --- IPv4 Network Layer Reachability Information (unused)
2229 uint len
= bgp_encode_nlri(s
, buck
, buf
+11, end
);
2232 put_u16(buf
+2, 7+len
);
2234 /* Begin of MP_UNREACH_NLRI atribute */
2235 buf
[4] = BAF_OPTIONAL
| BAF_EXT_LEN
;
2236 buf
[5] = BA_MP_UNREACH_NLRI
;
2237 put_u16(buf
+6, 3+len
);
2238 put_af3(buf
+8, s
->channel
->afi
);
2244 bgp_create_update(struct bgp_channel
*c
, byte
*buf
)
2246 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2247 struct bgp_bucket
*buck
;
2248 byte
*end
= buf
+ (bgp_max_packet_length(p
->conn
) - BGP_HEADER_LENGTH
);
2253 /* Initialize write state */
2254 struct bgp_write_state s
= {
2257 .pool
= bgp_linpool
,
2258 .mp_reach
= (c
->afi
!= BGP_AF_IPV4
) || c
->ext_next_hop
,
2259 .as4_session
= p
->as4_session
,
2260 .add_path
= c
->add_path_tx
,
2261 .mpls
= c
->desc
->mpls
,
2264 /* Try unreachable bucket */
2265 if ((buck
= c
->withdraw_bucket
) && !EMPTY_LIST(buck
->prefixes
))
2267 res
= (c
->afi
== BGP_AF_IPV4
) && !c
->ext_next_hop
?
2268 bgp_create_ip_unreach(&s
, buck
, buf
, end
):
2269 bgp_create_mp_unreach(&s
, buck
, buf
, end
);
2274 /* Try reachable buckets */
2275 if (!EMPTY_LIST(c
->bucket_queue
))
2277 buck
= HEAD(c
->bucket_queue
);
2279 /* Cleanup empty buckets */
2280 if (EMPTY_LIST(buck
->prefixes
))
2282 bgp_free_bucket(c
, buck
);
2287 bgp_create_ip_reach(&s
, buck
, buf
, end
):
2288 bgp_create_mp_reach(&s
, buck
, buf
, end
);
2290 if (EMPTY_LIST(buck
->prefixes
))
2291 bgp_free_bucket(c
, buck
);
2293 bgp_defer_bucket(c
, buck
);
2301 /* No more prefixes to send */
2305 BGP_TRACE_RL(&rl_snd_update
, D_PACKETS
, "Sending UPDATE");
2306 p
->stats
.tx_updates
++;
2313 bgp_create_ip_end_mark(struct bgp_channel
*c UNUSED
, byte
*buf
)
2315 /* Empty update packet */
2322 bgp_create_mp_end_mark(struct bgp_channel
*c
, byte
*buf
)
2325 put_u16(buf
+2, 6); /* length 4--9 */
2327 /* Empty MP_UNREACH_NLRI atribute */
2328 buf
[4] = BAF_OPTIONAL
;
2329 buf
[5] = BA_MP_UNREACH_NLRI
;
2330 buf
[6] = 3; /* Length 7--9 */
2331 put_af3(buf
+7, c
->afi
);
2337 bgp_create_end_mark(struct bgp_channel
*c
, byte
*buf
)
2339 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2341 BGP_TRACE(D_PACKETS
, "Sending END-OF-RIB");
2342 p
->stats
.tx_updates
++;
2344 return (c
->afi
== BGP_AF_IPV4
) ?
2345 bgp_create_ip_end_mark(c
, buf
):
2346 bgp_create_mp_end_mark(c
, buf
);
2350 bgp_rx_end_mark(struct bgp_parse_state
*s
, u32 afi
)
2352 struct bgp_proto
*p
= s
->proto
;
2353 struct bgp_channel
*c
= bgp_get_channel(p
, afi
);
2355 BGP_TRACE(D_PACKETS
, "Got END-OF-RIB");
2358 DISCARD(BAD_AFI
, BGP_AFI(afi
), BGP_SAFI(afi
));
2360 if (c
->load_state
== BFS_LOADING
)
2361 c
->load_state
= BFS_NONE
;
2363 if (p
->p
.gr_recovery
)
2364 channel_graceful_restart_unlock(&c
->c
);
2367 bgp_graceful_restart_done(c
);
2371 bgp_decode_nlri(struct bgp_parse_state
*s
, u32 afi
, byte
*nlri
, uint len
, ea_list
*ea
, byte
*nh
, uint nh_len
)
2373 struct bgp_channel
*c
= bgp_get_channel(s
->proto
, afi
);
2377 DISCARD(BAD_AFI
, BGP_AFI(afi
), BGP_SAFI(afi
));
2380 s
->add_path
= c
->add_path_rx
;
2381 s
->mpls
= c
->desc
->mpls
;
2384 s
->last_src
= s
->proto
->p
.main_source
;
2387 * IPv4 BGP and MP-BGP may be used together in one update, therefore we do not
2388 * add BA_NEXT_HOP in bgp_decode_attrs(), but we add it here independently for
2389 * IPv4 BGP and MP-BGP. We undo the attribute (and possibly others attached by
2390 * decode_next_hop hooks) by restoring a->eattrs afterwards.
2395 a
= allocz(RTA_MAX_SIZE
);
2397 a
->source
= RTS_BGP
;
2398 a
->scope
= SCOPE_UNIVERSE
;
2399 a
->from
= s
->proto
->remote_ip
;
2402 c
->desc
->decode_next_hop(s
, nh
, nh_len
, a
);
2403 bgp_finish_attrs(s
, a
);
2405 /* Handle withdraw during next hop decoding */
2406 if (s
->err_withdraw
)
2410 c
->desc
->decode_nlri(s
, nlri
, len
, a
);
2412 rta_free(s
->cached_rta
);
2413 s
->cached_rta
= NULL
;
2417 bgp_rx_update(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
2419 struct bgp_proto
*p
= conn
->bgp
;
2422 BGP_TRACE_RL(&rl_rcv_update
, D_PACKETS
, "Got UPDATE");
2423 p
->last_rx_update
= current_time();
2424 p
->stats
.rx_updates
++;
2426 /* Workaround for some BGP implementations that skip initial KEEPALIVE */
2427 if (conn
->state
== BS_OPENCONFIRM
)
2428 bgp_conn_enter_established_state(conn
);
2430 if (conn
->state
!= BS_ESTABLISHED
)
2431 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
2433 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
2435 /* Initialize parse state */
2436 struct bgp_parse_state s
= {
2438 .pool
= bgp_linpool
,
2439 .as4_session
= p
->as4_session
,
2442 /* Parse error handler */
2443 if (setjmp(s
.err_jmpbuf
))
2445 bgp_error(conn
, 3, s
.err_subcode
, NULL
, 0);
2449 /* Check minimal length */
2451 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
2453 /* Skip fixed header */
2457 * UPDATE message format
2459 * 2 B IPv4 Withdrawn Routes Length
2460 * var IPv4 Withdrawn Routes NLRI
2461 * 2 B Total Path Attribute Length
2462 * var Path Attributes
2463 * var IPv4 Reachable Routes NLRI
2466 s
.ip_unreach_len
= get_u16(pkt
+ pos
);
2467 s
.ip_unreach_nlri
= pkt
+ pos
+ 2;
2468 pos
+= 2 + s
.ip_unreach_len
;
2471 bgp_parse_error(&s
, 1);
2473 s
.attr_len
= get_u16(pkt
+ pos
);
2474 s
.attrs
= pkt
+ pos
+ 2;
2475 pos
+= 2 + s
.attr_len
;
2478 bgp_parse_error(&s
, 1);
2480 s
.ip_reach_len
= len
- pos
;
2481 s
.ip_reach_nlri
= pkt
+ pos
;
2485 ea
= bgp_decode_attrs(&s
, s
.attrs
, s
.attr_len
);
2489 /* Check for End-of-RIB marker */
2490 if (!s
.attr_len
&& !s
.ip_unreach_len
&& !s
.ip_reach_len
)
2491 { bgp_rx_end_mark(&s
, BGP_AF_IPV4
); goto done
; }
2493 /* Check for MP End-of-RIB marker */
2494 if ((s
.attr_len
< 8) && !s
.ip_unreach_len
&& !s
.ip_reach_len
&&
2495 !s
.mp_reach_len
&& !s
.mp_unreach_len
&& s
.mp_unreach_af
)
2496 { bgp_rx_end_mark(&s
, s
.mp_unreach_af
); goto done
; }
2498 if (s
.ip_unreach_len
)
2499 bgp_decode_nlri(&s
, BGP_AF_IPV4
, s
.ip_unreach_nlri
, s
.ip_unreach_len
, NULL
, NULL
, 0);
2501 if (s
.mp_unreach_len
)
2502 bgp_decode_nlri(&s
, s
.mp_unreach_af
, s
.mp_unreach_nlri
, s
.mp_unreach_len
, NULL
, NULL
, 0);
2505 bgp_decode_nlri(&s
, BGP_AF_IPV4
, s
.ip_reach_nlri
, s
.ip_reach_len
,
2506 ea
, s
.ip_next_hop_data
, s
.ip_next_hop_len
);
2509 bgp_decode_nlri(&s
, s
.mp_reach_af
, s
.mp_reach_nlri
, s
.mp_reach_len
,
2510 ea
, s
.mp_next_hop_data
, s
.mp_next_hop_len
);
2513 rta_free(s
.cached_rta
);
2519 bgp_find_update_afi(byte
*pos
, uint len
)
2522 * This is stripped-down version of bgp_rx_update(), bgp_decode_attrs() and
2523 * bgp_decode_mp_[un]reach_nlri() used by MRT code in order to find out which
2524 * AFI/SAFI is associated with incoming UPDATE. Returns 0 for framing errors.
2529 /* Assume there is no withrawn NLRI, read lengths and move to attribute list */
2530 uint wlen
= get_u16(pos
+ 19);
2531 uint alen
= get_u16(pos
+ 21);
2532 ADVANCE(pos
, len
, 23);
2534 /* Either non-zero withdrawn NLRI, non-zero reachable NLRI, or IPv4 End-of-RIB */
2535 if ((wlen
!= 0) || (alen
< len
) || !alen
)
2541 /* Process attribute list (alen == len) */
2547 uint flags
= pos
[0];
2549 ADVANCE(pos
, len
, 2);
2551 uint ll
= !(flags
& BAF_EXT_LEN
) ? 1 : 2;
2555 /* Read attribute length and move to attribute body */
2556 alen
= (ll
== 1) ? get_u8(pos
) : get_u16(pos
);
2557 ADVANCE(pos
, len
, ll
);
2563 if ((code
== BA_MP_REACH_NLRI
) || (code
== BA_MP_UNREACH_NLRI
))
2568 return BGP_AF(get_u16(pos
), pos
[2]);
2571 /* Move to the next attribute */
2572 ADVANCE(pos
, len
, alen
);
2575 /* No basic or MP NLRI, but there are some attributes -> error */
2584 static inline byte
*
2585 bgp_create_route_refresh(struct bgp_channel
*c
, byte
*buf
)
2587 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2589 BGP_TRACE(D_PACKETS
, "Sending ROUTE-REFRESH");
2591 /* Original route refresh request, RFC 2918 */
2592 put_af4(buf
, c
->afi
);
2593 buf
[2] = BGP_RR_REQUEST
;
2598 static inline byte
*
2599 bgp_create_begin_refresh(struct bgp_channel
*c
, byte
*buf
)
2601 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2603 BGP_TRACE(D_PACKETS
, "Sending BEGIN-OF-RR");
2605 /* Demarcation of beginning of route refresh (BoRR), RFC 7313 */
2606 put_af4(buf
, c
->afi
);
2607 buf
[2] = BGP_RR_BEGIN
;
2612 static inline byte
*
2613 bgp_create_end_refresh(struct bgp_channel
*c
, byte
*buf
)
2615 struct bgp_proto
*p
= (void *) c
->c
.proto
;
2617 BGP_TRACE(D_PACKETS
, "Sending END-OF-RR");
2619 /* Demarcation of ending of route refresh (EoRR), RFC 7313 */
2620 put_af4(buf
, c
->afi
);
2621 buf
[2] = BGP_RR_END
;
2627 bgp_rx_route_refresh(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
2629 struct bgp_proto
*p
= conn
->bgp
;
2631 if (conn
->state
!= BS_ESTABLISHED
)
2632 { bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0); return; }
2634 if (!conn
->local_caps
->route_refresh
)
2635 { bgp_error(conn
, 1, 3, pkt
+18, 1); return; }
2637 if (len
< (BGP_HEADER_LENGTH
+ 4))
2638 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
2640 if (len
> (BGP_HEADER_LENGTH
+ 4))
2641 { bgp_error(conn
, 7, 1, pkt
, MIN(len
, 2048)); return; }
2643 struct bgp_channel
*c
= bgp_get_channel(p
, get_af4(pkt
+19));
2646 log(L_WARN
"%s: Got ROUTE-REFRESH subtype %u for AF %u.%u, ignoring",
2647 p
->p
.name
, pkt
[21], get_u16(pkt
+19), pkt
[22]);
2651 /* RFC 7313 redefined reserved field as RR message subtype */
2652 uint subtype
= p
->enhanced_refresh
? pkt
[21] : BGP_RR_REQUEST
;
2656 case BGP_RR_REQUEST
:
2657 BGP_TRACE(D_PACKETS
, "Got ROUTE-REFRESH");
2658 channel_request_feeding(&c
->c
);
2662 BGP_TRACE(D_PACKETS
, "Got BEGIN-OF-RR");
2663 bgp_refresh_begin(c
);
2667 BGP_TRACE(D_PACKETS
, "Got END-OF-RR");
2672 log(L_WARN
"%s: Got ROUTE-REFRESH message with unknown subtype %u, ignoring",
2673 p
->p
.name
, subtype
);
2678 static inline struct bgp_channel
*
2679 bgp_get_channel_to_send(struct bgp_proto
*p
, struct bgp_conn
*conn
)
2681 uint i
= conn
->last_channel
;
2683 /* Try the last channel, but at most several times */
2684 if ((conn
->channels_to_send
& (1 << i
)) &&
2685 (conn
->last_channel_count
< 16))
2688 /* Find channel with non-zero channels_to_send */
2692 if (i
>= p
->channel_count
)
2695 while (! (conn
->channels_to_send
& (1 << i
)));
2697 /* Use that channel */
2698 conn
->last_channel
= i
;
2699 conn
->last_channel_count
= 0;
2702 conn
->last_channel_count
++;
2703 return p
->channel_map
[i
];
2707 bgp_send(struct bgp_conn
*conn
, uint type
, uint len
)
2709 sock
*sk
= conn
->sk
;
2710 byte
*buf
= sk
->tbuf
;
2712 conn
->bgp
->stats
.tx_messages
++;
2713 conn
->bgp
->stats
.tx_bytes
+= len
;
2715 memset(buf
, 0xff, 16); /* Marker */
2716 put_u16(buf
+16, len
);
2719 return sk_send(sk
, len
);
2723 * bgp_fire_tx - transmit packets
2726 * Whenever the transmit buffers of the underlying TCP connection
2727 * are free and we have any packets queued for sending, the socket functions
2728 * call bgp_fire_tx() which takes care of selecting the highest priority packet
2729 * queued (Notification > Keepalive > Open > Update), assembling its header
2730 * and body and sending it to the connection.
2733 bgp_fire_tx(struct bgp_conn
*conn
)
2735 struct bgp_proto
*p
= conn
->bgp
;
2736 struct bgp_channel
*c
;
2737 byte
*buf
, *pkt
, *end
;
2743 buf
= conn
->sk
->tbuf
;
2744 pkt
= buf
+ BGP_HEADER_LENGTH
;
2745 s
= conn
->packets_to_send
;
2747 if (s
& (1 << PKT_SCHEDULE_CLOSE
))
2749 /* We can finally close connection and enter idle state */
2750 bgp_conn_enter_idle_state(conn
);
2753 if (s
& (1 << PKT_NOTIFICATION
))
2755 conn
->packets_to_send
= 1 << PKT_SCHEDULE_CLOSE
;
2756 end
= bgp_create_notification(conn
, pkt
);
2757 return bgp_send(conn
, PKT_NOTIFICATION
, end
- buf
);
2759 else if (s
& (1 << PKT_OPEN
))
2761 conn
->packets_to_send
&= ~(1 << PKT_OPEN
);
2762 end
= bgp_create_open(conn
, pkt
);
2763 return bgp_send(conn
, PKT_OPEN
, end
- buf
);
2765 else if (s
& (1 << PKT_KEEPALIVE
))
2767 conn
->packets_to_send
&= ~(1 << PKT_KEEPALIVE
);
2768 BGP_TRACE(D_PACKETS
, "Sending KEEPALIVE");
2769 bgp_start_timer(conn
->keepalive_timer
, conn
->keepalive_time
);
2770 return bgp_send(conn
, PKT_KEEPALIVE
, BGP_HEADER_LENGTH
);
2772 else while (conn
->channels_to_send
)
2774 c
= bgp_get_channel_to_send(p
, conn
);
2775 s
= c
->packets_to_send
;
2777 if (s
& (1 << PKT_ROUTE_REFRESH
))
2779 c
->packets_to_send
&= ~(1 << PKT_ROUTE_REFRESH
);
2780 end
= bgp_create_route_refresh(c
, pkt
);
2781 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2783 else if (s
& (1 << PKT_BEGIN_REFRESH
))
2785 /* BoRR is a subtype of RR, but uses separate bit in packets_to_send */
2786 c
->packets_to_send
&= ~(1 << PKT_BEGIN_REFRESH
);
2787 end
= bgp_create_begin_refresh(c
, pkt
);
2788 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2790 else if (s
& (1 << PKT_UPDATE
))
2792 end
= bgp_create_update(c
, pkt
);
2794 return bgp_send(conn
, PKT_UPDATE
, end
- buf
);
2796 /* No update to send, perhaps we need to send End-of-RIB or EoRR */
2797 c
->packets_to_send
= 0;
2798 conn
->channels_to_send
&= ~(1 << c
->index
);
2800 if (c
->feed_state
== BFS_LOADED
)
2802 c
->feed_state
= BFS_NONE
;
2803 end
= bgp_create_end_mark(c
, pkt
);
2804 return bgp_send(conn
, PKT_UPDATE
, end
- buf
);
2807 else if (c
->feed_state
== BFS_REFRESHED
)
2809 c
->feed_state
= BFS_NONE
;
2810 end
= bgp_create_end_refresh(c
, pkt
);
2811 return bgp_send(conn
, PKT_ROUTE_REFRESH
, end
- buf
);
2815 bug("Channel packets_to_send: %x", s
);
2817 c
->packets_to_send
= 0;
2818 conn
->channels_to_send
&= ~(1 << c
->index
);
2825 * bgp_schedule_packet - schedule a packet for transmission
2828 * @type: packet type
2830 * Schedule a packet of type @type to be sent as soon as possible.
2833 bgp_schedule_packet(struct bgp_conn
*conn
, struct bgp_channel
*c
, int type
)
2837 DBG("BGP: Scheduling packet type %d\n", type
);
2841 if (! conn
->channels_to_send
)
2843 conn
->last_channel
= c
->index
;
2844 conn
->last_channel_count
= 0;
2847 c
->packets_to_send
|= 1 << type
;
2848 conn
->channels_to_send
|= 1 << c
->index
;
2851 conn
->packets_to_send
|= 1 << type
;
2853 if ((conn
->sk
->tpos
== conn
->sk
->tbuf
) && !ev_active(conn
->tx_ev
))
2854 ev_schedule(conn
->tx_ev
);
2857 bgp_kick_tx(void *vconn
)
2859 struct bgp_conn
*conn
= vconn
;
2861 DBG("BGP: kicking TX\n");
2863 while (--max
&& (bgp_fire_tx(conn
) > 0))
2866 if (!max
&& !ev_active(conn
->tx_ev
))
2867 ev_schedule(conn
->tx_ev
);
2873 struct bgp_conn
*conn
= sk
->data
;
2875 DBG("BGP: TX hook\n");
2877 while (--max
&& (bgp_fire_tx(conn
) > 0))
2880 if (!max
&& !ev_active(conn
->tx_ev
))
2881 ev_schedule(conn
->tx_ev
);
2888 } bgp_msg_table
[] = {
2889 { 1, 0, "Invalid message header" },
2890 { 1, 1, "Connection not synchronized" },
2891 { 1, 2, "Bad message length" },
2892 { 1, 3, "Bad message type" },
2893 { 2, 0, "Invalid OPEN message" },
2894 { 2, 1, "Unsupported version number" },
2895 { 2, 2, "Bad peer AS" },
2896 { 2, 3, "Bad BGP identifier" },
2897 { 2, 4, "Unsupported optional parameter" },
2898 { 2, 5, "Authentication failure" },
2899 { 2, 6, "Unacceptable hold time" },
2900 { 2, 7, "Required capability missing" }, /* [RFC5492] */
2901 { 2, 8, "No supported AFI/SAFI" }, /* This error msg is nonstandard */
2902 { 3, 0, "Invalid UPDATE message" },
2903 { 3, 1, "Malformed attribute list" },
2904 { 3, 2, "Unrecognized well-known attribute" },
2905 { 3, 3, "Missing mandatory attribute" },
2906 { 3, 4, "Invalid attribute flags" },
2907 { 3, 5, "Invalid attribute length" },
2908 { 3, 6, "Invalid ORIGIN attribute" },
2909 { 3, 7, "AS routing loop" }, /* Deprecated */
2910 { 3, 8, "Invalid NEXT_HOP attribute" },
2911 { 3, 9, "Optional attribute error" },
2912 { 3, 10, "Invalid network field" },
2913 { 3, 11, "Malformed AS_PATH" },
2914 { 4, 0, "Hold timer expired" },
2915 { 5, 0, "Finite state machine error" }, /* Subcodes are according to [RFC6608] */
2916 { 5, 1, "Unexpected message in OpenSent state" },
2917 { 5, 2, "Unexpected message in OpenConfirm state" },
2918 { 5, 3, "Unexpected message in Established state" },
2919 { 6, 0, "Cease" }, /* Subcodes are according to [RFC4486] */
2920 { 6, 1, "Maximum number of prefixes reached" },
2921 { 6, 2, "Administrative shutdown" },
2922 { 6, 3, "Peer de-configured" },
2923 { 6, 4, "Administrative reset" },
2924 { 6, 5, "Connection rejected" },
2925 { 6, 6, "Other configuration change" },
2926 { 6, 7, "Connection collision resolution" },
2927 { 6, 8, "Out of Resources" },
2928 { 7, 0, "Invalid ROUTE-REFRESH message" }, /* [RFC7313] */
2929 { 7, 1, "Invalid ROUTE-REFRESH message length" } /* [RFC7313] */
2933 * bgp_error_dsc - return BGP error description
2934 * @code: BGP error code
2935 * @subcode: BGP error subcode
2937 * bgp_error_dsc() returns error description for BGP errors
2938 * which might be static string or given temporary buffer.
2941 bgp_error_dsc(uint code
, uint subcode
)
2943 static char buff
[32];
2946 for (i
=0; i
< ARRAY_SIZE(bgp_msg_table
); i
++)
2947 if (bgp_msg_table
[i
].major
== code
&& bgp_msg_table
[i
].minor
== subcode
)
2948 return bgp_msg_table
[i
].msg
;
2950 bsprintf(buff
, "Unknown error %u.%u", code
, subcode
);
2954 /* RFC 8203 - shutdown communication message */
2956 bgp_handle_message(struct bgp_proto
*p
, byte
*data
, uint len
, byte
**bp
)
2958 byte
*msg
= data
+ 1;
2959 uint msg_len
= data
[0];
2962 /* Handle zero length message */
2966 /* Handle proper message */
2967 if (msg_len
+ 1 > len
)
2970 /* Some elementary cleanup */
2971 for (i
= 0; i
< msg_len
; i
++)
2975 proto_set_message(&p
->p
, msg
, msg_len
);
2976 *bp
+= bsprintf(*bp
, ": \"%s\"", p
->p
.message
);
2981 bgp_log_error(struct bgp_proto
*p
, u8
class, char *msg
, uint code
, uint subcode
, byte
*data
, uint len
)
2983 byte argbuf
[256+16], *t
= argbuf
;
2986 /* Don't report Cease messages generated by myself */
2987 if (code
== 6 && class == BE_BGP_TX
)
2990 /* Reset shutdown message */
2991 if ((code
== 6) && ((subcode
== 2) || (subcode
== 4)))
2992 proto_set_message(&p
->p
, NULL
, 0);
2996 /* Bad peer AS - we would like to print the AS */
2997 if ((code
== 2) && (subcode
== 2) && ((len
== 2) || (len
== 4)))
2999 t
+= bsprintf(t
, ": %u", (len
== 2) ? get_u16(data
) : get_u32(data
));
3003 /* RFC 8203 - shutdown communication */
3004 if (((code
== 6) && ((subcode
== 2) || (subcode
== 4))))
3005 if (bgp_handle_message(p
, data
, len
, &t
))
3012 for (i
=0; i
<len
; i
++)
3013 t
+= bsprintf(t
, "%02x", data
[i
]);
3018 const byte
*dsc
= bgp_error_dsc(code
, subcode
);
3019 log(L_REMOTE
"%s: %s: %s%s", p
->p
.name
, msg
, dsc
, argbuf
);
3023 bgp_rx_notification(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
3025 struct bgp_proto
*p
= conn
->bgp
;
3028 { bgp_error(conn
, 1, 2, pkt
+16, 2); return; }
3030 uint code
= pkt
[19];
3031 uint subcode
= pkt
[20];
3032 int err
= (code
!= 6);
3034 bgp_log_error(p
, BE_BGP_RX
, "Received", code
, subcode
, pkt
+21, len
-21);
3035 bgp_store_error(p
, conn
, BE_BGP_RX
, (code
<< 16) | subcode
);
3037 bgp_conn_enter_close_state(conn
);
3038 bgp_schedule_packet(conn
, NULL
, PKT_SCHEDULE_CLOSE
);
3042 bgp_update_startup_delay(p
);
3043 bgp_stop(p
, 0, NULL
, 0);
3047 uint subcode_bit
= 1 << ((subcode
<= 8) ? subcode
: 0);
3048 if (p
->cf
->disable_after_cease
& subcode_bit
)
3050 log(L_INFO
"%s: Disabled after Cease notification", p
->p
.name
);
3051 p
->startup_delay
= 0;
3058 bgp_rx_keepalive(struct bgp_conn
*conn
)
3060 struct bgp_proto
*p
= conn
->bgp
;
3062 BGP_TRACE(D_PACKETS
, "Got KEEPALIVE");
3063 bgp_start_timer(conn
->hold_timer
, conn
->hold_time
);
3065 if (conn
->state
== BS_OPENCONFIRM
)
3066 { bgp_conn_enter_established_state(conn
); return; }
3068 if (conn
->state
!= BS_ESTABLISHED
)
3069 bgp_error(conn
, 5, fsm_err_subcode
[conn
->state
], NULL
, 0);
3074 * bgp_rx_packet - handle a received packet
3075 * @conn: BGP connection
3076 * @pkt: start of the packet
3079 * bgp_rx_packet() takes a newly received packet and calls the corresponding
3080 * packet handler according to the packet type.
3083 bgp_rx_packet(struct bgp_conn
*conn
, byte
*pkt
, uint len
)
3085 byte type
= pkt
[18];
3087 DBG("BGP: Got packet %02x (%d bytes)\n", type
, len
);
3088 conn
->bgp
->stats
.rx_messages
++;
3089 conn
->bgp
->stats
.rx_bytes
+= len
;
3091 if (conn
->bgp
->p
.mrtdump
& MD_MESSAGES
)
3092 bgp_dump_message(conn
, pkt
, len
);
3096 case PKT_OPEN
: return bgp_rx_open(conn
, pkt
, len
);
3097 case PKT_UPDATE
: return bgp_rx_update(conn
, pkt
, len
);
3098 case PKT_NOTIFICATION
: return bgp_rx_notification(conn
, pkt
, len
);
3099 case PKT_KEEPALIVE
: return bgp_rx_keepalive(conn
);
3100 case PKT_ROUTE_REFRESH
: return bgp_rx_route_refresh(conn
, pkt
, len
);
3101 default: bgp_error(conn
, 1, 3, pkt
+18, 1);
3106 * bgp_rx - handle received data
3108 * @size: amount of data received
3110 * bgp_rx() is called by the socket layer whenever new data arrive from
3111 * the underlying TCP connection. It assembles the data fragments to packets,
3112 * checks their headers and framing and passes complete packets to
3116 bgp_rx(sock
*sk
, uint size
)
3118 struct bgp_conn
*conn
= sk
->data
;
3119 byte
*pkt_start
= sk
->rbuf
;
3120 byte
*end
= pkt_start
+ size
;
3123 DBG("BGP: RX hook: Got %d bytes\n", size
);
3124 while (end
>= pkt_start
+ BGP_HEADER_LENGTH
)
3126 if ((conn
->state
== BS_CLOSE
) || (conn
->sk
!= sk
))
3129 if (pkt_start
[i
] != 0xff)
3131 bgp_error(conn
, 1, 1, NULL
, 0);
3134 len
= get_u16(pkt_start
+16);
3135 if ((len
< BGP_HEADER_LENGTH
) || (len
> bgp_max_packet_length(conn
)))
3137 bgp_error(conn
, 1, 2, pkt_start
+16, 2);
3140 if (end
< pkt_start
+ len
)
3142 bgp_rx_packet(conn
, pkt_start
, len
);
3145 if (pkt_start
!= sk
->rbuf
)
3147 memmove(sk
->rbuf
, pkt_start
, end
- pkt_start
);
3148 sk
->rpos
= sk
->rbuf
+ (end
- pkt_start
);