bgp_open.c 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856
  1. /* BGP open message handling
  2. Copyright (C) 1998, 1999 Kunihiro Ishiguro
  3. This file is part of GNU Zebra.
  4. GNU Zebra is free software; you can redistribute it and/or modify it
  5. under the terms of the GNU General Public License as published by the
  6. Free Software Foundation; either version 2, or (at your option) any
  7. later version.
  8. GNU Zebra is distributed in the hope that it will be useful, but
  9. WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11. General Public License for more details.
  12. You should have received a copy of the GNU General Public License
  13. along with GNU Zebra; see the file COPYING. If not, write to the Free
  14. Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  15. 02111-1307, USA. */
  16. #include <zebra.h>
  17. #include "linklist.h"
  18. #include "prefix.h"
  19. #include "stream.h"
  20. #include "thread.h"
  21. #include "log.h"
  22. #include "command.h"
  23. #include "bgpd/bgpd.h"
  24. #include "bgpd/bgp_attr.h"
  25. #include "bgpd/bgp_debug.h"
  26. #include "bgpd/bgp_fsm.h"
  27. #include "bgpd/bgp_packet.h"
  28. #include "bgpd/bgp_open.h"
  29. #include "bgpd/bgp_vty.h"
  30. /* BGP-4 Multiprotocol Extentions lead us to the complex world. We can
  31. negotiate remote peer supports extentions or not. But if
  32. remote-peer doesn't supports negotiation process itself. We would
  33. like to do manual configuration.
  34. So there is many configurable point. First of all we want set each
  35. peer whether we send capability negotiation to the peer or not.
  36. Next, if we send capability to the peer we want to set my capabilty
  37. inforation at each peer. */
  38. void
  39. bgp_capability_vty_out (struct vty *vty, struct peer *peer)
  40. {
  41. char *pnt;
  42. char *end;
  43. struct capability cap;
  44. pnt = peer->notify.data;
  45. end = pnt + peer->notify.length;
  46. while (pnt < end)
  47. {
  48. memcpy(&cap, pnt, sizeof(struct capability));
  49. if (pnt + 2 > end)
  50. return;
  51. if (pnt + (cap.length + 2) > end)
  52. return;
  53. if (cap.code == CAPABILITY_CODE_MP)
  54. {
  55. vty_out (vty, " Capability error for: Multi protocol ");
  56. switch (ntohs (cap.mpc.afi))
  57. {
  58. case AFI_IP:
  59. vty_out (vty, "AFI IPv4, ");
  60. break;
  61. case AFI_IP6:
  62. vty_out (vty, "AFI IPv6, ");
  63. break;
  64. default:
  65. vty_out (vty, "AFI Unknown %d, ", ntohs (cap.mpc.afi));
  66. break;
  67. }
  68. switch (cap.mpc.safi)
  69. {
  70. case SAFI_UNICAST:
  71. vty_out (vty, "SAFI Unicast");
  72. break;
  73. case SAFI_MULTICAST:
  74. vty_out (vty, "SAFI Multicast");
  75. break;
  76. case SAFI_UNICAST_MULTICAST:
  77. vty_out (vty, "SAFI Unicast Multicast");
  78. break;
  79. case BGP_SAFI_VPNV4:
  80. vty_out (vty, "SAFI MPLS-VPN");
  81. break;
  82. default:
  83. vty_out (vty, "SAFI Unknown %d ", cap.mpc.safi);
  84. break;
  85. }
  86. vty_out (vty, "%s", VTY_NEWLINE);
  87. }
  88. else if (cap.code >= 128)
  89. vty_out (vty, " Capability error: vendor specific capability code %d",
  90. cap.code);
  91. else
  92. vty_out (vty, " Capability error: unknown capability code %d",
  93. cap.code);
  94. pnt += cap.length + 2;
  95. }
  96. }
  97. /* Set negotiated capability value. */
  98. static int
  99. bgp_capability_mp (struct peer *peer, struct capability *cap)
  100. {
  101. if (ntohs (cap->mpc.afi) == AFI_IP)
  102. {
  103. if (cap->mpc.safi == SAFI_UNICAST)
  104. {
  105. peer->afc_recv[AFI_IP][SAFI_UNICAST] = 1;
  106. if (peer->afc[AFI_IP][SAFI_UNICAST])
  107. peer->afc_nego[AFI_IP][SAFI_UNICAST] = 1;
  108. else
  109. return -1;
  110. }
  111. else if (cap->mpc.safi == SAFI_MULTICAST)
  112. {
  113. peer->afc_recv[AFI_IP][SAFI_MULTICAST] = 1;
  114. if (peer->afc[AFI_IP][SAFI_MULTICAST])
  115. peer->afc_nego[AFI_IP][SAFI_MULTICAST] = 1;
  116. else
  117. return -1;
  118. }
  119. else if (cap->mpc.safi == BGP_SAFI_VPNV4)
  120. {
  121. peer->afc_recv[AFI_IP][SAFI_MPLS_VPN] = 1;
  122. if (peer->afc[AFI_IP][SAFI_MPLS_VPN])
  123. peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] = 1;
  124. else
  125. return -1;
  126. }
  127. else
  128. return -1;
  129. }
  130. #ifdef HAVE_IPV6
  131. else if (ntohs (cap->mpc.afi) == AFI_IP6)
  132. {
  133. if (cap->mpc.safi == SAFI_UNICAST)
  134. {
  135. peer->afc_recv[AFI_IP6][SAFI_UNICAST] = 1;
  136. if (peer->afc[AFI_IP6][SAFI_UNICAST])
  137. peer->afc_nego[AFI_IP6][SAFI_UNICAST] = 1;
  138. else
  139. return -1;
  140. }
  141. else if (cap->mpc.safi == SAFI_MULTICAST)
  142. {
  143. peer->afc_recv[AFI_IP6][SAFI_MULTICAST] = 1;
  144. if (peer->afc[AFI_IP6][SAFI_MULTICAST])
  145. peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = 1;
  146. else
  147. return -1;
  148. }
  149. else
  150. return -1;
  151. }
  152. #endif /* HAVE_IPV6 */
  153. else
  154. {
  155. /* Unknown Address Family. */
  156. return -1;
  157. }
  158. return 0;
  159. }
  160. static void
  161. bgp_capability_orf_not_support (struct peer *peer, afi_t afi, safi_t safi,
  162. u_char type, u_char mode)
  163. {
  164. if (BGP_DEBUG (normal, NORMAL))
  165. zlog_debug ("%s Addr-family %d/%d has ORF type/mode %d/%d not supported",
  166. peer->host, afi, safi, type, mode);
  167. }
  168. static int
  169. bgp_capability_orf (struct peer *peer, struct capability *cap,
  170. u_char *pnt)
  171. {
  172. afi_t afi = ntohs(cap->mpc.afi);
  173. safi_t safi = cap->mpc.safi;
  174. u_char number_of_orfs;
  175. u_char type;
  176. u_char mode;
  177. u_int16_t sm_cap = 0; /* capability send-mode receive */
  178. u_int16_t rm_cap = 0; /* capability receive-mode receive */
  179. int i;
  180. /* Check length. */
  181. if (cap->length < 7)
  182. {
  183. zlog_info ("%s ORF Capability length error %d",
  184. peer->host, cap->length);
  185. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  186. return -1;
  187. }
  188. if (BGP_DEBUG (normal, NORMAL))
  189. zlog_debug ("%s OPEN has ORF CAP(%s) for afi/safi: %u/%u",
  190. peer->host, (cap->code == CAPABILITY_CODE_ORF ?
  191. "new" : "old"), afi, safi);
  192. /* Check AFI and SAFI. */
  193. if ((afi != AFI_IP && afi != AFI_IP6)
  194. || (safi != SAFI_UNICAST && safi != SAFI_MULTICAST
  195. && safi != BGP_SAFI_VPNV4))
  196. {
  197. zlog_info ("%s Addr-family %d/%d not supported. Ignoring the ORF capability",
  198. peer->host, afi, safi);
  199. return -1;
  200. }
  201. number_of_orfs = *pnt++;
  202. for (i = 0 ; i < number_of_orfs ; i++)
  203. {
  204. type = *pnt++;
  205. mode = *pnt++;
  206. /* ORF Mode error check */
  207. if (mode != ORF_MODE_BOTH && mode != ORF_MODE_SEND
  208. && mode != ORF_MODE_RECEIVE)
  209. {
  210. bgp_capability_orf_not_support (peer, afi, safi, type, mode);
  211. continue;
  212. }
  213. /* ORF Type and afi/safi error check */
  214. if (cap->code == CAPABILITY_CODE_ORF)
  215. {
  216. if (type == ORF_TYPE_PREFIX &&
  217. ((afi == AFI_IP && safi == SAFI_UNICAST)
  218. || (afi == AFI_IP && safi == SAFI_MULTICAST)
  219. || (afi == AFI_IP6 && safi == SAFI_UNICAST)))
  220. {
  221. sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV;
  222. rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV;
  223. if (BGP_DEBUG (normal, NORMAL))
  224. zlog_debug ("%s OPEN has Prefixlist ORF(%d) capability as %s for afi/safi: %d/%d",
  225. peer->host, ORF_TYPE_PREFIX, (mode == ORF_MODE_SEND ? "SEND" :
  226. mode == ORF_MODE_RECEIVE ? "RECEIVE" : "BOTH") , afi, safi);
  227. }
  228. else
  229. {
  230. bgp_capability_orf_not_support (peer, afi, safi, type, mode);
  231. continue;
  232. }
  233. }
  234. else if (cap->code == CAPABILITY_CODE_ORF_OLD)
  235. {
  236. if (type == ORF_TYPE_PREFIX_OLD &&
  237. ((afi == AFI_IP && safi == SAFI_UNICAST)
  238. || (afi == AFI_IP && safi == SAFI_MULTICAST)
  239. || (afi == AFI_IP6 && safi == SAFI_UNICAST)))
  240. {
  241. sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV;
  242. rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV;
  243. if (BGP_DEBUG (normal, NORMAL))
  244. zlog_debug ("%s OPEN has Prefixlist ORF(%d) capability as %s for afi/safi: %d/%d",
  245. peer->host, ORF_TYPE_PREFIX_OLD, (mode == ORF_MODE_SEND ? "SEND" :
  246. mode == ORF_MODE_RECEIVE ? "RECEIVE" : "BOTH") , afi, safi);
  247. }
  248. else
  249. {
  250. bgp_capability_orf_not_support (peer, afi, safi, type, mode);
  251. continue;
  252. }
  253. }
  254. else
  255. {
  256. bgp_capability_orf_not_support (peer, afi, safi, type, mode);
  257. continue;
  258. }
  259. switch (mode)
  260. {
  261. case ORF_MODE_BOTH:
  262. SET_FLAG (peer->af_cap[afi][safi], sm_cap);
  263. SET_FLAG (peer->af_cap[afi][safi], rm_cap);
  264. break;
  265. case ORF_MODE_SEND:
  266. SET_FLAG (peer->af_cap[afi][safi], sm_cap);
  267. break;
  268. case ORF_MODE_RECEIVE:
  269. SET_FLAG (peer->af_cap[afi][safi], rm_cap);
  270. break;
  271. }
  272. }
  273. return 0;
  274. }
  275. /* Parse given capability. */
  276. static int
  277. bgp_capability_parse (struct peer *peer, u_char *pnt, u_char length,
  278. u_char **error)
  279. {
  280. int ret;
  281. u_char *end;
  282. struct capability cap;
  283. end = pnt + length;
  284. while (pnt < end)
  285. {
  286. afi_t afi;
  287. safi_t safi;
  288. /* Fetch structure to the byte stream. */
  289. memcpy (&cap, pnt, sizeof (struct capability));
  290. afi = ntohs(cap.mpc.afi);
  291. safi = cap.mpc.safi;
  292. if (BGP_DEBUG (normal, NORMAL))
  293. zlog_debug ("%s OPEN has CAPABILITY code: %d, length %d",
  294. peer->host, cap.code, cap.length);
  295. /* We need at least capability code and capability length. */
  296. if (pnt + 2 > end)
  297. {
  298. zlog_info ("%s Capability length error", peer->host);
  299. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  300. return -1;
  301. }
  302. /* Capability length check. */
  303. if (pnt + (cap.length + 2) > end)
  304. {
  305. zlog_info ("%s Capability length error", peer->host);
  306. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  307. return -1;
  308. }
  309. /* We know MP Capability Code. */
  310. if (cap.code == CAPABILITY_CODE_MP)
  311. {
  312. if (BGP_DEBUG (normal, NORMAL))
  313. zlog_debug ("%s OPEN has MP_EXT CAP for afi/safi: %u/%u",
  314. peer->host, afi, safi);
  315. /* Ignore capability when override-capability is set. */
  316. if (! CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
  317. {
  318. /* Set negotiated value. */
  319. ret = bgp_capability_mp (peer, &cap);
  320. /* Unsupported Capability. */
  321. if (ret < 0)
  322. {
  323. /* Store return data. */
  324. memcpy (*error, &cap, cap.length + 2);
  325. *error += cap.length + 2;
  326. }
  327. }
  328. }
  329. else if (cap.code == CAPABILITY_CODE_REFRESH
  330. || cap.code == CAPABILITY_CODE_REFRESH_OLD)
  331. {
  332. /* Check length. */
  333. if (cap.length != CAPABILITY_CODE_REFRESH_LEN)
  334. {
  335. zlog_info ("%s Route Refresh Capability length error %d",
  336. peer->host, cap.length);
  337. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  338. return -1;
  339. }
  340. if (BGP_DEBUG (normal, NORMAL))
  341. zlog_debug ("%s OPEN has ROUTE-REFRESH capability(%s) for all address-families",
  342. peer->host,
  343. cap.code == CAPABILITY_CODE_REFRESH_OLD ? "old" : "new");
  344. /* BGP refresh capability */
  345. if (cap.code == CAPABILITY_CODE_REFRESH_OLD)
  346. SET_FLAG (peer->cap, PEER_CAP_REFRESH_OLD_RCV);
  347. else
  348. SET_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV);
  349. }
  350. else if (cap.code == CAPABILITY_CODE_ORF
  351. || cap.code == CAPABILITY_CODE_ORF_OLD)
  352. bgp_capability_orf (peer, &cap, pnt + sizeof (struct capability));
  353. else if (cap.code == CAPABILITY_CODE_RESTART)
  354. {
  355. struct graceful_restart_af graf;
  356. u_int16_t restart_flag_time;
  357. int restart_bit = 0;
  358. u_char *restart_pnt;
  359. u_char *restart_end;
  360. /* Check length. */
  361. if (cap.length < CAPABILITY_CODE_RESTART_LEN)
  362. {
  363. zlog_info ("%s Graceful Restart Capability length error %d",
  364. peer->host, cap.length);
  365. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  366. return -1;
  367. }
  368. SET_FLAG (peer->cap, PEER_CAP_RESTART_RCV);
  369. restart_flag_time = ntohs(cap.mpc.afi);
  370. if (CHECK_FLAG (restart_flag_time, RESTART_R_BIT))
  371. restart_bit = 1;
  372. UNSET_FLAG (restart_flag_time, 0xF000);
  373. peer->v_gr_restart = restart_flag_time;
  374. if (BGP_DEBUG (normal, NORMAL))
  375. {
  376. zlog_debug ("%s OPEN has Graceful Restart capability", peer->host);
  377. zlog_debug ("%s Peer has%srestarted. Restart Time : %d",
  378. peer->host, restart_bit ? " " : " not ",
  379. peer->v_gr_restart);
  380. }
  381. restart_pnt = pnt + 4;
  382. restart_end = pnt + cap.length + 2;
  383. while (restart_pnt < restart_end)
  384. {
  385. memcpy (&graf, restart_pnt, sizeof (struct graceful_restart_af));
  386. afi = ntohs(graf.afi);
  387. safi = graf.safi;
  388. if (CHECK_FLAG (graf.flag, RESTART_F_BIT))
  389. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_PRESERVE_RCV);
  390. if (strcmp (afi_safi_print (afi, safi), "Unknown") == 0)
  391. {
  392. if (BGP_DEBUG (normal, NORMAL))
  393. zlog_debug ("%s Addr-family %d/%d(afi/safi) not supported. I gnore the Graceful Restart capability",
  394. peer->host, afi, safi);
  395. }
  396. else if (! peer->afc[afi][safi])
  397. {
  398. if (BGP_DEBUG (normal, NORMAL))
  399. zlog_debug ("%s Addr-family %d/%d(afi/safi) not enabled. Ignore the Graceful Restart capability",
  400. peer->host, afi, safi);
  401. }
  402. else
  403. {
  404. if (BGP_DEBUG (normal, NORMAL))
  405. zlog_debug ("%s Address family %s is%spreserved", peer->host,
  406. afi_safi_print (afi, safi),
  407. CHECK_FLAG (peer->af_cap[afi][safi],
  408. PEER_CAP_RESTART_AF_PRESERVE_RCV)
  409. ? " " : " not ");
  410. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_RCV);
  411. }
  412. restart_pnt += 4;
  413. }
  414. }
  415. else if (cap.code == CAPABILITY_CODE_DYNAMIC)
  416. {
  417. /* Check length. */
  418. if (cap.length != CAPABILITY_CODE_DYNAMIC_LEN)
  419. {
  420. zlog_info ("%s Dynamic Capability length error %d",
  421. peer->host, cap.length);
  422. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  423. return -1;
  424. }
  425. if (BGP_DEBUG (normal, NORMAL))
  426. zlog_debug ("%s OPEN has DYNAMIC capability", peer->host);
  427. SET_FLAG (peer->cap, PEER_CAP_DYNAMIC_RCV);
  428. }
  429. else if (cap.code > 128)
  430. {
  431. /* We don't send Notification for unknown vendor specific
  432. capabilities. It seems reasonable for now... */
  433. zlog_warn ("%s Vendor specific capability %d",
  434. peer->host, cap.code);
  435. }
  436. else
  437. {
  438. zlog_warn ("%s unrecognized capability code: %d - ignored",
  439. peer->host, cap.code);
  440. memcpy (*error, &cap, cap.length + 2);
  441. *error += cap.length + 2;
  442. }
  443. pnt += cap.length + 2;
  444. }
  445. return 0;
  446. }
  447. static int
  448. bgp_auth_parse (struct peer *peer, u_char *pnt, size_t length)
  449. {
  450. bgp_notify_send (peer,
  451. BGP_NOTIFY_OPEN_ERR,
  452. BGP_NOTIFY_OPEN_AUTH_FAILURE);
  453. return -1;
  454. }
  455. static int
  456. strict_capability_same (struct peer *peer)
  457. {
  458. int i, j;
  459. for (i = AFI_IP; i < AFI_MAX; i++)
  460. for (j = SAFI_UNICAST; j < SAFI_MAX; j++)
  461. if (peer->afc[i][j] != peer->afc_nego[i][j])
  462. return 0;
  463. return 1;
  464. }
  465. /* Parse open option */
  466. int
  467. bgp_open_option_parse (struct peer *peer, u_char length, int *capability)
  468. {
  469. int ret;
  470. u_char *end;
  471. u_char opt_type;
  472. u_char opt_length;
  473. u_char *pnt;
  474. u_char *error;
  475. u_char error_data[BGP_MAX_PACKET_SIZE];
  476. /* Fetch pointer. */
  477. pnt = stream_pnt (peer->ibuf);
  478. ret = 0;
  479. opt_type = 0;
  480. opt_length = 0;
  481. end = pnt + length;
  482. error = error_data;
  483. if (BGP_DEBUG (normal, NORMAL))
  484. zlog_debug ("%s rcv OPEN w/ OPTION parameter len: %u",
  485. peer->host, length);
  486. while (pnt < end)
  487. {
  488. /* Check the length. */
  489. if (pnt + 2 > end)
  490. {
  491. zlog_info ("%s Option length error", peer->host);
  492. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  493. return -1;
  494. }
  495. /* Fetch option type and length. */
  496. opt_type = *pnt++;
  497. opt_length = *pnt++;
  498. /* Option length check. */
  499. if (pnt + opt_length > end)
  500. {
  501. zlog_info ("%s Option length error", peer->host);
  502. bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0);
  503. return -1;
  504. }
  505. if (BGP_DEBUG (normal, NORMAL))
  506. zlog_debug ("%s rcvd OPEN w/ optional parameter type %u (%s) len %u",
  507. peer->host, opt_type,
  508. opt_type == BGP_OPEN_OPT_AUTH ? "Authentication" :
  509. opt_type == BGP_OPEN_OPT_CAP ? "Capability" : "Unknown",
  510. opt_length);
  511. switch (opt_type)
  512. {
  513. case BGP_OPEN_OPT_AUTH:
  514. ret = bgp_auth_parse (peer, pnt, opt_length);
  515. break;
  516. case BGP_OPEN_OPT_CAP:
  517. ret = bgp_capability_parse (peer, pnt, opt_length, &error);
  518. *capability = 1;
  519. break;
  520. default:
  521. bgp_notify_send (peer,
  522. BGP_NOTIFY_OPEN_ERR,
  523. BGP_NOTIFY_OPEN_UNSUP_PARAM);
  524. ret = -1;
  525. break;
  526. }
  527. /* Parse error. To accumulate all unsupported capability codes,
  528. bgp_capability_parse does not return -1 when encounter
  529. unsupported capability code. To detect that, please check
  530. error and erro_data pointer, like below. */
  531. if (ret < 0)
  532. return -1;
  533. /* Forward pointer. */
  534. pnt += opt_length;
  535. }
  536. /* All OPEN option is parsed. Check capability when strict compare
  537. flag is enabled.*/
  538. if (CHECK_FLAG (peer->flags, PEER_FLAG_STRICT_CAP_MATCH))
  539. {
  540. /* If Unsupported Capability exists. */
  541. if (error != error_data)
  542. {
  543. bgp_notify_send_with_data (peer,
  544. BGP_NOTIFY_OPEN_ERR,
  545. BGP_NOTIFY_OPEN_UNSUP_CAPBL,
  546. error_data, error - error_data);
  547. return -1;
  548. }
  549. /* Check local capability does not negotiated with remote
  550. peer. */
  551. if (! strict_capability_same (peer))
  552. {
  553. bgp_notify_send (peer,
  554. BGP_NOTIFY_OPEN_ERR,
  555. BGP_NOTIFY_OPEN_UNSUP_CAPBL);
  556. return -1;
  557. }
  558. }
  559. /* Check there is no common capability send Unsupported Capability
  560. error. */
  561. if (*capability && ! CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
  562. {
  563. if (! peer->afc_nego[AFI_IP][SAFI_UNICAST]
  564. && ! peer->afc_nego[AFI_IP][SAFI_MULTICAST]
  565. && ! peer->afc_nego[AFI_IP][SAFI_MPLS_VPN]
  566. && ! peer->afc_nego[AFI_IP6][SAFI_UNICAST]
  567. && ! peer->afc_nego[AFI_IP6][SAFI_MULTICAST])
  568. {
  569. plog_err (peer->log, "%s [Error] No common capability", peer->host);
  570. if (error != error_data)
  571. bgp_notify_send_with_data (peer,
  572. BGP_NOTIFY_OPEN_ERR,
  573. BGP_NOTIFY_OPEN_UNSUP_CAPBL,
  574. error_data, error - error_data);
  575. else
  576. bgp_notify_send (peer,
  577. BGP_NOTIFY_OPEN_ERR,
  578. BGP_NOTIFY_OPEN_UNSUP_CAPBL);
  579. return -1;
  580. }
  581. }
  582. return 0;
  583. }
  584. static void
  585. bgp_open_capability_orf (struct stream *s, struct peer *peer,
  586. afi_t afi, safi_t safi, u_char code)
  587. {
  588. u_char cap_len;
  589. u_char orf_len;
  590. unsigned long capp;
  591. unsigned long orfp;
  592. unsigned long numberp;
  593. int number_of_orfs = 0;
  594. if (safi == SAFI_MPLS_VPN)
  595. safi = BGP_SAFI_VPNV4;
  596. stream_putc (s, BGP_OPEN_OPT_CAP);
  597. capp = stream_get_endp (s); /* Set Capability Len Pointer */
  598. stream_putc (s, 0); /* Capability Length */
  599. stream_putc (s, code); /* Capability Code */
  600. orfp = stream_get_endp (s); /* Set ORF Len Pointer */
  601. stream_putc (s, 0); /* ORF Length */
  602. stream_putw (s, afi);
  603. stream_putc (s, 0);
  604. stream_putc (s, safi);
  605. numberp = stream_get_endp (s); /* Set Number Pointer */
  606. stream_putc (s, 0); /* Number of ORFs */
  607. /* Address Prefix ORF */
  608. if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
  609. || CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM))
  610. {
  611. stream_putc (s, (code == CAPABILITY_CODE_ORF ?
  612. ORF_TYPE_PREFIX : ORF_TYPE_PREFIX_OLD));
  613. if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
  614. && CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM))
  615. {
  616. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_ADV);
  617. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_RM_ADV);
  618. stream_putc (s, ORF_MODE_BOTH);
  619. }
  620. else if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM))
  621. {
  622. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_ADV);
  623. stream_putc (s, ORF_MODE_SEND);
  624. }
  625. else
  626. {
  627. SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_RM_ADV);
  628. stream_putc (s, ORF_MODE_RECEIVE);
  629. }
  630. number_of_orfs++;
  631. }
  632. /* Total Number of ORFs. */
  633. stream_putc_at (s, numberp, number_of_orfs);
  634. /* Total ORF Len. */
  635. orf_len = stream_get_endp (s) - orfp - 1;
  636. stream_putc_at (s, orfp, orf_len);
  637. /* Total Capability Len. */
  638. cap_len = stream_get_endp (s) - capp - 1;
  639. stream_putc_at (s, capp, cap_len);
  640. }
  641. /* Fill in capability open option to the packet. */
  642. void
  643. bgp_open_capability (struct stream *s, struct peer *peer)
  644. {
  645. u_char len;
  646. unsigned long cp;
  647. afi_t afi;
  648. safi_t safi;
  649. /* Remember current pointer for Opt Parm Len. */
  650. cp = stream_get_endp (s);
  651. /* Opt Parm Len. */
  652. stream_putc (s, 0);
  653. /* Do not send capability. */
  654. if (! CHECK_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN)
  655. || CHECK_FLAG (peer->flags, PEER_FLAG_DONT_CAPABILITY))
  656. return;
  657. /* IPv4 unicast. */
  658. if (peer->afc[AFI_IP][SAFI_UNICAST])
  659. {
  660. peer->afc_adv[AFI_IP][SAFI_UNICAST] = 1;
  661. stream_putc (s, BGP_OPEN_OPT_CAP);
  662. stream_putc (s, CAPABILITY_CODE_MP_LEN + 2);
  663. stream_putc (s, CAPABILITY_CODE_MP);
  664. stream_putc (s, CAPABILITY_CODE_MP_LEN);
  665. stream_putw (s, AFI_IP);
  666. stream_putc (s, 0);
  667. stream_putc (s, SAFI_UNICAST);
  668. }
  669. /* IPv4 multicast. */
  670. if (peer->afc[AFI_IP][SAFI_MULTICAST])
  671. {
  672. peer->afc_adv[AFI_IP][SAFI_MULTICAST] = 1;
  673. stream_putc (s, BGP_OPEN_OPT_CAP);
  674. stream_putc (s, CAPABILITY_CODE_MP_LEN + 2);
  675. stream_putc (s, CAPABILITY_CODE_MP);
  676. stream_putc (s, CAPABILITY_CODE_MP_LEN);
  677. stream_putw (s, AFI_IP);
  678. stream_putc (s, 0);
  679. stream_putc (s, SAFI_MULTICAST);
  680. }
  681. /* IPv4 VPN */
  682. if (peer->afc[AFI_IP][SAFI_MPLS_VPN])
  683. {
  684. peer->afc_adv[AFI_IP][SAFI_MPLS_VPN] = 1;
  685. stream_putc (s, BGP_OPEN_OPT_CAP);
  686. stream_putc (s, CAPABILITY_CODE_MP_LEN + 2);
  687. stream_putc (s, CAPABILITY_CODE_MP);
  688. stream_putc (s, CAPABILITY_CODE_MP_LEN);
  689. stream_putw (s, AFI_IP);
  690. stream_putc (s, 0);
  691. stream_putc (s, BGP_SAFI_VPNV4);
  692. }
  693. #ifdef HAVE_IPV6
  694. /* IPv6 unicast. */
  695. if (peer->afc[AFI_IP6][SAFI_UNICAST])
  696. {
  697. peer->afc_adv[AFI_IP6][SAFI_UNICAST] = 1;
  698. stream_putc (s, BGP_OPEN_OPT_CAP);
  699. stream_putc (s, CAPABILITY_CODE_MP_LEN + 2);
  700. stream_putc (s, CAPABILITY_CODE_MP);
  701. stream_putc (s, CAPABILITY_CODE_MP_LEN);
  702. stream_putw (s, AFI_IP6);
  703. stream_putc (s, 0);
  704. stream_putc (s, SAFI_UNICAST);
  705. }
  706. /* IPv6 multicast. */
  707. if (peer->afc[AFI_IP6][SAFI_MULTICAST])
  708. {
  709. peer->afc_adv[AFI_IP6][SAFI_MULTICAST] = 1;
  710. stream_putc (s, BGP_OPEN_OPT_CAP);
  711. stream_putc (s, CAPABILITY_CODE_MP_LEN + 2);
  712. stream_putc (s, CAPABILITY_CODE_MP);
  713. stream_putc (s, CAPABILITY_CODE_MP_LEN);
  714. stream_putw (s, AFI_IP6);
  715. stream_putc (s, 0);
  716. stream_putc (s, SAFI_MULTICAST);
  717. }
  718. #endif /* HAVE_IPV6 */
  719. /* Route refresh. */
  720. SET_FLAG (peer->cap, PEER_CAP_REFRESH_ADV);
  721. stream_putc (s, BGP_OPEN_OPT_CAP);
  722. stream_putc (s, CAPABILITY_CODE_REFRESH_LEN + 2);
  723. stream_putc (s, CAPABILITY_CODE_REFRESH_OLD);
  724. stream_putc (s, CAPABILITY_CODE_REFRESH_LEN);
  725. stream_putc (s, BGP_OPEN_OPT_CAP);
  726. stream_putc (s, CAPABILITY_CODE_REFRESH_LEN + 2);
  727. stream_putc (s, CAPABILITY_CODE_REFRESH);
  728. stream_putc (s, CAPABILITY_CODE_REFRESH_LEN);
  729. /* ORF capability. */
  730. for (afi = AFI_IP ; afi < AFI_MAX ; afi++)
  731. for (safi = SAFI_UNICAST ; safi < SAFI_MAX ; safi++)
  732. if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
  733. || CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM))
  734. {
  735. bgp_open_capability_orf (s, peer, afi, safi, CAPABILITY_CODE_ORF_OLD);
  736. bgp_open_capability_orf (s, peer, afi, safi, CAPABILITY_CODE_ORF);
  737. }
  738. /* Dynamic capability. */
  739. if (CHECK_FLAG (peer->flags, PEER_FLAG_DYNAMIC_CAPABILITY))
  740. {
  741. SET_FLAG (peer->cap, PEER_CAP_DYNAMIC_ADV);
  742. stream_putc (s, BGP_OPEN_OPT_CAP);
  743. stream_putc (s, CAPABILITY_CODE_DYNAMIC_LEN + 2);
  744. stream_putc (s, CAPABILITY_CODE_DYNAMIC);
  745. stream_putc (s, CAPABILITY_CODE_DYNAMIC_LEN);
  746. }
  747. /* Graceful restart capability */
  748. if (bgp_flag_check (peer->bgp, BGP_FLAG_GRACEFUL_RESTART))
  749. {
  750. SET_FLAG (peer->cap, PEER_CAP_RESTART_ADV);
  751. stream_putc (s, BGP_OPEN_OPT_CAP);
  752. stream_putc (s, CAPABILITY_CODE_RESTART_LEN + 2);
  753. stream_putc (s, CAPABILITY_CODE_RESTART);
  754. stream_putc (s, CAPABILITY_CODE_RESTART_LEN);
  755. stream_putw (s, peer->bgp->restart_time);
  756. }
  757. /* Total Opt Parm Len. */
  758. len = stream_get_endp (s) - cp - 1;
  759. stream_putc_at (s, cp, len);
  760. }