Statistics
| Branch: | Revision:

iof-bird-daemon / proto / bgp / packets.c @ 54e55169

History | View | Annotate | Download (21 KB)

1
/*
2
 *        BIRD -- BGP Packet Processing
3
 *
4
 *        (c) 2000 Martin Mares <mj@ucw.cz>
5
 *
6
 *        Can be freely distributed and used under the terms of the GNU GPL.
7
 */
8

    
9
#undef LOCAL_DEBUG
10

    
11
#include "nest/bird.h"
12
#include "nest/iface.h"
13
#include "nest/protocol.h"
14
#include "nest/route.h"
15
#include "conf/conf.h"
16
#include "lib/unaligned.h"
17
#include "lib/socket.h"
18

    
19
#include "bgp.h"
20

    
21
static byte *
22
bgp_create_notification(struct bgp_conn *conn, byte *buf)
23
{
24
  struct bgp_proto *p = conn->bgp;
25

    
26
  BGP_TRACE(D_PACKETS, "Sending NOTIFICATION(code=%d.%d)", conn->notify_code, conn->notify_subcode);
27
  buf[0] = conn->notify_code;
28
  buf[1] = conn->notify_subcode;
29
  memcpy(buf+2, conn->notify_data, conn->notify_size);
30
  return buf + 2 + conn->notify_size;
31
}
32

    
33
static byte *
34
bgp_create_open(struct bgp_conn *conn, byte *buf)
35
{
36
  struct bgp_proto *p = conn->bgp;
37

    
38
  BGP_TRACE(D_PACKETS, "Sending OPEN(ver=%d,as=%d,hold=%d,id=%08x)",
39
            BGP_VERSION, p->local_as, p->cf->hold_time, p->local_id);
40
  buf[0] = BGP_VERSION;
41
  put_u16(buf+1, p->local_as);
42
  put_u16(buf+3, p->cf->hold_time);
43
  put_u32(buf+5, p->local_id);
44
  buf[9] = 0;                                /* No optional parameters */
45
  return buf+10;
46
}
47

    
48
static unsigned int
49
bgp_encode_prefixes(struct bgp_proto *p, byte *w, struct bgp_bucket *buck, unsigned int remains)
50
{
51
  byte *start = w;
52
  ip_addr a;
53
  int bytes;
54

    
55
  while (!EMPTY_LIST(buck->prefixes) && remains >= 5)
56
    {
57
      struct bgp_prefix *px = SKIP_BACK(struct bgp_prefix, bucket_node, HEAD(buck->prefixes));
58
      DBG("\tDequeued route %I/%d\n", px->n.prefix, px->n.pxlen);
59
      *w++ = px->n.pxlen;
60
      bytes = (px->n.pxlen + 7) / 8;
61
      a = px->n.prefix;
62
      ipa_hton(a);
63
      memcpy(w, &a, bytes);
64
      w += bytes;
65
      remains -= bytes + 1;
66
      rem_node(&px->bucket_node);
67
      fib_delete(&p->prefix_fib, px);
68
    }
69
  return w - start;
70
}
71

    
72
#ifndef IPV6                /* IPv4 version */
73

    
74
static byte *
75
bgp_create_update(struct bgp_conn *conn, byte *buf)
76
{
77
  struct bgp_proto *p = conn->bgp;
78
  struct bgp_bucket *buck;
79
  int remains = BGP_MAX_PACKET_LENGTH - BGP_HEADER_LENGTH - 4;
80
  byte *w;
81
  int wd_size = 0;
82
  int r_size = 0;
83
  int a_size = 0;
84

    
85
  w = buf+2;
86
  if ((buck = p->withdraw_bucket) && !EMPTY_LIST(buck->prefixes))
87
    {
88
      DBG("Withdrawn routes:\n");
89
      wd_size = bgp_encode_prefixes(p, w, buck, remains);
90
      w += wd_size;
91
      remains -= wd_size;
92
    }
93
  put_u16(buf, wd_size);
94

    
95
  if (remains >= 2048)
96
    {
97
      while ((buck = (struct bgp_bucket *) HEAD(p->bucket_queue))->send_node.next)
98
        {
99
          if (EMPTY_LIST(buck->prefixes))
100
            {
101
              DBG("Deleting empty bucket %p\n", buck);
102
              rem_node(&buck->send_node);
103
              bgp_free_bucket(p, buck);
104
              continue;
105
            }
106
          DBG("Processing bucket %p\n", buck);
107
          a_size = bgp_encode_attrs(w+2, buck->eattrs, 1024);
108
          put_u16(w, a_size);
109
          w += a_size + 2;
110
          r_size = bgp_encode_prefixes(p, w, buck, remains - a_size);
111
          w += r_size;
112
          break;
113
        }
114
    }
115
  if (!a_size)                                /* Attributes not already encoded */
116
    {
117
      put_u16(w, 0);
118
      w += 2;
119
    }
120
  if (wd_size || r_size)
121
    {
122
      BGP_TRACE(D_PACKETS, "Sending UPDATE");
123
      return w;
124
    }
125
  else
126
    return NULL;
127
}
128

    
129
#else                /* IPv6 version */
130

    
131
static byte *
132
bgp_create_update(struct bgp_conn *conn, byte *buf)
133
{
134
  struct bgp_proto *p = conn->bgp;
135
  struct bgp_bucket *buck;
136
  int size, is_ll;
137
  int remains = BGP_MAX_PACKET_LENGTH - BGP_HEADER_LENGTH - 4;
138
  byte *w, *tmp, *tstart;
139
  ip_addr ip, ip_ll;
140
  ea_list *ea;
141
  eattr *nh;
142
  neighbor *n;
143

    
144
  put_u16(buf, 0);
145
  w = buf+4;
146

    
147
  if ((buck = p->withdraw_bucket) && !EMPTY_LIST(buck->prefixes))
148
    {
149
      DBG("Withdrawn routes:\n");
150
      tmp = bgp_attach_attr(&ea, bgp_linpool, BA_MP_UNREACH_NLRI, remains-8);
151
      *tmp++ = 0;
152
      *tmp++ = BGP_AF_IPV6;
153
      *tmp++ = 1;
154
      ea->attrs[0].u.ptr->length = bgp_encode_prefixes(p, tmp, buck, remains-11);
155
      size = bgp_encode_attrs(w, ea, remains);
156
      w += size;
157
      remains -= size;
158
    }
159

    
160
  if (remains >= 2048)
161
    {
162
      while ((buck = (struct bgp_bucket *) HEAD(p->bucket_queue))->send_node.next)
163
        {
164
          if (EMPTY_LIST(buck->prefixes))
165
            {
166
              DBG("Deleting empty bucket %p\n", buck);
167
              rem_node(&buck->send_node);
168
              bgp_free_bucket(p, buck);
169
              continue;
170
            }
171
          DBG("Processing bucket %p\n", buck);
172
          size = bgp_encode_attrs(w, buck->eattrs, 1024);
173
          w += size;
174
          remains -= size;
175
          tstart = tmp = bgp_attach_attr(&ea, bgp_linpool, BA_MP_REACH_NLRI, remains-8);
176
          *tmp++ = 0;
177
          *tmp++ = BGP_AF_IPV6;
178
          *tmp++ = 1;
179
          nh = ea_find(buck->eattrs, EA_CODE(EAP_BGP, BA_NEXT_HOP));
180
          ASSERT(nh);
181
          ip = *(ip_addr *) nh->u.ptr->data;
182
          if (ipa_equal(ip, p->local_addr))
183
            is_ll = 1;
184
          else
185
            {
186
              n = neigh_find(&p->p, &ip, 0);
187
              if (n && n->iface == p->neigh->iface)
188
                is_ll = 1;
189
              else
190
                is_ll = 0;
191
            }
192
          if (is_ll)
193
            {
194
              *tmp++ = 32;
195
              ip_ll = ipa_or(ipa_build(0xfe80,0,0,0), ipa_and(ip, ipa_build(0,0,~0,~0)));
196
              ipa_hton(ip);
197
              memcpy(tmp, &ip, 16);
198
              ipa_hton(ip_ll);
199
              memcpy(tmp+16, &ip_ll, 16);
200
              tmp += 32;
201
            }
202
          else
203
            {
204
              *tmp++ = 16;
205
              ipa_hton(ip);
206
              memcpy(tmp, &ip, 16);
207
              tmp += 16;
208
            }
209
          *tmp++ = 0;                        /* No SNPA information */
210
          tmp += bgp_encode_prefixes(p, tmp, buck, remains - (8+3+32+1));
211
          ea->attrs[0].u.ptr->length = tmp - tstart;
212
          w += bgp_encode_attrs(w, ea, remains);
213
          break;
214
        }
215
    }
216

    
217
  size = w - (buf+4);
218
  put_u16(buf+2, size);
219
  lp_flush(bgp_linpool);
220
  if (size)
221
    {
222
      BGP_TRACE(D_PACKETS, "Sending UPDATE");
223
      return w;
224
    }
225
  else
226
    return NULL;
227
}
228

    
229
#endif
230

    
231
static void
232
bgp_create_header(byte *buf, unsigned int len, unsigned int type)
233
{
234
  memset(buf, 0xff, 16);                /* Marker */
235
  put_u16(buf+16, len);
236
  buf[18] = type;
237
}
238

    
239
/**
240
 * bgp_fire_tx - transmit packets
241
 * @conn: connection
242
 *
243
 * Whenever the transmit buffers of the underlying TCP connection
244
 * are free and we have any packets queued for sending, the socket functions
245
 * call bgp_fire_tx() which takes care of selecting the highest priority packet
246
 * queued (Notification > Keepalive > Open > Update), assembling its header
247
 * and body and sending it to the connection.
248
 */
249
static int
250
bgp_fire_tx(struct bgp_conn *conn)
251
{
252
  struct bgp_proto *p = conn->bgp;
253
  unsigned int s = conn->packets_to_send;
254
  sock *sk = conn->sk;
255
  byte *buf, *pkt, *end;
256
  int type;
257

    
258
  if (!sk)
259
    {
260
      conn->packets_to_send = 0;
261
      return 0;
262
    }
263
  buf = sk->tbuf;
264
  pkt = buf + BGP_HEADER_LENGTH;
265

    
266
  if (s & (1 << PKT_SCHEDULE_CLOSE))
267
    {
268
      bgp_close_conn(conn);
269
      return 0;
270
    }
271
  if (s & (1 << PKT_NOTIFICATION))
272
    {
273
      s = 1 << PKT_SCHEDULE_CLOSE;
274
      type = PKT_NOTIFICATION;
275
      end = bgp_create_notification(conn, pkt);
276
    }
277
  else if (s & (1 << PKT_KEEPALIVE))
278
    {
279
      s &= ~(1 << PKT_KEEPALIVE);
280
      type = PKT_KEEPALIVE;
281
      end = pkt;                        /* Keepalives carry no data */
282
      BGP_TRACE(D_PACKETS, "Sending KEEPALIVE");
283
      bgp_start_timer(conn->keepalive_timer, conn->keepalive_time);
284
    }
285
  else if (s & (1 << PKT_OPEN))
286
    {
287
      s &= ~(1 << PKT_OPEN);
288
      type = PKT_OPEN;
289
      end = bgp_create_open(conn, pkt);
290
    }
291
  else if (s & (1 << PKT_UPDATE))
292
    {
293
      end = bgp_create_update(conn, pkt);
294
      type = PKT_UPDATE;
295
      if (!end)
296
        {
297
          conn->packets_to_send = 0;
298
          return 0;
299
        }
300
    }
301
  else
302
    return 0;
303
  conn->packets_to_send = s;
304
  bgp_create_header(buf, end - buf, type);
305
  return sk_send(sk, end - buf);
306
}
307

    
308
/**
309
 * bgp_schedule_packet - schedule a packet for transmission
310
 * @conn: connection
311
 * @type: packet type
312
 *
313
 * Schedule a packet of type @type to be sent as soon as possible.
314
 */
315
void
316
bgp_schedule_packet(struct bgp_conn *conn, int type)
317
{
318
  DBG("BGP: Scheduling packet type %d\n", type);
319
  conn->packets_to_send |= 1 << type;
320
  if (conn->sk && conn->sk->tpos == conn->sk->tbuf)
321
    while (bgp_fire_tx(conn))
322
      ;
323
}
324

    
325
void
326
bgp_tx(sock *sk)
327
{
328
  struct bgp_conn *conn = sk->data;
329

    
330
  DBG("BGP: TX hook\n");
331
  while (bgp_fire_tx(conn))
332
    ;
333
}
334

    
335
static int
336
bgp_parse_options(struct bgp_conn *conn, byte *opt, int len)
337
{
338
  while (len > 0)
339
    {
340
      if (len < 2 || len < 2 + opt[1])
341
        { bgp_error(conn, 2, 0, NULL, 0); return 0; }
342
#ifdef LOCAL_DEBUG
343
      {
344
        int i;
345
        DBG("\tOption %02x:", opt[0]);
346
        for(i=0; i<opt[1]; i++)
347
          DBG(" %02x", opt[2+i]);
348
        DBG("\n");
349
      }
350
#endif
351
      switch (opt[0])
352
        {
353
        case 2:
354
          /* Defined in draft-ietf-idr-bgp4-cap-neg-06 */
355
          /* We can safely ignore all capabilities */
356
          break;
357
        default:
358
          /*
359
           *  BGP specs don't tell us to send which option
360
           *  we didn't recognize, but it's common practice
361
           *  to do so. Also, capability negotiation with
362
           *  Cisco routers doesn't work without that.
363
           */
364
          bgp_error(conn, 2, 4, opt, opt[1]);
365
          return 0;
366
        }
367
      len -= 2 + opt[1];
368
      opt += 2 + opt[1];
369
    }
370
  return 0;
371
}
372

    
373
static void
374
bgp_rx_open(struct bgp_conn *conn, byte *pkt, int len)
375
{
376
  struct bgp_conn *other;
377
  struct bgp_proto *p = conn->bgp;
378
  struct bgp_config *cf = p->cf;
379
  unsigned as, hold;
380
  u32 id;
381

    
382
  /* Check state */
383
  if (conn->state != BS_OPENSENT)
384
    { bgp_error(conn, 5, 0, NULL, 0); }
385

    
386
  /* Check message contents */
387
  if (len < 29 || len != 29 + pkt[28])
388
    { bgp_error(conn, 1, 2, pkt+16, 2); return; }
389
  if (pkt[19] != BGP_VERSION)
390
    { bgp_error(conn, 2, 1, pkt+19, 1); return; } /* RFC 1771 says 16 bits, draft-09 tells to use 8 */
391
  as = get_u16(pkt+20);
392
  hold = get_u16(pkt+22);
393
  id = get_u32(pkt+24);
394
  BGP_TRACE(D_PACKETS, "Got OPEN(as=%d,hold=%d,id=%08x)", as, hold, id);
395
  if (cf->remote_as && as != p->remote_as)
396
    { bgp_error(conn, 2, 2, pkt+20, -2); return; }
397
  if (hold > 0 && hold < 3)
398
    { bgp_error(conn, 2, 6, pkt+22, 2); return; }
399
  p->remote_id = id;
400
  if (bgp_parse_options(conn, pkt+29, pkt[28]))
401
    return;
402
  if (!id || id == 0xffffffff || id == p->local_id)
403
    { bgp_error(conn, 2, 3, pkt+24, -4); return; }
404

    
405
  /* Check the other connection */
406
  other = (conn == &p->outgoing_conn) ? &p->incoming_conn : &p->outgoing_conn;
407
  switch (other->state)
408
    {
409
    case BS_IDLE:
410
      break;
411
    case BS_CONNECT:
412
    case BS_ACTIVE:
413
    case BS_OPENSENT:
414
      BGP_TRACE(D_EVENTS, "Connection collision, giving up the other connection");
415
      bgp_close_conn(other);
416
      break;
417
    case BS_OPENCONFIRM:
418
      if ((p->local_id < id) == (conn == &p->incoming_conn))
419
        {
420
          /* Should close the other connection */
421
          BGP_TRACE(D_EVENTS, "Connection collision, giving up the other connection");
422
          bgp_error(other, 6, 0, NULL, 0);
423
          break;
424
        }
425
      /* Fall thru */
426
    case BS_ESTABLISHED:
427
      /* Should close this connection */
428
      BGP_TRACE(D_EVENTS, "Connection collision, giving up this connection");
429
      bgp_error(conn, 6, 0, NULL, 0);
430
      return;
431
    default:
432
      bug("bgp_rx_open: Unknown state");
433
    }
434

    
435
  /* Make this connection primary */
436
  conn->primary = 1;
437
  p->conn = conn;
438

    
439
  /* Update our local variables */
440
  if (hold < p->cf->hold_time)
441
    conn->hold_time = hold;
442
  else
443
    conn->hold_time = p->cf->hold_time;
444
  conn->keepalive_time = p->cf->keepalive_time ? : conn->hold_time / 3;
445
  p->remote_as = as;
446
  p->remote_id = id;
447
  DBG("BGP: Hold timer set to %d, keepalive to %d, AS to %d, ID to %x\n", conn->hold_time, conn->keepalive_time, p->remote_as, p->remote_id);
448

    
449
  bgp_schedule_packet(conn, PKT_KEEPALIVE);
450
  bgp_start_timer(conn->hold_timer, conn->hold_time);
451
  conn->state = BS_OPENCONFIRM;
452
}
453

    
454
#define DECODE_PREFIX(pp, ll) do {                \
455
  int b = *pp++;                                \
456
  int q;                                        \
457
  ll--;                                                \
458
  if (b > BITS_PER_IP_ADDRESS) { err=10; goto bad; } \
459
  q = (b+7) / 8;                                \
460
  if (ll < q) { err=1; goto bad; }                \
461
  memcpy(&prefix, pp, q);                        \
462
  pp += q;                                        \
463
  ll -= q;                                        \
464
  ipa_ntoh(prefix);                                \
465
  prefix = ipa_and(prefix, ipa_mkmask(b));        \
466
  pxlen = b;                                        \
467
} while (0)
468

    
469
static inline int
470
bgp_get_nexthop(struct bgp_proto *bgp, rta *a)
471
{
472
  neighbor *neigh;
473
  ip_addr nexthop;
474
  struct eattr *nh = ea_find(a->eattrs, EA_CODE(EAP_BGP, BA_NEXT_HOP));
475
  ASSERT(nh);
476
  nexthop = *(ip_addr *) nh->u.ptr->data;
477
  neigh = neigh_find(&bgp->p, &nexthop, 0);
478
  if (neigh)
479
    {
480
      if (neigh->scope == SCOPE_HOST)
481
        {
482
          DBG("BGP: Loop!\n");
483
          return 0;
484
        }
485
    }
486
  else
487
    neigh = bgp->neigh;
488
  a->gw = neigh->addr;
489
  a->iface = neigh->iface;
490
  return 1;
491
}
492

    
493
#ifndef IPV6                /* IPv4 version */
494

    
495
static void
496
bgp_do_rx_update(struct bgp_conn *conn,
497
                 byte *withdrawn, int withdrawn_len,
498
                 byte *nlri, int nlri_len,
499
                 byte *attrs, int attr_len)
500
{
501
  struct bgp_proto *p = conn->bgp;
502
  rta *a0;
503
  rta *a = NULL;
504
  ip_addr prefix;
505
  net *n;
506
  rte e;
507
  int err = 0, pxlen;
508

    
509
  /* Withdraw routes */
510
  while (withdrawn_len)
511
    {
512
      DECODE_PREFIX(withdrawn, withdrawn_len);
513
      DBG("Withdraw %I/%d\n", prefix, pxlen);
514
      if (n = net_find(p->p.table, prefix, pxlen))
515
        rte_update(p->p.table, n, &p->p, NULL);
516
    }
517

    
518
  if (!attr_len && !nlri_len)                /* shortcut */
519
    return;
520

    
521
  a0 = bgp_decode_attrs(conn, attrs, attr_len, bgp_linpool, nlri_len);
522
  if (a0 && nlri_len && bgp_get_nexthop(p, a0))
523
    {
524
      a = rta_lookup(a0);
525
      while (nlri_len)
526
        {
527
          rte *e;
528
          DECODE_PREFIX(nlri, nlri_len);
529
          DBG("Add %I/%d\n", prefix, pxlen);
530
          e = rte_get_temp(rta_clone(a));
531
          n = net_get(p->p.table, prefix, pxlen);
532
          e->net = n;
533
          e->pflags = 0;
534
          rte_update(p->p.table, n, &p->p, e);
535
        }
536
    }
537
bad:
538
  if (a)
539
    rta_free(a);
540
  if (err)
541
    bgp_error(conn, 3, err, NULL, 0);
542
  return;
543
}
544

    
545
#else                        /* IPv6 version */
546

    
547
#define DO_NLRI(name)                                        \
548
  start = x = p->name##_start;                                \
549
  len = len0 = p->name##_len;                                \
550
  if (len)                                                \
551
    {                                                        \
552
      if (len < 3) goto bad;                                \
553
      af = get_u16(x);                                        \
554
      sub = x[2];                                        \
555
      x += 3;                                                \
556
      len -= 3;                                                \
557
      DBG("\tNLRI AF=%d sub=%d len=%d\n", af, sub, len);\
558
    }                                                        \
559
  else                                                        \
560
    af = 0;                                                \
561
  if (af == BGP_AF_IPV6)
562

    
563
static void
564
bgp_do_rx_update(struct bgp_conn *conn,
565
                 byte *withdrawn, int withdrawn_len,
566
                 byte *nlri, int nlri_len,
567
                 byte *attrs, int attr_len)
568
{
569
  struct bgp_proto *p = conn->bgp;
570
  byte *start, *x;
571
  int len, len0;
572
  unsigned af, sub;
573
  rta *a0;
574
  rta *a = NULL;
575
  ip_addr prefix;
576
  net *n;
577
  rte e;
578
  int err = 0, pxlen;
579

    
580
  p->mp_reach_len = 0;
581
  p->mp_unreach_len = 0;
582
  a0 = bgp_decode_attrs(conn, attrs, attr_len, bgp_linpool, 0);
583
  if (!a0)
584
    return;
585

    
586
  DO_NLRI(mp_unreach)
587
    {
588
      while (len)
589
        {
590
          DECODE_PREFIX(x, len);
591
          DBG("Withdraw %I/%d\n", prefix, pxlen);
592
          if (n = net_find(p->p.table, prefix, pxlen))
593
            rte_update(p->p.table, n, &p->p, NULL);
594
        }
595
    }
596

    
597
  DO_NLRI(mp_reach)
598
    {
599
      int i;
600

    
601
      /* Create fake NEXT_HOP attribute */
602
      if (len < 1 || (*x != 16 && *x != 32) || len < *x + 2)
603
        goto bad;
604
      memcpy(bgp_attach_attr(&a0->eattrs, bgp_linpool, BA_NEXT_HOP, 16), x+1, 16);
605
      len -= *x + 1;
606
      x += *x + 1;
607

    
608
      /* Ignore SNPA info */
609
      i = *x++;
610
      while (i--)
611
        {
612
          if (len < 1 || len < 1 + *x)
613
            goto bad;
614
          len -= *x + 1;
615
          x += *x + 1;
616
        }
617

    
618
      if (bgp_get_nexthop(p, a0))
619
        {
620
          a = rta_lookup(a0);
621
          while (len)
622
            {
623
              rte *e;
624
              DECODE_PREFIX(x, len);
625
              DBG("Add %I/%d\n", prefix, pxlen);
626
              e = rte_get_temp(rta_clone(a));
627
              n = net_get(p->p.table, prefix, pxlen);
628
              e->net = n;
629
              e->pflags = 0;
630
              rte_update(p->p.table, n, &p->p, e);
631
            }
632
          rta_free(a);
633
        }
634
    }
635

    
636
  return;
637

    
638
bad:
639
  bgp_error(conn, 3, 9, start, len0);
640
  if (a)
641
    rta_free(a);
642
  return;
643
}
644

    
645
#endif
646

    
647
static void
648
bgp_rx_update(struct bgp_conn *conn, byte *pkt, int len)
649
{
650
  struct bgp_proto *p = conn->bgp;
651
  byte *withdrawn, *attrs, *nlri;
652
  int withdrawn_len, attr_len, nlri_len;
653

    
654
  BGP_TRACE(D_PACKETS, "Got UPDATE");
655
  if (conn->state != BS_ESTABLISHED)
656
    { bgp_error(conn, 5, 0, NULL, 0); return; }
657
  bgp_start_timer(conn->hold_timer, conn->hold_time);
658

    
659
  /* Find parts of the packet and check sizes */
660
  if (len < 23)
661
    {
662
      bgp_error(conn, 1, 2, pkt+16, 2);
663
      return;
664
    }
665
  withdrawn = pkt + 21;
666
  withdrawn_len = get_u16(pkt + 19);
667
  if (withdrawn_len + 23 > len)
668
    goto malformed;
669
  attrs = withdrawn + withdrawn_len + 2;
670
  attr_len = get_u16(attrs - 2);
671
  if (withdrawn_len + attr_len + 23 > len)
672
    goto malformed;
673
  nlri = attrs + attr_len;
674
  nlri_len = len - withdrawn_len - attr_len - 23;
675
  if (!attr_len && nlri_len)
676
    goto malformed;
677
  DBG("Sizes: withdrawn=%d, attrs=%d, NLRI=%d\n", withdrawn_len, attr_len, nlri_len);
678

    
679
  lp_flush(bgp_linpool);
680

    
681
  bgp_do_rx_update(conn, withdrawn, withdrawn_len, nlri, nlri_len, attrs, attr_len);
682
  return;
683

    
684
malformed:
685
  bgp_error(conn, 3, 1, NULL, 0);
686
}
687

    
688
static struct {
689
  byte major, minor;
690
  byte *msg;
691
} bgp_msg_table[] = {
692
  { 1, 0, "Invalid message header" },
693
  { 1, 1, "Connection not synchronized" },
694
  { 1, 2, "Bad message length" },
695
  { 1, 3, "Bad message type" },
696
  { 2, 0, "Invalid OPEN message" },
697
  { 2, 1, "Unsupported version number" },
698
  { 2, 2, "Bad peer AS" },
699
  { 2, 3, "Bad BGP identifier" },
700
  { 2, 4, "Unsupported optional parameter" },
701
  { 2, 5, "Authentication failure" },
702
  { 2, 6, "Unacceptable hold time" },
703
  { 2, 7, "Required capability missing" }, /* capability negotiation draft */
704
  { 3, 0, "Invalid UPDATE message" },
705
  { 3, 1, "Malformed attribute list" },
706
  { 3, 2, "Unrecognized well-known attribute" },
707
  { 3, 3, "Missing mandatory attribute" },
708
  { 3, 4, "Invalid attribute flags" },
709
  { 3, 5, "Invalid attribute length" },
710
  { 3, 6, "Invalid ORIGIN attribute" },
711
  { 3, 7, "AS routing loop" },                /* Deprecated */
712
  { 3, 8, "Invalid NEXT_HOP attribute" },
713
  { 3, 9, "Optional attribute error" },
714
  { 3, 10, "Invalid network field" },
715
  { 3, 11, "Malformed AS_PATH" },
716
  { 4, 0, "Hold timer expired" },
717
  { 5, 0, "Finite state machine error" },
718
  { 6, 0, "Cease" }
719
};
720

    
721
void
722
bgp_log_error(struct bgp_proto *p, char *msg, unsigned code, unsigned subcode, byte *data, unsigned len)
723
{
724
  byte *name, namebuf[16];
725
  byte *t, argbuf[36];
726
  unsigned i;
727

    
728
  if (code == 6 && !subcode)                /* Don't report Cease messages */
729
    return;
730

    
731
  bsprintf(namebuf, "%d.%d", code, subcode);
732
  name = namebuf;
733
  for (i=0; i < ARRAY_SIZE(bgp_msg_table); i++)
734
    if (bgp_msg_table[i].major == code && bgp_msg_table[i].minor == subcode)
735
      {
736
        name = bgp_msg_table[i].msg;
737
        break;
738
      }
739
  t = argbuf;
740
  if (len)
741
    {
742
      *t++ = ':';
743
      *t++ = ' ';
744
      if (len > 16)
745
        len = 16;
746
      for (i=0; i<len; i++)
747
        t += bsprintf(t, "%02x", data[i]);
748
    }
749
  *t = 0;
750
  log(L_REMOTE "%s: %s: %s%s", p->p.name, msg, name, argbuf);
751
}
752

    
753
static void
754
bgp_rx_notification(struct bgp_conn *conn, byte *pkt, int len)
755
{
756
  if (len < 21)
757
    {
758
      bgp_error(conn, 1, 2, pkt+16, 2);
759
      return;
760
    }
761
  bgp_log_error(conn->bgp, "Received error notification", pkt[19], pkt[20], pkt+21, len-21);
762
  conn->error_flag = 1;
763
  if (conn->primary)
764
    proto_notify_state(&conn->bgp->p, PS_STOP);
765
  bgp_schedule_packet(conn, PKT_SCHEDULE_CLOSE);
766
}
767

    
768
static void
769
bgp_rx_keepalive(struct bgp_conn *conn, byte *pkt, unsigned len)
770
{
771
  struct bgp_proto *p = conn->bgp;
772

    
773
  BGP_TRACE(D_PACKETS, "Got KEEPALIVE");
774
  bgp_start_timer(conn->hold_timer, conn->hold_time);
775
  switch (conn->state)
776
    {
777
    case BS_OPENCONFIRM:
778
      DBG("BGP: UP!!!\n");
779
      conn->state = BS_ESTABLISHED;
780
      bgp_attr_init(conn->bgp);
781
      proto_notify_state(&conn->bgp->p, PS_UP);
782
      break;
783
    case BS_ESTABLISHED:
784
      break;
785
    default:
786
      bgp_error(conn, 5, 0, NULL, 0);
787
    }
788
}
789

    
790
/**
791
 * bgp_rx_packet - handle a received packet
792
 * @conn: BGP connection
793
 * @pkt: start of the packet
794
 * @len: packet size
795
 *
796
 * bgp_rx_packet() takes a newly received packet and calls the corresponding
797
 * packet handler according to the packet type.
798
 */
799
static void
800
bgp_rx_packet(struct bgp_conn *conn, byte *pkt, unsigned len)
801
{
802
  DBG("BGP: Got packet %02x (%d bytes)\n", pkt[18], len);
803
  switch (pkt[18])
804
    {
805
    case PKT_OPEN:                return bgp_rx_open(conn, pkt, len);
806
    case PKT_UPDATE:                return bgp_rx_update(conn, pkt, len);
807
    case PKT_NOTIFICATION:      return bgp_rx_notification(conn, pkt, len);
808
    case PKT_KEEPALIVE:                return bgp_rx_keepalive(conn, pkt, len);
809
    default:                        bgp_error(conn, 1, 3, pkt+18, 1);
810
    }
811
}
812

    
813
/**
814
 * bgp_rx - handle received data
815
 * @sk: socket
816
 * @size: amount of data received
817
 *
818
 * bgp_rx() is called by the socket layer whenever new data arrive from
819
 * the underlying TCP connection. It assembles the data fragments to packets,
820
 * checks their headers and framing and passes complete packets to
821
 * bgp_rx_packet().
822
 */
823
int
824
bgp_rx(sock *sk, int size)
825
{
826
  struct bgp_conn *conn = sk->data;
827
  byte *pkt_start = sk->rbuf;
828
  byte *end = pkt_start + size;
829
  unsigned i, len;
830

    
831
  DBG("BGP: RX hook: Got %d bytes\n", size);
832
  while (end >= pkt_start + BGP_HEADER_LENGTH)
833
    {
834
      if (conn->error_flag)
835
        {
836
          /*
837
           *  We still need to remember the erroneous packet, so that
838
           *  we can generate error notifications properly.  To avoid
839
           *  subsequent reads rewriting the buffer, we just reset the
840
           *  rx_hook.
841
           */
842
          DBG("BGP: Error, dropping input\n");
843
          sk->rx_hook = NULL;
844
          return 0;
845
        }
846
      for(i=0; i<16; i++)
847
        if (pkt_start[i] != 0xff)
848
          {
849
            bgp_error(conn, 1, 1, NULL, 0);
850
            break;
851
          }
852
      len = get_u16(pkt_start+16);
853
      if (len < BGP_HEADER_LENGTH || len > BGP_MAX_PACKET_LENGTH)
854
        {
855
          bgp_error(conn, 1, 2, pkt_start+16, 2);
856
          break;
857
        }
858
      if (end < pkt_start + len)
859
        break;
860
      bgp_rx_packet(conn, pkt_start, len);
861
      pkt_start += len;
862
    }
863
  if (pkt_start != sk->rbuf)
864
    {
865
      memmove(sk->rbuf, pkt_start, end - pkt_start);
866
      sk->rpos = sk->rbuf + (end - pkt_start);
867
    }
868
  return 0;
869
}