1 /* $OpenBSD: bgpd.h,v 1.512 2025/02/04 18:16:56 denis Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #ifndef __BGPD_H__ 19 #define __BGPD_H__ 20 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 #include <net/if.h> 28 #include <netinet/if_ether.h> 29 30 #include <poll.h> 31 #include <stdarg.h> 32 #include <stdint.h> 33 34 #include <imsg.h> 35 36 #define BGP_VERSION 4 37 #define RTR_MAX_VERSION 2 38 #define RTR_DEFAULT_VERSION 1 39 #define BGP_PORT 179 40 #define RTR_PORT 323 41 #define CONFFILE "/etc/bgpd.conf" 42 #define BGPD_USER "_bgpd" 43 #define PEER_DESCR_LEN 64 44 #define REASON_LEN 256 /* includes NUL terminator */ 45 #define PFTABLE_LEN 32 46 #define ROUTELABEL_LEN 32 47 #define TCP_MD5_KEY_LEN 80 48 #define IPSEC_ENC_KEY_LEN 32 49 #define IPSEC_AUTH_KEY_LEN 20 50 #define SET_NAME_LEN 128 51 52 #define MAX_PKTSIZE 4096 53 #define MAX_EXT_PKTSIZE 65535 54 #define MAX_BGPD_IMSGSIZE (128 * 1024) 55 #define MAX_SOCK_BUF (4 * IBUF_READ_SIZE) 56 #define RT_BUF_SIZE 16384 57 #define MAX_RTSOCK_BUF (2 * 1024 * 1024) 58 #define MAX_COMM_MATCH 3 59 #define MAX_ASPA_SPAS_COUNT 10000 60 #define MIN_HOLDTIME 3 61 62 #define BGPD_OPT_VERBOSE 0x0001 63 #define BGPD_OPT_VERBOSE2 0x0002 64 #define BGPD_OPT_NOACTION 0x0004 65 #define BGPD_OPT_FORCE_DEMOTE 0x0008 66 67 #define BGPD_FLAG_REFLECTOR 0x0004 68 #define BGPD_FLAG_NEXTHOP_BGP 0x0010 69 #define BGPD_FLAG_NEXTHOP_DEFAULT 0x0020 70 #define BGPD_FLAG_DECISION_MASK 0x0f00 71 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 72 #define BGPD_FLAG_DECISION_TRANS_AS 0x0200 73 #define BGPD_FLAG_DECISION_MED_ALWAYS 0x0400 74 #define BGPD_FLAG_DECISION_ALL_PATHS 0x0800 75 #define BGPD_FLAG_PERMIT_AS_SET 0x1000 76 77 #define BGPD_LOG_UPDATES 0x0001 78 79 #define SOCKET_NAME "/var/run/bgpd.sock" 80 81 #define F_BGPD 0x0001 82 #define F_BGPD_INSERTED 0x0002 83 #define F_CONNECTED 0x0004 84 #define F_STATIC 0x0008 85 #define F_NEXTHOP 0x0010 86 #define F_REJECT 0x0020 87 #define F_BLACKHOLE 0x0040 88 #define F_MPLS 0x0080 89 #define F_LONGER 0x0200 90 #define F_SHORTER 0x0400 91 #define F_CTL_DETAIL 0x1000 /* only set on requests */ 92 #define F_CTL_ADJ_IN 0x2000 /* only set on requests */ 93 #define F_CTL_ADJ_OUT 0x4000 /* only set on requests */ 94 #define F_CTL_BEST 0x8000 95 #define F_CTL_INELIGIBLE 0x10000 /* only set on requests */ 96 #define F_CTL_LEAKED 0x20000 /* only set on requests */ 97 #define F_CTL_INVALID 0x40000 /* only set on requests */ 98 #define F_CTL_OVS_VALID 0x80000 99 #define F_CTL_OVS_INVALID 0x100000 100 #define F_CTL_OVS_NOTFOUND 0x200000 101 #define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */ 102 #define F_CTL_HAS_PATHID 0x800000 /* only set on requests */ 103 #define F_CTL_AVS_VALID 0x1000000 104 #define F_CTL_AVS_INVALID 0x2000000 105 #define F_CTL_AVS_UNKNOWN 0x4000000 106 #define F_CTL_FILTERED 0x8000000 /* only set on requests */ 107 #define F_CTL_SSV 0x80000000 /* only used by bgpctl */ 108 109 #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ 110 __attribute__((__unused__)) 111 112 /* 113 * Note that these numeric assignments differ from the numbers commonly 114 * used in route origin validation context. 115 */ 116 #define ROA_NOTFOUND 0x0 /* default */ 117 #define ROA_INVALID 0x1 118 #define ROA_VALID 0x2 119 #define ROA_MASK 0x3 120 121 #define ASPA_UNKNOWN 0x00 /* default */ 122 #define ASPA_INVALID 0x01 123 #define ASPA_VALID 0x02 124 #define ASPA_MASK 0x03 125 #define ASPA_NEVER_KNOWN 0x08 /* unknown and check never needed */ 126 127 /* 128 * Limit the number of messages queued in the session engine. 129 * The SE will send an IMSG_XOFF messages to the RDE if the high water mark 130 * is reached. The RDE should then throttle this peer or control connection. 131 * Once the message queue in the SE drops below the low water mark an 132 * IMSG_XON message will be sent and the RDE will produce more messages again. 133 */ 134 #define RDE_RUNNER_ROUNDS 100 135 #define RDE_REAPER_ROUNDS 5000 136 #define SESS_MSG_HIGH_MARK 2000 137 #define SESS_MSG_LOW_MARK 500 138 #define CTL_MSG_HIGH_MARK 500 139 #define CTL_MSG_LOW_MARK 100 140 141 enum bgpd_process { 142 PROC_MAIN, 143 PROC_SE, 144 PROC_RDE, 145 PROC_RTR, 146 }; 147 148 enum reconf_action { 149 RECONF_NONE, 150 RECONF_KEEP, 151 RECONF_REINIT, 152 RECONF_RELOAD, 153 RECONF_DELETE 154 }; 155 156 /* Address Family Numbers as per RFC 1700 */ 157 #define AFI_UNSPEC 0 158 #define AFI_IPv4 1 159 #define AFI_IPv6 2 160 #define AFI_L2VPN 25 161 162 /* Subsequent Address Family Identifier as per RFC 4760 */ 163 #define SAFI_NONE 0 164 #define SAFI_UNICAST 1 165 #define SAFI_MULTICAST 2 166 #define SAFI_MPLS 4 167 #define SAFI_EVPN 70 /* RFC 7432 */ 168 #define SAFI_MPLSVPN 128 169 #define SAFI_FLOWSPEC 133 170 #define SAFI_VPNFLOWSPEC 134 171 172 struct aid { 173 uint16_t afi; 174 sa_family_t af; 175 uint8_t safi; 176 const char *name; 177 }; 178 179 extern const struct aid aid_vals[]; 180 181 #define AID_UNSPEC 0 182 #define AID_INET 1 183 #define AID_INET6 2 184 #define AID_VPN_IPv4 3 185 #define AID_VPN_IPv6 4 186 #define AID_FLOWSPECv4 5 187 #define AID_FLOWSPECv6 6 188 #define AID_EVPN 7 189 #define AID_MAX 8 190 #define AID_MIN 1 /* skip AID_UNSPEC since that is a dummy */ 191 192 #define AID_VALS { \ 193 /* afi, af, safii, name */ \ 194 { AFI_UNSPEC, AF_UNSPEC, SAFI_NONE, "unspec"}, \ 195 { AFI_IPv4, AF_INET, SAFI_UNICAST, "IPv4 unicast" }, \ 196 { AFI_IPv6, AF_INET6, SAFI_UNICAST, "IPv6 unicast" }, \ 197 { AFI_IPv4, AF_INET, SAFI_MPLSVPN, "IPv4 vpn" }, \ 198 { AFI_IPv6, AF_INET6, SAFI_MPLSVPN, "IPv6 vpn" }, \ 199 { AFI_IPv4, AF_INET, SAFI_FLOWSPEC, "IPv4 flowspec" }, \ 200 { AFI_IPv6, AF_INET6, SAFI_FLOWSPEC, "IPv6 flowspec" }, \ 201 { AFI_L2VPN, AF_UNSPEC, SAFI_EVPN, "EVPN" }, \ 202 } 203 204 #define BGP_MPLS_BOS 0x01 205 #define ESI_ADDR_LEN 10 206 207 #define EVPN_ROUTE_TYPE_2 0x02 208 #define EVPN_ROUTE_TYPE_3 0x03 209 #define EVPN_ROUTE_TYPE_5 0x05 210 211 struct evpn_addr { 212 union { 213 struct in_addr v4; 214 struct in6_addr v6; 215 }; 216 uint32_t ethtag; 217 uint8_t mac[ETHER_ADDR_LEN]; 218 uint8_t esi[ESI_ADDR_LEN]; 219 uint8_t aid; 220 uint8_t type; 221 }; 222 223 struct bgpd_addr { 224 union { 225 struct in_addr v4; 226 struct in6_addr v6; 227 struct evpn_addr evpn; 228 /* maximum size for a prefix is 256 bits */ 229 }; /* 128-bit address */ 230 uint64_t rd; /* route distinguisher for VPN addrs */ 231 uint32_t scope_id; /* iface scope id for v6 */ 232 uint8_t aid; 233 uint8_t labellen; /* size of the labelstack */ 234 uint8_t labelstack[18]; /* max that makes sense */ 235 }; 236 237 #define DEFAULT_LISTENER 0x01 238 #define LISTENER_LISTENING 0x02 239 240 struct listen_addr { 241 TAILQ_ENTRY(listen_addr) entry; 242 struct sockaddr_storage sa; 243 int fd; 244 enum reconf_action reconf; 245 socklen_t sa_len; 246 uint8_t flags; 247 }; 248 249 TAILQ_HEAD(listen_addrs, listen_addr); 250 TAILQ_HEAD(filter_set_head, filter_set); 251 252 struct peer; 253 RB_HEAD(peer_head, peer); 254 255 struct l3vpn; 256 SIMPLEQ_HEAD(l3vpn_head, l3vpn); 257 258 struct network; 259 TAILQ_HEAD(network_head, network); 260 261 struct flowspec_config; 262 RB_HEAD(flowspec_tree, flowspec_config); 263 264 struct prefixset; 265 SIMPLEQ_HEAD(prefixset_head, prefixset); 266 struct prefixset_item; 267 RB_HEAD(prefixset_tree, prefixset_item); 268 269 struct tentry_v4; 270 struct tentry_v6; 271 struct trie_head { 272 struct tentry_v4 *root_v4; 273 struct tentry_v6 *root_v6; 274 int match_default_v4; 275 int match_default_v6; 276 size_t v4_cnt; 277 size_t v6_cnt; 278 }; 279 280 struct rde_prefixset { 281 char name[SET_NAME_LEN]; 282 struct trie_head th; 283 SIMPLEQ_ENTRY(rde_prefixset) entry; 284 time_t lastchange; 285 int dirty; 286 }; 287 SIMPLEQ_HEAD(rde_prefixset_head, rde_prefixset); 288 289 struct roa { 290 RB_ENTRY(roa) entry; 291 uint8_t aid; 292 uint8_t prefixlen; 293 uint8_t maxlen; 294 uint8_t pad; 295 uint32_t asnum; 296 time_t expires; 297 union { 298 struct in_addr inet; 299 struct in6_addr inet6; 300 } prefix; 301 }; 302 303 RB_HEAD(roa_tree, roa); 304 struct aspa_set; 305 RB_HEAD(aspa_tree, aspa_set); 306 307 struct set_table; 308 struct as_set; 309 SIMPLEQ_HEAD(as_set_head, as_set); 310 311 struct filter_rule; 312 TAILQ_HEAD(filter_head, filter_rule); 313 314 struct rtr_config; 315 SIMPLEQ_HEAD(rtr_config_head, rtr_config); 316 317 struct bgpd_config { 318 struct peer_head peers; 319 struct l3vpn_head l3vpns; 320 struct network_head networks; 321 struct flowspec_tree flowspecs; 322 struct filter_head *filters; 323 struct listen_addrs *listen_addrs; 324 struct mrt_head *mrt; 325 struct prefixset_head prefixsets; 326 struct prefixset_head originsets; 327 struct roa_tree roa; 328 struct aspa_tree aspa; 329 struct rde_prefixset_head rde_prefixsets; 330 struct rde_prefixset_head rde_originsets; 331 struct as_set_head as_sets; 332 struct rtr_config_head rtrs; 333 char *csock; 334 char *rcsock; 335 int flags; 336 int log; 337 u_int default_tableid; 338 uint32_t bgpid; 339 uint32_t clusterid; 340 uint32_t as; 341 uint16_t short_as; 342 uint16_t holdtime; 343 uint16_t min_holdtime; 344 uint16_t connectretry; 345 uint16_t staletime; 346 uint8_t fib_priority; 347 uint8_t filtered_in_locrib; 348 }; 349 350 extern int cmd_opts; 351 352 enum addpath_mode { 353 ADDPATH_EVAL_NONE, 354 ADDPATH_EVAL_BEST, 355 ADDPATH_EVAL_ECMP, 356 ADDPATH_EVAL_AS_WIDE, 357 ADDPATH_EVAL_ALL, 358 }; 359 360 struct addpath_eval { 361 enum addpath_mode mode; 362 int extrapaths; 363 int maxpaths; 364 }; 365 366 enum export_type { 367 EXPORT_UNSET, 368 EXPORT_NONE, 369 EXPORT_DEFAULT_ROUTE 370 }; 371 372 enum enforce_as { 373 ENFORCE_AS_UNDEF, 374 ENFORCE_AS_OFF, 375 ENFORCE_AS_ON 376 }; 377 378 enum role { 379 ROLE_NONE, 380 ROLE_CUSTOMER, 381 ROLE_PROVIDER, 382 ROLE_RS, 383 ROLE_RS_CLIENT, 384 ROLE_PEER, 385 }; 386 387 enum auth_method { 388 AUTH_NONE, 389 AUTH_MD5SIG, 390 AUTH_IPSEC_MANUAL_ESP, 391 AUTH_IPSEC_MANUAL_AH, 392 AUTH_IPSEC_IKE_ESP, 393 AUTH_IPSEC_IKE_AH 394 }; 395 396 enum auth_alg { 397 AUTH_AALG_NONE, 398 AUTH_AALG_SHA1HMAC, 399 AUTH_AALG_MD5HMAC, 400 }; 401 402 enum auth_enc_alg { 403 AUTH_EALG_NONE, 404 AUTH_EALG_3DESCBC, 405 AUTH_EALG_AES, 406 }; 407 408 struct auth_config { 409 char md5key[TCP_MD5_KEY_LEN]; 410 char auth_key_in[IPSEC_AUTH_KEY_LEN]; 411 char auth_key_out[IPSEC_AUTH_KEY_LEN]; 412 char enc_key_in[IPSEC_ENC_KEY_LEN]; 413 char enc_key_out[IPSEC_ENC_KEY_LEN]; 414 uint32_t spi_in; 415 uint32_t spi_out; 416 enum auth_method method; 417 enum auth_alg auth_alg_in; 418 enum auth_alg auth_alg_out; 419 enum auth_enc_alg enc_alg_in; 420 enum auth_enc_alg enc_alg_out; 421 uint8_t md5key_len; 422 uint8_t auth_keylen_in; 423 uint8_t auth_keylen_out; 424 uint8_t enc_keylen_in; 425 uint8_t enc_keylen_out; 426 }; 427 428 struct capabilities { 429 struct { 430 int16_t timeout; /* graceful restart timeout */ 431 int8_t flags[AID_MAX]; /* graceful restart per AID flags */ 432 int8_t restart; /* graceful restart, RFC 4724 */ 433 int8_t grnotification; /* graceful notification, RFC 8538 */ 434 } grestart; 435 int8_t mp[AID_MAX]; /* multiprotocol extensions, RFC 4760 */ 436 int8_t add_path[AID_MAX]; /* ADD_PATH, RFC 7911 */ 437 int8_t ext_nh[AID_MAX]; /* Ext Nexthop Encoding, RFC 8950 */ 438 int8_t refresh; /* route refresh, RFC 2918 */ 439 int8_t as4byte; /* 4-byte ASnum, RFC 4893 */ 440 int8_t enhanced_rr; /* enhanced route refresh, RFC 7313 */ 441 int8_t policy; /* Open Policy, RFC 9234, 2 = enforce */ 442 int8_t ext_msg; /* Extended Msg, RFC 8654 */ 443 }; 444 445 enum capa_codes { 446 CAPA_NONE = 0, 447 CAPA_MP = 1, 448 CAPA_REFRESH = 2, 449 CAPA_EXT_NEXTHOP = 5, 450 CAPA_EXT_MSG = 6, 451 CAPA_ROLE = 9, 452 CAPA_RESTART = 64, 453 CAPA_AS4BYTE = 65, 454 CAPA_ADD_PATH = 69, 455 CAPA_ENHANCED_RR = 70, 456 }; 457 458 /* flags for RFC 4724 - graceful restart */ 459 #define CAPA_GR_PRESENT 0x01 460 #define CAPA_GR_RESTART 0x02 461 #define CAPA_GR_FORWARD 0x04 462 #define CAPA_GR_RESTARTING 0x08 463 #define CAPA_GR_TIMEMASK 0x0fff 464 #define CAPA_GR_R_FLAG 0x8000 465 #define CAPA_GR_N_FLAG 0x4000 466 #define CAPA_GR_F_FLAG 0x80 467 468 /* flags for RFC 7911 - enhanced router refresh */ 469 #define CAPA_AP_RECV 0x01 470 #define CAPA_AP_SEND 0x02 471 #define CAPA_AP_BIDIR 0x03 472 #define CAPA_AP_MASK 0x0f 473 #define CAPA_AP_RECV_ENFORCE 0x10 /* internal only */ 474 #define CAPA_AP_SEND_ENFORCE 0x20 /* internal only */ 475 476 /* values for RFC 9234 - BGP Open Policy */ 477 #define CAPA_ROLE_PROVIDER 0x00 478 #define CAPA_ROLE_RS 0x01 479 #define CAPA_ROLE_RS_CLIENT 0x02 480 #define CAPA_ROLE_CUSTOMER 0x03 481 #define CAPA_ROLE_PEER 0x04 482 483 struct peer_config { 484 struct bgpd_addr remote_addr; 485 struct bgpd_addr local_addr_v4; 486 struct bgpd_addr local_addr_v6; 487 struct capabilities capabilities; 488 struct addpath_eval eval; 489 char group[PEER_DESCR_LEN]; 490 char descr[PEER_DESCR_LEN]; 491 char reason[REASON_LEN]; 492 char rib[PEER_DESCR_LEN]; 493 char if_depend[IFNAMSIZ]; 494 char demote_group[IFNAMSIZ]; 495 uint32_t id; 496 uint32_t groupid; 497 uint32_t remote_as; 498 uint32_t local_as; 499 uint32_t max_prefix; 500 uint32_t max_out_prefix; 501 enum export_type export_type; 502 enum enforce_as enforce_as; 503 enum enforce_as enforce_local_as; 504 enum role role; 505 uint16_t max_prefix_restart; 506 uint16_t max_out_prefix_restart; 507 uint16_t holdtime; 508 uint16_t min_holdtime; 509 uint16_t staletime; 510 uint16_t local_short_as; 511 uint16_t remote_port; 512 uint8_t template; 513 uint8_t remote_masklen; 514 uint8_t ebgp; /* 0 = ibgp else ebgp */ 515 uint8_t distance; /* 1 = direct, >1 = multihop */ 516 uint8_t passive; 517 uint8_t down; 518 uint8_t reflector_client; 519 uint8_t ttlsec; /* TTL security hack */ 520 uint8_t flags; 521 }; 522 523 #define PEER_ID_NONE 0 524 #define PEER_ID_SELF 1 525 #define PEER_ID_STATIC_MIN 2 /* exclude self */ 526 #define PEER_ID_STATIC_MAX (UINT_MAX / 2) 527 #define PEER_ID_DYN_MAX UINT_MAX 528 529 #define PEERFLAG_TRANS_AS 0x01 530 #define PEERFLAG_LOG_UPDATES 0x02 531 #define PEERFLAG_EVALUATE_ALL 0x04 532 #define PEERFLAG_PERMIT_AS_SET 0x08 533 534 struct rde_peer_stats { 535 uint64_t prefix_rcvd_update; 536 uint64_t prefix_rcvd_withdraw; 537 uint64_t prefix_rcvd_eor; 538 uint64_t prefix_sent_update; 539 uint64_t prefix_sent_withdraw; 540 uint64_t prefix_sent_eor; 541 uint32_t prefix_cnt; 542 uint32_t prefix_out_cnt; 543 uint32_t pending_update; 544 uint32_t pending_withdraw; 545 }; 546 547 enum network_type { 548 NETWORK_DEFAULT, /* from network statements */ 549 NETWORK_STATIC, 550 NETWORK_CONNECTED, 551 NETWORK_RTLABEL, 552 NETWORK_MRTCLONE, 553 NETWORK_PRIORITY, 554 NETWORK_PREFIXSET, 555 }; 556 557 struct network_config { 558 struct bgpd_addr prefix; 559 struct filter_set_head attrset; 560 char psname[SET_NAME_LEN]; 561 uint64_t rd; 562 enum network_type type; 563 uint16_t rtlabel; 564 uint8_t prefixlen; 565 uint8_t priority; 566 uint8_t old; /* used for reloading */ 567 }; 568 569 struct network { 570 struct network_config net; 571 TAILQ_ENTRY(network) entry; 572 }; 573 574 struct flowspec { 575 uint16_t len; 576 uint8_t aid; 577 uint8_t flags; 578 uint8_t data[1]; 579 }; 580 #define FLOWSPEC_SIZE (offsetof(struct flowspec, data)) 581 582 struct flowspec_config { 583 RB_ENTRY(flowspec_config) entry; 584 struct filter_set_head attrset; 585 struct flowspec *flow; 586 enum reconf_action reconf_action; 587 }; 588 589 enum rtr_error { 590 NO_ERROR = -1, 591 CORRUPT_DATA = 0, 592 INTERNAL_ERROR, 593 NO_DATA_AVAILABLE, 594 INVALID_REQUEST, 595 UNSUPP_PROTOCOL_VERS, 596 UNSUPP_PDU_TYPE, 597 UNK_REC_WDRAWL, 598 DUP_REC_RECV, 599 UNEXP_PROTOCOL_VERS, 600 }; 601 602 struct rtr_config { 603 SIMPLEQ_ENTRY(rtr_config) entry; 604 char descr[PEER_DESCR_LEN]; 605 struct auth_config auth; 606 struct bgpd_addr remote_addr; 607 struct bgpd_addr local_addr; 608 uint32_t id; 609 uint16_t remote_port; 610 uint8_t min_version; 611 }; 612 613 struct rtr_config_msg { 614 char descr[PEER_DESCR_LEN]; 615 uint8_t min_version; 616 }; 617 618 struct ctl_show_rtr { 619 char descr[PEER_DESCR_LEN]; 620 char state[PEER_DESCR_LEN]; 621 char last_sent_msg[REASON_LEN]; 622 char last_recv_msg[REASON_LEN]; 623 struct bgpd_addr remote_addr; 624 struct bgpd_addr local_addr; 625 uint32_t serial; 626 uint32_t refresh; 627 uint32_t retry; 628 uint32_t expire; 629 int session_id; 630 enum rtr_error last_sent_error; 631 enum rtr_error last_recv_error; 632 uint16_t remote_port; 633 uint8_t version; 634 uint8_t min_version; 635 }; 636 637 enum imsg_type { 638 IMSG_NONE, 639 IMSG_CTL_END, 640 IMSG_CTL_RELOAD, 641 IMSG_CTL_FIB_COUPLE, 642 IMSG_CTL_FIB_DECOUPLE, 643 IMSG_CTL_NEIGHBOR_UP, 644 IMSG_CTL_NEIGHBOR_DOWN, 645 IMSG_CTL_NEIGHBOR_CLEAR, 646 IMSG_CTL_NEIGHBOR_RREFRESH, 647 IMSG_CTL_NEIGHBOR_DESTROY, 648 IMSG_CTL_KROUTE, 649 IMSG_CTL_KROUTE_ADDR, 650 IMSG_CTL_RESULT, 651 IMSG_CTL_SHOW_NEIGHBOR, 652 IMSG_CTL_SHOW_NEXTHOP, 653 IMSG_CTL_SHOW_INTERFACE, 654 IMSG_CTL_SHOW_RIB, 655 IMSG_CTL_SHOW_RIB_PREFIX, 656 IMSG_CTL_SHOW_RIB_COMMUNITIES, 657 IMSG_CTL_SHOW_RIB_ATTR, 658 IMSG_CTL_SHOW_NETWORK, 659 IMSG_CTL_SHOW_FLOWSPEC, 660 IMSG_CTL_SHOW_RIB_MEM, 661 IMSG_CTL_SHOW_TERSE, 662 IMSG_CTL_SHOW_TIMER, 663 IMSG_CTL_LOG_VERBOSE, 664 IMSG_CTL_SHOW_FIB_TABLES, 665 IMSG_CTL_SHOW_SET, 666 IMSG_CTL_SHOW_RTR, 667 IMSG_CTL_TERMINATE, 668 IMSG_NETWORK_ADD, 669 IMSG_NETWORK_ASPATH, 670 IMSG_NETWORK_ATTR, 671 IMSG_NETWORK_REMOVE, 672 IMSG_NETWORK_FLUSH, 673 IMSG_NETWORK_DONE, 674 IMSG_FLOWSPEC_ADD, 675 IMSG_FLOWSPEC_DONE, 676 IMSG_FLOWSPEC_REMOVE, 677 IMSG_FLOWSPEC_FLUSH, 678 IMSG_FILTER_SET, 679 IMSG_SOCKET_CONN, 680 IMSG_SOCKET_CONN_CTL, 681 IMSG_SOCKET_CONN_RTR, 682 IMSG_SOCKET_SETUP, 683 IMSG_SOCKET_TEARDOWN, 684 IMSG_RECONF_CONF, 685 IMSG_RECONF_RIB, 686 IMSG_RECONF_PEER, 687 IMSG_RECONF_PEER_AUTH, 688 IMSG_RECONF_FILTER, 689 IMSG_RECONF_LISTENER, 690 IMSG_RECONF_CTRL, 691 IMSG_RECONF_VPN, 692 IMSG_RECONF_VPN_EXPORT, 693 IMSG_RECONF_VPN_IMPORT, 694 IMSG_RECONF_VPN_DONE, 695 IMSG_RECONF_PREFIX_SET, 696 IMSG_RECONF_PREFIX_SET_ITEM, 697 IMSG_RECONF_AS_SET, 698 IMSG_RECONF_AS_SET_ITEMS, 699 IMSG_RECONF_AS_SET_DONE, 700 IMSG_RECONF_ORIGIN_SET, 701 IMSG_RECONF_ROA_SET, 702 IMSG_RECONF_ROA_ITEM, 703 IMSG_RECONF_ASPA, 704 IMSG_RECONF_ASPA_TAS, 705 IMSG_RECONF_ASPA_DONE, 706 IMSG_RECONF_ASPA_PREP, 707 IMSG_RECONF_RTR_CONFIG, 708 IMSG_RECONF_DRAIN, 709 IMSG_RECONF_DONE, 710 IMSG_UPDATE, 711 IMSG_UPDATE_ERR, 712 IMSG_SESSION_ADD, 713 IMSG_SESSION_UP, 714 IMSG_SESSION_DOWN, 715 IMSG_SESSION_DELETE, 716 IMSG_SESSION_STALE, 717 IMSG_SESSION_NOGRACE, 718 IMSG_SESSION_FLUSH, 719 IMSG_SESSION_RESTARTED, 720 IMSG_SESSION_DEPENDON, 721 IMSG_PFKEY_RELOAD, 722 IMSG_MRT_OPEN, 723 IMSG_MRT_REOPEN, 724 IMSG_MRT_CLOSE, 725 IMSG_KROUTE_CHANGE, 726 IMSG_KROUTE_DELETE, 727 IMSG_KROUTE_FLUSH, 728 IMSG_NEXTHOP_ADD, 729 IMSG_NEXTHOP_REMOVE, 730 IMSG_NEXTHOP_UPDATE, 731 IMSG_PFTABLE_ADD, 732 IMSG_PFTABLE_REMOVE, 733 IMSG_PFTABLE_COMMIT, 734 IMSG_REFRESH, 735 IMSG_DEMOTE, 736 IMSG_XON, 737 IMSG_XOFF 738 }; 739 740 struct demote_msg { 741 char demote_group[IFNAMSIZ]; 742 int level; 743 }; 744 745 enum ctl_results { 746 CTL_RES_OK, 747 CTL_RES_NOSUCHPEER, 748 CTL_RES_DENIED, 749 CTL_RES_NOCAP, 750 CTL_RES_PARSE_ERROR, 751 CTL_RES_PENDING, 752 CTL_RES_NOMEM, 753 CTL_RES_BADPEER, 754 CTL_RES_BADSTATE, 755 CTL_RES_NOSUCHRIB, 756 CTL_RES_OPNOTSUPP, 757 }; 758 759 /* needed for session.h parse prototype */ 760 LIST_HEAD(mrt_head, mrt); 761 762 /* error codes and subcodes needed in SE and RDE */ 763 enum err_codes { 764 ERR_HEADER = 1, 765 ERR_OPEN, 766 ERR_UPDATE, 767 ERR_HOLDTIMEREXPIRED, 768 ERR_FSM, 769 ERR_CEASE, 770 ERR_RREFRESH, 771 ERR_SENDHOLDTIMEREXPIRED, 772 }; 773 774 enum suberr_update { 775 ERR_UPD_UNSPECIFIC, 776 ERR_UPD_ATTRLIST, 777 ERR_UPD_UNKNWN_WK_ATTR, 778 ERR_UPD_MISSNG_WK_ATTR, 779 ERR_UPD_ATTRFLAGS, 780 ERR_UPD_ATTRLEN, 781 ERR_UPD_ORIGIN, 782 ERR_UPD_LOOP, 783 ERR_UPD_NEXTHOP, 784 ERR_UPD_OPTATTR, 785 ERR_UPD_NETWORK, 786 ERR_UPD_ASPATH 787 }; 788 789 enum suberr_cease { 790 ERR_CEASE_MAX_PREFIX = 1, 791 ERR_CEASE_ADMIN_DOWN, 792 ERR_CEASE_PEER_UNCONF, 793 ERR_CEASE_ADMIN_RESET, 794 ERR_CEASE_CONN_REJECT, 795 ERR_CEASE_OTHER_CHANGE, 796 ERR_CEASE_COLLISION, 797 ERR_CEASE_RSRC_EXHAUST, 798 ERR_CEASE_HARD_RESET, 799 ERR_CEASE_MAX_SENT_PREFIX 800 }; 801 802 enum suberr_rrefresh { 803 ERR_RR_INV_LEN = 1 804 }; 805 806 struct kroute; 807 struct kroute6; 808 struct knexthop; 809 struct kredist_node; 810 RB_HEAD(kroute_tree, kroute); 811 RB_HEAD(kroute6_tree, kroute6); 812 RB_HEAD(knexthop_tree, knexthop); 813 RB_HEAD(kredist_tree, kredist_node); 814 815 struct ktable { 816 char descr[PEER_DESCR_LEN]; 817 struct kroute_tree krt; 818 struct kroute6_tree krt6; 819 struct knexthop_tree knt; 820 struct kredist_tree kredist; 821 struct network_head krn; 822 u_int rtableid; 823 u_int nhtableid; /* rdomain id for nexthop lookup */ 824 int nhrefcnt; /* refcnt for nexthop table */ 825 enum reconf_action state; 826 uint8_t fib_conf; /* configured FIB sync flag */ 827 uint8_t fib_sync; /* is FIB synced with kernel? */ 828 }; 829 830 struct kroute_full { 831 struct bgpd_addr prefix; 832 struct bgpd_addr nexthop; 833 char label[ROUTELABEL_LEN]; 834 uint32_t mplslabel; 835 uint16_t flags; 836 u_short ifindex; 837 uint8_t prefixlen; 838 uint8_t priority; 839 }; 840 841 struct kroute_nexthop { 842 struct bgpd_addr nexthop; 843 struct bgpd_addr gateway; 844 struct bgpd_addr net; 845 uint8_t netlen; 846 uint8_t valid; 847 uint8_t connected; 848 }; 849 850 struct session_dependon { 851 char ifname[IFNAMSIZ]; 852 uint8_t depend_state; /* for session depend on */ 853 }; 854 855 struct session_up { 856 struct bgpd_addr local_v4_addr; 857 struct bgpd_addr local_v6_addr; 858 struct bgpd_addr remote_addr; 859 struct capabilities capa; 860 uint32_t remote_bgpid; 861 unsigned int if_scope; 862 uint16_t short_as; 863 }; 864 865 struct route_refresh { 866 uint8_t aid; 867 uint8_t subtype; 868 }; 869 #define ROUTE_REFRESH_REQUEST 0 870 #define ROUTE_REFRESH_BEGIN_RR 1 871 #define ROUTE_REFRESH_END_RR 2 872 873 struct pftable_msg { 874 struct bgpd_addr addr; 875 char pftable[PFTABLE_LEN]; 876 uint8_t len; 877 }; 878 879 struct ctl_show_interface { 880 char ifname[IFNAMSIZ]; 881 char linkstate[32]; 882 char media[32]; 883 uint64_t baudrate; 884 u_int rdomain; 885 uint8_t nh_reachable; 886 uint8_t is_up; 887 }; 888 889 struct ctl_show_nexthop { 890 struct bgpd_addr addr; 891 struct ctl_show_interface iface; 892 struct kroute_full kr; 893 uint8_t valid; 894 uint8_t krvalid; 895 }; 896 897 struct ctl_show_set { 898 char name[SET_NAME_LEN]; 899 time_t lastchange; 900 size_t v4_cnt; 901 size_t v6_cnt; 902 size_t as_cnt; 903 enum { 904 ASNUM_SET, 905 PREFIX_SET, 906 ORIGIN_SET, 907 ROA_SET, 908 ASPA_SET, 909 } type; 910 }; 911 912 struct ctl_neighbor { 913 struct bgpd_addr addr; 914 char descr[PEER_DESCR_LEN]; 915 char reason[REASON_LEN]; 916 int show_timers; 917 int is_group; 918 }; 919 920 #define F_PREF_ELIGIBLE 0x001 921 #define F_PREF_BEST 0x002 922 #define F_PREF_INTERNAL 0x004 923 #define F_PREF_ANNOUNCE 0x008 924 #define F_PREF_STALE 0x010 925 #define F_PREF_INVALID 0x020 926 #define F_PREF_PATH_ID 0x040 927 #define F_PREF_OTC_LEAK 0x080 928 #define F_PREF_ECMP 0x100 929 #define F_PREF_AS_WIDE 0x200 930 #define F_PREF_FILTERED 0x400 931 932 struct ctl_show_rib { 933 struct bgpd_addr true_nexthop; 934 struct bgpd_addr exit_nexthop; 935 struct bgpd_addr prefix; 936 struct bgpd_addr remote_addr; 937 char descr[PEER_DESCR_LEN]; 938 time_t age; 939 uint32_t remote_id; 940 uint32_t path_id; 941 uint32_t local_pref; 942 uint32_t med; 943 uint32_t weight; 944 uint32_t flags; 945 uint8_t prefixlen; 946 uint8_t origin; 947 uint8_t roa_validation_state; 948 uint8_t aspa_validation_state; 949 int8_t dmetric; 950 /* plus an aspath */ 951 }; 952 953 enum as_spec { 954 AS_UNDEF, 955 AS_ALL, 956 AS_SOURCE, 957 AS_TRANSIT, 958 AS_PEER, 959 AS_EMPTY 960 }; 961 962 enum aslen_spec { 963 ASLEN_NONE, 964 ASLEN_MAX, 965 ASLEN_SEQ 966 }; 967 968 #define AS_FLAG_NEIGHBORAS 0x01 969 #define AS_FLAG_AS_SET_NAME 0x02 970 #define AS_FLAG_AS_SET 0x04 971 972 struct filter_as { 973 char name[SET_NAME_LEN]; 974 struct as_set *aset; 975 uint32_t as_min; 976 uint32_t as_max; 977 enum as_spec type; 978 uint8_t flags; 979 uint8_t op; 980 }; 981 982 struct filter_aslen { 983 u_int aslen; 984 enum aslen_spec type; 985 }; 986 987 #define PREFIXSET_FLAG_FILTER 0x01 988 #define PREFIXSET_FLAG_DIRTY 0x02 /* prefix-set changed at reload */ 989 #define PREFIXSET_FLAG_OPS 0x04 /* indiv. prefixes have prefixlenops */ 990 #define PREFIXSET_FLAG_LONGER 0x08 /* filter all prefixes with or-longer */ 991 992 struct filter_prefixset { 993 int flags; 994 char name[SET_NAME_LEN]; 995 struct rde_prefixset *ps; 996 }; 997 998 struct filter_originset { 999 char name[SET_NAME_LEN]; 1000 struct rde_prefixset *ps; 1001 }; 1002 1003 struct filter_vs { 1004 uint8_t validity; 1005 uint8_t is_set; 1006 }; 1007 1008 /* 1009 * Communities are encoded depending on their type. The low byte of flags 1010 * is the COMMUNITY_TYPE (BASIC, LARGE, EXT). BASIC encoding is just using 1011 * data1 and data2, LARGE uses all data fields and EXT is also using all 1012 * data fields. The 4-byte flags fields consists of up to 3 data flags 1013 * for e.g. COMMUNITY_ANY and the low byte is the community type. 1014 * If flags is 0 the community struct is unused. If the upper 24bit of 1015 * flags is 0 a fast compare can be used. 1016 * The code uses a type cast to uint8_t to access the type. 1017 */ 1018 struct community { 1019 uint32_t flags; 1020 uint32_t data1; 1021 uint32_t data2; 1022 uint32_t data3; 1023 }; 1024 1025 struct ctl_show_rib_request { 1026 char rib[PEER_DESCR_LEN]; 1027 struct ctl_neighbor neighbor; 1028 struct bgpd_addr prefix; 1029 struct filter_as as; 1030 struct community community; 1031 uint32_t flags; 1032 uint32_t path_id; 1033 pid_t pid; 1034 enum imsg_type type; 1035 uint8_t validation_state; 1036 uint8_t prefixlen; 1037 uint8_t aid; 1038 }; 1039 1040 struct ctl_kroute_req { 1041 int flags; 1042 sa_family_t af; 1043 }; 1044 1045 enum filter_actions { 1046 ACTION_NONE, 1047 ACTION_ALLOW, 1048 ACTION_DENY 1049 }; 1050 1051 enum directions { 1052 DIR_IN = 1, 1053 DIR_OUT 1054 }; 1055 1056 enum from_spec { 1057 FROM_ALL, 1058 FROM_ADDRESS, 1059 FROM_DESCR, 1060 FROM_GROUP 1061 }; 1062 1063 enum comp_ops { 1064 OP_NONE, 1065 OP_RANGE, 1066 OP_XRANGE, 1067 OP_EQ, 1068 OP_NE, 1069 OP_LE, 1070 OP_LT, 1071 OP_GE, 1072 OP_GT 1073 }; 1074 1075 struct filter_peers { 1076 uint32_t peerid; 1077 uint32_t groupid; 1078 uint32_t remote_as; 1079 uint16_t ribid; 1080 uint8_t ebgp; 1081 uint8_t ibgp; 1082 }; 1083 1084 /* special community type, keep in sync with the attribute type */ 1085 #define COMMUNITY_TYPE_NONE 0 1086 #define COMMUNITY_TYPE_BASIC 8 1087 #define COMMUNITY_TYPE_EXT 16 1088 #define COMMUNITY_TYPE_LARGE 32 1089 1090 #define COMMUNITY_ANY 1 1091 #define COMMUNITY_NEIGHBOR_AS 2 1092 #define COMMUNITY_LOCAL_AS 3 1093 1094 /* wellknown community definitions */ 1095 #define COMMUNITY_WELLKNOWN 0xffff 1096 #define COMMUNITY_GRACEFUL_SHUTDOWN 0x0000 /* RFC 8326 */ 1097 #define COMMUNITY_BLACKHOLE 0x029A /* RFC 7999 */ 1098 #define COMMUNITY_NO_EXPORT 0xff01 1099 #define COMMUNITY_NO_ADVERTISE 0xff02 1100 #define COMMUNITY_NO_EXPSUBCONFED 0xff03 1101 #define COMMUNITY_NO_PEER 0xff04 /* RFC 3765 */ 1102 1103 /* extended community definitions */ 1104 #define EXT_COMMUNITY_IANA 0x80 1105 #define EXT_COMMUNITY_NON_TRANSITIVE 0x40 1106 #define EXT_COMMUNITY_VALUE 0x3f 1107 /* extended transitive types */ 1108 #define EXT_COMMUNITY_TRANS_TWO_AS 0x00 /* 2 octet AS specific */ 1109 #define EXT_COMMUNITY_TRANS_IPV4 0x01 /* IPv4 specific */ 1110 #define EXT_COMMUNITY_TRANS_FOUR_AS 0x02 /* 4 octet AS specific */ 1111 #define EXT_COMMUNITY_TRANS_OPAQUE 0x03 /* opaque ext community */ 1112 #define EXT_COMMUNITY_TRANS_EVPN 0x06 /* EVPN RFC 7432 */ 1113 /* extended non-transitive types */ 1114 #define EXT_COMMUNITY_NON_TRANS_TWO_AS 0x40 /* 2 octet AS specific */ 1115 #define EXT_COMMUNITY_NON_TRANS_IPV4 0x41 /* IPv4 specific */ 1116 #define EXT_COMMUNITY_NON_TRANS_FOUR_AS 0x42 /* 4 octet AS specific */ 1117 #define EXT_COMMUNITY_NON_TRANS_OPAQUE 0x43 /* opaque ext community */ 1118 #define EXT_COMMUNITY_UNKNOWN -1 1119 /* generic transitive types */ 1120 #define EXT_COMMUNITY_GEN_TWO_AS 0x80 /* 2 octet AS specific */ 1121 #define EXT_COMMUNITY_GEN_IPV4 0x81 /* IPv4 specific */ 1122 #define EXT_COMMUNITY_GEN_FOUR_AS 0x82 /* 4 octet AS specific */ 1123 1124 /* BGP Origin Validation State Extended Community RFC 8097 */ 1125 #define EXT_COMMUNITY_SUBTYPE_OVS 0 1126 #define EXT_COMMUNITY_OVS_VALID 0 1127 #define EXT_COMMUNITY_OVS_NOTFOUND 1 1128 #define EXT_COMMUNITY_OVS_INVALID 2 1129 1130 /* other handy defines */ 1131 #define EXT_COMMUNITY_OPAQUE_MAX 0xffffffffffffULL 1132 #define EXT_COMMUNITY_FLAG_VALID 0x01 1133 1134 struct ext_comm_pairs { 1135 uint8_t type; 1136 uint8_t subtype; 1137 const char *subname; 1138 }; 1139 1140 #define IANA_EXT_COMMUNITIES { \ 1141 { EXT_COMMUNITY_TRANS_TWO_AS, 0x02, "rt" }, \ 1142 { EXT_COMMUNITY_TRANS_TWO_AS, 0x03, "soo" }, \ 1143 { EXT_COMMUNITY_TRANS_TWO_AS, 0x05, "odi" }, \ 1144 { EXT_COMMUNITY_TRANS_TWO_AS, 0x08, "bdc" }, \ 1145 { EXT_COMMUNITY_TRANS_TWO_AS, 0x09, "srcas" }, \ 1146 { EXT_COMMUNITY_TRANS_TWO_AS, 0x0a, "l2vid" }, \ 1147 \ 1148 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x02, "rt" }, \ 1149 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x03, "soo" }, \ 1150 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x05, "odi" }, \ 1151 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x08, "bdc" }, \ 1152 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x09, "srcas" }, \ 1153 \ 1154 { EXT_COMMUNITY_TRANS_IPV4, 0x02, "rt" }, \ 1155 { EXT_COMMUNITY_TRANS_IPV4, 0x03, "soo" }, \ 1156 { EXT_COMMUNITY_TRANS_IPV4, 0x05, "odi" }, \ 1157 { EXT_COMMUNITY_TRANS_IPV4, 0x07, "ori" }, \ 1158 { EXT_COMMUNITY_TRANS_IPV4, 0x0a, "l2vid" }, \ 1159 { EXT_COMMUNITY_TRANS_IPV4, 0x0b, "vrfri" }, \ 1160 \ 1161 { EXT_COMMUNITY_TRANS_OPAQUE, 0x06, "ort" }, \ 1162 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0c, "encap" }, \ 1163 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0d, "defgw" }, \ 1164 \ 1165 { EXT_COMMUNITY_NON_TRANS_OPAQUE, EXT_COMMUNITY_SUBTYPE_OVS, "ovs" }, \ 1166 \ 1167 { EXT_COMMUNITY_TRANS_EVPN, 0x00, "mac-mob" }, \ 1168 { EXT_COMMUNITY_TRANS_EVPN, 0x01, "esi-lab" }, \ 1169 { EXT_COMMUNITY_TRANS_EVPN, 0x02, "esi-rt" }, \ 1170 \ 1171 { EXT_COMMUNITY_GEN_TWO_AS, 0x06, "flow-rate" }, \ 1172 { EXT_COMMUNITY_GEN_TWO_AS, 0x0c, "flow-pps" }, \ 1173 { EXT_COMMUNITY_GEN_TWO_AS, 0x07, "flow-action" }, \ 1174 { EXT_COMMUNITY_GEN_TWO_AS, 0x08, "flow-rt-redir" }, \ 1175 { EXT_COMMUNITY_GEN_IPV4, 0x08, "flow-rt-redir" }, \ 1176 { EXT_COMMUNITY_GEN_FOUR_AS, 0x08, "flow-rt-redir" }, \ 1177 { EXT_COMMUNITY_GEN_TWO_AS, 0x09, "flow-dscp" }, \ 1178 \ 1179 { 0 } \ 1180 } 1181 1182 extern const struct ext_comm_pairs iana_ext_comms[]; 1183 1184 /* BGP flowspec defines RFC 8955 and 8956 */ 1185 #define FLOWSPEC_LEN_LIMIT 0xf0 1186 #define FLOWSPEC_OP_EOL 0x80 1187 #define FLOWSPEC_OP_AND 0x40 1188 #define FLOWSPEC_OP_LEN_MASK 0x30 1189 #define FLOWSPEC_OP_LEN_SHIFT 4 1190 #define FLOWSPEC_OP_LEN(op) \ 1191 (1 << (((op) & FLOWSPEC_OP_LEN_MASK) >> FLOWSPEC_OP_LEN_SHIFT)) 1192 #define FLOWSPEC_OP_NUM_LT 0x04 1193 #define FLOWSPEC_OP_NUM_GT 0x02 1194 #define FLOWSPEC_OP_NUM_EQ 0x01 1195 #define FLOWSPEC_OP_NUM_LE (FLOWSPEC_OP_NUM_LT | FLOWSPEC_OP_NUM_EQ) 1196 #define FLOWSPEC_OP_NUM_GE (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_EQ) 1197 #define FLOWSPEC_OP_NUM_NOT (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_LT) 1198 #define FLOWSPEC_OP_NUM_MASK 0x07 1199 #define FLOWSPEC_OP_BIT_NOT 0x02 1200 #define FLOWSPEC_OP_BIT_MATCH 0x01 1201 #define FLOWSPEC_OP_BIT_MASK 0x03 1202 1203 #define FLOWSPEC_TYPE_MIN 1 1204 #define FLOWSPEC_TYPE_DEST 1 1205 #define FLOWSPEC_TYPE_SOURCE 2 1206 #define FLOWSPEC_TYPE_PROTO 3 1207 #define FLOWSPEC_TYPE_PORT 4 1208 #define FLOWSPEC_TYPE_DST_PORT 5 1209 #define FLOWSPEC_TYPE_SRC_PORT 6 1210 #define FLOWSPEC_TYPE_ICMP_TYPE 7 1211 #define FLOWSPEC_TYPE_ICMP_CODE 8 1212 #define FLOWSPEC_TYPE_TCP_FLAGS 9 1213 #define FLOWSPEC_TYPE_PKT_LEN 10 1214 #define FLOWSPEC_TYPE_DSCP 11 1215 #define FLOWSPEC_TYPE_FRAG 12 1216 #define FLOWSPEC_TYPE_FLOW 13 1217 #define FLOWSPEC_TYPE_MAX 14 1218 1219 #define FLOWSPEC_TCP_FLAG_STRING "FSRPAUEW" 1220 #define FLOWSPEC_FRAG_STRING4 "DIFL" 1221 #define FLOWSPEC_FRAG_STRING6 " IFL" 1222 1223 struct filter_prefix { 1224 struct bgpd_addr addr; 1225 uint8_t op; 1226 uint8_t len; 1227 uint8_t len_min; 1228 uint8_t len_max; 1229 }; 1230 1231 struct filter_nexthop { 1232 struct bgpd_addr addr; 1233 uint8_t flags; 1234 #define FILTER_NEXTHOP_ADDR 1 1235 #define FILTER_NEXTHOP_NEIGHBOR 2 1236 }; 1237 1238 struct filter_match { 1239 struct filter_prefix prefix; 1240 struct filter_nexthop nexthop; 1241 struct filter_as as; 1242 struct filter_aslen aslen; 1243 struct community community[MAX_COMM_MATCH]; 1244 struct filter_prefixset prefixset; 1245 struct filter_originset originset; 1246 struct filter_vs ovs; 1247 struct filter_vs avs; 1248 int maxcomm; 1249 int maxextcomm; 1250 int maxlargecomm; 1251 }; 1252 1253 struct filter_rule { 1254 TAILQ_ENTRY(filter_rule) entry; 1255 char rib[PEER_DESCR_LEN]; 1256 struct filter_peers peer; 1257 struct filter_match match; 1258 struct filter_set_head set; 1259 #define RDE_FILTER_SKIP_PEERID 0 1260 #define RDE_FILTER_SKIP_GROUPID 1 1261 #define RDE_FILTER_SKIP_REMOTE_AS 2 1262 #define RDE_FILTER_SKIP_COUNT 3 1263 struct filter_rule *skip[RDE_FILTER_SKIP_COUNT]; 1264 enum filter_actions action; 1265 enum directions dir; 1266 uint8_t quick; 1267 }; 1268 1269 enum action_types { 1270 ACTION_SET_LOCALPREF, 1271 ACTION_SET_RELATIVE_LOCALPREF, 1272 ACTION_SET_MED, 1273 ACTION_SET_RELATIVE_MED, 1274 ACTION_SET_WEIGHT, 1275 ACTION_SET_RELATIVE_WEIGHT, 1276 ACTION_SET_PREPEND_SELF, 1277 ACTION_SET_PREPEND_PEER, 1278 ACTION_SET_AS_OVERRIDE, 1279 ACTION_SET_NEXTHOP, 1280 ACTION_SET_NEXTHOP_REF, 1281 ACTION_SET_NEXTHOP_REJECT, 1282 ACTION_SET_NEXTHOP_BLACKHOLE, 1283 ACTION_SET_NEXTHOP_NOMODIFY, 1284 ACTION_SET_NEXTHOP_SELF, 1285 ACTION_DEL_COMMUNITY, 1286 ACTION_SET_COMMUNITY, 1287 ACTION_PFTABLE, 1288 ACTION_PFTABLE_ID, 1289 ACTION_RTLABEL, 1290 ACTION_RTLABEL_ID, 1291 ACTION_SET_ORIGIN 1292 }; 1293 1294 struct nexthop; 1295 struct filter_set { 1296 TAILQ_ENTRY(filter_set) entry; 1297 union { 1298 uint8_t prepend; 1299 uint16_t id; 1300 uint32_t metric; 1301 int32_t relative; 1302 struct bgpd_addr nexthop; 1303 struct nexthop *nh_ref; 1304 struct community community; 1305 char pftable[PFTABLE_LEN]; 1306 char rtlabel[ROUTELABEL_LEN]; 1307 uint8_t origin; 1308 } action; 1309 enum action_types type; 1310 }; 1311 1312 struct roa_set { 1313 uint32_t as; /* must be first */ 1314 uint32_t maxlen; /* change type for better struct layout */ 1315 }; 1316 1317 struct prefixset_item { 1318 struct filter_prefix p; 1319 RB_ENTRY(prefixset_item) entry; 1320 }; 1321 1322 struct prefixset { 1323 int sflags; 1324 char name[SET_NAME_LEN]; 1325 struct prefixset_tree psitems; 1326 struct roa_tree roaitems; 1327 SIMPLEQ_ENTRY(prefixset) entry; 1328 }; 1329 1330 struct as_set { 1331 char name[SET_NAME_LEN]; 1332 SIMPLEQ_ENTRY(as_set) entry; 1333 struct set_table *set; 1334 time_t lastchange; 1335 int dirty; 1336 }; 1337 1338 struct aspa_set { 1339 time_t expires; 1340 uint32_t as; 1341 uint32_t num; 1342 uint32_t *tas; 1343 RB_ENTRY(aspa_set) entry; 1344 }; 1345 1346 struct aspa_prep { 1347 size_t datasize; 1348 uint32_t entries; 1349 }; 1350 1351 struct l3vpn { 1352 SIMPLEQ_ENTRY(l3vpn) entry; 1353 char descr[PEER_DESCR_LEN]; 1354 char ifmpe[IFNAMSIZ]; 1355 struct filter_set_head import; 1356 struct filter_set_head export; 1357 struct network_head net_l; 1358 uint64_t rd; 1359 u_int rtableid; 1360 u_int label; 1361 int flags; 1362 }; 1363 1364 struct rde_rib { 1365 SIMPLEQ_ENTRY(rde_rib) entry; 1366 char name[PEER_DESCR_LEN]; 1367 u_int rtableid; 1368 uint16_t id; 1369 uint16_t flags; 1370 }; 1371 SIMPLEQ_HEAD(rib_names, rde_rib); 1372 extern struct rib_names ribnames; 1373 1374 /* rde_rib flags */ 1375 #define F_RIB_LOCAL 0x0001 1376 #define F_RIB_NOEVALUATE 0x0002 1377 #define F_RIB_NOFIB 0x0004 1378 #define F_RIB_NOFIBSYNC 0x0008 1379 1380 /* 4-byte magic AS number */ 1381 #define AS_TRANS 23456 1382 /* AS_NONE for origin validation */ 1383 #define AS_NONE 0 1384 1385 struct rde_memstats { 1386 long long path_cnt; 1387 long long path_refs; 1388 long long prefix_cnt; 1389 long long rib_cnt; 1390 long long pt_cnt[AID_MAX]; 1391 long long pt_size[AID_MAX]; 1392 long long nexthop_cnt; 1393 long long aspath_cnt; 1394 long long aspath_size; 1395 long long comm_cnt; 1396 long long comm_nmemb; 1397 long long comm_size; 1398 long long comm_refs; 1399 long long attr_cnt; 1400 long long attr_refs; 1401 long long attr_data; 1402 long long attr_dcnt; 1403 long long aset_cnt; 1404 long long aset_size; 1405 long long aset_nmemb; 1406 long long pset_cnt; 1407 long long pset_size; 1408 }; 1409 1410 #define MRT_FILE_LEN 512 1411 #define MRT2MC(x) ((struct mrt_config *)(x)) 1412 1413 enum mrt_type { 1414 MRT_NONE, 1415 MRT_TABLE_DUMP, 1416 MRT_TABLE_DUMP_MP, 1417 MRT_TABLE_DUMP_V2, 1418 MRT_ALL_IN, 1419 MRT_ALL_OUT, 1420 MRT_UPDATE_IN, 1421 MRT_UPDATE_OUT 1422 }; 1423 1424 enum mrt_state { 1425 MRT_STATE_RUNNING, 1426 MRT_STATE_OPEN, 1427 MRT_STATE_REOPEN, 1428 MRT_STATE_REMOVE 1429 }; 1430 1431 struct mrt { 1432 char rib[PEER_DESCR_LEN]; 1433 LIST_ENTRY(mrt) entry; 1434 struct msgbuf *wbuf; 1435 uint32_t peer_id; 1436 uint32_t group_id; 1437 int fd; 1438 enum mrt_type type; 1439 enum mrt_state state; 1440 uint16_t seqnum; 1441 }; 1442 1443 struct mrt_config { 1444 struct mrt conf; 1445 char name[MRT_FILE_LEN]; /* base file name */ 1446 char file[MRT_FILE_LEN]; /* actual file name */ 1447 time_t ReopenTimer; 1448 int ReopenTimerInterval; 1449 }; 1450 1451 /* prototypes */ 1452 /* bgpd.c */ 1453 void send_nexthop_update(struct kroute_nexthop *); 1454 void send_imsg_session(int, pid_t, void *, uint16_t); 1455 int send_network(int, struct network_config *, 1456 struct filter_set_head *); 1457 int bgpd_oknexthop(struct kroute_full *); 1458 int bgpd_has_bgpnh(void); 1459 void set_pollfd(struct pollfd *, struct imsgbuf *); 1460 int handle_pollfd(struct pollfd *, struct imsgbuf *); 1461 1462 /* control.c */ 1463 int control_imsg_relay(struct imsg *, struct peer *); 1464 1465 /* config.c */ 1466 struct bgpd_config *new_config(void); 1467 void copy_config(struct bgpd_config *, struct bgpd_config *); 1468 void network_free(struct network *); 1469 struct flowspec_config *flowspec_alloc(uint8_t, int); 1470 void flowspec_free(struct flowspec_config *); 1471 void free_l3vpns(struct l3vpn_head *); 1472 void free_config(struct bgpd_config *); 1473 void free_prefixsets(struct prefixset_head *); 1474 void free_rde_prefixsets(struct rde_prefixset_head *); 1475 void free_prefixtree(struct prefixset_tree *); 1476 void free_roatree(struct roa_tree *); 1477 void free_aspa(struct aspa_set *); 1478 void free_aspatree(struct aspa_tree *); 1479 void free_rtrs(struct rtr_config_head *); 1480 void filterlist_free(struct filter_head *); 1481 int host(const char *, struct bgpd_addr *, uint8_t *); 1482 uint32_t get_bgpid(void); 1483 void expand_networks(struct bgpd_config *, struct network_head *); 1484 RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); 1485 RB_PROTOTYPE(roa_tree, roa, entry, roa_cmp); 1486 RB_PROTOTYPE(aspa_tree, aspa_set, entry, aspa_cmp); 1487 RB_PROTOTYPE(flowspec_tree, flowspec_config, entry, flowspec_config_cmp); 1488 1489 /* kroute.c */ 1490 int kr_init(int *, uint8_t); 1491 int kr_default_prio(void); 1492 int kr_check_prio(long long); 1493 int ktable_update(u_int, char *, int); 1494 void ktable_preload(void); 1495 void ktable_postload(void); 1496 int ktable_exists(u_int, u_int *); 1497 int kr_change(u_int, struct kroute_full *); 1498 int kr_delete(u_int, struct kroute_full *); 1499 int kr_flush(u_int); 1500 void kr_shutdown(void); 1501 void kr_fib_couple(u_int); 1502 void kr_fib_couple_all(void); 1503 void kr_fib_decouple(u_int); 1504 void kr_fib_decouple_all(void); 1505 void kr_fib_prio_set(uint8_t); 1506 int kr_dispatch_msg(void); 1507 int kr_nexthop_add(uint32_t, struct bgpd_addr *); 1508 void kr_nexthop_delete(uint32_t, struct bgpd_addr *); 1509 void kr_show_route(struct imsg *); 1510 void kr_ifinfo(char *); 1511 void kr_net_reload(u_int, uint64_t, struct network_head *); 1512 int kr_reload(void); 1513 int get_mpe_config(const char *, u_int *, u_int *); 1514 uint8_t mask2prefixlen(sa_family_t, struct sockaddr *); 1515 1516 /* log.c */ 1517 void log_peer_info(const struct peer_config *, const char *, ...) 1518 __attribute__((__format__ (printf, 2, 3))); 1519 void log_peer_warn(const struct peer_config *, const char *, ...) 1520 __attribute__((__format__ (printf, 2, 3))); 1521 void log_peer_warnx(const struct peer_config *, const char *, ...) 1522 __attribute__((__format__ (printf, 2, 3))); 1523 1524 /* mrt.c */ 1525 void mrt_write(struct mrt *); 1526 void mrt_clean(struct mrt *); 1527 void mrt_init(struct imsgbuf *, struct imsgbuf *); 1528 time_t mrt_timeout(struct mrt_head *); 1529 void mrt_reconfigure(struct mrt_head *); 1530 void mrt_handler(struct mrt_head *); 1531 struct mrt *mrt_get(struct mrt_head *, struct mrt *); 1532 void mrt_mergeconfig(struct mrt_head *, struct mrt_head *); 1533 1534 /* name2id.c */ 1535 uint16_t rtlabel_name2id(const char *); 1536 const char *rtlabel_id2name(uint16_t); 1537 void rtlabel_unref(uint16_t); 1538 uint16_t rtlabel_ref(uint16_t); 1539 uint16_t pftable_name2id(const char *); 1540 const char *pftable_id2name(uint16_t); 1541 void pftable_unref(uint16_t); 1542 uint16_t pftable_ref(uint16_t); 1543 1544 /* parse.y */ 1545 int cmdline_symset(char *); 1546 struct prefixset *find_prefixset(char *, struct prefixset_head *); 1547 struct bgpd_config *parse_config(char *, struct peer_head *, 1548 struct rtr_config_head *); 1549 1550 /* pftable.c */ 1551 int pftable_exists(const char *); 1552 int pftable_add(const char *); 1553 int pftable_clear_all(void); 1554 int pftable_addr_add(struct pftable_msg *); 1555 int pftable_addr_remove(struct pftable_msg *); 1556 int pftable_commit(void); 1557 1558 /* rde_filter.c */ 1559 void filterset_free(struct filter_set_head *); 1560 int filterset_cmp(struct filter_set *, struct filter_set *); 1561 void filterset_move(struct filter_set_head *, struct filter_set_head *); 1562 void filterset_copy(struct filter_set_head *, struct filter_set_head *); 1563 const char *filterset_name(enum action_types); 1564 1565 /* rde_sets.c */ 1566 struct as_set *as_sets_lookup(struct as_set_head *, const char *); 1567 struct as_set *as_sets_new(struct as_set_head *, const char *, size_t, 1568 size_t); 1569 void as_sets_free(struct as_set_head *); 1570 void as_sets_mark_dirty(struct as_set_head *, struct as_set_head *); 1571 int as_set_match(const struct as_set *, uint32_t); 1572 1573 struct set_table *set_new(size_t, size_t); 1574 void set_free(struct set_table *); 1575 int set_add(struct set_table *, void *, size_t); 1576 void *set_get(struct set_table *, size_t *); 1577 void set_prep(struct set_table *); 1578 void *set_match(const struct set_table *, uint32_t); 1579 int set_equal(const struct set_table *, 1580 const struct set_table *); 1581 size_t set_nmemb(const struct set_table *); 1582 1583 /* rde_trie.c */ 1584 int trie_add(struct trie_head *, struct bgpd_addr *, uint8_t, uint8_t, 1585 uint8_t); 1586 int trie_roa_add(struct trie_head *, struct roa *); 1587 void trie_free(struct trie_head *); 1588 int trie_match(struct trie_head *, struct bgpd_addr *, uint8_t, int); 1589 int trie_roa_check(struct trie_head *, struct bgpd_addr *, uint8_t, 1590 uint32_t); 1591 void trie_dump(struct trie_head *); 1592 int trie_equal(struct trie_head *, struct trie_head *); 1593 1594 /* timer.c */ 1595 time_t getmonotime(void); 1596 1597 /* util.c */ 1598 char *ibuf_get_string(struct ibuf *, size_t); 1599 const char *log_addr(const struct bgpd_addr *); 1600 const char *log_evpnaddr(const struct bgpd_addr *, struct sockaddr *, 1601 socklen_t); 1602 const char *log_in6addr(const struct in6_addr *); 1603 const char *log_sockaddr(struct sockaddr *, socklen_t); 1604 const char *log_as(uint32_t); 1605 const char *log_rd(uint64_t); 1606 const char *log_ext_subtype(int, uint8_t); 1607 const char *log_reason(const char *); 1608 const char *log_aspath_error(int); 1609 const char *log_roa(struct roa *); 1610 const char *log_aspa(struct aspa_set *); 1611 const char *log_rtr_error(enum rtr_error); 1612 const char *log_policy(enum role); 1613 const char *log_capability(uint8_t); 1614 int aspath_asprint(char **, struct ibuf *); 1615 uint32_t aspath_extract(const void *, int); 1616 int aspath_verify(struct ibuf *, int, int); 1617 #define AS_ERR_LEN -1 1618 #define AS_ERR_TYPE -2 1619 #define AS_ERR_BAD -3 1620 #define AS_ERR_SOFT -4 1621 struct ibuf *aspath_inflate(struct ibuf *); 1622 int extract_prefix(const u_char *, int, void *, uint8_t, uint8_t); 1623 int nlri_get_prefix(struct ibuf *, struct bgpd_addr *, uint8_t *); 1624 int nlri_get_prefix6(struct ibuf *, struct bgpd_addr *, uint8_t *); 1625 int nlri_get_vpn4(struct ibuf *, struct bgpd_addr *, uint8_t *, 1626 int); 1627 int nlri_get_vpn6(struct ibuf *, struct bgpd_addr *, uint8_t *, 1628 int); 1629 int nlri_get_evpn(struct ibuf *, struct bgpd_addr *, uint8_t *); 1630 int prefix_compare(const struct bgpd_addr *, 1631 const struct bgpd_addr *, int); 1632 void inet4applymask(struct in_addr *, const struct in_addr *, int); 1633 void inet6applymask(struct in6_addr *, const struct in6_addr *, 1634 int); 1635 void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); 1636 const char *aid2str(uint8_t); 1637 int aid2afi(uint8_t, uint16_t *, uint8_t *); 1638 int afi2aid(uint16_t, uint8_t, uint8_t *); 1639 sa_family_t aid2af(uint8_t); 1640 int af2aid(sa_family_t, uint8_t, uint8_t *); 1641 struct sockaddr *addr2sa(const struct bgpd_addr *, uint16_t, socklen_t *); 1642 void sa2addr(struct sockaddr *, struct bgpd_addr *, uint16_t *); 1643 const char * get_baudrate(unsigned long long, char *); 1644 1645 /* flowspec.c */ 1646 int flowspec_valid(const uint8_t *, int, int); 1647 int flowspec_cmp(const uint8_t *, int, const uint8_t *, int, int); 1648 int flowspec_get_component(const uint8_t *, int, int, int, 1649 const uint8_t **, int *); 1650 int flowspec_get_addr(const uint8_t *, int, int, int, struct bgpd_addr *, 1651 uint8_t *, uint8_t *); 1652 const char *flowspec_fmt_label(int); 1653 const char *flowspec_fmt_num_op(const uint8_t *, int, int *); 1654 const char *flowspec_fmt_bin_op(const uint8_t *, int, int *, const char *); 1655 1656 static const char * const log_procnames[] = { 1657 "parent", 1658 "SE", 1659 "RDE", 1660 "RTR" 1661 }; 1662 1663 /* logmsg.c and needed by bgpctl */ 1664 static const char * const statenames[] = { 1665 "None", 1666 "Idle", 1667 "Connect", 1668 "Active", 1669 "OpenSent", 1670 "OpenConfirm", 1671 "Established" 1672 }; 1673 1674 static const char * const msgtypenames[] = { 1675 "NONE", 1676 "OPEN", 1677 "UPDATE", 1678 "NOTIFICATION", 1679 "KEEPALIVE", 1680 "RREFRESH" 1681 }; 1682 1683 static const char * const eventnames[] = { 1684 "None", 1685 "Start", 1686 "Stop", 1687 "Connection opened", 1688 "Connection closed", 1689 "Connection open failed", 1690 "Fatal error", 1691 "ConnectRetryTimer expired", 1692 "HoldTimer expired", 1693 "KeepaliveTimer expired", 1694 "SendHoldTimer expired", 1695 "OPEN message received", 1696 "KEEPALIVE message received", 1697 "UPDATE message received", 1698 "NOTIFICATION received", 1699 "graceful NOTIFICATION received", 1700 }; 1701 1702 static const char * const errnames[] = { 1703 "none", 1704 "Header error", 1705 "error in OPEN message", 1706 "error in UPDATE message", 1707 "HoldTimer expired", 1708 "Finite State Machine error", 1709 "Cease", 1710 "error in ROUTE-REFRESH message" 1711 }; 1712 1713 static const char * const suberr_header_names[] = { 1714 "none", 1715 "synchronization error", 1716 "wrong length", 1717 "unknown message type" 1718 }; 1719 1720 static const char * const suberr_open_names[] = { 1721 "none", 1722 "version mismatch", 1723 "AS unacceptable", 1724 "BGPID invalid", 1725 "optional parameter error", 1726 "authentication error", 1727 "unacceptable holdtime", 1728 "unsupported capability", 1729 NULL, 1730 NULL, 1731 NULL, 1732 "role mismatch", 1733 }; 1734 1735 static const char * const suberr_fsm_names[] = { 1736 "unspecified error", 1737 "received unexpected message in OpenSent", 1738 "received unexpected message in OpenConfirm", 1739 "received unexpected message in Established" 1740 }; 1741 1742 static const char * const suberr_update_names[] = { 1743 "none", 1744 "attribute list error", 1745 "unknown well-known attribute", 1746 "well-known attribute missing", 1747 "attribute flags error", 1748 "attribute length wrong", 1749 "origin unacceptable", 1750 "loop detected", 1751 "nexthop unacceptable", 1752 "optional attribute error", 1753 "network unacceptable", 1754 "AS-Path unacceptable" 1755 }; 1756 1757 static const char * const suberr_cease_names[] = { 1758 "none", 1759 "received max-prefix exceeded", 1760 "administratively down", 1761 "peer unconfigured", 1762 "administrative reset", 1763 "connection rejected", 1764 "other config change", 1765 "collision", 1766 "resource exhaustion", 1767 "hard reset", 1768 "sent max-prefix exceeded" 1769 }; 1770 1771 static const char * const suberr_rrefresh_names[] = { 1772 "none", 1773 "invalid message length" 1774 }; 1775 1776 static const char * const ctl_res_strerror[] = { 1777 "no error", 1778 "no such neighbor", 1779 "permission denied", 1780 "neighbor does not have this capability", 1781 "config file has errors, reload failed", 1782 "previous reload still running", 1783 "out of memory", 1784 "not a cloned peer", 1785 "peer still active, down peer first", 1786 "no such RIB", 1787 "operation not supported", 1788 }; 1789 1790 static const char * const timernames[] = { 1791 "None", 1792 "ConnectRetryTimer", 1793 "KeepaliveTimer", 1794 "HoldTimer", 1795 "SendHoldTimer", 1796 "IdleHoldTimer", 1797 "IdleHoldResetTimer", 1798 "CarpUndemoteTimer", 1799 "RestartTimer", 1800 "SessionDownTimer", 1801 "RTR RefreshTimer", 1802 "RTR RetryTimer", 1803 "RTR ExpireTimer", 1804 "RTR ActiveTimer", 1805 "" 1806 }; 1807 1808 #endif /* __BGPD_H__ */ 1809