1 /* $OpenBSD: bgpd.h,v 1.510 2025/01/27 15:22:11 claudio Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #ifndef __BGPD_H__ 19 #define __BGPD_H__ 20 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 #include <net/if.h> 28 29 #include <poll.h> 30 #include <stdarg.h> 31 #include <stdint.h> 32 33 #include <imsg.h> 34 35 #define BGP_VERSION 4 36 #define RTR_MAX_VERSION 2 37 #define RTR_DEFAULT_VERSION 1 38 #define BGP_PORT 179 39 #define RTR_PORT 323 40 #define CONFFILE "/etc/bgpd.conf" 41 #define BGPD_USER "_bgpd" 42 #define PEER_DESCR_LEN 64 43 #define REASON_LEN 256 /* includes NUL terminator */ 44 #define PFTABLE_LEN 32 45 #define ROUTELABEL_LEN 32 46 #define TCP_MD5_KEY_LEN 80 47 #define IPSEC_ENC_KEY_LEN 32 48 #define IPSEC_AUTH_KEY_LEN 20 49 #define SET_NAME_LEN 128 50 51 #define MAX_PKTSIZE 4096 52 #define MAX_EXT_PKTSIZE 65535 53 #define MAX_BGPD_IMSGSIZE (128 * 1024) 54 #define MAX_SOCK_BUF (4 * IBUF_READ_SIZE) 55 #define RT_BUF_SIZE 16384 56 #define MAX_RTSOCK_BUF (2 * 1024 * 1024) 57 #define MAX_COMM_MATCH 3 58 #define MAX_ASPA_SPAS_COUNT 10000 59 #define MIN_HOLDTIME 3 60 61 #define BGPD_OPT_VERBOSE 0x0001 62 #define BGPD_OPT_VERBOSE2 0x0002 63 #define BGPD_OPT_NOACTION 0x0004 64 #define BGPD_OPT_FORCE_DEMOTE 0x0008 65 66 #define BGPD_FLAG_REFLECTOR 0x0004 67 #define BGPD_FLAG_NEXTHOP_BGP 0x0010 68 #define BGPD_FLAG_NEXTHOP_DEFAULT 0x0020 69 #define BGPD_FLAG_DECISION_MASK 0x0f00 70 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 71 #define BGPD_FLAG_DECISION_TRANS_AS 0x0200 72 #define BGPD_FLAG_DECISION_MED_ALWAYS 0x0400 73 #define BGPD_FLAG_DECISION_ALL_PATHS 0x0800 74 #define BGPD_FLAG_PERMIT_AS_SET 0x1000 75 76 #define BGPD_LOG_UPDATES 0x0001 77 78 #define SOCKET_NAME "/var/run/bgpd.sock" 79 80 #define F_BGPD 0x0001 81 #define F_BGPD_INSERTED 0x0002 82 #define F_CONNECTED 0x0004 83 #define F_STATIC 0x0008 84 #define F_NEXTHOP 0x0010 85 #define F_REJECT 0x0020 86 #define F_BLACKHOLE 0x0040 87 #define F_MPLS 0x0080 88 #define F_LONGER 0x0200 89 #define F_SHORTER 0x0400 90 #define F_CTL_DETAIL 0x1000 /* only set on requests */ 91 #define F_CTL_ADJ_IN 0x2000 /* only set on requests */ 92 #define F_CTL_ADJ_OUT 0x4000 /* only set on requests */ 93 #define F_CTL_BEST 0x8000 94 #define F_CTL_INELIGIBLE 0x10000 /* only set on requests */ 95 #define F_CTL_LEAKED 0x20000 /* only set on requests */ 96 #define F_CTL_INVALID 0x40000 /* only set on requests */ 97 #define F_CTL_OVS_VALID 0x80000 98 #define F_CTL_OVS_INVALID 0x100000 99 #define F_CTL_OVS_NOTFOUND 0x200000 100 #define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */ 101 #define F_CTL_HAS_PATHID 0x800000 /* only set on requests */ 102 #define F_CTL_AVS_VALID 0x1000000 103 #define F_CTL_AVS_INVALID 0x2000000 104 #define F_CTL_AVS_UNKNOWN 0x4000000 105 #define F_CTL_FILTERED 0x8000000 /* only set on requests */ 106 #define F_CTL_SSV 0x80000000 /* only used by bgpctl */ 107 108 #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ 109 __attribute__((__unused__)) 110 111 /* 112 * Note that these numeric assignments differ from the numbers commonly 113 * used in route origin validation context. 114 */ 115 #define ROA_NOTFOUND 0x0 /* default */ 116 #define ROA_INVALID 0x1 117 #define ROA_VALID 0x2 118 #define ROA_MASK 0x3 119 120 #define ASPA_UNKNOWN 0x00 /* default */ 121 #define ASPA_INVALID 0x01 122 #define ASPA_VALID 0x02 123 #define ASPA_MASK 0x03 124 #define ASPA_NEVER_KNOWN 0x08 /* unknown and check never needed */ 125 126 /* 127 * Limit the number of messages queued in the session engine. 128 * The SE will send an IMSG_XOFF messages to the RDE if the high water mark 129 * is reached. The RDE should then throttle this peer or control connection. 130 * Once the message queue in the SE drops below the low water mark an 131 * IMSG_XON message will be sent and the RDE will produce more messages again. 132 */ 133 #define RDE_RUNNER_ROUNDS 100 134 #define RDE_REAPER_ROUNDS 5000 135 #define SESS_MSG_HIGH_MARK 2000 136 #define SESS_MSG_LOW_MARK 500 137 #define CTL_MSG_HIGH_MARK 500 138 #define CTL_MSG_LOW_MARK 100 139 140 enum bgpd_process { 141 PROC_MAIN, 142 PROC_SE, 143 PROC_RDE, 144 PROC_RTR, 145 }; 146 147 enum reconf_action { 148 RECONF_NONE, 149 RECONF_KEEP, 150 RECONF_REINIT, 151 RECONF_RELOAD, 152 RECONF_DELETE 153 }; 154 155 /* Address Family Numbers as per RFC 1700 */ 156 #define AFI_UNSPEC 0 157 #define AFI_IPv4 1 158 #define AFI_IPv6 2 159 #define AFI_L2VPN 25 160 161 /* Subsequent Address Family Identifier as per RFC 4760 */ 162 #define SAFI_NONE 0 163 #define SAFI_UNICAST 1 164 #define SAFI_MULTICAST 2 165 #define SAFI_MPLS 4 166 #define SAFI_EVPN 70 /* RFC 7432 */ 167 #define SAFI_MPLSVPN 128 168 #define SAFI_FLOWSPEC 133 169 #define SAFI_VPNFLOWSPEC 134 170 171 struct aid { 172 uint16_t afi; 173 sa_family_t af; 174 uint8_t safi; 175 const char *name; 176 }; 177 178 extern const struct aid aid_vals[]; 179 180 #define AID_UNSPEC 0 181 #define AID_INET 1 182 #define AID_INET6 2 183 #define AID_VPN_IPv4 3 184 #define AID_VPN_IPv6 4 185 #define AID_FLOWSPECv4 5 186 #define AID_FLOWSPECv6 6 187 #define AID_EVPN 7 188 #define AID_MAX 8 189 #define AID_MIN 1 /* skip AID_UNSPEC since that is a dummy */ 190 191 #define AID_VALS { \ 192 /* afi, af, safii, name */ \ 193 { AFI_UNSPEC, AF_UNSPEC, SAFI_NONE, "unspec"}, \ 194 { AFI_IPv4, AF_INET, SAFI_UNICAST, "IPv4 unicast" }, \ 195 { AFI_IPv6, AF_INET6, SAFI_UNICAST, "IPv6 unicast" }, \ 196 { AFI_IPv4, AF_INET, SAFI_MPLSVPN, "IPv4 vpn" }, \ 197 { AFI_IPv6, AF_INET6, SAFI_MPLSVPN, "IPv6 vpn" }, \ 198 { AFI_IPv4, AF_INET, SAFI_FLOWSPEC, "IPv4 flowspec" }, \ 199 { AFI_IPv6, AF_INET6, SAFI_FLOWSPEC, "IPv6 flowspec" }, \ 200 { AFI_L2VPN, AF_UNSPEC, SAFI_EVPN, "evpn" }, \ 201 } 202 203 #define BGP_MPLS_BOS 0x01 204 205 struct bgpd_addr { 206 union { 207 struct in_addr v4; 208 struct in6_addr v6; 209 /* maximum size for a prefix is 256 bits */ 210 }; /* 128-bit address */ 211 uint64_t rd; /* route distinguisher for VPN addrs */ 212 uint32_t scope_id; /* iface scope id for v6 */ 213 uint8_t aid; 214 uint8_t labellen; /* size of the labelstack */ 215 uint8_t labelstack[18]; /* max that makes sense */ 216 }; 217 218 #define DEFAULT_LISTENER 0x01 219 #define LISTENER_LISTENING 0x02 220 221 struct listen_addr { 222 TAILQ_ENTRY(listen_addr) entry; 223 struct sockaddr_storage sa; 224 int fd; 225 enum reconf_action reconf; 226 socklen_t sa_len; 227 uint8_t flags; 228 }; 229 230 TAILQ_HEAD(listen_addrs, listen_addr); 231 TAILQ_HEAD(filter_set_head, filter_set); 232 233 struct peer; 234 RB_HEAD(peer_head, peer); 235 236 struct l3vpn; 237 SIMPLEQ_HEAD(l3vpn_head, l3vpn); 238 239 struct network; 240 TAILQ_HEAD(network_head, network); 241 242 struct flowspec_config; 243 RB_HEAD(flowspec_tree, flowspec_config); 244 245 struct prefixset; 246 SIMPLEQ_HEAD(prefixset_head, prefixset); 247 struct prefixset_item; 248 RB_HEAD(prefixset_tree, prefixset_item); 249 250 struct tentry_v4; 251 struct tentry_v6; 252 struct trie_head { 253 struct tentry_v4 *root_v4; 254 struct tentry_v6 *root_v6; 255 int match_default_v4; 256 int match_default_v6; 257 size_t v4_cnt; 258 size_t v6_cnt; 259 }; 260 261 struct rde_prefixset { 262 char name[SET_NAME_LEN]; 263 struct trie_head th; 264 SIMPLEQ_ENTRY(rde_prefixset) entry; 265 time_t lastchange; 266 int dirty; 267 }; 268 SIMPLEQ_HEAD(rde_prefixset_head, rde_prefixset); 269 270 struct roa { 271 RB_ENTRY(roa) entry; 272 uint8_t aid; 273 uint8_t prefixlen; 274 uint8_t maxlen; 275 uint8_t pad; 276 uint32_t asnum; 277 time_t expires; 278 union { 279 struct in_addr inet; 280 struct in6_addr inet6; 281 } prefix; 282 }; 283 284 RB_HEAD(roa_tree, roa); 285 struct aspa_set; 286 RB_HEAD(aspa_tree, aspa_set); 287 288 struct set_table; 289 struct as_set; 290 SIMPLEQ_HEAD(as_set_head, as_set); 291 292 struct filter_rule; 293 TAILQ_HEAD(filter_head, filter_rule); 294 295 struct rtr_config; 296 SIMPLEQ_HEAD(rtr_config_head, rtr_config); 297 298 struct bgpd_config { 299 struct peer_head peers; 300 struct l3vpn_head l3vpns; 301 struct network_head networks; 302 struct flowspec_tree flowspecs; 303 struct filter_head *filters; 304 struct listen_addrs *listen_addrs; 305 struct mrt_head *mrt; 306 struct prefixset_head prefixsets; 307 struct prefixset_head originsets; 308 struct roa_tree roa; 309 struct aspa_tree aspa; 310 struct rde_prefixset_head rde_prefixsets; 311 struct rde_prefixset_head rde_originsets; 312 struct as_set_head as_sets; 313 struct rtr_config_head rtrs; 314 char *csock; 315 char *rcsock; 316 int flags; 317 int log; 318 u_int default_tableid; 319 uint32_t bgpid; 320 uint32_t clusterid; 321 uint32_t as; 322 uint16_t short_as; 323 uint16_t holdtime; 324 uint16_t min_holdtime; 325 uint16_t connectretry; 326 uint16_t staletime; 327 uint8_t fib_priority; 328 uint8_t filtered_in_locrib; 329 }; 330 331 extern int cmd_opts; 332 333 enum addpath_mode { 334 ADDPATH_EVAL_NONE, 335 ADDPATH_EVAL_BEST, 336 ADDPATH_EVAL_ECMP, 337 ADDPATH_EVAL_AS_WIDE, 338 ADDPATH_EVAL_ALL, 339 }; 340 341 struct addpath_eval { 342 enum addpath_mode mode; 343 int extrapaths; 344 int maxpaths; 345 }; 346 347 enum export_type { 348 EXPORT_UNSET, 349 EXPORT_NONE, 350 EXPORT_DEFAULT_ROUTE 351 }; 352 353 enum enforce_as { 354 ENFORCE_AS_UNDEF, 355 ENFORCE_AS_OFF, 356 ENFORCE_AS_ON 357 }; 358 359 enum role { 360 ROLE_NONE, 361 ROLE_CUSTOMER, 362 ROLE_PROVIDER, 363 ROLE_RS, 364 ROLE_RS_CLIENT, 365 ROLE_PEER, 366 }; 367 368 enum auth_method { 369 AUTH_NONE, 370 AUTH_MD5SIG, 371 AUTH_IPSEC_MANUAL_ESP, 372 AUTH_IPSEC_MANUAL_AH, 373 AUTH_IPSEC_IKE_ESP, 374 AUTH_IPSEC_IKE_AH 375 }; 376 377 enum auth_alg { 378 AUTH_AALG_NONE, 379 AUTH_AALG_SHA1HMAC, 380 AUTH_AALG_MD5HMAC, 381 }; 382 383 enum auth_enc_alg { 384 AUTH_EALG_NONE, 385 AUTH_EALG_3DESCBC, 386 AUTH_EALG_AES, 387 }; 388 389 struct auth_config { 390 char md5key[TCP_MD5_KEY_LEN]; 391 char auth_key_in[IPSEC_AUTH_KEY_LEN]; 392 char auth_key_out[IPSEC_AUTH_KEY_LEN]; 393 char enc_key_in[IPSEC_ENC_KEY_LEN]; 394 char enc_key_out[IPSEC_ENC_KEY_LEN]; 395 uint32_t spi_in; 396 uint32_t spi_out; 397 enum auth_method method; 398 enum auth_alg auth_alg_in; 399 enum auth_alg auth_alg_out; 400 enum auth_enc_alg enc_alg_in; 401 enum auth_enc_alg enc_alg_out; 402 uint8_t md5key_len; 403 uint8_t auth_keylen_in; 404 uint8_t auth_keylen_out; 405 uint8_t enc_keylen_in; 406 uint8_t enc_keylen_out; 407 }; 408 409 struct capabilities { 410 struct { 411 int16_t timeout; /* graceful restart timeout */ 412 int8_t flags[AID_MAX]; /* graceful restart per AID flags */ 413 int8_t restart; /* graceful restart, RFC 4724 */ 414 int8_t grnotification; /* graceful notification, RFC 8538 */ 415 } grestart; 416 int8_t mp[AID_MAX]; /* multiprotocol extensions, RFC 4760 */ 417 int8_t add_path[AID_MAX]; /* ADD_PATH, RFC 7911 */ 418 int8_t ext_nh[AID_MAX]; /* Ext Nexthop Encoding, RFC 8950 */ 419 int8_t refresh; /* route refresh, RFC 2918 */ 420 int8_t as4byte; /* 4-byte ASnum, RFC 4893 */ 421 int8_t enhanced_rr; /* enhanced route refresh, RFC 7313 */ 422 int8_t policy; /* Open Policy, RFC 9234, 2 = enforce */ 423 int8_t ext_msg; /* Extended Msg, RFC 8654 */ 424 }; 425 426 enum capa_codes { 427 CAPA_NONE = 0, 428 CAPA_MP = 1, 429 CAPA_REFRESH = 2, 430 CAPA_EXT_NEXTHOP = 5, 431 CAPA_EXT_MSG = 6, 432 CAPA_ROLE = 9, 433 CAPA_RESTART = 64, 434 CAPA_AS4BYTE = 65, 435 CAPA_ADD_PATH = 69, 436 CAPA_ENHANCED_RR = 70, 437 }; 438 439 /* flags for RFC 4724 - graceful restart */ 440 #define CAPA_GR_PRESENT 0x01 441 #define CAPA_GR_RESTART 0x02 442 #define CAPA_GR_FORWARD 0x04 443 #define CAPA_GR_RESTARTING 0x08 444 #define CAPA_GR_TIMEMASK 0x0fff 445 #define CAPA_GR_R_FLAG 0x8000 446 #define CAPA_GR_N_FLAG 0x4000 447 #define CAPA_GR_F_FLAG 0x80 448 449 /* flags for RFC 7911 - enhanced router refresh */ 450 #define CAPA_AP_RECV 0x01 451 #define CAPA_AP_SEND 0x02 452 #define CAPA_AP_BIDIR 0x03 453 #define CAPA_AP_MASK 0x0f 454 #define CAPA_AP_RECV_ENFORCE 0x10 /* internal only */ 455 #define CAPA_AP_SEND_ENFORCE 0x20 /* internal only */ 456 457 /* values for RFC 9234 - BGP Open Policy */ 458 #define CAPA_ROLE_PROVIDER 0x00 459 #define CAPA_ROLE_RS 0x01 460 #define CAPA_ROLE_RS_CLIENT 0x02 461 #define CAPA_ROLE_CUSTOMER 0x03 462 #define CAPA_ROLE_PEER 0x04 463 464 struct peer_config { 465 struct bgpd_addr remote_addr; 466 struct bgpd_addr local_addr_v4; 467 struct bgpd_addr local_addr_v6; 468 struct capabilities capabilities; 469 struct addpath_eval eval; 470 char group[PEER_DESCR_LEN]; 471 char descr[PEER_DESCR_LEN]; 472 char reason[REASON_LEN]; 473 char rib[PEER_DESCR_LEN]; 474 char if_depend[IFNAMSIZ]; 475 char demote_group[IFNAMSIZ]; 476 uint32_t id; 477 uint32_t groupid; 478 uint32_t remote_as; 479 uint32_t local_as; 480 uint32_t max_prefix; 481 uint32_t max_out_prefix; 482 enum export_type export_type; 483 enum enforce_as enforce_as; 484 enum enforce_as enforce_local_as; 485 enum role role; 486 uint16_t max_prefix_restart; 487 uint16_t max_out_prefix_restart; 488 uint16_t holdtime; 489 uint16_t min_holdtime; 490 uint16_t staletime; 491 uint16_t local_short_as; 492 uint16_t remote_port; 493 uint8_t template; 494 uint8_t remote_masklen; 495 uint8_t ebgp; /* 0 = ibgp else ebgp */ 496 uint8_t distance; /* 1 = direct, >1 = multihop */ 497 uint8_t passive; 498 uint8_t down; 499 uint8_t reflector_client; 500 uint8_t ttlsec; /* TTL security hack */ 501 uint8_t flags; 502 }; 503 504 #define PEER_ID_NONE 0 505 #define PEER_ID_SELF 1 506 #define PEER_ID_STATIC_MIN 2 /* exclude self */ 507 #define PEER_ID_STATIC_MAX (UINT_MAX / 2) 508 #define PEER_ID_DYN_MAX UINT_MAX 509 510 #define PEERFLAG_TRANS_AS 0x01 511 #define PEERFLAG_LOG_UPDATES 0x02 512 #define PEERFLAG_EVALUATE_ALL 0x04 513 #define PEERFLAG_PERMIT_AS_SET 0x08 514 515 struct rde_peer_stats { 516 uint64_t prefix_rcvd_update; 517 uint64_t prefix_rcvd_withdraw; 518 uint64_t prefix_rcvd_eor; 519 uint64_t prefix_sent_update; 520 uint64_t prefix_sent_withdraw; 521 uint64_t prefix_sent_eor; 522 uint32_t prefix_cnt; 523 uint32_t prefix_out_cnt; 524 uint32_t pending_update; 525 uint32_t pending_withdraw; 526 }; 527 528 enum network_type { 529 NETWORK_DEFAULT, /* from network statements */ 530 NETWORK_STATIC, 531 NETWORK_CONNECTED, 532 NETWORK_RTLABEL, 533 NETWORK_MRTCLONE, 534 NETWORK_PRIORITY, 535 NETWORK_PREFIXSET, 536 }; 537 538 struct network_config { 539 struct bgpd_addr prefix; 540 struct filter_set_head attrset; 541 char psname[SET_NAME_LEN]; 542 uint64_t rd; 543 enum network_type type; 544 uint16_t rtlabel; 545 uint8_t prefixlen; 546 uint8_t priority; 547 uint8_t old; /* used for reloading */ 548 }; 549 550 struct network { 551 struct network_config net; 552 TAILQ_ENTRY(network) entry; 553 }; 554 555 struct flowspec { 556 uint16_t len; 557 uint8_t aid; 558 uint8_t flags; 559 uint8_t data[1]; 560 }; 561 #define FLOWSPEC_SIZE (offsetof(struct flowspec, data)) 562 563 struct flowspec_config { 564 RB_ENTRY(flowspec_config) entry; 565 struct filter_set_head attrset; 566 struct flowspec *flow; 567 enum reconf_action reconf_action; 568 }; 569 570 enum rtr_error { 571 NO_ERROR = -1, 572 CORRUPT_DATA = 0, 573 INTERNAL_ERROR, 574 NO_DATA_AVAILABLE, 575 INVALID_REQUEST, 576 UNSUPP_PROTOCOL_VERS, 577 UNSUPP_PDU_TYPE, 578 UNK_REC_WDRAWL, 579 DUP_REC_RECV, 580 UNEXP_PROTOCOL_VERS, 581 }; 582 583 struct rtr_config { 584 SIMPLEQ_ENTRY(rtr_config) entry; 585 char descr[PEER_DESCR_LEN]; 586 struct auth_config auth; 587 struct bgpd_addr remote_addr; 588 struct bgpd_addr local_addr; 589 uint32_t id; 590 uint16_t remote_port; 591 uint8_t min_version; 592 }; 593 594 struct rtr_config_msg { 595 char descr[PEER_DESCR_LEN]; 596 uint8_t min_version; 597 }; 598 599 struct ctl_show_rtr { 600 char descr[PEER_DESCR_LEN]; 601 char state[PEER_DESCR_LEN]; 602 char last_sent_msg[REASON_LEN]; 603 char last_recv_msg[REASON_LEN]; 604 struct bgpd_addr remote_addr; 605 struct bgpd_addr local_addr; 606 uint32_t serial; 607 uint32_t refresh; 608 uint32_t retry; 609 uint32_t expire; 610 int session_id; 611 enum rtr_error last_sent_error; 612 enum rtr_error last_recv_error; 613 uint16_t remote_port; 614 uint8_t version; 615 uint8_t min_version; 616 }; 617 618 enum imsg_type { 619 IMSG_NONE, 620 IMSG_CTL_END, 621 IMSG_CTL_RELOAD, 622 IMSG_CTL_FIB_COUPLE, 623 IMSG_CTL_FIB_DECOUPLE, 624 IMSG_CTL_NEIGHBOR_UP, 625 IMSG_CTL_NEIGHBOR_DOWN, 626 IMSG_CTL_NEIGHBOR_CLEAR, 627 IMSG_CTL_NEIGHBOR_RREFRESH, 628 IMSG_CTL_NEIGHBOR_DESTROY, 629 IMSG_CTL_KROUTE, 630 IMSG_CTL_KROUTE_ADDR, 631 IMSG_CTL_RESULT, 632 IMSG_CTL_SHOW_NEIGHBOR, 633 IMSG_CTL_SHOW_NEXTHOP, 634 IMSG_CTL_SHOW_INTERFACE, 635 IMSG_CTL_SHOW_RIB, 636 IMSG_CTL_SHOW_RIB_PREFIX, 637 IMSG_CTL_SHOW_RIB_COMMUNITIES, 638 IMSG_CTL_SHOW_RIB_ATTR, 639 IMSG_CTL_SHOW_NETWORK, 640 IMSG_CTL_SHOW_FLOWSPEC, 641 IMSG_CTL_SHOW_RIB_MEM, 642 IMSG_CTL_SHOW_TERSE, 643 IMSG_CTL_SHOW_TIMER, 644 IMSG_CTL_LOG_VERBOSE, 645 IMSG_CTL_SHOW_FIB_TABLES, 646 IMSG_CTL_SHOW_SET, 647 IMSG_CTL_SHOW_RTR, 648 IMSG_CTL_TERMINATE, 649 IMSG_NETWORK_ADD, 650 IMSG_NETWORK_ASPATH, 651 IMSG_NETWORK_ATTR, 652 IMSG_NETWORK_REMOVE, 653 IMSG_NETWORK_FLUSH, 654 IMSG_NETWORK_DONE, 655 IMSG_FLOWSPEC_ADD, 656 IMSG_FLOWSPEC_DONE, 657 IMSG_FLOWSPEC_REMOVE, 658 IMSG_FLOWSPEC_FLUSH, 659 IMSG_FILTER_SET, 660 IMSG_SOCKET_CONN, 661 IMSG_SOCKET_CONN_CTL, 662 IMSG_SOCKET_CONN_RTR, 663 IMSG_SOCKET_SETUP, 664 IMSG_SOCKET_TEARDOWN, 665 IMSG_RECONF_CONF, 666 IMSG_RECONF_RIB, 667 IMSG_RECONF_PEER, 668 IMSG_RECONF_PEER_AUTH, 669 IMSG_RECONF_FILTER, 670 IMSG_RECONF_LISTENER, 671 IMSG_RECONF_CTRL, 672 IMSG_RECONF_VPN, 673 IMSG_RECONF_VPN_EXPORT, 674 IMSG_RECONF_VPN_IMPORT, 675 IMSG_RECONF_VPN_DONE, 676 IMSG_RECONF_PREFIX_SET, 677 IMSG_RECONF_PREFIX_SET_ITEM, 678 IMSG_RECONF_AS_SET, 679 IMSG_RECONF_AS_SET_ITEMS, 680 IMSG_RECONF_AS_SET_DONE, 681 IMSG_RECONF_ORIGIN_SET, 682 IMSG_RECONF_ROA_SET, 683 IMSG_RECONF_ROA_ITEM, 684 IMSG_RECONF_ASPA, 685 IMSG_RECONF_ASPA_TAS, 686 IMSG_RECONF_ASPA_DONE, 687 IMSG_RECONF_ASPA_PREP, 688 IMSG_RECONF_RTR_CONFIG, 689 IMSG_RECONF_DRAIN, 690 IMSG_RECONF_DONE, 691 IMSG_UPDATE, 692 IMSG_UPDATE_ERR, 693 IMSG_SESSION_ADD, 694 IMSG_SESSION_UP, 695 IMSG_SESSION_DOWN, 696 IMSG_SESSION_DELETE, 697 IMSG_SESSION_STALE, 698 IMSG_SESSION_NOGRACE, 699 IMSG_SESSION_FLUSH, 700 IMSG_SESSION_RESTARTED, 701 IMSG_SESSION_DEPENDON, 702 IMSG_PFKEY_RELOAD, 703 IMSG_MRT_OPEN, 704 IMSG_MRT_REOPEN, 705 IMSG_MRT_CLOSE, 706 IMSG_KROUTE_CHANGE, 707 IMSG_KROUTE_DELETE, 708 IMSG_KROUTE_FLUSH, 709 IMSG_NEXTHOP_ADD, 710 IMSG_NEXTHOP_REMOVE, 711 IMSG_NEXTHOP_UPDATE, 712 IMSG_PFTABLE_ADD, 713 IMSG_PFTABLE_REMOVE, 714 IMSG_PFTABLE_COMMIT, 715 IMSG_REFRESH, 716 IMSG_DEMOTE, 717 IMSG_XON, 718 IMSG_XOFF 719 }; 720 721 struct demote_msg { 722 char demote_group[IFNAMSIZ]; 723 int level; 724 }; 725 726 enum ctl_results { 727 CTL_RES_OK, 728 CTL_RES_NOSUCHPEER, 729 CTL_RES_DENIED, 730 CTL_RES_NOCAP, 731 CTL_RES_PARSE_ERROR, 732 CTL_RES_PENDING, 733 CTL_RES_NOMEM, 734 CTL_RES_BADPEER, 735 CTL_RES_BADSTATE, 736 CTL_RES_NOSUCHRIB, 737 CTL_RES_OPNOTSUPP, 738 }; 739 740 /* needed for session.h parse prototype */ 741 LIST_HEAD(mrt_head, mrt); 742 743 /* error codes and subcodes needed in SE and RDE */ 744 enum err_codes { 745 ERR_HEADER = 1, 746 ERR_OPEN, 747 ERR_UPDATE, 748 ERR_HOLDTIMEREXPIRED, 749 ERR_FSM, 750 ERR_CEASE, 751 ERR_RREFRESH, 752 ERR_SENDHOLDTIMEREXPIRED, 753 }; 754 755 enum suberr_update { 756 ERR_UPD_UNSPECIFIC, 757 ERR_UPD_ATTRLIST, 758 ERR_UPD_UNKNWN_WK_ATTR, 759 ERR_UPD_MISSNG_WK_ATTR, 760 ERR_UPD_ATTRFLAGS, 761 ERR_UPD_ATTRLEN, 762 ERR_UPD_ORIGIN, 763 ERR_UPD_LOOP, 764 ERR_UPD_NEXTHOP, 765 ERR_UPD_OPTATTR, 766 ERR_UPD_NETWORK, 767 ERR_UPD_ASPATH 768 }; 769 770 enum suberr_cease { 771 ERR_CEASE_MAX_PREFIX = 1, 772 ERR_CEASE_ADMIN_DOWN, 773 ERR_CEASE_PEER_UNCONF, 774 ERR_CEASE_ADMIN_RESET, 775 ERR_CEASE_CONN_REJECT, 776 ERR_CEASE_OTHER_CHANGE, 777 ERR_CEASE_COLLISION, 778 ERR_CEASE_RSRC_EXHAUST, 779 ERR_CEASE_HARD_RESET, 780 ERR_CEASE_MAX_SENT_PREFIX 781 }; 782 783 enum suberr_rrefresh { 784 ERR_RR_INV_LEN = 1 785 }; 786 787 struct kroute; 788 struct kroute6; 789 struct knexthop; 790 struct kredist_node; 791 RB_HEAD(kroute_tree, kroute); 792 RB_HEAD(kroute6_tree, kroute6); 793 RB_HEAD(knexthop_tree, knexthop); 794 RB_HEAD(kredist_tree, kredist_node); 795 796 struct ktable { 797 char descr[PEER_DESCR_LEN]; 798 struct kroute_tree krt; 799 struct kroute6_tree krt6; 800 struct knexthop_tree knt; 801 struct kredist_tree kredist; 802 struct network_head krn; 803 u_int rtableid; 804 u_int nhtableid; /* rdomain id for nexthop lookup */ 805 int nhrefcnt; /* refcnt for nexthop table */ 806 enum reconf_action state; 807 uint8_t fib_conf; /* configured FIB sync flag */ 808 uint8_t fib_sync; /* is FIB synced with kernel? */ 809 }; 810 811 struct kroute_full { 812 struct bgpd_addr prefix; 813 struct bgpd_addr nexthop; 814 char label[ROUTELABEL_LEN]; 815 uint32_t mplslabel; 816 uint16_t flags; 817 u_short ifindex; 818 uint8_t prefixlen; 819 uint8_t priority; 820 }; 821 822 struct kroute_nexthop { 823 struct bgpd_addr nexthop; 824 struct bgpd_addr gateway; 825 struct bgpd_addr net; 826 uint8_t netlen; 827 uint8_t valid; 828 uint8_t connected; 829 }; 830 831 struct session_dependon { 832 char ifname[IFNAMSIZ]; 833 uint8_t depend_state; /* for session depend on */ 834 }; 835 836 struct session_up { 837 struct bgpd_addr local_v4_addr; 838 struct bgpd_addr local_v6_addr; 839 struct bgpd_addr remote_addr; 840 struct capabilities capa; 841 uint32_t remote_bgpid; 842 unsigned int if_scope; 843 uint16_t short_as; 844 }; 845 846 struct route_refresh { 847 uint8_t aid; 848 uint8_t subtype; 849 }; 850 #define ROUTE_REFRESH_REQUEST 0 851 #define ROUTE_REFRESH_BEGIN_RR 1 852 #define ROUTE_REFRESH_END_RR 2 853 854 struct pftable_msg { 855 struct bgpd_addr addr; 856 char pftable[PFTABLE_LEN]; 857 uint8_t len; 858 }; 859 860 struct ctl_show_interface { 861 char ifname[IFNAMSIZ]; 862 char linkstate[32]; 863 char media[32]; 864 uint64_t baudrate; 865 u_int rdomain; 866 uint8_t nh_reachable; 867 uint8_t is_up; 868 }; 869 870 struct ctl_show_nexthop { 871 struct bgpd_addr addr; 872 struct ctl_show_interface iface; 873 struct kroute_full kr; 874 uint8_t valid; 875 uint8_t krvalid; 876 }; 877 878 struct ctl_show_set { 879 char name[SET_NAME_LEN]; 880 time_t lastchange; 881 size_t v4_cnt; 882 size_t v6_cnt; 883 size_t as_cnt; 884 enum { 885 ASNUM_SET, 886 PREFIX_SET, 887 ORIGIN_SET, 888 ROA_SET, 889 ASPA_SET, 890 } type; 891 }; 892 893 struct ctl_neighbor { 894 struct bgpd_addr addr; 895 char descr[PEER_DESCR_LEN]; 896 char reason[REASON_LEN]; 897 int show_timers; 898 int is_group; 899 }; 900 901 #define F_PREF_ELIGIBLE 0x001 902 #define F_PREF_BEST 0x002 903 #define F_PREF_INTERNAL 0x004 904 #define F_PREF_ANNOUNCE 0x008 905 #define F_PREF_STALE 0x010 906 #define F_PREF_INVALID 0x020 907 #define F_PREF_PATH_ID 0x040 908 #define F_PREF_OTC_LEAK 0x080 909 #define F_PREF_ECMP 0x100 910 #define F_PREF_AS_WIDE 0x200 911 #define F_PREF_FILTERED 0x400 912 913 struct ctl_show_rib { 914 struct bgpd_addr true_nexthop; 915 struct bgpd_addr exit_nexthop; 916 struct bgpd_addr prefix; 917 struct bgpd_addr remote_addr; 918 char descr[PEER_DESCR_LEN]; 919 time_t age; 920 uint32_t remote_id; 921 uint32_t path_id; 922 uint32_t local_pref; 923 uint32_t med; 924 uint32_t weight; 925 uint32_t flags; 926 uint8_t prefixlen; 927 uint8_t origin; 928 uint8_t roa_validation_state; 929 uint8_t aspa_validation_state; 930 int8_t dmetric; 931 /* plus an aspath */ 932 }; 933 934 enum as_spec { 935 AS_UNDEF, 936 AS_ALL, 937 AS_SOURCE, 938 AS_TRANSIT, 939 AS_PEER, 940 AS_EMPTY 941 }; 942 943 enum aslen_spec { 944 ASLEN_NONE, 945 ASLEN_MAX, 946 ASLEN_SEQ 947 }; 948 949 #define AS_FLAG_NEIGHBORAS 0x01 950 #define AS_FLAG_AS_SET_NAME 0x02 951 #define AS_FLAG_AS_SET 0x04 952 953 struct filter_as { 954 char name[SET_NAME_LEN]; 955 struct as_set *aset; 956 uint32_t as_min; 957 uint32_t as_max; 958 enum as_spec type; 959 uint8_t flags; 960 uint8_t op; 961 }; 962 963 struct filter_aslen { 964 u_int aslen; 965 enum aslen_spec type; 966 }; 967 968 #define PREFIXSET_FLAG_FILTER 0x01 969 #define PREFIXSET_FLAG_DIRTY 0x02 /* prefix-set changed at reload */ 970 #define PREFIXSET_FLAG_OPS 0x04 /* indiv. prefixes have prefixlenops */ 971 #define PREFIXSET_FLAG_LONGER 0x08 /* filter all prefixes with or-longer */ 972 973 struct filter_prefixset { 974 int flags; 975 char name[SET_NAME_LEN]; 976 struct rde_prefixset *ps; 977 }; 978 979 struct filter_originset { 980 char name[SET_NAME_LEN]; 981 struct rde_prefixset *ps; 982 }; 983 984 struct filter_vs { 985 uint8_t validity; 986 uint8_t is_set; 987 }; 988 989 /* 990 * Communities are encoded depending on their type. The low byte of flags 991 * is the COMMUNITY_TYPE (BASIC, LARGE, EXT). BASIC encoding is just using 992 * data1 and data2, LARGE uses all data fields and EXT is also using all 993 * data fields. The 4-byte flags fields consists of up to 3 data flags 994 * for e.g. COMMUNITY_ANY and the low byte is the community type. 995 * If flags is 0 the community struct is unused. If the upper 24bit of 996 * flags is 0 a fast compare can be used. 997 * The code uses a type cast to uint8_t to access the type. 998 */ 999 struct community { 1000 uint32_t flags; 1001 uint32_t data1; 1002 uint32_t data2; 1003 uint32_t data3; 1004 }; 1005 1006 struct ctl_show_rib_request { 1007 char rib[PEER_DESCR_LEN]; 1008 struct ctl_neighbor neighbor; 1009 struct bgpd_addr prefix; 1010 struct filter_as as; 1011 struct community community; 1012 uint32_t flags; 1013 uint32_t path_id; 1014 pid_t pid; 1015 enum imsg_type type; 1016 uint8_t validation_state; 1017 uint8_t prefixlen; 1018 uint8_t aid; 1019 }; 1020 1021 struct ctl_kroute_req { 1022 int flags; 1023 sa_family_t af; 1024 }; 1025 1026 enum filter_actions { 1027 ACTION_NONE, 1028 ACTION_ALLOW, 1029 ACTION_DENY 1030 }; 1031 1032 enum directions { 1033 DIR_IN = 1, 1034 DIR_OUT 1035 }; 1036 1037 enum from_spec { 1038 FROM_ALL, 1039 FROM_ADDRESS, 1040 FROM_DESCR, 1041 FROM_GROUP 1042 }; 1043 1044 enum comp_ops { 1045 OP_NONE, 1046 OP_RANGE, 1047 OP_XRANGE, 1048 OP_EQ, 1049 OP_NE, 1050 OP_LE, 1051 OP_LT, 1052 OP_GE, 1053 OP_GT 1054 }; 1055 1056 struct filter_peers { 1057 uint32_t peerid; 1058 uint32_t groupid; 1059 uint32_t remote_as; 1060 uint16_t ribid; 1061 uint8_t ebgp; 1062 uint8_t ibgp; 1063 }; 1064 1065 /* special community type, keep in sync with the attribute type */ 1066 #define COMMUNITY_TYPE_NONE 0 1067 #define COMMUNITY_TYPE_BASIC 8 1068 #define COMMUNITY_TYPE_EXT 16 1069 #define COMMUNITY_TYPE_LARGE 32 1070 1071 #define COMMUNITY_ANY 1 1072 #define COMMUNITY_NEIGHBOR_AS 2 1073 #define COMMUNITY_LOCAL_AS 3 1074 1075 /* wellknown community definitions */ 1076 #define COMMUNITY_WELLKNOWN 0xffff 1077 #define COMMUNITY_GRACEFUL_SHUTDOWN 0x0000 /* RFC 8326 */ 1078 #define COMMUNITY_BLACKHOLE 0x029A /* RFC 7999 */ 1079 #define COMMUNITY_NO_EXPORT 0xff01 1080 #define COMMUNITY_NO_ADVERTISE 0xff02 1081 #define COMMUNITY_NO_EXPSUBCONFED 0xff03 1082 #define COMMUNITY_NO_PEER 0xff04 /* RFC 3765 */ 1083 1084 /* extended community definitions */ 1085 #define EXT_COMMUNITY_IANA 0x80 1086 #define EXT_COMMUNITY_NON_TRANSITIVE 0x40 1087 #define EXT_COMMUNITY_VALUE 0x3f 1088 /* extended transitive types */ 1089 #define EXT_COMMUNITY_TRANS_TWO_AS 0x00 /* 2 octet AS specific */ 1090 #define EXT_COMMUNITY_TRANS_IPV4 0x01 /* IPv4 specific */ 1091 #define EXT_COMMUNITY_TRANS_FOUR_AS 0x02 /* 4 octet AS specific */ 1092 #define EXT_COMMUNITY_TRANS_OPAQUE 0x03 /* opaque ext community */ 1093 #define EXT_COMMUNITY_TRANS_EVPN 0x06 /* EVPN RFC 7432 */ 1094 /* extended non-transitive types */ 1095 #define EXT_COMMUNITY_NON_TRANS_TWO_AS 0x40 /* 2 octet AS specific */ 1096 #define EXT_COMMUNITY_NON_TRANS_IPV4 0x41 /* IPv4 specific */ 1097 #define EXT_COMMUNITY_NON_TRANS_FOUR_AS 0x42 /* 4 octet AS specific */ 1098 #define EXT_COMMUNITY_NON_TRANS_OPAQUE 0x43 /* opaque ext community */ 1099 #define EXT_COMMUNITY_UNKNOWN -1 1100 /* generic transitive types */ 1101 #define EXT_COMMUNITY_GEN_TWO_AS 0x80 /* 2 octet AS specific */ 1102 #define EXT_COMMUNITY_GEN_IPV4 0x81 /* IPv4 specific */ 1103 #define EXT_COMMUNITY_GEN_FOUR_AS 0x82 /* 4 octet AS specific */ 1104 1105 /* BGP Origin Validation State Extended Community RFC 8097 */ 1106 #define EXT_COMMUNITY_SUBTYPE_OVS 0 1107 #define EXT_COMMUNITY_OVS_VALID 0 1108 #define EXT_COMMUNITY_OVS_NOTFOUND 1 1109 #define EXT_COMMUNITY_OVS_INVALID 2 1110 1111 /* other handy defines */ 1112 #define EXT_COMMUNITY_OPAQUE_MAX 0xffffffffffffULL 1113 #define EXT_COMMUNITY_FLAG_VALID 0x01 1114 1115 struct ext_comm_pairs { 1116 uint8_t type; 1117 uint8_t subtype; 1118 const char *subname; 1119 }; 1120 1121 #define IANA_EXT_COMMUNITIES { \ 1122 { EXT_COMMUNITY_TRANS_TWO_AS, 0x02, "rt" }, \ 1123 { EXT_COMMUNITY_TRANS_TWO_AS, 0x03, "soo" }, \ 1124 { EXT_COMMUNITY_TRANS_TWO_AS, 0x05, "odi" }, \ 1125 { EXT_COMMUNITY_TRANS_TWO_AS, 0x08, "bdc" }, \ 1126 { EXT_COMMUNITY_TRANS_TWO_AS, 0x09, "srcas" }, \ 1127 { EXT_COMMUNITY_TRANS_TWO_AS, 0x0a, "l2vid" }, \ 1128 \ 1129 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x02, "rt" }, \ 1130 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x03, "soo" }, \ 1131 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x05, "odi" }, \ 1132 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x08, "bdc" }, \ 1133 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x09, "srcas" }, \ 1134 \ 1135 { EXT_COMMUNITY_TRANS_IPV4, 0x02, "rt" }, \ 1136 { EXT_COMMUNITY_TRANS_IPV4, 0x03, "soo" }, \ 1137 { EXT_COMMUNITY_TRANS_IPV4, 0x05, "odi" }, \ 1138 { EXT_COMMUNITY_TRANS_IPV4, 0x07, "ori" }, \ 1139 { EXT_COMMUNITY_TRANS_IPV4, 0x0a, "l2vid" }, \ 1140 { EXT_COMMUNITY_TRANS_IPV4, 0x0b, "vrfri" }, \ 1141 \ 1142 { EXT_COMMUNITY_TRANS_OPAQUE, 0x06, "ort" }, \ 1143 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0c, "encap" }, \ 1144 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0d, "defgw" }, \ 1145 \ 1146 { EXT_COMMUNITY_NON_TRANS_OPAQUE, EXT_COMMUNITY_SUBTYPE_OVS, "ovs" }, \ 1147 \ 1148 { EXT_COMMUNITY_TRANS_EVPN, 0x00, "mac-mob" }, \ 1149 { EXT_COMMUNITY_TRANS_EVPN, 0x01, "esi-lab" }, \ 1150 { EXT_COMMUNITY_TRANS_EVPN, 0x02, "esi-rt" }, \ 1151 \ 1152 { EXT_COMMUNITY_GEN_TWO_AS, 0x06, "flow-rate" }, \ 1153 { EXT_COMMUNITY_GEN_TWO_AS, 0x0c, "flow-pps" }, \ 1154 { EXT_COMMUNITY_GEN_TWO_AS, 0x07, "flow-action" }, \ 1155 { EXT_COMMUNITY_GEN_TWO_AS, 0x08, "flow-rt-redir" }, \ 1156 { EXT_COMMUNITY_GEN_IPV4, 0x08, "flow-rt-redir" }, \ 1157 { EXT_COMMUNITY_GEN_FOUR_AS, 0x08, "flow-rt-redir" }, \ 1158 { EXT_COMMUNITY_GEN_TWO_AS, 0x09, "flow-dscp" }, \ 1159 \ 1160 { 0 } \ 1161 } 1162 1163 extern const struct ext_comm_pairs iana_ext_comms[]; 1164 1165 /* BGP flowspec defines RFC 8955 and 8956 */ 1166 #define FLOWSPEC_LEN_LIMIT 0xf0 1167 #define FLOWSPEC_OP_EOL 0x80 1168 #define FLOWSPEC_OP_AND 0x40 1169 #define FLOWSPEC_OP_LEN_MASK 0x30 1170 #define FLOWSPEC_OP_LEN_SHIFT 4 1171 #define FLOWSPEC_OP_LEN(op) \ 1172 (1 << (((op) & FLOWSPEC_OP_LEN_MASK) >> FLOWSPEC_OP_LEN_SHIFT)) 1173 #define FLOWSPEC_OP_NUM_LT 0x04 1174 #define FLOWSPEC_OP_NUM_GT 0x02 1175 #define FLOWSPEC_OP_NUM_EQ 0x01 1176 #define FLOWSPEC_OP_NUM_LE (FLOWSPEC_OP_NUM_LT | FLOWSPEC_OP_NUM_EQ) 1177 #define FLOWSPEC_OP_NUM_GE (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_EQ) 1178 #define FLOWSPEC_OP_NUM_NOT (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_LT) 1179 #define FLOWSPEC_OP_NUM_MASK 0x07 1180 #define FLOWSPEC_OP_BIT_NOT 0x02 1181 #define FLOWSPEC_OP_BIT_MATCH 0x01 1182 #define FLOWSPEC_OP_BIT_MASK 0x03 1183 1184 #define FLOWSPEC_TYPE_MIN 1 1185 #define FLOWSPEC_TYPE_DEST 1 1186 #define FLOWSPEC_TYPE_SOURCE 2 1187 #define FLOWSPEC_TYPE_PROTO 3 1188 #define FLOWSPEC_TYPE_PORT 4 1189 #define FLOWSPEC_TYPE_DST_PORT 5 1190 #define FLOWSPEC_TYPE_SRC_PORT 6 1191 #define FLOWSPEC_TYPE_ICMP_TYPE 7 1192 #define FLOWSPEC_TYPE_ICMP_CODE 8 1193 #define FLOWSPEC_TYPE_TCP_FLAGS 9 1194 #define FLOWSPEC_TYPE_PKT_LEN 10 1195 #define FLOWSPEC_TYPE_DSCP 11 1196 #define FLOWSPEC_TYPE_FRAG 12 1197 #define FLOWSPEC_TYPE_FLOW 13 1198 #define FLOWSPEC_TYPE_MAX 14 1199 1200 #define FLOWSPEC_TCP_FLAG_STRING "FSRPAUEW" 1201 #define FLOWSPEC_FRAG_STRING4 "DIFL" 1202 #define FLOWSPEC_FRAG_STRING6 " IFL" 1203 1204 struct filter_prefix { 1205 struct bgpd_addr addr; 1206 uint8_t op; 1207 uint8_t len; 1208 uint8_t len_min; 1209 uint8_t len_max; 1210 }; 1211 1212 struct filter_nexthop { 1213 struct bgpd_addr addr; 1214 uint8_t flags; 1215 #define FILTER_NEXTHOP_ADDR 1 1216 #define FILTER_NEXTHOP_NEIGHBOR 2 1217 }; 1218 1219 struct filter_match { 1220 struct filter_prefix prefix; 1221 struct filter_nexthop nexthop; 1222 struct filter_as as; 1223 struct filter_aslen aslen; 1224 struct community community[MAX_COMM_MATCH]; 1225 struct filter_prefixset prefixset; 1226 struct filter_originset originset; 1227 struct filter_vs ovs; 1228 struct filter_vs avs; 1229 int maxcomm; 1230 int maxextcomm; 1231 int maxlargecomm; 1232 }; 1233 1234 struct filter_rule { 1235 TAILQ_ENTRY(filter_rule) entry; 1236 char rib[PEER_DESCR_LEN]; 1237 struct filter_peers peer; 1238 struct filter_match match; 1239 struct filter_set_head set; 1240 #define RDE_FILTER_SKIP_PEERID 0 1241 #define RDE_FILTER_SKIP_GROUPID 1 1242 #define RDE_FILTER_SKIP_REMOTE_AS 2 1243 #define RDE_FILTER_SKIP_COUNT 3 1244 struct filter_rule *skip[RDE_FILTER_SKIP_COUNT]; 1245 enum filter_actions action; 1246 enum directions dir; 1247 uint8_t quick; 1248 }; 1249 1250 enum action_types { 1251 ACTION_SET_LOCALPREF, 1252 ACTION_SET_RELATIVE_LOCALPREF, 1253 ACTION_SET_MED, 1254 ACTION_SET_RELATIVE_MED, 1255 ACTION_SET_WEIGHT, 1256 ACTION_SET_RELATIVE_WEIGHT, 1257 ACTION_SET_PREPEND_SELF, 1258 ACTION_SET_PREPEND_PEER, 1259 ACTION_SET_AS_OVERRIDE, 1260 ACTION_SET_NEXTHOP, 1261 ACTION_SET_NEXTHOP_REF, 1262 ACTION_SET_NEXTHOP_REJECT, 1263 ACTION_SET_NEXTHOP_BLACKHOLE, 1264 ACTION_SET_NEXTHOP_NOMODIFY, 1265 ACTION_SET_NEXTHOP_SELF, 1266 ACTION_DEL_COMMUNITY, 1267 ACTION_SET_COMMUNITY, 1268 ACTION_PFTABLE, 1269 ACTION_PFTABLE_ID, 1270 ACTION_RTLABEL, 1271 ACTION_RTLABEL_ID, 1272 ACTION_SET_ORIGIN 1273 }; 1274 1275 struct nexthop; 1276 struct filter_set { 1277 TAILQ_ENTRY(filter_set) entry; 1278 union { 1279 uint8_t prepend; 1280 uint16_t id; 1281 uint32_t metric; 1282 int32_t relative; 1283 struct bgpd_addr nexthop; 1284 struct nexthop *nh_ref; 1285 struct community community; 1286 char pftable[PFTABLE_LEN]; 1287 char rtlabel[ROUTELABEL_LEN]; 1288 uint8_t origin; 1289 } action; 1290 enum action_types type; 1291 }; 1292 1293 struct roa_set { 1294 uint32_t as; /* must be first */ 1295 uint32_t maxlen; /* change type for better struct layout */ 1296 }; 1297 1298 struct prefixset_item { 1299 struct filter_prefix p; 1300 RB_ENTRY(prefixset_item) entry; 1301 }; 1302 1303 struct prefixset { 1304 int sflags; 1305 char name[SET_NAME_LEN]; 1306 struct prefixset_tree psitems; 1307 struct roa_tree roaitems; 1308 SIMPLEQ_ENTRY(prefixset) entry; 1309 }; 1310 1311 struct as_set { 1312 char name[SET_NAME_LEN]; 1313 SIMPLEQ_ENTRY(as_set) entry; 1314 struct set_table *set; 1315 time_t lastchange; 1316 int dirty; 1317 }; 1318 1319 struct aspa_set { 1320 time_t expires; 1321 uint32_t as; 1322 uint32_t num; 1323 uint32_t *tas; 1324 RB_ENTRY(aspa_set) entry; 1325 }; 1326 1327 struct aspa_prep { 1328 size_t datasize; 1329 uint32_t entries; 1330 }; 1331 1332 struct l3vpn { 1333 SIMPLEQ_ENTRY(l3vpn) entry; 1334 char descr[PEER_DESCR_LEN]; 1335 char ifmpe[IFNAMSIZ]; 1336 struct filter_set_head import; 1337 struct filter_set_head export; 1338 struct network_head net_l; 1339 uint64_t rd; 1340 u_int rtableid; 1341 u_int label; 1342 int flags; 1343 }; 1344 1345 struct rde_rib { 1346 SIMPLEQ_ENTRY(rde_rib) entry; 1347 char name[PEER_DESCR_LEN]; 1348 u_int rtableid; 1349 uint16_t id; 1350 uint16_t flags; 1351 }; 1352 SIMPLEQ_HEAD(rib_names, rde_rib); 1353 extern struct rib_names ribnames; 1354 1355 /* rde_rib flags */ 1356 #define F_RIB_LOCAL 0x0001 1357 #define F_RIB_NOEVALUATE 0x0002 1358 #define F_RIB_NOFIB 0x0004 1359 #define F_RIB_NOFIBSYNC 0x0008 1360 1361 /* 4-byte magic AS number */ 1362 #define AS_TRANS 23456 1363 /* AS_NONE for origin validation */ 1364 #define AS_NONE 0 1365 1366 struct rde_memstats { 1367 long long path_cnt; 1368 long long path_refs; 1369 long long prefix_cnt; 1370 long long rib_cnt; 1371 long long pt_cnt[AID_MAX]; 1372 long long pt_size[AID_MAX]; 1373 long long nexthop_cnt; 1374 long long aspath_cnt; 1375 long long aspath_size; 1376 long long comm_cnt; 1377 long long comm_nmemb; 1378 long long comm_size; 1379 long long comm_refs; 1380 long long attr_cnt; 1381 long long attr_refs; 1382 long long attr_data; 1383 long long attr_dcnt; 1384 long long aset_cnt; 1385 long long aset_size; 1386 long long aset_nmemb; 1387 long long pset_cnt; 1388 long long pset_size; 1389 }; 1390 1391 #define MRT_FILE_LEN 512 1392 #define MRT2MC(x) ((struct mrt_config *)(x)) 1393 1394 enum mrt_type { 1395 MRT_NONE, 1396 MRT_TABLE_DUMP, 1397 MRT_TABLE_DUMP_MP, 1398 MRT_TABLE_DUMP_V2, 1399 MRT_ALL_IN, 1400 MRT_ALL_OUT, 1401 MRT_UPDATE_IN, 1402 MRT_UPDATE_OUT 1403 }; 1404 1405 enum mrt_state { 1406 MRT_STATE_RUNNING, 1407 MRT_STATE_OPEN, 1408 MRT_STATE_REOPEN, 1409 MRT_STATE_REMOVE 1410 }; 1411 1412 struct mrt { 1413 char rib[PEER_DESCR_LEN]; 1414 LIST_ENTRY(mrt) entry; 1415 struct msgbuf *wbuf; 1416 uint32_t peer_id; 1417 uint32_t group_id; 1418 int fd; 1419 enum mrt_type type; 1420 enum mrt_state state; 1421 uint16_t seqnum; 1422 }; 1423 1424 struct mrt_config { 1425 struct mrt conf; 1426 char name[MRT_FILE_LEN]; /* base file name */ 1427 char file[MRT_FILE_LEN]; /* actual file name */ 1428 time_t ReopenTimer; 1429 int ReopenTimerInterval; 1430 }; 1431 1432 /* prototypes */ 1433 /* bgpd.c */ 1434 void send_nexthop_update(struct kroute_nexthop *); 1435 void send_imsg_session(int, pid_t, void *, uint16_t); 1436 int send_network(int, struct network_config *, 1437 struct filter_set_head *); 1438 int bgpd_oknexthop(struct kroute_full *); 1439 int bgpd_has_bgpnh(void); 1440 void set_pollfd(struct pollfd *, struct imsgbuf *); 1441 int handle_pollfd(struct pollfd *, struct imsgbuf *); 1442 1443 /* control.c */ 1444 int control_imsg_relay(struct imsg *, struct peer *); 1445 1446 /* config.c */ 1447 struct bgpd_config *new_config(void); 1448 void copy_config(struct bgpd_config *, struct bgpd_config *); 1449 void network_free(struct network *); 1450 struct flowspec_config *flowspec_alloc(uint8_t, int); 1451 void flowspec_free(struct flowspec_config *); 1452 void free_l3vpns(struct l3vpn_head *); 1453 void free_config(struct bgpd_config *); 1454 void free_prefixsets(struct prefixset_head *); 1455 void free_rde_prefixsets(struct rde_prefixset_head *); 1456 void free_prefixtree(struct prefixset_tree *); 1457 void free_roatree(struct roa_tree *); 1458 void free_aspa(struct aspa_set *); 1459 void free_aspatree(struct aspa_tree *); 1460 void free_rtrs(struct rtr_config_head *); 1461 void filterlist_free(struct filter_head *); 1462 int host(const char *, struct bgpd_addr *, uint8_t *); 1463 uint32_t get_bgpid(void); 1464 void expand_networks(struct bgpd_config *, struct network_head *); 1465 RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); 1466 RB_PROTOTYPE(roa_tree, roa, entry, roa_cmp); 1467 RB_PROTOTYPE(aspa_tree, aspa_set, entry, aspa_cmp); 1468 RB_PROTOTYPE(flowspec_tree, flowspec_config, entry, flowspec_config_cmp); 1469 1470 /* kroute.c */ 1471 int kr_init(int *, uint8_t); 1472 int kr_default_prio(void); 1473 int kr_check_prio(long long); 1474 int ktable_update(u_int, char *, int); 1475 void ktable_preload(void); 1476 void ktable_postload(void); 1477 int ktable_exists(u_int, u_int *); 1478 int kr_change(u_int, struct kroute_full *); 1479 int kr_delete(u_int, struct kroute_full *); 1480 int kr_flush(u_int); 1481 void kr_shutdown(void); 1482 void kr_fib_couple(u_int); 1483 void kr_fib_couple_all(void); 1484 void kr_fib_decouple(u_int); 1485 void kr_fib_decouple_all(void); 1486 void kr_fib_prio_set(uint8_t); 1487 int kr_dispatch_msg(void); 1488 int kr_nexthop_add(uint32_t, struct bgpd_addr *); 1489 void kr_nexthop_delete(uint32_t, struct bgpd_addr *); 1490 void kr_show_route(struct imsg *); 1491 void kr_ifinfo(char *); 1492 void kr_net_reload(u_int, uint64_t, struct network_head *); 1493 int kr_reload(void); 1494 int get_mpe_config(const char *, u_int *, u_int *); 1495 uint8_t mask2prefixlen(sa_family_t, struct sockaddr *); 1496 1497 /* log.c */ 1498 void log_peer_info(const struct peer_config *, const char *, ...) 1499 __attribute__((__format__ (printf, 2, 3))); 1500 void log_peer_warn(const struct peer_config *, const char *, ...) 1501 __attribute__((__format__ (printf, 2, 3))); 1502 void log_peer_warnx(const struct peer_config *, const char *, ...) 1503 __attribute__((__format__ (printf, 2, 3))); 1504 1505 /* mrt.c */ 1506 void mrt_write(struct mrt *); 1507 void mrt_clean(struct mrt *); 1508 void mrt_init(struct imsgbuf *, struct imsgbuf *); 1509 time_t mrt_timeout(struct mrt_head *); 1510 void mrt_reconfigure(struct mrt_head *); 1511 void mrt_handler(struct mrt_head *); 1512 struct mrt *mrt_get(struct mrt_head *, struct mrt *); 1513 void mrt_mergeconfig(struct mrt_head *, struct mrt_head *); 1514 1515 /* name2id.c */ 1516 uint16_t rtlabel_name2id(const char *); 1517 const char *rtlabel_id2name(uint16_t); 1518 void rtlabel_unref(uint16_t); 1519 uint16_t rtlabel_ref(uint16_t); 1520 uint16_t pftable_name2id(const char *); 1521 const char *pftable_id2name(uint16_t); 1522 void pftable_unref(uint16_t); 1523 uint16_t pftable_ref(uint16_t); 1524 1525 /* parse.y */ 1526 int cmdline_symset(char *); 1527 struct prefixset *find_prefixset(char *, struct prefixset_head *); 1528 struct bgpd_config *parse_config(char *, struct peer_head *, 1529 struct rtr_config_head *); 1530 1531 /* pftable.c */ 1532 int pftable_exists(const char *); 1533 int pftable_add(const char *); 1534 int pftable_clear_all(void); 1535 int pftable_addr_add(struct pftable_msg *); 1536 int pftable_addr_remove(struct pftable_msg *); 1537 int pftable_commit(void); 1538 1539 /* rde_filter.c */ 1540 void filterset_free(struct filter_set_head *); 1541 int filterset_cmp(struct filter_set *, struct filter_set *); 1542 void filterset_move(struct filter_set_head *, struct filter_set_head *); 1543 void filterset_copy(struct filter_set_head *, struct filter_set_head *); 1544 const char *filterset_name(enum action_types); 1545 1546 /* rde_sets.c */ 1547 struct as_set *as_sets_lookup(struct as_set_head *, const char *); 1548 struct as_set *as_sets_new(struct as_set_head *, const char *, size_t, 1549 size_t); 1550 void as_sets_free(struct as_set_head *); 1551 void as_sets_mark_dirty(struct as_set_head *, struct as_set_head *); 1552 int as_set_match(const struct as_set *, uint32_t); 1553 1554 struct set_table *set_new(size_t, size_t); 1555 void set_free(struct set_table *); 1556 int set_add(struct set_table *, void *, size_t); 1557 void *set_get(struct set_table *, size_t *); 1558 void set_prep(struct set_table *); 1559 void *set_match(const struct set_table *, uint32_t); 1560 int set_equal(const struct set_table *, 1561 const struct set_table *); 1562 size_t set_nmemb(const struct set_table *); 1563 1564 /* rde_trie.c */ 1565 int trie_add(struct trie_head *, struct bgpd_addr *, uint8_t, uint8_t, 1566 uint8_t); 1567 int trie_roa_add(struct trie_head *, struct roa *); 1568 void trie_free(struct trie_head *); 1569 int trie_match(struct trie_head *, struct bgpd_addr *, uint8_t, int); 1570 int trie_roa_check(struct trie_head *, struct bgpd_addr *, uint8_t, 1571 uint32_t); 1572 void trie_dump(struct trie_head *); 1573 int trie_equal(struct trie_head *, struct trie_head *); 1574 1575 /* timer.c */ 1576 time_t getmonotime(void); 1577 1578 /* util.c */ 1579 char *ibuf_get_string(struct ibuf *, size_t); 1580 const char *log_addr(const struct bgpd_addr *); 1581 const char *log_in6addr(const struct in6_addr *); 1582 const char *log_sockaddr(struct sockaddr *, socklen_t); 1583 const char *log_as(uint32_t); 1584 const char *log_rd(uint64_t); 1585 const char *log_ext_subtype(int, uint8_t); 1586 const char *log_reason(const char *); 1587 const char *log_aspath_error(int); 1588 const char *log_roa(struct roa *); 1589 const char *log_aspa(struct aspa_set *); 1590 const char *log_rtr_error(enum rtr_error); 1591 const char *log_policy(enum role); 1592 const char *log_capability(uint8_t); 1593 int aspath_asprint(char **, struct ibuf *); 1594 uint32_t aspath_extract(const void *, int); 1595 int aspath_verify(struct ibuf *, int, int); 1596 #define AS_ERR_LEN -1 1597 #define AS_ERR_TYPE -2 1598 #define AS_ERR_BAD -3 1599 #define AS_ERR_SOFT -4 1600 struct ibuf *aspath_inflate(struct ibuf *); 1601 int extract_prefix(const u_char *, int, void *, uint8_t, uint8_t); 1602 int nlri_get_prefix(struct ibuf *, struct bgpd_addr *, uint8_t *); 1603 int nlri_get_prefix6(struct ibuf *, struct bgpd_addr *, uint8_t *); 1604 int nlri_get_vpn4(struct ibuf *, struct bgpd_addr *, uint8_t *, 1605 int); 1606 int nlri_get_vpn6(struct ibuf *, struct bgpd_addr *, uint8_t *, 1607 int); 1608 int prefix_compare(const struct bgpd_addr *, 1609 const struct bgpd_addr *, int); 1610 void inet4applymask(struct in_addr *, const struct in_addr *, int); 1611 void inet6applymask(struct in6_addr *, const struct in6_addr *, 1612 int); 1613 void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); 1614 const char *aid2str(uint8_t); 1615 int aid2afi(uint8_t, uint16_t *, uint8_t *); 1616 int afi2aid(uint16_t, uint8_t, uint8_t *); 1617 sa_family_t aid2af(uint8_t); 1618 int af2aid(sa_family_t, uint8_t, uint8_t *); 1619 struct sockaddr *addr2sa(const struct bgpd_addr *, uint16_t, socklen_t *); 1620 void sa2addr(struct sockaddr *, struct bgpd_addr *, uint16_t *); 1621 const char * get_baudrate(unsigned long long, char *); 1622 1623 /* flowspec.c */ 1624 int flowspec_valid(const uint8_t *, int, int); 1625 int flowspec_cmp(const uint8_t *, int, const uint8_t *, int, int); 1626 int flowspec_get_component(const uint8_t *, int, int, int, 1627 const uint8_t **, int *); 1628 int flowspec_get_addr(const uint8_t *, int, int, int, struct bgpd_addr *, 1629 uint8_t *, uint8_t *); 1630 const char *flowspec_fmt_label(int); 1631 const char *flowspec_fmt_num_op(const uint8_t *, int, int *); 1632 const char *flowspec_fmt_bin_op(const uint8_t *, int, int *, const char *); 1633 1634 static const char * const log_procnames[] = { 1635 "parent", 1636 "SE", 1637 "RDE", 1638 "RTR" 1639 }; 1640 1641 /* logmsg.c and needed by bgpctl */ 1642 static const char * const statenames[] = { 1643 "None", 1644 "Idle", 1645 "Connect", 1646 "Active", 1647 "OpenSent", 1648 "OpenConfirm", 1649 "Established" 1650 }; 1651 1652 static const char * const msgtypenames[] = { 1653 "NONE", 1654 "OPEN", 1655 "UPDATE", 1656 "NOTIFICATION", 1657 "KEEPALIVE", 1658 "RREFRESH" 1659 }; 1660 1661 static const char * const eventnames[] = { 1662 "None", 1663 "Start", 1664 "Stop", 1665 "Connection opened", 1666 "Connection closed", 1667 "Connection open failed", 1668 "Fatal error", 1669 "ConnectRetryTimer expired", 1670 "HoldTimer expired", 1671 "KeepaliveTimer expired", 1672 "SendHoldTimer expired", 1673 "OPEN message received", 1674 "KEEPALIVE message received", 1675 "UPDATE message received", 1676 "NOTIFICATION received", 1677 "graceful NOTIFICATION received", 1678 }; 1679 1680 static const char * const errnames[] = { 1681 "none", 1682 "Header error", 1683 "error in OPEN message", 1684 "error in UPDATE message", 1685 "HoldTimer expired", 1686 "Finite State Machine error", 1687 "Cease", 1688 "error in ROUTE-REFRESH message" 1689 }; 1690 1691 static const char * const suberr_header_names[] = { 1692 "none", 1693 "synchronization error", 1694 "wrong length", 1695 "unknown message type" 1696 }; 1697 1698 static const char * const suberr_open_names[] = { 1699 "none", 1700 "version mismatch", 1701 "AS unacceptable", 1702 "BGPID invalid", 1703 "optional parameter error", 1704 "authentication error", 1705 "unacceptable holdtime", 1706 "unsupported capability", 1707 NULL, 1708 NULL, 1709 NULL, 1710 "role mismatch", 1711 }; 1712 1713 static const char * const suberr_fsm_names[] = { 1714 "unspecified error", 1715 "received unexpected message in OpenSent", 1716 "received unexpected message in OpenConfirm", 1717 "received unexpected message in Established" 1718 }; 1719 1720 static const char * const suberr_update_names[] = { 1721 "none", 1722 "attribute list error", 1723 "unknown well-known attribute", 1724 "well-known attribute missing", 1725 "attribute flags error", 1726 "attribute length wrong", 1727 "origin unacceptable", 1728 "loop detected", 1729 "nexthop unacceptable", 1730 "optional attribute error", 1731 "network unacceptable", 1732 "AS-Path unacceptable" 1733 }; 1734 1735 static const char * const suberr_cease_names[] = { 1736 "none", 1737 "received max-prefix exceeded", 1738 "administratively down", 1739 "peer unconfigured", 1740 "administrative reset", 1741 "connection rejected", 1742 "other config change", 1743 "collision", 1744 "resource exhaustion", 1745 "hard reset", 1746 "sent max-prefix exceeded" 1747 }; 1748 1749 static const char * const suberr_rrefresh_names[] = { 1750 "none", 1751 "invalid message length" 1752 }; 1753 1754 static const char * const ctl_res_strerror[] = { 1755 "no error", 1756 "no such neighbor", 1757 "permission denied", 1758 "neighbor does not have this capability", 1759 "config file has errors, reload failed", 1760 "previous reload still running", 1761 "out of memory", 1762 "not a cloned peer", 1763 "peer still active, down peer first", 1764 "no such RIB", 1765 "operation not supported", 1766 }; 1767 1768 static const char * const timernames[] = { 1769 "None", 1770 "ConnectRetryTimer", 1771 "KeepaliveTimer", 1772 "HoldTimer", 1773 "SendHoldTimer", 1774 "IdleHoldTimer", 1775 "IdleHoldResetTimer", 1776 "CarpUndemoteTimer", 1777 "RestartTimer", 1778 "SessionDownTimer", 1779 "RTR RefreshTimer", 1780 "RTR RetryTimer", 1781 "RTR ExpireTimer", 1782 "RTR ActiveTimer", 1783 "" 1784 }; 1785 1786 #endif /* __BGPD_H__ */ 1787