1 /* $OpenBSD: bgpd.h,v 1.493 2024/05/18 11:17:30 jsg Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #ifndef __BGPD_H__ 19 #define __BGPD_H__ 20 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 #include <net/if.h> 28 29 #include <poll.h> 30 #include <stdarg.h> 31 #include <stdint.h> 32 33 #include <imsg.h> 34 35 #define BGP_VERSION 4 36 #define BGP_PORT 179 37 #define RTR_PORT 323 38 #define CONFFILE "/etc/bgpd.conf" 39 #define BGPD_USER "_bgpd" 40 #define PEER_DESCR_LEN 64 41 #define REASON_LEN 256 /* includes NUL terminator */ 42 #define PFTABLE_LEN 32 43 #define ROUTELABEL_LEN 32 44 #define TCP_MD5_KEY_LEN 80 45 #define IPSEC_ENC_KEY_LEN 32 46 #define IPSEC_AUTH_KEY_LEN 20 47 #define SET_NAME_LEN 128 48 49 #define MAX_PKTSIZE 4096 50 #define MIN_HOLDTIME 3 51 #define READ_BUF_SIZE 65535 52 #define MAX_SOCK_BUF (4 * READ_BUF_SIZE) 53 #define RT_BUF_SIZE 16384 54 #define MAX_RTSOCK_BUF (2 * 1024 * 1024) 55 #define MAX_COMM_MATCH 3 56 #define MAX_ASPA_SPAS_COUNT 10000 57 58 #define BGPD_OPT_VERBOSE 0x0001 59 #define BGPD_OPT_VERBOSE2 0x0002 60 #define BGPD_OPT_NOACTION 0x0004 61 #define BGPD_OPT_FORCE_DEMOTE 0x0008 62 63 #define BGPD_FLAG_REFLECTOR 0x0004 64 #define BGPD_FLAG_NEXTHOP_BGP 0x0010 65 #define BGPD_FLAG_NEXTHOP_DEFAULT 0x0020 66 #define BGPD_FLAG_DECISION_MASK 0x0f00 67 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 68 #define BGPD_FLAG_DECISION_TRANS_AS 0x0200 69 #define BGPD_FLAG_DECISION_MED_ALWAYS 0x0400 70 #define BGPD_FLAG_DECISION_ALL_PATHS 0x0800 71 #define BGPD_FLAG_NO_AS_SET 0x1000 72 73 #define BGPD_LOG_UPDATES 0x0001 74 75 #define SOCKET_NAME "/var/run/bgpd.sock" 76 77 #define F_BGPD 0x0001 78 #define F_BGPD_INSERTED 0x0002 79 #define F_CONNECTED 0x0004 80 #define F_STATIC 0x0008 81 #define F_NEXTHOP 0x0010 82 #define F_REJECT 0x0020 83 #define F_BLACKHOLE 0x0040 84 #define F_MPLS 0x0080 85 #define F_LONGER 0x0200 86 #define F_SHORTER 0x0400 87 #define F_CTL_DETAIL 0x1000 /* only set on requests */ 88 #define F_CTL_ADJ_IN 0x2000 /* only set on requests */ 89 #define F_CTL_ADJ_OUT 0x4000 /* only set on requests */ 90 #define F_CTL_BEST 0x8000 91 #define F_CTL_INELIGIBLE 0x10000 /* only set on requests */ 92 #define F_CTL_LEAKED 0x20000 /* only set on requests */ 93 #define F_CTL_INVALID 0x40000 /* only set on requests */ 94 #define F_CTL_OVS_VALID 0x80000 95 #define F_CTL_OVS_INVALID 0x100000 96 #define F_CTL_OVS_NOTFOUND 0x200000 97 #define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */ 98 #define F_CTL_HAS_PATHID 0x800000 /* only set on requests */ 99 #define F_CTL_AVS_VALID 0x1000000 100 #define F_CTL_AVS_INVALID 0x2000000 101 #define F_CTL_AVS_UNKNOWN 0x4000000 102 #define F_CTL_SSV 0x80000000 /* only used by bgpctl */ 103 104 #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ 105 __attribute__((__unused__)) 106 107 /* 108 * Note that these numeric assignments differ from the numbers commonly 109 * used in route origin validation context. 110 */ 111 #define ROA_NOTFOUND 0x0 /* default */ 112 #define ROA_INVALID 0x1 113 #define ROA_VALID 0x2 114 #define ROA_MASK 0x3 115 116 #define ASPA_UNKNOWN 0x00 /* default */ 117 #define ASPA_INVALID 0x01 118 #define ASPA_VALID 0x02 119 #define ASPA_MASK 0x03 120 #define ASPA_NEVER_KNOWN 0x08 /* unknown and check never needed */ 121 122 /* 123 * Limit the number of messages queued in the session engine. 124 * The SE will send an IMSG_XOFF messages to the RDE if the high water mark 125 * is reached. The RDE should then throttle this peer or control connection. 126 * Once the message queue in the SE drops below the low water mark an 127 * IMSG_XON message will be sent and the RDE will produce more messages again. 128 */ 129 #define RDE_RUNNER_ROUNDS 100 130 #define SESS_MSG_HIGH_MARK 2000 131 #define SESS_MSG_LOW_MARK 500 132 #define CTL_MSG_HIGH_MARK 500 133 #define CTL_MSG_LOW_MARK 100 134 135 enum bgpd_process { 136 PROC_MAIN, 137 PROC_SE, 138 PROC_RDE, 139 PROC_RTR, 140 }; 141 142 enum reconf_action { 143 RECONF_NONE, 144 RECONF_KEEP, 145 RECONF_REINIT, 146 RECONF_RELOAD, 147 RECONF_DELETE 148 }; 149 150 /* Address Family Numbers as per RFC 1700 */ 151 #define AFI_UNSPEC 0 152 #define AFI_IPv4 1 153 #define AFI_IPv6 2 154 155 /* Subsequent Address Family Identifier as per RFC 4760 */ 156 #define SAFI_NONE 0 157 #define SAFI_UNICAST 1 158 #define SAFI_MULTICAST 2 159 #define SAFI_MPLS 4 160 #define SAFI_MPLSVPN 128 161 #define SAFI_FLOWSPEC 133 162 #define SAFI_VPNFLOWSPEC 134 163 164 struct aid { 165 uint16_t afi; 166 sa_family_t af; 167 uint8_t safi; 168 const char *name; 169 }; 170 171 extern const struct aid aid_vals[]; 172 173 #define AID_UNSPEC 0 174 #define AID_INET 1 175 #define AID_INET6 2 176 #define AID_VPN_IPv4 3 177 #define AID_VPN_IPv6 4 178 #define AID_FLOWSPECv4 5 179 #define AID_FLOWSPECv6 6 180 #define AID_MAX 7 181 #define AID_MIN 1 /* skip AID_UNSPEC since that is a dummy */ 182 183 #define AID_VALS { \ 184 /* afi, af, safii, name */ \ 185 { AFI_UNSPEC, AF_UNSPEC, SAFI_NONE, "unspec"}, \ 186 { AFI_IPv4, AF_INET, SAFI_UNICAST, "IPv4 unicast" }, \ 187 { AFI_IPv6, AF_INET6, SAFI_UNICAST, "IPv6 unicast" }, \ 188 { AFI_IPv4, AF_INET, SAFI_MPLSVPN, "IPv4 vpn" }, \ 189 { AFI_IPv6, AF_INET6, SAFI_MPLSVPN, "IPv6 vpn" }, \ 190 { AFI_IPv4, AF_INET, SAFI_FLOWSPEC, "IPv4 flowspec" }, \ 191 { AFI_IPv6, AF_INET6, SAFI_FLOWSPEC, "IPv6 flowspec" }, \ 192 } 193 194 #define BGP_MPLS_BOS 0x01 195 196 struct bgpd_addr { 197 union { 198 struct in_addr v4; 199 struct in6_addr v6; 200 /* maximum size for a prefix is 256 bits */ 201 }; /* 128-bit address */ 202 uint64_t rd; /* route distinguisher for VPN addrs */ 203 uint32_t scope_id; /* iface scope id for v6 */ 204 uint8_t aid; 205 uint8_t labellen; /* size of the labelstack */ 206 uint8_t labelstack[18]; /* max that makes sense */ 207 }; 208 209 #define DEFAULT_LISTENER 0x01 210 #define LISTENER_LISTENING 0x02 211 212 struct listen_addr { 213 TAILQ_ENTRY(listen_addr) entry; 214 struct sockaddr_storage sa; 215 int fd; 216 enum reconf_action reconf; 217 socklen_t sa_len; 218 uint8_t flags; 219 }; 220 221 TAILQ_HEAD(listen_addrs, listen_addr); 222 TAILQ_HEAD(filter_set_head, filter_set); 223 224 struct peer; 225 RB_HEAD(peer_head, peer); 226 227 struct l3vpn; 228 SIMPLEQ_HEAD(l3vpn_head, l3vpn); 229 230 struct network; 231 TAILQ_HEAD(network_head, network); 232 233 struct flowspec_config; 234 RB_HEAD(flowspec_tree, flowspec_config); 235 236 struct prefixset; 237 SIMPLEQ_HEAD(prefixset_head, prefixset); 238 struct prefixset_item; 239 RB_HEAD(prefixset_tree, prefixset_item); 240 241 struct tentry_v4; 242 struct tentry_v6; 243 struct trie_head { 244 struct tentry_v4 *root_v4; 245 struct tentry_v6 *root_v6; 246 int match_default_v4; 247 int match_default_v6; 248 size_t v4_cnt; 249 size_t v6_cnt; 250 }; 251 252 struct rde_prefixset { 253 char name[SET_NAME_LEN]; 254 struct trie_head th; 255 SIMPLEQ_ENTRY(rde_prefixset) entry; 256 time_t lastchange; 257 int dirty; 258 }; 259 SIMPLEQ_HEAD(rde_prefixset_head, rde_prefixset); 260 261 struct roa { 262 RB_ENTRY(roa) entry; 263 uint8_t aid; 264 uint8_t prefixlen; 265 uint8_t maxlen; 266 uint8_t pad; 267 uint32_t asnum; 268 time_t expires; 269 union { 270 struct in_addr inet; 271 struct in6_addr inet6; 272 } prefix; 273 }; 274 275 RB_HEAD(roa_tree, roa); 276 struct aspa_set; 277 RB_HEAD(aspa_tree, aspa_set); 278 279 struct set_table; 280 struct as_set; 281 SIMPLEQ_HEAD(as_set_head, as_set); 282 283 struct filter_rule; 284 TAILQ_HEAD(filter_head, filter_rule); 285 286 struct rtr_config; 287 SIMPLEQ_HEAD(rtr_config_head, rtr_config); 288 289 struct bgpd_config { 290 struct peer_head peers; 291 struct l3vpn_head l3vpns; 292 struct network_head networks; 293 struct flowspec_tree flowspecs; 294 struct filter_head *filters; 295 struct listen_addrs *listen_addrs; 296 struct mrt_head *mrt; 297 struct prefixset_head prefixsets; 298 struct prefixset_head originsets; 299 struct roa_tree roa; 300 struct aspa_tree aspa; 301 struct rde_prefixset_head rde_prefixsets; 302 struct rde_prefixset_head rde_originsets; 303 struct as_set_head as_sets; 304 struct rtr_config_head rtrs; 305 char *csock; 306 char *rcsock; 307 int flags; 308 int log; 309 u_int default_tableid; 310 uint32_t bgpid; 311 uint32_t clusterid; 312 uint32_t as; 313 uint16_t short_as; 314 uint16_t holdtime; 315 uint16_t min_holdtime; 316 uint16_t connectretry; 317 uint8_t fib_priority; 318 }; 319 320 extern int cmd_opts; 321 322 enum addpath_mode { 323 ADDPATH_EVAL_NONE, 324 ADDPATH_EVAL_BEST, 325 ADDPATH_EVAL_ECMP, 326 ADDPATH_EVAL_AS_WIDE, 327 ADDPATH_EVAL_ALL, 328 }; 329 330 struct addpath_eval { 331 enum addpath_mode mode; 332 int extrapaths; 333 int maxpaths; 334 }; 335 336 enum export_type { 337 EXPORT_UNSET, 338 EXPORT_NONE, 339 EXPORT_DEFAULT_ROUTE 340 }; 341 342 enum enforce_as { 343 ENFORCE_AS_UNDEF, 344 ENFORCE_AS_OFF, 345 ENFORCE_AS_ON 346 }; 347 348 enum role { 349 ROLE_NONE, 350 ROLE_CUSTOMER, 351 ROLE_PROVIDER, 352 ROLE_RS, 353 ROLE_RS_CLIENT, 354 ROLE_PEER, 355 }; 356 357 enum auth_method { 358 AUTH_NONE, 359 AUTH_MD5SIG, 360 AUTH_IPSEC_MANUAL_ESP, 361 AUTH_IPSEC_MANUAL_AH, 362 AUTH_IPSEC_IKE_ESP, 363 AUTH_IPSEC_IKE_AH 364 }; 365 366 enum auth_alg { 367 AUTH_AALG_NONE, 368 AUTH_AALG_SHA1HMAC, 369 AUTH_AALG_MD5HMAC, 370 }; 371 372 enum auth_enc_alg { 373 AUTH_EALG_NONE, 374 AUTH_EALG_3DESCBC, 375 AUTH_EALG_AES, 376 }; 377 378 struct peer_auth { 379 char md5key[TCP_MD5_KEY_LEN]; 380 char auth_key_in[IPSEC_AUTH_KEY_LEN]; 381 char auth_key_out[IPSEC_AUTH_KEY_LEN]; 382 char enc_key_in[IPSEC_ENC_KEY_LEN]; 383 char enc_key_out[IPSEC_ENC_KEY_LEN]; 384 uint32_t spi_in; 385 uint32_t spi_out; 386 enum auth_method method; 387 enum auth_alg auth_alg_in; 388 enum auth_alg auth_alg_out; 389 enum auth_enc_alg enc_alg_in; 390 enum auth_enc_alg enc_alg_out; 391 uint8_t md5key_len; 392 uint8_t auth_keylen_in; 393 uint8_t auth_keylen_out; 394 uint8_t enc_keylen_in; 395 uint8_t enc_keylen_out; 396 }; 397 398 struct capabilities { 399 struct { 400 int16_t timeout; /* graceful restart timeout */ 401 int8_t flags[AID_MAX]; /* graceful restart per AID flags */ 402 int8_t restart; /* graceful restart, RFC 4724 */ 403 } grestart; 404 int8_t mp[AID_MAX]; /* multiprotocol extensions, RFC 4760 */ 405 int8_t add_path[AID_MAX]; /* ADD_PATH, RFC 7911 */ 406 int8_t refresh; /* route refresh, RFC 2918 */ 407 int8_t as4byte; /* 4-byte ASnum, RFC 4893 */ 408 int8_t enhanced_rr; /* enhanced route refresh, RFC 7313 */ 409 int8_t policy; /* Open Policy, RFC 9234, 2 = enforce */ 410 }; 411 412 enum capa_codes { 413 CAPA_NONE = 0, 414 CAPA_MP = 1, 415 CAPA_REFRESH = 2, 416 CAPA_ROLE = 9, 417 CAPA_RESTART = 64, 418 CAPA_AS4BYTE = 65, 419 CAPA_ADD_PATH = 69, 420 CAPA_ENHANCED_RR = 70, 421 }; 422 423 /* flags for RFC 4724 - graceful restart */ 424 #define CAPA_GR_PRESENT 0x01 425 #define CAPA_GR_RESTART 0x02 426 #define CAPA_GR_FORWARD 0x04 427 #define CAPA_GR_RESTARTING 0x08 428 #define CAPA_GR_TIMEMASK 0x0fff 429 #define CAPA_GR_R_FLAG 0x8000 430 #define CAPA_GR_F_FLAG 0x80 431 432 /* flags for RFC 7911 - enhanced router refresh */ 433 #define CAPA_AP_RECV 0x01 434 #define CAPA_AP_SEND 0x02 435 #define CAPA_AP_BIDIR 0x03 436 #define CAPA_AP_MASK 0x0f 437 #define CAPA_AP_RECV_ENFORCE 0x10 /* internal only */ 438 #define CAPA_AP_SEND_ENFORCE 0x20 /* internal only */ 439 440 /* values for RFC 9234 - BGP Open Policy */ 441 #define CAPA_ROLE_PROVIDER 0x00 442 #define CAPA_ROLE_RS 0x01 443 #define CAPA_ROLE_RS_CLIENT 0x02 444 #define CAPA_ROLE_CUSTOMER 0x03 445 #define CAPA_ROLE_PEER 0x04 446 447 struct peer_config { 448 struct bgpd_addr remote_addr; 449 struct bgpd_addr local_addr_v4; 450 struct bgpd_addr local_addr_v6; 451 struct peer_auth auth; 452 struct capabilities capabilities; 453 struct addpath_eval eval; 454 char group[PEER_DESCR_LEN]; 455 char descr[PEER_DESCR_LEN]; 456 char reason[REASON_LEN]; 457 char rib[PEER_DESCR_LEN]; 458 char if_depend[IFNAMSIZ]; 459 char demote_group[IFNAMSIZ]; 460 uint32_t id; 461 uint32_t groupid; 462 uint32_t remote_as; 463 uint32_t local_as; 464 uint32_t max_prefix; 465 uint32_t max_out_prefix; 466 enum export_type export_type; 467 enum enforce_as enforce_as; 468 enum enforce_as enforce_local_as; 469 enum role role; 470 uint16_t max_prefix_restart; 471 uint16_t max_out_prefix_restart; 472 uint16_t holdtime; 473 uint16_t min_holdtime; 474 uint16_t local_short_as; 475 uint16_t remote_port; 476 uint8_t template; 477 uint8_t remote_masklen; 478 uint8_t ebgp; /* 0 = ibgp else ebgp */ 479 uint8_t distance; /* 1 = direct, >1 = multihop */ 480 uint8_t passive; 481 uint8_t down; 482 uint8_t reflector_client; 483 uint8_t ttlsec; /* TTL security hack */ 484 uint8_t flags; 485 }; 486 487 #define PEER_ID_NONE 0 488 #define PEER_ID_SELF 1 489 #define PEER_ID_STATIC_MIN 2 /* exclude self */ 490 #define PEER_ID_STATIC_MAX (UINT_MAX / 2) 491 #define PEER_ID_DYN_MAX UINT_MAX 492 493 #define PEERFLAG_TRANS_AS 0x01 494 #define PEERFLAG_LOG_UPDATES 0x02 495 #define PEERFLAG_EVALUATE_ALL 0x04 496 #define PEERFLAG_NO_AS_SET 0x08 497 498 struct rde_peer_stats { 499 uint64_t prefix_rcvd_update; 500 uint64_t prefix_rcvd_withdraw; 501 uint64_t prefix_rcvd_eor; 502 uint64_t prefix_sent_update; 503 uint64_t prefix_sent_withdraw; 504 uint64_t prefix_sent_eor; 505 uint32_t prefix_cnt; 506 uint32_t prefix_out_cnt; 507 uint32_t pending_update; 508 uint32_t pending_withdraw; 509 }; 510 511 enum network_type { 512 NETWORK_DEFAULT, /* from network statements */ 513 NETWORK_STATIC, 514 NETWORK_CONNECTED, 515 NETWORK_RTLABEL, 516 NETWORK_MRTCLONE, 517 NETWORK_PRIORITY, 518 NETWORK_PREFIXSET, 519 }; 520 521 struct network_config { 522 struct bgpd_addr prefix; 523 struct filter_set_head attrset; 524 char psname[SET_NAME_LEN]; 525 uint64_t rd; 526 enum network_type type; 527 uint16_t rtlabel; 528 uint8_t prefixlen; 529 uint8_t priority; 530 uint8_t old; /* used for reloading */ 531 }; 532 533 struct network { 534 struct network_config net; 535 TAILQ_ENTRY(network) entry; 536 }; 537 538 struct flowspec { 539 uint16_t len; 540 uint8_t aid; 541 uint8_t flags; 542 uint8_t data[1]; 543 }; 544 #define FLOWSPEC_SIZE (offsetof(struct flowspec, data)) 545 546 struct flowspec_config { 547 RB_ENTRY(flowspec_config) entry; 548 struct filter_set_head attrset; 549 struct flowspec *flow; 550 enum reconf_action reconf_action; 551 }; 552 553 enum rtr_error { 554 NO_ERROR = -1, 555 CORRUPT_DATA = 0, 556 INTERNAL_ERROR, 557 NO_DATA_AVAILABLE, 558 INVALID_REQUEST, 559 UNSUPP_PROTOCOL_VERS, 560 UNSUPP_PDU_TYPE, 561 UNK_REC_WDRAWL, 562 DUP_REC_RECV, 563 UNEXP_PROTOCOL_VERS, 564 }; 565 566 struct rtr_config { 567 SIMPLEQ_ENTRY(rtr_config) entry; 568 char descr[PEER_DESCR_LEN]; 569 struct bgpd_addr remote_addr; 570 struct bgpd_addr local_addr; 571 uint32_t id; 572 uint16_t remote_port; 573 }; 574 575 struct ctl_show_rtr { 576 char descr[PEER_DESCR_LEN]; 577 char state[PEER_DESCR_LEN]; 578 struct bgpd_addr remote_addr; 579 struct bgpd_addr local_addr; 580 uint32_t serial; 581 uint32_t refresh; 582 uint32_t retry; 583 uint32_t expire; 584 int session_id; 585 uint16_t remote_port; 586 uint8_t version; 587 enum rtr_error last_sent_error; 588 enum rtr_error last_recv_error; 589 char last_sent_msg[REASON_LEN]; 590 char last_recv_msg[REASON_LEN]; 591 }; 592 593 enum imsg_type { 594 IMSG_NONE, 595 IMSG_CTL_END, 596 IMSG_CTL_RELOAD, 597 IMSG_CTL_FIB_COUPLE, 598 IMSG_CTL_FIB_DECOUPLE, 599 IMSG_CTL_NEIGHBOR_UP, 600 IMSG_CTL_NEIGHBOR_DOWN, 601 IMSG_CTL_NEIGHBOR_CLEAR, 602 IMSG_CTL_NEIGHBOR_RREFRESH, 603 IMSG_CTL_NEIGHBOR_DESTROY, 604 IMSG_CTL_KROUTE, 605 IMSG_CTL_KROUTE_ADDR, 606 IMSG_CTL_RESULT, 607 IMSG_CTL_SHOW_NEIGHBOR, 608 IMSG_CTL_SHOW_NEXTHOP, 609 IMSG_CTL_SHOW_INTERFACE, 610 IMSG_CTL_SHOW_RIB, 611 IMSG_CTL_SHOW_RIB_PREFIX, 612 IMSG_CTL_SHOW_RIB_COMMUNITIES, 613 IMSG_CTL_SHOW_RIB_ATTR, 614 IMSG_CTL_SHOW_NETWORK, 615 IMSG_CTL_SHOW_FLOWSPEC, 616 IMSG_CTL_SHOW_RIB_MEM, 617 IMSG_CTL_SHOW_TERSE, 618 IMSG_CTL_SHOW_TIMER, 619 IMSG_CTL_LOG_VERBOSE, 620 IMSG_CTL_SHOW_FIB_TABLES, 621 IMSG_CTL_SHOW_SET, 622 IMSG_CTL_SHOW_RTR, 623 IMSG_CTL_TERMINATE, 624 IMSG_NETWORK_ADD, 625 IMSG_NETWORK_ASPATH, 626 IMSG_NETWORK_ATTR, 627 IMSG_NETWORK_REMOVE, 628 IMSG_NETWORK_FLUSH, 629 IMSG_NETWORK_DONE, 630 IMSG_FLOWSPEC_ADD, 631 IMSG_FLOWSPEC_DONE, 632 IMSG_FLOWSPEC_REMOVE, 633 IMSG_FLOWSPEC_FLUSH, 634 IMSG_FILTER_SET, 635 IMSG_SOCKET_CONN, 636 IMSG_SOCKET_CONN_CTL, 637 IMSG_SOCKET_CONN_RTR, 638 IMSG_RECONF_CONF, 639 IMSG_RECONF_RIB, 640 IMSG_RECONF_PEER, 641 IMSG_RECONF_FILTER, 642 IMSG_RECONF_LISTENER, 643 IMSG_RECONF_CTRL, 644 IMSG_RECONF_VPN, 645 IMSG_RECONF_VPN_EXPORT, 646 IMSG_RECONF_VPN_IMPORT, 647 IMSG_RECONF_VPN_DONE, 648 IMSG_RECONF_PREFIX_SET, 649 IMSG_RECONF_PREFIX_SET_ITEM, 650 IMSG_RECONF_AS_SET, 651 IMSG_RECONF_AS_SET_ITEMS, 652 IMSG_RECONF_AS_SET_DONE, 653 IMSG_RECONF_ORIGIN_SET, 654 IMSG_RECONF_ROA_SET, 655 IMSG_RECONF_ROA_ITEM, 656 IMSG_RECONF_ASPA, 657 IMSG_RECONF_ASPA_TAS, 658 IMSG_RECONF_ASPA_DONE, 659 IMSG_RECONF_ASPA_PREP, 660 IMSG_RECONF_RTR_CONFIG, 661 IMSG_RECONF_DRAIN, 662 IMSG_RECONF_DONE, 663 IMSG_UPDATE, 664 IMSG_UPDATE_ERR, 665 IMSG_SESSION_ADD, 666 IMSG_SESSION_UP, 667 IMSG_SESSION_DOWN, 668 IMSG_SESSION_STALE, 669 IMSG_SESSION_NOGRACE, 670 IMSG_SESSION_FLUSH, 671 IMSG_SESSION_RESTARTED, 672 IMSG_SESSION_DEPENDON, 673 IMSG_PFKEY_RELOAD, 674 IMSG_MRT_OPEN, 675 IMSG_MRT_REOPEN, 676 IMSG_MRT_CLOSE, 677 IMSG_KROUTE_CHANGE, 678 IMSG_KROUTE_DELETE, 679 IMSG_KROUTE_FLUSH, 680 IMSG_NEXTHOP_ADD, 681 IMSG_NEXTHOP_REMOVE, 682 IMSG_NEXTHOP_UPDATE, 683 IMSG_PFTABLE_ADD, 684 IMSG_PFTABLE_REMOVE, 685 IMSG_PFTABLE_COMMIT, 686 IMSG_REFRESH, 687 IMSG_DEMOTE, 688 IMSG_XON, 689 IMSG_XOFF 690 }; 691 692 struct demote_msg { 693 char demote_group[IFNAMSIZ]; 694 int level; 695 }; 696 697 enum ctl_results { 698 CTL_RES_OK, 699 CTL_RES_NOSUCHPEER, 700 CTL_RES_DENIED, 701 CTL_RES_NOCAP, 702 CTL_RES_PARSE_ERROR, 703 CTL_RES_PENDING, 704 CTL_RES_NOMEM, 705 CTL_RES_BADPEER, 706 CTL_RES_BADSTATE, 707 CTL_RES_NOSUCHRIB, 708 CTL_RES_OPNOTSUPP, 709 }; 710 711 /* needed for session.h parse prototype */ 712 LIST_HEAD(mrt_head, mrt); 713 714 /* error codes and subcodes needed in SE and RDE */ 715 enum err_codes { 716 ERR_HEADER = 1, 717 ERR_OPEN, 718 ERR_UPDATE, 719 ERR_HOLDTIMEREXPIRED, 720 ERR_FSM, 721 ERR_CEASE, 722 ERR_RREFRESH, 723 ERR_SENDHOLDTIMEREXPIRED, 724 }; 725 726 enum suberr_update { 727 ERR_UPD_UNSPECIFIC, 728 ERR_UPD_ATTRLIST, 729 ERR_UPD_UNKNWN_WK_ATTR, 730 ERR_UPD_MISSNG_WK_ATTR, 731 ERR_UPD_ATTRFLAGS, 732 ERR_UPD_ATTRLEN, 733 ERR_UPD_ORIGIN, 734 ERR_UPD_LOOP, 735 ERR_UPD_NEXTHOP, 736 ERR_UPD_OPTATTR, 737 ERR_UPD_NETWORK, 738 ERR_UPD_ASPATH 739 }; 740 741 enum suberr_cease { 742 ERR_CEASE_MAX_PREFIX = 1, 743 ERR_CEASE_ADMIN_DOWN, 744 ERR_CEASE_PEER_UNCONF, 745 ERR_CEASE_ADMIN_RESET, 746 ERR_CEASE_CONN_REJECT, 747 ERR_CEASE_OTHER_CHANGE, 748 ERR_CEASE_COLLISION, 749 ERR_CEASE_RSRC_EXHAUST, 750 ERR_CEASE_HARD_RESET, 751 ERR_CEASE_MAX_SENT_PREFIX 752 }; 753 754 enum suberr_rrefresh { 755 ERR_RR_INV_LEN = 1 756 }; 757 758 struct kroute; 759 struct kroute6; 760 struct knexthop; 761 struct kredist_node; 762 RB_HEAD(kroute_tree, kroute); 763 RB_HEAD(kroute6_tree, kroute6); 764 RB_HEAD(knexthop_tree, knexthop); 765 RB_HEAD(kredist_tree, kredist_node); 766 767 struct ktable { 768 char descr[PEER_DESCR_LEN]; 769 struct kroute_tree krt; 770 struct kroute6_tree krt6; 771 struct knexthop_tree knt; 772 struct kredist_tree kredist; 773 struct network_head krn; 774 u_int rtableid; 775 u_int nhtableid; /* rdomain id for nexthop lookup */ 776 int nhrefcnt; /* refcnt for nexthop table */ 777 enum reconf_action state; 778 uint8_t fib_conf; /* configured FIB sync flag */ 779 uint8_t fib_sync; /* is FIB synced with kernel? */ 780 }; 781 782 struct kroute_full { 783 struct bgpd_addr prefix; 784 struct bgpd_addr nexthop; 785 char label[ROUTELABEL_LEN]; 786 uint32_t mplslabel; 787 uint16_t flags; 788 u_short ifindex; 789 uint8_t prefixlen; 790 uint8_t priority; 791 }; 792 793 struct kroute_nexthop { 794 struct bgpd_addr nexthop; 795 struct bgpd_addr gateway; 796 struct bgpd_addr net; 797 uint8_t netlen; 798 uint8_t valid; 799 uint8_t connected; 800 }; 801 802 struct session_dependon { 803 char ifname[IFNAMSIZ]; 804 uint8_t depend_state; /* for session depend on */ 805 }; 806 807 struct session_up { 808 struct bgpd_addr local_v4_addr; 809 struct bgpd_addr local_v6_addr; 810 struct bgpd_addr remote_addr; 811 struct capabilities capa; 812 uint32_t remote_bgpid; 813 unsigned int if_scope; 814 uint16_t short_as; 815 }; 816 817 struct route_refresh { 818 uint8_t aid; 819 uint8_t subtype; 820 }; 821 #define ROUTE_REFRESH_REQUEST 0 822 #define ROUTE_REFRESH_BEGIN_RR 1 823 #define ROUTE_REFRESH_END_RR 2 824 825 struct pftable_msg { 826 struct bgpd_addr addr; 827 char pftable[PFTABLE_LEN]; 828 uint8_t len; 829 }; 830 831 struct ctl_show_interface { 832 char ifname[IFNAMSIZ]; 833 char linkstate[32]; 834 char media[32]; 835 uint64_t baudrate; 836 u_int rdomain; 837 uint8_t nh_reachable; 838 uint8_t is_up; 839 }; 840 841 struct ctl_show_nexthop { 842 struct bgpd_addr addr; 843 struct ctl_show_interface iface; 844 struct kroute_full kr; 845 uint8_t valid; 846 uint8_t krvalid; 847 }; 848 849 struct ctl_show_set { 850 char name[SET_NAME_LEN]; 851 time_t lastchange; 852 size_t v4_cnt; 853 size_t v6_cnt; 854 size_t as_cnt; 855 enum { 856 ASNUM_SET, 857 PREFIX_SET, 858 ORIGIN_SET, 859 ROA_SET, 860 ASPA_SET, 861 } type; 862 }; 863 864 struct ctl_neighbor { 865 struct bgpd_addr addr; 866 char descr[PEER_DESCR_LEN]; 867 char reason[REASON_LEN]; 868 int show_timers; 869 int is_group; 870 }; 871 872 #define F_PREF_ELIGIBLE 0x001 873 #define F_PREF_BEST 0x002 874 #define F_PREF_INTERNAL 0x004 875 #define F_PREF_ANNOUNCE 0x008 876 #define F_PREF_STALE 0x010 877 #define F_PREF_INVALID 0x020 878 #define F_PREF_PATH_ID 0x040 879 #define F_PREF_OTC_LEAK 0x080 880 #define F_PREF_ECMP 0x100 881 #define F_PREF_AS_WIDE 0x200 882 883 struct ctl_show_rib { 884 struct bgpd_addr true_nexthop; 885 struct bgpd_addr exit_nexthop; 886 struct bgpd_addr prefix; 887 struct bgpd_addr remote_addr; 888 char descr[PEER_DESCR_LEN]; 889 time_t age; 890 uint32_t remote_id; 891 uint32_t path_id; 892 uint32_t local_pref; 893 uint32_t med; 894 uint32_t weight; 895 uint32_t flags; 896 uint8_t prefixlen; 897 uint8_t origin; 898 uint8_t roa_validation_state; 899 uint8_t aspa_validation_state; 900 int8_t dmetric; 901 /* plus an aspath */ 902 }; 903 904 enum as_spec { 905 AS_UNDEF, 906 AS_ALL, 907 AS_SOURCE, 908 AS_TRANSIT, 909 AS_PEER, 910 AS_EMPTY 911 }; 912 913 enum aslen_spec { 914 ASLEN_NONE, 915 ASLEN_MAX, 916 ASLEN_SEQ 917 }; 918 919 #define AS_FLAG_NEIGHBORAS 0x01 920 #define AS_FLAG_AS_SET_NAME 0x02 921 #define AS_FLAG_AS_SET 0x04 922 923 struct filter_as { 924 char name[SET_NAME_LEN]; 925 struct as_set *aset; 926 uint32_t as_min; 927 uint32_t as_max; 928 enum as_spec type; 929 uint8_t flags; 930 uint8_t op; 931 }; 932 933 struct filter_aslen { 934 u_int aslen; 935 enum aslen_spec type; 936 }; 937 938 #define PREFIXSET_FLAG_FILTER 0x01 939 #define PREFIXSET_FLAG_DIRTY 0x02 /* prefix-set changed at reload */ 940 #define PREFIXSET_FLAG_OPS 0x04 /* indiv. prefixes have prefixlenops */ 941 #define PREFIXSET_FLAG_LONGER 0x08 /* filter all prefixes with or-longer */ 942 943 struct filter_prefixset { 944 int flags; 945 char name[SET_NAME_LEN]; 946 struct rde_prefixset *ps; 947 }; 948 949 struct filter_originset { 950 char name[SET_NAME_LEN]; 951 struct rde_prefixset *ps; 952 }; 953 954 struct filter_vs { 955 uint8_t validity; 956 uint8_t is_set; 957 }; 958 959 /* 960 * Communities are encoded depending on their type. The low byte of flags 961 * is the COMMUNITY_TYPE (BASIC, LARGE, EXT). BASIC encoding is just using 962 * data1 and data2, LARGE uses all data fields and EXT is also using all 963 * data fields. The 4-byte flags fields consists of up to 3 data flags 964 * for e.g. COMMUNITY_ANY and the low byte is the community type. 965 * If flags is 0 the community struct is unused. If the upper 24bit of 966 * flags is 0 a fast compare can be used. 967 * The code uses a type cast to uint8_t to access the type. 968 */ 969 struct community { 970 uint32_t flags; 971 uint32_t data1; 972 uint32_t data2; 973 uint32_t data3; 974 }; 975 976 struct ctl_show_rib_request { 977 char rib[PEER_DESCR_LEN]; 978 struct ctl_neighbor neighbor; 979 struct bgpd_addr prefix; 980 struct filter_as as; 981 struct community community; 982 uint32_t flags; 983 uint32_t path_id; 984 pid_t pid; 985 enum imsg_type type; 986 uint8_t validation_state; 987 uint8_t prefixlen; 988 uint8_t aid; 989 }; 990 991 struct ctl_kroute_req { 992 int flags; 993 sa_family_t af; 994 }; 995 996 enum filter_actions { 997 ACTION_NONE, 998 ACTION_ALLOW, 999 ACTION_DENY 1000 }; 1001 1002 enum directions { 1003 DIR_IN = 1, 1004 DIR_OUT 1005 }; 1006 1007 enum from_spec { 1008 FROM_ALL, 1009 FROM_ADDRESS, 1010 FROM_DESCR, 1011 FROM_GROUP 1012 }; 1013 1014 enum comp_ops { 1015 OP_NONE, 1016 OP_RANGE, 1017 OP_XRANGE, 1018 OP_EQ, 1019 OP_NE, 1020 OP_LE, 1021 OP_LT, 1022 OP_GE, 1023 OP_GT 1024 }; 1025 1026 struct filter_peers { 1027 uint32_t peerid; 1028 uint32_t groupid; 1029 uint32_t remote_as; 1030 uint16_t ribid; 1031 uint8_t ebgp; 1032 uint8_t ibgp; 1033 }; 1034 1035 /* special community type, keep in sync with the attribute type */ 1036 #define COMMUNITY_TYPE_NONE 0 1037 #define COMMUNITY_TYPE_BASIC 8 1038 #define COMMUNITY_TYPE_EXT 16 1039 #define COMMUNITY_TYPE_LARGE 32 1040 1041 #define COMMUNITY_ANY 1 1042 #define COMMUNITY_NEIGHBOR_AS 2 1043 #define COMMUNITY_LOCAL_AS 3 1044 1045 /* wellknown community definitions */ 1046 #define COMMUNITY_WELLKNOWN 0xffff 1047 #define COMMUNITY_GRACEFUL_SHUTDOWN 0x0000 /* RFC 8326 */ 1048 #define COMMUNITY_BLACKHOLE 0x029A /* RFC 7999 */ 1049 #define COMMUNITY_NO_EXPORT 0xff01 1050 #define COMMUNITY_NO_ADVERTISE 0xff02 1051 #define COMMUNITY_NO_EXPSUBCONFED 0xff03 1052 #define COMMUNITY_NO_PEER 0xff04 /* RFC 3765 */ 1053 1054 /* extended community definitions */ 1055 #define EXT_COMMUNITY_IANA 0x80 1056 #define EXT_COMMUNITY_NON_TRANSITIVE 0x40 1057 #define EXT_COMMUNITY_VALUE 0x3f 1058 /* extended transitive types */ 1059 #define EXT_COMMUNITY_TRANS_TWO_AS 0x00 /* 2 octet AS specific */ 1060 #define EXT_COMMUNITY_TRANS_IPV4 0x01 /* IPv4 specific */ 1061 #define EXT_COMMUNITY_TRANS_FOUR_AS 0x02 /* 4 octet AS specific */ 1062 #define EXT_COMMUNITY_TRANS_OPAQUE 0x03 /* opaque ext community */ 1063 #define EXT_COMMUNITY_TRANS_EVPN 0x06 /* EVPN RFC 7432 */ 1064 /* extended non-transitive types */ 1065 #define EXT_COMMUNITY_NON_TRANS_TWO_AS 0x40 /* 2 octet AS specific */ 1066 #define EXT_COMMUNITY_NON_TRANS_IPV4 0x41 /* IPv4 specific */ 1067 #define EXT_COMMUNITY_NON_TRANS_FOUR_AS 0x42 /* 4 octet AS specific */ 1068 #define EXT_COMMUNITY_NON_TRANS_OPAQUE 0x43 /* opaque ext community */ 1069 #define EXT_COMMUNITY_UNKNOWN -1 1070 /* generic transitive types */ 1071 #define EXT_COMMUNITY_GEN_TWO_AS 0x80 /* 2 octet AS specific */ 1072 #define EXT_COMMUNITY_GEN_IPV4 0x81 /* IPv4 specific */ 1073 #define EXT_COMMUNITY_GEN_FOUR_AS 0x82 /* 4 octet AS specific */ 1074 1075 /* BGP Origin Validation State Extended Community RFC 8097 */ 1076 #define EXT_COMMUNITY_SUBTYPE_OVS 0 1077 #define EXT_COMMUNITY_OVS_VALID 0 1078 #define EXT_COMMUNITY_OVS_NOTFOUND 1 1079 #define EXT_COMMUNITY_OVS_INVALID 2 1080 1081 /* other handy defines */ 1082 #define EXT_COMMUNITY_OPAQUE_MAX 0xffffffffffffULL 1083 #define EXT_COMMUNITY_FLAG_VALID 0x01 1084 1085 struct ext_comm_pairs { 1086 uint8_t type; 1087 uint8_t subtype; 1088 const char *subname; 1089 }; 1090 1091 #define IANA_EXT_COMMUNITIES { \ 1092 { EXT_COMMUNITY_TRANS_TWO_AS, 0x02, "rt" }, \ 1093 { EXT_COMMUNITY_TRANS_TWO_AS, 0x03, "soo" }, \ 1094 { EXT_COMMUNITY_TRANS_TWO_AS, 0x05, "odi" }, \ 1095 { EXT_COMMUNITY_TRANS_TWO_AS, 0x08, "bdc" }, \ 1096 { EXT_COMMUNITY_TRANS_TWO_AS, 0x09, "srcas" }, \ 1097 { EXT_COMMUNITY_TRANS_TWO_AS, 0x0a, "l2vid" }, \ 1098 \ 1099 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x02, "rt" }, \ 1100 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x03, "soo" }, \ 1101 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x05, "odi" }, \ 1102 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x08, "bdc" }, \ 1103 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x09, "srcas" }, \ 1104 \ 1105 { EXT_COMMUNITY_TRANS_IPV4, 0x02, "rt" }, \ 1106 { EXT_COMMUNITY_TRANS_IPV4, 0x03, "soo" }, \ 1107 { EXT_COMMUNITY_TRANS_IPV4, 0x05, "odi" }, \ 1108 { EXT_COMMUNITY_TRANS_IPV4, 0x07, "ori" }, \ 1109 { EXT_COMMUNITY_TRANS_IPV4, 0x0a, "l2vid" }, \ 1110 { EXT_COMMUNITY_TRANS_IPV4, 0x0b, "vrfri" }, \ 1111 \ 1112 { EXT_COMMUNITY_TRANS_OPAQUE, 0x06, "ort" }, \ 1113 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0d, "defgw" }, \ 1114 \ 1115 { EXT_COMMUNITY_NON_TRANS_OPAQUE, EXT_COMMUNITY_SUBTYPE_OVS, "ovs" }, \ 1116 \ 1117 { EXT_COMMUNITY_TRANS_EVPN, 0x00, "mac-mob" }, \ 1118 { EXT_COMMUNITY_TRANS_EVPN, 0x01, "esi-lab" }, \ 1119 { EXT_COMMUNITY_TRANS_EVPN, 0x02, "esi-rt" }, \ 1120 \ 1121 { EXT_COMMUNITY_GEN_TWO_AS, 0x06, "flow-rate" }, \ 1122 { EXT_COMMUNITY_GEN_TWO_AS, 0x0c, "flow-pps" }, \ 1123 { EXT_COMMUNITY_GEN_TWO_AS, 0x07, "flow-action" }, \ 1124 { EXT_COMMUNITY_GEN_TWO_AS, 0x08, "flow-rt-redir" }, \ 1125 { EXT_COMMUNITY_GEN_IPV4, 0x08, "flow-rt-redir" }, \ 1126 { EXT_COMMUNITY_GEN_FOUR_AS, 0x08, "flow-rt-redir" }, \ 1127 { EXT_COMMUNITY_GEN_TWO_AS, 0x09, "flow-dscp" }, \ 1128 \ 1129 { 0 } \ 1130 } 1131 1132 extern const struct ext_comm_pairs iana_ext_comms[]; 1133 1134 /* BGP flowspec defines RFC 8955 and 8956 */ 1135 #define FLOWSPEC_LEN_LIMIT 0xf0 1136 #define FLOWSPEC_OP_EOL 0x80 1137 #define FLOWSPEC_OP_AND 0x40 1138 #define FLOWSPEC_OP_LEN_MASK 0x30 1139 #define FLOWSPEC_OP_LEN_SHIFT 4 1140 #define FLOWSPEC_OP_LEN(op) \ 1141 (1 << (((op) & FLOWSPEC_OP_LEN_MASK) >> FLOWSPEC_OP_LEN_SHIFT)) 1142 #define FLOWSPEC_OP_NUM_LT 0x04 1143 #define FLOWSPEC_OP_NUM_GT 0x02 1144 #define FLOWSPEC_OP_NUM_EQ 0x01 1145 #define FLOWSPEC_OP_NUM_LE (FLOWSPEC_OP_NUM_LT | FLOWSPEC_OP_NUM_EQ) 1146 #define FLOWSPEC_OP_NUM_GE (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_EQ) 1147 #define FLOWSPEC_OP_NUM_NOT (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_LT) 1148 #define FLOWSPEC_OP_NUM_MASK 0x07 1149 #define FLOWSPEC_OP_BIT_NOT 0x02 1150 #define FLOWSPEC_OP_BIT_MATCH 0x01 1151 #define FLOWSPEC_OP_BIT_MASK 0x03 1152 1153 #define FLOWSPEC_TYPE_MIN 1 1154 #define FLOWSPEC_TYPE_DEST 1 1155 #define FLOWSPEC_TYPE_SOURCE 2 1156 #define FLOWSPEC_TYPE_PROTO 3 1157 #define FLOWSPEC_TYPE_PORT 4 1158 #define FLOWSPEC_TYPE_DST_PORT 5 1159 #define FLOWSPEC_TYPE_SRC_PORT 6 1160 #define FLOWSPEC_TYPE_ICMP_TYPE 7 1161 #define FLOWSPEC_TYPE_ICMP_CODE 8 1162 #define FLOWSPEC_TYPE_TCP_FLAGS 9 1163 #define FLOWSPEC_TYPE_PKT_LEN 10 1164 #define FLOWSPEC_TYPE_DSCP 11 1165 #define FLOWSPEC_TYPE_FRAG 12 1166 #define FLOWSPEC_TYPE_FLOW 13 1167 #define FLOWSPEC_TYPE_MAX 14 1168 1169 #define FLOWSPEC_TCP_FLAG_STRING "FSRPAUEW" 1170 #define FLOWSPEC_FRAG_STRING4 "DIFL" 1171 #define FLOWSPEC_FRAG_STRING6 " IFL" 1172 1173 struct filter_prefix { 1174 struct bgpd_addr addr; 1175 uint8_t op; 1176 uint8_t len; 1177 uint8_t len_min; 1178 uint8_t len_max; 1179 }; 1180 1181 struct filter_nexthop { 1182 struct bgpd_addr addr; 1183 uint8_t flags; 1184 #define FILTER_NEXTHOP_ADDR 1 1185 #define FILTER_NEXTHOP_NEIGHBOR 2 1186 }; 1187 1188 struct filter_match { 1189 struct filter_prefix prefix; 1190 struct filter_nexthop nexthop; 1191 struct filter_as as; 1192 struct filter_aslen aslen; 1193 struct community community[MAX_COMM_MATCH]; 1194 struct filter_prefixset prefixset; 1195 struct filter_originset originset; 1196 struct filter_vs ovs; 1197 struct filter_vs avs; 1198 int maxcomm; 1199 int maxextcomm; 1200 int maxlargecomm; 1201 }; 1202 1203 struct filter_rule { 1204 TAILQ_ENTRY(filter_rule) entry; 1205 char rib[PEER_DESCR_LEN]; 1206 struct filter_peers peer; 1207 struct filter_match match; 1208 struct filter_set_head set; 1209 #define RDE_FILTER_SKIP_PEERID 0 1210 #define RDE_FILTER_SKIP_GROUPID 1 1211 #define RDE_FILTER_SKIP_REMOTE_AS 2 1212 #define RDE_FILTER_SKIP_COUNT 3 1213 struct filter_rule *skip[RDE_FILTER_SKIP_COUNT]; 1214 enum filter_actions action; 1215 enum directions dir; 1216 uint8_t quick; 1217 }; 1218 1219 enum action_types { 1220 ACTION_SET_LOCALPREF, 1221 ACTION_SET_RELATIVE_LOCALPREF, 1222 ACTION_SET_MED, 1223 ACTION_SET_RELATIVE_MED, 1224 ACTION_SET_WEIGHT, 1225 ACTION_SET_RELATIVE_WEIGHT, 1226 ACTION_SET_PREPEND_SELF, 1227 ACTION_SET_PREPEND_PEER, 1228 ACTION_SET_AS_OVERRIDE, 1229 ACTION_SET_NEXTHOP, 1230 ACTION_SET_NEXTHOP_REF, 1231 ACTION_SET_NEXTHOP_REJECT, 1232 ACTION_SET_NEXTHOP_BLACKHOLE, 1233 ACTION_SET_NEXTHOP_NOMODIFY, 1234 ACTION_SET_NEXTHOP_SELF, 1235 ACTION_DEL_COMMUNITY, 1236 ACTION_SET_COMMUNITY, 1237 ACTION_PFTABLE, 1238 ACTION_PFTABLE_ID, 1239 ACTION_RTLABEL, 1240 ACTION_RTLABEL_ID, 1241 ACTION_SET_ORIGIN 1242 }; 1243 1244 struct nexthop; 1245 struct filter_set { 1246 TAILQ_ENTRY(filter_set) entry; 1247 union { 1248 uint8_t prepend; 1249 uint16_t id; 1250 uint32_t metric; 1251 int32_t relative; 1252 struct bgpd_addr nexthop; 1253 struct nexthop *nh_ref; 1254 struct community community; 1255 char pftable[PFTABLE_LEN]; 1256 char rtlabel[ROUTELABEL_LEN]; 1257 uint8_t origin; 1258 } action; 1259 enum action_types type; 1260 }; 1261 1262 struct roa_set { 1263 uint32_t as; /* must be first */ 1264 uint32_t maxlen; /* change type for better struct layout */ 1265 }; 1266 1267 struct prefixset_item { 1268 struct filter_prefix p; 1269 RB_ENTRY(prefixset_item) entry; 1270 }; 1271 1272 struct prefixset { 1273 int sflags; 1274 char name[SET_NAME_LEN]; 1275 struct prefixset_tree psitems; 1276 struct roa_tree roaitems; 1277 SIMPLEQ_ENTRY(prefixset) entry; 1278 }; 1279 1280 struct as_set { 1281 char name[SET_NAME_LEN]; 1282 SIMPLEQ_ENTRY(as_set) entry; 1283 struct set_table *set; 1284 time_t lastchange; 1285 int dirty; 1286 }; 1287 1288 struct aspa_set { 1289 time_t expires; 1290 uint32_t as; 1291 uint32_t num; 1292 uint32_t *tas; 1293 RB_ENTRY(aspa_set) entry; 1294 }; 1295 1296 struct aspa_prep { 1297 size_t datasize; 1298 uint32_t entries; 1299 }; 1300 1301 struct l3vpn { 1302 SIMPLEQ_ENTRY(l3vpn) entry; 1303 char descr[PEER_DESCR_LEN]; 1304 char ifmpe[IFNAMSIZ]; 1305 struct filter_set_head import; 1306 struct filter_set_head export; 1307 struct network_head net_l; 1308 uint64_t rd; 1309 u_int rtableid; 1310 u_int label; 1311 int flags; 1312 }; 1313 1314 struct rde_rib { 1315 SIMPLEQ_ENTRY(rde_rib) entry; 1316 char name[PEER_DESCR_LEN]; 1317 u_int rtableid; 1318 uint16_t id; 1319 uint16_t flags; 1320 }; 1321 SIMPLEQ_HEAD(rib_names, rde_rib); 1322 extern struct rib_names ribnames; 1323 1324 /* rde_rib flags */ 1325 #define F_RIB_LOCAL 0x0001 1326 #define F_RIB_NOEVALUATE 0x0002 1327 #define F_RIB_NOFIB 0x0004 1328 #define F_RIB_NOFIBSYNC 0x0008 1329 1330 /* 4-byte magic AS number */ 1331 #define AS_TRANS 23456 1332 /* AS_NONE for origin validation */ 1333 #define AS_NONE 0 1334 1335 struct rde_memstats { 1336 long long path_cnt; 1337 long long path_refs; 1338 long long prefix_cnt; 1339 long long rib_cnt; 1340 long long pt_cnt[AID_MAX]; 1341 long long pt_size[AID_MAX]; 1342 long long nexthop_cnt; 1343 long long aspath_cnt; 1344 long long aspath_size; 1345 long long comm_cnt; 1346 long long comm_nmemb; 1347 long long comm_size; 1348 long long comm_refs; 1349 long long attr_cnt; 1350 long long attr_refs; 1351 long long attr_data; 1352 long long attr_dcnt; 1353 long long aset_cnt; 1354 long long aset_size; 1355 long long aset_nmemb; 1356 long long pset_cnt; 1357 long long pset_size; 1358 }; 1359 1360 #define MRT_FILE_LEN 512 1361 #define MRT2MC(x) ((struct mrt_config *)(x)) 1362 1363 enum mrt_type { 1364 MRT_NONE, 1365 MRT_TABLE_DUMP, 1366 MRT_TABLE_DUMP_MP, 1367 MRT_TABLE_DUMP_V2, 1368 MRT_ALL_IN, 1369 MRT_ALL_OUT, 1370 MRT_UPDATE_IN, 1371 MRT_UPDATE_OUT 1372 }; 1373 1374 enum mrt_state { 1375 MRT_STATE_RUNNING, 1376 MRT_STATE_OPEN, 1377 MRT_STATE_REOPEN, 1378 MRT_STATE_REMOVE 1379 }; 1380 1381 struct mrt { 1382 char rib[PEER_DESCR_LEN]; 1383 struct msgbuf wbuf; 1384 LIST_ENTRY(mrt) entry; 1385 uint32_t peer_id; 1386 uint32_t group_id; 1387 enum mrt_type type; 1388 enum mrt_state state; 1389 uint16_t seqnum; 1390 }; 1391 1392 struct mrt_config { 1393 struct mrt conf; 1394 char name[MRT_FILE_LEN]; /* base file name */ 1395 char file[MRT_FILE_LEN]; /* actual file name */ 1396 time_t ReopenTimer; 1397 int ReopenTimerInterval; 1398 }; 1399 1400 /* prototypes */ 1401 /* bgpd.c */ 1402 void send_nexthop_update(struct kroute_nexthop *); 1403 void send_imsg_session(int, pid_t, void *, uint16_t); 1404 int send_network(int, struct network_config *, 1405 struct filter_set_head *); 1406 int bgpd_oknexthop(struct kroute_full *); 1407 void set_pollfd(struct pollfd *, struct imsgbuf *); 1408 int handle_pollfd(struct pollfd *, struct imsgbuf *); 1409 1410 /* control.c */ 1411 int control_imsg_relay(struct imsg *, struct peer *); 1412 1413 /* config.c */ 1414 struct bgpd_config *new_config(void); 1415 void copy_config(struct bgpd_config *, struct bgpd_config *); 1416 void network_free(struct network *); 1417 struct flowspec_config *flowspec_alloc(uint8_t, int); 1418 void flowspec_free(struct flowspec_config *); 1419 void free_l3vpns(struct l3vpn_head *); 1420 void free_config(struct bgpd_config *); 1421 void free_prefixsets(struct prefixset_head *); 1422 void free_rde_prefixsets(struct rde_prefixset_head *); 1423 void free_prefixtree(struct prefixset_tree *); 1424 void free_roatree(struct roa_tree *); 1425 void free_aspa(struct aspa_set *); 1426 void free_aspatree(struct aspa_tree *); 1427 void free_rtrs(struct rtr_config_head *); 1428 void filterlist_free(struct filter_head *); 1429 int host(const char *, struct bgpd_addr *, uint8_t *); 1430 uint32_t get_bgpid(void); 1431 void expand_networks(struct bgpd_config *, struct network_head *); 1432 RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); 1433 RB_PROTOTYPE(roa_tree, roa, entry, roa_cmp); 1434 RB_PROTOTYPE(aspa_tree, aspa_set, entry, aspa_cmp); 1435 RB_PROTOTYPE(flowspec_tree, flowspec_config, entry, flowspec_config_cmp); 1436 1437 /* kroute.c */ 1438 int kr_init(int *, uint8_t); 1439 int kr_default_prio(void); 1440 int kr_check_prio(long long); 1441 int ktable_update(u_int, char *, int); 1442 void ktable_preload(void); 1443 void ktable_postload(void); 1444 int ktable_exists(u_int, u_int *); 1445 int kr_change(u_int, struct kroute_full *); 1446 int kr_delete(u_int, struct kroute_full *); 1447 int kr_flush(u_int); 1448 void kr_shutdown(void); 1449 void kr_fib_couple(u_int); 1450 void kr_fib_couple_all(void); 1451 void kr_fib_decouple(u_int); 1452 void kr_fib_decouple_all(void); 1453 void kr_fib_prio_set(uint8_t); 1454 int kr_dispatch_msg(void); 1455 int kr_nexthop_add(uint32_t, struct bgpd_addr *); 1456 void kr_nexthop_delete(uint32_t, struct bgpd_addr *); 1457 void kr_show_route(struct imsg *); 1458 void kr_ifinfo(char *); 1459 void kr_net_reload(u_int, uint64_t, struct network_head *); 1460 int kr_reload(void); 1461 int get_mpe_config(const char *, u_int *, u_int *); 1462 uint8_t mask2prefixlen(sa_family_t, struct sockaddr *); 1463 1464 /* log.c */ 1465 void log_peer_info(const struct peer_config *, const char *, ...) 1466 __attribute__((__format__ (printf, 2, 3))); 1467 void log_peer_warn(const struct peer_config *, const char *, ...) 1468 __attribute__((__format__ (printf, 2, 3))); 1469 void log_peer_warnx(const struct peer_config *, const char *, ...) 1470 __attribute__((__format__ (printf, 2, 3))); 1471 1472 /* mrt.c */ 1473 void mrt_write(struct mrt *); 1474 void mrt_clean(struct mrt *); 1475 void mrt_init(struct imsgbuf *, struct imsgbuf *); 1476 time_t mrt_timeout(struct mrt_head *); 1477 void mrt_reconfigure(struct mrt_head *); 1478 void mrt_handler(struct mrt_head *); 1479 struct mrt *mrt_get(struct mrt_head *, struct mrt *); 1480 void mrt_mergeconfig(struct mrt_head *, struct mrt_head *); 1481 1482 /* name2id.c */ 1483 uint16_t rtlabel_name2id(const char *); 1484 const char *rtlabel_id2name(uint16_t); 1485 void rtlabel_unref(uint16_t); 1486 uint16_t rtlabel_ref(uint16_t); 1487 uint16_t pftable_name2id(const char *); 1488 const char *pftable_id2name(uint16_t); 1489 void pftable_unref(uint16_t); 1490 uint16_t pftable_ref(uint16_t); 1491 1492 /* parse.y */ 1493 int cmdline_symset(char *); 1494 struct prefixset *find_prefixset(char *, struct prefixset_head *); 1495 struct bgpd_config *parse_config(char *, struct peer_head *, 1496 struct rtr_config_head *); 1497 1498 /* pftable.c */ 1499 int pftable_exists(const char *); 1500 int pftable_add(const char *); 1501 int pftable_clear_all(void); 1502 int pftable_addr_add(struct pftable_msg *); 1503 int pftable_addr_remove(struct pftable_msg *); 1504 int pftable_commit(void); 1505 1506 /* rde_filter.c */ 1507 void filterset_free(struct filter_set_head *); 1508 int filterset_cmp(struct filter_set *, struct filter_set *); 1509 void filterset_move(struct filter_set_head *, struct filter_set_head *); 1510 void filterset_copy(struct filter_set_head *, struct filter_set_head *); 1511 const char *filterset_name(enum action_types); 1512 1513 /* rde_sets.c */ 1514 struct as_set *as_sets_lookup(struct as_set_head *, const char *); 1515 struct as_set *as_sets_new(struct as_set_head *, const char *, size_t, 1516 size_t); 1517 void as_sets_free(struct as_set_head *); 1518 void as_sets_mark_dirty(struct as_set_head *, struct as_set_head *); 1519 int as_set_match(const struct as_set *, uint32_t); 1520 1521 struct set_table *set_new(size_t, size_t); 1522 void set_free(struct set_table *); 1523 int set_add(struct set_table *, void *, size_t); 1524 void *set_get(struct set_table *, size_t *); 1525 void set_prep(struct set_table *); 1526 void *set_match(const struct set_table *, uint32_t); 1527 int set_equal(const struct set_table *, 1528 const struct set_table *); 1529 size_t set_nmemb(const struct set_table *); 1530 1531 /* rde_trie.c */ 1532 int trie_add(struct trie_head *, struct bgpd_addr *, uint8_t, uint8_t, 1533 uint8_t); 1534 int trie_roa_add(struct trie_head *, struct roa *); 1535 void trie_free(struct trie_head *); 1536 int trie_match(struct trie_head *, struct bgpd_addr *, uint8_t, int); 1537 int trie_roa_check(struct trie_head *, struct bgpd_addr *, uint8_t, 1538 uint32_t); 1539 void trie_dump(struct trie_head *); 1540 int trie_equal(struct trie_head *, struct trie_head *); 1541 1542 /* timer.c */ 1543 time_t getmonotime(void); 1544 1545 /* util.c */ 1546 char *ibuf_get_string(struct ibuf *, size_t); 1547 const char *log_addr(const struct bgpd_addr *); 1548 const char *log_in6addr(const struct in6_addr *); 1549 const char *log_sockaddr(struct sockaddr *, socklen_t); 1550 const char *log_as(uint32_t); 1551 const char *log_rd(uint64_t); 1552 const char *log_ext_subtype(int, uint8_t); 1553 const char *log_reason(const char *); 1554 const char *log_aspath_error(int); 1555 const char *log_roa(struct roa *); 1556 const char *log_aspa(struct aspa_set *); 1557 const char *log_rtr_error(enum rtr_error); 1558 const char *log_policy(enum role); 1559 const char *log_capability(uint8_t); 1560 int aspath_asprint(char **, struct ibuf *); 1561 uint32_t aspath_extract(const void *, int); 1562 int aspath_verify(struct ibuf *, int, int); 1563 #define AS_ERR_LEN -1 1564 #define AS_ERR_TYPE -2 1565 #define AS_ERR_BAD -3 1566 #define AS_ERR_SOFT -4 1567 struct ibuf *aspath_inflate(struct ibuf *); 1568 int extract_prefix(const u_char *, int, void *, uint8_t, uint8_t); 1569 int nlri_get_prefix(struct ibuf *, struct bgpd_addr *, uint8_t *); 1570 int nlri_get_prefix6(struct ibuf *, struct bgpd_addr *, uint8_t *); 1571 int nlri_get_vpn4(struct ibuf *, struct bgpd_addr *, uint8_t *, 1572 int); 1573 int nlri_get_vpn6(struct ibuf *, struct bgpd_addr *, uint8_t *, 1574 int); 1575 int prefix_compare(const struct bgpd_addr *, 1576 const struct bgpd_addr *, int); 1577 void inet4applymask(struct in_addr *, const struct in_addr *, int); 1578 void inet6applymask(struct in6_addr *, const struct in6_addr *, 1579 int); 1580 void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); 1581 const char *aid2str(uint8_t); 1582 int aid2afi(uint8_t, uint16_t *, uint8_t *); 1583 int afi2aid(uint16_t, uint8_t, uint8_t *); 1584 sa_family_t aid2af(uint8_t); 1585 int af2aid(sa_family_t, uint8_t, uint8_t *); 1586 struct sockaddr *addr2sa(const struct bgpd_addr *, uint16_t, socklen_t *); 1587 void sa2addr(struct sockaddr *, struct bgpd_addr *, uint16_t *); 1588 const char * get_baudrate(unsigned long long, char *); 1589 1590 /* flowspec.c */ 1591 int flowspec_valid(const uint8_t *, int, int); 1592 int flowspec_cmp(const uint8_t *, int, const uint8_t *, int, int); 1593 int flowspec_get_component(const uint8_t *, int, int, int, 1594 const uint8_t **, int *); 1595 int flowspec_get_addr(const uint8_t *, int, int, int, struct bgpd_addr *, 1596 uint8_t *, uint8_t *); 1597 const char *flowspec_fmt_label(int); 1598 const char *flowspec_fmt_num_op(const uint8_t *, int, int *); 1599 const char *flowspec_fmt_bin_op(const uint8_t *, int, int *, const char *); 1600 1601 static const char * const log_procnames[] = { 1602 "parent", 1603 "SE", 1604 "RDE", 1605 "RTR" 1606 }; 1607 1608 /* logmsg.c and needed by bgpctl */ 1609 static const char * const statenames[] = { 1610 "None", 1611 "Idle", 1612 "Connect", 1613 "Active", 1614 "OpenSent", 1615 "OpenConfirm", 1616 "Established" 1617 }; 1618 1619 static const char * const msgtypenames[] = { 1620 "NONE", 1621 "OPEN", 1622 "UPDATE", 1623 "NOTIFICATION", 1624 "KEEPALIVE", 1625 "RREFRESH" 1626 }; 1627 1628 static const char * const eventnames[] = { 1629 "None", 1630 "Start", 1631 "Stop", 1632 "Connection opened", 1633 "Connection closed", 1634 "Connection open failed", 1635 "Fatal error", 1636 "ConnectRetryTimer expired", 1637 "HoldTimer expired", 1638 "KeepaliveTimer expired", 1639 "SendHoldTimer expired", 1640 "OPEN message received", 1641 "KEEPALIVE message received", 1642 "UPDATE message received", 1643 "NOTIFICATION received" 1644 }; 1645 1646 static const char * const errnames[] = { 1647 "none", 1648 "Header error", 1649 "error in OPEN message", 1650 "error in UPDATE message", 1651 "HoldTimer expired", 1652 "Finite State Machine error", 1653 "Cease", 1654 "error in ROUTE-REFRESH message" 1655 }; 1656 1657 static const char * const suberr_header_names[] = { 1658 "none", 1659 "synchronization error", 1660 "wrong length", 1661 "unknown message type" 1662 }; 1663 1664 static const char * const suberr_open_names[] = { 1665 "none", 1666 "version mismatch", 1667 "AS unacceptable", 1668 "BGPID invalid", 1669 "optional parameter error", 1670 "authentication error", 1671 "unacceptable holdtime", 1672 "unsupported capability", 1673 NULL, 1674 NULL, 1675 NULL, 1676 "role mismatch", 1677 }; 1678 1679 static const char * const suberr_fsm_names[] = { 1680 "unspecified error", 1681 "received unexpected message in OpenSent", 1682 "received unexpected message in OpenConfirm", 1683 "received unexpected message in Established" 1684 }; 1685 1686 static const char * const suberr_update_names[] = { 1687 "none", 1688 "attribute list error", 1689 "unknown well-known attribute", 1690 "well-known attribute missing", 1691 "attribute flags error", 1692 "attribute length wrong", 1693 "origin unacceptable", 1694 "loop detected", 1695 "nexthop unacceptable", 1696 "optional attribute error", 1697 "network unacceptable", 1698 "AS-Path unacceptable" 1699 }; 1700 1701 static const char * const suberr_cease_names[] = { 1702 "none", 1703 "received max-prefix exceeded", 1704 "administratively down", 1705 "peer unconfigured", 1706 "administrative reset", 1707 "connection rejected", 1708 "other config change", 1709 "collision", 1710 "resource exhaustion", 1711 "hard reset", 1712 "sent max-prefix exceeded" 1713 }; 1714 1715 static const char * const suberr_rrefresh_names[] = { 1716 "none", 1717 "invalid message length" 1718 }; 1719 1720 static const char * const ctl_res_strerror[] = { 1721 "no error", 1722 "no such neighbor", 1723 "permission denied", 1724 "neighbor does not have this capability", 1725 "config file has errors, reload failed", 1726 "previous reload still running", 1727 "out of memory", 1728 "not a cloned peer", 1729 "peer still active, down peer first", 1730 "no such RIB", 1731 "operation not supported", 1732 }; 1733 1734 static const char * const timernames[] = { 1735 "None", 1736 "ConnectRetryTimer", 1737 "KeepaliveTimer", 1738 "HoldTimer", 1739 "SendHoldTimer", 1740 "IdleHoldTimer", 1741 "IdleHoldResetTimer", 1742 "CarpUndemoteTimer", 1743 "RestartTimer", 1744 "RTR RefreshTimer", 1745 "RTR RetryTimer", 1746 "RTR ExpireTimer", 1747 "RTR ActiveTimer", 1748 "" 1749 }; 1750 1751 #endif /* __BGPD_H__ */ 1752