1 /* $OpenBSD: bgpd.h,v 1.496 2024/09/04 15:06:36 claudio Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #ifndef __BGPD_H__ 19 #define __BGPD_H__ 20 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 #include <net/if.h> 28 29 #include <poll.h> 30 #include <stdarg.h> 31 #include <stdint.h> 32 33 #include <imsg.h> 34 35 #define BGP_VERSION 4 36 #define RTR_MAX_VERSION 2 37 #define RTR_DEFAULT_VERSION 1 38 #define BGP_PORT 179 39 #define RTR_PORT 323 40 #define CONFFILE "/etc/bgpd.conf" 41 #define BGPD_USER "_bgpd" 42 #define PEER_DESCR_LEN 64 43 #define REASON_LEN 256 /* includes NUL terminator */ 44 #define PFTABLE_LEN 32 45 #define ROUTELABEL_LEN 32 46 #define TCP_MD5_KEY_LEN 80 47 #define IPSEC_ENC_KEY_LEN 32 48 #define IPSEC_AUTH_KEY_LEN 20 49 #define SET_NAME_LEN 128 50 51 #define MAX_PKTSIZE 4096 52 #define MIN_HOLDTIME 3 53 #define READ_BUF_SIZE 65535 54 #define MAX_SOCK_BUF (4 * READ_BUF_SIZE) 55 #define RT_BUF_SIZE 16384 56 #define MAX_RTSOCK_BUF (2 * 1024 * 1024) 57 #define MAX_COMM_MATCH 3 58 #define MAX_ASPA_SPAS_COUNT 10000 59 60 #define BGPD_OPT_VERBOSE 0x0001 61 #define BGPD_OPT_VERBOSE2 0x0002 62 #define BGPD_OPT_NOACTION 0x0004 63 #define BGPD_OPT_FORCE_DEMOTE 0x0008 64 65 #define BGPD_FLAG_REFLECTOR 0x0004 66 #define BGPD_FLAG_NEXTHOP_BGP 0x0010 67 #define BGPD_FLAG_NEXTHOP_DEFAULT 0x0020 68 #define BGPD_FLAG_DECISION_MASK 0x0f00 69 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 70 #define BGPD_FLAG_DECISION_TRANS_AS 0x0200 71 #define BGPD_FLAG_DECISION_MED_ALWAYS 0x0400 72 #define BGPD_FLAG_DECISION_ALL_PATHS 0x0800 73 #define BGPD_FLAG_NO_AS_SET 0x1000 74 75 #define BGPD_LOG_UPDATES 0x0001 76 77 #define SOCKET_NAME "/var/run/bgpd.sock" 78 79 #define F_BGPD 0x0001 80 #define F_BGPD_INSERTED 0x0002 81 #define F_CONNECTED 0x0004 82 #define F_STATIC 0x0008 83 #define F_NEXTHOP 0x0010 84 #define F_REJECT 0x0020 85 #define F_BLACKHOLE 0x0040 86 #define F_MPLS 0x0080 87 #define F_LONGER 0x0200 88 #define F_SHORTER 0x0400 89 #define F_CTL_DETAIL 0x1000 /* only set on requests */ 90 #define F_CTL_ADJ_IN 0x2000 /* only set on requests */ 91 #define F_CTL_ADJ_OUT 0x4000 /* only set on requests */ 92 #define F_CTL_BEST 0x8000 93 #define F_CTL_INELIGIBLE 0x10000 /* only set on requests */ 94 #define F_CTL_LEAKED 0x20000 /* only set on requests */ 95 #define F_CTL_INVALID 0x40000 /* only set on requests */ 96 #define F_CTL_OVS_VALID 0x80000 97 #define F_CTL_OVS_INVALID 0x100000 98 #define F_CTL_OVS_NOTFOUND 0x200000 99 #define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */ 100 #define F_CTL_HAS_PATHID 0x800000 /* only set on requests */ 101 #define F_CTL_AVS_VALID 0x1000000 102 #define F_CTL_AVS_INVALID 0x2000000 103 #define F_CTL_AVS_UNKNOWN 0x4000000 104 #define F_CTL_FILTERED 0x8000000 /* only set on requests */ 105 #define F_CTL_SSV 0x80000000 /* only used by bgpctl */ 106 107 #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ 108 __attribute__((__unused__)) 109 110 /* 111 * Note that these numeric assignments differ from the numbers commonly 112 * used in route origin validation context. 113 */ 114 #define ROA_NOTFOUND 0x0 /* default */ 115 #define ROA_INVALID 0x1 116 #define ROA_VALID 0x2 117 #define ROA_MASK 0x3 118 119 #define ASPA_UNKNOWN 0x00 /* default */ 120 #define ASPA_INVALID 0x01 121 #define ASPA_VALID 0x02 122 #define ASPA_MASK 0x03 123 #define ASPA_NEVER_KNOWN 0x08 /* unknown and check never needed */ 124 125 /* 126 * Limit the number of messages queued in the session engine. 127 * The SE will send an IMSG_XOFF messages to the RDE if the high water mark 128 * is reached. The RDE should then throttle this peer or control connection. 129 * Once the message queue in the SE drops below the low water mark an 130 * IMSG_XON message will be sent and the RDE will produce more messages again. 131 */ 132 #define RDE_RUNNER_ROUNDS 100 133 #define SESS_MSG_HIGH_MARK 2000 134 #define SESS_MSG_LOW_MARK 500 135 #define CTL_MSG_HIGH_MARK 500 136 #define CTL_MSG_LOW_MARK 100 137 138 enum bgpd_process { 139 PROC_MAIN, 140 PROC_SE, 141 PROC_RDE, 142 PROC_RTR, 143 }; 144 145 enum reconf_action { 146 RECONF_NONE, 147 RECONF_KEEP, 148 RECONF_REINIT, 149 RECONF_RELOAD, 150 RECONF_DELETE 151 }; 152 153 /* Address Family Numbers as per RFC 1700 */ 154 #define AFI_UNSPEC 0 155 #define AFI_IPv4 1 156 #define AFI_IPv6 2 157 158 /* Subsequent Address Family Identifier as per RFC 4760 */ 159 #define SAFI_NONE 0 160 #define SAFI_UNICAST 1 161 #define SAFI_MULTICAST 2 162 #define SAFI_MPLS 4 163 #define SAFI_MPLSVPN 128 164 #define SAFI_FLOWSPEC 133 165 #define SAFI_VPNFLOWSPEC 134 166 167 struct aid { 168 uint16_t afi; 169 sa_family_t af; 170 uint8_t safi; 171 const char *name; 172 }; 173 174 extern const struct aid aid_vals[]; 175 176 #define AID_UNSPEC 0 177 #define AID_INET 1 178 #define AID_INET6 2 179 #define AID_VPN_IPv4 3 180 #define AID_VPN_IPv6 4 181 #define AID_FLOWSPECv4 5 182 #define AID_FLOWSPECv6 6 183 #define AID_MAX 7 184 #define AID_MIN 1 /* skip AID_UNSPEC since that is a dummy */ 185 186 #define AID_VALS { \ 187 /* afi, af, safii, name */ \ 188 { AFI_UNSPEC, AF_UNSPEC, SAFI_NONE, "unspec"}, \ 189 { AFI_IPv4, AF_INET, SAFI_UNICAST, "IPv4 unicast" }, \ 190 { AFI_IPv6, AF_INET6, SAFI_UNICAST, "IPv6 unicast" }, \ 191 { AFI_IPv4, AF_INET, SAFI_MPLSVPN, "IPv4 vpn" }, \ 192 { AFI_IPv6, AF_INET6, SAFI_MPLSVPN, "IPv6 vpn" }, \ 193 { AFI_IPv4, AF_INET, SAFI_FLOWSPEC, "IPv4 flowspec" }, \ 194 { AFI_IPv6, AF_INET6, SAFI_FLOWSPEC, "IPv6 flowspec" }, \ 195 } 196 197 #define BGP_MPLS_BOS 0x01 198 199 struct bgpd_addr { 200 union { 201 struct in_addr v4; 202 struct in6_addr v6; 203 /* maximum size for a prefix is 256 bits */ 204 }; /* 128-bit address */ 205 uint64_t rd; /* route distinguisher for VPN addrs */ 206 uint32_t scope_id; /* iface scope id for v6 */ 207 uint8_t aid; 208 uint8_t labellen; /* size of the labelstack */ 209 uint8_t labelstack[18]; /* max that makes sense */ 210 }; 211 212 #define DEFAULT_LISTENER 0x01 213 #define LISTENER_LISTENING 0x02 214 215 struct listen_addr { 216 TAILQ_ENTRY(listen_addr) entry; 217 struct sockaddr_storage sa; 218 int fd; 219 enum reconf_action reconf; 220 socklen_t sa_len; 221 uint8_t flags; 222 }; 223 224 TAILQ_HEAD(listen_addrs, listen_addr); 225 TAILQ_HEAD(filter_set_head, filter_set); 226 227 struct peer; 228 RB_HEAD(peer_head, peer); 229 230 struct l3vpn; 231 SIMPLEQ_HEAD(l3vpn_head, l3vpn); 232 233 struct network; 234 TAILQ_HEAD(network_head, network); 235 236 struct flowspec_config; 237 RB_HEAD(flowspec_tree, flowspec_config); 238 239 struct prefixset; 240 SIMPLEQ_HEAD(prefixset_head, prefixset); 241 struct prefixset_item; 242 RB_HEAD(prefixset_tree, prefixset_item); 243 244 struct tentry_v4; 245 struct tentry_v6; 246 struct trie_head { 247 struct tentry_v4 *root_v4; 248 struct tentry_v6 *root_v6; 249 int match_default_v4; 250 int match_default_v6; 251 size_t v4_cnt; 252 size_t v6_cnt; 253 }; 254 255 struct rde_prefixset { 256 char name[SET_NAME_LEN]; 257 struct trie_head th; 258 SIMPLEQ_ENTRY(rde_prefixset) entry; 259 time_t lastchange; 260 int dirty; 261 }; 262 SIMPLEQ_HEAD(rde_prefixset_head, rde_prefixset); 263 264 struct roa { 265 RB_ENTRY(roa) entry; 266 uint8_t aid; 267 uint8_t prefixlen; 268 uint8_t maxlen; 269 uint8_t pad; 270 uint32_t asnum; 271 time_t expires; 272 union { 273 struct in_addr inet; 274 struct in6_addr inet6; 275 } prefix; 276 }; 277 278 RB_HEAD(roa_tree, roa); 279 struct aspa_set; 280 RB_HEAD(aspa_tree, aspa_set); 281 282 struct set_table; 283 struct as_set; 284 SIMPLEQ_HEAD(as_set_head, as_set); 285 286 struct filter_rule; 287 TAILQ_HEAD(filter_head, filter_rule); 288 289 struct rtr_config; 290 SIMPLEQ_HEAD(rtr_config_head, rtr_config); 291 292 struct bgpd_config { 293 struct peer_head peers; 294 struct l3vpn_head l3vpns; 295 struct network_head networks; 296 struct flowspec_tree flowspecs; 297 struct filter_head *filters; 298 struct listen_addrs *listen_addrs; 299 struct mrt_head *mrt; 300 struct prefixset_head prefixsets; 301 struct prefixset_head originsets; 302 struct roa_tree roa; 303 struct aspa_tree aspa; 304 struct rde_prefixset_head rde_prefixsets; 305 struct rde_prefixset_head rde_originsets; 306 struct as_set_head as_sets; 307 struct rtr_config_head rtrs; 308 char *csock; 309 char *rcsock; 310 int flags; 311 int log; 312 u_int default_tableid; 313 uint32_t bgpid; 314 uint32_t clusterid; 315 uint32_t as; 316 uint16_t short_as; 317 uint16_t holdtime; 318 uint16_t min_holdtime; 319 uint16_t connectretry; 320 uint8_t fib_priority; 321 uint8_t filtered_in_locrib; 322 }; 323 324 extern int cmd_opts; 325 326 enum addpath_mode { 327 ADDPATH_EVAL_NONE, 328 ADDPATH_EVAL_BEST, 329 ADDPATH_EVAL_ECMP, 330 ADDPATH_EVAL_AS_WIDE, 331 ADDPATH_EVAL_ALL, 332 }; 333 334 struct addpath_eval { 335 enum addpath_mode mode; 336 int extrapaths; 337 int maxpaths; 338 }; 339 340 enum export_type { 341 EXPORT_UNSET, 342 EXPORT_NONE, 343 EXPORT_DEFAULT_ROUTE 344 }; 345 346 enum enforce_as { 347 ENFORCE_AS_UNDEF, 348 ENFORCE_AS_OFF, 349 ENFORCE_AS_ON 350 }; 351 352 enum role { 353 ROLE_NONE, 354 ROLE_CUSTOMER, 355 ROLE_PROVIDER, 356 ROLE_RS, 357 ROLE_RS_CLIENT, 358 ROLE_PEER, 359 }; 360 361 enum auth_method { 362 AUTH_NONE, 363 AUTH_MD5SIG, 364 AUTH_IPSEC_MANUAL_ESP, 365 AUTH_IPSEC_MANUAL_AH, 366 AUTH_IPSEC_IKE_ESP, 367 AUTH_IPSEC_IKE_AH 368 }; 369 370 enum auth_alg { 371 AUTH_AALG_NONE, 372 AUTH_AALG_SHA1HMAC, 373 AUTH_AALG_MD5HMAC, 374 }; 375 376 enum auth_enc_alg { 377 AUTH_EALG_NONE, 378 AUTH_EALG_3DESCBC, 379 AUTH_EALG_AES, 380 }; 381 382 struct peer_auth { 383 char md5key[TCP_MD5_KEY_LEN]; 384 char auth_key_in[IPSEC_AUTH_KEY_LEN]; 385 char auth_key_out[IPSEC_AUTH_KEY_LEN]; 386 char enc_key_in[IPSEC_ENC_KEY_LEN]; 387 char enc_key_out[IPSEC_ENC_KEY_LEN]; 388 uint32_t spi_in; 389 uint32_t spi_out; 390 enum auth_method method; 391 enum auth_alg auth_alg_in; 392 enum auth_alg auth_alg_out; 393 enum auth_enc_alg enc_alg_in; 394 enum auth_enc_alg enc_alg_out; 395 uint8_t md5key_len; 396 uint8_t auth_keylen_in; 397 uint8_t auth_keylen_out; 398 uint8_t enc_keylen_in; 399 uint8_t enc_keylen_out; 400 }; 401 402 struct capabilities { 403 struct { 404 int16_t timeout; /* graceful restart timeout */ 405 int8_t flags[AID_MAX]; /* graceful restart per AID flags */ 406 int8_t restart; /* graceful restart, RFC 4724 */ 407 } grestart; 408 int8_t mp[AID_MAX]; /* multiprotocol extensions, RFC 4760 */ 409 int8_t add_path[AID_MAX]; /* ADD_PATH, RFC 7911 */ 410 int8_t refresh; /* route refresh, RFC 2918 */ 411 int8_t as4byte; /* 4-byte ASnum, RFC 4893 */ 412 int8_t enhanced_rr; /* enhanced route refresh, RFC 7313 */ 413 int8_t policy; /* Open Policy, RFC 9234, 2 = enforce */ 414 }; 415 416 enum capa_codes { 417 CAPA_NONE = 0, 418 CAPA_MP = 1, 419 CAPA_REFRESH = 2, 420 CAPA_ROLE = 9, 421 CAPA_RESTART = 64, 422 CAPA_AS4BYTE = 65, 423 CAPA_ADD_PATH = 69, 424 CAPA_ENHANCED_RR = 70, 425 }; 426 427 /* flags for RFC 4724 - graceful restart */ 428 #define CAPA_GR_PRESENT 0x01 429 #define CAPA_GR_RESTART 0x02 430 #define CAPA_GR_FORWARD 0x04 431 #define CAPA_GR_RESTARTING 0x08 432 #define CAPA_GR_TIMEMASK 0x0fff 433 #define CAPA_GR_R_FLAG 0x8000 434 #define CAPA_GR_F_FLAG 0x80 435 436 /* flags for RFC 7911 - enhanced router refresh */ 437 #define CAPA_AP_RECV 0x01 438 #define CAPA_AP_SEND 0x02 439 #define CAPA_AP_BIDIR 0x03 440 #define CAPA_AP_MASK 0x0f 441 #define CAPA_AP_RECV_ENFORCE 0x10 /* internal only */ 442 #define CAPA_AP_SEND_ENFORCE 0x20 /* internal only */ 443 444 /* values for RFC 9234 - BGP Open Policy */ 445 #define CAPA_ROLE_PROVIDER 0x00 446 #define CAPA_ROLE_RS 0x01 447 #define CAPA_ROLE_RS_CLIENT 0x02 448 #define CAPA_ROLE_CUSTOMER 0x03 449 #define CAPA_ROLE_PEER 0x04 450 451 struct peer_config { 452 struct bgpd_addr remote_addr; 453 struct bgpd_addr local_addr_v4; 454 struct bgpd_addr local_addr_v6; 455 struct peer_auth auth; 456 struct capabilities capabilities; 457 struct addpath_eval eval; 458 char group[PEER_DESCR_LEN]; 459 char descr[PEER_DESCR_LEN]; 460 char reason[REASON_LEN]; 461 char rib[PEER_DESCR_LEN]; 462 char if_depend[IFNAMSIZ]; 463 char demote_group[IFNAMSIZ]; 464 uint32_t id; 465 uint32_t groupid; 466 uint32_t remote_as; 467 uint32_t local_as; 468 uint32_t max_prefix; 469 uint32_t max_out_prefix; 470 enum export_type export_type; 471 enum enforce_as enforce_as; 472 enum enforce_as enforce_local_as; 473 enum role role; 474 uint16_t max_prefix_restart; 475 uint16_t max_out_prefix_restart; 476 uint16_t holdtime; 477 uint16_t min_holdtime; 478 uint16_t local_short_as; 479 uint16_t remote_port; 480 uint8_t template; 481 uint8_t remote_masklen; 482 uint8_t ebgp; /* 0 = ibgp else ebgp */ 483 uint8_t distance; /* 1 = direct, >1 = multihop */ 484 uint8_t passive; 485 uint8_t down; 486 uint8_t reflector_client; 487 uint8_t ttlsec; /* TTL security hack */ 488 uint8_t flags; 489 }; 490 491 #define PEER_ID_NONE 0 492 #define PEER_ID_SELF 1 493 #define PEER_ID_STATIC_MIN 2 /* exclude self */ 494 #define PEER_ID_STATIC_MAX (UINT_MAX / 2) 495 #define PEER_ID_DYN_MAX UINT_MAX 496 497 #define PEERFLAG_TRANS_AS 0x01 498 #define PEERFLAG_LOG_UPDATES 0x02 499 #define PEERFLAG_EVALUATE_ALL 0x04 500 #define PEERFLAG_NO_AS_SET 0x08 501 502 struct rde_peer_stats { 503 uint64_t prefix_rcvd_update; 504 uint64_t prefix_rcvd_withdraw; 505 uint64_t prefix_rcvd_eor; 506 uint64_t prefix_sent_update; 507 uint64_t prefix_sent_withdraw; 508 uint64_t prefix_sent_eor; 509 uint32_t prefix_cnt; 510 uint32_t prefix_out_cnt; 511 uint32_t pending_update; 512 uint32_t pending_withdraw; 513 }; 514 515 enum network_type { 516 NETWORK_DEFAULT, /* from network statements */ 517 NETWORK_STATIC, 518 NETWORK_CONNECTED, 519 NETWORK_RTLABEL, 520 NETWORK_MRTCLONE, 521 NETWORK_PRIORITY, 522 NETWORK_PREFIXSET, 523 }; 524 525 struct network_config { 526 struct bgpd_addr prefix; 527 struct filter_set_head attrset; 528 char psname[SET_NAME_LEN]; 529 uint64_t rd; 530 enum network_type type; 531 uint16_t rtlabel; 532 uint8_t prefixlen; 533 uint8_t priority; 534 uint8_t old; /* used for reloading */ 535 }; 536 537 struct network { 538 struct network_config net; 539 TAILQ_ENTRY(network) entry; 540 }; 541 542 struct flowspec { 543 uint16_t len; 544 uint8_t aid; 545 uint8_t flags; 546 uint8_t data[1]; 547 }; 548 #define FLOWSPEC_SIZE (offsetof(struct flowspec, data)) 549 550 struct flowspec_config { 551 RB_ENTRY(flowspec_config) entry; 552 struct filter_set_head attrset; 553 struct flowspec *flow; 554 enum reconf_action reconf_action; 555 }; 556 557 enum rtr_error { 558 NO_ERROR = -1, 559 CORRUPT_DATA = 0, 560 INTERNAL_ERROR, 561 NO_DATA_AVAILABLE, 562 INVALID_REQUEST, 563 UNSUPP_PROTOCOL_VERS, 564 UNSUPP_PDU_TYPE, 565 UNK_REC_WDRAWL, 566 DUP_REC_RECV, 567 UNEXP_PROTOCOL_VERS, 568 }; 569 570 struct rtr_config { 571 SIMPLEQ_ENTRY(rtr_config) entry; 572 char descr[PEER_DESCR_LEN]; 573 struct bgpd_addr remote_addr; 574 struct bgpd_addr local_addr; 575 uint32_t id; 576 uint16_t remote_port; 577 uint8_t min_version; 578 }; 579 580 struct rtr_config_msg { 581 char descr[PEER_DESCR_LEN]; 582 uint8_t min_version; 583 }; 584 585 struct ctl_show_rtr { 586 char descr[PEER_DESCR_LEN]; 587 char state[PEER_DESCR_LEN]; 588 char last_sent_msg[REASON_LEN]; 589 char last_recv_msg[REASON_LEN]; 590 struct bgpd_addr remote_addr; 591 struct bgpd_addr local_addr; 592 uint32_t serial; 593 uint32_t refresh; 594 uint32_t retry; 595 uint32_t expire; 596 int session_id; 597 enum rtr_error last_sent_error; 598 enum rtr_error last_recv_error; 599 uint16_t remote_port; 600 uint8_t version; 601 uint8_t min_version; 602 }; 603 604 enum imsg_type { 605 IMSG_NONE, 606 IMSG_CTL_END, 607 IMSG_CTL_RELOAD, 608 IMSG_CTL_FIB_COUPLE, 609 IMSG_CTL_FIB_DECOUPLE, 610 IMSG_CTL_NEIGHBOR_UP, 611 IMSG_CTL_NEIGHBOR_DOWN, 612 IMSG_CTL_NEIGHBOR_CLEAR, 613 IMSG_CTL_NEIGHBOR_RREFRESH, 614 IMSG_CTL_NEIGHBOR_DESTROY, 615 IMSG_CTL_KROUTE, 616 IMSG_CTL_KROUTE_ADDR, 617 IMSG_CTL_RESULT, 618 IMSG_CTL_SHOW_NEIGHBOR, 619 IMSG_CTL_SHOW_NEXTHOP, 620 IMSG_CTL_SHOW_INTERFACE, 621 IMSG_CTL_SHOW_RIB, 622 IMSG_CTL_SHOW_RIB_PREFIX, 623 IMSG_CTL_SHOW_RIB_COMMUNITIES, 624 IMSG_CTL_SHOW_RIB_ATTR, 625 IMSG_CTL_SHOW_NETWORK, 626 IMSG_CTL_SHOW_FLOWSPEC, 627 IMSG_CTL_SHOW_RIB_MEM, 628 IMSG_CTL_SHOW_TERSE, 629 IMSG_CTL_SHOW_TIMER, 630 IMSG_CTL_LOG_VERBOSE, 631 IMSG_CTL_SHOW_FIB_TABLES, 632 IMSG_CTL_SHOW_SET, 633 IMSG_CTL_SHOW_RTR, 634 IMSG_CTL_TERMINATE, 635 IMSG_NETWORK_ADD, 636 IMSG_NETWORK_ASPATH, 637 IMSG_NETWORK_ATTR, 638 IMSG_NETWORK_REMOVE, 639 IMSG_NETWORK_FLUSH, 640 IMSG_NETWORK_DONE, 641 IMSG_FLOWSPEC_ADD, 642 IMSG_FLOWSPEC_DONE, 643 IMSG_FLOWSPEC_REMOVE, 644 IMSG_FLOWSPEC_FLUSH, 645 IMSG_FILTER_SET, 646 IMSG_SOCKET_CONN, 647 IMSG_SOCKET_CONN_CTL, 648 IMSG_SOCKET_CONN_RTR, 649 IMSG_RECONF_CONF, 650 IMSG_RECONF_RIB, 651 IMSG_RECONF_PEER, 652 IMSG_RECONF_FILTER, 653 IMSG_RECONF_LISTENER, 654 IMSG_RECONF_CTRL, 655 IMSG_RECONF_VPN, 656 IMSG_RECONF_VPN_EXPORT, 657 IMSG_RECONF_VPN_IMPORT, 658 IMSG_RECONF_VPN_DONE, 659 IMSG_RECONF_PREFIX_SET, 660 IMSG_RECONF_PREFIX_SET_ITEM, 661 IMSG_RECONF_AS_SET, 662 IMSG_RECONF_AS_SET_ITEMS, 663 IMSG_RECONF_AS_SET_DONE, 664 IMSG_RECONF_ORIGIN_SET, 665 IMSG_RECONF_ROA_SET, 666 IMSG_RECONF_ROA_ITEM, 667 IMSG_RECONF_ASPA, 668 IMSG_RECONF_ASPA_TAS, 669 IMSG_RECONF_ASPA_DONE, 670 IMSG_RECONF_ASPA_PREP, 671 IMSG_RECONF_RTR_CONFIG, 672 IMSG_RECONF_DRAIN, 673 IMSG_RECONF_DONE, 674 IMSG_UPDATE, 675 IMSG_UPDATE_ERR, 676 IMSG_SESSION_ADD, 677 IMSG_SESSION_UP, 678 IMSG_SESSION_DOWN, 679 IMSG_SESSION_STALE, 680 IMSG_SESSION_NOGRACE, 681 IMSG_SESSION_FLUSH, 682 IMSG_SESSION_RESTARTED, 683 IMSG_SESSION_DEPENDON, 684 IMSG_PFKEY_RELOAD, 685 IMSG_MRT_OPEN, 686 IMSG_MRT_REOPEN, 687 IMSG_MRT_CLOSE, 688 IMSG_KROUTE_CHANGE, 689 IMSG_KROUTE_DELETE, 690 IMSG_KROUTE_FLUSH, 691 IMSG_NEXTHOP_ADD, 692 IMSG_NEXTHOP_REMOVE, 693 IMSG_NEXTHOP_UPDATE, 694 IMSG_PFTABLE_ADD, 695 IMSG_PFTABLE_REMOVE, 696 IMSG_PFTABLE_COMMIT, 697 IMSG_REFRESH, 698 IMSG_DEMOTE, 699 IMSG_XON, 700 IMSG_XOFF 701 }; 702 703 struct demote_msg { 704 char demote_group[IFNAMSIZ]; 705 int level; 706 }; 707 708 enum ctl_results { 709 CTL_RES_OK, 710 CTL_RES_NOSUCHPEER, 711 CTL_RES_DENIED, 712 CTL_RES_NOCAP, 713 CTL_RES_PARSE_ERROR, 714 CTL_RES_PENDING, 715 CTL_RES_NOMEM, 716 CTL_RES_BADPEER, 717 CTL_RES_BADSTATE, 718 CTL_RES_NOSUCHRIB, 719 CTL_RES_OPNOTSUPP, 720 }; 721 722 /* needed for session.h parse prototype */ 723 LIST_HEAD(mrt_head, mrt); 724 725 /* error codes and subcodes needed in SE and RDE */ 726 enum err_codes { 727 ERR_HEADER = 1, 728 ERR_OPEN, 729 ERR_UPDATE, 730 ERR_HOLDTIMEREXPIRED, 731 ERR_FSM, 732 ERR_CEASE, 733 ERR_RREFRESH, 734 ERR_SENDHOLDTIMEREXPIRED, 735 }; 736 737 enum suberr_update { 738 ERR_UPD_UNSPECIFIC, 739 ERR_UPD_ATTRLIST, 740 ERR_UPD_UNKNWN_WK_ATTR, 741 ERR_UPD_MISSNG_WK_ATTR, 742 ERR_UPD_ATTRFLAGS, 743 ERR_UPD_ATTRLEN, 744 ERR_UPD_ORIGIN, 745 ERR_UPD_LOOP, 746 ERR_UPD_NEXTHOP, 747 ERR_UPD_OPTATTR, 748 ERR_UPD_NETWORK, 749 ERR_UPD_ASPATH 750 }; 751 752 enum suberr_cease { 753 ERR_CEASE_MAX_PREFIX = 1, 754 ERR_CEASE_ADMIN_DOWN, 755 ERR_CEASE_PEER_UNCONF, 756 ERR_CEASE_ADMIN_RESET, 757 ERR_CEASE_CONN_REJECT, 758 ERR_CEASE_OTHER_CHANGE, 759 ERR_CEASE_COLLISION, 760 ERR_CEASE_RSRC_EXHAUST, 761 ERR_CEASE_HARD_RESET, 762 ERR_CEASE_MAX_SENT_PREFIX 763 }; 764 765 enum suberr_rrefresh { 766 ERR_RR_INV_LEN = 1 767 }; 768 769 struct kroute; 770 struct kroute6; 771 struct knexthop; 772 struct kredist_node; 773 RB_HEAD(kroute_tree, kroute); 774 RB_HEAD(kroute6_tree, kroute6); 775 RB_HEAD(knexthop_tree, knexthop); 776 RB_HEAD(kredist_tree, kredist_node); 777 778 struct ktable { 779 char descr[PEER_DESCR_LEN]; 780 struct kroute_tree krt; 781 struct kroute6_tree krt6; 782 struct knexthop_tree knt; 783 struct kredist_tree kredist; 784 struct network_head krn; 785 u_int rtableid; 786 u_int nhtableid; /* rdomain id for nexthop lookup */ 787 int nhrefcnt; /* refcnt for nexthop table */ 788 enum reconf_action state; 789 uint8_t fib_conf; /* configured FIB sync flag */ 790 uint8_t fib_sync; /* is FIB synced with kernel? */ 791 }; 792 793 struct kroute_full { 794 struct bgpd_addr prefix; 795 struct bgpd_addr nexthop; 796 char label[ROUTELABEL_LEN]; 797 uint32_t mplslabel; 798 uint16_t flags; 799 u_short ifindex; 800 uint8_t prefixlen; 801 uint8_t priority; 802 }; 803 804 struct kroute_nexthop { 805 struct bgpd_addr nexthop; 806 struct bgpd_addr gateway; 807 struct bgpd_addr net; 808 uint8_t netlen; 809 uint8_t valid; 810 uint8_t connected; 811 }; 812 813 struct session_dependon { 814 char ifname[IFNAMSIZ]; 815 uint8_t depend_state; /* for session depend on */ 816 }; 817 818 struct session_up { 819 struct bgpd_addr local_v4_addr; 820 struct bgpd_addr local_v6_addr; 821 struct bgpd_addr remote_addr; 822 struct capabilities capa; 823 uint32_t remote_bgpid; 824 unsigned int if_scope; 825 uint16_t short_as; 826 }; 827 828 struct route_refresh { 829 uint8_t aid; 830 uint8_t subtype; 831 }; 832 #define ROUTE_REFRESH_REQUEST 0 833 #define ROUTE_REFRESH_BEGIN_RR 1 834 #define ROUTE_REFRESH_END_RR 2 835 836 struct pftable_msg { 837 struct bgpd_addr addr; 838 char pftable[PFTABLE_LEN]; 839 uint8_t len; 840 }; 841 842 struct ctl_show_interface { 843 char ifname[IFNAMSIZ]; 844 char linkstate[32]; 845 char media[32]; 846 uint64_t baudrate; 847 u_int rdomain; 848 uint8_t nh_reachable; 849 uint8_t is_up; 850 }; 851 852 struct ctl_show_nexthop { 853 struct bgpd_addr addr; 854 struct ctl_show_interface iface; 855 struct kroute_full kr; 856 uint8_t valid; 857 uint8_t krvalid; 858 }; 859 860 struct ctl_show_set { 861 char name[SET_NAME_LEN]; 862 time_t lastchange; 863 size_t v4_cnt; 864 size_t v6_cnt; 865 size_t as_cnt; 866 enum { 867 ASNUM_SET, 868 PREFIX_SET, 869 ORIGIN_SET, 870 ROA_SET, 871 ASPA_SET, 872 } type; 873 }; 874 875 struct ctl_neighbor { 876 struct bgpd_addr addr; 877 char descr[PEER_DESCR_LEN]; 878 char reason[REASON_LEN]; 879 int show_timers; 880 int is_group; 881 }; 882 883 #define F_PREF_ELIGIBLE 0x001 884 #define F_PREF_BEST 0x002 885 #define F_PREF_INTERNAL 0x004 886 #define F_PREF_ANNOUNCE 0x008 887 #define F_PREF_STALE 0x010 888 #define F_PREF_INVALID 0x020 889 #define F_PREF_PATH_ID 0x040 890 #define F_PREF_OTC_LEAK 0x080 891 #define F_PREF_ECMP 0x100 892 #define F_PREF_AS_WIDE 0x200 893 #define F_PREF_FILTERED 0x400 894 895 struct ctl_show_rib { 896 struct bgpd_addr true_nexthop; 897 struct bgpd_addr exit_nexthop; 898 struct bgpd_addr prefix; 899 struct bgpd_addr remote_addr; 900 char descr[PEER_DESCR_LEN]; 901 time_t age; 902 uint32_t remote_id; 903 uint32_t path_id; 904 uint32_t local_pref; 905 uint32_t med; 906 uint32_t weight; 907 uint32_t flags; 908 uint8_t prefixlen; 909 uint8_t origin; 910 uint8_t roa_validation_state; 911 uint8_t aspa_validation_state; 912 int8_t dmetric; 913 /* plus an aspath */ 914 }; 915 916 enum as_spec { 917 AS_UNDEF, 918 AS_ALL, 919 AS_SOURCE, 920 AS_TRANSIT, 921 AS_PEER, 922 AS_EMPTY 923 }; 924 925 enum aslen_spec { 926 ASLEN_NONE, 927 ASLEN_MAX, 928 ASLEN_SEQ 929 }; 930 931 #define AS_FLAG_NEIGHBORAS 0x01 932 #define AS_FLAG_AS_SET_NAME 0x02 933 #define AS_FLAG_AS_SET 0x04 934 935 struct filter_as { 936 char name[SET_NAME_LEN]; 937 struct as_set *aset; 938 uint32_t as_min; 939 uint32_t as_max; 940 enum as_spec type; 941 uint8_t flags; 942 uint8_t op; 943 }; 944 945 struct filter_aslen { 946 u_int aslen; 947 enum aslen_spec type; 948 }; 949 950 #define PREFIXSET_FLAG_FILTER 0x01 951 #define PREFIXSET_FLAG_DIRTY 0x02 /* prefix-set changed at reload */ 952 #define PREFIXSET_FLAG_OPS 0x04 /* indiv. prefixes have prefixlenops */ 953 #define PREFIXSET_FLAG_LONGER 0x08 /* filter all prefixes with or-longer */ 954 955 struct filter_prefixset { 956 int flags; 957 char name[SET_NAME_LEN]; 958 struct rde_prefixset *ps; 959 }; 960 961 struct filter_originset { 962 char name[SET_NAME_LEN]; 963 struct rde_prefixset *ps; 964 }; 965 966 struct filter_vs { 967 uint8_t validity; 968 uint8_t is_set; 969 }; 970 971 /* 972 * Communities are encoded depending on their type. The low byte of flags 973 * is the COMMUNITY_TYPE (BASIC, LARGE, EXT). BASIC encoding is just using 974 * data1 and data2, LARGE uses all data fields and EXT is also using all 975 * data fields. The 4-byte flags fields consists of up to 3 data flags 976 * for e.g. COMMUNITY_ANY and the low byte is the community type. 977 * If flags is 0 the community struct is unused. If the upper 24bit of 978 * flags is 0 a fast compare can be used. 979 * The code uses a type cast to uint8_t to access the type. 980 */ 981 struct community { 982 uint32_t flags; 983 uint32_t data1; 984 uint32_t data2; 985 uint32_t data3; 986 }; 987 988 struct ctl_show_rib_request { 989 char rib[PEER_DESCR_LEN]; 990 struct ctl_neighbor neighbor; 991 struct bgpd_addr prefix; 992 struct filter_as as; 993 struct community community; 994 uint32_t flags; 995 uint32_t path_id; 996 pid_t pid; 997 enum imsg_type type; 998 uint8_t validation_state; 999 uint8_t prefixlen; 1000 uint8_t aid; 1001 }; 1002 1003 struct ctl_kroute_req { 1004 int flags; 1005 sa_family_t af; 1006 }; 1007 1008 enum filter_actions { 1009 ACTION_NONE, 1010 ACTION_ALLOW, 1011 ACTION_DENY 1012 }; 1013 1014 enum directions { 1015 DIR_IN = 1, 1016 DIR_OUT 1017 }; 1018 1019 enum from_spec { 1020 FROM_ALL, 1021 FROM_ADDRESS, 1022 FROM_DESCR, 1023 FROM_GROUP 1024 }; 1025 1026 enum comp_ops { 1027 OP_NONE, 1028 OP_RANGE, 1029 OP_XRANGE, 1030 OP_EQ, 1031 OP_NE, 1032 OP_LE, 1033 OP_LT, 1034 OP_GE, 1035 OP_GT 1036 }; 1037 1038 struct filter_peers { 1039 uint32_t peerid; 1040 uint32_t groupid; 1041 uint32_t remote_as; 1042 uint16_t ribid; 1043 uint8_t ebgp; 1044 uint8_t ibgp; 1045 }; 1046 1047 /* special community type, keep in sync with the attribute type */ 1048 #define COMMUNITY_TYPE_NONE 0 1049 #define COMMUNITY_TYPE_BASIC 8 1050 #define COMMUNITY_TYPE_EXT 16 1051 #define COMMUNITY_TYPE_LARGE 32 1052 1053 #define COMMUNITY_ANY 1 1054 #define COMMUNITY_NEIGHBOR_AS 2 1055 #define COMMUNITY_LOCAL_AS 3 1056 1057 /* wellknown community definitions */ 1058 #define COMMUNITY_WELLKNOWN 0xffff 1059 #define COMMUNITY_GRACEFUL_SHUTDOWN 0x0000 /* RFC 8326 */ 1060 #define COMMUNITY_BLACKHOLE 0x029A /* RFC 7999 */ 1061 #define COMMUNITY_NO_EXPORT 0xff01 1062 #define COMMUNITY_NO_ADVERTISE 0xff02 1063 #define COMMUNITY_NO_EXPSUBCONFED 0xff03 1064 #define COMMUNITY_NO_PEER 0xff04 /* RFC 3765 */ 1065 1066 /* extended community definitions */ 1067 #define EXT_COMMUNITY_IANA 0x80 1068 #define EXT_COMMUNITY_NON_TRANSITIVE 0x40 1069 #define EXT_COMMUNITY_VALUE 0x3f 1070 /* extended transitive types */ 1071 #define EXT_COMMUNITY_TRANS_TWO_AS 0x00 /* 2 octet AS specific */ 1072 #define EXT_COMMUNITY_TRANS_IPV4 0x01 /* IPv4 specific */ 1073 #define EXT_COMMUNITY_TRANS_FOUR_AS 0x02 /* 4 octet AS specific */ 1074 #define EXT_COMMUNITY_TRANS_OPAQUE 0x03 /* opaque ext community */ 1075 #define EXT_COMMUNITY_TRANS_EVPN 0x06 /* EVPN RFC 7432 */ 1076 /* extended non-transitive types */ 1077 #define EXT_COMMUNITY_NON_TRANS_TWO_AS 0x40 /* 2 octet AS specific */ 1078 #define EXT_COMMUNITY_NON_TRANS_IPV4 0x41 /* IPv4 specific */ 1079 #define EXT_COMMUNITY_NON_TRANS_FOUR_AS 0x42 /* 4 octet AS specific */ 1080 #define EXT_COMMUNITY_NON_TRANS_OPAQUE 0x43 /* opaque ext community */ 1081 #define EXT_COMMUNITY_UNKNOWN -1 1082 /* generic transitive types */ 1083 #define EXT_COMMUNITY_GEN_TWO_AS 0x80 /* 2 octet AS specific */ 1084 #define EXT_COMMUNITY_GEN_IPV4 0x81 /* IPv4 specific */ 1085 #define EXT_COMMUNITY_GEN_FOUR_AS 0x82 /* 4 octet AS specific */ 1086 1087 /* BGP Origin Validation State Extended Community RFC 8097 */ 1088 #define EXT_COMMUNITY_SUBTYPE_OVS 0 1089 #define EXT_COMMUNITY_OVS_VALID 0 1090 #define EXT_COMMUNITY_OVS_NOTFOUND 1 1091 #define EXT_COMMUNITY_OVS_INVALID 2 1092 1093 /* other handy defines */ 1094 #define EXT_COMMUNITY_OPAQUE_MAX 0xffffffffffffULL 1095 #define EXT_COMMUNITY_FLAG_VALID 0x01 1096 1097 struct ext_comm_pairs { 1098 uint8_t type; 1099 uint8_t subtype; 1100 const char *subname; 1101 }; 1102 1103 #define IANA_EXT_COMMUNITIES { \ 1104 { EXT_COMMUNITY_TRANS_TWO_AS, 0x02, "rt" }, \ 1105 { EXT_COMMUNITY_TRANS_TWO_AS, 0x03, "soo" }, \ 1106 { EXT_COMMUNITY_TRANS_TWO_AS, 0x05, "odi" }, \ 1107 { EXT_COMMUNITY_TRANS_TWO_AS, 0x08, "bdc" }, \ 1108 { EXT_COMMUNITY_TRANS_TWO_AS, 0x09, "srcas" }, \ 1109 { EXT_COMMUNITY_TRANS_TWO_AS, 0x0a, "l2vid" }, \ 1110 \ 1111 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x02, "rt" }, \ 1112 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x03, "soo" }, \ 1113 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x05, "odi" }, \ 1114 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x08, "bdc" }, \ 1115 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x09, "srcas" }, \ 1116 \ 1117 { EXT_COMMUNITY_TRANS_IPV4, 0x02, "rt" }, \ 1118 { EXT_COMMUNITY_TRANS_IPV4, 0x03, "soo" }, \ 1119 { EXT_COMMUNITY_TRANS_IPV4, 0x05, "odi" }, \ 1120 { EXT_COMMUNITY_TRANS_IPV4, 0x07, "ori" }, \ 1121 { EXT_COMMUNITY_TRANS_IPV4, 0x0a, "l2vid" }, \ 1122 { EXT_COMMUNITY_TRANS_IPV4, 0x0b, "vrfri" }, \ 1123 \ 1124 { EXT_COMMUNITY_TRANS_OPAQUE, 0x06, "ort" }, \ 1125 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0d, "defgw" }, \ 1126 \ 1127 { EXT_COMMUNITY_NON_TRANS_OPAQUE, EXT_COMMUNITY_SUBTYPE_OVS, "ovs" }, \ 1128 \ 1129 { EXT_COMMUNITY_TRANS_EVPN, 0x00, "mac-mob" }, \ 1130 { EXT_COMMUNITY_TRANS_EVPN, 0x01, "esi-lab" }, \ 1131 { EXT_COMMUNITY_TRANS_EVPN, 0x02, "esi-rt" }, \ 1132 \ 1133 { EXT_COMMUNITY_GEN_TWO_AS, 0x06, "flow-rate" }, \ 1134 { EXT_COMMUNITY_GEN_TWO_AS, 0x0c, "flow-pps" }, \ 1135 { EXT_COMMUNITY_GEN_TWO_AS, 0x07, "flow-action" }, \ 1136 { EXT_COMMUNITY_GEN_TWO_AS, 0x08, "flow-rt-redir" }, \ 1137 { EXT_COMMUNITY_GEN_IPV4, 0x08, "flow-rt-redir" }, \ 1138 { EXT_COMMUNITY_GEN_FOUR_AS, 0x08, "flow-rt-redir" }, \ 1139 { EXT_COMMUNITY_GEN_TWO_AS, 0x09, "flow-dscp" }, \ 1140 \ 1141 { 0 } \ 1142 } 1143 1144 extern const struct ext_comm_pairs iana_ext_comms[]; 1145 1146 /* BGP flowspec defines RFC 8955 and 8956 */ 1147 #define FLOWSPEC_LEN_LIMIT 0xf0 1148 #define FLOWSPEC_OP_EOL 0x80 1149 #define FLOWSPEC_OP_AND 0x40 1150 #define FLOWSPEC_OP_LEN_MASK 0x30 1151 #define FLOWSPEC_OP_LEN_SHIFT 4 1152 #define FLOWSPEC_OP_LEN(op) \ 1153 (1 << (((op) & FLOWSPEC_OP_LEN_MASK) >> FLOWSPEC_OP_LEN_SHIFT)) 1154 #define FLOWSPEC_OP_NUM_LT 0x04 1155 #define FLOWSPEC_OP_NUM_GT 0x02 1156 #define FLOWSPEC_OP_NUM_EQ 0x01 1157 #define FLOWSPEC_OP_NUM_LE (FLOWSPEC_OP_NUM_LT | FLOWSPEC_OP_NUM_EQ) 1158 #define FLOWSPEC_OP_NUM_GE (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_EQ) 1159 #define FLOWSPEC_OP_NUM_NOT (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_LT) 1160 #define FLOWSPEC_OP_NUM_MASK 0x07 1161 #define FLOWSPEC_OP_BIT_NOT 0x02 1162 #define FLOWSPEC_OP_BIT_MATCH 0x01 1163 #define FLOWSPEC_OP_BIT_MASK 0x03 1164 1165 #define FLOWSPEC_TYPE_MIN 1 1166 #define FLOWSPEC_TYPE_DEST 1 1167 #define FLOWSPEC_TYPE_SOURCE 2 1168 #define FLOWSPEC_TYPE_PROTO 3 1169 #define FLOWSPEC_TYPE_PORT 4 1170 #define FLOWSPEC_TYPE_DST_PORT 5 1171 #define FLOWSPEC_TYPE_SRC_PORT 6 1172 #define FLOWSPEC_TYPE_ICMP_TYPE 7 1173 #define FLOWSPEC_TYPE_ICMP_CODE 8 1174 #define FLOWSPEC_TYPE_TCP_FLAGS 9 1175 #define FLOWSPEC_TYPE_PKT_LEN 10 1176 #define FLOWSPEC_TYPE_DSCP 11 1177 #define FLOWSPEC_TYPE_FRAG 12 1178 #define FLOWSPEC_TYPE_FLOW 13 1179 #define FLOWSPEC_TYPE_MAX 14 1180 1181 #define FLOWSPEC_TCP_FLAG_STRING "FSRPAUEW" 1182 #define FLOWSPEC_FRAG_STRING4 "DIFL" 1183 #define FLOWSPEC_FRAG_STRING6 " IFL" 1184 1185 struct filter_prefix { 1186 struct bgpd_addr addr; 1187 uint8_t op; 1188 uint8_t len; 1189 uint8_t len_min; 1190 uint8_t len_max; 1191 }; 1192 1193 struct filter_nexthop { 1194 struct bgpd_addr addr; 1195 uint8_t flags; 1196 #define FILTER_NEXTHOP_ADDR 1 1197 #define FILTER_NEXTHOP_NEIGHBOR 2 1198 }; 1199 1200 struct filter_match { 1201 struct filter_prefix prefix; 1202 struct filter_nexthop nexthop; 1203 struct filter_as as; 1204 struct filter_aslen aslen; 1205 struct community community[MAX_COMM_MATCH]; 1206 struct filter_prefixset prefixset; 1207 struct filter_originset originset; 1208 struct filter_vs ovs; 1209 struct filter_vs avs; 1210 int maxcomm; 1211 int maxextcomm; 1212 int maxlargecomm; 1213 }; 1214 1215 struct filter_rule { 1216 TAILQ_ENTRY(filter_rule) entry; 1217 char rib[PEER_DESCR_LEN]; 1218 struct filter_peers peer; 1219 struct filter_match match; 1220 struct filter_set_head set; 1221 #define RDE_FILTER_SKIP_PEERID 0 1222 #define RDE_FILTER_SKIP_GROUPID 1 1223 #define RDE_FILTER_SKIP_REMOTE_AS 2 1224 #define RDE_FILTER_SKIP_COUNT 3 1225 struct filter_rule *skip[RDE_FILTER_SKIP_COUNT]; 1226 enum filter_actions action; 1227 enum directions dir; 1228 uint8_t quick; 1229 }; 1230 1231 enum action_types { 1232 ACTION_SET_LOCALPREF, 1233 ACTION_SET_RELATIVE_LOCALPREF, 1234 ACTION_SET_MED, 1235 ACTION_SET_RELATIVE_MED, 1236 ACTION_SET_WEIGHT, 1237 ACTION_SET_RELATIVE_WEIGHT, 1238 ACTION_SET_PREPEND_SELF, 1239 ACTION_SET_PREPEND_PEER, 1240 ACTION_SET_AS_OVERRIDE, 1241 ACTION_SET_NEXTHOP, 1242 ACTION_SET_NEXTHOP_REF, 1243 ACTION_SET_NEXTHOP_REJECT, 1244 ACTION_SET_NEXTHOP_BLACKHOLE, 1245 ACTION_SET_NEXTHOP_NOMODIFY, 1246 ACTION_SET_NEXTHOP_SELF, 1247 ACTION_DEL_COMMUNITY, 1248 ACTION_SET_COMMUNITY, 1249 ACTION_PFTABLE, 1250 ACTION_PFTABLE_ID, 1251 ACTION_RTLABEL, 1252 ACTION_RTLABEL_ID, 1253 ACTION_SET_ORIGIN 1254 }; 1255 1256 struct nexthop; 1257 struct filter_set { 1258 TAILQ_ENTRY(filter_set) entry; 1259 union { 1260 uint8_t prepend; 1261 uint16_t id; 1262 uint32_t metric; 1263 int32_t relative; 1264 struct bgpd_addr nexthop; 1265 struct nexthop *nh_ref; 1266 struct community community; 1267 char pftable[PFTABLE_LEN]; 1268 char rtlabel[ROUTELABEL_LEN]; 1269 uint8_t origin; 1270 } action; 1271 enum action_types type; 1272 }; 1273 1274 struct roa_set { 1275 uint32_t as; /* must be first */ 1276 uint32_t maxlen; /* change type for better struct layout */ 1277 }; 1278 1279 struct prefixset_item { 1280 struct filter_prefix p; 1281 RB_ENTRY(prefixset_item) entry; 1282 }; 1283 1284 struct prefixset { 1285 int sflags; 1286 char name[SET_NAME_LEN]; 1287 struct prefixset_tree psitems; 1288 struct roa_tree roaitems; 1289 SIMPLEQ_ENTRY(prefixset) entry; 1290 }; 1291 1292 struct as_set { 1293 char name[SET_NAME_LEN]; 1294 SIMPLEQ_ENTRY(as_set) entry; 1295 struct set_table *set; 1296 time_t lastchange; 1297 int dirty; 1298 }; 1299 1300 struct aspa_set { 1301 time_t expires; 1302 uint32_t as; 1303 uint32_t num; 1304 uint32_t *tas; 1305 RB_ENTRY(aspa_set) entry; 1306 }; 1307 1308 struct aspa_prep { 1309 size_t datasize; 1310 uint32_t entries; 1311 }; 1312 1313 struct l3vpn { 1314 SIMPLEQ_ENTRY(l3vpn) entry; 1315 char descr[PEER_DESCR_LEN]; 1316 char ifmpe[IFNAMSIZ]; 1317 struct filter_set_head import; 1318 struct filter_set_head export; 1319 struct network_head net_l; 1320 uint64_t rd; 1321 u_int rtableid; 1322 u_int label; 1323 int flags; 1324 }; 1325 1326 struct rde_rib { 1327 SIMPLEQ_ENTRY(rde_rib) entry; 1328 char name[PEER_DESCR_LEN]; 1329 u_int rtableid; 1330 uint16_t id; 1331 uint16_t flags; 1332 }; 1333 SIMPLEQ_HEAD(rib_names, rde_rib); 1334 extern struct rib_names ribnames; 1335 1336 /* rde_rib flags */ 1337 #define F_RIB_LOCAL 0x0001 1338 #define F_RIB_NOEVALUATE 0x0002 1339 #define F_RIB_NOFIB 0x0004 1340 #define F_RIB_NOFIBSYNC 0x0008 1341 1342 /* 4-byte magic AS number */ 1343 #define AS_TRANS 23456 1344 /* AS_NONE for origin validation */ 1345 #define AS_NONE 0 1346 1347 struct rde_memstats { 1348 long long path_cnt; 1349 long long path_refs; 1350 long long prefix_cnt; 1351 long long rib_cnt; 1352 long long pt_cnt[AID_MAX]; 1353 long long pt_size[AID_MAX]; 1354 long long nexthop_cnt; 1355 long long aspath_cnt; 1356 long long aspath_size; 1357 long long comm_cnt; 1358 long long comm_nmemb; 1359 long long comm_size; 1360 long long comm_refs; 1361 long long attr_cnt; 1362 long long attr_refs; 1363 long long attr_data; 1364 long long attr_dcnt; 1365 long long aset_cnt; 1366 long long aset_size; 1367 long long aset_nmemb; 1368 long long pset_cnt; 1369 long long pset_size; 1370 }; 1371 1372 #define MRT_FILE_LEN 512 1373 #define MRT2MC(x) ((struct mrt_config *)(x)) 1374 1375 enum mrt_type { 1376 MRT_NONE, 1377 MRT_TABLE_DUMP, 1378 MRT_TABLE_DUMP_MP, 1379 MRT_TABLE_DUMP_V2, 1380 MRT_ALL_IN, 1381 MRT_ALL_OUT, 1382 MRT_UPDATE_IN, 1383 MRT_UPDATE_OUT 1384 }; 1385 1386 enum mrt_state { 1387 MRT_STATE_RUNNING, 1388 MRT_STATE_OPEN, 1389 MRT_STATE_REOPEN, 1390 MRT_STATE_REMOVE 1391 }; 1392 1393 struct mrt { 1394 char rib[PEER_DESCR_LEN]; 1395 struct msgbuf wbuf; 1396 LIST_ENTRY(mrt) entry; 1397 uint32_t peer_id; 1398 uint32_t group_id; 1399 enum mrt_type type; 1400 enum mrt_state state; 1401 uint16_t seqnum; 1402 }; 1403 1404 struct mrt_config { 1405 struct mrt conf; 1406 char name[MRT_FILE_LEN]; /* base file name */ 1407 char file[MRT_FILE_LEN]; /* actual file name */ 1408 time_t ReopenTimer; 1409 int ReopenTimerInterval; 1410 }; 1411 1412 /* prototypes */ 1413 /* bgpd.c */ 1414 void send_nexthop_update(struct kroute_nexthop *); 1415 void send_imsg_session(int, pid_t, void *, uint16_t); 1416 int send_network(int, struct network_config *, 1417 struct filter_set_head *); 1418 int bgpd_oknexthop(struct kroute_full *); 1419 int bgpd_has_bgpnh(void); 1420 void set_pollfd(struct pollfd *, struct imsgbuf *); 1421 int handle_pollfd(struct pollfd *, struct imsgbuf *); 1422 1423 /* control.c */ 1424 int control_imsg_relay(struct imsg *, struct peer *); 1425 1426 /* config.c */ 1427 struct bgpd_config *new_config(void); 1428 void copy_config(struct bgpd_config *, struct bgpd_config *); 1429 void network_free(struct network *); 1430 struct flowspec_config *flowspec_alloc(uint8_t, int); 1431 void flowspec_free(struct flowspec_config *); 1432 void free_l3vpns(struct l3vpn_head *); 1433 void free_config(struct bgpd_config *); 1434 void free_prefixsets(struct prefixset_head *); 1435 void free_rde_prefixsets(struct rde_prefixset_head *); 1436 void free_prefixtree(struct prefixset_tree *); 1437 void free_roatree(struct roa_tree *); 1438 void free_aspa(struct aspa_set *); 1439 void free_aspatree(struct aspa_tree *); 1440 void free_rtrs(struct rtr_config_head *); 1441 void filterlist_free(struct filter_head *); 1442 int host(const char *, struct bgpd_addr *, uint8_t *); 1443 uint32_t get_bgpid(void); 1444 void expand_networks(struct bgpd_config *, struct network_head *); 1445 RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); 1446 RB_PROTOTYPE(roa_tree, roa, entry, roa_cmp); 1447 RB_PROTOTYPE(aspa_tree, aspa_set, entry, aspa_cmp); 1448 RB_PROTOTYPE(flowspec_tree, flowspec_config, entry, flowspec_config_cmp); 1449 1450 /* kroute.c */ 1451 int kr_init(int *, uint8_t); 1452 int kr_default_prio(void); 1453 int kr_check_prio(long long); 1454 int ktable_update(u_int, char *, int); 1455 void ktable_preload(void); 1456 void ktable_postload(void); 1457 int ktable_exists(u_int, u_int *); 1458 int kr_change(u_int, struct kroute_full *); 1459 int kr_delete(u_int, struct kroute_full *); 1460 int kr_flush(u_int); 1461 void kr_shutdown(void); 1462 void kr_fib_couple(u_int); 1463 void kr_fib_couple_all(void); 1464 void kr_fib_decouple(u_int); 1465 void kr_fib_decouple_all(void); 1466 void kr_fib_prio_set(uint8_t); 1467 int kr_dispatch_msg(void); 1468 int kr_nexthop_add(uint32_t, struct bgpd_addr *); 1469 void kr_nexthop_delete(uint32_t, struct bgpd_addr *); 1470 void kr_show_route(struct imsg *); 1471 void kr_ifinfo(char *); 1472 void kr_net_reload(u_int, uint64_t, struct network_head *); 1473 int kr_reload(void); 1474 int get_mpe_config(const char *, u_int *, u_int *); 1475 uint8_t mask2prefixlen(sa_family_t, struct sockaddr *); 1476 1477 /* log.c */ 1478 void log_peer_info(const struct peer_config *, const char *, ...) 1479 __attribute__((__format__ (printf, 2, 3))); 1480 void log_peer_warn(const struct peer_config *, const char *, ...) 1481 __attribute__((__format__ (printf, 2, 3))); 1482 void log_peer_warnx(const struct peer_config *, const char *, ...) 1483 __attribute__((__format__ (printf, 2, 3))); 1484 1485 /* mrt.c */ 1486 void mrt_write(struct mrt *); 1487 void mrt_clean(struct mrt *); 1488 void mrt_init(struct imsgbuf *, struct imsgbuf *); 1489 time_t mrt_timeout(struct mrt_head *); 1490 void mrt_reconfigure(struct mrt_head *); 1491 void mrt_handler(struct mrt_head *); 1492 struct mrt *mrt_get(struct mrt_head *, struct mrt *); 1493 void mrt_mergeconfig(struct mrt_head *, struct mrt_head *); 1494 1495 /* name2id.c */ 1496 uint16_t rtlabel_name2id(const char *); 1497 const char *rtlabel_id2name(uint16_t); 1498 void rtlabel_unref(uint16_t); 1499 uint16_t rtlabel_ref(uint16_t); 1500 uint16_t pftable_name2id(const char *); 1501 const char *pftable_id2name(uint16_t); 1502 void pftable_unref(uint16_t); 1503 uint16_t pftable_ref(uint16_t); 1504 1505 /* parse.y */ 1506 int cmdline_symset(char *); 1507 struct prefixset *find_prefixset(char *, struct prefixset_head *); 1508 struct bgpd_config *parse_config(char *, struct peer_head *, 1509 struct rtr_config_head *); 1510 1511 /* pftable.c */ 1512 int pftable_exists(const char *); 1513 int pftable_add(const char *); 1514 int pftable_clear_all(void); 1515 int pftable_addr_add(struct pftable_msg *); 1516 int pftable_addr_remove(struct pftable_msg *); 1517 int pftable_commit(void); 1518 1519 /* rde_filter.c */ 1520 void filterset_free(struct filter_set_head *); 1521 int filterset_cmp(struct filter_set *, struct filter_set *); 1522 void filterset_move(struct filter_set_head *, struct filter_set_head *); 1523 void filterset_copy(struct filter_set_head *, struct filter_set_head *); 1524 const char *filterset_name(enum action_types); 1525 1526 /* rde_sets.c */ 1527 struct as_set *as_sets_lookup(struct as_set_head *, const char *); 1528 struct as_set *as_sets_new(struct as_set_head *, const char *, size_t, 1529 size_t); 1530 void as_sets_free(struct as_set_head *); 1531 void as_sets_mark_dirty(struct as_set_head *, struct as_set_head *); 1532 int as_set_match(const struct as_set *, uint32_t); 1533 1534 struct set_table *set_new(size_t, size_t); 1535 void set_free(struct set_table *); 1536 int set_add(struct set_table *, void *, size_t); 1537 void *set_get(struct set_table *, size_t *); 1538 void set_prep(struct set_table *); 1539 void *set_match(const struct set_table *, uint32_t); 1540 int set_equal(const struct set_table *, 1541 const struct set_table *); 1542 size_t set_nmemb(const struct set_table *); 1543 1544 /* rde_trie.c */ 1545 int trie_add(struct trie_head *, struct bgpd_addr *, uint8_t, uint8_t, 1546 uint8_t); 1547 int trie_roa_add(struct trie_head *, struct roa *); 1548 void trie_free(struct trie_head *); 1549 int trie_match(struct trie_head *, struct bgpd_addr *, uint8_t, int); 1550 int trie_roa_check(struct trie_head *, struct bgpd_addr *, uint8_t, 1551 uint32_t); 1552 void trie_dump(struct trie_head *); 1553 int trie_equal(struct trie_head *, struct trie_head *); 1554 1555 /* timer.c */ 1556 time_t getmonotime(void); 1557 1558 /* util.c */ 1559 char *ibuf_get_string(struct ibuf *, size_t); 1560 const char *log_addr(const struct bgpd_addr *); 1561 const char *log_in6addr(const struct in6_addr *); 1562 const char *log_sockaddr(struct sockaddr *, socklen_t); 1563 const char *log_as(uint32_t); 1564 const char *log_rd(uint64_t); 1565 const char *log_ext_subtype(int, uint8_t); 1566 const char *log_reason(const char *); 1567 const char *log_aspath_error(int); 1568 const char *log_roa(struct roa *); 1569 const char *log_aspa(struct aspa_set *); 1570 const char *log_rtr_error(enum rtr_error); 1571 const char *log_policy(enum role); 1572 const char *log_capability(uint8_t); 1573 int aspath_asprint(char **, struct ibuf *); 1574 uint32_t aspath_extract(const void *, int); 1575 int aspath_verify(struct ibuf *, int, int); 1576 #define AS_ERR_LEN -1 1577 #define AS_ERR_TYPE -2 1578 #define AS_ERR_BAD -3 1579 #define AS_ERR_SOFT -4 1580 struct ibuf *aspath_inflate(struct ibuf *); 1581 int extract_prefix(const u_char *, int, void *, uint8_t, uint8_t); 1582 int nlri_get_prefix(struct ibuf *, struct bgpd_addr *, uint8_t *); 1583 int nlri_get_prefix6(struct ibuf *, struct bgpd_addr *, uint8_t *); 1584 int nlri_get_vpn4(struct ibuf *, struct bgpd_addr *, uint8_t *, 1585 int); 1586 int nlri_get_vpn6(struct ibuf *, struct bgpd_addr *, uint8_t *, 1587 int); 1588 int prefix_compare(const struct bgpd_addr *, 1589 const struct bgpd_addr *, int); 1590 void inet4applymask(struct in_addr *, const struct in_addr *, int); 1591 void inet6applymask(struct in6_addr *, const struct in6_addr *, 1592 int); 1593 void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); 1594 const char *aid2str(uint8_t); 1595 int aid2afi(uint8_t, uint16_t *, uint8_t *); 1596 int afi2aid(uint16_t, uint8_t, uint8_t *); 1597 sa_family_t aid2af(uint8_t); 1598 int af2aid(sa_family_t, uint8_t, uint8_t *); 1599 struct sockaddr *addr2sa(const struct bgpd_addr *, uint16_t, socklen_t *); 1600 void sa2addr(struct sockaddr *, struct bgpd_addr *, uint16_t *); 1601 const char * get_baudrate(unsigned long long, char *); 1602 1603 /* flowspec.c */ 1604 int flowspec_valid(const uint8_t *, int, int); 1605 int flowspec_cmp(const uint8_t *, int, const uint8_t *, int, int); 1606 int flowspec_get_component(const uint8_t *, int, int, int, 1607 const uint8_t **, int *); 1608 int flowspec_get_addr(const uint8_t *, int, int, int, struct bgpd_addr *, 1609 uint8_t *, uint8_t *); 1610 const char *flowspec_fmt_label(int); 1611 const char *flowspec_fmt_num_op(const uint8_t *, int, int *); 1612 const char *flowspec_fmt_bin_op(const uint8_t *, int, int *, const char *); 1613 1614 static const char * const log_procnames[] = { 1615 "parent", 1616 "SE", 1617 "RDE", 1618 "RTR" 1619 }; 1620 1621 /* logmsg.c and needed by bgpctl */ 1622 static const char * const statenames[] = { 1623 "None", 1624 "Idle", 1625 "Connect", 1626 "Active", 1627 "OpenSent", 1628 "OpenConfirm", 1629 "Established" 1630 }; 1631 1632 static const char * const msgtypenames[] = { 1633 "NONE", 1634 "OPEN", 1635 "UPDATE", 1636 "NOTIFICATION", 1637 "KEEPALIVE", 1638 "RREFRESH" 1639 }; 1640 1641 static const char * const eventnames[] = { 1642 "None", 1643 "Start", 1644 "Stop", 1645 "Connection opened", 1646 "Connection closed", 1647 "Connection open failed", 1648 "Fatal error", 1649 "ConnectRetryTimer expired", 1650 "HoldTimer expired", 1651 "KeepaliveTimer expired", 1652 "SendHoldTimer expired", 1653 "OPEN message received", 1654 "KEEPALIVE message received", 1655 "UPDATE message received", 1656 "NOTIFICATION received" 1657 }; 1658 1659 static const char * const errnames[] = { 1660 "none", 1661 "Header error", 1662 "error in OPEN message", 1663 "error in UPDATE message", 1664 "HoldTimer expired", 1665 "Finite State Machine error", 1666 "Cease", 1667 "error in ROUTE-REFRESH message" 1668 }; 1669 1670 static const char * const suberr_header_names[] = { 1671 "none", 1672 "synchronization error", 1673 "wrong length", 1674 "unknown message type" 1675 }; 1676 1677 static const char * const suberr_open_names[] = { 1678 "none", 1679 "version mismatch", 1680 "AS unacceptable", 1681 "BGPID invalid", 1682 "optional parameter error", 1683 "authentication error", 1684 "unacceptable holdtime", 1685 "unsupported capability", 1686 NULL, 1687 NULL, 1688 NULL, 1689 "role mismatch", 1690 }; 1691 1692 static const char * const suberr_fsm_names[] = { 1693 "unspecified error", 1694 "received unexpected message in OpenSent", 1695 "received unexpected message in OpenConfirm", 1696 "received unexpected message in Established" 1697 }; 1698 1699 static const char * const suberr_update_names[] = { 1700 "none", 1701 "attribute list error", 1702 "unknown well-known attribute", 1703 "well-known attribute missing", 1704 "attribute flags error", 1705 "attribute length wrong", 1706 "origin unacceptable", 1707 "loop detected", 1708 "nexthop unacceptable", 1709 "optional attribute error", 1710 "network unacceptable", 1711 "AS-Path unacceptable" 1712 }; 1713 1714 static const char * const suberr_cease_names[] = { 1715 "none", 1716 "received max-prefix exceeded", 1717 "administratively down", 1718 "peer unconfigured", 1719 "administrative reset", 1720 "connection rejected", 1721 "other config change", 1722 "collision", 1723 "resource exhaustion", 1724 "hard reset", 1725 "sent max-prefix exceeded" 1726 }; 1727 1728 static const char * const suberr_rrefresh_names[] = { 1729 "none", 1730 "invalid message length" 1731 }; 1732 1733 static const char * const ctl_res_strerror[] = { 1734 "no error", 1735 "no such neighbor", 1736 "permission denied", 1737 "neighbor does not have this capability", 1738 "config file has errors, reload failed", 1739 "previous reload still running", 1740 "out of memory", 1741 "not a cloned peer", 1742 "peer still active, down peer first", 1743 "no such RIB", 1744 "operation not supported", 1745 }; 1746 1747 static const char * const timernames[] = { 1748 "None", 1749 "ConnectRetryTimer", 1750 "KeepaliveTimer", 1751 "HoldTimer", 1752 "SendHoldTimer", 1753 "IdleHoldTimer", 1754 "IdleHoldResetTimer", 1755 "CarpUndemoteTimer", 1756 "RestartTimer", 1757 "RTR RefreshTimer", 1758 "RTR RetryTimer", 1759 "RTR ExpireTimer", 1760 "RTR ActiveTimer", 1761 "" 1762 }; 1763 1764 #endif /* __BGPD_H__ */ 1765