1 /* $OpenBSD: bgpd.h,v 1.498 2024/10/08 12:28:09 claudio Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #ifndef __BGPD_H__ 19 #define __BGPD_H__ 20 21 #include <sys/types.h> 22 #include <sys/socket.h> 23 #include <sys/queue.h> 24 #include <sys/tree.h> 25 #include <netinet/in.h> 26 #include <arpa/inet.h> 27 #include <net/if.h> 28 29 #include <poll.h> 30 #include <stdarg.h> 31 #include <stdint.h> 32 33 #include <imsg.h> 34 35 #define BGP_VERSION 4 36 #define RTR_MAX_VERSION 2 37 #define RTR_DEFAULT_VERSION 1 38 #define BGP_PORT 179 39 #define RTR_PORT 323 40 #define CONFFILE "/etc/bgpd.conf" 41 #define BGPD_USER "_bgpd" 42 #define PEER_DESCR_LEN 64 43 #define REASON_LEN 256 /* includes NUL terminator */ 44 #define PFTABLE_LEN 32 45 #define ROUTELABEL_LEN 32 46 #define TCP_MD5_KEY_LEN 80 47 #define IPSEC_ENC_KEY_LEN 32 48 #define IPSEC_AUTH_KEY_LEN 20 49 #define SET_NAME_LEN 128 50 51 #define MAX_PKTSIZE 4096 52 #define MIN_HOLDTIME 3 53 #define READ_BUF_SIZE 65535 54 #define MAX_SOCK_BUF (4 * READ_BUF_SIZE) 55 #define RT_BUF_SIZE 16384 56 #define MAX_RTSOCK_BUF (2 * 1024 * 1024) 57 #define MAX_COMM_MATCH 3 58 #define MAX_ASPA_SPAS_COUNT 10000 59 60 #define BGPD_OPT_VERBOSE 0x0001 61 #define BGPD_OPT_VERBOSE2 0x0002 62 #define BGPD_OPT_NOACTION 0x0004 63 #define BGPD_OPT_FORCE_DEMOTE 0x0008 64 65 #define BGPD_FLAG_REFLECTOR 0x0004 66 #define BGPD_FLAG_NEXTHOP_BGP 0x0010 67 #define BGPD_FLAG_NEXTHOP_DEFAULT 0x0020 68 #define BGPD_FLAG_DECISION_MASK 0x0f00 69 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 70 #define BGPD_FLAG_DECISION_TRANS_AS 0x0200 71 #define BGPD_FLAG_DECISION_MED_ALWAYS 0x0400 72 #define BGPD_FLAG_DECISION_ALL_PATHS 0x0800 73 #define BGPD_FLAG_NO_AS_SET 0x1000 74 75 #define BGPD_LOG_UPDATES 0x0001 76 77 #define SOCKET_NAME "/var/run/bgpd.sock" 78 79 #define F_BGPD 0x0001 80 #define F_BGPD_INSERTED 0x0002 81 #define F_CONNECTED 0x0004 82 #define F_STATIC 0x0008 83 #define F_NEXTHOP 0x0010 84 #define F_REJECT 0x0020 85 #define F_BLACKHOLE 0x0040 86 #define F_MPLS 0x0080 87 #define F_LONGER 0x0200 88 #define F_SHORTER 0x0400 89 #define F_CTL_DETAIL 0x1000 /* only set on requests */ 90 #define F_CTL_ADJ_IN 0x2000 /* only set on requests */ 91 #define F_CTL_ADJ_OUT 0x4000 /* only set on requests */ 92 #define F_CTL_BEST 0x8000 93 #define F_CTL_INELIGIBLE 0x10000 /* only set on requests */ 94 #define F_CTL_LEAKED 0x20000 /* only set on requests */ 95 #define F_CTL_INVALID 0x40000 /* only set on requests */ 96 #define F_CTL_OVS_VALID 0x80000 97 #define F_CTL_OVS_INVALID 0x100000 98 #define F_CTL_OVS_NOTFOUND 0x200000 99 #define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */ 100 #define F_CTL_HAS_PATHID 0x800000 /* only set on requests */ 101 #define F_CTL_AVS_VALID 0x1000000 102 #define F_CTL_AVS_INVALID 0x2000000 103 #define F_CTL_AVS_UNKNOWN 0x4000000 104 #define F_CTL_FILTERED 0x8000000 /* only set on requests */ 105 #define F_CTL_SSV 0x80000000 /* only used by bgpctl */ 106 107 #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ 108 __attribute__((__unused__)) 109 110 /* 111 * Note that these numeric assignments differ from the numbers commonly 112 * used in route origin validation context. 113 */ 114 #define ROA_NOTFOUND 0x0 /* default */ 115 #define ROA_INVALID 0x1 116 #define ROA_VALID 0x2 117 #define ROA_MASK 0x3 118 119 #define ASPA_UNKNOWN 0x00 /* default */ 120 #define ASPA_INVALID 0x01 121 #define ASPA_VALID 0x02 122 #define ASPA_MASK 0x03 123 #define ASPA_NEVER_KNOWN 0x08 /* unknown and check never needed */ 124 125 /* 126 * Limit the number of messages queued in the session engine. 127 * The SE will send an IMSG_XOFF messages to the RDE if the high water mark 128 * is reached. The RDE should then throttle this peer or control connection. 129 * Once the message queue in the SE drops below the low water mark an 130 * IMSG_XON message will be sent and the RDE will produce more messages again. 131 */ 132 #define RDE_RUNNER_ROUNDS 100 133 #define SESS_MSG_HIGH_MARK 2000 134 #define SESS_MSG_LOW_MARK 500 135 #define CTL_MSG_HIGH_MARK 500 136 #define CTL_MSG_LOW_MARK 100 137 138 enum bgpd_process { 139 PROC_MAIN, 140 PROC_SE, 141 PROC_RDE, 142 PROC_RTR, 143 }; 144 145 enum reconf_action { 146 RECONF_NONE, 147 RECONF_KEEP, 148 RECONF_REINIT, 149 RECONF_RELOAD, 150 RECONF_DELETE 151 }; 152 153 /* Address Family Numbers as per RFC 1700 */ 154 #define AFI_UNSPEC 0 155 #define AFI_IPv4 1 156 #define AFI_IPv6 2 157 158 /* Subsequent Address Family Identifier as per RFC 4760 */ 159 #define SAFI_NONE 0 160 #define SAFI_UNICAST 1 161 #define SAFI_MULTICAST 2 162 #define SAFI_MPLS 4 163 #define SAFI_MPLSVPN 128 164 #define SAFI_FLOWSPEC 133 165 #define SAFI_VPNFLOWSPEC 134 166 167 struct aid { 168 uint16_t afi; 169 sa_family_t af; 170 uint8_t safi; 171 const char *name; 172 }; 173 174 extern const struct aid aid_vals[]; 175 176 #define AID_UNSPEC 0 177 #define AID_INET 1 178 #define AID_INET6 2 179 #define AID_VPN_IPv4 3 180 #define AID_VPN_IPv6 4 181 #define AID_FLOWSPECv4 5 182 #define AID_FLOWSPECv6 6 183 #define AID_MAX 7 184 #define AID_MIN 1 /* skip AID_UNSPEC since that is a dummy */ 185 186 #define AID_VALS { \ 187 /* afi, af, safii, name */ \ 188 { AFI_UNSPEC, AF_UNSPEC, SAFI_NONE, "unspec"}, \ 189 { AFI_IPv4, AF_INET, SAFI_UNICAST, "IPv4 unicast" }, \ 190 { AFI_IPv6, AF_INET6, SAFI_UNICAST, "IPv6 unicast" }, \ 191 { AFI_IPv4, AF_INET, SAFI_MPLSVPN, "IPv4 vpn" }, \ 192 { AFI_IPv6, AF_INET6, SAFI_MPLSVPN, "IPv6 vpn" }, \ 193 { AFI_IPv4, AF_INET, SAFI_FLOWSPEC, "IPv4 flowspec" }, \ 194 { AFI_IPv6, AF_INET6, SAFI_FLOWSPEC, "IPv6 flowspec" }, \ 195 } 196 197 #define BGP_MPLS_BOS 0x01 198 199 struct bgpd_addr { 200 union { 201 struct in_addr v4; 202 struct in6_addr v6; 203 /* maximum size for a prefix is 256 bits */ 204 }; /* 128-bit address */ 205 uint64_t rd; /* route distinguisher for VPN addrs */ 206 uint32_t scope_id; /* iface scope id for v6 */ 207 uint8_t aid; 208 uint8_t labellen; /* size of the labelstack */ 209 uint8_t labelstack[18]; /* max that makes sense */ 210 }; 211 212 #define DEFAULT_LISTENER 0x01 213 #define LISTENER_LISTENING 0x02 214 215 struct listen_addr { 216 TAILQ_ENTRY(listen_addr) entry; 217 struct sockaddr_storage sa; 218 int fd; 219 enum reconf_action reconf; 220 socklen_t sa_len; 221 uint8_t flags; 222 }; 223 224 TAILQ_HEAD(listen_addrs, listen_addr); 225 TAILQ_HEAD(filter_set_head, filter_set); 226 227 struct peer; 228 RB_HEAD(peer_head, peer); 229 230 struct l3vpn; 231 SIMPLEQ_HEAD(l3vpn_head, l3vpn); 232 233 struct network; 234 TAILQ_HEAD(network_head, network); 235 236 struct flowspec_config; 237 RB_HEAD(flowspec_tree, flowspec_config); 238 239 struct prefixset; 240 SIMPLEQ_HEAD(prefixset_head, prefixset); 241 struct prefixset_item; 242 RB_HEAD(prefixset_tree, prefixset_item); 243 244 struct tentry_v4; 245 struct tentry_v6; 246 struct trie_head { 247 struct tentry_v4 *root_v4; 248 struct tentry_v6 *root_v6; 249 int match_default_v4; 250 int match_default_v6; 251 size_t v4_cnt; 252 size_t v6_cnt; 253 }; 254 255 struct rde_prefixset { 256 char name[SET_NAME_LEN]; 257 struct trie_head th; 258 SIMPLEQ_ENTRY(rde_prefixset) entry; 259 time_t lastchange; 260 int dirty; 261 }; 262 SIMPLEQ_HEAD(rde_prefixset_head, rde_prefixset); 263 264 struct roa { 265 RB_ENTRY(roa) entry; 266 uint8_t aid; 267 uint8_t prefixlen; 268 uint8_t maxlen; 269 uint8_t pad; 270 uint32_t asnum; 271 time_t expires; 272 union { 273 struct in_addr inet; 274 struct in6_addr inet6; 275 } prefix; 276 }; 277 278 RB_HEAD(roa_tree, roa); 279 struct aspa_set; 280 RB_HEAD(aspa_tree, aspa_set); 281 282 struct set_table; 283 struct as_set; 284 SIMPLEQ_HEAD(as_set_head, as_set); 285 286 struct filter_rule; 287 TAILQ_HEAD(filter_head, filter_rule); 288 289 struct rtr_config; 290 SIMPLEQ_HEAD(rtr_config_head, rtr_config); 291 292 struct bgpd_config { 293 struct peer_head peers; 294 struct l3vpn_head l3vpns; 295 struct network_head networks; 296 struct flowspec_tree flowspecs; 297 struct filter_head *filters; 298 struct listen_addrs *listen_addrs; 299 struct mrt_head *mrt; 300 struct prefixset_head prefixsets; 301 struct prefixset_head originsets; 302 struct roa_tree roa; 303 struct aspa_tree aspa; 304 struct rde_prefixset_head rde_prefixsets; 305 struct rde_prefixset_head rde_originsets; 306 struct as_set_head as_sets; 307 struct rtr_config_head rtrs; 308 char *csock; 309 char *rcsock; 310 int flags; 311 int log; 312 u_int default_tableid; 313 uint32_t bgpid; 314 uint32_t clusterid; 315 uint32_t as; 316 uint16_t short_as; 317 uint16_t holdtime; 318 uint16_t min_holdtime; 319 uint16_t connectretry; 320 uint8_t fib_priority; 321 uint8_t filtered_in_locrib; 322 }; 323 324 extern int cmd_opts; 325 326 enum addpath_mode { 327 ADDPATH_EVAL_NONE, 328 ADDPATH_EVAL_BEST, 329 ADDPATH_EVAL_ECMP, 330 ADDPATH_EVAL_AS_WIDE, 331 ADDPATH_EVAL_ALL, 332 }; 333 334 struct addpath_eval { 335 enum addpath_mode mode; 336 int extrapaths; 337 int maxpaths; 338 }; 339 340 enum export_type { 341 EXPORT_UNSET, 342 EXPORT_NONE, 343 EXPORT_DEFAULT_ROUTE 344 }; 345 346 enum enforce_as { 347 ENFORCE_AS_UNDEF, 348 ENFORCE_AS_OFF, 349 ENFORCE_AS_ON 350 }; 351 352 enum role { 353 ROLE_NONE, 354 ROLE_CUSTOMER, 355 ROLE_PROVIDER, 356 ROLE_RS, 357 ROLE_RS_CLIENT, 358 ROLE_PEER, 359 }; 360 361 enum auth_method { 362 AUTH_NONE, 363 AUTH_MD5SIG, 364 AUTH_IPSEC_MANUAL_ESP, 365 AUTH_IPSEC_MANUAL_AH, 366 AUTH_IPSEC_IKE_ESP, 367 AUTH_IPSEC_IKE_AH 368 }; 369 370 enum auth_alg { 371 AUTH_AALG_NONE, 372 AUTH_AALG_SHA1HMAC, 373 AUTH_AALG_MD5HMAC, 374 }; 375 376 enum auth_enc_alg { 377 AUTH_EALG_NONE, 378 AUTH_EALG_3DESCBC, 379 AUTH_EALG_AES, 380 }; 381 382 struct auth_config { 383 char md5key[TCP_MD5_KEY_LEN]; 384 char auth_key_in[IPSEC_AUTH_KEY_LEN]; 385 char auth_key_out[IPSEC_AUTH_KEY_LEN]; 386 char enc_key_in[IPSEC_ENC_KEY_LEN]; 387 char enc_key_out[IPSEC_ENC_KEY_LEN]; 388 uint32_t spi_in; 389 uint32_t spi_out; 390 enum auth_method method; 391 enum auth_alg auth_alg_in; 392 enum auth_alg auth_alg_out; 393 enum auth_enc_alg enc_alg_in; 394 enum auth_enc_alg enc_alg_out; 395 uint8_t md5key_len; 396 uint8_t auth_keylen_in; 397 uint8_t auth_keylen_out; 398 uint8_t enc_keylen_in; 399 uint8_t enc_keylen_out; 400 }; 401 402 struct capabilities { 403 struct { 404 int16_t timeout; /* graceful restart timeout */ 405 int8_t flags[AID_MAX]; /* graceful restart per AID flags */ 406 int8_t restart; /* graceful restart, RFC 4724 */ 407 } grestart; 408 int8_t mp[AID_MAX]; /* multiprotocol extensions, RFC 4760 */ 409 int8_t add_path[AID_MAX]; /* ADD_PATH, RFC 7911 */ 410 int8_t refresh; /* route refresh, RFC 2918 */ 411 int8_t as4byte; /* 4-byte ASnum, RFC 4893 */ 412 int8_t enhanced_rr; /* enhanced route refresh, RFC 7313 */ 413 int8_t policy; /* Open Policy, RFC 9234, 2 = enforce */ 414 }; 415 416 enum capa_codes { 417 CAPA_NONE = 0, 418 CAPA_MP = 1, 419 CAPA_REFRESH = 2, 420 CAPA_ROLE = 9, 421 CAPA_RESTART = 64, 422 CAPA_AS4BYTE = 65, 423 CAPA_ADD_PATH = 69, 424 CAPA_ENHANCED_RR = 70, 425 }; 426 427 /* flags for RFC 4724 - graceful restart */ 428 #define CAPA_GR_PRESENT 0x01 429 #define CAPA_GR_RESTART 0x02 430 #define CAPA_GR_FORWARD 0x04 431 #define CAPA_GR_RESTARTING 0x08 432 #define CAPA_GR_TIMEMASK 0x0fff 433 #define CAPA_GR_R_FLAG 0x8000 434 #define CAPA_GR_F_FLAG 0x80 435 436 /* flags for RFC 7911 - enhanced router refresh */ 437 #define CAPA_AP_RECV 0x01 438 #define CAPA_AP_SEND 0x02 439 #define CAPA_AP_BIDIR 0x03 440 #define CAPA_AP_MASK 0x0f 441 #define CAPA_AP_RECV_ENFORCE 0x10 /* internal only */ 442 #define CAPA_AP_SEND_ENFORCE 0x20 /* internal only */ 443 444 /* values for RFC 9234 - BGP Open Policy */ 445 #define CAPA_ROLE_PROVIDER 0x00 446 #define CAPA_ROLE_RS 0x01 447 #define CAPA_ROLE_RS_CLIENT 0x02 448 #define CAPA_ROLE_CUSTOMER 0x03 449 #define CAPA_ROLE_PEER 0x04 450 451 struct peer_config { 452 struct bgpd_addr remote_addr; 453 struct bgpd_addr local_addr_v4; 454 struct bgpd_addr local_addr_v6; 455 struct capabilities capabilities; 456 struct addpath_eval eval; 457 char group[PEER_DESCR_LEN]; 458 char descr[PEER_DESCR_LEN]; 459 char reason[REASON_LEN]; 460 char rib[PEER_DESCR_LEN]; 461 char if_depend[IFNAMSIZ]; 462 char demote_group[IFNAMSIZ]; 463 uint32_t id; 464 uint32_t groupid; 465 uint32_t remote_as; 466 uint32_t local_as; 467 uint32_t max_prefix; 468 uint32_t max_out_prefix; 469 enum export_type export_type; 470 enum enforce_as enforce_as; 471 enum enforce_as enforce_local_as; 472 enum role role; 473 uint16_t max_prefix_restart; 474 uint16_t max_out_prefix_restart; 475 uint16_t holdtime; 476 uint16_t min_holdtime; 477 uint16_t local_short_as; 478 uint16_t remote_port; 479 uint8_t template; 480 uint8_t remote_masklen; 481 uint8_t ebgp; /* 0 = ibgp else ebgp */ 482 uint8_t distance; /* 1 = direct, >1 = multihop */ 483 uint8_t passive; 484 uint8_t down; 485 uint8_t reflector_client; 486 uint8_t ttlsec; /* TTL security hack */ 487 uint8_t flags; 488 }; 489 490 #define PEER_ID_NONE 0 491 #define PEER_ID_SELF 1 492 #define PEER_ID_STATIC_MIN 2 /* exclude self */ 493 #define PEER_ID_STATIC_MAX (UINT_MAX / 2) 494 #define PEER_ID_DYN_MAX UINT_MAX 495 496 #define PEERFLAG_TRANS_AS 0x01 497 #define PEERFLAG_LOG_UPDATES 0x02 498 #define PEERFLAG_EVALUATE_ALL 0x04 499 #define PEERFLAG_NO_AS_SET 0x08 500 501 struct rde_peer_stats { 502 uint64_t prefix_rcvd_update; 503 uint64_t prefix_rcvd_withdraw; 504 uint64_t prefix_rcvd_eor; 505 uint64_t prefix_sent_update; 506 uint64_t prefix_sent_withdraw; 507 uint64_t prefix_sent_eor; 508 uint32_t prefix_cnt; 509 uint32_t prefix_out_cnt; 510 uint32_t pending_update; 511 uint32_t pending_withdraw; 512 }; 513 514 enum network_type { 515 NETWORK_DEFAULT, /* from network statements */ 516 NETWORK_STATIC, 517 NETWORK_CONNECTED, 518 NETWORK_RTLABEL, 519 NETWORK_MRTCLONE, 520 NETWORK_PRIORITY, 521 NETWORK_PREFIXSET, 522 }; 523 524 struct network_config { 525 struct bgpd_addr prefix; 526 struct filter_set_head attrset; 527 char psname[SET_NAME_LEN]; 528 uint64_t rd; 529 enum network_type type; 530 uint16_t rtlabel; 531 uint8_t prefixlen; 532 uint8_t priority; 533 uint8_t old; /* used for reloading */ 534 }; 535 536 struct network { 537 struct network_config net; 538 TAILQ_ENTRY(network) entry; 539 }; 540 541 struct flowspec { 542 uint16_t len; 543 uint8_t aid; 544 uint8_t flags; 545 uint8_t data[1]; 546 }; 547 #define FLOWSPEC_SIZE (offsetof(struct flowspec, data)) 548 549 struct flowspec_config { 550 RB_ENTRY(flowspec_config) entry; 551 struct filter_set_head attrset; 552 struct flowspec *flow; 553 enum reconf_action reconf_action; 554 }; 555 556 enum rtr_error { 557 NO_ERROR = -1, 558 CORRUPT_DATA = 0, 559 INTERNAL_ERROR, 560 NO_DATA_AVAILABLE, 561 INVALID_REQUEST, 562 UNSUPP_PROTOCOL_VERS, 563 UNSUPP_PDU_TYPE, 564 UNK_REC_WDRAWL, 565 DUP_REC_RECV, 566 UNEXP_PROTOCOL_VERS, 567 }; 568 569 struct rtr_config { 570 SIMPLEQ_ENTRY(rtr_config) entry; 571 char descr[PEER_DESCR_LEN]; 572 struct auth_config auth; 573 struct bgpd_addr remote_addr; 574 struct bgpd_addr local_addr; 575 uint32_t id; 576 uint16_t remote_port; 577 uint8_t min_version; 578 }; 579 580 struct rtr_config_msg { 581 char descr[PEER_DESCR_LEN]; 582 uint8_t min_version; 583 }; 584 585 struct ctl_show_rtr { 586 char descr[PEER_DESCR_LEN]; 587 char state[PEER_DESCR_LEN]; 588 char last_sent_msg[REASON_LEN]; 589 char last_recv_msg[REASON_LEN]; 590 struct bgpd_addr remote_addr; 591 struct bgpd_addr local_addr; 592 uint32_t serial; 593 uint32_t refresh; 594 uint32_t retry; 595 uint32_t expire; 596 int session_id; 597 enum rtr_error last_sent_error; 598 enum rtr_error last_recv_error; 599 uint16_t remote_port; 600 uint8_t version; 601 uint8_t min_version; 602 }; 603 604 enum imsg_type { 605 IMSG_NONE, 606 IMSG_CTL_END, 607 IMSG_CTL_RELOAD, 608 IMSG_CTL_FIB_COUPLE, 609 IMSG_CTL_FIB_DECOUPLE, 610 IMSG_CTL_NEIGHBOR_UP, 611 IMSG_CTL_NEIGHBOR_DOWN, 612 IMSG_CTL_NEIGHBOR_CLEAR, 613 IMSG_CTL_NEIGHBOR_RREFRESH, 614 IMSG_CTL_NEIGHBOR_DESTROY, 615 IMSG_CTL_KROUTE, 616 IMSG_CTL_KROUTE_ADDR, 617 IMSG_CTL_RESULT, 618 IMSG_CTL_SHOW_NEIGHBOR, 619 IMSG_CTL_SHOW_NEXTHOP, 620 IMSG_CTL_SHOW_INTERFACE, 621 IMSG_CTL_SHOW_RIB, 622 IMSG_CTL_SHOW_RIB_PREFIX, 623 IMSG_CTL_SHOW_RIB_COMMUNITIES, 624 IMSG_CTL_SHOW_RIB_ATTR, 625 IMSG_CTL_SHOW_NETWORK, 626 IMSG_CTL_SHOW_FLOWSPEC, 627 IMSG_CTL_SHOW_RIB_MEM, 628 IMSG_CTL_SHOW_TERSE, 629 IMSG_CTL_SHOW_TIMER, 630 IMSG_CTL_LOG_VERBOSE, 631 IMSG_CTL_SHOW_FIB_TABLES, 632 IMSG_CTL_SHOW_SET, 633 IMSG_CTL_SHOW_RTR, 634 IMSG_CTL_TERMINATE, 635 IMSG_NETWORK_ADD, 636 IMSG_NETWORK_ASPATH, 637 IMSG_NETWORK_ATTR, 638 IMSG_NETWORK_REMOVE, 639 IMSG_NETWORK_FLUSH, 640 IMSG_NETWORK_DONE, 641 IMSG_FLOWSPEC_ADD, 642 IMSG_FLOWSPEC_DONE, 643 IMSG_FLOWSPEC_REMOVE, 644 IMSG_FLOWSPEC_FLUSH, 645 IMSG_FILTER_SET, 646 IMSG_SOCKET_CONN, 647 IMSG_SOCKET_CONN_CTL, 648 IMSG_SOCKET_CONN_RTR, 649 IMSG_SOCKET_SETUP, 650 IMSG_SOCKET_TEARDOWN, 651 IMSG_RECONF_CONF, 652 IMSG_RECONF_RIB, 653 IMSG_RECONF_PEER, 654 IMSG_RECONF_PEER_AUTH, 655 IMSG_RECONF_FILTER, 656 IMSG_RECONF_LISTENER, 657 IMSG_RECONF_CTRL, 658 IMSG_RECONF_VPN, 659 IMSG_RECONF_VPN_EXPORT, 660 IMSG_RECONF_VPN_IMPORT, 661 IMSG_RECONF_VPN_DONE, 662 IMSG_RECONF_PREFIX_SET, 663 IMSG_RECONF_PREFIX_SET_ITEM, 664 IMSG_RECONF_AS_SET, 665 IMSG_RECONF_AS_SET_ITEMS, 666 IMSG_RECONF_AS_SET_DONE, 667 IMSG_RECONF_ORIGIN_SET, 668 IMSG_RECONF_ROA_SET, 669 IMSG_RECONF_ROA_ITEM, 670 IMSG_RECONF_ASPA, 671 IMSG_RECONF_ASPA_TAS, 672 IMSG_RECONF_ASPA_DONE, 673 IMSG_RECONF_ASPA_PREP, 674 IMSG_RECONF_RTR_CONFIG, 675 IMSG_RECONF_DRAIN, 676 IMSG_RECONF_DONE, 677 IMSG_UPDATE, 678 IMSG_UPDATE_ERR, 679 IMSG_SESSION_ADD, 680 IMSG_SESSION_UP, 681 IMSG_SESSION_DOWN, 682 IMSG_SESSION_STALE, 683 IMSG_SESSION_NOGRACE, 684 IMSG_SESSION_FLUSH, 685 IMSG_SESSION_RESTARTED, 686 IMSG_SESSION_DEPENDON, 687 IMSG_PFKEY_RELOAD, 688 IMSG_MRT_OPEN, 689 IMSG_MRT_REOPEN, 690 IMSG_MRT_CLOSE, 691 IMSG_KROUTE_CHANGE, 692 IMSG_KROUTE_DELETE, 693 IMSG_KROUTE_FLUSH, 694 IMSG_NEXTHOP_ADD, 695 IMSG_NEXTHOP_REMOVE, 696 IMSG_NEXTHOP_UPDATE, 697 IMSG_PFTABLE_ADD, 698 IMSG_PFTABLE_REMOVE, 699 IMSG_PFTABLE_COMMIT, 700 IMSG_REFRESH, 701 IMSG_DEMOTE, 702 IMSG_XON, 703 IMSG_XOFF 704 }; 705 706 struct demote_msg { 707 char demote_group[IFNAMSIZ]; 708 int level; 709 }; 710 711 enum ctl_results { 712 CTL_RES_OK, 713 CTL_RES_NOSUCHPEER, 714 CTL_RES_DENIED, 715 CTL_RES_NOCAP, 716 CTL_RES_PARSE_ERROR, 717 CTL_RES_PENDING, 718 CTL_RES_NOMEM, 719 CTL_RES_BADPEER, 720 CTL_RES_BADSTATE, 721 CTL_RES_NOSUCHRIB, 722 CTL_RES_OPNOTSUPP, 723 }; 724 725 /* needed for session.h parse prototype */ 726 LIST_HEAD(mrt_head, mrt); 727 728 /* error codes and subcodes needed in SE and RDE */ 729 enum err_codes { 730 ERR_HEADER = 1, 731 ERR_OPEN, 732 ERR_UPDATE, 733 ERR_HOLDTIMEREXPIRED, 734 ERR_FSM, 735 ERR_CEASE, 736 ERR_RREFRESH, 737 ERR_SENDHOLDTIMEREXPIRED, 738 }; 739 740 enum suberr_update { 741 ERR_UPD_UNSPECIFIC, 742 ERR_UPD_ATTRLIST, 743 ERR_UPD_UNKNWN_WK_ATTR, 744 ERR_UPD_MISSNG_WK_ATTR, 745 ERR_UPD_ATTRFLAGS, 746 ERR_UPD_ATTRLEN, 747 ERR_UPD_ORIGIN, 748 ERR_UPD_LOOP, 749 ERR_UPD_NEXTHOP, 750 ERR_UPD_OPTATTR, 751 ERR_UPD_NETWORK, 752 ERR_UPD_ASPATH 753 }; 754 755 enum suberr_cease { 756 ERR_CEASE_MAX_PREFIX = 1, 757 ERR_CEASE_ADMIN_DOWN, 758 ERR_CEASE_PEER_UNCONF, 759 ERR_CEASE_ADMIN_RESET, 760 ERR_CEASE_CONN_REJECT, 761 ERR_CEASE_OTHER_CHANGE, 762 ERR_CEASE_COLLISION, 763 ERR_CEASE_RSRC_EXHAUST, 764 ERR_CEASE_HARD_RESET, 765 ERR_CEASE_MAX_SENT_PREFIX 766 }; 767 768 enum suberr_rrefresh { 769 ERR_RR_INV_LEN = 1 770 }; 771 772 struct kroute; 773 struct kroute6; 774 struct knexthop; 775 struct kredist_node; 776 RB_HEAD(kroute_tree, kroute); 777 RB_HEAD(kroute6_tree, kroute6); 778 RB_HEAD(knexthop_tree, knexthop); 779 RB_HEAD(kredist_tree, kredist_node); 780 781 struct ktable { 782 char descr[PEER_DESCR_LEN]; 783 struct kroute_tree krt; 784 struct kroute6_tree krt6; 785 struct knexthop_tree knt; 786 struct kredist_tree kredist; 787 struct network_head krn; 788 u_int rtableid; 789 u_int nhtableid; /* rdomain id for nexthop lookup */ 790 int nhrefcnt; /* refcnt for nexthop table */ 791 enum reconf_action state; 792 uint8_t fib_conf; /* configured FIB sync flag */ 793 uint8_t fib_sync; /* is FIB synced with kernel? */ 794 }; 795 796 struct kroute_full { 797 struct bgpd_addr prefix; 798 struct bgpd_addr nexthop; 799 char label[ROUTELABEL_LEN]; 800 uint32_t mplslabel; 801 uint16_t flags; 802 u_short ifindex; 803 uint8_t prefixlen; 804 uint8_t priority; 805 }; 806 807 struct kroute_nexthop { 808 struct bgpd_addr nexthop; 809 struct bgpd_addr gateway; 810 struct bgpd_addr net; 811 uint8_t netlen; 812 uint8_t valid; 813 uint8_t connected; 814 }; 815 816 struct session_dependon { 817 char ifname[IFNAMSIZ]; 818 uint8_t depend_state; /* for session depend on */ 819 }; 820 821 struct session_up { 822 struct bgpd_addr local_v4_addr; 823 struct bgpd_addr local_v6_addr; 824 struct bgpd_addr remote_addr; 825 struct capabilities capa; 826 uint32_t remote_bgpid; 827 unsigned int if_scope; 828 uint16_t short_as; 829 }; 830 831 struct route_refresh { 832 uint8_t aid; 833 uint8_t subtype; 834 }; 835 #define ROUTE_REFRESH_REQUEST 0 836 #define ROUTE_REFRESH_BEGIN_RR 1 837 #define ROUTE_REFRESH_END_RR 2 838 839 struct pftable_msg { 840 struct bgpd_addr addr; 841 char pftable[PFTABLE_LEN]; 842 uint8_t len; 843 }; 844 845 struct ctl_show_interface { 846 char ifname[IFNAMSIZ]; 847 char linkstate[32]; 848 char media[32]; 849 uint64_t baudrate; 850 u_int rdomain; 851 uint8_t nh_reachable; 852 uint8_t is_up; 853 }; 854 855 struct ctl_show_nexthop { 856 struct bgpd_addr addr; 857 struct ctl_show_interface iface; 858 struct kroute_full kr; 859 uint8_t valid; 860 uint8_t krvalid; 861 }; 862 863 struct ctl_show_set { 864 char name[SET_NAME_LEN]; 865 time_t lastchange; 866 size_t v4_cnt; 867 size_t v6_cnt; 868 size_t as_cnt; 869 enum { 870 ASNUM_SET, 871 PREFIX_SET, 872 ORIGIN_SET, 873 ROA_SET, 874 ASPA_SET, 875 } type; 876 }; 877 878 struct ctl_neighbor { 879 struct bgpd_addr addr; 880 char descr[PEER_DESCR_LEN]; 881 char reason[REASON_LEN]; 882 int show_timers; 883 int is_group; 884 }; 885 886 #define F_PREF_ELIGIBLE 0x001 887 #define F_PREF_BEST 0x002 888 #define F_PREF_INTERNAL 0x004 889 #define F_PREF_ANNOUNCE 0x008 890 #define F_PREF_STALE 0x010 891 #define F_PREF_INVALID 0x020 892 #define F_PREF_PATH_ID 0x040 893 #define F_PREF_OTC_LEAK 0x080 894 #define F_PREF_ECMP 0x100 895 #define F_PREF_AS_WIDE 0x200 896 #define F_PREF_FILTERED 0x400 897 898 struct ctl_show_rib { 899 struct bgpd_addr true_nexthop; 900 struct bgpd_addr exit_nexthop; 901 struct bgpd_addr prefix; 902 struct bgpd_addr remote_addr; 903 char descr[PEER_DESCR_LEN]; 904 time_t age; 905 uint32_t remote_id; 906 uint32_t path_id; 907 uint32_t local_pref; 908 uint32_t med; 909 uint32_t weight; 910 uint32_t flags; 911 uint8_t prefixlen; 912 uint8_t origin; 913 uint8_t roa_validation_state; 914 uint8_t aspa_validation_state; 915 int8_t dmetric; 916 /* plus an aspath */ 917 }; 918 919 enum as_spec { 920 AS_UNDEF, 921 AS_ALL, 922 AS_SOURCE, 923 AS_TRANSIT, 924 AS_PEER, 925 AS_EMPTY 926 }; 927 928 enum aslen_spec { 929 ASLEN_NONE, 930 ASLEN_MAX, 931 ASLEN_SEQ 932 }; 933 934 #define AS_FLAG_NEIGHBORAS 0x01 935 #define AS_FLAG_AS_SET_NAME 0x02 936 #define AS_FLAG_AS_SET 0x04 937 938 struct filter_as { 939 char name[SET_NAME_LEN]; 940 struct as_set *aset; 941 uint32_t as_min; 942 uint32_t as_max; 943 enum as_spec type; 944 uint8_t flags; 945 uint8_t op; 946 }; 947 948 struct filter_aslen { 949 u_int aslen; 950 enum aslen_spec type; 951 }; 952 953 #define PREFIXSET_FLAG_FILTER 0x01 954 #define PREFIXSET_FLAG_DIRTY 0x02 /* prefix-set changed at reload */ 955 #define PREFIXSET_FLAG_OPS 0x04 /* indiv. prefixes have prefixlenops */ 956 #define PREFIXSET_FLAG_LONGER 0x08 /* filter all prefixes with or-longer */ 957 958 struct filter_prefixset { 959 int flags; 960 char name[SET_NAME_LEN]; 961 struct rde_prefixset *ps; 962 }; 963 964 struct filter_originset { 965 char name[SET_NAME_LEN]; 966 struct rde_prefixset *ps; 967 }; 968 969 struct filter_vs { 970 uint8_t validity; 971 uint8_t is_set; 972 }; 973 974 /* 975 * Communities are encoded depending on their type. The low byte of flags 976 * is the COMMUNITY_TYPE (BASIC, LARGE, EXT). BASIC encoding is just using 977 * data1 and data2, LARGE uses all data fields and EXT is also using all 978 * data fields. The 4-byte flags fields consists of up to 3 data flags 979 * for e.g. COMMUNITY_ANY and the low byte is the community type. 980 * If flags is 0 the community struct is unused. If the upper 24bit of 981 * flags is 0 a fast compare can be used. 982 * The code uses a type cast to uint8_t to access the type. 983 */ 984 struct community { 985 uint32_t flags; 986 uint32_t data1; 987 uint32_t data2; 988 uint32_t data3; 989 }; 990 991 struct ctl_show_rib_request { 992 char rib[PEER_DESCR_LEN]; 993 struct ctl_neighbor neighbor; 994 struct bgpd_addr prefix; 995 struct filter_as as; 996 struct community community; 997 uint32_t flags; 998 uint32_t path_id; 999 pid_t pid; 1000 enum imsg_type type; 1001 uint8_t validation_state; 1002 uint8_t prefixlen; 1003 uint8_t aid; 1004 }; 1005 1006 struct ctl_kroute_req { 1007 int flags; 1008 sa_family_t af; 1009 }; 1010 1011 enum filter_actions { 1012 ACTION_NONE, 1013 ACTION_ALLOW, 1014 ACTION_DENY 1015 }; 1016 1017 enum directions { 1018 DIR_IN = 1, 1019 DIR_OUT 1020 }; 1021 1022 enum from_spec { 1023 FROM_ALL, 1024 FROM_ADDRESS, 1025 FROM_DESCR, 1026 FROM_GROUP 1027 }; 1028 1029 enum comp_ops { 1030 OP_NONE, 1031 OP_RANGE, 1032 OP_XRANGE, 1033 OP_EQ, 1034 OP_NE, 1035 OP_LE, 1036 OP_LT, 1037 OP_GE, 1038 OP_GT 1039 }; 1040 1041 struct filter_peers { 1042 uint32_t peerid; 1043 uint32_t groupid; 1044 uint32_t remote_as; 1045 uint16_t ribid; 1046 uint8_t ebgp; 1047 uint8_t ibgp; 1048 }; 1049 1050 /* special community type, keep in sync with the attribute type */ 1051 #define COMMUNITY_TYPE_NONE 0 1052 #define COMMUNITY_TYPE_BASIC 8 1053 #define COMMUNITY_TYPE_EXT 16 1054 #define COMMUNITY_TYPE_LARGE 32 1055 1056 #define COMMUNITY_ANY 1 1057 #define COMMUNITY_NEIGHBOR_AS 2 1058 #define COMMUNITY_LOCAL_AS 3 1059 1060 /* wellknown community definitions */ 1061 #define COMMUNITY_WELLKNOWN 0xffff 1062 #define COMMUNITY_GRACEFUL_SHUTDOWN 0x0000 /* RFC 8326 */ 1063 #define COMMUNITY_BLACKHOLE 0x029A /* RFC 7999 */ 1064 #define COMMUNITY_NO_EXPORT 0xff01 1065 #define COMMUNITY_NO_ADVERTISE 0xff02 1066 #define COMMUNITY_NO_EXPSUBCONFED 0xff03 1067 #define COMMUNITY_NO_PEER 0xff04 /* RFC 3765 */ 1068 1069 /* extended community definitions */ 1070 #define EXT_COMMUNITY_IANA 0x80 1071 #define EXT_COMMUNITY_NON_TRANSITIVE 0x40 1072 #define EXT_COMMUNITY_VALUE 0x3f 1073 /* extended transitive types */ 1074 #define EXT_COMMUNITY_TRANS_TWO_AS 0x00 /* 2 octet AS specific */ 1075 #define EXT_COMMUNITY_TRANS_IPV4 0x01 /* IPv4 specific */ 1076 #define EXT_COMMUNITY_TRANS_FOUR_AS 0x02 /* 4 octet AS specific */ 1077 #define EXT_COMMUNITY_TRANS_OPAQUE 0x03 /* opaque ext community */ 1078 #define EXT_COMMUNITY_TRANS_EVPN 0x06 /* EVPN RFC 7432 */ 1079 /* extended non-transitive types */ 1080 #define EXT_COMMUNITY_NON_TRANS_TWO_AS 0x40 /* 2 octet AS specific */ 1081 #define EXT_COMMUNITY_NON_TRANS_IPV4 0x41 /* IPv4 specific */ 1082 #define EXT_COMMUNITY_NON_TRANS_FOUR_AS 0x42 /* 4 octet AS specific */ 1083 #define EXT_COMMUNITY_NON_TRANS_OPAQUE 0x43 /* opaque ext community */ 1084 #define EXT_COMMUNITY_UNKNOWN -1 1085 /* generic transitive types */ 1086 #define EXT_COMMUNITY_GEN_TWO_AS 0x80 /* 2 octet AS specific */ 1087 #define EXT_COMMUNITY_GEN_IPV4 0x81 /* IPv4 specific */ 1088 #define EXT_COMMUNITY_GEN_FOUR_AS 0x82 /* 4 octet AS specific */ 1089 1090 /* BGP Origin Validation State Extended Community RFC 8097 */ 1091 #define EXT_COMMUNITY_SUBTYPE_OVS 0 1092 #define EXT_COMMUNITY_OVS_VALID 0 1093 #define EXT_COMMUNITY_OVS_NOTFOUND 1 1094 #define EXT_COMMUNITY_OVS_INVALID 2 1095 1096 /* other handy defines */ 1097 #define EXT_COMMUNITY_OPAQUE_MAX 0xffffffffffffULL 1098 #define EXT_COMMUNITY_FLAG_VALID 0x01 1099 1100 struct ext_comm_pairs { 1101 uint8_t type; 1102 uint8_t subtype; 1103 const char *subname; 1104 }; 1105 1106 #define IANA_EXT_COMMUNITIES { \ 1107 { EXT_COMMUNITY_TRANS_TWO_AS, 0x02, "rt" }, \ 1108 { EXT_COMMUNITY_TRANS_TWO_AS, 0x03, "soo" }, \ 1109 { EXT_COMMUNITY_TRANS_TWO_AS, 0x05, "odi" }, \ 1110 { EXT_COMMUNITY_TRANS_TWO_AS, 0x08, "bdc" }, \ 1111 { EXT_COMMUNITY_TRANS_TWO_AS, 0x09, "srcas" }, \ 1112 { EXT_COMMUNITY_TRANS_TWO_AS, 0x0a, "l2vid" }, \ 1113 \ 1114 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x02, "rt" }, \ 1115 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x03, "soo" }, \ 1116 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x05, "odi" }, \ 1117 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x08, "bdc" }, \ 1118 { EXT_COMMUNITY_TRANS_FOUR_AS, 0x09, "srcas" }, \ 1119 \ 1120 { EXT_COMMUNITY_TRANS_IPV4, 0x02, "rt" }, \ 1121 { EXT_COMMUNITY_TRANS_IPV4, 0x03, "soo" }, \ 1122 { EXT_COMMUNITY_TRANS_IPV4, 0x05, "odi" }, \ 1123 { EXT_COMMUNITY_TRANS_IPV4, 0x07, "ori" }, \ 1124 { EXT_COMMUNITY_TRANS_IPV4, 0x0a, "l2vid" }, \ 1125 { EXT_COMMUNITY_TRANS_IPV4, 0x0b, "vrfri" }, \ 1126 \ 1127 { EXT_COMMUNITY_TRANS_OPAQUE, 0x06, "ort" }, \ 1128 { EXT_COMMUNITY_TRANS_OPAQUE, 0x0d, "defgw" }, \ 1129 \ 1130 { EXT_COMMUNITY_NON_TRANS_OPAQUE, EXT_COMMUNITY_SUBTYPE_OVS, "ovs" }, \ 1131 \ 1132 { EXT_COMMUNITY_TRANS_EVPN, 0x00, "mac-mob" }, \ 1133 { EXT_COMMUNITY_TRANS_EVPN, 0x01, "esi-lab" }, \ 1134 { EXT_COMMUNITY_TRANS_EVPN, 0x02, "esi-rt" }, \ 1135 \ 1136 { EXT_COMMUNITY_GEN_TWO_AS, 0x06, "flow-rate" }, \ 1137 { EXT_COMMUNITY_GEN_TWO_AS, 0x0c, "flow-pps" }, \ 1138 { EXT_COMMUNITY_GEN_TWO_AS, 0x07, "flow-action" }, \ 1139 { EXT_COMMUNITY_GEN_TWO_AS, 0x08, "flow-rt-redir" }, \ 1140 { EXT_COMMUNITY_GEN_IPV4, 0x08, "flow-rt-redir" }, \ 1141 { EXT_COMMUNITY_GEN_FOUR_AS, 0x08, "flow-rt-redir" }, \ 1142 { EXT_COMMUNITY_GEN_TWO_AS, 0x09, "flow-dscp" }, \ 1143 \ 1144 { 0 } \ 1145 } 1146 1147 extern const struct ext_comm_pairs iana_ext_comms[]; 1148 1149 /* BGP flowspec defines RFC 8955 and 8956 */ 1150 #define FLOWSPEC_LEN_LIMIT 0xf0 1151 #define FLOWSPEC_OP_EOL 0x80 1152 #define FLOWSPEC_OP_AND 0x40 1153 #define FLOWSPEC_OP_LEN_MASK 0x30 1154 #define FLOWSPEC_OP_LEN_SHIFT 4 1155 #define FLOWSPEC_OP_LEN(op) \ 1156 (1 << (((op) & FLOWSPEC_OP_LEN_MASK) >> FLOWSPEC_OP_LEN_SHIFT)) 1157 #define FLOWSPEC_OP_NUM_LT 0x04 1158 #define FLOWSPEC_OP_NUM_GT 0x02 1159 #define FLOWSPEC_OP_NUM_EQ 0x01 1160 #define FLOWSPEC_OP_NUM_LE (FLOWSPEC_OP_NUM_LT | FLOWSPEC_OP_NUM_EQ) 1161 #define FLOWSPEC_OP_NUM_GE (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_EQ) 1162 #define FLOWSPEC_OP_NUM_NOT (FLOWSPEC_OP_NUM_GT | FLOWSPEC_OP_NUM_LT) 1163 #define FLOWSPEC_OP_NUM_MASK 0x07 1164 #define FLOWSPEC_OP_BIT_NOT 0x02 1165 #define FLOWSPEC_OP_BIT_MATCH 0x01 1166 #define FLOWSPEC_OP_BIT_MASK 0x03 1167 1168 #define FLOWSPEC_TYPE_MIN 1 1169 #define FLOWSPEC_TYPE_DEST 1 1170 #define FLOWSPEC_TYPE_SOURCE 2 1171 #define FLOWSPEC_TYPE_PROTO 3 1172 #define FLOWSPEC_TYPE_PORT 4 1173 #define FLOWSPEC_TYPE_DST_PORT 5 1174 #define FLOWSPEC_TYPE_SRC_PORT 6 1175 #define FLOWSPEC_TYPE_ICMP_TYPE 7 1176 #define FLOWSPEC_TYPE_ICMP_CODE 8 1177 #define FLOWSPEC_TYPE_TCP_FLAGS 9 1178 #define FLOWSPEC_TYPE_PKT_LEN 10 1179 #define FLOWSPEC_TYPE_DSCP 11 1180 #define FLOWSPEC_TYPE_FRAG 12 1181 #define FLOWSPEC_TYPE_FLOW 13 1182 #define FLOWSPEC_TYPE_MAX 14 1183 1184 #define FLOWSPEC_TCP_FLAG_STRING "FSRPAUEW" 1185 #define FLOWSPEC_FRAG_STRING4 "DIFL" 1186 #define FLOWSPEC_FRAG_STRING6 " IFL" 1187 1188 struct filter_prefix { 1189 struct bgpd_addr addr; 1190 uint8_t op; 1191 uint8_t len; 1192 uint8_t len_min; 1193 uint8_t len_max; 1194 }; 1195 1196 struct filter_nexthop { 1197 struct bgpd_addr addr; 1198 uint8_t flags; 1199 #define FILTER_NEXTHOP_ADDR 1 1200 #define FILTER_NEXTHOP_NEIGHBOR 2 1201 }; 1202 1203 struct filter_match { 1204 struct filter_prefix prefix; 1205 struct filter_nexthop nexthop; 1206 struct filter_as as; 1207 struct filter_aslen aslen; 1208 struct community community[MAX_COMM_MATCH]; 1209 struct filter_prefixset prefixset; 1210 struct filter_originset originset; 1211 struct filter_vs ovs; 1212 struct filter_vs avs; 1213 int maxcomm; 1214 int maxextcomm; 1215 int maxlargecomm; 1216 }; 1217 1218 struct filter_rule { 1219 TAILQ_ENTRY(filter_rule) entry; 1220 char rib[PEER_DESCR_LEN]; 1221 struct filter_peers peer; 1222 struct filter_match match; 1223 struct filter_set_head set; 1224 #define RDE_FILTER_SKIP_PEERID 0 1225 #define RDE_FILTER_SKIP_GROUPID 1 1226 #define RDE_FILTER_SKIP_REMOTE_AS 2 1227 #define RDE_FILTER_SKIP_COUNT 3 1228 struct filter_rule *skip[RDE_FILTER_SKIP_COUNT]; 1229 enum filter_actions action; 1230 enum directions dir; 1231 uint8_t quick; 1232 }; 1233 1234 enum action_types { 1235 ACTION_SET_LOCALPREF, 1236 ACTION_SET_RELATIVE_LOCALPREF, 1237 ACTION_SET_MED, 1238 ACTION_SET_RELATIVE_MED, 1239 ACTION_SET_WEIGHT, 1240 ACTION_SET_RELATIVE_WEIGHT, 1241 ACTION_SET_PREPEND_SELF, 1242 ACTION_SET_PREPEND_PEER, 1243 ACTION_SET_AS_OVERRIDE, 1244 ACTION_SET_NEXTHOP, 1245 ACTION_SET_NEXTHOP_REF, 1246 ACTION_SET_NEXTHOP_REJECT, 1247 ACTION_SET_NEXTHOP_BLACKHOLE, 1248 ACTION_SET_NEXTHOP_NOMODIFY, 1249 ACTION_SET_NEXTHOP_SELF, 1250 ACTION_DEL_COMMUNITY, 1251 ACTION_SET_COMMUNITY, 1252 ACTION_PFTABLE, 1253 ACTION_PFTABLE_ID, 1254 ACTION_RTLABEL, 1255 ACTION_RTLABEL_ID, 1256 ACTION_SET_ORIGIN 1257 }; 1258 1259 struct nexthop; 1260 struct filter_set { 1261 TAILQ_ENTRY(filter_set) entry; 1262 union { 1263 uint8_t prepend; 1264 uint16_t id; 1265 uint32_t metric; 1266 int32_t relative; 1267 struct bgpd_addr nexthop; 1268 struct nexthop *nh_ref; 1269 struct community community; 1270 char pftable[PFTABLE_LEN]; 1271 char rtlabel[ROUTELABEL_LEN]; 1272 uint8_t origin; 1273 } action; 1274 enum action_types type; 1275 }; 1276 1277 struct roa_set { 1278 uint32_t as; /* must be first */ 1279 uint32_t maxlen; /* change type for better struct layout */ 1280 }; 1281 1282 struct prefixset_item { 1283 struct filter_prefix p; 1284 RB_ENTRY(prefixset_item) entry; 1285 }; 1286 1287 struct prefixset { 1288 int sflags; 1289 char name[SET_NAME_LEN]; 1290 struct prefixset_tree psitems; 1291 struct roa_tree roaitems; 1292 SIMPLEQ_ENTRY(prefixset) entry; 1293 }; 1294 1295 struct as_set { 1296 char name[SET_NAME_LEN]; 1297 SIMPLEQ_ENTRY(as_set) entry; 1298 struct set_table *set; 1299 time_t lastchange; 1300 int dirty; 1301 }; 1302 1303 struct aspa_set { 1304 time_t expires; 1305 uint32_t as; 1306 uint32_t num; 1307 uint32_t *tas; 1308 RB_ENTRY(aspa_set) entry; 1309 }; 1310 1311 struct aspa_prep { 1312 size_t datasize; 1313 uint32_t entries; 1314 }; 1315 1316 struct l3vpn { 1317 SIMPLEQ_ENTRY(l3vpn) entry; 1318 char descr[PEER_DESCR_LEN]; 1319 char ifmpe[IFNAMSIZ]; 1320 struct filter_set_head import; 1321 struct filter_set_head export; 1322 struct network_head net_l; 1323 uint64_t rd; 1324 u_int rtableid; 1325 u_int label; 1326 int flags; 1327 }; 1328 1329 struct rde_rib { 1330 SIMPLEQ_ENTRY(rde_rib) entry; 1331 char name[PEER_DESCR_LEN]; 1332 u_int rtableid; 1333 uint16_t id; 1334 uint16_t flags; 1335 }; 1336 SIMPLEQ_HEAD(rib_names, rde_rib); 1337 extern struct rib_names ribnames; 1338 1339 /* rde_rib flags */ 1340 #define F_RIB_LOCAL 0x0001 1341 #define F_RIB_NOEVALUATE 0x0002 1342 #define F_RIB_NOFIB 0x0004 1343 #define F_RIB_NOFIBSYNC 0x0008 1344 1345 /* 4-byte magic AS number */ 1346 #define AS_TRANS 23456 1347 /* AS_NONE for origin validation */ 1348 #define AS_NONE 0 1349 1350 struct rde_memstats { 1351 long long path_cnt; 1352 long long path_refs; 1353 long long prefix_cnt; 1354 long long rib_cnt; 1355 long long pt_cnt[AID_MAX]; 1356 long long pt_size[AID_MAX]; 1357 long long nexthop_cnt; 1358 long long aspath_cnt; 1359 long long aspath_size; 1360 long long comm_cnt; 1361 long long comm_nmemb; 1362 long long comm_size; 1363 long long comm_refs; 1364 long long attr_cnt; 1365 long long attr_refs; 1366 long long attr_data; 1367 long long attr_dcnt; 1368 long long aset_cnt; 1369 long long aset_size; 1370 long long aset_nmemb; 1371 long long pset_cnt; 1372 long long pset_size; 1373 }; 1374 1375 #define MRT_FILE_LEN 512 1376 #define MRT2MC(x) ((struct mrt_config *)(x)) 1377 1378 enum mrt_type { 1379 MRT_NONE, 1380 MRT_TABLE_DUMP, 1381 MRT_TABLE_DUMP_MP, 1382 MRT_TABLE_DUMP_V2, 1383 MRT_ALL_IN, 1384 MRT_ALL_OUT, 1385 MRT_UPDATE_IN, 1386 MRT_UPDATE_OUT 1387 }; 1388 1389 enum mrt_state { 1390 MRT_STATE_RUNNING, 1391 MRT_STATE_OPEN, 1392 MRT_STATE_REOPEN, 1393 MRT_STATE_REMOVE 1394 }; 1395 1396 struct mrt { 1397 char rib[PEER_DESCR_LEN]; 1398 struct msgbuf wbuf; 1399 LIST_ENTRY(mrt) entry; 1400 uint32_t peer_id; 1401 uint32_t group_id; 1402 enum mrt_type type; 1403 enum mrt_state state; 1404 uint16_t seqnum; 1405 }; 1406 1407 struct mrt_config { 1408 struct mrt conf; 1409 char name[MRT_FILE_LEN]; /* base file name */ 1410 char file[MRT_FILE_LEN]; /* actual file name */ 1411 time_t ReopenTimer; 1412 int ReopenTimerInterval; 1413 }; 1414 1415 /* prototypes */ 1416 /* bgpd.c */ 1417 void send_nexthop_update(struct kroute_nexthop *); 1418 void send_imsg_session(int, pid_t, void *, uint16_t); 1419 int send_network(int, struct network_config *, 1420 struct filter_set_head *); 1421 int bgpd_oknexthop(struct kroute_full *); 1422 int bgpd_has_bgpnh(void); 1423 void set_pollfd(struct pollfd *, struct imsgbuf *); 1424 int handle_pollfd(struct pollfd *, struct imsgbuf *); 1425 1426 /* control.c */ 1427 int control_imsg_relay(struct imsg *, struct peer *); 1428 1429 /* config.c */ 1430 struct bgpd_config *new_config(void); 1431 void copy_config(struct bgpd_config *, struct bgpd_config *); 1432 void network_free(struct network *); 1433 struct flowspec_config *flowspec_alloc(uint8_t, int); 1434 void flowspec_free(struct flowspec_config *); 1435 void free_l3vpns(struct l3vpn_head *); 1436 void free_config(struct bgpd_config *); 1437 void free_prefixsets(struct prefixset_head *); 1438 void free_rde_prefixsets(struct rde_prefixset_head *); 1439 void free_prefixtree(struct prefixset_tree *); 1440 void free_roatree(struct roa_tree *); 1441 void free_aspa(struct aspa_set *); 1442 void free_aspatree(struct aspa_tree *); 1443 void free_rtrs(struct rtr_config_head *); 1444 void filterlist_free(struct filter_head *); 1445 int host(const char *, struct bgpd_addr *, uint8_t *); 1446 uint32_t get_bgpid(void); 1447 void expand_networks(struct bgpd_config *, struct network_head *); 1448 RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); 1449 RB_PROTOTYPE(roa_tree, roa, entry, roa_cmp); 1450 RB_PROTOTYPE(aspa_tree, aspa_set, entry, aspa_cmp); 1451 RB_PROTOTYPE(flowspec_tree, flowspec_config, entry, flowspec_config_cmp); 1452 1453 /* kroute.c */ 1454 int kr_init(int *, uint8_t); 1455 int kr_default_prio(void); 1456 int kr_check_prio(long long); 1457 int ktable_update(u_int, char *, int); 1458 void ktable_preload(void); 1459 void ktable_postload(void); 1460 int ktable_exists(u_int, u_int *); 1461 int kr_change(u_int, struct kroute_full *); 1462 int kr_delete(u_int, struct kroute_full *); 1463 int kr_flush(u_int); 1464 void kr_shutdown(void); 1465 void kr_fib_couple(u_int); 1466 void kr_fib_couple_all(void); 1467 void kr_fib_decouple(u_int); 1468 void kr_fib_decouple_all(void); 1469 void kr_fib_prio_set(uint8_t); 1470 int kr_dispatch_msg(void); 1471 int kr_nexthop_add(uint32_t, struct bgpd_addr *); 1472 void kr_nexthop_delete(uint32_t, struct bgpd_addr *); 1473 void kr_show_route(struct imsg *); 1474 void kr_ifinfo(char *); 1475 void kr_net_reload(u_int, uint64_t, struct network_head *); 1476 int kr_reload(void); 1477 int get_mpe_config(const char *, u_int *, u_int *); 1478 uint8_t mask2prefixlen(sa_family_t, struct sockaddr *); 1479 1480 /* log.c */ 1481 void log_peer_info(const struct peer_config *, const char *, ...) 1482 __attribute__((__format__ (printf, 2, 3))); 1483 void log_peer_warn(const struct peer_config *, const char *, ...) 1484 __attribute__((__format__ (printf, 2, 3))); 1485 void log_peer_warnx(const struct peer_config *, const char *, ...) 1486 __attribute__((__format__ (printf, 2, 3))); 1487 1488 /* mrt.c */ 1489 void mrt_write(struct mrt *); 1490 void mrt_clean(struct mrt *); 1491 void mrt_init(struct imsgbuf *, struct imsgbuf *); 1492 time_t mrt_timeout(struct mrt_head *); 1493 void mrt_reconfigure(struct mrt_head *); 1494 void mrt_handler(struct mrt_head *); 1495 struct mrt *mrt_get(struct mrt_head *, struct mrt *); 1496 void mrt_mergeconfig(struct mrt_head *, struct mrt_head *); 1497 1498 /* name2id.c */ 1499 uint16_t rtlabel_name2id(const char *); 1500 const char *rtlabel_id2name(uint16_t); 1501 void rtlabel_unref(uint16_t); 1502 uint16_t rtlabel_ref(uint16_t); 1503 uint16_t pftable_name2id(const char *); 1504 const char *pftable_id2name(uint16_t); 1505 void pftable_unref(uint16_t); 1506 uint16_t pftable_ref(uint16_t); 1507 1508 /* parse.y */ 1509 int cmdline_symset(char *); 1510 struct prefixset *find_prefixset(char *, struct prefixset_head *); 1511 struct bgpd_config *parse_config(char *, struct peer_head *, 1512 struct rtr_config_head *); 1513 1514 /* pftable.c */ 1515 int pftable_exists(const char *); 1516 int pftable_add(const char *); 1517 int pftable_clear_all(void); 1518 int pftable_addr_add(struct pftable_msg *); 1519 int pftable_addr_remove(struct pftable_msg *); 1520 int pftable_commit(void); 1521 1522 /* rde_filter.c */ 1523 void filterset_free(struct filter_set_head *); 1524 int filterset_cmp(struct filter_set *, struct filter_set *); 1525 void filterset_move(struct filter_set_head *, struct filter_set_head *); 1526 void filterset_copy(struct filter_set_head *, struct filter_set_head *); 1527 const char *filterset_name(enum action_types); 1528 1529 /* rde_sets.c */ 1530 struct as_set *as_sets_lookup(struct as_set_head *, const char *); 1531 struct as_set *as_sets_new(struct as_set_head *, const char *, size_t, 1532 size_t); 1533 void as_sets_free(struct as_set_head *); 1534 void as_sets_mark_dirty(struct as_set_head *, struct as_set_head *); 1535 int as_set_match(const struct as_set *, uint32_t); 1536 1537 struct set_table *set_new(size_t, size_t); 1538 void set_free(struct set_table *); 1539 int set_add(struct set_table *, void *, size_t); 1540 void *set_get(struct set_table *, size_t *); 1541 void set_prep(struct set_table *); 1542 void *set_match(const struct set_table *, uint32_t); 1543 int set_equal(const struct set_table *, 1544 const struct set_table *); 1545 size_t set_nmemb(const struct set_table *); 1546 1547 /* rde_trie.c */ 1548 int trie_add(struct trie_head *, struct bgpd_addr *, uint8_t, uint8_t, 1549 uint8_t); 1550 int trie_roa_add(struct trie_head *, struct roa *); 1551 void trie_free(struct trie_head *); 1552 int trie_match(struct trie_head *, struct bgpd_addr *, uint8_t, int); 1553 int trie_roa_check(struct trie_head *, struct bgpd_addr *, uint8_t, 1554 uint32_t); 1555 void trie_dump(struct trie_head *); 1556 int trie_equal(struct trie_head *, struct trie_head *); 1557 1558 /* timer.c */ 1559 time_t getmonotime(void); 1560 1561 /* util.c */ 1562 char *ibuf_get_string(struct ibuf *, size_t); 1563 const char *log_addr(const struct bgpd_addr *); 1564 const char *log_in6addr(const struct in6_addr *); 1565 const char *log_sockaddr(struct sockaddr *, socklen_t); 1566 const char *log_as(uint32_t); 1567 const char *log_rd(uint64_t); 1568 const char *log_ext_subtype(int, uint8_t); 1569 const char *log_reason(const char *); 1570 const char *log_aspath_error(int); 1571 const char *log_roa(struct roa *); 1572 const char *log_aspa(struct aspa_set *); 1573 const char *log_rtr_error(enum rtr_error); 1574 const char *log_policy(enum role); 1575 const char *log_capability(uint8_t); 1576 int aspath_asprint(char **, struct ibuf *); 1577 uint32_t aspath_extract(const void *, int); 1578 int aspath_verify(struct ibuf *, int, int); 1579 #define AS_ERR_LEN -1 1580 #define AS_ERR_TYPE -2 1581 #define AS_ERR_BAD -3 1582 #define AS_ERR_SOFT -4 1583 struct ibuf *aspath_inflate(struct ibuf *); 1584 int extract_prefix(const u_char *, int, void *, uint8_t, uint8_t); 1585 int nlri_get_prefix(struct ibuf *, struct bgpd_addr *, uint8_t *); 1586 int nlri_get_prefix6(struct ibuf *, struct bgpd_addr *, uint8_t *); 1587 int nlri_get_vpn4(struct ibuf *, struct bgpd_addr *, uint8_t *, 1588 int); 1589 int nlri_get_vpn6(struct ibuf *, struct bgpd_addr *, uint8_t *, 1590 int); 1591 int prefix_compare(const struct bgpd_addr *, 1592 const struct bgpd_addr *, int); 1593 void inet4applymask(struct in_addr *, const struct in_addr *, int); 1594 void inet6applymask(struct in6_addr *, const struct in6_addr *, 1595 int); 1596 void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); 1597 const char *aid2str(uint8_t); 1598 int aid2afi(uint8_t, uint16_t *, uint8_t *); 1599 int afi2aid(uint16_t, uint8_t, uint8_t *); 1600 sa_family_t aid2af(uint8_t); 1601 int af2aid(sa_family_t, uint8_t, uint8_t *); 1602 struct sockaddr *addr2sa(const struct bgpd_addr *, uint16_t, socklen_t *); 1603 void sa2addr(struct sockaddr *, struct bgpd_addr *, uint16_t *); 1604 const char * get_baudrate(unsigned long long, char *); 1605 1606 /* flowspec.c */ 1607 int flowspec_valid(const uint8_t *, int, int); 1608 int flowspec_cmp(const uint8_t *, int, const uint8_t *, int, int); 1609 int flowspec_get_component(const uint8_t *, int, int, int, 1610 const uint8_t **, int *); 1611 int flowspec_get_addr(const uint8_t *, int, int, int, struct bgpd_addr *, 1612 uint8_t *, uint8_t *); 1613 const char *flowspec_fmt_label(int); 1614 const char *flowspec_fmt_num_op(const uint8_t *, int, int *); 1615 const char *flowspec_fmt_bin_op(const uint8_t *, int, int *, const char *); 1616 1617 static const char * const log_procnames[] = { 1618 "parent", 1619 "SE", 1620 "RDE", 1621 "RTR" 1622 }; 1623 1624 /* logmsg.c and needed by bgpctl */ 1625 static const char * const statenames[] = { 1626 "None", 1627 "Idle", 1628 "Connect", 1629 "Active", 1630 "OpenSent", 1631 "OpenConfirm", 1632 "Established" 1633 }; 1634 1635 static const char * const msgtypenames[] = { 1636 "NONE", 1637 "OPEN", 1638 "UPDATE", 1639 "NOTIFICATION", 1640 "KEEPALIVE", 1641 "RREFRESH" 1642 }; 1643 1644 static const char * const eventnames[] = { 1645 "None", 1646 "Start", 1647 "Stop", 1648 "Connection opened", 1649 "Connection closed", 1650 "Connection open failed", 1651 "Fatal error", 1652 "ConnectRetryTimer expired", 1653 "HoldTimer expired", 1654 "KeepaliveTimer expired", 1655 "SendHoldTimer expired", 1656 "OPEN message received", 1657 "KEEPALIVE message received", 1658 "UPDATE message received", 1659 "NOTIFICATION received" 1660 }; 1661 1662 static const char * const errnames[] = { 1663 "none", 1664 "Header error", 1665 "error in OPEN message", 1666 "error in UPDATE message", 1667 "HoldTimer expired", 1668 "Finite State Machine error", 1669 "Cease", 1670 "error in ROUTE-REFRESH message" 1671 }; 1672 1673 static const char * const suberr_header_names[] = { 1674 "none", 1675 "synchronization error", 1676 "wrong length", 1677 "unknown message type" 1678 }; 1679 1680 static const char * const suberr_open_names[] = { 1681 "none", 1682 "version mismatch", 1683 "AS unacceptable", 1684 "BGPID invalid", 1685 "optional parameter error", 1686 "authentication error", 1687 "unacceptable holdtime", 1688 "unsupported capability", 1689 NULL, 1690 NULL, 1691 NULL, 1692 "role mismatch", 1693 }; 1694 1695 static const char * const suberr_fsm_names[] = { 1696 "unspecified error", 1697 "received unexpected message in OpenSent", 1698 "received unexpected message in OpenConfirm", 1699 "received unexpected message in Established" 1700 }; 1701 1702 static const char * const suberr_update_names[] = { 1703 "none", 1704 "attribute list error", 1705 "unknown well-known attribute", 1706 "well-known attribute missing", 1707 "attribute flags error", 1708 "attribute length wrong", 1709 "origin unacceptable", 1710 "loop detected", 1711 "nexthop unacceptable", 1712 "optional attribute error", 1713 "network unacceptable", 1714 "AS-Path unacceptable" 1715 }; 1716 1717 static const char * const suberr_cease_names[] = { 1718 "none", 1719 "received max-prefix exceeded", 1720 "administratively down", 1721 "peer unconfigured", 1722 "administrative reset", 1723 "connection rejected", 1724 "other config change", 1725 "collision", 1726 "resource exhaustion", 1727 "hard reset", 1728 "sent max-prefix exceeded" 1729 }; 1730 1731 static const char * const suberr_rrefresh_names[] = { 1732 "none", 1733 "invalid message length" 1734 }; 1735 1736 static const char * const ctl_res_strerror[] = { 1737 "no error", 1738 "no such neighbor", 1739 "permission denied", 1740 "neighbor does not have this capability", 1741 "config file has errors, reload failed", 1742 "previous reload still running", 1743 "out of memory", 1744 "not a cloned peer", 1745 "peer still active, down peer first", 1746 "no such RIB", 1747 "operation not supported", 1748 }; 1749 1750 static const char * const timernames[] = { 1751 "None", 1752 "ConnectRetryTimer", 1753 "KeepaliveTimer", 1754 "HoldTimer", 1755 "SendHoldTimer", 1756 "IdleHoldTimer", 1757 "IdleHoldResetTimer", 1758 "CarpUndemoteTimer", 1759 "RestartTimer", 1760 "RTR RefreshTimer", 1761 "RTR RetryTimer", 1762 "RTR ExpireTimer", 1763 "RTR ActiveTimer", 1764 "" 1765 }; 1766 1767 #endif /* __BGPD_H__ */ 1768