+ /* check for optional parameters */
+ /* 2 is for the size of type + len (both uint8_t) */
+ for (param_offset = 0;
+ param_offset < data.opt_len;
+ param_offset += 2 + param->len)
+ {
+ param = (struct bgp_opt_param *)(&data.opt_params + param_offset);
+
+ /* sensible check */
+ if (data.opt_len - param_offset < 2
+ || param->len > data.opt_len - param_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Optional Parameter list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we know only one parameter type */
+ if (param->type != BGP_CAPABILITY_PARAM_TYPE)
+ {
+ LOG(1, 0, 0, "Unsupported Optional Parameter type %d from BGP peer %s\n",
+ param->type, peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_PARAM);
+ return 0;
+ }
+
+ capabilities_len = param->len;
+ capabilities = (char *)¶m->value;
+ }
+
+ /* look for BGP multiprotocol capability */
+ if (capabilities)
+ {
+ for (capability_offset = 0;
+ capability_offset < capabilities_len;
+ capability_offset += 2 + capability->len)
+ {
+ capability = (struct bgp_capability *)(capabilities + capability_offset);
+
+ /* sensible check */
+ if (capabilities_len - capability_offset < 2
+ || capability->len > capabilities_len - capability_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Capabilities list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we only know one capability code */
+ if (capability->code != BGP_CAP_CODE_MP
+ && capability->len != sizeof(struct bgp_mp_cap_param))
+ {
+ LOG(4, 0, 0, "Unsupported Capability code %d from BGP peer %s\n",
+ capability->code, peer->name);
+
+ bgp_send_notification_full(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_CAP,
+ capability, 2 + capability->len);
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ mp_cap = (struct bgp_mp_cap_param *)&capability->value;
+ /* the only <AFI, SAFI> tuple we support */
+ if (mp_cap->afi != AF_INET6 && mp_cap->safi != BGP_MP_SAFI_UNICAST)
+ {
+ LOG(4, 0, 0, "Unsupported multiprotocol AFI %d and SAFI %d from BGP peer %s\n",
+ mp_cap->afi, mp_cap->safi, peer->name);
+
+ bgp_send_notification_full(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_CAP,
+ capability, 2 + capability->len);
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ }
+ }
+