2 files changed, 40 insertions, 0 deletions

diff --git a/packet/validate.go b/packet/validate.go
index 80bc426d..668552ba 100644
--- a/packet/validate.go
+++ b/packet/validate.go
@@ -183,3 +183,31 @@ func ValidateBGPMessage(m *BGPMessage) error {
 
 	return nil
 }
+
+func ValidateOpenMsg(m *BGPOpen, expectedAS uint32) error {
+	if m.Version != 4 {
+		return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_UNSUPPORTED_VERSION_NUMBER, nil, fmt.Sprintf("upsuppored version %d", m.Version))
+	}
+
+	as := uint32(m.MyAS)
+	for _, p := range m.OptParams {
+		paramCap, y := p.(*OptionParameterCapability)
+		if !y {
+			continue
+		}
+		for _, c := range paramCap.Capability {
+			if c.Code() == BGP_CAP_FOUR_OCTET_AS_NUMBER {
+				cap := c.(*CapFourOctetASNumber)
+				as = cap.CapValue
+			}
+		}
+	}
+	if as != expectedAS {
+		return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_BAD_PEER_AS, nil, fmt.Sprintf("as number mismatch expected %u, received %u", expectedAS, as))
+	}
+
+	if m.HoldTime < 3 && m.HoldTime != 0 {
+		return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_UNACCEPTABLE_HOLD_TIME, nil, fmt.Sprintf("unacceptable hold time %u", m.HoldTime))
+	}
+	return nil
+}
diff --git a/server/fsm.go b/server/fsm.go
index 8c3882cf..829de382 100644
--- a/server/fsm.go
+++ b/server/fsm.go
@@ -323,6 +323,18 @@ func (h *FSMHandler) opensent() bgp.FSMState {
 			case *bgp.BGPMessage:
 				m := e.MsgData.(*bgp.BGPMessage)
 				if m.Header.Type == bgp.BGP_MSG_OPEN {
+					body := m.Body.(*bgp.BGPOpen)
+					err := bgp.ValidateOpenMsg(body, fsm.peerConfig.PeerAs)
+					if err != nil {
+						e := err.(*bgp.MessageError)
+						m := bgp.NewBGPNotificationMessage(e.TypeCode, e.SubTypeCode, e.Data)
+						b, _ := m.Serialize()
+						fsm.passiveConn.Write(b)
+						fsm.bgpMessageStateUpdate(m.Header.Type, false)
+						h.conn.Close()
+						return bgp.BGP_FSM_IDLE
+					}
+
 					e := &fsmMsg{
 						MsgType: FSM_MSG_BGP_MESSAGE,
 						MsgData: m,