2 * Routines for BGP packet dissection.
3 * Copyright 1999, Jun-ichiro itojun Hagino <itojun@itojun.org>
8 * RFC1771 A Border Gateway Protocol 4 (BGP-4)
9 * RFC1965 Autonomous System Confederations for BGP
10 * RFC1997 BGP Communities Attribute
11 * RFC2547 BGP/MPLS VPNs
12 * RFC2796 BGP Route Reflection An alternative to full mesh IBGP
13 * RFC2842 Capabilities Advertisement with BGP-4
14 * RFC2858 Multiprotocol Extensions for BGP-4
15 * RFC2918 Route Refresh Capability for BGP-4
16 * RFC3107 Carrying Label Information in BGP-4
17 * draft-ietf-idr-as4bytes-06
18 * draft-ietf-idr-dynamic-cap-03
19 * draft-ietf-idr-bgp-ext-communities-05
22 * Destination Preference Attribute for BGP (work in progress)
23 * RFC1863 A BGP/IDRP Route Server alternative to a full mesh routing
25 * Ethereal - Network traffic analyzer
26 * By Gerald Combs <gerald@ethereal.com>
27 * Copyright 1998 Gerald Combs
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version 2
32 * of the License, or (at your option) any later version.
34 * This program is distributed in the hope that it will be useful,
35 * but WITHOUT ANY WARRANTY; without even the implied warranty of
36 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
37 * GNU General Public License for more details.
39 * You should have received a copy of the GNU General Public License
40 * along with this program; if not, write to the Free Software
41 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
54 #include <epan/packet.h>
55 #include <epan/addr_and_mask.h>
56 #include "packet-bgp.h"
57 #include "packet-ipv6.h"
58 #include "packet-frame.h"
60 #include <epan/prefs.h>
62 static const value_string bgptypevals[] = {
63 { BGP_OPEN, "OPEN Message" },
64 { BGP_UPDATE, "UPDATE Message" },
65 { BGP_NOTIFICATION, "NOTIFICATION Message" },
66 { BGP_KEEPALIVE, "KEEPALIVE Message" },
67 { BGP_ROUTE_REFRESH, "ROUTE-REFRESH Message" },
68 { BGP_CAPABILITY, "CAPABILITY Message" },
69 { BGP_ROUTE_REFRESH_CISCO, "Cisco ROUTE-REFRESH Message" },
73 static const value_string bgpnotify_major[] = {
74 { 1, "Message Header Error" },
75 { 2, "OPEN Message Error" },
76 { 3, "UPDATE Message Error" },
77 { 4, "Hold Timer Expired" },
78 { 5, "Finite State Machine Error" },
80 { 7, "CAPABILITY Message Error" },
84 static const value_string bgpnotify_minor_1[] = {
85 { 1, "Connection Not Synchronized" },
86 { 2, "Bad Message Length" },
87 { 3, "Bad Message Type" },
91 static const value_string bgpnotify_minor_2[] = {
92 { 1, "Unsupported Version Number" },
94 { 3, "Bad BGP Identifier" },
95 { 4, "Unsupported Optional Parameter" },
96 { 5, "Authentication Failure" },
97 { 6, "Unacceptable Hold Time" },
98 { 7, "Unsupported Capability" },
102 static const value_string bgpnotify_minor_3[] = {
103 { 1, "Malformed Attribute List" },
104 { 2, "Unrecognized Well-known Attribute" },
105 { 3, "Missing Well-known Attribute" },
106 { 4, "Attribute Flags Error" },
107 { 5, "Attribute Length Error" },
108 { 6, "Invalid ORIGIN Attribute" },
109 { 7, "AS Routing Loop" },
110 { 8, "Invalid NEXT_HOP Attribute" },
111 { 9, "Optional Attribute Error" },
112 { 10, "Invalid Network Field" },
113 { 11, "Malformed AS_PATH" },
117 /* draft-ietf-idr-cease-subcode-02 */
118 static const value_string bgpnotify_minor_6[] = {
119 { 1, "Maximum Number of Prefixes Reached"},
120 { 2, "Administratively Shutdown"},
121 { 3, "Peer Unconfigured"},
122 { 4, "Administratively Reset"},
123 { 5, "Connection Rejected"},
124 { 6, "Other Configuration Change"},
125 { 7, "Connection Collision Resolution"},
129 static const value_string bgpnotify_minor_7[] = {
130 { 1, "Invalid Action Value" },
131 { 2, "Invalid Capability Length" },
132 { 3, "Malformed Capability Value" },
133 { 4, "Unsupported Capability Code" },
137 static const value_string *bgpnotify_minor[] = {
139 bgpnotify_minor_1, /* open */
140 bgpnotify_minor_2, /* update */
141 bgpnotify_minor_3, /* notification */
142 NULL, /* hold-timer expired */
143 NULL, /* FSM error */
144 bgpnotify_minor_6, /* cease */
145 bgpnotify_minor_7 /* capability */
148 static const value_string bgpattr_origin[] = {
155 static const value_string as_segment_type[] = {
157 { 2, "AS_SEQUENCE" },
158 /* RFC1965 has the wrong values, corrected in */
159 /* draft-ietf-idr-bgp-confed-rfc1965bis-01.txt */
160 { 4, "AS_CONFED_SET" },
161 { 3, "AS_CONFED_SEQUENCE" },
165 static const value_string bgpattr_type[] = {
166 { BGPTYPE_ORIGIN, "ORIGIN" },
167 { BGPTYPE_AS_PATH, "AS_PATH" },
168 { BGPTYPE_NEXT_HOP, "NEXT_HOP" },
169 { BGPTYPE_MULTI_EXIT_DISC, "MULTI_EXIT_DISC" },
170 { BGPTYPE_LOCAL_PREF, "LOCAL_PREF" },
171 { BGPTYPE_ATOMIC_AGGREGATE, "ATOMIC_AGGREGATE" },
172 { BGPTYPE_AGGREGATOR, "AGGREGATOR" },
173 { BGPTYPE_COMMUNITIES, "COMMUNITIES" },
174 { BGPTYPE_ORIGINATOR_ID, "ORIGINATOR_ID" },
175 { BGPTYPE_CLUSTER_LIST, "CLUSTER_LIST" },
176 { BGPTYPE_MP_REACH_NLRI, "MP_REACH_NLRI" },
177 { BGPTYPE_MP_UNREACH_NLRI, "MP_UNREACH_NLRI" },
178 { BGPTYPE_EXTENDED_COMMUNITY, "EXTENDED_COMMUNITIES" },
179 { BGPTYPE_NEW_AS_PATH, "NEW_AS_PATH" },
180 { BGPTYPE_NEW_AGGREGATOR, "NEW_AGGREGATOR" },
181 { BGPTYPE_SAFI_SPECIFIC_ATTR, "SAFI_SPECIFIC_ATTRIBUTE" },
185 static const value_string bgpext_com_type[] = {
186 { BGP_EXT_COM_RT_0, "Route Target" },
187 { BGP_EXT_COM_RT_1, "Route Target" },
188 { BGP_EXT_COM_RT_2, "Route Target" },
189 { BGP_EXT_COM_RO_0, "Route Origin" },
190 { BGP_EXT_COM_RO_1, "Route Origin" },
191 { BGP_EXT_COM_RO_2, "Route Origin" },
192 { BGP_EXT_COM_LINKBAND, "Link Bandwidth" },
193 { BGP_EXT_COM_VPN_ORIGIN, "OSPF Domain" },
194 { BGP_EXT_COM_OSPF_RTYPE, "OSPF Route Type" },
195 { BGP_EXT_COM_OSPF_RID, "OSPF Router ID" },
196 { BGP_EXT_COM_L2INFO, "Layer 2 Information" },
200 static const value_string bgp_ssa_type[] = {
201 { BGP_SSA_L2TPv3 , "L2TPv3 Tunnel" },
202 { BGP_SSA_mGRE , "mGRE Tunnel" },
203 { BGP_SSA_IPSec , "IPSec Tunnel" },
204 { BGP_SSA_MPLS , "MPLS Tunnel" },
208 static const value_string bgp_l2vpn_encaps[] = {
211 { 2, "ATM AAL5 VCC transport"},
212 { 3, "ATM transparent cell transport"},
213 { 4, "Ethernet VLAN"},
218 { 9, "ATM VCC cell transport"},
219 { 10, "ATM VPC cell transport"},
222 { 64, "IP-interworking"},
226 static const value_string bgpext_ospf_rtype[] = {
227 { BGP_OSPF_RTYPE_RTR, "Router" },
228 { BGP_OSPF_RTYPE_NET, "Network" },
229 { BGP_OSPF_RTYPE_SUM, "Summary" },
230 { BGP_OSPF_RTYPE_EXT, "External" },
231 { BGP_OSPF_RTYPE_NSSA,"NSSA External" },
232 { BGP_OSPF_RTYPE_SHAM,"MPLS-VPN Sham" },
236 /* Subsequent address family identifier, RFC2858 */
237 static const value_string bgpattr_nlri_safi[] = {
239 { SAFNUM_UNICAST, "Unicast" },
240 { SAFNUM_MULCAST, "Multicast" },
241 { SAFNUM_UNIMULC, "Unicast+Multicast" },
242 { SAFNUM_MPLS_LABEL, "Labeled Unicast"},
243 { SAFNUM_TUNNEL, "Tunnel"},
244 { SAFNUM_LAB_VPNUNICAST, "Labeled VPN Unicast" }, /* draft-rosen-rfc2547bis-03 */
245 { SAFNUM_LAB_VPNMULCAST, "Labeled VPN Multicast" },
246 { SAFNUM_LAB_VPNUNIMULC, "Labeled VPN Unicast+Multicast" },
250 /* ORF Type, draft-ietf-idr-route-filter-04.txt */
251 static const value_string orf_type_vals[] = {
252 { 2, "Communities ORF-Type" },
253 { 3, "Extended Communities ORF-Type" },
254 { 128, "Cisco PrefixList ORF-Type" },
255 { 129, "Cisco CommunityList ORF-Type" },
256 { 130, "Cisco Extended CommunityList ORF-Type" },
257 { 131, "Cisco AsPathList ORF-Type" },
261 /* ORF Send/Receive, draft-ietf-idr-route-filter-04.txt */
262 static const value_string orf_send_recv_vals[] = {
269 /* ORF Send/Receive, draft-ietf-idr-route-filter-04.txt */
270 static const value_string orf_when_vals[] = {
276 static const value_string orf_entry_action_vals[] = {
279 { 0x80, "RemoveAll" },
283 static const value_string orf_entry_match_vals[] = {
289 static const value_string capability_vals[] = {
290 { BGP_CAPABILITY_RESERVED, "Reserved capability" },
291 { BGP_CAPABILITY_MULTIPROTOCOL, "Multiprotocol extensions capability" },
292 { BGP_CAPABILITY_ROUTE_REFRESH, "Route refresh capability" },
293 { BGP_CAPABILITY_COOPERATIVE_ROUTE_FILTERING, "Cooperative route filtering capability" },
294 { BGP_CAPABILITY_GRACEFUL_RESTART, "Graceful Restart capability" },
295 { BGP_CAPABILITY_4_OCTET_AS_NUMBER, "Support for 4-octet AS number capability" },
296 { BGP_CAPABILITY_DYNAMIC_CAPABILITY, "Support for Dynamic capability" },
297 { BGP_CAPABILITY_ROUTE_REFRESH_CISCO, "Route refresh capability" },
298 { BGP_CAPABILITY_ORF_CISCO, "Cooperative route filtering capability" },
302 /* Capability Message action code */
303 static const value_string bgpcap_action[] = {
304 { 0, "advertising a capability" },
305 { 1, "removing a capability" },
310 /* Maximal size of an IP address string */
311 #define MAX_SIZE_OF_IP_ADDR_STRING 16
313 static int proto_bgp = -1;
314 static int hf_bgp_type = -1;
315 static int hf_bgp_next_hop = -1;
316 static int hf_bgp_as_path = -1;
317 static int hf_bgp_cluster_identifier = -1;
318 static int hf_bgp_community_as = -1;
319 static int hf_bgp_community_value = -1;
320 static int hf_bgp_origin = -1;
321 static int hf_bgp_cluster_list = -1;
322 static int hf_bgp_originator_id = -1;
323 static int hf_bgp_ssa_t = -1;
324 static int hf_bgp_ssa_type = -1;
325 static int hf_bgp_ssa_len = -1;
326 static int hf_bgp_ssa_value = -1;
327 static int hf_bgp_ssa_l2tpv3_pref = -1;
328 static int hf_bgp_ssa_l2tpv3_s = -1;
329 static int hf_bgp_ssa_l2tpv3_unused = -1;
330 static int hf_bgp_ssa_l2tpv3_cookie_len = -1;
331 static int hf_bgp_ssa_l2tpv3_session_id = -1;
332 static int hf_bgp_ssa_l2tpv3_cookie = -1;
333 static int hf_bgp_local_pref = -1;
334 static int hf_bgp_multi_exit_disc = -1;
335 static int hf_bgp_aggregator_as = -1;
336 static int hf_bgp_aggregator_origin = -1;
337 static int hf_bgp_mp_reach_nlri_ipv4_prefix = -1;
338 static int hf_bgp_mp_unreach_nlri_ipv4_prefix = -1;
339 static int hf_bgp_mp_nlri_tnl_id = -1;
340 static int hf_bgp_withdrawn_prefix = -1;
341 static int hf_bgp_nlri_prefix = -1;
343 static gint ett_bgp = -1;
344 static gint ett_bgp_prefix = -1;
345 static gint ett_bgp_unfeas = -1;
346 static gint ett_bgp_attrs = -1;
347 static gint ett_bgp_attr = -1;
348 static gint ett_bgp_attr_flags = -1;
349 static gint ett_bgp_mp_nhna = -1;
350 static gint ett_bgp_mp_reach_nlri = -1;
351 static gint ett_bgp_mp_unreach_nlri = -1;
352 static gint ett_bgp_mp_snpa = -1;
353 static gint ett_bgp_nlri = -1;
354 static gint ett_bgp_open = -1;
355 static gint ett_bgp_update = -1;
356 static gint ett_bgp_notification = -1;
357 static gint ett_bgp_route_refresh = -1; /* ROUTE-REFRESH message tree */
358 static gint ett_bgp_capability = -1;
359 static gint ett_bgp_as_paths = -1;
360 static gint ett_bgp_as_path_segments = -1;
361 static gint ett_bgp_communities = -1;
362 static gint ett_bgp_cluster_list = -1; /* cluster list tree */
363 static gint ett_bgp_options = -1; /* optional parameters tree */
364 static gint ett_bgp_option = -1; /* an optional parameter tree */
365 static gint ett_bgp_extended_communities = -1 ; /* extended communities list tree */
366 static gint ett_bgp_ssa = -1; /* safi specific attribute */
367 static gint ett_bgp_ssa_subtree = -1; /* safi specific attribute Subtrees */
368 static gint ett_bgp_orf = -1; /* orf (outbound route filter) tree */
369 static gint ett_bgp_orf_entry = -1; /* orf entry tree */
372 static gboolean bgp_desegment = TRUE;
374 static gint bgp_asn_len = 0;
377 * Decode an IPv4 prefix.
380 decode_prefix4(proto_tree *tree, int hf_addr, tvbuff_t *tvb, gint offset,
381 guint16 tlen, const char *tag)
384 proto_tree *prefix_tree;
386 guint8 addr_bytes[4];
388 } ip_addr; /* IP address */
389 guint8 plen; /* prefix length */
390 int length; /* number of octets needed for prefix */
392 /* snarf length and prefix */
393 plen = tvb_get_guint8(tvb, offset);
394 length = ipv4_addr_and_mask(tvb, offset + 1, ip_addr.addr_bytes, plen);
396 proto_tree_add_text(tree, tvb, offset, 1, "%s length %u invalid (> 32)",
401 /* put prefix into protocol tree */
402 ti = proto_tree_add_text(tree, tvb, offset,
403 tlen != 0 ? tlen : 1 + length, "%s/%u",
404 ip_to_str(ip_addr.addr_bytes), plen);
405 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
406 proto_tree_add_text(prefix_tree, tvb, offset, 1, "%s prefix length: %u",
409 proto_tree_add_ipv4(prefix_tree, hf_addr, tvb, offset + 1, length,
412 proto_tree_add_text(prefix_tree, tvb, offset + 1, length,
413 "%s prefix: %s", tag, ip_to_str(ip_addr.addr_bytes));
419 * Decode an IPv6 prefix.
422 decode_prefix6(proto_tree *tree, int hf_addr, tvbuff_t *tvb, gint offset,
423 guint16 tlen, const char *tag)
426 proto_tree *prefix_tree;
427 struct e_in6_addr addr; /* IPv6 address */
428 int plen; /* prefix length */
429 int length; /* number of octets needed for prefix */
431 /* snarf length and prefix */
432 plen = tvb_get_guint8(tvb, offset);
433 length = ipv6_addr_and_mask(tvb, offset + 1, &addr, plen);
435 proto_tree_add_text(tree, tvb, offset, 1, "%s length %u invalid",
440 /* put prefix into protocol tree */
441 ti = proto_tree_add_text(tree, tvb, offset,
442 tlen != 0 ? tlen : 1 + length, "%s/%u",
443 ip6_to_str(&addr), plen);
444 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
445 proto_tree_add_text(prefix_tree, tvb, offset, 1, "%s prefix length: %u",
448 proto_tree_add_ipv6(prefix_tree, hf_addr, tvb, offset + 1, length,
451 proto_tree_add_text(prefix_tree, tvb, offset + 1, length,
452 "%s prefix: %s", tag, ip6_to_str(&addr));
460 * Decode an MPLS label stack
461 * XXX - Should we convert "buf" to a GString?
464 decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, size_t buflen)
466 guint32 label_entry; /* an MPLS label enrty (label + COS field + stack bit */
467 gint index; /* index for the label stack */
468 char junk_buf[256]; /* tmp */
471 label_entry = 0x000000 ;
475 while ((label_entry & 0x000001) == 0) {
477 label_entry = tvb_get_ntoh24(tvb, index) ;
479 /* withdrawn routes may contain 0 or 0x800000 in the first label */
480 if((index-offset)==0&&(label_entry==0||label_entry==0x800000)) {
481 g_snprintf(buf, buflen, "0 (withdrawn)");
485 g_snprintf(junk_buf, sizeof(junk_buf),"%u%s", (label_entry >> 4), ((label_entry & 0x000001) == 0) ? "," : " (bottom)");
486 if (strlen(buf) + strlen(junk_buf) + 1 <= buflen)
487 strcat(buf, junk_buf);
490 if ((label_entry & 0x000001) == 0) {
491 /* real MPLS multi-label stack in BGP? - maybe later; for now, it must be a bogus packet */
492 strcpy(junk_buf, " (BOGUS: Bottom of Stack NOT set!)");
493 if (strlen(buf) + strlen(junk_buf) + 1 <= buflen)
494 strcat(buf, junk_buf);
499 return((index - offset) / 3);
503 * Decode a multiprotocol address
507 mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, GString *buf)
509 int length; /* length of the address in byte */
510 guint8 ip4addr[4],ip4addr2[4]; /* IPv4 address */
511 guint16 rd_type; /* Route Distinguisher type */
512 struct e_in6_addr ip6addr; /* IPv6 address */
521 case SAFNUM_MPLS_LABEL:
524 tvb_memcpy(tvb, ip4addr, offset, sizeof(ip4addr));
525 g_string_sprintf(buf, "%s", ip_to_str(ip4addr));
527 case SAFNUM_LAB_VPNUNICAST:
528 case SAFNUM_LAB_VPNMULCAST:
529 case SAFNUM_LAB_VPNUNIMULC:
530 rd_type=tvb_get_ntohs(tvb,offset) ;
533 length = 8 + sizeof(ip4addr);
534 tvb_memcpy(tvb, ip4addr, offset + 8, sizeof(ip4addr)); /* Next Hop */
535 g_string_sprintf(buf, "Empty Label Stack RD=%u:%u IPv4=%s",
536 tvb_get_ntohs(tvb, offset + 2),
537 tvb_get_ntohl(tvb, offset + 4),
541 length = 8 + sizeof(ip4addr);
542 tvb_memcpy(tvb, ip4addr, offset + 2, sizeof(ip4addr)); /* IP part of the RD */
543 tvb_memcpy(tvb, ip4addr2, offset + 8, sizeof(ip4addr)); /* Next Hop */
544 g_string_sprintf(buf, "Empty Label Stack RD=%s:%u IPv4=%s",
546 tvb_get_ntohs(tvb, offset + 6),
547 ip_to_str(ip4addr2));
551 g_string_sprintf(buf, "Unknown (0x%04x) labeled VPN IPv4 address format",rd_type);
557 g_string_sprintf(buf, "Unknown SAFI (%u) for AFI %u", safi, afi);
566 case SAFNUM_MPLS_LABEL:
569 tvb_memcpy(tvb, ip6addr.u6_addr.u6_addr8,offset, 16);
570 g_string_sprintf(buf, "%s", ip6_to_str(&ip6addr));
572 case SAFNUM_LAB_VPNUNICAST:
573 case SAFNUM_LAB_VPNMULCAST:
574 case SAFNUM_LAB_VPNUNIMULC:
575 rd_type=tvb_get_ntohs(tvb,offset) ;
579 tvb_memcpy(tvb, ip6addr.u6_addr.u6_addr8, offset + 8, 16); /* Next Hop */
580 g_string_sprintf(buf, "Empty Label Stack RD=%u:%u IPv6=%s",
581 tvb_get_ntohs(tvb, offset + 2),
582 tvb_get_ntohl(tvb, offset + 4),
583 ip6_to_str(&ip6addr));
587 tvb_memcpy(tvb, ip4addr, offset + 2, sizeof(ip4addr)); /* IP part of the RD */
588 tvb_memcpy(tvb, ip6addr.u6_addr.u6_addr8, offset + 8, 16); /* Next Hop */
589 g_string_sprintf(buf, "Empty Label Stack RD=%s:%u IPv6=%s",
591 tvb_get_ntohs(tvb, offset + 6),
592 ip6_to_str(&ip6addr));
596 g_string_sprintf(buf, "Unknown (0x%04x) labeled VPN IPv6 address format",rd_type);
602 g_string_sprintf(buf, "Unknown SAFI (%u) for AFI %u", safi, afi);
608 case SAFNUM_LAB_VPNUNICAST: /* only labeles prefixes do make sense */
609 case SAFNUM_LAB_VPNMULCAST:
610 case SAFNUM_LAB_VPNUNIMULC:
611 length = 4; /* the next-hop is simply an ipv4 addr */
612 tvb_memcpy(tvb, ip4addr, offset + 0, 4);
613 g_string_sprintf(buf, "IPv4=%s",
618 g_string_sprintf(buf, "Unknown SAFI (%u) for AFI %u", safi, afi);
624 g_string_sprintf(buf, "Unknown AFI (%u) value", afi);
631 * Decode a multiprotocol prefix
634 decode_prefix_MP(proto_tree *tree, int hf_addr4, int hf_addr6,
635 guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, const char *tag)
637 int start_offset = offset;
639 proto_tree *prefix_tree;
640 int total_length; /* length of the entire item */
641 int length; /* length of the prefix address, in bytes */
642 guint plen; /* length of the prefix address, in bits */
643 guint labnum; /* number of labels */
644 guint16 tnl_id; /* Tunnel Identifier */
645 int ce_id,labblk_off;
647 guint8 addr_bytes[4];
649 } ip4addr, ip4addr2; /* IPv4 address */
650 struct e_in6_addr ip6addr; /* IPv6 address */
651 guint16 rd_type; /* Route Distinguisher type */
652 char lab_stk[256]; /* label stack */
662 total_length = decode_prefix4(tree, hf_addr4, tvb, offset, 0, tag);
663 if (total_length < 0)
667 case SAFNUM_MPLS_LABEL:
668 plen = tvb_get_guint8(tvb, offset);
669 labnum = decode_MPLS_stack(tvb, offset + 1, lab_stk, sizeof(lab_stk));
671 offset += (1 + labnum * 3);
672 if (plen <= (labnum * 3*8)) {
673 proto_tree_add_text(tree, tvb, start_offset, 1,
674 "%s Labeled IPv4 prefix length %u invalid",
678 plen -= (labnum * 3*8);
679 length = ipv4_addr_and_mask(tvb, offset, ip4addr.addr_bytes, plen);
681 proto_tree_add_text(tree, tvb, start_offset, 1,
682 "%s Labeled IPv4 prefix length %u invalid",
683 tag, plen + (labnum * 3*8));
687 ti = proto_tree_add_text(tree, tvb, start_offset,
688 (offset + length) - start_offset,
689 "Label Stack=%s IPv4=%s/%u",
690 lab_stk, ip_to_str(ip4addr.addr_bytes), plen);
691 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
692 proto_tree_add_text(prefix_tree, tvb, start_offset, 1, "%s Prefix length: %u",
693 tag, plen + labnum * 3 * 8);
694 proto_tree_add_text(prefix_tree, tvb, start_offset + 1, 3 * labnum, "%s Label Stack: %s",
696 if (hf_addr4 != -1) {
697 proto_tree_add_ipv4(prefix_tree, hf_addr4, tvb, offset,
698 length, ip4addr.addr);
700 proto_tree_add_text(prefix_tree, tvb, offset, length,
701 "%s IPv4 prefix: %s",
702 tag, ip_to_str(ip4addr.addr_bytes));
704 total_length = (1 + labnum*3) + length;
708 plen = tvb_get_guint8(tvb, offset);
710 proto_tree_add_text(tree, tvb, start_offset, 1,
711 "%s Tunnel IPv4 prefix length %u invalid",
715 tnl_id = tvb_get_ntohs(tvb, offset + 1);
716 offset += 3; /* Length + Tunnel Id */
717 plen -= 16; /* 2-octet Identifier */
718 length = ipv4_addr_and_mask(tvb, offset, ip4addr.addr_bytes, plen);
720 proto_tree_add_text(tree, tvb, start_offset, 1,
721 "%s Tunnel IPv4 prefix length %u invalid",
725 ti = proto_tree_add_text(tree, tvb, start_offset,
726 (offset + length) - start_offset,
727 "Tunnel Identifier=0x%x IPv4=%s/%u",
728 tnl_id, ip_to_str(ip4addr.addr_bytes), plen);
729 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
731 proto_tree_add_text(prefix_tree, tvb, start_offset, 1, "%s Prefix length: %u",
733 proto_tree_add_item(prefix_tree, hf_bgp_mp_nlri_tnl_id, tvb,
734 start_offset + 1, 2, FALSE);
735 if (hf_addr4 != -1) {
736 proto_tree_add_ipv4(prefix_tree, hf_addr4, tvb, offset,
737 length, ip4addr.addr);
739 proto_tree_add_text(prefix_tree, tvb, offset, length,
740 "%s IPv4 prefix: %s",
741 tag, ip_to_str(ip4addr.addr_bytes));
743 total_length = 1 + 2 + length; /* length field + Tunnel Id + IPv4 len */
746 case SAFNUM_LAB_VPNUNICAST:
747 case SAFNUM_LAB_VPNMULCAST:
748 case SAFNUM_LAB_VPNUNIMULC:
749 plen = tvb_get_guint8(tvb, offset);
750 labnum = decode_MPLS_stack(tvb, offset + 1, lab_stk, sizeof(lab_stk));
752 offset += (1 + labnum * 3);
753 if (plen <= (labnum * 3*8)) {
754 proto_tree_add_text(tree, tvb, start_offset, 1,
755 "%s Labeled VPN IPv4 prefix length %u invalid",
759 plen -= (labnum * 3*8);
761 rd_type = tvb_get_ntohs(tvb, offset);
763 proto_tree_add_text(tree, tvb, start_offset, 1,
764 "%s Labeled VPN IPv4 prefix length %u invalid",
765 tag, plen + (labnum * 3*8));
772 case FORMAT_AS2_LOC: /* Code borrowed from the decode_prefix4 function */
773 length = ipv4_addr_and_mask(tvb, offset + 8, ip4addr.addr_bytes, plen);
775 proto_tree_add_text(tree, tvb, start_offset, 1,
776 "%s Labeled VPN IPv4 prefix length %u invalid",
777 tag, plen + (labnum * 3*8) + 8*8);
781 ti = proto_tree_add_text(tree, tvb, start_offset,
782 (offset + 8 + length) - start_offset,
783 "Label Stack=%s RD=%u:%u, IPv4=%s/%u",
785 tvb_get_ntohs(tvb, offset + 2),
786 tvb_get_ntohl(tvb, offset + 4),
787 ip_to_str(ip4addr.addr_bytes), plen);
788 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
789 proto_tree_add_text(prefix_tree, tvb, start_offset, 1, "%s Prefix length: %u",
790 tag, plen + labnum * 3 * 8 + 8 * 8);
791 proto_tree_add_text(prefix_tree, tvb, start_offset + 1, 3 * labnum,
792 "%s Label Stack: %s", tag, lab_stk);
793 proto_tree_add_text(prefix_tree, tvb, start_offset + 1 + 3 * labnum, 8,
794 "%s Route Distinguisher: %u:%u", tag, tvb_get_ntohs(tvb, offset + 2),
795 tvb_get_ntohl(tvb, offset + 4));
796 if (hf_addr4 != -1) {
797 proto_tree_add_ipv4(prefix_tree, hf_addr4, tvb,
798 offset + 8, length, ip4addr.addr);
800 proto_tree_add_text(prefix_tree, tvb, offset + 8,
801 length, "%s IPv4 prefix: %s", tag,
802 ip_to_str(ip4addr.addr_bytes));
804 total_length = (1 + labnum * 3 + 8) + length;
807 case FORMAT_IP_LOC: /* Code borrowed from the decode_prefix4 function */
808 tvb_memcpy(tvb, ip4addr.addr_bytes, offset + 2, 4);
810 length = ipv4_addr_and_mask(tvb, offset + 8, ip4addr2.addr_bytes, plen);
812 proto_tree_add_text(tree, tvb, start_offset, 1,
813 "%s Labeled VPN IPv4 prefix length %u invalid",
814 tag, plen + (labnum * 3*8) + 8*8);
818 ti = proto_tree_add_text(tree, tvb, start_offset,
819 (offset + 8 + length) - start_offset,
820 "Label Stack=%s RD=%s:%u, IPv4=%s/%u",
822 ip_to_str(ip4addr.addr_bytes),
823 tvb_get_ntohs(tvb, offset + 6),
824 ip_to_str(ip4addr2.addr_bytes),
826 prefix_tree = proto_item_add_subtree(ti, ett_bgp_prefix);
827 proto_tree_add_text(prefix_tree, tvb, start_offset, 1, "%s Prefix length: %u",
828 tag, plen + labnum * 3 * 8 + 8 * 8);
829 proto_tree_add_text(prefix_tree, tvb, start_offset + 1, 3 * labnum,
830 "%s Label Stack: %s", tag, lab_stk);
831 proto_tree_add_text(prefix_tree, tvb, start_offset + 1 + 3 * labnum, 8,
832 "%s Route Distinguisher: %s:%u", tag, ip_to_str(ip4addr.addr_bytes),
833 tvb_get_ntohs(tvb, offset + 6));
834 if (hf_addr4 != -1) {
835 proto_tree_add_ipv4(prefix_tree, hf_addr4, tvb,
836 offset + 8, length, ip4addr2.addr);
838 proto_tree_add_text(prefix_tree, tvb, offset + 8,
839 length, "%s IPv4 prefix: %s", tag,
840 ip_to_str(ip4addr2.addr_bytes));
842 total_length = (1 + labnum * 3 + 8) + length;
846 proto_tree_add_text(tree, tvb, start_offset,
847 (offset - start_offset) + 2,
848 "Unknown labeled VPN IPv4 address format %u", rd_type);
854 proto_tree_add_text(tree, tvb, start_offset, 0,
855 "Unknown SAFI (%u) for AFI %u", safi, afi);
866 total_length = decode_prefix6(tree, hf_addr6, tvb, offset, 0, tag);
867 if (total_length < 0)
871 case SAFNUM_MPLS_LABEL:
872 plen = tvb_get_guint8(tvb, offset);
873 labnum = decode_MPLS_stack(tvb, offset + 1, lab_stk, sizeof(lab_stk));
875 offset += (1 + labnum * 3);
876 if (plen <= (labnum * 3*8)) {
877 proto_tree_add_text(tree, tvb, start_offset, 1,
878 "%s Labeled IPv6 prefix length %u invalid", tag, plen);
881 plen -= (labnum * 3*8);
883 length = ipv6_addr_and_mask(tvb, offset, &ip6addr, plen);
885 proto_tree_add_text(tree, tvb, start_offset, 1,
886 "%s Labeled IPv6 prefix length %u invalid",
887 tag, plen + (labnum * 3*8));
891 ti = proto_tree_add_text(tree, tvb, start_offset,
892 (offset + length) - start_offset,
893 "Label Stack=%s, IPv6=%s/%u",
895 ip6_to_str(&ip6addr), plen);
896 total_length = (1 + labnum * 3) + length;
900 plen = tvb_get_guint8(tvb, offset);
902 proto_tree_add_text(tree, tvb, start_offset, 1,
903 "%s Tunnel IPv6 prefix length %u invalid",
907 tnl_id = tvb_get_ntohs(tvb, offset + 1);
908 offset += 3; /* Length + Tunnel Id */
909 plen -= 16; /* 2-octet Identifier */
910 length = ipv6_addr_and_mask(tvb, offset, &ip6addr, plen);
912 proto_tree_add_text(tree, tvb, start_offset, 1,
913 "%s Tunnel IPv6 prefix length %u invalid",
917 ti = proto_tree_add_text(tree, tvb, start_offset,
918 (offset + length) - start_offset,
919 "Tunnel Identifier=0x%x IPv6=%s/%u",
920 tnl_id, ip6_to_str(&ip6addr), plen);
921 total_length = (1 + 2) + length; /* length field + Tunnel Id + IPv4 len */
924 case SAFNUM_LAB_VPNUNICAST:
925 case SAFNUM_LAB_VPNMULCAST:
926 case SAFNUM_LAB_VPNUNIMULC:
927 plen = tvb_get_guint8(tvb, offset);
928 labnum = decode_MPLS_stack(tvb, offset + 1, lab_stk, sizeof(lab_stk));
930 offset += (1 + labnum * 3);
931 if (plen <= (labnum * 3*8)) {
932 proto_tree_add_text(tree, tvb, start_offset, 1,
933 "%s Labeled VPN IPv6 prefix length %u invalid", tag, plen);
936 plen -= (labnum * 3*8);
938 rd_type = tvb_get_ntohs(tvb,offset);
940 proto_tree_add_text(tree, tvb, start_offset, 1,
941 "%s Labeled VPN IPv6 prefix length %u invalid",
942 tag, plen + (labnum * 3*8));
950 length = ipv6_addr_and_mask(tvb, offset + 8, &ip6addr, plen);
952 proto_tree_add_text(tree, tvb, start_offset, 1,
953 "%s Labeled VPN IPv6 prefix length %u invalid",
954 tag, plen + (labnum * 3*8) + 8*8);
958 ti = proto_tree_add_text(tree, tvb, start_offset,
959 (offset + 8 + length) - start_offset,
960 "Label Stack=%s RD=%u:%u, IPv6=%s/%u",
962 tvb_get_ntohs(tvb, offset + 2),
963 tvb_get_ntohl(tvb, offset + 4),
964 ip6_to_str(&ip6addr), plen);
965 total_length = (1 + labnum * 3 + 8) + length;
969 tvb_memcpy(tvb, ip4addr.addr_bytes, offset + 2, 4);
971 length = ipv6_addr_and_mask(tvb, offset + 8, &ip6addr, plen);
973 proto_tree_add_text(tree, tvb, start_offset, 1,
974 "%s Labeled VPN IPv6 prefix length %u invalid",
975 tag, plen + (labnum * 3*8) + 8*8);
979 ti = proto_tree_add_text(tree, tvb, start_offset,
980 (offset + 8 + length) - start_offset,
981 "Label Stack=%s RD=%s:%u, IPv6=%s/%u",
983 ip_to_str(ip4addr.addr_bytes),
984 tvb_get_ntohs(tvb, offset + 6),
985 ip6_to_str(&ip6addr), plen);
986 total_length = (1 + labnum * 3 + 8) + length;
990 proto_tree_add_text(tree, tvb, start_offset, 0,
991 "Unknown labeled VPN IPv6 address format %u", rd_type);
997 proto_tree_add_text(tree, tvb, start_offset, 0,
998 "Unknown SAFI (%u) for AFI %u", safi, afi);
1006 case SAFNUM_LAB_VPNUNICAST:
1007 case SAFNUM_LAB_VPNMULCAST:
1008 case SAFNUM_LAB_VPNUNIMULC:
1009 plen = tvb_get_ntohs(tvb,offset);
1010 rd_type=tvb_get_ntohs(tvb,offset+2);
1011 ce_id=tvb_get_ntohs(tvb,offset+10);
1012 labblk_off=tvb_get_ntohs(tvb,offset+12);
1013 labnum = decode_MPLS_stack(tvb, offset + 14, lab_stk, sizeof(lab_stk));
1017 case FORMAT_AS2_LOC:
1018 tvb_memcpy(tvb, ip4addr.addr_bytes, offset + 6, 4);
1019 proto_tree_add_text(tree, tvb, start_offset,
1020 (offset + plen + 1) - start_offset,
1021 "RD: %u:%s, CE-ID: %u, Label-Block Offset: %u, Label Base %s",
1022 tvb_get_ntohs(tvb, offset + 4),
1023 ip_to_str(ip4addr.addr_bytes),
1030 tvb_memcpy(tvb, ip4addr.addr_bytes, offset + 4, 4);
1031 proto_tree_add_text(tree, tvb, offset,
1032 (offset + plen + 1) - start_offset,
1033 "RD: %s:%u, CE-ID: %u, Label-Block Offset: %u, Label Base %s",
1034 ip_to_str(ip4addr.addr_bytes),
1035 tvb_get_ntohs(tvb, offset + 8),
1042 proto_tree_add_text(tree, tvb, start_offset,
1043 (offset - start_offset) + 2,
1044 "Unknown labeled VPN address format %u", rd_type);
1047 /* FIXME there are subTLVs left to decode ... for now lets omit them */
1048 total_length = plen+2;
1052 proto_tree_add_text(tree, tvb, start_offset, 0,
1053 "Unknown SAFI (%u) for AFI %u", safi, afi);
1059 proto_tree_add_text(tree, tvb, start_offset, 0,
1060 "Unknown AFI (%u) value", afi);
1063 return(total_length);
1067 * Dissect a BGP capability.
1070 dissect_bgp_capability_item(tvbuff_t *tvb, int *p, proto_tree *tree, int ctype, int clen)
1072 proto_tree *subtree;
1074 guint8 orfnum; /* number of ORFs */
1075 guint8 orftype; /* ORF Type */
1076 guint8 orfsendrecv; /* ORF Send/Receive */
1077 int tclen; /* capability length */
1080 /* check the capability type */
1082 case BGP_CAPABILITY_RESERVED:
1083 proto_tree_add_text(tree, tvb, *p - 2, 1,
1084 "Capability code: %s (%d)", val_to_str(ctype,
1085 capability_vals, "Unknown capability"), ctype);
1086 proto_tree_add_text(tree, tvb, *p - 1,
1087 1, "Capability length: %u %s", clen,
1088 (clen == 1) ? "byte" : "bytes");
1090 proto_tree_add_text(tree, tvb, *p,
1091 clen, "Capability value: Unknown");
1095 case BGP_CAPABILITY_MULTIPROTOCOL:
1096 proto_tree_add_text(tree, tvb, *p - 2, 1,
1097 "Capability code: %s (%d)", val_to_str(ctype,
1098 capability_vals, "Unknown capability"), ctype);
1100 proto_tree_add_text(tree, tvb, *p - 1,
1101 1, "Capability length: Invalid");
1102 proto_tree_add_text(tree, tvb, *p,
1103 clen, "Capability value: Unknown");
1106 proto_tree_add_text(tree, tvb, *p - 1,
1107 1, "Capability length: %u %s", clen,
1108 (clen == 1) ? "byte" : "bytes");
1109 ti = proto_tree_add_text(tree, tvb, *p, clen, "Capability value");
1110 subtree = proto_item_add_subtree(ti, ett_bgp_option);
1112 i = tvb_get_ntohs(tvb, *p);
1113 proto_tree_add_text(subtree, tvb, *p,
1114 2, "Address family identifier: %s (%u)",
1115 val_to_str(i, afn_vals, "Unknown"), i);
1118 proto_tree_add_text(subtree, tvb, *p, 1, "Reserved: 1 byte");
1121 i = tvb_get_guint8(tvb, *p);
1122 proto_tree_add_text(subtree, tvb, *p,
1123 1, "Subsequent address family identifier: %s (%u)",
1124 val_to_str(i, bgpattr_nlri_safi,
1125 i >= 128 ? "Vendor specific" : "Unknown"), i);
1129 case BGP_CAPABILITY_GRACEFUL_RESTART:
1130 proto_tree_add_text(tree, tvb, *p - 2, 1,
1131 "Capability code: %s (%d)", val_to_str(ctype,
1132 capability_vals, "Unknown capability"), ctype);
1134 proto_tree_add_text(tree, tvb, *p,
1135 clen, "Capability value: Invalid");
1138 proto_tree_add_text(tree, tvb, *p - 1,
1139 1, "Capability length: %u %s", clen,
1140 (clen == 1) ? "byte" : "bytes");
1141 ti = proto_tree_add_text(tree, tvb, *p, clen, "Capability value");
1142 subtree = proto_item_add_subtree(ti, ett_bgp_option);
1144 i = tvb_get_ntohs(tvb, *p);
1145 proto_tree_add_text(subtree, tvb, *p,
1146 2, "Restart Flags: [%s], Restart Time %us",
1147 (i&0x8000) ? "R" : "none", i&0xfff);
1151 * what follows is alist of AFI/SAFI/flag triplets
1152 * read it until the TLV ends
1156 i = tvb_get_ntohs(tvb, *p);
1157 proto_tree_add_text(subtree, tvb, *p,
1158 2, "Address family identifier: %s (%u)",
1159 val_to_str(i, afn_vals, "Unknown"), i);
1162 i = tvb_get_guint8(tvb, *p);
1163 proto_tree_add_text(subtree, tvb, *p,
1164 1, "Subsequent address family identifier: %s (%u)",
1165 val_to_str(i, bgpattr_nlri_safi,
1166 i >= 128 ? "Vendor specific" : "Unknown"), i);
1169 i = tvb_get_guint8(tvb, *p);
1170 proto_tree_add_text(subtree, tvb, *p, 1,
1171 "Preserve forwarding state: %s",
1172 (i&0x80) ? "yes" : "no");
1179 case BGP_CAPABILITY_4_OCTET_AS_NUMBER:
1180 proto_tree_add_text(tree, tvb, *p - 2, 1,
1181 "Capability code: %s (%d)", val_to_str(ctype,
1182 capability_vals, "Unknown capability"), ctype);
1184 proto_tree_add_text(tree, tvb, *p,
1185 clen, "Capability value: Invalid");
1188 proto_tree_add_text(tree, tvb, *p - 1,
1189 1, "Capability length: %u %s", clen,
1190 (clen == 1) ? "byte" : "bytes");
1191 ti = proto_tree_add_text(tree, tvb, *p, clen, "Capability value");
1192 subtree = proto_item_add_subtree(ti, ett_bgp_option);
1193 proto_tree_add_text(subtree, tvb, *p, 4,
1194 "AS number: %d", tvb_get_ntohl(tvb, *p));
1198 case BGP_CAPABILITY_DYNAMIC_CAPABILITY:
1199 proto_tree_add_text(tree, tvb, *p - 2, 1,
1200 "Capability code: %s (%d)", val_to_str(ctype,
1201 capability_vals, "Unknown capability"), ctype);
1202 proto_tree_add_text(tree, tvb, *p - 1, 1,
1203 "Capability length: %u %s", clen,
1204 (clen == 1) ? "byte" : "bytes");
1206 ti = proto_tree_add_text(tree, tvb, *p, clen, "Capability value");
1207 subtree = proto_item_add_subtree(ti, ett_bgp_option);
1208 for (i = 0; (int)i <= clen; i++) {
1209 proto_tree_add_text(subtree, tvb, *p, 1,
1210 "Capability code: %s (%d)", val_to_str(ctype,
1211 capability_vals, "Unknown capability"),
1212 tvb_get_guint8(tvb, *p));
1217 case BGP_CAPABILITY_ROUTE_REFRESH_CISCO:
1218 case BGP_CAPABILITY_ROUTE_REFRESH:
1219 proto_tree_add_text(tree, tvb, *p - 2, 1,
1220 "Capability code: %s (%d)", val_to_str(ctype,
1221 capability_vals, "Unknown capability"), ctype);
1223 proto_tree_add_text(tree, tvb, *p,
1224 clen, "Capability value: Invalid");
1227 proto_tree_add_text(tree, tvb, *p - 1,
1228 1, "Capability length: %u %s", clen,
1229 (clen == 1) ? "byte" : "bytes");
1233 case BGP_CAPABILITY_ORF_CISCO:
1234 case BGP_CAPABILITY_COOPERATIVE_ROUTE_FILTERING:
1235 proto_tree_add_text(tree, tvb, *p - 2, 1,
1236 "Capability code: %s (%d)", val_to_str(ctype,
1237 capability_vals, "Unknown capability"), ctype);
1238 proto_tree_add_text(tree, tvb, *p - 1,
1239 1, "Capability length: %u %s", clen,
1240 (clen == 1) ? "byte" : "bytes");
1241 ti = proto_tree_add_text(tree, tvb, *p, clen, "Capability value");
1242 subtree = proto_item_add_subtree(ti, ett_bgp_option);
1244 i = tvb_get_ntohs(tvb, *p);
1245 proto_tree_add_text(subtree, tvb, *p,
1246 2, "Address family identifier: %s (%u)",
1247 val_to_str(i, afn_vals, "Unknown"), i);
1250 proto_tree_add_text(subtree, tvb, *p, 1, "Reserved: 1 byte");
1253 i = tvb_get_guint8(tvb, *p);
1254 proto_tree_add_text(subtree, tvb, *p,
1255 1, "Subsequent address family identifier: %s (%u)",
1256 val_to_str(i, bgpattr_nlri_safi,
1257 i >= 128 ? "Vendor specific" : "Unknown"), i);
1259 /* Number of ORFs */
1260 orfnum = tvb_get_guint8(tvb, *p);
1261 proto_tree_add_text(subtree, tvb, *p, 1, "Number of ORFs: %u", orfnum);
1263 for (i=0; i<orfnum; i++) {
1265 orftype = tvb_get_guint8(tvb, *p);
1266 proto_tree_add_text(subtree, tvb, *p, 1, "ORF Type: %s (%u)",
1267 val_to_str(orftype, orf_type_vals,"Unknown"), orftype);
1270 orfsendrecv = tvb_get_guint8(tvb, *p);
1271 proto_tree_add_text(subtree, tvb, *p,
1272 1, "Send/Receive: %s (%u)",
1273 val_to_str(orfsendrecv, orf_send_recv_vals,
1274 "Uknown"), orfsendrecv);
1278 /* unknown capability */
1280 proto_tree_add_text(tree, tvb, *p - 2, 1,
1281 "Capability code: %s (%d)", val_to_str(ctype,
1282 capability_vals, "Unknown capability"), ctype);
1283 proto_tree_add_text(tree, tvb, *p - 2,
1284 1, "Capability code: %s (%d)",
1285 ctype >= 128 ? "Private use" : "Unknown", ctype);
1286 proto_tree_add_text(tree, tvb, *p - 1,
1287 1, "Capability length: %u %s", clen,
1288 (clen == 1) ? "byte" : "bytes");
1290 proto_tree_add_text(tree, tvb, *p,
1291 clen, "Capability value: Unknown");
1300 * Dissect a BGP OPEN message.
1302 static const value_string community_vals[] = {
1303 { BGP_COMM_NO_EXPORT, "NO_EXPORT" },
1304 { BGP_COMM_NO_ADVERTISE, "NO_ADVERTISE" },
1305 { BGP_COMM_NO_EXPORT_SUBCONFED, "NO_EXPORT_SUBCONFED" },
1310 dissect_bgp_open(tvbuff_t *tvb, proto_tree *tree)
1312 struct bgp_open bgpo; /* BGP OPEN message */
1313 int hlen; /* message length */
1314 int ptype; /* parameter type */
1315 int plen; /* parameter length */
1316 int ctype; /* capability type */
1317 int clen; /* capability length */
1318 int cend; /* capabilities end */
1319 int ostart; /* options start */
1320 int oend; /* options end */
1321 int p; /* tvb offset counter */
1322 proto_item *ti; /* tree item */
1323 proto_tree *subtree; /* subtree for options */
1324 proto_tree *subtree1; /* subtree for an option */
1325 proto_tree *subtree2; /* subtree for an option */
1327 /* snarf OPEN message */
1328 tvb_memcpy(tvb, bgpo.bgpo_marker, 0, BGP_MIN_OPEN_MSG_SIZE);
1329 hlen = g_ntohs(bgpo.bgpo_len);
1331 proto_tree_add_text(tree, tvb,
1332 offsetof(struct bgp_open, bgpo_version), 1,
1333 "Version: %u", bgpo.bgpo_version);
1334 proto_tree_add_text(tree, tvb,
1335 offsetof(struct bgp_open, bgpo_myas), 2,
1336 "My AS: %u", g_ntohs(bgpo.bgpo_myas));
1337 proto_tree_add_text(tree, tvb,
1338 offsetof(struct bgp_open, bgpo_holdtime), 2,
1339 "Hold time: %u", g_ntohs(bgpo.bgpo_holdtime));
1340 proto_tree_add_text(tree, tvb,
1341 offsetof(struct bgp_open, bgpo_id), 4,
1342 "BGP identifier: %s", ip_to_str((guint8 *)&bgpo.bgpo_id));
1343 proto_tree_add_text(tree, tvb,
1344 offsetof(struct bgp_open, bgpo_optlen), 1,
1345 "Optional parameters length: %u %s", bgpo.bgpo_optlen,
1346 (bgpo.bgpo_optlen == 1) ? "byte" : "bytes");
1348 /* optional parameters */
1349 if (bgpo.bgpo_optlen > 0) {
1350 /* add a subtree and setup some offsets */
1351 ostart = BGP_MIN_OPEN_MSG_SIZE;
1352 ti = proto_tree_add_text(tree, tvb, ostart, bgpo.bgpo_optlen,
1353 "Optional parameters");
1354 subtree = proto_item_add_subtree(ti, ett_bgp_options);
1356 oend = p + bgpo.bgpo_optlen;
1358 /* step through all of the optional parameters */
1361 /* grab the type and length */
1362 ptype = tvb_get_guint8(tvb, p++);
1363 plen = tvb_get_guint8(tvb, p++);
1365 /* check the type */
1367 case BGP_OPTION_AUTHENTICATION:
1368 proto_tree_add_text(subtree, tvb, p - 2, 2 + plen,
1369 "Authentication information (%u %s)", plen,
1370 (plen == 1) ? "byte" : "bytes");
1372 case BGP_OPTION_CAPABILITY:
1373 /* grab the capability code */
1374 cend = p - 1 + plen;
1375 ctype = tvb_get_guint8(tvb, p++);
1376 clen = tvb_get_guint8(tvb, p++);
1377 ti = proto_tree_add_text(subtree, tvb, p - 4,
1378 2 + plen, "Capabilities Advertisement (%u bytes)",
1380 subtree1 = proto_item_add_subtree(ti, ett_bgp_option);
1381 proto_tree_add_text(subtree1, tvb, p - 4,
1382 1, "Parameter type: Capabilities (2)");
1383 proto_tree_add_text(subtree1, tvb, p - 3,
1384 1, "Parameter length: %u %s", plen,
1385 (plen == 1) ? "byte" : "bytes");
1388 /* step through all of the capabilities */
1390 ctype = tvb_get_guint8(tvb, p++);
1391 clen = tvb_get_guint8(tvb, p++);
1393 ti = proto_tree_add_text(subtree1, tvb, p - 2,
1394 2 + clen, "%s (%u %s)", val_to_str(ctype,
1395 capability_vals, "Unknown capability"),
1396 2 + clen, (clen == 1) ? "byte" : "bytes");
1397 subtree2 = proto_item_add_subtree(ti, ett_bgp_option);
1398 dissect_bgp_capability_item(tvb, &p,
1399 subtree2, ctype, clen);
1403 proto_tree_add_text(subtree, tvb, p - 2, 2 + plen,
1404 "Unknown optional parameter");
1412 * Dissect a BGP UPDATE message.
1415 dissect_bgp_update(tvbuff_t *tvb, proto_tree *tree)
1417 struct bgp_attr bgpa; /* path attributes */
1418 guint16 hlen; /* message length */
1419 gint o; /* packet offset */
1421 gint end; /* message end */
1422 guint16 ext_com; /* EXTENDED COMMUNITY type */
1423 guint16 len; /* tmp */
1424 int advance; /* tmp */
1425 proto_item *ti; /* tree item */
1426 proto_tree *subtree; /* subtree for attributes */
1427 proto_tree *subtree2; /* subtree for attributes */
1428 proto_tree *subtree3; /* subtree for attributes */
1429 proto_tree *subtree4; /* subtree for attributes */
1430 proto_tree *as_paths_tree; /* subtree for AS_PATHs */
1431 proto_tree *as_path_tree; /* subtree for AS_PATH */
1432 proto_tree *as_path_segment_tree; /* subtree for AS_PATH segments */
1433 proto_tree *communities_tree; /* subtree for COMMUNITIES */
1434 proto_tree *community_tree; /* subtree for a community */
1435 proto_tree *cluster_list_tree; /* subtree for CLUSTER_LIST */
1437 guint8 length; /* AS_PATH length */
1438 guint8 type; /* AS_PATH type */
1439 guint32 as_path_item; /* item in AS_PATH segment */
1440 static GString *as_path_gstr = NULL; /* AS_PATH GString */
1441 static GString *communities_gstr = NULL; /* COMMUNITIES GString */
1442 static GString *cluster_list_gstr = NULL; /* CLUSTER_LIST GString */
1443 static GString *junk_gbuf = NULL; /* tmp */
1444 guint8 ipaddr[4]; /* IPv4 address */
1445 guint32 aggregator_as;
1446 guint16 ssa_type; /* SSA T + Type */
1447 guint16 ssa_len; /* SSA TLV Length */
1448 guint8 ssa_v3_len; /* SSA L2TPv3 Cookie Length */
1450 hlen = tvb_get_ntohs(tvb, BGP_MARKER_SIZE);
1451 o = BGP_HEADER_SIZE;
1452 if (junk_gbuf == NULL)
1453 junk_gbuf = g_string_sized_new(0);
1455 /* check for withdrawals */
1456 len = tvb_get_ntohs(tvb, o);
1457 proto_tree_add_text(tree, tvb, o, 2,
1458 "Unfeasible routes length: %u %s", len, (len == 1) ? "byte" : "bytes");
1461 /* parse unfeasible prefixes */
1463 ti = proto_tree_add_text(tree, tvb, o, len, "Withdrawn routes:");
1464 subtree = proto_item_add_subtree(ti, ett_bgp_unfeas);
1466 /* parse each prefix */
1469 i = decode_prefix4(subtree, hf_bgp_withdrawn_prefix, tvb, o, len,
1477 /* check for advertisements */
1478 len = tvb_get_ntohs(tvb, o);
1479 proto_tree_add_text(tree, tvb, o, 2, "Total path attribute length: %u %s",
1480 len, (len == 1) ? "byte" : "bytes");
1482 /* path attributes */
1484 ti = proto_tree_add_text(tree, tvb, o + 2, len, "Path attributes");
1485 subtree = proto_item_add_subtree(ti, ett_bgp_attrs);
1491 guint16 alen, tlen, aoff;
1497 tvb_memcpy(tvb, (guint8 *)&bgpa, o + i, sizeof(bgpa));
1498 /* check for the Extended Length bit */
1499 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_EXTENDED_LENGTH) {
1500 alen = tvb_get_ntohs(tvb, o + i + sizeof(bgpa));
1501 aoff = sizeof(bgpa) + 2;
1503 alen = tvb_get_guint8(tvb, o + i + sizeof(bgpa));
1504 aoff = sizeof(bgpa) + 1;
1508 /* This is kind of ugly - similar code appears twice, but it
1509 helps browsing attrs. */
1510 /* the first switch prints things in the title of the subtree */
1511 switch (bgpa.bgpa_type) {
1512 case BGPTYPE_ORIGIN:
1514 goto default_attribute_top;
1515 msg = val_to_str(tvb_get_guint8(tvb, o + i + aoff), bgpattr_origin, "Unknown");
1516 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1518 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1519 msg, tlen + aoff, (tlen + aoff == 1) ? "byte" :
1522 case BGPTYPE_AS_PATH:
1523 case BGPTYPE_NEW_AS_PATH:
1525 (o + current attribute + aoff bytes to first tuple) */
1528 /* must be freed by second switch! */
1529 /* "tlen * 11" (10 digits + space) should be a good estimate
1530 of how long the AS path string could be */
1531 if (as_path_gstr == NULL)
1532 as_path_gstr = g_string_sized_new((tlen + 1) * 11);
1533 if (as_path_gstr == NULL) break;
1534 g_string_truncate(as_path_gstr, 0);
1536 /* estimate the length of the AS number */
1537 if (bgpa.bgpa_type == BGPTYPE_NEW_AS_PATH)
1540 if (bgp_asn_len == 0) {
1544 length = tvb_get_guint8(tvb, k++);
1547 asn_len = (k == end) ? 2 : 4;
1550 asn_len = bgp_asn_len;
1554 /* snarf each AS path */
1556 type = tvb_get_guint8(tvb, q++);
1557 if (as_path_gstr->len > 1 &&
1558 as_path_gstr->str[as_path_gstr->len - 1] != ' ')
1559 g_string_append_c(as_path_gstr, ' ');
1560 if (type == AS_SET) {
1561 g_string_append_c(as_path_gstr, '{');
1563 else if (type == AS_CONFED_SET) {
1564 g_string_append_c(as_path_gstr, '[');
1566 else if (type == AS_CONFED_SEQUENCE) {
1567 g_string_append_c(as_path_gstr, '(');
1569 length = tvb_get_guint8(tvb, q++);
1571 /* snarf each value in path */
1572 for (j = 0; j < length; j++) {
1573 g_string_sprintfa(as_path_gstr, "%u%s",
1575 tvb_get_ntohs(tvb, q) : tvb_get_ntohl(tvb, q),
1576 (type == AS_SET || type == AS_CONFED_SET) ?
1581 /* cleanup end of string */
1582 if (type == AS_SET) {
1583 g_string_truncate(as_path_gstr, as_path_gstr->len - 2);
1584 g_string_append_c(as_path_gstr, '}');
1586 else if (type == AS_CONFED_SET) {
1587 g_string_truncate(as_path_gstr, as_path_gstr->len - 2);
1588 g_string_append_c(as_path_gstr, ']');
1590 else if (type == AS_CONFED_SEQUENCE) {
1591 g_string_truncate(as_path_gstr, as_path_gstr->len - 1);
1592 g_string_append_c(as_path_gstr, ')');
1595 g_string_truncate(as_path_gstr, as_path_gstr->len - 1);
1599 /* check for empty AS_PATH */
1601 g_string_sprintf(as_path_gstr, "empty");
1603 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1605 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1606 as_path_gstr->str, tlen + aoff,
1607 (tlen + aoff == 1) ? "byte" : "bytes");
1609 case BGPTYPE_NEXT_HOP:
1611 goto default_attribute_top;
1612 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
1613 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1615 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1616 ip_to_str(ipaddr), tlen + aoff, (tlen + aoff == 1)
1617 ? "byte" : "bytes");
1619 case BGPTYPE_MULTI_EXIT_DISC:
1621 goto default_attribute_top;
1622 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1624 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1625 tvb_get_ntohl(tvb, o + i + aoff), tlen + aoff,
1626 (tlen + aoff == 1) ? "byte" : "bytes");
1628 case BGPTYPE_LOCAL_PREF:
1630 goto default_attribute_top;
1631 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1633 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1634 tvb_get_ntohl(tvb, o + i + aoff), tlen + aoff,
1635 (tlen + aoff == 1) ? "byte" : "bytes");
1637 case BGPTYPE_ATOMIC_AGGREGATE:
1639 goto default_attribute_top;
1640 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1642 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1643 tlen + aoff, (tlen + aoff == 1) ? "byte" : "bytes");
1645 case BGPTYPE_AGGREGATOR:
1646 if (tlen != 6 && tlen != 8)
1647 goto default_attribute_top;
1648 case BGPTYPE_NEW_AGGREGATOR:
1649 if (bgpa.bgpa_type == BGPTYPE_NEW_AGGREGATOR && tlen != 8)
1650 goto default_attribute_top;
1652 tvb_memcpy(tvb, ipaddr, o + i + aoff + asn_len, 4);
1653 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1654 "%s: AS: %u origin: %s (%u %s)",
1655 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1656 (asn_len == 2) ? tvb_get_ntohs(tvb, o + i + aoff) :
1657 tvb_get_ntohl(tvb, o + i + aoff),
1658 ip_to_str(ipaddr), tlen + aoff,
1659 (tlen + aoff == 1) ? "byte" : "bytes");
1661 case BGPTYPE_COMMUNITIES:
1663 goto default_attribute_top;
1666 (o + current attribute + aoff bytes to first tuple) */
1669 /* must be freed by second switch! */
1670 /* "tlen * 12" (5 digits, a :, 5 digits + space ) should be
1671 a good estimate of how long the communities string could
1673 if (communities_gstr == NULL)
1674 communities_gstr = g_string_sized_new((tlen + 1) * 12);
1675 if (communities_gstr == NULL) break;
1676 g_string_truncate(communities_gstr, 0);
1678 /* snarf each community */
1680 /* check for well-known communities */
1681 if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT)
1682 g_string_append(communities_gstr, "NO_EXPORT ");
1683 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_ADVERTISE)
1684 g_string_append(communities_gstr, "NO_ADVERTISE ");
1685 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT_SUBCONFED)
1686 g_string_append(communities_gstr, "NO_EXPORT_SUBCONFED ");
1688 g_string_sprintfa(communities_gstr, "%u:%u ",
1689 tvb_get_ntohs(tvb, q),
1690 tvb_get_ntohs(tvb, q + 2));
1694 /* cleanup end of string */
1695 g_string_truncate(communities_gstr, communities_gstr->len - 1);
1697 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1699 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1700 communities_gstr->str, tlen + aoff,
1701 (tlen + aoff == 1) ? "byte" : "bytes");
1703 case BGPTYPE_ORIGINATOR_ID:
1705 goto default_attribute_top;
1706 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
1707 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1709 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1710 ip_to_str(ipaddr), tlen + aoff, (tlen + aoff == 1)
1711 ? "byte" : "bytes");
1713 case BGPTYPE_CLUSTER_LIST:
1715 goto default_attribute_top;
1718 (o + current attribute + aoff bytes to first tuple) */
1721 /* must be freed by second switch! */
1722 /* "tlen * 16" (12 digits, 3 dots + space ) should be
1723 a good estimate of how long the cluster_list string could
1725 if (cluster_list_gstr == NULL)
1726 cluster_list_gstr = g_string_sized_new((tlen + 1) * 16);
1727 if (cluster_list_gstr == NULL) break;
1728 g_string_truncate(cluster_list_gstr, 0);
1730 /* snarf each cluster list */
1731 tvb_memcpy(tvb, ipaddr, q, 4);
1733 g_string_sprintfa(cluster_list_gstr, "%s ", ip_to_str(ipaddr));
1736 /* cleanup end of string */
1737 g_string_truncate(cluster_list_gstr, cluster_list_gstr->len - 1);
1739 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1741 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1742 cluster_list_gstr->str, tlen + aoff,
1743 (tlen + aoff == 1) ? "byte" : "bytes");
1745 case BGPTYPE_EXTENDED_COMMUNITY:
1748 ti = proto_tree_add_text(subtree,tvb,o+i,tlen+aoff,
1750 val_to_str(bgpa.bgpa_type,bgpattr_type,"Unknown"),
1752 (tlen + aoff == 1) ? "byte" : "bytes");
1754 case BGPTYPE_SAFI_SPECIFIC_ATTR:
1755 ti = proto_tree_add_text(subtree,tvb,o+i,tlen+aoff,
1757 val_to_str(bgpa.bgpa_type,bgpattr_type,"Unknown"),
1759 (tlen + aoff == 1) ? "byte" : "bytes");
1763 default_attribute_top:
1764 ti = proto_tree_add_text(subtree, tvb, o + i, tlen + aoff,
1766 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1767 tlen + aoff, (tlen + aoff == 1) ? "byte" : "bytes");
1768 } /* end of first switch */
1769 subtree2 = proto_item_add_subtree(ti, ett_bgp_attr);
1771 /* figure out flags */
1772 g_string_truncate(junk_gbuf, 0);
1773 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_OPTIONAL) {
1774 g_string_append(junk_gbuf, "Optional, ");
1777 g_string_append(junk_gbuf, "Well-known, ");
1779 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_TRANSITIVE) {
1780 g_string_append(junk_gbuf, "Transitive, ");
1783 g_string_append(junk_gbuf, "Non-transitive, ");
1785 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_PARTIAL) {
1786 g_string_append(junk_gbuf, "Partial, ");
1789 g_string_append(junk_gbuf, "Complete, ");
1791 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_EXTENDED_LENGTH) {
1792 g_string_append(junk_gbuf, "Extended Length, ");
1794 /* stomp last ", " */
1795 g_string_truncate(junk_gbuf, junk_gbuf->len - 2);
1796 ti = proto_tree_add_text(subtree2, tvb,
1797 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1798 "Flags: 0x%02x (%s)", bgpa.bgpa_flags, junk_gbuf->str);
1799 subtree3 = proto_item_add_subtree(ti, ett_bgp_attr_flags);
1801 /* add flag bitfield subtrees */
1802 proto_tree_add_text(subtree3, tvb,
1803 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1804 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1805 BGP_ATTR_FLAG_OPTIONAL, 8, "Optional", "Well-known"));
1806 proto_tree_add_text(subtree3, tvb,
1807 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1808 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1809 BGP_ATTR_FLAG_TRANSITIVE, 8, "Transitive",
1811 proto_tree_add_text(subtree3, tvb,
1812 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1813 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1814 BGP_ATTR_FLAG_PARTIAL, 8, "Partial", "Complete"));
1815 proto_tree_add_text(subtree3, tvb,
1816 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1817 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1818 BGP_ATTR_FLAG_EXTENDED_LENGTH, 8, "Extended length",
1821 proto_tree_add_text(subtree2, tvb,
1822 o + i + offsetof(struct bgp_attr, bgpa_type), 1,
1823 "Type code: %s (%u)",
1824 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1827 proto_tree_add_text(subtree2, tvb, o + i + sizeof(bgpa),
1828 aoff - sizeof(bgpa), "Length: %d %s", tlen,
1829 (tlen == 1) ? "byte" : "bytes");
1831 /* the second switch prints things in the actual subtree of each
1833 switch (bgpa.bgpa_type) {
1834 case BGPTYPE_ORIGIN:
1836 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1837 "Origin (invalid): %u %s", tlen,
1838 (tlen == 1) ? "byte" : "bytes");
1840 proto_tree_add_item(subtree2, hf_bgp_origin, tvb,
1841 o + i + aoff, 1, FALSE);
1844 case BGPTYPE_AS_PATH:
1845 case BGPTYPE_NEW_AS_PATH:
1846 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1847 "AS path: %s", as_path_gstr->str);
1848 as_paths_tree = proto_item_add_subtree(ti, ett_bgp_as_paths);
1851 (o + current attribute + aoff bytes to first tuple) */
1855 /* snarf each AS path tuple, we have to step through each one
1856 again to make a separate subtree so we can't just reuse
1857 as_path_gstr from above */
1858 /* XXX - Can we use some g_string*() trickery instead, e.g.
1859 g_string_erase()? */
1861 g_string_truncate(as_path_gstr, 0);
1862 type = tvb_get_guint8(tvb, q++);
1863 if (type == AS_SET) {
1864 g_string_append_c(as_path_gstr, '{');
1866 else if (type == AS_CONFED_SET) {
1867 g_string_append_c(as_path_gstr, '[');
1869 else if (type == AS_CONFED_SEQUENCE) {
1870 g_string_append_c(as_path_gstr, '(');
1872 length = tvb_get_guint8(tvb, q++);
1874 /* snarf each value in path */
1875 for (j = 0; j < length; j++) {
1876 g_string_sprintfa(as_path_gstr, "%u%s",
1878 tvb_get_ntohs(tvb, q) : tvb_get_ntohl(tvb, q),
1879 (type == AS_SET || type == AS_CONFED_SET) ? ", " : " ");
1883 /* cleanup end of string */
1884 if (type == AS_SET) {
1885 g_string_truncate(as_path_gstr, as_path_gstr->len - 2);
1886 g_string_append_c(as_path_gstr, '}');
1888 else if (type == AS_CONFED_SET) {
1889 g_string_truncate(as_path_gstr, as_path_gstr->len - 2);
1890 g_string_append_c(as_path_gstr, ']');
1892 else if (type == AS_CONFED_SEQUENCE) {
1893 g_string_truncate(as_path_gstr, as_path_gstr->len - 1);
1894 g_string_append_c(as_path_gstr, ')');
1897 g_string_truncate(as_path_gstr, as_path_gstr->len - 1);
1900 /* length here means number of ASs, ie length * 2 bytes */
1901 ti = proto_tree_add_text(as_paths_tree, tvb,
1902 q - length * asn_len - 2,
1903 length * asn_len + 2, "AS path segment: %s", as_path_gstr->str);
1904 as_path_tree = proto_item_add_subtree(ti, ett_bgp_as_paths);
1905 proto_tree_add_text(as_path_tree, tvb, q - length * asn_len - 2,
1906 1, "Path segment type: %s (%u)",
1907 val_to_str(type, as_segment_type, "Unknown"), type);
1908 proto_tree_add_text(as_path_tree, tvb, q - length * asn_len - 1,
1909 1, "Path segment length: %u %s", length,
1910 (length == 1) ? "AS" : "ASs");
1912 /* backup and reprint path segment value(s) only */
1913 q -= asn_len * length;
1914 ti = proto_tree_add_text(as_path_tree, tvb, q,
1915 length * asn_len, "Path segment value:");
1916 as_path_segment_tree = proto_item_add_subtree(ti,
1917 ett_bgp_as_path_segments);
1918 for (j = 0; j < length; j++) {
1919 as_path_item = (asn_len == 2) ?
1920 tvb_get_ntohs(tvb, q) : tvb_get_ntohl(tvb, q);
1921 proto_item_append_text(ti, " %u", as_path_item);
1922 proto_tree_add_uint_hidden(as_path_tree, hf_bgp_as_path, tvb,
1923 q, asn_len, as_path_item);
1929 case BGPTYPE_NEXT_HOP:
1931 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1932 "Next hop (invalid): %u %s", tlen,
1933 (tlen == 1) ? "byte" : "bytes");
1935 proto_tree_add_item(subtree2, hf_bgp_next_hop, tvb,
1936 o + i + aoff, tlen, FALSE);
1939 case BGPTYPE_MULTI_EXIT_DISC:
1941 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1942 "Multiple exit discriminator (invalid): %u %s",
1943 tlen, (tlen == 1) ? "byte" : "bytes");
1945 proto_tree_add_item(subtree2, hf_bgp_multi_exit_disc, tvb,
1946 o + i + aoff, tlen, FALSE);
1949 case BGPTYPE_LOCAL_PREF:
1951 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1952 "Local preference (invalid): %u %s", tlen,
1953 (tlen == 1) ? "byte" : "bytes");
1955 proto_tree_add_item(subtree2, hf_bgp_local_pref, tvb,
1956 o + i + aoff, tlen, FALSE);
1959 case BGPTYPE_ATOMIC_AGGREGATE:
1961 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1962 "Atomic aggregate (invalid): %u %s", tlen,
1963 (tlen == 1) ? "byte" : "bytes");
1966 case BGPTYPE_AGGREGATOR:
1967 if (tlen != 6 && tlen != 8) {
1968 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1969 "Aggregator (invalid): %u %s", tlen,
1970 (tlen == 1) ? "byte" : "bytes");
1973 case BGPTYPE_NEW_AGGREGATOR:
1974 if (bgpa.bgpa_type == BGPTYPE_NEW_AGGREGATOR && tlen != 8)
1975 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1976 "Aggregator (invalid): %u %s", tlen,
1977 (tlen == 1) ? "byte" : "bytes");
1980 aggregator_as = (asn_len == 2) ?
1981 tvb_get_ntohs(tvb, o + i + aoff) :
1982 tvb_get_ntohl(tvb, o + i + aoff);
1983 proto_tree_add_uint(subtree2, hf_bgp_aggregator_as, tvb,
1984 o + i + aoff, asn_len, aggregator_as);
1985 proto_tree_add_item(subtree2, hf_bgp_aggregator_origin, tvb,
1986 o + i + aoff + asn_len, 4, FALSE);
1989 case BGPTYPE_COMMUNITIES:
1990 if (tlen % 4 != 0) {
1991 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1992 "Communities (invalid): %u %s", tlen,
1993 (tlen == 1) ? "byte" : "bytes");
1997 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
1998 "Communities: %s", communities_gstr->str);
1999 communities_tree = proto_item_add_subtree(ti,
2000 ett_bgp_communities);
2003 (o + current attribute + aoff bytes to first tuple) */
2007 /* snarf each community */
2009 /* check for reserved values */
2010 guint32 community = tvb_get_ntohl(tvb, q);
2011 if ((community & 0xFFFF0000) == FOURHEX0 ||
2012 (community & 0xFFFF0000) == FOURHEXF) {
2013 proto_tree_add_text(communities_tree, tvb,
2015 "Community: %s (0x%08x)",
2016 val_to_str(community, community_vals, "(reserved)"),
2020 ti = proto_tree_add_text(communities_tree, tvb,
2021 q - 3 + aoff, 4, "Community: %u:%u",
2022 tvb_get_ntohs(tvb, q), tvb_get_ntohs(tvb, q + 2));
2023 community_tree = proto_item_add_subtree(ti,
2024 ett_bgp_communities);
2025 proto_tree_add_item(community_tree, hf_bgp_community_as,
2026 tvb, q - 3 + aoff, 2, FALSE);
2027 proto_tree_add_item(community_tree, hf_bgp_community_value,
2028 tvb, q - 1 + aoff, 2, FALSE);
2035 case BGPTYPE_ORIGINATOR_ID:
2037 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
2038 "Originator identifier (invalid): %u %s", tlen,
2039 (tlen == 1) ? "byte" : "bytes");
2041 proto_tree_add_item(subtree2, hf_bgp_originator_id, tvb,
2042 o + i + aoff, tlen, FALSE);
2045 case BGPTYPE_MP_REACH_NLRI:
2047 * RFC 2545 specifies that there may be more than one
2048 * address in the MP_REACH_NLRI attribute in section
2049 * 3, "Constructing the Next Hop field".
2051 * Yes, RFC 2858 says you can't do that, and, yes, RFC
2052 * 2858 obsoletes RFC 2283, which says you can do that,
2053 * but that doesn't mean we shouldn't dissect packets
2054 * that conform to RFC 2283 but not RFC 2858, as some
2055 * device on the network might implement the 2283-style
2056 * BGP extensions rather than RFC 2858-style extensions.
2058 af = tvb_get_ntohs(tvb, o + i + aoff);
2059 proto_tree_add_text(subtree2, tvb, o + i + aoff, 2,
2060 "Address family: %s (%u)",
2061 val_to_str(af, afn_vals, "Unknown"), af);
2062 saf = tvb_get_guint8(tvb, o + i + aoff + 2) ;
2063 proto_tree_add_text(subtree2, tvb, o + i + aoff + 2, 1,
2064 "Subsequent address family identifier: %s (%u)",
2065 val_to_str(saf, bgpattr_nlri_safi, saf >= 128 ? "Vendor specific" : "Unknown"),
2067 nexthop_len = tvb_get_guint8(tvb, o + i + aoff + 3);
2068 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff + 3,
2070 "Next hop network address (%d %s)",
2071 nexthop_len, plurality(nexthop_len, "byte", "bytes"));
2072 subtree3 = proto_item_add_subtree(ti, ett_bgp_mp_nhna);
2073 if (af != AFNUM_INET && af != AFNUM_INET6 && af != AFNUM_L2VPN) {
2075 * The addresses don't contain lengths, so if we
2076 * don't understand the address family type, we
2077 * cannot parse the subsequent addresses as we
2078 * don't know how long they are.
2080 proto_tree_add_text(subtree3, tvb, o + i + aoff + 4,
2081 nexthop_len, "Unknown Address Family");
2084 while (j < nexthop_len) {
2085 advance = mp_addr_to_str(af, saf, tvb, o + i + aoff + 4 + j,
2087 if (advance == 0) /* catch if this is a unknown AFI type*/
2089 if (j + advance > nexthop_len)
2091 proto_tree_add_text(subtree3, tvb,o + i + aoff + 4 + j,
2092 advance, "Next hop: %s (%u)", junk_gbuf->str, advance);
2096 tlen -= nexthop_len + 4;
2097 aoff += nexthop_len + 4 ;
2100 snpa = tvb_get_guint8(tvb, o + i + aoff);
2101 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, 1,
2102 "Subnetwork points of attachment: %u", snpa);
2105 subtree3 = proto_item_add_subtree(ti, ett_bgp_mp_snpa);
2106 for (/*nothing*/; snpa > 0; snpa--) {
2107 proto_tree_add_text(subtree3, tvb, o + i + aoff + off, 1,
2108 "SNPA length: %u", tvb_get_guint8(tvb, o + i + aoff + off));
2110 proto_tree_add_text(subtree3, tvb, o + i + aoff + off,
2111 tvb_get_guint8(tvb, o + i + aoff + off - 1),
2112 "SNPA (%u %s)", tvb_get_guint8(tvb, o + i + aoff + off - 1),
2113 (tvb_get_guint8(tvb, o + i + aoff + off - 1) == 1) ? "byte" : "bytes");
2114 off += tvb_get_guint8(tvb, o + i + aoff + off - 1);
2120 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
2121 "Network layer reachability information (%u %s)",
2122 tlen, (tlen == 1) ? "byte" : "bytes");
2124 subtree3 = proto_item_add_subtree(ti,ett_bgp_mp_reach_nlri);
2125 if (af != AFNUM_INET && af != AFNUM_INET6 && af != AFNUM_L2VPN) {
2126 proto_tree_add_text(subtree3, tvb, o + i + aoff,
2127 tlen, "Unknown Address Family");
2130 advance = decode_prefix_MP(subtree3,
2131 hf_bgp_mp_reach_nlri_ipv4_prefix,
2134 tvb, o + i + aoff, "MP Reach NLRI");
2143 case BGPTYPE_MP_UNREACH_NLRI:
2144 af = tvb_get_ntohs(tvb, o + i + aoff);
2145 proto_tree_add_text(subtree2, tvb, o + i + aoff, 2,
2146 "Address family: %s (%u)",
2147 val_to_str(af, afn_vals, "Unknown"), af);
2148 saf = tvb_get_guint8(tvb, o + i + aoff + 2) ;
2149 proto_tree_add_text(subtree2, tvb, o + i + aoff + 2, 1,
2150 "Subsequent address family identifier: %s (%u)",
2151 val_to_str(saf, bgpattr_nlri_safi, saf >= 128 ? "Vendor specific" : "Unknown"),
2153 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff + 3,
2154 tlen - 3, "Withdrawn routes (%u %s)", tlen - 3,
2155 (tlen - 3 == 1) ? "byte" : "bytes");
2160 subtree3 = proto_item_add_subtree(ti,ett_bgp_mp_unreach_nlri);
2163 advance = decode_prefix_MP(subtree3,
2164 hf_bgp_mp_unreach_nlri_ipv4_prefix,
2167 tvb, o + i + aoff, "MP Unreach NLRI");
2175 case BGPTYPE_CLUSTER_LIST:
2176 if (tlen % 4 != 0) {
2177 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
2178 "Cluster list (invalid): %u %s", tlen,
2179 (tlen == 1) ? "byte" : "bytes");
2183 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
2184 "Cluster list: %s", cluster_list_gstr->str);
2185 cluster_list_tree = proto_item_add_subtree(ti,
2186 ett_bgp_cluster_list);
2189 (o + current attribute + aoff bytes to first tuple) */
2193 /* snarf each cluster identifier */
2195 proto_tree_add_item(cluster_list_tree, hf_bgp_cluster_list,
2196 tvb, q - 3 + aoff, 4, FALSE);
2201 case BGPTYPE_EXTENDED_COMMUNITY:
2203 proto_tree_add_text(subtree3, tvb, o + i + aoff, tlen, "Extended community (invalid) : %u %s", tlen,
2204 (tlen == 1) ? "byte" : "bytes") ;
2207 end = o + i + aoff + tlen ;
2208 ti = proto_tree_add_text(subtree2,tvb,q,tlen, "Carried Extended communities");
2209 subtree3 = proto_item_add_subtree(ti,ett_bgp_extended_communities) ;
2212 ext_com = tvb_get_ntohs(tvb,q) ;
2213 g_string_sprintf(junk_gbuf, "%s",
2214 val_to_str(ext_com,bgpext_com_type,"Unknown"));
2216 case BGP_EXT_COM_RT_0:
2217 case BGP_EXT_COM_RT_2:
2218 case BGP_EXT_COM_RO_0:
2219 case BGP_EXT_COM_RO_2:
2220 g_string_sprintfa(junk_gbuf, ": %u%s%d",
2221 tvb_get_ntohs(tvb,q+2),":",tvb_get_ntohl(tvb,q+4));
2222 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2224 case BGP_EXT_COM_RT_1:
2225 case BGP_EXT_COM_RO_1:
2226 tvb_memcpy(tvb,ipaddr,q+2,4);
2227 g_string_sprintfa(junk_gbuf, ": %s%s%u",
2228 ip_to_str(ipaddr),":",tvb_get_ntohs(tvb,q+6));
2229 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2231 case BGP_EXT_COM_VPN_ORIGIN:
2232 case BGP_EXT_COM_OSPF_RID:
2233 tvb_memcpy(tvb,ipaddr,q+2,4);
2234 g_string_sprintfa(junk_gbuf, ": %s", ip_to_str(ipaddr));
2235 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2237 case BGP_EXT_COM_OSPF_RTYPE:
2238 tvb_memcpy(tvb,ipaddr,q+2,4);
2239 g_string_sprintfa(junk_gbuf, ": Area: %s, Type: %s", ip_to_str(ipaddr),
2240 val_to_str(tvb_get_guint8(tvb,q+6),bgpext_ospf_rtype,"Unknown"));
2241 /* print OSPF Metric type if selected */
2242 /* always print E2 even if not external route -- receiving router should ignore */
2243 if ( (tvb_get_guint8(tvb,q+7)) & BGP_OSPF_RTYPE_METRIC_TYPE ) {
2244 g_string_sprintfa(junk_gbuf," E2");
2245 } else if (tvb_get_guint8(tvb,q+6)==(BGP_OSPF_RTYPE_EXT ||BGP_OSPF_RTYPE_NSSA ) ) {
2246 g_string_sprintfa(junk_gbuf," E1");
2248 g_string_sprintfa(junk_gbuf,", no options");
2250 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2252 case BGP_EXT_COM_LINKBAND:
2253 tvb_memcpy(tvb,ipaddr,q+2,4); /* need to check on IEEE format on all platforms */
2254 g_string_sprintfa(junk_gbuf, ": %.3f Mbps",
2255 ((double)*ipaddr)*8/1000000);
2256 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2258 case BGP_EXT_COM_L2INFO:
2259 g_string_sprintfa(junk_gbuf,
2260 ": %s, Control Flags: %s%s%s%s%s, MTU: %u %s",
2261 val_to_str(tvb_get_guint8(tvb,q+2),bgp_l2vpn_encaps,"Unknown"),
2262 tvb_get_guint8(tvb,q+3) ? "" : "none",
2263 tvb_get_ntohs(tvb,q+3)&0x08 ? "Q" : "",
2264 tvb_get_ntohs(tvb,q+3)&0x04 ? "F" : "",
2265 tvb_get_ntohs(tvb,q+3)&0x02 ? "C" : "",
2266 tvb_get_ntohs(tvb,q+3)&0x01 ? "S" : "",
2267 tvb_get_ntohs(tvb,q+4),
2268 tvb_get_ntohs(tvb,q+4)==1 ? "byte" : "bytes");
2269 ti = proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2271 subtree4 = proto_item_add_subtree(ti,ett_bgp_extended_communities) ;
2272 proto_tree_add_text(subtree4,tvb,q+2,1, "Encapsulation: %s",
2273 val_to_str(tvb_get_guint8(tvb,q+2),bgp_l2vpn_encaps,"Unknown"));
2274 proto_tree_add_text(subtree4,tvb,q+3,1, "Control Flags: %s%sControl Word %s required, Sequenced delivery %s required",
2275 tvb_get_ntohs(tvb,q+3)&0x08 ? "Q flag (Reserved) set" : "",
2276 tvb_get_ntohs(tvb,q+3)&0x04 ? "F flag (reserved) set" : "",
2277 tvb_get_ntohs(tvb,q+3)&0x02 ? "is" : "not",
2278 tvb_get_ntohs(tvb,q+3)&0x01 ? "is" : "not");
2279 proto_tree_add_text(subtree4,tvb,q+4,2, "MTU: %u %s",
2280 tvb_get_ntohs(tvb,q+4),
2281 tvb_get_ntohs(tvb,q+4)==1 ? "byte" : "bytes");
2284 proto_tree_add_text(subtree3,tvb,q,8, "%s",junk_gbuf->str);
2291 case BGPTYPE_SAFI_SPECIFIC_ATTR:
2293 end = o + i + aoff + tlen ;
2296 ssa_type = tvb_get_ntohs(tvb, q) & BGP_SSA_TYPE;
2297 ssa_len = tvb_get_ntohs(tvb, q + 2);
2299 ti = proto_tree_add_text(subtree2, tvb, q, MIN(ssa_len + 4, end - q),
2301 val_to_str(ssa_type, bgp_ssa_type, "Unknown SSA"));
2302 subtree3 = proto_item_add_subtree(ti, ett_bgp_ssa);
2304 proto_tree_add_item(subtree3, hf_bgp_ssa_t, tvb,
2306 proto_tree_add_item_hidden(subtree3, hf_bgp_ssa_type, tvb,
2308 proto_tree_add_text(subtree3, tvb, q, 2,
2309 "Type: %s", val_to_str(ssa_type, bgp_ssa_type, "Unknown"));
2310 if ((ssa_len == 0) || (q + ssa_len > end)) {
2311 proto_tree_add_text(subtree3, tvb, q + 2, end - q - 2,
2312 "Invalid Length of %u", ssa_len);
2315 proto_tree_add_item(subtree3, hf_bgp_ssa_len, tvb,
2319 case BGP_SSA_L2TPv3:
2320 proto_tree_add_item(subtree3, hf_bgp_ssa_l2tpv3_pref, tvb,
2323 ti = proto_tree_add_text(subtree3, tvb, q + 6, 1, "Flags");
2324 subtree4 = proto_item_add_subtree(ti, ett_bgp_ssa_subtree) ;
2325 proto_tree_add_item(subtree4, hf_bgp_ssa_l2tpv3_s, tvb,
2327 proto_tree_add_item(subtree4, hf_bgp_ssa_l2tpv3_unused, tvb,
2330 ssa_v3_len = tvb_get_guint8(tvb, q + 7);
2331 if (ssa_v3_len + 8 == ssa_len){
2332 proto_tree_add_item(subtree3, hf_bgp_ssa_l2tpv3_cookie_len, tvb,
2335 proto_tree_add_text(subtree3, tvb, q + 7, 1,
2336 "Invalid Cookie Length of %u", ssa_v3_len);
2339 proto_tree_add_item(subtree3, hf_bgp_ssa_l2tpv3_session_id, tvb,
2342 proto_tree_add_item(subtree3, hf_bgp_ssa_l2tpv3_cookie, tvb,
2343 q + 12, ssa_v3_len, FALSE);
2349 proto_tree_add_item(subtree3, hf_bgp_ssa_value, tvb,
2350 q + 4, ssa_len, FALSE);
2353 q = q + ssa_len + 4; /* 4 from type and length */
2358 proto_tree_add_text(subtree2, tvb, o + i + aoff, tlen,
2359 "Unknown (%d %s)", tlen, (tlen == 1) ? "byte" :
2362 } /* end of second switch */
2372 /* parse prefixes */
2374 ti = proto_tree_add_text(tree, tvb, o, len,
2375 "Network layer reachability information: %u %s", len,
2376 (len == 1) ? "byte" : "bytes");
2377 subtree = proto_item_add_subtree(ti, ett_bgp_nlri);
2380 i = decode_prefix4(subtree, hf_bgp_nlri_prefix, tvb, o, 0,
2391 * Dissect a BGP NOTIFICATION message.
2394 dissect_bgp_notification(tvbuff_t *tvb, proto_tree *tree)
2396 struct bgp_notification bgpn; /* BGP NOTIFICATION message */
2397 int hlen; /* message length */
2398 const char *p; /* string pointer */
2401 tvb_memcpy(tvb, bgpn.bgpn_marker, 0, BGP_MIN_NOTIFICATION_MSG_SIZE);
2402 hlen = g_ntohs(bgpn.bgpn_len);
2404 /* print error code */
2405 proto_tree_add_text(tree, tvb,
2406 offsetof(struct bgp_notification, bgpn_major), 1,
2407 "Error code: %s (%u)",
2408 val_to_str(bgpn.bgpn_major, bgpnotify_major, "Unknown"),
2411 /* print error subcode */
2412 if (bgpn.bgpn_major < array_length(bgpnotify_minor)
2413 && bgpnotify_minor[bgpn.bgpn_major] != NULL) {
2414 p = val_to_str(bgpn.bgpn_minor, bgpnotify_minor[bgpn.bgpn_major],
2416 } else if (bgpn.bgpn_minor == 0)
2420 proto_tree_add_text(tree, tvb,
2421 offsetof(struct bgp_notification, bgpn_minor), 1,
2422 "Error subcode: %s (%u)", p, bgpn.bgpn_minor);
2424 /* only print if there is optional data */
2425 if (hlen > BGP_MIN_NOTIFICATION_MSG_SIZE) {
2426 proto_tree_add_text(tree, tvb, BGP_MIN_NOTIFICATION_MSG_SIZE,
2427 hlen - BGP_MIN_NOTIFICATION_MSG_SIZE, "Data");
2432 * Dissect a BGP ROUTE-REFRESH message.
2435 dissect_bgp_route_refresh(tvbuff_t *tvb, proto_tree *tree)
2437 guint16 i; /* tmp */
2438 int p; /* tvb offset counter */
2439 int pend; /* end of list of entries for one orf type */
2440 guint16 hlen; /* tvb RR msg length */
2441 proto_item *ti; /* tree item */
2442 proto_item *ti1; /* tree item */
2443 proto_tree *subtree; /* tree for orf */
2444 proto_tree *subtree1; /* tree for orf entry */
2445 guint8 orftype; /* ORF Type */
2446 guint8 orfwhen; /* ORF flag: immediate, defer */
2447 guint16 orflen; /* ORF len */
2448 guint8 entryflag; /* ORF Entry flag: action(add,del,delall) match(permit,deny) */
2449 guint32 entryseq; /* ORF Entry sequence number */
2450 int entrylen; /* ORF Entry length */
2451 guint8 pfx_ge; /* ORF PrefixList mask lower bound */
2452 guint8 pfx_le; /* ORF PrefixList mask upper bound */
2453 int advance; /* tmp */
2459 00 01 00 01 afi,safi= ipv4-unicast
2460 02 80 00 01 defer, prefix-orf, len=1
2464 00 01 00 01 afi,saif= ipv4-unicast
2465 01 80 00 0a immediate, prefix-orf, len=10
2467 00 00 00 05 seqno = 5
2470 10 07 02 prefix = 7.2.0.0/16
2472 hlen = tvb_get_ntohs(tvb, BGP_MARKER_SIZE);
2473 p = BGP_HEADER_SIZE;
2475 i = tvb_get_ntohs(tvb, p);
2476 proto_tree_add_text(tree, tvb, p, 2,
2477 "Address family identifier: %s (%u)",
2478 val_to_str(i, afn_vals, "Unknown"), i);
2481 proto_tree_add_text(tree, tvb, p, 1,
2482 "Reserved: 1 byte");
2485 i = tvb_get_guint8(tvb, p);
2486 proto_tree_add_text(tree, tvb, p, 1,
2487 "Subsequent address family identifier: %s (%u)",
2488 val_to_str(i, bgpattr_nlri_safi,
2489 i >= 128 ? "Vendor specific" : "Unknown"),
2492 if ( hlen == BGP_HEADER_SIZE + 4 )
2496 orfwhen = tvb_get_guint8(tvb, p);
2497 orftype = tvb_get_guint8(tvb, p+1);
2498 orflen = tvb_get_ntohs(tvb, p+2);
2499 ti = proto_tree_add_text(tree, tvb, p , orflen + 4 , "ORF information (%u bytes)", orflen + 4);
2500 subtree = proto_item_add_subtree(ti, ett_bgp_orf);
2501 proto_tree_add_text(subtree, tvb, p , 1, "ORF flag: %s", val_to_str(orfwhen, orf_when_vals,"UNKNOWN"));
2502 proto_tree_add_text(subtree, tvb, p+1 , 1, "ORF type: %s", val_to_str(orftype, orf_type_vals,"UNKNOWN"));
2503 proto_tree_add_text(subtree, tvb, p+2 , 2, "ORF len: %u %s", orflen, (orflen == 1) ? "byte" : "bytes");
2506 if (orftype != BGP_ORF_PREFIX_CISCO) {
2507 proto_tree_add_text(subtree, tvb, p, orflen,
2508 "ORFEntry-Unknown (%u bytes)", orflen);
2514 entryflag = tvb_get_guint8(tvb, p);
2515 if ((entryflag & BGP_ORF_ACTION) == BGP_ORF_REMOVEALL) {
2516 ti1 = proto_tree_add_text(subtree, tvb, p, 1,
2517 "ORFEntry-PrefixList (1 byte)");
2518 subtree1 = proto_item_add_subtree(ti1, ett_bgp_orf_entry);
2519 proto_tree_add_text(subtree1, tvb, p , 1, "RemoveAll");
2522 ti1 = proto_tree_add_text(subtree, tvb, p, -1,
2523 "ORFEntry-PrefixList");
2524 subtree1 = proto_item_add_subtree(ti1, ett_bgp_orf_entry);
2525 proto_tree_add_text(subtree1, tvb, p, 1,
2526 "ACTION: %s MATCH: %s",
2527 val_to_str(entryflag&BGP_ORF_ACTION,
2528 orf_entry_action_vals, "UNKNOWN"),
2529 val_to_str(entryflag&BGP_ORF_MATCH,
2530 orf_entry_match_vals, "UNKNOWN"));
2532 entryseq = tvb_get_ntohl(tvb, p);
2533 proto_tree_add_text(subtree1, tvb, p, 4,
2534 "Entry Sequence No: %u", entryseq);
2536 pfx_ge = tvb_get_guint8(tvb, p);
2537 proto_tree_add_text(subtree1, tvb, p, 1,
2538 "PrefixMask length lower bound: %u", pfx_ge);
2540 pfx_le = tvb_get_guint8(tvb, p);
2541 proto_tree_add_text(subtree1, tvb, p, 1,
2542 "PrefixMask length upper bound: %u", pfx_le);
2545 advance = decode_prefix4(subtree1, -1, tvb, p, 0, "ORF");
2548 entrylen = 7 + 1 + advance;
2550 proto_item_append_text(ti1, " (%u bytes)", entrylen);
2551 proto_item_set_len(ti1, entrylen);
2559 * Dissect a BGP CAPABILITY message.
2562 dissect_bgp_capability(tvbuff_t *tvb, proto_tree *tree)
2566 proto_tree *subtree;
2572 mend = offset + tvb_get_ntohs(tvb, offset + BGP_MARKER_SIZE);
2573 offset += BGP_HEADER_SIZE;
2574 /* step through all of the capabilities */
2575 while (offset < mend) {
2576 action = tvb_get_guint8(tvb, offset++);
2577 ctype = tvb_get_guint8(tvb, offset++);
2578 clen = tvb_get_guint8(tvb, offset++);
2580 ti = proto_tree_add_text(tree, tvb, offset - 2, 2 + clen,
2581 "%s (%u %s)", val_to_str(ctype, capability_vals,
2582 "Unknown capability"), 2 + clen, (clen == 1) ? "byte" : "bytes");
2583 subtree = proto_item_add_subtree(ti, ett_bgp_option);
2584 proto_tree_add_text(subtree, tvb, offset-2, 1, "Action: %d (%s)",
2585 action, val_to_str(action, bgpcap_action, "Invalid action value"));
2586 dissect_bgp_capability_item(tvb, &offset, subtree, ctype, clen);
2591 dissect_bgp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2594 guint16 bgp_len; /* Message length */
2595 guint8 bgp_type; /* Message type */
2596 const char *typ; /* Message type (string) */
2597 proto_item *ti; /* tree item */
2598 proto_tree *bgp_tree; /* BGP packet tree */
2599 proto_tree *bgp1_tree; /* BGP message tree */
2601 bgp_len = tvb_get_ntohs(tvb, BGP_MARKER_SIZE);
2602 bgp_type = tvb_get_guint8(tvb, BGP_MARKER_SIZE + 2);
2603 typ = val_to_str(bgp_type, bgptypevals, "Unknown message type (0x%02x)");
2605 if (check_col(pinfo->cinfo, COL_INFO)) {
2607 col_add_fstr(pinfo->cinfo, COL_INFO, "%s", typ);
2609 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", typ);
2613 ti = proto_tree_add_item(tree, proto_bgp, tvb, 0, -1, FALSE);
2614 bgp_tree = proto_item_add_subtree(ti, ett_bgp);
2616 ti = proto_tree_add_text(bgp_tree, tvb, 0, -1, "%s", typ);
2618 /* add a different tree for each message type */
2621 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_open);
2624 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_update);
2626 case BGP_NOTIFICATION:
2627 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_notification);
2630 bgp1_tree = proto_item_add_subtree(ti, ett_bgp);
2632 case BGP_ROUTE_REFRESH_CISCO:
2633 case BGP_ROUTE_REFRESH:
2634 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_route_refresh);
2636 case BGP_CAPABILITY:
2637 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_capability);
2640 bgp1_tree = proto_item_add_subtree(ti, ett_bgp);
2644 proto_tree_add_text(bgp1_tree, tvb, 0, BGP_MARKER_SIZE,
2645 "Marker: 16 bytes");
2647 if (bgp_len < BGP_HEADER_SIZE || bgp_len > BGP_MAX_PACKET_SIZE) {
2648 proto_tree_add_text(bgp1_tree, tvb, BGP_MARKER_SIZE, 2,
2649 "Length (invalid): %u %s", bgp_len,
2650 (bgp_len == 1) ? "byte" : "bytes");
2653 proto_tree_add_text(bgp1_tree, tvb, BGP_MARKER_SIZE, 2,
2654 "Length: %u %s", bgp_len,
2655 (bgp_len == 1) ? "byte" : "bytes");
2658 proto_tree_add_uint(bgp1_tree, hf_bgp_type, tvb,
2659 BGP_MARKER_SIZE + 2, 1,
2664 dissect_bgp_open(tvb, bgp1_tree);
2667 dissect_bgp_update(tvb, bgp1_tree);
2669 case BGP_NOTIFICATION:
2670 dissect_bgp_notification(tvb, bgp1_tree);
2673 /* no data in KEEPALIVE messages */
2675 case BGP_ROUTE_REFRESH_CISCO:
2676 case BGP_ROUTE_REFRESH:
2677 dissect_bgp_route_refresh(tvb, bgp1_tree);
2679 case BGP_CAPABILITY:
2680 dissect_bgp_capability(tvb, bgp1_tree);
2689 * Dissect a BGP packet.
2692 dissect_bgp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2694 volatile int offset = 0; /* offset into the tvbuff */
2695 gint reported_length_remaining;
2696 guint8 bgp_marker[BGP_MARKER_SIZE]; /* Marker (should be all ones */
2697 static guchar marker[] = { /* BGP message marker */
2698 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2699 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2701 proto_item *ti; /* tree item */
2702 proto_tree *bgp_tree; /* BGP packet tree */
2703 guint16 bgp_len; /* Message length */
2705 guint length_remaining;
2707 volatile gboolean first = TRUE; /* TRUE for the first BGP message in packet */
2710 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2711 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BGP");
2712 if (check_col(pinfo->cinfo, COL_INFO))
2713 col_clear(pinfo->cinfo, COL_INFO);
2716 * Scan through the TCP payload looking for a BGP marker.
2718 while ((reported_length_remaining = tvb_reported_length_remaining(tvb, offset))
2721 * "reported_length_remaining" is the number of bytes of TCP payload
2722 * remaining. If it's more than the length of a BGP marker,
2723 * we check only the number of bytes in a BGP marker.
2725 if (reported_length_remaining > BGP_MARKER_SIZE)
2726 reported_length_remaining = BGP_MARKER_SIZE;
2729 * OK, is there a BGP marker starting at the specified offset -
2730 * or, at least, the beginning of a BGP marker running to the end
2731 * of the TCP payload?
2733 * This will throw an exception if the frame is short; that's what
2736 tvb_memcpy(tvb, bgp_marker, offset, reported_length_remaining);
2737 if (memcmp(bgp_marker, marker, reported_length_remaining) == 0) {
2739 * Yes - stop scanning and start processing BGP packets.
2745 * No - keep scanning through the tvbuff to try to find a marker.
2751 * If we skipped any bytes, mark it as a BGP continuation.
2754 ti = proto_tree_add_item(tree, proto_bgp, tvb, 0, -1, FALSE);
2755 bgp_tree = proto_item_add_subtree(ti, ett_bgp);
2757 proto_tree_add_text(bgp_tree, tvb, 0, offset, "Continuation");
2761 * Now process the BGP packets in the TCP payload.
2763 * XXX - perhaps "tcp_dissect_pdus()" should take a starting
2764 * offset, in which case we can replace the loop below with
2765 * a call to "tcp_dissect_pdus()".
2767 while (tvb_reported_length_remaining(tvb, offset) != 0) {
2769 * This will throw an exception if we don't have any data left.
2770 * That's what we want. (See "tcp_dissect_pdus()", which is
2773 length_remaining = tvb_ensure_length_remaining(tvb, offset);
2776 * Can we do reassembly?
2778 if (bgp_desegment && pinfo->can_desegment) {
2780 * Yes - would a BGP header starting at this offset be split
2781 * across segment boundaries?
2783 if (length_remaining < BGP_HEADER_SIZE) {
2785 * Yes. Tell the TCP dissector where the data for this
2786 * message starts in the data it handed us, and how many
2787 * more bytes we need, and return.
2789 pinfo->desegment_offset = offset;
2790 pinfo->desegment_len = BGP_HEADER_SIZE - length_remaining;
2796 * Get the length and type from the BGP header.
2798 bgp_len = tvb_get_ntohs(tvb, offset + BGP_MARKER_SIZE);
2799 if (bgp_len < BGP_HEADER_SIZE) {
2801 * The BGP length doesn't include the BGP header; report that
2804 show_reported_bounds_error(tvb, pinfo, tree);
2809 * Can we do reassembly?
2811 if (bgp_desegment && pinfo->can_desegment) {
2813 * Yes - is the PDU split across segment boundaries?
2815 if (length_remaining < bgp_len) {
2817 * Yes. Tell the TCP dissector where the data for this
2818 * message starts in the data it handed us, and how many
2819 * more bytes we need, and return.
2821 pinfo->desegment_offset = offset;
2822 pinfo->desegment_len = bgp_len - length_remaining;
2828 * Construct a tvbuff containing the amount of the payload we have
2829 * available. Make its reported length the amount of data in the PDU.
2831 * XXX - if reassembly isn't enabled. the subdissector will throw a
2832 * BoundsError exception, rather than a ReportedBoundsError exception.
2833 * We really want a tvbuff where the length is "length", the reported
2834 * length is "plen", and the "if the snapshot length were infinite"
2835 * length is the minimum of the reported length of the tvbuff handed
2836 * to us and "plen", with a new type of exception thrown if the offset
2837 * is within the reported length but beyond that third length, with
2838 * that exception getting the "Unreassembled Packet" error.
2840 length = length_remaining;
2841 if (length > bgp_len)
2843 next_tvb = tvb_new_subset(tvb, offset, length, bgp_len);
2848 * Catch the ReportedBoundsError exception; if this particular message
2849 * happens to get a ReportedBoundsError exception, that doesn't mean
2850 * that we should stop dissecting PDUs within this frame or chunk of
2853 * If it gets a BoundsError, we can stop, as there's nothing more to
2854 * see, so we just re-throw it.
2857 dissect_bgp_pdu(next_tvb, pinfo, tree, first);
2859 CATCH(BoundsError) {
2862 CATCH(ReportedBoundsError) {
2863 show_reported_bounds_error(tvb, pinfo, tree);
2870 * Step to the next PDU.
2871 * Make sure we don't overflow.
2873 offset_before = offset;
2875 if (offset <= offset_before)
2881 * Register ourselves.
2884 proto_register_bgp(void)
2887 static hf_register_info hf[] = {
2889 { "Type", "bgp.type", FT_UINT8, BASE_DEC,
2890 VALS(bgptypevals), 0x0, "BGP message type", HFILL }},
2891 { &hf_bgp_aggregator_as,
2892 { "Aggregator AS", "bgp.aggregator_as", FT_UINT16, BASE_DEC,
2893 NULL, 0x0, "", HFILL}},
2894 { &hf_bgp_aggregator_origin,
2895 { "Aggregator origin", "bgp.aggregator_origin", FT_IPv4, BASE_NONE,
2896 NULL, 0x0, "", HFILL}},
2898 { "AS Path", "bgp.as_path", FT_UINT16, BASE_DEC,
2899 NULL, 0x0, "", HFILL}},
2900 { &hf_bgp_cluster_identifier,
2901 { "Cluster identifier", "bgp.cluster_identifier", FT_IPv4, BASE_NONE,
2902 NULL, 0x0, "", HFILL}},
2903 { &hf_bgp_community_as,
2904 { "Community AS", "bgp.community_as", FT_UINT16, BASE_DEC,
2905 NULL, 0x0, "", HFILL}},
2906 { &hf_bgp_community_value,
2907 { "Community value", "bgp.community_value", FT_UINT16, BASE_DEC,
2908 NULL, 0x0, "", HFILL}},
2909 { &hf_bgp_local_pref,
2910 { "Local preference", "bgp.local_pref", FT_UINT32, BASE_DEC,
2911 NULL, 0x0, "", HFILL}},
2912 { &hf_bgp_mp_reach_nlri_ipv4_prefix,
2913 { "MP Reach NLRI IPv4 prefix", "bgp.mp_reach_nlri_ipv4_prefix", FT_IPv4, BASE_NONE,
2914 NULL, 0x0, "", HFILL}},
2915 { &hf_bgp_mp_unreach_nlri_ipv4_prefix,
2916 { "MP Unreach NLRI IPv4 prefix", "bgp.mp_unreach_nlri_ipv4_prefix", FT_IPv4, BASE_NONE,
2917 NULL, 0x0, "", HFILL}},
2918 { &hf_bgp_mp_nlri_tnl_id,
2919 { "MP Reach NLRI Tunnel Identifier", "bgp.mp_nlri_tnl_id", FT_UINT16, BASE_HEX,
2920 NULL, 0x0, "", HFILL}},
2921 { &hf_bgp_multi_exit_disc,
2922 { "Multiple exit discriminator", "bgp.multi_exit_disc", FT_UINT32, BASE_DEC,
2923 NULL, 0x0, "", HFILL}},
2925 { "Next hop", "bgp.next_hop", FT_IPv4, BASE_NONE,
2926 NULL, 0x0, "", HFILL}},
2927 { &hf_bgp_nlri_prefix,
2928 { "NLRI prefix", "bgp.nlri_prefix", FT_IPv4, BASE_NONE,
2929 NULL, 0x0, "", HFILL}},
2931 { "Origin", "bgp.origin", FT_UINT8, BASE_DEC,
2932 VALS(bgpattr_origin), 0x0, "", HFILL}},
2933 { &hf_bgp_originator_id,
2934 { "Originator identifier", "bgp.originator_id", FT_IPv4, BASE_NONE,
2935 NULL, 0x0, "", HFILL}},
2937 { "Transitive bit", "bgp.ssa_t", FT_BOOLEAN, 8,
2938 NULL, 0x80, "SSA Transitive bit", HFILL}},
2940 { "SSA Type", "bgp.ssa_type", FT_UINT16, BASE_DEC,
2941 VALS(bgp_ssa_type), 0x7FFF, "SSA Type", HFILL}},
2943 { "Length", "bgp.ssa_len", FT_UINT16, BASE_DEC,
2944 NULL, 0x0, "SSA Length", HFILL}},
2945 { &hf_bgp_ssa_value,
2946 { "Value", "bgp.ssa_value", FT_BYTES, BASE_HEX,
2947 NULL, 0x0, "SSA Value", HFILL}},
2948 { &hf_bgp_ssa_l2tpv3_pref,
2949 { "Preference", "bgp.ssa_l2tpv3_pref", FT_UINT16, BASE_DEC,
2950 NULL, 0x0, "Preference", HFILL}},
2951 { &hf_bgp_ssa_l2tpv3_s,
2952 { "Sequencing bit", "bgp.ssa_l2tpv3_s", FT_BOOLEAN, 8,
2953 NULL, 0x80, "Sequencing S-bit", HFILL}},
2954 { &hf_bgp_ssa_l2tpv3_unused,
2955 { "Unused", "bgp.ssa_l2tpv3_Unused", FT_BOOLEAN, 8,
2956 NULL, 0x7F, "Unused Flags", HFILL}},
2957 { &hf_bgp_ssa_l2tpv3_cookie_len,
2958 { "Cookie Length", "bgp.ssa_l2tpv3_cookie_len", FT_UINT8, BASE_DEC,
2959 NULL, 0x0, "Cookie Length", HFILL}},
2960 { &hf_bgp_ssa_l2tpv3_session_id,
2961 { "Session ID", "bgp.ssa_l2tpv3_session_id", FT_UINT32, BASE_DEC,
2962 NULL, 0x0, "Session ID", HFILL}},
2963 { &hf_bgp_ssa_l2tpv3_cookie,
2964 { "Cookie", "bgp.ssa_l2tpv3_cookie", FT_BYTES, BASE_HEX,
2965 NULL, 0x0, "Cookie", HFILL}},
2966 { &hf_bgp_withdrawn_prefix,
2967 { "Withdrawn prefix", "bgp.withdrawn_prefix", FT_IPv4, BASE_NONE,
2968 NULL, 0x0, "", HFILL}},
2969 { &hf_bgp_cluster_list,
2970 { "Cluster List", "bgp.cluster_list", FT_BYTES, BASE_HEX,
2971 NULL, 0x0, "", HFILL}},
2974 static gint *ett[] = {
2980 &ett_bgp_attr_flags,
2982 &ett_bgp_mp_reach_nlri,
2983 &ett_bgp_mp_unreach_nlri,
2988 &ett_bgp_notification,
2989 &ett_bgp_route_refresh,
2990 &ett_bgp_capability,
2992 &ett_bgp_as_path_segments,
2993 &ett_bgp_communities,
2994 &ett_bgp_cluster_list,
2997 &ett_bgp_extended_communities,
2999 &ett_bgp_ssa_subtree,
3003 module_t *bgp_module;
3004 static enum_val_t asn_len[] = {
3005 {"auto-detect", "Auto-detect", 0},
3006 {"2", "2 octet", 2},
3007 {"4", "4 octet", 4},
3011 proto_bgp = proto_register_protocol("Border Gateway Protocol",
3013 proto_register_field_array(proto_bgp, hf, array_length(hf));
3014 proto_register_subtree_array(ett, array_length(ett));
3016 bgp_module = prefs_register_protocol(proto_bgp, NULL);
3017 prefs_register_bool_preference(bgp_module, "desegment",
3018 "Reassemble BGP messages spanning multiple TCP segments",
3019 "Whether the BGP dissector should reassemble messages spanning multiple TCP segments."
3020 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3022 prefs_register_enum_preference(bgp_module, "asn_len",
3023 "Length of the AS number",
3024 "BGP dissector detect the length of the AS number in AS_PATH attributes automatically or manually (NOTE: Automatic detection is not 100% accurate)",
3025 &bgp_asn_len, asn_len, FALSE);
3029 proto_reg_handoff_bgp(void)
3031 dissector_handle_t bgp_handle;
3033 bgp_handle = create_dissector_handle(dissect_bgp, proto_bgp);
3034 dissector_add("tcp.port", BGP_TCP_PORT, bgp_handle);