2 * Routines for BGP packet dissection.
3 * Copyright 1999, Jun-ichiro itojun Hagino <itojun@itojun.org>
5 * $Id: packet-bgp.c,v 1.43 2001/07/03 02:49:38 guy Exp $
8 * RFC1771 A Border Gateway Protocol 4 (BGP-4)
9 * RFC1965 Autonomous System Confederations for BGP
10 * RFC1997 BGP Communities Attribute
11 * RFC2796 BGP Route Reflection An alternative to full mesh IBGP
12 * RFC2842 Capabilities Advertisement with BGP-4
13 * RFC2858 Multiprotocol Extensions for BGP-4
14 * RFC2918 Route Refresh Capability for BGP-4
15 * Draft Ramahandra on Extended Communities Extentions
18 * Destination Preference Attribute for BGP (work in progress)
19 * RFC1863 A BGP/IDRP Route Server alternative to a full mesh routing
21 * Ethereal - Network traffic analyzer
22 * By Gerald Combs <gerald@ethereal.com>
23 * Copyright 1998 Gerald Combs
25 * This program is free software; you can redistribute it and/or
26 * modify it under the terms of the GNU General Public License
27 * as published by the Free Software Foundation; either version 2
28 * of the License, or (at your option) any later version.
30 * This program is distributed in the hope that it will be useful,
31 * but WITHOUT ANY WARRANTY; without even the implied warranty of
32 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
33 * GNU General Public License for more details.
35 * You should have received a copy of the GNU General Public License
36 * along with this program; if not, write to the Free Software
37 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
47 #ifdef HAVE_SYS_TYPES_H
48 # include <sys/types.h>
51 #ifdef HAVE_NETINET_IN_H
52 # include <netinet/in.h>
55 #ifdef HAVE_ARPA_INET_H
56 #include <arpa/inet.h>
62 #ifdef NEED_SNPRINTF_H
63 # include "snprintf.h"
67 #include "packet-bgp.h"
68 #include "packet-ipv6.h"
70 static const value_string bgptypevals[] = {
71 { BGP_OPEN, "OPEN Message" },
72 { BGP_UPDATE, "UPDATE Message" },
73 { BGP_NOTIFICATION, "NOTIFICATION Message" },
74 { BGP_KEEPALIVE, "KEEPALIVE Message" },
75 { BGP_ROUTE_REFRESH, "ROUTE-REFRESH Message" },
76 { BGP_ROUTE_REFRESH_CISCO, "Cisco ROUTE-REFRESH Message" },
80 static const value_string bgpnotify_major[] = {
81 { 1, "Message Header Error" },
82 { 2, "OPEN Message Error" },
83 { 3, "UPDATE Message Error" },
84 { 4, "Hold Timer Expired" },
85 { 5, "Finite State Machine Error" },
90 static const value_string bgpnotify_minor_1[] = {
91 { 1, "Connection Not Synchronized" },
92 { 2, "Bad Message Length" },
93 { 3, "Bad Message Type" },
97 static const value_string bgpnotify_minor_2[] = {
98 { 1, "Unsupported Version Number" },
100 { 3, "Bad BGP Identifier" },
101 { 4, "Unsupported Optional Parameter" },
102 { 5, "Authentication Failure" },
103 { 6, "Unacceptable Hold Time" },
104 { 7, "Unsupported Capability" },
108 static const value_string bgpnotify_minor_3[] = {
109 { 1, "Malformed Attribute List" },
110 { 2, "Unrecognized Well-known Attribute" },
111 { 3, "Missing Well-known Attribute" },
112 { 4, "Attribute Flags Error" },
113 { 5, "Attribute Length Error" },
114 { 6, "Invalid ORIGIN Attribute" },
115 { 7, "AS Routing Loop" },
116 { 8, "Invalid NEXT_HOP Attribute" },
117 { 9, "Optional Attribute Error" },
118 { 10, "Invalid Network Field" },
119 { 11, "Malformed AS_PATH" },
123 static const value_string *bgpnotify_minor[] = {
124 NULL, bgpnotify_minor_1, bgpnotify_minor_2, bgpnotify_minor_3,
127 static const value_string bgpattr_origin[] = {
134 static const value_string as_segment_type[] = {
136 { 2, "AS_SEQUENCE" },
137 /* RFC1965 has the wrong values, corrected in */
138 /* draft-ietf-idr-bgp-confed-rfc1965bis-01.txt */
139 { 4, "AS_CONFED_SET" },
140 { 3, "AS_CONFED_SEQUENCE" },
144 static const value_string bgpattr_type[] = {
145 { BGPTYPE_ORIGIN, "ORIGIN" },
146 { BGPTYPE_AS_PATH, "AS_PATH" },
147 { BGPTYPE_NEXT_HOP, "NEXT_HOP" },
148 { BGPTYPE_MULTI_EXIT_DISC, "MULTI_EXIT_DISC" },
149 { BGPTYPE_LOCAL_PREF, "LOCAL_PREF" },
150 { BGPTYPE_ATOMIC_AGGREGATE, "ATOMIC_AGGREGATE" },
151 { BGPTYPE_AGGREGATOR, "AGGREGATOR" },
152 { BGPTYPE_COMMUNITIES, "COMMUNITIES" },
153 { BGPTYPE_ORIGINATOR_ID, "ORIGINATOR_ID" },
154 { BGPTYPE_CLUSTER_LIST, "CLUSTER_LIST" },
155 { BGPTYPE_MP_REACH_NLRI, "MP_REACH_NLRI" },
156 { BGPTYPE_MP_UNREACH_NLRI, "MP_UNREACH_NLRI" },
157 { BGPTYPE_EXTENDED_COMMUNITY, "EXTENDED_COMMUNITIES" },
161 /* Beware : See also MAX_SIZE_OF_EXT_COM_NAMES */
162 static const value_string bgpext_com_type[] = {
163 { BGP_EXT_COM_RT_0, "Route Target" },
164 { BGP_EXT_COM_RT_1, "Route Target" },
165 { BGP_EXT_COM_RO_0, "Route Origin" },
166 { BGP_EXT_COM_RO_1, "Route Origin" },
170 /* MUST be resized if a longer named extended community is added */
171 #define MAX_SIZE_OF_EXT_COM_NAMES 20
173 static const value_string afnumber[] = {
175 { AFNUM_INET, "IPv4" },
176 { AFNUM_INET6, "IPv6" },
177 { AFNUM_NSAP, "NSAP" },
178 { AFNUM_HDLC, "HDLC" },
179 { AFNUM_BBN1822, "BBN 1822" },
180 { AFNUM_802, "802" },
181 { AFNUM_E163, "E.163" },
182 { AFNUM_E164, "E.164" },
183 { AFNUM_F69, "F.69" },
184 { AFNUM_X121, "X.121" },
185 { AFNUM_IPX, "IPX" },
186 { AFNUM_ATALK, "Appletalk" },
187 { AFNUM_DECNET, "Decnet IV" },
188 { AFNUM_BANYAN, "Banyan Vines" },
189 { AFNUM_E164NSAP, "E.164 with NSAP subaddress" },
190 { 65535, "Reserved" },
194 /* Subsequent address family identifier, RFC2858 */
195 static const value_string bgpattr_nlri_safi[] = {
197 { SAFNUM_UNICAST, "Unicast" },
198 { SAFNUM_MULCAST, "Multicast" },
199 { SAFNUM_UNIMULC, "Unicast+Multicast" },
200 { SAFNUM_LBVPNIP, "Labeled VPN-IPv4" }, /* draft-rosen-rfc2547bis-03 */
204 /* Maximal size of an IP address string */
205 #define MAX_SIZE_OF_IP_ADDR_STRING 16
207 static int proto_bgp = -1;
208 static int hf_bgp_type = -1;
210 static gint ett_bgp = -1;
211 static gint ett_bgp_unfeas = -1;
212 static gint ett_bgp_attrs = -1;
213 static gint ett_bgp_attr = -1;
214 static gint ett_bgp_attr_flags = -1;
215 static gint ett_bgp_mp_nhna = -1;
216 static gint ett_bgp_mp_reach_nlri = -1;
217 static gint ett_bgp_mp_unreach_nlri = -1;
218 static gint ett_bgp_mp_snpa = -1;
219 static gint ett_bgp_nlri = -1;
220 static gint ett_bgp_open = -1;
221 static gint ett_bgp_update = -1;
222 static gint ett_bgp_notification = -1;
223 static gint ett_bgp_route_refresh = -1; /* ROUTE-REFRESH message tree */
224 static gint ett_bgp_as_paths = -1;
225 static gint ett_bgp_communities = -1;
226 static gint ett_bgp_cluster_list = -1; /* cluster list tree */
227 static gint ett_bgp_options = -1; /* optional parameters tree */
228 static gint ett_bgp_option = -1; /* an optional parameter tree */
229 static gint ett_bgp_extended_communities = -1 ; /* extended communities list tree */
231 * Decode an IPv4 prefix.
234 decode_prefix4(tvbuff_t *tvb, gint offset, char *buf, int buflen)
236 guint8 addr[4]; /* IP address */
237 int plen; /* prefix length */
238 int length; /* number of octets needed for prefix */
241 plen = tvb_get_guint8(tvb, offset);
242 if (plen < 0 || 32 < plen)
244 length = (plen + 7) / 8;
247 memset(addr, 0, sizeof(addr));
248 tvb_memcpy(tvb, addr, offset + 1, length);
250 addr[length - 1] &= ((0xff00 >> (plen % 8)) & 0xff);
252 /* hand back a formatted string */
253 snprintf(buf, buflen, "%s/%d", ip_to_str(addr), plen);
258 * Decode an IPv6 prefix.
261 decode_prefix6(tvbuff_t *tvb, gint offset, char *buf, int buflen)
263 struct e_in6_addr addr; /* IPv6 address */
264 int plen; /* prefix length */
265 int length; /* number of octets needed for prefix */
268 plen = tvb_get_guint8(tvb, offset);
269 if (plen < 0 || 128 < plen)
271 length = (plen + 7) / 8;
274 memset(&addr, 0, sizeof(addr));
275 tvb_memcpy(tvb, (guint8 *)&addr, offset + 1, length);
277 addr.s6_addr[length - 1] &= ((0xff00 >> (plen % 8)) & 0xff);
279 /* hand back a formatted string */
280 snprintf(buf, buflen, "%s/%d", ip6_to_str(&addr), plen);
285 * Decode an MPLS label stack
288 decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, int buflen)
290 guint32 label_entry; /* an MPLS label enrty (label + COS field + stack bit */
291 gint index; /* index for the label stack */
294 label_entry = 0x000000 ;
298 while ((label_entry && 0x000001) == 0) {
300 label_entry = tvb_get_ntoh24(tvb, index) ;
301 snprintf(buf, buflen,"%s%u%s", buf, (label_entry >> 4), ((label_entry && 0x000001) == 0) ? "," : " (bottom)");
305 return((index - offset) / 3);
309 * Decode a multiprotocol address
313 mp_addr_to_str (guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, int buflen)
315 int length; /* length of the address in byte */
316 guint8 ip4addr[4],ip4addr2[4]; /* IPv4 address */
317 guint16 rd_type; /* Route Distinguisher type */
318 struct e_in6_addr ip6addr; /* IPv6 address */
328 tvb_memcpy(tvb, ip4addr, offset, 4);
329 snprintf(buf, buflen, "%s", ip_to_str(ip4addr));
332 rd_type=tvb_get_ntohs(tvb,offset) ;
336 tvb_memcpy(tvb, ip4addr, offset + 8, 4);
337 snprintf(buf, buflen, "Empty Label Stack RD=%u:%u IP=%s",
338 tvb_get_ntohs(tvb, offset + 2),
339 tvb_get_ntohl(tvb, offset + 4),
344 tvb_memcpy(tvb, ip4addr, offset + 2, 4); /* IP part of the RD */
345 tvb_memcpy(tvb, ip4addr2, offset +6, 4); /* IP address of the VPN-IPv4 */
346 snprintf(buf, buflen, "Empty Label Stack RD=%s:%u IP=%s",
348 tvb_get_ntohs(tvb, offset + 6),
349 ip_to_str(ip4addr2));
353 snprintf(buf, buflen, "Unknown labeled VPN-IPv4 address format");
359 snprintf(buf, buflen, "Unknown SAFI value for AFI %u", afi);
365 tvb_memcpy(tvb, ip6addr.u6_addr.u6_addr8,offset, sizeof(ip6addr));
366 snprintf(buf, buflen, "%s", ip6_to_str(&ip6addr));
370 snprintf(buf, buflen, "Unknown AFI value");
377 * Decode a multiprotocol prefix
380 decode_prefix_MP(guint16 afi, guint8 safi, tvbuff_t *tvb, gint offset, char *buf, int buflen)
382 int length; /* length of the prefix in byte */
383 int plen; /* length of the prefix in bit */
384 int labnum; /* number of labels */
385 guint8 ip4addr[4],ip4addr2[4]; /* IPv4 address */
386 guint16 rd_type; /* Route Distinguisher type */
387 char lab_stk[256]; /* label stack */
397 length = decode_prefix4(tvb, offset, buf, buflen) - 1 ;
400 plen = tvb_get_guint8(tvb,offset) ;
402 labnum = decode_MPLS_stack(tvb, offset + 1, lab_stk, sizeof(lab_stk));
404 offset += (1 + labnum * 3);
405 plen -= (labnum * 3*8);
407 rd_type=tvb_get_ntohs(tvb,offset) ;
411 case FORMAT_AS2_LOC: /* Code borrowed from the decode_prefix4 function */
412 if (plen < 0 || 32 < plen) {
417 length = (plen + 7) / 8;
418 memset(ip4addr, 0, sizeof(ip4addr));
419 tvb_memcpy(tvb, ip4addr, offset + 8, length);
421 ip4addr[length - 1] &= ((0xff00 >> (plen % 8)) & 0xff);
423 snprintf(buf,buflen, "Label Stack=%s RD=%u:%u, IP=%s/%d",
425 tvb_get_ntohs(tvb, offset + 2),
426 tvb_get_ntohl(tvb, offset + 4),
429 length += (labnum * 3 + 8) ;
431 case FORMAT_IP_LOC: /* Code borrowed from the decode_prefix4 function */
432 tvb_memcpy(tvb, ip4addr, offset + 2, 4);
434 if (plen < 0 || 32 < plen) {
439 length = (plen + 7) / 8;
440 memset(ip4addr2, 0, sizeof(ip4addr2));
441 tvb_memcpy(tvb, ip4addr2, offset + 8, length);
443 ip4addr2[length - 1] &= ((0xff00 >> (plen % 8)) & 0xff);
445 snprintf(buf,buflen, "Label Stack=%s RD=%s:%u, IP=%s/%d",
448 tvb_get_ntohs(tvb, offset + 6),
451 length += (labnum * 3 + 8) ;
455 snprintf(buf,buflen, "Unkown labeled VPN-IPv4 address format");
461 snprintf(buf,buflen, "Unkown SAFI value for AFI %u", afi);
466 length = decode_prefix6(tvb, offset, buf, buflen) - 1 ;
470 snprintf(buf,buflen, "Unkown AFI value");
477 * Dissect a BGP OPEN message.
480 dissect_bgp_open(tvbuff_t *tvb, int offset, proto_tree *tree)
482 struct bgp_open bgpo; /* BGP OPEN message */
483 int hlen; /* message length */
485 int ptype; /* parameter type */
486 int plen; /* parameter length */
487 int ctype; /* capability type */
488 int clen; /* capability length */
489 int ostart; /* options start */
490 int oend; /* options end */
491 int p; /* tvb offset counter */
492 proto_item *ti; /* tree item */
493 proto_tree *subtree; /* subtree for options */
494 proto_tree *subtree2; /* subtree for an option */
495 proto_tree *subtree3; /* subtree for an option */
497 /* snarf OPEN message */
498 tvb_memcpy(tvb, bgpo.bgpo_marker, offset, BGP_MIN_OPEN_MSG_SIZE);
499 hlen = ntohs(bgpo.bgpo_len);
501 proto_tree_add_text(tree, tvb,
502 offset + offsetof(struct bgp_open, bgpo_version), 1,
503 "Version: %u", bgpo.bgpo_version);
504 proto_tree_add_text(tree, tvb,
505 offset + offsetof(struct bgp_open, bgpo_myas), 2,
506 "My AS: %u", ntohs(bgpo.bgpo_myas));
507 proto_tree_add_text(tree, tvb,
508 offset + offsetof(struct bgp_open, bgpo_holdtime), 2,
509 "Hold time: %u", ntohs(bgpo.bgpo_holdtime));
510 proto_tree_add_text(tree, tvb,
511 offset + offsetof(struct bgp_open, bgpo_id), 4,
512 "BGP identifier: %s", ip_to_str((guint8 *)&bgpo.bgpo_id));
513 proto_tree_add_text(tree, tvb,
514 offset + offsetof(struct bgp_open, bgpo_optlen), 1,
515 "Optional parameters length: %u %s", bgpo.bgpo_optlen,
516 (bgpo.bgpo_optlen == 1) ? "byte" : "bytes");
518 /* optional parameters */
519 if (bgpo.bgpo_optlen > 0) {
520 /* add a subtree and setup some offsets */
521 ostart = offset + BGP_MIN_OPEN_MSG_SIZE;
522 ti = proto_tree_add_text(tree, tvb, ostart, bgpo.bgpo_optlen,
523 "Optional parameters");
524 subtree = proto_item_add_subtree(ti, ett_bgp_options);
526 oend = p + bgpo.bgpo_optlen;
528 /* step through all of the optional parameters */
531 /* grab the type and length */
532 ptype = tvb_get_guint8(tvb, p++);
533 plen = tvb_get_guint8(tvb, p++);
537 case BGP_OPTION_AUTHENTICATION:
538 proto_tree_add_text(subtree, tvb, p - 2, 2 + plen,
539 "Authentication information (%u %s)", plen,
540 (plen == 1) ? "byte" : "bytes");
542 case BGP_OPTION_CAPABILITY:
543 /* grab the capability code */
544 ctype = tvb_get_guint8(tvb, p++);
545 clen = tvb_get_guint8(tvb, p++);
547 /* check the capability type */
549 case BGP_CAPABILITY_RESERVED:
550 ti = proto_tree_add_text(subtree, tvb, p - 4,
551 2 + plen, "Reserved capability (%u %s)", 2 + plen,
552 (plen == 1) ? "byte" : "bytes");
553 subtree2 = proto_item_add_subtree(ti, ett_bgp_option);
554 proto_tree_add_text(subtree2, tvb, p - 4,
555 1, "Parameter type: Capabilities (2)");
556 proto_tree_add_text(subtree2, tvb, p - 3,
557 1, "Parameter length: %u %s", plen,
558 (plen == 1) ? "byte" : "bytes");
559 proto_tree_add_text(subtree2, tvb, p - 2,
560 1, "Capability code: Reserved (0)");
561 proto_tree_add_text(subtree2, tvb, p - 1,
562 1, "Capability length: %u %s", clen,
563 (clen == 1) ? "byte" : "bytes");
565 proto_tree_add_text(subtree2, tvb, p,
566 clen, "Capability value: Unknown");
570 case BGP_CAPABILITY_MULTIPROTOCOL:
571 ti = proto_tree_add_text(subtree, tvb, p - 4,
573 "Multiprotocol extensions capability (%u %s)",
574 2 + plen, (plen == 1) ? "byte" : "bytes");
575 subtree2 = proto_item_add_subtree(ti, ett_bgp_option);
576 proto_tree_add_text(subtree2, tvb, p - 4,
577 1, "Parameter type: Capabilities (2)");
578 proto_tree_add_text(subtree2, tvb, p - 3,
579 1, "Parameter length: %u %s", plen,
580 (plen == 1) ? "byte" : "bytes");
581 proto_tree_add_text(subtree2, tvb, p - 2,
582 1, "Capability code: Multiprotocol extensions (%d)",
585 proto_tree_add_text(subtree2, tvb, p - 1,
586 1, "Capability length: Invalid");
587 proto_tree_add_text(subtree2, tvb, p,
588 clen, "Capability value: Unknown");
591 proto_tree_add_text(subtree2, tvb, p - 1,
592 1, "Capability length: %u %s", clen,
593 (clen == 1) ? "byte" : "bytes");
594 ti = proto_tree_add_text(subtree2, tvb, p,
595 clen, "Capability value");
596 subtree3 = proto_item_add_subtree(ti,
599 i = tvb_get_ntohs(tvb, p);
600 proto_tree_add_text(subtree3, tvb, p,
601 2, "Address family identifier: %s (%u)",
602 val_to_str(i, afnumber, "Unknown"), i);
605 proto_tree_add_text(subtree3, tvb, p,
606 1, "Reserved: 1 byte");
609 i = tvb_get_guint8(tvb, p);
610 proto_tree_add_text(subtree3, tvb, p,
611 1, "Subsequent address family identifier: %s (%u)",
612 val_to_str(i, bgpattr_nlri_safi,
613 i >= 128 ? "Vendor specific" : "Unknown"), i);
617 case BGP_CAPABILITY_ROUTE_REFRESH_CISCO:
618 case BGP_CAPABILITY_ROUTE_REFRESH:
619 ti = proto_tree_add_text(subtree, tvb, p - 4,
620 2 + plen, "Route refresh capability (%u %s)", 2 + plen,
621 (plen == 1) ? "byte" : "bytes");
622 subtree2 = proto_item_add_subtree(ti, ett_bgp_option);
623 proto_tree_add_text(subtree2, tvb, p - 4,
624 1, "Parameter type: Capabilities (2)");
625 proto_tree_add_text(subtree2, tvb, p - 3,
626 1, "Parameter length: %u %s", plen,
627 (plen == 1) ? "byte" : "bytes");
628 proto_tree_add_text(subtree2, tvb, p - 2,
629 1, "Capability code: Route refresh (%d)", ctype);
631 proto_tree_add_text(subtree2, tvb, p,
632 clen, "Capability value: Invalid");
635 proto_tree_add_text(subtree2, tvb, p - 1,
636 1, "Capability length: %u %s", clen,
637 (clen == 1) ? "byte" : "bytes");
641 /* unknown capability */
643 ti = proto_tree_add_text(subtree, tvb, p - 4,
644 2 + plen, "Unknown capability (%u %s)", 2 + plen,
645 (plen == 1) ? "byte" : "bytes");
646 subtree2 = proto_item_add_subtree(ti, ett_bgp_option);
647 proto_tree_add_text(subtree2, tvb, p - 4,
648 1, "Parameter type: Capabilities (2)");
649 proto_tree_add_text(subtree2, tvb, p - 3,
650 1, "Parameter length: %u %s", plen,
651 (plen == 1) ? "byte" : "bytes");
652 proto_tree_add_text(subtree2, tvb, p - 2,
653 1, "Capability code: %s (%d)",
654 ctype >= 128 ? "Private use" : "Unknown", ctype);
655 proto_tree_add_text(subtree2, tvb, p - 1,
656 1, "Capability length: %u %s", clen,
657 (clen == 1) ? "byte" : "bytes");
659 proto_tree_add_text(subtree2, tvb, p,
660 clen, "Capability value: Unknown");
667 proto_tree_add_text(subtree, tvb, p - 2, 2 + plen,
668 "Unknown optional parameter");
676 * Dissect a BGP UPDATE message.
679 dissect_bgp_update(tvbuff_t *tvb, int offset, proto_tree *tree)
681 struct bgp_attr bgpa; /* path attributes */
682 int hlen; /* message length */
683 gint o; /* packet offset */
685 gint end; /* message end */
686 gint ext_com; /* EXTENDED COMMUNITY type */
688 int advance; /* tmp */
689 proto_item *ti; /* tree item */
690 proto_tree *subtree; /* subtree for attributes */
691 proto_tree *subtree2; /* subtree for attributes */
692 proto_tree *subtree3; /* subtree for attributes */
693 proto_tree *as_paths_tree; /* subtree for AS_PATHs */
694 proto_tree *as_path_tree; /* subtree for AS_PATH */
695 proto_tree *communities_tree; /* subtree for COMMUNITIES */
696 proto_tree *community_tree; /* subtree for a community */
697 proto_tree *cluster_list_tree; /* subtree for CLUSTER_LIST */
699 guint8 length; /* AS_PATH length */
700 guint8 type; /* AS_PATH type */
701 char *as_path_str = NULL; /* AS_PATH string */
702 char *communities_str = NULL; /* COMMUNITIES string */
703 char *cluster_list_str = NULL; /* CLUSTER_LIST string */
704 char *ext_com_str = NULL; /* EXTENDED COMMUNITY list */
705 char junk_buf[256]; /* tmp */
706 guint8 ipaddr[4]; /* IPv4 address */
708 hlen = tvb_get_ntohs(tvb, offset + BGP_MARKER_SIZE);
709 o = offset + BGP_HEADER_SIZE;
711 /* check for withdrawals */
712 len = tvb_get_ntohs(tvb, o);
713 proto_tree_add_text(tree, tvb, o, 2,
714 "Unfeasible routes length: %u %s", len, (len == 1) ? "byte" : "bytes");
717 /* parse unfeasible prefixes */
719 ti = proto_tree_add_text(tree, tvb, o, len, "Withdrawn routes:");
720 subtree = proto_item_add_subtree(ti, ett_bgp_unfeas);
722 /* parse each prefixes */
725 i = decode_prefix4(tvb, o, junk_buf, sizeof(junk_buf));
726 proto_tree_add_text(subtree, tvb, o, i, "%s", junk_buf);
733 /* check for advertisements */
734 len = tvb_get_ntohs(tvb, o);
735 proto_tree_add_text(tree, tvb, o, 2, "Total path attribute length: %u %s",
736 len, (len == 1) ? "byte" : "bytes");
738 /* path attributes */
740 ti = proto_tree_add_text(tree, tvb, o + 2, len, "Path attributes");
741 subtree = proto_item_add_subtree(ti, ett_bgp_attrs);
751 tvb_memcpy(tvb, (guint8 *)&bgpa, o + i, sizeof(bgpa));
752 /* check for the Extended Length bit */
753 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_EXTENDED_LENGTH) {
754 alen = tvb_get_ntohs(tvb, o + i + sizeof(bgpa));
755 aoff = sizeof(bgpa) + 2;
757 alen = tvb_get_guint8(tvb, o + i + sizeof(bgpa));
758 aoff = sizeof(bgpa) + 1;
761 /* This is kind of ugly - similar code appears twice, but it
762 helps browsing attrs. */
763 /* the first switch prints things in the title of the subtree */
764 switch (bgpa.bgpa_type) {
767 goto default_attribute_top;
768 msg = val_to_str(tvb_get_guint8(tvb, o + i + aoff), bgpattr_origin, "Unknown");
769 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
771 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
772 msg, alen + aoff, (alen + aoff == 1) ? "byte" :
775 case BGPTYPE_AS_PATH:
777 (o + current attribute + 3 bytes to first tuple) */
778 end = o + alen + i + 3;
780 /* must be freed by second switch! */
781 /* "alen * 6" (5 digits + space) should be a good estimate
782 of how long the AS path string could be */
783 as_path_str = malloc((alen + 1) * 6);
784 if (as_path_str == NULL) break;
785 as_path_str[0] = '\0';
787 /* snarf each AS path */
789 type = tvb_get_guint8(tvb, q++);
790 if (type == AS_SET) {
791 snprintf(as_path_str, 2, "{");
793 else if (type == AS_CONFED_SET) {
794 snprintf(as_path_str, 2, "[");
796 else if (type == AS_CONFED_SEQUENCE) {
797 snprintf(as_path_str, 2, "(");
799 length = tvb_get_guint8(tvb, q++);
801 /* snarf each value in path */
802 for (j = 0; j < length; j++) {
803 snprintf(junk_buf, sizeof(junk_buf), "%u%s", tvb_get_ntohs(tvb, q),
804 (type == AS_SET || type == AS_CONFED_SET)
806 strncat(as_path_str, junk_buf, sizeof(junk_buf));
810 /* cleanup end of string */
811 if (type == AS_SET) {
812 as_path_str[strlen(as_path_str) - 2] = '}';
814 else if (type == AS_CONFED_SET) {
815 as_path_str[strlen(as_path_str) - 2] = ']';
817 else if (type == AS_CONFED_SEQUENCE) {
818 as_path_str[strlen(as_path_str) - 1] = ')';
821 as_path_str[strlen(as_path_str) - 1] = '\0';
825 /* check for empty AS_PATH */
827 strncpy(as_path_str, "empty", 6);
829 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
831 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
832 as_path_str, alen + aoff,
833 (alen + aoff == 1) ? "byte" : "bytes");
835 case BGPTYPE_NEXT_HOP:
837 goto default_attribute_top;
838 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
839 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
841 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
842 ip_to_str(ipaddr), alen + aoff, (alen + aoff == 1)
845 case BGPTYPE_MULTI_EXIT_DISC:
847 goto default_attribute_top;
848 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
850 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
851 tvb_get_ntohl(tvb, o + i + aoff), alen + aoff,
852 (alen + aoff == 1) ? "byte" : "bytes");
854 case BGPTYPE_LOCAL_PREF:
856 goto default_attribute_top;
857 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
859 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
860 tvb_get_ntohl(tvb, o + i + aoff), alen + aoff,
861 (alen + aoff == 1) ? "byte" : "bytes");
863 case BGPTYPE_ATOMIC_AGGREGATE:
865 goto default_attribute_top;
866 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
868 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
869 alen + aoff, (alen + aoff == 1) ? "byte" : "bytes");
871 case BGPTYPE_AGGREGATOR:
873 goto default_attribute_top;
874 tvb_memcpy(tvb, ipaddr, o + i + aoff + 2, 4);
875 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
876 "%s: AS: %u origin: %s (%u %s)",
877 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
878 tvb_get_ntohs(tvb, o + i + aoff),
879 ip_to_str(ipaddr), alen + aoff,
880 (alen + aoff == 1) ? "byte" : "bytes");
882 case BGPTYPE_COMMUNITIES:
884 goto default_attribute_top;
887 (o + current attribute + 3 bytes to first tuple) */
888 end = o + alen + i + 3;
890 /* must be freed by second switch! */
891 /* "alen * 12" (5 digits, a :, 5 digits + space ) should be
892 a good estimate of how long the communities string could
894 communities_str = malloc((alen + 1) * 12);
895 if (communities_str == NULL) break;
896 communities_str[0] = '\0';
897 memset(junk_buf, 0, sizeof(junk_buf));
899 /* snarf each community */
901 /* check for well-known communities */
902 if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT)
903 strncpy(junk_buf, "NO_EXPORT ", 10);
904 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_ADVERTISE)
905 strncpy(junk_buf, "NO_ADVERTISE ", 13);
906 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT_SUBCONFED)
907 strncpy(junk_buf, "NO_EXPORT_SUBCONFED ", 20);
909 snprintf(junk_buf, sizeof(junk_buf), "%u:%u ",
910 tvb_get_ntohs(tvb, q),
911 tvb_get_ntohs(tvb, q + 2));
915 strncat(communities_str, junk_buf, sizeof(junk_buf));
917 /* cleanup end of string */
918 communities_str[strlen(communities_str) - 1] = '\0';
920 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
922 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
923 communities_str, alen + aoff,
924 (alen + aoff == 1) ? "byte" : "bytes");
926 case BGPTYPE_ORIGINATOR_ID:
928 goto default_attribute_top;
929 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
930 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
932 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
933 ip_to_str(ipaddr), alen + aoff, (alen + aoff == 1)
936 case BGPTYPE_CLUSTER_LIST:
938 goto default_attribute_top;
941 (o + current attribute + 3 bytes to first tuple) */
942 end = o + alen + i + 3;
944 /* must be freed by second switch! */
945 /* "alen * 16" (12 digits, 3 dots + space ) should be
946 a good estimate of how long the cluster_list string could
948 cluster_list_str = malloc((alen + 1) * 16);
949 if (cluster_list_str == NULL) break;
950 cluster_list_str[0] = '\0';
951 memset(junk_buf, 0, sizeof(junk_buf));
953 /* snarf each cluster list */
954 tvb_memcpy(tvb, ipaddr, q, 4);
956 snprintf(junk_buf, sizeof(junk_buf), "%s ", ip_to_str(ipaddr));
957 strncat(cluster_list_str, junk_buf, sizeof(junk_buf));
960 /* cleanup end of string */
961 cluster_list_str[strlen(cluster_list_str) - 1] = '\0';
963 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
965 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
966 cluster_list_str, alen + aoff,
967 (alen + aoff == 1) ? "byte" : "bytes");
969 case BGPTYPE_EXTENDED_COMMUNITY:
971 goto default_attribute_top;
973 end = o + i + aoff + alen ;
974 ext_com_str = malloc((alen / 8)*MAX_SIZE_OF_EXT_COM_NAMES) ;
975 if (ext_com_str == NULL) break ;
976 ext_com_str[0] = '\0' ;
978 ext_com = tvb_get_ntohs(tvb,q) ;
979 snprintf(junk_buf, sizeof(junk_buf), "%s", val_to_str(ext_com,bgpext_com_type,"Unknown"));
980 strncat(ext_com_str,junk_buf,sizeof(junk_buf));
982 if (q<end) strncat(ext_com_str,",",1);
984 ti = proto_tree_add_text(subtree,tvb,o+i,alen+aoff,
986 val_to_str(bgpa.bgpa_type,bgpattr_type,"Unknown"),
989 (alen ==1 ) ? "byte" : "bytes");
994 default_attribute_top:
995 ti = proto_tree_add_text(subtree, tvb, o + i, alen + aoff,
997 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
998 alen + aoff, (alen + aoff == 1) ? "byte" : "bytes");
999 } /* end of first switch */
1000 subtree2 = proto_item_add_subtree(ti, ett_bgp_attr);
1002 /* figure out flags */
1004 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_OPTIONAL) {
1005 strncat(junk_buf, "Optional, ", 10);
1008 strncat(junk_buf, "Well-known, ", 12);
1010 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_TRANSITIVE) {
1011 strncat(junk_buf, "Transitive, ", 12);
1014 strncat(junk_buf, "Non-transitive, ", 16);
1016 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_PARTIAL) {
1017 strncat(junk_buf, "Partial, ", 9);
1020 strncat(junk_buf, "Complete, ", 10);
1022 if (bgpa.bgpa_flags & BGP_ATTR_FLAG_EXTENDED_LENGTH) {
1023 strncat(junk_buf, "Extended Length, ", 17);
1025 /* stomp last ", " */
1026 j = strlen(junk_buf);
1027 junk_buf[j - 2] = '\0';
1028 ti = proto_tree_add_text(subtree2, tvb,
1029 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1030 "Flags: 0x%02x (%s)", bgpa.bgpa_flags, junk_buf);
1031 subtree3 = proto_item_add_subtree(ti, ett_bgp_attr_flags);
1033 /* add flag bitfield subtrees */
1034 proto_tree_add_text(subtree3, tvb,
1035 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1036 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1037 BGP_ATTR_FLAG_OPTIONAL, 8, "Optional", "Well-known"));
1038 proto_tree_add_text(subtree3, tvb,
1039 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1040 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1041 BGP_ATTR_FLAG_TRANSITIVE, 8, "Transitive",
1043 proto_tree_add_text(subtree3, tvb,
1044 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1045 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1046 BGP_ATTR_FLAG_PARTIAL, 8, "Partial", "Complete"));
1047 proto_tree_add_text(subtree3, tvb,
1048 o + i + offsetof(struct bgp_attr, bgpa_flags), 1,
1049 "%s", decode_boolean_bitfield(bgpa.bgpa_flags,
1050 BGP_ATTR_FLAG_EXTENDED_LENGTH, 8, "Extended length",
1053 proto_tree_add_text(subtree2, tvb,
1054 o + i + offsetof(struct bgp_attr, bgpa_type), 1,
1055 "Type code: %s (%u)",
1056 val_to_str(bgpa.bgpa_type, bgpattr_type, "Unknown"),
1059 proto_tree_add_text(subtree2, tvb, o + i + sizeof(bgpa),
1060 aoff - sizeof(bgpa), "Length: %d %s", alen,
1061 (alen == 1) ? "byte" : "bytes");
1063 /* the second switch prints things in the actual subtree of each
1065 switch (bgpa.bgpa_type) {
1066 case BGPTYPE_ORIGIN:
1068 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1069 "Origin (invalid): %u %s", alen,
1070 (alen == 1) ? "byte" : "bytes");
1072 msg = val_to_str(tvb_get_guint8(tvb, o + i + aoff), bgpattr_origin, "Unknown");
1073 proto_tree_add_text(subtree2, tvb, o + i + aoff, 1,
1074 "Origin: %s (%u)", msg, tvb_get_guint8(tvb, o + i + aoff));
1077 case BGPTYPE_AS_PATH:
1078 /* check for empty AS_PATH */
1084 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1085 "AS path: %s", as_path_str);
1086 as_paths_tree = proto_item_add_subtree(ti, ett_bgp_as_paths);
1089 (o + current attribute + 3 bytes to first tuple) */
1090 end = o + alen + i + 3;
1093 /* snarf each AS path tuple, we have to step through each one
1094 again to make a separate subtree so we can't just reuse
1095 as_path_str from above */
1097 as_path_str[0] = '\0';
1098 type = tvb_get_guint8(tvb, q++);
1099 if (type == AS_SET) {
1100 snprintf(as_path_str, 2, "{");
1102 else if (type == AS_CONFED_SET) {
1103 snprintf(as_path_str, 2, "[");
1105 else if (type == AS_CONFED_SEQUENCE) {
1106 snprintf(as_path_str, 2, "(");
1108 length = tvb_get_guint8(tvb, q++);
1110 /* snarf each value in path, we're just going to reuse
1111 as_path_str since we already have it malloced */
1112 for (j = 0; j < length; j++) {
1113 snprintf(junk_buf, sizeof(junk_buf), "%u%s", tvb_get_ntohs(tvb, q),
1114 (type == AS_SET || type == AS_CONFED_SET)
1116 strncat(as_path_str, junk_buf, sizeof(junk_buf));
1120 /* cleanup end of string */
1121 if (type == AS_SET) {
1122 as_path_str[strlen(as_path_str) - 2] = '}';
1124 else if (type == AS_CONFED_SET) {
1125 as_path_str[strlen(as_path_str) - 2] = ']';
1127 else if (type == AS_CONFED_SEQUENCE) {
1128 as_path_str[strlen(as_path_str) - 1] = ')';
1131 as_path_str[strlen(as_path_str) - 1] = '\0';
1134 /* length here means number of ASs, ie length * 2 bytes */
1135 ti = proto_tree_add_text(as_paths_tree, tvb,
1137 length * 2 + 2, "AS path segment: %s", as_path_str);
1138 as_path_tree = proto_item_add_subtree(ti, ett_bgp_as_paths);
1139 proto_tree_add_text(as_path_tree, tvb, q - length * 2 - 2,
1140 1, "Path segment type: %s (%u)",
1141 val_to_str(type, as_segment_type, "Unknown"), type);
1142 proto_tree_add_text(as_path_tree, tvb, q - length * 2 - 1,
1143 1, "Path segment length: %u %s", length,
1144 (length == 1) ? "AS" : "ASs");
1146 /* backup and reprint path segment value(s) only */
1148 as_path_str[0] = '\0';
1149 for (j = 0; j < length; j++) {
1150 snprintf(junk_buf, sizeof(junk_buf), "%u ", tvb_get_ntohs(tvb, q));
1151 strncat(as_path_str, junk_buf, sizeof(junk_buf));
1154 as_path_str[strlen(as_path_str) - 1] = '\0';
1156 proto_tree_add_text(as_path_tree, tvb, q - length * 2,
1157 length * 2, "Path segment value: %s", as_path_str);
1162 case BGPTYPE_NEXT_HOP:
1164 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1165 "Next hop (invalid): %u %s", alen,
1166 (alen == 1) ? "byte" : "bytes");
1168 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
1169 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1170 "Next hop: %s", ip_to_str(ipaddr));
1173 case BGPTYPE_MULTI_EXIT_DISC:
1175 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1176 "Multiple exit discriminator (invalid): %u %s",
1177 alen, (alen == 1) ? "byte" : "bytes");
1179 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1180 "Multiple exit discriminator: %u",
1181 tvb_get_ntohl(tvb, o + i + aoff));
1184 case BGPTYPE_LOCAL_PREF:
1186 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1187 "Local preference (invalid): %u %s", alen,
1188 (alen == 1) ? "byte" : "bytes");
1190 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1191 "Local preference: %u", tvb_get_ntohl(tvb, o + i + aoff));
1194 case BGPTYPE_ATOMIC_AGGREGATE:
1196 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1197 "Atomic aggregate (invalid): %u %s", alen,
1198 (alen == 1) ? "byte" : "bytes");
1201 case BGPTYPE_AGGREGATOR:
1203 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1204 "Aggregator (invalid): %u %s", alen,
1205 (alen == 1) ? "byte" : "bytes");
1207 proto_tree_add_text(subtree2, tvb, o + i + aoff, 2,
1208 "Aggregator AS: %u", tvb_get_ntohs(tvb, o + i + aoff));
1209 tvb_memcpy(tvb, ipaddr, o + i + aoff + 2, 4);
1210 proto_tree_add_text(subtree2, tvb, o + i + aoff + 2, 4,
1211 "Aggregator origin: %s",
1215 case BGPTYPE_COMMUNITIES:
1216 if (alen % 4 != 0) {
1217 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1218 "Communities (invalid): %u %s", alen,
1219 (alen == 1) ? "byte" : "bytes");
1220 free(communities_str);
1224 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1225 "Communities: %s", communities_str);
1226 communities_tree = proto_item_add_subtree(ti,
1227 ett_bgp_communities);
1230 (o + current attribute + 3 bytes to first tuple) */
1231 end = o + alen + i + 3;
1234 /* snarf each community */
1236 /* check for reserved values */
1237 if (tvb_get_ntohs(tvb, q) == FOURHEX0 || tvb_get_ntohs(tvb, q) == FOURHEXF) {
1238 /* check for well-known communities */
1239 if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT)
1240 proto_tree_add_text(communities_tree, tvb,
1242 "Community: NO_EXPORT (0x%x)", tvb_get_ntohl(tvb, q));
1243 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_ADVERTISE)
1244 proto_tree_add_text(communities_tree, tvb,
1246 "Community: NO_ADVERTISE (0x%x)", pntohl(q));
1247 else if (tvb_get_ntohl(tvb, q) == BGP_COMM_NO_EXPORT_SUBCONFED)
1248 proto_tree_add_text(communities_tree, tvb,
1250 "Community: NO_EXPORT_SUBCONFED (0x%x)",
1251 tvb_get_ntohl(tvb, q));
1253 proto_tree_add_text(communities_tree, tvb,
1255 "Community (reserved): 0x%x", tvb_get_ntohl(tvb, q));
1259 ti = proto_tree_add_text(communities_tree, tvb,
1260 q - 3 + aoff, 4, "Community: %u:%u",
1261 tvb_get_ntohs(tvb, q), tvb_get_ntohs(tvb, q + 2));
1262 community_tree = proto_item_add_subtree(ti,
1263 ett_bgp_communities);
1264 proto_tree_add_text(community_tree, tvb, q - 3 + aoff,
1265 2, "Community AS: %u", tvb_get_ntohs(tvb, q));
1266 proto_tree_add_text(community_tree, tvb, q - 1 + aoff,
1267 2, "Community value: %u", tvb_get_ntohs(tvb, q + 2));
1273 free(communities_str);
1275 case BGPTYPE_ORIGINATOR_ID:
1277 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1278 "Originator identifier (invalid): %u %s", alen,
1279 (alen == 1) ? "byte" : "bytes");
1281 tvb_memcpy(tvb, ipaddr, o + i + aoff, 4);
1282 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1283 "Originator identifier: %s",
1287 case BGPTYPE_MP_REACH_NLRI:
1289 * RFC 2545 specifies that there may be more than one
1290 * address in the MP_REACH_NLRI attribute in section
1291 * 3, "Constructing the Next Hop field".
1293 * Yes, RFC 2858 says you can't do that, and, yes, RFC
1294 * 2858 obsoletes RFC 2283, which says you can do that,
1295 * but that doesn't mean we shouldn't dissect packets
1296 * that conform to RFC 2283 but not RFC 2858, as some
1297 * device on the network might implement the 2283-style
1298 * BGP extensions rather than RFC 2858-style extensions.
1300 af = tvb_get_ntohs(tvb, o + i + aoff);
1301 proto_tree_add_text(subtree2, tvb, o + i + aoff, 2,
1302 "Address family: %s (%u)",
1303 val_to_str(af, afnumber, "Unknown"), af);
1304 saf = tvb_get_guint8(tvb, o + i + aoff + 2) ;
1305 proto_tree_add_text(subtree2, tvb, o + i + aoff + 2, 1,
1306 "Subsequent address family identifier: %s (%u)",
1307 val_to_str(saf, bgpattr_nlri_safi, saf >= 128 ? "Vendor specific" : "Unknown"),
1309 nexthop_len = tvb_get_guint8(tvb, o + i + aoff + 3);
1310 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff + 3, 1,
1311 "Next hop network address (%d %s)",
1312 nexthop_len, plurality(nexthop_len, "byte", "bytes"));
1313 subtree3 = proto_item_add_subtree(ti, ett_bgp_mp_nhna);
1315 while (j < nexthop_len) {
1316 advance = mp_addr_to_str(af, saf, tvb, o + i + aoff + 4 + j,
1317 junk_buf, sizeof(junk_buf)) ;
1318 if (j + advance > nexthop_len)
1320 proto_tree_add_text(subtree3, tvb,o + i + aoff + 4 + j,
1321 advance, "Next hop: %s (%u)", junk_buf, advance);
1324 alen -= nexthop_len + 4;
1325 aoff += nexthop_len + 4 ;
1328 snpa = tvb_get_guint8(tvb, o + i + aoff);
1329 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, 1,
1330 "Subnetwork points of attachment: %u", snpa);
1333 subtree3 = proto_item_add_subtree(ti, ett_bgp_mp_snpa);
1334 for (/*nothing*/; snpa > 0; snpa--) {
1335 proto_tree_add_text(subtree3, tvb, o + i + aoff + off, 1,
1336 "SNPA length: %u", tvb_get_guint8(tvb, o + i + aoff + off));
1338 proto_tree_add_text(subtree3, tvb, o + i + aoff + off,
1339 tvb_get_guint8(tvb, o + i + aoff + off - 1),
1340 "SNPA (%u %s)", tvb_get_guint8(tvb, o + i + aoff + off - 1),
1341 (tvb_get_guint8(tvb, o + i + aoff + off - 1) == 1) ? "byte" : "bytes");
1342 off += tvb_get_guint8(tvb, o + i + aoff + off - 1);
1348 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1349 "Network layer reachability information (%u %s)",
1350 alen, (alen == 1) ? "byte" : "bytes");
1352 subtree3 = proto_item_add_subtree(ti,ett_bgp_mp_reach_nlri);
1355 advance = decode_prefix_MP(af, saf, tvb, o + i + aoff , junk_buf, sizeof(junk_buf)) ;
1356 proto_tree_add_text(subtree3, tvb, o + i + aoff, advance, "%s", junk_buf) ;
1362 case BGPTYPE_MP_UNREACH_NLRI:
1363 af = tvb_get_ntohs(tvb, o + i + aoff);
1364 proto_tree_add_text(subtree2, tvb, o + i + aoff, 2,
1365 "Address family: %s (%u)",
1366 val_to_str(af, afnumber, "Unknown"), af);
1367 saf = tvb_get_guint8(tvb, o + i + aoff + 2) ;
1368 proto_tree_add_text(subtree2, tvb, o + i + aoff + 2, 1,
1369 "Subsequent address family identifier: %s (%u)",
1370 val_to_str(saf, bgpattr_nlri_safi, saf >= 128 ? "Vendor specific" : "Unknown"),
1372 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff + 3,
1373 alen - 3, "Withdrawn routes (%u %s)", alen - 3,
1374 (alen - 3 == 1) ? "byte" : "bytes");
1379 subtree3 = proto_item_add_subtree(ti,ett_bgp_mp_unreach_nlri);
1382 advance = decode_prefix_MP(af, saf, tvb, o + i + aoff , junk_buf, sizeof(junk_buf)) ;
1384 proto_tree_add_text(subtree3, tvb, o + i + aoff, advance, "%s", junk_buf) ;
1390 case BGPTYPE_CLUSTER_LIST:
1391 if (alen % 4 != 0) {
1392 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1393 "Cluster list (invalid): %u %s", alen,
1394 (alen == 1) ? "byte" : "bytes");
1395 free(cluster_list_str);
1399 ti = proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1400 "Cluster list: %s", cluster_list_str);
1401 cluster_list_tree = proto_item_add_subtree(ti,
1402 ett_bgp_cluster_list);
1405 (p + current attribute + 3 bytes to first tuple) */
1406 end = o + alen + i + 3;
1409 /* snarf each cluster identifier */
1411 tvb_memcpy(tvb, ipaddr, q, 4);
1412 ti = proto_tree_add_text(cluster_list_tree, tvb,
1413 q - 3 + aoff, 4, "Cluster identifier: %s",
1419 free(cluster_list_str);
1421 case BGPTYPE_EXTENDED_COMMUNITY:
1423 proto_tree_add_text(subtree3, tvb, o + i + aoff, alen, "Extended community (invalid) : %u %s", alen,
1424 (alen == 1) ? "byte" : "bytes") ;
1427 end = o + i + aoff + alen ;
1428 ext_com_str = malloc(MAX_SIZE_OF_EXT_COM_NAMES+MAX_SIZE_OF_IP_ADDR_STRING*2+1) ;
1429 if (ext_com_str == NULL) break ;
1430 ti = proto_tree_add_text(subtree2,tvb,q,alen, "Carried Extended communities");
1431 subtree3 = proto_item_add_subtree(ti,ett_bgp_extended_communities) ;
1434 ext_com_str[0] = '\0' ;
1435 ext_com = tvb_get_ntohs(tvb,q) ;
1436 snprintf(junk_buf, sizeof(junk_buf), "%s", val_to_str(ext_com,bgpext_com_type,"Unknown"));
1437 strncat(ext_com_str,junk_buf,sizeof(junk_buf));
1439 case BGP_EXT_COM_RT_0:
1440 case BGP_EXT_COM_RO_0:
1441 snprintf(junk_buf, sizeof(junk_buf), ": %u%s%d",tvb_get_ntohs(tvb,q+2),":",tvb_get_ntohl(tvb,q+4));
1443 case BGP_EXT_COM_RT_1:
1444 case BGP_EXT_COM_RO_1:
1445 tvb_memcpy(tvb,ipaddr,q+2,4);
1446 snprintf(junk_buf, sizeof(junk_buf), ": %s%s%u",ip_to_str(ipaddr),":",tvb_get_ntohs(tvb,q+6));
1449 snprintf(junk_buf, sizeof(junk_buf), " ");
1452 strncat(ext_com_str,junk_buf,sizeof(junk_buf));
1453 proto_tree_add_text(subtree3,tvb,q,8, "%s",ext_com_str);
1460 proto_tree_add_text(subtree2, tvb, o + i + aoff, alen,
1461 "Unknown (%d %s)", alen, (alen == 1) ? "byte" :
1464 } /* end of second switch */
1472 len = offset + hlen - o;
1474 /* parse prefixes */
1476 ti = proto_tree_add_text(tree, tvb, o, len,
1477 "Network layer reachability information: %u %s", len,
1478 (len == 1) ? "byte" : "bytes");
1479 subtree = proto_item_add_subtree(ti, ett_bgp_nlri);
1482 i = decode_prefix4(tvb, o, junk_buf, sizeof(junk_buf));
1483 proto_tree_add_text(subtree, tvb, o, i, "%s", junk_buf);
1491 * Dissect a BGP NOTIFICATION message.
1494 dissect_bgp_notification(tvbuff_t *tvb, int offset, proto_tree *tree)
1496 struct bgp_notification bgpn; /* BGP NOTIFICATION message */
1497 int hlen; /* message length */
1498 char *p; /* string pointer */
1501 tvb_memcpy(tvb, bgpn.bgpn_marker, offset, BGP_MIN_NOTIFICATION_MSG_SIZE);
1502 hlen = ntohs(bgpn.bgpn_len);
1504 /* print error code */
1505 proto_tree_add_text(tree, tvb,
1506 offset + offsetof(struct bgp_notification, bgpn_major), 1,
1507 "Error code: %s (%u)",
1508 val_to_str(bgpn.bgpn_major, bgpnotify_major, "Unknown"),
1511 /* print error subcode */
1512 if (bgpn.bgpn_major < array_length(bgpnotify_minor)
1513 && bgpnotify_minor[bgpn.bgpn_major] != NULL) {
1514 p = val_to_str(bgpn.bgpn_minor, bgpnotify_minor[bgpn.bgpn_major],
1516 } else if (bgpn.bgpn_minor == 0)
1520 proto_tree_add_text(tree, tvb,
1521 offset + offsetof(struct bgp_notification, bgpn_minor), 1,
1522 "Error subcode: %s (%u)", p, bgpn.bgpn_minor);
1524 /* only print if there is optional data */
1525 if (hlen > BGP_MIN_NOTIFICATION_MSG_SIZE) {
1526 proto_tree_add_text(tree, tvb, offset + BGP_MIN_NOTIFICATION_MSG_SIZE,
1527 hlen - BGP_MIN_NOTIFICATION_MSG_SIZE, "Data");
1532 * Dissect a BGP ROUTE-REFRESH message.
1535 dissect_bgp_route_refresh(tvbuff_t *tvb, int offset, proto_tree *tree)
1540 i = tvb_get_ntohs(tvb, offset + BGP_HEADER_SIZE);
1541 proto_tree_add_text(tree, tvb, offset + BGP_HEADER_SIZE, 2,
1542 "Address family identifier: %s (%u)",
1543 val_to_str(i, afnumber, "Unknown"), i);
1546 proto_tree_add_text(tree, tvb, offset + BGP_HEADER_SIZE + 2, 1,
1547 "Reserved: 1 byte");
1550 i = tvb_get_guint8(tvb, offset);
1551 proto_tree_add_text(tree, tvb, offset + BGP_HEADER_SIZE + 3, 1,
1552 "Subsequent address family identifier: %s (%u)",
1553 val_to_str(i, bgpattr_nlri_safi,
1554 i >= 128 ? "Vendor specific" : "Unknown"),
1559 * Dissect a BGP packet.
1562 dissect_bgp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1564 proto_item *ti; /* tree item */
1565 proto_tree *bgp_tree; /* BGP packet tree */
1566 proto_tree *bgp1_tree; /* BGP message tree */
1568 int found; /* number of BGP messages in packet */
1569 static u_char marker[] = { /* BGP message marker */
1570 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1571 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1573 struct bgp bgp; /* BGP header */
1574 int hlen; /* BGP header length */
1575 char *typ; /* BGP message type */
1577 if (check_col(pinfo->fd, COL_PROTOCOL))
1578 col_set_str(pinfo->fd, COL_PROTOCOL, "BGP");
1579 if (check_col(pinfo->fd, COL_INFO))
1580 col_clear(pinfo->fd, COL_INFO);
1582 l = tvb_length(tvb);
1585 /* run through the TCP packet looking for BGP headers */
1586 /* this is done twice, but this way each message type can be
1587 printed in the COL_INFO field */
1588 while (i + BGP_HEADER_SIZE <= l) {
1589 tvb_memcpy(tvb, bgp.bgp_marker, i, BGP_HEADER_SIZE);
1591 /* look for bgp header */
1592 if (memcmp(bgp.bgp_marker, marker, sizeof(marker)) != 0) {
1598 hlen = ntohs(bgp.bgp_len);
1599 typ = val_to_str(bgp.bgp_type, bgptypevals, "Unknown Message");
1601 if (check_col(pinfo->fd, COL_INFO)) {
1603 col_add_fstr(pinfo->fd, COL_INFO, "%s", typ);
1605 col_append_fstr(pinfo->fd, COL_INFO, ", %s", typ);
1612 ti = proto_tree_add_item(tree, proto_bgp, tvb, 0,
1614 bgp_tree = proto_item_add_subtree(ti, ett_bgp);
1617 /* now, run through the TCP packet again, this time dissect */
1618 /* each message that we find */
1619 while (i + BGP_HEADER_SIZE <= l) {
1620 tvb_memcpy(tvb, bgp.bgp_marker, i, BGP_HEADER_SIZE);
1622 /* look for bgp header */
1623 if (memcmp(bgp.bgp_marker, marker, sizeof(marker)) != 0) {
1628 hlen = ntohs(bgp.bgp_len);
1629 typ = val_to_str(bgp.bgp_type, bgptypevals, "Unknown Message");
1631 ti = proto_tree_add_text(bgp_tree, tvb, i,
1632 l, "%s (truncated)", typ);
1634 ti = proto_tree_add_text(bgp_tree, tvb, i, hlen,
1637 /* add a different tree for each message type */
1638 switch (bgp.bgp_type) {
1640 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_open);
1643 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_update);
1645 case BGP_NOTIFICATION:
1646 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_notification);
1649 bgp1_tree = proto_item_add_subtree(ti, ett_bgp);
1651 case BGP_ROUTE_REFRESH_CISCO:
1652 case BGP_ROUTE_REFRESH:
1653 bgp1_tree = proto_item_add_subtree(ti, ett_bgp_route_refresh);
1656 bgp1_tree = proto_item_add_subtree(ti, ett_bgp);
1660 proto_tree_add_text(bgp1_tree, tvb, i, BGP_MARKER_SIZE,
1661 "Marker: 16 bytes");
1663 if (hlen < BGP_HEADER_SIZE || hlen > BGP_MAX_PACKET_SIZE) {
1664 proto_tree_add_text(bgp1_tree, tvb,
1665 i + offsetof(struct bgp, bgp_len), 2,
1666 "Length (invalid): %u %s", hlen,
1667 (hlen == 1) ? "byte" : "bytes");
1669 proto_tree_add_text(bgp1_tree, tvb,
1670 i + offsetof(struct bgp, bgp_len), 2,
1671 "Length: %u %s", hlen,
1672 (hlen == 1) ? "byte" : "bytes");
1675 proto_tree_add_uint_format(bgp1_tree, hf_bgp_type, tvb,
1676 i + offsetof(struct bgp, bgp_type), 1,
1678 "Type: %s (%u)", typ, bgp.bgp_type);
1680 switch (bgp.bgp_type) {
1682 dissect_bgp_open(tvb, i, bgp1_tree);
1685 dissect_bgp_update(tvb, i, bgp1_tree);
1687 case BGP_NOTIFICATION:
1688 dissect_bgp_notification(tvb, i, bgp1_tree);
1691 /* no data in KEEPALIVE messages */
1693 case BGP_ROUTE_REFRESH_CISCO:
1694 case BGP_ROUTE_REFRESH:
1695 dissect_bgp_route_refresh(tvb, i, bgp1_tree);
1707 * Register ourselves.
1710 proto_register_bgp(void)
1713 static hf_register_info hf[] = {
1715 { "BGP message type", "bgp.type", FT_UINT8, BASE_HEX,
1716 VALS(bgptypevals), 0x0, "BGP message type", HFILL }},
1719 static gint *ett[] = {
1724 &ett_bgp_attr_flags,
1726 &ett_bgp_mp_reach_nlri,
1727 &ett_bgp_mp_unreach_nlri,
1732 &ett_bgp_notification,
1733 &ett_bgp_route_refresh,
1735 &ett_bgp_communities,
1736 &ett_bgp_cluster_list,
1739 &ett_bgp_extended_communities
1742 proto_bgp = proto_register_protocol("Border Gateway Protocol",
1744 proto_register_field_array(proto_bgp, hf, array_length(hf));
1745 proto_register_subtree_array(ett, array_length(ett));
1749 proto_reg_handoff_bgp(void)
1751 dissector_add("tcp.port", BGP_TCP_PORT, dissect_bgp, proto_bgp);