2 * Routines for OSPF packet disassembly
3 * (c) Copyright Hannes R. Boehm <hannes@boehm.org>
5 * $Id: packet-ospf.c,v 1.7 1998/10/20 05:31:01 guy Exp $
7 * At this time, this module is able to analyze OSPF
8 * packets as specified in RFC2328. MOSPF (RFC1584) and other
9 * OSPF Extensions which introduce new Packet types
10 * (e.g the External Atributes LSA) are not supported.
12 * TOS - support is not fully implemented
14 * Ethereal - Network traffic analyzer
15 * By Gerald Combs <gerald@zing.org>
16 * Copyright 1998 Gerald Combs
19 * This program is free software; you can redistribute it and/or
20 * modify it under the terms of the GNU General Public License
21 * as published by the Free Software Foundation; either version 2
22 * of the License, or (at your option) any later version.
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #ifdef HAVE_SYS_TYPES_H
44 # include <sys/types.h>
47 #ifdef HAVE_NETINET_IN_H
48 # include <netinet/in.h>
53 #include "packet-ospf.h"
57 dissect_ospf(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
60 GtkWidget *ospf_tree = NULL, *ti;
61 GtkWidget *ospf_header_tree;
64 static value_string pt_vals[] = { {OSPF_HELLO, "Hello Packet" },
65 {OSPF_DB_DESC, "DB Descr." },
66 {OSPF_LS_REQ, "LS Request" },
67 {OSPF_LS_UPD, "LS Update" },
68 {OSPF_LS_ACK, "LS Acknowledge" },
71 memcpy(&ospfh, &pd[offset], sizeof(e_ospfhdr));
73 packet_type = match_strval(ospfh.packet_type, pt_vals);
74 if (fd->win_info[COL_NUM]) {
75 strcpy(fd->win_info[COL_PROTOCOL], "OSPF");
76 if (packet_type != NULL)
77 sprintf(fd->win_info[COL_INFO], "%s", packet_type);
79 sprintf(fd->win_info[COL_INFO], "Unknown (%d)", ospfh.packet_type);
83 ti = add_item_to_tree(GTK_WIDGET(tree), offset, ntohs(ospfh.length), "Open Shortest Path First");
84 ospf_tree = gtk_tree_new();
85 add_subtree(ti, ospf_tree, ETT_OSPF);
87 ti = add_item_to_tree(GTK_WIDGET(ospf_tree), offset, OSPF_HEADER_LENGTH, "OSPF Header");
88 ospf_header_tree = gtk_tree_new();
89 add_subtree(ti, ospf_header_tree, ETT_OSPF_HDR);
91 add_item_to_tree(ospf_header_tree, offset, 1, "OSPF Version: %d", ospfh.version);
92 add_item_to_tree(ospf_header_tree, offset + 1 , 1, "OSPF Packet Type: %d (%s)",
94 (packet_type != NULL ?
97 add_item_to_tree(ospf_header_tree, offset + 2 , 2, "Packet Legth: %d",
99 add_item_to_tree(ospf_header_tree, offset + 4 , 4, "Source OSPF Router ID: %s",
101 ip_to_str((guint8 *) &(ospfh.routerid)));
103 add_item_to_tree(ospf_header_tree, offset + 8 , 4, "Area ID: Backbone");
105 add_item_to_tree(ospf_header_tree, offset + 8 , 4, "Area ID: %s", ip_to_str((guint8 *) &(ospfh.area)));
107 add_item_to_tree(ospf_header_tree, offset + 12 , 2, "Packet Checksum");
108 switch( ntohs(ospfh.auth_type) ) {
110 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: none");
111 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (none)");
113 case OSPF_AUTH_SIMPLE:
114 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: simple");
115 strncpy(auth_data, (char *) &ospfh.auth_data, 8);
116 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data: %s", auth_data);
118 case OSPF_AUTH_CRYPT:
119 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: crypt");
120 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (crypt)");
123 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type (unknown)");
124 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (unknown)");
129 /* Skip over header */
130 offset += OSPF_HEADER_LENGTH;
131 switch(ospfh.packet_type){
133 dissect_ospf_hello(pd, offset, fd, (GtkTree *) ospf_tree);
136 dissect_ospf_db_desc(pd, offset, fd, (GtkTree *) ospf_tree);
139 dissect_ospf_ls_req(pd, offset, fd, (GtkTree *) ospf_tree);
142 dissect_ospf_ls_upd(pd, offset, fd, (GtkTree *) ospf_tree);
145 dissect_ospf_ls_ack(pd, offset, fd, (GtkTree *) ospf_tree);
148 dissect_data(pd, offset, fd, tree);
153 dissect_ospf_hello(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
154 e_ospf_hello ospfhello;
155 guint32 *ospfneighbor;
159 GtkWidget *ospf_hello_tree, *ti;
161 memcpy(&ospfhello, &pd[offset], sizeof(e_ospf_hello));
164 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "OSPF Hello Packet");
165 ospf_hello_tree = gtk_tree_new();
166 add_subtree(ti, ospf_hello_tree, ETT_OSPF_HELLO);
169 add_item_to_tree(ospf_hello_tree, offset , 4, "Network Mask: %s", ip_to_str((guint8 *) &ospfhello.network_mask));
170 add_item_to_tree(ospf_hello_tree, offset + 4, 2, "Hello Intervall: %d seconds", ntohs(ospfhello.hellointervall));
172 /* ATTENTION !!! no check for length of options string */
174 if(( ospfhello.options & OSPF_OPTIONS_E ) == OSPF_OPTIONS_E){
175 strcpy( (char *)(options + options_offset), "E");
178 if(( ospfhello.options & OSPF_OPTIONS_MC ) == OSPF_OPTIONS_MC){
179 strcpy((char *) (options + options_offset), "/MC");
182 if(( ospfhello.options & OSPF_OPTIONS_NP ) == OSPF_OPTIONS_NP){
183 strcpy((char *) (options + options_offset), "/NP");
186 if(( ospfhello.options & OSPF_OPTIONS_EA ) == OSPF_OPTIONS_EA){
187 strcpy((char *) (options + options_offset) , "/EA");
190 if(( ospfhello.options & OSPF_OPTIONS_DC ) == OSPF_OPTIONS_DC){
191 strcpy((char *) (options + options_offset) , "/DC");
195 add_item_to_tree(ospf_hello_tree, offset + 6, 1, "Options: %d (%s)", ospfhello.options, options);
196 add_item_to_tree(ospf_hello_tree, offset + 7, 1, "Router Priority: %d", ospfhello.priority);
197 add_item_to_tree(ospf_hello_tree, offset + 8, 4, "RouterDeadIntervall: %ld seconds", (long)ntohl(ospfhello.dead_interval));
198 add_item_to_tree(ospf_hello_tree, offset + 12, 4, "Designated Router: %s", ip_to_str((guint8 *) &ospfhello.drouter));
199 add_item_to_tree(ospf_hello_tree, offset + 16, 4, "Backup Designated Router: %s", ip_to_str((guint8 *) &ospfhello.bdrouter));
203 while(((int)(fd->cap_len - offset)) >= 4){
204 printf("%d", fd->cap_len - offset);
205 ospfneighbor=(guint32 *) &pd[offset];
206 add_item_to_tree(ospf_hello_tree, offset, 4, "Active Neighbor: %s", ip_to_str((guint8 *) ospfneighbor));
213 dissect_ospf_db_desc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
220 GtkWidget *ospf_db_desc_tree=NULL, *ti;
222 memcpy(&ospf_dbd, &pd[offset], sizeof(e_ospf_dbd));
225 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "OSPF DB Description");
226 ospf_db_desc_tree = gtk_tree_new();
227 add_subtree(ti, ospf_db_desc_tree, ETT_OSPF_DESC);
229 add_item_to_tree(ospf_db_desc_tree, offset, 2, "Interface MTU: %d", ntohs(ospf_dbd.interface_mtu) );
233 if(( ospf_dbd.options & OSPF_OPTIONS_E ) == OSPF_OPTIONS_E){
234 strcpy( (char *)(options + options_offset), "_E_");
237 if(( ospf_dbd.options & OSPF_OPTIONS_MC ) == OSPF_OPTIONS_MC){
238 strcpy((char *) (options + options_offset), "_MC_");
241 if(( ospf_dbd.options & OSPF_OPTIONS_NP ) == OSPF_OPTIONS_NP){
242 strcpy((char *) (options + options_offset), "_NP_");
245 if(( ospf_dbd.options & OSPF_OPTIONS_EA ) == OSPF_OPTIONS_EA){
246 strcpy((char *) (options + options_offset) , "_EA_");
249 if(( ospf_dbd.options & OSPF_OPTIONS_DC ) == OSPF_OPTIONS_DC){
250 strcpy((char *) (options + options_offset) , "_DC_");
254 add_item_to_tree(ospf_db_desc_tree, offset + 2 , 1, "Options: %d (%s)", ospf_dbd.options, options );
258 if(( ospf_dbd.flags & OSPF_DBD_FLAG_MS ) == OSPF_DBD_FLAG_MS){
259 strcpy( (char *)(flags + flags_offset), "_I_");
262 if(( ospf_dbd.flags & OSPF_DBD_FLAG_M ) == OSPF_DBD_FLAG_M){
263 strcpy((char *) (flags + flags_offset), "_M_");
266 if(( ospf_dbd.flags & OSPF_DBD_FLAG_I ) == OSPF_DBD_FLAG_I){
267 strcpy((char *) (flags + flags_offset), "_I_");
271 add_item_to_tree(ospf_db_desc_tree, offset + 3 , 1, "Flags: %d (%s)", ospf_dbd.flags, flags );
272 add_item_to_tree(ospf_db_desc_tree, offset + 4 , 4, "DD Sequence: %ld", (long)ntohl(ospf_dbd.dd_sequence) );
274 /* LS Headers will be processed here */
275 /* skip to the end of DB-Desc header */
277 while( ((int) (fd->cap_len - offset)) >= OSPF_LSA_HEADER_LENGTH ) {
278 dissect_ospf_lsa(pd, offset, fd, (GtkTree *) tree, FALSE);
279 offset+=OSPF_LSA_HEADER_LENGTH;
284 dissect_ospf_ls_req(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
285 e_ospf_ls_req ospf_lsr;
287 GtkWidget *ospf_lsr_tree, *ti;
290 /* zero or more LS requests may be within a LS Request */
291 /* we place every request for a LSA in a single subtree */
293 while( ((int) ( fd->cap_len - offset)) >= OSPF_LS_REQ_LENGTH ){
294 memcpy(&ospf_lsr, &pd[offset], sizeof(e_ospf_ls_req));
295 ti = add_item_to_tree(GTK_WIDGET(tree), offset, OSPF_LS_REQ_LENGTH, "Link State Request");
296 ospf_lsr_tree = gtk_tree_new();
297 add_subtree(ti, ospf_lsr_tree, ETT_OSPF_LSR);
299 switch( ntohl( ospf_lsr.ls_type ) ){
300 case OSPF_LSTYPE_ROUTER:
301 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Router-LSA (%ld)",
302 (long)ntohl( ospf_lsr.ls_type ) );
304 case OSPF_LSTYPE_NETWORK:
305 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Network-LSA (%ld)",
306 (long)ntohl( ospf_lsr.ls_type ) );
308 case OSPF_LSTYPE_SUMMERY:
309 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Summary-LSA (IP network) (%ld)",
310 (long)ntohl( ospf_lsr.ls_type ) );
312 case OSPF_LSTYPE_ASBR:
313 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Summary-LSA (ASBR) (%ld)",
314 (long)ntohl( ospf_lsr.ls_type ) );
316 case OSPF_LSTYPE_ASEXT:
317 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: AS-External-LSA (ASBR) (%ld)",
318 (long)ntohl( ospf_lsr.ls_type ) );
321 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: %ld (unknown)",
322 (long)ntohl( ospf_lsr.ls_type ) );
325 add_item_to_tree(ospf_lsr_tree, offset + 4, 4, "Link State ID : %s",
326 ip_to_str((guint8 *) &(ospf_lsr.ls_id)));
327 add_item_to_tree(ospf_lsr_tree, offset + 8, 4, "Advertising Router : %s",
328 ip_to_str((guint8 *) &(ospf_lsr.adv_router)));
335 dissect_ospf_ls_upd(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
336 e_ospf_lsa_upd_hdr upd_hdr;
339 GtkWidget *ospf_lsa_upd_tree=NULL, *ti;
341 memcpy(&upd_hdr, &pd[offset], sizeof(e_ospf_lsa_upd_hdr));
344 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "LS Update Packet");
345 ospf_lsa_upd_tree = gtk_tree_new();
346 add_subtree(ti, ospf_lsa_upd_tree, ETT_OSPF_LSA_UPD);
348 add_item_to_tree(ospf_lsa_upd_tree, offset, 4, "Nr oF LSAs: %ld", (long)ntohl(upd_hdr.lsa_nr) );
350 /* skip to the beginning of the first LSA */
351 offset+=4; /* the LS Upd PAcket contains only a 32 bit #LSAs field */
354 while(lsa_counter < ntohl(upd_hdr.lsa_nr)){
355 offset+=dissect_ospf_lsa(pd, offset, fd, (GtkTree *) ospf_lsa_upd_tree, TRUE);
361 dissect_ospf_ls_ack(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
363 /* the body of a LS Ack packet simply contains zero or more LSA Headers */
364 while( ((int)(fd->cap_len - offset)) >= OSPF_LSA_HEADER_LENGTH ) {
365 dissect_ospf_lsa(pd, offset, fd, (GtkTree *) tree, FALSE);
366 offset+=OSPF_LSA_HEADER_LENGTH;
372 dissect_ospf_lsa(const u_char *pd, int offset, frame_data *fd, GtkTree *tree, int disassemble_body) {
373 e_ospf_lsa_hdr lsa_hdr;
376 /* data strutures for the router LSA */
377 e_ospf_router_lsa router_lsa;
378 e_ospf_router_data router_data;
379 e_ospf_router_metric tos_data;
380 guint16 link_counter;
385 /* data structures for the network lsa */
386 e_ospf_network_lsa network_lsa;
387 guint32 *attached_router;
389 /* data structures for the summary and ASBR LSAs */
390 e_ospf_summary_lsa summary_lsa;
392 /* data structures for the AS-External LSA */
393 e_ospf_asexternal_lsa asext_lsa;
394 guint32 asext_metric;
396 GtkWidget *ospf_lsa_tree, *ti;
398 memcpy(&lsa_hdr, &pd[offset], sizeof(e_ospf_lsa_hdr));
402 switch(lsa_hdr.ls_type) {
403 case OSPF_LSTYPE_ROUTER:
404 lsa_type="Router LSA";
406 case OSPF_LSTYPE_NETWORK:
407 lsa_type="Network LSA";
409 case OSPF_LSTYPE_SUMMERY:
410 lsa_type="Summery LSA";
412 case OSPF_LSTYPE_ASBR:
415 case OSPF_LSTYPE_ASEXT:
416 lsa_type="AS-external-LSA";
423 if(disassemble_body){
424 ti = add_item_to_tree(GTK_WIDGET(tree), offset, ntohs(lsa_hdr.length),
425 "%s (Type: %d)", lsa_type, lsa_hdr.ls_type);
427 ti = add_item_to_tree(GTK_WIDGET(tree), offset, OSPF_LSA_HEADER_LENGTH, "LSA Header");
429 ospf_lsa_tree = gtk_tree_new();
430 add_subtree(ti, ospf_lsa_tree, ETT_OSPF_LSA);
433 add_item_to_tree(ospf_lsa_tree, offset, 2, "LS Age: %d seconds", ntohs(lsa_hdr.ls_age));
434 add_item_to_tree(ospf_lsa_tree, offset + 2, 1, "Options: %d ", lsa_hdr.options);
435 add_item_to_tree(ospf_lsa_tree, offset + 3, 1, "LSA Type: %d (%s)", lsa_hdr.ls_type, lsa_type);
437 add_item_to_tree(ospf_lsa_tree, offset + 4, 4, "Linke State ID: %s ",
438 ip_to_str((guint8 *) &(lsa_hdr.ls_id)));
440 add_item_to_tree(ospf_lsa_tree, offset + 8, 4, "Advertising Router: %s ",
441 ip_to_str((guint8 *) &(lsa_hdr.adv_router)));
442 add_item_to_tree(ospf_lsa_tree, offset + 12, 4, "LS Sequence Number: 0x%04lx ",
443 (unsigned long)ntohl(lsa_hdr.ls_seq));
444 add_item_to_tree(ospf_lsa_tree, offset + 16, 2, "LS Checksum: %d ", ntohs(lsa_hdr.ls_checksum));
446 add_item_to_tree(ospf_lsa_tree, offset + 18, 2, "Length: %d ", ntohs(lsa_hdr.length));
448 if(!disassemble_body){
449 return OSPF_LSA_HEADER_LENGTH;
452 /* the LSA body starts afte 20 bytes of LSA Header */
455 switch(lsa_hdr.ls_type){
456 case(OSPF_LSTYPE_ROUTER):
457 memcpy(&router_lsa, &pd[offset], sizeof(e_ospf_router_lsa));
459 /* again: flags should be secified in detail */
460 add_item_to_tree(ospf_lsa_tree, offset, 1, "Flags: 0x%02x ", router_lsa.flags);
461 add_item_to_tree(ospf_lsa_tree, offset + 2, 2, "Nr. of Links: %d ",
462 ntohs(router_lsa.nr_links));
464 /* router_lsa.nr_links links follow
465 * maybe we should put each of the links into its own subtree ???
467 for(link_counter = 1 ; link_counter <= ntohs(router_lsa.nr_links); link_counter++){
469 memcpy(&router_data, &pd[offset], sizeof(e_ospf_router_data));
470 /* check the Link Type and ID */
471 switch(router_data.link_type) {
473 link_type="Point-to-point connection to another router";
474 link_id="Neighboring router's Router ID";
476 case OSPF_LINK_TRANSIT:
477 link_type="Connection to a transit network";
478 link_id="IP address of Designated Router";
481 link_type="Connection to a stub network";
482 link_id="IP network/subnet number";
484 case OSPF_LINK_VIRTUAL:
485 link_type="Virtual link";
486 link_id="Neighboring router's Router ID";
489 link_type="unknown link type";
490 link_id="unknown link id";
493 add_item_to_tree(ospf_lsa_tree, offset, 4, "%s: %s", link_id,
494 ip_to_str((guint8 *) &(router_data.link_id)));
496 /* link_data should be specified in detail (e.g. network mask) (depends on link type)*/
497 add_item_to_tree(ospf_lsa_tree, offset + 4, 4, "Link Data: %s",
498 ip_to_str((guint8 *) &(router_data.link_data)));
500 add_item_to_tree(ospf_lsa_tree, offset + 8, 1, "Link Type: %d - %s",
501 router_data.link_type, link_type);
502 add_item_to_tree(ospf_lsa_tree, offset + 9, 1, "Nr. of TOS metrics: %d", router_data.nr_tos);
503 add_item_to_tree(ospf_lsa_tree, offset + 10, 2, "TOS 0 metric: %d", ntohs( router_data.tos0_metric ));
507 /* router_data.nr_tos metrics may follow each link
508 * ATTENTION: TOS metrics are not tested (I don't have TOS based routing)
509 * please send me a mail if it is/isn't working
512 for(tos_counter = 1 ; link_counter <= ntohs(router_data.nr_tos); tos_counter++){
513 memcpy(&tos_data, &pd[offset], sizeof(e_ospf_router_metric));
514 add_item_to_tree(ospf_lsa_tree, offset, 1, "TOS: %d, Metric: %d",
515 tos_data.tos, ntohs(tos_data.metric));
520 case(OSPF_LSTYPE_NETWORK):
521 memcpy(&network_lsa, &pd[offset], sizeof(e_ospf_network_lsa));
522 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
523 ip_to_str((guint8 *) &(network_lsa.network_mask)));
526 while( ((int) (fd->cap_len - offset)) >= 4){
527 attached_router = (guint32 *) &pd[offset];
528 add_item_to_tree(ospf_lsa_tree, offset, 4, "Attached Router: %s",
529 ip_to_str((guint8 *) attached_router));
533 case(OSPF_LSTYPE_SUMMERY):
534 /* Type 3 and 4 LSAs have the same format */
535 case(OSPF_LSTYPE_ASBR):
536 memcpy(&summary_lsa, &pd[offset], sizeof(e_ospf_summary_lsa));
537 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
538 ip_to_str((guint8 *) &(summary_lsa.network_mask)));
539 /* returns only the TOS 0 metric (even if there are more TOS metrics) */
541 case(OSPF_LSTYPE_ASEXT):
542 memcpy(&summary_lsa, &pd[offset], sizeof(e_ospf_summary_lsa));
543 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
544 ip_to_str((guint8 *) &(summary_lsa.network_mask)));
546 /* asext_lsa = (e_ospf_asexternal_lsa *) &pd[offset + 4]; */
547 memcpy(&asext_lsa, &pd[offset + 4], sizeof(asext_lsa));
548 if( (asext_lsa.options & 128) == 128 ) { /* check wether or not E bit is set */
549 add_item_to_tree(ospf_lsa_tree, offset, 1,
550 "External Type: Type 2 (metric is larger than any other link state path)");
552 add_item_to_tree(ospf_lsa_tree, offset + 4, 1,
553 "External Type: Type 1 (metric is specified in the same units as interface cost)");
555 /* the metric field of a AS-external LAS is specified in 3 bytes -> not well aligned */
556 /* this routine returns only the TOS 0 metric (even if there are more TOS metrics) */
557 memcpy(&asext_metric, &pd[offset+4], 4);
559 /* erase the leading 8 bits (the dont belong to the metric */
560 asext_metric = ntohl(asext_metric) & 0x00ffffff ;
562 add_item_to_tree(ospf_lsa_tree, offset + 5, 3,"Metric: %d", asext_metric);
563 add_item_to_tree(ospf_lsa_tree, offset + 8, 4,"Forwarding Address: %s",
564 ip_to_str((guint8 *) &(asext_lsa.gateway)));
565 add_item_to_tree(ospf_lsa_tree, offset + 12, 4,"External Route Tag: %ld", (long)ntohl(asext_lsa.external_tag));
569 /* unknown LSA type */
570 add_item_to_tree(ospf_lsa_tree, offset, (fd->cap_len - offset), "Unknown LSA Type");
573 /* return the length of this LSA */
574 return ntohs(lsa_hdr.length);