2 * Routines for OSPF packet disassembly
3 * (c) Copyright Hannes R. Boehm <hannes@boehm.org>
5 * $Id: packet-ospf.c,v 1.5 1998/10/10 03:32:13 gerald Exp $
7 * At this time, this module is able to analyze OSPF
8 * packets as specified in RFC2328. MOSPF (RFC1584) and other
9 * OSPF Extensions which introduce new Packet types
10 * (e.g the External Atributes LSA) are not supported.
12 * TOS - support is not fully implemented
14 * Ethereal - Network traffic analyzer
15 * By Gerald Combs <gerald@zing.org>
16 * Copyright 1998 Gerald Combs
19 * This program is free software; you can redistribute it and/or
20 * modify it under the terms of the GNU General Public License
21 * as published by the Free Software Foundation; either version 2
22 * of the License, or (at your option) any later version.
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #ifdef HAVE_SYS_TYPES_H
44 # include <sys/types.h>
47 #ifdef HAVE_NETINET_IN_H
48 # include <netinet/in.h>
53 #include "packet-ospf.h"
57 dissect_ospf(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
60 GtkWidget *ospf_tree = NULL, *ti;
61 GtkWidget *ospf_header_tree;
65 memcpy(&ospfh, &pd[offset], sizeof(e_ospfhdr));
67 switch(ospfh.packet_type) {
69 packet_type="Hello Packet";
72 packet_type="DB Descr.";
75 packet_type="LS Request";
78 packet_type="LS Update";
81 packet_type="LS Acknowledge";
84 /* XXX - set it to some string with the value of
85 "ospfh.packet_type"? */
88 if (fd->win_info[COL_NUM]) {
89 strcpy(fd->win_info[COL_PROTOCOL], "OSPF");
90 sprintf(fd->win_info[COL_INFO], "%s", packet_type);
94 ti = add_item_to_tree(GTK_WIDGET(tree), offset, ntohs(ospfh.length), "Open Shortest Path First");
95 ospf_tree = gtk_tree_new();
96 add_subtree(ti, ospf_tree, ETT_OSPF);
98 ti = add_item_to_tree(GTK_WIDGET(ospf_tree), offset, OSPF_HEADER_LENGTH, "OSPF Header");
99 ospf_header_tree = gtk_tree_new();
100 add_subtree(ti, ospf_header_tree, ETT_OSPF_HDR);
102 add_item_to_tree(ospf_header_tree, offset, 1, "OSPF Version: %d", ospfh.version);
103 add_item_to_tree(ospf_header_tree, offset + 1 , 1, "OSPF Packet Type: %d (%s)",
104 ospfh.packet_type, packet_type);
105 add_item_to_tree(ospf_header_tree, offset + 2 , 2, "Packet Legth: %d",
106 ntohs(ospfh.length));
107 add_item_to_tree(ospf_header_tree, offset + 4 , 4, "Source OSPF Router ID: %s",
109 ip_to_str((guint8 *) &(ospfh.routerid)));
111 add_item_to_tree(ospf_header_tree, offset + 8 , 4, "Area ID: Backbone");
113 add_item_to_tree(ospf_header_tree, offset + 8 , 4, "Area ID: %s", ip_to_str((guint8 *) &(ospfh.area)));
115 add_item_to_tree(ospf_header_tree, offset + 12 , 2, "Packet Checksum");
116 switch( ntohs(ospfh.auth_type) ) {
118 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: none");
119 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (none)");
121 case OSPF_AUTH_SIMPLE:
122 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: simple");
123 strncpy(auth_data, (char *) &ospfh.auth_data, 8);
124 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data: %s", auth_data);
126 case OSPF_AUTH_CRYPT:
127 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type: crypt");
128 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (crypt)");
131 add_item_to_tree(ospf_header_tree, offset + 14 , 2, "Auth Type (unknown)");
132 add_item_to_tree(ospf_header_tree, offset + 16 , 8, "Auth Data (unknown)");
137 /* Skip over header */
138 offset += OSPF_HEADER_LENGTH;
139 switch(ospfh.packet_type){
141 dissect_ospf_hello(pd, offset, fd, (GtkTree *) ospf_tree);
144 dissect_ospf_db_desc(pd, offset, fd, (GtkTree *) ospf_tree);
147 dissect_ospf_ls_req(pd, offset, fd, (GtkTree *) ospf_tree);
150 dissect_ospf_ls_upd(pd, offset, fd, (GtkTree *) ospf_tree);
153 dissect_ospf_ls_ack(pd, offset, fd, (GtkTree *) ospf_tree);
156 dissect_data(pd, offset, fd, tree);
161 dissect_ospf_hello(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
162 e_ospf_hello ospfhello;
163 guint32 *ospfneighbor;
167 GtkWidget *ospf_hello_tree, *ti;
169 memcpy(&ospfhello, &pd[offset], sizeof(e_ospf_hello));
172 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "OSPF Hello Packet");
173 ospf_hello_tree = gtk_tree_new();
174 add_subtree(ti, ospf_hello_tree, ETT_OSPF_HELLO);
177 add_item_to_tree(ospf_hello_tree, offset , 4, "Network Mask: %s", ip_to_str((guint8 *) &ospfhello.network_mask));
178 add_item_to_tree(ospf_hello_tree, offset + 4, 2, "Hello Intervall: %d seconds", ntohs(ospfhello.hellointervall));
180 /* ATTENTION !!! no check for length of options string */
182 if(( ospfhello.options & OSPF_OPTIONS_E ) == OSPF_OPTIONS_E){
183 strcpy( (char *)(options + options_offset), "E");
186 if(( ospfhello.options & OSPF_OPTIONS_MC ) == OSPF_OPTIONS_MC){
187 strcpy((char *) (options + options_offset), "/MC");
190 if(( ospfhello.options & OSPF_OPTIONS_NP ) == OSPF_OPTIONS_NP){
191 strcpy((char *) (options + options_offset), "/NP");
194 if(( ospfhello.options & OSPF_OPTIONS_EA ) == OSPF_OPTIONS_EA){
195 strcpy((char *) (options + options_offset) , "/EA");
198 if(( ospfhello.options & OSPF_OPTIONS_DC ) == OSPF_OPTIONS_DC){
199 strcpy((char *) (options + options_offset) , "/DC");
203 add_item_to_tree(ospf_hello_tree, offset + 6, 1, "Options: %d (%s)", ospfhello.options, options);
204 add_item_to_tree(ospf_hello_tree, offset + 7, 1, "Router Priority: %d", ospfhello.priority);
205 add_item_to_tree(ospf_hello_tree, offset + 8, 4, "RouterDeadIntervall: %ld seconds", (long)ntohl(ospfhello.dead_interval));
206 add_item_to_tree(ospf_hello_tree, offset + 12, 4, "Designated Router: %s", ip_to_str((guint8 *) &ospfhello.drouter));
207 add_item_to_tree(ospf_hello_tree, offset + 16, 4, "Backup Designated Router: %s", ip_to_str((guint8 *) &ospfhello.bdrouter));
211 while(((int)(fd->cap_len - offset)) >= 4){
212 printf("%d", fd->cap_len - offset);
213 ospfneighbor=(guint32 *) &pd[offset];
214 add_item_to_tree(ospf_hello_tree, offset, 4, "Active Neighbor: %s", ip_to_str((guint8 *) ospfneighbor));
221 dissect_ospf_db_desc(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
228 GtkWidget *ospf_db_desc_tree=NULL, *ti;
230 memcpy(&ospf_dbd, &pd[offset], sizeof(e_ospf_dbd));
233 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "OSPF DB Description");
234 ospf_db_desc_tree = gtk_tree_new();
235 add_subtree(ti, ospf_db_desc_tree, ETT_OSPF_DESC);
237 add_item_to_tree(ospf_db_desc_tree, offset, 2, "Interface MTU: %d", ntohs(ospf_dbd.interface_mtu) );
241 if(( ospf_dbd.options & OSPF_OPTIONS_E ) == OSPF_OPTIONS_E){
242 strcpy( (char *)(options + options_offset), "_E_");
245 if(( ospf_dbd.options & OSPF_OPTIONS_MC ) == OSPF_OPTIONS_MC){
246 strcpy((char *) (options + options_offset), "_MC_");
249 if(( ospf_dbd.options & OSPF_OPTIONS_NP ) == OSPF_OPTIONS_NP){
250 strcpy((char *) (options + options_offset), "_NP_");
253 if(( ospf_dbd.options & OSPF_OPTIONS_EA ) == OSPF_OPTIONS_EA){
254 strcpy((char *) (options + options_offset) , "_EA_");
257 if(( ospf_dbd.options & OSPF_OPTIONS_DC ) == OSPF_OPTIONS_DC){
258 strcpy((char *) (options + options_offset) , "_DC_");
262 add_item_to_tree(ospf_db_desc_tree, offset + 2 , 1, "Options: %d (%s)", ospf_dbd.options, options );
266 if(( ospf_dbd.flags & OSPF_DBD_FLAG_MS ) == OSPF_DBD_FLAG_MS){
267 strcpy( (char *)(flags + flags_offset), "_I_");
270 if(( ospf_dbd.flags & OSPF_DBD_FLAG_M ) == OSPF_DBD_FLAG_M){
271 strcpy((char *) (flags + flags_offset), "_M_");
274 if(( ospf_dbd.flags & OSPF_DBD_FLAG_I ) == OSPF_DBD_FLAG_I){
275 strcpy((char *) (flags + flags_offset), "_I_");
279 add_item_to_tree(ospf_db_desc_tree, offset + 3 , 1, "Flags: %d (%s)", ospf_dbd.flags, flags );
280 add_item_to_tree(ospf_db_desc_tree, offset + 4 , 4, "DD Sequence: %ld", (long)ntohl(ospf_dbd.dd_sequence) );
282 /* LS Headers will be processed here */
283 /* skip to the end of DB-Desc header */
285 while( ((int) (fd->cap_len - offset)) >= OSPF_LSA_HEADER_LENGTH ) {
286 dissect_ospf_lsa(pd, offset, fd, (GtkTree *) tree, FALSE);
287 offset+=OSPF_LSA_HEADER_LENGTH;
292 dissect_ospf_ls_req(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
293 e_ospf_ls_req ospf_lsr;
295 GtkWidget *ospf_lsr_tree, *ti;
298 /* zero or more LS requests may be within a LS Request */
299 /* we place every request for a LSA in a single subtree */
301 while( ((int) ( fd->cap_len - offset)) >= OSPF_LS_REQ_LENGTH ){
302 memcpy(&ospf_lsr, &pd[offset], sizeof(e_ospf_ls_req));
303 ti = add_item_to_tree(GTK_WIDGET(tree), offset, OSPF_LS_REQ_LENGTH, "Link State Request");
304 ospf_lsr_tree = gtk_tree_new();
305 add_subtree(ti, ospf_lsr_tree, ETT_OSPF_LSR);
307 switch( ntohl( ospf_lsr.ls_type ) ){
308 case OSPF_LSTYPE_ROUTER:
309 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Router-LSA (%ld)",
310 (long)ntohl( ospf_lsr.ls_type ) );
312 case OSPF_LSTYPE_NETWORK:
313 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Network-LSA (%ld)",
314 (long)ntohl( ospf_lsr.ls_type ) );
316 case OSPF_LSTYPE_SUMMERY:
317 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Summary-LSA (IP network) (%ld)",
318 (long)ntohl( ospf_lsr.ls_type ) );
320 case OSPF_LSTYPE_ASBR:
321 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: Summary-LSA (ASBR) (%ld)",
322 (long)ntohl( ospf_lsr.ls_type ) );
324 case OSPF_LSTYPE_ASEXT:
325 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: AS-External-LSA (ASBR) (%ld)",
326 (long)ntohl( ospf_lsr.ls_type ) );
329 add_item_to_tree(ospf_lsr_tree, offset, 4, "LS Type: %ld (unknown)",
330 (long)ntohl( ospf_lsr.ls_type ) );
333 add_item_to_tree(ospf_lsr_tree, offset + 4, 4, "Link State ID : %s",
334 ip_to_str((guint8 *) &(ospf_lsr.ls_id)));
335 add_item_to_tree(ospf_lsr_tree, offset + 8, 4, "Advertising Router : %s",
336 ip_to_str((guint8 *) &(ospf_lsr.adv_router)));
343 dissect_ospf_ls_upd(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
344 e_ospf_lsa_upd_hdr upd_hdr;
347 GtkWidget *ospf_lsa_upd_tree=NULL, *ti;
349 memcpy(&upd_hdr, &pd[offset], sizeof(e_ospf_lsa_upd_hdr));
352 ti = add_item_to_tree(GTK_WIDGET(tree), offset, (fd->cap_len - offset) , "LS Update Packet");
353 ospf_lsa_upd_tree = gtk_tree_new();
354 add_subtree(ti, ospf_lsa_upd_tree, ETT_OSPF_LSA_UPD);
356 add_item_to_tree(ospf_lsa_upd_tree, offset, 4, "Nr oF LSAs: %ld", (long)ntohl(upd_hdr.lsa_nr) );
358 /* skip to the beginning of the first LSA */
359 offset+=4; /* the LS Upd PAcket contains only a 32 bit #LSAs field */
362 while(lsa_counter < ntohl(upd_hdr.lsa_nr)){
363 offset+=dissect_ospf_lsa(pd, offset, fd, (GtkTree *) ospf_lsa_upd_tree, TRUE);
369 dissect_ospf_ls_ack(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
371 /* the body of a LS Ack packet simply contains zero or more LSA Headers */
372 while( ((int)(fd->cap_len - offset)) >= OSPF_LSA_HEADER_LENGTH ) {
373 dissect_ospf_lsa(pd, offset, fd, (GtkTree *) tree, FALSE);
374 offset+=OSPF_LSA_HEADER_LENGTH;
380 dissect_ospf_lsa(const u_char *pd, int offset, frame_data *fd, GtkTree *tree, int disassemble_body) {
381 e_ospf_lsa_hdr lsa_hdr;
384 /* data strutures for the router LSA */
385 e_ospf_router_lsa router_lsa;
386 e_ospf_router_data router_data;
387 e_ospf_router_metric tos_data;
388 guint16 link_counter;
393 /* data structures for the network lsa */
394 e_ospf_network_lsa network_lsa;
395 guint32 *attached_router;
397 /* data structures for the summary and ASBR LSAs */
398 e_ospf_summary_lsa summary_lsa;
400 /* data structures for the AS-External LSA */
401 e_ospf_asexternal_lsa asext_lsa;
402 guint32 asext_metric;
404 GtkWidget *ospf_lsa_tree, *ti;
406 memcpy(&lsa_hdr, &pd[offset], sizeof(e_ospf_lsa_hdr));
410 switch(lsa_hdr.ls_type) {
411 case OSPF_LSTYPE_ROUTER:
412 lsa_type="Router LSA";
414 case OSPF_LSTYPE_NETWORK:
415 lsa_type="Network LSA";
417 case OSPF_LSTYPE_SUMMERY:
418 lsa_type="Summery LSA";
420 case OSPF_LSTYPE_ASBR:
423 case OSPF_LSTYPE_ASEXT:
424 lsa_type="AS-external-LSA";
431 if(disassemble_body){
432 ti = add_item_to_tree(GTK_WIDGET(tree), offset, ntohs(lsa_hdr.length),
433 "%s (Type: %d)", lsa_type, lsa_hdr.ls_type);
435 ti = add_item_to_tree(GTK_WIDGET(tree), offset, OSPF_LSA_HEADER_LENGTH, "LSA Header");
437 ospf_lsa_tree = gtk_tree_new();
438 add_subtree(ti, ospf_lsa_tree, ETT_OSPF_LSA);
441 add_item_to_tree(ospf_lsa_tree, offset, 2, "LS Age: %d seconds", ntohs(lsa_hdr.ls_age));
442 add_item_to_tree(ospf_lsa_tree, offset + 2, 1, "Options: %d ", lsa_hdr.options);
443 add_item_to_tree(ospf_lsa_tree, offset + 3, 1, "LSA Type: %d (%s)", lsa_hdr.ls_type, lsa_type);
445 add_item_to_tree(ospf_lsa_tree, offset + 4, 4, "Linke State ID: %s ",
446 ip_to_str((guint8 *) &(lsa_hdr.ls_id)));
448 add_item_to_tree(ospf_lsa_tree, offset + 8, 4, "Advertising Router: %s ",
449 ip_to_str((guint8 *) &(lsa_hdr.adv_router)));
450 add_item_to_tree(ospf_lsa_tree, offset + 12, 4, "LS Sequence Number: 0x%04lx ",
451 (unsigned long)ntohl(lsa_hdr.ls_seq));
452 add_item_to_tree(ospf_lsa_tree, offset + 16, 2, "LS Checksum: %d ", ntohs(lsa_hdr.ls_checksum));
454 add_item_to_tree(ospf_lsa_tree, offset + 18, 2, "Length: %d ", ntohs(lsa_hdr.length));
456 if(!disassemble_body){
457 return OSPF_LSA_HEADER_LENGTH;
460 /* the LSA body starts afte 20 bytes of LSA Header */
463 switch(lsa_hdr.ls_type){
464 case(OSPF_LSTYPE_ROUTER):
465 memcpy(&router_lsa, &pd[offset], sizeof(e_ospf_router_lsa));
467 /* again: flags should be secified in detail */
468 add_item_to_tree(ospf_lsa_tree, offset, 1, "Flags: 0x%02x ", router_lsa.flags);
469 add_item_to_tree(ospf_lsa_tree, offset + 2, 2, "Nr. of Links: %d ",
470 ntohs(router_lsa.nr_links));
472 /* router_lsa.nr_links links follow
473 * maybe we should put each of the links into its own subtree ???
475 for(link_counter = 1 ; link_counter <= ntohs(router_lsa.nr_links); link_counter++){
477 memcpy(&router_data, &pd[offset], sizeof(e_ospf_router_data));
478 /* check the Link Type and ID */
479 switch(router_data.link_type) {
481 link_type="Point-to-point connection to another router";
482 link_id="Neighboring router's Router ID";
484 case OSPF_LINK_TRANSIT:
485 link_type="Connection to a transit network";
486 link_id="IP address of Designated Router";
489 link_type="Connection to a stub network";
490 link_id="IP network/subnet number";
492 case OSPF_LINK_VIRTUAL:
493 link_type="Virtual link";
494 link_id="Neighboring router's Router ID";
497 link_type="unknown link type";
498 link_id="unknown link id";
501 add_item_to_tree(ospf_lsa_tree, offset, 4, "%s: %s", link_id,
502 ip_to_str((guint8 *) &(router_data.link_id)));
504 /* link_data should be specified in detail (e.g. network mask) (depends on link type)*/
505 add_item_to_tree(ospf_lsa_tree, offset + 4, 4, "Link Data: %s",
506 ip_to_str((guint8 *) &(router_data.link_data)));
508 add_item_to_tree(ospf_lsa_tree, offset + 8, 1, "Link Type: %d - %s",
509 router_data.link_type, link_type);
510 add_item_to_tree(ospf_lsa_tree, offset + 9, 1, "Nr. of TOS metrics: %d", router_data.nr_tos);
511 add_item_to_tree(ospf_lsa_tree, offset + 10, 2, "TOS 0 metric: %d", ntohs( router_data.tos0_metric ));
515 /* router_data.nr_tos metrics may follow each link
516 * ATTENTION: TOS metrics are not tested (I don't have TOS based routing)
517 * please send me a mail if it is/isn't working
520 for(tos_counter = 1 ; link_counter <= ntohs(router_data.nr_tos); tos_counter++){
521 memcpy(&tos_data, &pd[offset], sizeof(e_ospf_router_metric));
522 add_item_to_tree(ospf_lsa_tree, offset, 1, "TOS: %d, Metric: %d",
523 tos_data.tos, ntohs(tos_data.metric));
528 case(OSPF_LSTYPE_NETWORK):
529 memcpy(&network_lsa, &pd[offset], sizeof(e_ospf_network_lsa));
530 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
531 ip_to_str((guint8 *) &(network_lsa.network_mask)));
534 while( ((int) (fd->cap_len - offset)) >= 4){
535 attached_router = (guint32 *) &pd[offset];
536 add_item_to_tree(ospf_lsa_tree, offset, 4, "Attached Router: %s",
537 ip_to_str((guint8 *) attached_router));
541 case(OSPF_LSTYPE_SUMMERY):
542 /* Type 3 and 4 LSAs have the same format */
543 case(OSPF_LSTYPE_ASBR):
544 memcpy(&summary_lsa, &pd[offset], sizeof(e_ospf_summary_lsa));
545 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
546 ip_to_str((guint8 *) &(summary_lsa.network_mask)));
547 /* returns only the TOS 0 metric (even if there are more TOS metrics) */
549 case(OSPF_LSTYPE_ASEXT):
550 memcpy(&summary_lsa, &pd[offset], sizeof(e_ospf_summary_lsa));
551 add_item_to_tree(ospf_lsa_tree, offset, 4, "Netmask: %s",
552 ip_to_str((guint8 *) &(summary_lsa.network_mask)));
554 /* asext_lsa = (e_ospf_asexternal_lsa *) &pd[offset + 4]; */
555 memcpy(&asext_lsa, &pd[offset + 4], sizeof(asext_lsa));
556 if( (asext_lsa.options & 128) == 128 ) { /* check wether or not E bit is set */
557 add_item_to_tree(ospf_lsa_tree, offset, 1,
558 "External Type: Type 2 (metric is larger than any other link state path)");
560 add_item_to_tree(ospf_lsa_tree, offset + 4, 1,
561 "External Type: Type 1 (metric is specified in the same units as interface cost)");
563 /* the metric field of a AS-external LAS is specified in 3 bytes -> not well aligned */
564 /* this routine returns only the TOS 0 metric (even if there are more TOS metrics) */
565 memcpy(&asext_metric, &pd[offset+4], 4);
567 /* erase the leading 8 bits (the dont belong to the metric */
568 asext_metric = ntohl(asext_metric) & 0x00ffffff ;
570 add_item_to_tree(ospf_lsa_tree, offset + 5, 3,"Metric: %d", asext_metric);
571 add_item_to_tree(ospf_lsa_tree, offset + 8, 4,"Forwarding Address: %s",
572 ip_to_str((guint8 *) &(asext_lsa.gateway)));
573 add_item_to_tree(ospf_lsa_tree, offset + 12, 4,"External Route Tag: %d", ntohl(asext_lsa.external_tag));
577 /* unknown LSA type */
578 add_item_to_tree(ospf_lsa_tree, offset, (fd->cap_len - offset), "Unknown LSA Type");
581 /* return the length of this LSA */
582 return ntohs(lsa_hdr.length);