X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/e4c03ecd3b5e27294f38363caf064453740453a9..6c8ef0eb86a39c277d1a43802dd8ea01b51cfb2a:/print-bgp.c diff --git a/print-bgp.c b/print-bgp.c index 7c722999..7db3c6bb 100644 --- a/print-bgp.c +++ b/print-bgp.c @@ -26,25 +26,29 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * Extensively modified by Hannes Gredler (hannes@juniper.net) for more + * Extensively modified by Hannes Gredler (hannes@gredler.at) for more * complete BGP support. */ +/* \summary: Border Gateway Protocol (BGP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include #include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "extract.h" #include "af.h" #include "l2vpn.h" +static const char tstr[] = "[|BGP]"; + struct bgp { uint8_t bgp_marker[16]; uint16_t bgp_len; @@ -120,19 +124,25 @@ struct bgp_route_refresh { #define BGPTYPE_ATOMIC_AGGREGATE 6 #define BGPTYPE_AGGREGATOR 7 #define BGPTYPE_COMMUNITIES 8 /* RFC1997 */ -#define BGPTYPE_ORIGINATOR_ID 9 /* RFC1998 */ -#define BGPTYPE_CLUSTER_LIST 10 /* RFC1998 */ -#define BGPTYPE_DPA 11 /* draft-ietf-idr-bgp-dpa */ -#define BGPTYPE_ADVERTISERS 12 /* RFC1863 */ -#define BGPTYPE_RCID_PATH 13 /* RFC1863 */ -#define BGPTYPE_MP_REACH_NLRI 14 /* RFC2283 */ -#define BGPTYPE_MP_UNREACH_NLRI 15 /* RFC2283 */ -#define BGPTYPE_EXTD_COMMUNITIES 16 /* draft-ietf-idr-bgp-ext-communities */ -#define BGPTYPE_AS4_PATH 17 /* RFC4893 */ -#define BGPTYPE_AGGREGATOR4 18 /* RFC4893 */ -#define BGPTYPE_PMSI_TUNNEL 22 /* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */ +#define BGPTYPE_ORIGINATOR_ID 9 /* RFC4456 */ +#define BGPTYPE_CLUSTER_LIST 10 /* RFC4456 */ +#define BGPTYPE_DPA 11 /* deprecated, draft-ietf-idr-bgp-dpa */ +#define BGPTYPE_ADVERTISERS 12 /* deprecated RFC1863 */ +#define BGPTYPE_RCID_PATH 13 /* deprecated RFC1863 */ +#define BGPTYPE_MP_REACH_NLRI 14 /* RFC4760 */ +#define BGPTYPE_MP_UNREACH_NLRI 15 /* RFC4760 */ +#define BGPTYPE_EXTD_COMMUNITIES 16 /* RFC4360 */ +#define BGPTYPE_AS4_PATH 17 /* RFC6793 */ +#define BGPTYPE_AGGREGATOR4 18 /* RFC6793 */ +#define BGPTYPE_PMSI_TUNNEL 22 /* RFC6514 */ +#define BGPTYPE_TUNNEL_ENCAP 23 /* RFC5512 */ +#define BGPTYPE_TRAFFIC_ENG 24 /* RFC5543 */ +#define BGPTYPE_IPV6_EXTD_COMMUNITIES 25 /* RFC5701 */ #define BGPTYPE_AIGP 26 /* RFC7311 */ -#define BGPTYPE_ATTR_SET 128 /* draft-marques-ppvpn-ibgp */ +#define BGPTYPE_PE_DISTINGUISHER_LABEL 27 /* RFC6514 */ +#define BGPTYPE_ENTROPY_LABEL 28 /* RFC6790 */ +#define BGPTYPE_LARGE_COMMUNITY 32 /* draft-ietf-idr-large-community-05 */ +#define BGPTYPE_ATTR_SET 128 /* RFC6368 */ #define BGP_MP_NLRI_MINSIZE 3 /* End of RIB Marker detection */ @@ -156,7 +166,13 @@ static const struct tok bgp_attr_values[] = { { BGPTYPE_MP_UNREACH_NLRI, "Multi-Protocol Unreach NLRI"}, { BGPTYPE_EXTD_COMMUNITIES, "Extended Community"}, { BGPTYPE_PMSI_TUNNEL, "PMSI Tunnel"}, + { BGPTYPE_TUNNEL_ENCAP, "Tunnel Encapsulation"}, + { BGPTYPE_TRAFFIC_ENG, "Traffic Engineering"}, + { BGPTYPE_IPV6_EXTD_COMMUNITIES, "IPv6 Extended Community"}, { BGPTYPE_AIGP, "Accumulated IGP Metric"}, + { BGPTYPE_PE_DISTINGUISHER_LABEL, "PE Distinguisher Label"}, + { BGPTYPE_ENTROPY_LABEL, "Entropy Label"}, + { BGPTYPE_LARGE_COMMUNITY, "Large Community"}, { BGPTYPE_ATTR_SET, "Attribute Set"}, { 255, "Reserved for development"}, { 0, NULL} @@ -189,30 +205,37 @@ static const struct tok bgp_as_path_segment_close_values[] = { #define BGP_OPT_AUTH 1 #define BGP_OPT_CAP 2 - static const struct tok bgp_opt_values[] = { { BGP_OPT_AUTH, "Authentication Information"}, { BGP_OPT_CAP, "Capabilities Advertisement"}, { 0, NULL} }; -#define BGP_CAPCODE_MP 1 -#define BGP_CAPCODE_RR 2 -#define BGP_CAPCODE_ORF 3 /* XXX */ -#define BGP_CAPCODE_RESTART 64 /* draft-ietf-idr-restart-05 */ -#define BGP_CAPCODE_AS_NEW 65 /* XXX */ -#define BGP_CAPCODE_DYN_CAP 67 /* XXX */ -#define BGP_CAPCODE_ADD_PATH 69 /* draft-ietf-idr-add-paths-10 */ +#define BGP_CAPCODE_MP 1 /* RFC2858 */ +#define BGP_CAPCODE_RR 2 /* RFC2918 */ +#define BGP_CAPCODE_ORF 3 /* RFC5291 */ +#define BGP_CAPCODE_MR 4 /* RFC3107 */ +#define BGP_CAPCODE_EXT_NH 5 /* RFC5549 */ +#define BGP_CAPCODE_RESTART 64 /* RFC4724 */ +#define BGP_CAPCODE_AS_NEW 65 /* RFC6793 */ +#define BGP_CAPCODE_DYN_CAP 67 /* draft-ietf-idr-dynamic-cap */ +#define BGP_CAPCODE_MULTISESS 68 /* draft-ietf-idr-bgp-multisession */ +#define BGP_CAPCODE_ADD_PATH 69 /* RFC7911 */ +#define BGP_CAPCODE_ENH_RR 70 /* draft-keyur-bgp-enhanced-route-refresh */ #define BGP_CAPCODE_RR_CISCO 128 static const struct tok bgp_capcode_values[] = { { BGP_CAPCODE_MP, "Multiprotocol Extensions"}, { BGP_CAPCODE_RR, "Route Refresh"}, { BGP_CAPCODE_ORF, "Cooperative Route Filtering"}, + { BGP_CAPCODE_MR, "Multiple Routes to a Destination"}, + { BGP_CAPCODE_EXT_NH, "Extended Next Hop Encoding"}, { BGP_CAPCODE_RESTART, "Graceful Restart"}, { BGP_CAPCODE_AS_NEW, "32-Bit AS Number"}, { BGP_CAPCODE_DYN_CAP, "Dynamic Capability"}, + { BGP_CAPCODE_MULTISESS, "Multisession BGP"}, { BGP_CAPCODE_ADD_PATH, "Multiple Paths"}, + { BGP_CAPCODE_ENH_RR, "Enhanced Route Refresh"}, { BGP_CAPCODE_RR_CISCO, "Route Refresh (Cisco)"}, { 0, NULL} }; @@ -282,6 +305,13 @@ static const struct tok bgp_notify_minor_update_values[] = { { 0, NULL} }; +static const struct tok bgp_notify_minor_fsm_values[] = { + { 1, "In OpenSent State"}, + { 2, "In OpenConfirm State"}, + { 3, "In Established State"}, + { 0, NULL } +}; + static const struct tok bgp_notify_minor_cap_values[] = { { 1, "Invalid Action Value" }, { 2, "Invalid Capability Length" }, @@ -328,25 +358,27 @@ static const struct tok bgp_aigp_values[] = { { 0, NULL} }; - /* Subsequent address family identifier, RFC2283 section 7 */ #define SAFNUM_RES 0 #define SAFNUM_UNICAST 1 #define SAFNUM_MULTICAST 2 -#define SAFNUM_UNIMULTICAST 3 +#define SAFNUM_UNIMULTICAST 3 /* deprecated now */ /* labeled BGP RFC3107 */ #define SAFNUM_LABUNICAST 4 -/* draft-ietf-l3vpn-2547bis-mcast-bgp-02.txt */ +/* RFC6514 */ #define SAFNUM_MULTICAST_VPN 5 -#define SAFNUM_TUNNEL 64 /* XXX */ -#define SAFNUM_VPLS 65 /* XXX */ -/* draft-nalawade-idr-mdt-safi-03 */ +/* draft-nalawade-kapoor-tunnel-safi */ +#define SAFNUM_TUNNEL 64 +/* RFC4761 */ +#define SAFNUM_VPLS 65 +/* RFC6037 */ #define SAFNUM_MDT 66 -/* Section 4.3.4 of draft-rosen-rfc2547bis-03.txt */ +/* RFC4364 */ #define SAFNUM_VPNUNICAST 128 +/* RFC6513 */ #define SAFNUM_VPNMULTICAST 129 -#define SAFNUM_VPNUNIMULTICAST 130 -/* draft-marques-ppvpn-rt-constrain-01.txt */ +#define SAFNUM_VPNUNIMULTICAST 130 /* deprecated now */ +/* RFC4684 */ #define SAFNUM_RT_ROUTING_INFO 132 #define BGP_VPN_RD_LEN 8 @@ -400,7 +432,6 @@ static const struct tok bgp_safi_values[] = { #define BGP_EXT_COM_L2VPN_RT_0 0x000a /* L2VPN Identifier,Format AS(2bytes):AN(4bytes) */ #define BGP_EXT_COM_L2VPN_RT_1 0xF10a /* L2VPN Identifier,Format IP address:AN(2bytes) */ - /* http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a00801eb09a.shtml */ #define BGP_EXT_COM_EIGRP_GEN 0x8800 #define BGP_EXT_COM_EIGRP_METRIC_AS_DELAY 0x8801 @@ -520,7 +551,7 @@ decode_prefix4(netdissect_options *ndo, ((u_char *)&addr)[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } - snprintf(buf, buflen, "%s/%d", getname(ndo, (u_char *)&addr), plen); + snprintf(buf, buflen, "%s/%d", ipaddr_string(ndo, &addr), plen); return 1 + plenbytes; trunc: @@ -570,7 +601,7 @@ decode_labeled_prefix4(netdissect_options *ndo, } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "%s/%d, label:%u %s", - getname(ndo, (u_char *)&addr), + ipaddr_string(ndo, &addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); @@ -603,12 +634,10 @@ bgp_vpn_ip_print(netdissect_options *ndo, ND_TCHECK2(pptr[0], sizeof(struct in_addr)); snprintf(pos, sizeof(addr), "%s", ipaddr_string(ndo, pptr)); break; -#ifdef INET6 case (sizeof(struct in6_addr) << 3): /* 128 */ ND_TCHECK2(pptr[0], sizeof(struct in6_addr)); snprintf(pos, sizeof(addr), "%s", ip6addr_string(ndo, pptr)); break; -#endif default: snprintf(pos, sizeof(addr), "bogus address length %u", addr_length); break; @@ -679,7 +708,6 @@ trunc: return (total_length); } - /* RDs and RTs share the same semantics * we use bgp_vpn_rd_print for * printing route targets inside a NLRI */ @@ -730,11 +758,18 @@ decode_rt_routing_info(netdissect_options *ndo, { uint8_t route_target[8]; u_int plen; + char asbuf[sizeof(astostr)]; /* bgp_vpn_rd_print() overwrites astostr */ + /* NLRI "prefix length" from RFC 2858 Section 4. */ ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ + /* NLRI "prefix" (ibid), valid lengths are { 0, 32, 33, ..., 96 } bits. + * RFC 4684 Section 4 defines the layout of "origin AS" and "route + * target" fields inside the "prefix" depending on its length. + */ if (0 == plen) { + /* Without "origin AS", without "route target". */ snprintf(buf, buflen, "default route target"); return 1; } @@ -742,20 +777,29 @@ decode_rt_routing_info(netdissect_options *ndo, if (32 > plen) return -1; + /* With at least "origin AS", possibly with "route target". */ + ND_TCHECK_32BITS(pptr + 1); + as_printf(ndo, asbuf, sizeof(asbuf), EXTRACT_32BITS(pptr + 1)); + plen-=32; /* adjust prefix length */ if (64 < plen) return -1; + /* From now on (plen + 7) / 8 evaluates to { 0, 1, 2, ..., 8 } + * and gives the number of octets in the variable-length "route + * target" field inside this NLRI "prefix". Look for it. + */ memset(&route_target, 0, sizeof(route_target)); - ND_TCHECK2(pptr[1], (plen + 7) / 8); - memcpy(&route_target, &pptr[1], (plen + 7) / 8); + ND_TCHECK2(pptr[5], (plen + 7) / 8); + memcpy(&route_target, &pptr[5], (plen + 7) / 8); + /* Which specification says to do this? */ if (plen % 8) { ((u_char *)&route_target)[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "origin AS: %s, route target %s", - as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+1)), + asbuf, bgp_vpn_rd_print(ndo, (u_char *)&route_target)); return 5 + (plen + 7) / 8; @@ -792,7 +836,7 @@ decode_labeled_vpn_prefix4(netdissect_options *ndo, /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), - getname(ndo, (u_char *)&addr), + ipaddr_string(ndo, &addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); @@ -869,6 +913,7 @@ static const struct tok bgp_multicast_vpn_route_type_values[] = { { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE, "Source-Active"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN, "Shared Tree Join"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN, "Source Tree Join"}, + { 0, NULL} }; static int @@ -933,13 +978,13 @@ decode_multicast_vpn(netdissect_options *ndo, case BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN: /* fall through */ case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN: - ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); + ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN + 4); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s", bgp_vpn_rd_print(ndo, pptr), as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN))); - pptr += BGP_VPN_RD_LEN; + pptr += BGP_VPN_RD_LEN + 4; bgp_vpn_sg_print(ndo, pptr, buf, buflen); break; @@ -968,21 +1013,21 @@ trunc: * the buffer would have overflowed; again, set buflen to 0 in * that case. */ -#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \ - if (strlen<0) \ - buflen=0; \ - else if ((u_int)strlen>buflen) \ +#define UPDATE_BUF_BUFLEN(buf, buflen, stringlen) \ + if (stringlen<0) \ + buflen=0; \ + else if ((u_int)stringlen>buflen) \ buflen=0; \ else { \ - buflen-=strlen; \ - buf+=strlen; \ + buflen-=stringlen; \ + buf+=stringlen; \ } static int decode_labeled_vpn_l2(netdissect_options *ndo, const u_char *pptr, char *buf, u_int buflen) { - int plen,tlen,strlen,tlv_type,tlv_len,ttlv_len; + int plen,tlen,stringlen,tlv_type,tlv_len,ttlv_len; ND_TCHECK2(pptr[0], 2); plen=EXTRACT_16BITS(pptr); @@ -996,12 +1041,11 @@ decode_labeled_vpn_l2(netdissect_options *ndo, /* assume AD-only with RD, BGPNH */ ND_TCHECK2(pptr[0],12); buf[0]='\0'; - strlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s", - bgp_vpn_rd_print(ndo, pptr), - /* need something like getname(ndo, ) here */ - getname(ndo, pptr+8) - ); - UPDATE_BUF_BUFLEN(buf, buflen, strlen); + stringlen=snprintf(buf, buflen, "RD: %s, BGPNH: %s", + bgp_vpn_rd_print(ndo, pptr), + ipaddr_string(ndo, pptr+8) + ); + UPDATE_BUF_BUFLEN(buf, buflen, stringlen); pptr+=12; tlen-=12; return plen; @@ -1011,12 +1055,12 @@ decode_labeled_vpn_l2(netdissect_options *ndo, ND_TCHECK2(pptr[0],15); buf[0]='\0'; - strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u", - bgp_vpn_rd_print(ndo, pptr), - EXTRACT_16BITS(pptr+8), - EXTRACT_16BITS(pptr+10), - EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */ - UPDATE_BUF_BUFLEN(buf, buflen, strlen); + stringlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u", + bgp_vpn_rd_print(ndo, pptr), + EXTRACT_16BITS(pptr+8), + EXTRACT_16BITS(pptr+10), + EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */ + UPDATE_BUF_BUFLEN(buf, buflen, stringlen); pptr+=15; tlen-=15; @@ -1033,27 +1077,27 @@ decode_labeled_vpn_l2(netdissect_options *ndo, switch(tlv_type) { case 1: if (buflen!=0) { - strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x", - tlv_type, - tlv_len); - UPDATE_BUF_BUFLEN(buf, buflen, strlen); + stringlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x", + tlv_type, + tlv_len); + UPDATE_BUF_BUFLEN(buf, buflen, stringlen); } ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */ while (ttlv_len>0) { ND_TCHECK(pptr[0]); if (buflen!=0) { - strlen=snprintf(buf,buflen, "%02x",*pptr++); - UPDATE_BUF_BUFLEN(buf, buflen, strlen); + stringlen=snprintf(buf,buflen, "%02x",*pptr++); + UPDATE_BUF_BUFLEN(buf, buflen, stringlen); } ttlv_len--; } break; default: if (buflen!=0) { - strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u", - tlv_type, - tlv_len); - UPDATE_BUF_BUFLEN(buf, buflen, strlen); + stringlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u", + tlv_type, + tlv_len); + UPDATE_BUF_BUFLEN(buf, buflen, stringlen); } break; } @@ -1071,7 +1115,6 @@ trunc: return -2; } -#ifdef INET6 int decode_prefix6(netdissect_options *ndo, const u_char *pd, u_int itemlen, char *buf, u_int buflen) @@ -1095,7 +1138,7 @@ decode_prefix6(netdissect_options *ndo, addr.s6_addr[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } - snprintf(buf, buflen, "%s/%d", getname6(ndo, (u_char *)&addr), plen); + snprintf(buf, buflen, "%s/%d", ip6addr_string(ndo, &addr), plen); return 1 + plenbytes; trunc: @@ -1136,7 +1179,7 @@ decode_labeled_prefix6(netdissect_options *ndo, } /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "%s/%d, label:%u %s", - getname6(ndo, (u_char *)&addr), + ip6addr_string(ndo, &addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); @@ -1178,7 +1221,7 @@ decode_labeled_vpn_prefix6(netdissect_options *ndo, /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), - getname6(ndo, (u_char *)&addr), + ip6addr_string(ndo, &addr), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); @@ -1188,7 +1231,6 @@ decode_labeled_vpn_prefix6(netdissect_options *ndo, trunc: return -2; } -#endif static int decode_clnp_prefix(netdissect_options *ndo, @@ -1211,7 +1253,7 @@ decode_clnp_prefix(netdissect_options *ndo, ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", - isonsap_string(addr,(plen + 7) / 8), + isonsap_string(ndo, addr,(plen + 7) / 8), plen); return 1 + (plen + 7) / 8; @@ -1248,7 +1290,7 @@ decode_labeled_vpn_clnp_prefix(netdissect_options *ndo, /* the label may get offsetted by 4 bits so lets shift it right */ snprintf(buf, buflen, "RD: %s, %s/%d, label:%u %s", bgp_vpn_rd_print(ndo, pptr+4), - isonsap_string(addr,(plen + 7) / 8), + isonsap_string(ndo, addr,(plen + 7) / 8), plen, EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); @@ -1319,7 +1361,7 @@ trunc: static int bgp_attr_print(netdissect_options *ndo, - u_int atype, const u_char *pptr, u_int len) + u_int atype, const u_char *pptr, u_int len, const unsigned attr_set_level) { int i; uint16_t af; @@ -1349,7 +1391,6 @@ bgp_attr_print(netdissect_options *ndo, } break; - /* * Process AS4 byte path and AS2 byte path attributes here. */ @@ -1378,6 +1419,7 @@ bgp_attr_print(netdissect_options *ndo, ND_TCHECK(tptr[0]); ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values, "?", tptr[0]))); + ND_TCHECK(tptr[1]); for (i = 0; i < tptr[1] * as_size; i += as_size) { ND_TCHECK2(tptr[2 + i], as_size); ND_PRINT((ndo, "%s ", @@ -1398,7 +1440,7 @@ bgp_attr_print(netdissect_options *ndo, ND_PRINT((ndo, "invalid len")); else { ND_TCHECK2(tptr[0], 4); - ND_PRINT((ndo, "%s", getname(ndo, tptr))); + ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr))); } break; case BGPTYPE_MULTI_EXIT_DISC: @@ -1428,11 +1470,11 @@ bgp_attr_print(netdissect_options *ndo, if (len == 6) { ND_PRINT((ndo, " AS #%s, origin %s", as_printf(ndo, astostr, sizeof(astostr), EXTRACT_16BITS(tptr)), - getname(ndo, tptr + 2))); + ipaddr_string(ndo, tptr + 2))); } else { ND_PRINT((ndo, " AS #%s, origin %s", as_printf(ndo, astostr, sizeof(astostr), - EXTRACT_32BITS(tptr)), getname(ndo, tptr + 4))); + EXTRACT_32BITS(tptr)), ipaddr_string(ndo, tptr + 4))); } break; case BGPTYPE_AGGREGATOR4: @@ -1442,8 +1484,8 @@ bgp_attr_print(netdissect_options *ndo, } ND_TCHECK2(tptr[0], 8); ND_PRINT((ndo, " AS #%s, origin %s", - as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)), - getname(ndo, tptr + 4))); + as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(tptr)), + ipaddr_string(ndo, tptr + 4))); break; case BGPTYPE_COMMUNITIES: if (len % 4) { @@ -1481,7 +1523,7 @@ bgp_attr_print(netdissect_options *ndo, break; } ND_TCHECK2(tptr[0], 4); - ND_PRINT((ndo, "%s",getname(ndo, tptr))); + ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr))); break; case BGPTYPE_CLUSTER_LIST: if (len % 4) { @@ -1491,7 +1533,7 @@ bgp_attr_print(netdissect_options *ndo, while (tlen>0) { ND_TCHECK2(tptr[0], 4); ND_PRINT((ndo, "%s%s", - getname(ndo, tptr), + ipaddr_string(ndo, tptr), (tlen>4) ? ", " : "")); tlen -=4; tptr +=4; @@ -1520,7 +1562,6 @@ bgp_attr_print(netdissect_options *ndo, case (AFNUM_INET<<8 | SAFNUM_VPNUNIMULTICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST_VPN): case (AFNUM_INET<<8 | SAFNUM_MDT): -#ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): @@ -1528,7 +1569,6 @@ bgp_attr_print(netdissect_options *ndo, case (AFNUM_INET6<<8 | SAFNUM_VPNUNICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNMULTICAST): case (AFNUM_INET6<<8 | SAFNUM_VPNUNIMULTICAST): -#endif case (AFNUM_NSAP<<8 | SAFNUM_UNICAST): case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): @@ -1576,7 +1616,7 @@ bgp_attr_print(netdissect_options *ndo, tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in_addr)); - ND_PRINT((ndo, "%s",getname(ndo, tptr))); + ND_PRINT((ndo, "%s",ipaddr_string(ndo, tptr))); tlen -= sizeof(struct in_addr); tptr += sizeof(struct in_addr); } @@ -1591,12 +1631,11 @@ bgp_attr_print(netdissect_options *ndo, ND_TCHECK2(tptr[0], sizeof(struct in_addr)+BGP_VPN_RD_LEN); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), - getname(ndo, tptr+BGP_VPN_RD_LEN))); + ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN))); tlen -= (sizeof(struct in_addr)+BGP_VPN_RD_LEN); tptr += (sizeof(struct in_addr)+BGP_VPN_RD_LEN); } break; -#ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): @@ -1606,7 +1645,7 @@ bgp_attr_print(netdissect_options *ndo, tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in6_addr)); - ND_PRINT((ndo, "%s", getname6(ndo, tptr))); + ND_PRINT((ndo, "%s", ip6addr_string(ndo, tptr))); tlen -= sizeof(struct in6_addr); tptr += sizeof(struct in6_addr); } @@ -1621,12 +1660,11 @@ bgp_attr_print(netdissect_options *ndo, ND_TCHECK2(tptr[0], sizeof(struct in6_addr)+BGP_VPN_RD_LEN); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), - getname6(ndo, tptr+BGP_VPN_RD_LEN))); + ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN))); tlen -= (sizeof(struct in6_addr)+BGP_VPN_RD_LEN); tptr += (sizeof(struct in6_addr)+BGP_VPN_RD_LEN); } break; -#endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): @@ -1636,7 +1674,7 @@ bgp_attr_print(netdissect_options *ndo, tlen = 0; } else { ND_TCHECK2(tptr[0], sizeof(struct in_addr)); - ND_PRINT((ndo, "%s", getname(ndo, tptr))); + ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr))); tlen -= (sizeof(struct in_addr)); tptr += (sizeof(struct in_addr)); } @@ -1645,7 +1683,7 @@ bgp_attr_print(netdissect_options *ndo, case (AFNUM_NSAP<<8 | SAFNUM_MULTICAST): case (AFNUM_NSAP<<8 | SAFNUM_UNIMULTICAST): ND_TCHECK2(tptr[0], tlen); - ND_PRINT((ndo, "%s", isonsap_string(tptr, tlen))); + ND_PRINT((ndo, "%s", isonsap_string(ndo, tptr, tlen))); tptr += tlen; tlen = 0; break; @@ -1660,15 +1698,15 @@ bgp_attr_print(netdissect_options *ndo, ND_TCHECK2(tptr[0], tlen); ND_PRINT((ndo, "RD: %s, %s", bgp_vpn_rd_print(ndo, tptr), - isonsap_string(tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN))); + isonsap_string(ndo, tptr+BGP_VPN_RD_LEN,tlen-BGP_VPN_RD_LEN))); /* rfc986 mapped IPv4 address ? */ - if (EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) == 0x47000601) - ND_PRINT((ndo, " = %s", getname(ndo, tptr+BGP_VPN_RD_LEN+4))); -#ifdef INET6 + if (tlen == BGP_VPN_RD_LEN + 4 + sizeof(struct in_addr) + && EXTRACT_32BITS(tptr+BGP_VPN_RD_LEN) == 0x47000601) + ND_PRINT((ndo, " = %s", ipaddr_string(ndo, tptr+BGP_VPN_RD_LEN+4))); /* rfc1888 mapped IPv6 address ? */ - else if (EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) == 0x350000) - ND_PRINT((ndo, " = %s", getname6(ndo, tptr+BGP_VPN_RD_LEN+3))); -#endif + else if (tlen == BGP_VPN_RD_LEN + 3 + sizeof(struct in6_addr) + && EXTRACT_24BITS(tptr+BGP_VPN_RD_LEN) == 0x350000) + ND_PRINT((ndo, " = %s", ip6addr_string(ndo, tptr+BGP_VPN_RD_LEN+3))); tptr += tlen; tlen = 0; } @@ -1703,7 +1741,7 @@ bgp_attr_print(netdissect_options *ndo, ND_PRINT((ndo, ", no SNPA")); } - while (len - (tptr - pptr) > 0) { + while (tptr < pptr + len) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): @@ -1769,7 +1807,6 @@ bgp_attr_print(netdissect_options *ndo, else ND_PRINT((ndo, "\n\t %s", buf)); break; -#ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): @@ -1805,7 +1842,6 @@ bgp_attr_print(netdissect_options *ndo, else ND_PRINT((ndo, "\n\t %s", buf)); break; -#endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): @@ -1873,7 +1909,7 @@ bgp_attr_print(netdissect_options *ndo, tptr += 3; - while (len - (tptr - pptr) > 0) { + while (tptr < pptr + len) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): @@ -1910,7 +1946,6 @@ bgp_attr_print(netdissect_options *ndo, else ND_PRINT((ndo, "\n\t %s", buf)); break; -#ifdef INET6 case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): @@ -1946,7 +1981,6 @@ bgp_attr_print(netdissect_options *ndo, else ND_PRINT((ndo, "\n\t %s", buf)); break; -#endif case (AFNUM_VPLS<<8 | SAFNUM_VPLS): case (AFNUM_L2VPN<<8 | SAFNUM_VPNUNICAST): case (AFNUM_L2VPN<<8 | SAFNUM_VPNMULTICAST): @@ -2040,14 +2074,14 @@ bgp_attr_print(netdissect_options *ndo, ND_PRINT((ndo, ": %u:%u (= %s)", EXTRACT_16BITS(tptr+2), EXTRACT_32BITS(tptr+4), - getname(ndo, tptr+4))); + ipaddr_string(ndo, tptr+4))); break; case BGP_EXT_COM_RT_1: case BGP_EXT_COM_RO_1: case BGP_EXT_COM_L2VPN_RT_1: case BGP_EXT_COM_VRF_RT_IMP: ND_PRINT((ndo, ": %s:%u", - getname(ndo, tptr+2), + ipaddr_string(ndo, tptr+2), EXTRACT_16BITS(tptr+6))); break; case BGP_EXT_COM_RT_2: @@ -2067,12 +2101,12 @@ bgp_attr_print(netdissect_options *ndo, case BGP_EXT_COM_VPN_ORIGIN4: case BGP_EXT_COM_OSPF_RID: case BGP_EXT_COM_OSPF_RID2: - ND_PRINT((ndo, "%s", getname(ndo, tptr+2))); + ND_PRINT((ndo, "%s", ipaddr_string(ndo, tptr+2))); break; case BGP_EXT_COM_OSPF_RTYPE: case BGP_EXT_COM_OSPF_RTYPE2: ND_PRINT((ndo, ": area:%s, router-type:%s, metric-type:%s%s", - getname(ndo, tptr+2), + ipaddr_string(ndo, tptr+2), tok2str(bgp_extd_comm_ospf_rtype_values, "unknown (0x%02x)", *(tptr+6)), @@ -2104,11 +2138,11 @@ bgp_attr_print(netdissect_options *ndo, { uint8_t tunnel_type, flags; + ND_TCHECK2(tptr[0], 5); tunnel_type = *(tptr+1); flags = *tptr; tlen = len; - ND_TCHECK2(tptr[0], 5); ND_PRINT((ndo, "\n\t Tunnel-type %s (%u), Flags [%s], MPLS Label %u", tok2str(bgp_pmsi_tunnel_values, "Unknown", tunnel_type), tunnel_type, @@ -2160,39 +2194,45 @@ bgp_attr_print(netdissect_options *ndo, } case BGPTYPE_AIGP: { - u_int8_t type; - u_int16_t length; - - ND_TCHECK2(tptr[0], 3); + uint8_t type; + uint16_t length; tlen = len; while (tlen >= 3) { + ND_TCHECK2(tptr[0], 3); + type = *tptr; length = EXTRACT_16BITS(tptr+1); + tptr += 3; + tlen -= 3; ND_PRINT((ndo, "\n\t %s TLV (%u), length %u", tok2str(bgp_aigp_values, "Unknown", type), type, length)); + if (length < 3) + goto trunc; + length -= 3; /* * Check if we can read the TLV data. */ - ND_TCHECK2(tptr[3], length - 3); + ND_TCHECK2(tptr[3], length); switch (type) { case BGP_AIGP_TLV: - ND_TCHECK2(tptr[3], 8); + if (length < 8) + goto trunc; ND_PRINT((ndo, ", metric %" PRIu64, - EXTRACT_64BITS(tptr+3))); + EXTRACT_64BITS(tptr))); break; default: if (ndo->ndo_vflag <= 1) { - print_unknown_data(ndo, tptr+3,"\n\t ", length-3); + print_unknown_data(ndo, tptr,"\n\t ", length); } } @@ -2211,7 +2251,7 @@ bgp_attr_print(netdissect_options *ndo, len -=4; while (len) { - u_int aflags, atype, alenlen, alen; + u_int aflags, alenlen, alen; ND_TCHECK2(tptr[0], 2); if (len < 2) @@ -2244,15 +2284,39 @@ bgp_attr_print(netdissect_options *ndo, ND_PRINT((ndo, "+%x", aflags & 0xf)); ND_PRINT((ndo, "]: ")); } - /* FIXME check for recursion */ - if (!bgp_attr_print(ndo, atype, tptr, alen)) + /* The protocol encoding per se allows ATTR_SET to be nested as many times + * as the message can accommodate. This printer used to be able to recurse + * into ATTR_SET contents until the stack exhaustion, but now there is a + * limit on that (if live protocol exchange goes that many levels deep, + * something is probably wrong anyway). Feel free to refine this value if + * you can find the spec with respective normative text. + */ + if (attr_set_level == 10) + ND_PRINT((ndo, "(too many nested levels, not recursing)")); + else if (!bgp_attr_print(ndo, atype, tptr, alen, attr_set_level + 1)) return 0; tptr += alen; len -= alen; } break; - + case BGPTYPE_LARGE_COMMUNITY: + if (len == 0 || len % 12) { + ND_PRINT((ndo, "invalid len")); + break; + } + ND_PRINT((ndo, "\n\t ")); + while (len > 0) { + ND_TCHECK2(*tptr, 12); + ND_PRINT((ndo, "%u:%u:%u%s", + EXTRACT_32BITS(tptr), + EXTRACT_32BITS(tptr + 4), + EXTRACT_32BITS(tptr + 8), + (len > 12) ? ", " : "")); + tptr += 12; + len -= 12; + } + break; default: ND_TCHECK2(*pptr,len); ND_PRINT((ndo, "\n\t no Attribute %u decoder", atype)); /* we have no decoder for the attribute */ @@ -2290,6 +2354,8 @@ bgp_capabilities_print(netdissect_options *ndo, ND_TCHECK2(opt[i+2], cap_len); switch (cap_type) { case BGP_CAPCODE_MP: + /* AFI (16 bits), Reserved (8 bits), SAFI (8 bits) */ + ND_TCHECK_8BITS(opt + i + 5); ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u)", tok2str(af_values, "Unknown", EXTRACT_16BITS(opt+i+2)), @@ -2299,12 +2365,15 @@ bgp_capabilities_print(netdissect_options *ndo, opt[i+5])); break; case BGP_CAPCODE_RESTART: + /* Restart Flags (4 bits), Restart Time in seconds (12 bits) */ + ND_TCHECK_16BITS(opt + i + 2); ND_PRINT((ndo, "\n\t\tRestart Flags: [%s], Restart Time %us", ((opt[i+2])&0x80) ? "R" : "none", EXTRACT_16BITS(opt+i+2)&0xfff)); tcap_len-=2; cap_offset=4; while(tcap_len>=4) { + ND_TCHECK_8BITS(opt + i + cap_offset + 3); ND_PRINT((ndo, "\n\t\t AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s", tok2str(af_values,"Unknown", EXTRACT_16BITS(opt+i+cap_offset)), @@ -2339,7 +2408,7 @@ bgp_capabilities_print(netdissect_options *ndo, } while (tcap_len > 0) { if (tcap_len < 4) { - ND_PRINT((ndo, "\n\t\t(malformed)")); + ND_PRINT((ndo, "\n\t\t(invalid)")); break; } ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u), Send/Receive: %s", @@ -2368,7 +2437,7 @@ bgp_capabilities_print(netdissect_options *ndo, return; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } static void @@ -2387,7 +2456,7 @@ bgp_open_print(netdissect_options *ndo, ND_PRINT((ndo, "my AS %s, ", as_printf(ndo, astostr, sizeof(astostr), ntohs(bgpo.bgpo_myas)))); ND_PRINT((ndo, "Holdtime %us, ", ntohs(bgpo.bgpo_holdtime))); - ND_PRINT((ndo, "ID %s", getname(ndo, (u_char *)&bgpo.bgpo_id))); + ND_PRINT((ndo, "ID %s", ipaddr_string(ndo, &bgpo.bgpo_id))); ND_PRINT((ndo, "\n\t Optional parameters, length: %u", bgpo.bgpo_optlen)); /* some little sanity checking */ @@ -2431,7 +2500,7 @@ bgp_open_print(netdissect_options *ndo, } return; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } static void @@ -2443,10 +2512,6 @@ bgp_update_print(netdissect_options *ndo, int withdrawn_routes_len; int len; int i; -#ifndef INET6 - char buf[MAXHOSTNAMELEN + 100]; - int wpfx; -#endif ND_TCHECK2(dat[0], BGP_SIZE); if (length < BGP_SIZE) @@ -2471,36 +2536,9 @@ bgp_update_print(netdissect_options *ndo, ND_TCHECK2(p[0], withdrawn_routes_len); if (length < withdrawn_routes_len) goto trunc; -#ifdef INET6 ND_PRINT((ndo, "\n\t Withdrawn routes: %d bytes", withdrawn_routes_len)); p += withdrawn_routes_len; length -= withdrawn_routes_len; -#else - if (withdrawn_routes_len < 2) - goto trunc; - length -= 2; - withdrawn_routes_len -= 2; - - - ND_PRINT((ndo, "\n\t Withdrawn routes:")); - - while(withdrawn_routes_len > 0) { - wpfx = decode_prefix4(ndo, p, withdrawn_routes_len, buf, sizeof(buf)); - if (wpfx == -1) { - ND_PRINT((ndo, "\n\t (illegal prefix length)")); - break; - } else if (wpfx == -2) - goto trunc; - else if (wpfx == -3) - goto trunc; /* bytes left, but not enough */ - else { - ND_PRINT((ndo, "\n\t %s", buf)); - p += wpfx; - length -= wpfx; - withdrawn_routes_len -= wpfx; - } - } -#endif } ND_TCHECK2(p[0], 2); @@ -2562,7 +2600,7 @@ bgp_update_print(netdissect_options *ndo, goto trunc; if (length < alen) goto trunc; - if (!bgp_attr_print(ndo, atype, p, alen)) + if (!bgp_attr_print(ndo, atype, p, alen, 0)) goto trunc; p += alen; len -= alen; @@ -2599,7 +2637,7 @@ bgp_update_print(netdissect_options *ndo, } return; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } static void @@ -2641,11 +2679,18 @@ bgp_notification_print(netdissect_options *ndo, bgpn.bgpn_minor), bgpn.bgpn_minor)); break; + case BGP_NOTIFY_MAJOR_FSM: + ND_PRINT((ndo, " subcode %s (%u)", + tok2str(bgp_notify_minor_fsm_values, "Unknown", + bgpn.bgpn_minor), + bgpn.bgpn_minor)); + break; case BGP_NOTIFY_MAJOR_CAP: ND_PRINT((ndo, " subcode %s (%u)", tok2str(bgp_notify_minor_cap_values, "Unknown", bgpn.bgpn_minor), bgpn.bgpn_minor)); + break; case BGP_NOTIFY_MAJOR_CEASE: ND_PRINT((ndo, ", subcode %s (%u)", tok2str(bgp_notify_minor_cease_values, "Unknown", @@ -2673,7 +2718,7 @@ bgp_notification_print(netdissect_options *ndo, return; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } static void @@ -2707,7 +2752,7 @@ bgp_route_refresh_print(netdissect_options *ndo, return; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } static int @@ -2747,7 +2792,7 @@ bgp_header_print(netdissect_options *ndo, } return 1; trunc: - ND_PRINT((ndo, "[|BGP]")); + ND_PRINT((ndo, "%s", tstr)); return 0; } @@ -2796,7 +2841,7 @@ bgp_print(netdissect_options *ndo, memcpy(&bgp, p, BGP_SIZE); if (start != p) - ND_PRINT((ndo, " [|BGP]")); + ND_PRINT((ndo, " %s", tstr)); hlen = ntohs(bgp.bgp_len); if (hlen < BGP_SIZE) { @@ -2822,7 +2867,7 @@ bgp_print(netdissect_options *ndo, return; trunc: - ND_PRINT((ndo, " [|BGP]")); + ND_PRINT((ndo, "%s", tstr)); } /*