This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:12601
Change-Id: I555ee8097ea81e1afa8f2f5b2aba8fce60742016
Reviewed-on: https://code.wireshark.org/review/17107
Reviewed-by: Michael Mann <mmann78@netscape.net>
afi can take only one of the 2 above values, according to the
check at the beginning of the function.
Change-Id: I6652a5c64b4fbc8d2e907afb3b4f66d187ff9745
Reviewed-on: https://code.wireshark.org/review/17011
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Route type 5 do have optional fields that was not properly decoded (MPLS labels)
Bug: 12631
Change-Id: I12d61ef170d4e0f6e6d2c7bf25f149db84c186d7
Reviewed-on: https://code.wireshark.org/review/16576
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Garri Djavadyan
Change-Id: I6dd4bd20d82a3f2cb8aa45f740f72d33e33053da
Ping-Bug:12604
Reviewed-on: https://code.wireshark.org/review/16374
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12568
Change-Id: Ibf063293041d749664f6e6ecd2455024ea3fd4ed
Reviewed-on: https://code.wireshark.org/review/16237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The enhanced checkhf.pl in https://code.wireshark.org/review/#/c/15717/
validates ei items in addition to href items. This patch addresses the
false positive ERRORS reported by the enhanced checkhf.pl for a "cosmetic"
issue (missing space after { in ei array entries).
Change-Id: I87876ce2cfa4b0e11cb22f457bd9ab025d939e5c
Reviewed-on: https://code.wireshark.org/review/15739
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From draft-drao-bgp-l3vpn-virtual-network-overlays
Change-Id: I0a0137b6a8b8fbb4b4efd6f5e08eba5ed6d7a9d6
Reviewed-on: https://code.wireshark.org/review/15477
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
dissection.
- 20 *rightmost* bits of the 'SID/Label' field represent
a MPLS label (Adjacency-SID already fixed).
- Add support for SR-Capabilities (TLV 1034) and SR-Algorithm
(TLV 1035) dissection (draft-gredler-idr-bgp-ls-segment-routing-ext-01).
Change-Id: Ib02137f1c41c4a201afee5d61cf2b6bf88d59991
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/15306
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When additional path index are in use there must be more remaining data bytes.
Therefore we return only 1 when the len is greater 1.
Bug has been reported by Garri.
Bug: 12240
Change-Id: Ia24311dcedc450e4208df875bc254c9744dec5dd
Reviewed-on: https://code.wireshark.org/review/14396
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BGP-LS is just a collector of IGP link state information. Some
fields are encoded "as-is" from the IGP, hence in order to dissect
them properly we must be aware of their origin, e.g. IS-IS or OSPF.
So, *before* dissecting LINK_STATE attributes we must get the
'Protocol-ID' field that is present in the MP_[UN]REACH_NLRI
attribute. The tricky thing is that there is no strict order for path
attributes on the wire, hence we have to keep track of 1) the
'Protocol-ID' from the MP_[UN]REACH_NLRI and 2) the offset/len of
the LINK_STATE attribute. We store them in per-packet proto_data and
once we got both we are ready for the LINK_STATE attribute dissection.
Change-Id: Ibe2b7f5c9039ad63a72f3f9fb8a9c33c0be44ed0
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13970
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
if length is set to 7 then the 20 *rightmost* bits of
the 'SID/Label/Index' field represent a MPLS label.
Change-Id: If196af244549b75a80de11c1d8e11507e9a6ce58
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13848
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
parsing
Change-Id: I55d0b435ae1b12e14a20dd9ea18ba05188b0e378
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13666
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The offsetof() macro is an ANSI C library feature.
Change-Id: I2ac91b0b4c94c6f6baf14133b076fdc5ed2e182b
Reviewed-on: https://code.wireshark.org/review/12707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-ncp2222.inc: The 'ncp_rec->func == 0x59' condition was already verified in line 7300.
packet-bgp: The 'nlri_len < 21' condition was already verified in line 3879
packet-rtp.c: The 'p_conv_data' condition was already verified in line 1460
Change-Id: I65299718b26454596e3f25665d413a17a99e4ce0
Reviewed-on: https://code.wireshark.org/review/12341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixing ESI Label extended community
Fixing PMSI label field decoding on 20 bits
Fixing inclusive multicast Ethernet tag route
Fixing Ethernet segment route
Bug: 11650
Change-Id: Ifadcc3099f681a5c9480d1ccdd50b29ef4c0069f
Reviewed-on: https://code.wireshark.org/review/12430
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BGP: add the ability to decode Opaque extented community and in particular tunnel type
Change-Id: Ife53a267a2311397123a4e670924c673904bccbd
Ping-Bug: 11650
Reviewed-on: https://code.wireshark.org/review/12076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic368dd8e83cf39e0c934da0ae2744778e2d54ce6
Reviewed-on: https://code.wireshark.org/review/12050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 11650
Change-Id: I1e6418afe1d02da9f30c429c0220932d74344b8d
Reviewed-on: https://code.wireshark.org/review/11775
Reviewed-by: Michael Mann <mmann78@netscape.net>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3e72fddc6ed380780d7e2e1c8df87e580138188d
Reviewed-on: https://code.wireshark.org/review/11271
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
From draft-ietf-idr-bgp-extended-messages
Update BGP Capability Codes to 2015-09-30
Change-Id: I2f3b44ad8ad7a9e5444cdfbfb22bf7d0538ffbfc
Reviewed-on: https://code.wireshark.org/review/10826
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part7
Fix last proto_tree_add_text (use expert info)
Change-Id: I9c4c053e5fc94f57608c7ee8355e6e16f8af6bd1
Reviewed-on: https://code.wireshark.org/review/8697
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 5
Update SAFNUM_LAB_VPNUNIMULC/SAFNUM_LAB_VPNMULCAST/SAFNUM_LAB_VPNUNIMULC
Simplify code but no tested on real pcap
Change-Id: I02fc1bc8d4b406f34918130d1eb24d514c24385c
Reviewed-on: https://code.wireshark.org/review/8695
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 4
Update BGP Type TUNNEL_ENCAPS_ATTR
Change-Id: Ib166cf42e4eee3513f4c2f64e18eb5de2ed4acf2
Reviewed-on: https://code.wireshark.org/review/8694
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Part 2
Update VPLS-BGP and BGP-AD
Change-Id: I6a311bfc69d9666be6f83e38042745162701aaac
Reviewed-on: https://code.wireshark.org/review/8485
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 1
Change-Id: Icbc73690370eba07e77b35d2815346f1d5a44347
Reviewed-on: https://code.wireshark.org/review/8386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 1 of a few
Change-Id: I413f23dfa92da5488ca8a7f62ca0738b25004635
Reviewed-on: https://code.wireshark.org/review/8117
Reviewed-by: Michael Mann <mmann78@netscape.net>