diff options
| author | Arjen Zonneveld <arjen@bz2.nl> | 2016-12-02 13:20:18 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-12-13 08:59:30 +0000 |
| commit | 79babc6f22879763d49ea2e802a44ace0e89bd53 (patch) | |
| tree | 0f58cb3ed003bdb53fcc0943d75702db3192f356 | |
| parent | 8d59678483bc90d0fad356338e3dc413e4655585 (diff) | |
| download | wireshark-79babc6f22879763d49ea2e802a44ace0e89bd53.tar.gz | |
Add BGP dissector support for draft-ietf-idr-shutdown-01
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-bgp.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/epan/dissectors/packet-bgp.c b/epan/dissectors/packet-bgp.c index 716e548cd3..928fc420a4 100644 --- a/epan/dissectors/packet-bgp.c +++ b/epan/dissectors/packet-bgp.c @@ -1408,6 +1408,8 @@ static int hf_bgp_notify_minor_cease = -1; static int hf_bgp_notify_minor_cap_msg = -1; static int hf_bgp_notify_minor_unknown = -1; static int hf_bgp_notify_data = -1; +static int hf_bgp_notify_communication_length = -1; +static int hf_bgp_notify_communication = -1; /* BGP route refresh header field */ @@ -7435,6 +7437,8 @@ dissect_bgp_notification(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo) int offset; guint major_error; proto_item *ti; + guint8 clen; + guint8 minor_cease; hlen = tvb_get_ntohs(tvb, BGP_MARKER_SIZE); offset = BGP_MARKER_SIZE + 2 + 1; @@ -7476,7 +7480,17 @@ dissect_bgp_notification(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo) /* only print if there is optional data */ if (hlen > BGP_MIN_NOTIFICATION_MSG_SIZE) { - proto_tree_add_item(tree, hf_bgp_notify_data, tvb, offset, hlen - BGP_MIN_NOTIFICATION_MSG_SIZE, ENC_NA); + minor_cease = tvb_get_guint8(tvb, offset - 1); + clen = tvb_get_guint8(tvb, offset); + /* Might be a idr-shutdown communication, first byte is length, max length being 128) */ + if (clen <= 128 && hlen - BGP_MIN_NOTIFICATION_MSG_SIZE - 1 == clen && major_error == BGP_MAJOR_ERROR_CEASE && minor_cease == 2) { + proto_tree_add_item(tree, hf_bgp_notify_communication_length, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + proto_tree_add_item(tree, hf_bgp_notify_communication, tvb, offset, hlen - BGP_MIN_NOTIFICATION_MSG_SIZE - 1, ENC_UTF_8|ENC_NA); + /* otherwise just dump the hex data */ + } else { + proto_tree_add_item(tree, hf_bgp_notify_data, tvb, offset, hlen - BGP_MIN_NOTIFICATION_MSG_SIZE, ENC_NA); + } } } @@ -8019,6 +8033,12 @@ proto_register_bgp(void) NULL, 0x0, NULL, HFILL }}, { &hf_bgp_notify_data, { "Data", "bgp.notify.minor_data", FT_BYTES, BASE_NONE, + NULL, 0x0, NULL, HFILL }}, + { &hf_bgp_notify_communication_length, + { "BGP Shutdown Communication Length", "bgp.notify.communication_length", FT_UINT8, BASE_DEC, + NULL, 0x0, NULL, HFILL }}, + { &hf_bgp_notify_communication, + { "Shutdown Communication", "bgp.notify.commmunication", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, /* Route Refresh */ |