show bgp unknown attributes in bgpctl and tcpdump

Fri, 14 Oct 2016 01:45:10 -0700 

While working on Large Communities, I realized that I would really like
to easily see and know when I am receiving "unknown" attributes.

Patch for tcpdump is easy, if it doesn't have a decoder, just print the
type and length.  You can use -X to see the raw hex.

Path for bgpctl is a bit more involved.  This shows us the type, flags,
len and if len is not zero, the local-endian hex dump.

OK?


Example tcpdump:
 BGP (UPDATE: (Path attributes: (ORIGIN[T] IGP)
                (AS_PATH[T] 65000)
                (NEXT_HOP[T] 192.168.50.62)
                (#30[OTP] unknown type 30 len:24))
                (NLRI: 1.2.3.4/32)) (DF) (ttl 64, id 14847, len 127)

Example bgpctl:

BGP routing table entry for 72.10.114.0/24
    29140 2603 11164 22742
    Nexthop 172.16.255.1 (via 172.16.255.1) from 172.16.255.1 (217.31.95.174)
    Origin IGP, metric 0, localpref 100, weight 0, external, valid, best
    Last update: 2d15h36m ago
    Communities: 2603:302 2603:501 2603:11164 2603:64110 2603:64113 11164:1160 
11164:7500 11164:51240 11164:52100 11164:52200
    Ext. communities: rt 2603:434300002, rt 22742:777
    Unknown Attribute #20 flags [OTP] len 14: 00 01 00 00 58 d6 00 00 02 8e cf 
d2 8d b5



Index: usr.sbin/tcpdump/print-bgp.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/tcpdump/print-bgp.c,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 print-bgp.c
--- usr.sbin/tcpdump/print-bgp.c        13 Oct 2016 08:48:15 -0000      1.19
+++ usr.sbin/tcpdump/print-bgp.c        14 Oct 2016 08:39:04 -0000
@@ -713,6 +713,7 @@ bgp_attr_print(const struct bgp_attr *at
                }
                break;
        default:
+               printf(" unknown type %u len %u", attr->bgpa_type, len);
                break;
        }
        return 1;
Index: usr.sbin/bgpctl/bgpctl.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving revision 1.188
diff -u -p -u -p -r1.188 bgpctl.c
--- usr.sbin/bgpctl/bgpctl.c    3 Jun 2016 17:36:37 -0000       1.188
+++ usr.sbin/bgpctl/bgpctl.c    14 Oct 2016 08:30:44 -0000
@@ -1393,6 +1393,7 @@ show_attr(void *b, u_int16_t len)
        u_int32_t        as;
        u_int16_t        alen, ioff;
        u_int8_t         flags, type;
+       int              i;
 
        if (len < 3)
                errx(1, "show_attr: too short bgp attr");
@@ -1448,8 +1449,29 @@ show_attr(void *b, u_int16_t len)
                show_ext_community(data, alen);
                printf("\n");
                break;
+       case ATTR_ATOMIC_AGGREGATE:
+               /* ignore */
+               break;
        default:
                /* ignore unknown attributes */
+               printf("    Unknown Attribute #%u", type);
+               if (flags) {
+                       printf(" flags [");
+                       if (flags & ATTR_OPTIONAL)
+                               printf("O");
+                       if (flags & ATTR_TRANSITIVE)
+                               printf("T");
+                       if (flags & ATTR_PARTIAL)
+                               printf("P");
+                       printf("]");
+               }
+               printf(" len %u", alen);
+               if (alen) {
+                       printf(":");
+                       for (i=0; i < alen; i++)
+                               printf(" %02x", *(data+i) & 0xFF);
+               }
+               printf("\n");
                break;
        }
 }


-- 
Hardware, n.:
        The parts of a computer system that can be kicked.

Reply via email to