diff options
-rw-r--r-- | print-bgp.c | 105 | ||||
-rw-r--r-- | tests/TESTLIST | 1 | ||||
-rw-r--r-- | tests/bgp-bgpsec.out | 778 | ||||
-rw-r--r-- | tests/bgp-bgpsec.pcap | bin | 0 -> 7686 bytes |
4 files changed, 884 insertions, 0 deletions
diff --git a/print-bgp.c b/print-bgp.c index 1292542c..4fc39957 100644 --- a/print-bgp.c +++ b/print-bgp.c @@ -173,6 +173,7 @@ static const struct tok bgp_route_refresh_subtype_values[] = { #define BGPTYPE_PE_DISTINGUISHER_LABEL 27 /* RFC6514 */ #define BGPTYPE_ENTROPY_LABEL 28 /* RFC6790 */ #define BGPTYPE_LARGE_COMMUNITY 32 /* draft-ietf-idr-large-community-05 */ +#define BGPTYPE_BGPSEC_PATH 33 /* RFC8205 */ #define BGPTYPE_ATTR_SET 128 /* RFC6368 */ #define BGP_MP_NLRI_MINSIZE 3 /* End of RIB Marker detection */ @@ -201,6 +202,7 @@ static const struct tok bgp_attr_values[] = { { BGPTYPE_PE_DISTINGUISHER_LABEL, "PE Distinguisher Label"}, { BGPTYPE_ENTROPY_LABEL, "Entropy Label"}, { BGPTYPE_LARGE_COMMUNITY, "Large Community"}, + { BGPTYPE_BGPSEC_PATH, "BGPsec Path"}, { BGPTYPE_ATTR_SET, "Attribute Set"}, { 255, "Reserved for development"}, { 0, NULL} @@ -245,6 +247,7 @@ static const struct tok bgp_opt_values[] = { #define BGP_CAPCODE_MR 4 /* RFC3107 */ #define BGP_CAPCODE_EXT_NH 5 /* RFC5549 */ #define BGP_CAPCODE_EXT_MSG 6 /* RFC8654 */ +#define BGP_CAPCODE_BGPSEC 7 /* RFC8205 */ #define BGP_CAPCODE_ML 8 /* RFC8277 */ #define BGP_CAPCODE_RESTART 64 /* RFC4724 */ #define BGP_CAPCODE_AS_NEW 65 /* RFC6793 */ @@ -262,6 +265,7 @@ static const struct tok bgp_capcode_values[] = { { BGP_CAPCODE_MR, "Multiple Routes to a Destination"}, { BGP_CAPCODE_EXT_NH, "Extended Next Hop Encoding"}, { BGP_CAPCODE_EXT_MSG, "BGP Extended Message"}, + { BGP_CAPCODE_BGPSEC, "BGPsec"}, { BGP_CAPCODE_ML, "Multiple Labels"}, { BGP_CAPCODE_RESTART, "Graceful Restart"}, { BGP_CAPCODE_AS_NEW, "32-Bit AS Number"}, @@ -600,6 +604,18 @@ static const struct tok bgp_add_path_recvsend[] = { { 0, NULL }, }; +static const struct tok bgp_bgpsec_bitmap_str[] = { + { 1U << 0, "MBZ-0" }, + { 1U << 1, "MBZ-1" }, + { 1U << 2, "MBZ-2" }, + { 1U << 3, "MBZ-3" }, + { 1U << 4, "MBZ-4" }, + { 1U << 5, "MBZ-5" }, + { 1U << 6, "MBZ-6" }, + { 1U << 7, "C" }, + { 0, NULL} +}; + #define AS_STR_SIZE sizeof("xxxxx.xxxxx") /* @@ -2543,6 +2559,74 @@ bgp_attr_print(netdissect_options *ndo, len -= 12; } break; + case BGPTYPE_BGPSEC_PATH: + { + uint16_t sblen, splen; + + splen = GET_BE_U_2(tptr); + + /* + * A secure path has a minimum length of 8 bytes: + * 2 bytes length field + * 6 bytes per secure path segment + */ + ND_ICHECKMSG_U("secure path length", splen, <, 8); + + ND_PRINT("\n\t Secure Path Length: %u", splen); + + tptr += 2; + splen -= 2; + /* Make sure the secure path length does not signal trailing bytes */ + if (splen % 6) { + ND_PRINT(" [invalid total segments len %u]", splen); + break; + } + + /* Parse secure path segments */ + while (splen != 0) { + uint8_t pcount = GET_U_1(tptr); + uint8_t flags = GET_U_1(tptr + 1); + uint32_t asn = GET_BE_U_4(tptr + 2); + ND_PRINT("\n\t Secure Path Segment: pCount: %u, Flags: [%s] (0x%02x), AS: %u", + pcount, + bittok2str(bgp_bgpsec_bitmap_str, "none", flags), + flags, + asn); + tptr += 6; + splen -= 6; + } + + sblen = GET_BE_U_2(tptr); + + ND_PRINT("\n\t Signature Block: Length: %u, Algo ID: %u", + sblen, + GET_U_1(tptr + 2)); + + tptr += 3; + sblen -= 3; + /* Parse signature segments */ + while (sblen > 0) { + uint16_t siglen; + + ND_PRINT("\n\t Signature Segment:\n\t SKI: "); + ND_ICHECKMSG_U("remaining length", sblen, <, 20); + hex_print(ndo, "\n\t ", tptr, 20); + tptr += 20; + sblen -= 20; + ND_ICHECKMSG_U("remaining length", sblen, <, 2); + siglen = GET_BE_U_2(tptr); + tptr += 2; + sblen -= 2; + + ND_PRINT("\n\t Length: %u", siglen); + ND_ICHECKMSG_U("remaining length", sblen, <, siglen); + ND_PRINT("\n\t Signature:"); + hex_print(ndo, "\n\t ", tptr, siglen); + tptr += siglen; + sblen -= siglen; + } + break; + } default: ND_TCHECK_LEN(pptr, len); ND_PRINT("\n\t no Attribute %u decoder", atype); /* we have no decoder for the attribute */ @@ -2557,6 +2641,10 @@ done: } return 1; +invalid: + nd_print_invalid(ndo); + return 1; + trunc: return 0; } @@ -2592,6 +2680,23 @@ bgp_capabilities_print(netdissect_options *ndo, tok2str(bgp_safi_values, "Unknown", GET_U_1(opt + i + 5)), GET_U_1(opt + i + 5)); break; + case BGP_CAPCODE_BGPSEC: + /* Version (4 bits), Direction (1 bit), Flags (3 bits), AFI (16 bits) */ + cap_offset = 1; + /* The capability length [...] MUST be set to 3. */ + if (cap_len != 3) { + ND_PRINT(" [%u != 3]", cap_len); + return; + } + + ND_PRINT("\n\t\tVersion %u, Direction %s (%u), AFI %s (%u)", + GET_U_1(opt + i + 2)&0xf0, + (GET_U_1(opt + i + 2)&0x08) ? "Send" : "Receive", + (GET_U_1(opt + i + 2)&0x08)>>3, + bittok2str(af_values, "Unknown", + GET_BE_U_2(opt + i + cap_offset + 2)), + GET_BE_U_2(opt + i + cap_offset + 2)); + break; case BGP_CAPCODE_ML: cap_offset = 2; tcap_len = cap_len; diff --git a/tests/TESTLIST b/tests/TESTLIST index 1b0d9593..763b251c 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -70,6 +70,7 @@ bgp-cease-hard-reset bgp-cease-hard-reset.pcap bgp-cease-hard-reset.out -v bgp-malformed-hard-reset bgp-malformed-hard-reset.pcap bgp-malformed-hard-reset.out -v bgp-bfd-cease bgp-bfd-cease.pcap bgp-bfd-cease.out -v bgp-orf bgp-orf.pcapng bgp-orf.out -v +bgp-bgpsec bgp-bgpsec.pcap bgp-bgpsec.out -v # Broadcom tag tests brcmtag brcm-tag.pcap brcm-tag.out diff --git a/tests/bgp-bgpsec.out b/tests/bgp-bgpsec.out new file mode 100644 index 00000000..7fadd3e3 --- /dev/null +++ b/tests/bgp-bgpsec.out @@ -0,0 +1,778 @@ + 1 13:45:50.158839 IP (tos 0xc0, ttl 1, id 931, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.2.44538 > 172.18.0.3.179: Flags [S], cksum 0x5858 (incorrect -> 0xe30a), seq 1813951547, win 64240, options [mss 1460,sackOK,TS val 2791087222 ecr 0,nop,wscale 7], length 0 + 2 13:45:50.158874 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) + 172.18.0.3.179 > 172.18.0.2.44538: Flags [R.], cksum 0x889e (correct), seq 0, ack 1813951548, win 0, length 0 + 3 13:45:52.580424 IP (tos 0xc0, ttl 1, id 49352, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [S], cksum 0x5858 (incorrect -> 0xe776), seq 2144546963, win 64240, options [mss 1460,sackOK,TS val 1161315278 ecr 0,nop,wscale 7], length 0 + 4 13:45:52.580594 IP (tos 0xc0, ttl 255, id 0, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [S.], cksum 0x5858 (incorrect -> 0xb7ed), seq 2060149963, ack 2144546964, win 65160, options [mss 1460,sackOK,TS val 2791089644 ecr 1161315278,nop,wscale 7], length 0 + 5 13:45:52.580696 IP (tos 0xc0, ttl 1, id 49353, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [.], cksum 0x5850 (incorrect -> 0xe34b), ack 1, win 502, options [nop,nop,TS val 1161315279 ecr 2791089644], length 0 + 6 13:45:52.582638 IP (tos 0xc0, ttl 1, id 29723, offset 0, flags [DF], proto TCP (6), length 159) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [P.], cksum 0x58bb (incorrect -> 0xf937), seq 1:108, ack 1, win 510, options [nop,nop,TS val 2791089646 ecr 1161315279], length 107: BGP + Open Message (1), length: 107 + Version 4, my AS 2, Holdtime 180s, ID 172.18.0.2 + Optional parameters, length: 78 + Option Capabilities Advertisement (2), length: 6 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Option Capabilities Advertisement (2), length: 2 + Route Refresh (Cisco) (128), length: 0 + Option Capabilities Advertisement (2), length: 2 + Route Refresh (2), length: 0 + Option Capabilities Advertisement (2), length: 2 + Enhanced Route Refresh (70), length: 0 + Option Capabilities Advertisement (2), length: 6 + 32-Bit AS Number (65), length: 4 + 4 Byte AS 2 + Option Capabilities Advertisement (2), length: 2 + BGP Extended Message (6), length: 0 + Option Capabilities Advertisement (2), length: 6 + Multiple Paths (69), length: 4 + AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Receive + Option Capabilities Advertisement (2), length: 9 + Unknown (73), length: 7 + no decoder for Capability 73 + 0x0000: 0562 6770 6431 00 + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Receive (0), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv6 (2) + Option Capabilities Advertisement (2), length: 4 + Graceful Restart (64), length: 2 + Restart Flags: [R], Restart Time 120s + 7 13:45:52.582735 IP (tos 0xc0, ttl 1, id 49354, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [.], cksum 0x5850 (incorrect -> 0xe2dc), ack 108, win 502, options [nop,nop,TS val 1161315281 ecr 2791089646], length 0 + 8 13:45:52.583463 IP (tos 0xc0, ttl 1, id 49355, offset 0, flags [DF], proto TCP (6), length 159) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [P.], cksum 0x58bb (incorrect -> 0xf6cf), seq 1:108, ack 108, win 502, options [nop,nop,TS val 1161315282 ecr 2791089646], length 107: BGP + Open Message (1), length: 107 + Version 4, my AS 3, Holdtime 180s, ID 172.18.0.3 + Optional parameters, length: 78 + Option Capabilities Advertisement (2), length: 6 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Option Capabilities Advertisement (2), length: 2 + Route Refresh (Cisco) (128), length: 0 + Option Capabilities Advertisement (2), length: 2 + Route Refresh (2), length: 0 + Option Capabilities Advertisement (2), length: 2 + Enhanced Route Refresh (70), length: 0 + Option Capabilities Advertisement (2), length: 6 + 32-Bit AS Number (65), length: 4 + 4 Byte AS 3 + Option Capabilities Advertisement (2), length: 2 + BGP Extended Message (6), length: 0 + Option Capabilities Advertisement (2), length: 6 + Multiple Paths (69), length: 4 + AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Receive + Option Capabilities Advertisement (2), length: 9 + Unknown (73), length: 7 + no decoder for Capability 73 + 0x0000: 0562 6770 6432 00 + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Receive (0), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv6 (2) + Option Capabilities Advertisement (2), length: 4 + Graceful Restart (64), length: 2 + Restart Flags: [R], Restart Time 120s + 9 13:45:52.583533 IP (tos 0xc0, ttl 1, id 29724, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [.], cksum 0x5850 (incorrect -> 0xe267), ack 108, win 510, options [nop,nop,TS val 2791089647 ecr 1161315282], length 0 + 10 13:45:52.584130 IP (tos 0xc0, ttl 1, id 29725, offset 0, flags [DF], proto TCP (6), length 71) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [P.], cksum 0x5863 (incorrect -> 0xde39), seq 108:127, ack 108, win 510, options [nop,nop,TS val 2791089647 ecr 1161315282], length 19: BGP + Keepalive Message (4), length: 19 + 11 13:45:52.584126 IP (tos 0xc0, ttl 1, id 49356, offset 0, flags [DF], proto TCP (6), length 71) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [P.], cksum 0x5863 (incorrect -> 0xde41), seq 108:127, ack 108, win 502, options [nop,nop,TS val 1161315282 ecr 2791089647], length 19: BGP + Keepalive Message (4), length: 19 + 12 13:45:52.584196 IP (tos 0xc0, ttl 1, id 29726, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [.], cksum 0x5850 (incorrect -> 0xe241), ack 127, win 510, options [nop,nop,TS val 2791089647 ecr 1161315282], length 0 + 13 13:45:52.584196 IP (tos 0xc0, ttl 1, id 49357, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [.], cksum 0x5850 (incorrect -> 0xe249), ack 127, win 502, options [nop,nop,TS val 1161315282 ecr 2791089647], length 0 + 14 13:45:52.585786 IP (tos 0xc0, ttl 1, id 8954, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.3.45314 > 172.18.0.4.179: Flags [S], cksum 0x585a (incorrect -> 0x9b7b), seq 1914912993, win 64240, options [mss 1460,sackOK,TS val 2450416287 ecr 0,nop,wscale 7], length 0 + 15 13:45:52.585912 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) + 172.18.0.4.179 > 172.18.0.3.45314: Flags [R.], cksum 0xf2e9 (correct), seq 0, ack 1914912994, win 0, length 0 + 16 13:45:53.685808 IP (tos 0xc0, ttl 1, id 49358, offset 0, flags [DF], proto TCP (6), length 75) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [P.], cksum 0x5867 (incorrect -> 0xdbc5), seq 127:150, ack 127, win 502, options [nop,nop,TS val 1161316384 ecr 2791089647], length 23: BGP + Update Message (2), length: 23 + End-of-Rib Marker (empty NLRI) + 17 13:45:53.685905 IP (tos 0xc0, ttl 1, id 29727, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [.], cksum 0x5850 (incorrect -> 0xd98e), ack 150, win 510, options [nop,nop,TS val 2791090749 ecr 1161316384], length 0 + 18 13:45:53.695782 IP (tos 0xc0, ttl 1, id 29728, offset 0, flags [DF], proto TCP (6), length 1662) + 172.18.0.2.179 > 172.18.0.3.54094: Flags [P.], cksum 0x5e9a (incorrect -> 0xc146), seq 127:1737, ack 150, win 510, options [nop,nop,TS val 2791090759 ecr 1161316384], length 1610: BGP + Update Message (2), length: 158 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.1.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 103, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 95, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7e5f 7511 2da3 41b1 2fe0 9789 + 0x0010: 2cc9 2c5a 2396 5445 955e 3e11 ac65 b660 + 0x0020: 6441 3630 0220 2103 bd0f 5793 7b63 b6f2 + 0x0030: 613f 1f6a 13e6 e65f 8484 b6b8 84c1 479e + 0x0040: 878c f668 71a4 + Update Message (2), length: 160 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.10.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 105, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 97, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 72 + Signature: + 0x0000: 3046 0221 00aa d2ca 6cf3 8568 3bc1 ddb9 + 0x0010: 5ecf 53a2 e1dc bb76 f80b 8cc9 d3d5 f23d + 0x0020: e973 303c f302 2100 bff5 8cb3 a1d4 458d + 0x0030: aa1b b6b8 faaa ad11 0d27 54a9 c2cb 1b77 + 0x0040: c88f ac3c 3ef0 2676 + Update Message (2), length: 158 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.9.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 103, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 95, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 0a09 31f7 9172 940a d1df 7dd5 + 0x0010: 5fde dc2b 0dc0 6a46 bb0f a22b 8021 f735 + 0x0020: 98bb fd46 0220 35c7 bb54 ca67 07df 45bc + 0x0030: 51da dd9d 8f4c 66c7 f09b a72f 5ead 7393 + 0x0040: 6807 96dc 01c5 + Update Message (2), length: 160 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.8.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 105, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 97, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 72 + Signature: + 0x0000: 3046 0221 0091 cce5 3628 025f 5a44 8465 + 0x0010: 0351 d3d7 5bbe ad98 5040 49cc a0d5 373c + 0x0020: 7f79 3ed6 1802 2100 fe77 53d6 df6d 1d03 + 0x0030: e096 4a05 3bbf 1765 845d f777 0cb9 ab99 + 0x0040: d3c4 186c 3cea 8b0b + Update Message (2), length: 159 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.7.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 104, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 96, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 05e2 5f3f 9544 f375 6217 eaf8 + 0x0010: 528e 65ad 24c9 74da 9f92 18fb b6c8 5720 + 0x0020: 6dbb da29 0221 00c4 84e5 1c46 c18d c3ee + 0x0030: b5fd 629f c6b9 7ba5 e18e abdf 64b9 8e46 + 0x0040: cd69 5b53 eac0 c3 + Update Message (2), length: 158 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.6.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 103, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 95, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7f1a edbc e643 4869 ec9c 60ac + 0x0010: 7d9e cb04 d4cf 1d68 4a03 aa19 f7c2 ed8a + 0x0020: 9d3d c37b 0220 53e8 87be b9e9 1c3a 2785 + 0x0030: d856 022f 482f 63c6 06c9 957b a688 b0ee + 0x0040: 6b88 30bc ad46 + Update Message (2), length: 158 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.5.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 103, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 95, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 65b5 609f c88b 232e c992 3daa + 0x0010: 8d19 9e22 43e7 e83d 378a 88c3 6636 01a5 + 0x0020: 183a 469d 0220 6bab 77fb 4d8b 8ef8 c3cf + 0x0030: a206 82de 9da8 e0a1 77eb cabc 0e3d 8c49 + 0x0040: 260e 9bc2 cf9d + Update Message (2), length: 158 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.4.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 103, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 95, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7415 c8b7 7912 8968 caa9 4dfd + 0x0010: db4b feb1 286d e68d bc88 3930 9506 a1b8 + 0x0020: 9e16 0919 0220 61fa 3f1e dbd1 2594 5243 + 0x0030: 2a8c c95c 84ee 29f8 c207 b646 977c 10b3 + 0x0040: 1d9c 3fb5 1f3f + Update Message (2), length: 159 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.3.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 104, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 96, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 1073 0d4c 8363 cae0 41f7 45e3 + 0x0010: f5d0 8893 413f c095 e3f7 95eb 0aa3 4da5 + 0x0020: a400 9c4d 0221 00b4 8e44 c4fb e5bb 77a2 + 0x0030: e8b8 808d cd4f 3db9 94be e72c f929 5628 + 0x0040: bc74 e99c 55af 64 + Update Message (2), length: 159 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.2.0/24 + Origin (1), length: 1, Flags [T]: IGP + Multi Exit Discriminator (4), length: 4, Flags [O]: 0 + BGPsec Path (33), length: 104, Flags [OE]: + Secure Path Length: 8 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 96, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 7d87 e54d f871 4400 768a 3db7 + 0x0010: acfa 55ae be23 e200 3cdf 21b6 1424 0d1e + 0x0020: 8831 49e3 0221 00e2 d828 edb0 0277 dc25 + 0x0030: f4c5 aa4e 2906 74e3 aa13 6c30 f78b d415 + 0x0040: 0e55 35ef 3fc8 70 + Update Message (2), length: 23 + End-of-Rib Marker (empty NLRI) + 19 13:45:53.695866 IP (tos 0xc0, ttl 1, id 49359, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.54094 > 172.18.0.2.179: Flags [.], cksum 0x5850 (incorrect -> 0xd339), ack 1737, win 501, options [nop,nop,TS val 1161316394 ecr 2791090759], length 0 + 20 13:45:56.356964 IP (tos 0xc0, ttl 1, id 59932, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [S], cksum 0x585a (incorrect -> 0x05d8), seq 2209904309, win 64240, options [mss 1460,sackOK,TS val 3983705651 ecr 0,nop,wscale 7], length 0 + 21 13:45:56.357094 IP (tos 0xc0, ttl 255, id 0, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [S.], cksum 0x585a (incorrect -> 0xe537), seq 994631237, ack 2209904310, win 65160, options [mss 1460,sackOK,TS val 2450420058 ecr 3983705651,nop,wscale 7], length 0 + 22 13:45:56.357166 IP (tos 0xc0, ttl 1, id 59933, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [.], cksum 0x5852 (incorrect -> 0x1097), ack 1, win 502, options [nop,nop,TS val 3983705651 ecr 2450420058], length 0 + 23 13:45:56.358934 IP (tos 0xc0, ttl 1, id 52957, offset 0, flags [DF], proto TCP (6), length 159) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [P.], cksum 0x58bd (incorrect -> 0x2481), seq 1:108, ack 1, win 510, options [nop,nop,TS val 2450420060 ecr 3983705651], length 107: BGP + Open Message (1), length: 107 + Version 4, my AS 3, Holdtime 180s, ID 172.18.0.3 + Optional parameters, length: 78 + Option Capabilities Advertisement (2), length: 6 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Option Capabilities Advertisement (2), length: 2 + Route Refresh (Cisco) (128), length: 0 + Option Capabilities Advertisement (2), length: 2 + Route Refresh (2), length: 0 + Option Capabilities Advertisement (2), length: 2 + Enhanced Route Refresh (70), length: 0 + Option Capabilities Advertisement (2), length: 6 + 32-Bit AS Number (65), length: 4 + 4 Byte AS 3 + Option Capabilities Advertisement (2), length: 2 + BGP Extended Message (6), length: 0 + Option Capabilities Advertisement (2), length: 6 + Multiple Paths (69), length: 4 + AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Receive + Option Capabilities Advertisement (2), length: 9 + Unknown (73), length: 7 + no decoder for Capability 73 + 0x0000: 0562 6770 6432 00 + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Receive (0), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv6 (2) + Option Capabilities Advertisement (2), length: 4 + Graceful Restart (64), length: 2 + Restart Flags: [R], Restart Time 120s + 24 13:45:56.359049 IP (tos 0xc0, ttl 1, id 59934, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [.], cksum 0x5852 (incorrect -> 0x1028), ack 108, win 502, options [nop,nop,TS val 3983705653 ecr 2450420060], length 0 + 25 13:45:56.359710 IP (tos 0xc0, ttl 1, id 59935, offset 0, flags [DF], proto TCP (6), length 159) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [P.], cksum 0x58bd (incorrect -> 0x2219), seq 1:108, ack 108, win 502, options [nop,nop,TS val 3983705654 ecr 2450420060], length 107: BGP + Open Message (1), length: 107 + Version 4, my AS 4, Holdtime 180s, ID 172.18.0.4 + Optional parameters, length: 78 + Option Capabilities Advertisement (2), length: 6 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Option Capabilities Advertisement (2), length: 2 + Route Refresh (Cisco) (128), length: 0 + Option Capabilities Advertisement (2), length: 2 + Route Refresh (2), length: 0 + Option Capabilities Advertisement (2), length: 2 + Enhanced Route Refresh (70), length: 0 + Option Capabilities Advertisement (2), length: 6 + 32-Bit AS Number (65), length: 4 + 4 Byte AS 4 + Option Capabilities Advertisement (2), length: 2 + BGP Extended Message (6), length: 0 + Option Capabilities Advertisement (2), length: 6 + Multiple Paths (69), length: 4 + AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Receive + Option Capabilities Advertisement (2), length: 9 + Unknown (73), length: 7 + no decoder for Capability 73 + 0x0000: 0562 6770 6433 00 + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Receive (0), AFI IPv4 (1) + Option Capabilities Advertisement (2), length: 5 + BGPsec (7), length: 3 + Version 0, Direction Send (1), AFI IPv6 (2) + Option Capabilities Advertisement (2), length: 4 + Graceful Restart (64), length: 2 + Restart Flags: [R], Restart Time 120s + 26 13:45:56.359726 IP (tos 0xc0, ttl 1, id 52958, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [.], cksum 0x5852 (incorrect -> 0x0fb3), ack 108, win 510, options [nop,nop,TS val 2450420061 ecr 3983705654], length 0 + 27 13:45:56.359883 IP (tos 0xc0, ttl 1, id 52959, offset 0, flags [DF], proto TCP (6), length 71) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [P.], cksum 0x5865 (incorrect -> 0x0b85), seq 108:127, ack 108, win 510, options [nop,nop,TS val 2450420061 ecr 3983705654], length 19: BGP + Keepalive Message (4), length: 19 + 28 13:45:56.359886 IP (tos 0xc0, ttl 1, id 59936, offset 0, flags [DF], proto TCP (6), length 71) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [P.], cksum 0x5865 (incorrect -> 0x0b8d), seq 108:127, ack 108, win 502, options [nop,nop,TS val 3983705654 ecr 2450420061], length 19: BGP + Keepalive Message (4), length: 19 + 29 13:45:56.359901 IP (tos 0xc0, ttl 1, id 52960, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [.], cksum 0x5852 (incorrect -> 0x0f8d), ack 127, win 510, options [nop,nop,TS val 2450420061 ecr 3983705654], length 0 + 30 13:45:56.359926 IP (tos 0xc0, ttl 1, id 59937, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [.], cksum 0x5852 (incorrect -> 0x0f95), ack 127, win 502, options [nop,nop,TS val 3983705654 ecr 2450420061], length 0 + 31 13:45:56.360322 IP (tos 0xc0, ttl 1, id 6237, offset 0, flags [DF], proto TCP (6), length 60) + 172.18.0.4.38322 > 172.18.0.5.179: Flags [S], cksum 0x585c (incorrect -> 0xc38f), seq 2729165046, win 64240, options [mss 1460,sackOK,TS val 1672860564 ecr 0,nop,wscale 7], length 0 + 32 13:45:56.360364 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) + 172.18.0.5.179 > 172.18.0.4.38322: Flags [R.], cksum 0x5d9a (correct), seq 0, ack 2729165047, win 0, length 0 + 33 13:45:57.460725 IP (tos 0xc0, ttl 1, id 59938, offset 0, flags [DF], proto TCP (6), length 75) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [P.], cksum 0x5869 (incorrect -> 0x0912), seq 127:150, ack 127, win 502, options [nop,nop,TS val 3983706755 ecr 2450420061], length 23: BGP + Update Message (2), length: 23 + End-of-Rib Marker (empty NLRI) + 34 13:45:57.460843 IP (tos 0xc0, ttl 1, id 52961, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [.], cksum 0x5852 (incorrect -> 0x06dc), ack 150, win 510, options [nop,nop,TS val 2450421162 ecr 3983706755], length 0 + 35 13:45:57.523627 IP (tos 0xc0, ttl 1, id 52962, offset 0, flags [DF], proto TCP (6), length 2582) + 172.18.0.3.179 > 172.18.0.4.32836: Flags [P.], cksum 0x6234 (incorrect -> 0xda51), seq 127:2657, ack 150, win 510, options [nop,nop,TS val 2450421225 ecr 3983706755], length 2530: BGP + Update Message (2), length: 250 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.1.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 202, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 188, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0221 00d5 9ec6 6346 2826 f329 b960 + 0x0010: c898 c635 a89d 4fa1 5219 d000 32df ee1a + 0x0020: 5da1 49a0 e202 204a 8331 61a0 8a04 4a1b + 0x0030: 10cc 85b4 883c a7ff 9c73 43c0 5fc9 2633 + 0x0040: 97b9 830d d2ca 75 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7e5f 7511 2da3 41b1 2fe0 9789 + 0x0010: 2cc9 2c5a 2396 5445 955e 3e11 ac65 b660 + 0x0020: 6441 3630 0220 2103 bd0f 5793 7b63 b6f2 + 0x0030: 613f 1f6a 13e6 e65f 8484 b6b8 84c1 479e + 0x0040: 878c f668 71a4 + Update Message (2), length: 252 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.10.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 204, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 190, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0220 6397 a10f 4e63 04df 9f54 e32d + 0x0010: 801c fa8c 024a 319a 76cd 10b6 4a41 03b2 + 0x0020: 47b2 8835 0221 00e2 2ed8 3acb d650 fc0c + 0x0030: 5057 2aac 8c8b 909c f5d9 fe51 d921 c539 + 0x0040: 083d da53 ffff 63 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 72 + Signature: + 0x0000: 3046 0221 00aa d2ca 6cf3 8568 3bc1 ddb9 + 0x0010: 5ecf 53a2 e1dc bb76 f80b 8cc9 d3d5 f23d + 0x0020: e973 303c f302 2100 bff5 8cb3 a1d4 458d + 0x0030: aa1b b6b8 faaa ad11 0d27 54a9 c2cb 1b77 + 0x0040: c88f ac3c 3ef0 2676 + Update Message (2), length: 249 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.9.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 201, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 187, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 70 + Signature: + 0x0000: 3044 0220 7a44 089c 6460 dfbf b5a8 d951 + 0x0010: 088d 7c39 0f67 f78c e457 182e c5e1 5a1f + 0x0020: 95f5 7a35 0220 47d3 7d2c c110 f829 c6a2 + 0x0030: 16dc 369e e371 fe23 9536 f122 eb5c a4ad + 0x0040: 3d68 7fb0 44cb + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 0a09 31f7 9172 940a d1df 7dd5 + 0x0010: 5fde dc2b 0dc0 6a46 bb0f a22b 8021 f735 + 0x0020: 98bb fd46 0220 35c7 bb54 ca67 07df 45bc + 0x0030: 51da dd9d 8f4c 66c7 f09b a72f 5ead 7393 + 0x0040: 6807 96dc 01c5 + Update Message (2), length: 253 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.8.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 205, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 191, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 72 + Signature: + 0x0000: 3046 0221 0085 4894 249d 57a5 53c5 b00f + 0x0010: 2059 df1c b425 db15 fbe5 7f07 9904 5e1b + 0x0020: be06 9f0a cc02 2100 c6cc 1be0 c5a8 07fb + 0x0030: 18f3 c3c4 8cfc 02e3 e35e ff23 ceda aa0e + 0x0040: e667 a2c9 e4e6 689e + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 72 + Signature: + 0x0000: 3046 0221 0091 cce5 3628 025f 5a44 8465 + 0x0010: 0351 d3d7 5bbe ad98 5040 49cc a0d5 373c + 0x0020: 7f79 3ed6 1802 2100 fe77 53d6 df6d 1d03 + 0x0030: e096 4a05 3bbf 1765 845d f777 0cb9 ab99 + 0x0040: d3c4 186c 3cea 8b0b + Update Message (2), length: 251 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.7.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 203, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 189, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0220 75de f062 9ba6 9a02 75d8 78c0 + 0x0010: d5d7 4b04 0929 e81b 477f 6260 909c fbc7 + 0x0020: 906c d1c8 0221 0083 9ce1 00ca 7546 ef95 + 0x0030: 2667 2525 7457 aa25 0bb6 5eee 1eb5 2374 + 0x0040: b7bd bc79 f8d6 19 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 05e2 5f3f 9544 f375 6217 eaf8 + 0x0010: 528e 65ad 24c9 74da 9f92 18fb b6c8 5720 + 0x0020: 6dbb da29 0221 00c4 84e5 1c46 c18d c3ee + 0x0030: b5fd 629f c6b9 7ba5 e18e abdf 64b9 8e46 + 0x0040: cd69 5b53 eac0 c3 + Update Message (2), length: 250 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.6.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 202, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 188, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0220 594c bc47 1182 94ab e269 ddd6 + 0x0010: b751 3a4b 1077 441b e5c9 3357 4194 7e01 + 0x0020: edb3 a121 0221 00f3 be50 cd41 db62 5a24 + 0x0030: b317 6ba4 1d4d 4f34 befa a0e5 3515 41f8 + 0x0040: 0b5b 9032 4860 a6 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7f1a edbc e643 4869 ec9c 60ac + 0x0010: 7d9e cb04 d4cf 1d68 4a03 aa19 f7c2 ed8a + 0x0020: 9d3d c37b 0220 53e8 87be b9e9 1c3a 2785 + 0x0030: d856 022f 482f 63c6 06c9 957b a688 b0ee + 0x0040: 6b88 30bc ad46 + Update Message (2), length: 250 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.5.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 202, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 188, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0221 00a6 82a5 78ea 9069 7156 5c1b + 0x0010: fb82 8250 5861 c13c ba7b c9a5 6c20 8f58 + 0x0020: 12e9 02d7 ae02 2066 87a8 78ee 0041 009d + 0x0030: 5480 ce6d 0f57 2bae 4198 7aee 7156 f555 + 0x0040: 03b2 5bb2 110b 5c + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 65b5 609f c88b 232e c992 3daa + 0x0010: 8d19 9e22 43e7 e83d 378a 88c3 6636 01a5 + 0x0020: 183a 469d 0220 6bab 77fb 4d8b 8ef8 c3cf + 0x0030: a206 82de 9da8 e0a1 77eb cabc 0e3d 8c49 + 0x0040: 260e 9bc2 cf9d + Update Message (2), length: 250 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.4.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 202, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 188, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0220 053f d166 2455 ff75 71fe 7fa9 + 0x0010: a7a7 04d9 0d7b 663f 41c2 8d8c c4f3 1819 + 0x0020: 7d49 d6bd 0221 00dc 88fb 3f3c cd81 ac69 + 0x0030: 52e2 e4fb d14f f589 8207 471f 7e37 f870 + 0x0040: bb29 6d09 2f86 19 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 70 + Signature: + 0x0000: 3044 0220 7415 c8b7 7912 8968 caa9 4dfd + 0x0010: db4b feb1 286d e68d bc88 3930 9506 a1b8 + 0x0020: 9e16 0919 0220 61fa 3f1e dbd1 2594 5243 + 0x0030: 2a8c c95c 84ee 29f8 c207 b646 977c 10b3 + 0x0040: 1d9c 3fb5 1f3f + Update Message (2), length: 251 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.3.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 203, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 189, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0221 0083 b2b1 b64c 8370 e11b 5d41 + 0x0010: 5234 7e42 6c40 ac59 314e dbd7 50df a43c + 0x0020: 4af5 ce7c e702 202b 7a87 d510 a632 580c + 0x0030: fc80 c4e4 d318 a09f 226e 72a9 8c8e aade + 0x0040: 6593 2659 5894 6b + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 1073 0d4c 8363 cae0 41f7 45e3 + 0x0010: f5d0 8893 413f c095 e3f7 95eb 0aa3 4da5 + 0x0020: a400 9c4d 0221 00b4 8e44 c4fb e5bb 77a2 + 0x0030: e8b8 808d cd4f 3db9 94be e72c f929 5628 + 0x0040: bc74 e99c 55af 64 + Update Message (2), length: 251 + Multi-Protocol Reach NLRI (14), length: 13, Flags [OE]: + AFI: IPv4 (1), SAFI: Unicast (1) + nexthop: 172.18.0.2, nh-length: 4, no SNPA + 1.0.2.0/24 + Origin (1), length: 1, Flags [T]: IGP + BGPsec Path (33), length: 203, Flags [OE]: + Secure Path Length: 14 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 3 + Secure Path Segment: pCount: 1, Flags: [none] (0x00), AS: 2 + Signature Block: Length: 189, Algo ID: 1 + Signature Segment: + SKI: + 0x0000: 0ca0 6bdf c294 88fa 1a7f 4a47 93f3 a940 + 0x0010: 10a8 0f97 + Length: 71 + Signature: + 0x0000: 3045 0221 0087 24ba eae1 09bc a23a c0f1 + 0x0010: 794c e301 3bab 329b 7c23 5e0a a0fd a4ca + 0x0020: 0afe 736c ef02 203b 42ff c318 7568 16bb + 0x0030: 3e88 0796 7379 db4f a83c fd56 1821 28d2 + 0x0040: b78a 6ec7 145e 75 + Signature Segment: + SKI: + 0x0000: 0a15 fa1c b92f 4d34 95fe f0ca 9180 c0a9 + 0x0010: 3c4a 254f + Length: 71 + Signature: + 0x0000: 3045 0220 7d87 e54d f871 4400 768a 3db7 + 0x0010: acfa 55ae be23 e200 3cdf 21b6 1424 0d1e + 0x0020: 8831 49e3 0221 00e2 d828 edb0 0277 dc25 + 0x0030: f4c5 aa4e 2906 74e3 aa13 6c30 f78b d415 + 0x0040: 0e55 35ef 3fc8 70 + Update Message (2), length: 23 + End-of-Rib Marker (empty NLRI) + 36 13:45:57.523797 IP (tos 0xc0, ttl 1, id 59939, offset 0, flags [DF], proto TCP (6), length 52) + 172.18.0.4.32836 > 172.18.0.3.179: Flags [.], cksum 0x5852 (incorrect -> 0xfc87), ack 2657, win 498, options [nop,nop,TS val 3983706818 ecr 2450421225], length 0 diff --git a/tests/bgp-bgpsec.pcap b/tests/bgp-bgpsec.pcap Binary files differnew file mode 100644 index 00000000..b2ae6a93 --- /dev/null +++ b/tests/bgp-bgpsec.pcap |