def apply(self, message):
try:
# NEXT_HOP and COMMUNITIES are attributes of a BGP UPDATE message
if message.type is not BGPStatics.MESSAGE_TYPE_UPDATE:
# Skip messages that are no UPDATE messages
return None
for attribute in message.path_attributes:
# Skip attributes that are no NEXT_HOP attributes
if attribute.type is BGPStatics.UPDATE_ATTRIBUTE_NEXT_HOP:
# Here we found the NEXT_HOP attribute - check for blackhole next_hop
for value in self.values:
if str(
BGPRoute.decimal_ip_to_string(
attribute.next_hop)) == str(value):
# Match on NEXT_HOP attribute - Return message
return message
# Alternatively check if well-known BGP community is set (RFC 7999)
if attribute.type is BGPStatics.UPDATE_ATTRIBUTE_COMMUNITIES:
for community in attribute.communities:
if community.asn == 65535 and community.value == 666:
return message
# Searched value was not found
return None
except Exception as e:
# On error the filtering was not successful (due to wrong fields, etc.)
return None
def json(self):
return {
"type": self.type,
"type_string": BGPTranslation.path_attribute(self.type),
"error": self.error,
"next_hop": str(BGPRoute.decimal_ip_to_string(self.next_hop))
}
def apply(self, message):
try:
# NEXT_HOP is a path attribute of BGP UPDATE message
# Therefore we first need to make that we are currently handling an UPDATE message
if message.type is not BGPStatics.MESSAGE_TYPE_UPDATE:
# Skip messages that are no UPDATE messages
return None
for attribute in message.path_attributes:
# Skip attributes that are no NEXT_HOP attributes
if attribute.type is not BGPStatics.UPDATE_ATTRIBUTE_NEXT_HOP:
continue
# Here we found the NEXT_HOP attribute - loop through allowed values
for value in self.values:
if str(BGPRoute.decimal_ip_to_string(
attribute.next_hop)) == str(value):
# Match on NEXT_HOP attribute - Return message
return message
# Searched value was not found
return None
except Exception as e:
# On error the filtering was not successful (due to wrong fields, etc.)
return None
def apply(self, message):
# Example return:
#
# [BGPMessage UPDATE] - [123.123.123.123 -> 123.123.123.123]
# |- IP: 123.123.123.123 -> 123.123.123.123
# |- MAC: 11:11:11:11:11:11 -> 11:11:11:11:11
# |- Unix Time: 1412416346.123245123
# |
# |- Withdrawn Routes Length: 0
# |- Total Path Attribute Length: 55
# |- Path Attributes
# |--- ORIGIN: IGP
# |--- AS_PATH: (9498 9430)
# |--- NEXT_HOP: 80.81.194.250
# |--- COMMUNITIES: 9498:1 9498:11 9498:91
# |- NLRI
# |--- 203.190.42.0/24
##
# Initialize basic return string and PCAP information
string = "[BGPMessage " + BGPTranslation.message_type(
message.type) + "] - " + str(message.length) + " Bytes\n"
string += self.prefix(0) + "MAC: " + message.pcap_information.get_mac(
).get_source_string(
separated=True) + " -> " + message.pcap_information.get_mac(
).get_destination_string(separated=True) + "\n"
string += self.prefix(0) + "IP: " + message.pcap_information.get_ip(
).get_source_string() + ":" + message.pcap_information.get_ports(
).get_source_string() + " -> " + message.pcap_information.get_ip(
).get_destination_string() + ":" + message.pcap_information.get_ports(
).get_destination_string() + "\n"
string += self.prefix(
0) + "Timestamp: " + message.pcap_information.get_timestmap_utc(
) + " (" + str(
message.pcap_information.get_timestamp()[0]) + "." + str(
message.pcap_information.get_timestamp()[1]) + ")\n"
# Display additional information
if BGPStatics.MESSAGE_TYPE_KEEPALIVE == message.type:
pass
if BGPStatics.MESSAGE_TYPE_OPEN == message.type:
# --- Divider for PCAP information
string += self.prefix(-1) + "\n"
string += self.prefix(0) + "Version: " + str(
message.version) + "\n"
string += self.prefix(0) + "My ASN: " + str(message.asn) + "\n"
string += self.prefix(0) + "Hold Time: " + str(
message.hold_time) + "\n"
string += self.prefix(0) + "BGP Identifier: " + str(
BGPRoute.decimal_ip_to_string(message.identifier)) + "\n"
# --- Optional Parameters
string += self.prefix(0) + "Optional Parameters Length: " + str(
message.optional_parameter_length) + " Bytes" + "\n"
# Process optional parameters
if message.optional_parameter_length > 0:
string += self.prefix(0) + "Optional Parameters:" + "\n"
for parameter in message.optional_parameter:
if parameter.type == BGPStatics.OPEN_CAPABILITY:
string += self.prefix(
1) + "Parameter: Capability" + "\n"
# Process capabilities
for capability in parameter.capability_list:
if capability.type is not BGPStatics.CAPABILITY_UNKNOWN:
string += self.prefix(
2) + BGPTranslation.capability(
capability.type) + " (" + str(
capability.type) + ")\n"
else:
string += self.prefix(2) + str(
capability) + "\n"
elif parameter.type == BGPStatics.OPEN_AUTHENTICATION:
string += self.prefix(
1) + "Parameter: Authentication" + "\n"
elif parameter.type == BGPStatics.OPEN_RESERVED:
string += self.prefix(1) + "Parameter: Reserved" + "\n"
if BGPStatics.MESSAGE_TYPE_UPDATE == message.type:
# --- Divider for PCAP information
string += self.prefix(-1) + "\n"
# --- Update Message Sub-Type
string += self.prefix(
0
) + "Update Message Sub-Type: " + BGPTranslation.update_subtype(
message.subtype) + "\n"
# --- Lengths
string += self.prefix(0) + "Withdrawn Routes Length: " + str(
message.withdrawn_routes_length) + " Bytes\n"
string += self.prefix(0) + "Total Path Attribute Length: " + str(
message.path_attributes_length) + " Bytes\n"
# --- NLRI
if len(message.nlri) > 0:
string += self.prefix(0) + "Prefix (NLRI):"
if message.add_path:
string += " (AddPath)\n" + self.prefix(
0) + "Path Identifier: " + str(message.path_id)
string += "\n"
# Process NLRI
for route in message.nlri:
string += self.prefix(1) + str(route) + "\n"
# --- Path Attributes
if message.path_attributes_length > 0:
# Process path attributes
for attribute in message.path_attributes:
string += self.prefix(0) + "Path Attributes:" + "\n"
if attribute.type == BGPStatics.UPDATE_ATTRIBUTE_EXTENDED_COMMUNITIES:
# Extended Communities must be displayed in another way than other attributes
string += self.prefix(
1) + BGPTranslation.path_attribute(
attribute.type) + ":\n"
for community in attribute.extended_communities:
string += self.prefix(2) + str(community) + "\n"
else:
# We got a "normal" path attribute
string += self.prefix(
1) + BGPTranslation.path_attribute(
attribute.type) + ": " + str(attribute) + "\n"
# --- Withdrawn Routes
if message.withdrawn_routes_length > 0:
string += self.prefix(0) + "Withdrawn Routes:"
if message.add_path:
string += " (AddPath)\n" + self.prefix(
0) + "Path Identifier: " + str(message.path_id)
string += "\n"
# Process withdrawn routes
for route in message.withdrawn_routes:
string += self.prefix(1) + str(route) + "\n"
if BGPStatics.MESSAGE_TYPE_NOTIFICATION == message.type:
pass
if BGPStatics.MESSAGE_TYPE_ROUTE_REFRESH == message.type:
pass
if BGPStatics.MESSAGE_TYPE_RESERVED == message.type:
pass
# Return assembled string plus final line break
return string + "\n"
def __str__(self):
if self.parsed and not self.error:
return str(BGPRoute.decimal_ip_to_string(self.next_hop))
else:
return None