Created attachment 175678 [details] Patch for contrib/tcpdump/print-bgp.c to decode Large BGP Communities Attached is a patch for tcpdump to decode the Large BGP Community attribute (defined in draft-ietf-idr-large-community). IANA assigned BGP Path Attribute code 30 to LARGE_COMMUNITY. Similar patches were accepted in tcpdump: https://github.com/the-tcpdump-group/tcpdump/commit/bc700c426251f8d93049d71fd4c007d22b2a2aa0 OpenBSD: http://marc.info/?l=openbsd-tech&m=147629128313963&w=2 FreeBSD is used by some Internet Exchange Points to host their Route Server. An up to date tcpdump will assist this group of people in their daily operations.
this followup commit changes the patch: https://github.com/the-tcpdump-group/tcpdump/commit/e2adb166ecaf59555e18787e86ac8c828efa0acc I am merging it in as well
(In reply to Allan Jude from comment #1) Excellent catch! Yes, due to code point squatting (described here: https://tools.ietf.org/html/draft-ietf-idr-deprecate-30-31-129-02 ) Large Communities switched from 30 to 32.
For the record ... we should "simply" update tcpdump through the vendor area (with some care for capsicum).
(In reply to Pedro F. Giffuni from comment #3) The latest release of tcpdump does not yet include this patch, only tcpdump -head does. But yes, we are a number of versions of tcpdump behind
r313048 updated tcpdump in -CURRENT to 4.9.0, which supports the Large Communities feature. Because this is a security fix, it is likely to get updated in 11.0 as well.
The upgrade was merged into stable/11 on Feb 10. It will be included in FreeBSD 11.1 and later.