ISIS Replay script - replay packets from a dump file

As I have shown in an older post, the pyrt isis python module, as I have modified it, does all the work on capturing ISIS packets, parse the packets and save them in a dump file. The pyrt package also contains another useful script, mrtd.py, which can be run separately as it has its' own main function, which provides the necessary code for reading the packets which were saved in a binary format in a dump file and parse them just like in a live capture.

When creating the replay.py script, I have used the code from these pyrt modules to parse the packets from a given dump file and replay them - that is send it back to the given layer 2 address - which can be the multicast address for level 1 ISIS routers, the multicast layer 2 address for level 2 ISIS routers, or an unicast address (by default, the original source address becomes destination address). So basicaly, what I have done is :

1. read all the packages from the dump file
2. take each package which matches the filter - there can be multiple filters - the message type (the default message type to be replayed is the CSNP packets, which contain the necessary information to recreate the topology from scratch), the area-id, etc - and another filters can be easily added.
3. send the package back on a multicast address or to an unicast address

here is how the help option now shows when I run ./replay.py -h (or --help):

gabi@gsoc13:~/isis_tool/isis$ ./replay.py --help
Usage: replay.py [ options ]:
        -h|--help      : Help
        -v|--verbose   : Be verbose
        -t|--type      : ISIS Message type
              0:  "NULL",
              2:  "ESH",
              4:  "ISH",
              6:  "RD",
              15: "L1LANHello",
              16: "L2LANHello",
              17: "PPHello",
              18: "L1LSP",
              20: "L2LSP",
              24: "L1CSN",
              25: "L2CSN",
              26: "L1PSN",
              27: "L2PSN",
        -a|--area-addr  : set the area address to which this IS belongs
        --device        : Set the device to send on the replayed packets
        -f|--file      : Set file name to parse (def: mrtd.mrtd)

Let's try replay-ing the CSNP packets found in a dump file. 

This is the most basic way the script can be called:

sudo ./replay.py -f mrtd.mrtd.2013-07-31_21.45.16 -t 24

the "-t 24" filter is optional in the case for csnp packets, since this is the default message type which the script is set to run.

While the script runs and matches the csnp packets from the dump file, I run separately a tcpdump on the eth0 device (the default one, on which the packets are retransmitted). This is how the results look in wireshark, when running"

 gabi@gsoc13:~$ sudo tcpdump -i eth0 -s 0 -w capture_file isis

Currently, I am working on allowing more filters to be added, and to check whether the actual packets which are read from the dump file came from a remote router or from another local interface.

IS-IS replay tool IPv6 support

I added the IPv6 support to the sniffing tool. The IPv6 messages appear inside the HELLO messages.
In the example below, both IPv4 and IPv6 protocols are supported and parsed:

L1LANHello (len=1500):
    src mac: 00.0c.29.f4.67.aa, dst mac: 01.80.c2.00.00.14
    len: 1500, LLC: 0xfe.fe.03
    hdr_len: 27, protocol id: 1, version: 1, eco: 0, user eco: 0
    circuit type: L1Circuit, holdtimer: 50, PDU len: 1497, priority: 64
    src id: 11.11.11.11.11.11, LAN id: 11.11.11.11.11.11.01
    field: AreaAddress, length: 4
        area addresses: 0x49.00.01,
    field: IIHIISNeighbor, length: 6
        IS Neighbour 1: 00.0c.29.47.e4.a1
    field: ProtoSupported, length: 2
        protocols supported: ['IP', 'IPV6']
    field: IPIfAddr, length: 4
        interface IP addresses: ['192.168.9.131']
    field: IPv6IfAddr, length: 16
        interface IPv6 addresses: ['fe.80.00.00.00.00.00.00.02.0c.29.ff.fe.f4.67.aa']
message len is 1514

IS-IS quagga IPv6 configuration

I am going to also support IPv6 in my replay tool for this year's GSoC. In order to better understand how IPv6 works with IS-IS, here are the few changes needed to the IPv4 configuration files:

First router:

! -*- isis -*-

hostname isisd
password foo
enable password foo
log stdout

hostname isisd-router
!  area-password foobar
!  domain-password foobar

interface eth1
 ip router isis Test1
 ipv6 router isis Test1
 isis hello-interval 5
! isis lsp-interval 1000

router isis Test1
  net 49.0001.1111.1111.1111.00
  is-type level-1
  metric-style wide

Second router:

! -*- isis -*-

hostname isisd
password foo
enable password foo
log stdout

hostname isisd-router
!  area-password foobar
!  domain-password foobar

interface eth1
 ip router isis Test1
 ipv6 router isis Test1
 isis hello-interval 5

router isis Test1
  net 49.0001.2222.2222.2222.00
  is-type level-1
  metric-style wide

The two files will support both IPv4 and IPv6, if you want only one of them to be supported, simply comment one of the ip or ipv6 lines.

The two routers need to be able to 'see' each other:

ping6 -I eth1 fe80::20c:29ff:fef4:67aa
PING fe80::20c:29ff:fef4:67aa(fe80::20c:29ff:fef4:67aa) from fe80::20c:29ff:fe47:e4a1 eth1: 56 data bytes
64 bytes from fe80::20c:29ff:fef4:67aa: icmp_seq=1 ttl=64 time=1.95 ms
64 bytes from fe80::20c:29ff:fef4:67aa: icmp_seq=2 ttl=64 time=0.246 ms
64 bytes from fe80::20c:29ff:fef4:67aa: icmp_seq=3 ttl=64 time=0.299 ms

Here are the wireshark captures with the IPv6 packets. They appear in the HELLO messages.