I'm running tcpdump (version 4.99.1) on my Ubuntu server to monitor BGP traffic. My environment uses Multiprotocol BGP, and I realized the hard way that my instance of tcpdump doesn't offer support for some BGP protocols, specifically Flowspec. (SAFI 133 and 134) When I capture that traffic, tcpdump reports:

      Origin (1), length: 1, Flags [T]: IGP
        0x0000:  00
      AS Path (2), length: 6, Flags [T]: 12345
        0x0000:  0000 0000 0000
      Multi-Protocol Reach NLRI (14), length: 15, Flags [O]:
        AFI: IPv4 (1), vendor specific SAFI: Unknown SAFI (133)
        no AFI 1 / SAFI 133 decoder

"no AFI 1 / SAFI 133 decoder" - that's not a welcome message.

A little Googling and some discussion with ChatGPT suggests that if I want tcpdump to be able to read these packets, I'll have to write the Flowspec decoders myself. Does that seem right? Am I the first engineer to ever hit this problem? I'm hoping there's an archive somewhere where someone else has cracked the problem. All responses welcome.