https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15631
Bug ID: 15631
Summary: BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label
stack not decoded
Product: Wireshark
Version: 3.0.0
Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 17002
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17002&action=edit
BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN packet
Build Information:
Wireshark 3.0.0 (v3.0.0-0-g937e33de)
Copyright 1998-2019 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.12.1, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with
libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with
bcg729.
Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Core(TM)
i7-7820HQ CPU @ 2.90GHz (with SSE4.2), with 64946 MB of physical memory, with
locale German_Germany.1252, with WinPcap version 4.1.3 (packet.dll version 10,
2, 0, 5002), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (0
loaded).
Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).
--
Dear all,
Wireshark can't decode BGP Update Message with Path Attribute - MP_REACH_NLRI.
On that packet the label stack isn't decoded. As defined in RFC7432
https://www.rfc-editor.org/rfc/rfc7432.txt the MAC Advertisement Route (2) is
defined as:
A MAC/IP Advertisement route type specific EVPN NLRI consists of the
following:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MAC Address Length (1 octet) |
+---------------------------------------+
| MAC Address (6 octets) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| IP Address (0, 4, or 16 octets) |
+---------------------------------------+
| MPLS Label1 (3 octets) |
+---------------------------------------+
| MPLS Label2 (0 or 3 octets) |
+---------------------------------------+
Wireshark isn't able to decode the labels. Instead the Expert infos states,
that the packet is malformed. In the attached capture is a single packet which
shows the problem. Here it should decode Label 1=1 and Label 2=1000.
Happy debugging
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:[email protected]?subject=unsubscribe
