[Wireshark-bugs] [Bug 14304] New: Data field of BGP NOTIFICATION message (OPEN/Bad Peer AS) is not dissected

Tue, 02 Jan 2018 13:12:51 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14304

            Bug ID: 14304
           Summary: Data field of BGP NOTIFICATION message (OPEN/Bad Peer
                    AS) is not dissected
           Product: Wireshark
           Version: Git
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: g.djavad...@gmail.com
  Target Milestone: ---

Created attachment 16052
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16052&action=edit
BGP NOTIFICATION message (OPEN/Bad peer AS)

Build Information:
Version 2.5.0 (v2.5.0rc0-2074-g4bba9696)
--
Hello,

I noticed that data field of BGP NOTIFICATION message (OPEN message error/Bad
Peer AS) is not dissected. Though it is not specified in RFC 4271 [1]:

   If the Autonomous System field of the OPEN message is unacceptable,
   then the Error Subcode MUST be set to Bad Peer AS.  The determination
   of acceptable Autonomous System numbers is outside the scope of this
   protocol.

it is actually used by Cisco IOS and Quagga routing suite to specify invalid
peer AS number of peer. For example, below is snippet from source code of
Quagga [2]:

  /* Check neighbor as number. */
  if (remote_as != peer->as)
    {
      if (BGP_DEBUG (normal, NORMAL))
        zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
                   peer->host, remote_as, peer->as);
      bgp_notify_send_with_data (peer, 
                                 BGP_NOTIFY_OPEN_ERR, 
                                 BGP_NOTIFY_OPEN_BAD_PEER_AS,
                                 notify_data_remote_as, 2);
      return -1;
    }


I have attached BGP messages exchange between Cisco IOS and Quagga, both peers
use data field to indicate wrong AS number. Thanks.


[1] https://tools.ietf.org/html/rfc4271#section-6.2
[2] http://git.savannah.gnu.org/cgit/quagga.git/tree/bgpd/bgp_packet.c

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to