https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14304
Bug ID: 14304
Summary: Data field of BGP NOTIFICATION message (OPEN/Bad Peer
AS) is not dissected
Product: Wireshark
Version: Git
Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
Severity: Minor
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: g.djavad...@gmail.com
Target Milestone: ---
Created attachment 16052
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16052&action=edit
BGP NOTIFICATION message (OPEN/Bad peer AS)
Build Information:
Version 2.5.0 (v2.5.0rc0-2074-g4bba9696)
--
Hello,
I noticed that data field of BGP NOTIFICATION message (OPEN message error/Bad
Peer AS) is not dissected. Though it is not specified in RFC 4271 [1]:
If the Autonomous System field of the OPEN message is unacceptable,
then the Error Subcode MUST be set to Bad Peer AS. The determination
of acceptable Autonomous System numbers is outside the scope of this
protocol.
it is actually used by Cisco IOS and Quagga routing suite to specify invalid
peer AS number of peer. For example, below is snippet from source code of
Quagga [2]:
/* Check neighbor as number. */
if (remote_as != peer->as)
{
if (BGP_DEBUG (normal, NORMAL))
zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
peer->host, remote_as, peer->as);
bgp_notify_send_with_data (peer,
BGP_NOTIFY_OPEN_ERR,
BGP_NOTIFY_OPEN_BAD_PEER_AS,
notify_data_remote_as, 2);
return -1;
}
I have attached BGP messages exchange between Cisco IOS and Quagga, both peers
use data field to indicate wrong AS number. Thanks.
[1] https://tools.ietf.org/html/rfc4271#section-6.2
[2] http://git.savannah.gnu.org/cgit/quagga.git/tree/bgpd/bgp_packet.c
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe