Due to a incorrect check the details of MCAST-VPN NLRI were
never dissected. Also the Originating Router's IP Addr of a
S-PMSI A-D Route was not dissected.
Bug: 15307
Change-Id: Ic7481ed034e4cbf0dcab4aa150f05da2f5aac508
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30796
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.
It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so. When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.
With this check in place, an incorrect length computation is revealed at a
callsite. This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.
Testing Done: Built wireshark on Linux amd64. Using bgp.pcap from the Sample
Captures page on the wiki, verified that the dissection of the UPDATE
packets were unaltered by this fix. Using the capture attached to bug 13741
(clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
packet no longer triggers the "too many items" exception, instead we see
an Expert Info for each oversized Path Attribute length, and eventually an
exception for "length of contained item exceeds length of containing item".
30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
of randpkt-test too. Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
Attribute at the end of the Path Attributes list; Before this change, an
exception is raised during dissection, but after this change it is dissected
correctly.
Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtmlhttps://tools.ietf.org/html/rfc4893
-------------------------------------------
NEW BGP speakers carry AS path information expressed in terms of 4-
octet Autonomous Systems numbers by using the existing AS_PATH
attribute, except that each AS number in this attribute is encoded
not as a 2-octet, but as a 4-octet entity. The same applies to the
AGGREGATOR attribute - NEW BGP speakers use the same attribute,
except that the AS carried in this attribute is encoded as a 4-octet
entity.
-------------------------------------------
Change-Id: I4ccfc2c18e8777a800211dd285550723ac0da872
Reviewed-on: https://code.wireshark.org/review/26647
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
NLRIs can contain path identifiers as defined in RFC7911.
This commit adopts the IPv4 heuristic to IPv6 to detect usage
of additional path identifier.
Bug: 14241
Change-Id: I6b99c079b12d1f9a3e05b152a5540a621076e965
Reviewed-on: https://code.wireshark.org/review/26157
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
AS23456 is reserved in RFC6793 for 32-bit AS number range as AS_TRANS.
Add an additional text "(AS_TRANS)" to AS 23456 items.
Bug: 14305
Change-Id: I1a0ea9e07c74b7e409cb32e2da55dbf233a2348d
Reviewed-on: https://code.wireshark.org/review/25172
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to RFC 5492 [1], paragraph 5, Data field of BGP
notification for Open message error/unsupported capability must
list the set of unsupported capabilities
Bug: 14274
Change-Id: Iacd33b5c83bc234652d2a5444f0029640d33e1c5
Reviewed-on: https://code.wireshark.org/review/24829
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14200
Change-Id: I6d8ac6aae952db21e69fa323fb1e74782d95d1c4
Reviewed-on: https://code.wireshark.org/review/24362
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14241
Change-Id: I5e66b034cf5cd14e2557e5b7bfa3045c2232d1ae
Reviewed-on: https://code.wireshark.org/review/24553
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Display LACP Port Key/root Bridge Priority in Dec and Hex
mSTP => MSTP
Change-Id: I7079250da134e4bb60d2d5373bfdf2f31235f07a
Ping-Bug: 14200
Reviewed-on: https://code.wireshark.org/review/24401
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Passing multiple labels information with BGP has come to be used
together with segment routing.
Change-Id: Ifd45eb0a875ed4a166e44441955e5e42ce84a7ca
Reviewed-on: https://code.wireshark.org/review/22944
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Kura
Bug: 13872
Change-Id: I054839a9e141fa4a882114b150842366c090d012
Reviewed-on: https://code.wireshark.org/review/22537
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12296
Change-Id: Ib49396e2822f6ee0082aedd39ed8636379bbd75a
Reviewed-on: https://code.wireshark.org/review/21726
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also added display of lower-order four bits of the Attribute Flags ("unused").
Current implementation of displaying path attribute flags shows flag description twice if the flag was set.
For example, with Optional and Length set, the attribute flags were displayed as follows:
Flags: 0x90, Optional, Length: Optional, Non-transitive, Complete, Extended Length
1... .... = Optional: Optional
.0.. .... = Transitive: Non-transitive
..0. .... = Partial: Complete
...1 .... = Length: Extended length
Now they are displayed as follows:
Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
1... .... = Optional: Set
.0.. .... = Transitive: Not set
..0. .... = Partial: Not set
...1 .... = Extended-Length: Set
.... 0000 = Unused: 0x0
Change-Id: Iec3c92ac2383dd3f736598b089a74f0f3c165bae
Reviewed-on: https://code.wireshark.org/review/20732
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'Type Code' (bgp.update.path_attribute.type_code) has a conflicting entry in its value_string: 29 is at indices 19 (LINK_STATE) and 20 (Deprecated))
Change-Id: Ifd0c7a2a095d2b216115b94ca0b71e0dca2213ee
Reviewed-on: https://code.wireshark.org/review/20741
Reviewed-by: Michael Mann <mmann78@netscape.net>
not limited to len = 4 (can be a multiple of 4)
Bug: 13521
Change-Id: I668dbff6d8a7b0a4260da31393bb70d2c5431455
Reviewed-on: https://code.wireshark.org/review/20705
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC5575 says Route Distinguisher is inserted between "length" and "NLRI
value" fields when the BGP NLRI type is VPNv4 Flow Spec (AFI=1,
SAFI=134) and this is the same for VPNv6 and L2VPN.
This patch fixes the BGP dissector to decode the missing Route
Distinguisher field in Flow Spec NLRI decoder.
Change-Id: Ib45d96bb399b80be69ca70ea552d2c07b07a9782
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Reviewed-on: https://code.wireshark.org/review/20653
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I87454ea95bc64a39e4e60ba374e9cafb574e744c
Reviewed-on: https://code.wireshark.org/review/20501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7cb6f73efb1e37eba977dc6912041d5969989696
Reviewed-on: https://code.wireshark.org/review/20399
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Shutdown communication is now also allowed on Admin Reset NOTIFICATION messages:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-idr-shutdown-04.txt
Change-Id: I6450d3d5de5aef4bd709ba2b211ca717784b00a7
Reviewed-on: https://code.wireshark.org/review/19886
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do the NLRI length checks in the switch cases for each route type, and
do them for *all* route types, rather than throwing a random check in
for one particular route type.
There is no need to fail up front for unknown route types; at least
dissect the type and length, and fail in the switch statement.
Dissect the route descriptor in each of the switch cases, after the
length check, rather than doing it up front.
Add a comment noting where the prefix route type comes from.
Change-Id: Iae26ecd467d4b36dbcf52e7998bd2881405281aa
Reviewed-on: https://code.wireshark.org/review/19774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When decode_prefix4() gets called with more prefixes the length of
proto_tree_add_subtree_format() should not be the total length.
As the "Withdrawn route" part was the only one where decode_prefix4() has
been called with a tlen not equal 0 we can eliminate the tlen parameter.
Bug: 13146
Change-Id: I708dec2cecbed6054b60190104b82c72d54e8037
Reviewed-on: https://code.wireshark.org/review/18852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>