search

DE-CIX / pbgp-parser

PCAP BGP Parser
Other
85 stars 21 forks source link

Incorrect NLRIs and mask displayed #35

Open johannesmoos opened 4 years ago

johannesmoos commented 4 years ago

Environment

$ pbgpp.py --version                                
pbgpp PCAP BGP Parser v0.2.22

$ python --version
Python 3.8.2

Result: pbgpp shows nonexistent NLRIs and masks for (some) input files with many UPDATE messages. That's my guess. Might also result from another factor.

Example:

|- Update Message Sub-Type: NONE
|- Withdrawn Routes Length: 0 Bytes
|- Total Path Attribute Length: 0 Bytes
|- Prefix (NLRI):
|--- 1.1.0.64/64
|--- 22.0.0.0/2
|--- 5.0.0.0/2
|--- 0.0.0.0/0
|--- 71.0.0.62/62
|--- 0.3.33.254/71
|--- 0.0.0.0/0
|--- 28.0.0.52/32
|--- 64.3.4.0/23
|--- 81.194.255.192/80
|--- 8.0.0.0/7
|--- 0.0.0.0/0
|--- 23.162.158.132/52
|--- 20.0.0.0/1
|--- 18.64.20.104/104
|--- 240.20.104.0/17
|--- 208.20.0.0/16
|--- 16.144.20.104/104
|--- 176.23.23.0/17
|--- 38.24.1.1/227
|--- 24.0.0.0/1
|--- 0.0.0.0/1

Output is mixed between:

I'm assuming there's an overflow at some point which causes the result.

How to reproduce: Parse the attached PCAP:

pbgpp.py --pcap example.pcap -f HUMAN_READABLE

Example PCAP: example.pcap.zip

thannaske commented 4 years ago

Hey JMo,

I've looked into the example PCAP and was able to reproduce the problem. I've filed pull request https://github.com/de-cix/pbgp-parser/pull/36 that seems to fix the occurred problem.

Could you please verify that this resolves the issue with some other test PCAPs?

I don't know whether you are familiar with running pbgpp directly from source, so I'll quicky explain it so others could reproduce and check, too.

johannesmoos commented 4 years ago

Hi Tobias,

thanks for the quick fix. Looks good to me. Will do some more tests and then we can merge the PR.

JMo

mengkoonlim commented 4 years ago

I ran into the same problem, and your fix addressed it. Thanks!