search

kbandla / dpkt

fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
Other
1.09k stars 270 forks source link

BGP: Error reading Extended NLRI routes #481

Closed amgadhanafy closed 3 years ago

amgadhanafy commented 4 years ago

I tried to read file https://packetlife.net/media/captures/bgp-add-path.cap

when opened using wireshark it shows the following

image

but when opened using dpkt.bgp.BGP(bgp_data) it gives the following error

DEBUG - __main__ - test:308 - ***************cap file : bgp-add-path.cap***************
ERROR - __main__ - extract_features:88 - Error processing BGP data: packet 6 : message 1 of bgp-add-path.cap
ERROR - __main__ - extract_features:89 - BGP_dat(89): b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x59\x02\x00\x00\x00\x30\x40\x01\x01\x00\x40\x02\x06\x02\x01\x00\x00\xfb\xff\x40\x03\x04\x0a\x00\x0e\x01\x80\x04\x04\x00\x00\x00\x00\x40\x05\x04\x00\x00\x00\x64\x80\x0a\x04\x0a\x00\x22\x04\x80\x09\x04\x0a\x00\x0f\x01\x00\x00\x00\x01\x20\x05\x05\x05\x05\x00\x00\x00\x01\x20\xc0\xa8\x01\x05'
ERROR - __main__ - extract_features:90 - invalid ASPathSegment: b'\xfb\xff'
Traceback (most recent call last):
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 95, in __init__
    self.unpack(args[0])
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\bgp.py", line 423, in unpack
    AS = struct.unpack('>H', self.data[:2])[0]
struct.error: unpack requires a buffer of 2 bytes

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Amgad\PycharmProjects\bell\bgp_update.py", line 72, in extract_features
    bgp_element = dpkt.bgp.BGP(bgp)
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 95, in __init__
    self.unpack(args[0])
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\bgp.py", line 161, in unpack
    self.data = self.update = self.Update(self.data)
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 95, in __init__
    self.unpack(args[0])
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\bgp.py", line 272, in unpack
    attr = self.Attribute(self.data)
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 95, in __init__
    self.unpack(args[0])
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\bgp.py", line 351, in unpack
    self.data = self.as_path = self.ASPath(self.data)
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 95, in __init__
    self.unpack(args[0])
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\bgp.py", line 401, in unpack
    seg = self.ASPathSegment(self.data)
  File "C:\Users\Amgad\PycharmProjects\dpkt\dpkt\dpkt.py", line 99, in __init__
    raise UnpackError('invalid %s: %r' %
dpkt.dpkt.UnpackError: invalid ASPathSegment: b'\xfb\xff'
amgadhanafy commented 4 years ago

@kbandla can you please check this one

kbandla commented 4 years ago

Looks like i should run the entire bgp pcap corpus from that collection!

amgadhanafy commented 4 years ago

@kbandla I think this issue related to Four-Octet Autonomous System (AS) Number Space https://tools.ietf.org/html/rfc6793

amgadhanafy commented 4 years ago

image

Several issues when processing this packet 1- unpacked packet length is wrong(90 instead of 89) 2- announced routes length is wrong (11 instead of 2) routes are resolved as [RouteIPV4(0.0.0.0/0), RouteIPV4(0.0.0.0/0), RouteIPV4(0.0.0.0/0), RouteIPV4(32.0.0.0/1), RouteIPV4(5.0.0.0/5), RouteIPV4(5.0.0.0/5), RouteIPV4(0.0.0.0/0), RouteIPV4(0.0.0.0/0), RouteIPV4(0.0.0.0/0), RouteIPV4(32.0.0.0/1), RouteIPV4(168.1.5.0/192)]

amgadhanafy commented 4 years ago

There are 2 issues

  1. As of rfc7911 Advertisement of Multiple Paths in BGP

    1. Extended NLRI Encodings

      In order to carry the Path Identifier in an UPDATE message, the NLRI encoding MUST be extended by prepending the Path Identifier field, which is of four octets.

      For example, the NLRI encoding specified in [RFC4271] is extended as the following:

                +--------------------------------+
          | Path Identifier (4 octets)     |
          +--------------------------------+
          | Length (1 octet)               |
          +--------------------------------+
          | Prefix (variable)              |
          +--------------------------------+

      the current implementation doesn't support the extended path identifier

  2. As of rfc6793 BGP Support for Four-Octet Autonomous System (AS) Number Space ASPath have 2 types Old and new Old is 2 Octet (the current implementation) new is 4 octet

PR will be introduced to fix both issues