search

kbandla / dpkt

fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
Other
1.09k stars 270 forks source link

BGP: invalid length of packed IP address string (error reading next hop when it carry more than one IP) #485

Closed amgadhanafy closed 4 years ago

amgadhanafy commented 4 years ago

Data set from https://packetlife.net/captures/protocol/bgp/ https://packetlife.net/media/captures/BGP_MP_NLRI.cap Packet 20

next-hop has 2 ip6 (32 bytes) but considered as one IP

error

ERROR - __main__ - extract_features:88 - Error processing BGP data: packet 20 : message 1 of BGP_MP_NLRI.cap
ERROR - __main__ - extract_features:89 - BGP_data(108): b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x6c\x02\x00\x00\x00\x55\x40\x01\x01\x00\x40\x02\x04\x02\x01\xfd\xe9\x80\x04\x04\x00\x00\x00\x00\x80\x0e\x40\x00\x02\x01\x20\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\xc0\x01\x0b\xff\xfe\x7e\x00\x00\x00\x40\x20\x01\x0d\xb8\x00\x01\x00\x02\x40\x20\x01\x0d\xb8\x00\x01\x00\x01\x40\x20\x01\x0d\xb8\x00\x01\x00\x00'
ERROR - __main__ - extract_features:90 - invalid length of packed IP address string
Traceback (most recent call last):
  File "C:\Users\Amgad\PycharmProjects\bell\bgp_update.py", line 265, in inet_to_str
    return socket.inet_ntop(socket.AF_INET, inet)
ValueError: invalid length of packed IP address string

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Amgad\PycharmProjects\bell\bgp_update.py", line 81, in extract_features
    BgpFeatureExtractor.extract_update_attributes(update)
  File "C:\Users\Amgad\PycharmProjects\bell\bgp_update.py", line 207, in extract_update_attributes
    logger.debug("\t\t\t\tnext_hop: " + inet_to_str(bytes(hop)))
  File "C:\Users\Amgad\PycharmProjects\bell\bgp_update.py", line 267, in inet_to_str
    return socket.inet_ntop(socket.AF_INET6, inet)
ValueError: invalid length of packed IP address string

packet in wire shark image

amgadhanafy commented 4 years ago

As of RFC5549 Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop

Specifically, this document allows advertising with [RFC4760] of an MP_REACH_NLRI with:

  • AFI = 1
  • SAFI = 1, 2, 4, or 128
  • Length of Next Hop Address = 16 or 32
  • Next Hop Address = IPv6 address of next hop (potentially followed by the link-local IPv6 address of the next hop). This field is to be constructed as per Section 3 of [RFC2545].
  • NLRI= NLRI as per current AFI/SAFI definition This is in addition to the current mode of operation allowing advertisement of NLRI for <AFI/SAFI> of <1/1>, <1/2> and <1/4> with a next hop address of IPv4 type and advertisement of NLRI for <AFI/SAFI> of <1/128> with a next hop address of VPN-IPv4 type. The BGP speaker receiving the advertisement MUST use the Length of Next Hop Address field to determine which network-layer protocol the next hop address belongs to. When the Length of Next Hop Address field is equal to 16 or 32, the next hop address is of type IPv6. This field is to be constructed as per Section 3 of [RFC2545].

The suggested fix is handling both cases when IP4 and IP6 and next hop address length is either 16 or 32 (1 or 2 hops)