[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6188

           Summary: Enhancement in bgp dissector
           Product: Wireshark
           Version: 1.6.1
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: maximivanov@xxxxxxx


Build Information:
Version 1.6.1 (SVN Rev 38096 from /trunk-1.6)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Jul
18 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

--
Good day.

In some BGP captures the AS_PATH attribute was decode wrong, if the asn length
determines automatically (for example see
http://packetlife.net/captures/4-byte_AS_numbers_Full_Support.cap, packets #6).

Here is code for determine the asn length:

 /* estimate the length of the AS number */
                    if (bgpa.bgpa_type == BGPTYPE_NEW_AS_PATH)
                        asn_len = 4;
                    else {
                        if (bgp_asn_len == 0) {
                            k = q;
                            while (k < end) {
                                k++;
                                length = tvb_get_guint8(tvb, k++);
                                k += length * 2;
                            }
                            asn_len = (k == end) ? 2 : 4;
                        }
                        else {
                            asn_len = bgp_asn_len;
                        }
                    }

This algorythm is based on one check - is the tail of the attribute is equal to
the tail of the last asn in the last segment.

I suggest to add 2 parameters: presence of asn==0 and presence of unknown
segment type. if at least one of parameters is "active", the length of asn is
4.

Here is codes example

/* estimate the length of the AS number */
if (bgpa.bgpa_type == BGPTYPE_NEW_AS_PATH)
    asn_len = 4;
else
{        
    if (bgp_asn_len == 0)
    {
        unsigned unknown_segment_type = 0;
        unsigned asn_is_null = 0;
        asn_len = 2;
        k = q;
        while (k < end)
        {
            type = tvb_get_guint8(tvb, k++);

            if (type != AS_SET &&
                type != AS_SEQUENCE &&
                type != AS_CONFED_SEQUENCE &&
                type != AS_CONFED_SEQUENCE)
                unknown_segment_type = 1;

            length = tvb_get_guint8(tvb, k++);

            for (unsigned d = 0; d < length; d++) 
            {                        
                if(tvb_get_ntohs(tvb, k) == 0)
                    asn_is_null = 1;
                k += 2;
            }                    
        }                        
        if(k != end || 
            unknown_segment_type || 
            asn_is_null)                        
            asn_len = 4;
    }
    else                    
        asn_len = bgp_asn_len;        
}

I hope my suggestion will be helpful.

P.S. Sorry for my english )

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.