Wireshark-bugs: [Wireshark-bugs] [Bug 7734] New: BGP bad decoding for Graceful Restart Capabilit

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 18 Sep 2012 05:55:49 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7734

           Summary: BGP bad decoding for Graceful Restart Capability with
                    only helper support
           Product: Wireshark
           Version: 1.8.2
          Platform: x86
        OS/Version: Mac OS X 10.7
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: olivier.benghozi@xxxxxxxxxx


Build Information:
Version 1.8.2 (SVN Rev 44520 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with Cairo 1.8.6, with Pango 1.30.0, with
GLib 2.32.3, with libpcap, with libz 1.2.3, without POSIX capabilities, with
SMI
0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS
2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Aug 12 2012 22:27:54), with AirPcap.

Running on Mac OS 10.7.4 (Darwin 11.4.0), with locale .UTF-8, with libpcap
version 1.1.1, with libz 1.2.5, GnuTLS 2.12.19, Gcrypt 1.5.0, without AirPcap.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
--
BGP Capability in OPEN message: Graceful restart capability (64).
The issue is in dissectors/packet-bgp.c.

The code says:
case BGP_CAPABILITY_GRACEFUL_RESTART:
 if (clen < 6) {
 expert_add_info_format(pinfo, ti_len, PI_MALFORMED, PI_ERROR, "Capability
length %u too short, must be greater than 6", clen);
 proto_tree_add_item(cap_tree, hf_bgp_cap_unknown, tvb, offset, clen, ENC_NA);
[...]


So when the length of the capability value is smaller that 6 (6 meaning full
support of GR capa, with significants elements and at least one AFI/SAFI), the
code interprets it as erroneous.

However,as described in RFC4724: " When a sender of this capability does not
include any <AFI, SAFI> in the capability, it means that the sender is not
capable of preserving its forwarding state during BGP restart, but supports
procedures for the Receiving Speaker (as defined in Section 4.2 of this
document). In that case, the value of the Restart Time field advertised by the
sender is irrelevant".

So, length of exactly 2 is valid but has to be interpreted with a particular
meaning.

In the dissector code, a length of 2 should be a special case for this capa,
decoding as "Graceful Restart helper mode only" or something like that, and
maybe also displaying an expert message if the Restart flag is not 0 in this
case, since here it's not expected to be possible.


Example of such Capability (in hexa) captured from a recent Cisco IOS in an
OPEN message: [02 04 40 02 80 78].
Decodes as Type capability, length 4, type 0x40 (64)=Graceful Restart, value
length 2; the 0x8078 part should now decode as Graceful restart helper mode
only, First restart flag = 0 (didn't restart), Restart Time in seconds=120s
(not meaningful).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.