Wireshark-bugs: [Wireshark-bugs] [Bug 10779] New: Error in decode: BGP Update Message "Malformed
Date: Mon, 15 Dec 2014 19:12:51 +0000
Bug ID | 10779 |
---|---|
Summary | Error in decode: BGP Update Message "Malformed Packet" |
Product | Wireshark |
Version | 1.12.1 |
Hardware | x86 |
OS | Windows Server 2008 R2 |
Status | UNCONFIRMED |
Severity | Major |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows Server 2008 Service Pack 2, build 6002, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i7-3840QM CPU @ 2.80GHz, with 4094MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 -- Decode of a BGP session results in nearly all update packets flagged as malformed. Also NLRI (e.g. 91.220.91.0/24, for the first update) is missing from the decode in most cases. tcpdump 4.3.0 on my laptop is able to decode the trace with no apparent errors: tcpdump version 4.3.0 -- Apple version 59 libpcap version 1.5.3 - Apple version 47 For the first packet, tcpdump shows: 12:13:32.158452 IP (tos 0xe0, ttl 252, id 15184, offset 0, flags [DF], proto TCP (6), length 596) user-24-96-153-224.knology.net.bgp > 10.98.215.12.31235: Flags [P.], cksum 0xa694 (correct), seq 3092138782:3092139326, ack 3519486154, win 16384, options [nop,nop,TS val 2015578667 ecr 2503446345], length 544: BGP, length: 544 Update Message (2), length: 143 Origin (1), length: 1, Flags [T]: IGP AS Path (2), length: 16, Flags [T]: 3257 12883 6703 23456 23456 23456 23456 AS4 Path (17), length: 30, Flags [OT]: 3257 12883 6703 3.750 3.750 3.750 3.750 Next Hop (3), length: 4, Flags [T]: xe-10-1-1.chi11.ip4.gtt.net Multi Exit Discriminator (4), length: 4, Flags [O]: 1234 Local Preference (5), length: 4, Flags [T]: 100 Community (8), length: 36, Flags [OT]: 3257:4000, 3257:8092, 3257:50001, 3257:50111, 3257:54800, 3257:54801, 12083:6016, 12083:7014, 12083:65100 Updated routes: 91.220.91.0/24 Update Message (2), length: 155 Origin (1), length: 1, Flags [T]: IGP AS Path (2), length: 16, Flags [T]: 3356 12883 6703 23456 23456 23456 23456 AS4 Path (17), length: 30, Flags [OT]: 3356 12883 6703 3.750 3.750 3.750 3.750 Next Hop (3), length: 4, Flags [T]: xe-7-2-0.edge4.chicago3.level3.net Multi Exit Discriminator (4), length: 4, Flags [O]: 0 Local Preference (5), length: 4, Flags [T]: 100 Community (8), length: 48, Flags [OT]: 3356:2, 3356:22, 3356:100, 3356:123, 3356:513, 3356:2084, 12083:6016, 12083:7001, 12083:65100, 12883:1, 12883:109, 12883:11044 Updated routes: 91.220.91.0/24 Update Message (2), length: 134 Origin (1), length: 1, Flags [T]: IGP AS Path (2), length: 10, Flags [T]: 3356 9498 9730 58678 Next Hop (3), length: 4, Flags [T]: xe-9-3-0.bar1.cleveland1.level3.net Multi Exit Discriminator (4), length: 4, Flags [O]: 0 Local Preference (5), length: 4, Flags [T]: 100 Community (8), length: 48, Flags [OT]: 3356:3, 3356:22, 3356:100, 3356:123, 3356:575, 3356:2003, 3356:11032, 12083:6022, 12083:7001, 12083:65100, 64980:0, 65000:0 Originator ID (9), length: 4, Flags [O]: 76-73-168-1.knology.net Cluster List (10), length: 8, Flags [O]: 10.0.0.7, 10.0.0.4 Updated routes: 103.226.4.0/24 Update Message (2), length: 112 Origin (1), length: 1, Flags [T]: IGP AS Path (2), length: 10, Flags [T]: 3356 9498 9730 58678 Next Hop (3), length: 4, Flags [T]: xe-7-2-0.edge4.chicago3.level3.net Multi Exit Discriminator (4), length: 4, Flags [O]: 0 Local Preference (5), length: 4, Flags [T]: 100 Community (8), length: 44, Flags [OT]: 3356:3, 3356:22, 3356:100, 3356:123, 3356:575, 3356:2003, 12083:6016, 12083:7001, 12083:65100, 64980:0, 65000:0 Updated routes: 103.226.4.0/24 While tshark shows: Frame 1: 610 bytes on wire (4880 bits), 610 bytes captured (4880 bits) Encapsulation type: Ethernet (1) Arrival Time: Dec 15, 2014 12:13:32.158452000 EST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1418663612.158452000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 610 bytes (4880 bits) Capture Length: 610 bytes (4880 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:bgp] Ethernet II, Src: Vmware_01:04:f9 (00:50:56:01:04:f9), Dst: Vmware_01:04:bd (00:50:56:01:04:bd) Destination: Vmware_01:04:bd (00:50:56:01:04:bd) Address: Vmware_01:04:bd (00:50:56:01:04:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Vmware_01:04:f9 (00:50:56:01:04:f9) Address: Vmware_01:04:f9 (00:50:56:01:04:f9) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 24.96.153.224 (24.96.153.224), Dst: 10.98.215.12 (10.98.215.12) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes Differentiated Services Field: 0xe0 (DSCP 0x38: Class Selector 7; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 1110 00.. = Differentiated Services Codepoint: Class Selector 7 (0x38) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 596 Identification: 0x3b50 (15184) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 252 Protocol: TCP (6) Header checksum: 0xacc4 [validation disabled] [Good: False] [Bad: False] Source: 24.96.153.224 (24.96.153.224) Destination: 10.98.215.12 (10.98.215.12) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 179 (179), Dst Port: 31235 (31235), Seq: 1, Ack: 1, Len: 544 Source Port: 179 (179) Destination Port: 31235 (31235) [Stream index: 0] [TCP Segment Len: 544] Sequence number: 1 (relative sequence number) [Next sequence number: 545 (relative sequence number)] Acknowledgment number: 1 (relative ack number) Header Length: 32 bytes .... 0000 0001 1000 = Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 16384 [Calculated window size: 16384] [Window size scaling factor: -1 (unknown)] Checksum: 0xa694 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Urgent pointer: 0 Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 2015578667, TSecr 2503446345 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 2015578667 Timestamp echo reply: 2503446345 [SEQ/ACK analysis] [Bytes in flight: 544] Border Gateway Protocol - UPDATE Message Marker: ffffffffffffffffffffffffffffffff Length: 143 Type: UPDATE Message (2) Withdrawn Routes Length: 0 Total Path Attribute Length: 116 Path attributes Path Attribut - ORIGIN: IGP Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: ORIGIN (1) Length: 1 Origin: IGP (0) Path Attribut - AS_PATH: 3257 12883 6703 23456 23456 23456 23456 Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: AS_PATH (2) Length: 16 AS Path segment: 3257 12883 6703 23456 23456 23456 23456 Segment type: AS_SEQUENCE (2) Segment length (number of ASN): 7 AS2: 3257 AS2: 12883 AS2: 6703 AS2: 23456 AS2: 23456 AS2: 23456 AS2: 23456 Path Attribut - AS4_PATH: 3257 12883 6703 197358 197358 197358 197358 72172365 1837106180 1234 67108864 1690306596 213454752 213458844 213500753 3284077753 3591376057 3591450419 394276659 459681587 4266399835 Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete 1... .... = Optional: Optional .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: AS4_PATH (17) Length: 30 AS Path segment: 3257 12883 6703 197358 197358 197358 197358 Segment type: AS_SEQUENCE (2) Segment length (number of ASN): 7 AS4: 3257 AS4: 12883 AS4: 6703 AS4: 197358 AS4: 197358 AS4: 197358 AS4: 197358 AS Path segment: 72172365 1837106180 1234 Segment type: Unknown (64) Segment length (number of ASN): 3 AS4: 72172365 AS4: 1837106180 AS4: 1234 AS Path segment: 67108864 1690306596 213454752 213458844 213500753 Segment type: Unknown (64) Segment length (number of ASN): 5 AS4: 67108864 AS4: 1690306596 AS4: 213454752 AS4: 213458844 AS4: 213500753 AS Path segment: 3284077753 3591376057 3591450419 394276659 459681587 4266399835 Segment type: Unknown (12) Segment length (number of ASN): 185 AS4: 3284077753 AS4: 3591376057 AS4: 3591450419 AS4: 394276659 AS4: 459681587 AS4: 4266399835 [Malformed Packet: BGP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Border Gateway Protocol - UPDATE Message Marker: ffffffffffffffffffffffffffffffff Length: 155 Type: UPDATE Message (2) Withdrawn Routes Length: 0 Total Path Attribute Length: 128 Path attributes Path Attribut - ORIGIN: IGP Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: ORIGIN (1) Length: 1 Origin: IGP (0) Path Attribut - AS_PATH: 219951699 439311264 1537235872 1537261585 503449344 859136 3298048 788529922 3992978178 3992978178 3992978178 3997172484 70607401 2147746816 64 84148224 6602760 806165504 34413568 369957888 1678580736 2064456706 17 Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: AS_PATH (2) Length: 16 AS Path segment: 219951699 439311264 1537235872 1537261585 503449344 859136 3298048 Segment type: AS_SEQUENCE (2) Segment length (number of ASN): 7 AS4: 219951699 AS4: 439311264 AS4: 1537235872 AS4: 1537261585 AS4: 503449344 AS4: 859136 AS4: 3298048 AS Path segment: 788529922 3992978178 3992978178 3992978178 3997172484 70607401 2147746816 64 84148224 6602760 806165504 34413568 369957888 1678580736 2064456706 17636360 607073047 2150576923 1496265726 1278366464 20075264 1832014635 60557 Segment type: Unknown (0) Segment length (number of ASN): 26 AS4: 788529922 AS4: 3992978178 AS4: 3992978178 AS4: 3992978178 AS4: 3997172484 AS4: 70607401 AS4: 2147746816 AS4: 64 AS4: 84148224 AS4: 6602760 AS4: 806165504 AS4: 34413568 AS4: 369957888 AS4: 1678580736 AS4: 2064456706 AS4: 17636360 AS4: 607073047 AS4: 2150576923 AS4: 1496265726 AS4: 1278366464 AS4: 20075264 AS4: 1832014635 AS4: 605576156 [Malformed Packet: BGP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Border Gateway Protocol - UPDATE Message Marker: ffffffffffffffffffffffffffffffff Length: 134 Type: UPDATE Message (2) Withdrawn Routes Length: 0 Total Path Attribute Length: 107 Path attributes Path Attribut - ORIGIN: IGP Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: ORIGIN (1) Length: 1 Origin: IGP (0) Path Attribut - AS_PATH: 219948314 637723958 1073939460 902123904 [0, 1074070528, 25792, 137366812] 219938838 219938916 219938939 37686556 131271964 723005235 394669875 458829619 4266458580 65000 32777 72108456 25168392 167772167 167772164 Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: AS_PATH (2) Length: 10 AS Path segment: 219948314 637723958 1073939460 902123904 Segment type: AS_SEQUENCE (2) Segment length (number of ASN): 4 AS4: 219948314 AS4: 637723958 AS4: 1073939460 AS4: 902123904 AS Path segment: [0, 1074070528, 25792, 137366812] Segment type: AS_CONFED_SET (4) Segment length (number of ASN): 4 AS4: 0 AS4: 1074070528 AS4: 25792 AS4: 137366812 AS Path segment: 219938838 219938916 219938939 Segment type: Unknown (0) Segment length (number of ASN): 3 AS4: 219938838 AS4: 219938916 AS4: 219938939 AS Path segment: 37686556 131271964 723005235 394669875 458829619 4266458580 65000 32777 72108456 25168392 167772167 167772164 409461252 Segment type: Unknown (13) Segment length (number of ASN): 28 AS4: 37686556 AS4: 131271964 AS4: 723005235 AS4: 394669875 AS4: 458829619 AS4: 4266458580 AS4: 65000 AS4: 32777 AS4: 72108456 AS4: 25168392 AS4: 167772167 AS4: 167772164 AS4: 409461252 [Malformed Packet: BGP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Border Gateway Protocol - UPDATE Message Marker: ffffffffffffffffffffffffffffffff Length: 112 Type: UPDATE Message (2) Withdrawn Routes Length: 0 Total Path Attribute Length: 85 Path attributes Path Attribut - ORIGIN: IGP Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: ORIGIN (1) Length: 1 Origin: IGP (0) Path Attribut - AS_PATH: 219948314 637723958 1073939460 895625600 [0, 1074070528, 25792, 137104668] 219938838 219938916 219938939 37686556 131280691 394276659 458829619 4266458580 65000 6247 Flags: 0x40, Transitive: Well-known, Transitive, Complete 0... .... = Optional: Well-known .1.. .... = Transitive: Transitive ..0. .... = Partial: Complete ...0 .... = Length: Regular length Type Code: AS_PATH (2) Length: 10 AS Path segment: 219948314 637723958 1073939460 895625600 Segment type: AS_SEQUENCE (2) Segment length (number of ASN): 4 AS4: 219948314 AS4: 637723958 AS4: 1073939460 AS4: 895625600 AS Path segment: [0, 1074070528, 25792, 137104668] Segment type: AS_CONFED_SET (4) Segment length (number of ASN): 4 AS4: 0 AS4: 1074070528 AS4: 25792 AS4: 137104668 AS Path segment: 219938838 219938916 219938939 Segment type: Unknown (0) Segment length (number of ASN): 3 AS4: 219938838 AS4: 219938916 AS4: 219938939 AS Path segment: 37686556 131280691 394276659 458829619 4266458580 65000 6247 Segment type: Unknown (13) Segment length (number of ASN): 28 AS4: 37686556 AS4: 131280691 AS4: 394276659 AS4: 458829619 AS4: 4266458580 AS4: 65000 AS4: 6247 [Malformed Packet: BGP] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Charles
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- Prev by Date: [Wireshark-bugs] [Bug 10760] giop dissector produces Lua Error "C stack overflow"
- Next by Date: [Wireshark-bugs] [Bug 10695] Lua Proto:register_heuristic should accept Dissector object or leave out function entirely
- Previous by thread: [Wireshark-bugs] [Bug 4357] new_packet_list: GtkTreeView::expander-size determines minimum row height size of new packet list records
- Next by thread: [Wireshark-bugs] [Bug 10779] Error in decode: BGP Update Message "Malformed Packet"
- Index(es):