更改BGP数据包大小小于19且大于4096
我正在ubuntu上使用bgp实现。我想对bgp数据包进行一些格式错误,bgp将我们的大小限制在19到4096之间,但是出于测试目的,我将大小更改为小于19大于4096。在此之后,当我将此数据包从一个发送到另一个时,在两个发言人之间建立了bgp会话,第二个发言人应该发送包含错误的通知消息:错误的消息长度。 但是我并没有得到它,而是在wireshark中显示格式错误的数据包,而且我也无法在wireshark中打开该数据包。有人可以帮我解决这种格式错误的数据包并获得通知错误。
仅供参考:我已经尝试了所有打开,更新和保持活动的数据包。格式错误的开放数据包:
1 个答案:
答案 0 :(得分:0)
以下更新的答案
Wireshark中显示的BGP数据包具有标记字段(16 x ff),后跟长度16(00 10)。
因此,这确实是您要测试的方案:测试器BGP扬声器发送了长度不正确的BGP数据包,并且被测远程BGP扬声器应通过发送回带有错误代码“ Message Header”的NOTIFICATION数据包进行响应错误”和错误子代码“错误的消息长度”。
Wireshark显示了从测试BGP说话者发送到被测BGP说话者的格式错误的BGP数据包。 Wireshark抱怨它是格式错误的BGP数据包是正确的:它是格式错误的,因为长度无效。显然,Wireshark是不是很具体什么它不喜欢有关数据包。
您应该反向查看TCP流(源10.0.0.2目标10.0.0.1),并寻找被测试BGP发言人发回的BGP NOTIFICATION数据包。
更新的答案从这里开始
根据错误消息([Error] bgp_read_packet error: Connection reset),您似乎正在测试“自由范围路由”或其前身Quagga或Zebra之一。
我转载了您正在测试的场景。
我正在使用以下配置运行自由范围路由(FRR)BGP扬声器:
Current configuration:
!
frr version 7.1-dev-MyOwnFRRVersion
frr defaults traditional
hostname ip-172-31-31-121
log file /var/log/frr/debug.log
log syslog
service integrated-vtysh-config
!
debug bgp neighbor-events
!
router bgp 100
neighbor X.X.X.X remote-as 200
!
line vty
!
end
我使用以下Python测试程序发送带有“太短”标头的消息:
#!/usr/bin/env python3
import socket
BGP_IP = 'Y.Y.Y.Y'
SHORT_MSG = (b'\xff\xff\xff\xff\xff\xff\xff\xff' # First 8 bytes of marker
b'\xff\xff\xff\xff\xff\xff\xff\xff' # Last 8 bytes of marker
b'\x00\x10' # Length 16
b'\x01') # Open
def main():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print("Socket created")
sock.connect((BGP_IP, 179))
print("Socket connected")
sock.send(SHORT_MSG)
print("Short message sent")
while True:
data = sock.recv(1)
if data == b'':
print("Connection closed or reset")
break
print("Received:", data)
if __name__ == "__main__":
main()
将X.X.X.X替换为测试仪的IP地址,并将Y.Y.Y.Y替换为被测试BGP扬声器的IP地址。
在这种情况下,被测试的BGP扬声器确实确实发送了正确的NOTIFICATION消息。
这是FRR日志报告的内容:
2019/02/09 21:49:05 BGP: 172.31.17.121 [FSM] Timer (connect timer expire)
2019/02/09 21:49:05 BGP: 172.31.17.121 [FSM] ConnectRetry_timer_expired (Active->Connect), fd -1
2019/02/09 21:49:05 BGP: 172.31.17.121 [Event] Connect start to 172.31.17.121 fd 26
2019/02/09 21:49:05 BGP: 172.31.17.121 [FSM] Non blocking connect waiting result, fd 26
2019/02/09 21:49:05 BGP: bgp_fsm_change_status : vrf 0, established_peers 0
2019/02/09 21:49:05 BGP: 172.31.17.121 went from Active to Connect
2019/02/09 21:49:05 BGP: 172.31.17.121 [Event] Connect failed 111(Connection refused)
2019/02/09 21:49:05 BGP: 172.31.17.121 [FSM] TCP_connection_open_failed (Connect->Active), fd 26
2019/02/09 21:49:05 BGP: bgp_fsm_change_status : vrf 0, established_peers 0
2019/02/09 21:49:05 BGP: 172.31.17.121 went from Connect to Active
2019/02/09 21:49:08 BGP: [Event] BGP connection from host 172.31.17.121 fd 26
2019/02/09 21:49:08 BGP: bgp_fsm_change_status : vrf 0, established_peers 0
2019/02/09 21:49:08 BGP: 172.31.17.121 went from Idle to Active
2019/02/09 21:49:08 BGP: 172.31.17.121 [FSM] TCP_connection_open (Active->OpenSent), fd 26
2019/02/09 21:49:08 BGP: 172.31.17.121 passive open
2019/02/09 21:49:08 BGP: 172.31.17.121 Sending hostname cap with hn = ip-172-31-31-121, dn = (null)
2019/02/09 21:49:08 BGP: 172.31.17.121 sending OPEN, version 4, my as 100, holdtime 180, id 172.31.31.121
2019/02/09 21:49:08 BGP: bgp_fsm_change_status : vrf 0, established_peers 0
2019/02/09 21:49:08 BGP: 172.31.17.121 went from Active to OpenSent
2019/02/09 21:49:08 BGP: 172.31.17.121 bad message length - 16 for OPEN
2019/02/09 21:49:08 BGP: %NOTIFICATION: sent to neighbor 172.31.17.121 1/2 (Message Header Error/Bad Message Length) 2 bytes 00 10
2019/02/09 21:49:08 BGP: 172.31.17.121 [FSM] BGP_Stop (OpenSent->Idle), fd 26
2019/02/09 21:49:08 BGP: bgp_fsm_change_status : vrf 0, established_peers 0
2019/02/09 21:49:08 BGP: 172.31.17.121 went from OpenSent to Deleted
请注意“错误消息长度”消息。
这是测试程序报告的内容:
Socket created
Socket connected
Short message sent
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\xff'
Received: b'\x00'
Received: b'\x17'
Received: b'\x03'
Received: b'\x01'
Received: b'\x02'
Received: b'\x00'
Received: b'\x10'
Connection closed or reset
请注意,这是正确的错误消息长度通知。
这是Wireshark解码的错误消息:
这是通知的Wireshark解码:
如果没有试图读取通知消息的测试程序终止,则被测BGP扬声器将无法发送所述通知消息在电线上。这是因为它将在发送通知之前接收TCP RST消息。这很可能是您在电线上看不到通知的原因。
事实上,我能够通过修改的测试程序来重现此假设如下:
#!/usr/bin/env python3
import socket
import struct
BGP_IP = '172.31.31.121'
SHORT_MSG = (b'\xff\xff\xff\xff\xff\xff\xff\xff' # First 8 bytes of marker
b'\xff\xff\xff\xff\xff\xff\xff\xff' # Last 8 bytes of marker
b'\x00\x10' # Length 16
b'\x01') # Open
def main():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print("Socket created")
sock.connect((BGP_IP, 179))
print("Socket connected")
sock.send(SHORT_MSG)
# Trick TCP into sending a RST when the socket is closed
on_off = 1
linger = 0
sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', on_off, linger))
print("Socket linger time set to 0")
# Close the socket
sock.close()
print("Socket closed")
# Terminate without reading the response NOTIFICATION
if __name__ == "__main__":
main()
使用此测试程序,Wireshark跟踪中缺少该通知(正是您所报告的那样):
请注意,我必须跳过一些箍(特别是将延迟时间设置为零),以强制测试程序发送RST而不是FIN ACK。 (有关详细信息,请参见Sending a reset in TCP/IP Socket connection。)
如果测试程序发送FIN ACK而不是RST(如果您正常关闭套接字,或者甚至在不关闭套接字的情况下正常终止,则发生这种情况),则被测BGP扬声器将在收到后发送通知。 FIN ACK,但在发送自己的FIN ACK之前。
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?