diff options
| author | Gordon Tetlow <gordon@FreeBSD.org> | 2017-09-18 04:10:54 +0000 |
|---|---|---|
| committer | Gordon Tetlow <gordon@FreeBSD.org> | 2017-09-18 04:10:54 +0000 |
| commit | 4533b6d8a9b95fc043b72b3656b98e79ac839041 (patch) | |
| tree | 4ac156eafa4323886af859c09363dff43cc44106 /print-bgp.c | |
| parent | d79b843cb78484ea27f877f1541055e1a6a5a4d3 (diff) | |
| download | src-4533b6d8a9b95fc043b72b3656b98e79ac839041.tar.gz src-4533b6d8a9b95fc043b72b3656b98e79ac839041.zip | |
Vendor import of tcpdump 4.9.2.vendor/tcpdump/4.9.2
Approved by: emaste (mentor)
Notes
Notes:
svn path=/vendor/tcpdump/dist/; revision=323696
svn path=/vendor/tcpdump/4.9.2/; revision=323697; tag=vendor/tcpdump/4.9.2
Diffstat (limited to 'print-bgp.c')
| -rw-r--r-- | print-bgp.c | 55 |
1 files changed, 40 insertions, 15 deletions
diff --git a/print-bgp.c b/print-bgp.c index 79afeab4c759..c82f1cc7df10 100644 --- a/print-bgp.c +++ b/print-bgp.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * Extensively modified by Hannes Gredler (hannes@juniper.net) for more + * Extensively modified by Hannes Gredler (hannes@gredler.at) for more * complete BGP support. */ @@ -756,11 +756,18 @@ decode_rt_routing_info(netdissect_options *ndo, { uint8_t route_target[8]; u_int plen; + char asbuf[sizeof(astostr)]; /* bgp_vpn_rd_print() overwrites astostr */ + /* NLRI "prefix length" from RFC 2858 Section 4. */ ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ + /* NLRI "prefix" (ibid), valid lengths are { 0, 32, 33, ..., 96 } bits. + * RFC 4684 Section 4 defines the layout of "origin AS" and "route + * target" fields inside the "prefix" depending on its length. + */ if (0 == plen) { + /* Without "origin AS", without "route target". */ snprintf(buf, buflen, "default route target"); return 1; } @@ -768,20 +775,29 @@ decode_rt_routing_info(netdissect_options *ndo, if (32 > plen) return -1; + /* With at least "origin AS", possibly with "route target". */ + ND_TCHECK_32BITS(pptr + 1); + as_printf(ndo, asbuf, sizeof(asbuf), EXTRACT_32BITS(pptr + 1)); + plen-=32; /* adjust prefix length */ if (64 < plen) return -1; + /* From now on (plen + 7) / 8 evaluates to { 0, 1, 2, ..., 8 } + * and gives the number of octets in the variable-length "route + * target" field inside this NLRI "prefix". Look for it. + */ memset(&route_target, 0, sizeof(route_target)); - ND_TCHECK2(pptr[1], (plen + 7) / 8); - memcpy(&route_target, &pptr[1], (plen + 7) / 8); + ND_TCHECK2(pptr[5], (plen + 7) / 8); + memcpy(&route_target, &pptr[5], (plen + 7) / 8); + /* Which specification says to do this? */ if (plen % 8) { ((u_char *)&route_target)[(plen + 7) / 8 - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "origin AS: %s, route target %s", - as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr+1)), + asbuf, bgp_vpn_rd_print(ndo, (u_char *)&route_target)); return 5 + (plen + 7) / 8; @@ -895,6 +911,7 @@ static const struct tok bgp_multicast_vpn_route_type_values[] = { { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_ACTIVE, "Source-Active"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN, "Shared Tree Join"}, { BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN, "Source Tree Join"}, + { 0, NULL} }; static int @@ -959,13 +976,13 @@ decode_multicast_vpn(netdissect_options *ndo, case BGP_MULTICAST_VPN_ROUTE_TYPE_SHARED_TREE_JOIN: /* fall through */ case BGP_MULTICAST_VPN_ROUTE_TYPE_SOURCE_TREE_JOIN: - ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN); + ND_TCHECK2(pptr[0], BGP_VPN_RD_LEN + 4); offset = strlen(buf); snprintf(buf + offset, buflen - offset, ", RD: %s, Source-AS %s", bgp_vpn_rd_print(ndo, pptr), as_printf(ndo, astostr, sizeof(astostr), EXTRACT_32BITS(pptr + BGP_VPN_RD_LEN))); - pptr += BGP_VPN_RD_LEN; + pptr += BGP_VPN_RD_LEN + 4; bgp_vpn_sg_print(ndo, pptr, buf, buflen); break; @@ -1400,6 +1417,7 @@ bgp_attr_print(netdissect_options *ndo, ND_TCHECK(tptr[0]); ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values, "?", tptr[0]))); + ND_TCHECK(tptr[1]); for (i = 0; i < tptr[1] * as_size; i += as_size) { ND_TCHECK2(tptr[2 + i], as_size); ND_PRINT((ndo, "%s ", @@ -1719,7 +1737,7 @@ bgp_attr_print(netdissect_options *ndo, ND_PRINT((ndo, ", no SNPA")); } - while (len - (tptr - pptr) > 0) { + while (tptr < pptr + len) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): @@ -1887,7 +1905,7 @@ bgp_attr_print(netdissect_options *ndo, tptr += 3; - while (len - (tptr - pptr) > 0) { + while (tptr < pptr + len) { switch (af<<8 | safi) { case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): @@ -2116,11 +2134,11 @@ bgp_attr_print(netdissect_options *ndo, { uint8_t tunnel_type, flags; + ND_TCHECK2(tptr[0], 5); tunnel_type = *(tptr+1); flags = *tptr; tlen = len; - ND_TCHECK2(tptr[0], 5); ND_PRINT((ndo, "\n\t Tunnel-type %s (%u), Flags [%s], MPLS Label %u", tok2str(bgp_pmsi_tunnel_values, "Unknown", tunnel_type), tunnel_type, @@ -2175,35 +2193,42 @@ bgp_attr_print(netdissect_options *ndo, uint8_t type; uint16_t length; - ND_TCHECK2(tptr[0], 3); - tlen = len; while (tlen >= 3) { + ND_TCHECK2(tptr[0], 3); + type = *tptr; length = EXTRACT_16BITS(tptr+1); + tptr += 3; + tlen -= 3; ND_PRINT((ndo, "\n\t %s TLV (%u), length %u", tok2str(bgp_aigp_values, "Unknown", type), type, length)); + if (length < 3) + goto trunc; + length -= 3; + /* * Check if we can read the TLV data. */ - ND_TCHECK2(tptr[3], length - 3); + ND_TCHECK2(tptr[3], length); switch (type) { case BGP_AIGP_TLV: - ND_TCHECK2(tptr[3], 8); + if (length < 8) + goto trunc; ND_PRINT((ndo, ", metric %" PRIu64, - EXTRACT_64BITS(tptr+3))); + EXTRACT_64BITS(tptr))); break; default: if (ndo->ndo_vflag <= 1) { - print_unknown_data(ndo, tptr+3,"\n\t ", length-3); + print_unknown_data(ndo, tptr,"\n\t ", length); } } |