diff options
author | delphij <delphij@FreeBSD.org> | 2012-10-05 20:19:28 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2012-10-05 20:19:28 +0000 |
commit | dca5e2df844aab1432db6569445dc152e22cb279 (patch) | |
tree | 9869d83ad1eec4a1fa6e21d5865136e11aa5f9c0 /contrib/tcpdump/print-bgp.c | |
parent | a130b811b9a9a99ca8b02c74857b7fa5be4a6e2a (diff) | |
parent | 69fe8a0033b22318969c85b57837b48863946665 (diff) | |
download | FreeBSD-src-dca5e2df844aab1432db6569445dc152e22cb279.zip FreeBSD-src-dca5e2df844aab1432db6569445dc152e22cb279.tar.gz |
MFV: tcpdump 4.3.0.
MFC after: 4 weeks
Diffstat (limited to 'contrib/tcpdump/print-bgp.c')
-rw-r--r-- | contrib/tcpdump/print-bgp.c | 513 |
1 files changed, 317 insertions, 196 deletions
diff --git a/contrib/tcpdump/print-bgp.c b/contrib/tcpdump/print-bgp.c index 6460a59..c1e382f 100644 --- a/contrib/tcpdump/print-bgp.c +++ b/contrib/tcpdump/print-bgp.c @@ -93,8 +93,7 @@ struct bgp_opt { /* variable length */ }; #define BGP_OPT_SIZE 2 /* some compilers may pad to 4 bytes */ - -#define BGP_UPDATE_MINSIZE 23 +#define BGP_CAP_HEADER_SIZE 2 /* some compilers may pad to 4 bytes */ struct bgp_notification { u_int8_t bgpn_marker[16]; @@ -115,19 +114,10 @@ struct bgp_route_refresh { }; /* EXTRACT_16BITS(&bgp_route_refresh->afi) (sigh) */ #define BGP_ROUTE_REFRESH_SIZE 23 -struct bgp_attr { - u_int8_t bgpa_flags; - u_int8_t bgpa_type; - union { - u_int8_t len; - u_int16_t elen; - } bgpa_len; -#define bgp_attr_len(p) \ - (((p)->bgpa_flags & 0x10) ? \ - EXTRACT_16BITS(&(p)->bgpa_len.elen) : (p)->bgpa_len.len) -#define bgp_attr_off(p) \ - (((p)->bgpa_flags & 0x10) ? 4 : 3) -}; +#define bgp_attr_lenlen(flags, p) \ + (((flags) & 0x10) ? 2 : 1) +#define bgp_attr_len(flags, p) \ + (((flags) & 0x10) ? EXTRACT_16BITS(p) : *(p)) #define BGPTYPE_ORIGIN 1 #define BGPTYPE_AS_PATH 2 @@ -493,38 +483,49 @@ as_printf (char *str, int size, u_int asnum) return str; } +#define ITEMCHECK(minlen) if (itemlen < minlen) goto badtlv; + int -decode_prefix4(const u_char *pptr, char *buf, u_int buflen) +decode_prefix4(const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in_addr addr; - u_int plen; + u_int plen, plenbytes; TCHECK(pptr[0]); + ITEMCHECK(1); plen = pptr[0]; if (32 < plen) return -1; + itemlen -= 1; memset(&addr, 0, sizeof(addr)); - TCHECK2(pptr[1], (plen + 7) / 8); - memcpy(&addr, &pptr[1], (plen + 7) / 8); + plenbytes = (plen + 7) / 8; + TCHECK2(pptr[1], plenbytes); + ITEMCHECK(plenbytes); + memcpy(&addr, &pptr[1], plenbytes); if (plen % 8) { - ((u_char *)&addr)[(plen + 7) / 8 - 1] &= + ((u_char *)&addr)[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", getname((u_char *)&addr), plen); - return 1 + (plen + 7) / 8; + return 1 + plenbytes; trunc: return -2; + +badtlv: + return -3; } static int -decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen) +decode_labeled_prefix4(const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in_addr addr; - u_int plen; + u_int plen, plenbytes; - TCHECK(pptr[0]); + /* prefix length and label = 4 bytes */ + TCHECK2(pptr[0], 4); + ITEMCHECK(4); plen = pptr[0]; /* get prefix length */ /* this is one of the weirdnesses of rfc3107 @@ -542,12 +543,15 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen) if (32 < plen) return -1; + itemlen -= 4; memset(&addr, 0, sizeof(addr)); - TCHECK2(pptr[4], (plen + 7) / 8); - memcpy(&addr, &pptr[4], (plen + 7) / 8); + plenbytes = (plen + 7) / 8; + TCHECK2(pptr[4], plenbytes); + ITEMCHECK(plenbytes); + memcpy(&addr, &pptr[4], plenbytes); if (plen % 8) { - ((u_char *)&addr)[(plen + 7) / 8 - 1] &= + ((u_char *)&addr)[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ @@ -557,10 +561,13 @@ decode_labeled_prefix4(const u_char *pptr, char *buf, u_int buflen) EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); - return 4 + (plen + 7) / 8; + return 4 + plenbytes; trunc: return -2; + +badtlv: + return -3; } /* @@ -1041,37 +1048,46 @@ trunc: #ifdef INET6 int -decode_prefix6(const u_char *pd, char *buf, u_int buflen) +decode_prefix6(const u_char *pd, u_int itemlen, char *buf, u_int buflen) { struct in6_addr addr; - u_int plen; + u_int plen, plenbytes; TCHECK(pd[0]); + ITEMCHECK(1); plen = pd[0]; if (128 < plen) return -1; + itemlen -= 1; memset(&addr, 0, sizeof(addr)); - TCHECK2(pd[1], (plen + 7) / 8); - memcpy(&addr, &pd[1], (plen + 7) / 8); + plenbytes = (plen + 7) / 8; + TCHECK2(pd[1], plenbytes); + ITEMCHECK(plenbytes); + memcpy(&addr, &pd[1], plenbytes); if (plen % 8) { - addr.s6_addr[(plen + 7) / 8 - 1] &= + addr.s6_addr[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } snprintf(buf, buflen, "%s/%d", getname6((u_char *)&addr), plen); - return 1 + (plen + 7) / 8; + return 1 + plenbytes; trunc: return -2; + +badtlv: + return -3; } static int -decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen) +decode_labeled_prefix6(const u_char *pptr, u_int itemlen, char *buf, u_int buflen) { struct in6_addr addr; - u_int plen; + u_int plen, plenbytes; - TCHECK(pptr[0]); + /* prefix length and label = 4 bytes */ + TCHECK2(pptr[0], 4); + ITEMCHECK(4); plen = pptr[0]; /* get prefix length */ if (24 > plen) @@ -1081,12 +1097,14 @@ decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen) if (128 < plen) return -1; + itemlen -= 4; memset(&addr, 0, sizeof(addr)); - TCHECK2(pptr[4], (plen + 7) / 8); - memcpy(&addr, &pptr[4], (plen + 7) / 8); + plenbytes = (plen + 7) / 8; + TCHECK2(pptr[4], plenbytes); + memcpy(&addr, &pptr[4], plenbytes); if (plen % 8) { - addr.s6_addr[(plen + 7) / 8 - 1] &= + addr.s6_addr[plenbytes - 1] &= ((0xff00 >> (plen % 8)) & 0xff); } /* the label may get offsetted by 4 bits so lets shift it right */ @@ -1096,10 +1114,13 @@ decode_labeled_prefix6(const u_char *pptr, char *buf, u_int buflen) EXTRACT_24BITS(pptr+1)>>4, ((pptr[3]&1)==0) ? "(BOGUS: Bottom of Stack NOT set!)" : "(bottom)" ); - return 4 + (plen + 7) / 8; + return 4 + plenbytes; trunc: return -2; + +badtlv: + return -3; } static int @@ -1266,7 +1287,7 @@ trunc: } static int -bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) +bgp_attr_print(u_int atype, const u_char *pptr, u_int len) { int i; u_int16_t af; @@ -1276,7 +1297,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) u_int32_t i; } bw; int advance; - int tlen; + u_int tlen; const u_char *tptr; char buf[MAXHOSTNAMELEN + 100]; char tokbuf[TOKBUFSIZE]; @@ -1285,7 +1306,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) tptr = pptr; tlen=len; - switch (attr->bgpa_type) { + switch (atype) { case BGPTYPE_ORIGIN: if (len != 1) printf("invalid len"); @@ -1321,7 +1342,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) * 2 bytes first, and it does not pass, assume that ASs are * encoded in 4 bytes format and move on. */ - as_size = bgp_attr_get_as_size(attr->bgpa_type, pptr, len); + as_size = bgp_attr_get_as_size(atype, pptr, len); while (tptr < pptr + len) { TCHECK(tptr[0]); @@ -1657,20 +1678,24 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): - advance = decode_prefix4(tptr, buf, sizeof(buf)); + advance = decode_prefix4(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): - advance = decode_labeled_prefix4(tptr, buf, sizeof(buf)); + advance = decode_labeled_prefix4(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; @@ -1718,20 +1743,24 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): - advance = decode_prefix6(tptr, buf, sizeof(buf)); + advance = decode_prefix6(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): - advance = decode_labeled_prefix6(tptr, buf, sizeof(buf)); + advance = decode_labeled_prefix6(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; @@ -1821,20 +1850,24 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) case (AFNUM_INET<<8 | SAFNUM_UNICAST): case (AFNUM_INET<<8 | SAFNUM_MULTICAST): case (AFNUM_INET<<8 | SAFNUM_UNIMULTICAST): - advance = decode_prefix4(tptr, buf, sizeof(buf)); + advance = decode_prefix4(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; case (AFNUM_INET<<8 | SAFNUM_LABUNICAST): - advance = decode_labeled_prefix4(tptr, buf, sizeof(buf)); + advance = decode_labeled_prefix4(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; @@ -1853,20 +1886,24 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) case (AFNUM_INET6<<8 | SAFNUM_UNICAST): case (AFNUM_INET6<<8 | SAFNUM_MULTICAST): case (AFNUM_INET6<<8 | SAFNUM_UNIMULTICAST): - advance = decode_prefix6(tptr, buf, sizeof(buf)); + advance = decode_prefix6(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; case (AFNUM_INET6<<8 | SAFNUM_LABUNICAST): - advance = decode_labeled_prefix6(tptr, buf, sizeof(buf)); + advance = decode_labeled_prefix6(tptr, len, buf, sizeof(buf)); if (advance == -1) printf("\n\t (illegal prefix length)"); else if (advance == -2) goto trunc; + else if (advance == -3) + break; /* bytes left, but not enough */ else printf("\n\t %s", buf); break; @@ -2097,40 +2134,50 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) } case BGPTYPE_ATTR_SET: TCHECK2(tptr[0], 4); + if (len < 4) + goto trunc; printf("\n\t Origin AS: %s", as_printf(astostr, sizeof(astostr), EXTRACT_32BITS(tptr))); tptr+=4; len -=4; - while (len >= 2 ) { - int alen; - struct bgp_attr bgpa; + while (len) { + u_int aflags, atype, alenlen, alen; - TCHECK2(tptr[0], sizeof(bgpa)); - memcpy(&bgpa, tptr, sizeof(bgpa)); - alen = bgp_attr_len(&bgpa); - tptr += bgp_attr_off(&bgpa); - len -= bgp_attr_off(&bgpa); + TCHECK2(tptr[0], 2); + if (len < 2) + goto trunc; + aflags = *tptr; + atype = *(tptr + 1); + tptr += 2; + len -= 2; + alenlen = bgp_attr_lenlen(aflags, tptr); + TCHECK2(tptr[0], alenlen); + if (len < alenlen) + goto trunc; + alen = bgp_attr_len(aflags, tptr); + tptr += alenlen; + len -= alenlen; printf("\n\t %s (%u), length: %u", tok2strbuf(bgp_attr_values, - "Unknown Attribute", bgpa.bgpa_type, - tokbuf, sizeof(tokbuf)), - bgpa.bgpa_type, + "Unknown Attribute", atype, + tokbuf, sizeof(tokbuf)), + atype, alen); - if (bgpa.bgpa_flags) { + if (aflags) { printf(", Flags [%s%s%s%s", - bgpa.bgpa_flags & 0x80 ? "O" : "", - bgpa.bgpa_flags & 0x40 ? "T" : "", - bgpa.bgpa_flags & 0x20 ? "P" : "", - bgpa.bgpa_flags & 0x10 ? "E" : ""); - if (bgpa.bgpa_flags & 0xf) - printf("+%x", bgpa.bgpa_flags & 0xf); + aflags & 0x80 ? "O" : "", + aflags & 0x40 ? "T" : "", + aflags & 0x20 ? "P" : "", + aflags & 0x10 ? "E" : ""); + if (aflags & 0xf) + printf("+%x", aflags & 0xf); printf("]: "); } /* FIXME check for recursion */ - if (!bgp_attr_print(&bgpa, tptr, alen)) + if (!bgp_attr_print(atype, tptr, alen)) return 0; tptr += alen; len -= alen; @@ -2140,7 +2187,7 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) default: TCHECK2(*pptr,len); - printf("\n\t no Attribute %u decoder",attr->bgpa_type); /* we have no decoder for the attribute */ + printf("\n\t no Attribute %u decoder",atype); /* we have no decoder for the attribute */ if (vflag <= 1) print_unknown_data(pptr,"\n\t ",len); break; @@ -2156,14 +2203,97 @@ trunc: } static void +bgp_capabilities_print(const u_char *opt, int caps_len) +{ + char tokbuf[TOKBUFSIZE]; + char tokbuf2[TOKBUFSIZE]; + int cap_type, cap_len, tcap_len, cap_offset; + int i = 0; + + while (i < caps_len) { + TCHECK2(opt[i], BGP_CAP_HEADER_SIZE); + cap_type=opt[i]; + cap_len=opt[i+1]; + tcap_len=cap_len; + printf("\n\t %s (%u), length: %u", + tok2strbuf(bgp_capcode_values, "Unknown", + cap_type, tokbuf, sizeof(tokbuf)), + cap_type, + cap_len); + TCHECK2(opt[i+2], cap_len); + switch (cap_type) { + case BGP_CAPCODE_MP: + printf("\n\t\tAFI %s (%u), SAFI %s (%u)", + tok2strbuf(af_values, "Unknown", + EXTRACT_16BITS(opt+i+2), + tokbuf, sizeof(tokbuf)), + EXTRACT_16BITS(opt+i+2), + tok2strbuf(bgp_safi_values, "Unknown", + opt[i+5], + tokbuf, sizeof(tokbuf)), + opt[i+5]); + break; + case BGP_CAPCODE_RESTART: + printf("\n\t\tRestart Flags: [%s], Restart Time %us", + ((opt[i+2])&0x80) ? "R" : "none", + EXTRACT_16BITS(opt+i+2)&0xfff); + tcap_len-=2; + cap_offset=4; + while(tcap_len>=4) { + printf("\n\t\t AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s", + tok2strbuf(af_values,"Unknown", + EXTRACT_16BITS(opt+i+cap_offset), + tokbuf, sizeof(tokbuf)), + EXTRACT_16BITS(opt+i+cap_offset), + tok2strbuf(bgp_safi_values,"Unknown", + opt[i+cap_offset+2], + tokbuf2, sizeof(tokbuf2)), + opt[i+cap_offset+2], + ((opt[i+cap_offset+3])&0x80) ? "yes" : "no" ); + tcap_len-=4; + cap_offset+=4; + } + break; + case BGP_CAPCODE_RR: + case BGP_CAPCODE_RR_CISCO: + break; + case BGP_CAPCODE_AS_NEW: + + /* + * Extract the 4 byte AS number encoded. + */ + if (cap_len == 4) { + printf("\n\t\t 4 Byte AS %s", + as_printf(astostr, sizeof(astostr), + EXTRACT_32BITS(opt + i + 2))); + } + break; + default: + printf("\n\t\tno decoder for Capability %u", + cap_type); + if (vflag <= 1) + print_unknown_data(&opt[i+2],"\n\t\t",cap_len); + break; + } + if (vflag > 1 && cap_len > 0) { + print_unknown_data(&opt[i+2],"\n\t\t",cap_len); + } + i += BGP_CAP_HEADER_SIZE + cap_len; + } + return; + +trunc: + printf("[|BGP]"); +} + +static void bgp_open_print(const u_char *dat, int length) { struct bgp_open bgpo; struct bgp_opt bgpopt; const u_char *opt; - int i,cap_type,cap_len,tcap_len,cap_offset; + int i; char tokbuf[TOKBUFSIZE]; - char tokbuf2[TOKBUFSIZE]; TCHECK2(dat[0], BGP_OPEN_SIZE); memcpy(&bgpo, dat, BGP_OPEN_SIZE); @@ -2188,96 +2318,31 @@ bgp_open_print(const u_char *dat, int length) TCHECK2(opt[i], BGP_OPT_SIZE); memcpy(&bgpopt, &opt[i], BGP_OPT_SIZE); if (i + 2 + bgpopt.bgpopt_len > bgpo.bgpo_optlen) { - printf("\n\t Option %d, length: %u", bgpopt.bgpopt_type, bgpopt.bgpopt_len); + printf("\n\t Option %d, length: %u", bgpopt.bgpopt_type, bgpopt.bgpopt_len); break; } printf("\n\t Option %s (%u), length: %u", - tok2strbuf(bgp_opt_values,"Unknown", + tok2strbuf(bgp_opt_values,"Unknown", bgpopt.bgpopt_type, tokbuf, sizeof(tokbuf)), - bgpopt.bgpopt_type, - bgpopt.bgpopt_len); - - /* now lets decode the options we know*/ - switch(bgpopt.bgpopt_type) { - case BGP_OPT_CAP: - cap_type=opt[i+BGP_OPT_SIZE]; - cap_len=opt[i+BGP_OPT_SIZE+1]; - tcap_len=cap_len; - printf("\n\t %s (%u), length: %u", - tok2strbuf(bgp_capcode_values, "Unknown", - cap_type, tokbuf, sizeof(tokbuf)), - cap_type, - cap_len); - switch(cap_type) { - case BGP_CAPCODE_MP: - printf("\n\t\tAFI %s (%u), SAFI %s (%u)", - tok2strbuf(af_values, "Unknown", - EXTRACT_16BITS(opt+i+BGP_OPT_SIZE+2), - tokbuf, sizeof(tokbuf)), - EXTRACT_16BITS(opt+i+BGP_OPT_SIZE+2), - tok2strbuf(bgp_safi_values, "Unknown", - opt[i+BGP_OPT_SIZE+5], - tokbuf, sizeof(tokbuf)), - opt[i+BGP_OPT_SIZE+5]); - break; - case BGP_CAPCODE_RESTART: - printf("\n\t\tRestart Flags: [%s], Restart Time %us", - ((opt[i+BGP_OPT_SIZE+2])&0x80) ? "R" : "none", - EXTRACT_16BITS(opt+i+BGP_OPT_SIZE+2)&0xfff); - tcap_len-=2; - cap_offset=4; - while(tcap_len>=4) { - printf("\n\t\t AFI %s (%u), SAFI %s (%u), Forwarding state preserved: %s", - tok2strbuf(af_values,"Unknown", - EXTRACT_16BITS(opt+i+BGP_OPT_SIZE+cap_offset), - tokbuf, sizeof(tokbuf)), - EXTRACT_16BITS(opt+i+BGP_OPT_SIZE+cap_offset), - tok2strbuf(bgp_safi_values,"Unknown", - opt[i+BGP_OPT_SIZE+cap_offset+2], - tokbuf2, sizeof(tokbuf2)), - opt[i+BGP_OPT_SIZE+cap_offset+2], - ((opt[i+BGP_OPT_SIZE+cap_offset+3])&0x80) ? "yes" : "no" ); - tcap_len-=4; - cap_offset+=4; - } - break; - case BGP_CAPCODE_RR: - case BGP_CAPCODE_RR_CISCO: - break; - case BGP_CAPCODE_AS_NEW: - - /* - * Extract the 4 byte AS number encoded. - */ - TCHECK2(opt[i + BGP_OPT_SIZE + 2], cap_len); - if (cap_len == 4) { - printf("\n\t\t 4 Byte AS %s", - as_printf(astostr, sizeof(astostr), - EXTRACT_32BITS(opt + i + BGP_OPT_SIZE + 2))); - } - break; - default: - TCHECK2(opt[i+BGP_OPT_SIZE+2],cap_len); - printf("\n\t\tno decoder for Capability %u", - cap_type); - if (vflag <= 1) - print_unknown_data(&opt[i+BGP_OPT_SIZE+2],"\n\t\t",cap_len); - break; - } - if (vflag > 1) { - TCHECK2(opt[i+BGP_OPT_SIZE+2],cap_len); - print_unknown_data(&opt[i+BGP_OPT_SIZE+2],"\n\t\t",cap_len); - } - break; - case BGP_OPT_AUTH: - default: - printf("\n\t no decoder for option %u", - bgpopt.bgpopt_type); - break; - } + bgpopt.bgpopt_type, + bgpopt.bgpopt_len); + + /* now let's decode the options we know*/ + switch(bgpopt.bgpopt_type) { + case BGP_OPT_CAP: + bgp_capabilities_print(&opt[i+BGP_OPT_SIZE], + bgpopt.bgpopt_len); + break; + + case BGP_OPT_AUTH: + default: + printf("\n\t no decoder for option %u", + bgpopt.bgpopt_type); + break; + } i += BGP_OPT_SIZE + bgpopt.bgpopt_len; } return; @@ -2289,107 +2354,163 @@ static void bgp_update_print(const u_char *dat, int length) { struct bgp bgp; - struct bgp_attr bgpa; const u_char *p; + int withdrawn_routes_len; int len; int i; char tokbuf[TOKBUFSIZE]; +#ifndef INET6 + char buf[MAXHOSTNAMELEN + 100]; + int wpfx; +#endif TCHECK2(dat[0], BGP_SIZE); + if (length < BGP_SIZE) + goto trunc; memcpy(&bgp, dat, BGP_SIZE); p = dat + BGP_SIZE; /*XXX*/ + length -= BGP_SIZE; /* Unfeasible routes */ - len = EXTRACT_16BITS(p); - if (len) { + TCHECK2(p[0], 2); + if (length < 2) + goto trunc; + withdrawn_routes_len = EXTRACT_16BITS(p); + p += 2; + length -= 2; + if (withdrawn_routes_len) { /* * Without keeping state from the original NLRI message, * it's not possible to tell if this a v4 or v6 route, * so only try to decode it if we're not v6 enabled. */ + TCHECK2(p[0], withdrawn_routes_len); + if (length < withdrawn_routes_len) + goto trunc; #ifdef INET6 - printf("\n\t Withdrawn routes: %d bytes", len); + printf("\n\t Withdrawn routes: %d bytes", withdrawn_routes_len); + p += withdrawn_routes_len; + length -= withdrawn_routes_len; #else - char buf[MAXHOSTNAMELEN + 100]; - int wpfx; + if (withdrawn_routes_len < 2) + goto trunc; + length -= 2; + withdrawn_routes_len -= 2; - TCHECK2(p[2], len); - i = 2; printf("\n\t Withdrawn routes:"); - while(i < 2 + len) { - wpfx = decode_prefix4(&p[i], buf, sizeof(buf)); + while(withdrawn_routes_len > 0) { + wpfx = decode_prefix4(p, withdrawn_routes_len, buf, sizeof(buf)); if (wpfx == -1) { printf("\n\t (illegal prefix length)"); break; } else if (wpfx == -2) goto trunc; + else if (wpfx == -3) + goto trunc; /* bytes left, but not enough */ else { - i += wpfx; printf("\n\t %s", buf); + p += wpfx; + length -= wpfx; + withdrawn_routes_len -= wpfx; } } #endif } - p += 2 + len; TCHECK2(p[0], 2); + if (length < 2) + goto trunc; len = EXTRACT_16BITS(p); + p += 2; + length -= 2; - if (len == 0 && length == BGP_UPDATE_MINSIZE) { + if (withdrawn_routes_len == 0 && len == 0 && length == 0) { + /* No withdrawn routes, no path attributes, no NLRI */ printf("\n\t End-of-Rib Marker (empty NLRI)"); return; } if (len) { /* do something more useful!*/ - i = 2; - while (i < 2 + len) { - int alen, aoff; - - TCHECK2(p[i], sizeof(bgpa)); - memcpy(&bgpa, &p[i], sizeof(bgpa)); - alen = bgp_attr_len(&bgpa); - aoff = bgp_attr_off(&bgpa); - - printf("\n\t %s (%u), length: %u", + while (len) { + int aflags, atype, alenlen, alen; + + TCHECK2(p[0], 2); + if (len < 2) + goto trunc; + if (length < 2) + goto trunc; + aflags = *p; + atype = *(p + 1); + p += 2; + len -= 2; + length -= 2; + alenlen = bgp_attr_lenlen(aflags, p); + TCHECK2(p[0], alenlen); + if (len < alenlen) + goto trunc; + if (length < alenlen) + goto trunc; + alen = bgp_attr_len(aflags, p); + p += alenlen; + len -= alenlen; + length -= alenlen; + + printf("\n\t %s (%u), length: %u", tok2strbuf(bgp_attr_values, "Unknown Attribute", - bgpa.bgpa_type, + atype, tokbuf, sizeof(tokbuf)), - bgpa.bgpa_type, + atype, alen); - if (bgpa.bgpa_flags) { + if (aflags) { printf(", Flags [%s%s%s%s", - bgpa.bgpa_flags & 0x80 ? "O" : "", - bgpa.bgpa_flags & 0x40 ? "T" : "", - bgpa.bgpa_flags & 0x20 ? "P" : "", - bgpa.bgpa_flags & 0x10 ? "E" : ""); - if (bgpa.bgpa_flags & 0xf) - printf("+%x", bgpa.bgpa_flags & 0xf); + aflags & 0x80 ? "O" : "", + aflags & 0x40 ? "T" : "", + aflags & 0x20 ? "P" : "", + aflags & 0x10 ? "E" : ""); + if (aflags & 0xf) + printf("+%x", aflags & 0xf); printf("]: "); } - if (!bgp_attr_print(&bgpa, &p[i + aoff], alen)) + if (len < alen) + goto trunc; + if (length < alen) goto trunc; - i += aoff + alen; + if (!bgp_attr_print(atype, p, alen)) + goto trunc; + p += alen; + len -= alen; + length -= alen; } } - p += 2 + len; - if (dat + length > p) { + if (length) { + /* + * XXX - what if they're using the "Advertisement of + * Multiple Paths in BGP" feature: + * + * https://datatracker.ietf.org/doc/draft-ietf-idr-add-paths/ + * + * http://tools.ietf.org/html/draft-ietf-idr-add-paths-06 + */ printf("\n\t Updated routes:"); - while (dat + length > p) { + while (length) { char buf[MAXHOSTNAMELEN + 100]; - i = decode_prefix4(p, buf, sizeof(buf)); + i = decode_prefix4(p, length, buf, sizeof(buf)); if (i == -1) { printf("\n\t (illegal prefix length)"); break; } else if (i == -2) goto trunc; + else if (i == -3) + goto trunc; /* bytes left, but not enough */ else { printf("\n\t %s", buf); p += i; + length -= i; } } } |