On Thu, Oct 22, 2020 at 07:49:40PM +0200, Peter J. Philipp wrote:
> Hi,
>
> Just got this message (seemed like a flood) from tcpdump:
>
> ----
> [MBMS Support] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS Support] [M
> BMS Support] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS Support]
> [MBMS S
> upport] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS
> Support] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS Support] [MBMS
> Support] [M
> BMS Support] [MBMS Support] [MBMS Support] [MBMS^C
>
> 3407731 packets received by filter
>
> 2169 packets dropped by kernel
>
> you have mail in /var/mail/pjp
>
> eta# tcpdump -v -n -i pppoe0 -s 1500 -X port 8053
>
> tcpdump: listening on pppoe0, link-type PPP_ETHER
> ----
>
> The tcpdump command was executed as is. System is OpenBSD 6.8. What I find
> weird here is that there is no configured 8053 port for GTP is there?
>
> Best Regards,
> -peter
>
Hi again,
so I've found out that in print-gtp.c there might be the possibility for an
endless loop. In function gtp_v1_print():
928 /* Header length is a 4 octet multiplier. */
929 hlen = (int)p[0] * 4;
930 TCHECK2(p[0], hlen);
if hlen == 0 here it would pass (as in not goto trunc) TCHECK2 right?
958 p += hlen - 1;
959 nexthdr = (int)p[0];
960 p++;
Here it would go backwards by one which nexthdr would become (if it's 0
coincidentally?) and then it increments by one to start anew.
Can anyone confirm my suspicions?
Best Regards,
-peter
