Hi folks
There is a bug in bgp open message options parsing in print-bgp.c. The
problem is in the line listed below.
554: for (i = 0; i < bgpo.bgpo_optlen; i++) {
TCHECK2(opt[i], BGP_OPT_SIZE);
memcpy(&bgpopt, &opt[i], BGP_OPT_SIZE);
if (i + 2 + bgpopt.bgpopt_len > bgpo.bgpo_optlen) {
printf(" [|opt %d %d]", bgpopt.bgpopt_len, bgpopt.bgpopt_type);
break;
}
printf(" (option %s, len=%d)", bgp_opttype(bgpopt.bgpopt_type),
bgpopt.bgpopt_len);
i += BGP_OPT_SIZE + bgpopt.bgpopt_len;
}
The for loop should be
for (i = 0; i < bgpo.bgpo_optlen; /* Nothing */ ) {
since i is getting incremented within the for loop. This results in
the i going one value too far into the options list and so memcpy of
bgpopt results in incorrect value. A patch is attached that corrects
it. I am not sure what the correct patch format is. I am sending a
'diff -ur'.
The patch also contains the identification of the Capabilities
optional parameter (parameter type 2) in 'char *bgpopt_type[]'.
I had sent a patch earlier today to [EMAIL PROTECTED] on
print-mpls.c but I am not sure if I should send it to tcpdump-workers
also. Could someone let me know about that? Thanks.
Kaarthik
--- print-bgp.c.orig Tue Oct 16 20:26:54 2001
+++ print-bgp.c Tue Oct 16 20:24:22 2001
@@ -131,7 +131,7 @@
#define bgp_type(x) num_or_str(bgptype, sizeof(bgptype)/sizeof(bgptype[0]), (x))
static const char *bgpopt_type[] = {
- NULL, "Authentication Information",
+ NULL, "Authentication Information", "Capabilities Advertisement",
};
#define bgp_opttype(x) \
num_or_str(bgpopt_type, sizeof(bgpopt_type)/sizeof(bgpopt_type[0]), (x))
@@ -551,7 +551,7 @@
opt = &((const struct bgp_open *)dat)->bgpo_optlen;
opt++;
- for (i = 0; i < bgpo.bgpo_optlen; i++) {
+ for (i = 0; i < bgpo.bgpo_optlen; /* Nothing */ ) {
TCHECK2(opt[i], BGP_OPT_SIZE);
memcpy(&bgpopt, &opt[i], BGP_OPT_SIZE);
if (i + 2 + bgpopt.bgpopt_len > bgpo.bgpo_optlen) {
