BGP: Fix parsing the AIGP attribute

There was an invalid ND_TCHECK_LEN(), thus the AIGP metric attribute
at the end of an update message was incorrectly shown as truncated.

Remove it because the data fetching is secured by GET_BE_U_8 and
print_unknown_data.

Add a test file with AIGP attribute at the end of an update message.

This should fix GitHub issue #975.

Remark:
This code need more updates on length checks to change some 'truncated'
process to 'invalid' process.

(cherry picked from commit 255c1cbcf3300216bcd23a0df63493ae37e6d70f)

diff --git a/print-bgp.c b/print-bgp.c
index c9051078fd8cbbdb0c34410a5cfc682561dd25b2..35c23c058feb4fddb149b20d639620eb47808585 100644 (file)
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -2379,7 +2379,6 @@ bgp_attr_print(netdissect_options *ndo,
             /*
              * Check if we can read the TLV data.
              */
             /*
              * Check if we can read the TLV data.
              */

-            ND_TCHECK_LEN(tptr + 3, length);

             if (tlen < length)
                 goto trunc;
 
             if (tlen < length)
                 goto trunc;
 

diff --git a/tests/TESTLIST b/tests/TESTLIST
index c3fae12f59eb7854b5dd58f5893c4ef0a0f63040..de006191653c69fe9f195119b87ce729aae6b15c 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -24,6 +24,7 @@ bgp_vpn_attrset bgp_vpn_attrset.pcap bgp_vpn_attrset.out -v
 mpbgp-linklocal-nexthop mpbgp-linklocal-nexthop.pcap mpbgp-linklocal-nexthop.out -v
 bgp_infloop-v          bgp-infinite-loop.pcap          bgp_infloop-v.out       -v
 bgp-aigp       bgp-aigp.pcap   bgp-aigp.out    -v
 mpbgp-linklocal-nexthop mpbgp-linklocal-nexthop.pcap mpbgp-linklocal-nexthop.out -v
 bgp_infloop-v          bgp-infinite-loop.pcap          bgp_infloop-v.out       -v
 bgp-aigp       bgp-aigp.pcap   bgp-aigp.out    -v

+bgp-aigp-2     bgp-aigp-2.pcap bgp-aigp-2.out  -v

 bgp-large-community bgp-large-community.pcap bgp-large-community.out -v
 bgp-shutdown-communication bgp-shutdown-communication.pcapng bgp-shutdown-communication.out -v
 bgp-addpath bgp-addpath.pcap bgp-addpath.out -v
 bgp-large-community bgp-large-community.pcap bgp-large-community.out -v
 bgp-shutdown-communication bgp-shutdown-communication.pcapng bgp-shutdown-communication.out -v
 bgp-addpath bgp-addpath.pcap bgp-addpath.out -v

diff --git a/tests/bgp-aigp-2.out b/tests/bgp-aigp-2.out
new file mode 100644 (file)
index 0000000..e4a9e32
--- /dev/null
+++ b/tests/bgp-aigp-2.out
@@ -0,0 +1,12 @@
+    1  16:35:36.779852 IP (tos 0x0, ttl 64, id 65464, offset 0, flags [DF], proto TCP (6), length 126)
+    1.0.1.1.33933 > 1.0.1.2.179: Flags [P.], cksum 0xdf3f (correct), seq 1822120333:1822120407, ack 3227512929, win 128, options [nop,nop,TS val 3213935882 ecr 3055548704], length 74: BGP
+       Update Message (2), length: 74
+         Origin (1), length: 1, Flags [T]: EGP
+         AS Path (2), length: 4, Flags [T]: 101 
+         Next Hop (3), length: 4, Flags [T]: 0.0.0.0
+         Multi-Protocol Reach NLRI (14), length: 16, Flags [O]: 
+           AFI: IPv4 (1), SAFI: labeled Unicast (4)
+           nexthop: 1.0.1.1, nh-length: 4, no SNPA
+             123.1.1.0/24, label:20 (bottom)
+         Accumulated IGP Metric (26), length: 11, Flags [O]: 
+           AIGP TLV (1), length 11, metric 4294967295

diff --git a/tests/bgp-aigp-2.pcap b/tests/bgp-aigp-2.pcap
new file mode 100644 (file)
index 0000000..5aec56f
Binary files /dev/null and b/tests/bgp-aigp-2.pcap differ