From: Jonas Chianu <jchianu@onx-jchianu-02.ciena.com>
Date: Fri, 31 Mar 2023 16:24:22 +0000 (-0400)
Subject: Moved source port equal BCM_LI_PORT to bottom of long if else chain
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/10f7dff0c64e8ebb480cf48f5a09871e0d431761

Moved source port equal BCM_LI_PORT to bottom of long if else chain

BCM_LI_SHIM (BCM_LI_PORT) value is set to 49152, therefore when the
source port is 49152, it does not matter what the true destination is,
it defaults to Broadcom. So tcpdump interprets any packet with source
UDP port of 49152 as BCM_LI_SHIM (Broadcom). Ports 49152+, by
definition are ephemeral ports so it's totally reasonable that, for
example, BFD is using that source port for their packets. To prevent,
for example, BFD packets from being wrongly identified as BCM_LI_SHIM
packets, the "else if" statement has been moved to bottom of long chain.

Add a test file.
---

diff --git a/print-udp.c b/print-udp.c
index bbe5f1cb..f1f5b662 100644
--- a/print-udp.c
+++ b/print-udp.c
@@ -622,8 +622,6 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
 					(IP_V(ip) == 6) ? 1 : 0);
 		else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT))
 			lspping_print(ndo, cp, length);
-		else if (sport == BCM_LI_PORT)
-			bcm_li_print(ndo, cp, length);
 		else if (dport == BFD_CONTROL_PORT ||
 			 dport == BFD_MULTIHOP_PORT ||
 			 dport == BFD_LAG_PORT ||
@@ -675,6 +673,8 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
 		else if (IS_SRC_OR_DST_PORT(HTTPS_PORT) &&
 			 quic_detect(ndo, cp, length))
 			quic_print(ndo, cp, length);
+		else if (sport == BCM_LI_PORT)
+			bcm_li_print(ndo, cp, length);
 		else {
 			if (ulen > length && !fragmented)
 				ND_PRINT("UDP, bad length %u > %u",
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 6aa94a14..a3065905 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -853,6 +853,8 @@ bfd-lag		bfd-lag.pcap		bfd-lag.out
 bfd-lag-v	bfd-lag.pcap		bfd-lag-v.out		-v
 bfd-sbfd	bfd-sbfd.pcap		bfd-sbfd.out
 bfd-sbfd-v	bfd-sbfd.pcap		bfd-sbfd-v.out		-v
+# BFD with source port 49152
+bfd_source_port_49152 bfd_source_port_49152.pcap bfd_source_port_49152.out -v
 
 # Arista Vendor Specific Tests
 arista-ether             arista_ether.pcap        arista_ether.out
diff --git a/tests/bfd_source_port_49152.out b/tests/bfd_source_port_49152.out
new file mode 100644
index 00000000..f9c3bddd
--- /dev/null
+++ b/tests/bfd_source_port_49152.out
@@ -0,0 +1,8 @@
+    1  09:58:19.559328 IP (tos 0xe0, ttl 255, id 40257, offset 0, flags [DF], proto UDP (17), length 52)
+    11.11.11.2.49152 > 11.11.11.1.3784: BFDv1, length: 24
+	Control, State Up, Flags: [Control Plane Independent], Diagnostic: No Diagnostic (0x00)
+	Detection Timer Multiplier: 3 (300 ms Detection time), BFD Length: 24
+	My Discriminator: 0x80000001, Your Discriminator: 0x80000001
+	  Desired min Tx Interval:     100 ms
+	  Required min Rx Interval:    100 ms
+	  Required min Echo Interval:    0 ms
diff --git a/tests/bfd_source_port_49152.pcap b/tests/bfd_source_port_49152.pcap
new file mode 100644
index 00000000..bae9da18
Binary files /dev/null and b/tests/bfd_source_port_49152.pcap differ