Incorrect NLRIs and mask displayed #35
Description
Environment
$ pbgpp.py --version
pbgpp PCAP BGP Parser v0.2.22
$ python --version
Python 3.8.2
Result:
pbgpp shows nonexistent NLRIs and masks for (some) input files with many UPDATE messages. That's my guess. Might also result from another factor.
Example:
|- Update Message Sub-Type: NONE
|- Withdrawn Routes Length: 0 Bytes
|- Total Path Attribute Length: 0 Bytes
|- Prefix (NLRI):
|--- 1.1.0.64/64
|--- 22.0.0.0/2
|--- 5.0.0.0/2
|--- 0.0.0.0/0
|--- 71.0.0.62/62
|--- 0.3.33.254/71
|--- 0.0.0.0/0
|--- 28.0.0.52/32
|--- 64.3.4.0/23
|--- 81.194.255.192/80
|--- 8.0.0.0/7
|--- 0.0.0.0/0
|--- 23.162.158.132/52
|--- 20.0.0.0/1
|--- 18.64.20.104/104
|--- 240.20.104.0/17
|--- 208.20.0.0/16
|--- 16.144.20.104/104
|--- 176.23.23.0/17
|--- 38.24.1.1/227
|--- 24.0.0.0/1
|--- 0.0.0.0/1
Output is mixed between:
- nonexistent in PCAP but valid, e.g.
0.0.0.0/0 - invalid prefix length, e.g.
81.194.255.192/80 - invalid prefix and prefix length, e.g.
0.3.33.254/71
I'm assuming there's an overflow at some point which causes the result.
How to reproduce:
Parse the attached PCAP:
pbgpp.py --pcap example.pcap -f HUMAN_READABLE
Example PCAP:
example.pcap.zip