core: do not process too large prefixes

ANSSI-FR · Jan 20, 2017 · 6fbe542 · 6fbe542
1 parent 8fa7e95
commit 6fbe542
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 13 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+tabi (1.0.2) UNRELEASED; urgency=low
+
+  * core: do not process too large prefixes
+
+ -- Nicolas Vivet <[email protected]>  Fri, 20 Jan 2017 10:12:18 +0200
+
 tabi (1.0.1) UNRELEASED; urgency=low
 
   * inputs: do not stop processing on incorrect AS_PATH

diff --git a/setup.py b/setup.py
@@ -24,7 +24,7 @@ def run_tests(self):
 
 setup(
     name="tabi",
-    version="1.0.1",
+    version="1.0.2",
     description="Detect hijacks from BGP logs",
     url="https://github.com/ANSSI-FR/tabi",
     author="ANSSI/SDE",

diff --git a/tabi/core.py b/tabi/core.py
@@ -38,20 +38,24 @@ def iter_origin(origin):
 
 def default_route(update):
     """Function that handles the processing of UPDATEs containing
-    the default prefixes.
+    the default prefixes (where mask length is lower than 8 bits).
     """
 
-    if update.prefix == "0.0.0.0/0" or update.prefix == "::/0":
-        for asn in iter_origin(update.origin):
-            tmp_announce = OrderedDict([("prefix", update.prefix),
-                                        ("asn", asn),
-                                        ("as_path", update.as_path)])
-            default_info = OrderedDict([("timestamp", update.timestamp),
-                                        ("collector", update.collector),
-                                        ("peer_as", update.peer_as),
-                                        ("peer_ip", update.peer_ip),
-                                        ("announce", tmp_announce)])
-            yield default_info
+    try:
+        _, masklen = update.prefix.split("/")
+        if int(masklen) < 8:
+            for asn in iter_origin(update.origin):
+                tmp_announce = OrderedDict([("prefix", update.prefix),
+                                            ("asn", asn),
+                                            ("as_path", update.as_path)])
+                default_info = OrderedDict([("timestamp", update.timestamp),
+                                            ("collector", update.collector),
+                                            ("peer_as", update.peer_as),
+                                            ("peer_ip", update.peer_ip),
+                                            ("announce", tmp_announce)])
+                yield default_info
+    except ValueError:
+        pass
 
 
 def format_route(update, num_routes):