Search RPD Archives
[rpd] Reserved Space/Available Space and potential hijacking
Noah
noah at neo.co.tz
Wed Oct 15 12:17:03 UTC 2025
Hi Andrew
In addition to Ben's comment, please share the link to the github/repo of
the code assuming it's public.
Cheers,
*.**/noah*
On Wed, Oct 15, 2025 at 3:06 PM ben.roberts--- via RPD <rpd at afrinic.net>
wrote:
> This is great Andrew. I feel like we should have more of this sort of
> thing and perhaps an IP address research hackathon will be a great idea.
>
>
>
> Your c is pretty good, I will give you a tip though.
>
>
>
> 2 useful features of c are to use // or /* */ to insert comments in the
> code
>
> e.g.
>
> // This is a comment
>
> Or
>
> /* This is a comment*/
>
>
>
> The comments aren’t compiled in the code so you can write anything you
> like. Using comments like this is really helpful when sharing code with
> others, to help them understand it…
>
>
>
>
>
> 😊😊😊
>
>
>
> *From:* Andrew Alston <aa at alstonnetworks.net>
> *Sent:* 15 October 2025 14:41
> *To:* RPD <rpd at afrinic.net>
> *Subject:* [rpd] Reserved Space/Available Space and potential hijacking
>
>
>
> Hi Guys,
>
>
>
> So - Firstly a few notes on using the code I'm going to paste below.
>
>
>
> I created the BGP dump file on a juniper router by running a "show route
> protocol bgp | save bgp.dump.txt" and then copying that dump file to my
> local system from the Juniper router. Note - this produces a roughly
> 400meg file on a full table router and it takes quite a while to run the
> command.
>
> Then - I used the delegated-afrinic-extended-latest file downloaded from
> the stats ftp server.
>
>
>
> In the code below - if you wish to run similar - change the char
> BGP_DUMP[256] and char AFRINIC_EXT[256] global variables to match the
> pathing to the relevant files.
>
>
>
> Note that there is some weirdness in this code to deal with endianness -
> and I will openly admit its not the cleanest (or probably most efficient)
> code - but it does work and I've verified the results.
>
>
>
> I've pasted the code below the results section.
>
>
>
> So - first the results:
>
>
>
> Found 824064 total available addresses and 4482304 total reserved addresses
> 41.57.124.0/22 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 1024 addresses to potential hijack]
> 41.57.124.0/23 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 512 addresses to potential hijack]
> 41.57.124.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 256 addresses to potential hijack]
> 41.57.125.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 256 addresses to potential hijack]
> 41.57.126.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 256 addresses to potential hijack]
> 41.57.127.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
> [Adding 256 addresses to potential hijack]
> 41.77.64.0/21 fell between reserved range 41.77.64.0 -> 41.77.71.255
> [Adding 2048 addresses to potential hijack]
> 41.138.192.0/24 fell between reserved range 41.138.192.0 ->
> 41.138.223.255 [Adding 256 addresses to potential hijack]
> 41.204.224.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.225.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.226.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.227.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.228.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.229.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.230.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.231.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.232.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.233.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.234.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.235.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.236.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.237.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.238.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.239.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.240.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.241.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.242.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.243.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.244.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.245.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.246.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.247.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.248.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.249.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.250.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.251.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.254.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.204.255.0/24 fell between reserved range 41.204.224.0 ->
> 41.204.255.255 [Adding 256 addresses to potential hijack]
> 41.205.224.0/19 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 8192 addresses to potential hijack]
> 41.205.225.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.232.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.234.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.235.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.237.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.238.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.205.239.0/24 fell between reserved range 41.205.224.0 ->
> 41.205.255.255 [Adding 256 addresses to potential hijack]
> 41.220.48.0/20 fell between reserved range 41.220.48.0 -> 41.220.63.255
> [Adding 4096 addresses to potential hijack]
> 80.88.6.0/24 fell between reserved range 80.88.6.0 -> 80.88.6.255 [Adding
> 256 addresses to potential hijack]
> 102.128.74.0/24 fell between reserved range 102.128.72.0 ->
> 102.128.75.255 [Adding 256 addresses to potential hijack]
> 102.135.164.0/24 fell between reserved range 102.135.164.0 ->
> 102.135.167.255 [Adding 256 addresses to potential hijack]
> 102.135.165.0/24 fell between reserved range 102.135.164.0 ->
> 102.135.167.255 [Adding 256 addresses to potential hijack]
> 102.135.166.0/24 fell between reserved range 102.135.164.0 ->
> 102.135.167.255 [Adding 256 addresses to potential hijack]
> 102.219.128.0/24 fell between reserved range 102.219.128.0 ->
> 102.219.131.255 [Adding 256 addresses to potential hijack]
> 102.219.129.0/24 fell between reserved range 102.219.128.0 ->
> 102.219.131.255 [Adding 256 addresses to potential hijack]
> 102.219.130.0/24 fell between reserved range 102.219.128.0 ->
> 102.219.131.255 [Adding 256 addresses to potential hijack]
> 102.221.148.0/22 fell between reserved range 102.221.144.0 ->
> 102.221.151.255 [Adding 1024 addresses to potential hijack]
> 156.0.254.0/24 fell between reserved range 156.0.254.0 -> 156.0.254.255
> [Adding 256 addresses to potential hijack]
> 160.119.208.0/24 fell between reserved range 160.119.208.0 ->
> 160.119.211.255 [Adding 256 addresses to potential hijack]
> 160.119.209.0/24 fell between reserved range 160.119.208.0 ->
> 160.119.211.255 [Adding 256 addresses to potential hijack]
> 164.160.192.0/21 fell between reserved range 164.160.192.0 ->
> 164.160.223.255 [Adding 2048 addresses to potential hijack]
> 169.255.164.0/22 fell between reserved range 169.255.164.0 ->
> 169.255.167.255 [Adding 1024 addresses to potential hijack]
> 193.188.7.0/24 fell between reserved range 193.188.7.0 -> 193.188.7.255
> [Adding 256 addresses to potential hijack]
> 196.13.203.0/24 fell between reserved range 196.13.203.0 ->
> 196.13.203.255 [Adding 256 addresses to potential hijack]
> 196.20.60.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
> [Adding 256 addresses to potential hijack]
> 196.20.61.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
> [Adding 256 addresses to potential hijack]
> 196.20.62.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
> [Adding 256 addresses to potential hijack]
> 196.41.74.0/24 fell between reserved range 196.41.74.0 -> 196.41.74.255
> [Adding 256 addresses to potential hijack]
> 196.43.252.0/24 fell between reserved range 196.43.252.0 ->
> 196.43.252.255 [Adding 256 addresses to potential hijack]
> 196.46.18.0/24 fell between reserved range 196.46.18.0 -> 196.46.19.255
> [Adding 256 addresses to potential hijack]
> 196.46.19.0/24 fell between reserved range 196.46.18.0 -> 196.46.19.255
> [Adding 256 addresses to potential hijack]
> 196.46.152.0/24 fell between reserved range 196.46.152.0 ->
> 196.46.159.255 [Adding 256 addresses to potential hijack]
> 196.46.153.0/24 fell between reserved range 196.46.152.0 ->
> 196.46.159.255 [Adding 256 addresses to potential hijack]
> 196.46.154.0/23 fell between reserved range 196.46.152.0 ->
> 196.46.159.255 [Adding 512 addresses to potential hijack]
> 196.50.21.0/24 fell between reserved range 196.50.21.0 -> 196.50.21.255
> [Adding 256 addresses to potential hijack]
> 196.53.113.0/24 fell between reserved range 196.52.0.0 -> 196.55.255.255
> [Adding 256 addresses to potential hijack]
> 196.54.72.0/23 fell between reserved range 196.52.0.0 -> 196.55.255.255
> [Adding 512 addresses to potential hijack]
> 196.55.102.0/23 fell between reserved range 196.52.0.0 -> 196.55.255.255
> [Adding 512 addresses to potential hijack]
> 196.63.243.0/24 fell between reserved range 196.62.0.0 -> 196.63.255.255
> [Adding 256 addresses to potential hijack]
> 196.195.4.0/24 fell between reserved range 196.194.0.0 -> 196.195.255.255
> [Adding 256 addresses to potential hijack]
> 196.195.15.0/24 fell between reserved range 196.194.0.0 ->
> 196.195.255.255 [Adding 256 addresses to potential hijack]
> 196.195.253.0/24 fell between reserved range 196.194.0.0 ->
> 196.195.255.255 [Adding 256 addresses to potential hijack]
> 197.157.200.0/22 fell between reserved range 197.157.200.0 ->
> 197.157.203.255 [Adding 1024 addresses to potential hijack]
> 197.231.248.0/22 fell between reserved range 197.231.248.0 ->
> 197.231.251.255 [Adding 1024 addresses to potential hijack]
> 197.231.248.0/24 fell between reserved range 197.231.248.0 ->
> 197.231.251.255 [Adding 256 addresses to potential hijack]
> 197.231.249.0/24 fell between reserved range 197.231.248.0 ->
> 197.231.251.255 [Adding 256 addresses to potential hijack]
> 197.231.250.0/24 fell between reserved range 197.231.248.0 ->
> 197.231.251.255 [Adding 256 addresses to potential hijack]
> 197.231.251.0/24 fell between reserved range 197.231.248.0 ->
> 197.231.251.255 [Adding 256 addresses to potential hijack]
> 197.234.208.0/24 fell between reserved range 197.234.208.0 ->
> 197.234.215.255 [Adding 256 addresses to potential hijack]
> 212.12.224.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.225.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.226.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.227.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.229.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.231.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.232.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.233.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.234.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.235.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.236.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.237.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.238.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.239.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.240.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.241.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.242.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.243.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.244.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.245.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.246.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.247.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.248.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.249.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.250.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.251.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.252.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.254.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> 212.12.255.0/24 fell between reserved range 212.12.224.0 ->
> 212.12.255.255 [Adding 256 addresses to potential hijack]
> Found 50176 potentially hijacked addresses
>
>
>
> --- Below here is the code (I didn't know if I could send attachments to
> the RPD list so I just pasted the code straight) ---
>
>
>
> //
> // main.c
> // AfrinicAudit
> //
> // Created by Andrew Alston on 15/10/2025.
> // Code is considered open use with no restrictions.
> //
>
> #include <stdlib.h>
> #include <stdio.h>
> #include <string.h>
> #include <arpa/inet.h>
>
> char BGP_DUMP[256] = "/Users/aalston/audit/bgp.dump.txt";
> char AFRINIC_EXT[256] =
> "/Users/aalston/audit/delegated-afrinic-extended-latest";
>
> struct routes {
> unsigned int network;
> unsigned int broadcast;
> unsigned int mask;
> unsigned short cidr;
> };
>
> struct audit {
> struct routes *dfz;
> int dfz_count;
> struct routes *reserved;
> int total_resv;
> int rc;
> struct routes *available;
> int total_avail;
> int ac;
> };
>
> int parse_afrinic_extended(char *afext, struct audit *output) {
> FILE *dump = fopen(afext, "r");
> if(!dump)
> return -1;
> char buffer[1024] = {0};
> char *delim;
> output->rc = 0;
> while(fgets(buffer, 1024, dump)) {
> if(strstr(buffer, "ZZ") && strstr(buffer, "reserved") &&
> strstr(buffer, "ipv4")) {
> output->rc++;
> }
> }
> output->reserved = calloc(output->rc, sizeof(struct routes));
> if(!output->reserved)
> return -1;
> output->rc = 0;
> struct routes *resv = output->reserved;
> rewind(dump);
> while(fgets(buffer, 1024, dump)) {
> if(strstr(buffer, "ZZ") && strstr(buffer, "reserved") &&
> strstr(buffer, "ipv4")) {
> delim = strtok(buffer, "|");
> for(int i = 0; i < 3; i++)
> delim = strtok(NULL, "|");
> inet_pton(AF_INET, delim, &resv[output->rc].network);
> resv[output->rc].network =
> __builtin_bswap32(resv[output->rc].network);
> delim = strtok(NULL, "|");
> unsigned int addr_count = atoi(delim);
> output->total_resv += addr_count;
> resv[output->rc].broadcast =
> resv[output->rc].network+(addr_count-1);
> resv[output->rc].network =
> __builtin_bswap32(resv[output->rc].network);
> resv[output->rc].broadcast =
> __builtin_bswap32(resv[output->rc].broadcast);
> resv[output->rc].mask = ~__builtin_bswap32((unsigned
> int)addr_count-1);
> output->rc++;
> }
> }
> rewind(dump);
> while(fgets(buffer, 1024, dump)) {
> if(strstr(buffer, "ZZ") && strstr(buffer, "available") &&
> strstr(buffer, "ipv4")) {
> output->ac++;
> }
> }
> output->available = calloc(output->ac, sizeof(struct routes));
> if(!output->available)
> return -1;
> struct routes *avail = output->available;
> rewind(dump);
> while(fgets(buffer, 1024, dump)) {
> if(strstr(buffer, "ZZ") && strstr(buffer, "available") &&
> strstr(buffer, "ipv4")) {
> delim = strtok(buffer, "|");
> for(int i = 0; i < 3; i++)
> delim = strtok(NULL, "|");
> inet_pton(AF_INET, delim, &avail[output->ac].network);
> avail[output->ac].network =
> __builtin_bswap32(avail[output->ac].network);
> delim = strtok(NULL, "|");
> unsigned int addr_count = atoi(delim);
> output->total_avail += addr_count;
> avail[output->ac].broadcast =
> avail[output->ac].network+(addr_count-1);
> avail[output->ac].mask = ~__builtin_bswap32((unsigned
> int)addr_count-1);
> output->ac++;
> }
> }
> fclose(dump);
> return 0;
> }
>
> int parse_dfz(char *dfz_dump, struct audit *output) {
> FILE *dump = fopen(dfz_dump, "r");
> char buffer[1024] = {0};
> int rc = 0, mult = 0, cidr = 0;
> char *delim;
> if(!dump) {
> return -1;
> }
> while(fgets(buffer, 1024, dump)) {
> if(buffer[0] >= '1' && buffer[0] <= '9' && strtok(buffer, "/") &&
> strchr(buffer, '.')) {
> rc++;
> }
> }
> output->dfz = calloc(rc, sizeof(struct routes));
> output->dfz_count = rc;
> if(!output->dfz) {
> return -1;
> }
> rewind(dump);
> rc = 0;
> while(fgets(buffer, 1024, dump)) {
> if(buffer[0] >= '1' && buffer[0] <= '9') {
> cidr = 0;
> delim = strtok(buffer, "/");
> delim = strtok(NULL, "/");
> if(!delim) {
> memset(buffer, 0, 1024);
> continue;
> }
> mult = 1;
> for(int i = 0; i < 3; i++) {
> if(delim[i] >= '0' && delim[i] <= '9') {
> cidr = cidr * mult+(9-('9'-delim[i]));
> mult*=10;
> }
> }
> delim = strchr(buffer, '.');
> if(!delim) {
> memset(buffer, 0, 1024);
> continue;
> }
> output->dfz[rc].cidr = cidr;
> inet_pton(AF_INET, buffer, &output->dfz[rc].network);
> output->dfz[rc].cidr = cidr;
> output->dfz[rc].network = __builtin_bswap32((unsigned
> int)output->dfz[rc].network);
> output->dfz[rc].mask = (~(unsigned int)0) << (32-cidr);
> output->dfz[rc].broadcast = output->dfz[rc].network +
> ((~(unsigned int)0) >> cidr);
> output->dfz[rc].network = __builtin_bswap32((unsigned
> int)output->dfz[rc].network);
> output->dfz[rc].broadcast = __builtin_bswap32((unsigned
> int)output->dfz[rc].broadcast);
> rc++;
> memset(buffer, 0, 1024);
> }
> }
> fclose(dump);
> return 0;
> }
>
> int audit_reserved(struct audit *data) {
> int hijack_count = 0;
> for(int i = 0; i < data->dfz_count; i++) {
> unsigned int dfz_net = __builtin_bswap32((unsigned
> int)data->dfz[i].network);
> unsigned int dfz_bcast = __builtin_bswap32((unsigned
> int)data->dfz[i].broadcast);
> for(int r = 0; r < data->rc; r++) {
> unsigned int resv_net = __builtin_bswap32((unsigned
> int)data->reserved[r].network);
> unsigned int resv_bcast = __builtin_bswap32((unsigned
> int)data->reserved[r].broadcast);
> if(dfz_net >= resv_net && dfz_net <= resv_bcast) {
> hijack_count += ((dfz_bcast-dfz_net)+1);
> char dfz_route[INET_ADDRSTRLEN] = {0};
> char resv_network[INET_ADDRSTRLEN] = {0};
> char resv_broadcast[INET_ADDRSTRLEN] = {0};
> inet_ntop(AF_INET, &data->dfz[i].network, dfz_route,
> INET_ADDRSTRLEN);
> inet_ntop(AF_INET, &data->reserved[r].network,
> resv_network, INET_ADDRSTRLEN);
> inet_ntop(AF_INET, &data->reserved[r].broadcast,
> resv_broadcast, INET_ADDRSTRLEN);
> printf("%s/%d fell between reserved range %s -> %s [Adding
> %d addresses to potential hijack]\n",
> dfz_route, data->dfz[i].cidr, resv_network,
> resv_broadcast, (dfz_bcast-dfz_net)+1);
> }
> }
> for(int a = 0; a < data->ac; a++) {
> unsigned int avail_net = __builtin_bswap32((unsigned
> int)data->available[a].network);
> unsigned int avail_bcast = __builtin_bswap32((unsigned
> int)data->available[a].broadcast);
> if(dfz_net >= data->available[a].network && dfz_net <=
> data->available[a].broadcast) {
> hijack_count +=
> ((data->available[a].broadcast-data->available[a].network)+1);
> char dfz_route[INET_ADDRSTRLEN] = {0};
> char avail_network[INET_ADDRSTRLEN] = {0};
> char avail_broadcast[INET_ADDRSTRLEN] = {0};
> inet_ntop(AF_INET, &data->dfz[i].network, dfz_route,
> INET_ADDRSTRLEN);
> inet_ntop(AF_INET, &avail_net, avail_network,
> INET_ADDRSTRLEN);
> inet_ntop(AF_INET, &avail_bcast, avail_broadcast,
> INET_ADDRSTRLEN);
> printf("%s/%d fell between available range %s -> %s\n",
> dfz_route, data->dfz[i].cidr, avail_network, avail_broadcast);
> }
> }
> }
> printf("Found %d potentially hijacked addresses\n", hijack_count);
> return 0;
> }
>
> int main(int argc, const char * argv[]) {
> struct audit data = {0};
> if(parse_dfz(BGP_DUMP, &data))
> return EXIT_FAILURE;
> if(parse_afrinic_extended(AFRINIC_EXT, &data))
> return EXIT_FAILURE;
> printf("Found %d total available addresses and %d total reserved
> addresses\n", data.total_avail, data.total_resv);
> audit_reserved(&data);
> return EXIT_SUCCESS;
> }
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20251015/6a4a4e30/attachment-0001.html>
More information about the RPD
mailing list