Search RPD Archives
[rpd] Reserved Space/Available Space and potential hijacking
Andrew Alston
aa at alstonnetworks.net
Wed Oct 15 12:21:43 UTC 2025
I haven't bothered to put this on github yet, will try and find the time to
do so later and will share the link.
Thanks
Andrew
On Wed, Oct 15, 2025 at 3:17 PM Noah <noah at neo.co.tz> wrote:
> Hi Andrew
>
> In addition to Ben's comment, please share the link to the github/repo of
> the code assuming it's public.
>
> Cheers,
> *.**/noah*
>
>
>
> On Wed, Oct 15, 2025 at 3:06 PM ben.roberts--- via RPD <rpd at afrinic.net>
> wrote:
>
>> This is great Andrew. I feel like we should have more of this sort of
>> thing and perhaps an IP address research hackathon will be a great idea.
>>
>>
>>
>> Your c is pretty good, I will give you a tip though.
>>
>>
>>
>> 2 useful features of c are to use // or /* */ to insert comments in the
>> code
>>
>> e.g.
>>
>> // This is a comment
>>
>> Or
>>
>> /* This is a comment*/
>>
>>
>>
>> The comments aren’t compiled in the code so you can write anything you
>> like. Using comments like this is really helpful when sharing code with
>> others, to help them understand it…
>>
>>
>>
>>
>>
>> 😊😊😊
>>
>>
>>
>> *From:* Andrew Alston <aa at alstonnetworks.net>
>> *Sent:* 15 October 2025 14:41
>> *To:* RPD <rpd at afrinic.net>
>> *Subject:* [rpd] Reserved Space/Available Space and potential hijacking
>>
>>
>>
>> Hi Guys,
>>
>>
>>
>> So - Firstly a few notes on using the code I'm going to paste below.
>>
>>
>>
>> I created the BGP dump file on a juniper router by running a "show route
>> protocol bgp | save bgp.dump.txt" and then copying that dump file to my
>> local system from the Juniper router. Note - this produces a roughly
>> 400meg file on a full table router and it takes quite a while to run the
>> command.
>>
>> Then - I used the delegated-afrinic-extended-latest file downloaded from
>> the stats ftp server.
>>
>>
>>
>> In the code below - if you wish to run similar - change the char
>> BGP_DUMP[256] and char AFRINIC_EXT[256] global variables to match the
>> pathing to the relevant files.
>>
>>
>>
>> Note that there is some weirdness in this code to deal with endianness -
>> and I will openly admit its not the cleanest (or probably most efficient)
>> code - but it does work and I've verified the results.
>>
>>
>>
>> I've pasted the code below the results section.
>>
>>
>>
>> So - first the results:
>>
>>
>>
>> Found 824064 total available addresses and 4482304 total reserved
>> addresses
>> 41.57.124.0/22 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 1024 addresses to potential hijack]
>> 41.57.124.0/23 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 512 addresses to potential hijack]
>> 41.57.124.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 256 addresses to potential hijack]
>> 41.57.125.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 256 addresses to potential hijack]
>> 41.57.126.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 256 addresses to potential hijack]
>> 41.57.127.0/24 fell between reserved range 41.57.124.0 -> 41.57.127.255
>> [Adding 256 addresses to potential hijack]
>> 41.77.64.0/21 fell between reserved range 41.77.64.0 -> 41.77.71.255
>> [Adding 2048 addresses to potential hijack]
>> 41.138.192.0/24 fell between reserved range 41.138.192.0 ->
>> 41.138.223.255 [Adding 256 addresses to potential hijack]
>> 41.204.224.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.225.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.226.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.227.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.228.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.229.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.230.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.231.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.232.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.233.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.234.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.235.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.236.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.237.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.238.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.239.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.240.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.241.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.242.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.243.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.244.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.245.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.246.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.247.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.248.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.249.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.250.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.251.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.254.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.204.255.0/24 fell between reserved range 41.204.224.0 ->
>> 41.204.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.224.0/19 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 8192 addresses to potential hijack]
>> 41.205.225.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.232.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.234.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.235.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.237.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.238.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.205.239.0/24 fell between reserved range 41.205.224.0 ->
>> 41.205.255.255 [Adding 256 addresses to potential hijack]
>> 41.220.48.0/20 fell between reserved range 41.220.48.0 -> 41.220.63.255
>> [Adding 4096 addresses to potential hijack]
>> 80.88.6.0/24 fell between reserved range 80.88.6.0 -> 80.88.6.255
>> [Adding 256 addresses to potential hijack]
>> 102.128.74.0/24 fell between reserved range 102.128.72.0 ->
>> 102.128.75.255 [Adding 256 addresses to potential hijack]
>> 102.135.164.0/24 fell between reserved range 102.135.164.0 ->
>> 102.135.167.255 [Adding 256 addresses to potential hijack]
>> 102.135.165.0/24 fell between reserved range 102.135.164.0 ->
>> 102.135.167.255 [Adding 256 addresses to potential hijack]
>> 102.135.166.0/24 fell between reserved range 102.135.164.0 ->
>> 102.135.167.255 [Adding 256 addresses to potential hijack]
>> 102.219.128.0/24 fell between reserved range 102.219.128.0 ->
>> 102.219.131.255 [Adding 256 addresses to potential hijack]
>> 102.219.129.0/24 fell between reserved range 102.219.128.0 ->
>> 102.219.131.255 [Adding 256 addresses to potential hijack]
>> 102.219.130.0/24 fell between reserved range 102.219.128.0 ->
>> 102.219.131.255 [Adding 256 addresses to potential hijack]
>> 102.221.148.0/22 fell between reserved range 102.221.144.0 ->
>> 102.221.151.255 [Adding 1024 addresses to potential hijack]
>> 156.0.254.0/24 fell between reserved range 156.0.254.0 -> 156.0.254.255
>> [Adding 256 addresses to potential hijack]
>> 160.119.208.0/24 fell between reserved range 160.119.208.0 ->
>> 160.119.211.255 [Adding 256 addresses to potential hijack]
>> 160.119.209.0/24 fell between reserved range 160.119.208.0 ->
>> 160.119.211.255 [Adding 256 addresses to potential hijack]
>> 164.160.192.0/21 fell between reserved range 164.160.192.0 ->
>> 164.160.223.255 [Adding 2048 addresses to potential hijack]
>> 169.255.164.0/22 fell between reserved range 169.255.164.0 ->
>> 169.255.167.255 [Adding 1024 addresses to potential hijack]
>> 193.188.7.0/24 fell between reserved range 193.188.7.0 -> 193.188.7.255
>> [Adding 256 addresses to potential hijack]
>> 196.13.203.0/24 fell between reserved range 196.13.203.0 ->
>> 196.13.203.255 [Adding 256 addresses to potential hijack]
>> 196.20.60.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
>> [Adding 256 addresses to potential hijack]
>> 196.20.61.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
>> [Adding 256 addresses to potential hijack]
>> 196.20.62.0/24 fell between reserved range 196.20.32.0 -> 196.20.63.255
>> [Adding 256 addresses to potential hijack]
>> 196.41.74.0/24 fell between reserved range 196.41.74.0 -> 196.41.74.255
>> [Adding 256 addresses to potential hijack]
>> 196.43.252.0/24 fell between reserved range 196.43.252.0 ->
>> 196.43.252.255 [Adding 256 addresses to potential hijack]
>> 196.46.18.0/24 fell between reserved range 196.46.18.0 -> 196.46.19.255
>> [Adding 256 addresses to potential hijack]
>> 196.46.19.0/24 fell between reserved range 196.46.18.0 -> 196.46.19.255
>> [Adding 256 addresses to potential hijack]
>> 196.46.152.0/24 fell between reserved range 196.46.152.0 ->
>> 196.46.159.255 [Adding 256 addresses to potential hijack]
>> 196.46.153.0/24 fell between reserved range 196.46.152.0 ->
>> 196.46.159.255 [Adding 256 addresses to potential hijack]
>> 196.46.154.0/23 fell between reserved range 196.46.152.0 ->
>> 196.46.159.255 [Adding 512 addresses to potential hijack]
>> 196.50.21.0/24 fell between reserved range 196.50.21.0 -> 196.50.21.255
>> [Adding 256 addresses to potential hijack]
>> 196.53.113.0/24 fell between reserved range 196.52.0.0 -> 196.55.255.255
>> [Adding 256 addresses to potential hijack]
>> 196.54.72.0/23 fell between reserved range 196.52.0.0 -> 196.55.255.255
>> [Adding 512 addresses to potential hijack]
>> 196.55.102.0/23 fell between reserved range 196.52.0.0 -> 196.55.255.255
>> [Adding 512 addresses to potential hijack]
>> 196.63.243.0/24 fell between reserved range 196.62.0.0 -> 196.63.255.255
>> [Adding 256 addresses to potential hijack]
>> 196.195.4.0/24 fell between reserved range 196.194.0.0 ->
>> 196.195.255.255 [Adding 256 addresses to potential hijack]
>> 196.195.15.0/24 fell between reserved range 196.194.0.0 ->
>> 196.195.255.255 [Adding 256 addresses to potential hijack]
>> 196.195.253.0/24 fell between reserved range 196.194.0.0 ->
>> 196.195.255.255 [Adding 256 addresses to potential hijack]
>> 197.157.200.0/22 fell between reserved range 197.157.200.0 ->
>> 197.157.203.255 [Adding 1024 addresses to potential hijack]
>> 197.231.248.0/22 fell between reserved range 197.231.248.0 ->
>> 197.231.251.255 [Adding 1024 addresses to potential hijack]
>> 197.231.248.0/24 fell between reserved range 197.231.248.0 ->
>> 197.231.251.255 [Adding 256 addresses to potential hijack]
>> 197.231.249.0/24 fell between reserved range 197.231.248.0 ->
>> 197.231.251.255 [Adding 256 addresses to potential hijack]
>> 197.231.250.0/24 fell between reserved range 197.231.248.0 ->
>> 197.231.251.255 [Adding 256 addresses to potential hijack]
>> 197.231.251.0/24 fell between reserved range 197.231.248.0 ->
>> 197.231.251.255 [Adding 256 addresses to potential hijack]
>> 197.234.208.0/24 fell between reserved range 197.234.208.0 ->
>> 197.234.215.255 [Adding 256 addresses to potential hijack]
>> 212.12.224.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.225.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.226.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.227.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.229.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.231.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.232.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.233.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.234.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.235.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.236.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.237.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.238.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.239.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.240.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.241.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.242.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.243.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.244.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.245.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.246.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.247.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.248.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.249.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.250.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.251.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.252.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.254.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> 212.12.255.0/24 fell between reserved range 212.12.224.0 ->
>> 212.12.255.255 [Adding 256 addresses to potential hijack]
>> Found 50176 potentially hijacked addresses
>>
>>
>>
>> --- Below here is the code (I didn't know if I could send attachments to
>> the RPD list so I just pasted the code straight) ---
>>
>>
>>
>> //
>> // main.c
>> // AfrinicAudit
>> //
>> // Created by Andrew Alston on 15/10/2025.
>> // Code is considered open use with no restrictions.
>> //
>>
>> #include <stdlib.h>
>> #include <stdio.h>
>> #include <string.h>
>> #include <arpa/inet.h>
>>
>> char BGP_DUMP[256] = "/Users/aalston/audit/bgp.dump.txt";
>> char AFRINIC_EXT[256] =
>> "/Users/aalston/audit/delegated-afrinic-extended-latest";
>>
>> struct routes {
>> unsigned int network;
>> unsigned int broadcast;
>> unsigned int mask;
>> unsigned short cidr;
>> };
>>
>> struct audit {
>> struct routes *dfz;
>> int dfz_count;
>> struct routes *reserved;
>> int total_resv;
>> int rc;
>> struct routes *available;
>> int total_avail;
>> int ac;
>> };
>>
>> int parse_afrinic_extended(char *afext, struct audit *output) {
>> FILE *dump = fopen(afext, "r");
>> if(!dump)
>> return -1;
>> char buffer[1024] = {0};
>> char *delim;
>> output->rc = 0;
>> while(fgets(buffer, 1024, dump)) {
>> if(strstr(buffer, "ZZ") && strstr(buffer, "reserved") &&
>> strstr(buffer, "ipv4")) {
>> output->rc++;
>> }
>> }
>> output->reserved = calloc(output->rc, sizeof(struct routes));
>> if(!output->reserved)
>> return -1;
>> output->rc = 0;
>> struct routes *resv = output->reserved;
>> rewind(dump);
>> while(fgets(buffer, 1024, dump)) {
>> if(strstr(buffer, "ZZ") && strstr(buffer, "reserved") &&
>> strstr(buffer, "ipv4")) {
>> delim = strtok(buffer, "|");
>> for(int i = 0; i < 3; i++)
>> delim = strtok(NULL, "|");
>> inet_pton(AF_INET, delim, &resv[output->rc].network);
>> resv[output->rc].network =
>> __builtin_bswap32(resv[output->rc].network);
>> delim = strtok(NULL, "|");
>> unsigned int addr_count = atoi(delim);
>> output->total_resv += addr_count;
>> resv[output->rc].broadcast =
>> resv[output->rc].network+(addr_count-1);
>> resv[output->rc].network =
>> __builtin_bswap32(resv[output->rc].network);
>> resv[output->rc].broadcast =
>> __builtin_bswap32(resv[output->rc].broadcast);
>> resv[output->rc].mask = ~__builtin_bswap32((unsigned
>> int)addr_count-1);
>> output->rc++;
>> }
>> }
>> rewind(dump);
>> while(fgets(buffer, 1024, dump)) {
>> if(strstr(buffer, "ZZ") && strstr(buffer, "available") &&
>> strstr(buffer, "ipv4")) {
>> output->ac++;
>> }
>> }
>> output->available = calloc(output->ac, sizeof(struct routes));
>> if(!output->available)
>> return -1;
>> struct routes *avail = output->available;
>> rewind(dump);
>> while(fgets(buffer, 1024, dump)) {
>> if(strstr(buffer, "ZZ") && strstr(buffer, "available") &&
>> strstr(buffer, "ipv4")) {
>> delim = strtok(buffer, "|");
>> for(int i = 0; i < 3; i++)
>> delim = strtok(NULL, "|");
>> inet_pton(AF_INET, delim, &avail[output->ac].network);
>> avail[output->ac].network =
>> __builtin_bswap32(avail[output->ac].network);
>> delim = strtok(NULL, "|");
>> unsigned int addr_count = atoi(delim);
>> output->total_avail += addr_count;
>> avail[output->ac].broadcast =
>> avail[output->ac].network+(addr_count-1);
>> avail[output->ac].mask = ~__builtin_bswap32((unsigned
>> int)addr_count-1);
>> output->ac++;
>> }
>> }
>> fclose(dump);
>> return 0;
>> }
>>
>> int parse_dfz(char *dfz_dump, struct audit *output) {
>> FILE *dump = fopen(dfz_dump, "r");
>> char buffer[1024] = {0};
>> int rc = 0, mult = 0, cidr = 0;
>> char *delim;
>> if(!dump) {
>> return -1;
>> }
>> while(fgets(buffer, 1024, dump)) {
>> if(buffer[0] >= '1' && buffer[0] <= '9' && strtok(buffer, "/") &&
>> strchr(buffer, '.')) {
>> rc++;
>> }
>> }
>> output->dfz = calloc(rc, sizeof(struct routes));
>> output->dfz_count = rc;
>> if(!output->dfz) {
>> return -1;
>> }
>> rewind(dump);
>> rc = 0;
>> while(fgets(buffer, 1024, dump)) {
>> if(buffer[0] >= '1' && buffer[0] <= '9') {
>> cidr = 0;
>> delim = strtok(buffer, "/");
>> delim = strtok(NULL, "/");
>> if(!delim) {
>> memset(buffer, 0, 1024);
>> continue;
>> }
>> mult = 1;
>> for(int i = 0; i < 3; i++) {
>> if(delim[i] >= '0' && delim[i] <= '9') {
>> cidr = cidr * mult+(9-('9'-delim[i]));
>> mult*=10;
>> }
>> }
>> delim = strchr(buffer, '.');
>> if(!delim) {
>> memset(buffer, 0, 1024);
>> continue;
>> }
>> output->dfz[rc].cidr = cidr;
>> inet_pton(AF_INET, buffer, &output->dfz[rc].network);
>> output->dfz[rc].cidr = cidr;
>> output->dfz[rc].network = __builtin_bswap32((unsigned
>> int)output->dfz[rc].network);
>> output->dfz[rc].mask = (~(unsigned int)0) << (32-cidr);
>> output->dfz[rc].broadcast = output->dfz[rc].network +
>> ((~(unsigned int)0) >> cidr);
>> output->dfz[rc].network = __builtin_bswap32((unsigned
>> int)output->dfz[rc].network);
>> output->dfz[rc].broadcast = __builtin_bswap32((unsigned
>> int)output->dfz[rc].broadcast);
>> rc++;
>> memset(buffer, 0, 1024);
>> }
>> }
>> fclose(dump);
>> return 0;
>> }
>>
>> int audit_reserved(struct audit *data) {
>> int hijack_count = 0;
>> for(int i = 0; i < data->dfz_count; i++) {
>> unsigned int dfz_net = __builtin_bswap32((unsigned
>> int)data->dfz[i].network);
>> unsigned int dfz_bcast = __builtin_bswap32((unsigned
>> int)data->dfz[i].broadcast);
>> for(int r = 0; r < data->rc; r++) {
>> unsigned int resv_net = __builtin_bswap32((unsigned
>> int)data->reserved[r].network);
>> unsigned int resv_bcast = __builtin_bswap32((unsigned
>> int)data->reserved[r].broadcast);
>> if(dfz_net >= resv_net && dfz_net <= resv_bcast) {
>> hijack_count += ((dfz_bcast-dfz_net)+1);
>> char dfz_route[INET_ADDRSTRLEN] = {0};
>> char resv_network[INET_ADDRSTRLEN] = {0};
>> char resv_broadcast[INET_ADDRSTRLEN] = {0};
>> inet_ntop(AF_INET, &data->dfz[i].network, dfz_route,
>> INET_ADDRSTRLEN);
>> inet_ntop(AF_INET, &data->reserved[r].network,
>> resv_network, INET_ADDRSTRLEN);
>> inet_ntop(AF_INET, &data->reserved[r].broadcast,
>> resv_broadcast, INET_ADDRSTRLEN);
>> printf("%s/%d fell between reserved range %s -> %s
>> [Adding %d addresses to potential hijack]\n",
>> dfz_route, data->dfz[i].cidr, resv_network,
>> resv_broadcast, (dfz_bcast-dfz_net)+1);
>> }
>> }
>> for(int a = 0; a < data->ac; a++) {
>> unsigned int avail_net = __builtin_bswap32((unsigned
>> int)data->available[a].network);
>> unsigned int avail_bcast = __builtin_bswap32((unsigned
>> int)data->available[a].broadcast);
>> if(dfz_net >= data->available[a].network && dfz_net <=
>> data->available[a].broadcast) {
>> hijack_count +=
>> ((data->available[a].broadcast-data->available[a].network)+1);
>> char dfz_route[INET_ADDRSTRLEN] = {0};
>> char avail_network[INET_ADDRSTRLEN] = {0};
>> char avail_broadcast[INET_ADDRSTRLEN] = {0};
>> inet_ntop(AF_INET, &data->dfz[i].network, dfz_route,
>> INET_ADDRSTRLEN);
>> inet_ntop(AF_INET, &avail_net, avail_network,
>> INET_ADDRSTRLEN);
>> inet_ntop(AF_INET, &avail_bcast, avail_broadcast,
>> INET_ADDRSTRLEN);
>> printf("%s/%d fell between available range %s -> %s\n",
>> dfz_route, data->dfz[i].cidr, avail_network, avail_broadcast);
>> }
>> }
>> }
>> printf("Found %d potentially hijacked addresses\n", hijack_count);
>> return 0;
>> }
>>
>> int main(int argc, const char * argv[]) {
>> struct audit data = {0};
>> if(parse_dfz(BGP_DUMP, &data))
>> return EXIT_FAILURE;
>> if(parse_afrinic_extended(AFRINIC_EXT, &data))
>> return EXIT_FAILURE;
>> printf("Found %d total available addresses and %d total reserved
>> addresses\n", data.total_avail, data.total_resv);
>> audit_reserved(&data);
>> return EXIT_SUCCESS;
>> }
>> _______________________________________________
>> RPD mailing list
>> RPD at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/rpd
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20251015/a1ded45b/attachment-0001.html>
More information about the RPD
mailing list