Moved source port equal BCM_LI_PORT to bottom of long if else chain

Jonas Chianu · fxlb · commit 10f7dff0c64e · 2023-06-04T19:11:25.000Z
BCM_LI_SHIM (BCM_LI_PORT) value is set to 49152, therefore when the
source port is 49152, it does not matter what the true destination is,
it defaults to Broadcom. So tcpdump interprets any packet with source
UDP port of 49152 as BCM_LI_SHIM (Broadcom). Ports 49152+, by
definition are ephemeral ports so it's totally reasonable that, for
example, BFD is using that source port for their packets. To prevent,
for example, BFD packets from being wrongly identified as BCM_LI_SHIM
packets, the "else if" statement has been moved to bottom of long chain.

Add a test file.
diff --git a/print-udp.c b/print-udp.c
@@ -622,8 +622,6 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
 					(IP_V(ip) == 6) ? 1 : 0);
 		else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT))
 			lspping_print(ndo, cp, length);
-		else if (sport == BCM_LI_PORT)
-			bcm_li_print(ndo, cp, length);
 		else if (dport == BFD_CONTROL_PORT ||
 			 dport == BFD_MULTIHOP_PORT ||
 			 dport == BFD_LAG_PORT ||
@@ -675,6 +673,8 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
 		else if (IS_SRC_OR_DST_PORT(HTTPS_PORT) &&
 			 quic_detect(ndo, cp, length))
 			quic_print(ndo, cp, length);
+		else if (sport == BCM_LI_PORT)
+			bcm_li_print(ndo, cp, length);
 		else {
 			if (ulen > length && !fragmented)
 				ND_PRINT("UDP, bad length %u > %u",
diff --git a/tests/TESTLIST b/tests/TESTLIST
@@ -853,6 +853,8 @@ bfd-lag		bfd-lag.pcap		bfd-lag.out
 bfd-lag-v	bfd-lag.pcap		bfd-lag-v.out		-v
 bfd-sbfd	bfd-sbfd.pcap		bfd-sbfd.out
 bfd-sbfd-v	bfd-sbfd.pcap		bfd-sbfd-v.out		-v
+# BFD with source port 49152
+bfd_source_port_49152 bfd_source_port_49152.pcap bfd_source_port_49152.out -v
 
 # Arista Vendor Specific Tests
 arista-ether             arista_ether.pcap        arista_ether.out
diff --git a/tests/bfd_source_port_49152.out b/tests/bfd_source_port_49152.out
@@ -0,0 +1,8 @@
+    1  09:58:19.559328 IP (tos 0xe0, ttl 255, id 40257, offset 0, flags [DF], proto UDP (17), length 52)
+    11.11.11.2.49152 > 11.11.11.1.3784: BFDv1, length: 24
+	Control, State Up, Flags: [Control Plane Independent], Diagnostic: No Diagnostic (0x00)
+	Detection Timer Multiplier: 3 (300 ms Detection time), BFD Length: 24
+	My Discriminator: 0x80000001, Your Discriminator: 0x80000001
+	  Desired min Tx Interval:     100 ms
+	  Required min Rx Interval:    100 ms
+	  Required min Echo Interval:    0 ms
diff --git a/tests/bfd_source_port_49152.pcap b/tests/bfd_source_port_49152.pcap
