Wireshark-bugs: [Wireshark-bugs] [Bug 3179] New: Improper decoding of MPLS echo reply IPv4 Inter
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3179
Summary: Improper decoding of MPLS echo reply IPv4 Interface and
Label Stack Object
Product: Wireshark
Version: 1.0.3
Platform: Other
OS/Version: Fedora
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: keithvz@xxxxxxxxxxx
Created an attachment (id=2654)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2654)
full packet showing the problem
Build Information:
wireshark 1.0.3
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.4, with GLib 2.12.3, with libpcap 0.9.4, with libz
1.2.3, without POSIX capabilities, with libpcre 6.6, with SMI 0.4.5, without
ADNS, without Lua, with GnuTLS 1.4.1, with Gcrypt 1.2.3, with MIT Kerberos,
without PortAudio, without AirPcap.
Running on Linux 2.6.23.9-1, with libpcap version 0.9.4.
Built using gcc 4.1.2 20071124 (Red Hat 4.1.2-42).
--
When an MPLS echo reply contains a IPv4 Interface and Label Stack object,
Wireshark is improperly decoding that object.
IPv4 Interface and Label Stack Object
Type: IPv4 Interface and Label Stack Object (7)
Length: 16
Downstream IPv4 Address: 2.0.0.0 (2.0.0.0)
Downstream Interface Address: 192.168.155.111 (192.168.155.111)
0040 ad 00 00 02 37 dc 49 63 ad 00 00 03 13 a4 00 07 ....7.Ic........
0050 00 10 02 00 00 00 c0 a8 9b 6f 00 00 00 1e 00 01 .........o......
0060 86 b0 ..
Decode starts properly at byte 4F, with a type of 7, this is correct.
Next, decode the length, 0x10 = 16 bytes. Good, length is good.
The next field _should_ be ADDRESS TYPE(1 byte), and a MBZ field (3 bytes of
0x00), then IP address and an interface index(when no IP is available)
See section 3.6 of RFC 4379 (http://tools.ietf.org/html/rfc4379)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Type | Must Be Zero |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP Address (4 or 16 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Interface (4 or 16 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. .
. Label Stack .
. .
. .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0050 00 10 02 00 00 00 c0 a8 9b 6f 00 00 00 1e 00 01 .........o......
0060 86 b0
So at offset 0x52, 2 should be the ADDRESS TYPE
offset 0x53-0x55, should be the MBZ field, 000.
Next IP address should be c0 a8 9b 6f = 192.168.155.111.
offset 0x5A-5D is an interface index of 0x0000001E.
The last four bytes are properly being decoded as a Label Stack Element
(however, there should only be one in this packet instead of the shown two, see
attachment) :
Label Stack Element 2, Label: 24, Exp: 3, BOS: 0, TTL: 176
Label: 24
Exp: 3
BOS: 0
TTL: 176
I hope this helps!
Thanks
Keith
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.