Wireshark-bugs: [Wireshark-bugs] [Bug 3965] New: Support for mDNS with ip.ttl=255 and LLMNR ip.t
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3965
Summary: Support for mDNS with ip.ttl=255 and LLMNR ip.ttl > 0,
not to show invalid TTL
Product: Wireshark
Version: 1.2.1
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: ivan_jr@xxxxxxxxx
Ivan Sy <ivan_jr@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3588| |review_for_checkin?
Flag| |
Created an attachment (id=3588)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3588)
mdns-ttl255-and-llmnr-ttl-any.patch
Build Information:
Version 1.3.0-SVN-29532
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.5, with GLib 2.20.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.1, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Aug 28
2009), with AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Support for mDNS with ip.ttl=255 and LLMNR ip.ttl > 0, not to show invalid TTL
- mDNS SHOULD be sent with TTL set to 255
- LLMNR - May be set to any value
- revised comment.
this report is in relation to bug#3814
please see attached update to
local_network_control_block_addr_valid_ttl
---
sec 4 http://tools.ietf.org/html/draft-cheshire-dnsext-multicastdns-07
All Multicast DNS responses (including responses sent via unicast)
SHOULD be sent with IP TTL set to 255. This is recommended to provide
backwards-compatibility with older Multicast DNS clients that check
the IP TTL on reception to determine whether the packet originated
on the local link. These older clients discard all packets with TTLs
other than 255.
A host sending Multicast DNS queries to a link-local destination
address (including the 224.0.0.251 link-local multicast address)
MUST only accept responses to that query that originate from the
local link, and silently discard any other response packets. Without
this check, it could be possible for remote rogue hosts to send
spoof answer packets (perhaps unicast to the victim host) which the
receiving machine could misinterpret as having originated on the
local link.
...
sec 8 http://tools.ietf.org/html/draft-cheshire-dnsext-multicastdns-07
Multicast DNS
Responses MUST be sent to UDP port 5353 (the well-known port assigned
to mDNS) on the 224.0.0.251 multicast address (or its IPv6 equivalent
FF02::FB).
---
sec 2 RFC 4795
LLMNR queries are sent to and received on port 5355. The IPv4 link-
scope multicast address a given responder listens to, and to which a
sender sends queries, is 224.0.0.252.
sec 2.5 RFC 4795
For UDP queries and responses, the Hop Limit field in the IPv6 header
and the TTL field in the IPV4 header MAY be set to any value.
However, it is RECOMMENDED that the value 255 be used for
compatibility with early implementations of [RFC3927].
see Appendix A.3 of RFC 3927 as well..
...
http://www.iana.org/assignments/multicast-addresses/
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.