Wireshark-bugs: [Wireshark-bugs] [Bug 4628] New: l2tpv3: disector does not track per-session par
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4628
Summary: l2tpv3: disector does not track per-session parsing
options
Product: Wireshark
Version: 1.2.6
Platform: Other
OS/Version: All
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: katalix@xxxxxxxxx
Created an attachment (id=4464)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4464)
l2tpv3 packet captures
Build Information:
wireshark 1.2.6
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.18.7, with GLib 2.22.4, with libpcap 1.0.0, with libz
1.2.3.4, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 25 2007), without
AirPcap.
Running on Linux 2.6.34-rc1, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt
1.4.4.
Built using gcc 4.4.3.
--
The current code assumes certain attributes of each session are fixed, namely
cookie_length = 4
offset = 0
packet data = Cisco HDLC
These settings are negotiated with the peer during each session setup ICRQ/ICRP
exchange. When parsing packets, the receiver derives these values for each
packet by looking up per-session state using the session-id in the packet.
There are no fields in L2TPv3 data packets that tell whether these optional
fields are present - the receiver is supposed to derive that from the received
packet's session-id. The disector is incorrectly parsing L2TPv3 PPP and
ethernet pseudowires.
The attached packet captures illustrate the problem. The captures are of an
L2TPv3 loopback PPP pseudowire setup. One shows what happens when no cookie is
present (wireshark assumes the cookie length is always 4). Another capture
shows the result when a cookie length of 4 is configured in the session setup.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.