Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10387] New: ISIS dissector for TRILL Sub-TLVs contains wrong values

Wireshark-bugs: [Wireshark-bugs] [Bug 10387] New: ISIS dissector for TRILL Sub-TLVs contains wro

Date: Fri, 15 Aug 2014 13:04:34 +0000

Bug ID	10387
Summary	ISIS dissector for TRILL Sub-TLVs contains wrong values
Product	Wireshark
Version	1.12.0
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	md@bts.sk

Created attachment 12986 [details]
TRILL ISIS packets capture

Build Information:
Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)
--
In file epan/dissectors/packet-isis-lsp.c

the following values are incorrect:

90 /* Sub-TLVs under Router Capability TLV
91    As per RFC 6326 section 2.3 */
92 #define TRILL_VERSION            12   - should be 13
93 #define NICKNAME                  6
94 #define TREES                     7
95 #define TREE_IDENTIFIER           8
96 #define TREES_USED_IDENTIFIER     9
97 #define INTERESTED_VLANS         10
98 #define VLAN_GROUP               13   - should be 14

Also RFC6326 was obsoleted by RFC7176 which defines TRILL_VERSION Sub_TLV
differently - now its length is 5 bytes instead of 1 according to old RFC.

So this part of code needs to be modified, probably to handle both variants of
TRILL_VERSION Sub_TLV

791         case TRILL_VERSION:
792             rt_tree = proto_tree_add_subtree(tree, tvb, offset
(rt_block&0x00ff)+2,
793                         ett_isis_lsp_clv_rt_capable_IPv4_prefx, NULL,
"TRILL version sub tlv");
794
795             length--;
796             offset++;
797
798             proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_length, tvb, offset, 1, ENC_NA);
799             proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_maximum_version, tvb, offset+1, 1, ENC_NA);
800
801             length -= 2;
802             offset += 2;
803
804             break;

I'm attaching a pcap file with all ISIS packets seen by the TRILL switch - the
problem could be demonstrated on any LSP ....-00, which incorrectly shows VLAN
Group sub-TLV instead of TRILL Version sub-TLV and the following Tree sub-TLV
is reported as Invalid due to wrong parsing of previous sub-TLV.

The switch decodes the Version sub-TLV as follows:

 VERSION:     1                  CAPABILITIES FLAG: 64

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10387] ISIS dissector for TRILL Sub-TLVs contains wrong values
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10387] ISIS dissector for TRILL Sub-TLVs contains wrong values
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10387] ISIS dissector for TRILL Sub-TLVs contains wrong values
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10382] TRILL NLPID 0xc0 unknown to wireshark
Next by Date: [Wireshark-bugs] [Bug 10379] Display filter ip.dst and and ip.src working like ip.addr
Previous by thread: [Wireshark-bugs] [Bug 10386] Buildbot crash output: fuzz-2014-08-14-24510.pcap
Next by thread: [Wireshark-bugs] [Bug 10387] ISIS dissector for TRILL Sub-TLVs contains wrong values
Index(es):
- Date
- Thread