Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11418] New: Wireshark fails to notice short IPv6 packet

Wireshark-bugs: [Wireshark-bugs] [Bug 11418] New: Wireshark fails to notice short IPv6 packet

Date: Wed, 05 Aug 2015 07:18:35 +0000

Bug ID	11418
Summary	Wireshark fails to notice short IPv6 packet
Product	Wireshark
Version	1.12.1
Hardware	x86
OS	Ubuntu
Status	UNCONFIRMED
Severity	Trivial
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	onedo@gmx.net

Build Information:
Version 1.12.1 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.13.1, with Pango 1.36.6, with
GLib 2.42.0, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python,
with GnuTLS 3.2.16, with Gcrypt 1.5.4, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Feb 25 2014 21:09:53), without AirPcap.

Running on Linux 3.16.0-44-generic, with locale en_US.UTF-8, with libpcap
version 1.6.2, with libz 1.2.8, GnuTLS 3.2.16, Gcrypt 1.5.4.
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz

Built using gcc 4.9.1.

--
I 'hand craft' packets, and just added IPv6 support to my tool. So this is
about a TCP/IPv6 packet.

IPv6 doesn't have a checksum, but TCP does, and to calculate it, the IP header
needs to be inspected. Due to a misunderstanding, I originally had the IPv6
payload length field too big, so it was actually payload length + IPv6 header
length. The TCP checksum was then 'correctly' calculated, based on the
erroneous IPv6 header, and Wireshark showed the TCP checksum as correct.

Shouldn't Wireshark notice when an IPv6 packet says 'payload length is X', but
it's actually 'Y'?

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two packages if offset is 0
Next by Date: [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
Previous by thread: [Wireshark-bugs] [Bug 11417] SOCKS decoder giving strange values for seemingly normal SOCKS connection, parser bug?
Next by thread: [Wireshark-bugs] [Bug 11418] Wireshark fails to detect IPv6 invalid payload length
Index(es):
- Date
- Thread