Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3328] New: CFLOW decoding is wrong for IPv6 fields

Wireshark-bugs: [Wireshark-bugs] [Bug 3328] New: CFLOW decoding is wrong for IPv6 fields

Date: Thu, 12 Mar 2009 00:45:35 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3328

           Summary: CFLOW decoding is wrong for IPv6 fields
           Product: Wireshark
           Version: 1.0.6
          Platform: All
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: vrpatil@xxxxxxxxxxx
                CC: gerald@xxxxxxxxxxxxx


Build Information:
wireshark-1.0.6

--
Hello,

I use wireshark(on OSX) to decode cflow records, for IPv6 found that the
protocol decoder is choosing wrong type value for some fields. See RFC 3594 for
details.


The code seems to be doing wrong for IPv6 NH and BGP_V6_NH, from RFC we see
that type value for IPv6 next hop is 62 not 15 and BGP IPv6 next hop is 63 not
62!.


IPV6_NEXT_HOP                62   16    IPv6 address of the

                                           next-hop router



BGP_IPV6_NEXT_HOP            63   16    Next-hop router in the BGP

                                           domain



case 15: /* nexthop IP */
                        if (length == 4) {
                                proto_tree_add_item(pdutree, hf_cflow_nexthop,
                                    tvb, offset, length, FALSE);
                        } else if (length == 16) {
                                proto_tree_add_item(pdutree,
hf_cflow_nexthop_v6,
                                    tvb, offset, length, FALSE);
                        } else {
                                proto_tree_add_text(pdutree,
                                    tvb, offset, length,
                                    "NextHop: length %u", length);
                        }
                        break;


....


 case 62: /* IPv6 BGP nexthop  */
                        proto_tree_add_item(pdutree, hf_cflow_bgpnexthop_v6,
                            tvb, offset, length, FALSE);
                        break;


The code probably shall look like



case 15: /* nexthop IP */
                        if (length == 4) {
                                proto_tree_add_item(pdutree, hf_cflow_nexthop,
                                    tvb, offset, length, FALSE);
                        } else {
                                proto_tree_add_text(pdutree,
                                    tvb, offset, length,
                                    "NextHop: length %u", length);
                        }
                        break;

case 62: /* IPv6 nexthop IP */
                        if (length == 16) {
                                proto_tree_add_item(pdutree,
hf_cflow_nexthop_v6
                                    ,tvb, offset, length, FALSE);
                        } else {
                                proto_tree_add_text(pdutree,
                                    tvb, offset, length,
                                    "NextHop: length %u", length);
                        }
                        break;


case 63: /* IPv6 BGP nexthop  */
                        proto_tree_add_item(pdutree, hf_cflow_bgpnexthop_v6,
                            tvb, offset, length, FALSE);
                        break;


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Prev by Date: [Wireshark-bugs] [Bug 3270] freezes on start, uses 100% kernel cpu, cannot kill.
Next by Date: [Wireshark-bugs] [Bug 3329] New: Add support for X.500(2005) in PartialOutcomeQualifiers
Previous by thread: [Wireshark-bugs] [Bug 3163] MIBS error on launch 1.0.5
Next by thread: [Wireshark-bugs] [Bug 3329] New: Add support for X.500(2005) in PartialOutcomeQualifiers
Index(es):
- Date
- Thread