https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4464
Summary: Incorrect treatment of PIM/IP packets with TTL=1.
Product: Wireshark
Version: SVN
Platform: All
URL: http://tools.ietf.org/html/rfc3973#section-4.7
OS/Version: All
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: christopher.maynard@xxxxxxxxx
Chris Maynard <christopher.maynard@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4269| |review_for_checkin?
Flag| |
Created an attachment (id=4269)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4269)
Fixes TTL coloring rule and TTL expert info for PIM traffic.
Build Information:
SVN 31781
--
According to RFC 3973, section 4.7:
All PIM-DM messages MUST be sent with a TTL of 1. All
PIM-DM messages except Graft and Graft Ack messages MUST be sent to
the ALL-PIM-ROUTERS group. Graft messages SHOULD be unicast to the
RPF'(S). Graft Ack messages MUST be unicast to the sender of the
Graft.
Reference: http://tools.ietf.org/html/rfc3973#section-4.7
The coloring rules were incorrectly being applied to the PIM Graft and Graft
Ack packets since the TTL was 1 and those are unicast packets; however, that is
the expected TTL, so there's no need to colorize those packets in red, as that
gives the impression that there's something wrong with the TTL.
Also, the IP dissector was incorrectly applying an expert info "Note" that the
"Time To Live is only 1". Since this is normal, expected behavior for these
types of packets, there's no need to note anything of relevance here. Instead,
that expert info note should be reserved for only those packets deserving of
it.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.