Wireshark-bugs: [Wireshark-bugs] [Bug 4628] New: l2tpv3: disector does not track per-session par

Date: Tue, 30 Mar 2010 03:39:08 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4628

           Summary: l2tpv3: disector does not track per-session parsing
                    options
           Product: Wireshark
           Version: 1.2.6
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: katalix@xxxxxxxxx


Created an attachment (id=4464)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4464)
l2tpv3 packet captures

Build Information:
wireshark 1.2.6

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.7, with GLib 2.22.4, with libpcap 1.0.0, with libz
1.2.3.4, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 25 2007), without
AirPcap.

Running on Linux 2.6.34-rc1, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt
1.4.4.

Built using gcc 4.4.3.

--
The current code assumes certain attributes of each session are fixed, namely
cookie_length = 4
offset = 0
packet data = Cisco HDLC

These settings are negotiated with the peer during each session setup ICRQ/ICRP
exchange. When parsing packets, the receiver derives these values for each
packet by looking up per-session state using the session-id in the packet.
There are no fields in L2TPv3 data packets that tell whether these optional
fields are present - the receiver is supposed to derive that from the received
packet's session-id. The disector is incorrectly parsing L2TPv3 PPP and
ethernet pseudowires.

The attached packet captures illustrate the problem. The captures are of an
L2TPv3 loopback PPP pseudowire setup. One shows what happens when no cookie is
present (wireshark assumes the cookie length is always 4). Another capture
shows the result when a cookie length of 4 is configured in the session setup.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.