Bug ID |
10387
|
Summary |
ISIS dissector for TRILL Sub-TLVs contains wrong values
|
Product |
Wireshark
|
Version |
1.12.0
|
Hardware |
x86
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 12986 [details]
TRILL ISIS packets capture
Build Information:
Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)
--
In file epan/dissectors/packet-isis-lsp.c
the following values are incorrect:
90 /* Sub-TLVs under Router Capability TLV
91 As per RFC 6326 section 2.3 */
92 #define TRILL_VERSION 12 - should be 13
93 #define NICKNAME 6
94 #define TREES 7
95 #define TREE_IDENTIFIER 8
96 #define TREES_USED_IDENTIFIER 9
97 #define INTERESTED_VLANS 10
98 #define VLAN_GROUP 13 - should be 14
Also RFC6326 was obsoleted by RFC7176 which defines TRILL_VERSION Sub_TLV
differently - now its length is 5 bytes instead of 1 according to old RFC.
So this part of code needs to be modified, probably to handle both variants of
TRILL_VERSION Sub_TLV
791 case TRILL_VERSION:
792 rt_tree = proto_tree_add_subtree(tree, tvb, offset
(rt_block&0x00ff)+2,
793 ett_isis_lsp_clv_rt_capable_IPv4_prefx, NULL,
"TRILL version sub tlv");
794
795 length--;
796 offset++;
797
798 proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_length, tvb, offset, 1, ENC_NA);
799 proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_maximum_version, tvb, offset+1, 1, ENC_NA);
800
801 length -= 2;
802 offset += 2;
803
804 break;
I'm attaching a pcap file with all ISIS packets seen by the TRILL switch - the
problem could be demonstrated on any LSP ....-00, which incorrectly shows VLAN
Group sub-TLV instead of TRILL Version sub-TLV and the following Tree sub-TLV
is reported as Invalid due to wrong parsing of previous sub-TLV.
The switch decodes the Version sub-TLV as follows:
VERSION: 1 CAPABILITIES FLAG: 64
You are receiving this mail because:
- You are watching all bug changes.