Wireshark-bugs: [Wireshark-bugs] [Bug 10387] New: ISIS dissector for TRILL Sub-TLVs contains wro

Date: Fri, 15 Aug 2014 13:04:34 +0000
Bug ID 10387
Summary ISIS dissector for TRILL Sub-TLVs contains wrong values
Product Wireshark
Version 1.12.0
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12986 [details]
TRILL ISIS packets capture

Build Information:
Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)
--
In file epan/dissectors/packet-isis-lsp.c

the following values are incorrect:

90 /* Sub-TLVs under Router Capability TLV
91    As per RFC 6326 section 2.3 */
92 #define TRILL_VERSION            12   - should be 13
93 #define NICKNAME                  6
94 #define TREES                     7
95 #define TREE_IDENTIFIER           8
96 #define TREES_USED_IDENTIFIER     9
97 #define INTERESTED_VLANS         10
98 #define VLAN_GROUP               13   - should be 14

Also RFC6326 was obsoleted by RFC7176 which defines TRILL_VERSION Sub_TLV
differently - now its length is 5 bytes instead of 1 according to old RFC.

So this part of code needs to be modified, probably to handle both variants of
TRILL_VERSION Sub_TLV

791         case TRILL_VERSION:
792             rt_tree = proto_tree_add_subtree(tree, tvb, offset
(rt_block&0x00ff)+2,
793                         ett_isis_lsp_clv_rt_capable_IPv4_prefx, NULL,
"TRILL version sub tlv");
794
795             length--;
796             offset++;
797
798             proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_length, tvb, offset, 1, ENC_NA);
799             proto_tree_add_item(rt_tree,
hf_isis_lsp_rt_capable_trill_maximum_version, tvb, offset+1, 1, ENC_NA);
800
801             length -= 2;
802             offset += 2;
803
804             break;

I'm attaching a pcap file with all ISIS packets seen by the TRILL switch - the
problem could be demonstrated on any LSP ....-00, which incorrectly shows VLAN
Group sub-TLV instead of TRILL Version sub-TLV and the following Tree sub-TLV
is reported as Invalid due to wrong parsing of previous sub-TLV.

The switch decodes the Version sub-TLV as follows:

 VERSION:     1                  CAPABILITIES FLAG: 64


You are receiving this mail because:
  • You are watching all bug changes.