Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10713] New: Wireshark relative ISN set incorrectly if raw ISN set to 0

Wireshark-bugs: [Wireshark-bugs] [Bug 10713] New: Wireshark relative ISN set incorrectly if raw

Date: Tue, 18 Nov 2014 17:02:18 +0000

Bug ID	10713
Summary	Wireshark relative ISN set incorrectly if raw ISN set to 0
Product	Wireshark
Version	1.99.x (Experimental)
Hardware	x86
OS	Ubuntu
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13272 [details]
Enable tcp_relative_seq and look at the seq number of the 2nd packet.

Build Information:
Version 1.99.1 (v1.99.1rc0-610-g3815b14 from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 4.8.6, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with libz 1.2.8, with GLib 2.42.0, without SMI, without c-ares,
without ADNS, with Lua 5.2, with GnuTLS 3.2.16, with Gcrypt 1.6.1, without
Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 3.16.0-24-generic, with locale fr_FR.UTF-8, with libpcap
version 1.6.2, with libz 1.2.8, with GnuTLS 3.2.16, with Gcrypt 1.6.1.
       Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (with SSE4.2)

Built using gcc 4.9.1.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I use wireshark to examinate some traces generated by a network
simulator (ns3 www.nsnam.org) which set the ISN to 0 (no randomization
yet).
As wireshark assumes base_seq == 0 to be an unitialized value, it
triggers some error as wireshark tries to set again and again the base
seq. Here is the output of a single 3WHS (custom printf), in peculiar
in the 4th line, which is the ACK of the 3WHS, wiresharks sets
base_seq =seq-1, ie 0-1 and it wraps the seq number (ugly).

Setting base seq to : 0
Setting base seq to : 0
Setting rev base seq to : 0
Setting base seq to : 4294967295
Setting rev base seq to : 0
Setting rev base seq to : 0
Setting base seq to : 0
Setting base seq to : 0
Setting rev base seq to : 0
Setting base seq to : 0
Setting rev base seq to : 0
Setting base seq to : 1

I understand it seems a corner case but I don't believe have an ISN
equal to 0 is forbidden by any TCP RFC in which case it qualifies as a bug.

I have a patch ready for this
Regards

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10713] Wireshark relative ISN set incorrectly if raw ISN set to
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10713] Wireshark relative ISN set incorrectly if raw ISN set to
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10713] Wireshark relative ISN set incorrectly if raw ISN set to
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10703] IPv6 Experimental mobility header data is interpreted as options
Next by Date: [Wireshark-bugs] [Bug 10712] Access network identifier option is not decoded for PMIPv6
Previous by thread: [Wireshark-bugs] [Bug 10712] Access network identifier option is not decoded for PMIPv6
Next by thread: [Wireshark-bugs] [Bug 10713] Wireshark relative ISN set incorrectly if raw ISN set to
Index(es):
- Date
- Thread