Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10991] New: ICMP Parameter Problem message contains Length of original datagra

Wireshark-bugs: [Wireshark-bugs] [Bug 10991] New: ICMP Parameter Problem message contains Length

Date: Sat, 21 Feb 2015 16:42:28 +0000

Bug ID	10991
Summary	ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
Product	Wireshark
Version	1.12.3
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13465 [details]
ICMP original datagram is shorter than the length

Build Information:
Version 1.12.3 (v1.12.3-0-gbb3e9a0 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jan  7 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net).

In the attached pcap file there's a single Parameter Problem ICMP packet.
The Length of original datagram is 14*4=56.
According to RFC 4884, the ICMP payload should contain "Internet Header +
leading octets of original datagram".
The Internet Header is the IPv4 header.
The leading octets of original datagram size should be 56 according to the
Length field.
However, Wireshark treats as if 56 is the total number of cotets in the IPv4 -
both Internet Header and original datagram.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10990] New: DNS data in IPv4 in ICMP isn't parsed as UDP
Next by Date: [Wireshark-bugs] [Bug 10992] New: ICMP Redirect takes 4 bytes for IPv4 payload instead of 8
Previous by thread: [Wireshark-bugs] [Bug 10990] DNS data in IPv4 in ICMP isn't parsed as UDP
Next by thread: [Wireshark-bugs] [Bug 10991] ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length
Index(es):
- Date
- Thread