Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11630] New: Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242

Wireshark-bugs: [Wireshark-bugs] [Bug 11630] New: Incorrect presentation of Ascend-Data-Filter (

Date: Fri, 23 Oct 2015 16:15:20 +0000

Bug ID	11630
Summary	Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
Product	Wireshark
Version	1.12.8
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Build Information:
Version 1.12.8 (v1.12.8-0-g5b6e543 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 14 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz, with 8065MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Presentation of IPv4 / IPv6 Ascend-Data-Filter (RADIUS attribute 242) in
Wireshark has two following problems:

1. Only IPv4 ADF filters are presented in a readable form, but no IPv6 ADF
filters which are de facto ADFv6 standard on Juniper MX, Juniper ERX,
Redback/Ericsson SmartEdge and many other routers. Valid IPv6 ADF rules (attr
242), if present in a RADIUS packet, are displayed in and printed by Wireshark
only in the following odd manner:

  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48
  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48
  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48
  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48
  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48
  AVP: l=50 t=Unknown-Attribute-242(242): Wrong attribute length 48

It could be a "wrong attribute length" if attr 242 is related to "classical"
IPv4 ADF filter, but it is not really a length failure for IPv6 ADF filter,
which IPv6 source and destination addresses are 16 bytes (instead of 4 bytes
for IPv4 source / destination addr).

2. IPv4 ADF filters (in readable standard Ascend-Data-Filter notation) which
are longer than 63 chars are not completely displayed in Wireshark, but
truncated after the 63rd character. It's a presentation issue of "classical"
(IPv4) Ascend-Data-Filter in Wireshark. For example (the strings are truncated
after 63rd char):

  AVP: l=26 t=Unknown-Attribute-242(242): ip in drop tcp srcip 234.51.85.186/32
dstip 117.81.59.220/32 ds
  AVP: l=26 t=Unknown-Attribute-242(242): ip in drop tcp srcip 234.51.85.186/32
dstip 10.180.0.2/32 dstpo

A correct presentation of these sample ADF rules should be like this:
  ip in drop dstip 117.81.59.220/32 srcip 234.51.85.186/32 tcp dstport != 80
  ip in drop dstip 10.180.0.2/32 srcip 234.51.85.186/32 tcp dstport = 22


A similar readable standard notation can and SHOULD be applied also for IPv6
ADF presentation (attr 242) in Wireshark. A following notation is recommended
as de facto industry standard for IPv6 Ascend-Data-Filter presentation (attr
242):

  ipv6 in drop dstip 4003:5:b00c:a000::d/128
  ipv6 in forward srcip 4003:6:d007:191b::/64
  ipv6 in drop

This bug could be related to the old (fixed) ticket:
Bug 2975 - Decode binary "Ascend-Data-Filter" vendor specific attribute in
packet-radius

An up-to-date specification for the Ascend-Data-Filter (attr 242) as
implemented for IPv4 / IPv6 RADIUS filter by Juniper, Redback/Ericsson et al,
can be found here:
http://www.juniper.net/documentation/en_US/junos12.1/topics/reference/general/ascend-data-filter-fields.html

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11624] Wireshark erroneously reports "TCP ACKed unseen segment"
Next by Date: [Wireshark-bugs] [Bug 11619] UI is unexpectedly German on Windows + Qt 5.5.1
Previous by thread: [Wireshark-bugs] [Bug 11629] TCP sequence analysis (expert info) does not work in 802.1ah frames
Next by thread: [Wireshark-bugs] [Bug 11630] Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242)
Index(es):
- Date
- Thread