Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13155] Authentication Header appears in the IP header when parsing an IPv6 TCP

Wireshark-bugs: [Wireshark-bugs] [Bug 13155] Authentication Header appears in the IP header when

Date: Fri, 18 Nov 2016 19:57:07 +0000

Comment # 2 on bug 13155 from João Valverde

(In reply to Bogdan from comment #0)
> Created attachment 15075 [details]
> IPv4 and IPv6 TCP streams with Authentication Header and IP compression
> 
> Build Information:
> Version 2.2.2 (v2.2.2-0-g775fb08)
> 
> Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
> License GPLv2+: GNU GPL version 2 or later
> <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> Compiled (64-bit) with Qt 5.6.1, with WinPcap (4_1_3), with GLib 2.42.0, with
> zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
> 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
> with AirPcap.
> 
> Running on 64-bit Windows Server 2012R2, build 9600, with locale
> English_United
> States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
> based
> on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
> Gcrypt 1.6.2, without AirPcap.
> --
> I've attached two traffic captures (AH-IPcomp-IPv4.pcap and
> AH-IPcomp-IPv6.pcap).
> First capture contains:
> - 1 IPv4 TCP stream that is protected with Authentication Header protocol
> and uses IP compression.
> Second capture contains:
> - 1 IPv6 TCP stream that is protected with Authentication Header protocol
> and uses IP compression.
> 
> On IPv4 case(click on GET packet), the Authentication Header is visible
> between IP header and IP Payload Compression.
> 
> On IPv6 case(click on GET packet), the Authentication Header appears in IP
> header which is not correct. It should be between IP header and IP Payload
> Compression.

I agree with that but it's been like this forever. Extension headers are
displayed under the IPv6 protocol tree. It's not really "incorrect" (although I
don't like it) so I added a preference for this on commit
e6a2f17237ab0cb20073c799f865abdfc04a654d.

IPv6 prefereces -> Display IPv6 extension headers under the root protocol tree

I should make that the default behaviour some time.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 13155] New: Authentication Header appears in the IP header when parsing an IPv6 TCP Stream
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 13154] dpkg-checkbuilddeps requests libgnutls-dev which does not exist anymore on Ubuntu yakkety repository
Next by Date: [Wireshark-bugs] [Bug 13071] Buildbot crash output: fuzz-2016-10-29-17840.pcap
Previous by thread: [Wireshark-bugs] [Bug 13155] Authentication Header appears in the IP header when parsing an IPv6 TCP Stream
Next by thread: [Wireshark-bugs] [Bug 13155] Authentication Header appears in the IP header when parsing an IPv6 TCP Stream
Index(es):
- Date
- Thread