Wireshark-bugs: [Wireshark-bugs] [Bug 2458] New: Unknown PPPoE TAGs which are present in a PPPoE
Date: Mon, 14 Apr 2008 01:26:00 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2458

           Summary: Unknown PPPoE TAGs which are present in a PPPoE
                    discovery packet are not displayed under "PPPoE Tags"
                    subtree/section
           Product: Wireshark
           Version: 0.99.8
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: Jewgenij.Bytschkow@xxxxxxxxxxxxx


Created an attachment (id=1688)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1688)
capture file PPPoE discovery packets of two different sessions

Build Information:
Version 0.99.8 (SVN Rev 24492)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 7.0, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio V19-devel,
with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

--
The following Bug description is referenced to the submitted capture file
unknown_pppoe_tags.pcap with PPPoE discovery packets of two different sessions.

The used legend:
----------------
<!> - an unknown PPPoE TAG is present in packet but NOT displayed under "PPPoE
Tags" subtree/section (a Wireshark presentation bug; PADI/PADO);

<+> - an unknown PPPoE TAG is present in packet and is correctly displayed by
Wireshark under "PPPoE Tags" subtree/section (o.k.; PADR/PADS)

PPPoE Discovery Phase (session #1):
-----------------------------------
Frame #1 (PADI):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
!   TAG2: TAG_TYPE=0x0100 (unknown); TAG_LENGTH=0x0000; TAG_VALUE=<none>       
-NOT displayed under "PPPoE Tags" section (Wireshark ERROR!)

Frame #2 (PADO):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
!   TAG2: TAG_TYPE=0x0100 (unknown); TAG_LENGTH=0x0000; TAG_VALUE=<none>       
-the TAG is NOT displayed under "PPPoE Tags" section (Wireshark ERROR!)
    TAG3: TAG_TYPE=0x0102 (AC-Name); TAG_LENGTH=0x0008;
TAG_VALUE=0x4441445643303031  -the TAG is displayed under "PPPoE Tags" section
(o.k.)
    TAG4: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)

Frame #3 (PADR):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
+   TAG2: TAG_TYPE=0x0100 (unknown); TAG_LENGTH=0x0004; TAG_VALUE=0x54657374   
-the TAG is displayed under "PPPoE Tags" section (o.k.)
    TAG3: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)

Frame #4 (PADS):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
+   TAG2: TAG_TYPE=0x0100 (unknown); TAG_LENGTH=0x0004; TAG_VALUE=0x54657374   
-the TAG is displayed under "PPPoE Tags" section (o.k.)
    TAG3: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)
    PADDING: 0x00000000

PPPoE Discovery Phase (session #2):
-----------------------------------
Frame #6 (PADI):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
!   TAG2: TAG_TYPE=0x0106 (unknown); TAG_LENGTH=0x0000; TAG_VALUE=<none>       
-the TAG is NOT displayed under "PPPoE Tags" section (Wireshark ERROR!)

Frame #7 (PADO):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
!   TAG2: TAG_TYPE=0x0106 (unknown); TAG_LENGTH=0x0000; TAG_VALUE=<none>       
-the TAG is NOT displayed under "PPPoE Tags" section (Wireshark ERROR!)
    TAG3: TAG_TYPE=0x0102 (AC-Name); TAG_LENGTH=0x0008;
TAG_VALUE=0x4441445643303031  -the TAG is displayed under "PPPoE Tags" section
(o.k.)
    TAG4: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)

Frame #8 (PADR):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
+   TAG2: TAG_TYPE=0x0106 (unknown); TAG_LENGTH=0x0004; TAG_VALUE=0x54657374   
-the TAG is displayed under "PPPoE Tags" section (o.k.)
    TAG3: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)

Frame #9 (PADS):
    TAG1: TAG_TYPE=0x0101 (Service-Name); TAG_LENGTH=0x0000; TAG_VALUE=<none>  
-the TAG is displayed under "PPPoE Tags" section (o.k.)
+   TAG2: TAG_TYPE=0x0106 (unknown); TAG_LENGTH=0x0004; TAG_VALUE=0x54657374   
-the TAG is displayed under "PPPoE Tags" section (o.k.)
    TAG3: TAG_TYPE=0x0104 (AC-Cookie); TAG_LENGTH=0x0010;
TAG_VALUE=0x6FE2390A...FBB8   -the TAG is displayed under "PPPoE Tags" section
(o.k.)
    PADDING: 0x00000000

Bug description:
----------------
Wireshark makes a presentation error, when he omits unknown PPPoE TAGs (with
unknown TAG_TYPE) and does NOT display them in the TAGs list under "PPPoE Tags"
subtree/section. This behaviour can be seen in the submitted trace sample in
PADI/PADO packets (an unknown TAG is the last TAG in the list), but not in
PADR/PADS packets (an unknown TAG stands in the middle of the TAGs list). This
presentation error of Wireshark/TShark is stable and was tested with different
unknown TAG_TYPE values in many sessions.

Though the same(!) correctly composed, unknown TAG was present in all discovery
packets (PADI/PADO/PADR/PADS; Frames 1-4 or 6-9), the Bug could not be seen in
presentation of PADR/PADS. This is not yet an argument PADR/PADS are not
affected at all. Investigating the bug case it should be checked, why is the
same unknown TAG displayed by Wireshark properly in PADR/PADS, but omitted
completely (under "PPPoE Tags" subtree) in PADI/PADO. It should be checked as
well, whether the bug takes place dependent on number of unknown TAGs in a
PPPoE discovery packet (single unknown TAG, several unknown TAGs in the
packet), the TAG_LENGTH (null, not null), or the place of the unknown TAG(s) in
the list (the first in the list, the last in the list, or in the middle of the
list).

The submitted sample of PPPoE discovery packets and the Ethernet frames
respectivly are completely correct (not malformed), i.e. the frames/packets
have correct encapsulations, headers and lengths. An "unknown" TAG or any
number of unknown TAGs, which are present in a PPPoE discovery packet and have
a correct format, SHOULD NOT be considered by Wireshark as "illegal". Unknown
TAGs (TAG_TYPEs as hex values) SHOULD NOT be omitted in the PPPoE TAGs list in
the packet's view. If a PPPoE discovery packet is not malformed, all(!) unknown
PPPoE TAGs available in the packet SHOULD be displayed by Wireshark/TShark
under "PPPoE TAGs" subtree/section - likewise we view them currently in
PADR/PADS in the provided trace sample. For example:

PPPoE Tags
    Service-Name: 
    Tag: Unknown (0x0100)   <-- unknown TAG_TYPE (representation is OK)
    Unknown Data: Test      <-- unknown TAG_VALUE (representation is OK)
    AC-Cookie: 6FE2390A2E3A2B87B8A430B8930CFBB8


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.