Wireshark-bugs: [Wireshark-bugs] [Bug 3814] New: VRRPv2 (RFC 3768) shows invalid TTL for dst32=2
Date: Thu, 6 Aug 2009 06:49:47 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3814

           Summary: VRRPv2 (RFC 3768) shows invalid TTL for dst32=224.0.0.18
                    and ttl=255
           Product: Wireshark
           Version: 1.2.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ivan_jr@xxxxxxxxx



Ivan Sy <ivan_jr@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3465|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3465)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3465)
VRRPv2 with TTL set to 255, removed FIXME

Build Information:
Version 1.3.0-SV-29308

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.1, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Aug  6
2009), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
VRRPv2 (RFC 3768) shows invalid TTL for dst32=224.0.0.18 and ttl=255


Notes:
- in dissectors/packet-ip.c there's a message "FIXME"

  /* If an IP is destined for an IP address in the Local Network Control Block
   * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
   * be expected to be 1.  (see RFC 3171)  Flag a TTL greater than 1.
   *
   * Flag a low TTL if the packet is not destined for a multicast address
   * (e.g. 224.0.0.0/4).
   *
   * FIXME: Add an exception list, as Some protocols seem to insist on
   *   doing differently:
   *   - IETF's VRRP (rfc3768) always uses 224.0.0.18 with 255
   *   - Cisco's GLPB always uses 224.0.0.102 with 255
   *   Even more, VRRP and GLBP should probably be flagged as an error, if
   *   seen with any TTL except 255.
   */

- from Virtual Router Redundancy Protocol (RFC 3768)
5.2.2.  Destination Address

   The IP multicast address as assigned by the IANA for VRRP is:

      224.0.0.18

   This is a link local scope multicast address.  Routers MUST NOT
   forward a datagram with this destination address regardless of its
   TTL.

5.2.3.  TTL

   The TTL MUST be set to 255.  A VRRP router receiving a packet with
   the TTL not equal to 255 MUST discard the packet.


Here's a patch and sample packet capture

Question: at first i thought that the frame is showing RED because it was
expecting a TTL of 1 coz it's a multicast... Now, the info is gone but still it
is colored RED.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.