Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8835] New: Incorrect decoding of MPLS Echo Request with BGP FEC

Wireshark-bugs: [Wireshark-bugs] [Bug 8835] New: Incorrect decoding of MPLS Echo Request with BG

Date: Sat, 22 Jun 2013 20:52:44 +0000

Bug ID	8835
Summary	Incorrect decoding of MPLS Echo Request with BGP FEC
Classification	Unclassified
Product	Wireshark
Version	1.8.2
Hardware	x86
OS	Mac OS X 10.7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Wireshark
Assignee	bugzilla-admin@wireshark.org
Reporter	kszarkowicz@gmail.com

Created attachment 11045 [details]
CAP file of MPLS Echo Request with BGP FEC

Build Information:
Version 1.8.2 (SVN Rev 44520 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with Cairo 1.8.6, with Pango 1.30.0, with
GLib 2.32.3, with libpcap, with libz 1.2.3, without POSIX capabilities, with
SMI
0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS
2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Aug 12 2012 22:27:54), with AirPcap.

Running on Mac OS 10.7.5 (Darwin 11.4.2), with locale .UTF-8, with libpcap
version 1.1.1, with libz 1.2.5, GnuTLS 2.12.19, Gcrypt 1.5.0, without AirPcap.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
MPLS Echo Request with BGP FEC is decoded as follows by Agilent tester:


------------  ETHER Header  ------------
ETHER: Destination: 0:3:fa:38:5f:16
ETHER: Source: 0:5:85:6a:6d:f4
ETHER: Protocol: IP
ETHER: FCS = 0xEE02DEA0 (Verified 0xEE02DEA0)

------------  IP Header  ------------
IP: Version = 4
IP: Header length = 6
IP: Type of service = 0
IP:     000. .... Precedence = Routine (0)
IP:     ...0 .... Delay = Normal (0)
IP:     .... 0... Throughput = Normal (0)
IP:     .... .0.. Reliability = Normal (0)
IP:     .... ..00 Explicit Congestion Notification = Not-ECT (Not ECN-Capable
Transport) (0)
IP: Packet length = 80
IP: Id = bb39
IP: Fragmentation Info = 0x0000
IP:     .0.. ....  .... .... Don't Fragment Bit = FALSE
IP:     ..0. ....  .... .... More Fragments Bit = FALSE
IP:     ...0 0000  0000 0000 Fragment offset = 0
IP: Time to live = 1
IP: Protocol = UDP (17)
IP: Header checksum = 0x3E51 (Verified 0x3E51)
IP: Source address = 172.12.0.1
IP: Destination address = 127.0.0.1
IP: Option type = Router Alert (148)
IP:   Option length = 4
IP:   Value = 0 (Router shall examine packet)

------------  UDP Header  ------------
UDP: Source port = 58272
UDP: Destination port = lsp-ping (3503)
UDP: Length = 56
UDP: Checksum = 0x611B (Verified 0x611B)

------------  LSP_PING Header  ------------
LSP_PING: Version = 1
LSP_PING: Global Flags = 0x0001
LSP_PING:     0000 0000  0000 000. MBZ (Must be zero)
LSP_PING:     .... ....  .... ...1 V (Validate FEC Stack)
LSP_PING: Message Type = 1 (MPLS echo request)
LSP_PING: Reply Mode = 2 (Reply via an IPv4/IPv6 UDP packet)
LSP_PING: Return Code = 0 (No return code)
LSP_PING: Return Subcode = 0
LSP_PING: Sender's Handle = 2813723620
LSP_PING: Sequence Number = 137
LSP_PING: Timestamp Sent (s) = 3579871342
LSP_PING: Timestamp Sent (ms) = 217054
LSP_PING: Timestamp Received (s) = 0
LSP_PING: Timestamp Received (ms) = 0
LSP_PING: TLVs...
LSP_PING:     Type = 1 (Target FEC Stack)
LSP_PING:     Length (bytes) = 12
LSP_PING:     Values (12 bytes)
LSP_PING:         Sub-type = 12 (BGP labeled IPv4 prefix)
LSP_PING:         Sub-length = 5
LSP_PING:             IPv4 Prefix = 172.12.99.1   ================> Wireshark
says here 'BGP Next Hop', which is incorrect
LSP_PING:             Prefix length = 32          ================> Wireshark
says here 'IPv4 Prefix', which is incorrect
LSP_PING:             Padding = 0x000000          ================> Wireshark
says here 'IPv4 Prefix', which is incorrect


Based on RFC 4379, Section 3.2.11:


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                          IPv4 Prefix                          |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Prefix Length |                 Must Be Zero                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Agilent tester is correct, and Wireshark incorrect:

* octets 0070-0073 are 'IPv4 Prefix', not 'BGP Next Hop
* octet 0074 is 'Prefix length', and not part of 'IPv4 Prefix" mentioned by
Wireshark
* octets 0075-0077 are '00' Padding, and not part of 'IPv4 Prefix" mentioned by
Wireshark

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 8835] Incorrect decoding of MPLS Echo Request with BGP FEC
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8835] Incorrect decoding of MPLS Echo Request with BGP FEC
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8835] Incorrect decoding of MPLS Echo Request with BGP FEC
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8326] A dissector for Sippy RTPproxy controlling protocol
Next by Date: [Wireshark-bugs] [Bug 8834] Buildbot crash output: fuzz-2013-06-22-6116.pcap
Previous by thread: [Wireshark-bugs] [Bug 8326] A dissector for Sippy RTPproxy controlling protocol
Next by thread: [Wireshark-bugs] [Bug 8835] Incorrect decoding of MPLS Echo Request with BGP FEC
Index(es):
- Date
- Thread