Wireshark-bugs: [Wireshark-bugs] [Bug 10237] New: Wireshark does not correctly dissect RFC5515 A
Date: Fri, 27 Jun 2014 14:28:41 +0000
Bug ID 10237
Summary Wireshark does not correctly dissect RFC5515 AVPs
Classification Unclassified
Product Wireshark
Version 1.10.8
Hardware x86
OS Windows XP
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter Jewgenij.Bytschkow@t-systems.com

Created attachment 12854 [details]
An ICRQ sample packet for which Wireshark displays "Malformed Packet"

Build Information:
Version 1.10.8 (v1.10.8-2-g52a5244 from master-1.10)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Jun 12 2014), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM)2 Duo CPU     T7300  @ 2.00GHz, with 2046MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
In the attached pcap trace with an ICRQ L2TP packet, all the included AVPs are
absolutely correct. However, Wireshark does not display the two last AVPs
correctly.

In the attached ICRQ Packet (L2TP):
---
...
/* AVP Type 254: Access Line IWF-Session AVP (RFC 5515): */
    Vendor The Broadband Forum (previous was 'ADSL Forum') AVP Type 254
        0... .... .... .... = Mandatory: False
        .0.. .... .... .... = Hidden: False
        .... ..00 0000 1010 = Length: 10
        Type: 254
        Vendor-Specific AVP  <<< Here, the available attr value 0x00000001
should be placed instead! However, no attr value is shown!
/* AVP Type 98: Connect Speed Update Enable AVP (RFC 5515): */
[Malformed Packet: L2TP]  <<< Why "malformed"? That AVP (0x000600000062) is
also correct!
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]
---

The packet format, the lengths (values) in the UDP and L2TP headers, and all
the included AVPs are correct. The packet and the AVPs are NOT wrong or
malformed. All such ICRQ packets in L2TP traces cause "malformed packet" issue
in Wireshark.
That is a new dissection failure of Wireshark. The provided Wireshark error
message is: "Exception occurred".


You are receiving this mail because:
  • You are watching all bug changes.