Wireshark-bugs: [Wireshark-bugs] [Bug 10620] New: ICMP packet is incomplete, yet Wireshark repor
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 24 Oct 2014 23:58:03 +0000
Bug ID 10620
Summary ICMP packet is incomplete, yet Wireshark reports bad checksum
Product Wireshark
Version 1.10.6
Hardware x86-64
OS Ubuntu
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter ydahhrk@gmail.com 

Created attachment 13196 [details]
This Packet too Big contains an unverifiable checksum at the end of the header
queue.

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Also tested on Wireshark 1.12.1 on Windows.

--------

I have a IPv6 network. I sent a big, non-fragmentable ping. The packet tried to
cross over a small link, and I got a "Packet too Big" ICMP error out of it. So
far, so good.

As far as I know, ICMP errors obey the following rules:

- An ICMP error contains as "payload" the original packet which caused the
error.
- This "inner" packet can be truncated. This is perfectly legal.

Wireshark complains because the checksum of the **inner** packet (ie. the
original packet) is incorrect. Yet, the inner packet's IPv6 header reports 1408
bytes should follow, but its payload is actually 528 long. Shouldn't Wireshark
be unable to validate this checksum?

You are receiving this mail because:
  • You are watching all bug changes.