https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13979
Bug ID: 13979
Summary: OSPF v3 LSA Type not well parsed
Product: Wireshark
Version: 2.4.0
Hardware: x86
OS: Debian
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: TShark
Assignee: bugzilla-ad...@wireshark.org
Reporter: gaetan.brio...@gmail.com
Target Milestone: ---
Build Information:
tshark -v
TShark (Wireshark) 2.4.0 (6449245 from master.el6-2.4)
Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.44.1, with zlib 1.2.3, without SMI, without c-ares, with Lua 5.1.4, with
GnuTLS 3.5.11, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without
nghttp2, without LZ4, without Snappy, with libxml2 2.7.6.
Running on Linux 2.6.32-358.el6.x86_64, with Intel(R) Xeon(R) CPU
E31230 @ 3.20GHz (with SSE4.2), with 32081 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.7.2, with GnuTLS 3.5.11, with Gcrypt 1.4.5,
with zlib 1.2.3.
Built using gcc 6.3.0.
--
Hello,
I think an issue regarding OSPFv3 has been introduced in the latest version of
tshark (2.4.0).
This filter does not work anymore: ospf.v3.lsa == 0xa027
Moreover, I noticed the value of the lsa type is not well parsed. Only the last
byte of the type is used, not the first one:
Open Shortest Path First
OSPF Header
Version: 3
Message Type: LS Update (4)
Packet Length: 60
Source OSPF Router: 1.20.1.8
Area ID: 0.0.0.0 (Backbone)
Checksum: 0xd02f [correct]
Instance ID: IPv6 unicast AF (2)
Reserved: 00
LS Update Packet
Number of LSAs: 1
LSA-type 39 (Unknown), len 40
.000 0000 0000 0001 = LS Age (seconds): 1
0... .... .... .... = Do Not Age: False
1... .... .... .... = LSA Handling: Treat the LSA as if it had
link-local flooding scope
.01. .... .... .... = Flooding Scope: Area Scoping - Flooded only
in originating area (0x1)
...0 0000 0010 0111 = LS Type: Unknown (39)
Link State ID: 0.0.0.20
Advertising Router: 1.20.1.8
Sequence Number: 0x80000035
Checksum: 0xf9ea
Length: 40
[Expert Info (Warning/Protocol): Unknown LSA Type 39]
[Unknown LSA Type 39]
[Severity level: Warning]
[Group: Protocol]
0000 00 00 00 00 00 03 00 ff 07 00 00 01 86 dd 6c 00 ..............l.
0010 00 00 00 3c 59 ff fe 80 00 00 00 00 00 00 02 00 ...<Y...........
0020 00 ff fe 00 00 01 fe 80 00 00 00 00 00 00 02 00 ................
0030 00 ff fe 00 00 03 03 04 00 3c 01 14 01 08 00 00 .........<......
0040 00 00 d0 2f 02 00 00 00 00 01 00 01 a0 27 00 00 .../.........'..
0050 00 14 01 14 01 08 80 00 00 35 f9 ea 00 28 00 01 .........5...(..
0060 00 10 01 00 00 0a 00 00 00 01 00 00 00 04 0a 14 ................
0070 01 03
==> 39 so 0x27 and not 0xa027
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
