https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3328
Summary: CFLOW decoding is wrong for IPv6 fields
Product: Wireshark
Version: 1.0.6
Platform: All
OS/Version: Mac OS X 10.4
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: vrpatil@xxxxxxxxxxx
CC: gerald@xxxxxxxxxxxxx
Build Information:
wireshark-1.0.6
--
Hello,
I use wireshark(on OSX) to decode cflow records, for IPv6 found that the
protocol decoder is choosing wrong type value for some fields. See RFC 3594 for
details.
The code seems to be doing wrong for IPv6 NH and BGP_V6_NH, from RFC we see
that type value for IPv6 next hop is 62 not 15 and BGP IPv6 next hop is 63 not
62!.
IPV6_NEXT_HOP 62 16 IPv6 address of the
next-hop router
BGP_IPV6_NEXT_HOP 63 16 Next-hop router in the BGP
domain
case 15: /* nexthop IP */
if (length == 4) {
proto_tree_add_item(pdutree, hf_cflow_nexthop,
tvb, offset, length, FALSE);
} else if (length == 16) {
proto_tree_add_item(pdutree,
hf_cflow_nexthop_v6,
tvb, offset, length, FALSE);
} else {
proto_tree_add_text(pdutree,
tvb, offset, length,
"NextHop: length %u", length);
}
break;
....
case 62: /* IPv6 BGP nexthop */
proto_tree_add_item(pdutree, hf_cflow_bgpnexthop_v6,
tvb, offset, length, FALSE);
break;
The code probably shall look like
case 15: /* nexthop IP */
if (length == 4) {
proto_tree_add_item(pdutree, hf_cflow_nexthop,
tvb, offset, length, FALSE);
} else {
proto_tree_add_text(pdutree,
tvb, offset, length,
"NextHop: length %u", length);
}
break;
case 62: /* IPv6 nexthop IP */
if (length == 16) {
proto_tree_add_item(pdutree,
hf_cflow_nexthop_v6
,tvb, offset, length, FALSE);
} else {
proto_tree_add_text(pdutree,
tvb, offset, length,
"NextHop: length %u", length);
}
break;
case 63: /* IPv6 BGP nexthop */
proto_tree_add_item(pdutree, hf_cflow_bgpnexthop_v6,
tvb, offset, length, FALSE);
break;
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
