Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4464] New: Incorrect treatment of PIM/IP packets with TTL=

Date: Thu, 4 Feb 2010 12:50:04 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4464

           Summary: Incorrect treatment of PIM/IP packets with TTL=1.
           Product: Wireshark
           Version: SVN
          Platform: All
               URL: http://tools.ietf.org/html/rfc3973#section-4.7
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: christopher.maynard@xxxxxxxxx


Chris Maynard <christopher.maynard@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #4269|                            |review_for_checkin?
               Flag|                            |

Created an attachment (id=4269)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4269)
Fixes TTL coloring rule and TTL expert info for PIM traffic.

Build Information:
SVN 31781
--
According to RFC 3973, section 4.7:
   All PIM-DM messages MUST be sent with a TTL of 1.  All
   PIM-DM messages except Graft and Graft Ack messages MUST be sent to
   the ALL-PIM-ROUTERS group.  Graft messages SHOULD be unicast to the
   RPF'(S).  Graft Ack messages MUST be unicast to the sender of the
   Graft.

Reference: http://tools.ietf.org/html/rfc3973#section-4.7

The coloring rules were incorrectly being applied to the PIM Graft and Graft
Ack packets since the TTL was 1 and those are unicast packets; however, that is
the expected TTL, so there's no need to colorize those packets in red, as that
gives the impression that there's something wrong with the TTL.

Also, the IP dissector was incorrectly applying an expert info "Note" that the
"Time To Live is only 1".  Since this is normal, expected behavior for these
types of packets, there's no need to note anything of relevance here.  Instead,
that expert info note should be reserved for only those packets deserving of
it.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.