Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5008] New: The VRRP dissector can not handle correctly VRR

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 14 Jul 2010 09:23:42 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5008

           Summary: The VRRP dissector can not handle correctly VRRPv3
                    packets with IPv4 assocoated addresses in them
           Product: Wireshark
           Version: 1.2.9
          Platform: Other
        OS/Version: Windows 7
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: milkovm@xxxxxxxxxxx


Created an attachment (id=4917)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4917)
Capture showing the problem

Build Information:
Version 1.2.9 (SVN Rev 33171)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun  8 2010),
with AirPcap.

Running on 32-bit Windows 7, build 7600, with WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Please look at the attached capture. It consists of VRRPv3 packets over IPv4.
RFC 5798 is very clear about VRRPv3 supporting both IPv6 and IPv4 and how the
structure of the VRRPv3 packet looks like. If you look at any of the packets in
this capture via Wireshark, you'll see that the sniffer declares the packet as
malformed. I suspect that when the VRRP version is set to 3, the VRRP dissector
always tries to parse the associated IP section of the packet as IPv6 addresses
and because of that it fails when this section holds IPv4 addresses. With
VRRPv3 packets carrying IPv6 associated IPs, Wireshark correctly parses the 
associated IPs section of the packet.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube