Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3820] New: malformed packet when IPv6 packet has Next Head

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 7 Aug 2009 12:31:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3820

           Summary: malformed packet when IPv6 packet has Next Header == 59,
                    conflicts with RFC 2460
           Product: Wireshark
           Version: 1.2.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ivan_jr@xxxxxxxxx



Ivan Sy <ivan_jr@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3478|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3478)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3478)
added IPv6 next header which equals to 59 and skip it from any more dissections

Build Information:
Version 1.3.0

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.1, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Aug  8
2009), with AirPcap.

Running on Windows Vista Service Pack 2, build 6002, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Fixed IPv6 malformed packet when ip6_nxt (Next Header) is equal to "59". as per
section 4.7 RFC 2460

Notes:
Example packet is a teredo bubble. The IPv6 Next Header field is equal to 59
and the payload length is zero. This means that there is no more payload left
in the packet.

- see patch and packet capture

Wireshark 1.2.1 dissects this as a Malformed Packet

More Information

Section 4.7 No Next Header for RFC 2460 - Internet Protocol, Version 6 (IPv6)
Specification
   The value 59 in the Next Header field of an IPv6 header or any
   extension header indicates that there is nothing following that
   header.  If the Payload Length field of the IPv6 header indicates the
   presence of octets past the end of a header whose Next Header field
   contains 59, those octets must be ignored, and passed on unchanged if
   the packet is forwarded.

and as an example, one IPv6 technology, teredo is using this.

Section 2.8. Teredo Bubble (RFC 4380)
   A Teredo bubble is a minimal IPv6 packet, made of an IPv6 header and
   a null payload.  The payload type is set to 59, No Next Header, as
   per [RFC2460].  The Teredo clients and relays may send bubbles in
   order to create a mapping in a NAT.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube