Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4210] New: Bug parsing IPv4 header flags field

Wireshark-bugs: [Wireshark-bugs] [Bug 4210] New: Bug parsing IPv4 header flags field

Date: Thu, 5 Nov 2009 14:46:40 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4210

           Summary: Bug parsing IPv4 header flags field
           Product: Wireshark
           Version: 1.3.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fdmanana@xxxxxxxxx



Filipe David Borba Manana <fdmanana@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3917|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3917)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3917)
patch to fix bug with IPv4 header flags field analysis

Build Information:
root@twinsen-desktop:/opt/wireshark/bin# ./wireshark --version
wireshark 1.3.2 (SVN Rev 30836 from /trunk)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap,
with new_packet_list.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.28-16-generic, with libpcap version 1.0.0.

Built using gcc 4.3.3.

--
Since it was named Ethereal and up to today, Wireshark wrongly parses the IPv4
header flags field:

* it considers it as a 4 bits wide field - according to RFC 791 its a 3 bits
wide field (first 3 bits of the 6th octect of the IPv4 header).

* if for example the DF bit is set, Wireshark displays the flag value as 0x04
(0100) when it should be 0x02 (010), idem for the MF flag.

Attached to this bug report, you can find a patch to fix the issue.

best regards from Portugal,
Filipe Manana


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4206] Assorted 6LoWPAN bugs
Next by Date: [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
Previous by thread: [Wireshark-bugs] [Bug 4209] About de_sup_codec_list(.) in packet-gsm_a_dtap.c
Next by thread: [Wireshark-bugs] [Bug 4210] Bug parsing IPv4 header flags field
Index(es):
- Date
- Thread