ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2706] CFM - Incorrect parsing of Test TLV

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 15 Oct 2010 11:25:25 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2706

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jeff.morriss.ws@xxxxxxxxx

--- Comment #5 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-10-15 11:25:21 PDT ---
(In reply to comment #3)
> Created an attachment (id=5298)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5298) [details]
> Patch that excludes pattern type from length for TEST_TLV.
> 
> (In reply to comment #2)
> > Can you point us to the documentation where you found the recommendation to
> > *not* include the pattern type field in the field length?
> 
> I think he is right.  Refer to section 9.3 LBM PDU of
> http://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-Y.1731-200802-I!!PDF-E&type=items.
> 
> In particular, from 9.3-4: "Length: Identifies size, in octets, of the Value
> field containing the test pattern and CRC-32."
> 
> Note that it does NOT state, "... of the Value field containing the pattern
> type, test pattern and CRC-32."

Hmmm, I think I'd disagree.  If you look at figure 9.1-2, it shows that they
are setting up a basic TLV message with a 1-octet Tag, a 2-octet Length, and
variable-length Value.

9.3.2 goes on to say what you quoted above, but to me the Value is the Value
part of the whole TLV structure; the "pattern type" is part of the Value field
for this particular message.  I can see the ambiguity the original author talks
about because "containing the test pattern" could theoretically mean
"containing only the pattern but not the 1-octet pattern type selector" but TLV
encodings don't normally work that way.  (In other words: why make the length
different different for this message type only?)

The Length definition goes on to say (emphasis mine) "In a frame where the PDU
is limited to 1492 octets, the maximum length value is 1480 octets (since 12
bytes are required for 8 octets of LBM PDU overhead, *3* *octets* *of* *Test*
*TLV* *overhead*, and 1 octet of end TLV)."

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube