ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6841] New: Enhance L2TP filters to include assigned IDs

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 13 Feb 2012 15:49:04 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6841

           Summary: Enhance L2TP filters to include assigned IDs
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: akk142@xxxxxxxxx


Created attachment 7832
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7832
Filtered output for L2TPv2 filters.

Build Information:
Version 1.6.6 (SVN Rev 40982 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.10.4, with GLib 2.12.3, with libpcap (version
unknown), with libz 1.2.3, with POSIX capabilities (Linux), without libpcre,
without SMI, without c-ares, without ADNS, without Lua, without Python, with
GnuTLS 1.4.1, with Gcrypt 1.4.4, with MIT Kerberos, without GeoIP, without
PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.18-194.8.1.el5, with libpcap version 0.9.4, with libz
1.2.3, GnuTLS 1.4.1, Gcrypt 1.4.4.

Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-48).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Currently, filters only work on the Tunnel/Session ID specified in the packet
header.  This presents a limitation where the ID hasn't yet been propagated to
the peer and is thus set to '0'.  This occurs in SCCRQ, ICRQ, and OCRQ packets.

To solve this problem, the filters need to be enhanced to use the AVPs that
propagate locally allocated IDs to the peer.

L2TPv2 (RFC22661):
    - Assigned Tunnel ID (2 bytes)
    - Assigned Session ID (2 bytes)

L2TPv3 (RFC3931):
    - Assigned Control Connection ID (4 bytes)
    - Local Session ID (4 bytes)

Further, Session ID filtering doesn't work for L2TPv3 because it is not in the
control message header for L2TPv3 over IP.  A control message is identified by
a session ID of '0'.  Instead the control message Session ID is obtained from
the Remote Session ID AVP, specified in RFC3931.

Again the filters need to be enhanced to solve this problem.

L2TPv3 (RFC3931):
    - Remote Session ID (4 bytes)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube