Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 7043] New: Wireshark doesn't calculate the right IPv4 dest

Date: Sun, 8 Apr 2012 06:07:48 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7043

           Summary: Wireshark doesn't calculate the right IPv4 destination
                    using source routing options when bad options precede
                    them
           Product: Wireshark
           Version: 1.6.6
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: boaz.brickner@xxxxxxxxx


Created attachment 8176
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8176
IPv4 packet with strict source routing option following an internet timestamp
option with length < 5.

Build Information:
Version 1.6.6 (SVN Rev 41803 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Mar
27 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Encountered while developing Pcap.Net (http://pcapdot.net).

If we have a loose source routing or a strict source routing IPv4 option after
an option that Wireshark considers bad, we don't parse the source routing
option and this has the following effect:
1. Wrong destination field.
2. Bad TCP/UDP checksum calculation since they rely on the real destination.

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6561 for more details
regarding IPv4 destination calculation.

Currently, bad IPv4 options that I know of are internet timestamp with length <
5 and basic security with length != 11.
As far as I know, both of these options should be considered ok according to
their RFCs, but this is a separate less critical bug.

Attached is an IPv4 packet with timestamp option with length < 5 and after it a
strict source routing option.
As you can see, Wireshark stops the parsing in the timestamp option and doesn't
get to the strict source routing option.
This causes the destination field to be wrong and if this packet was a TCP/UDP
packet, and it would also have caused the expected checksum to be different
than the actual expected checksum.

I also think that the fact that Wireshark doesn't parse the rest of the options
after the bad option is a bug, but again, less critical.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.