Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 9996] New: IPv6 Next Header is Unknown yet Wireshark tries

Date: Tue, 15 Apr 2014 18:42:37 +0000
Bug ID 9996
Summary IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6 Extension Header
Classification Unclassified
Product Wireshark
Version 1.6.6
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Wireshark
Assignee [email protected]
Reporter [email protected]

Created attachment 12699 [details]
A packet with IPv6 layer with unknown next header that are being parsed as
extenion headers

Build Information:
Version 1.6.6 (SVNRev 41803 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Mar
27 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
While working on IPv6 support in Pcap.Net (http://pcapdot.net), I've found the
following:

If Wireshark 1.6.6 sees an Next Header in IPv6, it still tries to parse it as
Extension Header, even though it's not recognized as IPv4 protocol of an IPv6
extension header.

In the example packet, the Next Header field of the 5th IPv6 extension header
is 0x35 (SWIPE) and Wireshark still tries to parse the data after it as an
Extension Header.
This is also true when the Next Header is 0xe8, as can be seen in the 7th
extension header.

Thanks,

Boaz.


You are receiving this mail because:
  • You are watching all bug changes.