ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 11180] New: RFC 6374 MPLS PM: Incorrect decoding of timest

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 08 May 2015 13:25:07 +0000
Bug ID 11180
Summary RFC 6374 MPLS PM: Incorrect decoding of timestamp 2
Product Wireshark
Version 1.8.10
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 13594 [details]
Captured packets that illustrate the bug

Build Information:
wireshark 1.8.10 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.8.8, with Pango 1.28.1, with
GLib 2.28.8, with libpcap, with libz 1.2.3, without POSIX capabilities, with
SMI
0.4.8, without c-ares, without ADNS, without Lua, without Python, with GnuTLS
2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without PortAudio,
with AirPcap.

Running on Linux 2.6.32-504.16.2.el6.x86_64, with locale de_DE.utf8, with
libpcap version 1.4.0, with libz 1.2.3, GnuTLS 2.8.5, Gcrypt 1.4.5, without
AirPcap.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-11).

--
I am working on a hardware which is supporting the MPLS delay measurements acc.
to RFC 6374.

I am observing the DM packets with Wireshark and found that the timestamp 2
field is always decoded as raw 64 bit unsigned format (it is T2 in a query and
T4 in a response).

I looked at the Git code in packet-mpls-pm.c function
mpls_pm_dissect_timestamp() and it looks like this
is done on purpose, comment in the code:

         /*
          * FF: when a query is sent from A, Timestamp 1 is set to T1 and the
          * other timestamp fields are set to 0.
          */

But what if I look at a query packet "inside" B after it has passed the ingress
timestamper? Then it should be decoded acc. to RTF format (because the TS was
inserted by the responder), shouldn't it? And since Wireshark does not know
where the packet is sniffed (on the wire between A and B or B after the ingress
time stamper), I think it should always decode timestamp 2 field as T2 in RTF
format in a query resp. as T4 in QTF format in a response.

It is not a big issue, but it would make comparison of timestamp pairs in a
packet easier.

I have attached a small capture file which illustrates the issue.

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube