Comment # 26
on bug 12568
from Christoph Loibl
(In reply to Matt Texier from comment #25)
> Difficult to have 513 bytes fitting into 243 bytes :) !
>
> It is probably to early to jump to conclusion but there is chance that this
> packet is malformed ...
Your conclusion is right. Packet #2 indeed is a corrupt packet (mentioned
earlier -> we opened a ticket with cisco :-) ).
Only Packet #1 is a correct (packet #3 is the notification packet sent in
response to the malformed #2) update from Cisco.
I verified Packet #1 again and think it is really correct. I am not familiar
with the way dissectors work, however may the problem that we see with packet
#1 result from the fact that the return value of decode_flowspec_nlri should be
tot_flow_len + offset_len (the total number of dissected bytes, or at least
somehow account for the additional byte of length field?)?
Cheers Stoffi
You are receiving this mail because:
- You are watching all bug changes.
