aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoerg Mayer <jmayer@loplof.de>2015-08-22 05:43:46 +0400
committerJörg Mayer <jmayer@loplof.de>2015-08-22 01:50:26 +0000
commit97014f6d6b1b3994f44421fc28ed2c151977f6a0 (patch)
tree49e606bd1e490f0e736f9743db9060a830df3d08
parent74177d90d32b485adc3fb83c703e712af6e46663 (diff)
OSPF database packets and OSPF hellos in DC mode are unicast. At
least Cisco sends out these packets with a TTL of 1. Change-Id: I9ef0cd486d200a768329cfb758b87e20e3456663 Reviewed-on: https://code.wireshark.org/review/10188 Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Diffstat
-rw-r--r--colorfilters2
-rw-r--r--epan/dissectors/packet-ip.c7
2 files changed, 6 insertions, 3 deletions
diff --git a/colorfilters b/colorfilters
index 6a96752908..ca0e03f9c6 100644
--- a/colorfilters
+++ b/colorfilters
@@ -8,7 +8,7 @@
@ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796]
@TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
@SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim && !ospf) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]
@Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1 || stt.checksum.bad==1@[4718,10030,11796][63479,34695,34695]
@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65278,65535,53456][4718,10030,11796]
@HTTP@http || tcp.port == 80 || http2@[58596,65535,51143][4718,10030,11796]
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c
index 46965ba8dc..b6b8ab85f7 100644
--- a/epan/dissectors/packet-ip.c
+++ b/epan/dissectors/packet-ip.c
@@ -2311,8 +2311,11 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
"Local Network Control Block (see RFC 3171)",
ttl);
}
- } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
- (iph->ip_p != IP_PROTO_PIM)) {
+ } else if (!is_a_multicast_addr(dst32) &&
+ /* At least BGP should appear here as well */
+ iph->ip_ttl < 5 &&
+ iph->ip_p != IP_PROTO_PIM &&
+ iph->ip_p != IP_PROTO_OSPF) {
expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 18:21:30 +0000