From a7043bf787030fe821305711b750bcb9b7690b1c Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Tue, 18 Jun 2013 20:48:42 +0000
Subject: Update "TTL low or unexpected" coloring rule to ignore vrrp, carp and
 MulticastDNS all of which intentionally use TTL 255.  Bug 5010
 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5010)

Add carp to routing protocols while we're at it.

svn path=/trunk/; revision=50014
---
 colorfilters | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'colorfilters')

diff --git a/colorfilters b/colorfilters
index 8ff8df6d5a..28974f404a 100644
--- a/colorfilters
+++ b/colorfilters
@@ -8,13 +8,13 @@
 @ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796]
 @TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
 @SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[42148,0,0][60652,61680,60395]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]
 @Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1@[4718,10030,11796][63479,34695,34695]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65278,65535,53456][4718,10030,11796]
 @HTTP@http || tcp.port == 80@[58596,65535,51143][4718,10030,11796]
 @IPX@ipx || spx@[65534,58325,58808][4718,10030,11796]
 @DCERPC@dcerpc@[51199,38706,65533][4718,10030,11796]
-@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
 @TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][4718,10030,11796]
 @TCP@tcp@[59345,58980,65535][4718,10030,11796]
 @UDP@udp@[56026,61166,65535][4718,10030,11796]
-- 
cgit v1.2.3