search

mit-ll / dlep-wireshark-dissector

Wireshark dissector for the Dynamic Link Exchange Protocol
MIT License
1 stars 3 forks source link

Message Header Incorrect Parsing #3

Closed soxrok2212 closed 3 years ago

soxrok2212 commented 3 years ago

Looks like we have an issue here. I've been trying to diagnose this all day. Perhaps I'm in a bit over my head, but section 11.2 of RFC 8175 does not say that the message must start with D L E P as Signals are supposed to, however it looks like somewhere along the lines this is being parsed incorrectly.

In my case, I send a session initialization message 0x0001 but it looks like the plugin might be expecting D L E P for the first 4 bytes. According to the RFC, the first two bytes should just be the message type (again, 0x0001), followed by the heartbeat interval (5000 in my case, 0x1388) and the peer type. I'm not 100% convinced on where the bug actually is, but from the attached screenshot, it looks like the plugin is just skipping over the first 4 bytes (reason why I think it's incorrectly expecting DLEP there) and may also explain why its showing as an unknown signal (when it should be a message).

Screen Shot 2020-11-10 at 5 41 55 PM

Again, I could be completely mistaken but if you have any thoughts, please don't hesitate to share!

Thank you!

11.2.  DLEP Message Header

   The DLEP Message Header contains the following fields:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Message Type                  | Length                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 4: DLEP Message Header

   Message Type:  A 16-bit unsigned integer containing one of the DLEP
      Message Type values defined in this document.

   Length:  The length in octets, expressed as a 16-bit unsigned
      integer, of all of the DLEP Data Items contained in this Message.
      This length MUST NOT include the length of the Message Header
      itself.

   The DLEP Message Header is immediately followed by zero or more DLEP
   Data Items, encoded in TLVs, as defined in this document.
soxrok2212 commented 3 years ago

I think I've come to the conclusion that it is an issue on my end. The session init message was being sent as UDP and not TCP.