Bug 438473
| Summary: | wireshark via ssh -X on ipv6 link-local address fails to allow capture | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Sage Grigull <mgrigull> | ||||
| Component: | wireshark | Assignee: | Jan Safranek <jsafrane> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Miroslav Vadkerti <mvadkert> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 5.2 | CC: | gharris, jsafrane, mvadkert, rvokal | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | wireshark-1.0.15-2 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: |
When Wireshark starts with X11 protocol being tunnelled through ssh connection, it automatically prepares its capture filter to omit these ssh packets. If the ssh connection is to link-local IPv6 address including interface name (like ssh -X <ipv6addr>%eth0), Wireshark erroneously parsed this address and constructed wrong capture filter and refused to capture packets with 'Invalid capture filter' message. In this update, parsing of link-local IPv6 addresses is fixed and Wireshark prepares correct capture filter to omit ssh over link-local IPv6 connection.
|
|||||
| Last Closed: | 2013-01-08 05:01:32 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Sage Grigull
2008-03-21 08:37:57 UTC
Created attachment 298779 [details]
error message when attempting to start capture described as per BZ
It should be noted that no display or capture filters were defined by the user at any stage. All other interfaces fail with the same error message except 'any': it fails on not being able to set promiscous mode on any originally observed with RHel5u1, bumping to RHEL5.2 Wireshark fills in a default capture filter when it's being run "over the wire" in some sense, e.g. from an ssh connection or an X11 connection from another machine. The default capture filter is intended to filter out traffic for that connection, so that, for example, updates to the X11 display for Wireshark, or printed output for packets from TShark, don't *themselves* generate traffic that Wireshark or TShark will display, said display then causing more traffic, *ad infinitum*. That's the capture filter that showed up in the error message. It got a "scoped" IPv6 address (see RFC 4007), and put that into the capture filter; however, as libpcap doesn't support scoped addresses in filters (and the scope ID doesn't show up on the wire, so there's nothing for it *to* support). Wireshark should remove any scope IDs from addresses it puts into the default capture filter. Please file an upstream bug at http://bugs.wireshark.org (it's Bugzilla, so you'll need to create an account) about this, and put my comments into the bug. patch sent upstream: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4945 This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Looks like the issue cannot be reproduced with tshark, so manual verifictaion only. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0125.html |