Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
  • wireshark wireshark
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 1,341
    • Issues 1,341
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 158
    • Merge requests 158
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • External wiki
    • External wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Wireshark Foundation
  • wiresharkwireshark
  • Issues
  • #18080
Closed
Open
Created May 07, 2022 by Chuck Craft@chuckcraftContributor

Statistics->IPv[4|6] Statistics -> Source and Destination Addresses incorrect for tunneling

Summary

Source and destination addresses are pulled from net_src/net_dst packet_info fields.

pinfo_stats_tree.c:

	/* update source branch */
	tick_stat_node(st, st_str_src, 0, FALSE);
	tick_stat_node(st, address_to_str(pinfo->pool, &pinfo->net_src), st_node_src, FALSE);
	/* update destination branch */
	tick_stat_node(st, st_str_dst, 0, FALSE);
	tick_stat_node(st, address_to_str(pinfo->pool, &pinfo->net_dst), st_node_dst, FALSE);

The Multi IP layer problem:

That is because Wireshark will always display the Source/Destination address pair of the highest layer it can find,

The result is that the statistics display a mix and IPv4 and IPv6 addresses where there is tunneling of mixed versions.
(Hmmm - even if versions aren't mixed, the addresses are incorrect if the tunneled address is being returned)

(packet-ip.c and packet-ipv6.c - last one in wins)

Steps to reproduce

the Ultimate PCAP (latest update: 20210721):

Includes 6in4 and 4in6.

Statistics->IPv4 Statistics -> Source and Destination Addresses
Statistics->IPv6 Statistics -> Source and Destination Addresses

What is the current bug behavior?

(Determining unique source/destination IP addresses separately.)

220507_IPv4_addresses_anno

220507_IPv6_addresses_anno

What is the expected correct behavior?

Display lowest (outer) layer IP addresses.

Sample capture file

See "Steps to Reproduce"

Relevant logs and/or screenshots

(Paste any relevant logs here)

(Paste any relevant screenshots here)

Build information

3.7.0rc0-1977-g8f4d38b776a7 (v3.7.0rc0-1977-g8f4d38b776a7)

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.31, build 31107),
with GLib 2.66.4, with PCRE2, with zlib 1.2.11, with Qt 6.2.4, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with
Kerberos (MIT), with MaxMind, with nghttp2 1.44.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.10, with libsmi 0.4.8, without
QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with
SpeexDSP (using bundled resampler), with Minizip.

Running on 64-bit Windows 10 (21H1), build 19043, with Intel(R) Core(TM)
i5-4300U CPU @ 1.90GHz (with SSE4.2), with 12193 MB of physical memory, with
GLib 2.66.4, with PCRE2 10.39 2021-10-29, with Qt 6.2.4, with Npcap version
1.60, based on libpcap version 1.10.2-PRE-GIT, with c-ares 1.17.0, with GnuTLS
3.6.3, with Gcrypt 1.8.3, with nghttp2 1.44.0, with brotli 1.0.9, with LZ4
1.9.3, with Zstandard 1.4.0, without AirPcap, with light display mode, without
HiDPI, with LC_TYPE=English_United States.utf8, with binary plugins (21 loaded).
Edited May 07, 2022 by Chuck Craft
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking