This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What’s the meaning of ‘Suboption would past end of option’?

0

I want IP Options to record route data,so I modified an ping packet's IP Options. Then I sent it and captured it use wireshark to see whether it worked. I found there is no right response but I received another packets. The packets I sent and I received as follows:

The packet that I sent

The packet that I received

So I want to know what's wrong with it.

asked 20 Mar '17, 22:06

Zhao's gravatar image

Zhao
6112
accept rate: 0%


One Answer:

0

what's wrong with it.

The length of the Record Route option is incorrect.

As RFC 791, "Internet Protocol", says on page 15, "The option-length octet counts the option-type octet and the option-length octet as well as the option-data octets." The description of the Record Route option begins on page 20; that option has 1 byte of option type, 1 byte of option length, 1 byte of pointer, and a sequence of 4-byte IPv4 addresses.

The length in your Record Route option is 40. The first 3 of those 40 bytes are the option type, option length, and pointer; that leaves 37 bytes of IPv4 addresses, which is not valid, because that's not a multiple of 4. There are 9 IPv4 addresses in the option, so that's 36 bytes of IPv4 addresses, so the option length should be 39, not 40. Nowhere in RFC 791 does it say that the option length must be a multiple of 4 bytes; in fact, it shows that the length of the Security option must be 11, which is not only not a multiple of 4, it's not a multiple of anything other than 11 and 1, being a prime number.

The expert info should be attached to the option length, or to the extra byte of option, not to the pointer, as the pointer field is valid.

answered 21 Mar '17, 03:21

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%