Wireshark-dev: Re: [Wireshark-dev] [PATCH]: enhanced "what's past last mpls label?" heuristic
Hi,
Please read http://www.wireshark.org/docs/wsdg_html/#ChSrcSend about
submitting patches for Wireshark. Just to make sure it doesn't get lost.
Thanx,
Jaap
Francesco Fondelli wrote:
Hi all,
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
The new logic to dissect data after last mpls label is:
if (!dissector_try_label(mpls_subdissector_table, label, ...)) {
if (nibble == 6) {
call_dissector(ipv6_handle, ...);
} else if (nibble == 4) {
call_dissector(ipv4_handle, ...);
} else if (nibble == 1) {
dissect_pw_ach(next_tvb, ...);
} else if (nibble == 0) {
if (looks_like_plain_eth(next_tvb)) {
call_dissector(eth_withoutfcs_handle, next_tvb, ...);
} else {
dissect_pw_mcw(next_tvb, ...);
}
} else {
call_dissector(eth_withoutfcs_handle, ...);
}
}
The mpls protocol dissector has now a subdissector table indexed by label.
If the user specifies a binding (through "Decode as...") label N <--> proto X
wireshark will pass data past last mpls label to dissector X. If there is
no label2proto binding the legacy "first nibble based" algorithm (corrected and
enhanced) is used.
the original code was:
if (ipvers == 6) {
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
} else if (ipvers == 4) {
call_dissector(ipv4_handle, next_tvb, pinfo, tree);
} else if (ipvers == 1) {
dissect_mpls_control(next_tvb, pinfo, tree);
} else {
call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
}
dissect_mpls_control() is now called dissect_pw_ach() (ach stands for
Associated Channel Header) as per RFC 4385 terminology.
dissect_pw_mcw() (mcw stands for MPLS Generic/Preferred Control Word)
is called only if the first nibble is 0 (as per RFC 4385) and if the
first 12 bytes of data look like two mac addresses.
Ethernet PWs are common nowadays with and without CW (control word:
4 bytes between last mpls label and the encapsulated ethernet header)
in service provider networks. I have been told few times that
"wireshark doesn't work" because of the CW presence. This patch
"automagically" provides a valid dissection in most common "eth
PWs with/without CW" cases.
Moreover, this patch allows wireshark users to manually provide info
in case the heuristic fails.
If you accept this changes new dissectors, one for each type of PW
encapsulated traffic, can be easily implemented (packet-pw-eth.c is
provided as a starting point).
- Structure-Agnostic Time Division Multiplexing (TDM) over Packet
(SAToP) (RFC 4553)
- Structure-Aware Time Division Multiplexed (TDM) Circuit Emulation Service
over Packet Switched Network
(CESoPSN) (RFC 5086)
are at the top of my to-do list.
I have used and fuzz-tested this code. Please check it in.
Ciao
FF
ps
patch is against svn #25387 but unfortunately is a "diff -ru dir1 dir2"
because I cannot "svn diff" anymore due to bad bad proxy settings,
sorry, it should work fine anyway.
pps
bug report is #2689