Wireshark-bugs: [Wireshark-bugs] [Bug 1790] New: packet-cisco-erspan.c enhancements
Date: Fri, 24 Aug 2007 05:28:36 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1790

           Summary: packet-cisco-erspan.c enhancements
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ohuchi@xxxxxxxxx


Build Information:
wireshark 0.99.7 (SVN Rev 22597)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.14, with GLib 2.12.13, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.


Built using Microsoft Visual C++ 8.0 build 50727

--
This patch enables the wireshark to decode some unknown Cisco's ERSPAN fields
as follows.

1. Priority field decode.
   The 802.1q tag field of a frame is separated from its frame body in a ERSPAN
packet. 
   Current packet-cisco-erspan.c decodes only the vlan id field of the 802.1q
tag.
   This patch can also decode the priority field of the 802.1q tag.

2. Direction of a captured frame decode.
   A ERSPAN packet includes the additional information of the direction a
captured frame as below.

   If a caputred frame comes from outside to a switch port, this means an
'Incoming' frame.
   If a caputred frame goes out of a switch port, this is an 'Outgoing' frame.


This is an example before this patch.

 ER Switch Packet Analysis
     0001 .... .... .... = Unknown1: 0x0001
     .... 0100 0101 0000 = Vlan: 1104
     1000 10.. .... .... = Unknown2: 0x0022
     .... ..00 0000 0001 = SpanID: 1
     Unknown3: 00007FFB

Following is an example of the output of this patch.

 ER Switch Packet Analysis
     0001 .... .... .... = Unknown1: 0x0001
     .... 0000 0110 0101 = Vlan: 101
     110. .... .... .... = Priority: 6              <<<<
     ...0 .... .... .... = Unknown2: 0
     .... 0... .... .... = Direction: Incoming (0)  <<<<
     .... ..00 0000 0001 = SpanID: 1
     Unknown3: 00084065


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.