Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5893] New: VTP dissector enhancement to recognize VTP Join/Prune messages (pat

[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5893

           Summary: VTP dissector enhancement to recognize VTP Join/Prune
                    messages (patch included)
           Product: Wireshark
           Version: 1.4.6
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: peter.paluch@xxxxxxxxxxxx


Created an attachment (id=6287)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6287)
VTP dissector enhancement for VTP Join message support

Build Information:
Version 1.4.6

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.4, with GLib 2.28.6, with libpcap 1.1.1, with
libz 1.2.5, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.12.3, with
Gcrypt
1.5.0-beta1, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Apr
16 2011 18:31:04), without AirPcap.

Running on Linux 2.6.37, with libpcap version 1.1.1, with libz 1.2.5, GnuTLS
2.12.3, Gcrypt 1.5.0-beta1.

Built using gcc 4.4.5.
--
Greetings,

I am attaching a patch against the file epan/dissectors/packet-vtp.c that adds
a support for VTP Join messages.

VTP Join messages (Code 0x04 VTP messages) are used for VTP Pruning
functionality where a switch periodically declares which currently existing
VLANs are in actual use and which are not, in order to limit unnecessary
propagation of unknown unicasts/multicasts/broadcasts over trunk links.

The existence of VTP Join messages themselves is known for some time and is
described in the following document:

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml#vtp_msg

However, their exact format was, so far, not publicly documented.

It turns out that the VTP Join messages are rather simple: after a VTP header
containing the Version, Code, (Followers - unused in VTP Join), Management
Domain Name Length, and Management Domain Name, the remaining fields of the
message are as follows:

- guint16 FirstVLAN
- guint16 LastVLAN
- guint8 VLANBitmask [ (LastVLAN - FirstVLAN + 1) / 8 ]

The FirstVLAN and LastVLAN contain the number of the first and last VLAN whose
state (joined/pruned) is indicated in this message. The FirstVLAN must be a
multiple of 8, the LastVLAN must be a multiple of 8 decreased by 1.

The VLANBitmask is a bitmapped array of guint8 integers where the i-th bit
(starting with the 0-th, i.e. most significant, bit in the first array element)
indicates whether the VLAN (FirstVLAN + i) is joined (if set to 1) or pruned
(if set to 0), hence the need for FistVLAN and LastVLAN to be aligned to
multiples of 8, as each guint8 element describes the state of 8 VLANs.

I would like to ask you to kindly review the changes to the VTP dissector, and
if you find them agreeable, include them into the Wireshark sources. I am very
open for any improvements, particularly in the way the active VLANs are
displayed in the Wireshark GUI.

I am also attaching a sample capture file showing the VTP Join and one VTP
Summary Advertisement message.

Best regards,
Peter

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.