Wireshark-bugs: [Wireshark-bugs] [Bug 7089] MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MP
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7089
--- Comment #9 from FF <francesco.fondelli@xxxxxxxxx> 2012-04-17 09:13:37 PDT ---
(In reply to comment #4)
> Hi,
>
> Default decoder for MPLS payload is "Ethernet MPLS PW (CW is heuristically
> detected)"
>
> For now you can change mpls dissector to use "Ethernet MPLS PW (no CW, early
> implementations)"
>
> CC, Francesco Fondelli who might know how to fix it :)
>
> Francesco, can you look at it?
Hi Jakub, Ricky,
I'm puzzled.
1)
mpls dissector is broken. Where is the 1st nibble logic in packet-mpls.c ?
Gone ? diff r27087 vs r27590:
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mpls.c?r1=27087&r2=27590
the mpls_default_payload approach (r27590) does not take into
account IP. Plain IP after MPLS label stack is
misinterpreted... and best current practice RFC4928 ignored...
the logic should be something like:
- any explicit binding for this label ?
yes -> use it
no... let me see the 1st nibble:
4 -> IPv4
6 -> IPv6
1 -> something to do with associated channel
else -> it is probably a PW, let's use the preferred (which is
"Ethernet MPLS PW (CW is heuristically detected)')
2)
>Furthermore, this workaround :
>> Analysis -> Decode As ->
>> Choose [Decode]
>> Select <MPLS> Tab,
>> Choose <Data after label 146432==Ethernet PW (noCW)
>ONLY work on Wireshark version 1.6.7.
>In version 1.7.1, the <MPLS> Tab is MISSING, only the <LINK> Tab is available.
>So, this workaround is broken in version 1.7.1
Why ? Any idea ?
3)
yes the Eth PW heuristic must be improved (taking into consideration broadcast
MAC DA)
Unfortunately I have no time at all know... If nobody picks this up
I'll start fixing this from point 1... as soon as I can.
hope this helps
ciao
FF
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
