Wireshark-dev: Re: [Wireshark-dev] Ethernet header below MPLS...
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: barcaroller <barcaroller@xxxxxxxxx>
Date: Fri, 23 Sep 2016 18:58:16 -0400
On 2016-09-16 12:32:26 +0000, Francesco Fondelli said:


If the Ethernet PW is without the CW (Control Word) - as it seems from
your ASCII art - the "magic" might be happened in
dissect_pw_eth_heuristic() around line 134 of packet-pw-eth.c.

To get the big picture (line 462 of packet-mpls.c + line 134 of
packet-pw-eth.c):

- is there any user specific label binding for this label (via decode
as)? yes use it, else
- use the 1st nibble logic (see BCP 4928, RFC 4385 and 5586): 4 =>
IPv4, 6 => IPv6, 1 => PW Associated Channel (i.e. OAM stuff like
S-BFD, BFD, LM, CC, CV...)
- if the first nibble is 0 well... wiiild guessss... we try with a bit
of "magic" (at line 134 of packet-pw-eth.c)
     - if the first 6+6 bytes look like (by checking manufacture OUI
database) a pair of Ethernet addresses we go with Ethernet PW
*without* CW (it seems your case)
     - else hmmm wait... the first nibble was 0 so it might have been
the case of Ethernet PW with a 'Generic PW MPLS Control Word' as per
RFC 4385 (uncommon)

Isn't Wireshark great? :-)

ciao
fra


Thanks for your detailed response, Francesco!  It answered my question.