Wireshark-dev: Re: [Wireshark-dev] Overview of MPLS PW bugs
From: Francesco Fondelli <francesco.fondelli@xxxxxxxxx>
Date: Sun, 8 Jan 2017 19:03:21 +0100
Hi Guy,

On Sat, Jan 7, 2017 at 10:38 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Jan 7, 2017, at 1:15 PM, Francesco Fondelli <francesco.fondelli@xxxxxxxxx> wrote:
>
>> the pw_eth_heuristic is too strong, it does not take into
>> consideration locally-assigned MAC addresses and multicast (as noted
>> in some bugs by Guy Harris and Michael Mann). Patches are welcome :-)
>
> The heuristic used in the pw_eth_heuristic dissector is both too strong *and* too weak:
>
>         it's too strong because it only recognizes globally-assigned MAC addresses;
>
>         it's too weak because it only checks the MAC address - it doesn't check whether, if the type/length field is a type field, the type is one we know or, if it's a length field, whether the headers following the MAC header are something we'll dissect.
>
> Bugs for *both* of those problems have been filed.

I agree. The pw_eth_heuristic should be improved.

>> That said, I think the current situation is a good trade-off.
>
> The *current heuristics* are clearly *not* a good trade-off, given the bugs that have been filed.  They need to be improved, in both directions.

With current situation I meant the logic we have in packet-mpls.c.

>> The not edulcorated version reads "Ethernet PW without control word is
>> a pain in the ass, do not use it".
>
> That may be the case, but apparently people *do* use it, and if we can make life less painful for them without making life more painful for the people "doing the right thing", we should do so.

I agree. However, we should try hard not to break the good boys that
are just using plain IPv{4,6}.

>> an other improvement could be to add logic to signalling dissectors
>> (e.g. LDP, BGP) in order to add explicit label-to-dissector bindings.
>> This would be useful only in case signalling and data plane are
>> captured together. Therefore, I guess this is not common and it isn't
>> worth it.
>
> We *already* do that for some other control and data plane protocols; for example, RTSP and SDP dissectors can set up UDP traffic to be dissected as RTP (there are other examples as well), so I don't consider that a sufficiently good reason not to do it.

Still think is a corner case, but I put it in the todo list.

thanks
ciao
fra