tcpdump mailing list archives

Re: decode MPLS-contained packets?

From: Gert Doering via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Tue, 5 May 2020 06:15:50 -0400 (EDT)

--- Begin Message --- From: Gert Doering <gert () greenie muc de>
Date: Tue, 5 May 2020 12:17:32 +0200

Hi,

On Tue, May 05, 2020 at 05:50:40AM -0400, Gert Doering via tcpdump-workers wrote:

Now, the two questions:

 - is there a switch I'm missing to decode packets-in-MPLS?
    (like, "packets in GRE" get decoded already)
 - if not, is someone already working on it?  I might just hack 
   it in, if not...


O-kay.  That turned out to be easier and harder than I thought, at the
same time.

tcpdump's print-mpls.c already does "if I know what upper-layer protocol
is in here, I call the appropriate printer".  But there is no well-defined
type field, so it fails for my packets, and and falls back to "hexdump"
(good enough).

In my case, there is an MPLS control word before the ethernet header
("0000 0000"), and if I skip that and just clear "ethernet in here", I
get nicely printed packets...

12:11:46.116238 MPLS (label 105, exp 0, ttl 254) (label 24003, exp 0, [S], ttl 254) IP 10.27.99.2 > 10.27.99.34: ICMP 
echo request, id 49866, seq 5160, length 84
12:11:46.117107 MPLS (label 24002, exp 0, [S], ttl 253) IP 10.27.99.34 > 10.27.99.2: ICMP echo reply, id 49866, seq 
5160, length 84


So, for my debugging purposes, I have what I need now.

For "contribute back to tcpdump", this is unsatisfactory, as I'm just
guessing what is in there - we already have guesswork, but that isn't
covering "0" (and being a control word, it could be anything).

How does wireshark/tshark approach this?


Would it make sense to add a flag option "hey, MPLS dissector, this is
ethernet + control-world, always"?

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert () greenie muc de

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
  - Message not available
    - Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
    - Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)
  - Message not available
    - Message not available
    - Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)

(Thread continues...)