From Zdravko Velinov via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7483

Enhancements to the HP ERM protocol dissector I have done some reverse engineering of the HP ERM protocol. I had injected some 802.1Q frames on a network that contained a HP ProCurve 5406zl switch, then I examined the resulting encapsulated traffic. It was quite easy to spot the VLAN identifier and the priority field because part of the header closely resembled the 802.1Q header. There were just some minor differences in the priority numbering between 802.1Q and HP ERM. From me : Add Modeline info Fix Clang warning svn path=/trunk/; revision=43752
2012-07-16 14:23:28 +00:00 · 2012-07-16 14:23:28 +00:00 · c9690704be
parent d8be496cd5
commit c9690704be
1 changed files with 83 additions and 13 deletions
--- a/epan/dissectors/packet-hp-erm.c
+++ b/epan/dissectors/packet-hp-erm.c
@ -1,10 +1,11 @@
 /* packet-hp-erm.c
 * Routines for the disassembly of  HP ProCurve encapsulated remote mirroring frames
- * (Adapted from packet-cisco-erspan.c)
+ * (Adapted from packet-cisco-erspan.c and packet-vlan.c)
 *
 * $Id$
 *
- * Copyright 2010 William Meier <wmeier [AT] newsguy.com>
+ * Copyright 2010 2012 William Meier <wmeier [AT] newsguy.com>,
+ *                     Zdravko Velinov <z.velinov [AT] vkv5.com>
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
@ -36,8 +37,12 @@
 *  on the network as a [UDP] packet which has 54 bytes preceding the mirrored frame.
 *  Examining a sample capture shows that this means that the data payload
 *  of the UDP packet consists of a 12 byte "header" followed by the
- *  byes of the mirrored frame.
+ *  bytes of the mirrored frame.
 *
+ *  After some additional tests, which involved injecting 802.1Q frames with 
+ *  different priorities and VLAN identifiers. It was determined that the HP
+ *  ERM header has a part inside its header that closely resembles the 802.1Q
+ *  header. The only difference is the priority numbering.
 */

 #ifdef HAVE_CONFIG_H
@ -53,9 +58,32 @@

 static guint global_hp_erm_udp_port = 0;

-static int  proto_hp_erm      = -1;
-static gint ett_hp_erm        = -1;
-static int  hf_hp_erm_unknown = -1;
+static int  proto_hp_erm       = -1;
+static gint ett_hp_erm         = -1;
+static int  hf_hp_erm_unknown1 = -1;
+static int  hf_hp_erm_unknown2 = -1;
+static int  hf_hp_erm_unknown3 = -1;
+static int  hf_hp_erm_priority = -1;
+static int  hf_hp_erm_cfi      = -1;
+static int  hf_hp_erm_vlan     = -1;
+
+static const value_string hp_erm_pri_vals[] = {
+  { 0, "Background"                        },
+  { 1, "Spare"                             },
+  { 2, "Best Effort (default)"             },
+  { 3, "Excellent Effort"                  },
+  { 4, "Controlled Load"                   },
+  { 5, "Video, < 100ms latency and jitter" },
+  { 6, "Voice, < 10ms latency and jitter"  },
+  { 7, "Network Control"                   },
+  { 0, NULL                                }
+};
+
+static const value_string hp_erm_cfi_vals[] = {
+  { 0, "Canonical"     },
+  { 1, "Non-canonical" },
+  { 0, NULL            }
+};

 static dissector_handle_t eth_withoutfcs_handle;

@ -63,8 +91,9 @@ static void
 dissect_hp_erm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
    proto_item *ti;
-    proto_tree *hp_erm_tree;
+    proto_tree *hp_erm_tree = NULL;
    tvbuff_t   *eth_tvb;
+    int        offset = 0;

    col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_SHORT_NAME);
    col_set_str(pinfo->cinfo, COL_INFO, PROTO_SHORT_NAME ":");
@ -72,10 +101,20 @@ dissect_hp_erm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
    if (tree) {
        ti = proto_tree_add_item(tree, proto_hp_erm, tvb, 0, -1, ENC_NA);
        hp_erm_tree = proto_item_add_subtree(ti, ett_hp_erm);
-        proto_tree_add_item(hp_erm_tree, hf_hp_erm_unknown, tvb, 0, 12, ENC_NA);
    }

-    eth_tvb = tvb_new_subset_remaining(tvb, 12);
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_unknown1, tvb, offset, 8, ENC_NA);
+    offset += 8;
+
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_unknown2, tvb, offset, 4, ENC_BIG_ENDIAN);
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_cfi, tvb, offset, 4, ENC_BIG_ENDIAN);
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_vlan, tvb, offset, 4, ENC_BIG_ENDIAN);
+    proto_tree_add_item(hp_erm_tree, hf_hp_erm_unknown3, tvb, offset, 4, ENC_BIG_ENDIAN);
+    offset += 4;
+
+
+    eth_tvb = tvb_new_subset_remaining(tvb, offset);
    call_dissector(eth_withoutfcs_handle, eth_tvb, pinfo, tree);
 }

@ -86,9 +125,29 @@ proto_register_hp_erm(void)

    static hf_register_info hf[] = {

-        { &hf_hp_erm_unknown,
-          { "Unknown", "hp_erm.unknown", FT_BYTES, BASE_NONE, NULL,
-            0x00, NULL, HFILL }},
+        { &hf_hp_erm_unknown1,
+          { "Unknown1", "hp_erm.unknown1", FT_BYTES, BASE_NONE, NULL,
+            0x0, NULL, HFILL }},
+
+        { &hf_hp_erm_unknown2,
+          { "Unknown2", "hp_erm.unknown2", FT_UINT32, BASE_DEC, NULL,
+            0xFF000000, NULL, HFILL }},
+
+        { &hf_hp_erm_priority,
+          { "Priority", "hp_erm.priority", FT_UINT32, BASE_DEC, VALS(hp_erm_pri_vals),
+            0x00E00000, NULL, HFILL }},
+
+        { &hf_hp_erm_cfi,
+          { "CFI", "hp_erm.cfi", FT_UINT32, BASE_DEC, VALS(hp_erm_cfi_vals),
+            0x00100000, NULL, HFILL }},
+
+        { &hf_hp_erm_vlan,
+          { "Vlan", "hp_erm.vlan", FT_UINT32, BASE_DEC, NULL,
+            0x000FFF00, NULL, HFILL }},
+
+        { &hf_hp_erm_unknown3,
+          { "Unknown3", "hp_erm.unknown3", FT_UINT32, BASE_DEC, NULL,
+            0x000000FF, NULL, HFILL }}
    };

    static gint *ett[] = {
@ -131,4 +190,15 @@ proto_reg_handoff_hp_erm(void)
    if (hp_erm_udp_port != 0)
        dissector_add_uint("udp.port", hp_erm_udp_port, hp_erm_handle);
 }
-
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */