Ethereal: RE:[Ethereal-users] IEEE 802.1s decode

Ethereal-users: June 2004

Subject: RE:[Ethereal-users] IEEE 802.1s decode
From: Allen.Yu@xxxxxxxxxxx
Date: Wed, 2 Jun 2004 14:33:44 -0700

Hello

I am testing 802.1s with two Cisco Catalyst 29xx switch, and run into the same problem as described by Alois. Examining the packet dump further, it seems to me that the problem is more than the interpretation of the version 3 length field as have been discussed in various emails at ethereal-users. I will present my interpretation of the Alois dump as below. (By the way, I double check my interpretation with no msti, and 1 msti with my Catalyst 2950)

The version 3 length field in the Cisco BPDU is in the wrong location. It seems to me that the version 3 length field in the Cisco BPDU is a one byte field at location 0x37 (0 relative from the beginning of the Ethernet packet) with a value "c2". Basically, the version 3 length field in the Cisco BPDU occupies the same location as the format selector defined in the 802.1s.

With the Cisco version 3 length field using the same byte as the format selector, the format selector in Cisco BPDU becomes invalid because the format selector is supposed to be 0 as defined in 802.1s 13.7 (1). (Or there is no format selector in Cisco's MSTP world?)

I guess the version 3 length of "c2" in the Cisco BPDU below means 194 bytes of mstp information. Subtracting the 64 bytes of msti configuration id, cist internal root path cost, cist bridge id, and cist remaining hop, there are 130 bytes for msti messages. However, 130 bytes does not represent an integral number of msti messages which is 16 bytes each. From my experience with no msti, and 1 msti configuration, it seems to me Cisco' msti message is 26 bytes long. 130 bytes is 5 * 26. (With no msti the value is 0x40, and 1 msti, the value is 0x5a.). I do not fully understand all the extra 10 bytes in each MSTI message. My best guess is there are two "mysterious" bytes between the MSTI flags and the MSTI regional root id. Instead of using 1 byte MSTi bridge priority, Cisco uses an 8 byte bridge id. Instead of using 1 byte Msti port priority, Cisco uses a 2 byte port priority.

Furthermore, using no msti, and 1 msti, I think the 16 bytes configuration digest in the BPDU from Cisco does not follow the recommendation of the 802.1s draft either. They have different values compared with those value shown in 802.1s Table 13-2. So Cisco may not use HMAC-MD5 or the signature key as specified in 802.1s 13-7 (4), and Table 13-1.

With the above information, Ethereal may be able to interpret Cisco mstp bpdu with some twists. Does any one use Ethereal to decode bpdu from other MSTP switches? Other than Ethereal reporting malformed Cisco bpdu, the impact from the LAN perspective is that MSTP switches from other vendors and Cisco MSTP switch can/will share the same MSTP region.

Best regards
Allen

Hello, I just captured a 802.1s BPDU and it was not decoded. I captured on a trunk link and it was on the region boundary (maybe thats the problem ?) on a cisco-switch. I think there are 3 considerations applicable: 1.) ehtereal does not decode the whole packet if the MST Extension lengt == 0 (maybe it does if it is >=1 and <=64) 2.) maybe cisco does not comply the IEEE 802.1s spec ? 3.) such a BPDU is normal on a region boundary ==> Anybody with further ideas ? I just append the whole packet with some extractions: Frame 1 (250 bytes on wire, 250 bytes captured) Arrival Time: Sep 12, 2003 16:20:25.000000000 Time delta from previous packet: 0.000000000 seconds Time relative to first packet: 0.000000000 seconds Frame Number: 1 Packet Length: 250 bytes Capture Length: 250 bytes IEEE 802.3 Ethernet Destination: 01:80:c2:00:00:00 (01:80:c2:00:00:00) Source: 00:50:73:69:17:fa (00:50:73:69:17:fa) Length: 236 Logical-Link Control DSAP: Spanning Tree BPDU (0x42) IG Bit: Individual SSAP: Spanning Tree BPDU (0x42) CR Bit: Command Control field: U, func = UI (0x03) 000. 00.. = Unnumbered Information .... ..11 = Unnumbered frame Spanning Tree Protocol Protocol Identifier: Spanning Tree Protocol (0x0000) Protocol Version Identifier: Multiple Spanning Tree (3) BPDU Type: Rapid/Multiple Spanning Tree (0x02) BPDU flags: 0x3c (Forwarding, Learning, Port Role: Designated) 0... .... = Topology Change Acknowledgment: No .0.. .... = Agreement: No ..1. .... = Forwarding: Yes ...1 .... = Learning: Yes .... 11.. = Port Role: Designated (3) .... ..0. = Proposal: No .... ...0 = Topology Change: No Root Identifier: 32768 / 00:09:e8:99:85:80 Root Path Cost: 0 Bridge Identifier: 32768 / 00:09:e8:99:85:80 Port identifier: 0x8103 Message Age: 0 Max Age: 20 Hello Time: 2 Forward Delay: 15 Version 1 Length: 0 MST Extension, Length: 0 [Malformed Packet: STP] 0000 01 80 c2 00 00 00 00 50 73 69 17 fa 00 ec 42 42 .......Psi....BB 0010 03 00 00 03 02 3c 80 00 00 09 e8 99 85 80 00 00 .....<.......... 0020 00 00 80 00 00 09 e8 99 85 80 81 03 00 00 14 00 ................ 0030 02 00 0f 00 00 00 00 c2 64 72 6e 2d 43 6f 72 65 ........drn-Core 0040 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1............... 0050 00 00 00 00 00 00 00 00 00 01 8b 5c 7c 77 c3 89 ...........\|w.. 0060 5f 01 0a 8f cb 23 d3 c6 0a 52 80 00 00 09 e8 99 _....#...R...... 0070 85 80 00 00 00 00 14 00 02 3c 70 02 00 09 e8 99 .........<p..... 0080 85 80 00 00 00 00 70 02 00 09 e8 99 85 80 81 03 ......p......... 0090 00 00 03 3c 60 03 00 09 e8 99 85 80 00 00 00 00 ...<`........... 00a0 60 03 00 09 e8 99 85 80 81 03 00 00 06 3c 70 06 `............<p. 00b0 00 09 e8 99 85 80 00 00 00 00 70 06 00 09 e8 99 ..........p..... 00c0 85 80 81 03 00 00 07 3c 60 07 00 09 e8 99 85 80 .......<`....... 00d0 00 00 00 00 60 07 00 09 e8 99 85 80 81 03 00 00 ....`........... 00e0 08 3c 70 08 00 09 e8 99 85 80 00 00 00 00 70 08 .<p...........p. 00f0 00 09 e8 99 85 80 81 03 00 00 .......... Offset: description: value: 0x38 to 0x69 MST Config Id 64 72 6e 2d 43 6f 72 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 8b 5c 7c 77 c3 89 5f 01 0a 8f cb 23 d3 c6 0a 52 0x6A to 0x6D CIST Internal Root Path Cost 80 00 00 09 (I think cisco made an error: 80 00 00 09 e8 99 85 80 is the bridge-id) 0x6D to 0x75 CIST Bridge Identifier e8 99 85 80 00 00 00 00 0x76 CIST Remaining Hops 14 0x77 MSTI Flags 00 0x78 to 0x7F MSTI Regional Root Identifier 02 3c 70 02 00 09 e8 99 0x80 to 0x83 MSTI Internal Root Path Cost 85 80 00 00 0x84 MSTI Bridge Priority 00 0x85 MSTI Port Priority 00 0x86 MSTI Remaining Hops 70 0x87 MSTI Flags 02 0x88 to 0x8F MSTI Regional Root Identifier 00 09 e8 99 85 80 81 03 0x90 to 0x93 MSTI Internal Root Path Cost 00 00 03 3c 0x94 MSTI Bridge Priority 60 0x95 MSTI Port Priority 03 0x96 MSTI Remaining Hops 00 0x97 MSTI Flags 09 0x98 to 0x9F MSTI Regional Root Identifier e8 99 85 80 00 00 00 00 0xA0 to 0xA3 MSTI Internal Root Path Cost 60 03 00 09 0xA4 MSTI Bridge Priority e8 0xA5 MSTI Port Priority 99 0xA6 MSTI Remaining Hops 85 ....... Best Regards Alois

Prev by Date: RE: [Ethereal-users] Copy/Paste to clipboard from Packet Details frame
Next by Date: [Ethereal-users] Filtering
Previous by thread: RE: [Ethereal-users] Copy/Paste to clipboard from Packet Details frame
Next by thread: [Ethereal-users] Filtering
Index(es):
- Date
- Thread