On Mon, Feb 20, 2017 at 8:11 AM, Alexis La Goutte
<alexis.lagoutte@xxxxxxxxx> wrote:
> Hi Gene,
>
> On Mon, Feb 20, 2017 at 2:05 PM, Gene Cumm <gene.cumm@xxxxxxxxx> wrote:
>>
>> First, thanks for WireShark and granting my access request.
>
> Welcome :-)
>>
>>
>> Second, I've found out more about the HP ERM format. The most
>> significant bit of hp_erm.unknown3 indicates if the frame was untagged
>> (0) or tagged (1). I'm writing a patch for review now.
>>
> Ok nice !
>>
>> Would hp_erm.tag, hp_erm.tagged, or some other name seem the more
>> appropriate name for such a value?
>>
> Do you have found some spec or from feature on switchs ?
> if it is a "flag", the display filter hp_erm.is_tagged can be a idea...
Nope, no specification found, unfortunately. Just observation of
known port states and happening to notice that value changed. See
also the samples I uploaded over the weekend. The only combination I
can think of that I didn't check is if a frame is 802.1q tagged with
VLAN ID 0 in order to apply a non-default priority.
Thanks for the suggestion to rename it.
I do however suspect hp_erm.unknown1 might have been allocated for a
timestamp like NTP's 64-bit timestamp but has never been implemented.
I've recently hit a situation where packet captures required perfect
in-order mirroring/tapping as none of the PXE clients I have feature
an IP stack that can deal with out of order IP fragment delivery
except through retries. If HP had added timestamps there, they could
have been used to resequence frames from an ERM rather than needing
on-site access to verify status.
--
-Gene
