1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
/* packet-cisco-ttag.c
* Routines for dissection of Cisco's ttag protocol.
* Based on packet-cisco-metadata.c
*
* Copyright 2016 by Jaap Keuter (jkeuter[AT]xs4all.nl)
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include <epan/packet.h>
#include <epan/etypes.h>
#include <epan/to_str.h>
void proto_register_ttag(void);
void proto_reg_handoff_ttag(void);
static dissector_handle_t ethertype_handle;
static int proto_ttag = -1;
static int hf_ttag_time_stamp = -1;
static int hf_ttag_eth_type = -1;
static gint ett_ttag = -1;
static int
dissect_ttag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
guint64 timestamp_value;
nstime_t timestamp;
guint16 encap_proto;
ethertype_data_t ethertype_data;
proto_tree *ttag_tree;
proto_item *ti;
gint offset = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TTAG");
col_clear(pinfo->cinfo, COL_INFO);
ti = proto_tree_add_item(tree, proto_ttag, tvb, 0, 8, ENC_NA);
ttag_tree = proto_item_add_subtree(ti, ett_ttag);
timestamp_value = tvb_get_guint48(tvb, offset, ENC_BIG_ENDIAN);
timestamp.secs = (time_t) (timestamp_value / G_GUINT64_CONSTANT(1000000000));
timestamp.nsecs = (guint32)(timestamp_value - (timestamp.secs * G_GUINT64_CONSTANT(1000000000)));
proto_item_append_text(ti, ", Timestamp: %s", rel_time_to_secs_str(wmem_packet_scope(), ×tamp));
proto_tree_add_time(ttag_tree, hf_ttag_time_stamp, tvb, offset, 6, ×tamp);
offset += 6;
encap_proto = tvb_get_ntohs(tvb, offset);
offset += 2;
ethertype_data.etype = encap_proto;
ethertype_data.offset_after_ethertype = offset;
ethertype_data.fh_tree = ttag_tree;
ethertype_data.etype_id = hf_ttag_eth_type;
/* ttag doesn't define a trailer, but there's no way to tell Ethertype dissector that.
* At least use the correct header field to reflect that and allow proper filter expression,
* although it will still be attached to our tree instead of Ethernet II.
*/
ethertype_data.trailer_id = proto_registrar_get_id_byname("eth.trailer");
ethertype_data.fcs_len = 0;
call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, ðertype_data);
return tvb_captured_length(tvb);
}
void
proto_register_ttag(void)
{
static hf_register_info hf[] = {
{ &hf_ttag_time_stamp,
{ "Time stamp", "ttag.time_stamp", FT_RELATIVE_TIME, 0, NULL, 0x0, NULL, HFILL }
},
{ &hf_ttag_eth_type,
{ "Type", "ttag.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, NULL, HFILL }
}
};
static gint *ett[] = {
&ett_ttag
};
proto_ttag = proto_register_protocol("Cisco ttag", "Cisco ttag", "ttag");
proto_register_field_array(proto_ttag, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_ttag(void)
{
dissector_handle_t ttag_handle;
ethertype_handle = find_dissector_add_dependency("ethertype", proto_ttag);
ttag_handle = create_dissector_handle(dissect_ttag, proto_ttag);
dissector_add_for_decode_as("ethertype", ttag_handle);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
|
