1 /* packet-cisco-ttag.c
2  * Routines for dissection of Cisco's ttag protocol.
3  * Based on packet-cisco-metadata.c
4  *
5  * Copyright 2016 by Jaap Keuter (jkeuter[AT]xs4all.nl)
6  *
7  * Wireshark - Network traffic analyzer
8  * By Gerald Combs <gerald@wireshark.org>
9  * Copyright 1998 Gerald Combs
10  *
11  * SPDX-License-Identifier: GPL-2.0-or-later
12  */
13 
14 #include "config.h"
15 
16 #include <epan/packet.h>
17 #include <epan/etypes.h>
18 #include <epan/to_str.h>
19 
20 void proto_register_ttag(void);
21 void proto_reg_handoff_ttag(void);
22 
23 static dissector_handle_t ethertype_handle;
24 
25 static int proto_ttag = -1;
26 
27 static int hf_ttag_time_stamp = -1;
28 static int hf_ttag_eth_type = -1;
29 
30 static gint ett_ttag = -1;
31 
32 static int
33 dissect_ttag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
34 {
35     guint64 timestamp_value;
36     nstime_t timestamp;
37     guint16 encap_proto;
38     ethertype_data_t ethertype_data;
39 
40     proto_tree *ttag_tree;
41     proto_item *ti;
42     gint offset = 0;
43 
44     col_set_str(pinfo->cinfo, COL_PROTOCOL, "TTAG");
45     col_clear(pinfo->cinfo, COL_INFO);
46 
47     ti = proto_tree_add_item(tree, proto_ttag, tvb, 0, 8, ENC_NA);
48     ttag_tree = proto_item_add_subtree(ti, ett_ttag);
49 
50     timestamp_value = tvb_get_guint48(tvb, offset, ENC_BIG_ENDIAN);
51     timestamp.secs = (time_t) (timestamp_value / G_GUINT64_CONSTANT(1000000000));
52     timestamp.nsecs = (guint32)(timestamp_value - (timestamp.secs * G_GUINT64_CONSTANT(1000000000)));
53 
54     proto_item_append_text(ti, ", Timestamp: %s", rel_time_to_secs_str(pinfo->pool, &timestamp));
55 
56     proto_tree_add_time(ttag_tree, hf_ttag_time_stamp, tvb, offset, 6, &timestamp);
57     offset += 6;
58 
59     encap_proto = tvb_get_ntohs(tvb, offset);
60     proto_tree_add_uint(ttag_tree, hf_ttag_eth_type, tvb, offset, 2, encap_proto);
61     offset += 2;
62 
63     ethertype_data.etype = encap_proto;
64     ethertype_data.payload_offset = offset;
65     ethertype_data.fh_tree = ttag_tree;
66     /* ttag doesn't define a trailer, but there's no way to tell Ethertype dissector that.
67      * At least use the correct header field to reflect that and allow proper filter expression,
68      * although it will still be attached to our tree instead of Ethernet II.
69      */
70     ethertype_data.trailer_id = proto_registrar_get_id_byname("eth.trailer");
71     ethertype_data.fcs_len = 0;
72 
73     call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
74 
75     return tvb_captured_length(tvb);
76 }
77 
78 void
79 proto_register_ttag(void)
80 {
81     static hf_register_info hf[] = {
82         { &hf_ttag_time_stamp,
83             { "Time stamp", "ttag.time_stamp", FT_RELATIVE_TIME, 0, NULL, 0x0, NULL, HFILL }
84         },
85         { &hf_ttag_eth_type,
86             { "Type", "ttag.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, NULL, HFILL }
87         }
88     };
89 
90     static gint *ett[] = {
91         &ett_ttag
92     };
93 
94     proto_ttag = proto_register_protocol("Cisco ttag", "Cisco ttag", "ttag");
95     proto_register_field_array(proto_ttag, hf, array_length(hf));
96     proto_register_subtree_array(ett, array_length(ett));
97 }
98 
99 void
100 proto_reg_handoff_ttag(void)
101 {
102     dissector_handle_t ttag_handle;
103 
104     ethertype_handle = find_dissector_add_dependency("ethertype", proto_ttag);
105 
106     ttag_handle = create_dissector_handle(dissect_ttag, proto_ttag);
107     dissector_add_for_decode_as("ethertype", ttag_handle);
108 }
109 
110 /*
111  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
112  *
113  * Local variables:
114  * c-basic-offset: 4
115  * tab-width: 8
116  * indent-tabs-mode: nil
117  * End:
118  *
119  * vi: set shiftwidth=4 tabstop=8 expandtab:
120  * :indentSize=4:tabSize=8:noTabs=true:
121  */
122