Adding custom PTPv2 layer to scapy

Question

I want to add a PTPv2 Layer to scapy (v2.3.3) in python (v2.7). I added the ptpv2 class with the PTP entries to the file /scapy/layers/inet.py (because PTP is at layer 4). I also bound the ptpv2 layer to the upper layer, in my case Ethernet.

bind_layers(Ethernet,ptpv2)

By typing the scapy command "ls()" the created ptpv2 layer is listed, ok, success. But by accessing the layer through my python script

from scapy.all import *
from scapy.config import conf

conf.debug_dissector = True

for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
  if packet[ptpv2].sequenceId == '0x0566':  
    # do anything

the following error occurs:

File "/usr/lib/python2.7/dist-packages/scapy/fields.py", line 75, in getfield return s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, s[:self.sz])[0])
struct.error: unpack requires a string argument of length 2

The Wireshark file has the layers Frame -> Ethernet -> PTP, so my binding command has to be right.

Don't know where the error is.

This is the PTP layer in the Wireshark file:

This is the created ptpv2 class in scapy:

class ptpv2(Packet):
name = "Precision Time Protocol"
fields_desc = [
    XBitField('transportSpecific', 0x1, 4),
    XBitField('messageType', 0x0, 4),
    XBitField('versionPTP', 0x2, 4),
    XShortField('messageLength', 0x0036),
    XBitField('subdomainNumber', 0x0, 8),
    XShortField('flags', 0x0208),
    XLongField('correction', 0x0),
    XLongField('ClockIdentity', 0x08028efffe9b97a5),
    XShortField('SourcePortId', 0x0002),
    XShortField('sequenceId', 0x0566),
    XBitField('control', 0x05, 8),
    XBitField('logMessagePeriod', 0x7F, 8),
    XLongField('requestreceiptTimestampSec', 0x00000000057b),
    XLongField('requestreceiptTimestampNanoSec', 0x0d11715c),
    XLongField('requestingSourcePortIdentity', 0x08028efffe9b97a5),
    XShortField('requestingSourcePortId', 0x0002) ]

Pls, help me!

Thx

Chris

Answer 1

You need to find the (first) packet that causes the crash:

conf.debug_dissector = True
from pdb import pm
for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
    if packet[ptpv2].sequenceId == '0x0566':

When the error occurs:

pm()
pkt

Then we'll see what's going on.

Answer 2

For what its worth, I used to above as a starting point to quickly get the offset value for a bunch of 1588 messages:

#!/usr/bin/env python
from scapy.utils import rdpcap
from scapy.layers.l2 import Ether
from scapy.packet import Packet, bind_layers
from scapy.fields import *

class ieee1588(Packet):
    name = "Precision Time Protocol"
    fields_desc = [
        BitField('transportSpecific', 1, 4),
        BitField('messageType', 0, 4),
        ByteField('versionPTP', 2),
        LenField('messageLength', 0, fmt="H"),
        ByteField('subdomainNumber', 0),
        ByteField('dummy1', 0),
        XShortField('flags', 0),
        LongField('correction', 0),
        IntField('dummy2', 0),
        XLongField('ClockIdentity', 0),
        XShortField('SourcePortId', 0),
        XShortField('sequenceId', 0),
        ByteField('control', 0),
        SignedByteField('logMessagePeriod', 0),
        Field('TimestampSec', 0, fmt='6s'),
        IntField('TimestampNanoSec', 0)
    ]

bind_layers(Ether, ieee1588, type=0x88F7)

pcap = rdpcap("./test.pcap")

for pkt in pcap:
    ptp = pkt.getlayer(ieee1588)
    print(ptp.correction)

Probably not 100% correct, but it worked for my purposes.

Answer 3

Found the error:

Pierre gave me a hint, so I could solve the problem. I used the wrong lengths in the Bitfields and the Longfields do not fit the required length. I made a picture of the working PTP protocol in scapy: