I want to add a PTPv2 Layer to scapy (v2.3.3) in python (v2.7). I added the ptpv2 class with the PTP entries to the file /scapy/layers/inet.py (because PTP is at layer 4). I also bound the ptpv2 layer to the upper layer, in my case Ethernet.
bind_layers(Ethernet,ptpv2)
By typing the scapy command "ls()" the created ptpv2 layer is listed, ok, success. But by accessing the layer through my python script
from scapy.all import *
from scapy.config import conf
conf.debug_dissector = True
for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
if packet[ptpv2].sequenceId == '0x0566':
# do anything
the following error occurs:
File "/usr/lib/python2.7/dist-packages/scapy/fields.py", line 75, in getfield return s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, s[:self.sz])[0])
struct.error: unpack requires a string argument of length 2
The Wireshark file has the layers Frame -> Ethernet -> PTP, so my binding command has to be right.
Don't know where the error is.
This is the PTP layer in the Wireshark file:
This is the created ptpv2 class in scapy:
class ptpv2(Packet):
name = "Precision Time Protocol"
fields_desc = [
XBitField('transportSpecific', 0x1, 4),
XBitField('messageType', 0x0, 4),
XBitField('versionPTP', 0x2, 4),
XShortField('messageLength', 0x0036),
XBitField('subdomainNumber', 0x0, 8),
XShortField('flags', 0x0208),
XLongField('correction', 0x0),
XLongField('ClockIdentity', 0x08028efffe9b97a5),
XShortField('SourcePortId', 0x0002),
XShortField('sequenceId', 0x0566),
XBitField('control', 0x05, 8),
XBitField('logMessagePeriod', 0x7F, 8),
XLongField('requestreceiptTimestampSec', 0x00000000057b),
XLongField('requestreceiptTimestampNanoSec', 0x0d11715c),
XLongField('requestingSourcePortIdentity', 0x08028efffe9b97a5),
XShortField('requestingSourcePortId', 0x0002) ]
Pls, help me!
Thx
Chris
You need to find the (first) packet that causes the crash:
conf.debug_dissector = True
from pdb import pm
for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
if packet[ptpv2].sequenceId == '0x0566':
When the error occurs:
pm()
pkt
Then we'll see what's going on.
For what its worth, I used to above as a starting point to quickly get the offset value for a bunch of 1588 messages:
#!/usr/bin/env python
from scapy.utils import rdpcap
from scapy.layers.l2 import Ether
from scapy.packet import Packet, bind_layers
from scapy.fields import *
class ieee1588(Packet):
name = "Precision Time Protocol"
fields_desc = [
BitField('transportSpecific', 1, 4),
BitField('messageType', 0, 4),
ByteField('versionPTP', 2),
LenField('messageLength', 0, fmt="H"),
ByteField('subdomainNumber', 0),
ByteField('dummy1', 0),
XShortField('flags', 0),
LongField('correction', 0),
IntField('dummy2', 0),
XLongField('ClockIdentity', 0),
XShortField('SourcePortId', 0),
XShortField('sequenceId', 0),
ByteField('control', 0),
SignedByteField('logMessagePeriod', 0),
Field('TimestampSec', 0, fmt='6s'),
IntField('TimestampNanoSec', 0)
]
bind_layers(Ether, ieee1588, type=0x88F7)
pcap = rdpcap("./test.pcap")
for pkt in pcap:
ptp = pkt.getlayer(ieee1588)
print(ptp.correction)
Probably not 100% correct, but it worked for my purposes.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.