Wireshark · Wireshark-dev: Re: [Wireshark-dev] Default encodage for FT_ABSOLUTE_TIME

[Remy Leone <remy.leone@xxxxxxxx>]

Hello,

I'm trying to encode packet in the ZEP protocol but the problem is that I didn't find a reference for this protocol.

I don't know if it's the number of seconds/milliseconds that I should but in this place. That's why I need the encoding to know how to put the right bytes in my packet at a given time.

Best regards

Rémy

2017-09-08 16:50 GMT+02:00 Michael Mann via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>:

I just took a look at packet-zep.c, and the "timestamp field" is being added explicitly with proto_tree_add_time, which negates the need for an encoding.  Are you looking to convert that to proto_tree_add_item and pass the correct encoding?  That's the only time the encoding needs to be specified.

All of the encoding formats still display the same way in Wireshark, the encoding is just to tell the dissection engine how to interpret the bytes its being passed from tvb.

 

 

 

-----Original Message-----
From: Remy Leone <remy.leone@xxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Sep 8, 2017 10:38 am
Subject: [Wireshark-dev] Default encodage for FT_ABSOLUTE_TIME

Hello,

I'm looking currently at epan/dissectors/packet-zep.c and I don't see any encoding specified for FT_ABSOLUTE_TIME. If nothing is specified, which one is the default? Here is a reminder of the different encoding taken from the documentation that don't specify that:

 For FT_ABSOLUTE_TIME fields, the encoding specifies the form in which

 the time stamp is specified, as well as its byte order.  The time stamp

 encodings that are currently supported are:

 

     ENC_TIME_TIMESPEC - 8 bytes; the first 4 bytes are seconds since

         the UN*X epoch (1970-01-01 00:00:00 UTC) and the next 4 bytes

         are nanoseconds since that second.  (I.e., a UN*X struct

         timespec with a 4-byte time_t.)

 

     ENC_TIME_NTP - 8 bytes; the first 4 bytes are seconds since the NTP

         epoch (1900-01-01 00:00:00 GMT) and the next 4 bytes are 1/2^32's of

         a second since that second.  (I.e., a 64-bit count of 1/2^32's of a

         second since the NTP epoch, with the upper 32 bits first and the

         lower 32 bits second, even when little-endian.)

 

     ENC_TIME_TOD - 8 bytes, as a count of microseconds since the System/3x0

         and z/Architecture epoch (1900-01-01 00:00:00 GMT).

 

     ENC_TIME_RTPS - 8 bytes; the first 4 bytes are seconds since the UN*X

         epoch and the next 4 bytes are are 1/2^32's of a second since that

         second.  (I.e., it's the offspring of a mating between UN*X time and

         NTP time.)  It's used by the Object Management Group's Real-Time

         Publish-Subscribe Wire Protocol for the Data Distribution Service.

 

     ENC_TIME_TIMEVAL - 8 bytes; the first 4 bytes are seconds since the

         UN*X epoch and the next 4 bytes are microseconds since that

         second.  (I.e., a UN*X struct timeval with a 4-byte time_t.)

 

     ENC_TIME_SECS - 4 to 8 bytes, representing a value in seconds since

         the UN*X epoch.

 

     ENC_TIME_MSECS - 6 to 8 bytes, representing a value in milliseconds

         since the UN*X epoch.

 

     ENC_TIME_SECS_NTP - 4 bytes, representing a count of seconds since

         the NTP epoch.  (I.e., seconds since the NTP epoch.)

 

     ENC_TIME_RFC_3971 - 8 bytes, representing a count of 1/64ths of a

         second since the UN*X epoch; see section 5.3.1 "Timestamp Option"

         in RFC 3971.

 

     ENC_TIME_MSEC_NTP - 4-8 bytes, representing a count of milliseconds since

         the NTP epoch.  (I.e., milliseconds since the NTP epoch.)

Best regards

Rémy

___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe