Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Scapy: Adding new protocol with complex field groupings

Tags:

python

scapy

I'm trying to specify a new packet format using scapy. In the packet there is a list of items, and items consist of "grouped fields". By "grouped fields" I mean a sub-sequence of fields of different types. The only way of making "grouped fields" that I know of in scapy is by using Packet class and using FieldLenField/PacketListField to reference the length of the sequence and the type of list members. Is that the way to go? Something that looks like this:

from scapy.packet import Packet
from scapy.fields import *

class RepeatingGroupedSequence(Packet):
    name = "Simple group of two fields"

    fields_desc = [IntField('field1', 1), 
                   IntField('field2', 2)]

class TopLayer(Packet):
    name = "Storage for Repeating Sequence"

    fields_desc = [FieldLenField("length", None, count_of='rep_seq'),
                   PacketListField('rep_seq', None, RepeatingGroupedSequence, 
                                   count_from = lambda pkt: pkt.length),
                  ]

#Now here is the problem that I have with assembling PacketListField: 

#craft TopLayer packet
p = TopLayer()

#add two "repeated sequences"
p.rep_seq = [ RepeatingGroupedSequence(), RepeatingGroupedSequence() ]

#both sequences can observed
p.show()

#but the underlying structure of the repeated sequence is #Raw# at this stage
p.show2()

#length is 2
print p.rep_seq, 'length:', len(p.rep_seq)

#but the cloned packet has only one "repeated sequence", the rest is raw
clone = TopLayer(str(p))
clone.show()

#length is 1
print clone.rep_seq, 'length:', len(clone.rep_seq)

The problem with this approach is that the structure of the grouping is not preserved when the packet is reassembled. On assembly, the second instance of the RepeatedSequence is treated as a raw body, even though the count field is 2. How do you add RepeatingSequences like this so that structure is preserved on reassembly? Is there a way to group Fields without resorting to Packet as a storage type for lists?

like image 613
Oleksiy Avatar asked Nov 10 '11 00:11

Oleksiy

1 Answers

Class RepeatingGroupedSequence needs to overwrite extract_padding method: 

def extract_padding(self, s):
    return '', s

By default each sub packet treats everything as belonging to its own layer, ie:

def extract_padding(self, s):
    return s, None

And this is not what is used for grouping purposes. Can someone elaborate on the difference between padding and layer separation?

like image 156
Oleksiy Avatar answered Nov 05 '22 02:11

Oleksiy
Sign in to Comment

Related questions

Python regular expressions matching within set
pygame dual monitors and fullscreen
os.environ doesn't show some variables
Efficiently change a key of a Python dict
(Python) Issues with directories that have special characters
Using Python to Create MIDI's
Python string manipulation -- performance problems
python tkinter: displays only a portion of an image
running multiple threads in python, simultaneously - is it possible?
How to tell PyDoc to generate documentation to user defined directory
usage function doesn't work with getopt
How to overwrite the put() method on a python app engine model?
X.509 libraries [closed]
Django: base model signal handler doesn't fire
App Engine httplib.HTTPConnection deadline
Flatten OpenCV/Numpy Array
Inverting Dictionaries in Python
Deploying Django on an apache server
Greedy match with negative lookahead in a regular expression
Why is putting the module level code into a function and then calling the function is faster in Python?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!