Scapy:添加具有复杂字段分组的新协议
我正在尝试使用 scapy 指定新的数据包格式。数据包中有一个项目列表,项目由“分组字段”组成。我所说的“分组字段”是指不同类型字段的子序列。据我所知,在 scapy 中制作“分组字段”的唯一方法是使用 Packet 类并使用 FieldLenField/PacketListField 来引用长度列表成员的序列和类型。这是要走的路吗?看起来像这样:
from scapy.packet import Packet
from scapy.fields import *
class RepeatingGroupedSequence(Packet):
name = "Simple group of two fields"
fields_desc = [IntField('field1', 1),
IntField('field2', 2)]
class TopLayer(Packet):
name = "Storage for Repeating Sequence"
fields_desc = [FieldLenField("length", None, count_of='rep_seq'),
PacketListField('rep_seq', None, RepeatingGroupedSequence,
count_from = lambda pkt: pkt.length),
]
#Now here is the problem that I have with assembling PacketListField:
#craft TopLayer packet
p = TopLayer()
#add two "repeated sequences"
p.rep_seq = [ RepeatingGroupedSequence(), RepeatingGroupedSequence() ]
#both sequences can observed
p.show()
#but the underlying structure of the repeated sequence is #Raw# at this stage
p.show2()
#length is 2
print p.rep_seq, 'length:', len(p.rep_seq)
#but the cloned packet has only one "repeated sequence", the rest is raw
clone = TopLayer(str(p))
clone.show()
#length is 1
print clone.rep_seq, 'length:', len(clone.rep_seq)
这种方法的问题是,在重新组装数据包时,不会保留分组的结构。在组装时,RepeatedSequence 的第二个实例被视为原始主体,即使计数字段为 2。如何像这样添加 RepeatingSequences 以便保留结构重新组装时?有没有一种方法可以对字段进行分组,而无需使用 Packet 作为列表的存储类型?
I'm trying to specify a new packet format using scapy. In the packet there is a list of items, and items consist of "grouped fields". By "grouped fields" I mean a sub-sequence of fields of different types. The only way of making "grouped fields" that I know of in scapy is by using Packet class and using FieldLenField/PacketListField to reference the length of the sequence and the type of list members. Is that the way to go? Something that looks like this:
from scapy.packet import Packet
from scapy.fields import *
class RepeatingGroupedSequence(Packet):
name = "Simple group of two fields"
fields_desc = [IntField('field1', 1),
IntField('field2', 2)]
class TopLayer(Packet):
name = "Storage for Repeating Sequence"
fields_desc = [FieldLenField("length", None, count_of='rep_seq'),
PacketListField('rep_seq', None, RepeatingGroupedSequence,
count_from = lambda pkt: pkt.length),
]
#Now here is the problem that I have with assembling PacketListField:
#craft TopLayer packet
p = TopLayer()
#add two "repeated sequences"
p.rep_seq = [ RepeatingGroupedSequence(), RepeatingGroupedSequence() ]
#both sequences can observed
p.show()
#but the underlying structure of the repeated sequence is #Raw# at this stage
p.show2()
#length is 2
print p.rep_seq, 'length:', len(p.rep_seq)
#but the cloned packet has only one "repeated sequence", the rest is raw
clone = TopLayer(str(p))
clone.show()
#length is 1
print clone.rep_seq, 'length:', len(clone.rep_seq)
The problem with this approach is that the structure of the grouping is not preserved when the packet is reassembled. On assembly, the second instance of the RepeatedSequence is treated as a raw body, even though the count field is 2. How do you add RepeatingSequences like this so that structure is preserved on reassembly? Is there a way to group Fields without resorting to Packet as a storage type for lists?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
RepeatingGroupedSequence类需要覆盖extract_padding方法:默认情况下,每个子数据包将所有内容视为属于其自己的层,即:
这不是用于分组目的的。有人可以详细说明填充和层分离之间的区别吗?
Class
RepeatingGroupedSequenceneeds to overwriteextract_paddingmethod:By default each sub packet treats everything as belonging to its own layer, ie:
And this is not what is used for grouping purposes. Can someone elaborate on the difference between padding and layer separation?