Fixed ek packet parsing when there are repeated protocol layers + added raw to each layer #677
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With ek, when protocols are repeated, the layer becomes a list of dictionaries, one for each layer. This update adds proper support for this.
…parsing Sometimes a frame layer doesn't actually exist in the packet details, so I added extra protection
…t() which didnt work
chrisawad
changed the title
|
I needed raw for each layer, so I fixed this bug as well: Also fixed packet.get_raw_packet() which wasn't working since XXX_raw values were not assessable |
KimiNewt
reviewed
Jul 20, 2024
| @@ -34,25 +34,46 @@ def _extract_packet_from_data(self, data, got_first_packet=True): | |||
|
|
|||
| return data[start_index:linesep_location], data[linesep_location + 1:] | |||
|
|
|||
|
|
|||
| def packet_from_ek_packet(json_pkt): | |||
| def packet_from_ek_packet_new(json_pkt): | |||
There was a problem hiding this comment.
I don't think you mean to rename this func
There was a problem hiding this comment.
I'm seeing this when trying to use this branch:
>>> import pyshark
>>> file = "http_1.pcap"
>>> cap = pyshark.FileCapture(file, use_ek=True)
>>> pkt = cap[0]
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/andrew/pyshark-fixed/src/pyshark/capture/file_capture.py", line 72, in __getitem__
self.next()
File "/home/andrew/pyshark-fixed/src/pyshark/capture/file_capture.py", line 62, in next
packet = self._packet_generator.send(None)
File "/home/andrew/pyshark-fixed/src/pyshark/capture/capture.py", line 222, in _packets_from_tshark_sync
packet, data = self.eventloop.run_until_complete(
File "/usr/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete
return future.result()
File "/home/andrew/pyshark-fixed/src/pyshark/tshark/output_parser/base_parser.py", line 15, in get_packets_from_stream
packet = self._parse_single_packet(packet)
File "/home/andrew/pyshark-fixed/src/pyshark/tshark/output_parser/tshark_ek.py", line 21, in _parse_single_packet
return packet_from_ek_packet(packet)
NameError: name 'packet_from_ek_packet' is not defined. Did you mean: 'packet_from_ek_packet_new'?
amlamarra
reviewed
Oct 16, 2024
| @@ -34,25 +34,46 @@ def _extract_packet_from_data(self, data, got_first_packet=True): | |||
|
|
|||
| return data[start_index:linesep_location], data[linesep_location + 1:] | |||
|
|
|||
|
|
|||
| def packet_from_ek_packet(json_pkt): | |||
| def packet_from_ek_packet_new(json_pkt): | |||
There was a problem hiding this comment.
Suggested change
| def packet_from_ek_packet_new(json_pkt): | |
| def packet_from_ek_packet(json_pkt): |
amlamarra
reviewed
Oct 16, 2024
| @@ -66,11 +66,11 @@ def __dir__(self): | |||
| return dir(type(self)) + list(self.__dict__.keys()) + [l.layer_name for l in self.layers] | |||
|
|
|||
| def get_raw_packet(self) -> bytes: | |||
| assert "FRAME_RAW" in self, "Packet contains no raw data. In order to contains it, " \ | |||
| assert self.frame_info.has_field('raw'), "Packet contains no raw data. In order to contains it, " \ | |||
There was a problem hiding this comment.
Suggested change
| assert self.frame_info.has_field('raw'), "Packet contains no raw data. In order to contains it, " \ | |
| assert self.frame_info.has_field('raw'), "Packet contains no raw data. In order to include raw data, " \ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With ek, when protocols are repeated, the layer becomes a list of dictionaries, one for each layer. This update adds proper support for this.