6

我正在尝试使用scapy. 在数据包中有一个项目列表,项目由“分组字段”组成。“分组字段”是指不同类型字段的子序列。我知道在 scapy 中制作“分组字段”的唯一方法是使用Packetclass 并使用FieldLenField/PacketListField来引用序列的长度和列表成员的类型。这是要走的路吗?看起来像这样的东西:

from scapy.packet import Packet
from scapy.fields import *

class RepeatingGroupedSequence(Packet):
    name = "Simple group of two fields"

    fields_desc = [IntField('field1', 1), 
                   IntField('field2', 2)]

class TopLayer(Packet):
    name = "Storage for Repeating Sequence"

    fields_desc = [FieldLenField("length", None, count_of='rep_seq'),
                   PacketListField('rep_seq', None, RepeatingGroupedSequence, 
                                   count_from = lambda pkt: pkt.length),
                  ]

#Now here is the problem that I have with assembling PacketListField: 

#craft TopLayer packet
p = TopLayer()

#add two "repeated sequences"
p.rep_seq = [ RepeatingGroupedSequence(), RepeatingGroupedSequence() ]

#both sequences can observed
p.show()

#but the underlying structure of the repeated sequence is #Raw# at this stage
p.show2()

#length is 2
print p.rep_seq, 'length:', len(p.rep_seq)

#but the cloned packet has only one "repeated sequence", the rest is raw
clone = TopLayer(str(p))
clone.show()

#length is 1
print clone.rep_seq, 'length:', len(clone.rep_seq)

这种方法的问题是分组的结构在重新组装数据包时没有保留。在组装时,即使计数字段为 2,第二个实例RepeatedSequence也被视为原始主体。如何添加RepeatingSequences这样的结构,以便在重新组装时保留结构?有没有一种方法可以对字段进行分组而不将Packet其用作列表的存储类型?

4

1 回答 1

8

RepeatingGroupedSequence需要覆盖extract_padding方法:

def extract_padding(self, s):
    return '', s

默认情况下,每个子数据包都将所有内容视为属于自己的层,即:

def extract_padding(self, s):
    return s, None

这不是用于分组目的的。有人可以详细说明填充和层分离之间的区别吗?

于 2011-11-12T00:42:41.533 回答