问题
I extended Scapy to support a new protocol for my testing. I see that the sniff() command is able to dissect the packets automatically after I stitched 2 layers together using bind_layers(). I was expecting that should be good enough for dissections. Whenever I use sniff() I see dissections are working.
But when I use the sr() or sr1() functions I see that the answered packet is not dissected and Scapy reports it as Raw. I also see that it has some extra packets as part of answered.
More details about the protocol being added:
The protocol that I added is a PCEP protocol which is tcp based and runs on port 4189. I create a python socket and convert it into scapy supersocket using StreamSocket(). We send these PCEP messages on top of the scapy's supersocket.
The Packet will be layered like this: IP()/TCP()/PCEP()
connection, pcc_address = pce.accept() <---- This accepts a TCP connection from the client
pcc_client=StreamSocket(connection) <---- Here I convert the python socket into scapy super socket.
Example packet :
If I want to send a keepalive this is how I craft the message. pcc_client object is to send the packet.
>>>>>> pkt.show2()
###[ PCEP common header ]###
Version= 1L
Flags= 0L
Type= PCEPKeepaliveMsg
Length= 4
>>> pcc_client.send(pkt)
>>> pcc_client
<scapy.supersocket.StreamSocket object at 0x115b890>
Issue:
The same way I create a message called PCInitiate and I am sending using
>>>pcc_client.sr1(pccinit)
Below a[0][0] is the packet that I sent and the received packet is stored as Raw. I was expecting it to be dissected. For some reason I see its not getting dissected. I also notice a bunch of strings ' \x02\x00\x04' appended to the response from UUT. I can recognize these strings which are Keepalive messages. These are not responses to the packet I sent but somehow it shows up in this output. How do I make sr() function dissect the response from the UUT. I see hashret() and answers() methods used in sndrcv(). What is the use of those methods. Can someone help me with my query?
>>> a[0][0]
<PCEPCommonHeader Type=PCInitiate |<PCInitiate srp_object=<SRP_Object srpIdNumber=0x10 path_setup_type=<path_setup_type_tlv |> |> lsp_object=<LSP_Object plspid=0x0 symbolic_path_name= <symbolic_path_name_tlv tlvValue='SERVICE-1418979625354-9F1166-10.126.147.23-10.126.147.1' |> |> end_points_object=<End_Points_Object SourceIPv4Address=10.0.0.1 DestinationIPv4Address=10.0.0.6 |> ero_object=<ERO_Object sr_eros=[<SR_ERO_SubObject Fflag=F Mflag=M SID=2260992 |>, <SR_ERO_SubObject Fflag=F Mflag=M SID=2674688 |>, <SR_ERO_SubObject Fflag=F Mflag=M SID=3096576 |>] |> |>>
>>> a[0][1]
<Raw load=' \n\x00x!\x10\x00\x14\x00\x00\x00\x00\x00\x00\x00\x10\x00\x1b\x00\x04\x00\x00\x00\x01 \x10\x00DT\x00`\x91\x00\x11\x007SERVICE-1418979625354-9F1166-10.126.147.23-10.126.147.1\x00\x07\x10\x00\x1c\x05\x08\x10\t\x00"\x80\x00\x05\x08\x10\t\x00(\xd0\x00\x05\x08\x10\t\x00/@\x00 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04 \x02\x00\x04' |>
回答1:
You must tell StreamSocket the type of packets it will receive (Raw is the default). You can do that by using basecls= optional argument:
connection, pcc_address = pce.accept()
pcc_client = StreamSocket(connection, basecls=PCEPCommonHeader)
You will then need to implement hashret() and answers. Their docstrings from Packet explains it well:
hashret()is a kind of hash function that "returns a string that has the same value for a request and its answer".answers()is "true if self is an answer to other".
hashret() is not mandatory, but if properly implemented it will improve the performances.
来源:https://stackoverflow.com/questions/27958567/sr-method-not-dissecting-the-answered-packets-in-scapy