Reputation: 41
Is there a way to create structure in scapy to dissect packet where a field length is variable and its value is also dependent on packet length?
So , I am trying to create scapy dissection for mms protcol . Currently I am stuck with ISO 8823 OSI Presentation Layer Protocol. I want to create field dissection for Length A , but its dependent on packet size.
There are 2 cases :
So if packet size <= 127 , its value is taken as 1 byte of the raw value present. eg. 0x61 0x21 0x30.... , so 0x21 will be its value.
But if the packet size is greater than 127 , then its little complex , as given in reference:
For messages with MMS PDU longer than 120 bytes, TLV length fields of the PPDU may be longer than 1 byte, see Appendix G (long definitive length). In this case the Length field starts with the value higher or equal 0x80, i.e., the highest bit is 1, and the remaining value indicates the number of bytes of the Length field.
eg. 0x61 0x81 0xbc 0x30 .... , so now length A value is 0xbc
eg2. 0x61 0x82 0x01 0x3b 0x30.... , so now length A value will be 0x01 0x3b.
That is its length is also variable so I don't know to handle this.
Similary its same for Length B , and Length C. How to solve this ? Also is there any other way to dissect the mms protocol using scapy.
(I only want to dissect the individual fields for incoming packet I will sniff through scapy , I am not trying to build the packet)
Ref : https://www.fit.vut.cz/research/publication-file/11832/TR-61850.pdf , page 40
What can be done in this,
from scapy.all import *
class X226(Packet):
name = "X.226p"
fields_desc = [
ByteField("fully_encoded_data", 0x61),
#length a field ?
ByteField("pdv_list", 0x30),
# length b field ?
ByteField("presentation_context_tag", 0x02),
ByteField("length", 0x01),
ByteField("mms_annex_version1", 0x03),
ByteField("single_asn1_type_tag", 0xa0),
#length c field ?
StrLenField("mms_pdu", b"", length_from=lambda pkt: pkt.length_c)
]
def post_dissect(self, s):
#some code for achieving the dynamic thing I am trying to achieve
return
Upvotes: 1
Views: 21
Answers (0)
Related Questions
- Using scapy packetfields
- How do I control the size of protocol header/message in Scapy?
- PacketListField length in repeated chunks
- Scapy - adding a new field with a dynamic length
- Conditionally dissect packet field in scapy
- Scapy: Sniffing for self made layers
- creating new protocol in scapy with fields depending on the packet total length
- Parsing PPPoE Tags with Scapy