作为我的第一个涉及Scapy库的大型项目,我正在尝试实现HEP3 / EEP3协议解剖器(specs)。我正在努力理解如何分解这些块(一个HEP3数据包中可能有很多)。我从文档和Google搜索中获得了应该为此使用PacketListField的信息,但我没有获得如何获取块的长度以使scapy解析所有块的方法。这是我到目前为止的代码:
select I.*
INTO #tmpInvs
FROM OPENJSON(@identObj)
WITH (
invs NVARCHAR(MAX) AS JSON
) AS caseIdentInvs
CROSS APPLY OPENJSON (caseIdentInvs.invs)
WITH (
userId INT,
invTypeCd CHAR(5),
importId INT,
seqId INT
) I;
IF EXISTS (SELECT i.seqId FROM #tmpInvs i WHERE i.seqId != NULL)
WITH cte AS
(
SELECT i.*,ci.case_ident_id AS case_ident_id, ki.inv_type_name AS inv_type_name
FROM #tmpInvs i
INNER JOIN case_idents ci ON i.importId=ci.import_id
INNER JOIN kdd_inv_type ki ON i.invTypeCd=ki.inv_type_cd
)
UPDATE T
SET
inv_id = ct.userId,
inv_type_cd = ct.invTypeCd,
inv_type_name = ct.inv_type_name
FROM case_ident_to_inv T
INNER JOIN cte AS ct ON ct.case_ident_id = T.case_ident_id
WHERE seq_id = ct.seqId
ELSE
INSERT INTO case_ident_to_inv(inv_id, case_ident_id, inv_type_cd, inv_type_name)
SELECT userId, case_ident_id, invTypeCd, inv_type_name
FROM cte
到目前为止(硬编码的7个字节的长度)的结果是:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import scapy.all as sa
HEP_CHUNK_HEADER = 6
class HEP3Chunk(sa.Packet):
name = "HEP3Chunk"
fields_desc = [
sa.ShortField("chunk_vendor_id", 0),
sa.ShortField("chunk_type_id", 0),
sa.ShortField("chunk_length", 0),
sa.StrLenField("chunk_val", None, length_from=lambda pkt: pkt.chunk1_length - HEP_CHUNK_HEADER),
]
def extract_padding(self, s):
return "", s
class HEP3(sa.Packet):
name = "HEP3"
fields_desc = [
sa.StrFixedLenField("hep_proto_id", "HEP3", 4),
sa.ShortField("total_length", 0),
#sa.FieldLenField("flf", None, length_of="hep_chunk"),
sa.PacketListField("chunks", None, HEP3Chunk, count_from=lambda pkt: None, length_from=lambda pkt: None),
]
能否请您给我一个提示,说明如何处理块的长度,以读取和分解所有块?
谢谢。
答案 0 :(得分:0)
以下是一些提示
length_from和count_from函数,请不要指定它们。extract_padding的权利,每个人都忘记了length_from=lambda pkt: pkt.total_length-6(我不计算评论字段)