From [email protected] on June 30, 2009 11:16:35

I get the following when I try to install the library under Python 2.6:

C:\proj\python\dpkt-1.6>python setup.py install
Traceback (most recent call last):
File "setup.py", line 4, in
import dpkt
File "C:\proj\python\dpkt-1.6\dpkt__init__.py", line 17, in
import bgp
File "C:\proj\python\dpkt-1.6\dpkt\bgp.py", line 678
self.failUnless(c.as == 65215)

The problem seems to stem from BGP defining a field that shares the same
name as a keyword: 'as'. Changing this to 'AS', and changing all
references to the field to the same cleared the issue, and I was able to
install.

The modified file is attached.

Attachment: bgp.py

Original issue: http://code.google.com/p/dpkt/issues/detail?id=22

From [email protected] on April 16, 2009 10:20:40

Hi,

the packages on the "Downloads" page are way behind the current code in
the SVN (one bug cost me quite a bit of time before I realized this :)

I think that these packages do deserve updating and the version number
should be bumped to 1.7 or whatever to mark that there are differences.
Thoughts?

Cheers

Jirka Vejrazka

Original issue: http://code.google.com/p/dpkt/issues/detail?id=19

From [email protected] on March 15, 2007 17:59:18

class P(dpkt.Packet):
hdr = (('a','B',0))
won't work

class P(dpkt.Packet):
hdr = [('a','B',0)]

works.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=2

From [email protected] on August 30, 2010 12:59:15

What steps will reproduce the problem? First off, if you run this code from the tutorial with the added print statement.
#!/usr/bin/env python

import dpkt

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data

if tcp.dport == 80 and len(tcp.data) > 0:
    http = dpkt.http.Request(tcp.data)
    print http.uri
print ts

f.close()

You will see a number similar to this
1234567890.12

Where is the microsecond resolution? What is the expected output? What do you see instead? 1234567890.123456789 would be the expected output (like wireshark when it opens the same file) What version of the product are you using? On what operating system? Version 1.7
Linux Fedora Core 11 Please provide any additional information below. In addition to this I would like to modify the code so it works with the nano extensions to pcap, which gives the time format 3 extra digits after the 0 for the time stamp. Any suggestions on where to start to parse this data differently ??

Original issue: http://code.google.com/p/dpkt/issues/detail?id=46

From [email protected] on June 20, 2010 10:02:19

If pigment python is installed, dpkt 1.7 fails with the error below:

Traceback (most recent call last):
File "./setup.py", line 4, in
import dpkt
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/init.py", line 24, in
import ethernet
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 128, in
load_types()
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 122, in __load_types
mod = __import(modname, g)
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip6.py", line 95, in
import ip
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 255, in
__load_protos()
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 252, in __load_protos
IP.set_proto(v, getattr(mod, name.upper()))
AttributeError: 'module' object has no attribute 'PGM'

This was found in OpenBSD 4.7/x86 but the error is not OS specific.
Attached diff should fix it.
Thanks.

Attachment: dpkt.diff

Original issue: http://code.google.com/p/dpkt/issues/detail?id=34

From [email protected] on June 13, 2009 11:04:22

Please change as in bgp module because with python2.6 bgp.as conflicts with
as reserved keyword. I renamed to AS (capitalized) and it worked.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=21

From [email protected] on December 17, 2008 10:08:38

Diff attached.

Attachment: dpkt-ip-opts.diff

Original issue: http://code.google.com/p/dpkt/issues/detail?id=14

From [email protected] on March 20, 2007 05:21:22

replace in line 81

tv_usec=int((int(ts) - float(ts)) * 1000000.0)

with

tv_usec=int((float(ts) - int(ts)) * 1000000.0)

tnx
Manuel.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=3

From [email protected] on March 28, 2010 18:18:54

Hello, im creating an arp broadcast packet like this:

import dpkt
import socket
import binascii

def eth_aton(buffer):
sp = buffer.split(':')
buffer = ''.join(sp)
return binascii.unhexlify(buffer)

arp = dpkt.arp.ARP()
arp.sha=eth_aton('00:24:8c:5b:11:ec')
arp.spa=socket.inet_aton('192.168.1.3')
arp.tha=eth_aton('00:00:00:00:00:00')
arp.tpa=socket.inet_aton('192.168.1.4')
arp.op=dpkt.arp.ARP_OP_REQUEST
eth=dpkt.ethernet.Ethernet()
eth.src=arp.sha
eth.dst=eth_aton('ff:ff:ff:ff:ff:ff')
eth.data=arp
eth.type=dpkt.ethernet.ETH_TYPE_ARP

And Im able to send the packet with a PF_PACKET RAW socket:

s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
s.bind((device, dpkt.ethernet.ETH_TYPE_ARP))
s.send(str(eth))

Everyhting works great and Im able to get a reply, my question is How is
the network byte order handled? dpkt or the BSD socket handles it? I've
tried it in systems with different endiannesses and it works fine.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=33

From [email protected] on March 18, 2010 06:06:35

It would be great if there was support for VLAN tagging of Ethernet frames.
There seems to be support for understanding a tagged packet, but not for
actually tagging them.

I've roughly added support myself, but no where near ready for a patch. But
I will keep going and hopefully submit something.

I just wanted to lodge here in case it was already being worked on?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=32

From [email protected] on October 15, 2009 07:37:26

What steps will reproduce the problem? 1. use dpkt.pcap.Reader to read a pcap file
2. use dpkt.pcap.Writer to write it in a new file What is the expected output? What do you see instead? The expected output is a positive microsecond number instead a negative
number is stored. What version of the product are you using? On what operating system? Latest stable version of dpkt, on Ubuntu 9.04 Please provide any additional information below. Small issue. It can be easily fixed by interchanging the two numbers.
Instead of
pcap.py:81:tv_usec=int((int(ts) - float(ts)) * 1000000.0),
use tv_usec=int((float(ts) - int(ts)) * 1000000.0);

Original issue: http://code.google.com/p/dpkt/issues/detail?id=26

https://landscape.io/github/kbandla/dpkt/29/messages/error

Someone just needs to go through these and figure out what's going on, if real error fix, if not real error put in a comment why it's fine.

From snackypants on March 26, 2009 14:49:11

What steps will reproduce the problem? 1. Import dpkt.

Python 2.6.1 ( r261 :67517, Dec 4 2008, 16:51:00) [MSC v.1500 32 bit
(Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.

import dpkt
Traceback (most recent call last):
File "", line 1, in
File "C:\Python26\Lib\site-packages\dpkt__init__.py", line 17, in
import bgp
File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax

Once I fixed that, I got this:

import dpkt
Traceback (most recent call last):
File "", line 1, in
File "C:\Python26\Lib\site-packages\dpkt__init__.py", line 17, in
import bgp
File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 715
self.failUnless(b4.open.as == 237)
^

So I fixed that, too. I think the problem is that "as" is a keyword in
Python >= 2.6.

dpkt 1.6 (from Windows EXE installer), on Windows 7 beta, on Python 2.6.1.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=17

From [email protected] on May 30, 2009 06:17:16

I got a problem after I generate exe with pyinstaller. It shows that dpkt
use some hacking way to import module. After I view the source code of
dpkt. I found that:

XXX - auto-load Ethernet dispatch table from ETH_TYPE_* definitions

def load_types():
import os
d = dict.fromkeys([ x[:-3] for x in
os.listdir(os.path.dirname(__file) or '.') if x.endswith('.py') ])
g = globals()
for k, v in g.iteritems():
if k.startswith('ETH_TYPE_'):
name = k[9:]
modname = name.lower()
if modname in d:
mod = import(modname, g)
Ethernet.set_type(v, getattr(mod, name))

This hacking code load modules dynamically, so once it is packaged as exe
or something else, that function visit a wrong path like this
"\buildcards\out1.pyz/."

Could you fix the problem by not to use strange hacking way to load
modules? Or provide some way to customize that behavior.

Thanks.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=20

Right now dpkt simply shoves these 16 bits into the same field ip.off, so at a minimum we should have some documentation and an example showing how to separate the two...

do_not_fragment = self.packet.off & dpkt.ip.IP_DF
more_fragments = self.packet.off & dpkt.ip.IP_MF
fragment_offset = self.packet.off & dpkt.ip.IP_OFFMASK

From [email protected] on August 15, 2008 13:39:24

In str in the class IP6, IP6 sets the checksum of the payload (TCP or
ICMP6) to

self.data.sum = dpkt.in_cksum_done(s + self.nxt + len(p))

The correct statement is
self.data.sum = dpkt.in_cksum_done(s + socket.htons(self.nxt + len(p)))

Original issue: http://code.google.com/p/dpkt/issues/detail?id=10

From [email protected] on July 10, 2007 21:24:46

What steps will reproduce the problem? 1. Installing latest version of py2xe
2. Compiling a project which references dpkt package
3. Examine error message What is the expected output? What do you see instead? It is expected to run smoothly, but instead... (here's the traceback message)

C:\Projects\pwcb-python\dist>pwcb.exe
Traceback (most recent call last):
File "pwcb.py", line 5, in
File "dpkt__init__.pyc", line 24, in
File "dpkt\ethernet.pyc", line 113, in
File "dpkt\ethernet.pyc", line 102, in __load_types
WindowsError: [Error 2] The system cannot find the path specified:
'C:\Projects
\pwcb-python\dist\library.zip\dpkt/.' What version of the product are you using? On what operating system? Version 1.6 of dpkt and version 0.6.6 of py2exe on Windows XP. Please provide any additional information below.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=4

From [email protected] on July 28, 2007 02:47:02

The MetaPacket changes in r39 break LEPktHdr and LEFileHdr of pcap.py (and
any other similar classes). Since the clsdict only contains the
byte_order endianess modifier and inherits the hdr from the base
class, the hdr_fmt won't be set in MetaPacket's new.

Patch attached to add a testcase to pcap.py that exercises the issue.

Attachment: dpkt-pcap-endian-test.patch

Original issue: http://code.google.com/p/dpkt/issues/detail?id=6

From [email protected] on August 04, 2010 23:12:14

The length of Attribute objects is not automatically calculated (the 'len' field'). Please calculate the length automatically when encoding a Attribute object.

As a workaround, I have to calculate the lengths manually, and to create the attribute objects in two steps, e.g.:

raw_attributes = [
(0x40, dpkt.bgp.ORIGIN, dpkt.bgp.BGP.Update.Attribute.Origin(
type=dpkt.bgp.ORIGIN_IGP)),
...
]

attributes = [dpkt.bgp.BGP.Update.Attribute(
flags=f, len=len(a), type=t, data=a)
for f, t, a in raw_attributes]

This second step on the list of attribute objects could be avoided if Attribute calculated the 'len' attribute automatically when assigning the 'data' attribute, or when encoding the packet.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=43

From [email protected] on July 27, 2007 17:41:58

What steps will reproduce the problem? 1. Load up an off line pcap (I am using Core Security's Pcapy)
2. Instantiate a tcp packet object with dpkt.tcp.TCP(packet_data)
3. Print sport dport, and it is wrong What is the expected output? What do you see instead? In the packet capture data I had I was expecting the value to 2001, which
would have been the server port connecting too and from. The dsport is
also incorrect. What version of the product are you using? On what operating system? I am using the latest from the repository and the operating system is
linux. Please provide any additional information below. I tried to debug the issue, but I have not been able to identify the
problem as of yet.

Attachment: process_pcap_files.py

Original issue: http://code.google.com/p/dpkt/issues/detail?id=5

From [email protected] on February 22, 2010 11:30:40

What steps will reproduce the problem? 1. extracting files
2. running setup.py install
3. - What is the expected output? What do you see instead? package should install to proper python installation dir What version of the product are you using? On what operating system? dpkt-1.6.tar.gz and Python 2.6 Please provide any additional information below. There are two syntax errors in bgp.py

line 678 reads self.faiUnless(c.as == 65215)
line 678 should read self.faiUnless(c.asn == 65215)

line 715 reads self.faiUnless(b4.open.as == 237)
line 715 should read self.faiUnless(b4.open.asn == 237)

Correcting these lines allowed a successfully install

Original issue: http://code.google.com/p/dpkt/issues/detail?id=30

From [email protected] on December 14, 2008 17:01:36

When unwrapping the results of a packet read off the wire with pcapy, ip.IP
completely explodes.

It tries to get the attribute "slice(None, 20, None)" and throws
"TypeError: getattr(): attribute name must be string".

import pcapy
import dpkt.ethernet as ethernet
import dpkt.ip as ip
import dpkt.dns as dns
from optparse import OptionParser

def pcap_callback(hdr, pkt):
frame = ethernet.Ethernet(pkt)

packet = ip.IP(frame.data)

def main(iface):

pcap = pcapy.open_live(iface, 0xffff, 1, 15)
pcap.setfilter('udp port 53')

while True:
    pcap.dispatch(-1, pcap_callback)

if name == 'main':
op = OptionParser()
op.add_option('-i', '--interface', dest='iface',
default=pcapy.lookupdev(), help="Interface to listen on.")

(opts, args) = op.parse_args()

main(opts.iface)

Traceback is:

Traceback (most recent call last):
File "dnswatch.py", line 29, in
main(opts.iface)
File "dnswatch.py", line 20, in main
pcap.dispatch(-1, pcap_callback)
File "dnswatch.py", line 11, in pcap_callback
packet = ip.IP(frame.data)
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 72, in
init
self.unpack(args[0])
File "/usr/local/lib/python2.5/site-packages/dpkt/ip.py", line 53, in unpack
dpkt.Packet.unpack(self, buf)
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 127, in
unpack
struct.unpack(self.hdr_fmt, buf[:self.hdr_len])):
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 88, in
getitem
try: return getattr(self, k)
TypeError: getattr(): attribute name must be string

The code's being run on Python 2.5.2 on FreeBSD 7. This occurs in the
latest version of the code checked out from SVN.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=13

From [email protected] on August 04, 2010 22:52:10

Update objects can be correctly encoded when decoded from a captured packet. But it is not possible to create a Update object in code and encode it without errors.

Until this bug is fixed, a workaround is to add a hdr_fields attribute to the class, after importing it:
dpkt.bgp.BGP.Update.hdr_fields = ()

Original issue: http://code.google.com/p/dpkt/issues/detail?id=38

From [email protected] on August 04, 2010 23:15:16

The length of BGP objects is not automatically calculated (the 'len' field'). Please calculate the length automatically when encoding a BGP object.

As a workaround, I have to calculate the length manually this way:

msg = ...
msg_with_headers = dpkt.bgp.BGP(len=dpkt.bgp.BGP.hdr_len + len(msg),
type=msg_type)
msg_with_headers.data = msg

Original issue: http://code.google.com/p/dpkt/issues/detail?id=44

From [email protected] on August 04, 2010 22:53:33

Keepalive objects can be correctly encoded when decoded from a captured packet. But it is not possible to create a Keepalive object in code and encode it without errors.

Until this bug is fixed, a workaround is to add a hdr_fields attribute to the class, after importing it:
dpkt.bgp.BGP.Keepalive.hdr_fields = ()

Original issue: http://code.google.com/p/dpkt/issues/detail?id=40

From [email protected] on April 21, 2008 09:43:34

What steps will reproduce the problem? Following code:
import pcap, dpkt

def pr(hdr,data):
print(dpkt.ip.IP(data[14:])['src'])

pc = pcap.pcap(None,1500,False)
pc.setfilter('udp')

##pc = pcap.pcap()
##pc.setfilter('udp')
pc.dispatch(10,pr)

shows mystery 'R\xb3A\x1e'
how to decode this?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=7

From lrhazi on December 05, 2008 12:10:12

To build under Python 2.6 I had to:

change line 734 to look like: self.failUnless(b4.open['as'] == 237)
change line 715 to look like this: self.failUnless(b4.open['as'] == 237)

It seems "as" is now a reserved word?
Thanks,
Mohamed.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=12

From [email protected] on August 04, 2010 22:44:53

The BGP-4 spec says that the marker must be "all ones", which means all bits set to one, not bytes equal to 0x01 as is currently done in Dpkt. This bug prevents generating BGP-4 packets correctly without specifying the correct marker field manually.

Specifically, please modify class dpkt.bgp.BGP to change:
('marker', '16s', '\x01' * 16),
into:
('marker', '16s', '\xff' * 16),

Original issue: http://code.google.com/p/dpkt/issues/detail?id=37

From [email protected] on August 21, 2009 05:05:42

As mentioned early it's impossible to use dpkt with some distribution tools
due to it __load_xxx functions implementaions. Patch is attached.

Attachment: dpkt.diff

Original issue: http://code.google.com/p/dpkt/issues/detail?id=24

See http://dpkt.readthedocs.org/en/latest/examples.html#examples-in-dpkt-examples for what I think is a good example of auto-generated plus manually annotated documentation. In particular the use of google docstrings (along with the napoleon sphinx plugin we have) make the auto-generated code annotation nice. Please follow/improve upon this example for all the documentation.

In particular one of the first things we need is to organize the API reference documentation. One suggestion (to be taken with a grain of salt) is breaking up all the modules into 3 meta groups

• Network (IP, IP6, ARP, PPPoE, etc)
• Transport (TCP, UDP, ...)
• Application (HTTP, ...)

So this is a project I just started but the documentation IMHO looks pretty nice and we might want to emulate it: http://chains.readthedocs.org/en/latest/index.html

From [email protected] on August 04, 2010 22:59:11

Please make dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment objects set the 'len' field automatically to the length of the 'path' list, when encoding. Currently, the 'len' field has to be set manually by the caller, which is error-prone, e.g.:

dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment(
type=dpkt.bgp.AS_SEQUENCE,
len=1, # could be automatically set to len(path)
path=[64512])

Original issue: http://code.google.com/p/dpkt/issues/detail?id=41

dpkt

dpkt is a pure-python library which simplifies packet creation and parsing.

Main project goals

• Make dpkt Python 3 compatible
  • basically, dpkt should run on Python2.6 and later. This means a lot more than just running a tool like 2to3.
• Fix bugs from the project issue queue
  • Actual bugs are high priority
  • Feature requests can be handled if there is time left over
• Tests and Test Coverage
  • Increase the test coverage to 90% (coverage computed with pytest and coveralls)
  • Add more tests for all of the protocol modules

Apart from the main goals, there are also some secondary goals, which would benefit the project:

• Write documentation and examples
• Update/Add comments in code where possible

Also look at @mhils writeup. It applies to most Honeynet Project's GSoC projects. Only the major differences are listed in this page.

FAQ

1. What is the necessary background for working on dpkt?
   • Python (programming, setuptools, unit testing, code-coverage)
   • Deep knowledge of networking and various network protocols.
   • Experience with tools like Wireshark, Tcpdump, libpcap, etc
   • Experience using a software revision control system (git/svn etc)
2. Tips to get started
   • Download and explore the project. Try to parse a pcap file or create your own packets.
   • If you want to tinker with the code, GSoC2015 branch and work on it
   • See this for Metaclass usage in Python3. It is different from Python2.
3. Other questions
   • For all other questions, please do not hesitate to email me or the honeynet GSoC mailing list!

Project Proposals

Each student will write a project proposal on the approach to working on dpkt. A rough timeline is desired. If you have any other ideas that you want to implement in dpkt, please add them to the proposal.

Google has started accepting student proposals on their GSoC2015 page. Please signup for an account and submit your proposals before 27th of March, 2015!

From [email protected] on July 06, 2010 12:00:21

Python 2.6.5 (release26-maint, Jun 23 2010, 10:41:00)
[GCC 4.3.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.

import dpkt
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python2.6/site-packages/dpkt/init.py", line 24, in
import ethernet
File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 128, in
load_types()
File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 122, in __load_types
mod = __import(modname, g)
File "/usr/lib/python2.6/site-packages/dpkt/ip6.py", line 95, in
import ip
File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 255, in
__load_protos()
File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 245, in __load_protos
for k, v in g.iteritems():
RuntimeError: dictionary changed size during iteration

Quick fix:
--- /usr/lib/python2.6/site-packages/dpkt/ip.py~ 2010-03-26 04:53:51.000000000 +0200
+++ /usr/lib/python2.6/site-packages/dpkt/ip.py 2010-07-06 18:54:05.013117134 +0300
@@ -242,7 +242,7 @@

XXX - auto-load IP dispatch table from IP_PROTO_* definitions

def __load_protos():
g = globals()

• for k, v in g.iteritems():
• for k, v in list(g.iteritems()):
  if k.startswith('IP_PROTO_'):
  name = k[9:].lower()
  try:

Original issue: http://code.google.com/p/dpkt/issues/detail?id=35

From [email protected] on November 06, 2009 17:30:27

I'm trying to use DPKT to parse a PCAP file and getting an exception thrown
in the pcap.py module.

My code:

import dpkt

f = open('capture.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data

print tcp.sport, tcp.dport, len(tcp.data)

f.close()

Breaks in the following module:

def iter(self):
self.f.seek(FileHdr.__hdr_len)
while 1:
buf = self.f.read(PktHdr.__hdr_len)
if not buf: break
hdr = self.__ph(buf)
buf = self.__f.read(hdr.caplen)

It breaks in the last line with this error:

exceptions.OverflowError: long int too large to convert to int

Wireshark displays the data fine and I don't see anything that looks like
it would be a problem. The traffic is a mix of TCP and UDP it it breaks on
a UDP packet.

Any ideas?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=27

From [email protected] on February 19, 2009 20:43:45

What steps will reproduce the problem? 1. Trying to run something that imports dpkt. What is the expected output? What do you see instead? ...
File "./dpkt-svn/dpkt/init.py", line 25, in
import rtap
ImportError: No module named rtap What version of the product are you using? On what operating system? SVN checkout. Please provide any additional information below. Maybe I'm retardo -- but I can't find anything about rtap in python.
Trying to get an app to work, but failing on this. Help?!?!?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=16

From [email protected] on August 19, 2008 00:51:50

The 'as' variable used in the bgps Open, Aggregator and Community classes
will generate a syntax error when used with python 2.6 (2.5 gives a
warning, the integrated python interpreter in eric - also 2.5 - already
bails out)

"as" will become a reserved keyword in python 2.6. See warning in python 2.5.2

'as' should be changed to something like 'asn' or 'asnumber' which works.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=11

From [email protected] on January 26, 2010 11:55:08

try using ip.src or ip.dst, returns are not as expected :-/ What is the expected output? What do you see instead? expected: 10.42.0.something
got: *$ What version of the product are you using? On what operating system? 1.6 on ubuntu Please provide any additional information below.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=28

From [email protected] on August 17, 2010 13:00:57

What steps will reproduce the problem? 1. Get a PCAP with PPI info (e.g., in Kismet)
2. Try to open it using dpkt with the code on http://www.jjguy.com/pcaputils/ What is the expected output? What do you see instead? I see:
Traceback (most recent call last):
File "parser2.py", line 4, in
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
File "/usr/lib/pymodules/python2.6/dpkt/pcap.py", line 105, in init
self.dloff = dltoff[self.__fh.linktype]
KeyError: 192 What version of the product are you using? On what operating system? 1.6+svn54-1 on Ubuntu 10.04 Please provide any additional information below. http://nmap.org/svn/libpcap/pcap-common.c defines 'LINKTYPE_PPI' as '192'. http://www.cacetech.com/documents/PPI%20Header%20format%201.0.9.pdf provides PPI spec.

NOTE: even if it isn't worth it to support PPI may I sugest a better error message for it than an exception?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=45

From [email protected] on August 04, 2010 23:05:09

ASPath objects accepts an ASPathSegment object in its 'segments' field. However, this field is not printed when representing the object. Only the 'data' field is printed.
When an object is decoded, the 'data' field is set to the value of the 'segments' field, so it is represented correctly, but it's not the case when an object is created in code.
Same problem in ASPathSegment: the 'data' field should be set to the value of the 'path' field.

As a workaround, I have to set the 'data' fields manually, after creating the objects:
for a in paths: # ASPath objects
a.data = a.segments
for s in a.segments: # ASPathSegment objects
s.data = s.path

Please do that automatically, or use the 'segments' and 'path' fields to represent those objects, instead of the 'data' fields.

This is not essential, but very useful for debugging.

Original issue: http://code.google.com/p/dpkt/issues/detail?id=42

From [email protected] on July 31, 2009 21:29:31

During the install of dpkt on a machine running python 2.6, the bgp.py file
contains 2 instances where property "as" is accessed on an object. "as" is
now a reserved keyword in Python 2.6 so maybe a quick change to the source
can help remedy this issue?

Original issue: http://code.google.com/p/dpkt/issues/detail?id=23

From [email protected] on April 23, 2008 19:26:54

import dpkt
import socket
import struct,string

def eth_aton(buffer):
addr =''
temp = string.split(buffer,':')
buffer = string.join(temp,'')
for i in range(0, len(buffer), 2):
addr = ''.join([addr,struct.pack('B', int(buffer[i: i + 2], 16))],)
return addr

#############

here is some secret sauce

dpkt does not have this for some reason

but you gotta have this header

\xaa\xaa is for SNAP packet

\x03 for Control field

\x00\x00\x0c is Cisco org code

the " \x00" somehow comes out to 0x2000, protocol id for CDP

############

cdp_header='\xaa\xaa\x03\x00\x00\x0c \x00'

###############

more sauce

this is the ethernet multicast addr

for cdp messages HA! 01:00:0c:cc:cc:cc

###############

eth_dst = '\x01\x00\x0c\xcc\xcc\xcc'

#######
##change if you like, 00:07:85 OID for Cisco
#########
ipaddr = "192.168.0.1"
src_eth = "00:07:85:12:34:56"

###################################################################
###################################################################

def make_addr(ipaddr): ## make an address packet for a TLV
tmp_addr = dpkt.cdp.CDP.Address()
tmp_addr.data = socket.inet_aton(ipaddr)
return tmp_addr.pack()

def make_tlv(addpack): ## take address packet and put in TLV (type,len,value)
tmp_tlv = dpkt.cdp.CDP.TLV()
tmp_tlv.data = addpack
tmp_tlv.type = dpkt.cdp.CDP_ADDRESS
tmp_tlv.len = tmp_tlv.len()
#########

this is to make up for prob with the dpkt libs, trying to mod lib code

appears to not pack TLVs with type == CDP_addresses right

TLVS with type=address include a number in front that

is how many addresses to follow. dpkt uses len of data field, while I am

using len/9 because my test data has len of 9 (so an 18 byte field has 2

addresses - DRM

#########
j = struct.pack('>I', len(tmp_tlv.data)/9)
data = tmp_tlv.pack_hdr() + j + tmp_tlv.data
return data

def make_cdp(data): ## and now the CDP packet part
tmp_cdp = dpkt.cdp.CDP()
tmp_cdp.data = data
tmp_cdp.sum=dpkt.in_cksum(tmp_cdp.data)
return tmp_cdp.pack()

def make_ethf(data,src,dst): ##and then the ethernet frame
tmp_eth = dpkt.ethernet.Ethernet()
tmp_eth.data = cdp_header+data
tmp_eth.dst = dst
tmp_eth.src = src
tmp_eth.type = len(tmp_eth.data) ## for a SNAP packet, the type= len
return tmp_eth.pack()

################################################################

build it

################################################################
eth_src = eth_aton(src_eth)
addrpacket = make_addr(ipaddr)
tlv_packet = make_tlv(addrpacket)
cdp_packet = make_cdp(tlv_packet)
eth_frame = make_ethf(cdp_packet,eth_src,eth_dst)

########################################33

open the socket

#########################################
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
s.bind(("eth0",dpkt.ethernet.ETH_TYPE_CDP))

##########################################

fire off 3 packets

#########################################
for i in range(3):
s.send(eth_frame)

###################

close it

##################
s.close()

Original issue: http://code.google.com/p/dpkt/issues/detail?id=8

From [email protected] on October 01, 2009 11:09:58

What steps will reproduce the problem? enrico@enrico-laptop:~/workspace/Murena/lib/dpkt-1.6$ sudo python setup.py
Traceback (most recent call last):
File "setup.py", line 4, in
import dpkt
File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/init.py", line
17, in
import bgp
File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax What version of the product are you using? On what operating system? Ubuntu 9.10

Python 2.6.2+ (release26-maint, Sep 24 2009, 06:46:17)
[GCC 4.4.1] on linux2

Original issue: http://code.google.com/p/dpkt/issues/detail?id=25

From dugsong on November 08, 2006 10:48:05

dpkt docs suck

Original issue: http://code.google.com/p/dpkt/issues/detail?id=1

From [email protected] on May 26, 2008 20:37:29

Hi,

there seems to be a typo/bug in ssl.py in the SSL2 class.

Unless I'm missing something, lines saying:
self.pad = self.data[1+n:1+n+pad]
self.data = self.data[1+n+pad:]

should really say:
self.pad = self.data[1+n:1+n+padlen]
self.data = self.data[1+n+padlen:]

HTH

Jirka

Original issue: http://code.google.com/p/dpkt/issues/detail?id=9

From [email protected] on February 04, 2010 07:30:33

What steps will reproduce the problem? 1. # python setup.py install What is the expected output? What do you see instead? File "setup.py", line 4, in
import dpkt
File "/home/super/dpkt-1.6/dpkt/init.py", line 17, in
import bgp
File "/home/super/dpkt-1.6/dpkt/bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax What version of the product are you using? On what operating system? Python 2.6.4 [GCC 3.4.6]
Kernel: 2.6.10-72032U10_12clsmp (too old, but necessary for the moment) Please provide any additional information below. This is an syntax error because of attribute named "as" what is an python
reserved word, i make some changes in the file "bgp.py" and all works
pretty, the patch file is in attachment.

Attachment: bgp.py.patch

Original issue: http://code.google.com/p/dpkt/issues/detail?id=29

From [email protected] on August 04, 2010 22:53:19

ASPath objects can be correctly encoded when decoded from a captured packet. But it is not possible to create a ASPath object in code and encode it without errors.

Until this bug is fixed, a workaround is to add a hdr_fields attribute to the class, after importing it:
dpkt.bgp.BGP.Update.Attribute.ASPath.hdr_fields = ()

Original issue: http://code.google.com/p/dpkt/issues/detail?id=39

From [email protected] on March 29, 2009 18:39:43

What steps will reproduce the problem? data = """HTTP/1.x 200 OK\r\nSet-Cookie: first_cookie=cookie1; path=/;
domain=.example.com\r\nSet-Cookie: second_cookie=cookie2; path=/;
domain=.example.com\r\nContent-Length: 0\r\n\r\n"""
http = dpkt.http.Response(data)
print http What is the expected output? What do you see instead? Only the last server cookie "survives" [example script attached]

Original:

HTTP/1.x 200 OK
Set-Cookie: first_cookie=cookie1; path=/; domain=.example.com
Set-Cookie: second_cookie=cookie2; path=/; domain=.example.com
Content-Length: 0

Parsed:

HTTP/1.x 200 OK
set-cookie: second_cookie=cookie2; path=/; domain=.example.com
content-length: 0
---------------------------------------- What version of the product are you using? On what operating system? dpkt 1.6 (Ubuntu + Windows XP), python 2.5.4 Please provide any additional information below. The problem is in dpkt.http.parse_headers() - it doesn't take into account
multiple headers with the same name and thus overwrites the value of
"set-cookie" with the value of the last "Set-Cookie" header.

Multiple cookies are very common in real world traffic (i.e. google.com,
facebook.com)
Fixing this bug would really improve this excellent module (thanks dug!)

Attachment: dpkt_cookies.py

Original issue: http://code.google.com/p/dpkt/issues/detail?id=18

Lets get permission from Jeff Silverman to use http://www.commercialventvac.com/dpkt.html as a starting point to fill in some real documentation on https://dpkt.readthedocs.org. Issue #7 also has a bullet for documentation but given the importance wanted to call this out separately.

From o.a.stephens on March 02, 2010 13:29:04

From examining the SVN checkout, there appears to be no support for IPv6
extension headers within dpkt.

The reason I ask is that it isn't currently possibly to guarantee the
ability to detect the payload protocol of an IPv6 packet.
In the instance that there are no extension headers, then the 'nxt' header
attribute is set to the payload protocol. However, if there are any
extension headers there is no way to follow the header chain to find the
payload protocol (or if desired, decode the extension headers).

Is there any code floating around to provide this support, or is it the
case that it simply hasn't been implemented in dpkt?

Thanks

Original issue: http://code.google.com/p/dpkt/issues/detail?id=31

From [email protected] on July 20, 2010 00:19:10

What steps will reproduce the problem? 1. installed dpkt using windows installer
2. started python
3. imported dpkt What is the expected output? What do you see instead? The python interpreted crashes. What version of the product are you using? On what operating system? 1.7 windows installer Please provide any additional information below. This is running in a python(xy) environment.

Attachment: 7-19-2010 11-16-04 PM.avi

Original issue: http://code.google.com/p/dpkt/issues/detail?id=36