tthtlc / dpkt Goto Github PK

What steps will reproduce the problem?

enrico@enrico-laptop:~/workspace/Murena/lib/dpkt-1.6$ sudo python setup.py 
Traceback (most recent call last):
  File "setup.py", line 4, in <module>
    import dpkt
  File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/__init__.py", line
17, in <module>
    import bgp
  File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/bgp.py", line 678
    self.failUnless(c.as == 65215)
                       ^
SyntaxError: invalid syntax


What version of the product are you using? On what operating system?
Ubuntu 9.10

Python 2.6.2+ (release26-maint, Sep 24 2009, 06:46:17) 
[GCC 4.4.1] on linux2

What steps will reproduce the problem?
1. Get a PCAP with PPI info (e.g., in Kismet)
2. Try to open it using dpkt with the code on http://www.jjguy.com/pcaputils/

What is the expected output? What do you see instead?
I see:
Traceback (most recent call last):
  File "parser2.py", line 4, in <module>
    pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
  File "/usr/lib/pymodules/python2.6/dpkt/pcap.py", line 105, in __init__
    self.dloff = dltoff[self.__fh.linktype]
KeyError: 192


What version of the product are you using? On what operating system?
1.6+svn54-1 on Ubuntu 10.04

Please provide any additional information below.
http://nmap.org/svn/libpcap/pcap-common.c defines 'LINKTYPE_PPI' as '192'.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.9.pdf provides 
PPI spec.

NOTE: even if it isn't worth it to support PPI may I sugest a better error 
message for it than an exception?

Please change as in bgp module because with python2.6 bgp.as conflicts with
as reserved keyword. I renamed to AS (capitalized) and it worked.

The 'as' variable used in the bgps Open, Aggregator and Community classes
will generate a syntax error when used with python 2.6 (2.5 gives a
warning, the integrated python interpreter in eric  - also 2.5 - already
bails out)

"as" will become a reserved keyword in python 2.6. See warning in python 2.5.2

'as' should be changed to something like 'asn' or 'asnumber' which works.

dpkt docs suck

I got a problem after I generate exe with pyinstaller. It shows that dpkt
use some hacking way to import module. After I view the source code of
dpkt. I found that:

# XXX - auto-load Ethernet dispatch table from ETH_TYPE_* definitions
def __load_types():
    import os
    d = dict.fromkeys([ x[:-3] for x in
os.listdir(os.path.dirname(__file__) or '.') if x.endswith('.py') ])
    g = globals()
    for k, v in g.iteritems():
        if k.startswith('ETH_TYPE_'):
            name = k[9:]
            modname = name.lower()
            if modname in d:
                mod = __import__(modname, g)
                Ethernet.set_type(v, getattr(mod, name))

This hacking code load modules dynamically, so once it is packaged as exe
or something else, that function visit a wrong path like this
"\\buildcards\\out1.pyz/*.*"

Could you fix the problem by not to use strange hacking way to load
modules? Or provide some way to customize that behavior.

Thanks.

Keepalive objects can be correctly encoded when decoded from a captured packet. 
But it is not possible to create a Keepalive object in code and encode it 
without errors.

Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to 
the class, after importing it:
dpkt.bgp.BGP.Keepalive.__hdr_fields__ = ()

The length of Attribute objects is not automatically calculated (the 'len' 
field'). Please calculate the length automatically when encoding a Attribute 
object.

As a workaround, I have to calculate the lengths manually, and to create the 
attribute objects in two steps, e.g.:

raw_attributes = [
  (0x40, dpkt.bgp.ORIGIN, dpkt.bgp.BGP.Update.Attribute.Origin(
      type=dpkt.bgp.ORIGIN_IGP)),
  ...
  ]

attributes = [dpkt.bgp.BGP.Update.Attribute(
                  flags=f, len=len(a), type=t, data=a)
              for f, t, a in raw_attributes]

This second step on the list of attribute objects could be avoided if Attribute 
calculated the 'len' attribute automatically when assigning the 'data' 
attribute, or when encoding the packet.

What steps will reproduce the problem?
1. Trying to run something that imports dpkt.

What is the expected output? What do you see instead?
...
File "./dpkt-svn/dpkt/__init__.py", line 25, in <module>
    import rtap
ImportError: No module named rtap


What version of the product are you using? On what operating system?

SVN checkout.

Please provide any additional information below.

Maybe I'm retardo -- but I can't find anything about rtap in python. 
Trying to get an app to work, but failing on this.  Help?!?!?

What steps will reproduce the problem?
1. # python setup.py install

What is the expected output? What do you see instead?
  File "setup.py", line 4, in <module>
    import dpkt
  File "/home/super/dpkt-1.6/dpkt/__init__.py", line 17, in <module>
    import bgp
  File "/home/super/dpkt-1.6/dpkt/bgp.py", line 678
    self.failUnless(c.as == 65215)
                       ^
SyntaxError: invalid syntax

What version of the product are you using? On what operating system?
Python 2.6.4 [GCC 3.4.6]
Kernel: 2.6.10-72032U10_12clsmp (too old, but necessary for the moment)

Please provide any additional information below.

This is an syntax error because of attribute named "as" what is an python
reserved word, i make some changes in the file "bgp.py" and all works
pretty, the patch file is in attachment.

To build under Python 2.6 I had to:

change line 734 to look like: self.failUnless(b4.open['as'] == 237)
change line 715 to look like this: self.failUnless(b4.open['as'] == 237)

It seems "as" is now a reserved word?
Thanks,
Mohamed.

What steps will reproduce the problem?
data = """HTTP/1.x 200 OK\r\nSet-Cookie: first_cookie=cookie1; path=/;
domain=.example.com\r\nSet-Cookie: second_cookie=cookie2; path=/;
domain=.example.com\r\nContent-Length: 0\r\n\r\n"""
http = dpkt.http.Response(data)
print http

What is the expected output? What do you see instead?
Only the last server cookie "survives" [example script attached]

Original:
----------------------------------------
HTTP/1.x 200 OK
Set-Cookie: first_cookie=cookie1; path=/; domain=.example.com
Set-Cookie: second_cookie=cookie2; path=/; domain=.example.com
Content-Length: 0
----------------------------------------

Parsed:
----------------------------------------
HTTP/1.x 200 OK
set-cookie: second_cookie=cookie2; path=/; domain=.example.com
content-length: 0
----------------------------------------


What version of the product are you using? On what operating system?
dpkt 1.6 (Ubuntu + Windows XP), python 2.5.4

Please provide any additional information below.
The problem is in dpkt.http.parse_headers() - it doesn't take into account
multiple headers with the same name and thus overwrites the value of
"set-cookie" with the value of the last "Set-Cookie" header.

Multiple cookies are very common in real world traffic (i.e. google.com,
facebook.com)
Fixing this bug would really improve this excellent module (thanks dug!) 

What steps will reproduce the problem?
1. try to have managenent frame (becon )
2.
3.

What is the expected output? What do you see instead?
I suggest to add Manaagement frame in to ieee80211( Probe Request,Probe 
Response, Beacon,Disassociate)

What version of the product are you using? On what operating system?
Linux version 2.6.32-24-generic (buildd@palmer) (gcc version 4.4.3 (Ubuntu 
4.4.3-4ubuntu5, Python 2.6.5


Please provide any additional information below.
So I did a patch to do that

I get the following when I try to install the library under Python 2.6:

C:\proj\python\dpkt-1.6>python setup.py install
Traceback (most recent call last):
  File "setup.py", line 4, in <module>
    import dpkt
  File "C:\proj\python\dpkt-1.6\dpkt\__init__.py", line 17, in <module>
    import bgp
  File "C:\proj\python\dpkt-1.6\dpkt\bgp.py", line 678
    self.failUnless(c.as == 65215)

The problem seems to stem from BGP defining a field that shares the same
name as a keyword: 'as'.  Changing this to 'AS', and changing all
references to the field to the same cleared the issue, and I was able to
install.

The modified file is attached.

ASPath objects can be correctly encoded when decoded from a captured packet. 
But it is not possible to create a ASPath object in code and encode it without 
errors.

Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to 
the class, after importing it:
dpkt.bgp.BGP.Update.Attribute.ASPath.__hdr_fields__ = ()

The MetaPacket changes in r39 break LEPktHdr and LEFileHdr of pcap.py (and
any other similar classes).  Since the clsdict only contains the
__byte_order__ endianess modifier and inherits the __hdr__ from the base
class, the __hdr_fmt__ won't be set in MetaPacket's __new__.

Patch attached to add a testcase to pcap.py that exercises the issue.

It would be great if there was support for VLAN tagging of Ethernet frames.
There seems to be support for understanding a tagged packet, but not for
actually tagging them.

I've roughly added support myself, but no where near ready for a patch. But
I will keep going and hopefully submit something.

I just wanted to lodge here in case it was already being worked on?

What steps will reproduce the problem?
1. installed dpkt using windows installer
2. started python
3. imported dpkt

What is the expected output? What do you see instead?
The python interpreted crashes.

What version of the product are you using? On what operating system?
1.7 windows installer

Please provide any additional information below.
This is running in a python(xy) environment.

The BGP-4 spec says that the marker must be "all ones", which means all bits 
set to one, not bytes equal to 0x01 as is currently done in Dpkt. This  bug 
prevents generating BGP-4 packets correctly without specifying the correct 
marker field manually.

Specifically, please modify class dpkt.bgp.BGP to change:
        ('marker', '16s', '\x01' * 16),
into:
        ('marker', '16s', '\xff' * 16),

I'm trying to use DPKT to parse a PCAP file and getting an exception thrown
in the pcap.py module.

My code:

import dpkt

f = open('capture.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    print tcp.sport, tcp.dport, len(tcp.data)

f.close()

Breaks in the following module:

def __iter__(self):
    self.__f.seek(FileHdr.__hdr_len__)
    while 1:
        buf = self.__f.read(PktHdr.__hdr_len__)
        if not buf: break
        hdr = self.__ph(buf)
        buf = self.__f.read(hdr.caplen)

It breaks in the last line with this error:

exceptions.OverflowError: long int too large to convert to int

Wireshark displays the data fine and I don't see anything that looks like
it would be a problem. The traffic is a mix of TCP and UDP it it breaks on
a UDP packet.

Any ideas?

import dpkt
import socket
import struct,string

def eth_aton(buffer):
    addr =''
    temp = string.split(buffer,':')
    buffer = string.join(temp,'')
    for i in range(0, len(buffer), 2):
        addr = ''.join([addr,struct.pack('B', int(buffer[i: i + 2], 16))],)
    return addr

#############
### here is some secret sauce
### dpkt does not have this for some reason
### but you gotta have this header
### \xaa\xaa is for SNAP packet
### \x03 for Control field
### \x00\x00\x0c is Cisco org code
### the " \x00" somehow comes out to 0x2000, protocol id for CDP
############

cdp_header='\xaa\xaa\x03\x00\x00\x0c \x00'

###############
### more sauce
### this is the ethernet multicast addr
### for cdp messages HA! 01:00:0c:cc:cc:cc
###############

eth_dst = '\x01\x00\x0c\xcc\xcc\xcc'

#######
##change if you like, 00:07:85 OID for Cisco
#########
ipaddr = "192.168.0.1"
src_eth = "00:07:85:12:34:56"



###################################################################
###################################################################

def make_addr(ipaddr): ## make an address packet for a TLV
        tmp_addr = dpkt.cdp.CDP.Address()
        tmp_addr.data = socket.inet_aton(ipaddr)
        return tmp_addr.pack()

def make_tlv(addpack): ## take address packet and put in TLV (type,len,value)
        tmp_tlv = dpkt.cdp.CDP.TLV()
        tmp_tlv.data = addpack
        tmp_tlv.type = dpkt.cdp.CDP_ADDRESS
        tmp_tlv.len = tmp_tlv.__len__()
#########
### this is to make up for prob with the dpkt libs, trying to mod lib code
### appears to not pack TLVs with type == CDP_addresses right
### TLVS with type=address include a number in front that
### is how many addresses to follow. dpkt uses len of data field, while I am
### using len/9 because my test data has len of 9 (so an 18 byte field has 2
### addresses - DRM
#########
        j = struct.pack('>I', len(tmp_tlv.data)/9)
        data = tmp_tlv.pack_hdr() + j + tmp_tlv.data
        return data

def make_cdp(data): ## and now the CDP packet part
        tmp_cdp = dpkt.cdp.CDP()
        tmp_cdp.data = data
        tmp_cdp.sum=dpkt.in_cksum(tmp_cdp.data)
        return tmp_cdp.pack()

def make_ethf(data,src,dst): ##and then the ethernet frame
        tmp_eth = dpkt.ethernet.Ethernet()
        tmp_eth.data = cdp_header+data
        tmp_eth.dst = dst
        tmp_eth.src = src
        tmp_eth.type = len(tmp_eth.data) ## for a SNAP packet, the type= len
        return tmp_eth.pack()

################################################################
### build it
################################################################
eth_src = eth_aton(src_eth)
addrpacket = make_addr(ipaddr)
tlv_packet = make_tlv(addrpacket)
cdp_packet = make_cdp(tlv_packet)
eth_frame = make_ethf(cdp_packet,eth_src,eth_dst)

########################################33
### open the socket
#########################################
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
s.bind(("eth0",dpkt.ethernet.ETH_TYPE_CDP))

##########################################
### fire off 3 packets
#########################################
for i in range(3):
        s.send(eth_frame)

###################
### close it
##################
s.close()

class P(dpkt.Packet):
   __hdr__ = (('a','B',0))
won't work

class P(dpkt.Packet):
   __hdr__ = [('a','B',0)]

works.

Hi,

  the packages on the "Downloads" page are way behind the current code in
the SVN (one bug cost me quite a bit of time before I realized this :)

  I think that these packages do deserve updating and the version number
should be bumped to 1.7 or whatever to mark that there are differences.
Thoughts?

  Cheers

    Jirka Vejrazka

What steps will reproduce the problem?
1. extracting files
2. running setup.py install
3. -

What is the expected output? What do you see instead?
package should install to proper python installation dir

What version of the product are you using? On what operating system?
dpkt-1.6.tar.gz and Python 2.6

Please provide any additional information below.
There are two syntax errors in bgp.py

line 678 reads self.faiUnless(c.as == 65215)
line 678 should read self.faiUnless(c.asn == 65215)

line 715 reads self.faiUnless(b4.open.as == 237)
line 715 should read self.faiUnless(b4.open.asn == 237)

Correcting these lines allowed a successfully install

Python 2.6.5 (release26-maint, Jun 23 2010, 10:41:00) 
[GCC 4.3.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dpkt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/dpkt/__init__.py", line 24, in <module>
    import ethernet
  File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 128, in <module>
    __load_types()
  File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 122, in __load_types
    mod = __import__(modname, g)
  File "/usr/lib/python2.6/site-packages/dpkt/ip6.py", line 95, in <module>
    import ip
  File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 255, in <module>
    __load_protos()
  File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 245, in __load_protos
    for k, v in g.iteritems():
RuntimeError: dictionary changed size during iteration


Quick fix:
--- /usr/lib/python2.6/site-packages/dpkt/ip.py~        2010-03-26 
04:53:51.000000000 +0200
+++ /usr/lib/python2.6/site-packages/dpkt/ip.py 2010-07-06 18:54:05.013117134 
+0300
@@ -242,7 +242,7 @@
 # XXX - auto-load IP dispatch table from IP_PROTO_* definitions
 def __load_protos():
     g = globals()
-    for k, v in g.iteritems():
+    for k, v in list(g.iteritems()):
         if k.startswith('IP_PROTO_'):
             name = k[9:].lower()
             try:

try using ip.src or ip.dst, returns are not as expected :-/

What is the expected output? What do you see instead?
expected: 10.42.0.something
got: *$

What version of the product are you using? On what operating system?
1.6 on ubuntu

Please provide any additional information below.

What steps will reproduce the problem?
1. Import dpkt.

Python 2.6.1 (r261:67517, Dec  4 2008, 16:51:00) [MSC v.1500 32 bit
(Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import dpkt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python26\Lib\site-packages\dpkt\__init__.py", line 17, in <module>
    import bgp
  File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 678
    self.failUnless(c.as == 65215)
                       ^
SyntaxError: invalid syntax

Once I fixed that, I got this:

>>> import dpkt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python26\Lib\site-packages\dpkt\__init__.py", line 17, in <module>
    import bgp
  File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 715
    self.failUnless(b4.open.as == 237)
                             ^

So I fixed that, too. I think the problem is that "as" is a keyword in
Python >= 2.6.

dpkt 1.6 (from Windows EXE installer), on Windows 7 beta, on Python 2.6.1.

During the install of dpkt on a machine running python 2.6, the bgp.py file
contains 2 instances where property "as" is accessed on an object. "as" is
now a reserved keyword in Python 2.6 so maybe a quick change to the source
can help remedy this issue?

Hello, im creating an arp broadcast packet like this:

import dpkt
import socket
import binascii


def eth_aton(buffer):
        sp = buffer.split(':')
        buffer = ''.join(sp)
        return binascii.unhexlify(buffer)

arp = dpkt.arp.ARP()
arp.sha=eth_aton('00:24:8c:5b:11:ec')
arp.spa=socket.inet_aton('192.168.1.3')
arp.tha=eth_aton('00:00:00:00:00:00')  
arp.tpa=socket.inet_aton('192.168.1.4')
arp.op=dpkt.arp.ARP_OP_REQUEST  
eth=dpkt.ethernet.Ethernet()
eth.src=arp.sha       
eth.dst=eth_aton('ff:ff:ff:ff:ff:ff')           
eth.data=arp                      
eth.type=dpkt.ethernet.ETH_TYPE_ARP                      

And Im able to send the packet with a PF_PACKET RAW socket:

s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW) 
s.bind((device, dpkt.ethernet.ETH_TYPE_ARP))
s.send(str(eth))            

Everyhting works great and Im able to get a reply, my question is How is
the network byte order handled? dpkt or the BSD socket handles it? I've
tried it in systems with different endiannesses and it works fine.

From examining the SVN checkout, there appears to be no support for IPv6 
extension headers within dpkt.

The reason I ask is that it isn't currently possibly to guarantee the 
ability to detect the payload protocol of an IPv6 packet. 
In the instance that there are no extension headers, then the 'nxt' header 
attribute is set to the payload protocol. However, if there are any 
extension headers there is no way to follow the header chain to find the 
payload protocol (or if desired, decode the extension headers).

Is there any code floating around to provide this support, or is it the 
case that it simply hasn't been implemented in dpkt?

Thanks

What steps will reproduce the problem?
1. use dpkt.pcap.Reader to read a pcap file
2. use dpkt.pcap.Writer to write it in a new file

What is the expected output? What do you see instead?
The expected output is a positive microsecond number instead a negative
number is stored. 

What version of the product are you using? On what operating system?
Latest stable version of dpkt, on Ubuntu 9.04

Please provide any additional information below.
Small issue. It can be easily fixed by interchanging the two numbers. 
Instead of 
pcap.py:81:tv_usec=int((int(ts) - float(ts)) * 1000000.0),
use        tv_usec=int((float(ts) - int(ts)) * 1000000.0);

What steps will reproduce the problem?
1. Load up  an off line pcap (I am using Core Security's Pcapy)
2. Instantiate a tcp packet object with dpkt.tcp.TCP(packet_data)
3. Print sport dport, and it is wrong

What is the expected output? What do you see instead?
In the packet capture data I had I was expecting the value to 2001, which
would have been the server port connecting too  and from.  The dsport is
also incorrect.

What version of the product are you using? On what operating system?
I am using the latest from the repository and the operating system is 
linux.

Please provide any additional information below.
I tried to debug the issue, but I have not been able to identify the
problem as of yet.

What steps will reproduce the problem?
Following code:
import pcap, dpkt

def pr(hdr,data):
    print(`dpkt.ip.IP(data[14:])['src']`)

pc = pcap.pcap(None,1500,False)
pc.setfilter('udp')

##pc = pcap.pcap()
##pc.setfilter('udp')
pc.dispatch(10,pr)

shows mystery 'R\xb3A\x1e'
how to decode this?

Hi, 

  there seems to be a typo/bug in ssl.py in the SSL2 class.

Unless I'm missing something, lines saying:
            self.pad = self.data[1+n:1+n+pad]
            self.data = self.data[1+n+pad:]

should really say:
            self.pad = self.data[1+n:1+n+padlen]
            self.data = self.data[1+n+padlen:]

HTH

   Jirka

Please make dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment objects set the 
'len' field automatically to the length of the 'path' list, when encoding. 
Currently, the 'len' field has to be set manually by the caller, which is 
error-prone, e.g.:

dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment(
  type=dpkt.bgp.AS_SEQUENCE,
  len=1,  # could be automatically set to len(path)
  path=[64512])

What steps will reproduce the problem?
1. Installing latest version of py2xe
2. Compiling a project which references dpkt package
3. Examine error message

What is the expected output? What do you see instead?
It is expected to run smoothly, but instead... (here's the traceback message)

C:\Projects\pwcb-python\dist>pwcb.exe
Traceback (most recent call last):
  File "pwcb.py", line 5, in <module>
  File "dpkt\__init__.pyc", line 24, in <module>
  File "dpkt\ethernet.pyc", line 113, in <module>
  File "dpkt\ethernet.pyc", line 102, in __load_types
WindowsError: [Error 2] The system cannot find the path specified:
'C:\\Projects
\\pwcb-python\\dist\\library.zip\\dpkt/*.*'

What version of the product are you using? On what operating system?
Version 1.6 of dpkt and version 0.6.6 of py2exe on Windows XP.

Please provide any additional information below.

When unwrapping the results of a packet read off the wire with pcapy, ip.IP
completely explodes.

It tries to get the attribute "slice(None, 20, None)" and throws
"TypeError: getattr(): attribute name must be string".

-----

import pcapy
import dpkt.ethernet as ethernet
import dpkt.ip as ip
import dpkt.dns as dns
from optparse import OptionParser

def pcap_callback(hdr, pkt):
    frame = ethernet.Ethernet(pkt)

    packet = ip.IP(frame.data)


def main(iface):

    pcap = pcapy.open_live(iface, 0xffff, 1, 15)
    pcap.setfilter('udp port 53')

    while True:
        pcap.dispatch(-1, pcap_callback)

if __name__ == '__main__':
    op = OptionParser()
    op.add_option('-i', '--interface', dest='iface',
        default=pcapy.lookupdev(), help="Interface to listen on.")

    (opts, args) = op.parse_args()

    main(opts.iface)

-----

Traceback is:
-----

Traceback (most recent call last):
  File "dnswatch.py", line 29, in <module>
    main(opts.iface)
  File "dnswatch.py", line 20, in main
    pcap.dispatch(-1, pcap_callback)
  File "dnswatch.py", line 11, in pcap_callback
    packet = ip.IP(frame.data)
  File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 72, in
__init__
    self.unpack(args[0])
  File "/usr/local/lib/python2.5/site-packages/dpkt/ip.py", line 53, in unpack
    dpkt.Packet.unpack(self, buf)
  File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 127, in
unpack
    struct.unpack(self.__hdr_fmt__, buf[:self.__hdr_len__])):
  File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 88, in
__getitem__
    try: return getattr(self, k)
TypeError: getattr(): attribute name must be string

-----

The code's being run on Python 2.5.2 on FreeBSD 7. This occurs in the
latest version of the code checked out from SVN.

As mentioned early it's impossible to use dpkt with some distribution tools
due to it __load_xxx functions implementaions. Patch is attached.

In __str__ in the class IP6, IP6 sets the checksum of the payload (TCP or
ICMP6) to 

self.data.sum = dpkt.in_cksum_done(s + self.nxt + len(p))

The correct statement is  
self.data.sum = dpkt.in_cksum_done(s + socket.htons(self.nxt + len(p)))

replace in line 81 

tv_usec=int((int(ts) - float(ts)) * 1000000.0)

with

tv_usec=int((float(ts) - int(ts)) * 1000000.0)


tnx
Manuel.

ASPath objects accepts an ASPathSegment object in its 'segments' field. 
However, this field is not printed when representing the object. Only the 
'data' field is printed.
When an object is decoded, the 'data' field is set to the value of the 
'segments' field, so it is represented correctly, but it's not the case when an 
object is created in code.
Same problem in ASPathSegment: the 'data' field should be set to the value of 
the 'path' field.

As a workaround, I have to set the 'data' fields manually, after creating the 
objects:
for a in paths:  # ASPath objects
  a.data = a.segments
  for s in a.segments:  # ASPathSegment objects
    s.data = s.path

Please do that automatically, or use the 'segments' and 'path' fields to 
represent those objects, instead of the 'data' fields.

This is not essential, but very useful for debugging.

What steps will reproduce the problem?
1. use pcap.Writer to create a pcap
2. od -X <> | head shows big-endian pcap file.

What is the expected output? What do you see instead?
Expected a little endian pcap on x86 platforms.

What version of the product are you using? On what operating system?
dpkt 1.7, Linux (Ubuntu 10.04 x86), Mac OS X (Snow Leopard 10.6.4 x86)

Please provide any additional information below.

--- pcap.py 2009-11-06 22:28:26.000000000 +0000
+++ pcap-new.py 2010-09-09 13:07:09.000000000 +0100
@@ -70,7 +70,10 @@
     """Simple pcap dumpfile writer."""
     def __init__(self, fileobj, snaplen=1500, linktype=DLT_EN10MB):
         self.__f = fileobj
-        fh = FileHdr(snaplen=snaplen, linktype=linktype)
+        if sys.byteorder == 'little':
+            fh = LEFileHdr(snaplen=snaplen, linktype=linktype)
+        else:
+            fh = FileHdr(snaplen=snaplen, linktype=linktype)
         self.__f.write(str(fh))

     def writepkt(self, pkt, ts=None):
@@ -78,7 +81,12 @@
             ts = time.time()
         s = str(pkt)
         n = len(s)
-        ph = PktHdr(tv_sec=int(ts),
+        if sys.byteorder == 'little':
+            ph = LEPktHdr(tv_sec=int(ts),
+                    tv_usec=int((float(ts) - int(ts)) * 1000000.0),
+                    caplen=n, len=n)
+        else:
+            ph = PktHdr(tv_sec=int(ts),
                     tv_usec=int((float(ts) - int(ts)) * 1000000.0),
                     caplen=n, len=n)
         self.__f.write(str(ph))

[deleted issue]

The length of BGP objects is not automatically calculated (the 'len' field'). 
Please calculate the length automatically when encoding a BGP object.

As a workaround, I have to calculate the length manually this way:

msg = ...
msg_with_headers = dpkt.bgp.BGP(len=dpkt.bgp.BGP.__hdr_len__ + len(msg),
                                type=msg_type)
msg_with_headers.data = msg

Put more clearly, when an HTTP response, say, 304 Not Modified, has no body but 
still has a content-type header, all data after that in the stream is consumed.

What steps will reproduce the problem?
1. Unpack attached zip file
2. Run dpkt_bug.py, which attempts to construct dpkt.http.Response's with the 
data in the file stream.txt, included.

This program prints the number of responses parsed. There are two responses in 
the file, but only one is detected, with the other response as its body. You 
can see this if you print the responses instead of just the length of the list.

This test was run on Windows Vista with dpkt 1.7.

If pigment python is installed, dpkt 1.7 fails with the error below:

Traceback (most recent call last):
  File "./setup.py", line 4, in <module>
    import dpkt
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/__init__.py", line 24, in <module>
    import ethernet
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 128, in <module>
    __load_types()
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 122, in __load_types
    mod = __import__(modname, g)
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip6.py", line 95, in <module>
    import ip
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 255, in <module>
    __load_protos()
  File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 252, in __load_protos
    IP.set_proto(v, getattr(mod, name.upper()))
AttributeError: 'module' object has no attribute 'PGM'

This was found in OpenBSD 4.7/x86 but the error is not OS specific.
Attached diff should fix it.
Thanks.

Update objects can be correctly encoded when decoded from a captured packet. 
But it is not possible to create a Update object in code and encode it without 
errors.

Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to 
the class, after importing it:
dpkt.bgp.BGP.Update.__hdr_fields__ = ()

The problem is that the total length of a SCTP chunk MUST be a multiple of 4 
bytes but the actual decoder just use the length field of the chunk and ignore 
the padding bytes.

Attached files:
sctp.pcap: a pcap file which contains a SCTP packet that the actual decoder 
fails to parse.
sctp.patch: a patch which, I hope, solve the problem.

Diff attached.

What steps will reproduce the problem?
First off, if you run this code from the tutorial with the added print 
statement.
#!/usr/bin/env python

import dpkt

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    if tcp.dport == 80 and len(tcp.data) > 0:
        http = dpkt.http.Request(tcp.data)
        print http.uri
    print ts

f.close()

You will see a number similar to this
1234567890.12

Where is the microsecond resolution?

What is the expected output? What do you see instead?
1234567890.123456789 would be the expected output (like wireshark when it opens 
the same file)


What version of the product are you using? On what operating system?
Version 1.7
Linux Fedora Core 11

Please provide any additional information below.
In addition to this I would like to modify the code so it works with the nano 
extensions to pcap, which gives the time format 3 extra digits after the 0 for 
the time stamp.  Any suggestions on where to start to parse this data 
differently ??