Unable to access field names that do not match protocol layer name - ek mode

[daulis]

Describe the bug When using ek mode, I'm unable to access field names that do not match protocol layer name

eg: In the attached field_name_different_from_protocol_layer.pcapng, 'cip.path_segment.type' is in both 'cip' and 'cipcm' protocol layer, and has different values in each layer. But, I'm only able to access those values in the 'cipcm' protocol layer when using use_ek=False.

To Reproduce

import pyshark

pcap_file = "field_name_different_from_protocol_layer.pcapng.txt"
capture_old = pyshark.FileCapture(pcap_file, use_ek=False)
capture_ek = pyshark.FileCapture(pcap_file, use_ek=True)

pkt_old = capture_old[0]
pkt_ek = capture_ek[0]

# This shows all values as expected.
print("use_ek=False")
print(pkt_old.cip.get("cip.path_segment.type").all_fields)
print(pkt_old.cipcm.get("cip.path_segment.type").all_fields)

# This shows the correct value for the 'cip' layer, but nothing in the 'cipcm' layer.
print("\nuse_ek=True")
print(pkt_ek.cip.get("cip.path_segment.type"))
print(pkt_ek.cipcm.get("cip.path_segment.type"))

Expected behavior I would expect to be able to access all values, using the get() syntax: pkt_ek.cipcm.get("cip.path_segment.type")

Versions (please complete the following information):

• OS: Windows 10
• pyshark version: pyshark==0.5.3
• tshark version: 3.6.6

Example pcap / packet field_name_different_from_protocol_layer.pcapng.txt (This is really a pcap file, but GitHub doesn't like them)

[daulis]

I showed you this one last week, but still wanted to log something, in case other people have the same issue. For now, I think use_ek=False will be good enough for us.

(Thanks again for the help, and it was nice to meet you!)

[amlamarra]

@daulis I'm not yet sure why this is necessary, but this should work:

print(pkt_ek.cipcm.get("cip_cip_path_segment_type"))

Or just

print(pkt_ek.cipcm.cip_cip_path_segment_type)