p-l-
commented
5 years ago Hi,
Thanks for reporting this. It would help (a lot) if you could post the answer that Scapy is missing together with the probe in the PCAP file.
Pierre
Closed fanktom closed 5 years ago
p-l-
commented
5 years ago Hi,
Thanks for reporting this. It would help (a lot) if you could post the answer that Scapy is missing together with the probe in the PCAP file.
Pierre
p-l-
commented
5 years ago Oh BTW, since this is a broadcast packet, you may want to set conf.checkIPsrc = 0 and try again (since the answer's source won't be the original packet's destination).
fanktom
commented
5 years ago Hey there, thanks for your help!
The answer that it is missing is this one:
Ether(dst='fc:c2:3d:0b:93:13', src='3c:ce:15:00:00:01', type=2048)/IP(version=4, ihl=5, tos=0, len=68, id=513, flags=2, frag=0, ttl=64, proto=17, chksum=9750, src='169.254.17.10', dst='169.254.173.139', options=[])/UDP(sport=13400, dport=58451, len=48, chksum=9593)/DoIP(protocol_version=2, inverse_protocol_version=253, type=4, length=32)/DoIPPayloadVAM(vin=b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff', logical_address=4362, eid=b'<\xce\x15\x00\x00\x01', gid=b'<\xce\x15\x00\x00\x05', further_action=0)I captured this with the "start sniffing thread, then sendp" method.
I also tried your suggestion to set the conf.checkIPsrc = 0 but unfortunately that did not make a difference.
I also checked https://github.com/secdev/scapy/blob/master/scapy/sendrecv.py to find out how scapy determines if something is an answer to a packet. Somehow it compares hashrets of the payloads which seems to be a binary representation of the payload as seen in https://github.com/secdev/scapy/blob/master/scapy/packet.py ?
gpotter2
commented
5 years ago The DoIP layer was renamed ENET by @polybassa on recent versions.
If DoIPVIR is your custom packet, you probably need to implement hashret and answers (https://stackoverflow.com/a/27974093/5459467) (do we have it elsewhere in the doc ?!)
polybassa
commented
5 years ago Hi @fanktom
AutoSar DoIP isn't implemented in Scapy, at the moment. I've started with the implementation. https://github.com/polybassa/scapy-1/commit/4e3652e0c070448c5089ee004b467b72e22579ab
If you are working with DoIP on a real ECU, it would be great, if you could share some information.
Also, if you have some implementation of DoIP, it would be great if you could share it.
fanktom
commented
5 years ago @gpotter2 Ah, that's probably it. I did not implement or override any of the hashret or answer functions. So if I understand it correctly, scapy probably sees the packet as an answer candidate in the lower layers (Ether, IP, TCP) but then my custom implementation does not identify it as an answer so it is discarded.
@polybassa Thanks for the information! Surely I can help with that. Currently I have the header (as you have) + vehicle announcement request and response (VAMs) and routing activation request/response plus diagnostic message sending implemented (apparently without working answer/hashret). However, I'm certain my architecture could be improved, e.g. currently the DoIP Header and the Payload are two layers, because some DoIP Headers don't have any payload. Not sure if that is the best design decision.
If your interested we could try to mature and combine it.
guedou
commented
5 years ago It looks that the issue is solved. Please reopen if not.
Brief description
When sending out a packet (ISO DoIP Protocol) on layer 2 the wireshark dump (see attached) shows that a response is sent, but is is no picket up by scapy's srp(1) mechanism.
Wireshark shows there is a direct response to the sender IP, however scapy does not pick it up.
Creating an async sniffer that is started before the send is done and then using sendp does pick up the package.
How is decided if a packet is a response to another?
Environment
How to reproduce
Code used to send the packet out:
Actual result
Expected result
Related resources
scapy-missing-response.pcapng.zip