Closed jpollard-jumptrading closed 3 years ago
Closing in favour of https://github.com/secdev/scapy/issues/3176: this is a documentation error.
Oh, this is not a documentation error. Bit fields are actually not documented, BTW.
The implementation for little endian decoding is incorrect when the first bitfield has uneven amount of bits, larger than 8. I already spent a whole day, debugging it. Calculations of bit shifts and masks are incorrect.
I could fix it and cover with tests if you are open for accepting my PR (please declare). Otherwise, I can just reimplement addfield
and getfield
methods on my own for LE use only.
Brief description
Little-endian
BitFields
seem to lead to incorrect packet dissection when combined with otherField
types. I've a minimum failing example, and I would appreciate it if someone with greater knowledge of Scapy could take a look and confirm whether this is a real bug, or if I'm doing something wrong.Environment
b5b6e64
How to reproduce
Actual result
Expected result
This is a very simple
Packet
with no computed fields: I would expectbad.show()
to print the same asbad.show2()
.Related resources
Consider a little endian packet which looks like this:
Note that this is almost identical to the "Example - low endian" in the docstring for
BitField
, and can be modelled as follows:Note that we observe the following behaviour:
Now I'd like to add an additional field, so that we get the following:
I'm modelling this as:
Unfortunately, I now observe the following:
Everything is fine up until the final
show2()
, which builds the raw packet, and tries to dissect it back into aBadPacket
. I haven't had chance to look into the implementation properly, but I suspect there is a bug lurking somewhere around there.