search

vs-uulm / nemesys

NEtwork MEssage Syntax analysYS (WOOT 2018) and NEtwork MEssage TYpe identification by aLignment (INFOCOM 2020)
MIT License
48 stars 12 forks source link

What to do with encapsulated layers? #13

Open techge opened 3 years ago

techge commented 3 years ago

The code of nemere (more precisely the FMS part) raises a very interesting question:

what to do with layers after (embedded in) the target protocol

The response is to just include them to the dissections:

# what to do with layers after (embedded in) the target protocol
if absLayNum < len(self.protocols):
        for embedded in self.protocols[absLayNum+1 : ]:
                dissectsub = ParsedMessage._getElementByName(layersvalue, embedded)
                if isinstance(dissectsub, list):
                        self._dissectfull += dissectsub
                # else:
                #     print("Bogus protocol layer ignored: {}".format(embedded))

Thing is, I actually want to test the dissections of a protocol that encapsulates layers and the way I see it, FMS should only test the dissection of the protocol itself and not of the whole message, this is why I deactivated this part in my slightly adapted implementation. But I know PRE tools would handle this differently. Do you have any idea, if there is a way to solve this issues elegantly? I am not sure, if this drastic commenting of mine is causing some problems later on.

techge commented 3 years ago

I am thinking about a parameter that can be submitted to the Comparator to decide in following layers are omitted. If I find a nice and clean solution, I will open a PR for that.