-
Notifications
You must be signed in to change notification settings - Fork 637
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packet::setRawPacket parses layers it should not when parseUntilLayer is set #657
Comments
@weyrick thanks for reaching out! |
Hi @seladb, ok interesting. Right so how about add a pure virtual
So
or similar. Then this information could be used by |
That's an interesting idea @weyrick ! Layer* Layer::createLayer(protocolType, payload, payloadLen, ...)
{
switch (protocolType)
{
case X:
return new XLayer(payload, payloadLen, ...);
case Y:
return new YLayer(payload, payloadLen, ...);
...
...
}
}
...
void Layer::parseNextLayer()
{
pcpp::ProtocolInfo info = identifyNextLayer(payload, payloadLen);
m_NextLayer = createLayer(info.protocolType, payload, payloadLen, ...);
} And then |
Seems like that should work, although it means that adding new protocols requires changing this big createLayer() method - reduces cohesion. But not the end of the world. Are the arguments to the construction of all layers always the same? If there was special logic that required access to local member variables and that may be a problem too. |
Yes, this is a good point. Maybe we can consider adding this method outside of the
Yes, as far as I remember the c'tors are always the same and include the pointer to the payload, its length, the previous layer and a pointer to the |
I actually prefer my first suggestion, just splitting the identification from the creation and adding an identifyNextLayer, but otherwise leaving the architecture. |
But this will create code duplication between |
Well they would both still have to have if blocks or switches able to handle any of the next layers, but no functionality would be duplicated no. So if this is a snippet of UdpLayer:
we would get after refactor (pseudo)
Make sense? |
hi @weyrick , yes this can be a nice refactoring. There is still some code duplication but I guess we can live with that |
Actually I did a little thinking, and some downsides with this is that it will take some work, it breaks a public API, and has some small duplication as you mention. Perhaps a much easier refactor would be to simply propagate the
|
@weyrick that's a great idea, and a much cleaner solution! It will still require changes in each layer's |
Unfortunately won't have time in the near future. |
that makes sense @weyrick , thanks for letting me know. Let's keep this issue open for now, maybe someone will want to take it |
Hello, I found that
Packet::setRawPacket
is parsing too many layers whenparseUntilLayer
is set. IfparseUntilLayer
is set toOsiModelTransportLayer
and the packet contains DNS traffic, it will still parse into the DNS layer even though it should stop at the UDP layer.This is the offending loop, which parses until
<= parseUntilLayer
(should be just<
?):PcapPlusPlus/Packet++/src/Packet.cpp
Lines 60 to 68 in 3498774
There seems to be a hack in the code to clean up the extra layer if it went too far:
PcapPlusPlus/Packet++/src/Packet.cpp
Lines 76 to 81 in 3498774
But this is extra work, and the result is that the DNS payload is parsed twice (because I do my own DNS parsing later based on just UDP payload from pcpp).
The text was updated successfully, but these errors were encountered: