secdev
PcapNg - Apple Process Information Block
This PR adds support for process information stored in a PcapNg by the tcpdump command on macOS.
How to test it?
sudo tcpdump -kA -r test.pcapng
>>> l = rdpcap("test.pcapng")
>>> l[0].process_information
{'proc': {'id': 2116, 'name': 'com.apple.WebKit'}, 'eproc': {'id': 2107, 'name': 'Safari'}}
I welcome comments, yet this needs to be tested against several big pcap files before being merged.
Codecov Report
Attention: Patch coverage is 73.33333% with 8 lines in your changes missing coverage. Please review.
Project coverage is 81.56%. Comparing base (
de36337) to head (35cc131).
Additional details and impacted files
@@ Coverage Diff @@
## master #4396 +/- ##
=======================================
Coverage 81.56% 81.56%
=======================================
Files 353 353
Lines 84116 84145 +29
=======================================
+ Hits 68609 68633 +24
- Misses 15507 15512 +5
| Files | Coverage Δ | |
|---|---|---|
| scapy/packet.py | 84.44% <100.00%> (+0.01%) |
:arrow_up: |
| scapy/utils.py | 73.10% <72.41%> (-0.03%) |
:arrow_down: |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@evverx That's a good catch! Thanks a lot for fuzzing it. This is indeed the piece of the code that I was not able to test.
Hopefully the action should help to catch things like this automatically.
It seems it still crashes. As far as I understand the condition is inverted in that UUID() is called when the length isn't 16.
