scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Extra DoIP layers are discarded

Open AlexanderRavenheart opened this issue 1 year ago • 0 comments

Brief description

Sometimes, an Ethernet Frame can contain multiple DoIP layers. When that occurs, the second DoIP layer and everything else after it are completely discarded during the dissection of the Frame.

Scapy version

2.6.0rc1

Python version

3.12

Operating system

Ubuntu 24.04 LTS (Linux 6.8.0-38-generic x86_64)

Additional environment information

No response

How to reproduce

Here is a test script to show the issue:

from scapy.main import load_contrib
from scapy.utils import PcapReader

if __name__ == '__main__':
    load_contrib("automotive.doip")
    with PcapReader("multiple_doip_layers.pcap") as pcap_reader:
        for packet in pcap_reader:
            packet.show()

As can be seen in the Wireshark screenshots, the first Frame contains:

  • Alive check response
  • Diagnostic message Wireshark Frame 1

When we run the script, we can see that scapy discards the Diagnostic message (second DoIP layer) and only shows the Alive check response (first DoIP layer): image

Actual result

No response

Expected result

I expect to see the second DoIP layer also be dissected and shown accordingly.

Related resources

Here is a sample pcap file: multiple_doip_layers.zip

AlexanderRavenheart avatar Jul 25 '24 16:07 AlexanderRavenheart