scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Pickle changes/sets payload_length of DoIP package

Open waterfallwhitebread opened this issue 1 year ago • 3 comments

Brief description

Pickling and unpickling of a scapy.contrib.automotive.doip.DoIP package changes the value of payload_length

Scapy version

2.6.1

Python version

3.12

Operating system

Windows 10

Additional environment information

No response

How to reproduce

import pickle
import scapy.contrib.automotive.doip

doip_packet = scapy.contrib.automotive.doip.DoIP()
print(doip_packet.json())
pickled_elem = pickle.dumps(doip_packet, protocol=pickle.HIGHEST_PROTOCOL)
unpickled_elem = pickle.loads(pickled_elem)
print(unpickled_elem.json())

Actual result

{"protocol_version": 2, "inverse_version": 253, "payload_type": 0, "payload_length": 1, "nack": 0, "vin": "", "logical_address": null, "eid": "", "gid": "", "further_action": null, "vin_gid_status": null, "source_address": null, "activation_type": null, "logical_address_tester": null, "logical_address_doip_entity": null, "routing_activation_response": null, "reserved_iso": null, "reserved_oem": "", "diagnostic_power_mode": null, "node_type": null, "max_open_sockets": null, "cur_open_sockets": null, "max_data_size": null, "target_address": null, "ack_code": null, "nack_code": null, "previous_msg": ""}

Expected result

{"protocol_version": 2, "inverse_version": 253, "payload_type": 0, "payload_length": null, "nack": 0, "vin": "", "logical_address": null, "eid": "", "gid": "", "further_action": null, "vin_gid_status": null, "source_address": null, "activation_type": null, "logical_address_tester": null, "logical_address_doip_entity": null, "routing_activation_response": null, "reserved_iso": null, "reserved_oem": "", "diagnostic_power_mode": null, "node_type": null, "max_open_sockets": null, "cur_open_sockets": null, "max_data_size": null, "target_address": null, "ack_code": null, "nack_code": null, "previous_msg": ""}

Related resources

No response

waterfallwhitebread avatar Nov 29 '24 13:11 waterfallwhitebread

payload_length is initialized as null value during packet construction. The post_build function calculates the payload_length but it is invoked only when any process performed on packet.

@gpotter2 correct me if I am wrong

satveerbrar avatar Dec 18 '24 08:12 satveerbrar

Pickling should be transparent. This doesn't look normal to me but I haven't looked into it yet

gpotter2 avatar Dec 18 '24 08:12 gpotter2

Initially, the payload_length is null. It gets updated after this line of code: pickled_elem = pickle.dumps(doip_packet, protocol=pickle.HIGHEST_PROTOCOL)

During pickling, the post_build function is invoked, which calculates the actual payload_length and updates it.

I don’t think there’s any issue with pickling itself. I’m not entirely sure about the overall architecture. Should the post_build function be invoked immediately after packet construction to update the payload_length?

satveerbrar avatar Dec 18 '24 17:12 satveerbrar