scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

PCAPNG: Adding SHB Options

Open LarsV33 opened this issue 1 month ago • 4 comments

This patch allows to initialize the PcapNgWriter with Hardware, OS, and User Application. This information is written to the pcapng SHB.

LarsV33 avatar Oct 26 '25 19:10 LarsV33

Thanks for this PR. Could you add unit tests, for example at https://github.com/secdev/scapy/blob/ef72e1db75172469eb1fffde6ee6c3206fee04d4/test/regression.uts#L2258?

Also, can you point us with the documentation of these blocks?

guedou avatar Oct 26 '25 19:10 guedou

Thanks for this PR. Could you add unit tests, for example at

https://github.com/secdev/scapy/blob/ef72e1db75172469eb1fffde6ee6c3206fee04d4/test/regression.uts#L2258 ?

I gave it a try. Without a reader hard to read back.

Also, can you point us with the documentation of these blocks?

This is part of the regular pcapng specification. These options are missing in the scapy implementation.

I guess the best pcapng spec is the upcoming rfc: https://www.ietf.org/archive/id/draft-ietf-opsawg-pcapng-04.html#name-section-header-block

LarsV33 avatar Oct 26 '25 21:10 LarsV33

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 80.86%. Comparing base (ef72e1d) to head (41d1a2c).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4865      +/-   ##
==========================================
+ Coverage   80.48%   80.86%   +0.37%     
==========================================
  Files         368      368              
  Lines       90255    90269      +14     
==========================================
+ Hits        72645    72998     +353     
+ Misses      17610    17271     -339
Files with missing lines Coverage Δ
scapy/utils.py 73.57% <100.00%> (+0.92%) :arrow_up:

... and 22 files with indirect coverage changes

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Oct 27 '25 07:10 codecov[bot]

Thanks for pointing out the spec! I forgot about it.

The RawPcapNgReader already supports reading these options, that probably better to tweak it and use for the unit tests, see https://github.com/secdev/scapy/blob/master/scapy/utils.py#L1752

guedou avatar Oct 27 '25 19:10 guedou