Skip to content

pcapng reader cannot read pipe #4405

Closed
#4428
Closed
pcapng reader cannot read pipe#4405
#4428
@wataash

Description

@wataash
wataash
opened on May 29, 2024

Brief description

pcapng reader cannot read pipe

Scapy version

master (a795ad6)

Python version

3.10

Operating system

Linux 5.15.39+

Additional environment information

No response

How to reproduce

python -c "rdpcap('/dev/stdin')" <a.pcapng is OK, but cat a.pcapng | python -c "rdpcap('/dev/stdin')" fails.

python -c "from scapy.all import *; wrpcapng('a.pcapng', [Ether()])"

xxd a.pcapng
#00000000: 0a0d 0d0a 1c00 0000 4d3c 2b1a 0100 0000  ........M<+.....
#00000010: ffff ffff ffff ffff 1c00 0000 0100 0000  ................
#00000020: 1400 0000 0100 0000 0000 0400 1400 0000  ................
#00000030: 0600 0000 3000 0000 0000 0000 9119 0600  ....0...........
#00000040: 36d7 0f87 0e00 0000 0e00 0000 ffff ffff  6...............
#00000050: ffff 34cf f6f3 9364 9000 0000 3000 0000  ..4....d....0...

               python -c "from scapy.all import *; rdpcap('/dev/stdin')" <a.pcapng # ok

cat a.pcapng | python -c "from scapy.all import *; rdpcap('/dev/stdin')"           # error!
#Traceback (most recent call last):
#  File "<string>", line 1, in <module>
#  File "/home/wsh/qpy/scapy/scapy/utils.py", line 1355, in rdpcap
#    with PcapReader(filename) as fdesc:  # type: ignore
#  File "/home/wsh/qpy/scapy/scapy/utils.py", line 1397, in __call__
#    raise Scapy_Exception(
#scapy.error.Scapy_Exception: No data could be read!

This is because the first some bytes (0a 0d 0d 0a 1c ...) are discarded in try: gzip.open().read(4) when the file is a pipe:

scapy/scapy/utils.py

Line 1431 in a795ad6

magic = fdesc.read(4) 

            try:
                fdesc = gzip.open(filename, "rb")  # type: _ByteStream
                magic = fdesc.read(4)  # raises IOError
            except IOError:
                fdesc = open(filename, "rb")
                # <a.pcapng      : /dev/stdin is a regular file, magic = b'\n\r\r\n' (0a 0d 0d 0a), ok
                # cat a.pcapng | : /dev/stdin is a pipe,         magic = b'6\x00\x00\x00' (06 00 00 00) -- it's at 00000030: in xxd above. the first 0x30 bytes are discarded in gzip.open().read()!
                magic = fdesc.read(4)

Actual result

No response

Expected result

No response

Related resources

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions