Report the interface ID used to capture pcapng files

Eric Marchand · Eric Marchand · commit a18382fc3ca1 · 2025-04-25T16:33:23.000+02:00
* On pcapng files, you can have several capture interfaces.
We report this information to be able to use it on another classes
diff --git a/scapy/packet.py b/scapy/packet.py
@@ -101,6 +101,7 @@ class Packet(
         "direction", "sniffed_on",
         # handle snaplen Vs real length
         "wirelen",
+        "intid",
         "comment",
         "process_information"
     ]
@@ -177,6 +178,7 @@ def __init__(self,
         self.raw_packet_cache = None  # type: Optional[bytes]
         self.raw_packet_cache_fields = None  # type: Optional[Dict[str, Any]]  # noqa: E501
         self.wirelen = None  # type: Optional[int]
+        self.intid = None
         self.direction = None  # type: Optional[int]
         self.sniffed_on = None  # type: Optional[_GlobInterfaceType]
         self.comment = None  # type: Optional[bytes]
@@ -232,6 +234,7 @@ def __reduce__(self):
             self.direction,
             self.sniffed_on,
             self.wirelen,
+            self.intid,
             self.comment
         ))
 
@@ -258,7 +261,6 @@ def init_fields(self, for_dissect_only=False):
         """
         Initialize each fields of the fields_desc dict
         """
-
         if self.class_dont_cache.get(self.__class__, False):
             self.do_init_fields(self.fields_desc)
         else:
@@ -431,6 +433,7 @@ def copy(self) -> Self:
             self.raw_packet_cache_fields
         )
         clone.wirelen = self.wirelen
+        clone.intid = self.intid
         clone.post_transforms = self.post_transforms[:]
         clone.payload = self.payload.copy()
         clone.payload.add_underlayer(clone)
@@ -500,6 +503,7 @@ def setfieldval(self, attr, val):
             self.raw_packet_cache = None
             self.raw_packet_cache_fields = None
             self.wirelen = None
+            self.intid = None
         elif attr == "payload":
             self.remove_payload()
             self.add_payload(val)
@@ -524,6 +528,7 @@ def delfieldval(self, attr):
             self.raw_packet_cache = None
             self.raw_packet_cache_fields = None
             self.wirelen = None
+            self.intid = None
         elif attr in self.default_fields:
             pass
         elif attr == "payload":
@@ -694,6 +699,8 @@ def self_build(self):
         # type: () -> bytes
         """
         Create the default layer regarding fields_desc dict
+
+        :param field_pos_list:
         """
         if self.raw_packet_cache is not None and \
                 self.raw_packet_cache_fields is not None:
@@ -703,6 +710,7 @@ def self_build(self):
                     self.raw_packet_cache = None
                     self.raw_packet_cache_fields = None
                     self.wirelen = None
+                    self.intid = None
                     break
             if self.raw_packet_cache is not None:
                 return self.raw_packet_cache
@@ -1145,6 +1153,7 @@ def clone_with(self, payload=None, **kargs):
             self.raw_packet_cache_fields
         )
         pkt.wirelen = self.wirelen
+        pkt.intid = self.intid
         pkt.comment = self.comment
         pkt.sniffed_on = self.sniffed_on
         pkt.direction = self.direction
@@ -2006,7 +2015,7 @@ def mysummary(self):
 class Padding(Raw):
     name = "Padding"
 
-    def self_build(self):
+    def self_build(self, field_pos_list=None):
         # type: (Optional[Any]) -> bytes
         return b""
 
diff --git a/scapy/utils.py b/scapy/utils.py
@@ -1647,7 +1647,7 @@ class RawPcapNgReader(RawPcapReader):
     PacketMetadata = collections.namedtuple("PacketMetadataNg",  # type: ignore
                                             ["linktype", "tsresol",
                                              "tshigh", "tslow", "wirelen",
-                                             "comment", "ifname", "direction",
+                                             "comment","ifname","intid", "direction",
                                              "process_information"])
 
     def __init__(self, filename, fdesc=None, magic=None):  # type: ignore
@@ -1656,6 +1656,7 @@ def __init__(self, filename, fdesc=None, magic=None):  # type: ignore
         self.f = fdesc
         # A list of (linktype, snaplen, tsresol); will be populated by IDBs.
         self.interfaces = []  # type: List[Tuple[int, int, Dict[str, Any]]]
+        self.interface_names = []
         self.default_options = {
             "tsresol": 1000000
         }
@@ -1781,7 +1782,7 @@ def _read_block_shb(self):
     def _read_packet(self, size=MTU):  # type: ignore
         # type: (int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata]
         """Read blocks until it reaches either EOF or a packet, and
-        returns None or (packet, (linktype, sec, usec, wirelen)),
+        returns None or (packet, (linktype, sec, usec, wirelen,intid)),
         where packet is a string.
 
         """
@@ -1800,7 +1801,7 @@ def _read_options(self, options):
                 warning("PcapNg: options header is too small "
                         "%d !" % len(options))
                 raise EOFError
-            if code != 0 and 4 + length <= len(options):
+            if code != 0 and 4 + length < len(options):
                 opts[code] = options[4:4 + length]
             if code == 0:
                 if length != 0:
@@ -1860,6 +1861,7 @@ def _read_block_epb(self, block, size):
                 self.endian + "5I",
                 block[:20],
             )
+            ifname = self.interface_names[intid] if intid < len(self.interface_names) else None
         except struct.error:
             warning("PcapNg: EPB is too small %d/20 !" % len(block))
             raise EOFError
@@ -1914,6 +1916,7 @@ def _read_block_epb(self, block, size):
                                                wirelen=wirelen,
                                                comment=comment,
                                                ifname=ifname,
+                                               intid=intid,
                                                direction=direction,
                                                process_information=process_information))
 
@@ -1952,6 +1955,7 @@ def _read_block_pkt(self, block, size):
                 self.endian + "HH4I",
                 block[:20],
             )
+            ifname = self.interface_names[intid] if intid < len(self.interface_names) else None
         except struct.error:
             warning("PcapNg: PKT is too small %d/20 !" % len(block))
             raise EOFError
@@ -2067,7 +2071,7 @@ def read_packet(self, size=MTU, **kwargs):
         rp = super(PcapNgReader, self)._read_packet(size=size)
         if rp is None:
             raise EOFError
-        s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, direction, process_information) = rp  # noqa: E501
+        s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, intid, direction, process_information) = rp  # noqa: E501
         try:
             cls = conf.l2types.num2layer[linktype]  # type: Type[Packet]
             p = cls(s, **kwargs)  # type: Packet
@@ -2088,6 +2092,7 @@ def read_packet(self, size=MTU, **kwargs):
         p.process_information = process_information.copy()
         if ifname is not None:
             p.sniffed_on = ifname.decode('utf-8', 'backslashreplace')
+        p.intid = intid
         return p
 
     def recv(self, size: int = MTU, **kwargs: Any) -> 'Packet':  # type: ignore
@@ -2210,7 +2215,7 @@ def write_packet(self,
             comment=comment,
             ifname=ifname,
             direction=direction,
-            linktype=linktype
+            linktype=linktype,
         )
 
 
@@ -2640,6 +2645,7 @@ def _write_packet(self,  # type: ignore
         if wirelen is None:
             wirelen = caplen
 
+
         ifid = self.interfaces2id.get(ifname, None)
         if ifid is None:
             ifid = max(self.interfaces2id.values()) + 1
