Fixed ek packet parsing when there are repeated protocol layers + added raw to each layer

src/pyshark/packet/packet.py

@@ -66,11 +66,11 @@ def __dir__(self):
         return dir(type(self)) + list(self.__dict__.keys()) + [l.layer_name for l in self.layers]
 
     def get_raw_packet(self) -> bytes:
-        assert "FRAME_RAW" in self, "Packet contains no raw data. In order to contains it, " \
+        assert self.frame_info.has_field('raw'), "Packet contains no raw data. In order to contains it, " \
                                     "make sure that use_json and include_raw are set to True " \
                                     "in the Capture object"
         raw_packet = b''
-        byte_values = [''.join(x) for x in zip(self.frame_raw.value[0::2], self.frame_raw.value[1::2])]
+        byte_values = [''.join(x) for x in zip(self.frame_info.raw[0::2], self.frame_info.raw[1::2])]
         for value in byte_values:
             raw_packet += binascii.unhexlify(value)
         return raw_packet

src/pyshark/tshark/output_parser/tshark_ek.py

@@ -34,25 +34,46 @@ def _extract_packet_from_data(self, data, got_first_packet=True):
 
         return data[start_index:linesep_location], data[linesep_location + 1:]
 
-
-def packet_from_ek_packet(json_pkt):
+def packet_from_ek_packet_new(json_pkt):
     if USE_UJSON:
         pkt_dict = ujson.loads(json_pkt)
     else:
         pkt_dict = json.loads(json_pkt.decode('utf-8'))
 
     # We use the frame dict here and not the object access because it's faster.
-    frame_dict = pkt_dict['layers'].pop('frame')
-    layers = []
-    for layer in frame_dict['frame_frame_protocols'].split(':'):
-        layer_dict = pkt_dict['layers'].pop(layer, None)
-        if layer_dict is not None:
-            layers.append(EkLayer(layer, layer_dict))
+    layers = pkt_dict['layers']
+    frame_dict = layers.pop('frame')
+    if 'frame_raw' in layers:
+        frame_dict['frame_frame_raw'] = layers.pop('frame_raw')
+
+    # Sort the frame protocol layers first
+    ek_layers = []        
+    for name in frame_dict['frame_frame_protocols'].split(':'):
+        raw_name = f"{name}_raw"
+        if name in layers:
+            layer = layers.get(name)
+            layer_raw = layers.get(raw_name)
+            if not layer:
+                continue
+            elif isinstance(layer, list):
+                layer = layer.pop(0)
+                layer_raw = layer_raw.pop(0) if layer_raw else None
+            else:
+                layers.pop(name, None)
+                layers.pop(raw_name, None)
+            layer[f"{name}_{raw_name}"] = layer_raw
+            ek_layer = EkLayer(name, layer)
+            ek_layers.append(ek_layer)
+
     # Add all leftovers
-    for name, layer in pkt_dict['layers'].items():
-        layers.append(EkLayer(name, layer))
+    for name, layer in layers.items():
+        if isinstance(layer, list):
+            for sub_layer in layer:
+                ek_layers.append(EkLayer(name, sub_layer) )
+        else:
+            ek_layers.append(EkLayer(name, layer))
 
-    return Packet(layers=layers, frame_info=EkLayer('frame', frame_dict),
+    return Packet(layers=ek_layers, frame_info=EkLayer('frame', frame_dict),
                   number=int(frame_dict.get('frame_frame_number', 0)),
                   length=int(frame_dict['frame_frame_len']),
                   sniff_time=frame_dict['frame_frame_time_epoch'],