PcapNg - Apple Process Information Block

[guedou]

This PR adds support for process information stored in a PcapNg by the tcpdump command on macOS.

How to test it?

sudo tcpdump -kA -r test.pcapng

>>> l = rdpcap("test.pcapng")
>>> l[0].process_information
{'proc': {'id': 2116, 'name': 'com.apple.WebKit'}, 'eproc': {'id': 2107, 'name': 'Safari'}}

[guedou]

I welcome comments, yet this needs to be tested against several big pcap files before being merged.

[codecov]

Codecov Report

Attention: Patch coverage is 73.33333% with 8 lines in your changes missing coverage. Please review.

Project coverage is 81.56%. Comparing base (de36337) to head (35cc131).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4396   +/-   ##
=======================================
  Coverage   81.56%   81.56%           
=======================================
  Files         353      353           
  Lines       84116    84145   +29     
=======================================
+ Hits        68609    68633   +24     
- Misses      15507    15512    +5     

Files	Coverage Δ
scapy/packet.py	84.44% <100.00%> (+0.01%)	⬆️
scapy/utils.py	73.10% <72.41%> (-0.03%)	⬇️

... and 4 files with indirect coverage changes

[guedou]

@evverx That's a good catch! Thanks a lot for fuzzing it. This is indeed the piece of the code that I was not able to test.

[evverx]

Hopefully the action should help to catch things like this automatically.

It seems it still crashes. As far as I understand the condition is inverted in that UUID() is called when the length isn't 16.

[guedou]

This is ready to be reviewed.