class OFPTStatsRequestQueue(_ofp_header):
name = "OFPST_STATS_REQUEST_QUEUE"
fields_desc = [ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 16, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 5, ofp_stats_types),
FlagsField("flags", 0, 16, []),
ShortEnumField("port_no", "NONE", ofp_port_no),
XShortField("pad", 0),
IntEnumField("queue_id", "ALL", ofp_queue)]
overload_fields = {TCP: {"sport": 6653}}
class ZigbearLightControlLayer(Packet):
name = "Zigbear Light Control Layer"
fields_desc = [
# Informational flags
FlagsField("flags", 0, 6, ['reserved0', 'reserved1', 'reserved2', 'reserved3', 'reserved4', 'reserved5']),
# Message type
BitEnumField("message_type", 0, 2, {
0: 'toggle',
1: 'set_brightness'
}),
ConditionalField(ByteField("brightness", 0), lambda pkt: pkt.getfieldval("message_type") == 1)
]
class LLTDAttributeCharacteristics(LLTDAttribute):
name = "LLTD Attribute - Characteristics"
fields_desc = [
# According to MS doc, "this field MUST be set to 0x02". But
# according to MS implementation, that's wrong.
# ByteField("len", 2),
FieldLenField("len", None, length_of="reserved2", fmt="B",
adjust=lambda _, x: x + 2),
FlagsField("flags", 0, 5, "PXFML"),
BitField("reserved1", 0, 11),
StrLenField("reserved2", "", length_from=lambda x: x.len - 2)
]
class SignalHeader(CAN):
fields_desc = [
FlagsField('flags', 0, 3,
['error', 'remote_transmission_request', 'extended']),
XBitField('identifier', 0, 29),
LenField('length', None, fmt='B'),
ThreeBytesField('reserved', 0)
]
def extract_padding(self, s):
# type: (bytes) -> Tuple[bytes, Optional[bytes]]
return s, None
class OFPTableStats(Packet):
def extract_padding(self, s):
return b"", s
name = "OFP_TABLE_STATS"
fields_desc = [
ByteField("table_id", 0),
X3BytesField("pad", 0),
StrFixedLenField("name", "", 32),
FlagsField("wildcards1", 0x003, 12, ["DL_VLAN_PCP", "NW_TOS"]),
BitField("nw_dst_mask", 63, 6), # 32 would be enough
BitField("nw_src_mask", 63, 6),
FlagsField("wildcards2", 0xff, 8, [
"IN_PORT", "DL_VLAN", "DL_SRC", "DL_DST", "DL_TYPE", "NW_PROTO",
"TP_SRC", "TP_DST"
]),
IntField("max_entries", 0),
IntField("active_count", 0),
LongField("lookup_count", 0),
LongField("matched_count", 0)
]
class ISIS_PrefixSegmentIdentifierSubTlv(ISIS_GenericSubTlv):
name = "ISIS Prefix SID sub TLV"
fields_desc = [ByteEnumField("type", 3, _isis_subtlv_names_2),
ByteField("len", 5),
FlagsField(
"flags", 0, 8,
["res1", "res2", "L", "V", "E", "P", "N", "R"]),
ByteField("algorithm", 0),
ConditionalField(ThreeBytesField("sid", 0),
lambda pkt: pkt.len == 5),
ConditionalField(IntField("idx", 0),
lambda pkt: pkt.len == 6)]
class OFPTStatsReplyVendor(_ofp_header):
name = "OFPST_STATS_REPLY_VENDOR"
fields_desc = [
ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 17, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 6, ofp_stats_types),
FlagsField("flags", 0, 16, []),
IntField("vendor", 0)
]
overload_fields = {TCP: {"dport": 6653}}
class OBD_PID00(OBD_Packet):
name = "PID_00_PIDsSupported"
fields_desc = [
FlagsField('supported_pids', b'', 32, [
'PID20', 'PID1F', 'PID1E', 'PID1D', 'PID1C', 'PID1B', 'PID1A',
'PID19', 'PID18', 'PID17', 'PID16', 'PID15', 'PID14', 'PID13',
'PID12', 'PID11', 'PID10', 'PID0F', 'PID0E', 'PID0D', 'PID0C',
'PID0B', 'PID0A', 'PID09', 'PID08', 'PID07', 'PID06', 'PID05',
'PID04', 'PID03', 'PID02', 'PID01'
])
]
class OFPTFeaturesReply(_ofp_header):
name = "OFPT_FEATURES_REPLY"
fields_desc = [
ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 6, ofp_type),
ShortField("len", None),
IntField("xid", 0),
LongField("datapath_id", 0),
IntField("n_buffers", 0),
ByteField("n_tables", 1),
X3BytesField("pad", 0),
FlagsField("capabilities", 0, 32, [
"FLOW_STATS", "TABLE_STATS", "PORT_STATS", "STP", "RESERVED",
"IP_REASM", "QUEUE_STATS", "ARP_MATCH_IP"
]),
FlagsField("actions", 0, 32, ofp_action_types_flags),
PacketListField("ports", [],
OFPPhyPort,
length_from=lambda pkt: pkt.len - 32)
]
overload_fields = {TCP: {"dport": 6653}}
class OFPTStatsRequestPort(_ofp_header):
name = "OFPST_STATS_REQUEST_PORT"
fields_desc = [
ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 16, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 4, ofp_stats_types),
FlagsField("flags", 0, 16, []),
ShortEnumField("port_no", "NONE", ofp_port_no),
XBitField("pad", 0, 48)
]
class CCP(CAN):
name = 'CAN Calibration Protocol'
fields_desc = [
FlagsField('flags', 0, 3,
['error', 'remote_transmission_request', 'extended']),
XBitField('identifier', 0, 29),
ByteField('length', 8),
ThreeBytesField('reserved', 0),
]
def extract_padding(self, p):
return p, None
class ZigbeeSecurityHeader(Packet):
name = "Zigbee Security Header"
fields_desc = [
# Security control (1 octet)
FlagsField("reserved1", 0, 2, ['reserved1', 'reserved2']),
BitField(
"extended_nonce", 1, 1
), # set to 1 if the sender address field is present (source) # noqa: E501
# Key identifier
BitEnumField(
"key_type", 1, 2, {
0: 'data_key',
1: 'network_key',
2: 'key_transport_key',
3: 'key_load_key'
}),
# Security level (3 bits)
BitEnumField(
"nwk_seclevel", 0, 3, {
0: "None",
1: "MIC-32",
2: "MIC-64",
3: "MIC-128",
4: "ENC",
5: "ENC-MIC-32",
6: "ENC-MIC-64",
7: "ENC-MIC-128"
}),
# Frame counter (4 octets)
XLEIntField(
"fc", 0
), # provide frame freshness and prevent duplicate frames # noqa: E501
# Source address (0/8 octets)
ConditionalField(LEEUI64Field("source", 0),
lambda pkt: pkt.extended_nonce),
# Key sequence number (0/1 octet): only present when key identifier is 1 (network key) # noqa: E501
ConditionalField(
ByteField("key_seqnum", 0),
lambda pkt: pkt.getfieldval("key_type") == 1), # noqa: E501
# Payload
# the length of the encrypted data is the payload length minus the MIC
StrField("data", ""),
# Message Integrity Code (0/variable in size), length depends on nwk_seclevel # noqa: E501
XStrField("mic", ""),
]
def post_dissect(self, s):
# Get the mic dissected correctly
mic_length = util_mic_len(self)
if mic_length > 0: # Slice "data" into "data + mic"
_data, _mic = self.data[:-mic_length], self.data[-mic_length:]
self.data, self.mic = _data, _mic
return s
class OFPTStatsReplyAggregate(_ofp_header):
name = "OFPST_STATS_REPLY_AGGREGATE"
fields_desc = [ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 17, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 2, ofp_stats_types),
FlagsField("flags", 0, 16, []),
LongField("packet_count", 0),
LongField("byte_count", 0),
IntField("flow_count", 0),
XIntField("pad", 0)]
class OFPTStatsRequestFlow(_ofp_header):
name = "OFPST_STATS_REQUEST_FLOW"
fields_desc = [ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 16, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 1, ofp_stats_types),
FlagsField("flags", 0, 16, []),
PacketField("match", OFPMatch(), OFPMatch),
ByteEnumField("table_id", "ALL", ofp_table),
ByteField("pad", 0),
ShortEnumField("out_port", "NONE", ofp_port_no)]
class SMB2_Negociate_Protocol_Request_Header(Packet):
name = "SMB2 Negociate Protocol Request Header"
fields_desc = [
XLEShortField("StructureSize", 0),
FieldLenField(
"DialectCount", 0,
fmt="<H",
count_of="Dialects"
),
# SecurityMode
FlagsField("SecurityMode", 0, 16, {
0x7: "Signing Required",
0x8: "Signing Enabled",
}),
LEShortField("Reserved", 0),
# Capabilities
FlagsField("Capabilities", 0, 32, SMB2_CAPABILITIES),
UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE),
XLEIntField("NegociateContextOffset", 0x0),
FieldLenField(
"NegociateCount", 0x0,
fmt="<H",
count_of="NegociateContexts"
),
ShortField("Reserved2", 0),
# Padding the dialects - the whole packet (from the
# beginning) should be aligned on 8 bytes ; so the list of
# dialects should be aligned on 6 bytes (because it starts
# at PKT + 8 * N + 2
PadField(FieldListField(
"Dialects", [0x0202],
LEShortEnumField("", 0x0, SMB_DIALECTS),
count_from=lambda pkt: pkt.DialectCount
), 6),
PacketListField(
"NegociateContexts", [],
SMB2_Negociate_Context,
count_from=lambda pkt: pkt.NegociateCount
),
]
class CAN(Packet):
"""A minimal implementation of the CANopen protocol, based on
Wireshark dissectors. See https://wiki.wireshark.org/CANopen
"""
fields_desc = [
FlagsField('flags', 0, 3, ['error',
'remote_transmission_request',
'extended']),
XBitField('identifier', 0, 29),
FieldLenField('length', None, length_of='data', fmt='B'),
ThreeBytesField('reserved', 0),
StrLenField('data', '', length_from=lambda pkt: pkt.length),
]
@staticmethod
def inv_endianness(pkt):
""" Invert the order of the first four bytes of a CAN packet
This method is meant to be used specifically to convert a CAN packet
between the pcap format and the socketCAN format
:param pkt: str of the CAN packet
:return: packet str with the first four bytes swapped
"""
len_partial = len(pkt) - 4 # len of the packet, CAN ID excluded
return struct.pack('<I{}s'.format(len_partial),
*struct.unpack('>I{}s'.format(len_partial), pkt))
def pre_dissect(self, s):
""" Implements the swap-bytes functionality when dissecting """
if conf.contribs['CAN']['swap-bytes']:
return CAN.inv_endianness(s)
return s
def post_dissect(self, s):
self.raw_packet_cache = None # Reset packet to allow post_build
return s
def post_build(self, pkt, pay):
""" Implements the swap-bytes functionality when building
this is based on a copy of the Packet.self_build default method.
The goal is to affect only the CAN layer data and keep
under layers (e.g LinuxCooked) unchanged
"""
if conf.contribs['CAN']['swap-bytes']:
return CAN.inv_endianness(pkt) + pay
return pkt + pay
def extract_padding(self, p):
return b'', p
class OFPTStatsRequestAggregate(_ofp_header):
name = "OFPST_STATS_REQUEST_AGGREGATE"
fields_desc = [ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 16, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 2, ofp_stats_types),
FlagsField("flags", 0, 16, []),
PacketField("match", OFPMatch(), OFPMatch),
ByteEnumField("table_id", "ALL", ofp_table),
ByteField("pad", 0),
ShortEnumField("out_port", "NONE", ofp_port_no)]
overload_fields = {TCP: {"sport": 6653}}
class PPI_Geotag_Antenna(HCSIPacket):
name = "PPI Antenna"
hcsi_fields = [
FlagsField("AntennaFlags", None, -32, _hcsi_antenna_flags),
ByteField("Gain", None),
Fixed3_6Field("HorizBw", None),
Fixed3_6Field("VertBw", None),
Fixed3_6Field("PrecisionGain", None),
XLEShortField("BeamID", None),
] + _hcsi_null_range(6, 26) + [
HCSIDescField("SerialNumber", None),
HCSIDescField("ModelName", None),
]
class OSPFv3_Router_LSA(OSPF_BaseLSA):
name = "OSPFv3 Router LSA"
fields_desc = [ShortField("age", 1),
ShortEnumField("type", 0x2001, _OSPFv3_LStypes),
IPField("id", "0.0.0.0"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
FlagsField("flags", 0, 8, ["B", "E", "V", "W"]),
OSPFv3OptionsField(),
PacketListField("linklist", [], OSPFv3_Link,
length_from=lambda pkt:pkt.len - 24)]
class LL_SLAVE_FEATURE_REQ(Packet):
name = "LL_SLAVE_FEATURE_REQ"
fields_desc = [
FlagsField("feature_set", 0, -16,['le_encryption', # 4.0
'conn_par_req_proc','ext_reject_ind','slave_init_feat_exch',
'le_ping', # 4.1
'le_data_len_ext','ll_privacy','ext_scan_filter', # 4.2
'll_2m_phy', 'tx_mod_idx','rx_mod_idx','le_coded_phy',
'le_ext_adv','le_periodic_adv',
'ch_sel_alg','le_pwr_class']),
BitField("min_used_channels", 0, 1),
BitField("reserved", 0, 47),
]
class PPTPStartControlConnectionReply(PPTP):
name = "PPTP Start Control Connection Reply"
fields_desc = [LenField("len", 156),
ShortEnumField("type", 1, _PPTP_msg_type),
XIntField("magic_cookie", _PPTP_MAGIC_COOKIE),
ShortEnumField("ctrl_msg_type", 2, _PPTP_ctrl_msg_type),
XShortField("reserved_0", 0x0000),
ShortField("protocol_version", 0x0100),
ByteEnumField("result_code", 1,
_PPTP_start_control_connection_result),
ByteEnumField("error_code", 0, _PPTP_general_error_code),
FlagsField("framing_capabilities", 0, 32,
_PPTP_FRAMING_CAPABILITIES_FLAGS),
FlagsField("bearer_capabilities", 0, 32,
_PPTP_BEARER_CAPABILITIES_FLAGS),
ShortField("maximum_channels", 65535),
ShortField("firmware_revision", 256),
StrFixedLenField("host_name", "linux", 64),
StrFixedLenField("vendor_string", "", 64)]
def answers(self, other):
return isinstance(other, PPTPStartControlConnectionRequest)
class OFPTStatsReplyDesc(_ofp_header):
name = "OFPST_STATS_REPLY_DESC"
fields_desc = [ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 17, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 0, ofp_stats_types),
FlagsField("flags", 0, 16, []),
StrFixedLenField("mfr_desc", "", 256),
StrFixedLenField("hw_desc", "", 256),
StrFixedLenField("sw_desc", "", 256),
StrFixedLenField("serial_num", "", 32),
StrFixedLenField("dp_desc", "", 256)]
class OFPTStatsReplyPort(_ofp_header):
name = "OFPST_STATS_REPLY_TABLE"
fields_desc = [
ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 17, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 4, ofp_stats_types),
FlagsField("flags", 0, 16, []),
PacketListField("port_stats", [],
OFPPortStats,
length_from=lambda pkt: pkt.len - 12)
]
class IE_MSInternationalNumber(IE_Base):
name = "MS International Number"
fields_desc = [
ByteEnumField("ietype", 134, IEType),
ShortField("length", None),
FlagsField("flags", 0x91, 8, [
"Extension", "", "", "International Number", "", "", "",
"ISDN numbering"
]), # noqa: E501
TBCDByteField("digits",
"33607080910",
length_from=lambda x: x.length - 1)
] # noqa: E501
class DceRpc(Packet):
"""DCE/RPC packet"""
name = "DCE/RPC"
fields_desc = [
ByteField("version", 4),
ByteEnumField("type", 0, DCE_RPC_TYPE),
FlagsField("flags1", 0, 8, DCE_RPC_FLAGS1),
FlagsField("flags2", 0, 8, DCE_RPC_FLAGS2),
BitEnumField("endianness", 0, 4, ["big", "little"]),
BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]),
ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]),
ByteField("DataRepr_reserved", 0),
XByteField("serial_high", 0),
EndiannessField(UUIDField("object_uuid", None),
endianess_from=dce_rpc_endianess),
EndiannessField(UUIDField("interface_uuid", None),
endianess_from=dce_rpc_endianess),
EndiannessField(UUIDField("activity", None),
endianess_from=dce_rpc_endianess),
EndiannessField(IntField("boot_time", 0),
endianess_from=dce_rpc_endianess),
EndiannessField(IntField("interface_version", 1),
endianess_from=dce_rpc_endianess),
EndiannessField(IntField("sequence_num", 0),
endianess_from=dce_rpc_endianess),
EndiannessField(ShortField("opnum", 0),
endianess_from=dce_rpc_endianess),
EndiannessField(XShortField("interface_hint", 0xffff),
endianess_from=dce_rpc_endianess),
EndiannessField(XShortField("activity_hint", 0xffff),
endianess_from=dce_rpc_endianess),
EndiannessField(LenField("frag_len", None, fmt="H"),
endianess_from=dce_rpc_endianess),
EndiannessField(ShortField("frag_num", 0),
endianess_from=dce_rpc_endianess),
ByteEnumField("auth", 0, ["none"]), # TODO other auth ?
XByteField("serial_low", 0),
]
class OBD_PID41(OBD_Packet):
name = "PID_41_MonitorStatusThisDriveCycle"
onOff = {0: 'off', 1: 'on'}
fields_desc = [
XByteField('reserved', 0),
BitField('reserved1', 0, 1),
FlagsField('continuous_tests_ready', 0, 3,
['misfire', 'fuelSystem', 'components']),
BitField('reserved2', 0, 1),
FlagsField('continuous_tests_supported', 0, 3,
['misfire', 'fuelSystem', 'components']),
FlagsField('once_per_trip_tests_supported', 0, 8, [
'egr', 'oxygenSensorHeater', 'oxygenSensor', 'acSystemRefrigerant',
'secondaryAirSystem', 'evaporativeSystem', 'heatedCatalyst',
'catalyst'
]),
FlagsField('once_per_trip_tests_ready', 0, 8, [
'egr', 'oxygenSensorHeater', 'oxygenSensor', 'acSystemRefrigerant',
'secondaryAirSystem', 'evaporativeSystem', 'heatedCatalyst',
'catalyst'
])
]
class LinuxTunPacketInfo(TunPacketInfo):
"""
Base for TUN packets.
See linux/if_tun.h (struct tun_pi) for reference.
"""
fields_desc = [
# This is native byte order
FlagsField("flags", 0, (lambda _: 16 if BIG_ENDIAN else -16),
["TUN_VNET_HDR"] + ["reserved%d" % x
for x in range(1, 16)]),
# This is always network byte order
XShortEnumField("type", 0x9000, ETHER_TYPES),
]
class OBD_PID1D(OBD_Packet):
name = "PID_1D_OxygenSensorsPresent"
fields_desc = [
FlagsField('sensors_present', 0, 8, [
'Bank1Sensor1',
'Bank1Sensor2',
'Bank2Sensor1',
'Bank2Sensor2',
'Bank3Sensor1',
'Bank3Sensor2',
'Bank4Sensor1',
'Bank4Sensor2'
])
]
class OBD_PID13(OBD_Packet):
name = "PID_13_OxygenSensorsPresent"
fields_desc = [
FlagsField('sensors_present', b'', 8, [
'Bank1Sensor1',
'Bank1Sensor2',
'Bank1Sensor3',
'Bank1Sensor4',
'Bank2Sensor1',
'Bank2Sensor2',
'Bank2Sensor3',
'Bank2Sensor4'
])
]
class OFPTStatsReplyTable(_ofp_header):
name = "OFPST_STATS_REPLY_TABLE"
fields_desc = [
ByteEnumField("version", 0x01, ofp_version),
ByteEnumField("type", 17, ofp_type),
ShortField("len", None),
IntField("xid", 0),
ShortEnumField("stats_type", 3, ofp_stats_types),
FlagsField("flags", 0, 16, []),
PacketListField("table_stats", [],
OFPTableStats,
length_from=lambda pkt: pkt.len - 12)
]
overload_fields = {TCP: {"dport": 6653}}
