class SAPMSLogon(PacketNoPadded):
"""SAP Message Server Logon packet.
Packet containing logon data.
"""
name = "SAP Message Server Logon"
fields_desc = [
ShortEnumKeysField("type", 0, ms_logon_type_values),
ShortField("port", 0),
IPField("address", "0.0.0.0"),
FieldLenField("logonname_length",
None,
length_of="logonname",
fmt="!H"), # <= 80h bytes
StrLenField("logonname",
"",
length_from=lambda pkt: pkt.logonname_length),
FieldLenField("prot_length", None, length_of="prot",
fmt="!H"), # <= 80h bytes
StrLenField("prot", "", length_from=lambda pkt: pkt.prot_length),
FieldLenField("host_length", None, length_of="host",
fmt="!H"), # <= 100h bytes
StrLenField("host", "", length_from=lambda pkt: pkt.host_length),
FieldLenField("misc_length", None, length_of="misc",
fmt="!H"), # <= 100h bytes
StrLenField("misc", "", length_from=lambda pkt: pkt.misc_length),
FieldLenField("address6_length", 16, length_of="address6",
fmt="!h"), # == 16 bytes
ConditionalField(IP6Field("address6", "::"),
lambda pkt: pkt.address6_length > 0),
ConditionalField(SignedIntField("end", -1),
lambda pkt: pkt.address6_length > 0),
]
class VTP(Packet):
name = "VTP"
fields_desc = [
ByteField("ver", 2),
ByteEnumField("code", 1, _VTP_Types),
ConditionalField(ByteField("followers", 1), lambda pkt: pkt.code == 1),
ConditionalField(ByteField("seq", 1), lambda pkt: pkt.code == 2),
ConditionalField(ByteField("reserved", 0), lambda pkt: pkt.code == 3),
ByteField("domnamelen", None),
StrFixedLenField("domname", "manbearpig", 32),
ConditionalField(SignedIntField("rev", 0),
lambda pkt: pkt.code == 1 or pkt.code == 2),
# updater identity
ConditionalField(IPField("uid", "192.168.0.1"),
lambda pkt: pkt.code == 1),
ConditionalField(VTPTimeStampField("timestamp", '930301000000'),
lambda pkt: pkt.code == 1),
ConditionalField(StrFixedLenField("md5", b"\x00" * 16, 16),
lambda pkt: pkt.code == 1),
ConditionalField(PacketListField("vlaninfo", [], VTPVlanInfo),
lambda pkt: pkt.code == 2),
ConditionalField(ShortField("startvalue", 0),
lambda pkt: pkt.code == 3)
]
def post_build(self, p, pay):
if self.domnamelen is None:
domnamelen = len(self.domname.strip(b"\x00"))
p = p[:3] + chr(domnamelen & 0xff) + p[4:]
p += pay
return p
class AVSWLANHeader(Packet):
""" iwpriv eth1 set_prismhdr 1 """
name = "AVS WLAN Monitor Header"
fields_desc = [IntField("version", 1),
IntField("len", 64),
LongField("mactime", 0),
LongField("hosttime", 0),
IntEnumField("phytype", 0, AVSWLANPhyType),
IntField("channel", 0),
IntField("datarate", 0),
IntField("antenna", 0),
IntField("priority", 0),
IntEnumField("ssi_type", 0, AVSWLANSSIType),
SignedIntField("ssi_signal", 0),
SignedIntField("ssi_noise", 0),
IntEnumField("preamble", 0, AVSWLANPreambleType),
IntEnumField("encoding", 0, AVSWLANEncodingType),
]
class SAPDiagDP(Packet):
"""SAP Diag DP Header packet
This packet is used for initialization of Diag connections. Usually
there's no need to change any value more that the terminal.
"""
name = "SAP Diag DP Header"
fields_desc = [ # DP Header
SignedIntField("request_id", -1),
ByteField("retcode", 0x0a),
ByteField("sender_id", 0),
ByteField("action_type", 0),
IntField("req_info", 0),
SignedIntField("tid", -1),
SignedShortField("uid", -1),
ByteField("mode", 0xff),
SignedIntField("wp_id", -1),
SignedIntField("wp_ca_blk", -1),
SignedIntField("appc_ca_blk", -1),
LenField(
"length", None, fmt="<I"
), # The length in the DP Header is the length of the Diag Header (8 bytes)
# plus the Diag Message (54 bytes for user_connect+support_data). As the
# DP Header is the layer after NI during initialization, a LenField works
# fine.
ByteField("new_stat", 0),
SignedIntField("unused1", -1),
SignedShortField("rq_id", -1),
StrFixedLenField("unused2", "\x20" * 40, 40),
StrFixedLenField("terminal", "\x00" * 15, 15),
StrFixedLenField("unused3", "\x00" * 10, 10),
StrFixedLenField("unused4", "\x20" * 20, 20),
IntField("unused5", 0),
IntField("unused6", 0),
SignedIntField("unused7", -1),
IntField("unused8", 0),
ByteField("unused9", 0x01),
StrFixedLenField("unused10", "\x00" * 57, 57)
]
class PFLog(Packet):
name = "PFLog"
# from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h
fields_desc = [
ByteField("hdrlen", 0),
ByteEnumField("addrfamily", 2, {
socket.AF_INET: "IPv4",
socket.AF_INET6: "IPv6"
}),
ByteEnumField(
"action", 1, {
0: "pass",
1: "drop",
2: "scrub",
3: "no-scrub",
4: "nat",
5: "no-nat",
6: "binat",
7: "no-binat",
8: "rdr",
9: "no-rdr",
10: "syn-proxy-drop"
}),
ByteEnumField(
"reason", 0, {
0: "match",
1: "bad-offset",
2: "fragment",
3: "short",
4: "normalize",
5: "memory",
6: "bad-timestamp",
7: "congestion",
8: "ip-options",
9: "proto-cksum",
10: "state-mismatch",
11: "state-insert",
12: "state-limit",
13: "src-limit",
14: "syn-proxy"
}),
StrFixedLenField("iface", "", 16),
StrFixedLenField("ruleset", "", 16),
SignedIntField("rulenumber", 0),
SignedIntField("subrulenumber", 0),
SignedIntField("uid", 0),
IntField("pid", 0),
SignedIntField("ruleuid", 0),
IntField("rulepid", 0),
ByteEnumField("direction", 255, {
0: "inout",
1: "in",
2: "out",
255: "unknown"
}),
StrFixedLenField("pad", b"\x00\x00\x00", 3)
]
def mysummary(self):
return self.sprintf(
"%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%"
) # noqa: E501
class PFLog(Packet):
"""
Class for handling PFLog headers
"""
name = "PFLog"
# from OpenBSD src/sys/net/pfvar.h
# and src/sys/net/if_pflog.h (struct pfloghdr)
fields_desc = [
ByteField("hdrlen", PFLOG_HDRLEN),
ByteEnumField("addrfamily", 2, {
OPENBSD_AF_INET: "IPv4",
OPENBSD_AF_INET6: "IPv6"
}),
ByteEnumField(
"action", 1, {
0: "pass",
1: "drop",
2: "scrub",
3: "no-scrub",
4: "nat",
5: "no-nat",
6: "binat",
7: "no-binat",
8: "rdr",
9: "no-rdr",
10: "syn-proxy-drop"
}),
ByteEnumField(
"reason", 0, {
0: "match",
1: "bad-offset",
2: "fragment",
3: "short",
4: "normalize",
5: "memory",
6: "bad-timestamp",
7: "congestion",
8: "ip-options",
9: "proto-cksum",
10: "state-mismatch",
11: "state-insert",
12: "state-limit",
13: "src-limit",
14: "syn-proxy"
}),
StrFixedLenField("iface", "", 16),
StrFixedLenField("ruleset", "", 16),
SignedIntField("rulenumber", 0),
SignedIntField("subrulenumber", 0),
SignedIntField("uid", 0),
IntField("pid", 0),
SignedIntField("ruleuid", 0),
IntField("rulepid", 0),
ByteEnumField("direction", 255, {
0: "inout",
1: "in",
2: "out",
255: "unknown"
}),
YesNoByteField("rewritten", 0),
ByteEnumField("naddrfamily", 2, {
OPENBSD_AF_INET: "IPv4",
OPENBSD_AF_INET6: "IPv6"
}),
StrFixedLenField("pad", b"\x00", 1),
MultipleTypeField(
[
(PadField(IPField("saddr", "127.0.0.1"), 16, padwith=b"\x00"),
lambda pkt: pkt.addrfamily == OPENBSD_AF_INET),
(IP6Field("saddr", "::1"),
lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6),
],
PadField(IPField("saddr", "127.0.0.1"), 16, padwith=b"\x00"),
),
MultipleTypeField(
[
(PadField(IPField("daddr", "127.0.0.1"), 16, padwith=b"\x00"),
lambda pkt: pkt.addrfamily == OPENBSD_AF_INET),
(IP6Field("daddr", "::1"),
lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6),
],
PadField(IPField("daddr", "127.0.0.1"), 16, padwith=b"\x00"),
),
ShortField("sport", 0),
ShortField("dport", 0),
]
def mysummary(self):
return self.sprintf(
"%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%"
) # noqa: E501
def form_ipp_packet(self, op_type, version=1.0, **kwargs):
"""
Method to form ipp packets
"""
logger = get_logger("IPP Packet Forming")
logger.info("Initiating IPP Packet Crafting")
ver = str(version).split(".")
ver = "".join(ver)
ver = SignedShortField("Version", int(ver))
self.ipp_field.append(ver)
data = ""
operation_type = op_type
if operation_type in self.ipp_operations.keys():
self.ipp_field.append(
SignedShortField("Operation-ID",
self.ipp_operations[operation_type]))
self.ipp_field.append(
SignedIntField("Request-ID",
self.ipp_operations[operation_type]))
else:
logger.critical(f"Invalid operation tag : {operation_type}")
print('Supported Operations')
for op_rst in list(self.ipp_operations.keys()):
print(f"* {op_rst}")
sys.exit()
delete_key = list()
for delimiter_key, delimiter_value in kwargs.items():
if type(delimiter_value) != dict:
data = delimiter_value
delete_key.append(delimiter_key)
if len(delete_key) > 0:
for del_key in delete_key:
del kwargs[del_key]
for delimiter_key, delimiter_value in kwargs.items():
if type(delimiter_value) == dict:
if delimiter_key in self.ipp_attr_group_tags.keys():
self.ipp_field.append(
XByteField(delimiter_key,
self.ipp_attr_group_tags[delimiter_key]))
count = 0
for attr_key, attr_val in delimiter_value.items():
if attr_key in self.ipp_attrs.keys():
self.ipp_field.append(
XByteField(f"key_{attr_key}_{count}",
self.ipp_attrs[attr_key][1]))
self.ipp_field.append(
ShortField(f"Attribute_Name_Length_{count}",
len(attr_key)))
self.ipp_field.append(
StrField(
f"Attribute_Name_Value_{attr_key}_{count}",
bytes(attr_key, encoding='utf8')))
self.ipp_field.append(
ShortField(f"Attribute_Value_Length_{count}",
len(attr_val)))
self.ipp_field.append(
StrField(
f"Attribute_Value_Value_{attr_val}_{count}",
bytes(attr_val, encoding='utf8')))
count += 1
else:
logger.critical(
f"Invalid Attribute tag : {attr_key}")
sys.exit()
else:
logger.critical(f"Invalid Delimiter tag : {delimiter_key}")
print("Supported Tags")
for del_tag in list(self.ipp_attr_group_tags.keys()):
print(f"* {del_tag}")
sys.exit()
else:
logger.critical(f"Invalid tag : {delimiter_key}")
sys.exit()
self.ipp_field.append(
XByteField("end-of-attributes-tag",
self.ipp_attr_group_tags["end-of-attributes-tag"]))
if data != "":
self.ipp_field.append(StrField("Data", data))
logger.info("IPP Packet forming completed")
