def guess_payload_class(self, payload):
try:
dlpdu_type = payload[0]
return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type]
except KeyError:
log_runtime.error('{}.guess_payload_class() - unknown or invalid '
'DLPDU type'.format(self.__class__.__name__))
return Packet.guess_payload_class(self, payload)
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
try:
dlpdu_type = payload[0]
return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type]
except KeyError:
log_runtime.error(
'{}.guess_payload_class() - unknown or invalid '
'DLPDU type'.format(self.__class__.__name__))
return Packet.guess_payload_class(self, payload)
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if len(payload) < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
# Look at fields of the generic ICMPExtensionObject to determine which
# bound extension type to use.
ieo = ICMPExtensionObject(payload)
if ieo.len < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
for fval, cls in self.payload_guess:
if all(hasattr(ieo, k) and v == ieo.getfieldval(k)
for k, v in six.iteritems(fval)):
return cls
return ICMPExtensionObject
def guess_payload_class(self, payload):
if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501
return Dot11QoS
elif self.FCfield & 0x40:
return Dot11WEP
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501
return Dot11QoS
elif self.FCfield & 0x40:
return Dot11WEP
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.type == 2054 and len(payload) > 4:
if payload[2:4] == "\x99\x99":
return YOARP
elif payload[2:4] == "\x08\x00":
return ARP
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.frame_control & 0x02: # we have a security header
return ZigbeeSecurityHeader
elif self.aps_frametype == 0: # data
return ZigbeeClusterLibrary # TODO might also be another frame
elif self.aps_frametype == 1: # command
return ZigbeeAppCommandPayload
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.flags & 0x02:
return ZigbeeSecurityHeader
elif self.frametype == 0:
return ZigbeeAppDataPayload
elif self.frametype == 1:
return ZigbeeNWKCommandPayload
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.frame_control & 0x02: # we have a security header
return ZigbeeSecurityHeader
elif self.aps_frametype == 0: # data
return ZigbeeClusterLibrary # TODO might also be another frame
elif self.aps_frametype == 1: # command
return ZigbeeAppCommandPayload
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.flags & 0x02:
return ZigbeeSecurityHeader
elif self.frametype == 0:
return ZigbeeAppDataPayload
elif self.frametype == 1:
return ZigbeeNWKCommandPayload
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501
return Dot11QoS
elif self.FCfield.protected:
# When a frame is handled by encryption, the Protected Frame bit
# (previously called WEP bit) is set to 1, and the Frame Body
# begins with the appropriate cryptographic header.
return Dot11Encrypted
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
start_line = payload.splitlines(True)[0]
if self.re_request_line.match(start_line) is not None:
return SIPRequest
elif self.re_status_line.match(start_line) is not None:
return SIPResponse
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if len(payload) < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
# Look at fields of the generic ICMPExtensionObject to determine which
# bound extension type to use.
ieo = ICMPExtensionObject(payload)
if ieo.len < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
for fval, cls in self.payload_guess:
ok = 1
for k, v in fval.iteritems():
if not hasattr(ieo, k) or v != ieo.getfieldval(k):
ok = 0
break
if ok:
return cls
return ICMPExtensionObject
def guess_payload_class(self, payload):
if len(payload) < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
# Look at fields of the generic ICMPExtensionObject to determine which
# bound extension type to use.
ieo = ICMPExtensionObject(payload)
if ieo.len < self._min_ieo_len:
return Packet.guess_payload_class(self, payload)
for fval, cls in self.payload_guess:
ok = 1
for k, v in fval.iteritems():
if not hasattr(ieo, k) or v != ieo.getfieldval(k):
ok = 0
break
if ok:
return cls
return ICMPExtensionObject
def guess_payload_class(self, payload):
if self.fcf_frametype == 0x00:
return Dot15d4Beacon
elif self.fcf_frametype == 0x01:
return Dot15d4Data
elif self.fcf_frametype == 0x02:
return Dot15d4Ack
elif self.fcf_frametype == 0x03:
return Dot15d4Cmd
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.fcf_frametype == 0x00:
return Dot15d4Beacon
elif self.fcf_frametype == 0x01:
return Dot15d4Data
elif self.fcf_frametype == 0x02:
return Dot15d4Ack
elif self.fcf_frametype == 0x03:
return Dot15d4Cmd
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.frame_control & 0x02: # we have a security header
return ZigbeeSecurityHeader
elif self.aps_frametype == 0: # data
if self.profile == 0x0000:
return ZigbeeDeviceProfile
else:
return ZigbeeClusterLibrary
elif self.aps_frametype == 1: # command
return ZigbeeAppCommandPayload
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.cmd_id == 1:
return Dot15d4CmdAssocReq
elif self.cmd_id == 2:
return Dot15d4CmdAssocResp
elif self.cmd_id == 3:
return Dot15d4CmdDisassociation
elif self.cmd_id == 8:
return Dot15d4CmdCoordRealign
elif self.cmd_id == 9:
return Dot15d4CmdGTSReq
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# Profile-wide commands
if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
# done in bind_layers
pass
# Cluster-specific commands
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetCurrentPrice
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetScheduledPrices
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPricePublishPrice
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.cmd_id == 1:
return Dot15d4CmdAssocReq
elif self.cmd_id == 2:
return Dot15d4CmdAssocResp
elif self.cmd_id == 3:
return Dot15d4CmdDisassociation
elif self.cmd_id == 8:
return Dot15d4CmdCoordRealign
elif self.cmd_id == 9:
return Dot15d4CmdGTSReq
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# General Cluster ID Range 0x0000 - 0x00FF
if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF:
return ZCLGeneralReadAttributes
elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF:
return ZCLGeneralReadAttributesResponse
elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price":
return ZCLPriceGetCurrentPrice
elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price":
return ZCLPriceGetScheduledPrices
elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price":
return ZCLPricePublishPrice
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# General Cluster ID Range 0x0000 - 0x00FF
if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF:
return ZCLGeneralReadAttributes
elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF:
return ZCLGeneralReadAttributesResponse
elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price":
return ZCLPriceGetCurrentPrice
elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price":
return ZCLPriceGetScheduledPrices
elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price":
return ZCLPricePublishPrice
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# Profile-wide commands
if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
return ZCLGeneralReadAttributes
elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01:
return ZCLGeneralReadAttributesResponse
# Cluster-specific commands
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetCurrentPrice
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetScheduledPrices
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPricePublishPrice
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# Profile-wide commands
if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
return ZCLGeneralReadAttributes
elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01:
return ZCLGeneralReadAttributesResponse
# Cluster-specific commands
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetCurrentPrice
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPriceGetScheduledPrices
elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501
return ZCLPricePublishPrice
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self,pay):
"""
この関数ではこのクラスのペイロード部のプロトコルを判定し、
そのプロトコルを解析しうるクラスオブジェクトを返します。
この関数の中で複雑なペイロード識別を行うことができます。
Note:
TCPの宛先ポート番号80番はHTTPクラス、というように
このPacketのペイロードのプロトコルがこのPacketのfields_descの値によって
即座に決定する場合、bind_layersに頼るべきです。
(オーバーライドしない場合の標準仕様です。)
@param pay str extract_paddingで渡されたペイロード。
@return pktClass class 推測判定したペイロードプロトコルクラス。Packetクラスを継承していること。
"""
return Packet.guess_payload_class(self,pay) #bind_layers関数による紐付けに頼ります。
def guess_payload_class(self, payload):
""" Decides if the payload is an HTTP Request or Response, or
something else """
try:
prog = re.compile(r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"(?:.+?) " r"HTTP/\d\.\d$")
req = payload[: payload.index("\r\n")]
result = prog.match(req)
if result:
return HTTPRequest
else:
prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$")
result = prog.match(req)
if result:
return HTTPResponse
except:
pass
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
''' Decides if the payload is an HTTP Request or Response, or
something else '''
try:
prog = re.compile(
r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
r"/.+? "
r"HTTP/\d\.\d.*")
result = prog.match(payload)
if result:
return HTTPRequest
else:
prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*")
result = prog.match(payload)
if result:
return HTTPResponse
except:
pass
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.underlayer is not None and \
isinstance(self.underlayer, UDP) and \
self.underlayer.dport == 250 and \
self.flags == 8:
try:
first_byte = ord(payload[0])
except IndexError:
return IP
version = divmod(first_byte, 0x10)[0]
if version == 4:
return IP
elif version == 6:
return IPv6
else:
return IP
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
''' Decides if the payload is an HTTP Request or Response, or
something else '''
try:
prog = re.compile(
r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
r"(?:.+?) "
r"HTTP/\d\.\d$")
crlfIndex = payload.index("\r\n".encode())
req = payload[:crlfIndex].decode("utf-8")
result = prog.match(req)
if result:
return HTTPRequest
else:
prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$")
result = prog.match(req)
if result:
return HTTPResponse
except:
pass
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# TODO: See how it's done in wireshark:
# https://github.com/wireshark/wireshark/blob/93c60b3b7c801dddd11d8c7f2a0ea4b7d02d700a/epan/dissectors/packet-ieee802154.c#L2061 # noqa: E501
# it's too magic to me
from scapy.layers.sixlowpan import SixLoWPAN
from scapy.layers.zigbee import ZigbeeNWK, ZigbeeNWKStub
if conf.dot15d4_protocol == "sixlowpan":
return SixLoWPAN
elif conf.dot15d4_protocol == "zigbee":
if payload[0] & 0x01 and payload[0] & 0x02: # Inter-PAN Frametype
return ZigbeeNWKStub
else:
return Packet.guess_payload_class(self, payload)
else:
if conf.dot15d4_protocol is None:
_msg = "Please set conf.dot15d4_protocol to select a " + \
"802.15.4 protocol. Values must be in the list: "
else:
_msg = "Unknown conf.dot15d4_protocol value: must be in "
warning(_msg + "['sixlowpan', 'zigbee']" +
" Defaulting to SixLoWPAN")
return SixLoWPAN
def guess_payload_class(self, payload):
if self.flags > 31:
return TLSv1RecordLayer
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# check presence of LLS data block flag
if self.options & 0x10 == 0x10:
return OSPF_LLS_Hdr
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.underlayer.len > 28:
return HSRPmd5
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.objCount > 0:
return ModbusObjectId
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if isinstance(self.underlayer, Dot11):
if self.underlayer.FCfield & 0x40:
return Dot11WEP
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.flags >> 2 in [1, 3, 7]: # if start bit is set
return Packet.guess_payload_class(self, payload)
else:
return TLSv1RecordLayer
def guess_payload_class(self, payload):
if self.dataLength > 0:
return ModbusWriteFileSubResponse
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.frametype == 0b11:
return ZigbeeAppDataPayloadStub
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.options[:len(dhcpmagic)] == dhcpmagic:
return DHCP
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if isinstance(self.underlayer, Dot11):
if self.underlayer.FCfield.protected:
return Dot11Encrypted
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.flags > 31:
return TLSv1RecordLayer
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.frametype == 0b11:
return ZigbeeAppDataPayloadStub
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if payload[:1] != b"\xff":
return _CoAPOpt
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.objCount > 0:
return ModbusObjectId
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
return conf.l2types.get(self.dlt, Packet.guess_payload_class(self, payload)) # noqa: E501
def guess_payload_class(self, payload):
if self.byteCount > 0:
return ModbusReadFileSubRequest
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.byteCount > 0:
return ModbusReadFileSubRequest
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.dataLength > 0:
return ModbusWriteFileSubResponse
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
# check presence of LLS data block flag
if self.options & 0x10 == 0x10:
return OSPF_LLS_Hdr
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if isinstance(self.underlayer, Dot11):
if self.underlayer.FCfield & 0x40:
return Dot11WEP
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.options[:len(dhcpmagic)] == dhcpmagic:
return DHCP
else:
return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload):
if self.flags >> 2 in [1, 3, 7]: # if start bit is set
return Packet.guess_payload_class(self, payload)
else:
return TLSv1RecordLayer
