class ARP(Packet):
name = "ARP"
fields_desc = [
XShortField("hwtype", 0x0001),
XShortEnumField("ptype", 0x0800, ETHER_TYPES),
FieldLenField("hwlen", None, fmt="B", length_of="hwsrc"),
FieldLenField("plen", None, fmt="B", length_of="psrc"),
ShortEnumField("op", 1, {
"who-has": 1,
"is-at": 2,
"RARP-req": 3,
"RARP-rep": 4,
"Dyn-RARP-req": 5,
"Dyn-RAR-rep": 6,
"Dyn-RARP-err": 7,
"InARP-req": 8,
"InARP-rep": 9
}),
MultipleTypeField(
[
(SourceMACField("hwsrc"),
(lambda pkt: pkt.hwtype == 1 and pkt.hwlen == 6,
lambda pkt, val: pkt.hwtype == 1 and (
pkt.hwlen == 6 or (pkt.hwlen is None and
(val is None or len(val) == 6 or
valid_mac(val)))
))),
],
StrFixedLenField("hwsrc", None, length_from=lambda pkt: pkt.hwlen),
),
MultipleTypeField(
[
(SourceIPField("psrc", "pdst"),
(lambda pkt: pkt.ptype == 0x0800 and pkt.plen == 4,
lambda pkt, val: pkt.ptype == 0x0800 and (
pkt.plen == 4 or (pkt.plen is None and
(val is None or valid_net(val)))
))),
(SourceIP6Field("psrc", "pdst"),
(lambda pkt: pkt.ptype == 0x86dd and pkt.plen == 16,
lambda pkt, val: pkt.ptype == 0x86dd and (
pkt.plen == 16 or (pkt.plen is None and
(val is None or valid_net6(val)))
))),
],
StrFixedLenField("psrc", None, length_from=lambda pkt: pkt.plen),
),
MultipleTypeField(
[
(MACField("hwdst", ETHER_ANY),
(lambda pkt: pkt.hwtype == 1 and pkt.hwlen == 6,
lambda pkt, val: pkt.hwtype == 1 and (
pkt.hwlen == 6 or (pkt.hwlen is None and
(val is None or len(val) == 6 or
valid_mac(val)))
))),
],
StrFixedLenField("hwdst", None, length_from=lambda pkt: pkt.hwlen),
),
MultipleTypeField(
[
(IPField("pdst", "0.0.0.0"),
(lambda pkt: pkt.ptype == 0x0800 and pkt.plen == 4,
lambda pkt, val: pkt.ptype == 0x0800 and (
pkt.plen == 4 or (pkt.plen is None and
(val is None or valid_net(val)))
))),
(IP6Field("pdst", "::"),
(lambda pkt: pkt.ptype == 0x86dd and pkt.plen == 16,
lambda pkt, val: pkt.ptype == 0x86dd and (
pkt.plen == 16 or (pkt.plen is None and
(val is None or valid_net6(val)))
))),
],
StrFixedLenField("pdst", None, length_from=lambda pkt: pkt.plen),
),
]
def hashret(self):
return struct.pack(">HHH", self.hwtype, self.ptype,
((self.op + 1) // 2)) + self.payload.hashret()
def answers(self, other):
if not isinstance(other, ARP):
return False
if self.op != other.op + 1:
return False
# We use a loose comparison on psrc vs pdst to catch answers
# with ARP leaks
self_psrc = self.get_field('psrc').i2m(self, self.psrc)
other_pdst = other.get_field('pdst').i2m(other, other.pdst)
return self_psrc[:len(other_pdst)] == other_pdst[:len(self_psrc)]
def route(self):
fld, dst = self.getfield_and_val("pdst")
fld, dst = fld._find_fld_pkt_val(self, dst)
if isinstance(dst, Gen):
dst = next(iter(dst))
if isinstance(fld, IP6Field):
return conf.route6.route(dst)
elif isinstance(fld, IPField):
return conf.route.route(dst)
else:
return None, None, None
def extract_padding(self, s):
return "", s
def mysummary(self):
if self.op == 1:
return self.sprintf("ARP who has %pdst% says %psrc%")
if self.op == 2:
return self.sprintf("ARP is at %hwsrc% says %psrc%")
return self.sprintf("ARP %op% %psrc% > %pdst%")
class ARP(Packet):
name = "ARP"
fields_desc = [
XShortField("hwtype", 0x0001),
XShortEnumField("ptype", 0x0800, ETHER_TYPES),
FieldLenField("hwlen", None, fmt="B", length_of="hwsrc"),
FieldLenField("plen", None, fmt="B", length_of="psrc"),
ShortEnumField("op", 1, {
"who-has": 1,
"is-at": 2,
"RARP-req": 3,
"RARP-rep": 4,
"Dyn-RARP-req": 5,
"Dyn-RAR-rep": 6,
"Dyn-RARP-err": 7,
"InARP-req": 8,
"InARP-rep": 9
}),
MultipleTypeField(
[
(ARPSourceMACField("hwsrc"),
(lambda pkt: pkt.hwtype == 1 and pkt.hwlen == 6,
lambda pkt, val: pkt.hwtype == 1 and (
pkt.hwlen == 6 or (pkt.hwlen is None and
(val is None or len(val) == 6 or
valid_mac(val)))
))),
],
StrFixedLenField("hwsrc", None, length_from=lambda pkt: pkt.hwlen),
),
MultipleTypeField(
[
(SourceIPField("psrc", "pdst"),
(lambda pkt: pkt.ptype == 0x0800 and pkt.plen == 4,
lambda pkt, val: pkt.ptype == 0x0800 and (
pkt.plen == 4 or (pkt.plen is None and
(val is None or valid_net(val)))
))),
(SourceIP6Field("psrc", "pdst"),
(lambda pkt: pkt.ptype == 0x86dd and pkt.plen == 16,
lambda pkt, val: pkt.ptype == 0x86dd and (
pkt.plen == 16 or (pkt.plen is None and
(val is None or valid_net6(val)))
))),
],
StrFixedLenField("psrc", None, length_from=lambda pkt: pkt.plen),
),
MultipleTypeField(
[
(MACField("hwdst", ETHER_ANY),
(lambda pkt: pkt.hwtype == 1 and pkt.hwlen == 6,
lambda pkt, val: pkt.hwtype == 1 and (
pkt.hwlen == 6 or (pkt.hwlen is None and
(val is None or len(val) == 6 or
valid_mac(val)))
))),
],
StrFixedLenField("hwdst", None, length_from=lambda pkt: pkt.hwlen),
),
MultipleTypeField(
[
(IPField("pdst", "0.0.0.0"),
(lambda pkt: pkt.ptype == 0x0800 and pkt.plen == 4,
lambda pkt, val: pkt.ptype == 0x0800 and (
pkt.plen == 4 or (pkt.plen is None and
(val is None or valid_net(val)))
))),
(IP6Field("pdst", "::"),
(lambda pkt: pkt.ptype == 0x86dd and pkt.plen == 16,
lambda pkt, val: pkt.ptype == 0x86dd and (
pkt.plen == 16 or (pkt.plen is None and
(val is None or valid_net6(val)))
))),
],
StrFixedLenField("pdst", None, length_from=lambda pkt: pkt.plen),
),
]
who_has = 1
is_at = 2
def answers(self, other):
if isinstance(other, ARP):
if ((self.op == self.is_at) and
(other.op == self.who_has) and
(self.psrc == other.pdst)):
return 1
return 0
def route(self):
dst = self.pdst
if isinstance(dst, Gen):
dst = next(iter(dst))
return conf.route.route(dst)
def extract_padding(self, s):
return "", s
def mysummary(self):
if self.op == self.is_at:
return self.sprintf("ARP is at %hwsrc% says %psrc%")
elif self.op == self.who_has:
return self.sprintf("ARP who has %pdst% says %psrc%")
else:
return self.sprintf("ARP %op% %psrc% > %pdst%")
