def unpack(self, buf):
dpkt.Packet.unpack(self, buf)
if self.type > 1500:
# Ethernet II
self._unpack_data(self.data)
elif (self.dst.startswith('\x01\x00\x0c\x00\x00')
or self.dst.startswith('\x03\x00\x0c\x00\x00')):
# Cisco ISL
tag = VLANtagISL(buf)
buf = buf[tag.__hdr_len__:]
self.vlan_tags = [tag]
self.vlan = tag.id # backward compatibility
self.unpack(buf)
elif self.data.startswith('\xff\xff'):
# Novell "raw" 802.3
self.type = ETH_TYPE_IPX
self.data = self.ipx = self._typesw[ETH_TYPE_IPX](self.data[2:])
else:
# IEEE 802.3 Ethernet - LLC
# try to unpack FCS here; we follow the same heuristic approach as Wireshark:
# if the upper layer len(self.data) can be fully decoded and returns its size,
# and there's a difference with size in the Eth header, then assume the last
# 4 bytes is the FCS and remaining bytes are a trailer.
eth_len = self.type
if len(self.data) > eth_len:
tail_len = len(self.data) - eth_len
if tail_len >= 4:
self.fcs = struct.unpack('>I', self.data[-4:])[0]
self.trailer = self.data[eth_len:-4]
self.data = self.llc = llc.LLC(self.data[:eth_len])
def test_80211_data():
s = '\x08\x09\x20\x00\x00\x26\xcb\x17\x3d\x91\x00\x16\x44\xb0\xae\xc6\x00\x02\xb3\xd6\x26\x3c\x80\x7e\xaa\xaa\x03\x00\x00\x00\x08\x00\x45\x00\x00\x28\x07\x27\x40\x00\x80\x06\x1d\x39\x8d\xd4\x37\x3d\x3f\xf5\xd1\x69\xc0\x5f\x01\xbb\xb2\xd6\xef\x23\x38\x2b\x4f\x08\x50\x10\x42\x04\xac\x17\x00\x00'
ieee = IEEE80211(s, fcs=True)
assert ieee.type == DATA_TYPE
assert ieee.subtype == D_DATA
assert ieee.data_frame.dst == '\x00\x02\xb3\xd6\x26\x3c'
assert ieee.data_frame.src == '\x00\x16\x44\xb0\xae\xc6'
assert ieee.data_frame.frag_seq == 0x807e
assert ieee.data == '\xaa\xaa\x03\x00\x00\x00\x08\x00\x45\x00\x00\x28\x07\x27\x40\x00\x80\x06\x1d\x39\x8d\xd4\x37\x3d\x3f\xf5\xd1\x69\xc0\x5f\x01\xbb\xb2\xd6\xef\x23\x38\x2b\x4f\x08\x50\x10\x42\x04'
assert ieee.fcs == struct.unpack('I', '\xac\x17\x00\x00')[0]
import llc, ip
llc_pkt = llc.LLC(ieee.data_frame.data)
ip_pkt = ip.IP(llc_pkt.data)
assert ip_pkt.dst == '\x3f\xf5\xd1\x69'