class CoLoR_Data(Packet):
name = 'CoLoR_Data'
fields_desc = [
BitField("Version", 7, 4, tot_size=1),
BitField("Package", 3, 4, end_tot_size=1),
ByteField("TTL", 64),
LEShortField("pkg_length", None),
XShortField("checksum", None),
ByteField("header_length", None),
ByteField("PID_pt", None),
FieldLenField("PID_num",
None,
fmt="B",
count_of="PIDs",
adjust=lambda pkt, x: x - (pkt.Flags.R == True)),
FlagsField("Flags", 0, 8, "rSCQMRBF"),
ConditionalField(ShortField("Minimal_PID_CP", None),
lambda pkt: pkt.Flags.M),
StrFixedLenField("N_sid", "", 16),
StrFixedLenField("L_sid", "", 20),
StrFixedLenField("nid_cus", "", 16),
ConditionalField(
StrFixedLenField("nid_pro", "", 16),
lambda pkt: pkt.Flags.B == False and pkt.Flags.R == True),
ConditionalField(
FieldLenField("QoS_len",
None,
fmt="B",
length_of="QoS_requirements"),
lambda pkt: pkt.Flags.Q == True),
ConditionalField(
StrLenField("QoS_requirements",
"",
length_from=lambda pkt: pkt.QoS_len),
lambda pkt: pkt.Flags.Q == True),
ConditionalField(IntField("HMAC", None),
lambda pkt: pkt.Flags.C == True),
ConditionalField(IntField("Seg_ID", None),
lambda pkt: pkt.Flags.S == True),
FieldListField("PIDs", [""],
StrFixedLenField("", "", 4),
count_from=lambda pkt: pkt.PID_num +
(pkt.Flags.R == True))
]
def post_build(self, pkt, pay):
if self.header_length is None:
self.header_length = len(pkt)
pkt = pkt[:6] + int2Bytes(self.header_length, 1) + pkt[7:]
if self.pkg_length is None:
self.pkg_length = len(pkt) + len(pay)
pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:]
if self.checksum is None:
self.checksum = CalcChecksum(pkt)
pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:]
# print(self.pkg_length, self.header_length, self.checksum)
return pkt + pay
class CoLoR_Ann(Packet):
name = "CoLoR_Ann"
fields_desc = [
BitField("Version", 7, 4, tot_size=1),
BitField("Package", 1, 4, end_tot_size=1),
ByteField("TTL", 64),
LEShortField("pkg_length", None),
XShortField("checksum", None),
FlagsField("Flags", 0, 8, "rrrrrPKF"),
BitField("unit_num", None, 4, tot_size=1),
BitField("PX_num", None, 4, end_tot_size=1),
PacketListField("Announce_unit_list",
None,
Ann_unit,
count_from=lambda pkt: pkt.unit_num),
ConditionalField(
FieldLenField("Public_key_len",
None,
fmt="H",
length_of="Public_key"),
lambda pkt: pkt.Flags.K == True),
ConditionalField(
StrLenField("Public_key",
"",
length_from=lambda pkt: pkt.Public_key_len),
lambda pkt: pkt.Flags.K == True),
ConditionalField(
FieldLenField("AS_PATH_len", None, fmt="B", count_of="AID_list"),
lambda pkt: pkt.Flags.P == True),
ConditionalField(
FieldListField("AID_list",
None,
StrFixedLenField("", "", 1),
count_from=lambda pkt: pkt.AS_PATH_len),
lambda pkt: pkt.Flags.P == True),
FieldListField("PX_list",
None,
StrFixedLenField("", "", 2),
count_from=lambda pkt: pkt.PX_num)
]
def post_build(self, pkt, pay):
if self.pkg_length is None:
self.pkg_length = len(pkt)
pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:]
if self.checksum is None:
self.checksum = CalcChecksum(pkt)
pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:]
if self.unit_num is None and self.PX_num is None:
self.unit_num = len(self.Announce_unit_list)
self.PX_num = len(self.PX_list)
pkt = pkt[:7] + int2Bytes(self.unit_num << 4 | self.PX_num,
1) + pkt[8:]
return pkt + pay
class CoLoR_Get(Packet):
name = "CoLoR_Get"
fields_desc = [
BitField("Version", 7, 4, tot_size=1),
BitField("Package", 2, 4, end_tot_size=1),
ByteField("TTL", 64),
LEShortField("pkg_length", None),
XShortField("checksum", None),
ShortField("MTU", None),
FieldLenField("PID_num", None, fmt="B", count_of="PIDs"),
FlagsField("Flags", 8, 8, "rrrASQKF"),
ShortField("Minimal_PID_CP", None),
StrFixedLenField("N_sid", "", 16),
StrFixedLenField("L_sid", "", 20),
StrFixedLenField("nid", "", 16),
ConditionalField(
FieldLenField("Public_key_len",
None,
fmt="H",
length_of="Public_key"),
lambda pkt: pkt.Flags.K == True),
ConditionalField(
StrLenField("Public_key",
"",
length_from=lambda pkt: pkt.Public_key_len),
lambda pkt: pkt.Flags.K == True),
ConditionalField(
FieldLenField("QoS_len",
None,
fmt="B",
length_of="QoS_requirements"),
lambda pkt: pkt.Flags.Q == True),
ConditionalField(
StrLenField("QoS_requirements",
"",
length_from=lambda pkt: pkt.QoS_len),
lambda pkt: pkt.Flags.Q == True),
ConditionalField(IntField("Seg_ID", None),
lambda pkt: pkt.Flags.S == True),
FieldListField("PIDs",
None,
StrFixedLenField("", "", 4),
count_from=lambda pkt: pkt.PID_num)
]
def post_build(self, pkt, pay):
if self.pkg_length is None:
self.pkg_length = len(pkt)
pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:]
if self.checksum is None:
self.checksum = CalcChecksum(pkt)
pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:]
return pkt + pay
class VersionInfo(Tag):
name = 'Tag - VersionInfo'
fields_desc = [
LenField('len', None),
XByteField('tag', 0x0a),
ByteField('type', None),
XShortField('unknown', None),
ByteField('id', None),
FieldLenField('name_len', None, fmt='B', length_of='name'),
StrLenField('name', None, length_from=lambda pkt: pkt.name_len),
FieldLenField('ver_len', None, fmt='B', length_of='version'),
StrLenField('version', None, length_from=lambda pkt: pkt.ver_len)
]
class VersionInfo(Tag):
name = 'Tag - VersionInfo'
fields_desc = [
LenField("len", None),
XByteField("tag", 0x0a),
ByteField("type", None),
XShortField("unknown", None),
ByteField("id", None),
FieldLenField("name_len", None, fmt='B', length_of='name'),
StrLenField("name", None, length_from=lambda pkt:pkt.name_len),
FieldLenField("ver_len", None, fmt='B', length_of='version'),
StrLenField("version", None, length_from=lambda pkt:pkt.ver_len)
]
class Ann_unit(Packet):
name = "CoLoR_Ann_unit"
fields_desc = [
BitField("N", 1, 1, tot_size=1),
BitField("L", 1, 1),
BitField("I", 1, 1),
BitField("AM", 1, 2), # 1注册,2更新,3取消
BitField("r", 0, 3, end_tot_size=1),
ByteField("Unit_length", None),
FieldLenField("Strategy_N",
None,
fmt="B",
count_of="Strategy_unit_list"),
ConditionalField(XStrFixedLenField("N_sid", "", 16),
lambda pkt: pkt.N == 1),
ConditionalField(XStrFixedLenField("L_sid", "", 20),
lambda pkt: pkt.L == 1),
ConditionalField(XStrFixedLenField("nid", "", 16),
lambda pkt: pkt.I == 1),
PacketListField("Strategy_unit_list",
None,
Strategy_unit,
count_from=lambda pkt: pkt.Strategy_N)
]
def post_build(self, pkt, pay):
if self.Unit_length is None:
self.Unit_length = len(pkt)
pkt = pkt[:1] + int2Bytes(self.Unit_length, 1) + pkt[2:]
return pkt + pay
class Joystick(Tag): # 0x0c
fields_desc = [
LenField('len', None, fmt='B'),
XByteField('tag', 0x0c),
FieldLenField('axis_count', None, fmt='B', count_of='axes'),
FieldListField('axes', [],
SignedByteField('', None),
count_from=lambda pkt: pkt.axis_count),
FieldLenField('button_count', None, fmt='B', count_of='buttons'),
ButtonsField('buttons', [], count_from=lambda pkt: pkt.button_count),
FieldLenField('pov_count', None, fmt='B', length_of='povs'),
FieldListField('povs', [],
SignedShortField('', None),
count_from=lambda pkt: pkt.pov_count)
]
class MRI2(Packet):
fields_desc = [FieldLenField("length", None,
length_of="swtraces",
adjust=lambda pkt,l:l*23+4),
ShortField("count", 0),
PacketListField("swtraces",
[],
SwitchTrace2,
count_from=lambda pkt:(pkt.count*1))]
class Template(Packet):
name = "Template"
fields_desc = [
ShortField("templateID", 256),
FieldLenField("fieldCount", None, count_of="fields"),
PacketListField(
"templateFields", [], FieldSpecifier, count_from=lambda p: p.fieldCount
),
]
class ErrorMessage(Tag):
name = 'Tag - ErrorMessage'
fields_desc = [
LenField('len', None),
XByteField('tag', 0x0b),
IEEEFloatField('timestamp', 0.0),
ShortField('seqnum', 0),
ShortField('unknown', 1),
SignedIntField('code', 0),
FlagsField('flag', 0, 8,
['error', 'isLVCode', 'f2', 'f3', 'f4', 'f5', 'f6', 'f7']),
FieldLenField('details_len', None, fmt='H', length_of='details'),
StrLenField('details', '', length_from=lambda pkt: pkt.details_len),
FieldLenField('location_len', None, fmt='H', length_of='location'),
StrLenField('location', '', length_from=lambda pkt: pkt.location_len),
FieldLenField('callstack_len', None, fmt='H', length_of='callstack'),
StrLenField('callstack', '', length_from=lambda pkt: pkt.callstack_len)
]
class Strategy_unit(Packet):
name = "CoLoR_Ann_Strategy_unit"
fields_desc = [
ByteField("tag", 0),
FieldLenField("length", None, fmt="B", length_of="value"),
StrLenField("value", "", length_from=lambda pkt: pkt.length)
]
def extract_padding(self, s):
return "", s
class IPOption_MRI(IPOption):
name = "MRI"
option = 31
fields_desc = [ _IPOption_HDR,
FieldLenField("length", None, fmt="B",
length_of="swids",
adjust=lambda pkt,l:l+4),
ShortField("count", 0),
FieldListField("swids",
[],
IntField("", 0),
length_from=lambda pkt:pkt.count*4) ]
class IPOption_MRI(IPOption):
name = "MRI"
option = 31
fields_desc = [ _IPOption_HDR,
FieldLenField("length", None, fmt="B",
length_of="swtraces",
adjust=lambda pkt,l:l*2+4),
ShortField("count", 0),
PacketListField("swtraces",
[],
SwitchTrace,
count_from=lambda pkt:(pkt.count*1)) ]
class IPOption_INT(IPOption):
name = "INTLoss"
option = 31
fields_desc = [ _IPOption_HDR,
FieldLenField("length", None, fmt="B",
length_of="swtraces",
adjust=lambda pkt,l:l*2+4),
BitField("loss_bit", 0, 1),
BitField("count", 0, 15),
PacketListField("swtraces",
[],
SwitchTrace,
count_from=lambda pkt:(pkt.count*1)) ]
class Dot11EltRates(Packet):
"""The rates member contains an array of supported rates"""
name = '802.11 Rates Information Element'
# Known rates come from table in 6.5.5.2 of the 802.11 spec
known_rates = {
2: 1,
3: 1.5,
4: 2,
5: 2.5,
6: 3,
9: 4.5,
11: 5.5,
12: 6,
18: 9,
22: 11,
24: 12,
27: 13.5,
36: 18,
44: 22,
48: 24,
54: 27,
66: 33,
72: 36,
96: 48,
108: 54
}
fields_desc = [
ByteField('ID', 0),
FieldLenField("len", None, "info", "B"),
FieldListField('supported_rates',
None,
ByteField('', 0),
count_from=lambda pkt: pkt.len),
]
def post_dissection(self, pkt):
self.rates = []
for supported_rate in self.supported_rates:
# check the msb for each rate
rate_msb = supported_rate & 0x80
rate_value = supported_rate & 0x7F
if rate_msb:
# a value of 127 means HT PHY feature is required to join the BSS
if 127 != rate_value:
self.rates.append(rate_value / 2)
elif rate_value in Dot11EltRates.known_rates:
self.rates.append(Dot11EltRates.known_rates[rate_value])
class DDOSD(Packet):
name = "DDOSD"
fields_desc = [
IntField("pkt_num", None),
IntField("src_entropy", None),
IntField("src_ewma", None),
IntField("src_ewmmd", None),
IntField("dst_entropy", None),
IntField("dst_ewma", None),
IntField("dst_ewmmd", None),
ByteField("alarm", None),
ByteField("protocol", None),
FieldLenField("count_ip", None, count_of="IPs"),
PacketListField("IPs", [], alarm, count_from=lambda pkt: pkt.count_ip)
]
class IPOption_INT(IPOption):
name = "INT"
option = 31
fields_desc = [
_IPOption_HDR,
FieldLenField("length",
None,
fmt="B",
length_of="int_headers",
adjust=lambda pkt, l: l * 2 + 8),
ShortField("count", 0),
PacketListField("int_headers", [],
SwitchTrace,
count_from=lambda pkt: (pkt.count * 1))
]
class Dot11EltRSN(Packet):
"""The enc, cipher, and auth members contain the decoded 'security' details"""
name = '802.11 RSN Information Element'
cipher_suites = {
'\x00\x0f\xac\x00': 'GROUP',
'\x00\x0f\xac\x01': 'WEP',
'\x00\x0f\xac\x02': 'TKIP',
'\x00\x0f\xac\x04': 'CCMP',
'\x00\x0f\xac\x05': 'WEP'
}
auth_suites = {'\x00\x0f\xac\x01': 'MGT', '\x00\x0f\xac\x02': 'PSK'}
fields_desc = [
ByteField('ID', 0),
FieldLenField("len", None, "info", "B"),
LEShortField('version', 1),
StrFixedLenField('group_cipher_suite', '', length=4),
LEFieldLenField('pairwise_cipher_suite_count',
1,
count_of='pairwise_cipher_suite'),
FieldListField('pairwise_cipher_suite',
None,
StrFixedLenField('', '', length=4),
count_from=lambda pkt: pkt.pairwise_cipher_suite_count),
LEFieldLenField('auth_cipher_suite_count',
1,
count_of='auth_cipher_suite'),
FieldListField('auth_cipher_suite',
None,
StrFixedLenField('', '', length=4),
count_from=lambda pkt: pkt.auth_cipher_suite_count),
BitField('rsn_cap_pre_auth', 0, 1),
BitField('rsn_cap_no_pairwise', 0, 1),
BitField('rsn_cap_ptksa_replay_counter', 0, 2),
BitField('rsn_cap_gtksa_replay_counter', 0, 2),
BitField('rsn_cap_mgmt_frame_protect_required', 0, 1),
BitField('rsn_cap_mgmt_frame_protect_capable', 0, 1),
BitField('rsn_cap_reserved_1', 0, 1),
BitField('rsn_cap_peer_key_enabled', 0, 1),
BitField('rsn_cap_reserved_2', 0, 6),
]
def post_dissection(self, pkt):
"""Parse cipher suites to determine encryption, cipher, and authentication methods"""
self.enc = 'WPA2' # Everything is assumed to be WPA
self.cipher = ''
self.auth = ''
ciphers = [
self.cipher_suites.get(pairwise_cipher)
for pairwise_cipher in self.getfieldval('pairwise_cipher_suite')
]
if 'GROUP' in ciphers:
ciphers = [
self.cipher_suites.get(group_cipher, '')
for group_cipher in self.getfieldval('group_cipher_suite')
]
for cipher in ['CCMP', 'TKIP', 'WEP']:
if cipher in ciphers:
self.cipher = cipher
break
if 'WEP' == self.cipher:
self.enc = 'WEP'
for auth_cipher in self.getfieldval('auth_cipher_suite'):
self.auth = self.auth_suites.get(auth_cipher, '')
break
