class _ESPPlain(Packet): """ Internal class to represent unencrypted ESP packets. """ name = 'ESP' fields_desc = [ XIntField('spi', 0x0), IntField('seq', 0), StrField('iv', ''), PacketField('data', '', Raw), StrField('padding', ''), ByteField('padlen', 0), ByteEnumField('nh', 0, IP_PROTOS), StrField('icv', ''), ] def data_for_encryption(self): return raw(self.data) + self.padding + struct.pack("BB", self.padlen, self.nh) # noqa: E501
class RTPSSubMessage_INFO_DST(EPacket): """ 0...2...........7...............15.............23...............31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | INFO_DST | flags | octetsToNextHeader | +---------------+---------------+---------------+---------------+ | | + GuidPrefix guidPrefix + | | +---------------+---------------+---------------+---------------+ """ name = "RTPS INFO_DTS (0x0e)" endianness = ">" fields_desc = [ XByteField("submessageId", 0x0E), XByteField("submessageFlags", 0), EField(ShortField("octetsToNextHeader", 0)), PacketField("guidPrefix", "", GUIDPrefixPacket), ]
class GetDescriptor(RequestDescriptor): fields_desc = [ PacketField("bmRequestType", bmRequestType(), bmRequestType), ByteEnumField("bRequest", URBDefs.Request.GET_DESCRIPTOR, URBDefs.Request.desc), ByteField("descriptor_index", 0), ByteEnumField( "bDescriptorType", USBDefs.DescriptorType.DEVICE_DESCRIPTOR, USBDefs.DescriptorType.desc, ), ShortEnumField("language_id", URBDefs.Language.NONE_SPECIFIED, URBDefs.Language.desc), LEShortField("wLength", 0), ] def desc(self): return "GetDescriptor %s [sz:%u]" % ( USBDefs.DescriptorType[self.bDescriptorType], self.wLength, )
class _ESPPlain(Packet): """ Internal class to represent unencrypted ESP packets. """ name = 'ESP' fields_desc = [ XIntField('spi', 0x0), IntField('seq', 0), StrField('iv', ''), PacketField('data', '', Raw), StrField('padding', ''), ByteField('padlen', 0), ByteEnumField('nh', 0, IP_PROTOS), StrField('icv', ''), ] def data_for_encryption(self): return bytes(self.data) + self.padding + chr(self.padlen).encode('ascii') + chr(self.nh).encode('ascii')
class CEMI(Packet): name = "CEMI" fields_desc = [ ByteEnumField("message_code", None, MESSAGE_CODES), MultipleTypeField( [(PacketField("cemi_data", LcEMI(), LcEMI), lambda pkt: pkt.message_code == 0x11), (PacketField("cemi_data", LcEMI(), LcEMI), lambda pkt: pkt.message_code == 0x2e), (PacketField("cemi_data", DPcEMI(), DPcEMI), lambda pkt: pkt.message_code == 0xFC), (PacketField("cemi_data", DPcEMI(), DPcEMI), lambda pkt: pkt.message_code == 0xFB), (PacketField("cemi_data", DPcEMI(), DPcEMI), lambda pkt: pkt.message_code == 0xF6), (PacketField("cemi_data", DPcEMI(), DPcEMI), lambda pkt: pkt.message_code == 0xF5)], PacketField("cemi_data", LcEMI(), LcEMI)) ]
class FlowTableEntryMatchParam(Packet): fields_desc = [ PacketField('outer_headers', FlowTableEntryMatchSetLyr24(), FlowTableEntryMatchSetLyr24), PacketField('misc_parameters', FlowTableEntryMatchSetMisc(), FlowTableEntryMatchSetMisc), PacketField('inner_headers', FlowTableEntryMatchSetLyr24(), FlowTableEntryMatchSetLyr24), PacketField('misc_parameters_2', FlowTableEntryMatchSetMisc2(), FlowTableEntryMatchSetMisc2), PacketField('misc_parameters_3', FlowTableEntryMatchSetMisc3(), FlowTableEntryMatchSetMisc3), PacketField('misc_parameters_4', FlowTableEntryMatchSetMisc4(), FlowTableEntryMatchSetMisc4), PacketField('misc_parameters_5', FlowTableEntryMatchSetMisc5(), FlowTableEntryMatchSetMisc5), # Keep reserved commented out since SW steering checks the size with # supported fields only. # StrFixedLenField('reserved1', None, length=128), ]
class CreateQpIn(Packet): fields_desc = [ ShortField('opcode', DevxOps.MLX5_CMD_OP_CREATE_QP), ShortField('uid', 0), ShortField('reserved1', 0), ShortField('op_mod', 0), ByteField('reserved2', 0), BitField('input_qpn', 0, 24), BitField('reserved3', 0, 1), BitField('cmd_on_behalf', 0, 1), BitField('reserved4', 0, 14), ShortField('vhca_id', 0), IntField('opt_param_mask', 0), StrFixedLenField('reserved5', None, length=4), PacketField('sw_qpc', SwQpc(), SwQpc), LongField('e_mtt_pointer_or_wq_umem_offset', 0), IntField('wq_umem_id', 0), BitField('wq_umem_valid', 0, 1), BitField('reserved6', 0, 31), PacketListField('pas', [SwPas() for x in range(0)], SwPas, count_from=lambda pkt: 0), ]
class AV_PAIR(Packet): name = "NTLM AV Pair" fields_desc = [ LEShortEnumField( 'AvId', 0, { 0x0000: "MsvAvEOL", 0x0001: "MsvAvNbComputerName", 0x0002: "MsvAvNbDomainName", 0x0003: "MsvAvDnsComputerName", 0x0004: "MsvAvDnsDomainName", 0x0005: "MsvAvDnsTreeName", 0x0006: "MsvAvFlags", 0x0007: "MsvAvTimestamp", 0x0008: "MsvAvSingleHost", 0x0009: "MsvAvTargetName", 0x000A: "MsvAvChannelBindings", }), FieldLenField('AvLen', None, length_of="Value", fmt="<H"), MultipleTypeField([ (LEIntEnumField( 'Value', 1, { 0x0001: "constrained", 0x0002: "MIC integrity", 0x0004: "SPN from untrusted source" }), lambda pkt: pkt.AvId == 0x0006), (UTCTimeField("Value", None, epoch=[1601, 1, 1, 0, 0, 0], custom_scaling=1e7, fmt="<Q"), lambda pkt: pkt.AvId == 0x0007), (PacketField('Value', Single_Host_Data(), Single_Host_Data), lambda pkt: pkt.AvId == 0x0008), (XStrLenField('Value', b"", length_from=lambda pkt: pkt.AvLen), lambda pkt: pkt.AvId == 0x000A), ], StrLenFieldUtf16('Value', b"", length_from=lambda pkt: pkt.AvLen)) ] def default_payload_class(self, payload): return conf.padding_layer
class MACsec(Packet): """representation of one MACsec frame""" name = '802.1AE' deprecated_fields = { 'an': ("AN", "2.4.4"), 'pn': ("PN", "2.4.4"), 'sci': ("SCI", "2.4.4"), 'shortlen': ("SL", "2.4.4"), } # 802.1AE-2018 - Section 9 fields_desc = [ # 802.1AE-2018 - Section 9.5 BitField('Ver', 0, 1), BitField('ES', 0, 1), # End Station BitField('SC', 0, 1), # Secure Channel BitField('SCB', 0, 1), # Single Copy Broadcast BitField('E', 0, 1), # Encryption BitField('C', 0, 1), # Changed Text BitField('AN', 0, 2), # Association Number # 802.1AE-2018 - Section 9.7 BitField('reserved', 0, 2), BitField('SL', 0, 6), # Short Length # 802.1AE-2018 - Section 9.8 IntField("PN", 1), # Packet Number # 802.1AE-2018 - Section 9.9 ConditionalField(PacketField("SCI", None, MACsecSCI), lambda pkt: pkt.SC), # Off-spec. Used for conveniency (only present if passed manually) ConditionalField(XShortEnumField("type", None, ETHER_TYPES), lambda pkt: "type" in pkt.fields) ] def mysummary(self): summary = self.sprintf("an=%MACsec.an%, pn=%MACsec.pn%") if self.SC: summary += self.sprintf(", sci=%MACsec.sci%") if self.type is not None: summary += self.sprintf(", %MACsec.type%") return summary
class READDIR_Reply(Packet): name = 'READDIR Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField(PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1), ConditionalField(XLongField('verifier', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('value_follows', 0), lambda pkt: pkt.status == 0), ConditionalField( PacketListField( 'files', None, cls=File_From_Dir, next_cls_cb=lambda pkt, lst, cur, remain: File_From_Dir if pkt.value_follows == 1 and (len(lst) == 0 or cur.value_follows == 1) and len( remain) > 4 else None), lambda pkt: pkt.status == 0), ConditionalField(IntField('eof', 0), lambda pkt: pkt.status == 0) ]
class Dot11EltMicrosoftWPA(Dot11Elt): name = "802.11 Microsoft WPA" fields_desc = [ ByteField("ID", 221), ByteField("len", None), X3BytesField("oui", 0x0050f2), XByteField("type", 0x01), LEShortField("version", 1), PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), LEFieldLenField("nb_pairwise_cipher_suites", 1, count_of="pairwise_cipher_suites"), PacketListField("pairwise_cipher_suites", RSNCipherSuite(), RSNCipherSuite, count_from=lambda p: p.nb_pairwise_cipher_suites), LEFieldLenField("nb_akm_suites", 1, count_of="akm_suites"), PacketListField("akm_suites", AKMSuite(), AKMSuite, count_from=lambda p: p.nb_akm_suites) ]
class SMB2_Session_Setup_Response(Packet): name = "SMB2 Session Setup Response" OFFSET = 8 + 64 fields_desc = [ XLEShortField("StructureSize", 0), FlagsField("SessionFlags", 0, -16, { 0x0001: "IS_GUEST", 0x0002: "IS_NULL", 0x0004: "ENCRYPT_DATE", }), XLEShortField("SecurityBufferOffset", None), FieldLenField("SecurityLen", None, fmt="<H", length_of="Security"), _NTLMPayloadField('Buffer', OFFSET, [ PacketField("Security", None, GSSAPI_BLOB), ]) ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _SMB2_post_build(self, pkt, self.OFFSET, { "Security": 4, }) + pay
class OFPTFlowRemoved(_ofp_header): name = "OFPT_FLOW_REMOVED" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 11, ofp_type), ShortField("len", None), IntField("xid", 0), PacketField("match", OFPMatch(), OFPMatch), LongField("cookie", 0), ShortField("priority", 0), ByteEnumField("reason", 0, { 0: "OFPRR_IDLE_TIMEOUT", 1: "OFPRR_HARD_TIMEOUT", 2: "OFPRR_DELETE" }), XByteField("pad1", 0), IntField("duration_sec", 0), IntField("duration_nsec", 0), ShortField("idle_timeout", 0), XShortField("pad2", 0), LongField("packet_count", 0), LongField("byte_count", 0) ]
class FSINFO_Reply(Packet): name = 'FSINFO Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField(PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1), ConditionalField(IntField('rtmax', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('rtpref', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('rtmult', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtmax', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtpref', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtmult', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('dtpref', 0), lambda pkt: pkt.status == 0), ConditionalField(LongField('maxfilesize', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('timedelta_s', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('timedelta_ns', 0), lambda pkt: pkt.status == 0), ConditionalField(XIntField('properties', 0), lambda pkt: pkt.status == 0), ]
class Dot15d4Data(Packet): name = "802.15.4 Data" fields_desc = [ XLEShortField("dest_panid", 0xFFFF), dot15d4AddressField("dest_addr", 0xFFFF, length_of="fcf_destaddrmode"), ConditionalField(XLEShortField("src_panid", 0x0), lambda pkt:util_srcpanid_present(pkt)), ConditionalField(dot15d4AddressField("src_addr", None, length_of="fcf_srcaddrmode"), # noqa: E501 lambda pkt:pkt.underlayer.getfieldval("fcf_srcaddrmode") != 0), # noqa: E501 # Security field present if fcf_security == True ConditionalField(PacketField("aux_sec_header", Dot15d4AuxSecurityHeader(), Dot15d4AuxSecurityHeader), # noqa: E501 lambda pkt:pkt.underlayer.getfieldval("fcf_security") is True), # noqa: E501 ] def guess_payload_class(self, payload): # TODO: See how it's done in wireshark: # https://github.com/wireshark/wireshark/blob/93c60b3b7c801dddd11d8c7f2a0ea4b7d02d700a/epan/dissectors/packet-ieee802154.c#L2061 # noqa: E501 # it's too magic to me from scapy.layers.sixlowpan import SixLoWPAN from scapy.layers.zigbee import ZigbeeNWK if conf.dot15d4_protocol == "sixlowpan": return SixLoWPAN elif conf.dot15d4_protocol == "zigbee": return ZigbeeNWK else: if conf.dot15d4_protocol is None: _msg = "Please set conf.dot15d4_protocol to select a " + \ "802.15.4 protocol. Values must be in the list: " else: _msg = "Unknown conf.dot15d4_protocol value: must be in " warning(_msg + "['sixlowpan', 'zigbee']" + " Defaulting to SixLoWPAN") return SixLoWPAN def mysummary(self): return self.sprintf("802.15.4 Data ( %Dot15d4Data.src_panid%:%Dot15d4Data.src_addr% -> %Dot15d4Data.dest_panid%:%Dot15d4Data.dest_addr% )") # noqa: E501
class MKABasicParamSet(Packet): """ Basic Parameter Set (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "Basic Parameter Set" fields_desc = [ ByteField("mka_version_id", 0), ByteField("key_server_priority", 0), BitField("key_server", 0, 1), BitField("macsec_desired", 0, 1), BitField("macsec_capability", 0, 2), BitField("param_set_body_len", 0, 12), PacketField("SCI", MACsecSCI(), MACsecSCI), XStrFixedLenField("actor_member_id", "", length=12), XIntField("actor_message_number", 0), XIntField("algorithm_agility", 0), PadField( XStrLenField( "cak_name", "", length_from=lambda pkt: (pkt.param_set_body_len - 28) ), 4, padwith=b"\x00" ) ] def extract_padding(self, s): return "", s
class SMB2_Negotiate_Protocol_Request(Packet): name = "SMB2 Negotiate Protocol Request" fields_desc = [ XLEShortField("StructureSize", 0), FieldLenField("DialectCount", None, fmt="<H", count_of="Dialects"), # SecurityMode FlagsField( "SecurityMode", 0, -16, { 0x01: "SMB2_NEGOTIATE_SIGNING_ENABLED", 0x02: "SMB2_NEGOTIATE_SIGNING_REQUIRED", }), LEShortField("Reserved", 0), # Capabilities FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES), UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), # XXX TODO If we ever want to properly dissect the offsets, we have # a _NTLMPayloadField in scapy/layers/ntlm.py that does precisely that XLEIntField("NegotiateContextOffset", 0x0), FieldLenField("NegotiateCount", None, fmt="<H", count_of="NegotiateContexts"), ShortField("Reserved2", 0), FieldListField("Dialects", [0x0202], LEShortEnumField("", 0x0, SMB_DIALECTS), count_from=lambda pkt: pkt.DialectCount), # Field only exists if Dialects contains 0x0311 # Each negotiate context must be 8-byte aligned ConditionalField( FieldListField("NegotiateContexts", [], ReversePadField( PacketField("Context", None, SMB2_Negotiate_Context), 8), count_from=lambda pkt: pkt.NegotiateCount), lambda x: 0x0311 in x.Dialects), ]
class MACsec(Packet): """representation of one MACsec frame""" name = '802.1AE' fields_desc = [BitField('Ver', 0, 1), BitField('ES', 0, 1), BitField('SC', 0, 1), BitField('SCB', 0, 1), BitField('E', 0, 1), BitField('C', 0, 1), BitField('an', 0, 2), BitField('reserved', 0, 2), BitField('shortlen', 0, 6), IntField("pn", 1), ConditionalField(PacketField("sci", None, MACsecSCI), lambda pkt: pkt.SC), # noqa: E501 ConditionalField(XShortEnumField("type", None, ETHER_TYPES), lambda pkt: pkt.type is not None)] def mysummary(self): summary = self.sprintf("an=%MACsec.an%, pn=%MACsec.pn%") if self.SC: summary += self.sprintf(", sci=%MACsec.sci%") if self.type is not None: summary += self.sprintf(", %MACsec.type%") return summary
class SMB2_Session_Setup_Request(Packet): name = "SMB2 Session Setup Request" OFFSET = 16 + 64 fields_desc = [ XLEShortField("StructureSize", 0), FlagsField("Flags", 0, -8, ["SMB2_SESSION_FLAG_BINDING"]), FlagsField("SecurityMode", 0, -8, { 0x1: "Signing Required", 0x2: "Signing Enabled", }), FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES), LEIntField("Channel", 0), XLEShortField("SecurityBufferOffset", None), FieldLenField("SecurityLen", None, fmt="<H", length_of="Security"), _NTLMPayloadField('Buffer', OFFSET, [ PacketField("Security", None, GSSAPI_BLOB), ]) ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _SMB2_post_build(self, pkt, self.OFFSET, { "Security": 12, }) + pay
class OFPTFlowMod(_ofp_header): name = "OFPT_FLOW_MOD" fields_desc = [ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 14, ofp_type), ShortField("len", None), IntField("xid", 0), PacketField("match", OFPMatch(), OFPMatch), LongField("cookie", 0), ShortEnumField("cmd", 0, {0: "OFPFC_ADD", 1: "OFPFC_MODIFY", 2: "OFPFC_MODIFY_STRICT", 3: "OFPFC_DELETE", 4: "OFPFC_DELETE_STRICT"}), ShortField("idle_timeout", 0), ShortField("hard_timeout", 0), ShortField("priority", 0), IntEnumField("buffer_id", "NO_BUFFER", ofp_buffer), ShortEnumField("out_port", "NONE", ofp_port_no), FlagsField("flags", 0, 16, ["SEND_FLOW_REM", "CHECK_OVERLAP", "EMERG"]), PacketListField("actions", [], OFPAT, ofp_action_cls, length_from=lambda pkt:pkt.len - 72)]
class ServerECDHExplicitPrimeParams(_GenericTLSSessionInheritance): """ We provide parsing abilities for ExplicitPrimeParams, but there is no support from the cryptography library, hence no context operations. """ name = "Server ECDH parameters - Explicit Prime" fields_desc = [ByteEnumField("curve_type", 1, _tls_ec_curve_types), FieldLenField("plen", None, length_of="p", fmt="B"), StrLenField("p", "", length_from=lambda pkt: pkt.plen), PacketField("curve", None, ECCurvePkt), FieldLenField("baselen", None, length_of="base", fmt="B"), StrLenField("base", "", length_from=lambda pkt: pkt.baselen), FieldLenField("orderlen", None, length_of="order", fmt="B"), StrLenField("order", "", length_from=lambda pkt: pkt.orderlen), FieldLenField("cofactorlen", None, length_of="cofactor", fmt="B"), StrLenField("cofactor", "", length_from=lambda pkt: pkt.cofactorlen), FieldLenField("pointlen", None, length_of="point", fmt="B"), StrLenField("point", "", length_from=lambda pkt: pkt.pointlen)] def fill_missing(self): """ Note that if it is not set by the user, the cofactor will always be 1. It is true for most, but not all, TLS elliptic curves. """ if self.curve_type is None: self.curve_type = _tls_ec_curve_types["explicit_prime"] def guess_payload_class(self, p): return Padding
class OmciFrame(Packet): name = "OmciFrame" fields_desc = [ ShortField("transaction_id", 0), ByteField("message_type", None), ByteField("omci", 0x0a), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciCreate), align=36), lambda pkt: pkt.message_type == OmciCreate.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciCreateResponse), align=36), lambda pkt: pkt.message_type == OmciCreateResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciDelete), align=36), lambda pkt: pkt.message_type == OmciDelete.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciDeleteResponse), align=36), lambda pkt: pkt.message_type == OmciDeleteResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciSet), align=36), lambda pkt: pkt.message_type == OmciSet.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciSetResponse), align=36), lambda pkt: pkt.message_type == OmciSetResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGet), align=36), lambda pkt: pkt.message_type == OmciGet.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetResponse), align=36), lambda pkt: pkt.message_type == OmciGetResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetAllAlarms), align=36), lambda pkt: pkt.message_type == OmciGetAllAlarms.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetAllAlarmsResponse), align=36), lambda pkt: pkt.message_type == OmciGetAllAlarmsResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetAllAlarmsNext), align=36), lambda pkt: pkt.message_type == OmciGetAllAlarmsNext.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetAllAlarmsNextResponse), align=36), lambda pkt: pkt.message_type == OmciGetAllAlarmsNextResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibUpload), align=36), lambda pkt: pkt.message_type == OmciMibUpload.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibUploadResponse), align=36), lambda pkt: pkt.message_type == OmciMibUploadResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibUploadNext), align=36), lambda pkt: pkt.message_type == OmciMibUploadNext.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibUploadNextResponse), align=36), lambda pkt: pkt.message_type == OmciMibUploadNextResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibReset), align=36), lambda pkt: pkt.message_type == OmciMibReset.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciMibResetResponse), align=36), lambda pkt: pkt.message_type == OmciMibResetResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciAlarmNotification), align=36), lambda pkt: pkt.message_type == OmciAlarmNotification.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciAttributeValueChange), align=36), lambda pkt: pkt.message_type == OmciAttributeValueChange.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciTestResult), align=36), lambda pkt: pkt.message_type == OmciTestResult.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciReboot), align=36), lambda pkt: pkt.message_type == OmciReboot.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciRebootResponse), align=36), lambda pkt: pkt.message_type == OmciRebootResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetNext), align=36), lambda pkt: pkt.message_type == OmciGetNext.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetNextResponse), align=36), lambda pkt: pkt.message_type == OmciGetNextResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciSynchronizeTime), align=36), lambda pkt: pkt.message_type == OmciSynchronizeTime.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciSynchronizeTimeResponse), align=36), lambda pkt: pkt.message_type == OmciSynchronizeTimeResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetCurrentData), align=36), lambda pkt: pkt.message_type == OmciGetCurrentData.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciGetCurrentDataResponse), align=36), lambda pkt: pkt.message_type == OmciGetCurrentDataResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciStartSoftwareDownload), align=36), lambda pkt: pkt.message_type == OmciStartSoftwareDownload.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciStartSoftwareDownloadResponse), align=36), lambda pkt: pkt.message_type == OmciStartSoftwareDownloadResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciDownloadSection), align=36), lambda pkt: pkt.message_type == OmciDownloadSection.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciDownloadSectionLast), align=36), lambda pkt: pkt.message_type == OmciDownloadSectionLast.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciDownloadSectionResponse), align=36), lambda pkt: pkt.message_type == OmciDownloadSectionResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciEndSoftwareDownload), align=36), lambda pkt: pkt.message_type == OmciEndSoftwareDownload.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciEndSoftwareDownloadResponse), align=36), lambda pkt: pkt.message_type == OmciEndSoftwareDownloadResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciActivateImage), align=36), lambda pkt: pkt.message_type == OmciActivateImage.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciActivateImageResponse), align=36), lambda pkt: pkt.message_type == OmciActivateImageResponse.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciCommitImage), align=36), lambda pkt: pkt.message_type == OmciCommitImage.message_id), ConditionalField( FixedLenField(PacketField("omci_message", None, OmciCommitImageResponse), align=36), lambda pkt: pkt.message_type == OmciCommitImageResponse.message_id), # TODO add entries for remaining OMCI message types IntField("omci_trailer", 0x00000028) ] # We needed to patch the do_dissect(...) method of Packet, because # it wiped out already dissected conditional fields with None if they # referred to the same field name. We marked the only new line of code # with "Extra condition added". def do_dissect(self, s): raw = s self.raw_packet_cache_fields = {} for f in self.fields_desc: if not s: break s, fval = f.getfield(self, s) # We need to track fields with mutable values to discard # .raw_packet_cache when needed. if f.islist or f.holds_packets: self.raw_packet_cache_fields[f.name] = f.do_copy(fval) # Extra condition added if fval is not None or f.name not in self.fields: self.fields[f.name] = fval assert (raw.endswith(s)) self.raw_packet_cache = raw[:-len(s)] if s else raw self.explicit = 1 return s
def __init__(self, name, default, length_from=None, remain=0): self.length_from = length_from PacketField.__init__(self, name, default, None, remain=remain)
class GMLAN_RFRDPR_RFRP(Packet): name = 'ReadFailureRecordDataPositiveResponse_readFailureRecordParameters' fields_desc = [PacketField("dtc", b'', GMLAN_DTC)]
class ECDSAPrivateKey_OpenSSL(Packet): name = "ECDSA Params + Private Key" fields_desc = [ _PacketFieldRaw("ecparam", ECParameters(), ECParameters), PacketField("privateKey", ECDSAPrivateKey(), ECDSAPrivateKey) ]
class LinkADRAns(Packet): name = "LinkADRAns" fields_desc = [ PacketField("status", LinkADRAns_Status(), LinkADRAns_Status) ]
def __init__(self, name, default, length_from=None, **kargs): self.length_from = length_from PacketField.__init__(self, name, default, Ticket, **kargs)
class TLS_Ext_KeyShare_SH(TLS_Ext_Unknown): name = "TLS Extension - Key Share (for ServerHello)" fields_desc = [ ShortEnumField("type", 0x33, _tls_ext), ShortField("len", None), PacketField("server_share", None, KeyShareEntry) ] def post_build(self, pkt, pay): if not self.tls_session.frozen and self.server_share.privkey: # if there is a privkey, we assume the crypto library is ok privshare = self.tls_session.tls13_server_privshare if len(privshare) > 0: pkt_info = pkt.firstlayer().summary() log_runtime.info( "TLS: overwriting previous server key share [%s]", pkt_info) # noqa: E501 group_name = _tls_named_groups[self.server_share.group] privshare[group_name] = self.server_share.privkey if group_name in self.tls_session.tls13_client_pubshares: privkey = self.server_share.privkey pubkey = self.tls_session.tls13_client_pubshares[group_name] if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): if group_name == "x25519": pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms return super(TLS_Ext_KeyShare_SH, self).post_build(pkt, pay) def post_dissection(self, r): if not self.tls_session.frozen and self.server_share.pubkey: # if there is a pubkey, we assume the crypto library is ok pubshare = self.tls_session.tls13_server_pubshare if pubshare: pkt_info = r.firstlayer().summary() log_runtime.info( "TLS: overwriting previous server key share [%s]", pkt_info) # noqa: E501 group_name = _tls_named_groups[self.server_share.group] pubshare[group_name] = self.server_share.pubkey if group_name in self.tls_session.tls13_client_privshares: pubkey = self.server_share.pubkey privkey = self.tls_session.tls13_client_privshares[group_name] if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): if group_name == "x25519": pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms elif group_name in self.tls_session.tls13_server_privshare: pubkey = self.tls_session.tls13_client_pubshares[group_name] privkey = self.tls_session.tls13_server_privshare[group_name] if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): if group_name == "x25519": pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms return super(TLS_Ext_KeyShare_SH, self).post_dissection(r)
def __init__(self, name, default, basis_type_from, clsdict): self.clsdict = clsdict self.basis_type_from = basis_type_from PacketField.__init__(self, name, default, None)
def __init__(self, name, default, length_from=None): self.length_from = length_from PacketField.__init__(self, name, default, None)
class SAPRouter(Packet): """SAP Router packet This packet is used for general SAP Router packets. There are (at least) five types of SAP Router packets: 1. Route packets. For requesting the routing of a connection to a remote hosts. The packet contains some general information and a connection string with a list of routing hops (:class:`SAPRouterRouteHop`). 2. Administration packets. This packet is used for the SAP Router to send administrative commands. It's suppose to be used only from the hosts running the SAP Router or when an specific route is included in the routing table. Generally administration packets are not accepted from the external binding. 3. Error Information packets. Packets sent when an error occurred. 4. Control Message packets. Used to perform some control activities, like retrieving the current SAPRouter version or to perform the SNC handshake. They have the same structure that error information packets. 5. Route accepted packet. Used to acknowledge a route request ("NI_PONG"). Routed packets and some responses doesn't fill in these five packet types. For identifying those cases, you should check the type using the function :class:`router_is_known_type`. NI Versions found (unconfirmed): - 30: Release 40C - 36: Release <6.20 - 38: Release 7.00/7.10 - 39: Release 7.11 - 40: Release 7.20/7.21 """ # Default router version to use SAPROUTER_DEFAULT_VERSION = 40 # Constants for router types SAPROUTER_ROUTE = "NI_ROUTE" """ :cvar: Constant for route packets :type: C{string} """ SAPROUTER_ADMIN = "ROUTER_ADM" """ :cvar: Constant for administration packets :type: C{string} """ SAPROUTER_ERROR = "NI_RTERR" """ :cvar: Constant for error information packets :type: C{string} """ SAPROUTER_CONTROL = "NI_RTERR" """ :cvar: Constant for control messages packets :type: C{string} """ SAPROUTER_PONG = "NI_PONG" """ :cvar: Constant for route accepted packets :type: C{string} """ router_type_values = [ SAPROUTER_ADMIN, SAPROUTER_ERROR, SAPROUTER_CONTROL, SAPROUTER_ROUTE, SAPROUTER_PONG, ] """ :cvar: List of known packet types :type: ``list`` of C{string} """ name = "SAP Router" fields_desc = [ # General fields present in all SAP Router packets StrNullField("type", SAPROUTER_ROUTE), ConditionalField( ByteField("version", 2), lambda pkt: router_is_known_type(pkt) and not router_is_pong(pkt)), # Route packets ConditionalField( ByteField("route_ni_version", SAPROUTER_DEFAULT_VERSION), router_is_route), ConditionalField(ByteField("route_entries", 0), router_is_route), ConditionalField( ByteEnumKeysField("route_talk_mode", 0, router_ni_talk_mode_values), router_is_route), ConditionalField(ShortField("route_padd", 0), router_is_route), ConditionalField(ByteField("route_rest_nodes", 0), router_is_route), ConditionalField( FieldLenField("route_length", 0, length_of="route_string", fmt="I"), router_is_route), ConditionalField(IntField("route_offset", 0), router_is_route), ConditionalField( PacketListField("route_string", None, SAPRouterRouteHop, length_from=lambda pkt: pkt.route_length), router_is_route), # Admin packets ConditionalField( ByteEnumKeysField("adm_command", 0x02, router_adm_commands), router_is_admin), ConditionalField( ShortField("adm_unused", 0x00), lambda pkt: router_is_admin(pkt) and pkt.adm_command not in [10, 11, 12, 13]), # Info Request fields ConditionalField( StrNullFixedLenField("adm_password", "", 19), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [2]), # Cancel Route fields ConditionalField( FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="H"), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [6]), # Trace Connection fields ConditionalField( FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="I"), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [12, 13]), # Cancel Route or Trace Connection fields ConditionalField( FieldListField("adm_client_ids", [0x00], IntField("", 0), count_from=lambda pkt: pkt.adm_client_count), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [6, 12, 13]), # Set/Clear Peer Trace fields # TODO: Check whether this field should be a IPv6 address or another proper field ConditionalField( StrFixedLenField("adm_address_mask", "", 32), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [10, 11]), # Error Information/Control Messages fields ConditionalField( ByteEnumKeysField("opcode", 0, router_control_opcodes), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), ConditionalField( ByteField("opcode_padd", 0), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), ConditionalField( SignedIntEnumField("return_code", 0, router_return_codes), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), # Error Information fields ConditionalField( FieldLenField("err_text_length", None, length_of="err_text_value", fmt="!I"), lambda pkt: router_is_error(pkt) and pkt.opcode == 0), ConditionalField( PacketField("err_text_value", SAPRouterError(), SAPRouterError), lambda pkt: router_is_error(pkt) and pkt.opcode == 0 and pkt.err_text_length > 0), ConditionalField(IntField("err_text_unknown", 0), lambda pkt: router_is_error(pkt) and pkt.opcode == 0), # Control Message fields ConditionalField( IntField("control_text_length", 0), lambda pkt: router_is_control(pkt) and pkt.opcode != 0), ConditionalField( StrField("control_text_value", "*ERR"), lambda pkt: router_is_control(pkt) and pkt.opcode != 0), # SNC Frame fields ConditionalField( PacketField("snc_frame", None, SAPSNCFrame), lambda pkt: router_is_control(pkt) and pkt.opcode in [70, 71]) ]
def __init__(self, name, default, basis_type_from, clsdict, remain=0): self.clsdict = clsdict self.basis_type_from = basis_type_from PacketField.__init__(self, name, default, None, remain=remain)
def __init__(self, name, default, cls): PacketField.__init__(self, name, default, cls)