from scapy.packet import bind_layers, split_layers, Raw
# Custom imports
import pysap
from pysap.SAPNI import SAPNI
from pysap.SAPDiag import SAPDiag, SAPDiagDP
from pysap.SAPDiagItems import *
# Bind the SAPDiag layer
bind_layers(SAPNI, SAPDiag,)
bind_layers(SAPNI, SAPDiagDP,)
bind_layers(SAPDiagDP, SAPDiag,)
bind_layers(SAPDiag, SAPDiagItem,)
bind_layers(SAPDiagItem, SAPDiagItem,)
# Unbind the SAPNI layer so we can perform the reassemble
split_layers(TCP, SAPNI, dport=3200)
# Set the verbosity to 0
conf.verb = 0
class DiagParser(object):
packets_metadata = {}
def __init__(self, options):
self.options = options
self.port = options.port
def parse_packet(self, pkt):
name = "IKEv2 Certificate"
fields_desc = [
ByteEnumField("next_payload", None, IKEv2_payload_type),
ByteField("res", 0),
FieldLenField("length", None, "cert_data", "H", adjust=lambda pkt, x: x + 5), # noqa: E501
ByteEnumField("cert_type", 0, IKEv2CertificateEncodings),
StrLenField("cert_data", "", length_from=lambda x:x.length - 5),
]
IKEv2_payload_type_overload = {}
for i, payloadname in enumerate(IKEv2_payload_type):
name = "IKEv2_payload_%s" % payloadname
if name in globals():
IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i}
del i, payloadname, name
IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy()
split_layers(UDP, ISAKMP, sport=500)
split_layers(UDP, ISAKMP, dport=500)
bind_layers(UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2
bind_layers(UDP, IKEv2, dport=4500, sport=4500)
def ikev2scan(ip, **kwargs):
"""Send a IKEv2 SA to an IP and wait for answers."""
return sr(IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8),
exch_type=34) / IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs) # noqa: E501
return pkt
def build_hmac_sha1(self, pw=b'\x00' * 20, ip4l=[], ip6l=[]):
h = hmac.new(pw, digestmod=hashlib.sha1)
# XXX: this is a dirty hack. it needs to pack version and type into a single 8bit field # noqa: E501
h.update(b'\x21')
# XXX: mac addy if different from special link layer. comes before vhid
h.update(struct.pack('!B', self.vhid))
sl = []
for i in ip4l:
# sort ips from smallest to largest
sl.append(inet_aton(i))
sl.sort()
for i in sl:
h.update(i)
# XXX: do ip6l sorting
return h.digest()
warning("CARP overwrites VRRP !")
# This cancel the bindings done in vrrp.py
split_layers(IP, VRRP, proto=IPPROTO_VRRP)
split_layers(IP, VRRPv3, proto=IPPROTO_VRRP)
# CARP bindings
bind_layers(IP, CARP, proto=112, dst='224.0.0.18')
def tearDown(self):
split_layers(Ether, self.RandomHeader, type=0x801)
super(RandomPSATest, self).tearDown()
"cert_data",
"H",
adjust=lambda pkt, x: x + 5), # noqa: E501
ByteEnumField("cert_type", 0, IKEv2CertificateEncodings),
StrLenField("cert_data", "", length_from=lambda x: x.length - 5),
]
IKEv2_payload_type_overload = {}
for i, payloadname in enumerate(IKEv2_payload_type):
name = "IKEv2_payload_%s" % payloadname
if name in globals():
IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i}
del i, payloadname, name
IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy()
split_layers(UDP, ISAKMP, sport=500)
split_layers(UDP, ISAKMP, dport=500)
bind_layers(UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2
bind_layers(UDP, IKEv2, dport=4500, sport=4500)
def ikev2scan(ip, **kwargs):
"""Send a IKEv2 SA to an IP and wait for answers."""
return sr(
IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) /
IKEv2_payload_SA(prop=IKEv2_payload_Proposal()),
**kwargs) # noqa: E501
def main():
if len(sys.argv) < 2:
raise ValueError("Usage: %s <pcap file>" %
os.path.basename(sys.argv[0]))
# Use scapy for IP/UDP/TCP parsing only - not for parsing DNS
split_layers(UDP, DNS)
split_layers(TCP, DNS)
pcap_filename = sys.argv[1]
packets = rdpcap(pcap_filename)
LOG.info("Loaded %s: %r", pcap_filename, packets)
#LOG.debug("%s", packets[1667].show())
#parsePartialDNS(packets[2589].load, packets[2589].proto)
dns_num = 0
total = 0
rcode_catagory = {}
sizelist = []
total_size = 0
roundtrip = {}
domainDic = {}
maxAn = 0
for pkt in packets:
total += 1
# Packet size = IP size + 14 frame size
if hasattr(pkt, 'len'):
# frame size = 14 Bytes
sizelist.append(pkt.len + 14)
total_size += pkt.len + 14
# DNS payload part.
if hasattr(pkt, 'load'):
# DNS port = 53
if (hasattr(pkt, 'dport') and pkt.dport == 53) or \
(hasattr(pkt, 'sport') and pkt.sport == 53):
dns_num += 1
# UDP & TCP proto No.
if pkt.proto == 17 or pkt.proto == 6:
flag, id, d, an = parsePartialDNS(pkt.load, pkt.proto)
rcode = flag & 0xF
qr = flag & 0x8000
if qr:
maxAn = max(maxAn, an)
# RCODE statistic.
if rcode not in rcode_catagory:
rcode_catagory[rcode] = 0
else:
rcode_catagory[rcode] += 1
# Latency statistic.
time = pkt.time
if id not in roundtrip:
roundtrip[id] = time
else:
roundtrip[id] = abs(roundtrip[id] - time)
# LOG.info("%s %s", hex(id), total)
# Domain statistic.
if d not in domainDic:
domainDic[d] = 1
else:
domainDic[d] += 1
LOG.debug("Visiting packet: %r", pkt)
# TODO: Your code can start here.
sorted_domain = sorted(domainDic.items(), key=lambda x: x[1])
sizelist.sort()
l = len(sizelist)
a = int(l / 2)
b = int((l - 1) / 2)
median = (sizelist[a] + sizelist[b]) / 2
LOG.info("The number of DNS is %s", dns_num)
LOG.info("The most number of RRs is %s", maxAn)
LOG.info("Average packet size : %.3f Bytes", total_size / l)
LOG.info("Median packet size : %s Bytes", median)
n = 1
while n < 6:
LOG.info("top " + str(n) + " frequency domain : %s",
sorted_domain.pop())
n += 1
total_latency = []
for k, v in roundtrip.items():
total_latency.append(v)
LOG.info("Average Latency : %.3fs", sum(total_latency) / len(roundtrip))
total_latency.sort()
latency95_idx = int(len(total_latency) * 0.95)
LOG.info("95Latency: %.3fs", total_latency[latency95_idx])
printHis(rcode_catagory)
LOG.info("Done.")
fields_desc = [
ShortField("ifindex", None),
ShortField("vrf", None),
ShortEnumField("cmd", 1, vrouter_agent_cmd_no),
IntField("param", None),
IntField("param_1", None),
IntField("param_2", None),
IntField("param_3", None),
IntField("param_4", None),
ByteField("param_5", None),
ThreeBytesField("param_5_pack", None)
]
def mysummary(self):
summary = self.sprintf("%cmd% vif0/%ifindex% Vrf:%vrf%")
if self.cmd == 6 or self.cmd == 15:
summary += self.sprintf(" Flow:%param% Gen:%param_5%"
" K(nh)=%param_1%")
return summary
def guess_payload_class(self, payload):
return InnerEther
split_layers(Ether, IP, type=0x800)
bind_layers(Ether, VrouterAgentHdr, type=0x800)
bind_layers(InnerEther, IP, type=0x800)
bind_layers(InnerEther, IPv6, type=0x86DD)
bind_layers(InnerEther, ARP, type=0x0806)
return pkt
def build_hmac_sha1(self, pw=b'\x00' * 20, ip4l=[], ip6l=[]):
h = hmac.new(pw, digestmod=hashlib.sha1)
# XXX: this is a dirty hack. it needs to pack version and type into a single 8bit field # noqa: E501
h.update(b'\x21')
# XXX: mac addy if different from special link layer. comes before vhid
h.update(struct.pack('!B', self.vhid))
sl = []
for i in ip4l:
# sort ips from smallest to largest
sl.append(inet_aton(i))
sl.sort()
for i in sl:
h.update(i)
# XXX: do ip6l sorting
return h.digest()
warning("CARP overwrites VRRP !")
# This cancel the bindings done in vrrp.py
split_layers(IP, VRRP, proto=IPPROTO_VRRP)
split_layers(IP, VRRPv3, proto=IPPROTO_VRRP)
# CARP bindings
bind_layers(IP, CARP, proto=112, dst='224.0.0.18')
import re
import time
import os
from test_case import TestCase
from pmd_output import PmdOutput
from settings import HEADER_SIZE
from packet import Packet, load_pcapfile
from scapy.layers.inet import UDP, IP
from scapy.packet import split_layers, bind_layers
from vxlan import Vxlan
from vxlan import VXLAN_PORT
CLOUD_PORT = 8472
split_layers(UDP, Vxlan, dport=VXLAN_PORT)
bind_layers(UDP, Vxlan, dport=CLOUD_PORT)
#
#
# Test class.
#
class CloudFilterConfig(object):
"""
Module for config/verify cloud filter rule
"""
RULE_TYPE = [
'iip', 'imac', 'omac+imac+vni', 'imac+ivlan+vni', 'imac+ivlan'
from scapy.packet import bind_layers, split_layers, Raw
# Custom imports
import pysap
from pysap.SAPNI import SAPNI
from pysap.SAPDiag import SAPDiag, SAPDiagDP
from pysap.SAPDiagItems import *
# Bind the SAPDiag layer
bind_layers(SAPNI, SAPDiag,)
bind_layers(SAPNI, SAPDiagDP,)
bind_layers(SAPDiagDP, SAPDiag,)
bind_layers(SAPDiag, SAPDiagItem,)
bind_layers(SAPDiagItem, SAPDiagItem,)
# Unbind the SAPNI layer so we can perform the reassemble
split_layers(TCP, SAPNI, dport=3200)
# Set the verbosity to 0
conf.verb = 0
class DiagParser(object):
packets_metadata = {}
def __init__(self, options):
self.options = options
self.port = options.port
def parse_packet(self, pkt):
ConditionalField(PacketField("frame", None, Packet), lambda pkt: pkt.management_frame==PON_FALSE),
ConditionalField(PacketField("frame", None, OmciFrame), lambda pkt: pkt.management_frame==PON_TRUE)
]
class PAS5211EventOnuActivation(PAS5211Event):
name = "PAS5211EventOnuActivation"
fields_desc = [
StrFixedLenField("serial_number", None, length=8),
LEIntField("equalization_period", None)
]
# bindings for messages received
split_layers(Dot3, LLC)
bind_layers(Dot3, PAS5211FrameHeader)
bind_layers(PAS5211FrameHeader, PAS5211MsgHeader)
bind_layers(PAS5211MsgHeader, PAS5211MsgGetProtocolVersion, opcode=0x3000 | 2)
bind_layers(PAS5211MsgHeader, PAS5211MsgGetProtocolVersionResponse, opcode=0x2800 | 2)
bind_layers(PAS5211MsgHeader, PAS5211MsgGetOltVersion, opcode=0x3000 | 3)
bind_layers(PAS5211MsgHeader, PAS5211MsgGetOltVersionResponse, opcode=0x3800 | 3)
bind_layers(PAS5211MsgHeader, PAS5211MsgSetOltOptics, opcode=0x3000 | 106)
bind_layers(PAS5211MsgHeader, PAS5211MsgSetOltOpticsResponse, opcode=0x2800 | 106)
bind_layers(PAS5211MsgHeader, PAS5211MsgSetOpticsIoControl, opcode=0x3000 | 108)
bind_layers(PAS5211MsgHeader, PAS5211MsgSetOpticsIoControlResponse, opcode=0x2800 | 108)
def re_bind_nvgre_to_gre(self):
split_layers(IP, NVGRE, frag=0, proto=IPPROTO_NVGRE)
bind_layers(IP, GRE, frag=0, proto=IPPROTO_NVGRE)
