class CoLoR_Data(Packet): name = 'CoLoR_Data' fields_desc = [ BitField("Version", 7, 4, tot_size=1), BitField("Package", 3, 4, end_tot_size=1), ByteField("TTL", 64), LEShortField("pkg_length", None), XShortField("checksum", None), ByteField("header_length", None), ByteField("PID_pt", None), FieldLenField("PID_num", None, fmt="B", count_of="PIDs", adjust=lambda pkt, x: x - (pkt.Flags.R == True)), FlagsField("Flags", 0, 8, "rSCQMRBF"), ConditionalField(ShortField("Minimal_PID_CP", None), lambda pkt: pkt.Flags.M), StrFixedLenField("N_sid", "", 16), StrFixedLenField("L_sid", "", 20), StrFixedLenField("nid_cus", "", 16), ConditionalField( StrFixedLenField("nid_pro", "", 16), lambda pkt: pkt.Flags.B == False and pkt.Flags.R == True), ConditionalField( FieldLenField("QoS_len", None, fmt="B", length_of="QoS_requirements"), lambda pkt: pkt.Flags.Q == True), ConditionalField( StrLenField("QoS_requirements", "", length_from=lambda pkt: pkt.QoS_len), lambda pkt: pkt.Flags.Q == True), ConditionalField(IntField("HMAC", None), lambda pkt: pkt.Flags.C == True), ConditionalField(IntField("Seg_ID", None), lambda pkt: pkt.Flags.S == True), FieldListField("PIDs", [""], StrFixedLenField("", "", 4), count_from=lambda pkt: pkt.PID_num + (pkt.Flags.R == True)) ] def post_build(self, pkt, pay): if self.header_length is None: self.header_length = len(pkt) pkt = pkt[:6] + int2Bytes(self.header_length, 1) + pkt[7:] if self.pkg_length is None: self.pkg_length = len(pkt) + len(pay) pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:] if self.checksum is None: self.checksum = CalcChecksum(pkt) pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:] # print(self.pkg_length, self.header_length, self.checksum) return pkt + pay
class CoLoR_Ann(Packet): name = "CoLoR_Ann" fields_desc = [ BitField("Version", 7, 4, tot_size=1), BitField("Package", 1, 4, end_tot_size=1), ByteField("TTL", 64), LEShortField("pkg_length", None), XShortField("checksum", None), FlagsField("Flags", 0, 8, "rrrrrPKF"), BitField("unit_num", None, 4, tot_size=1), BitField("PX_num", None, 4, end_tot_size=1), PacketListField("Announce_unit_list", None, Ann_unit, count_from=lambda pkt: pkt.unit_num), ConditionalField( FieldLenField("Public_key_len", None, fmt="H", length_of="Public_key"), lambda pkt: pkt.Flags.K == True), ConditionalField( StrLenField("Public_key", "", length_from=lambda pkt: pkt.Public_key_len), lambda pkt: pkt.Flags.K == True), ConditionalField( FieldLenField("AS_PATH_len", None, fmt="B", count_of="AID_list"), lambda pkt: pkt.Flags.P == True), ConditionalField( FieldListField("AID_list", None, StrFixedLenField("", "", 1), count_from=lambda pkt: pkt.AS_PATH_len), lambda pkt: pkt.Flags.P == True), FieldListField("PX_list", None, StrFixedLenField("", "", 2), count_from=lambda pkt: pkt.PX_num) ] def post_build(self, pkt, pay): if self.pkg_length is None: self.pkg_length = len(pkt) pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:] if self.checksum is None: self.checksum = CalcChecksum(pkt) pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:] if self.unit_num is None and self.PX_num is None: self.unit_num = len(self.Announce_unit_list) self.PX_num = len(self.PX_list) pkt = pkt[:7] + int2Bytes(self.unit_num << 4 | self.PX_num, 1) + pkt[8:] return pkt + pay
class CoLoR_Get(Packet): name = "CoLoR_Get" fields_desc = [ BitField("Version", 7, 4, tot_size=1), BitField("Package", 2, 4, end_tot_size=1), ByteField("TTL", 64), LEShortField("pkg_length", None), XShortField("checksum", None), ShortField("MTU", None), FieldLenField("PID_num", None, fmt="B", count_of="PIDs"), FlagsField("Flags", 8, 8, "rrrASQKF"), ShortField("Minimal_PID_CP", None), StrFixedLenField("N_sid", "", 16), StrFixedLenField("L_sid", "", 20), StrFixedLenField("nid", "", 16), ConditionalField( FieldLenField("Public_key_len", None, fmt="H", length_of="Public_key"), lambda pkt: pkt.Flags.K == True), ConditionalField( StrLenField("Public_key", "", length_from=lambda pkt: pkt.Public_key_len), lambda pkt: pkt.Flags.K == True), ConditionalField( FieldLenField("QoS_len", None, fmt="B", length_of="QoS_requirements"), lambda pkt: pkt.Flags.Q == True), ConditionalField( StrLenField("QoS_requirements", "", length_from=lambda pkt: pkt.QoS_len), lambda pkt: pkt.Flags.Q == True), ConditionalField(IntField("Seg_ID", None), lambda pkt: pkt.Flags.S == True), FieldListField("PIDs", None, StrFixedLenField("", "", 4), count_from=lambda pkt: pkt.PID_num) ] def post_build(self, pkt, pay): if self.pkg_length is None: self.pkg_length = len(pkt) pkt = pkt[:2] + int2BytesLE(self.pkg_length, 2) + pkt[4:] if self.checksum is None: self.checksum = CalcChecksum(pkt) pkt = pkt[:4] + int2Bytes(self.checksum, 2) + pkt[6:] return pkt + pay
class VersionInfo(Tag): name = 'Tag - VersionInfo' fields_desc = [ LenField('len', None), XByteField('tag', 0x0a), ByteField('type', None), XShortField('unknown', None), ByteField('id', None), FieldLenField('name_len', None, fmt='B', length_of='name'), StrLenField('name', None, length_from=lambda pkt: pkt.name_len), FieldLenField('ver_len', None, fmt='B', length_of='version'), StrLenField('version', None, length_from=lambda pkt: pkt.ver_len) ]
class VersionInfo(Tag): name = 'Tag - VersionInfo' fields_desc = [ LenField("len", None), XByteField("tag", 0x0a), ByteField("type", None), XShortField("unknown", None), ByteField("id", None), FieldLenField("name_len", None, fmt='B', length_of='name'), StrLenField("name", None, length_from=lambda pkt:pkt.name_len), FieldLenField("ver_len", None, fmt='B', length_of='version'), StrLenField("version", None, length_from=lambda pkt:pkt.ver_len) ]
class Ann_unit(Packet): name = "CoLoR_Ann_unit" fields_desc = [ BitField("N", 1, 1, tot_size=1), BitField("L", 1, 1), BitField("I", 1, 1), BitField("AM", 1, 2), # 1注册,2更新,3取消 BitField("r", 0, 3, end_tot_size=1), ByteField("Unit_length", None), FieldLenField("Strategy_N", None, fmt="B", count_of="Strategy_unit_list"), ConditionalField(XStrFixedLenField("N_sid", "", 16), lambda pkt: pkt.N == 1), ConditionalField(XStrFixedLenField("L_sid", "", 20), lambda pkt: pkt.L == 1), ConditionalField(XStrFixedLenField("nid", "", 16), lambda pkt: pkt.I == 1), PacketListField("Strategy_unit_list", None, Strategy_unit, count_from=lambda pkt: pkt.Strategy_N) ] def post_build(self, pkt, pay): if self.Unit_length is None: self.Unit_length = len(pkt) pkt = pkt[:1] + int2Bytes(self.Unit_length, 1) + pkt[2:] return pkt + pay
class Joystick(Tag): # 0x0c fields_desc = [ LenField('len', None, fmt='B'), XByteField('tag', 0x0c), FieldLenField('axis_count', None, fmt='B', count_of='axes'), FieldListField('axes', [], SignedByteField('', None), count_from=lambda pkt: pkt.axis_count), FieldLenField('button_count', None, fmt='B', count_of='buttons'), ButtonsField('buttons', [], count_from=lambda pkt: pkt.button_count), FieldLenField('pov_count', None, fmt='B', length_of='povs'), FieldListField('povs', [], SignedShortField('', None), count_from=lambda pkt: pkt.pov_count) ]
class MRI2(Packet): fields_desc = [FieldLenField("length", None, length_of="swtraces", adjust=lambda pkt,l:l*23+4), ShortField("count", 0), PacketListField("swtraces", [], SwitchTrace2, count_from=lambda pkt:(pkt.count*1))]
class Template(Packet): name = "Template" fields_desc = [ ShortField("templateID", 256), FieldLenField("fieldCount", None, count_of="fields"), PacketListField( "templateFields", [], FieldSpecifier, count_from=lambda p: p.fieldCount ), ]
class ErrorMessage(Tag): name = 'Tag - ErrorMessage' fields_desc = [ LenField('len', None), XByteField('tag', 0x0b), IEEEFloatField('timestamp', 0.0), ShortField('seqnum', 0), ShortField('unknown', 1), SignedIntField('code', 0), FlagsField('flag', 0, 8, ['error', 'isLVCode', 'f2', 'f3', 'f4', 'f5', 'f6', 'f7']), FieldLenField('details_len', None, fmt='H', length_of='details'), StrLenField('details', '', length_from=lambda pkt: pkt.details_len), FieldLenField('location_len', None, fmt='H', length_of='location'), StrLenField('location', '', length_from=lambda pkt: pkt.location_len), FieldLenField('callstack_len', None, fmt='H', length_of='callstack'), StrLenField('callstack', '', length_from=lambda pkt: pkt.callstack_len) ]
class Strategy_unit(Packet): name = "CoLoR_Ann_Strategy_unit" fields_desc = [ ByteField("tag", 0), FieldLenField("length", None, fmt="B", length_of="value"), StrLenField("value", "", length_from=lambda pkt: pkt.length) ] def extract_padding(self, s): return "", s
class IPOption_MRI(IPOption): name = "MRI" option = 31 fields_desc = [ _IPOption_HDR, FieldLenField("length", None, fmt="B", length_of="swids", adjust=lambda pkt,l:l+4), ShortField("count", 0), FieldListField("swids", [], IntField("", 0), length_from=lambda pkt:pkt.count*4) ]
class IPOption_MRI(IPOption): name = "MRI" option = 31 fields_desc = [ _IPOption_HDR, FieldLenField("length", None, fmt="B", length_of="swtraces", adjust=lambda pkt,l:l*2+4), ShortField("count", 0), PacketListField("swtraces", [], SwitchTrace, count_from=lambda pkt:(pkt.count*1)) ]
class IPOption_INT(IPOption): name = "INTLoss" option = 31 fields_desc = [ _IPOption_HDR, FieldLenField("length", None, fmt="B", length_of="swtraces", adjust=lambda pkt,l:l*2+4), BitField("loss_bit", 0, 1), BitField("count", 0, 15), PacketListField("swtraces", [], SwitchTrace, count_from=lambda pkt:(pkt.count*1)) ]
class Dot11EltRates(Packet): """The rates member contains an array of supported rates""" name = '802.11 Rates Information Element' # Known rates come from table in 6.5.5.2 of the 802.11 spec known_rates = { 2: 1, 3: 1.5, 4: 2, 5: 2.5, 6: 3, 9: 4.5, 11: 5.5, 12: 6, 18: 9, 22: 11, 24: 12, 27: 13.5, 36: 18, 44: 22, 48: 24, 54: 27, 66: 33, 72: 36, 96: 48, 108: 54 } fields_desc = [ ByteField('ID', 0), FieldLenField("len", None, "info", "B"), FieldListField('supported_rates', None, ByteField('', 0), count_from=lambda pkt: pkt.len), ] def post_dissection(self, pkt): self.rates = [] for supported_rate in self.supported_rates: # check the msb for each rate rate_msb = supported_rate & 0x80 rate_value = supported_rate & 0x7F if rate_msb: # a value of 127 means HT PHY feature is required to join the BSS if 127 != rate_value: self.rates.append(rate_value / 2) elif rate_value in Dot11EltRates.known_rates: self.rates.append(Dot11EltRates.known_rates[rate_value])
class DDOSD(Packet): name = "DDOSD" fields_desc = [ IntField("pkt_num", None), IntField("src_entropy", None), IntField("src_ewma", None), IntField("src_ewmmd", None), IntField("dst_entropy", None), IntField("dst_ewma", None), IntField("dst_ewmmd", None), ByteField("alarm", None), ByteField("protocol", None), FieldLenField("count_ip", None, count_of="IPs"), PacketListField("IPs", [], alarm, count_from=lambda pkt: pkt.count_ip) ]
class IPOption_INT(IPOption): name = "INT" option = 31 fields_desc = [ _IPOption_HDR, FieldLenField("length", None, fmt="B", length_of="int_headers", adjust=lambda pkt, l: l * 2 + 8), ShortField("count", 0), PacketListField("int_headers", [], SwitchTrace, count_from=lambda pkt: (pkt.count * 1)) ]
class Dot11EltRSN(Packet): """The enc, cipher, and auth members contain the decoded 'security' details""" name = '802.11 RSN Information Element' cipher_suites = { '\x00\x0f\xac\x00': 'GROUP', '\x00\x0f\xac\x01': 'WEP', '\x00\x0f\xac\x02': 'TKIP', '\x00\x0f\xac\x04': 'CCMP', '\x00\x0f\xac\x05': 'WEP' } auth_suites = {'\x00\x0f\xac\x01': 'MGT', '\x00\x0f\xac\x02': 'PSK'} fields_desc = [ ByteField('ID', 0), FieldLenField("len", None, "info", "B"), LEShortField('version', 1), StrFixedLenField('group_cipher_suite', '', length=4), LEFieldLenField('pairwise_cipher_suite_count', 1, count_of='pairwise_cipher_suite'), FieldListField('pairwise_cipher_suite', None, StrFixedLenField('', '', length=4), count_from=lambda pkt: pkt.pairwise_cipher_suite_count), LEFieldLenField('auth_cipher_suite_count', 1, count_of='auth_cipher_suite'), FieldListField('auth_cipher_suite', None, StrFixedLenField('', '', length=4), count_from=lambda pkt: pkt.auth_cipher_suite_count), BitField('rsn_cap_pre_auth', 0, 1), BitField('rsn_cap_no_pairwise', 0, 1), BitField('rsn_cap_ptksa_replay_counter', 0, 2), BitField('rsn_cap_gtksa_replay_counter', 0, 2), BitField('rsn_cap_mgmt_frame_protect_required', 0, 1), BitField('rsn_cap_mgmt_frame_protect_capable', 0, 1), BitField('rsn_cap_reserved_1', 0, 1), BitField('rsn_cap_peer_key_enabled', 0, 1), BitField('rsn_cap_reserved_2', 0, 6), ] def post_dissection(self, pkt): """Parse cipher suites to determine encryption, cipher, and authentication methods""" self.enc = 'WPA2' # Everything is assumed to be WPA self.cipher = '' self.auth = '' ciphers = [ self.cipher_suites.get(pairwise_cipher) for pairwise_cipher in self.getfieldval('pairwise_cipher_suite') ] if 'GROUP' in ciphers: ciphers = [ self.cipher_suites.get(group_cipher, '') for group_cipher in self.getfieldval('group_cipher_suite') ] for cipher in ['CCMP', 'TKIP', 'WEP']: if cipher in ciphers: self.cipher = cipher break if 'WEP' == self.cipher: self.enc = 'WEP' for auth_cipher in self.getfieldval('auth_cipher_suite'): self.auth = self.auth_suites.get(auth_cipher, '') break