def __init__(self): PacketListField.__init__( self, "tlvs", [], _ISIS_GuessTlvClass, count_from=None, length_from=lambda pkt: pkt.pdulength - pkt.underlayer.hdrlen, )
class ISIS_SRCapabilitiesSubTLV(ISIS_GenericSubTlv): name = "ISIS SR Capabilities TLV" fields_desc = [ ByteEnumField("type", 2, _isis_subtlv_names_3), FieldLenField( "len", None, length_of="srgb_ranges", adjust=lambda pkt, x: x + 1, fmt="B"), FlagsField( "flags", 0, 8, ["res1", "res2", "res3", "res4", "res5", "res6", "V", "I"]), PacketListField( "srgb_ranges", [], ISIS_SRGBDescriptorEntry, length_from=lambda pkt: pkt.len - 1) ]
class IOCRBlockReq(Block): """IO Connection Relationship block request""" fields_desc = [ BlockHeader, XShortEnumField("IOCRType", 1, IOCR_TYPE), XShortField("IOCRReference", 1), XShortField("LT", 0x8892), # IOCRProperties BitField("IOCRProperties_reserved3", 0, 8), BitField("IOCRProperties_reserved2", 0, 11), BitField("IOCRProperties_reserved1", 0, 9), BitEnumField("IOCRProperties_RTClass", 0, 4, IOCR_BLOCK_REQ_IOCR_PROPERTIES), ShortField("DataLength", 40), XShortField("FrameID", 0x8000), ShortField("SendClockFactor", 32), ShortField("ReductionRatio", 32), ShortField("Phase", 1), ShortField("Sequence", 0), XIntField("FrameSendOffset", 0xffffffff), ShortField("WatchdogFactor", 10), ShortField("DataHoldFactor", 10), # IOCRTagHeader BitEnumField("IOCRTagHeader_IOUserPriority", 6, 3, {6: "IOCRPriority"}), BitField("IOCRTagHeader_reserved", 0, 1), BitField("IOCRTagHeader_IOCRVLANID", 0, 12), MACField("IOCRMulticastMACAdd", None), FieldLenField("NumberOfAPIs", None, fmt="H", count_of="APIs"), PacketListField("APIs", [], IOCRAPI, count_from=lambda p: p.NumberOfAPIs) ] # default block_type value block_type = 0x0102 def get_response(self): """Generate the response block of this request. Careful: it only sets the fields which can be set from the request """ res = IOCRBlockRes() for field in ["IOCRType", "IOCRReference", "FrameID"]: res.setfieldval(field, self.getfieldval(field)) return res
class OSPF_LLS_Hdr(Packet): name = "OSPF Link-local signaling" fields_desc = [ XShortField("chksum", None), FieldLenField32Bits("len", None, length_of="llstlv", adjust=lambda pkt, x: (x + 4) >> 2), # noqa: E501 PacketListField("llstlv", [], _LLSGuessPayloadClass, length_from=lambda x: (x.len << 2) - 4) ] # noqa: E501 def post_build(self, p, pay): p += pay if self.chksum is None: c = checksum(p) p = struct.pack("!H", c) + p[2:] return p
class GTPCreatePDPContextRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Create PDP Context Request" fields_desc = [ PacketListField( "IE_list", [ IE_TEIDI(), IE_NSAPI(), IE_GSNAddress(), # noqa: E501 IE_GSNAddress(), IE_NotImplementedTLV( ietype=135, length=15, data=RandString(15)) ], # noqa: E501 IE_Dispatcher) ] def hashret(self): return struct.pack("H", self.seq)
class OpcDaFack(Packet): # DCE 1.1 RPC - 12.5.3.4 name = "OpcDaFack" fields_desc = [ ShortField('version', 0), ByteField('pad', 0), ShortField('windowSize', 0), IntField('maxTsdu', 0), IntField('maxFragSize', 0), ShortField('serialNum', 0), FieldLenField('selackLen', 0, count_of='selack', fmt="H"), PacketListField('selack', None, IntField, count_from=lambda pkt: pkt.selackLen), ] def extract_padding(self, p): return b"", p
class OSPF_Router_LSA(OSPF_BaseLSA): name = "OSPF Router LSA" fields_desc = [ ShortField("age", 1), OSPFOptionsField(), ByteField("type", 1), IPField("id", "1.1.1.1"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), FlagsField("flags", 0, 8, ["B", "E", "V", "W", "Nt"]), ByteField("reserved", 0), FieldLenField("linkcount", None, count_of="linklist"), PacketListField("linklist", [], OSPF_Link, count_from=lambda pkt: pkt.linkcount, length_from=lambda pkt: pkt.linkcount * 12) ]
class ExpectedSubmoduleAPI(Packet): """Description of an API in the expected submodules blocks""" name = "API" fields_desc = [ XIntField("API", 0), XShortField("SlotNumber", 0), XIntField("ModuleIdentNumber", 0), XShortField("ModuleProperties", 0), FieldLenField("NumberOfSubmodules", None, fmt="H", count_of="Submodules"), PacketListField("Submodules", [], ExpectedSubmodule, count_from=lambda p: p.NumberOfSubmodules), ] def extract_padding(self, s): return None, s # No extra payload
class VTPVlanInfo(Packet): name = "VTP VLAN Info" fields_desc = [ ByteField("len", None), # FIXME: compute length ByteEnumField("status", 0, { 0: "active", 1: "suspended" }), ByteEnumField("type", 1, _VTP_VLAN_TYPE), FieldLenField("vlannamelen", None, "vlanname", "B"), ShortField("vlanid", 1), ShortField("mtu", 1500), XIntField("dot10index", None), StrLenField("vlanname", "default", length_from=lambda pkt: 4 * ((pkt.vlannamelen + 3) / 4)), # noqa: E501 ConditionalField( PacketListField("tlvlist", [], VTPVlanInfoTlv, length_from=lambda pkt: pkt.len - 12 - (4 * ((pkt.vlannamelen + 3) / 4))), # noqa: E501 lambda pkt: pkt.type not in [1, 2]) ] def post_build(self, p, pay): vlannamelen = 4 * ((len(self.vlanname) + 3) / 4) if self.len is None: tmp_len = vlannamelen + 12 p = chr(tmp_len & 0xff) + p[1:] # Pad vlan name with zeros if vlannamelen > len(vlanname) tmp_len = vlannamelen - len(self.vlanname) if tmp_len != 0: p += b"\x00" * tmp_len p += pay return p def guess_payload_class(self, p): return conf.padding_layer
class OpcDaBind(Packet): # DCE 1.1 RPC - 12.6.4.3 name = "OpcDaBind" fields_desc = [ ShortField('maxXmitFrag', 5840), ShortField('maxRecvtFrag', 5840), IntField('assocGroupId', 0), ByteField('nbContextElement', 1), ByteField('reserved', 0), ShortField('reserved2', 0), PacketListField('contextItem', None, ContextElement, count_from=lambda pkt: pkt.nbContextElement), PacketField('authentication', None, AuthentificationProtocol), ] def extract_padding(self, p): return b"", p
class HCI_LE_Meta_Advertising_Report(Packet): name = "Advertising Report" fields_desc = [ ByteEnumField("type", 0, { 0: "conn_und", 4: "scan_rsp" }), ByteEnumField("atype", 0, { 0: "public", 1: "random" }), LEMACField("addr", None), FieldLenField("len", None, length_of="data", fmt="B"), PacketListField("data", [], EIR_Hdr, length_from=lambda pkt: pkt.len), SignedByteField("rssi", 0) ] def extract_padding(self, s): return '', s
class IKEv2_payload_TSr(IKEv2_class): name = "IKEv2 Traffic Selector - Responder" overload_fields = {IKEv2: {"next_payload": 45}} fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), FieldLenField("length", None, "traffic_selector", "H", adjust=lambda pkt, x: x + 8), # noqa: E501 ByteField("number_of_TSs", 0), X3BytesField("res2", 0), PacketListField("traffic_selector", None, TrafficSelector, length_from=lambda x: x.length - 8, count_from=lambda x: x.number_of_TSs), # noqa: E501 ]
class CreateCqIn(Packet): fields_desc = [ ShortField('opcode', DevxOps.MLX5_CMD_OP_CREATE_CQ), ShortField('uid', 0), ShortField('reserved1', 0), ShortField('op_mod', 0), ByteField('reserved2', 0), BitField('cqn', 0, 24), StrFixedLenField('reserved3', None, length=4), PacketField('sw_cqc', SwCqc(), SwCqc), LongField('e_mtt_pointer_or_cq_umem_offset', 0), IntField('cq_umem_id', 0), BitField('cq_umem_valid', 0, 1), BitField('reserved4', 0, 31), StrFixedLenField('reserved5', None, length=176), PacketListField('pas', [SwPas() for x in range(0)], SwPas, count_from=lambda pkt: 0), ]
class SAPHDBPart(PacketNoPadded): """SAP HANA SQL Command Network Protocol Part This packet represents a part within a HDB packet. The part header is comprised of 16 bytes. """ name = "SAP HANA SQL Command Network Protocol Part" fields_desc = [ EnumField("partkind", 0, hdb_partkind_values, fmt="<b"), LESignedByteField("partattributes", 0), FieldLenField("argumentcount", None, count_of="buffer", fmt="<h"), LESignedIntField("bigargumentcount", 0), FieldLenField("bufferlength", None, length_of="buffer", fmt="<i"), LESignedIntField("buffersize", 2**17 - 32 - 24), PadField(PacketListField("buffer", [], next_cls_cb=saphdb_determine_part_class, count_from=lambda x: x.argumentcount, length_from=lambda x: x.bufferlength), 8), ]
class NEGOEX_NEGO_MESSAGE(Packet): OFFSET = 92 show_indent = 0 fields_desc = [ NEGOEX_MESSAGE_HEADER, XStrFixedLenField("Random", b"", length=32), LELongField("ProtocolVersion", 0), LEIntField("AuthSchemeBufferOffset", None), LEShortField("AuthSchemeCount", None), LEIntField("ExtensionBufferOffset", None), LEShortField("ExtensionCount", None), # Payload _NTLMPayloadField( 'Payload', OFFSET, [ FieldListField("AuthScheme", [], UUIDEnumField("", None, _NEGOEX_AUTH_SCHEMES), count_from=lambda pkt: pkt.AuthSchemeCount), PacketListField("Extension", [], NEGOEX_EXTENSION_VECTOR, count_from=lambda pkt: pkt.ExtensionCount), ], length_from=lambda pkt: pkt.cbMessageLength - 92), # TODO: dissect extensions ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _NEGOEX_post_build(self, pkt, self.OFFSET, { "AuthScheme": 96, "Extension": 102, }) + pay @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 12: MessageType = struct.unpack("<I", _pkt[8:12])[0] if MessageType in [0, 1]: return NEGOEX_NEGO_MESSAGE elif MessageType in [2, 3]: return NEGOEX_EXCHANGE_MESSAGE return cls
class NSH(Packet): """Network Service Header. NSH MD-type 1 if there is no ContextHeaders""" name = "NSH" fields_desc = [ BitField('Ver', 0, 2), BitField('OAM', 0, 1), BitField('Critical', 0, 1), BitField('Reserved', 0, 6), BitFieldLenField('Len', None, 6, count_of='ContextHeaders', adjust=lambda pkt, x: 6 if pkt.MDType == 1 else x + 2), ByteEnumField('MDType', 1, { 1: 'Fixed Length', 2: 'Variable Length' }), ByteEnumField('NextProto', 3, { 1: 'IPv4', 2: 'IPv6', 3: 'Ethernet', 4: 'NSH', 5: 'MPLS' }), X3BytesField('NSP', 0), ByteField('NSI', 1), ConditionalField(XIntField('NPC', 0), lambda pkt: pkt.MDType == 1), ConditionalField(XIntField('NSC', 0), lambda pkt: pkt.MDType == 1), ConditionalField(XIntField('SPC', 0), lambda pkt: pkt.MDType == 1), ConditionalField(XIntField('SSC', 0), lambda pkt: pkt.MDType == 1), ConditionalField( PacketListField("ContextHeaders", None, NSHTLV, count_from="Length"), lambda pkt: pkt.MDType == 2) ] def mysummary(self): return self.sprintf("NSP: %NSP% - NSI: %NSI%")
class ISIS_RouterCapabilityTlv(ISIS_GenericTlv): name = "ISIS Router Capability TLV" fields_desc = [ ByteEnumField("type", 242, _isis_tlv_names), FieldLenField( "len", None, length_of="subtlvs", adjust=lambda pkt, x: x + 5, fmt="B"), IPField("routerid", "0.0.0.0"), FlagsField( "flags", 0, 8, ["S", "D", "res1", "res2", "res3", "res4", "res5", "res6"]), PacketListField( "subtlvs", [], _ISIS_GuessSubTlvClass_4, length_from=lambda pkt: pkt.len - 5) ]
class Dot11EltCountry(Dot11Elt): name = "802.11 Country" match_subclass = True fields_desc = [ ByteField("ID", 7), ByteField("len", None), StrFixedLenField("country_string", b"\0\0\0", length=3), PacketListField( "descriptors", [], Dot11EltCountryConstraintTriplet, length_from=lambda pkt: ( pkt.len - 3 - (pkt.len % 3) ) ), ConditionalField( ByteField("pad", 0), lambda pkt: (len(pkt.descriptors) + 1) % 2 ) ]
class Apple_BLE_Frame(Packet, LowEnergyBeaconHelper): """ The wrapper for a BLE manufacturer-specific data advertisement from Apple devices. Each advertisement is composed of one or multiple submessages. The length of this field comes from the EIR_Hdr. """ name = "Apple BLE broadcast frame" fields_desc = [ PacketListField("plist", None, Apple_BLE_Submessage) ] def build_eir(self): """Builds a list of EIR messages to wrap this frame.""" return LowEnergyBeaconHelper.base_eir + [ EIR_Hdr() / EIR_Manufacturer_Specific_Data() / self ]
class SAPHDB(Packet): """SAP HANA SQL Command Network Protocol packet This packet is used for the HANA SQL Command Network Protocol. The message header is comprised of 32 bytes. """ name = "SAP HANA SQL Command Network Protocol" fields_desc = [ LESignedLongField("sessionid", -1), LESignedIntField("packetcount", 0), FieldLenField("varpartlength", None, length_of="segments", fmt="<I"), LEIntField("varpartsize", 2**17 - 32), FieldLenField("noofsegm", None, count_of="segments", fmt="<h"), EnumField("packetoptions", 0, hdb_packetoptions_values, fmt="b"), ByteField("reserved1", None), LEIntField("compressionvarpartlength", 0), IntField("reserved2", None), PacketListField("segments", None, SAPHDBSegment, count_from=lambda x: x.noofsegm), ]
class NBNSQueryResponse(Packet): name = "NBNS query response" fields_desc = [ NetBIOSNameField("RR_NAME", "windows"), ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL", 0), ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS), IntField("TTL", 0x493e0), FieldLenField("RDLENGTH", None, length_of="ADDR_ENTRY"), PacketListField("ADDR_ENTRY", [NBNS_ADD_ENTRY()], NBNS_ADD_ENTRY, length_from=lambda pkt: pkt.RDLENGTH) ] def mysummary(self): if not self.ADDR_ENTRY: return "NBNSQueryResponse" return "NBNSQueryResponse '\\\\%s' is at %s" % ( self.RR_NAME.strip().decode(), self.ADDR_ENTRY[0].NB_ADDRESS)
class OFPTFeaturesReply(_ofp_header): name = "OFPT_FEATURES_REPLY" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 6, ofp_type), ShortField("len", None), IntField("xid", 0), LongField("datapath_id", 0), IntField("n_buffers", 0), ByteField("n_tables", 1), X3BytesField("pad", 0), FlagsField("capabilities", 0, 32, [ "FLOW_STATS", "TABLE_STATS", "PORT_STATS", "STP", "RESERVED", "IP_REASM", "QUEUE_STATS", "ARP_MATCH_IP" ]), FlagsField("actions", 0, 32, ofp_action_types_flags), PacketListField("ports", [], OFPPhyPort, length_from=lambda pkt: pkt.len - 32) ]
class NetflowDataflowsetV9(Packet): name = "Netflow DataFlowSet V9" fields_desc = [ShortField("templateID", 255), FieldLenField("length", None, length_of="records", adjust=lambda pkt, x: x + 4 + (-x % 4)), PadField( PacketListField( "records", [], NetflowRecordV9, length_from=lambda pkt: pkt.length - 4 ), 4, padwith=b"\x00")] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: if _pkt[:2] == b"\x00\x01": return NetflowOptionsFlowsetV9 if _pkt[:2] == b"\x00\x00": return NetflowFlowsetV9 return cls
class HTTP2Settings(Packet): name = "HTTP2 %s Frame" % HTTP2_FRAME_TYPES[HTTP2FrameTypes.SETTINGS] fields_desc = [PacketListField("settings", None, HTTP2Setting)] def do_dissect(self, s): pos = 0 setting_len = len(HTTP2Setting()) settings = [] while pos < len(s): if len(s[pos: pos + setting_len]) == setting_len: setting = HTTP2Setting(s[pos: pos + setting_len]) # Populate our list of found settings settings.append(setting) # Move to the next settings pos += setting_len # Setting is too small too parse, pass it for further processing else: break self.fields["settings"] = settings return s[pos:]
class OSPFv3_Intra_Area_Prefix_LSA(OSPF_BaseLSA): name = "OSPFv3 Intra Area Prefix LSA" fields_desc = [ ShortField("age", 1), ShortEnumField("type", 0x2009, _OSPFv3_LStypes), IPField("id", "0.0.0.0"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), FieldLenField("prefixes", None, count_of="prefixlist", fmt="H"), # noqa: E501 ShortEnumField("reflstype", 0, _OSPFv3_LStypes), IPField("reflsid", "0.0.0.0"), IPField("refadrouter", "0.0.0.0"), PacketListField("prefixlist", None, OSPFv3_Prefix_Item, count_from=lambda pkt: pkt.prefixes) ]
class MKAPotentialPeerListParamSet(MKAParamSet): """ Potential Peer List parameter sets (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "Potential Peer List Parameter Set" fields_desc = [ PadField(ByteEnumField("param_set_type", 2, _parameter_set_types), 2, padwith=b"\x00"), ShortField("param_set_body_len", 0), PacketListField("member_id_message_num", [], MKAPeerListTuple) ]
class OSPFv3_Link_LSA(OSPF_BaseLSA): name = "OSPFv3 Link LSA" fields_desc = [ ShortField("age", 1), ShortEnumField("type", 0x0008, _OSPFv3_LStypes), IPField("id", "0.0.0.0"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), ByteField("prio", 1), OSPFv3OptionsField(), IP6Field("lladdr", "fe80::"), FieldLenField("prefixes", None, count_of="prefixlist", fmt="I"), # noqa: E501 PacketListField("prefixlist", None, OSPFv3_Prefix_Item, count_from=lambda pkt: pkt.prefixes) ]
class SMB2_Negociate_Protocol_Response_Header(Packet): name = "SMB2 Negociate Protocol Response Header" fields_desc = [ XLEShortField("StructureSize", 0), FlagsField("SecurityMode", 0, 16, { 0x7: "Signing Required", 0x8: "Signing Enabled", }), LEShortEnumField("Dialect", 0x0, SMB_DIALECTS), FieldLenField( "NegociateCount", 0x0, fmt="<H", count_of="NegociateContexts" ), UUIDField("ServerGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), # Capabilities FlagsField("Capabilities", 0, 32, SMB2_CAPABILITIES), LEIntField("MaxTransactionSize", 0), LEIntField("MaxReadSize", 0), LEIntField("MaxWriteSize", 0), # TODO FIXME XLongField("SystemTime", 0), XLongField("ServerStartTime", 0), XLEShortField("SecurityBufferOffset", 0), FieldLenField( "SecurityBufferLength", 0, fmt="<H", length_of="SecurityBuffer" ), XLEIntField("NegociateContextOffset", 0), # TODO FIXME XStrLenField( "SecurityBuffer", None, length_from=lambda pkt: pkt.SecurityBufferLength ), PacketListField( "NegociateContexts", [], SMB2_Negociate_Context, count_from=lambda pkt: pkt.NegociateCount ), ]
class Radius(Packet): """ Implements a RADIUS packet (RFC 2865). """ name = "RADIUS" fields_desc = [ ByteEnumField("code", 1, _packet_codes), ByteField("id", 0), FieldLenField( "len", None, "attributes", "H", adjust=lambda pkt, x: len(pkt.attributes) + 20 ), XStrFixedLenField("authenticator", "", 16), PacketListField( "attributes", [], RadiusAttribute, length_from=lambda pkt: pkt.len - 20 ) ] def compute_authenticator(self, packed_request_auth, shared_secret): """ Computes the authenticator field (RFC 2865 - Section 3) """ data = prepare_packed_data(self, packed_request_auth) radius_mac = hashlib.md5(data + shared_secret) return radius_mac.digest() def post_build(self, p, pay): p += pay length = self.len if length is None: length = len(p) p = p[:2] + struct.pack("!H", length) + p[4:] return p
class MQTTPublish(Packet): name = "MQTT publish" fields_desc = [ FieldLenField("length", None, length_of="topic"), StrLenField("topic", "", length_from=lambda pkt: pkt.length), ConditionalField( ShortField("msgid", None), lambda pkt: (pkt.underlayer.QOS == 1 or pkt.underlayer.QOS == 2)), #PUBLISH PROPERTIES FieldLenField("proplen", None, fmt='B', length_of="properties"), ConditionalField( PacketListField("properties", [], pkt_cls=MQTTProperty, length_from=lambda pkt: pkt.proplen), lambda pkt: pkt.proplen != 0), StrLenField("value", "", length_from=lambda pkt: (pkt.underlayer.len - pkt.length - 2)), ]
class NDRData(Packet): """Base NDRData to centralize some fields. It can't be instantiated""" fields_desc = [ EndiannessField( FieldLenField("args_length", None, fmt="I", length_of="blocks"), endianess_from=dce_rpc_endianess), EndiannessField( FieldLenField("max_count", None, fmt="I", length_of="blocks"), endianess_from=dce_rpc_endianess), EndiannessField( IntField("offset", 0), endianess_from=dce_rpc_endianess), EndiannessField( FieldLenField("actual_count", None, fmt="I", length_of="blocks"), endianess_from=dce_rpc_endianess), PacketListField("blocks", [], _guess_block_class, length_from=lambda p: p.args_length) ] def __new__(cls, name, bases, dct): raise NotImplementedError()
def __init__(self, name, default, cls, spkt_len=None): """We need that spkt_len is specified to know how to chop""" assert spkt_len is not None PacketListField.__init__(self, name, default, cls) self.spkt_len = spkt_len
def __init__(self, name, default, cls, count_from=None, length_from=None, stop=None): PacketListField.__init__(self, name, default, cls, count_from=count_from, length_from=length_from) self.stop = stop
def __init__(self, name, default, count_from=None, length_from=None): PacketListField.__init__(self, name, default, conf.raw_layer, count_from=count_from, length_from=length_from) # noqa: E501