class SAPMSLogon(PacketNoPadded): """SAP Message Server Logon packet. Packet containing logon data. """ name = "SAP Message Server Logon" fields_desc = [ ShortEnumKeysField("type", 0, ms_logon_type_values), ShortField("port", 0), IPField("address", "0.0.0.0"), FieldLenField("logonname_length", None, length_of="logonname", fmt="!H"), # <= 80h bytes StrLenField("logonname", "", length_from=lambda pkt: pkt.logonname_length), FieldLenField("prot_length", None, length_of="prot", fmt="!H"), # <= 80h bytes StrLenField("prot", "", length_from=lambda pkt: pkt.prot_length), FieldLenField("host_length", None, length_of="host", fmt="!H"), # <= 100h bytes StrLenField("host", "", length_from=lambda pkt: pkt.host_length), FieldLenField("misc_length", None, length_of="misc", fmt="!H"), # <= 100h bytes StrLenField("misc", "", length_from=lambda pkt: pkt.misc_length), FieldLenField("address6_length", 16, length_of="address6", fmt="!h"), # == 16 bytes ConditionalField(IP6Field("address6", "::"), lambda pkt: pkt.address6_length > 0), ConditionalField(SignedIntField("end", -1), lambda pkt: pkt.address6_length > 0), ]
class VTP(Packet): name = "VTP" fields_desc = [ ByteField("ver", 2), ByteEnumField("code", 1, _VTP_Types), ConditionalField(ByteField("followers", 1), lambda pkt: pkt.code == 1), ConditionalField(ByteField("seq", 1), lambda pkt: pkt.code == 2), ConditionalField(ByteField("reserved", 0), lambda pkt: pkt.code == 3), ByteField("domnamelen", None), StrFixedLenField("domname", "manbearpig", 32), ConditionalField(SignedIntField("rev", 0), lambda pkt: pkt.code == 1 or pkt.code == 2), # updater identity ConditionalField(IPField("uid", "192.168.0.1"), lambda pkt: pkt.code == 1), ConditionalField(VTPTimeStampField("timestamp", '930301000000'), lambda pkt: pkt.code == 1), ConditionalField(StrFixedLenField("md5", b"\x00" * 16, 16), lambda pkt: pkt.code == 1), ConditionalField(PacketListField("vlaninfo", [], VTPVlanInfo), lambda pkt: pkt.code == 2), ConditionalField(ShortField("startvalue", 0), lambda pkt: pkt.code == 3) ] def post_build(self, p, pay): if self.domnamelen is None: domnamelen = len(self.domname.strip(b"\x00")) p = p[:3] + chr(domnamelen & 0xff) + p[4:] p += pay return p
class AVSWLANHeader(Packet): """ iwpriv eth1 set_prismhdr 1 """ name = "AVS WLAN Monitor Header" fields_desc = [IntField("version", 1), IntField("len", 64), LongField("mactime", 0), LongField("hosttime", 0), IntEnumField("phytype", 0, AVSWLANPhyType), IntField("channel", 0), IntField("datarate", 0), IntField("antenna", 0), IntField("priority", 0), IntEnumField("ssi_type", 0, AVSWLANSSIType), SignedIntField("ssi_signal", 0), SignedIntField("ssi_noise", 0), IntEnumField("preamble", 0, AVSWLANPreambleType), IntEnumField("encoding", 0, AVSWLANEncodingType), ]
class SAPDiagDP(Packet): """SAP Diag DP Header packet This packet is used for initialization of Diag connections. Usually there's no need to change any value more that the terminal. """ name = "SAP Diag DP Header" fields_desc = [ # DP Header SignedIntField("request_id", -1), ByteField("retcode", 0x0a), ByteField("sender_id", 0), ByteField("action_type", 0), IntField("req_info", 0), SignedIntField("tid", -1), SignedShortField("uid", -1), ByteField("mode", 0xff), SignedIntField("wp_id", -1), SignedIntField("wp_ca_blk", -1), SignedIntField("appc_ca_blk", -1), LenField( "length", None, fmt="<I" ), # The length in the DP Header is the length of the Diag Header (8 bytes) # plus the Diag Message (54 bytes for user_connect+support_data). As the # DP Header is the layer after NI during initialization, a LenField works # fine. ByteField("new_stat", 0), SignedIntField("unused1", -1), SignedShortField("rq_id", -1), StrFixedLenField("unused2", "\x20" * 40, 40), StrFixedLenField("terminal", "\x00" * 15, 15), StrFixedLenField("unused3", "\x00" * 10, 10), StrFixedLenField("unused4", "\x20" * 20, 20), IntField("unused5", 0), IntField("unused6", 0), SignedIntField("unused7", -1), IntField("unused8", 0), ByteField("unused9", 0x01), StrFixedLenField("unused10", "\x00" * 57, 57) ]
class PFLog(Packet): name = "PFLog" # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h fields_desc = [ ByteField("hdrlen", 0), ByteEnumField("addrfamily", 2, { socket.AF_INET: "IPv4", socket.AF_INET6: "IPv6" }), ByteEnumField( "action", 1, { 0: "pass", 1: "drop", 2: "scrub", 3: "no-scrub", 4: "nat", 5: "no-nat", 6: "binat", 7: "no-binat", 8: "rdr", 9: "no-rdr", 10: "syn-proxy-drop" }), ByteEnumField( "reason", 0, { 0: "match", 1: "bad-offset", 2: "fragment", 3: "short", 4: "normalize", 5: "memory", 6: "bad-timestamp", 7: "congestion", 8: "ip-options", 9: "proto-cksum", 10: "state-mismatch", 11: "state-insert", 12: "state-limit", 13: "src-limit", 14: "syn-proxy" }), StrFixedLenField("iface", "", 16), StrFixedLenField("ruleset", "", 16), SignedIntField("rulenumber", 0), SignedIntField("subrulenumber", 0), SignedIntField("uid", 0), IntField("pid", 0), SignedIntField("ruleuid", 0), IntField("rulepid", 0), ByteEnumField("direction", 255, { 0: "inout", 1: "in", 2: "out", 255: "unknown" }), StrFixedLenField("pad", b"\x00\x00\x00", 3) ] def mysummary(self): return self.sprintf( "%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%" ) # noqa: E501
class PFLog(Packet): """ Class for handling PFLog headers """ name = "PFLog" # from OpenBSD src/sys/net/pfvar.h # and src/sys/net/if_pflog.h (struct pfloghdr) fields_desc = [ ByteField("hdrlen", PFLOG_HDRLEN), ByteEnumField("addrfamily", 2, { OPENBSD_AF_INET: "IPv4", OPENBSD_AF_INET6: "IPv6" }), ByteEnumField( "action", 1, { 0: "pass", 1: "drop", 2: "scrub", 3: "no-scrub", 4: "nat", 5: "no-nat", 6: "binat", 7: "no-binat", 8: "rdr", 9: "no-rdr", 10: "syn-proxy-drop" }), ByteEnumField( "reason", 0, { 0: "match", 1: "bad-offset", 2: "fragment", 3: "short", 4: "normalize", 5: "memory", 6: "bad-timestamp", 7: "congestion", 8: "ip-options", 9: "proto-cksum", 10: "state-mismatch", 11: "state-insert", 12: "state-limit", 13: "src-limit", 14: "syn-proxy" }), StrFixedLenField("iface", "", 16), StrFixedLenField("ruleset", "", 16), SignedIntField("rulenumber", 0), SignedIntField("subrulenumber", 0), SignedIntField("uid", 0), IntField("pid", 0), SignedIntField("ruleuid", 0), IntField("rulepid", 0), ByteEnumField("direction", 255, { 0: "inout", 1: "in", 2: "out", 255: "unknown" }), YesNoByteField("rewritten", 0), ByteEnumField("naddrfamily", 2, { OPENBSD_AF_INET: "IPv4", OPENBSD_AF_INET6: "IPv6" }), StrFixedLenField("pad", b"\x00", 1), MultipleTypeField( [ (PadField(IPField("saddr", "127.0.0.1"), 16, padwith=b"\x00"), lambda pkt: pkt.addrfamily == OPENBSD_AF_INET), (IP6Field("saddr", "::1"), lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6), ], PadField(IPField("saddr", "127.0.0.1"), 16, padwith=b"\x00"), ), MultipleTypeField( [ (PadField(IPField("daddr", "127.0.0.1"), 16, padwith=b"\x00"), lambda pkt: pkt.addrfamily == OPENBSD_AF_INET), (IP6Field("daddr", "::1"), lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6), ], PadField(IPField("daddr", "127.0.0.1"), 16, padwith=b"\x00"), ), ShortField("sport", 0), ShortField("dport", 0), ] def mysummary(self): return self.sprintf( "%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%" ) # noqa: E501
def form_ipp_packet(self, op_type, version=1.0, **kwargs): """ Method to form ipp packets """ logger = get_logger("IPP Packet Forming") logger.info("Initiating IPP Packet Crafting") ver = str(version).split(".") ver = "".join(ver) ver = SignedShortField("Version", int(ver)) self.ipp_field.append(ver) data = "" operation_type = op_type if operation_type in self.ipp_operations.keys(): self.ipp_field.append( SignedShortField("Operation-ID", self.ipp_operations[operation_type])) self.ipp_field.append( SignedIntField("Request-ID", self.ipp_operations[operation_type])) else: logger.critical(f"Invalid operation tag : {operation_type}") print('Supported Operations') for op_rst in list(self.ipp_operations.keys()): print(f"* {op_rst}") sys.exit() delete_key = list() for delimiter_key, delimiter_value in kwargs.items(): if type(delimiter_value) != dict: data = delimiter_value delete_key.append(delimiter_key) if len(delete_key) > 0: for del_key in delete_key: del kwargs[del_key] for delimiter_key, delimiter_value in kwargs.items(): if type(delimiter_value) == dict: if delimiter_key in self.ipp_attr_group_tags.keys(): self.ipp_field.append( XByteField(delimiter_key, self.ipp_attr_group_tags[delimiter_key])) count = 0 for attr_key, attr_val in delimiter_value.items(): if attr_key in self.ipp_attrs.keys(): self.ipp_field.append( XByteField(f"key_{attr_key}_{count}", self.ipp_attrs[attr_key][1])) self.ipp_field.append( ShortField(f"Attribute_Name_Length_{count}", len(attr_key))) self.ipp_field.append( StrField( f"Attribute_Name_Value_{attr_key}_{count}", bytes(attr_key, encoding='utf8'))) self.ipp_field.append( ShortField(f"Attribute_Value_Length_{count}", len(attr_val))) self.ipp_field.append( StrField( f"Attribute_Value_Value_{attr_val}_{count}", bytes(attr_val, encoding='utf8'))) count += 1 else: logger.critical( f"Invalid Attribute tag : {attr_key}") sys.exit() else: logger.critical(f"Invalid Delimiter tag : {delimiter_key}") print("Supported Tags") for del_tag in list(self.ipp_attr_group_tags.keys()): print(f"* {del_tag}") sys.exit() else: logger.critical(f"Invalid tag : {delimiter_key}") sys.exit() self.ipp_field.append( XByteField("end-of-attributes-tag", self.ipp_attr_group_tags["end-of-attributes-tag"])) if data != "": self.ipp_field.append(StrField("Data", data)) logger.info("IPP Packet forming completed")