class SAPDiagDyntAtomItem(PacketNoPadded):
name = "SAP Diag Dynt Atom item"
fields_desc = [
ShortField("atom_length", 0),
ByteField("dlg_flag_1", 0),
ByteField("dlg_flag_2", 0),
ByteEnumKeysField("etype", 0, diag_atom_etypes),
ByteField("area", 0),
ByteField("block", 0),
ByteField("group", 0),
ShortField("row", 0),
ShortField("col", 0),
# Attr flags
BitField("attr_DIAG_BSD_COMBOSTYLE", 0, 1), # 80
BitField("attr_DIAG_BSD_YES3D", 0, 1), # 40
BitField("attr_DIAG_BSD_PROPFONT", 0, 1), # 20
BitField("attr_DIAG_BSD_MATCHCODE", 0, 1), # 10
BitField("attr_DIAG_BSD_JUSTRIGHT", 0, 1), # 08
BitField("attr_DIAG_BSD_INTENSIFY", 0, 1), # 04
BitField("attr_DIAG_BSD_INVISIBLE", 0, 1), # 02
BitField("attr_DIAG_BSD_PROTECTED", 0, 1), # 01
# DIAG_DGOTYP_FNAME
ConditionalField(
StrLenField("name_text",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype == 114),
# DIAG_DGOTYP_PUSHBUTTON_2 */
ConditionalField(ByteField("pushbutton_v_length", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ByteField("pushbutton_v_height", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ShortField("pushbutton_function_code_offset", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ShortField("pushbutton_text_offset", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(StrField("pushbutton_text", ""),
lambda pkt: pkt.etype in [115]),
ConditionalField(StrField("pushbutton_function_code", ""),
lambda pkt: pkt.etype in [115]),
# DIAG_DGOTYP_TABSTRIP_BUTTON
ConditionalField(ByteField("tabstripbutton_v_length", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ByteField("tabstripbutton_v_height", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ByteField("tabstripbutton_page_id", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_function_code_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_text_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_id_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_text", ""),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_function_code", ""),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_id", ""),
lambda pkt: pkt.etype in [116]),
# DIAG_DGOTYP_XMLPROP
ConditionalField(
StrLenField("xmlprop_text",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype == 120),
# DIAG_DGOTYP_EFIELD_1 or DIAG_DGOTYP_OFIELD_1 or DIAG_DGOTYP_KEYWORD_1
ConditionalField(ByteField("field1_flag1", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(
FieldLenField("field1_dlen",
None,
fmt="B",
length_of="field1_text"),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(ByteField("field1_mlen", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(ShortField("field1_maxnrchars", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(
StrLenField("field1_text",
"",
length_from=lambda pkt: pkt.field1_dlen),
lambda pkt: pkt.etype in [121, 122, 123]),
# DIAG_DGOTYP_FRAME_1
ConditionalField(ShortField("frame_drows", 0),
lambda pkt: pkt.etype in [127]),
ConditionalField(ShortField("frame_dcols", 0),
lambda pkt: pkt.etype in [127]),
ConditionalField(
StrLenField("frame_text",
"",
length_from=lambda pkt: pkt.atom_length - 17),
lambda pkt: pkt.etype in [127]),
# DIAG_DGOTYP_RADIOBUTTON_3
ConditionalField(ByteField("radiobutton_button", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_visible_label_length", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_event_id_off", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ByteField("radiobutton_event_id_len", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_text_off", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_text_length", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(
StrLenField("radiobutton_text",
"",
length_from=lambda pkt: pkt.radiobutton_event_id_len +
pkt.radiobutton_text_length),
lambda pkt: pkt.etype in [129]),
# DIAG_DGOTYP_EFIELD_2 or DIAG_DGOTYP_OFIELD_2 or DIAG_DGOTYP_KEYWORD_2
ConditionalField(ShortField("field2_flag1", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(
FieldLenField("field2_dlen",
None,
fmt="B",
length_of="field2_text"),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(ByteField("field2_mlen", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(ShortField("field2_maxnrchars", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(
StrLenField("field2_text",
"",
length_from=lambda pkt: pkt.field2_dlen),
lambda pkt: pkt.etype in [130, 131, 132]),
# Remaining types
ConditionalField(
StrLenField("value",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype not in
[114, 115, 116, 120, 121, 122, 123, 127, 129, 130, 131, 132]),
]
def post_build(self, p, pay):
if pay is None:
pay = ''
# Update the atom_length field (first 2 bytes) with the packet length
p = pack("!H", len(p)) + p[2:]
return p + pay
class TLS_Ext_Padding(TLS_Ext_Unknown): # RFC 7685
name = "TLS Extension - Padding"
fields_desc = [ShortEnumField("type", 0x15, _tls_ext),
FieldLenField("len", None, length_of="padding"),
StrLenField("padding", "",
length_from=lambda pkt: pkt.len)]
class Dot11Elt(Packet):
name = "802.11 Information Element"
fields_desc = [
ByteEnumField("ID", 0, _dot11_info_elts_ids),
FieldLenField("len", None, "info", "B"),
StrLenField("info", "", length_from=lambda x: x.len, max_length=255)
]
def mysummary(self):
if self.ID == 0:
ssid = repr(self.info)
if ssid[:2] in ['b"', "b'"]:
ssid = ssid[1:]
return "SSID=%s" % ssid, [Dot11]
else:
return ""
registered_ies = {}
@classmethod
def register_variant(cls):
cls.registered_ies[cls.ID.default] = cls
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt:
_id = orb(_pkt[0])
if _id == 221:
oui_a = orb(_pkt[2])
oui_b = orb(_pkt[3])
oui_c = orb(_pkt[4])
if oui_a == 0x00 and oui_b == 0x50 and oui_c == 0xf2:
# MS OUI
type_ = orb(_pkt[5])
if type_ == 0x01:
# MS WPA IE
return Dot11EltMicrosoftWPA
else:
return Dot11EltVendorSpecific
else:
return Dot11EltVendorSpecific
else:
return cls.registered_ies.get(_id, cls)
return cls
def haslayer(self, cls):
if cls == "Dot11Elt":
if isinstance(self, Dot11Elt):
return True
elif issubtype(cls, Dot11Elt):
if isinstance(self, cls):
return True
return super(Dot11Elt, self).haslayer(cls)
def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt):
return super(Dot11Elt, self).getlayer(cls,
nb=nb,
_track=_track,
_subclass=True,
**flt)
def post_build(self, p, pay):
if self.len is None:
p = p[:1] + chb(len(p) - 2) + p[2:]
return p + pay
class PPP_LCP_Quality_Protocol_Option(PPP_LCP_Option):
fields_desc = [ByteEnumField("type", 4, _PPP_lcp_optiontypes),
FieldLenField("len", None, fmt="B", length_of="data",
adjust=lambda p, x:x + 4),
ShortEnumField("quality_protocol", 0xc025, _PPP_LCP_quality_protocols),
StrLenField("data", "", length_from=lambda p:p.len - 4)]
class RadioTap(Packet):
name = "RadioTap dummy"
deprecated_fields = {
"Channel": ("ChannelFrequency", "2.4.3"),
"ChannelFlags2": ("ChannelPlusFlags", "2.4.3"),
"ChannelNumber": ("ChannelPlusNumber", "2.4.3"),
}
fields_desc = [
ByteField('version', 0),
ByteField('pad', 0),
LEShortField('len', None),
FlagsField('present', None, -32, _rt_present), # noqa: E501
# Extended presence mask
ConditionalField(
PacketListField("Ext", [], next_cls_cb=_next_radiotap_extpm),
lambda pkt: pkt.present and pkt.present.Ext), # noqa: E501
# RadioTap fields - each starts with a _RadiotapReversePadField
# to handle padding
# TSFT
ConditionalField(
_RadiotapReversePadField(LELongField("mac_timestamp", 0)),
lambda pkt: pkt.present and pkt.present.TSFT),
# Flags
ConditionalField(
_RadiotapReversePadField(FlagsField("Flags", None, -8, _rt_flags)),
lambda pkt: pkt.present and pkt.present.Flags),
# Rate
ConditionalField(_RadiotapReversePadField(ByteField("Rate", 0)),
lambda pkt: pkt.present and pkt.present.Rate),
# Channel
ConditionalField(
_RadiotapReversePadField(LEShortField("ChannelFrequency", 0)),
lambda pkt: pkt.present and pkt.present.Channel),
ConditionalField(
FlagsField("ChannelFlags", None, -16, _rt_channelflags),
lambda pkt: pkt.present and pkt.present.Channel),
# dBm_AntSignal
ConditionalField(
_RadiotapReversePadField(_dbmField("dBm_AntSignal", -256)),
lambda pkt: pkt.present and pkt.present.dBm_AntSignal),
# dBm_AntNoise
ConditionalField(
_RadiotapReversePadField(_dbmField("dBm_AntNoise", -256)),
lambda pkt: pkt.present and pkt.present.dBm_AntNoise),
# Lock_Quality
ConditionalField(
_RadiotapReversePadField(LEShortField("Lock_Quality", 0), ),
lambda pkt: pkt.present and pkt.present.Lock_Quality),
# Antenna
ConditionalField(_RadiotapReversePadField(ByteField("Antenna", 0)),
lambda pkt: pkt.present and pkt.present.Antenna),
# RX Flags
ConditionalField(
_RadiotapReversePadField(
FlagsField("RXFlags", None, -16, _rt_rxflags)),
lambda pkt: pkt.present and pkt.present.RXFlags),
# TX Flags
ConditionalField(
_RadiotapReversePadField(
FlagsField("TXFlags", None, -16, _rt_txflags)),
lambda pkt: pkt.present and pkt.present.TXFlags),
# ChannelPlus
ConditionalField(
_RadiotapReversePadField(
FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2)),
lambda pkt: pkt.present and pkt.present.ChannelPlus),
ConditionalField(LEShortField("ChannelPlusFrequency", 0),
lambda pkt: pkt.present and pkt.present.ChannelPlus),
ConditionalField(ByteField("ChannelPlusNumber", 0),
lambda pkt: pkt.present and pkt.present.ChannelPlus),
# MCS
ConditionalField(
_RadiotapReversePadField(
FlagsField("knownMCS", None, -8, _rt_knownmcs)),
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(BitField("Ness_LSB", 0, 1),
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(BitField("STBC_streams", 0, 2),
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(BitEnumField("FEC_type", 0, 1, {
0: "BCC",
1: "LDPC"
}), lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(
BitEnumField("HT_format", 0, 1, {
0: "mixed",
1: "greenfield"
}), lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(
BitEnumField("guard_interval", 0, 1, {
0: "Long_GI",
1: "Short_GI"
}), # noqa: E501
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(BitEnumField("MCS_bandwidth", 0, 2, _rt_bandwidth),
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(ByteField("MCS_index", 0),
lambda pkt: pkt.present and pkt.present.MCS),
# A_MPDU
ConditionalField(_RadiotapReversePadField(LEIntField("A_MPDU_ref", 0)),
lambda pkt: pkt.present and pkt.present.A_MPDU),
ConditionalField(
FlagsField("A_MPDU_flags", None, -32, _rt_a_mpdu_flags),
lambda pkt: pkt.present and pkt.present.A_MPDU),
# VHT
ConditionalField(
_RadiotapReversePadField(
FlagsField("KnownVHT", None, -16, _rt_knownvht)),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(FlagsField("PresentVHT", None, -8, _rt_presentvht),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(ByteEnumField("VHT_bandwidth", 0, _rt_vhtbandwidth),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(StrFixedLenField("mcs_nss", 0, length=5),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(ByteField("GroupID", 0),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(ShortField("PartialAID", 0),
lambda pkt: pkt.present and pkt.present.VHT),
# timestamp
ConditionalField(_RadiotapReversePadField(LELongField("timestamp", 0)),
lambda pkt: pkt.present and pkt.present.timestamp),
ConditionalField(LEShortField("ts_accuracy", 0),
lambda pkt: pkt.present and pkt.present.timestamp),
ConditionalField(ByteField("ts_position", 0),
lambda pkt: pkt.present and pkt.present.timestamp),
ConditionalField(ByteField("ts_flags", 0),
lambda pkt: pkt.present and pkt.present.timestamp),
# HE - XXX not complete
ConditionalField(_RadiotapReversePadField(ShortField("he_data1", 0)),
lambda pkt: pkt.present and pkt.present.HE),
ConditionalField(ShortField("he_data2", 0),
lambda pkt: pkt.present and pkt.present.HE),
ConditionalField(ShortField("he_data3", 0),
lambda pkt: pkt.present and pkt.present.HE),
ConditionalField(ShortField("he_data4", 0),
lambda pkt: pkt.present and pkt.present.HE),
ConditionalField(ShortField("he_data5", 0),
lambda pkt: pkt.present and pkt.present.HE),
ConditionalField(ShortField("he_data6", 0),
lambda pkt: pkt.present and pkt.present.HE),
# HE_MU
ConditionalField(
_RadiotapReversePadField(LEShortField("hemu_flags1", 0)),
lambda pkt: pkt.present and pkt.present.HE_MU),
ConditionalField(LEShortField("hemu_flags2", 0),
lambda pkt: pkt.present and pkt.present.HE_MU),
ConditionalField(
FieldListField("RU_channel1", [],
ByteField,
count_from=lambda x: 4),
lambda pkt: pkt.present and pkt.present.HE_MU),
ConditionalField(
FieldListField("RU_channel2", [],
ByteField,
count_from=lambda x: 4),
lambda pkt: pkt.present and pkt.present.HE_MU),
# HE_MU_other_user
ConditionalField(
_RadiotapReversePadField(LEShortField("hemuou_per_user_1",
0x7fff)),
lambda pkt: pkt.present and pkt.present.HE_MU_other_user),
ConditionalField(
LEShortField("hemuou_per_user_2", 0x003f),
lambda pkt: pkt.present and pkt.present.HE_MU_other_user),
ConditionalField(
ByteField("hemuou_per_user_position", 0),
lambda pkt: pkt.present and pkt.present.HE_MU_other_user),
ConditionalField(
FlagsField("hemuou_per_user_known", 0, -16,
_rt_hemuother_per_user_known),
lambda pkt: pkt.present and pkt.present.HE_MU_other_user),
# L_SIG
ConditionalField(
_RadiotapReversePadField(
FlagsField("lsig_data1", 0, -16, ["rate", "length"])),
lambda pkt: pkt.present and pkt.present.L_SIG),
ConditionalField(BitField("lsig_length", 0, 12),
lambda pkt: pkt.present and pkt.present.L_SIG),
ConditionalField(BitField("lsig_rate", 0, 4),
lambda pkt: pkt.present and pkt.present.L_SIG),
# Remaining
StrLenField(
'notdecoded',
"",
length_from=lambda pkt: max(pkt.len - pkt._tmp_dissect_pos, 0))
]
def guess_payload_class(self, payload):
if self.present and self.present.Flags and self.Flags.FCS:
return Dot11FCS
return Dot11
def post_build(self, p, pay):
if self.len is None:
p = p[:2] + struct.pack("!H", len(p))[::-1] + p[4:]
return p + pay
class EIR_CompleteLocalName(EIR_Element):
name = "Complete Local Name"
fields_desc = [
StrLenField("local_name", "", length_from=EIR_Element.length_from)
]
class PPP_IPCP_Option_NBNS2(PPP_IPCP_Option):
name = "PPP IPCP Option: NBNS2 Address"
fields_desc = [ByteEnumField("type", 132, _PPP_ipcpopttypes),
FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda p, x:x + 2),
IPField("data", "0.0.0.0"),
ConditionalField(StrLenField("garbage", "", length_from=lambda pkt:pkt.len - 6), lambda p:p.len != 6)]
class ServerDHParams(_GenericTLSSessionInheritance):
"""
ServerDHParams for FFDH-based key exchanges, as defined in RFC 5246/7.4.3.
Either with .fill_missing() or .post_dissection(), the server_kx_privkey or
server_kx_pubkey of the TLS context are updated according to the
parsed/assembled values. It is the user's responsibility to store and
restore the original values if he wants to keep them. For instance, this
could be done between the writing of a ServerKeyExchange and the receiving
of a ClientKeyExchange (which includes secret generation).
"""
name = "Server FFDH parameters"
fields_desc = [FieldLenField("dh_plen", None, length_of="dh_p"),
StrLenField("dh_p", "",
length_from=lambda pkt: pkt.dh_plen),
FieldLenField("dh_glen", None, length_of="dh_g"),
StrLenField("dh_g", "",
length_from=lambda pkt: pkt.dh_glen),
FieldLenField("dh_Yslen", None, length_of="dh_Ys"),
StrLenField("dh_Ys", "",
length_from=lambda pkt: pkt.dh_Yslen)]
@crypto_validator
def fill_missing(self):
"""
We do not want TLSServerKeyExchange.build() to overload and recompute
things every time it is called. This method can be called specifically
to have things filled in a smart fashion.
Note that we do not expect default_params.g to be more than 0xff.
"""
s = self.tls_session
default_params = _ffdh_groups['modp2048'][0].parameter_numbers()
default_mLen = _ffdh_groups['modp2048'][1]
if not self.dh_p:
self.dh_p = pkcs_i2osp(default_params.p, default_mLen // 8)
if self.dh_plen is None:
self.dh_plen = len(self.dh_p)
if not self.dh_g:
self.dh_g = pkcs_i2osp(default_params.g, 1)
if self.dh_glen is None:
self.dh_glen = 1
p = pkcs_os2ip(self.dh_p)
g = pkcs_os2ip(self.dh_g)
real_params = dh.DHParameterNumbers(p, g).parameters(default_backend())
if not self.dh_Ys:
s.server_kx_privkey = real_params.generate_private_key()
pubkey = s.server_kx_privkey.public_key()
y = pubkey.public_numbers().y
self.dh_Ys = pkcs_i2osp(y, pubkey.key_size // 8)
# else, we assume that the user wrote the server_kx_privkey by himself
if self.dh_Yslen is None:
self.dh_Yslen = len(self.dh_Ys)
if not s.client_kx_ffdh_params:
s.client_kx_ffdh_params = real_params
@crypto_validator
def register_pubkey(self):
"""
XXX Check that the pubkey received is in the group.
"""
p = pkcs_os2ip(self.dh_p)
g = pkcs_os2ip(self.dh_g)
pn = dh.DHParameterNumbers(p, g)
y = pkcs_os2ip(self.dh_Ys)
public_numbers = dh.DHPublicNumbers(y, pn)
s = self.tls_session
s.server_kx_pubkey = public_numbers.public_key(default_backend())
if not s.client_kx_ffdh_params:
s.client_kx_ffdh_params = pn.parameters(default_backend())
def post_dissection(self, r):
try:
self.register_pubkey()
except ImportError:
pass
def guess_payload_class(self, p):
"""
The signature after the params gets saved as Padding.
This way, the .getfield() which _TLSServerParamsField inherits
from PacketField will return the signature remain as expected.
"""
return Padding
class ECCurvePkt(Packet):
name = "Elliptic Curve"
fields_desc = [FieldLenField("alen", None, length_of="a", fmt="B"),
StrLenField("a", "", length_from=lambda pkt: pkt.alen),
FieldLenField("blen", None, length_of="b", fmt="B"),
StrLenField("b", "", length_from=lambda pkt: pkt.blen)]
class RadiusAttribute(Packet):
"""
Implements a RADIUS attribute (RFC 2865). Every specific RADIUS attribute
class should inherit from this one.
"""
name = "Radius Attribute"
fields_desc = [
ByteEnumField("type", 1, _radius_attribute_types),
FieldLenField("len",
None,
"value",
"B",
adjust=lambda pkt, x: len(pkt.value) + 2),
StrLenField("value", "", length_from=lambda pkt: pkt.len - 2)
]
registered_attributes = {}
@classmethod
def register_variant(cls):
"""
Registers the RADIUS attributes defined in this module.
"""
if hasattr(cls, "val"):
cls.registered_attributes[cls.val] = cls
else:
cls.registered_attributes[cls.type.default] = cls
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
"""
Returns the right RadiusAttribute class for the given data.
"""
if _pkt:
attr_type = orb(_pkt[0])
return cls.registered_attributes.get(attr_type, cls)
return cls
def haslayer(self, cls):
if cls == "RadiusAttribute":
if isinstance(self, RadiusAttribute):
return True
elif issubtype(cls, RadiusAttribute):
if isinstance(self, cls):
return True
return super(RadiusAttribute, self).haslayer(cls)
def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt):
return super(RadiusAttribute, self).getlayer(cls,
nb=nb,
_track=_track,
_subclass=True,
**flt)
def post_build(self, p, pay):
length = self.len
if length is None:
length = len(p) + len(pay)
p = p[:1] + struct.pack("!B", length) + p[2:]
return p
def guess_payload_class(self, _):
return Padding
class EAP(Packet):
"""
RFC 3748 - Extensible Authentication Protocol (EAP)
"""
name = "EAP"
fields_desc = [
ByteEnumField("code", 4, eap_codes),
ByteField("id", 0),
ShortField("len", None),
ConditionalField(
ByteEnumField("type", 0, eap_types),
lambda pkt: pkt.code not in [EAP.SUCCESS, EAP.FAILURE]),
ConditionalField(
FieldListField("desired_auth_types", [],
ByteEnumField("auth_type", 0, eap_types),
length_from=lambda pkt: pkt.len - 4),
lambda pkt: pkt.code == EAP.RESPONSE and pkt.type == 3),
ConditionalField(
StrLenField("identity", '', length_from=lambda pkt: pkt.len - 5),
lambda pkt: pkt.code == EAP.RESPONSE and hasattr(
pkt, 'type') and pkt.type == 1), # noqa: E501
ConditionalField(
StrLenField("message", '', length_from=lambda pkt: pkt.len - 5),
lambda pkt: pkt.code == EAP.REQUEST and hasattr(
pkt, 'type') and pkt.type == 1) # noqa: E501
]
#########################################################################
#
# EAP codes
# http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-1
#########################################################################
#
REQUEST = 1
RESPONSE = 2
SUCCESS = 3
FAILURE = 4
INITIATE = 5
FINISH = 6
registered_methods = {}
@classmethod
def register_variant(cls):
cls.registered_methods[cls.type.default] = cls
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt:
c = orb(_pkt[0])
if c in [1, 2] and len(_pkt) >= 5:
t = orb(_pkt[4])
return cls.registered_methods.get(t, cls)
return cls
def answers(self, other):
if isinstance(other, EAP):
if self.code == self.REQUEST:
return 0
elif self.code == self.RESPONSE:
if ((other.code == self.REQUEST)
and (other.type == self.type)):
return 1
elif other.code == self.RESPONSE:
return 1
return 0
def mysummary(self):
summary_str = "EAP %{eap_class}.code% %{eap_class}.type%".format(
eap_class=self.__class__.__name__)
if self.type == 1 and self.code == EAP.RESPONSE:
summary_str += " %{eap_class}.identity%".format(
eap_class=self.__class__.__name__)
return self.sprintf(summary_str)
def post_build(self, p, pay):
if self.len is None:
tmp_len = len(p) + len(pay)
tmp_p = p[:2] + chb((tmp_len >> 8) & 0xff) + chb(tmp_len & 0xff)
p = tmp_p + p[4:]
return p + pay
def guess_payload_class(self, _):
return Padding
class LLTDAttributeDeviceUUID(LLTDAttribute):
name = "LLTD Attribute - Device UUID"
fields_desc = [
FieldLenField("len", None, length_of="uuid", fmt="B"),
StrLenField("uuid", b"\x00" * 16, length_from=lambda pkt: pkt.len),
]
class PSKBinderEntry(Packet):
name = "PSK Binder Entry"
fields_desc = [
FieldLenField("binder_len", None, fmt="B", length_of="binder"),
StrLenField("binder", "", length_from=lambda pkt: pkt.binder_len)
]
class KeyShareEntry(Packet):
"""
When building from scratch, we create a DH private key, and when
dissecting, we create a DH public key. Default group is secp256r1.
"""
__slots__ = ["privkey", "pubkey"]
name = "Key Share Entry"
fields_desc = [
ShortEnumField("group", None, _tls_named_groups),
FieldLenField("kxlen", None, length_of="key_exchange"),
StrLenField("key_exchange", "", length_from=lambda pkt: pkt.kxlen)
]
def __init__(self, *args, **kargs):
self.privkey = None
self.pubkey = None
super(KeyShareEntry, self).__init__(*args, **kargs)
def do_build(self):
"""
We need this hack, else 'self' would be replaced by __iter__.next().
"""
tmp = self.explicit
self.explicit = True
b = super(KeyShareEntry, self).do_build()
self.explicit = tmp
return b
@crypto_validator
def create_privkey(self):
"""
This is called by post_build() for key creation.
"""
if self.group in _tls_named_ffdh_groups:
params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0]
privkey = params.generate_private_key()
self.privkey = privkey
pubkey = privkey.public_key()
self.key_exchange = pubkey.public_numbers().y
elif self.group in _tls_named_curves:
if _tls_named_curves[self.group] == "x25519":
if conf.crypto_valid_advanced:
privkey = x25519.X25519PrivateKey.generate()
self.privkey = privkey
pubkey = privkey.public_key()
self.key_exchange = pubkey.public_bytes()
elif _tls_named_curves[self.group] != "x448":
curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]()
privkey = ec.generate_private_key(curve, default_backend())
self.privkey = privkey
pubkey = privkey.public_key()
try:
# cryptography >= 2.5
self.key_exchange = pubkey.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint)
except TypeError:
# older versions
self.key_exchange = pubkey.public_numbers().encode_point()
def post_build(self, pkt, pay):
if self.group is None:
self.group = 23 # secp256r1
if not self.key_exchange:
try:
self.create_privkey()
except ImportError:
pass
if self.kxlen is None:
self.kxlen = len(self.key_exchange)
group = struct.pack("!H", self.group)
kxlen = struct.pack("!H", self.kxlen)
return group + kxlen + self.key_exchange + pay
@crypto_validator
def register_pubkey(self):
if self.group in _tls_named_ffdh_groups:
params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0]
pn = params.parameter_numbers()
public_numbers = dh.DHPublicNumbers(self.key_exchange, pn)
self.pubkey = public_numbers.public_key(default_backend())
elif self.group in _tls_named_curves:
if _tls_named_curves[self.group] == "x25519":
if conf.crypto_valid_advanced:
import_point = x25519.X25519PublicKey.from_public_bytes
self.pubkey = import_point(self.key_exchange)
elif _tls_named_curves[self.group] != "x448":
curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]()
import_point = ec.EllipticCurvePublicKey.from_encoded_point
public_numbers = import_point(
curve, self.key_exchange).public_numbers() # noqa: E501
self.pubkey = public_numbers.public_key(default_backend())
def post_dissection(self, r):
try:
self.register_pubkey()
except ImportError:
pass
def extract_padding(self, s):
return "", s
class MQTTSNWillMsgUpd(Packet):
name = "MQTT-SN will message update"
fields_desc = [
StrLenField("will_msg", "", length_from=_mqttsn_length_from(0))
]
class ServerECDHNamedCurveParams(_GenericTLSSessionInheritance):
name = "Server ECDH parameters - Named Curve"
fields_desc = [ByteEnumField("curve_type", 3, _tls_ec_curve_types),
ShortEnumField("named_curve", None, _tls_named_curves),
FieldLenField("pointlen", None,
length_of="point", fmt="B"),
StrLenField("point", None,
length_from=lambda pkt: pkt.pointlen)]
@crypto_validator
def fill_missing(self):
"""
We do not want TLSServerKeyExchange.build() to overload and recompute
things every time it is called. This method can be called specifically
to have things filled in a smart fashion.
XXX We should account for the point_format (before 'point' filling).
"""
s = self.tls_session
if self.curve_type is None:
self.curve_type = _tls_ec_curve_types["named_curve"]
if self.named_curve is None:
curve = ec.SECP256R1()
s.server_kx_privkey = ec.generate_private_key(curve,
default_backend())
self.named_curve = next((cid for cid, name in six.iteritems(_tls_named_curves) # noqa: E501
if name == curve.name), 0)
else:
curve_name = _tls_named_curves.get(self.named_curve)
if curve_name is None:
# this fallback is arguable
curve = ec.SECP256R1()
else:
curve_cls = ec._CURVE_TYPES.get(curve_name)
if curve_cls is None:
# this fallback is arguable
curve = ec.SECP256R1()
else:
curve = curve_cls()
s.server_kx_privkey = ec.generate_private_key(curve,
default_backend())
if self.point is None:
pubkey = s.server_kx_privkey.public_key()
try:
# cryptography >= 2.5
self.point = pubkey.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
except TypeError:
# older versions
self.key_exchange = pubkey.public_numbers().encode_point()
# else, we assume that the user wrote the server_kx_privkey by himself
if self.pointlen is None:
self.pointlen = len(self.point)
if not s.client_kx_ecdh_params:
s.client_kx_ecdh_params = curve
@crypto_validator
def register_pubkey(self):
"""
XXX Support compressed point format.
XXX Check that the pubkey received is on the curve.
"""
# point_format = 0
# if self.point[0] in [b'\x02', b'\x03']:
# point_format = 1
curve_name = _tls_named_curves[self.named_curve]
curve = ec._CURVE_TYPES[curve_name]()
s = self.tls_session
try: # cryptography >= 2.5
import_point = ec.EllipticCurvePublicKey.from_encoded_point
s.server_kx_pubkey = import_point(curve, self.point)
except AttributeError:
import_point = ec.EllipticCurvePublicNumbers.from_encoded_point
pubnum = import_point(curve, self.point)
s.server_kx_pubkey = pubnum.public_key(default_backend())
if not s.client_kx_ecdh_params:
s.client_kx_ecdh_params = curve
def post_dissection(self, r):
try:
self.register_pubkey()
except ImportError:
pass
def guess_payload_class(self, p):
return Padding
class EIR_Raw(EIR_Element):
name = "EIR Raw"
fields_desc = [
StrLenField("data", "", length_from=EIR_Element.length_from)
]
class IE_ProtocolConfigurationOptions(IE_Base):
name = "Protocol Configuration Options"
fields_desc = [ByteEnumField("ietype", 132, IEType),
ShortField("length", 4),
StrLenField("Protocol_Configuration", "",
length_from=lambda x: x.length)]
class HCI_Cmd_LE_Set_Advertising_Data(Packet):
name = "LE Set Advertising Data"
fields_desc = [
FieldLenField("len", None, length_of="data", fmt="B"),
StrLenField("data", "", length_from=lambda pkt: pkt.len),
]
class ICMPExtensionInterfaceInformation(ICMPExtensionObject):
name = 'ICMP Extension Object - Interface Information Object (RFC5837)'
fields_desc = [ShortField('len', None),
ByteField('classnum', 2),
BitField('interface_role', 0, 2),
BitField('reserved', 0, 2),
BitField('has_ifindex', 0, 1),
BitField('has_ipaddr', 0, 1),
BitField('has_ifname', 0, 1),
BitField('has_mtu', 0, 1),
ConditionalField(
IntField('ifindex', None),
lambda pkt: pkt.has_ifindex == 1),
ConditionalField(
ShortField('afi', None),
lambda pkt: pkt.has_ipaddr == 1),
ConditionalField(
ShortField('reserved2', 0),
lambda pkt: pkt.has_ipaddr == 1),
ConditionalField(
IPField('ip4', None),
lambda pkt: pkt.afi == 1),
ConditionalField(
IP6Field('ip6', None),
lambda pkt: pkt.afi == 2),
ConditionalField(
FieldLenField('ifname_len', None, fmt='B',
length_of='ifname'),
lambda pkt: pkt.has_ifname == 1),
ConditionalField(
StrLenField('ifname', None,
length_from=lambda pkt: pkt.ifname_len),
lambda pkt: pkt.has_ifname == 1),
ConditionalField(
IntField('mtu', None),
lambda pkt: pkt.has_mtu == 1)]
def self_build(self, field_pos_list=None):
if self.afi is None:
if self.ip4 is not None:
self.afi = 1
elif self.ip6 is not None:
self.afi = 2
if self.has_ifindex and self.ifindex is None:
warning('has_ifindex set but ifindex is not set.')
if self.has_ipaddr and self.afi is None:
warning('has_ipaddr set but afi is not set.')
if self.has_ipaddr and self.ip4 is None and self.ip6 is None:
warning('has_ipaddr set but ip4 or ip6 is not set.')
if self.has_ifname and self.ifname is None:
warning('has_ifname set but ifname is not set.')
if self.has_mtu and self.mtu is None:
warning('has_mtu set but mtu is not set.')
return ICMPExtensionObject.self_build(self, field_pos_list=field_pos_list) # noqa: E501
class PPP_ECP_Option_OUI(PPP_ECP_Option):
fields_desc = [ByteEnumField("type", 0, _PPP_ecpopttypes),
FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda p, x:x + 6),
StrFixedLenField("oui", "", 3),
ByteField("subtype", 0),
StrLenField("data", "", length_from=lambda p:p.len - 6)]
class ProfinetDCP(Packet):
"""
Profinet DCP Packet
Requests are handles via ConditionalFields because here only 1 Block is used every time
Ŕesoinse can contain 1..n Blocks, for that you have to use one ProfinetDCP Layer with one or multiple DCP*Block Layers
ProfinetDCP / DCPNameOfStationBlock / DCPDeviceIDBlock ...
Example for a DCP Identify All Request:
Ether(dst="01:0e:cf:00:00:00") / ProfinetIO(frameID=DCP_IDENTIFY_REQUEST_FRAME_ID) / ProfinetDCP(
service_id=DCP_SERVICE_ID_IDENTIFY, service_type= DCP_REQUEST, option=255, sub_option=255, dcp_data_length=4)
Example for a DCP Identify Response:
Ether(dst=dst_mac) / ProfinetIO(frameID=DCP_IDENTIFY_RESPONSE_FRAME_ID) / ProfinetDCP(
service_id=DCP_SERVICE_ID_IDENTIFY, service_type=DCP_RESPONSE) / DCPNameOfStationBlock(name_of_station="device1")
Example for a DCP Set Request:
Ether(dst=mac)/ProfinetIO(frameID=DCP_GET_SET_FRAME_ID)/ProfinetDCP(service_id=DCP_SERVICE_ID_SET, service_type=DCP_REQUEST,
option=2, sub_option=2, dcp_data_length=14, dcp_block_length=10, name_of_station=name, response_delay=0)
"""
name = "Profinet DCP"
# a DCP PDU consists of some fields and 1..n DCP Blocks
fields_desc = [
ByteEnumField("service_id", 5, DCP_SERVICE_ID),
ByteEnumField("service_type", 0, DCP_SERVICE_TYPE),
XIntField("xid", 0x01000001),
# XShortField('reserved', 0),
ConditionalField(ShortField('response_delay', 1),
lambda pkt: pkt.service_type == 0),
ConditionalField(ShortField('reserved', 0),
lambda pkt: pkt.service_type == 1),
LenField("dcp_data_length", None),
# DCP REQUEST specific
ConditionalField(ByteEnumField("option", 2, DCP_OPTIONS),
lambda pkt: pkt.service_type == 0),
ConditionalField(
MultiEnumField("sub_option",
3,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
lambda pkt: pkt.service_type == 0),
# calculate the len fields - workaround
ConditionalField(LenField("dcp_block_length", 0),
lambda pkt: pkt.service_type == 0),
# ConditionalField(LenField("dcp_block_length", 12), lambda pkt: pkt.service_type == 0 and (pkt.option == 1 or pkt.option == 2) and pkt.sub_option == 2), # name
# ConditionalField(LenField("dcp_block_length", 12), lambda pkt: pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 2), # ip
# TODO alias_name
# DCP SET REQUEST #
ConditionalField(
ShortEnumField("block_qualifier", 1, BLOCK_QUALIFIERS),
lambda pkt: pkt.service_id == 4 and pkt.service_type == 0),
# Name Of Station
ConditionalField(
StrLenField("name_of_station",
"et200sp",
length_from=lambda x: x.dcp_block_length - 2),
lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.
option == 2 and pkt.sub_option == 2),
# MAC
ConditionalField(
MACField("mac",
"00:00:00:00:00:00"), lambda pkt: pkt.service_id == 4 and
pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 1),
# IP
ConditionalField(
IPField("ip", "192.168.0.2"), lambda pkt: pkt.service_id == 4 and
pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 2),
ConditionalField(
IPField("netmask",
"255.255.255.0"), lambda pkt: pkt.service_id == 4 and pkt.
service_type == 0 and pkt.option == 1 and pkt.sub_option == 2),
ConditionalField(
IPField("gateway",
"192.168.0.1"), lambda pkt: pkt.service_id == 4 and pkt.
service_type == 0 and pkt.option == 1 and pkt.sub_option == 2),
# DCP IDENTIFY REQUEST #
# Name of station
ConditionalField(
StrLenField("name_of_station",
"et200sp",
length_from=lambda x: x.dcp_block_length),
lambda pkt: pkt.service_id == 5 and pkt.service_type == 0 and pkt.
option == 2 and pkt.sub_option == 2),
# Alias name
ConditionalField(
StrLenField("alias_name",
"et200sp",
length_from=lambda x: x.dcp_block_length),
lambda pkt: pkt.service_id == 5 and pkt.service_type == 0 and pkt.
option == 2 and pkt.sub_option == 6),
# implement further REQUEST fields if needed ....
# DCP RESPONSE BLOCKS #
ConditionalField(
PacketListField("dcp_blocks", [],
guess_dcp_block_class,
length_from=lambda p: p.dcp_data_length),
lambda pkt: pkt.service_type == 1),
]
def post_build(self, p, pay):
# add padding to ensure min packet length
padding = MIN_PACKET_LENGTH - (len(p + pay))
pay += b"\0" * padding
return Packet.post_build(self, p, pay)
class PPP_LCP_Callback_Option(PPP_LCP_Option):
fields_desc = [ByteEnumField("type", 13, _PPP_lcp_optiontypes),
FieldLenField("len", None, fmt="B", length_of="message",
adjust=lambda p, x:x + 3),
ByteEnumField("operation", 0, _PPP_lcp_callback_operations),
StrLenField("message", "", length_from=lambda p:p.len - 3)]
class MQTTSNGwInfo(Packet):
name = "MQTT-SN gateway info"
fields_desc = [
ByteField("gw_id", 0),
StrLenField("gw_addr", "", length_from=_mqttsn_length_from(1)),
]
class Dot11Elt(Packet):
__slots__ = ["info"]
name = "802.11 Information Element"
fields_desc = [
ByteEnumField("ID", 0, _dot11_info_elts_ids),
FieldLenField("len", None, "info", "B"),
StrLenField("info", "", length_from=lambda x: x.len, max_length=255)
]
show_indent = 0
def mysummary(self):
if self.ID == 0:
ssid = repr(self.info)
if ssid[:2] in ['b"', "b'"]:
ssid = ssid[1:]
return "SSID=%s" % ssid, [Dot11]
else:
return ""
registered_ies = {}
@classmethod
def register_variant(cls):
cls.registered_ies[cls.ID.default] = cls
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt:
_id = orb(_pkt[0])
if _id == 221:
oui_a = orb(_pkt[2])
oui_b = orb(_pkt[3])
oui_c = orb(_pkt[4])
if oui_a == 0x00 and oui_b == 0x50 and oui_c == 0xf2:
# MS OUI
type_ = orb(_pkt[5])
if type_ == 0x01:
# MS WPA IE
return Dot11EltMicrosoftWPA
else:
return Dot11EltVendorSpecific
else:
return Dot11EltVendorSpecific
else:
return cls.registered_ies.get(_id, cls)
return cls
def haslayer(self, cls):
if cls == "Dot11Elt":
if isinstance(self, Dot11Elt):
return True
elif issubtype(cls, Dot11Elt):
if isinstance(self, cls):
return True
return super(Dot11Elt, self).haslayer(cls)
def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt):
return super(Dot11Elt, self).getlayer(cls,
nb=nb,
_track=_track,
_subclass=True,
**flt)
def pre_dissect(self, s):
# Backward compatibility: add info to all elements
# This allows to introduce new Dot11Elt classes without breaking
# previous code
if len(s) >= 3:
length = orb(s[1])
if length > 0 and length <= 255:
self.info = s[2:2 + length]
return s
def post_build(self, p, pay):
if self.len is None:
p = p[:1] + chb(len(p) - 2) + p[2:]
return p + pay
class MQTTSNPingReq(Packet):
name = "MQTT-SN ping request"
fields_desc = [
StrLenField("client_id", "", length_from=_mqttsn_length_from(0)),
]
class RadioTap(Packet):
name = "RadioTap dummy"
fields_desc = [
ByteField('version', 0),
ByteField('pad', 0),
LEShortField('len', None),
FlagsField(
'present',
None,
-32,
[
'TSFT',
'Flags',
'Rate',
'Channel',
'FHSS',
'dBm_AntSignal', # noqa: E501
'dBm_AntNoise',
'Lock_Quality',
'TX_Attenuation',
'dB_TX_Attenuation', # noqa: E501
'dBm_TX_Power',
'Antenna',
'dB_AntSignal',
'dB_AntNoise', # noqa: E501
'RXFlags',
'TXFlags',
'b17',
'b18',
'ChannelPlus',
'MCS',
'A_MPDU', # noqa: E501
'VHT',
'timestamp',
'b24',
'b25',
'b26',
'b27',
'b28',
'b29', # noqa: E501
'RadiotapNS',
'VendorNS',
'Ext'
]), # noqa: E501
# Extended presence mask
ConditionalField(
PacketListField("Ext", [], next_cls_cb=_next_radiotap_extpm),
lambda pkt: pkt.present and pkt.present.Ext), # noqa: E501
# Default fields
ConditionalField(
_RadiotapReversePadField(BitField("mac_timestamp", 0, -64)),
lambda pkt: pkt.present and pkt.present.TSFT), # noqa: E501
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"Flags",
None,
-8,
[
'CFP',
'ShortPreamble',
'wep',
'fragment', # noqa: E501
'FCS',
'pad',
'badFCS',
'ShortGI'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.Flags),
ConditionalField(
_RadiotapReversePadField(ByteField("Rate", 0)),
lambda pkt: pkt.present and pkt.present.Rate), # noqa: E501
ConditionalField(
_RadiotapReversePadField(LEShortField("Channel", 0)),
lambda pkt: pkt.present and pkt.present.Channel), # noqa: E501
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"ChannelFlags",
None,
-16,
[
'res1',
'res2',
'res3',
'res4',
'Turbo',
'CCK', # noqa: E501
'OFDM',
'2GHz',
'5GHz',
'Passive',
'Dynamic_CCK_OFDM', # noqa: E501
'GFSK',
'GSM',
'StaticTurbo',
'10MHz',
'5MHz'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.Channel),
ConditionalField(
_RadiotapReversePadField(_dbmField("dBm_AntSignal", -256)), lambda
pkt: pkt.present and pkt.present.dBm_AntSignal), # noqa: E501
ConditionalField(
_RadiotapReversePadField(_dbmField("dBm_AntNoise", -256)), lambda
pkt: pkt.present and pkt.present.dBm_AntNoise), # noqa: E501
ConditionalField(
_RadiotapReversePadField(ByteField("Antenna", 0)),
lambda pkt: pkt.present and pkt.present.Antenna), # noqa: E501
# RX Flags
ConditionalField(
_RadiotapReversePadField(
FlagsField("RXFlags", None, -16,
["res1", "BAD_PLCP", "res2"])), # noqa: E501
lambda pkt: pkt.present and pkt.present.RXFlags), # noqa: E501#
# TX Flags
ConditionalField(
_RadiotapReversePadField(
FlagsField("TXFlags", None, -16,
["TX_FAIL", "CTS", "RTS", "NOACK", "NOSEQ"
])), # noqa: E501
lambda pkt: pkt.present and pkt.present.TXFlags), # noqa: E501
# ChannelPlus
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"ChannelFlags2",
None,
-32,
[
'res1',
'res2',
'res3',
'res4',
'Turbo',
'CCK', # noqa: E501
'OFDM',
'2GHz',
'5GHz',
'Passive',
'Dynamic_CCK_OFDM', # noqa: E501
'GFSK',
'GSM',
'StaticTurbo',
'10MHz',
'5MHz', # noqa: E501
'20MHz',
'40MHz_ext_channel_above',
'40MHz_ext_channel_below', # noqa: E501
'res5',
'res6',
'res7',
'res8',
'res9'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.ChannelPlus),
ConditionalField(
_RadiotapReversePadField(LEShortField("ChannelFrequency", 0)),
lambda pkt: pkt.present and pkt.present.ChannelPlus), # noqa: E501
ConditionalField(
_RadiotapReversePadField(ByteField("ChannelNumber", 0)),
lambda pkt: pkt.present and pkt.present.ChannelPlus), # noqa: E501
# MCS
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"knownMCS",
None,
-8,
[
'bandwidth',
'MCS_index',
'guard_interval',
'HT_format', # noqa: E501
'FEC_type',
'STBC_streams',
'Ness',
'Ness_MSB'
])), # noqa: E501
lambda pkt: pkt.present and pkt.present.MCS),
ConditionalField(
BitEnumField("bandwidth", 0, 2, {
0: "20MHz",
1: "40MHz",
2: "ht40Mhz-",
3: "ht40MHz+"
}), # noqa: E501
lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(
BitEnumField("guard_interval", 0, 1, {
0: "Long_GI",
1: "Short_GI"
}), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(
BitEnumField("HT_format", 0, 1, {
0: "mixed",
1: "greenfield"
}), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(BitEnumField("FEC_type", 0, 1, {
0: "BCC",
1: "LDPC"
}), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(
BitField("STBC_streams", 0, 2),
lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(
BitField("Ness_LSB", 0, 1),
lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
ConditionalField(ByteField(
"MCS_index",
0), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501
# A_MPDU
ConditionalField(
_RadiotapReversePadField(LEIntField("A_MPDU_ref", 0)),
lambda pkt: pkt.present and pkt.present.A_MPDU), # noqa: E501
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"A_MPDU_flags",
None,
-32,
[
'Report0Subframe',
'Is0Subframe',
'KnownLastSubframe', # noqa: E501
'LastSubframe',
'CRCerror',
'EOFsubframe',
'KnownEOF', # noqa: E501
'res1',
'res2',
'res3',
'res4',
'res5',
'res6',
'res7',
'res8'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.A_MPDU),
# VHT
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"KnownVHT",
None,
-16,
[
'STBC',
'TXOP_PS_NOT_ALLOWED',
'GuardInterval',
'SGINsysmDis', # noqa: E501
'LDPCextraOFDM',
'Beamformed',
'Bandwidth',
'GroupID',
'PartialAID', # noqa: E501
'res1',
'res2',
'res3',
'res4',
'res5',
'res6',
'res7'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(
_RadiotapReversePadField(
FlagsField(
"PresentVHT",
None,
-8,
[
'STBC',
'TXOP_PS_NOT_ALLOWED',
'GuardInterval',
'SGINsysmDis', # noqa: E501
'LDPCextraOFDM',
'Beamformed',
'res1',
'res2'
]) # noqa: E501
),
lambda pkt: pkt.present and pkt.present.VHT),
ConditionalField(
_RadiotapReversePadField(
ByteEnumField("bandwidth", 0, _vht_bandwidth)),
lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501
ConditionalField(
_RadiotapReversePadField(StrFixedLenField("mcs_nss", 0, length=5)),
lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501
ConditionalField(
_RadiotapReversePadField(ByteField("GroupID", 0)),
lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501
ConditionalField(
_RadiotapReversePadField(ShortField("PartialAID", 0)),
lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501
StrLenField('notdecoded',
"",
length_from=lambda pkt: pkt.len - pkt._tmp_dissect_pos)
] # noqa: E501
def guess_payload_class(self, payload):
if self.present and self.present.Flags and self.Flags.FCS:
return Dot11FCS
return Dot11
def post_build(self, p, pay):
if self.len is None:
p = p[:2] + struct.pack("!H", len(p))[::-1] + p[4:]
return p + pay
class MQTTSNWillTopicUpd(Packet):
name = "MQTT-SN will topic update"
fields_desc = FLAG_FIELDS + [
StrLenField("will_topic", "", length_from=_mqttsn_length_from(1)),
]
class NTLMSSPLE(Packet):
name = 'NTLM Secure Service Provider'
fields_desc = [
StrFixedLenField('identifier', 'NTLMSSP', length=8),
LEIntEnumField('messageType', 3, {3: 'NTLMSSP_AUTH'}),
LEShortField('lanManagerLen', 0),
LEShortField('lanManagerMax', 0),
LEIntField('lanManagerOffset', 0),
LEShortField('NTLMRepLen', 0),
LEShortField('NTLMRepMax', 0),
LEIntField('NTLMRepOffset', 0),
LEShortField('domainNameLen', 0),
LEShortField('domainNameMax', 0),
LEIntField('domainNameOffset', 0),
LEShortField('userNameLen', 0),
LEShortField('userNameMax', 0),
LEIntField('userNameOffset', 0),
LEShortField('hostNameLen', 0),
LEShortField('hostNameMax', 0),
LEIntField('hostNameOffset', 0),
LEShortField('sessionKeyLen', 0),
LEShortField('sessionKeyMax', 0),
LEIntField('sessionKeyOffset', 0),
FlagsField('negociateFlags', 0, 32, _negociate_flags),
ByteField('versionMajor', 0),
ByteField('versionMinor', 0),
LEShortField('buildNumber', 0),
ByteField('reserved', 0),
ShortField('reserved2', 0),
ByteField('NTLMCurrentRevision', 0),
StrFixedLenField('MIC', '', 16),
StrLenField('domainName',
'',
length_from=lambda pkt: pkt.domainNameLen),
StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen),
StrLenField('hostName', '', length_from=lambda pkt: pkt.hostNameLen),
StrLenField('lanManager',
'',
length_from=lambda pkt: pkt.lanManagerLen),
StrFixedLenField('NTLMRep', '', length=16),
ByteField('responseVersion', 0),
ByteField('hiResponseVersion', 0),
StrFixedLenField('Z', '', 6),
LELongField('timestamp', 0), # Time in nanosecond
StrFixedLenField('clientChallenge', '', 8),
LEIntField('Z', 0),
PacketField('attribute1', None, AttributeNameLE),
PacketField('attribute2', None, AttributeNameLE),
PacketField('attribute3', None, AttributeNameLE),
PacketField('attribute4', None, AttributeNameLE),
PacketField('attribute5', None, AttributeNameLE),
PacketField('attribute6', None, AttributeNameLE),
PacketField('attribute7', None, AttributeNameLE),
PacketField('attribute8', None, AttributeNameLE),
PacketField('attribute9', None, AttributeNameLE),
PacketField('attribute10', None, AttributeNameLE),
LEIntField('Z', 0),
LEIntField('padding', 0),
StrLenField('sessionKey',
'',
length_from=lambda pkt: pkt.sessionKeyLen),
]
def extract_padding(self, p):
return b"", p
class PAS5211EventDbaAlgorithm(PAS5211Event):
name = "PAS5211EventDbaAlgorithm"
fields_desc = [
FieldLenField("size", None, fmt="<H", length_of="data"),
StrLenField("data", "", length_from=lambda x: x.size)
]
