class DCPMACBlock(Packet):
fields_desc = [
ByteEnumField("option", 1, DCP_OPTIONS),
MultiEnumField("sub_option",
1,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
FieldLenField("dcp_block_length", None),
ShortEnumField("block_info", 0, BLOCK_INFOS),
MACField("mac", "00:00:00:00:00:00"),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class IKEv2_payload_IDr(IKEv2_class):
name = "IKEv2 Identification - Responder"
overload_fields = {IKEv2: {"next_payload": 36}}
fields_desc = [
ByteEnumField("next_payload", None, IKEv2_payload_type),
ByteField("res", 0),
FieldLenField("length", None, "load", "H",
adjust=lambda pkt, x: x + 8),
ByteEnumField("IDtype", 1, {
1: "IPv4_addr",
2: "FQDN",
3: "Email_addr",
5: "IPv6_addr",
11: "Key"
}), # noqa: E501
ByteEnumField("ProtoID", 0, {0: "Unused"}),
ShortEnumField("Port", 0, {0: "Unused"}),
# IPField("IdentData","127.0.0.1"),
StrLenField("load", "", length_from=lambda x: x.length - 8),
]
class OSPFv3_Link_LSA(OSPF_BaseLSA):
name = "OSPFv3 Link LSA"
fields_desc = [
ShortField("age", 1),
ShortEnumField("type", 0x0008, _OSPFv3_LStypes),
IPField("id", "0.0.0.0"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
ByteField("prio", 1),
OSPFv3OptionsField(),
IP6Field("lladdr", "fe80::"),
FieldLenField("prefixes", None, count_of="prefixlist",
fmt="I"), # noqa: E501
PacketListField("prefixlist",
None,
OSPFv3_Prefix_Item,
count_from=lambda pkt: pkt.prefixes)
]
class OFPPortStats(Packet):
def extract_padding(self, s):
return b"", s
name = "OFP_PORT_STATS"
fields_desc = [ShortEnumField("port_no", 0, ofp_port_no),
XBitField("pad", 0, 48),
LongField("rx_packets", 0),
LongField("tx_packets", 0),
LongField("rx_bytes", 0),
LongField("tx_bytes", 0),
LongField("rx_dropped", 0),
LongField("tx_dropped", 0),
LongField("rx_errors", 0),
LongField("tx_errors", 0),
LongField("rx_frame_err", 0),
LongField("rx_over_err", 0),
LongField("rx_crc_err", 0),
LongField("collisions", 0)]
class DCPBaseBlock(Packet):
"""
base class for all DCP Blocks
"""
fields_desc = [
ByteEnumField("option", 1, DCP_OPTIONS),
MultiEnumField("sub_option",
2,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
FieldLenField("dcp_block_length", None, length_of="data"), # TODO
ShortEnumField("block_info", 0, BLOCK_INFOS),
StrLenField("data", "", length_from=lambda x: x.dcp_block_length),
]
# needed for dissecting multiple blocks
# https://stackoverflow.com/questions/8073508/scapy-adding-new-protocol-with-complex-field-groupings
def extract_padding(self, s):
return '', s
class SMB2_Header(Packet):
name = "SMB2 Header"
fields_desc = [
StrFixedLenField("Start", b"\xfeSMB", 4),
LEShortField("HeaderLength", 0),
LEShortField("CreditCharge", 0),
LEShortField("ChannelSequence", 0),
LEShortField("Unused", 0),
ShortEnumField("Command", 0, {0x0000: "SMB2_COM_NEGOCIATE"}),
LEShortField("CreditsRequested", 0),
# XLEIntField("Flags", 0),
FlagsField("Flags", 0, 32, {
24: "SMB2_FLAGS_SERVER_TO_REDIR",
}),
XLEIntField("ChainOffset", 0),
LELongField("MessageID", 0),
XLEIntField("ProcessID", 0),
XLEIntField("TreeID", 0),
XLELongField("SessionID", 0),
XNBytesField("Signature", 0, 16),
]
class DCPDeviceInstanceBlock(Packet):
fields_desc = [
ByteEnumField("option", 2, DCP_OPTIONS),
MultiEnumField("sub_option",
7,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
LenField("dcp_block_length", 4),
ShortEnumField("block_info", 0, BLOCK_INFOS),
XByteField("device_instance_high", 0x00),
XByteField("device_instance_low", 0x01),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class DCPDeviceRoleBlock(Packet):
fields_desc = [
ByteEnumField("option", 2, DCP_OPTIONS),
MultiEnumField("sub_option",
4,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
LenField("dcp_block_length", 4),
ShortEnumField("block_info", 0, BLOCK_INFOS),
ByteEnumField("device_role_details", 1, DCP_DEVICE_ROLES),
XByteField("reserved", 0x00),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class DCPDeviceIDBlock(Packet):
fields_desc = [
ByteEnumField("option", 2, DCP_OPTIONS),
MultiEnumField("sub_option",
3,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
LenField("dcp_block_length", None),
ShortEnumField("block_info", 0, BLOCK_INFOS),
XShortField("vendor_id", 0x002a),
XShortField("device_id", 0x0313),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class OSPFv3_Inter_Area_Prefix_LSA(OSPF_BaseLSA):
name = "OSPFv3 Inter Area Prefix LSA"
fields_desc = [
ShortField("age", 1),
ShortEnumField("type", 0x2003, _OSPFv3_LStypes),
IPField("id", "0.0.0.0"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
ByteField("reserved", 0),
X3BytesField("metric", 10),
FieldLenField("prefixlen", None, length_of="prefix",
fmt="B"), # noqa: E501
OSPFv3PrefixOptionsField(),
ShortField("reserved2", 0),
IP6PrefixField("prefix",
"2001:db8:0:42::/64",
wordbytes=4,
length_from=lambda pkt: pkt.prefixlen)
] # noqa: E501
class NBNSRequest(Packet):
name = "NBNS request"
fields_desc = [
ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x2910),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 1),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField(
"SUFFIX", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("QUESTION_CLASS", 1, {1: "INTERNET"}),
ShortEnumField(
"RR_NAME", 0xC00C,
{0xC00C: "Label String Pointer to QUESTION_NAME"}), # noqa: E501
ShortEnumField("RR_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("RR_CLASS", 1, {1: "INTERNET"}),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G", 0, 1, {
0: "Unique name",
1: "Group name"
}), # noqa: E501
BitEnumField("OWNER_NODE_TYPE", 00, 2, {
0: "B node",
1: "P node",
2: "M node",
3: "H node"
}), # noqa: E501
BitEnumField("UNUSED", 0, 13, {0: "Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")
]
class GetDescriptor(RequestDescriptor):
fields_desc = [
PacketField("bmRequestType", bmRequestType(), bmRequestType),
ByteEnumField("bRequest", URBDefs.Request.GET_DESCRIPTOR,
URBDefs.Request.desc),
ByteField("descriptor_index", 0),
ByteEnumField(
"bDescriptorType",
USBDefs.DescriptorType.DEVICE_DESCRIPTOR,
USBDefs.DescriptorType.desc,
),
ShortEnumField("language_id", URBDefs.Language.NONE_SPECIFIED,
URBDefs.Language.desc),
LEShortField("wLength", 0),
]
def desc(self):
return "GetDescriptor %s [sz:%u]" % (
USBDefs.DescriptorType[self.bDescriptorType],
self.wLength,
)
class DCPIPBlock(Packet):
fields_desc = [
ByteEnumField("option", 1, DCP_OPTIONS),
MultiEnumField("sub_option",
2,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
LenField("dcp_block_length", None),
ShortEnumField("block_info", 1, IP_BLOCK_INFOS),
IPField("ip", "192.168.0.2"),
IPField("netmask", "255.255.255.0"),
IPField("gateway", "192.168.0.1"),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class DCPDeviceOptionsBlock(Packet):
fields_desc = [
ByteEnumField("option", 2, DCP_OPTIONS),
MultiEnumField("sub_option",
5,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
LenField("dcp_block_length", None), # TODO
ShortEnumField("block_info", 0, BLOCK_INFOS),
PacketListField("device_options", [],
DeviceOption,
length_from=lambda p: p.dcp_block_length - 2),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class DCPManufacturerSpecificBlock(Packet):
fields_desc = [
ByteEnumField("option", 2, DCP_OPTIONS),
MultiEnumField("sub_option",
1,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
FieldLenField("dcp_block_length", None),
ShortEnumField("block_info", 0, BLOCK_INFOS),
StrLenField("device_vendor_value",
"et200sp",
length_from=lambda x: x.dcp_block_length - 2),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
class IFETlv(Packet):
"""
Parent Class interhit by all ForCES TLV strucutures
"""
name = "IFETlv"
fields_desc = [
ShortEnumField("type", 0, IFE_META_TYPES),
FieldLenField("length",
None,
length_of="value",
adjust=lambda pkt, x: x + 4),
MultipleTypeField([
(PadField(ShortField("value", 0), 4, padwith=b'\x00'),
lambda pkt: pkt.type in IFE_TYPES_SHORT),
(PadField(IntField("value", 0), 4,
padwith=b'\x00'), lambda pkt: pkt.type in IFE_TYPES_INT),
], PadField(IntField("value", 0), 4, padwith=b'\x00')),
]
def extract_padding(self, s):
return "", s
class SCTPChunkParamSupportedExtensions(_SCTPChunkParam, Packet):
fields_desc = [
ShortEnumField("type", 0x8008, sctpchunkparamtypes),
FieldLenField("len",
None,
length_of="supported_extensions",
adjust=lambda pkt, x: x + 4),
PadField(
FieldListField(
"supported_extensions",
[
"authentication", "address-configuration",
"address-configuration-ack"
],
ByteEnumField(
"supported_extensions", # noqa: E501
None,
sctpchunktypes),
length_from=lambda pkt: pkt.len - 4), # noqa: E501
4,
padwith=b"\x00"),
]
class TLS_Ext_KeyShare_CH(TLS_Ext_Unknown):
name = "TLS Extension - Key Share (for ClientHello)"
fields_desc = [
ShortEnumField("type", 0x33, _tls_ext),
ShortField("len", None),
FieldLenField("client_shares_len", None, length_of="client_shares"),
PacketListField("client_shares", [],
KeyShareEntry,
length_from=lambda pkt: pkt.client_shares_len)
] # noqa: E501
def post_build(self, pkt, pay):
if not self.tls_session.frozen:
privshares = self.tls_session.tls13_client_privshares
for kse in self.client_shares:
if kse.privkey:
if _tls_named_curves[kse.group] in privshares:
pkt_info = pkt.firstlayer().summary()
log_runtime.info(
"TLS: group %s used twice in the same ClientHello [%s]",
kse.group, pkt_info) # noqa: E501
break
privshares[_tls_named_groups[kse.group]] = kse.privkey
return super(TLS_Ext_KeyShare_CH, self).post_build(pkt, pay)
def post_dissection(self, r):
if not self.tls_session.frozen:
for kse in self.client_shares:
if kse.pubkey:
pubshares = self.tls_session.tls13_client_pubshares
if _tls_named_curves[kse.group] in pubshares:
pkt_info = r.firstlayer().summary()
log_runtime.info(
"TLS: group %s used twice in the same ClientHello [%s]",
kse.group, pkt_info) # noqa: E501
break
pubshares[_tls_named_curves[kse.group]] = kse.pubkey
return super(TLS_Ext_KeyShare_CH, self).post_dissection(r)
class HSFZ(Packet):
name = 'HSFZ'
fields_desc = [
IntField('length', None),
ShortEnumField('type', 1, {
0x01: "message",
0x02: "echo"
}),
XByteField('src', 0),
XByteField('dst', 0),
]
def hashret(self):
# type: () -> bytes
hdr_hash = struct.pack("B", self.src ^ self.dst)
pay_hash = self.payload.hashret()
return hdr_hash + pay_hash
def answers(self, other):
# type: (Packet) -> int
if other.__class__ == self.__class__:
return self.payload.answers(other.payload)
return 0
def extract_padding(self, s):
# type: (bytes) -> Tuple[bytes, bytes]
return s[:self.length - 2], s[self.length - 2:]
def post_build(self, pkt, pay):
# type: (bytes, bytes) -> bytes
"""
This will set the LenField 'length' to the correct value.
"""
if self.length is None:
pkt = struct.pack("!I", len(pay) + 2) + pkt[4:]
return pkt + pay
class DoIP(Packet):
name = 'DoIP'
fields_desc = [
LenField('length', None, fmt='I', adjust=lambda x: x + 2),
ShortEnumField('type', 1, {
0x01: "message",
0x02: "echo"
}),
XByteField('src', 0),
XByteField('dst', 0),
]
def hashret(self):
hdr_hash = struct.pack("B", self.src ^ self.dst)
pay_hash = self.payload.hashret()
return hdr_hash + pay_hash
def answers(self, other):
if other.__class__ == self.__class__:
return self.payload.answers(other.payload)
return 0
def extract_padding(self, s):
return s[:8], s[8:]
class YOARP(Packet):
name = "YOARP"
fields_desc = [
XShortField("hwtype", 0x0001),
XShortEnumField("ptype", 0x9999, ETHER_TYPES),
ByteField("hwlen", 6),
ByteField("plen", 2),
ShortEnumField("op", 1,
{"who-has": 1, "is-at": 2, "RARP-req": 3,
"RARP-rep": 4, "Dyn-RARP-req": 5,
"Dyn-RAR-rep": 6, "Dyn-RARP-err": 7,
"InARP-req": 8, "InARP-rep": 9}),
ARPSourceMACField("hwsrc"),
YOIPField("psrc", "0.0"),
MACField("hwdst", ETHER_ANY),
YOIPField("pdst", "0.0")
]
who_has = 1
is_at = 2
def extract_padding(self, s):
return "", s
def answers(self, other):
if isinstance(other, YOARP):
if ((self.op == self.is_at) and
(other.op == self.who_has) and
(self.psrc == other.pdst)):
return 1
return 0
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 4 and _pkt[2:4] == "\x08\x00":
return ARP
return cls
class NBNSRequest(Packet):
name = "NBNS request"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x2910),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 1),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS),
ShortEnumField("RR_NAME", 0xC00C, _NETBIOS_RNAMES),
ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G", 0, 1, _NETBIOS_GNAMES),
BitEnumField("OWNER_NODE_TYPE", 00, 2,
_NETBIOS_OWNER_MODE_TYPES),
BitEnumField("UNUSED", 0, 13, {0: "Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")]
class TLS_Ext_PostHandshakeAuth(TLS_Ext_Unknown): # RFC 8446
name = "TLS Extension - Post Handshake Auth"
fields_desc = [
ShortEnumField("type", 0x31, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_SupportedVersions(TLS_Ext_Unknown):
name = "TLS Extension - Supported Versions (dummy class)"
fields_desc = [
ShortEnumField("type", 0x2b, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_EarlyDataIndication(TLS_Ext_Unknown):
name = "TLS Extension - Early Data"
fields_desc = [
ShortEnumField("type", 0x2a, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_PreSharedKey(TLS_Ext_Unknown):
name = "TLS Extension - Pre Shared Key (dummy class)"
fields_desc = [
ShortEnumField("type", 0x29, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_KeyShare(TLS_Ext_Unknown):
name = "TLS Extension - Key Share (dummy class)"
fields_desc = [
ShortEnumField("type", 0x33, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_ExtendedMasterSecret(TLS_Ext_Unknown): # RFC 7627
name = "TLS Extension - Extended Master Secret"
fields_desc = [
ShortEnumField("type", 0x17, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_EncryptThenMAC(TLS_Ext_Unknown): # RFC 7366
name = "TLS Extension - Encrypt-then-MAC"
fields_desc = [
ShortEnumField("type", 0x16, _tls_ext),
ShortField("len", None)
]
class TLS_Ext_TruncatedHMAC(TLS_Ext_Unknown): # RFC 4366
name = "TLS Extension - Truncated HMAC"
fields_desc = [
ShortEnumField("type", 4, _tls_ext),
ShortField("len", None)
]
