def add_payload(self, payload): if self.underlayer and isinstance(self.underlayer, TCP): if isinstance(payload, (SOCKS5Request, SOCKS4Request)): self.underlayer.dport = 1080 elif isinstance(payload, (SOCKS5Reply, SOCKS4Reply)): self.underlayer.sport = 1080 Packet.add_payload(self, payload)
def __init__(self, *args, **fields): try: self.tls_ctx = fields["ctx"] del(fields["ctx"]) except KeyError: self.tls_ctx = None Packet.__init__(self, *args, **fields)
def __process_packets(self, packets, out_writer, drop_writer, validation_file): """ :type packets: list[Packet] :return A tuple with the number of packets anonymized and the number of packets dropped :rtype (int, int) """ for index, packet in enumerate(packets): if index and (index % 10000) == 0: self.app.log.info("pcap:{}: Process packet id = '{}'".format(self.file, index)) packet_id = index + 1 # packet id start with 1 # packet_backup = Packet(str(packet)) packet_backup = packet.original packet_backup_time = packet.time try: try: if self.app.phase is Phase.phase_1: self.app.packet.discover(packet) elif self.app.phase is Phase.phase_3: self.app.packet.anonymize(packet) elif self.app.phase is Phase.phase_4: validation = self.app.packet.validate(packet) if validation is not None: validation_file.write("\n\nPacket id {}:\n ".format(packet_id)) validation = validation.replace('\n', '\n ') # Indent validation_file.write(validation) except Exception as e: if isinstance(e, ExplicitDropException): self.app.log.debug("file:pcap:{}: Packet explicitly dropped: id = '{}', {}, {}".format( self.file, packet_id, e.message, repr(packet.summary()))) elif isinstance(e, ImplicitDropException): self.app.log.warning("file:pcap:{}: Packet implicitly dropped: id = '{}', {}, {}".format( self.file, packet_id, e.message, repr(packet.summary()))) elif isinstance(e, ErrorDropException): self.app.log.error("file:pcap:{}: Error packet dropped: id = '{}', {}, {}".format( self.file, packet_id, e.message, repr(packet.summary()))) else: self.app.log.critical("file:pcap:{}: Unexpected error packet dropped: id = '{}', {}, {}".format( self.file, packet_id, e.message, repr(packet.summary()))) if self.app.phase is Phase.phase_3: packet_backup = Packet(packet_backup) packet_backup.time = packet_backup_time drop_writer.write(packet_backup) else: if self.app.phase is Phase.phase_3: out_writer.write(packet) except Exception as e: self.app.log.critical( "sirano:file:pcap:{}: Unexpected error: id = '{}', exception = '{}', message = '{}', {}".format( self.file, packet_id, type(e), e.message, repr(packet.summary())))
def __init__(self, *args, **fields): try: self.tls_ctx = fields["ctx"] del(fields["ctx"]) self.above_tls10 = self.tls_ctx.params.negotiated.version > TLSVersion.TLS_1_0 if self.explicit_iv_field not in self.fields_desc and self.above_tls10: self.fields_desc.append(self.explicit_iv_field) for field in self.decryptable_fields: if field not in self.fields_desc: self.fields_desc.append(field) except KeyError: self.tls_ctx = None Packet.__init__(self, *args, **fields)
def guess_payload_class(self, payload): try: dlpdu_type = payload[0] return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type] except KeyError: log_runtime.error( '{}.guess_payload_class() - unknown or invalid ' 'DLPDU type'.format(self.__class__.__name__)) return Packet.guess_payload_class(self, payload) return Packet.guess_payload_class(self, payload)
def do_build(self): if not isinstance(self.payload, IPv6): return Packet.do_build(self) ipv6 = self.payload self._reserved = 0x03 # NEW COMPRESSION TECHNIQUE! # a ) Compression Techniques # 1. Set Traffic Class if self.tf == 0x0: self.tc_ecn = ipv6.tc >> 6 self.tc_dscp = ipv6.tc & 0x3F self.flowlabel = ipv6.fl elif self.tf == 0x1: self.tc_ecn = ipv6.tc >> 6 self.flowlabel = ipv6.fl elif self.tf == 0x2: self.tc_ecn = ipv6.tc >> 6 self.tc_dscp = ipv6.tc & 0x3F else: # self.tf == 0x3: pass # no field is set # 2. Next Header if self.nh == 0x0: self.nh = 0 # ipv6.nh elif self.nh == 0x1: self.nh = 0 # disable compression # The Next Header field is compressed and the next header is encoded using LOWPAN_NHC, which is discussed in Section 4.1. # noqa: E501 warning('Next header compression is not implemented yet ! Will be ignored') # noqa: E501 # 3. HLim if self.hlim == 0x0: self._hopLimit = ipv6.hlim else: # if hlim is 1, 2 or 3, there are nothing to do! pass # 4. Context (which context to use...) if self.cid == 0x0: pass else: # TODO: Context Unimplemented yet in my class self._contextIdentifierExtension = 0 # 5. Compress Source Addr self.compressSourceAddr(ipv6) self.compressDestinyAddr(ipv6) return Packet.do_build(self)
def post_build(self, p, pay): # patch the update of block_length, as requests field must not be # included. block_length is always 60 if self.block_length is None: p = p[:2] + struct.pack("!H", 60) + p[4:] return Packet.post_build(self, p, pay)
def guess_payload_class(self, payload): if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501 return Dot11QoS elif self.FCfield & 0x40: return Dot11WEP else: return Packet.guess_payload_class(self, payload)
def post_build(self, p, pay): # update the block_length if needed if self.block_length is None: # block_length and block_type are not part of the length count length = len(p) - 4 p = p[:2] + struct.pack("!H", length) + p[4:] return Packet.post_build(self, p, pay)
def build(self): # update fields that depend on values in SCSI layer if SCSICmd in self: scsicmd = self[SCSICmd].payload if scsicmd.default_fields.has_key("AllocationLength"): self.overloaded_fields.update({"ExpectedDataSize": scsicmd.AllocationLength}) if scsicmd.default_fields.has_key("TransferLength"): self.overloaded_fields.update({"ExpectedDataSize": scsicmd.TransferLength * self.BLOCK_SIZE}) return Packet.build(self)
def do_dissect(self,s): """ この関数はパケットの解析の中核を担います。オーバーライドしなければ fields_descに沿った解析がいい感じに自動でなされます。 @param s str pre_dieectからたらい回されたバイト列。 @return s str post_dissectにたらい回すバイト列全文 """ return Packet.do_dissect(self,s)
def guess_payload_class(self, payload): if self.flags & 0x02: return ZigbeeSecurityHeader elif self.frametype == 0: return ZigbeeAppDataPayload elif self.frametype == 1: return ZigbeeNWKCommandPayload else: return Packet.guess_payload_class(self, payload)
def self_build(self, field_post_list=[]): """ デフォルトで、パケットを構成するfields_descの各フィールドを順にi2mしていく。 その後、fuzzing用のtransform系関数が呼ばれ、晴れて一つのpktになる。 @param field_post_list list 知らん @return pkt str 各フィールドをi2mした後のパケットのバイナリ文字列 """ return Packet.self_build(self,field_post_list)
def guess_payload_class(self, payload): try: dlpdu_type = payload[0] return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type] except KeyError: log_runtime.error( '{}.guess_payload_class() - unknown or invalid ' 'DLPDU type'.format(self.__class__.__name__)) return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.frame_control & 0x02: # we have a security header return ZigbeeSecurityHeader elif self.aps_frametype == 0: # data return ZigbeeClusterLibrary # TODO might also be another frame elif self.aps_frametype == 1: # command return ZigbeeAppCommandPayload else: return Packet.guess_payload_class(self, payload)
def __init__(self, pkt=b"", mtype=None, method=None, seqid=None, args=None, header=None): Packet.__init__(self, pkt) self.setfieldval('type', mtype) self.setfieldval('method', method) self.setfieldval('seqid', seqid) self.setfieldval('header', header) self.setfieldval('args', args) self.setfieldval('load', pkt) if args and not isinstance(args, ThriftStruct): raise ValueError('args must be a ThriftStruct instance') if header and not isinstance(header, ThriftStruct): raise ValueError('header must be a ThriftStruct instance')
def guess_payload_class(self, payload): if len(payload) < self._min_ieo_len: return Packet.guess_payload_class(self, payload) # Look at fields of the generic ICMPExtensionObject to determine which # bound extension type to use. ieo = ICMPExtensionObject(payload) if ieo.len < self._min_ieo_len: return Packet.guess_payload_class(self, payload) for fval, cls in self.payload_guess: ok = 1 for k, v in six.iteritems(fval): if not hasattr(ieo, k) or v != ieo.getfieldval(k): ok = 0 break if ok: return cls return ICMPExtensionObject
def __init__(self, _pkt="", post_transform=None, _internal=0, _underlayer=None, tls_session=None, **fields): try: setme = self.tls_session is None except: setme = True if setme: if tls_session is None: self.tls_session = tlsSession() else: self.tls_session = tls_session self.rcs_snap_init = self.tls_session.rcs.snapshot() self.wcs_snap_init = self.tls_session.wcs.snapshot() Packet.__init__(self, _pkt=_pkt, post_transform=post_transform, _internal=_internal, _underlayer=_underlayer, **fields)
def getlayer(self, cls, nb=1, _track=None): layer = None if cls == EAP: for eap_class in EAP.registered_methods.values(): if isinstance(self, eap_class): layer = self break else: layer = Packet.getlayer(self, cls, nb, _track) return layer
def __init__(self, *args, **kwargs): self.src = None self.dst = None self.exsrc = None self.exdst = None if "src" in kwargs: self.src = kwargs["src"] del kwargs["src"] if "dst" in kwargs: self.dst = kwargs["dst"] del kwargs["dst"] if "exsrc" in kwargs: self.exsrc = kwargs["exsrc"] del kwargs["exsrc"] if "exdst" in kwargs: self.exdst = kwargs["exdst"] del kwargs["exdst"] Packet.__init__(self, *args, **kwargs) self.validate_fields()
def getlayer(self, cls, nb=1, _track=None): layer = None if cls == RadiusAttribute: for attr_class in RadiusAttribute.registered_attributes.values(): if isinstance(self, attr_class): layer = self break else: layer = Packet.getlayer(self, cls, nb, _track) return layer
def guess_payload_class(self, payload): if len(payload) < self._min_ieo_len: return Packet.guess_payload_class(self, payload) # Look at fields of the generic ICMPExtensionObject to determine which # bound extension type to use. ieo = ICMPExtensionObject(payload) if ieo.len < self._min_ieo_len: return Packet.guess_payload_class(self, payload) for fval, cls in self.payload_guess: ok = 1 for k, v in fval.iteritems(): if not hasattr(ieo, k) or v != ieo.getfieldval(k): ok = 0 break if ok: return cls return ICMPExtensionObject
def guess_payload_class(self, payload): start_line = payload.splitlines(True)[0] if self.re_request_line.match(start_line) is not None: return SIPRequest elif self.re_status_line.match(start_line) is not None: return SIPResponse return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501 return Dot11QoS elif self.FCfield.protected: # When a frame is handled by encryption, the Protected Frame bit # (previously called WEP bit) is set to 1, and the Frame Body # begins with the appropriate cryptographic header. return Dot11Encrypted else: return Packet.guess_payload_class(self, payload)
def pre_dissect(self, s): if self.firstlayer().name == TLSRecord.name: # Go get the underlaying records context # Will allow us to differentiate Ephemeral RSA (Freak) # From DHE (Logjam) and ECDHE try: self.tls_ctx = self.firstlayer().tls_ctx except AttributeError: self.tls_ctx = None return Packet.pre_dissect(self, s)
def post_dissect(self,s): """ この関数はパケットの解析の後始末を担います。オーバーライドしなければ何もしません。 この関数ではデータ解析後の完全性のチェックや内包圧縮データの展開を行います。 @param s str do_dieectからたらい回されたバイト列。 @return s str extract_paddingにたらい回すバイト列全文 """ return Packet.post_dissect(self,s)
def pre_dissect(self, s): """ この関数はパケットの解析の準備を担います。オーバーライドしなければ何もしません。 この関数ではFCSのチェックとか、パケットの長さのチェック、 その他、パケットの解析の前にすべきことを行います。 @param s str 受信したバイト列全文。 @return s str do_dissectにたらい回すバイト列全文 """ return Packet.pre_dissect(self,s)
def guess_payload_class(self, payload): if self.fcf_frametype == 0x00: return Dot15d4Beacon elif self.fcf_frametype == 0x01: return Dot15d4Data elif self.fcf_frametype == 0x02: return Dot15d4Ack elif self.fcf_frametype == 0x03: return Dot15d4Cmd else: return Packet.guess_payload_class(self, payload)
def store_ip(self, pkt: Packet): if pkt.haslayer(IP): src, dst = pkt[IP].src, pkt[IP].dst elif pkt.haslayer(IPv6): src, dst = pkt[IPv6].src, pkt[IPv6].dst else: return if not ipaddress.ip_address(src).is_global: return self.sniffed += 1 self.total_bytes += len(pkt.__bytes__()) if src not in self.seen_sources: self.seen_sources[src] = (1, len(pkt.__bytes__())) logging.info(f'Sniffed source: {src} -> {dst}') else: count, byte_count = self.seen_sources[src] self.seen_sources[src] = count + 1, byte_count + len( pkt.__bytes__())
def cb(i,payload): data = payload.get_data() # Add padding before packet # src mac + dst mac + 0x0800 (type: IP) pad = "\0" * 12 + "\x08\0" + data pkt = Packet(_pkt=pad) writer.write(pkt) return 1
def do_build(self): if not isinstance(self.payload, IPv6): return Packet.do_build(self) pay = self.payload.payload while pay and isinstance(pay.payload, _IPv6ExtHdr): # XXX todo: populate a LoWPAN_NHC_IPv6Ext pay = pay.payload if isinstance(pay, UDP): try: udp_hdr = next( x for x in self.exts if isinstance(x, LoWPAN_NHC_UDP) ) except StopIteration: udp_hdr = LoWPAN_NHC_UDP() # Guess best compression if pay.sport >> 4 == 0xf0b and pay.dport >> 4 == 0xf0b: udp_hdr.P = 3 elif pay.sport >> 8 == 0xf0: udp_hdr.P = 2 elif pay.dport >> 8 == 0xf0: udp_hdr.P = 1 self.exts.insert(0, udp_hdr) # https://tools.ietf.org/html/rfc6282#section-4.3.3 if udp_hdr.P == 0: udp_hdr.udpSourcePort = pay.sport udp_hdr.udpDestPort = pay.dport elif udp_hdr.P == 1: udp_hdr.udpSourcePort = pay.sport udp_hdr.udpDestPort = pay.dport & 255 elif udp_hdr.P == 2: udp_hdr.udpSourcePort = pay.sport & 255 udp_hdr.udpDestPort = pay.dport elif udp_hdr.P == 3: udp_hdr.udpSourcePort = pay.sport & 15 udp_hdr.udpDestPort = pay.dport & 15 if udp_hdr.C == 0: if pay.chksum: udp_hdr.udpChecksum = pay.chksum else: udp_hdr.udpChecksum = UDP(raw(pay)).chksum return Packet.do_build(self)
def check_pck(self, packet: Packet) -> bool: if not packet: return False if not packet.haslayer(NTP): return False if (packet[IP].src != self.client_addr) and (packet[IP].src != self.server_addr): self.log.debug('The source IP addr was: ' + str(packet[IP].src)) return False return True
def post_build(self, pkt, pay): """Override of post_build to handle length fields""" if self.aflavor == 0 and self.vflavor == 0: # No work required if there are no auth fields, # default will be correct return Packet.post_build(self, pkt, pay) if self.aflavor != 0 and self.alength is None: if self.aflavor == 6: pack_len = len(self.a_rpcsec_gss) else: pack_len = len(self.a_unix) pkt = pkt[:20] \ + struct.pack('!I', pack_len) \ + pkt[24:] return Packet.post_build(self, pkt, pay) if self.vflavor != 0 and self.vlength is None: pkt = pkt[:28] \ + struct.pack('!I', len(self.v_unix)) \ + pkt[32:] return Packet.post_build(self, pkt, pay)
def do_build(self): if not isinstance(self.payload, IPv6): return Packet.do_build(self) # IPv6 ipv6 = self.payload self.src = ipv6.src self.dst = ipv6.dst self.flow_label = ipv6.fl self.traffic_class = ipv6.tc self.hopLimit = ipv6.hlim if isinstance(ipv6.payload, UDP): self.nh = 1 self.hc2 = 1 udp = ipv6.payload self.udpSourcePort = udp.sport self.udpDestPort = udp.dport if not udp.len or not udp.chksum: udp = UDP(raw(udp)) self.udpLength = udp.len self.udpChecksum = udp.chksum return Packet.do_build(self)
def default_payload_class(self,pay): """ guess_payload_classでペイロードのプロトコルが推測できない場合に呼び出されます。 ただし、同関数をあなたがオーバーライドしていた場合、関数の中でこの関数を 処理の最後にreturnとして明示的に呼び出す必要があります。 本来Rawクラスがデフォルトのプロトコルですが、この関数をオーバーロードすることで 異なるデフォルトのプロトコルを指定できます。あまり使いません。 @param pay str extract_paddingで渡されたペイロード。 @return pktClass class 推測判定したペイロードプロトコルクラス。Packetクラスを継承していること。 """ return Packet.default_payload_class(self,pay)
def extract_padding(self,s): """ この関数ではパケット解析の後発生した ペイロード(next layer)とパディング(Padding)を2つに分断します。 パディングが無ければpay,Noneをreturnすること。 @param s str pre_dissectで返されたバイト列。(分割前のデータ) @return pay str ペイロード部。guess_payload_classに渡される @return pad str パディング部。Paddingクラスに渡される """ return Packet.extract_padding(self,s)# return pay,pad
def guess_payload_class(self, payload): if self.frame_control & 0x02: # we have a security header return ZigbeeSecurityHeader elif self.aps_frametype == 0: # data if self.profile == 0x0000: return ZigbeeDeviceProfile else: return ZigbeeClusterLibrary elif self.aps_frametype == 1: # command return ZigbeeAppCommandPayload else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.cmd_id == 1: return Dot15d4CmdAssocReq elif self.cmd_id == 2: return Dot15d4CmdAssocResp elif self.cmd_id == 3: return Dot15d4CmdDisassociation elif self.cmd_id == 8: return Dot15d4CmdCoordRealign elif self.cmd_id == 9: return Dot15d4CmdGTSReq else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # Profile-wide commands if self.zcl_frametype == 0x00 and self.command_identifier == 0x00: # done in bind_layers pass # Cluster-specific commands elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetCurrentPrice elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetScheduledPrices elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPricePublishPrice return Packet.guess_payload_class(self, payload)
def build(self): # update fields that depend on values in SCSI layer if SCSICmd in self: scsicmd = self[SCSICmd].payload if scsicmd.default_fields.has_key("AllocationLength"): self.overloaded_fields.update( {"ExpectedDataSize": scsicmd.AllocationLength}) if scsicmd.default_fields.has_key("TransferLength"): self.overloaded_fields.update({ "ExpectedDataSize": scsicmd.TransferLength * self.BLOCK_SIZE }) return Packet.build(self)
def run_hook(): """Test hook class.""" test_hook = hook.TestHook("dummy", "description", True) # Check that there is a hook to be ran curr_dir = os.path.dirname(os.path.abspath(__file__)) # Whitebox curr_file = os.path.dirname(curr_dir) # Tests curr_file = os.path.dirname(curr_file) # ntps sample_hook_path = "{}{}".format(curr_file, "/Hooks/DNSsport.py") assert check_file_exists(sample_hook_path) is True orig_pkt = 'E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01' pkt = load_packet(orig_pkt) print("Original packet: {}".format(pkt)) output = test_hook.run(sample_hook_path, pkt) print("Raw output: {}".format(output)) print() # print("decoded output 1: {}".format(output.decode("utf-8").strip())) # print() # Translate no_escapes = output.decode('unicode_escape').strip() # pkt_decoded = pkt_decoded.translate() # no_escapes = no_escapes[3:] # no_escapes = no_escapes[:-1] print("decoded output 1.5: {}".format(no_escapes)) assert orig_pkt == orig_pkt assert orig_pkt == str(no_escapes) # pkt_decoded = output.decode("utf-8").strip() # pkt_decoded = str(pkt_decoded) # pkt_decoded = pkt_decoded.decode("utf-8") # pkt_decoded = pkt_decoded[3:] # pkt_decoded = pkt_decoded[:-1] # print("decoded output 2: {}".format(pkt_decoded)) # print() # pkt_decoded = Packet(pkt_decoded) # print("Retreived packet: {}".format(str(pkt_decoded.payload))) print(type(no_escapes)) no_escapes = Packet(no_escapes) print("Retreived packet: {}".format(str(no_escapes.payload))) assert output is not None assert True is False """Ignore the following as it is to remember to never give up."""
def guess_payload_class(self, payload): # General Cluster ID Range 0x0000 - 0x00FF if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF: return ZCLGeneralReadAttributes elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF: return ZCLGeneralReadAttributesResponse elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price": return ZCLPriceGetCurrentPrice elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price": return ZCLPriceGetScheduledPrices elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price": return ZCLPricePublishPrice else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # Profile-wide commands if self.zcl_frametype == 0x00 and self.command_identifier == 0x00: return ZCLGeneralReadAttributes elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01: return ZCLGeneralReadAttributesResponse # Cluster-specific commands elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetCurrentPrice elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetScheduledPrices elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPricePublishPrice else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): """ Decides if the payload is an HTTP Request or Response, or something else """ try: prog = re.compile(r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"(?:.+?) " r"HTTP/\d\.\d$") req = payload[: payload.index("\r\n")] result = prog.match(req) if result: return HTTPRequest else: prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$") result = prog.match(req) if result: return HTTPResponse except: pass return Packet.guess_payload_class(self, payload)
def post_build(self, p, pay): # patch the update of block_length, as requests field must not be # included. block_length is always 60 if self.block_length is None: p = p[:2] + struct.pack("!H", 60) + p[4:] # Remove the final padding added in requests fld, val = self.getfield_and_val("blocks") if fld.i2count(self, val) > 0: length = len(val[-1]) pad = fld.field.padlen(length) if pad > 0: p = p[:-pad] # also reduce the recordDataLength accordingly if self.recordDataLength is None: val = struct.unpack("!I", p[36:40])[0] val -= pad p = p[:36] + struct.pack("!I", val) + p[40:] return Packet.post_build(self, p, pay)
def extract_padding(self, s): if not hasattr(self, 'length'): return Packet.extract_padding(self, s) pay = s[:self.length] pad = s[self.length:] return pay, pad
def guess_payload_class(self, payload): if self.frametype == 0b11: return ZigbeeAppDataPayloadStub else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.flags > 31: return TLSv1RecordLayer else: return Packet.guess_payload_class(self, payload)
def __init__(self, _pkt=None, _orig_s=None, _orig_p=None, *args, **kwargs): self._orig_s = _orig_s self._orig_p = _orig_p Packet.__init__(self, _pkt=_pkt, *args, **kwargs)
def guess_payload_class(self, payload): if self.options[:len(dhcpmagic)] == dhcpmagic: return DHCP else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): return conf.l2types.get(self.dlt, Packet.guess_payload_class(self, payload)) # noqa: E501