class VTPVlanInfo(Packet):
name = "VTP VLAN Info"
fields_desc = [
ByteField("len", None), # FIXME: compute length
ByteEnumField("status", 0, {
0: "active",
1: "suspended"
}),
ByteEnumField("type", 1, _VTP_VLAN_TYPE),
FieldLenField("vlannamelen", None, "vlanname", "B"),
ShortField("vlanid", 1),
ShortField("mtu", 1500),
XIntField("dot10index", None),
StrLenField("vlanname",
"default",
length_from=lambda pkt: 4 *
((pkt.vlannamelen + 3) / 4)), # noqa: E501
ConditionalField(
PacketListField("tlvlist", [],
VTPVlanInfoTlv,
length_from=lambda pkt: pkt.len - 12 -
(4 * ((pkt.vlannamelen + 3) / 4))), # noqa: E501
lambda pkt: pkt.type not in [1, 2])
]
def post_build(self, p, pay):
vlannamelen = 4 * ((len(self.vlanname) + 3) / 4)
if self.len is None:
tmp_len = vlannamelen + 12
p = chr(tmp_len & 0xff) + p[1:]
# Pad vlan name with zeros if vlannamelen > len(vlanname)
tmp_len = vlannamelen - len(self.vlanname)
if tmp_len != 0:
p += b"\x00" * tmp_len
p += pay
return p
def guess_payload_class(self, p):
return conf.padding_layer
class RPLOptRIO(_RPLGuessOption):
"""
Control Option: Routing Information Option (RIO)
"""
name = "Routing Information"
fields_desc = [
ByteEnumField("otype", 3, RPLOPTSSTR),
FieldLenField("len",
None,
length_of="prefix",
fmt="B",
adjust=lambda pkt, x: x + 6),
ByteField("plen", None),
BitField("res1", 0, 3),
BitEnumField("prf", 0, 2, icmp6ndraprefs),
BitField("res2", 0, 3),
IntField("rtlifetime", 0xffffffff),
_IP6PrefixField("prefix", None)
]
class ISIS_SRCapabilitiesSubTLV(ISIS_GenericSubTlv):
name = "ISIS SR Capabilities TLV"
fields_desc = [
ByteEnumField("type", 2, _isis_subtlv_names_3),
FieldLenField(
"len",
None,
length_of="srgb_ranges",
adjust=lambda pkt, x: x + 1,
fmt="B"),
FlagsField(
"flags", 0, 8,
["res1", "res2", "res3", "res4", "res5", "res6", "V", "I"]),
PacketListField(
"srgb_ranges",
[],
ISIS_SRGBDescriptorEntry,
length_from=lambda pkt: pkt.len - 1)
]
class IOCRBlockReq(Block):
"""IO Connection Relationship block request"""
fields_desc = [
BlockHeader,
XShortEnumField("IOCRType", 1, IOCR_TYPE),
XShortField("IOCRReference", 1),
XShortField("LT", 0x8892),
# IOCRProperties
BitField("IOCRProperties_reserved3", 0, 8),
BitField("IOCRProperties_reserved2", 0, 11),
BitField("IOCRProperties_reserved1", 0, 9),
BitEnumField("IOCRProperties_RTClass", 0, 4,
IOCR_BLOCK_REQ_IOCR_PROPERTIES),
ShortField("DataLength", 40),
XShortField("FrameID", 0x8000),
ShortField("SendClockFactor", 32),
ShortField("ReductionRatio", 32),
ShortField("Phase", 1),
ShortField("Sequence", 0),
XIntField("FrameSendOffset", 0xffffffff),
ShortField("WatchdogFactor", 10),
ShortField("DataHoldFactor", 10),
# IOCRTagHeader
BitEnumField("IOCRTagHeader_IOUserPriority", 6, 3,
{6: "IOCRPriority"}),
BitField("IOCRTagHeader_reserved", 0, 1),
BitField("IOCRTagHeader_IOCRVLANID", 0, 12),
MACField("IOCRMulticastMACAdd", None),
FieldLenField("NumberOfAPIs", None, fmt="H", count_of="APIs"),
PacketListField("APIs", [], IOCRAPI,
count_from=lambda p: p.NumberOfAPIs)
]
# default block_type value
block_type = 0x0102
def get_response(self):
"""Generate the response block of this request.
Careful: it only sets the fields which can be set from the request
"""
res = IOCRBlockRes()
for field in ["IOCRType", "IOCRReference", "FrameID"]:
res.setfieldval(field, self.getfieldval(field))
return res
class IKEv2_payload_TSi(IKEv2_class):
name = "IKEv2 Traffic Selector - Initiator"
overload_fields = {IKEv2: {"next_payload": 44}}
fields_desc = [
ByteEnumField("next_payload", None, IKEv2_payload_type),
ByteField("res", 0),
FieldLenField("length",
None,
"traffic_selector",
"H",
adjust=lambda pkt, x: x + 8), # noqa: E501
ByteField("number_of_TSs", 0),
X3BytesField("res2", 0),
PacketListField("traffic_selector",
None,
TrafficSelector,
length_from=lambda x: x.length - 8,
count_from=lambda x: x.number_of_TSs), # noqa: E501
]
class LEAP(EAP):
"""
Cisco LEAP (Lightweight EAP)
https://freeradius.org/rfc/leap.txt
"""
name = "Cisco LEAP"
match_subclass = True
fields_desc = [
ByteEnumField("code", 1, eap_codes),
ByteField("id", 0),
ShortField("len", None),
ByteEnumField("type", 17, eap_types),
ByteField('version', 1),
XByteField('unused', 0),
FieldLenField("count", None, "challenge_response", "B", adjust=lambda p, x: len(p.challenge_response)), # noqa: E501
XStrLenField("challenge_response", "", length_from=lambda p: 0 or p.count), # noqa: E501
StrLenField("username", "", length_from=lambda p: p.len - (8 + (0 or p.count))) # noqa: E501
]
class ARBlockReq(Block):
"""Application relationship block request"""
fields_desc = [
BlockHeader,
XShortEnumField("ARType", 1, AR_TYPE),
UUIDField("ARUUID", None),
ShortField("SessionKey", 0),
MACField("CMInitiatorMacAdd", None),
UUIDField("CMInitiatorObjectUUID", None),
# ARProperties
BitField("ARProperties_PullModuleAlarmAllowed", 0, 1),
BitEnumField("ARProperties_StartupMode", 0, 1,
["Legacy", "Advanced"]),
BitField("ARProperties_reserved_3", 0, 6),
BitField("ARProperties_reserved_2", 0, 12),
BitField("ARProperties_AcknowledgeCompanionAR", 0, 1),
BitEnumField("ARProperties_CompanionAR", 0, 2,
["Single_AR", "First_AR", "Companion_AR", "reserved"]),
BitEnumField("ARProperties_DeviceAccess", 0, 1,
["ExpectedSubmodule", "Controlled_by_IO_device_app"]),
BitField("ARProperties_reserved_1", 0, 3),
BitEnumField("ARProperties_ParametrizationServer", 0, 1,
["External_PrmServer", "CM_Initator"]),
BitField("ARProperties_SupervisorTakeoverAllowed", 0, 1),
BitEnumField("ARProperties_State", 1, 3, {1: "Active"}),
ShortField("CMInitiatorActivityTimeoutFactor", 1000),
ShortField("CMInitiatorUDPRTPort", 0x8892),
FieldLenField("StationNameLength", None, fmt="H",
length_of="CMInitiatorStationName"),
StrLenField("CMInitiatorStationName", "",
length_from=lambda pkt: pkt.StationNameLength),
]
# default block_type value
block_type = 0x0101
def get_response(self):
"""Generate the response block of this request.
Careful: it only sets the fields which can be set from the request
"""
res = ARBlockRes()
for field in ["ARType", "ARUUID", "SessionKey"]:
res.setfieldval(field, self.getfieldval(field))
return res
class ExpectedSubmoduleAPI(Packet):
"""Description of an API in the expected submodules blocks"""
name = "API"
fields_desc = [
XIntField("API", 0),
XShortField("SlotNumber", 0),
XIntField("ModuleIdentNumber", 0),
XShortField("ModuleProperties", 0),
FieldLenField("NumberOfSubmodules",
None,
fmt="H",
count_of="Submodules"),
PacketListField("Submodules", [],
ExpectedSubmodule,
count_from=lambda p: p.NumberOfSubmodules),
]
def extract_padding(self, s):
return None, s # No extra payload
class DtpGenericTlv(Packet):
name = "DTP Generic TLV"
fields_desc = [
XShortField("type", 0x0001),
FieldLenField("length", None,
length_of=lambda pkt: pkt.value + 4), # noqa: E501
StrLenField("value", "",
length_from=lambda pkt: pkt.length - 4) # noqa: E501
]
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 2:
t = struct.unpack("!H", _pkt[:2])[0]
cls = _DTP_TLV_CLS.get(t, "DtpGenericTlv")
return cls
def guess_payload_class(self, p):
return conf.padding_layer
class OSPF_Router_LSA(OSPF_BaseLSA):
name = "OSPF Router LSA"
fields_desc = [
ShortField("age", 1),
OSPFOptionsField(),
ByteField("type", 1),
IPField("id", "1.1.1.1"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
FlagsField("flags", 0, 8, ["B", "E", "V", "W", "Nt"]),
ByteField("reserved", 0),
FieldLenField("linkcount", None, count_of="linklist"),
PacketListField("linklist", [],
OSPF_Link,
count_from=lambda pkt: pkt.linkcount,
length_from=lambda pkt: pkt.linkcount * 12)
]
class OpcDaFack(Packet):
# DCE 1.1 RPC - 12.5.3.4
name = "OpcDaFack"
fields_desc = [
ShortField('version', 0),
ByteField('pad', 0),
ShortField('windowSize', 0),
IntField('maxTsdu', 0),
IntField('maxFragSize', 0),
ShortField('serialNum', 0),
FieldLenField('selackLen', 0, count_of='selack', fmt="H"),
PacketListField('selack',
None,
IntField,
count_from=lambda pkt: pkt.selackLen),
]
def extract_padding(self, p):
return b"", p
class EIGRPIntRoute(EIGRPGeneric):
name = "EIGRP Internal Route"
fields_desc = [
XShortField("type", 0x0102),
FieldLenField("len", None, "dst", "!H",
adjust=lambda pkt, x: x + 25), # noqa: E501
IPField("nexthop", "192.168.0.0"),
IntField("delay", 128000),
IntField("bandwidth", 256),
ThreeBytesField("mtu", 1500),
ByteField("hopcount", 0),
ByteField("reliability", 255),
ByteField("load", 0),
XShortField("reserved", 0),
ByteField("prefixlen", 24),
EigrpIPField("dst",
"192.168.1.0",
length_from=lambda pkt: pkt.prefixlen), # noqa: E501
]
class HCI_LE_Meta_Advertising_Report(Packet):
name = "Advertising Report"
fields_desc = [
ByteEnumField("type", 0, {
0: "conn_und",
4: "scan_rsp"
}),
ByteEnumField("atype", 0, {
0: "public",
1: "random"
}),
LEMACField("addr", None),
FieldLenField("len", None, length_of="data", fmt="B"),
PacketListField("data", [], EIR_Hdr, length_from=lambda pkt: pkt.len),
SignedByteField("rssi", 0)
]
def extract_padding(self, s):
return '', s
class EAP_TLS(EAP):
"""
RFC 5216 - "The EAP-TLS Authentication Protocol"
"""
name = "EAP-TLS"
fields_desc = [
ByteEnumField("code", 1, eap_codes),
ByteField("id", 0),
FieldLenField("len", None, fmt="H", length_of="tls_data",
adjust=lambda p, x: x + 10 if p.L == 1 else x + 6),
ByteEnumField("type", 13, eap_types),
BitField('L', 0, 1),
BitField('M', 0, 1),
BitField('S', 0, 1),
BitField('reserved', 0, 5),
ConditionalField(IntField('tls_message_len', 0), lambda pkt: pkt.L == 1), # noqa: E501
XStrLenField('tls_data', '', length_from=lambda pkt: 0 if pkt.len is None else pkt.len - (6 + 4 * pkt.L)) # noqa: E501
]
class PPP_LCP_Auth_Protocol_Option(PPP_LCP_Option):
fields_desc = [
ByteEnumField("type", 3, _PPP_lcp_optiontypes),
FieldLenField("len",
None,
fmt="B",
length_of="data",
adjust=adjust_auth_len),
ShortEnumField("auth_protocol", 0xc023,
_PPP_LCP_auth_protocols), # noqa: E501
ConditionalField(
StrLenField("data", '',
length_from=lambda p: p.len - 4), # noqa: E501
lambda p: p.auth_protocol != 0xc223),
ConditionalField(
ByteEnumField("algorithm", 5,
_PPP_LCP_CHAP_algorithms), # noqa: E501
lambda p: p.auth_protocol == 0xc223)
]
class EIGRPAuthData(EIGRPGeneric):
name = "EIGRP Authentication Data"
fields_desc = [XShortField("type", 0x0002),
FieldLenField("len", None, "authdata", "!H", adjust=lambda pkt, x: x + 24), # noqa: E501
ShortEnumField("authtype", 2, {2: "MD5"}),
ShortField("keysize", None),
IntField("keyid", 1),
StrFixedLenField("nullpad", b"\x00" * 12, 12),
StrLenField("authdata", RandString(16), length_from=lambda pkt: pkt.keysize) # noqa: E501
]
def post_build(self, p, pay):
p += pay
if self.keysize is None:
keysize = len(self.authdata)
p = p[:6] + chb((keysize >> 8) & 0xff) + chb(keysize & 0xff) + p[8:] # noqa: E501
return p
class RPLOptTIO(_RPLGuessOption):
"""
Control Option: Transit Information Option (TIO)
"""
name = "Transit Information"
fields_desc = [
ByteEnumField("otype", 6, RPLOPTSSTR),
FieldLenField("len",
None,
length_of="parentaddr",
fmt="B",
adjust=lambda pkt, x: x + 4),
BitField("E", 0, 1),
BitField("flags", 0, 7),
ByteField("pathcontrol", 0),
ByteField("pathseq", 0),
ByteField("pathlifetime", 0xff),
_IP6PrefixField("parentaddr", None)
]
class PowerOffIface_Entry(Packet):
name = "Interface Entry"
fields_desc = [
MACField("mac", None),
XShortField("media_type", None),
X3BytesField("oui", None),
XByteField("variant_index", None),
FieldLenField("media_specific_bytes_nr",
None,
fmt='B',
count_of="media_specific_bytes"),
FieldListField("media_specific_bytes",
None,
XByteField("byte", None),
count_from=lambda p: p.media_specific_bytes_nr)
]
def extract_padding(self, s):
return "", s
class VRRPv3(Packet):
fields_desc = [
BitField("version", 3, 4),
BitField("type", 1, 4),
ByteField("vrid", 1),
ByteField("priority", 100),
FieldLenField("ipcount", None, count_of="addrlist", fmt="B"),
BitField("res", 0, 4),
BitField("adv", 100, 12),
XShortField("chksum", None),
MultipleTypeField([
(FieldListField("addrlist", [],
IPField("", "0.0.0.0"),
count_from=lambda pkt: pkt.ipcount),
lambda p: isinstance(p.underlayer, IP)),
(FieldListField("addrlist", [],
IP6Field("", "::"),
count_from=lambda pkt: pkt.ipcount),
lambda p: isinstance(p.underlayer, IPv6)),
], StrField("addrlist", ""))
]
def post_build(self, p, pay):
if self.chksum is None:
if isinstance(self.underlayer, IP):
ck = in4_chksum(112, self.underlayer, p)
elif isinstance(self.underlayer, IPv6):
ck = in6_chksum(112, self.underlayer, p)
else:
warning(
"No IP(v6) layer to compute checksum on VRRP. Leaving null"
) # noqa: E501
ck = 0
p = p[:6] + chb(ck >> 8) + chb(ck & 0xff) + p[8:]
return p
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 16:
ver_n_type = orb(_pkt[0])
if ver_n_type < 48 or ver_n_type > 57: # Version != 3
return VRRP
return VRRPv3
class BOSDescriptor(USBDescriptor):
fields_desc = [
FieldLenField(
"bLength",
None,
length_of="bDevCapabilityData",
fmt="B",
adjust=lambda pkt, x: x + 3,
),
ByteEnumField(
"bDescriptorType",
USBDefs.DescriptorType.BOS_DESCRIPTOR,
USBDefs.DescriptorType.desc,
),
ByteField("bDevCapabilityType", 0),
StrLenField("bDevCapabilityData",
"",
length_from=lambda p: p.bLength - 3),
]
class EAP_PEAP(EAP):
"""
draft-josefsson-pppext-eap-tls-eap-05.txt - "Protected EAP Protocol (PEAP)"
"""
name = "PEAP"
fields_desc = [
ByteEnumField("code", 1, eap_codes),
ByteField("id", 0),
FieldLenField("len", None, fmt="H", length_of="tls_data",
adjust=lambda p, x: x + 10 if p.L == 1 else x + 6),
ByteEnumField("type", 25, eap_types),
BitField("L", 0, 1),
BitField("M", 0, 1),
BitField("S", 0, 1),
BitField("reserved", 0, 3),
BitField("version", 1, 2),
ConditionalField(IntField("tls_message_len", 0), lambda pkt: pkt.L == 1), # noqa: E501
XStrLenField("tls_data", "", length_from=lambda pkt: 0 if pkt.len is None else pkt.len - (6 + 4 * pkt.L)) # noqa: E501
]
class IKEv2_payload_IDr(IKEv2_class):
name = "IKEv2 Identification - Responder"
overload_fields = {IKEv2: {"next_payload": 36}}
fields_desc = [
ByteEnumField("next_payload", None, IKEv2_payload_type),
ByteField("res", 0),
FieldLenField("length", None, "load", "H",
adjust=lambda pkt, x: x + 8),
ByteEnumField("IDtype", 1, {
1: "IPv4_addr",
2: "FQDN",
3: "Email_addr",
5: "IPv6_addr",
11: "Key"
}), # noqa: E501
ByteEnumField("ProtoID", 0, {0: "Unused"}),
ShortEnumField("Port", 0, {0: "Unused"}),
# IPField("IdentData","127.0.0.1"),
StrLenField("load", "", length_from=lambda x: x.length - 8),
]
class DAGMCObjUnknown(Packet):
"""
Dummy unknown metric/constraint
"""
name = 'Unknown DAGMC Object Option'
fields_desc = [ByteEnumField("otype", 3, DAGMC_OBJTYPE),
FieldLenField("olen", None, length_of="odata", fmt="B"),
StrLenField("odata", "",
length_from=lambda pkt: pkt.olen)]
@classmethod
def dispatch_hook(cls, _pkt=None, *_, **kargs):
"""
Dispatch hook for DAGMC sub-fields
"""
if _pkt:
opt_type = orb(_pkt[0]) # Option type
if opt_type in DAGMC_CLS:
return DAGMC_CLS[opt_type]
return cls
class StringDescriptor(USBDescriptor):
fields_desc = [
FieldLenField("bLength",
None,
length_of="bString",
fmt="B",
adjust=lambda pkt, x: x + 2),
ByteEnumField(
"bDescriptorType",
USBDefs.DescriptorType.STRING_DESCRIPTOR,
USBDefs.DescriptorType.desc,
),
# ConditionalField(LEShortField("wLANGID",0x0409),lambda p:p.bLength==4),
UnicodeStringLenField("bString",
"\x09\x04",
length_from=lambda p: p.bLength - 2),
]
def desc(self):
return "String Descriptor [%s] len:%u" % (self.bString, self.bLength)
class OSPFv3_Intra_Area_Prefix_LSA(OSPF_BaseLSA):
name = "OSPFv3 Intra Area Prefix LSA"
fields_desc = [
ShortField("age", 1),
ShortEnumField("type", 0x2009, _OSPFv3_LStypes),
IPField("id", "0.0.0.0"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
FieldLenField("prefixes", None, count_of="prefixlist",
fmt="H"), # noqa: E501
ShortEnumField("reflstype", 0, _OSPFv3_LStypes),
IPField("reflsid", "0.0.0.0"),
IPField("refadrouter", "0.0.0.0"),
PacketListField("prefixlist",
None,
OSPFv3_Prefix_Item,
count_from=lambda pkt: pkt.prefixes)
]
class DCPBaseBlock(Packet):
"""
base class for all DCP Blocks
"""
fields_desc = [
ByteEnumField("option", 1, DCP_OPTIONS),
MultiEnumField("sub_option",
2,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
FieldLenField("dcp_block_length", None, length_of="data"), # TODO
ShortEnumField("block_info", 0, BLOCK_INFOS),
StrLenField("data", "", length_from=lambda x: x.dcp_block_length),
]
# needed for dissecting multiple blocks
# https://stackoverflow.com/questions/8073508/scapy-adding-new-protocol-with-complex-field-groupings
def extract_padding(self, s):
return '', s
class OSPFv3_Link_LSA(OSPF_BaseLSA):
name = "OSPFv3 Link LSA"
fields_desc = [
ShortField("age", 1),
ShortEnumField("type", 0x0008, _OSPFv3_LStypes),
IPField("id", "0.0.0.0"),
IPField("adrouter", "1.1.1.1"),
XIntField("seq", 0x80000001),
XShortField("chksum", None),
ShortField("len", None),
ByteField("prio", 1),
OSPFv3OptionsField(),
IP6Field("lladdr", "fe80::"),
FieldLenField("prefixes", None, count_of="prefixlist",
fmt="I"), # noqa: E501
PacketListField("prefixlist",
None,
OSPFv3_Prefix_Item,
count_from=lambda pkt: pkt.prefixes)
]
class NBNSQueryResponse(Packet):
name = "NBNS query response"
fields_desc = [
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0x493e0),
FieldLenField("RDLENGTH", None, length_of="ADDR_ENTRY"),
PacketListField("ADDR_ENTRY", [NBNS_ADD_ENTRY()],
NBNS_ADD_ENTRY,
length_from=lambda pkt: pkt.RDLENGTH)
]
def mysummary(self):
if not self.ADDR_ENTRY:
return "NBNSQueryResponse"
return "NBNSQueryResponse '\\\\%s' is at %s" % (
self.RR_NAME.strip().decode(), self.ADDR_ENTRY[0].NB_ADDRESS)
class EAP_PWD(EAP):
"""
RFC 5931 - "Extensible Authentication Protocol (EAP)"
"""
name = "EAP-pwd"
fields_desc = [
ByteEnumField("code", 1, eap_codes),
ByteField("id", 0),
FieldLenField("len", None, fmt="H", length_of="pwd_data",
adjust=lambda pkt, x: len(pkt.value) + 2),
ByteEnumField("type", 52, eap_types),
BitField('L', 0, 1),
BitField('M', 0, 1),
BitField('pwd_type', 0, 5),
ConditionalField(IntField("message_len", 0), lambda pkt: pkt.L == 1),
# payload must be subtracted from header length (5)
XStrLenField("pwd_data", "", length_from=lambda \
pkt: 0 if pkt.len is None else pkt.len - 5)
]
class DCPMACBlock(Packet):
fields_desc = [
ByteEnumField("option", 1, DCP_OPTIONS),
MultiEnumField("sub_option",
1,
DCP_SUBOPTIONS,
fmt='B',
depends_on=lambda p: p.option),
FieldLenField("dcp_block_length", None),
ShortEnumField("block_info", 0, BLOCK_INFOS),
MACField("mac", "00:00:00:00:00:00"),
PadField(StrLenField("padding",
b"\x00",
length_from=lambda p: p.dcp_block_length % 2),
1,
padwith=b"\x00")
]
def extract_padding(self, s):
return '', s
