class OFPTStatsReplyQueue(_ofp_header): name = "OFPST_STATS_REPLY_QUEUE" fields_desc = [ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 17, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 5, ofp_stats_types), FlagsField("flags", 0, 16, []), ShortEnumField("port_no", "NONE", ofp_port_no), XShortField("pad", 0), IntEnumField("queue_id", "ALL", ofp_queue), LongField("tx_bytes", 0), LongField("tx_packets", 0), LongField("tx_errors", 0)] overload_fields = {TCP: {"dport": 6653}}
class EAP_TLS(Packet): # eap type 13 name = "EAP-TLS" fields_desc = [ FlagsField("flags", 0, 8, [ 'reserved5', 'reserved4', 'reserved3', 'reserved2', 'reserved1', 'start', 'fragmented', 'length' ]), ConditionalField(IntField("length", 0), lambda pkt: pkt.flags > 127), ] def guess_payload_class(self, payload): if self.flags > 127: return TLSv1RecordLayer else: return Packet.guess_payload_class(self, payload)
class OFPTStatsReplyDesc(_ofp_header): name = "OFPST_STATS_REPLY_DESC" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 17, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 0, ofp_stats_types), FlagsField("flags", 0, 16, []), StrFixedLenField("mfr_desc", "", 256), StrFixedLenField("hw_desc", "", 256), StrFixedLenField("sw_desc", "", 256), StrFixedLenField("serial_num", "", 32), StrFixedLenField("dp_desc", "", 256) ]
class BTLE_RF(Packet): name = "BTLE RF info header" fields_desc = [ ByteField("rf_channel", 0), _dbmField("signal", -256), _dbmField("noise", -256), ByteField("access_address_offenses", 0), XLEIntField("reference_access_address", 0), FlagsField("flags", 0, -16, [ "dewhitened", "sig_power_valid", "noise_power_valid", "decrypted", "reference_access_address_valid", "access_address_offenses_valid", "channel_aliased", "res1", "res2", "res3", "crc_checked", "crc_valid", "mic_checked", "mic_valid", "res4", "res5" ]) ]
class EAP_TTLS(Packet): # eap type 21 name = "EAP-TTLS" fields_desc = [ FlagsField( "flags", 0, 5, ['reserved2', 'reserved1', 'start', 'fragmented', 'length']), BitField("version", 0, 3), ConditionalField(IntField("length", 0), lambda pkt: pkt.flags > 15), ] def guess_payload_class(self, payload): if self.flags >> 2 in [1, 3, 7]: # if start bit is set return Packet.guess_payload_class(self, payload) else: return TLSv1RecordLayer
class PPI_Geotag_Vector(HCSIPacket): name = "PPI Vector" hcsi_fields = [ VectorFlags_Field("VectorFlags", None), FlagsField("VectorChars", None, -32, _hcsi_vector_char_flags), Fixed3_6Field("Pitch", None), Fixed3_6Field("Roll", None), Fixed3_6Field("Heading", None), Fixed6_4Field("Off_X", None), Fixed6_4Field("Off_Y", None), Fixed6_4Field("Off_Z", None), ] + _hcsi_null_range(8, 16) + [ Fixed3_6Field("Err_Rot", None), Fixed6_4Field("Err_Off", None), ] + _hcsi_null_range(18, 28)
class DNSRRDNSKEY(_DNSRRdummy): name = "DNS DNSKEY Resource Record" fields_desc = [ DNSStrField("rrname", ""), ShortEnumField("type", 48, dnstypes), ShortEnumField("rclass", 1, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), FlagsField("flags", 256, 16, "S???????Z???????"), # S: Secure Entry Point # Z: Zone Key ByteField("protocol", 3), ByteEnumField("algorithm", 5, dnssecalgotypes), StrField("publickey", "") ]
class OFPTStatsReplyPort(_ofp_header): name = "OFPST_STATS_REPLY_TABLE" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 17, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 4, ofp_stats_types), FlagsField("flags", 0, 16, []), PacketListField("port_stats", None, OFPPortStats, length_from=lambda pkt: pkt.len - 12) ] overload_fields = {TCP: {"dport": 6653}}
class OFPTStatsReplyAggregate(_ofp_header): name = "OFPST_STATS_REPLY_AGGREGATE" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 17, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 2, ofp_stats_types), FlagsField("flags", 0, 16, []), LongField("packet_count", 0), LongField("byte_count", 0), IntField("flow_count", 0), XIntField("pad", 0) ] overload_fields = {TCP: {"dport": 6653}}
class OFPTStatsRequestAggregate(_ofp_header): name = "OFPST_STATS_REQUEST_AGGREGATE" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 16, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 2, ofp_stats_types), FlagsField("flags", 0, 16, []), PacketField("match", OFPMatch(), OFPMatch), ByteEnumField("table_id", "ALL", ofp_table), ByteField("pad", 0), ShortEnumField("out_port", "NONE", ofp_port_no) ] overload_fields = {TCP: {"sport": 6653}}
class LLTDAttributeCharacteristics(LLTDAttribute): name = "LLTD Attribute - Characteristics" fields_desc = [ # According to MS doc, "this field MUST be set to 0x02". But # according to MS implementation, that's wrong. # ByteField("len", 2), FieldLenField("len", None, length_of="reserved2", fmt="B", adjust=lambda _, x: x + 2), FlagsField("flags", 0, 5, "PXFML"), BitField("reserved1", 0, 11), StrLenField("reserved2", "", length_from=lambda x: x.len - 2) ]
class OSPF_Router_LSA(OSPF_BaseLSA): name = "OSPF Router LSA" fields_desc = [ShortField("age", 1), OSPFOptionsField(), ByteField("type", 1), IPField("id", "1.1.1.1"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), FlagsField("flags", 0, 8, ["B", "E", "V", "W", "Nt"]), ByteField("reserved", 0), FieldLenField("linkcount", None, count_of="linklist"), PacketListField("linklist", [], OSPF_Link, count_from=lambda pkt: pkt.linkcount, length_from=lambda pkt: pkt.linkcount * 12)]
class ZigbeeDeviceProfile(Packet): name = "Zigbee Device Profile (ZDP) frame" fields_desc = [ # sequence number (8 bits) ByteField("sequence_number", 0), # Device short address dot15d4AddressField("extended_address", 0, adjust=lambda pkt, x: 8), # flags 1 octet FlagsField("frame_control", 0, 8, [ 'reserved1', 'reserved2', 'reserved3', 'reserved4', 'remove_children', 'rejoin' ]), ] def guess_payload_class(self, payload): return Packet.guess_payload_class(self, payload)
class OSPFv3_Router_LSA(OSPF_BaseLSA): name = "OSPFv3 Router LSA" fields_desc = [ ShortField("age", 1), ShortEnumField("type", 0x2001, _OSPFv3_LStypes), IPField("id", "0.0.0.0"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), FlagsField("flags", 0, 8, ["B", "E", "V", "W"]), OSPFv3OptionsField(), PacketListField("linklist", [], OSPFv3_Link, length_from=lambda pkt: pkt.len - 24) ]
class SAPMSClient1(PacketNoPadded): """SAP Message Server Client packet version 1 Packet that contains information about a client of the Message Server service. This packet is for version 1, which has been seen only on old releases (SAP NW 2004s). """ name = "SAP Message Server Client version 1" fields_desc = [ StrFixedLenField("client", None, 20), StrFixedLenField("host", None, 20), StrFixedLenField("service", None, 20), FlagsField("msgtype", 0, 8, ["ICM", "ATP", "UP2", "SPO", "BTC", "ENQ", "UPD", "DIA"]), IPField("hostaddrv4", "0.0.0.0"), ShortField("servno", 0x00), ]
class LL_FEATURE_REQ(Packet): name = "LL_FEATURE_REQ" fields_desc = [ FlagsField("feature_set", 0, -16,[# 4.0 'le_encryption', # 4.1 'conn_par_req_proc','ext_reject_ind','slave_init_feat_exch', # 4.2 'le_ping', 'le_data_len_ext','ll_privacy','ext_scan_filter', # 5.0 'll_2m_phy', 'tx_mod_idx','rx_mod_idx','le_coded_phy', 'le_ext_adv','le_periodic_adv', 'ch_sel_alg','le_pwr_class']), BitField("reserved", 0, 48), ]
class DIQ(Packet): name = 'QDS' fields_desc = [ ByteEnumField('DPI', 0x00, DPI_ENUM), FlagsField('flags', 0x00, 8, DIQ_FLAGS), ] def do_dissect(self, s): self.DPI = s[0] & 0x03 self.flags = s[0] & 0xf0 return s[1:] def do_build(self): s = list(range(1)) s[0] = int(self.DPI) | int(self.flags) return bytes(s)
class _ISIS_LSP_Base(_ISIS_PduBase): fields_desc = [ _ISIS_PduLengthField(), ShortField("lifetime", 1199), ISIS_LspIdField("lspid", "0102.0304.0506.00-00"), XIntField("seqnum", 0x00000001), XShortField("checksum", None), FlagsField("typeblock", 0x03, 8, ["L1", "L2", "OL", "ADef", "ADel", "AExp", "AErr", "P"]), # noqa: E501 _ISIS_TlvListField() ] def checksum_info(self, hdrlen): if self.checksum is not None: return None return (12, 24)
class PEAP(Packet): # eap type 25 name = "PEAP" fields_desc = [ FlagsField("flags", 0, 6, [ 'reserved3', 'reserved2', 'reserved1', 'start', 'fragmented', 'length' ]), BitField("version", 0, 2), ConditionalField(IntField("length", 0), lambda pkt: pkt.flags > 31), ] def guess_payload_class(self, payload): if self.flags > 31: return TLSv1RecordLayer else: return Packet.guess_payload_class(self, payload)
class OSPF_DBDesc(Packet): name = "OSPF Database Description" fields_desc = [ShortField("mtu", 1500), OSPFOptionsField(), FlagsField("dbdescr", 0, 8, ["MS", "M", "I", "R", "4", "3", "2", "1"]), # noqa: E501 IntField("ddseq", 1), PacketListField("lsaheaders", None, OSPF_LSA_Hdr, count_from=lambda pkt: None, length_from=lambda pkt: pkt.underlayer.len - 24 - 8)] # noqa: E501 def guess_payload_class(self, payload): # check presence of LLS data block flag if self.options & 0x10 == 0x10: return OSPF_LLS_Hdr else: return Packet.guess_payload_class(self, payload)
class PerPeerHeader(Packet): name = "PEERPEERHEADER" fields_desc = [ ByteField("type", 0), FlagsField("peer_flags", 0, 8, ["NA0", "NA1", "NA2", "NA3", "NA4", "A", "L", "V"]), # How to do a 16 bytes field? Field("peer_distinquisher", 0, fmt="Q"), IP6Field("peer_address", "::/0"), IntField("peer_asn", 0), IntField("peer_bgp_id", 0), IntField("timestamp_seconds", 0), IntField("timestamp_microseconds", 0), ] def extract_padding(self, p): return "", p
class BOOTP(Packet): name = "BOOTP" fields_desc = [ ByteEnumField("op", 1, { 1: "BOOTREQUEST", 2: "BOOTREPLY" }), ByteField("htype", 1), ByteField("hlen", 6), ByteField("hops", 0), IntField("xid", 0), ShortField("secs", 0), FlagsField("flags", 0, 16, "???????????????B"), IPField("ciaddr", "0.0.0.0"), IPField("yiaddr", "0.0.0.0"), IPField("siaddr", "0.0.0.0"), IPField("giaddr", "0.0.0.0"), Field("chaddr", b"", "16s"), Field("sname", b"", "64s"), Field("file", b"", "128s"), StrField("options", b"") ] def guess_payload_class(self, payload): if self.options[:len(dhcpmagic)] == dhcpmagic: return DHCP else: return Packet.guess_payload_class(self, payload) def extract_padding(self, s): if self.options[:len(dhcpmagic)] == dhcpmagic: # set BOOTP options to DHCP magic cookie and make rest a payload of DHCP options # noqa: E501 payload = self.options[len(dhcpmagic):] self.options = self.options[:len(dhcpmagic)] return payload, None else: return b"", None def hashret(self): return struct.pack("!I", self.xid) def answers(self, other): if not isinstance(other, BOOTP): return 0 return self.xid == other.xid
class ZigbeeNWK(Packet): name = "Zigbee Network Layer" fields_desc = [ BitField("discover_route", 0, 2), BitField("proto_version", 2, 4), BitEnumField("frametype", 0, 2, { 0: 'data', 1: 'command' }), FlagsField("flags", 0, 8, [ 'multicast', 'security', 'source_route', 'extended_dst', 'extended_src', 'reserved1', 'reserved2', 'reserved3' ]), # noqa: E501 XLEShortField("destination", 0), XLEShortField("source", 0), ByteField("radius", 0), ByteField("seqnum", 1), # ConditionalField(XLongField("ext_dst", 0), lambda pkt:pkt.flags & 8), ConditionalField( dot15d4AddressField("ext_dst", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.flags & 8), # noqa: E501 ConditionalField( dot15d4AddressField("ext_src", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.flags & 16), # noqa: E501 ConditionalField(ByteField("relay_count", 1), lambda pkt: pkt.flags & 0x04), # noqa: E501 ConditionalField(ByteField("relay_index", 0), lambda pkt: pkt.flags & 0x04), # noqa: E501 ConditionalField( FieldListField("relays", [], XLEShortField("", 0x0000), count_from=lambda pkt: pkt.relay_count), lambda pkt: pkt.flags & 0x04), # noqa: E501 ] def guess_payload_class(self, payload): if self.flags & 0x02: return ZigbeeSecurityHeader elif self.frametype == 0: return ZigbeeAppDataPayload elif self.frametype == 1: return ZigbeeNWKCommandPayload else: return Packet.guess_payload_class(self, payload)
class OSPFv3_AS_External_LSA(OSPF_BaseLSA): name = "OSPFv3 AS External LSA" fields_desc = [ShortField("age", 1), ShortEnumField("type", 0x4005, _OSPFv3_LStypes), IPField("id", "0.0.0.0"), IPField("adrouter", "1.1.1.1"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), FlagsField("flags", 0, 8, ["T", "F", "E"]), X3BytesField("metric", 20), FieldLenField("prefixlen", None, length_of="prefix", fmt="B"), # noqa: E501 OSPFv3PrefixOptionsField(), ShortEnumField("reflstype", 0, _OSPFv3_LStypes), IP6PrefixField("prefix", "2001:db8:0:42::/64", wordbytes=4, length_from=lambda pkt: pkt.prefixlen), # noqa: E501 ConditionalField(IP6Field("fwaddr", "::"), lambda pkt: pkt.flags & 0x02 == 0x02), # noqa: E501 ConditionalField(IntField("tag", 0), lambda pkt: pkt.flags & 0x01 == 0x01), # noqa: E501 ConditionalField(IPField("reflsid", 0), lambda pkt: pkt.reflstype != 0)] # noqa: E501
class ZigbeeSecurityHeader(Packet): name = "Zigbee Security Header" fields_desc = [ # Security control (1 octet) FlagsField("reserved1", 0, 2, ['reserved1', 'reserved2']), BitField("extended_nonce", 1, 1), # set to 1 if the sender address field is present (source) # noqa: E501 # Key identifier BitEnumField("key_type", 1, 2, { 0: 'data_key', 1: 'network_key', 2: 'key_transport_key', 3: 'key_load_key' }), # Security level (3 bits) BitEnumField("nwk_seclevel", 0, 3, { 0: "None", 1: "MIC-32", 2: "MIC-64", 3: "MIC-128", 4: "ENC", 5: "ENC-MIC-32", 6: "ENC-MIC-64", 7: "ENC-MIC-128" }), # Frame counter (4 octets) XLEIntField("fc", 0), # provide frame freshness and prevent duplicate frames # noqa: E501 # Source address (0/8 octets) ConditionalField(dot15d4AddressField("source", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.extended_nonce), # noqa: E501 # Key sequence number (0/1 octet): only present when key identifier is 1 (network key) # noqa: E501 ConditionalField(ByteField("key_seqnum", 0), lambda pkt: pkt.getfieldval("key_type") == 1), # noqa: E501 # Payload # the length of the encrypted data is the payload length minus the MIC StrField("data", ""), # noqa: E501 # Message Integrity Code (0/variable in size), length depends on nwk_seclevel # noqa: E501 XStrField("mic", ""), ] def post_dissect(self, s): # Get the mic dissected correctly mic_length = util_mic_len(self) if mic_length > 0: # Slice "data" into "data + mic" _data, _mic = self.data[:-mic_length], self.data[-mic_length:] self.data, self.mic = _data, _mic return s
class BTLE_RF(Packet): """Cooked BTLE link-layer pseudoheader. http://www.whiterocker.com/bt/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html """ name = "BTLE RF info header" fields_desc = [ ByteField("rf_channel", 0), SignedByteField("signal", -128), SignedByteField("noise", -128), ByteField("access_address_offenses", 0), XLEIntField("reference_access_address", 0), FlagsField("flags", 0, -16, [ "dewhitened", "sig_power_valid", "noise_power_valid", "decrypted", "reference_access_address_valid", "access_address_offenses_valid", "channel_aliased", "res1", "res2", "res3", "crc_checked", "crc_valid", "mic_checked", "mic_valid", "res4", "res5" ]) ]
class BFD(Packet): name = "BFD" fields_desc = [ BitField("version", 1, 3), BitField("diag", 0, 5), BitField("sta", 3, 2), FlagsField("flags", 0x00, 6, ['P', 'F', 'C', 'A', 'D', 'M']), XByteField("detect_mult", 0x03), XByteField("len", 24), BitField("my_discriminator", 0x11111111, 32), BitField("your_discriminator", 0x22222222, 32), BitField("min_tx_interval", 1000000000, 32), BitField("min_rx_interval", 1000000000, 32), BitField("echo_rx_interval", 1000000000, 32) ] def mysummary(self): return self.sprintf("BFD (my_disc=%BFD.my_discriminator%," "your_disc=%BFD.my_discriminator%)")
class SAPMSClient3(Packet): """SAP Message Server Client packet version 3 Packet that contains information about a client of the Message Server service. This packet is for version 3. """ name = "SAP Message Server Client version 3" fields_desc = [ StrFixedLenField("client", None, 40), StrFixedLenField("host", None, 64), StrFixedLenField("service", None, 20), FlagsField("msgtype", 0, 8, ["ICM", "ATP", "UP2", "SPO", "BTC", "ENQ", "UPD", "DIA"]), IP6Field("hostaddrv6", "::1"), IPField("hostaddrv4", "0.0.0.0"), ShortField("servno", 0x00), ByteEnumKeysField("status", 0x00, ms_client_status_values), ByteField("nitrace", 0x00), ByteField("padd", 0), ]
class SAPMSClient2(PacketNoPadded): """SAP Message Server Client packet version 2 Packet that contains information about a client of the Message Server service. This packet is for version 2, which has been seen only on old releases (SAP NW 2004s). """ name = "SAP Message Server Client version 2" fields_desc = [ StrFixedLenField("client", None, 40), StrFixedLenField("host", None, 32), StrFixedLenField("service", None, 20), FlagsField("msgtype", 0, 8, ["ICM", "ATP", "UP2", "SPO", "BTC", "ENQ", "UPD", "DIA"]), IPField("hostaddrv4", "0.0.0.0"), ShortField("servno", 0x00), ByteEnumKeysField("status", 0x00, ms_client_status_values), ByteField("nitrace", 0x00), StrFixedLenField("padd", None, 14), ]
class OSPF_External_LSA(OSPF_BaseLSA): name = "OSPF External LSA (ASBR)" fields_desc = [ShortField("age", 1), OSPFOptionsField(), ByteField("type", 5), IPField("id", "192.168.0.0"), IPField("adrouter", "2.2.2.2"), XIntField("seq", 0x80000001), XShortField("chksum", None), ShortField("len", None), IPField("mask", "255.255.255.0"), FlagsField("ebit", 0, 1, ["E"]), BitField("reserved", 0, 7), X3BytesField("metric", 20), IPField("fwdaddr", "0.0.0.0"), XIntField("tag", 0), # TODO: Define correct conditions ConditionalField(ByteField("tos", 0), lambda pkt:False), ConditionalField(X3BytesField("tosmetric", 0), lambda pkt:False)] # noqa: E501
def __init__(self, name="options", default=0, size=8, names=None): if names is None: names = ["MT", "E", "MC", "NP", "L", "DC", "O", "DN"] FlagsField.__init__(self, name, default, size, names)
def __init__(self, name="circuittype", default=2, size=8, names=["L1", "L2", "r0", "r1", "r2", "r3", "r4", "r5"]): FlagsField.__init__(self, name, default, size, names)
def __init__(self, name="prefixoptions", default=0, size=8, names=None): if names is None: names = ["NU", "LA", "MC", "P"] FlagsField.__init__(self, name, default, size, names)
def __init__(self, name="options", default=0, size=24, names=None): if names is None: names = ["V6", "E", "MC", "N", "R", "DC", "AF", "L", "I", "F"] FlagsField.__init__(self, name, default, size, names)