class RENAME_Reply(Packet): name = 'RENAME Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('af_before_f', 0), ConditionalField( PacketField('attributes_before_f', WCC_Attr(), WCC_Attr), lambda pkt: pkt.af_before_f == 1 ), IntField('af_after_f', 0), ConditionalField( PacketField('attributes_after_f', Fattr3(), Fattr3), lambda pkt: pkt.af_after_f == 1 ), IntField('af_before_t', 0), ConditionalField( PacketField('attributes_before_t', WCC_Attr(), WCC_Attr), lambda pkt: pkt.af_before_t == 1 ), IntField('af_after_t', 0), ConditionalField( PacketField('attributes_after_t', Fattr3(), Fattr3), lambda pkt: pkt.af_after_t == 1 ) ]
class UNSHARE_Reply(Packet): name = 'UNSHARE Reply' fields_desc = [ PacketField('cookie', NLM4_Cookie(), NLM4_Cookie), IntEnumField('status', 0, nlm4_stats), IntField('sequence', 0) ]
class SAPMSProperty(PacketNoPadded): """SAP Message Server Property packet. Packet containing information about properties. """ name = "SAP Message Server Property" fields_desc = [ StrNullFixedLenField("client", None, 39), IntEnumField("id", 0x00, ms_property_id_values), # MS_PROPERTY_VHOST ConditionalField(ShortEnumKeysField("logon", 0, ms_logon_type_values), lambda pkt:pkt.id in [0x02]), # MS_PROPERTY_IPADR ConditionalField(IPField("address", "0.0.0.0"), lambda pkt:pkt.id in [0x03]), ConditionalField(IP6Field("address6", "::"), lambda pkt:pkt.id in [0x03]), # MS_PROPERTY_PARAM ConditionalField(StrNullField("param", ""), lambda pkt:pkt.id in [0x04]), ConditionalField(StrNullField("value", ""), lambda pkt:pkt.id in [0x04]), # MS_PROPERTY_SERVICE ConditionalField(ShortField("service", 0), lambda pkt:pkt.id in [0x05]), # Release Information fields ConditionalField(StrNullFixedLenField("release", "720", length=9), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("patchno", 0), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("supplvl", 0), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("platform", 0), lambda pkt:pkt.id in [0x07]), ]
class READDIR_Reply(Packet): name = 'READDIR Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField( PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1 ), ConditionalField( XLongField('verifier', 0), lambda pkt: pkt.status == 0 ), ConditionalField( IntField('value_follows', 0), lambda pkt: pkt.status == 0 ), ConditionalField( PacketListField( 'files', None, File_From_Dir, next_cls_cb=lambda pkt, lst, cur, remain: File_From_Dir if pkt.value_follows == 1 and (len(lst) == 0 or cur.value_follows == 1) and len(remain) > 4 else None ), lambda pkt: pkt.status == 0), ConditionalField(IntField('eof', 0), lambda pkt: pkt.status == 0) ]
class Fattr3(Packet): name = 'File Attributes' fields_desc = [ IntEnumField('type', 0, ftype3), OIntField('mode', 0), IntField('nlink', 0), IntField('uid', 0), IntField('gid', 0), LongField('size', 0), LongField('used', 0), FieldListField( 'rdev', [0, 0], IntField('', None), count_from=lambda x: 2 ), XLongField('fsid', 0), XLongField('fileid', 0), IntField('atime_s', 0), IntField('atime_ns', 0), IntField('mtime_s', 0), IntField('mtime_ns', 0), IntField('ctime_s', 0), IntField('ctime_ns', 0) ] def extract_padding(self, s): return '', s
class FSINFO_Reply(Packet): name = 'FSINFO Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField( PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1 ), ConditionalField(IntField('rtmax', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('rtpref', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('rtmult', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtmax', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtpref', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('wtmult', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('dtpref', 0), lambda pkt: pkt.status == 0), ConditionalField( LongField('maxfilesize', 0), lambda pkt: pkt.status == 0 ), ConditionalField( IntField('timedelta_s', 0), lambda pkt: pkt.status == 0 ), ConditionalField( IntField('timedelta_ns', 0), lambda pkt: pkt.status == 0 ), ConditionalField( XIntField('properties', 0), lambda pkt: pkt.status == 0 ), ]
class VQPEntry(Packet): name = "VQPEntry" fields_desc = [ IntEnumField( "datatype", 0, { 3073: "clientIPAddress", 3074: "portName", 3075: "VLANName", 3076: "Domain", 3077: "ethernetPacket", 3078: "ReqMACAddress", 3079: "unknown", 3080: "ResMACAddress" }), FieldLenField("len", None), ConditionalField(IPField("datatom", "0.0.0.0"), lambda p: p.datatype == 3073), ConditionalField(MACField("data", "00:00:00:00:00:00"), lambda p: p.datatype == 3078), ConditionalField(MACField("data", "00:00:00:00:00:00"), lambda p: p.datatype == 3080), ConditionalField( StrLenField("data", None, length_from=lambda p: p.len), lambda p: p.datatype not in [3073, 3078, 3080]), ] def post_build(self, p, pay): if self.len is None: tmp_len = len(p.data) p = p[:2] + struct.pack("!H", tmp_len) + p[4:] return p
class PNIOServiceResPDU(Packet): """PNIO PDU for RPC Response""" fields_desc = [ EndiannessField(IntEnumField("status", 0, ["OK"]), endianess_from=dce_rpc_endianess), NDRData, ] overload_fields = { DceRpc: { # random object_uuid in the appropriate range "object_uuid": RandUUID("dea00000-6c97-11d1-8271-******"), # interface uuid to send to a host "interface_uuid": RPC_INTERFACE_UUID["UUID_IO_ControllerInterface"], # Request DCE/RPC type "type": 2, }, } @classmethod def can_handle(cls, pkt, rpc): """heuristical guess_payload_class""" # type = 2 => response if rpc.getfieldval("type") == 2 and \ str(rpc.object_uuid).startswith("dea00000-6c97-11d1-8271-"): return True return False
class IODWriteMultipleRes(Block): """IODWriteMultiple response""" fields_desc = [ BlockHeader, ShortField("seqNum", 0), UUIDField("ARUUID", None), XIntField("API", 0xffffffff), XShortField("slotNumber", 0xffff), XShortField("subslotNumber", 0xffff), StrFixedLenField("padding", "", length=2), XShortEnumField("index", 0, IOD_WRITE_REQ_INDEX), FieldLenField("recordDataLength", None, fmt="I", length_of="blocks"), XShortField("additionalValue1", 0), XShortField("additionalValue2", 0), IntEnumField("status", 0, ["OK"]), StrFixedLenField("RWPadding", "", length=16), FieldListField("blocks", [], PacketField("", None, IODWriteRes), length_from=lambda pkt: pkt.recordDataLength) ] # default values block_type = 0x8008 index = 0xe040 def post_build(self, p, pay): # patch the update of block_length, as requests field must not be # included. block_length is always 60 if self.block_length is None: p = p[:2] + struct.pack("!H", 60) + p[4:] return Packet.post_build(self, p, pay)
class RPC_Reply(Packet): name = 'RPC Response' fields_desc = [ IntField('reply_stat', 0), IntEnumField('flavor', 0, { 0: 'AUTH_NULL', 1: 'AUTH_UNIX' }), ConditionalField(PacketField('a_unix', Auth_Unix(), Auth_Unix), lambda pkt: pkt.flavor == 1), IntField('length', 0), IntField('accept_stat', 0) ] def set_auth(self, **kwargs): """Used to easily set the fields in an a_unix packet""" if kwargs is None: return if 'mname' in kwargs: self.a_unix.mname.set(kwargs['mname']) del kwargs['mname'] for arg, val in kwargs.items(): if hasattr(self.a_unix, arg): setattr(self.a_unix, arg, val) self.length = 0 if self.flavor == 0 else len(self.a_unix)
class OFPTFlowMod(_ofp_header): name = "OFPT_FLOW_MOD" fields_desc = [ ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 14, ofp_type), ShortField("len", None), IntField("xid", 0), PacketField("match", OFPMatch(), OFPMatch), LongField("cookie", 0), ShortEnumField( "cmd", 0, { 0: "OFPFC_ADD", 1: "OFPFC_MODIFY", 2: "OFPFC_MODIFY_STRICT", 3: "OFPFC_DELETE", 4: "OFPFC_DELETE_STRICT" }), ShortField("idle_timeout", 0), ShortField("hard_timeout", 0), ShortField("priority", 0), IntEnumField("buffer_id", "NO_BUFFER", ofp_buffer), ShortEnumField("out_port", "NONE", ofp_port_no), FlagsField("flags", 0, 16, ["SEND_FLOW_REM", "CHECK_OVERLAP", "EMERG"]), PacketListField("actions", [], OFPAT, ofp_action_cls, length_from=lambda pkt: pkt.len - 72) ] overload_fields = {TCP: {"sport": 6653}}
class SMB2_Compression_Capabilities(Packet): name = "SMB2 Compression Capabilities" fields_desc = [ FieldLenField( "CompressionAlgorithmCount", 0, fmt="<H", count_of="CompressionAlgorithms" ), ShortField("Padding", 0x0), IntEnumField("Flags", 0x0, { 0x00000000: "SMB2_COMPRESSION_CAPABILITIES_FLAG_NONE", 0x00000001: "SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED", }), FieldListField( "CompressionAlgorithms", None, LEShortEnumField("", 0x0, SMB2_COMPRESSION_ALGORITHMS), count_from=lambda pkt: pkt.CompressionAlgorithmCount, ), # Pad the whole packet on 8 bytes XStrLenField( "Padding2", "", length_from=lambda pkt: (8 - (2 + 2 + 4 + pkt.CompressionAlgorithmCount * 2)) % 8 ), ]
class SYMLINK_Reply(Packet): name = 'SYMLINK Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), ConditionalField( IntField('handle_follows', 0), lambda pkt: pkt.status == 0 ), ConditionalField( PacketField('filehandle', File_Object(), File_Object), lambda pkt: pkt.status == 0 and pkt.handle_follows == 1 ), ConditionalField( IntField('attributes_follow', 0), lambda pkt: pkt.status == 0 ), ConditionalField( PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.status == 0 and pkt.attributes_follow == 1 ), IntField('af_before', 0), ConditionalField( PacketField('dir_attributes_before', WCC_Attr(), WCC_Attr), lambda pkt: pkt.af_before == 1 ), IntField('af_after', 0), ConditionalField( PacketField('dir_attributes_after', Fattr3(), Fattr3), lambda pkt: pkt.af_after == 1 ) ]
class READ_Reply(Packet): name = 'READ Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField( PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1 ), ConditionalField(IntField('count', 0), lambda pkt: pkt.status == 0), ConditionalField(IntField('eof', 0), lambda pkt: pkt.status == 0), ConditionalField( IntField('data_length', 0), lambda pkt: pkt.status == 0 ), ConditionalField( StrLenField('data', b'', length_from=lambda pkt: pkt.data_length), lambda pkt: pkt.status == 0 ), ConditionalField( StrLenField( 'fill', b'', length_from=lambda pkt: (4 - pkt.data_length) % 4 ), lambda pkt: pkt.status == 0 ) ]
class FileSyncPacket(Packet): name = "file_sync_packet" fields_desc = [ IntEnumField("message_type", 1, message_types), IntField("file_size", 0), FieldLenField("file_name_len", None, length_of="file_name"), StrField("file_name", ""), ]
class OSPF_LSReq_Item(Packet): name = "OSPF Link State Request (item)" fields_desc = [IntEnumField("type", 1, _OSPF_LStypes), IPField("id", "1.1.1.1"), IPField("adrouter", "1.1.1.1")] def extract_padding(self, s): return "", s
class ISAKMP_payload_SA(ISAKMP_class): name = "ISAKMP SA" overload_fields = {ISAKMP: {"next_payload": 1}} fields_desc = [ ByteEnumField("next_payload", None, ISAKMP_payload_type), ByteField("res", 0), FieldLenField("length", None, "prop", "H", adjust=lambda pkt, x: x + 12), # noqa: E501 IntEnumField("DOI", 1, {1: "IPSEC"}), IntEnumField("situation", 1, {1: "identity"}), PacketLenField("prop", conf.raw_layer(), ISAKMP_payload_Proposal, length_from=lambda x: x.length - 12), # noqa: E501 ]
class Loopback(Packet): r"""\*BSD loopback layer""" name = "Loopback" if consts.OPENBSD: fields_desc = [IntEnumField("type", 0x2, LOOPBACK_TYPES)] else: fields_desc = [LoIntEnumField("type", 0x2, LOOPBACK_TYPES)] __slots__ = ["_defrag_pos"]
class AVSWLANHeader(Packet): """ iwpriv eth1 set_prismhdr 1 """ name = "AVS WLAN Monitor Header" fields_desc = [IntField("version", 1), IntField("len", 64), LongField("mactime", 0), LongField("hosttime", 0), IntEnumField("phytype", 0, AVSWLANPhyType), IntField("channel", 0), IntField("datarate", 0), IntField("antenna", 0), IntField("priority", 0), IntEnumField("ssi_type", 0, AVSWLANSSIType), SignedIntField("ssi_signal", 0), SignedIntField("ssi_noise", 0), IntEnumField("preamble", 0, AVSWLANPreambleType), IntEnumField("encoding", 0, AVSWLANEncodingType), ]
class RPC(Packet): name = 'RPC' fields_desc = [ XIntField('xid', 0), IntEnumField('mtype', 0, { 0: 'CALL', 1: 'REPLY' }), ]
class NTLMSSP(Packet): # [MS-NLMP] v16.2 sect 2.2.1 name = 'NTLM Authentication Protocol' deprecated_fields_desc = { 'identifier': ('signature', '2.5.0'), } fields_desc = [ StrFixedLenField('signature', b'NTLMSSP\0', length=8), IntEnumField('messageType', 3, {1: 'NEGOTIATE_MESSAGE', 2: 'CHALLENGE_MESSAGE', 3: 'AUTHENTICATE_MESSAGE'}), # TODO: ONLY AUTHENTICATE_MESSAGE IMPLEMENTED # sect 2.2.1.3 ShortField('lmChallengeResponseLen', 0), ShortField('lmChallengeResponseMaxLen', 0), IntField('lmChallengeResponseBufferOffset', 0), ShortField('ntChallengeResponseLen', 0), ShortField('ntChallengeResponseMaxLen', 0), IntField('ntChallengeResponseBufferOffset', 0), ShortField('domainNameLen', 0), ShortField('domainNameMax', 0), IntField('domainNameOffset', 0), ShortField('userNameLen', 0), ShortField('userNameMax', 0), IntField('userNameOffset', 0), ShortField('workstationLen', 0), ShortField('workstationMaxLen', 0), IntField('workstationBufferOffset', 0), ShortField('encryptedRandomSessionKeyLen', 0), ShortField('encryptedRandomSessionKeyMaxLen', 0), IntField('encryptedRandomSessionKeyBufferOffset', 0), FlagsField('negociateFlags', 0, 32, _negociate_flags), ByteField('productMajorVersion', 0), ByteField('productMinorVersion', 0), ShortField('productBuild', 0), ThreeBytesField('reserved', 0), ByteField('NTLMRevisionCurrent', 0), StrFixedLenField('MIC', '', 16), # payload field. # TODO: those challenges are structures that should be defined StrLenField('lmChallengeResponse', '', length_from=lambda pkt: pkt.lmChallengeResponseLen), StrLenField('ntChallengeResponse', '', length_from=lambda pkt: pkt.ntChallengeResponseLen), StrLenField('domainName', '', length_from=lambda pkt: pkt.domainNameLen), StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen), StrLenField('workstation', '', length_from=lambda pkt: pkt.workstationLen), StrLenField('encryptedRandomSessionKey', '', length_from=lambda pkt: pkt.encryptedRandomSessionKeyLen) ] def extract_padding(self, p): return b"", p
class READLINK_Reply(Packet): name = 'READLINK Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField(PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1), ConditionalField(PacketField('filename', Object_Name(), Object_Name), lambda pkt: pkt.status == 0) ]
class ACCESS_Reply(Packet): name = 'ACCESS Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('attributes_follow', 0), ConditionalField(PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.attributes_follow == 1), ConditionalField(XIntField('access_rights', 0), lambda pkt: pkt.status == 0) ]
class GETATTR_Reply(Packet): name = 'GETATTR Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), ConditionalField(PacketField('attributes', Fattr3(), Fattr3), lambda pkt: pkt.status == 0) ] def extract_padding(self, s): return '', None
class SAPEnqueueParam(PacketNoPadded): """SAP Enqueue Server Connection Admin Parameter packet """ name = "SAP Enqueue Connection Admin Parameter" fields_desc = [ IntEnumField("param", 0, enqueue_param_values), ConditionalField(IntField("len", 0), lambda pkt:pkt.param in [0x06]), ConditionalField(IntField("value", 0), lambda pkt:pkt.param not in [0x03, 0x04]), ConditionalField(StrNullField("set_name", ""), lambda pkt:pkt.param in [0x03]), ]
class PPTPOutgoingCallRequest(PPTP): name = "PPTP Outgoing Call Request" fields_desc = [LenField("len", 168), ShortEnumField("type", 1, _PPTP_msg_type), XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), ShortEnumField("ctrl_msg_type", 7, _PPTP_ctrl_msg_type), XShortField("reserved_0", 0x0000), ShortField("call_id", 1), ShortField("call_serial_number", 0), IntField("minimum_bps", 32768), IntField("maximum_bps", 2147483648), IntEnumField("bearer_type", 3, _PPTP_bearer_type), IntEnumField("framing_type", 3, _PPTP_framing_type), ShortField("pkt_window_size", 16), ShortField("pkt_proc_delay", 0), ShortField('phone_number_len', 0), XShortField("reserved_1", 0x0000), StrFixedLenField("phone_number", '', 64), StrFixedLenField("subaddress", '', 64)]
class RIPEntry(RIP): name = "RIP entry" fields_desc = [ ShortEnumField("AF", 2, {2: "IP"}), ShortField("RouteTag", 0), IPField("addr", "0.0.0.0"), IPField("mask", "0.0.0.0"), IPField("nextHop", "0.0.0.0"), IntEnumField("metric", 1, {16: "Unreach"}), ]
class WRITE_Reply(Packet): name = 'WRITE Reply' fields_desc = [ IntEnumField('status', 0, nfsstat3), IntField('af_before', 0), ConditionalField( PacketField('attributes_before', WCC_Attr(), WCC_Attr), lambda pkt: pkt.af_before == 1), IntField('af_after', 0), ConditionalField(PacketField('attributes_after', Fattr3(), Fattr3), lambda pkt: pkt.af_after == 1), ConditionalField(IntField('count', 0), lambda pkt: pkt.status == 0), ConditionalField( IntEnumField('committed', 0, { 0: 'UNSTABLE', 1: 'STABLE' }), lambda pkt: pkt.status == 0), ConditionalField(XLongField('verifier', 0), lambda pkt: pkt.status == 0) ]
class OFPTStatsRequestQueue(_ofp_header): name = "OFPST_STATS_REQUEST_QUEUE" fields_desc = [ByteEnumField("version", 0x01, ofp_version), ByteEnumField("type", 16, ofp_type), ShortField("len", None), IntField("xid", 0), ShortEnumField("stats_type", 5, ofp_stats_types), FlagsField("flags", 0, 16, []), ShortEnumField("port_no", "NONE", ofp_port_no), XShortField("pad", 0), IntEnumField("queue_id", "ALL", ofp_queue)]
class WRITE_Call(Packet): name = 'WRITE Call' fields_desc = [ PacketField('filehandle', File_Object(), File_Object), LongField('offset', 0), IntField('count', 0), IntEnumField('stable', 0, {0: 'UNSTABLE', 1: 'STABLE'}), IntField('length', 0), StrLenField('contents', b'', length_from=lambda pkt: pkt.length), StrLenField('fill', b'', length_from=lambda pkt: (4 - pkt.length) % 4) ]