class SAPDiagDyntAtomItem(PacketNoPadded): name = "SAP Diag Dynt Atom item" fields_desc = [ ShortField("atom_length", 0), ByteField("dlg_flag_1", 0), ByteField("dlg_flag_2", 0), ByteEnumKeysField("etype", 0, diag_atom_etypes), ByteField("area", 0), ByteField("block", 0), ByteField("group", 0), ShortField("row", 0), ShortField("col", 0), # Attr flags BitField("attr_DIAG_BSD_COMBOSTYLE", 0, 1), # 80 BitField("attr_DIAG_BSD_YES3D", 0, 1), # 40 BitField("attr_DIAG_BSD_PROPFONT", 0, 1), # 20 BitField("attr_DIAG_BSD_MATCHCODE", 0, 1), # 10 BitField("attr_DIAG_BSD_JUSTRIGHT", 0, 1), # 08 BitField("attr_DIAG_BSD_INTENSIFY", 0, 1), # 04 BitField("attr_DIAG_BSD_INVISIBLE", 0, 1), # 02 BitField("attr_DIAG_BSD_PROTECTED", 0, 1), # 01 # DIAG_DGOTYP_FNAME ConditionalField( StrLenField("name_text", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype == 114), # DIAG_DGOTYP_PUSHBUTTON_2 */ ConditionalField(ByteField("pushbutton_v_length", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ByteField("pushbutton_v_height", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ShortField("pushbutton_function_code_offset", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ShortField("pushbutton_text_offset", 0), lambda pkt: pkt.etype in [115]), ConditionalField(StrField("pushbutton_text", ""), lambda pkt: pkt.etype in [115]), ConditionalField(StrField("pushbutton_function_code", ""), lambda pkt: pkt.etype in [115]), # DIAG_DGOTYP_TABSTRIP_BUTTON ConditionalField(ByteField("tabstripbutton_v_length", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ByteField("tabstripbutton_v_height", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ByteField("tabstripbutton_page_id", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_function_code_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_text_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_id_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_text", ""), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_function_code", ""), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_id", ""), lambda pkt: pkt.etype in [116]), # DIAG_DGOTYP_XMLPROP ConditionalField( StrLenField("xmlprop_text", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype == 120), # DIAG_DGOTYP_EFIELD_1 or DIAG_DGOTYP_OFIELD_1 or DIAG_DGOTYP_KEYWORD_1 ConditionalField(ByteField("field1_flag1", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField( FieldLenField("field1_dlen", None, fmt="B", length_of="field1_text"), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField(ByteField("field1_mlen", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField(ShortField("field1_maxnrchars", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField( StrLenField("field1_text", "", length_from=lambda pkt: pkt.field1_dlen), lambda pkt: pkt.etype in [121, 122, 123]), # DIAG_DGOTYP_FRAME_1 ConditionalField(ShortField("frame_drows", 0), lambda pkt: pkt.etype in [127]), ConditionalField(ShortField("frame_dcols", 0), lambda pkt: pkt.etype in [127]), ConditionalField( StrLenField("frame_text", "", length_from=lambda pkt: pkt.atom_length - 17), lambda pkt: pkt.etype in [127]), # DIAG_DGOTYP_RADIOBUTTON_3 ConditionalField(ByteField("radiobutton_button", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_visible_label_length", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_event_id_off", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ByteField("radiobutton_event_id_len", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_text_off", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_text_length", 0), lambda pkt: pkt.etype in [129]), ConditionalField( StrLenField("radiobutton_text", "", length_from=lambda pkt: pkt.radiobutton_event_id_len + pkt.radiobutton_text_length), lambda pkt: pkt.etype in [129]), # DIAG_DGOTYP_EFIELD_2 or DIAG_DGOTYP_OFIELD_2 or DIAG_DGOTYP_KEYWORD_2 ConditionalField(ShortField("field2_flag1", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField( FieldLenField("field2_dlen", None, fmt="B", length_of="field2_text"), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField(ByteField("field2_mlen", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField(ShortField("field2_maxnrchars", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField( StrLenField("field2_text", "", length_from=lambda pkt: pkt.field2_dlen), lambda pkt: pkt.etype in [130, 131, 132]), # Remaining types ConditionalField( StrLenField("value", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype not in [114, 115, 116, 120, 121, 122, 123, 127, 129, 130, 131, 132]), ] def post_build(self, p, pay): if pay is None: pay = '' # Update the atom_length field (first 2 bytes) with the packet length p = pack("!H", len(p)) + p[2:] return p + pay
class TLS_Ext_Padding(TLS_Ext_Unknown): # RFC 7685 name = "TLS Extension - Padding" fields_desc = [ShortEnumField("type", 0x15, _tls_ext), FieldLenField("len", None, length_of="padding"), StrLenField("padding", "", length_from=lambda pkt: pkt.len)]
class Dot11Elt(Packet): name = "802.11 Information Element" fields_desc = [ ByteEnumField("ID", 0, _dot11_info_elts_ids), FieldLenField("len", None, "info", "B"), StrLenField("info", "", length_from=lambda x: x.len, max_length=255) ] def mysummary(self): if self.ID == 0: ssid = repr(self.info) if ssid[:2] in ['b"', "b'"]: ssid = ssid[1:] return "SSID=%s" % ssid, [Dot11] else: return "" registered_ies = {} @classmethod def register_variant(cls): cls.registered_ies[cls.ID.default] = cls @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: _id = orb(_pkt[0]) if _id == 221: oui_a = orb(_pkt[2]) oui_b = orb(_pkt[3]) oui_c = orb(_pkt[4]) if oui_a == 0x00 and oui_b == 0x50 and oui_c == 0xf2: # MS OUI type_ = orb(_pkt[5]) if type_ == 0x01: # MS WPA IE return Dot11EltMicrosoftWPA else: return Dot11EltVendorSpecific else: return Dot11EltVendorSpecific else: return cls.registered_ies.get(_id, cls) return cls def haslayer(self, cls): if cls == "Dot11Elt": if isinstance(self, Dot11Elt): return True elif issubtype(cls, Dot11Elt): if isinstance(self, cls): return True return super(Dot11Elt, self).haslayer(cls) def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): return super(Dot11Elt, self).getlayer(cls, nb=nb, _track=_track, _subclass=True, **flt) def post_build(self, p, pay): if self.len is None: p = p[:1] + chb(len(p) - 2) + p[2:] return p + pay
class PPP_LCP_Quality_Protocol_Option(PPP_LCP_Option): fields_desc = [ByteEnumField("type", 4, _PPP_lcp_optiontypes), FieldLenField("len", None, fmt="B", length_of="data", adjust=lambda p, x:x + 4), ShortEnumField("quality_protocol", 0xc025, _PPP_LCP_quality_protocols), StrLenField("data", "", length_from=lambda p:p.len - 4)]
class RadioTap(Packet): name = "RadioTap dummy" deprecated_fields = { "Channel": ("ChannelFrequency", "2.4.3"), "ChannelFlags2": ("ChannelPlusFlags", "2.4.3"), "ChannelNumber": ("ChannelPlusNumber", "2.4.3"), } fields_desc = [ ByteField('version', 0), ByteField('pad', 0), LEShortField('len', None), FlagsField('present', None, -32, _rt_present), # noqa: E501 # Extended presence mask ConditionalField( PacketListField("Ext", [], next_cls_cb=_next_radiotap_extpm), lambda pkt: pkt.present and pkt.present.Ext), # noqa: E501 # RadioTap fields - each starts with a _RadiotapReversePadField # to handle padding # TSFT ConditionalField( _RadiotapReversePadField(LELongField("mac_timestamp", 0)), lambda pkt: pkt.present and pkt.present.TSFT), # Flags ConditionalField( _RadiotapReversePadField(FlagsField("Flags", None, -8, _rt_flags)), lambda pkt: pkt.present and pkt.present.Flags), # Rate ConditionalField(_RadiotapReversePadField(ByteField("Rate", 0)), lambda pkt: pkt.present and pkt.present.Rate), # Channel ConditionalField( _RadiotapReversePadField(LEShortField("ChannelFrequency", 0)), lambda pkt: pkt.present and pkt.present.Channel), ConditionalField( FlagsField("ChannelFlags", None, -16, _rt_channelflags), lambda pkt: pkt.present and pkt.present.Channel), # dBm_AntSignal ConditionalField( _RadiotapReversePadField(_dbmField("dBm_AntSignal", -256)), lambda pkt: pkt.present and pkt.present.dBm_AntSignal), # dBm_AntNoise ConditionalField( _RadiotapReversePadField(_dbmField("dBm_AntNoise", -256)), lambda pkt: pkt.present and pkt.present.dBm_AntNoise), # Lock_Quality ConditionalField( _RadiotapReversePadField(LEShortField("Lock_Quality", 0), ), lambda pkt: pkt.present and pkt.present.Lock_Quality), # Antenna ConditionalField(_RadiotapReversePadField(ByteField("Antenna", 0)), lambda pkt: pkt.present and pkt.present.Antenna), # RX Flags ConditionalField( _RadiotapReversePadField( FlagsField("RXFlags", None, -16, _rt_rxflags)), lambda pkt: pkt.present and pkt.present.RXFlags), # TX Flags ConditionalField( _RadiotapReversePadField( FlagsField("TXFlags", None, -16, _rt_txflags)), lambda pkt: pkt.present and pkt.present.TXFlags), # ChannelPlus ConditionalField( _RadiotapReversePadField( FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2)), lambda pkt: pkt.present and pkt.present.ChannelPlus), ConditionalField(LEShortField("ChannelPlusFrequency", 0), lambda pkt: pkt.present and pkt.present.ChannelPlus), ConditionalField(ByteField("ChannelPlusNumber", 0), lambda pkt: pkt.present and pkt.present.ChannelPlus), # MCS ConditionalField( _RadiotapReversePadField( FlagsField("knownMCS", None, -8, _rt_knownmcs)), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField(BitField("Ness_LSB", 0, 1), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField(BitField("STBC_streams", 0, 2), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField(BitEnumField("FEC_type", 0, 1, { 0: "BCC", 1: "LDPC" }), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( BitEnumField("HT_format", 0, 1, { 0: "mixed", 1: "greenfield" }), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( BitEnumField("guard_interval", 0, 1, { 0: "Long_GI", 1: "Short_GI" }), # noqa: E501 lambda pkt: pkt.present and pkt.present.MCS), ConditionalField(BitEnumField("MCS_bandwidth", 0, 2, _rt_bandwidth), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField(ByteField("MCS_index", 0), lambda pkt: pkt.present and pkt.present.MCS), # A_MPDU ConditionalField(_RadiotapReversePadField(LEIntField("A_MPDU_ref", 0)), lambda pkt: pkt.present and pkt.present.A_MPDU), ConditionalField( FlagsField("A_MPDU_flags", None, -32, _rt_a_mpdu_flags), lambda pkt: pkt.present and pkt.present.A_MPDU), # VHT ConditionalField( _RadiotapReversePadField( FlagsField("KnownVHT", None, -16, _rt_knownvht)), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField(FlagsField("PresentVHT", None, -8, _rt_presentvht), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField(ByteEnumField("VHT_bandwidth", 0, _rt_vhtbandwidth), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField(StrFixedLenField("mcs_nss", 0, length=5), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField(ByteField("GroupID", 0), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField(ShortField("PartialAID", 0), lambda pkt: pkt.present and pkt.present.VHT), # timestamp ConditionalField(_RadiotapReversePadField(LELongField("timestamp", 0)), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField(LEShortField("ts_accuracy", 0), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField(ByteField("ts_position", 0), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField(ByteField("ts_flags", 0), lambda pkt: pkt.present and pkt.present.timestamp), # HE - XXX not complete ConditionalField(_RadiotapReversePadField(ShortField("he_data1", 0)), lambda pkt: pkt.present and pkt.present.HE), ConditionalField(ShortField("he_data2", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField(ShortField("he_data3", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField(ShortField("he_data4", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField(ShortField("he_data5", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField(ShortField("he_data6", 0), lambda pkt: pkt.present and pkt.present.HE), # HE_MU ConditionalField( _RadiotapReversePadField(LEShortField("hemu_flags1", 0)), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField(LEShortField("hemu_flags2", 0), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( FieldListField("RU_channel1", [], ByteField, count_from=lambda x: 4), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( FieldListField("RU_channel2", [], ByteField, count_from=lambda x: 4), lambda pkt: pkt.present and pkt.present.HE_MU), # HE_MU_other_user ConditionalField( _RadiotapReversePadField(LEShortField("hemuou_per_user_1", 0x7fff)), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), ConditionalField( LEShortField("hemuou_per_user_2", 0x003f), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), ConditionalField( ByteField("hemuou_per_user_position", 0), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), ConditionalField( FlagsField("hemuou_per_user_known", 0, -16, _rt_hemuother_per_user_known), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), # L_SIG ConditionalField( _RadiotapReversePadField( FlagsField("lsig_data1", 0, -16, ["rate", "length"])), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField(BitField("lsig_length", 0, 12), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField(BitField("lsig_rate", 0, 4), lambda pkt: pkt.present and pkt.present.L_SIG), # Remaining StrLenField( 'notdecoded', "", length_from=lambda pkt: max(pkt.len - pkt._tmp_dissect_pos, 0)) ] def guess_payload_class(self, payload): if self.present and self.present.Flags and self.Flags.FCS: return Dot11FCS return Dot11 def post_build(self, p, pay): if self.len is None: p = p[:2] + struct.pack("!H", len(p))[::-1] + p[4:] return p + pay
class EIR_CompleteLocalName(EIR_Element): name = "Complete Local Name" fields_desc = [ StrLenField("local_name", "", length_from=EIR_Element.length_from) ]
class PPP_IPCP_Option_NBNS2(PPP_IPCP_Option): name = "PPP IPCP Option: NBNS2 Address" fields_desc = [ByteEnumField("type", 132, _PPP_ipcpopttypes), FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda p, x:x + 2), IPField("data", "0.0.0.0"), ConditionalField(StrLenField("garbage", "", length_from=lambda pkt:pkt.len - 6), lambda p:p.len != 6)]
class ServerDHParams(_GenericTLSSessionInheritance): """ ServerDHParams for FFDH-based key exchanges, as defined in RFC 5246/7.4.3. Either with .fill_missing() or .post_dissection(), the server_kx_privkey or server_kx_pubkey of the TLS context are updated according to the parsed/assembled values. It is the user's responsibility to store and restore the original values if he wants to keep them. For instance, this could be done between the writing of a ServerKeyExchange and the receiving of a ClientKeyExchange (which includes secret generation). """ name = "Server FFDH parameters" fields_desc = [FieldLenField("dh_plen", None, length_of="dh_p"), StrLenField("dh_p", "", length_from=lambda pkt: pkt.dh_plen), FieldLenField("dh_glen", None, length_of="dh_g"), StrLenField("dh_g", "", length_from=lambda pkt: pkt.dh_glen), FieldLenField("dh_Yslen", None, length_of="dh_Ys"), StrLenField("dh_Ys", "", length_from=lambda pkt: pkt.dh_Yslen)] @crypto_validator def fill_missing(self): """ We do not want TLSServerKeyExchange.build() to overload and recompute things every time it is called. This method can be called specifically to have things filled in a smart fashion. Note that we do not expect default_params.g to be more than 0xff. """ s = self.tls_session default_params = _ffdh_groups['modp2048'][0].parameter_numbers() default_mLen = _ffdh_groups['modp2048'][1] if not self.dh_p: self.dh_p = pkcs_i2osp(default_params.p, default_mLen // 8) if self.dh_plen is None: self.dh_plen = len(self.dh_p) if not self.dh_g: self.dh_g = pkcs_i2osp(default_params.g, 1) if self.dh_glen is None: self.dh_glen = 1 p = pkcs_os2ip(self.dh_p) g = pkcs_os2ip(self.dh_g) real_params = dh.DHParameterNumbers(p, g).parameters(default_backend()) if not self.dh_Ys: s.server_kx_privkey = real_params.generate_private_key() pubkey = s.server_kx_privkey.public_key() y = pubkey.public_numbers().y self.dh_Ys = pkcs_i2osp(y, pubkey.key_size // 8) # else, we assume that the user wrote the server_kx_privkey by himself if self.dh_Yslen is None: self.dh_Yslen = len(self.dh_Ys) if not s.client_kx_ffdh_params: s.client_kx_ffdh_params = real_params @crypto_validator def register_pubkey(self): """ XXX Check that the pubkey received is in the group. """ p = pkcs_os2ip(self.dh_p) g = pkcs_os2ip(self.dh_g) pn = dh.DHParameterNumbers(p, g) y = pkcs_os2ip(self.dh_Ys) public_numbers = dh.DHPublicNumbers(y, pn) s = self.tls_session s.server_kx_pubkey = public_numbers.public_key(default_backend()) if not s.client_kx_ffdh_params: s.client_kx_ffdh_params = pn.parameters(default_backend()) def post_dissection(self, r): try: self.register_pubkey() except ImportError: pass def guess_payload_class(self, p): """ The signature after the params gets saved as Padding. This way, the .getfield() which _TLSServerParamsField inherits from PacketField will return the signature remain as expected. """ return Padding
class ECCurvePkt(Packet): name = "Elliptic Curve" fields_desc = [FieldLenField("alen", None, length_of="a", fmt="B"), StrLenField("a", "", length_from=lambda pkt: pkt.alen), FieldLenField("blen", None, length_of="b", fmt="B"), StrLenField("b", "", length_from=lambda pkt: pkt.blen)]
class RadiusAttribute(Packet): """ Implements a RADIUS attribute (RFC 2865). Every specific RADIUS attribute class should inherit from this one. """ name = "Radius Attribute" fields_desc = [ ByteEnumField("type", 1, _radius_attribute_types), FieldLenField("len", None, "value", "B", adjust=lambda pkt, x: len(pkt.value) + 2), StrLenField("value", "", length_from=lambda pkt: pkt.len - 2) ] registered_attributes = {} @classmethod def register_variant(cls): """ Registers the RADIUS attributes defined in this module. """ if hasattr(cls, "val"): cls.registered_attributes[cls.val] = cls else: cls.registered_attributes[cls.type.default] = cls @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): """ Returns the right RadiusAttribute class for the given data. """ if _pkt: attr_type = orb(_pkt[0]) return cls.registered_attributes.get(attr_type, cls) return cls def haslayer(self, cls): if cls == "RadiusAttribute": if isinstance(self, RadiusAttribute): return True elif issubtype(cls, RadiusAttribute): if isinstance(self, cls): return True return super(RadiusAttribute, self).haslayer(cls) def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): return super(RadiusAttribute, self).getlayer(cls, nb=nb, _track=_track, _subclass=True, **flt) def post_build(self, p, pay): length = self.len if length is None: length = len(p) + len(pay) p = p[:1] + struct.pack("!B", length) + p[2:] return p def guess_payload_class(self, _): return Padding
class EAP(Packet): """ RFC 3748 - Extensible Authentication Protocol (EAP) """ name = "EAP" fields_desc = [ ByteEnumField("code", 4, eap_codes), ByteField("id", 0), ShortField("len", None), ConditionalField( ByteEnumField("type", 0, eap_types), lambda pkt: pkt.code not in [EAP.SUCCESS, EAP.FAILURE]), ConditionalField( FieldListField("desired_auth_types", [], ByteEnumField("auth_type", 0, eap_types), length_from=lambda pkt: pkt.len - 4), lambda pkt: pkt.code == EAP.RESPONSE and pkt.type == 3), ConditionalField( StrLenField("identity", '', length_from=lambda pkt: pkt.len - 5), lambda pkt: pkt.code == EAP.RESPONSE and hasattr( pkt, 'type') and pkt.type == 1), # noqa: E501 ConditionalField( StrLenField("message", '', length_from=lambda pkt: pkt.len - 5), lambda pkt: pkt.code == EAP.REQUEST and hasattr( pkt, 'type') and pkt.type == 1) # noqa: E501 ] ######################################################################### # # EAP codes # http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-1 ######################################################################### # REQUEST = 1 RESPONSE = 2 SUCCESS = 3 FAILURE = 4 INITIATE = 5 FINISH = 6 registered_methods = {} @classmethod def register_variant(cls): cls.registered_methods[cls.type.default] = cls @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: c = orb(_pkt[0]) if c in [1, 2] and len(_pkt) >= 5: t = orb(_pkt[4]) return cls.registered_methods.get(t, cls) return cls def answers(self, other): if isinstance(other, EAP): if self.code == self.REQUEST: return 0 elif self.code == self.RESPONSE: if ((other.code == self.REQUEST) and (other.type == self.type)): return 1 elif other.code == self.RESPONSE: return 1 return 0 def mysummary(self): summary_str = "EAP %{eap_class}.code% %{eap_class}.type%".format( eap_class=self.__class__.__name__) if self.type == 1 and self.code == EAP.RESPONSE: summary_str += " %{eap_class}.identity%".format( eap_class=self.__class__.__name__) return self.sprintf(summary_str) def post_build(self, p, pay): if self.len is None: tmp_len = len(p) + len(pay) tmp_p = p[:2] + chb((tmp_len >> 8) & 0xff) + chb(tmp_len & 0xff) p = tmp_p + p[4:] return p + pay def guess_payload_class(self, _): return Padding
class LLTDAttributeDeviceUUID(LLTDAttribute): name = "LLTD Attribute - Device UUID" fields_desc = [ FieldLenField("len", None, length_of="uuid", fmt="B"), StrLenField("uuid", b"\x00" * 16, length_from=lambda pkt: pkt.len), ]
class PSKBinderEntry(Packet): name = "PSK Binder Entry" fields_desc = [ FieldLenField("binder_len", None, fmt="B", length_of="binder"), StrLenField("binder", "", length_from=lambda pkt: pkt.binder_len) ]
class KeyShareEntry(Packet): """ When building from scratch, we create a DH private key, and when dissecting, we create a DH public key. Default group is secp256r1. """ __slots__ = ["privkey", "pubkey"] name = "Key Share Entry" fields_desc = [ ShortEnumField("group", None, _tls_named_groups), FieldLenField("kxlen", None, length_of="key_exchange"), StrLenField("key_exchange", "", length_from=lambda pkt: pkt.kxlen) ] def __init__(self, *args, **kargs): self.privkey = None self.pubkey = None super(KeyShareEntry, self).__init__(*args, **kargs) def do_build(self): """ We need this hack, else 'self' would be replaced by __iter__.next(). """ tmp = self.explicit self.explicit = True b = super(KeyShareEntry, self).do_build() self.explicit = tmp return b @crypto_validator def create_privkey(self): """ This is called by post_build() for key creation. """ if self.group in _tls_named_ffdh_groups: params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0] privkey = params.generate_private_key() self.privkey = privkey pubkey = privkey.public_key() self.key_exchange = pubkey.public_numbers().y elif self.group in _tls_named_curves: if _tls_named_curves[self.group] == "x25519": if conf.crypto_valid_advanced: privkey = x25519.X25519PrivateKey.generate() self.privkey = privkey pubkey = privkey.public_key() self.key_exchange = pubkey.public_bytes() elif _tls_named_curves[self.group] != "x448": curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() privkey = ec.generate_private_key(curve, default_backend()) self.privkey = privkey pubkey = privkey.public_key() try: # cryptography >= 2.5 self.key_exchange = pubkey.public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint) except TypeError: # older versions self.key_exchange = pubkey.public_numbers().encode_point() def post_build(self, pkt, pay): if self.group is None: self.group = 23 # secp256r1 if not self.key_exchange: try: self.create_privkey() except ImportError: pass if self.kxlen is None: self.kxlen = len(self.key_exchange) group = struct.pack("!H", self.group) kxlen = struct.pack("!H", self.kxlen) return group + kxlen + self.key_exchange + pay @crypto_validator def register_pubkey(self): if self.group in _tls_named_ffdh_groups: params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0] pn = params.parameter_numbers() public_numbers = dh.DHPublicNumbers(self.key_exchange, pn) self.pubkey = public_numbers.public_key(default_backend()) elif self.group in _tls_named_curves: if _tls_named_curves[self.group] == "x25519": if conf.crypto_valid_advanced: import_point = x25519.X25519PublicKey.from_public_bytes self.pubkey = import_point(self.key_exchange) elif _tls_named_curves[self.group] != "x448": curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() import_point = ec.EllipticCurvePublicKey.from_encoded_point public_numbers = import_point( curve, self.key_exchange).public_numbers() # noqa: E501 self.pubkey = public_numbers.public_key(default_backend()) def post_dissection(self, r): try: self.register_pubkey() except ImportError: pass def extract_padding(self, s): return "", s
class MQTTSNWillMsgUpd(Packet): name = "MQTT-SN will message update" fields_desc = [ StrLenField("will_msg", "", length_from=_mqttsn_length_from(0)) ]
class ServerECDHNamedCurveParams(_GenericTLSSessionInheritance): name = "Server ECDH parameters - Named Curve" fields_desc = [ByteEnumField("curve_type", 3, _tls_ec_curve_types), ShortEnumField("named_curve", None, _tls_named_curves), FieldLenField("pointlen", None, length_of="point", fmt="B"), StrLenField("point", None, length_from=lambda pkt: pkt.pointlen)] @crypto_validator def fill_missing(self): """ We do not want TLSServerKeyExchange.build() to overload and recompute things every time it is called. This method can be called specifically to have things filled in a smart fashion. XXX We should account for the point_format (before 'point' filling). """ s = self.tls_session if self.curve_type is None: self.curve_type = _tls_ec_curve_types["named_curve"] if self.named_curve is None: curve = ec.SECP256R1() s.server_kx_privkey = ec.generate_private_key(curve, default_backend()) self.named_curve = next((cid for cid, name in six.iteritems(_tls_named_curves) # noqa: E501 if name == curve.name), 0) else: curve_name = _tls_named_curves.get(self.named_curve) if curve_name is None: # this fallback is arguable curve = ec.SECP256R1() else: curve_cls = ec._CURVE_TYPES.get(curve_name) if curve_cls is None: # this fallback is arguable curve = ec.SECP256R1() else: curve = curve_cls() s.server_kx_privkey = ec.generate_private_key(curve, default_backend()) if self.point is None: pubkey = s.server_kx_privkey.public_key() try: # cryptography >= 2.5 self.point = pubkey.public_bytes( serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint ) except TypeError: # older versions self.key_exchange = pubkey.public_numbers().encode_point() # else, we assume that the user wrote the server_kx_privkey by himself if self.pointlen is None: self.pointlen = len(self.point) if not s.client_kx_ecdh_params: s.client_kx_ecdh_params = curve @crypto_validator def register_pubkey(self): """ XXX Support compressed point format. XXX Check that the pubkey received is on the curve. """ # point_format = 0 # if self.point[0] in [b'\x02', b'\x03']: # point_format = 1 curve_name = _tls_named_curves[self.named_curve] curve = ec._CURVE_TYPES[curve_name]() s = self.tls_session try: # cryptography >= 2.5 import_point = ec.EllipticCurvePublicKey.from_encoded_point s.server_kx_pubkey = import_point(curve, self.point) except AttributeError: import_point = ec.EllipticCurvePublicNumbers.from_encoded_point pubnum = import_point(curve, self.point) s.server_kx_pubkey = pubnum.public_key(default_backend()) if not s.client_kx_ecdh_params: s.client_kx_ecdh_params = curve def post_dissection(self, r): try: self.register_pubkey() except ImportError: pass def guess_payload_class(self, p): return Padding
class EIR_Raw(EIR_Element): name = "EIR Raw" fields_desc = [ StrLenField("data", "", length_from=EIR_Element.length_from) ]
class IE_ProtocolConfigurationOptions(IE_Base): name = "Protocol Configuration Options" fields_desc = [ByteEnumField("ietype", 132, IEType), ShortField("length", 4), StrLenField("Protocol_Configuration", "", length_from=lambda x: x.length)]
class HCI_Cmd_LE_Set_Advertising_Data(Packet): name = "LE Set Advertising Data" fields_desc = [ FieldLenField("len", None, length_of="data", fmt="B"), StrLenField("data", "", length_from=lambda pkt: pkt.len), ]
class ICMPExtensionInterfaceInformation(ICMPExtensionObject): name = 'ICMP Extension Object - Interface Information Object (RFC5837)' fields_desc = [ShortField('len', None), ByteField('classnum', 2), BitField('interface_role', 0, 2), BitField('reserved', 0, 2), BitField('has_ifindex', 0, 1), BitField('has_ipaddr', 0, 1), BitField('has_ifname', 0, 1), BitField('has_mtu', 0, 1), ConditionalField( IntField('ifindex', None), lambda pkt: pkt.has_ifindex == 1), ConditionalField( ShortField('afi', None), lambda pkt: pkt.has_ipaddr == 1), ConditionalField( ShortField('reserved2', 0), lambda pkt: pkt.has_ipaddr == 1), ConditionalField( IPField('ip4', None), lambda pkt: pkt.afi == 1), ConditionalField( IP6Field('ip6', None), lambda pkt: pkt.afi == 2), ConditionalField( FieldLenField('ifname_len', None, fmt='B', length_of='ifname'), lambda pkt: pkt.has_ifname == 1), ConditionalField( StrLenField('ifname', None, length_from=lambda pkt: pkt.ifname_len), lambda pkt: pkt.has_ifname == 1), ConditionalField( IntField('mtu', None), lambda pkt: pkt.has_mtu == 1)] def self_build(self, field_pos_list=None): if self.afi is None: if self.ip4 is not None: self.afi = 1 elif self.ip6 is not None: self.afi = 2 if self.has_ifindex and self.ifindex is None: warning('has_ifindex set but ifindex is not set.') if self.has_ipaddr and self.afi is None: warning('has_ipaddr set but afi is not set.') if self.has_ipaddr and self.ip4 is None and self.ip6 is None: warning('has_ipaddr set but ip4 or ip6 is not set.') if self.has_ifname and self.ifname is None: warning('has_ifname set but ifname is not set.') if self.has_mtu and self.mtu is None: warning('has_mtu set but mtu is not set.') return ICMPExtensionObject.self_build(self, field_pos_list=field_pos_list) # noqa: E501
class PPP_ECP_Option_OUI(PPP_ECP_Option): fields_desc = [ByteEnumField("type", 0, _PPP_ecpopttypes), FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda p, x:x + 6), StrFixedLenField("oui", "", 3), ByteField("subtype", 0), StrLenField("data", "", length_from=lambda p:p.len - 6)]
class ProfinetDCP(Packet): """ Profinet DCP Packet Requests are handles via ConditionalFields because here only 1 Block is used every time Ŕesoinse can contain 1..n Blocks, for that you have to use one ProfinetDCP Layer with one or multiple DCP*Block Layers ProfinetDCP / DCPNameOfStationBlock / DCPDeviceIDBlock ... Example for a DCP Identify All Request: Ether(dst="01:0e:cf:00:00:00") / ProfinetIO(frameID=DCP_IDENTIFY_REQUEST_FRAME_ID) / ProfinetDCP( service_id=DCP_SERVICE_ID_IDENTIFY, service_type= DCP_REQUEST, option=255, sub_option=255, dcp_data_length=4) Example for a DCP Identify Response: Ether(dst=dst_mac) / ProfinetIO(frameID=DCP_IDENTIFY_RESPONSE_FRAME_ID) / ProfinetDCP( service_id=DCP_SERVICE_ID_IDENTIFY, service_type=DCP_RESPONSE) / DCPNameOfStationBlock(name_of_station="device1") Example for a DCP Set Request: Ether(dst=mac)/ProfinetIO(frameID=DCP_GET_SET_FRAME_ID)/ProfinetDCP(service_id=DCP_SERVICE_ID_SET, service_type=DCP_REQUEST, option=2, sub_option=2, dcp_data_length=14, dcp_block_length=10, name_of_station=name, response_delay=0) """ name = "Profinet DCP" # a DCP PDU consists of some fields and 1..n DCP Blocks fields_desc = [ ByteEnumField("service_id", 5, DCP_SERVICE_ID), ByteEnumField("service_type", 0, DCP_SERVICE_TYPE), XIntField("xid", 0x01000001), # XShortField('reserved', 0), ConditionalField(ShortField('response_delay', 1), lambda pkt: pkt.service_type == 0), ConditionalField(ShortField('reserved', 0), lambda pkt: pkt.service_type == 1), LenField("dcp_data_length", None), # DCP REQUEST specific ConditionalField(ByteEnumField("option", 2, DCP_OPTIONS), lambda pkt: pkt.service_type == 0), ConditionalField( MultiEnumField("sub_option", 3, DCP_SUBOPTIONS, fmt='B', depends_on=lambda p: p.option), lambda pkt: pkt.service_type == 0), # calculate the len fields - workaround ConditionalField(LenField("dcp_block_length", 0), lambda pkt: pkt.service_type == 0), # ConditionalField(LenField("dcp_block_length", 12), lambda pkt: pkt.service_type == 0 and (pkt.option == 1 or pkt.option == 2) and pkt.sub_option == 2), # name # ConditionalField(LenField("dcp_block_length", 12), lambda pkt: pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 2), # ip # TODO alias_name # DCP SET REQUEST # ConditionalField( ShortEnumField("block_qualifier", 1, BLOCK_QUALIFIERS), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0), # Name Of Station ConditionalField( StrLenField("name_of_station", "et200sp", length_from=lambda x: x.dcp_block_length - 2), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt. option == 2 and pkt.sub_option == 2), # MAC ConditionalField( MACField("mac", "00:00:00:00:00:00"), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 1), # IP ConditionalField( IPField("ip", "192.168.0.2"), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.option == 1 and pkt.sub_option == 2), ConditionalField( IPField("netmask", "255.255.255.0"), lambda pkt: pkt.service_id == 4 and pkt. service_type == 0 and pkt.option == 1 and pkt.sub_option == 2), ConditionalField( IPField("gateway", "192.168.0.1"), lambda pkt: pkt.service_id == 4 and pkt. service_type == 0 and pkt.option == 1 and pkt.sub_option == 2), # DCP IDENTIFY REQUEST # # Name of station ConditionalField( StrLenField("name_of_station", "et200sp", length_from=lambda x: x.dcp_block_length), lambda pkt: pkt.service_id == 5 and pkt.service_type == 0 and pkt. option == 2 and pkt.sub_option == 2), # Alias name ConditionalField( StrLenField("alias_name", "et200sp", length_from=lambda x: x.dcp_block_length), lambda pkt: pkt.service_id == 5 and pkt.service_type == 0 and pkt. option == 2 and pkt.sub_option == 6), # implement further REQUEST fields if needed .... # DCP RESPONSE BLOCKS # ConditionalField( PacketListField("dcp_blocks", [], guess_dcp_block_class, length_from=lambda p: p.dcp_data_length), lambda pkt: pkt.service_type == 1), ] def post_build(self, p, pay): # add padding to ensure min packet length padding = MIN_PACKET_LENGTH - (len(p + pay)) pay += b"\0" * padding return Packet.post_build(self, p, pay)
class PPP_LCP_Callback_Option(PPP_LCP_Option): fields_desc = [ByteEnumField("type", 13, _PPP_lcp_optiontypes), FieldLenField("len", None, fmt="B", length_of="message", adjust=lambda p, x:x + 3), ByteEnumField("operation", 0, _PPP_lcp_callback_operations), StrLenField("message", "", length_from=lambda p:p.len - 3)]
class MQTTSNGwInfo(Packet): name = "MQTT-SN gateway info" fields_desc = [ ByteField("gw_id", 0), StrLenField("gw_addr", "", length_from=_mqttsn_length_from(1)), ]
class Dot11Elt(Packet): __slots__ = ["info"] name = "802.11 Information Element" fields_desc = [ ByteEnumField("ID", 0, _dot11_info_elts_ids), FieldLenField("len", None, "info", "B"), StrLenField("info", "", length_from=lambda x: x.len, max_length=255) ] show_indent = 0 def mysummary(self): if self.ID == 0: ssid = repr(self.info) if ssid[:2] in ['b"', "b'"]: ssid = ssid[1:] return "SSID=%s" % ssid, [Dot11] else: return "" registered_ies = {} @classmethod def register_variant(cls): cls.registered_ies[cls.ID.default] = cls @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: _id = orb(_pkt[0]) if _id == 221: oui_a = orb(_pkt[2]) oui_b = orb(_pkt[3]) oui_c = orb(_pkt[4]) if oui_a == 0x00 and oui_b == 0x50 and oui_c == 0xf2: # MS OUI type_ = orb(_pkt[5]) if type_ == 0x01: # MS WPA IE return Dot11EltMicrosoftWPA else: return Dot11EltVendorSpecific else: return Dot11EltVendorSpecific else: return cls.registered_ies.get(_id, cls) return cls def haslayer(self, cls): if cls == "Dot11Elt": if isinstance(self, Dot11Elt): return True elif issubtype(cls, Dot11Elt): if isinstance(self, cls): return True return super(Dot11Elt, self).haslayer(cls) def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): return super(Dot11Elt, self).getlayer(cls, nb=nb, _track=_track, _subclass=True, **flt) def pre_dissect(self, s): # Backward compatibility: add info to all elements # This allows to introduce new Dot11Elt classes without breaking # previous code if len(s) >= 3: length = orb(s[1]) if length > 0 and length <= 255: self.info = s[2:2 + length] return s def post_build(self, p, pay): if self.len is None: p = p[:1] + chb(len(p) - 2) + p[2:] return p + pay
class MQTTSNPingReq(Packet): name = "MQTT-SN ping request" fields_desc = [ StrLenField("client_id", "", length_from=_mqttsn_length_from(0)), ]
class RadioTap(Packet): name = "RadioTap dummy" fields_desc = [ ByteField('version', 0), ByteField('pad', 0), LEShortField('len', None), FlagsField( 'present', None, -32, [ 'TSFT', 'Flags', 'Rate', 'Channel', 'FHSS', 'dBm_AntSignal', # noqa: E501 'dBm_AntNoise', 'Lock_Quality', 'TX_Attenuation', 'dB_TX_Attenuation', # noqa: E501 'dBm_TX_Power', 'Antenna', 'dB_AntSignal', 'dB_AntNoise', # noqa: E501 'RXFlags', 'TXFlags', 'b17', 'b18', 'ChannelPlus', 'MCS', 'A_MPDU', # noqa: E501 'VHT', 'timestamp', 'b24', 'b25', 'b26', 'b27', 'b28', 'b29', # noqa: E501 'RadiotapNS', 'VendorNS', 'Ext' ]), # noqa: E501 # Extended presence mask ConditionalField( PacketListField("Ext", [], next_cls_cb=_next_radiotap_extpm), lambda pkt: pkt.present and pkt.present.Ext), # noqa: E501 # Default fields ConditionalField( _RadiotapReversePadField(BitField("mac_timestamp", 0, -64)), lambda pkt: pkt.present and pkt.present.TSFT), # noqa: E501 ConditionalField( _RadiotapReversePadField( FlagsField( "Flags", None, -8, [ 'CFP', 'ShortPreamble', 'wep', 'fragment', # noqa: E501 'FCS', 'pad', 'badFCS', 'ShortGI' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.Flags), ConditionalField( _RadiotapReversePadField(ByteField("Rate", 0)), lambda pkt: pkt.present and pkt.present.Rate), # noqa: E501 ConditionalField( _RadiotapReversePadField(LEShortField("Channel", 0)), lambda pkt: pkt.present and pkt.present.Channel), # noqa: E501 ConditionalField( _RadiotapReversePadField( FlagsField( "ChannelFlags", None, -16, [ 'res1', 'res2', 'res3', 'res4', 'Turbo', 'CCK', # noqa: E501 'OFDM', '2GHz', '5GHz', 'Passive', 'Dynamic_CCK_OFDM', # noqa: E501 'GFSK', 'GSM', 'StaticTurbo', '10MHz', '5MHz' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.Channel), ConditionalField( _RadiotapReversePadField(_dbmField("dBm_AntSignal", -256)), lambda pkt: pkt.present and pkt.present.dBm_AntSignal), # noqa: E501 ConditionalField( _RadiotapReversePadField(_dbmField("dBm_AntNoise", -256)), lambda pkt: pkt.present and pkt.present.dBm_AntNoise), # noqa: E501 ConditionalField( _RadiotapReversePadField(ByteField("Antenna", 0)), lambda pkt: pkt.present and pkt.present.Antenna), # noqa: E501 # RX Flags ConditionalField( _RadiotapReversePadField( FlagsField("RXFlags", None, -16, ["res1", "BAD_PLCP", "res2"])), # noqa: E501 lambda pkt: pkt.present and pkt.present.RXFlags), # noqa: E501# # TX Flags ConditionalField( _RadiotapReversePadField( FlagsField("TXFlags", None, -16, ["TX_FAIL", "CTS", "RTS", "NOACK", "NOSEQ" ])), # noqa: E501 lambda pkt: pkt.present and pkt.present.TXFlags), # noqa: E501 # ChannelPlus ConditionalField( _RadiotapReversePadField( FlagsField( "ChannelFlags2", None, -32, [ 'res1', 'res2', 'res3', 'res4', 'Turbo', 'CCK', # noqa: E501 'OFDM', '2GHz', '5GHz', 'Passive', 'Dynamic_CCK_OFDM', # noqa: E501 'GFSK', 'GSM', 'StaticTurbo', '10MHz', '5MHz', # noqa: E501 '20MHz', '40MHz_ext_channel_above', '40MHz_ext_channel_below', # noqa: E501 'res5', 'res6', 'res7', 'res8', 'res9' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.ChannelPlus), ConditionalField( _RadiotapReversePadField(LEShortField("ChannelFrequency", 0)), lambda pkt: pkt.present and pkt.present.ChannelPlus), # noqa: E501 ConditionalField( _RadiotapReversePadField(ByteField("ChannelNumber", 0)), lambda pkt: pkt.present and pkt.present.ChannelPlus), # noqa: E501 # MCS ConditionalField( _RadiotapReversePadField( FlagsField( "knownMCS", None, -8, [ 'bandwidth', 'MCS_index', 'guard_interval', 'HT_format', # noqa: E501 'FEC_type', 'STBC_streams', 'Ness', 'Ness_MSB' ])), # noqa: E501 lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( BitEnumField("bandwidth", 0, 2, { 0: "20MHz", 1: "40MHz", 2: "ht40Mhz-", 3: "ht40MHz+" }), # noqa: E501 lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField( BitEnumField("guard_interval", 0, 1, { 0: "Long_GI", 1: "Short_GI" }), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField( BitEnumField("HT_format", 0, 1, { 0: "mixed", 1: "greenfield" }), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField(BitEnumField("FEC_type", 0, 1, { 0: "BCC", 1: "LDPC" }), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField( BitField("STBC_streams", 0, 2), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField( BitField("Ness_LSB", 0, 1), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 ConditionalField(ByteField( "MCS_index", 0), lambda pkt: pkt.present and pkt.present.MCS), # noqa: E501 # A_MPDU ConditionalField( _RadiotapReversePadField(LEIntField("A_MPDU_ref", 0)), lambda pkt: pkt.present and pkt.present.A_MPDU), # noqa: E501 ConditionalField( _RadiotapReversePadField( FlagsField( "A_MPDU_flags", None, -32, [ 'Report0Subframe', 'Is0Subframe', 'KnownLastSubframe', # noqa: E501 'LastSubframe', 'CRCerror', 'EOFsubframe', 'KnownEOF', # noqa: E501 'res1', 'res2', 'res3', 'res4', 'res5', 'res6', 'res7', 'res8' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.A_MPDU), # VHT ConditionalField( _RadiotapReversePadField( FlagsField( "KnownVHT", None, -16, [ 'STBC', 'TXOP_PS_NOT_ALLOWED', 'GuardInterval', 'SGINsysmDis', # noqa: E501 'LDPCextraOFDM', 'Beamformed', 'Bandwidth', 'GroupID', 'PartialAID', # noqa: E501 'res1', 'res2', 'res3', 'res4', 'res5', 'res6', 'res7' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField( _RadiotapReversePadField( FlagsField( "PresentVHT", None, -8, [ 'STBC', 'TXOP_PS_NOT_ALLOWED', 'GuardInterval', 'SGINsysmDis', # noqa: E501 'LDPCextraOFDM', 'Beamformed', 'res1', 'res2' ]) # noqa: E501 ), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField( _RadiotapReversePadField( ByteEnumField("bandwidth", 0, _vht_bandwidth)), lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501 ConditionalField( _RadiotapReversePadField(StrFixedLenField("mcs_nss", 0, length=5)), lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501 ConditionalField( _RadiotapReversePadField(ByteField("GroupID", 0)), lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501 ConditionalField( _RadiotapReversePadField(ShortField("PartialAID", 0)), lambda pkt: pkt.present and pkt.present.VHT), # noqa: E501 StrLenField('notdecoded', "", length_from=lambda pkt: pkt.len - pkt._tmp_dissect_pos) ] # noqa: E501 def guess_payload_class(self, payload): if self.present and self.present.Flags and self.Flags.FCS: return Dot11FCS return Dot11 def post_build(self, p, pay): if self.len is None: p = p[:2] + struct.pack("!H", len(p))[::-1] + p[4:] return p + pay
class MQTTSNWillTopicUpd(Packet): name = "MQTT-SN will topic update" fields_desc = FLAG_FIELDS + [ StrLenField("will_topic", "", length_from=_mqttsn_length_from(1)), ]
class NTLMSSPLE(Packet): name = 'NTLM Secure Service Provider' fields_desc = [ StrFixedLenField('identifier', 'NTLMSSP', length=8), LEIntEnumField('messageType', 3, {3: 'NTLMSSP_AUTH'}), LEShortField('lanManagerLen', 0), LEShortField('lanManagerMax', 0), LEIntField('lanManagerOffset', 0), LEShortField('NTLMRepLen', 0), LEShortField('NTLMRepMax', 0), LEIntField('NTLMRepOffset', 0), LEShortField('domainNameLen', 0), LEShortField('domainNameMax', 0), LEIntField('domainNameOffset', 0), LEShortField('userNameLen', 0), LEShortField('userNameMax', 0), LEIntField('userNameOffset', 0), LEShortField('hostNameLen', 0), LEShortField('hostNameMax', 0), LEIntField('hostNameOffset', 0), LEShortField('sessionKeyLen', 0), LEShortField('sessionKeyMax', 0), LEIntField('sessionKeyOffset', 0), FlagsField('negociateFlags', 0, 32, _negociate_flags), ByteField('versionMajor', 0), ByteField('versionMinor', 0), LEShortField('buildNumber', 0), ByteField('reserved', 0), ShortField('reserved2', 0), ByteField('NTLMCurrentRevision', 0), StrFixedLenField('MIC', '', 16), StrLenField('domainName', '', length_from=lambda pkt: pkt.domainNameLen), StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen), StrLenField('hostName', '', length_from=lambda pkt: pkt.hostNameLen), StrLenField('lanManager', '', length_from=lambda pkt: pkt.lanManagerLen), StrFixedLenField('NTLMRep', '', length=16), ByteField('responseVersion', 0), ByteField('hiResponseVersion', 0), StrFixedLenField('Z', '', 6), LELongField('timestamp', 0), # Time in nanosecond StrFixedLenField('clientChallenge', '', 8), LEIntField('Z', 0), PacketField('attribute1', None, AttributeNameLE), PacketField('attribute2', None, AttributeNameLE), PacketField('attribute3', None, AttributeNameLE), PacketField('attribute4', None, AttributeNameLE), PacketField('attribute5', None, AttributeNameLE), PacketField('attribute6', None, AttributeNameLE), PacketField('attribute7', None, AttributeNameLE), PacketField('attribute8', None, AttributeNameLE), PacketField('attribute9', None, AttributeNameLE), PacketField('attribute10', None, AttributeNameLE), LEIntField('Z', 0), LEIntField('padding', 0), StrLenField('sessionKey', '', length_from=lambda pkt: pkt.sessionKeyLen), ] def extract_padding(self, p): return b"", p
class PAS5211EventDbaAlgorithm(PAS5211Event): name = "PAS5211EventDbaAlgorithm" fields_desc = [ FieldLenField("size", None, fmt="<H", length_of="data"), StrLenField("data", "", length_from=lambda x: x.size) ]