class SAPDiagMenuEntry(PacketNoPadded):
name = "SAP Diag Menu Entry"
fields_desc = [
ShortField("length", 0),
ByteField("position_1", 0),
ByteField("position_2", 0),
ByteField("position_3", 0),
ByteField("position_4", 0),
# Menu Entry Flags
BitField("flag_TERM_??8", 0, 1), # 80
BitField("flag_TERM_??7", 0, 1), # 40
BitField("flag_TERM_??6", 0, 1), # 20
BitField("flag_TERM_VKEY", 0, 1), # 10
BitField("flag_TERM_SEP", 0, 1), # 8
BitField("flag_TERM_MEN", 0, 1), # 4
BitField("flag_TERM_SEL", 0, 1), # 2
BitField("flag_TERM_??1", 0, 1), # 1
ByteField("virtual_key", 0),
ByteField("return_code_1", 0),
ByteField("return_code_2", 0),
ByteField("return_code_3", 0),
ByteField("return_code_4", 0),
ByteField("return_code_5", 0),
ByteField("return_code_6", 0),
ByteField("function_code_1", 0),
ByteField("function_code_2", 0),
ByteField("function_code_3", 0),
ByteField("function_code_4", 0),
ByteField("function_code_5", 0),
ByteField("function_code_6", 0),
StrNullField("text", ""),
StrNullField("accelerator", ""),
StrNullField("info", ""),
]
class SAPMSProperty(PacketNoPadded):
"""SAP Message Server Property packet.
Packet containing information about properties.
"""
name = "SAP Message Server Property"
fields_desc = [
StrNullFixedLenField("client", None, 39),
IntEnumField("id", 0x00, ms_property_id_values),
# MS_PROPERTY_VHOST
ConditionalField(ShortEnumKeysField("logon", 0, ms_logon_type_values), lambda pkt:pkt.id in [0x02]),
# MS_PROPERTY_IPADR
ConditionalField(IPField("address", "0.0.0.0"), lambda pkt:pkt.id in [0x03]),
ConditionalField(IP6Field("address6", "::"), lambda pkt:pkt.id in [0x03]),
# MS_PROPERTY_PARAM
ConditionalField(StrNullField("param", ""), lambda pkt:pkt.id in [0x04]),
ConditionalField(StrNullField("value", ""), lambda pkt:pkt.id in [0x04]),
# MS_PROPERTY_SERVICE
ConditionalField(ShortField("service", 0), lambda pkt:pkt.id in [0x05]),
# Release Information fields
ConditionalField(StrNullFixedLenField("release", "720", length=9), lambda pkt:pkt.id in [0x07]),
ConditionalField(IntField("patchno", 0), lambda pkt:pkt.id in [0x07]),
ConditionalField(IntField("supplvl", 0), lambda pkt:pkt.id in [0x07]),
ConditionalField(IntField("platform", 0), lambda pkt:pkt.id in [0x07]),
]
class TFTP_WRQ(Packet):
name = "TFTP Write Request"
fields_desc = [StrNullField("filename", ""), StrNullField("mode", "octet")]
def answers(self, other):
return 0
def mysummary(self):
return self.sprintf("WRQ %filename%"), [UDP]
class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response):
name = "SMB Negotiate No-Security Response (CIFS)"
fields_desc = [
ByteField("WordCount", 0x1),
LEShortField("DialectIndex", 7),
FlagsField("SecurityMode", 0x03, 8, [
"USER_SECURITY", "ENCRYPT_PASSWORDS",
"SECURITY_SIGNATURES_ENABLED", "SECURITY_SIGNATURES_REQUIRED"
]),
LEShortField("MaxMpxCount", 50),
LEShortField("MaxNumberVC", 1),
LEIntField("MaxBufferSize", 16144),
LEIntField("MaxRawSize", 65536),
LEIntField("SessionKey", 0x0000),
FlagsField("ServerCapabilities", 0xf3f9, -32, _SMB_ServerCapabilities),
UTCTimeField("ServerTime",
None,
fmt="<Q",
epoch=[1601, 1, 1, 0, 0, 0],
custom_scaling=1e7),
LEShortField("ServerTimeZone", 0x3c),
ByteField("ChallengeLength", 0), # aka EncryptionKeyLength
LEFieldLenField("ByteCount",
None,
length_of="DomainName",
adjust=lambda pkt, x: x + len(pkt.Challenge)),
StrLenField(
"Challenge",
b"", # aka EncryptionKey
length_from=lambda pkt: pkt.ChallengeLength),
StrNullField("DomainName", "WORKGROUP")
]
class SMBMailSlot(Packet):
name = "SMB Mail Slot Protocol"
fields_desc = [
LEShortField("opcode", 1),
LEShortField("priority", 1),
LEShortField("class", 2),
LEShortField("size", 135),
StrNullField("name", "\\MAILSLOT\\NET\\GETDC660")
]
class SMB_Dialect(Packet):
name = "SMB Dialect"
fields_desc = [
ByteField("BufferFormat", 0x02),
StrNullField("DialectString", "NT LM 0.12")
]
def default_payload_class(self, payload):
return conf.padding_layer
class SAPEnqueueParam(PacketNoPadded):
"""SAP Enqueue Server Connection Admin Parameter packet
"""
name = "SAP Enqueue Connection Admin Parameter"
fields_desc = [
IntEnumField("param", 0, enqueue_param_values),
ConditionalField(IntField("len", 0), lambda pkt:pkt.param in [0x06]),
ConditionalField(IntField("value", 0), lambda pkt:pkt.param not in [0x03, 0x04]),
ConditionalField(StrNullField("set_name", ""), lambda pkt:pkt.param in [0x03]),
]
class SMBNetlogon_Protocol_Response_Tail_LM20(Packet):
name = "SMB Netlogon Protocol Response Tail LM20"
fields_desc = [
ByteEnumField(
"Command", 0x06,
{0x06: "LM 2.0 Response to logon request"}), # noqa: E501
ByteField("unused", 0),
StrFixedLenField("DblSlash", "\\\\", 2),
StrNullField("ServerName", "WIN"),
LEShortField("LM20Token", 0xffff)
]
class SMBNegociate_Protocol_Response_No_Security(Packet):
name = "SMBNegociate Protocol Response No Security"
fields_desc = [
StrFixedLenField("Start", b"\xffSMB", 4),
ByteEnumField("Command", 0x72, {0x72: "SMB_COM_NEGOTIATE"}),
ByteField("Error_Class", 0),
ByteField("Reserved", 0),
LEShortField("Error_Code", 0),
ByteField("Flags", 0x98),
LEShortField("Flags2", 0x0000),
LEShortField("PIDHigh", 0x0000),
LELongField("Signature", 0x0),
LEShortField("Unused", 0x0),
LEShortField("TID", 0),
LEShortField("PID", 1),
LEShortField("UID", 0),
LEShortField("MID", 2),
ByteField("WordCount", 17),
LEShortField("DialectIndex", 7),
ByteField("SecurityMode", 0x03),
LEShortField("MaxMpxCount", 50),
LEShortField("MaxNumberVC", 1),
LEIntField("MaxBufferSize", 16144),
LEIntField("MaxRawSize", 65536),
LEIntField("SessionKey", 0x0000),
LEShortField("ServerCapabilities", 0xf3f9),
BitField("UnixExtensions", 0, 1),
BitField("Reserved2", 0, 7),
BitField("ExtendedSecurity", 0, 1),
FlagsField("CompBulk", 0, 2, "CB"),
BitField("Reserved3", 0, 5),
# There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94. # noqa: E501
LEIntField("ServerTimeHigh", 0xD6228000),
LEIntField("ServerTimeLow", 0x1C4EF94),
LEShortField("ServerTimeZone", 0x3c),
ByteField("EncryptionKeyLength", 8),
LEShortField("ByteCount", 24),
BitField("EncryptionKey", 0, 64),
StrNullField("DomainName", "WORKGROUP"),
StrNullField("ServerName", "RMFF1")
]
class TFTP_ERROR(Packet):
name = "TFTP Error"
fields_desc = [
ShortEnumField("errorcode", 0, TFTP_Error_Codes),
StrNullField("errormsg", "")
]
def answers(self, other):
return isinstance(other, (TFTP_DATA, TFTP_RRQ, TFTP_WRQ, TFTP_ACK))
def mysummary(self):
return self.sprintf("ERROR %errorcode%: %errormsg%"), [UDP]
class SMBSession_Setup_AndX_Request(Packet):
name = "Session Setup AndX Request (CIFS)"
fields_desc = [
ByteField("WordCount", 13),
ByteEnumField("AndXCommand", 0x75, SMB_COM),
ByteField("AndXReserved", 0),
LEShortField("AndXOffset", 96),
LEShortField("MaxBufferSize", 2920),
LEShortField("MaxMPXCount", 50),
LEShortField("VCNumber", 0),
LEIntField("SessionKey", 0),
LEFieldLenField("OEMPasswordLength", None, length_of="OEMPassword"),
LEFieldLenField("UnicodePasswordLength",
None,
length_of="UnicodePassword"),
LEIntField("Reserved", 0),
FlagsField("ServerCapabilities", 0x05, -32, _SMB_ServerCapabilities),
LEShortField("ByteCount", 35),
XStrLenField("OEMPassword",
"Pass",
length_from=lambda x: x.OEMPasswordLength),
XStrLenField("UnicodePassword",
"Pass",
length_from=lambda x: x.UnicodePasswordLength),
ReversePadField(StrNullField("AccountName", "GUEST"), 2, b"\0"),
_SMBStrNullField("PrimaryDomain", ""),
_SMBStrNullField("NativeOS", "Windows 4.0"),
_SMBStrNullField("NativeLanMan", "Windows 4.0"),
# Off spec?
ByteField("WordCount2", 4),
ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}),
ByteField("Reserved6", 0),
LEShortField("AndXOffset2", 0),
LEShortField("Flags3", 0x2),
LEShortField("PasswordLength", 0x1),
LEShortField("ByteCount2", 18),
ByteField("Password", 0),
StrNullField("Path", "\\\\WIN2K\\IPC$"),
StrNullField("Service", "IPC")
]
class SMBSession_Setup_AndX_Response(Packet):
name = "Session Setup AndX Response (CIFS)"
fields_desc = [
ByteField("WordCount", 3),
ByteEnumField("AndXCommand", 0x75, SMB_COM),
ByteField("AndXReserved", 0),
LEShortField("AndXOffset", 66),
LEShortField("Action", 0),
LEShortField("ByteCount", 25),
_SMBStrNullField("NativeOS", "Windows 4.0"),
_SMBStrNullField("NativeLanManager", "Windows 4.0"),
_SMBStrNullField("PrimaryDomain", ""),
# Off spec?
ByteField("WordCount2", 3),
ByteEnumField("AndXCommand2", 0xFF, SMB_COM),
ByteField("Reserved3", 0),
LEShortField("AndXOffset2", 80),
LEShortField("OptionalSupport", 0x01),
LEShortField("ByteCount2", 5),
StrNullField("Service", "IPC"),
StrNullField("NativeFileSystem", "")
]
class SMBSession_Setup_AndX_Response(Packet):
name = "Session Setup AndX Response"
fields_desc = [
StrFixedLenField("Start", b"\xffSMB", 4),
ByteEnumField("Command", 0x73,
{0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501
ByteField("Error_Class", 0),
ByteField("Reserved", 0),
LEShortField("Error_Code", 0),
ByteField("Flags", 0x90),
LEShortField("Flags2", 0x1001),
LEShortField("PIDHigh", 0x0000),
LELongField("Signature", 0x0),
LEShortField("Unused", 0x0),
LEShortField("TID", 0),
LEShortField("PID", 1),
LEShortField("UID", 0),
LEShortField("MID", 2),
ByteField("WordCount", 3),
ByteEnumField("AndXCommand", 0x75,
{0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501
ByteField("Reserved2", 0),
LEShortField("AndXOffset", 66),
LEShortField("Action", 0),
LEShortField("ByteCount", 25),
StrNullField("NativeOS", "Windows 4.0"),
StrNullField("NativeLanManager", "Windows 4.0"),
StrNullField("PrimaryDomain", ""),
ByteField("WordCount2", 3),
ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}),
ByteField("Reserved3", 0),
LEShortField("AndXOffset2", 80),
LEShortField("OptionalSupport", 0x01),
LEShortField("ByteCount2", 5),
StrNullField("Service", "IPC"),
StrNullField("NativeFileSystem", "")
]
class SMBNegotiate_Response_Security(_SMBNegotiate_Response):
name = "SMB Negotiate Non-Extended Security Response (SMB)"
WordCount = 0x11
fields_desc = SMBNegotiate_Response_NoSecurity.fields_desc[:12] + [
LEFieldLenField("ByteCount",
None,
length_of="DomainName",
adjust=lambda pkt, x: x + len(pkt.Challenge) + len(
pkt.ServerName)),
StrLenField(
"Challenge",
b"", # aka EncryptionKey
length_from=lambda pkt: pkt.ChallengeLength),
StrNullField("DomainName", "WORKGROUP"),
StrNullFieldUtf16("ServerName", "RMFF1")
]
class SMBSession_Setup_AndX_Request(Packet):
name = "Session Setup AndX Request"
fields_desc = [
StrFixedLenField("Start", b"\xffSMB", 4),
ByteEnumField("Command", 0x73,
{0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501
ByteField("Error_Class", 0),
ByteField("Reserved", 0),
LEShortField("Error_Code", 0),
ByteField("Flags", 0x18),
LEShortField("Flags2", 0x0001),
LEShortField("PIDHigh", 0x0000),
LELongField("Signature", 0x0),
LEShortField("Unused", 0x0),
LEShortField("TID", 0),
LEShortField("PID", 1),
LEShortField("UID", 0),
LEShortField("MID", 2),
ByteField("WordCount", 13),
ByteEnumField("AndXCommand", 0x75,
{0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501
ByteField("Reserved2", 0),
LEShortField("AndXOffset", 96),
LEShortField("MaxBufferS", 2920),
LEShortField("MaxMPXCount", 50),
LEShortField("VCNumber", 0),
LEIntField("SessionKey", 0),
LEFieldLenField("ANSIPasswordLength", None, "ANSIPassword"),
LEShortField("UnicodePasswordLength", 0),
LEIntField("Reserved3", 0),
LEShortField("ServerCapabilities", 0x05),
BitField("UnixExtensions", 0, 1),
BitField("Reserved4", 0, 7),
BitField("ExtendedSecurity", 0, 1),
BitField("CompBulk", 0, 2),
BitField("Reserved5", 0, 5),
LEShortField("ByteCount", 35),
StrLenField("ANSIPassword",
"Pass",
length_from=lambda x: x.ANSIPasswordLength), # noqa: E501
StrNullField("Account", "GUEST"),
StrNullField("PrimaryDomain", ""),
StrNullField("NativeOS", "Windows 4.0"),
StrNullField("NativeLanManager", "Windows 4.0"),
ByteField("WordCount2", 4),
ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}),
ByteField("Reserved6", 0),
LEShortField("AndXOffset2", 0),
LEShortField("Flags3", 0x2),
LEShortField("PasswordLength", 0x1),
LEShortField("ByteCount2", 18),
ByteField("Password", 0),
StrNullField("Path", "\\\\WIN2K\\IPC$"),
StrNullField("Service", "IPC")
]
class SMBNegociate_Protocol_Request_Tail(Packet):
name = "SMB Negotiate Protocol Request Tail"
fields_desc = [
ByteField("BufferFormat", 0x02),
StrNullField("BufferData", "NT LM 0.12")
]
class SAPDiagDyntAtomItem(PacketNoPadded):
name = "SAP Diag Dynt Atom item"
fields_desc = [
ShortField("atom_length", 0),
ByteField("dlg_flag_1", 0),
ByteField("dlg_flag_2", 0),
ByteEnumKeysField("etype", 0, diag_atom_etypes),
ByteField("area", 0),
ByteField("block", 0),
ByteField("group", 0),
ShortField("row", 0),
ShortField("col", 0),
# Attr flags
BitField("attr_DIAG_BSD_COMBOSTYLE", 0, 1), # 80
BitField("attr_DIAG_BSD_YES3D", 0, 1), # 40
BitField("attr_DIAG_BSD_PROPFONT", 0, 1), # 20
BitField("attr_DIAG_BSD_MATCHCODE", 0, 1), # 10
BitField("attr_DIAG_BSD_JUSTRIGHT", 0, 1), # 08
BitField("attr_DIAG_BSD_INTENSIFY", 0, 1), # 04
BitField("attr_DIAG_BSD_INVISIBLE", 0, 1), # 02
BitField("attr_DIAG_BSD_PROTECTED", 0, 1), # 01
# DIAG_DGOTYP_FNAME
ConditionalField(
StrLenField("name_text",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype == 114),
# DIAG_DGOTYP_PUSHBUTTON_2 */
ConditionalField(ByteField("pushbutton_v_length", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ByteField("pushbutton_v_height", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ShortField("pushbutton_function_code_offset", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(ShortField("pushbutton_text_offset", 0),
lambda pkt: pkt.etype in [115]),
ConditionalField(StrField("pushbutton_text", ""),
lambda pkt: pkt.etype in [115]),
ConditionalField(StrField("pushbutton_function_code", ""),
lambda pkt: pkt.etype in [115]),
# DIAG_DGOTYP_TABSTRIP_BUTTON
ConditionalField(ByteField("tabstripbutton_v_length", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ByteField("tabstripbutton_v_height", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ByteField("tabstripbutton_page_id", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_function_code_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_text_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(ShortField("tabstripbutton_id_offset", 0),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_text", ""),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_function_code", ""),
lambda pkt: pkt.etype in [116]),
ConditionalField(StrNullField("tabstripbutton_id", ""),
lambda pkt: pkt.etype in [116]),
# DIAG_DGOTYP_XMLPROP
ConditionalField(
StrLenField("xmlprop_text",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype == 120),
# DIAG_DGOTYP_EFIELD_1 or DIAG_DGOTYP_OFIELD_1 or DIAG_DGOTYP_KEYWORD_1
ConditionalField(ByteField("field1_flag1", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(
FieldLenField("field1_dlen",
None,
fmt="B",
length_of="field1_text"),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(ByteField("field1_mlen", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(ShortField("field1_maxnrchars", 0),
lambda pkt: pkt.etype in [121, 122, 123]),
ConditionalField(
StrLenField("field1_text",
"",
length_from=lambda pkt: pkt.field1_dlen),
lambda pkt: pkt.etype in [121, 122, 123]),
# DIAG_DGOTYP_FRAME_1
ConditionalField(ShortField("frame_drows", 0),
lambda pkt: pkt.etype in [127]),
ConditionalField(ShortField("frame_dcols", 0),
lambda pkt: pkt.etype in [127]),
ConditionalField(
StrLenField("frame_text",
"",
length_from=lambda pkt: pkt.atom_length - 17),
lambda pkt: pkt.etype in [127]),
# DIAG_DGOTYP_RADIOBUTTON_3
ConditionalField(ByteField("radiobutton_button", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_visible_label_length", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_event_id_off", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ByteField("radiobutton_event_id_len", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_text_off", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(ShortField("radiobutton_text_length", 0),
lambda pkt: pkt.etype in [129]),
ConditionalField(
StrLenField("radiobutton_text",
"",
length_from=lambda pkt: pkt.radiobutton_event_id_len +
pkt.radiobutton_text_length),
lambda pkt: pkt.etype in [129]),
# DIAG_DGOTYP_EFIELD_2 or DIAG_DGOTYP_OFIELD_2 or DIAG_DGOTYP_KEYWORD_2
ConditionalField(ShortField("field2_flag1", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(
FieldLenField("field2_dlen",
None,
fmt="B",
length_of="field2_text"),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(ByteField("field2_mlen", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(ShortField("field2_maxnrchars", 0),
lambda pkt: pkt.etype in [130, 131, 132]),
ConditionalField(
StrLenField("field2_text",
"",
length_from=lambda pkt: pkt.field2_dlen),
lambda pkt: pkt.etype in [130, 131, 132]),
# Remaining types
ConditionalField(
StrLenField("value",
"",
length_from=lambda pkt: pkt.atom_length - 13),
lambda pkt: pkt.etype not in
[114, 115, 116, 120, 121, 122, 123, 127, 129, 130, 131, 132]),
]
def post_build(self, p, pay):
if pay is None:
pay = ''
# Update the atom_length field (first 2 bytes) with the packet length
p = pack("!H", len(p)) + p[2:]
return p + pay
class MQTTUnsubscribe(Packet):
name = "MQTT unsubscribe"
fields_desc = [ShortField("msgid", None), StrNullField("payload", "")]
class SAPRouter(Packet):
"""SAP Router packet
This packet is used for general SAP Router packets. There are (at least)
five types of SAP Router packets:
1. Route packets. For requesting the routing of a connection to a
remote hosts. The packet contains some general information and a
connection string with a list of routing hops (:class:`SAPRouterRouteHop`).
2. Administration packets. This packet is used for the SAP Router to
send administrative commands. It's suppose to be used only from the
hosts running the SAP Router or when an specific route is included in
the routing table. Generally administration packets are not accepted
from the external binding.
3. Error Information packets. Packets sent when an error occurred.
4. Control Message packets. Used to perform some control activities,
like retrieving the current SAPRouter version or to perform the SNC
handshake. They have the same structure that error information
packets.
5. Route accepted packet. Used to acknowledge a route request
("NI_PONG").
Routed packets and some responses doesn't fill in these five packet
types. For identifying those cases, you should check the type using the
function :class:`router_is_known_type`.
NI Versions found (unconfirmed):
- 30: Release 40C
- 36: Release <6.20
- 38: Release 7.00/7.10
- 39: Release 7.11
- 40: Release 7.20/7.21
"""
# Default router version to use
SAPROUTER_DEFAULT_VERSION = 40
# Constants for router types
SAPROUTER_ROUTE = "NI_ROUTE"
""" :cvar: Constant for route packets
:type: C{string} """
SAPROUTER_ADMIN = "ROUTER_ADM"
""" :cvar: Constant for administration packets
:type: C{string} """
SAPROUTER_ERROR = "NI_RTERR"
""" :cvar: Constant for error information packets
:type: C{string} """
SAPROUTER_CONTROL = "NI_RTERR"
""" :cvar: Constant for control messages packets
:type: C{string} """
SAPROUTER_PONG = "NI_PONG"
""" :cvar: Constant for route accepted packets
:type: C{string} """
router_type_values = [
SAPROUTER_ADMIN,
SAPROUTER_ERROR,
SAPROUTER_CONTROL,
SAPROUTER_ROUTE,
SAPROUTER_PONG,
]
""" :cvar: List of known packet types
:type: ``list`` of C{string} """
name = "SAP Router"
fields_desc = [
# General fields present in all SAP Router packets
StrNullField("type", SAPROUTER_ROUTE),
ConditionalField(
ByteField("version", 2),
lambda pkt: router_is_known_type(pkt) and not router_is_pong(pkt)),
# Route packets
ConditionalField(
ByteField("route_ni_version", SAPROUTER_DEFAULT_VERSION),
router_is_route),
ConditionalField(ByteField("route_entries", 0), router_is_route),
ConditionalField(
ByteEnumKeysField("route_talk_mode", 0,
router_ni_talk_mode_values), router_is_route),
ConditionalField(ShortField("route_padd", 0), router_is_route),
ConditionalField(ByteField("route_rest_nodes", 0), router_is_route),
ConditionalField(
FieldLenField("route_length", 0, length_of="route_string",
fmt="I"), router_is_route),
ConditionalField(IntField("route_offset", 0), router_is_route),
ConditionalField(
PacketListField("route_string",
None,
SAPRouterRouteHop,
length_from=lambda pkt: pkt.route_length),
router_is_route),
# Admin packets
ConditionalField(
ByteEnumKeysField("adm_command", 0x02, router_adm_commands),
router_is_admin),
ConditionalField(
ShortField("adm_unused", 0x00), lambda pkt: router_is_admin(pkt)
and pkt.adm_command not in [10, 11, 12, 13]),
# Info Request fields
ConditionalField(
StrNullFixedLenField("adm_password", "", 19),
lambda pkt: router_is_admin(pkt) and pkt.adm_command in [2]),
# Cancel Route fields
ConditionalField(
FieldLenField("adm_client_count",
None,
count_of="adm_client_ids",
fmt="H"),
lambda pkt: router_is_admin(pkt) and pkt.adm_command in [6]),
# Trace Connection fields
ConditionalField(
FieldLenField("adm_client_count",
None,
count_of="adm_client_ids",
fmt="I"),
lambda pkt: router_is_admin(pkt) and pkt.adm_command in [12, 13]),
# Cancel Route or Trace Connection fields
ConditionalField(
FieldListField("adm_client_ids", [0x00],
IntField("", 0),
count_from=lambda pkt: pkt.adm_client_count), lambda
pkt: router_is_admin(pkt) and pkt.adm_command in [6, 12, 13]),
# Set/Clear Peer Trace fields # TODO: Check whether this field should be a IPv6 address or another proper field
ConditionalField(
StrFixedLenField("adm_address_mask", "", 32),
lambda pkt: router_is_admin(pkt) and pkt.adm_command in [10, 11]),
# Error Information/Control Messages fields
ConditionalField(
ByteEnumKeysField("opcode", 0, router_control_opcodes),
lambda pkt: router_is_error(pkt) or router_is_control(pkt)),
ConditionalField(
ByteField("opcode_padd", 0),
lambda pkt: router_is_error(pkt) or router_is_control(pkt)),
ConditionalField(
SignedIntEnumField("return_code", 0, router_return_codes),
lambda pkt: router_is_error(pkt) or router_is_control(pkt)),
# Error Information fields
ConditionalField(
FieldLenField("err_text_length",
None,
length_of="err_text_value",
fmt="!I"),
lambda pkt: router_is_error(pkt) and pkt.opcode == 0),
ConditionalField(
PacketField("err_text_value", SAPRouterError(),
SAPRouterError), lambda pkt: router_is_error(pkt) and
pkt.opcode == 0 and pkt.err_text_length > 0),
ConditionalField(IntField("err_text_unknown", 0),
lambda pkt: router_is_error(pkt) and pkt.opcode == 0),
# Control Message fields
ConditionalField(
IntField("control_text_length", 0),
lambda pkt: router_is_control(pkt) and pkt.opcode != 0),
ConditionalField(
StrField("control_text_value", "*ERR"),
lambda pkt: router_is_control(pkt) and pkt.opcode != 0),
# SNC Frame fields
ConditionalField(
PacketField("snc_frame", None, SAPSNCFrame),
lambda pkt: router_is_control(pkt) and pkt.opcode in [70, 71])
]
class SAPRouterError(PacketNoPadded):
"""SAP Router Protocol Error Text
This packet is used to describe an error returned by SAP Router.
"""
name = "SAP Router Error Text"
fields_desc = [
StrNullField("eyecatcher", "*ERR*"),
StrNullField("counter", "1"),
StrNullField("error", ""),
StrNullField("return_code", ""),
StrNullField("component", "NI (network interface)"),
StrNullField("release", ""),
StrNullField("version", ""),
StrNullField("module", "nirout.cpp"),
StrNullField("line", ""),
StrNullField("detail", ""),
StrNullField("error_time", ""),
StrNullField("system_call", ""),
StrNullField("errorno", ""),
StrNullField("errorno_text", ""),
StrNullField("error_count", ""),
StrNullField("location", ""),
StrNullField("XXX5", ""),
StrNullField("XXX6", ""),
StrNullField("XXX7", ""),
StrNullField("XXX8", ""),
StrNullField("eyecatcher", "*ERR*"),
]
time_format = "%a %b %d %H:%M:%S %Y"
""" :cvar: Format to use when building the time field
class SAPRouterRouteHop(PacketNoPadded):
"""SAP Router Protocol Route Hop
This packet is used to describe a hop in a route using the SAP Router.
"""
name = "SAP Router Route Hop"
fields_desc = [
StrNullField("hostname", None),
StrNullField("port", None),
StrNullField("password", None),
]
regex = re.compile(
r"""
(/[hH]/(?P<hostname>[\w\.]+) # Hostname, FQDN or IP addresss
(/[sS]/(?P<port>[\w]+))? # Optional port/service
(/[pwPW]/(?P<password>[\w.]+))? # Optional password
)
""", re.VERBOSE)
""" :cvar: Regular expression for matching route strings
:type: regex
"""
@classmethod
def from_string(cls, route_string):
"""Build a list of route hops from a route string. The format of a
route string is:
(/H/host/S/service/W/pass)*
or for older versions (<4.0):
(/H/host/S/service/P/pass)*
:param route_string: route string
:type route_string: C{string}
:return: route hops in the route string
:rtype: ``list`` of :class:`SAPRouterRouteHop`
"""
result = []
for route_hop in [
x.groupdict() for x in cls.regex.finditer(route_string)
]:
result.append(
cls(hostname=route_hop["hostname"],
port=route_hop["port"],
password=route_hop["password"]))
return result
@classmethod
def from_hops(cls, route_hops):
"""Build a route string from a list of route hops.
:param route_hops: route hops
:type route_hops: ``list`` of :class:`SAPRouterRouteHop`
:return: route string
:rtype: C{string}
"""
result = ""
for route_hop in route_hops:
result += "/H/{}".format(route_hop.hostname)
if route_hop.port:
result += "/S/{}".format(route_hop.port)
if route_hop.password:
result += "/W/{}".format(route_hop.password)
return result
def _SMBStrNullField(name, default):
return MultipleTypeField(
[(StrNullFieldUtf16(name, default), lambda pkt: hasattr(
pkt.underlayer, "Flags2") and pkt.underlayer.Flags2.UNICODE)],
StrNullField(name, default),
)
class TFTP_Option(Packet):
fields_desc = [StrNullField("oname", ""), StrNullField("value", "")]
def extract_padding(self, pkt):
return "", pkt