class SAPDiagMenuEntry(PacketNoPadded): name = "SAP Diag Menu Entry" fields_desc = [ ShortField("length", 0), ByteField("position_1", 0), ByteField("position_2", 0), ByteField("position_3", 0), ByteField("position_4", 0), # Menu Entry Flags BitField("flag_TERM_??8", 0, 1), # 80 BitField("flag_TERM_??7", 0, 1), # 40 BitField("flag_TERM_??6", 0, 1), # 20 BitField("flag_TERM_VKEY", 0, 1), # 10 BitField("flag_TERM_SEP", 0, 1), # 8 BitField("flag_TERM_MEN", 0, 1), # 4 BitField("flag_TERM_SEL", 0, 1), # 2 BitField("flag_TERM_??1", 0, 1), # 1 ByteField("virtual_key", 0), ByteField("return_code_1", 0), ByteField("return_code_2", 0), ByteField("return_code_3", 0), ByteField("return_code_4", 0), ByteField("return_code_5", 0), ByteField("return_code_6", 0), ByteField("function_code_1", 0), ByteField("function_code_2", 0), ByteField("function_code_3", 0), ByteField("function_code_4", 0), ByteField("function_code_5", 0), ByteField("function_code_6", 0), StrNullField("text", ""), StrNullField("accelerator", ""), StrNullField("info", ""), ]
class SAPMSProperty(PacketNoPadded): """SAP Message Server Property packet. Packet containing information about properties. """ name = "SAP Message Server Property" fields_desc = [ StrNullFixedLenField("client", None, 39), IntEnumField("id", 0x00, ms_property_id_values), # MS_PROPERTY_VHOST ConditionalField(ShortEnumKeysField("logon", 0, ms_logon_type_values), lambda pkt:pkt.id in [0x02]), # MS_PROPERTY_IPADR ConditionalField(IPField("address", "0.0.0.0"), lambda pkt:pkt.id in [0x03]), ConditionalField(IP6Field("address6", "::"), lambda pkt:pkt.id in [0x03]), # MS_PROPERTY_PARAM ConditionalField(StrNullField("param", ""), lambda pkt:pkt.id in [0x04]), ConditionalField(StrNullField("value", ""), lambda pkt:pkt.id in [0x04]), # MS_PROPERTY_SERVICE ConditionalField(ShortField("service", 0), lambda pkt:pkt.id in [0x05]), # Release Information fields ConditionalField(StrNullFixedLenField("release", "720", length=9), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("patchno", 0), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("supplvl", 0), lambda pkt:pkt.id in [0x07]), ConditionalField(IntField("platform", 0), lambda pkt:pkt.id in [0x07]), ]
class TFTP_WRQ(Packet): name = "TFTP Write Request" fields_desc = [StrNullField("filename", ""), StrNullField("mode", "octet")] def answers(self, other): return 0 def mysummary(self): return self.sprintf("WRQ %filename%"), [UDP]
class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response): name = "SMB Negotiate No-Security Response (CIFS)" fields_desc = [ ByteField("WordCount", 0x1), LEShortField("DialectIndex", 7), FlagsField("SecurityMode", 0x03, 8, [ "USER_SECURITY", "ENCRYPT_PASSWORDS", "SECURITY_SIGNATURES_ENABLED", "SECURITY_SIGNATURES_REQUIRED" ]), LEShortField("MaxMpxCount", 50), LEShortField("MaxNumberVC", 1), LEIntField("MaxBufferSize", 16144), LEIntField("MaxRawSize", 65536), LEIntField("SessionKey", 0x0000), FlagsField("ServerCapabilities", 0xf3f9, -32, _SMB_ServerCapabilities), UTCTimeField("ServerTime", None, fmt="<Q", epoch=[1601, 1, 1, 0, 0, 0], custom_scaling=1e7), LEShortField("ServerTimeZone", 0x3c), ByteField("ChallengeLength", 0), # aka EncryptionKeyLength LEFieldLenField("ByteCount", None, length_of="DomainName", adjust=lambda pkt, x: x + len(pkt.Challenge)), StrLenField( "Challenge", b"", # aka EncryptionKey length_from=lambda pkt: pkt.ChallengeLength), StrNullField("DomainName", "WORKGROUP") ]
class SMBMailSlot(Packet): name = "SMB Mail Slot Protocol" fields_desc = [ LEShortField("opcode", 1), LEShortField("priority", 1), LEShortField("class", 2), LEShortField("size", 135), StrNullField("name", "\\MAILSLOT\\NET\\GETDC660") ]
class SMB_Dialect(Packet): name = "SMB Dialect" fields_desc = [ ByteField("BufferFormat", 0x02), StrNullField("DialectString", "NT LM 0.12") ] def default_payload_class(self, payload): return conf.padding_layer
class SAPEnqueueParam(PacketNoPadded): """SAP Enqueue Server Connection Admin Parameter packet """ name = "SAP Enqueue Connection Admin Parameter" fields_desc = [ IntEnumField("param", 0, enqueue_param_values), ConditionalField(IntField("len", 0), lambda pkt:pkt.param in [0x06]), ConditionalField(IntField("value", 0), lambda pkt:pkt.param not in [0x03, 0x04]), ConditionalField(StrNullField("set_name", ""), lambda pkt:pkt.param in [0x03]), ]
class SMBNetlogon_Protocol_Response_Tail_LM20(Packet): name = "SMB Netlogon Protocol Response Tail LM20" fields_desc = [ ByteEnumField( "Command", 0x06, {0x06: "LM 2.0 Response to logon request"}), # noqa: E501 ByteField("unused", 0), StrFixedLenField("DblSlash", "\\\\", 2), StrNullField("ServerName", "WIN"), LEShortField("LM20Token", 0xffff) ]
class SMBNegociate_Protocol_Response_No_Security(Packet): name = "SMBNegociate Protocol Response No Security" fields_desc = [ StrFixedLenField("Start", b"\xffSMB", 4), ByteEnumField("Command", 0x72, {0x72: "SMB_COM_NEGOTIATE"}), ByteField("Error_Class", 0), ByteField("Reserved", 0), LEShortField("Error_Code", 0), ByteField("Flags", 0x98), LEShortField("Flags2", 0x0000), LEShortField("PIDHigh", 0x0000), LELongField("Signature", 0x0), LEShortField("Unused", 0x0), LEShortField("TID", 0), LEShortField("PID", 1), LEShortField("UID", 0), LEShortField("MID", 2), ByteField("WordCount", 17), LEShortField("DialectIndex", 7), ByteField("SecurityMode", 0x03), LEShortField("MaxMpxCount", 50), LEShortField("MaxNumberVC", 1), LEIntField("MaxBufferSize", 16144), LEIntField("MaxRawSize", 65536), LEIntField("SessionKey", 0x0000), LEShortField("ServerCapabilities", 0xf3f9), BitField("UnixExtensions", 0, 1), BitField("Reserved2", 0, 7), BitField("ExtendedSecurity", 0, 1), FlagsField("CompBulk", 0, 2, "CB"), BitField("Reserved3", 0, 5), # There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94. # noqa: E501 LEIntField("ServerTimeHigh", 0xD6228000), LEIntField("ServerTimeLow", 0x1C4EF94), LEShortField("ServerTimeZone", 0x3c), ByteField("EncryptionKeyLength", 8), LEShortField("ByteCount", 24), BitField("EncryptionKey", 0, 64), StrNullField("DomainName", "WORKGROUP"), StrNullField("ServerName", "RMFF1") ]
class TFTP_ERROR(Packet): name = "TFTP Error" fields_desc = [ ShortEnumField("errorcode", 0, TFTP_Error_Codes), StrNullField("errormsg", "") ] def answers(self, other): return isinstance(other, (TFTP_DATA, TFTP_RRQ, TFTP_WRQ, TFTP_ACK)) def mysummary(self): return self.sprintf("ERROR %errorcode%: %errormsg%"), [UDP]
class SMBSession_Setup_AndX_Request(Packet): name = "Session Setup AndX Request (CIFS)" fields_desc = [ ByteField("WordCount", 13), ByteEnumField("AndXCommand", 0x75, SMB_COM), ByteField("AndXReserved", 0), LEShortField("AndXOffset", 96), LEShortField("MaxBufferSize", 2920), LEShortField("MaxMPXCount", 50), LEShortField("VCNumber", 0), LEIntField("SessionKey", 0), LEFieldLenField("OEMPasswordLength", None, length_of="OEMPassword"), LEFieldLenField("UnicodePasswordLength", None, length_of="UnicodePassword"), LEIntField("Reserved", 0), FlagsField("ServerCapabilities", 0x05, -32, _SMB_ServerCapabilities), LEShortField("ByteCount", 35), XStrLenField("OEMPassword", "Pass", length_from=lambda x: x.OEMPasswordLength), XStrLenField("UnicodePassword", "Pass", length_from=lambda x: x.UnicodePasswordLength), ReversePadField(StrNullField("AccountName", "GUEST"), 2, b"\0"), _SMBStrNullField("PrimaryDomain", ""), _SMBStrNullField("NativeOS", "Windows 4.0"), _SMBStrNullField("NativeLanMan", "Windows 4.0"), # Off spec? ByteField("WordCount2", 4), ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), ByteField("Reserved6", 0), LEShortField("AndXOffset2", 0), LEShortField("Flags3", 0x2), LEShortField("PasswordLength", 0x1), LEShortField("ByteCount2", 18), ByteField("Password", 0), StrNullField("Path", "\\\\WIN2K\\IPC$"), StrNullField("Service", "IPC") ]
class SMBSession_Setup_AndX_Response(Packet): name = "Session Setup AndX Response (CIFS)" fields_desc = [ ByteField("WordCount", 3), ByteEnumField("AndXCommand", 0x75, SMB_COM), ByteField("AndXReserved", 0), LEShortField("AndXOffset", 66), LEShortField("Action", 0), LEShortField("ByteCount", 25), _SMBStrNullField("NativeOS", "Windows 4.0"), _SMBStrNullField("NativeLanManager", "Windows 4.0"), _SMBStrNullField("PrimaryDomain", ""), # Off spec? ByteField("WordCount2", 3), ByteEnumField("AndXCommand2", 0xFF, SMB_COM), ByteField("Reserved3", 0), LEShortField("AndXOffset2", 80), LEShortField("OptionalSupport", 0x01), LEShortField("ByteCount2", 5), StrNullField("Service", "IPC"), StrNullField("NativeFileSystem", "") ]
class SMBSession_Setup_AndX_Response(Packet): name = "Session Setup AndX Response" fields_desc = [ StrFixedLenField("Start", b"\xffSMB", 4), ByteEnumField("Command", 0x73, {0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501 ByteField("Error_Class", 0), ByteField("Reserved", 0), LEShortField("Error_Code", 0), ByteField("Flags", 0x90), LEShortField("Flags2", 0x1001), LEShortField("PIDHigh", 0x0000), LELongField("Signature", 0x0), LEShortField("Unused", 0x0), LEShortField("TID", 0), LEShortField("PID", 1), LEShortField("UID", 0), LEShortField("MID", 2), ByteField("WordCount", 3), ByteEnumField("AndXCommand", 0x75, {0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501 ByteField("Reserved2", 0), LEShortField("AndXOffset", 66), LEShortField("Action", 0), LEShortField("ByteCount", 25), StrNullField("NativeOS", "Windows 4.0"), StrNullField("NativeLanManager", "Windows 4.0"), StrNullField("PrimaryDomain", ""), ByteField("WordCount2", 3), ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), ByteField("Reserved3", 0), LEShortField("AndXOffset2", 80), LEShortField("OptionalSupport", 0x01), LEShortField("ByteCount2", 5), StrNullField("Service", "IPC"), StrNullField("NativeFileSystem", "") ]
class SMBNegotiate_Response_Security(_SMBNegotiate_Response): name = "SMB Negotiate Non-Extended Security Response (SMB)" WordCount = 0x11 fields_desc = SMBNegotiate_Response_NoSecurity.fields_desc[:12] + [ LEFieldLenField("ByteCount", None, length_of="DomainName", adjust=lambda pkt, x: x + len(pkt.Challenge) + len( pkt.ServerName)), StrLenField( "Challenge", b"", # aka EncryptionKey length_from=lambda pkt: pkt.ChallengeLength), StrNullField("DomainName", "WORKGROUP"), StrNullFieldUtf16("ServerName", "RMFF1") ]
class SMBSession_Setup_AndX_Request(Packet): name = "Session Setup AndX Request" fields_desc = [ StrFixedLenField("Start", b"\xffSMB", 4), ByteEnumField("Command", 0x73, {0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501 ByteField("Error_Class", 0), ByteField("Reserved", 0), LEShortField("Error_Code", 0), ByteField("Flags", 0x18), LEShortField("Flags2", 0x0001), LEShortField("PIDHigh", 0x0000), LELongField("Signature", 0x0), LEShortField("Unused", 0x0), LEShortField("TID", 0), LEShortField("PID", 1), LEShortField("UID", 0), LEShortField("MID", 2), ByteField("WordCount", 13), ByteEnumField("AndXCommand", 0x75, {0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501 ByteField("Reserved2", 0), LEShortField("AndXOffset", 96), LEShortField("MaxBufferS", 2920), LEShortField("MaxMPXCount", 50), LEShortField("VCNumber", 0), LEIntField("SessionKey", 0), LEFieldLenField("ANSIPasswordLength", None, "ANSIPassword"), LEShortField("UnicodePasswordLength", 0), LEIntField("Reserved3", 0), LEShortField("ServerCapabilities", 0x05), BitField("UnixExtensions", 0, 1), BitField("Reserved4", 0, 7), BitField("ExtendedSecurity", 0, 1), BitField("CompBulk", 0, 2), BitField("Reserved5", 0, 5), LEShortField("ByteCount", 35), StrLenField("ANSIPassword", "Pass", length_from=lambda x: x.ANSIPasswordLength), # noqa: E501 StrNullField("Account", "GUEST"), StrNullField("PrimaryDomain", ""), StrNullField("NativeOS", "Windows 4.0"), StrNullField("NativeLanManager", "Windows 4.0"), ByteField("WordCount2", 4), ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), ByteField("Reserved6", 0), LEShortField("AndXOffset2", 0), LEShortField("Flags3", 0x2), LEShortField("PasswordLength", 0x1), LEShortField("ByteCount2", 18), ByteField("Password", 0), StrNullField("Path", "\\\\WIN2K\\IPC$"), StrNullField("Service", "IPC") ]
class SMBNegociate_Protocol_Request_Tail(Packet): name = "SMB Negotiate Protocol Request Tail" fields_desc = [ ByteField("BufferFormat", 0x02), StrNullField("BufferData", "NT LM 0.12") ]
class SAPDiagDyntAtomItem(PacketNoPadded): name = "SAP Diag Dynt Atom item" fields_desc = [ ShortField("atom_length", 0), ByteField("dlg_flag_1", 0), ByteField("dlg_flag_2", 0), ByteEnumKeysField("etype", 0, diag_atom_etypes), ByteField("area", 0), ByteField("block", 0), ByteField("group", 0), ShortField("row", 0), ShortField("col", 0), # Attr flags BitField("attr_DIAG_BSD_COMBOSTYLE", 0, 1), # 80 BitField("attr_DIAG_BSD_YES3D", 0, 1), # 40 BitField("attr_DIAG_BSD_PROPFONT", 0, 1), # 20 BitField("attr_DIAG_BSD_MATCHCODE", 0, 1), # 10 BitField("attr_DIAG_BSD_JUSTRIGHT", 0, 1), # 08 BitField("attr_DIAG_BSD_INTENSIFY", 0, 1), # 04 BitField("attr_DIAG_BSD_INVISIBLE", 0, 1), # 02 BitField("attr_DIAG_BSD_PROTECTED", 0, 1), # 01 # DIAG_DGOTYP_FNAME ConditionalField( StrLenField("name_text", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype == 114), # DIAG_DGOTYP_PUSHBUTTON_2 */ ConditionalField(ByteField("pushbutton_v_length", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ByteField("pushbutton_v_height", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ShortField("pushbutton_function_code_offset", 0), lambda pkt: pkt.etype in [115]), ConditionalField(ShortField("pushbutton_text_offset", 0), lambda pkt: pkt.etype in [115]), ConditionalField(StrField("pushbutton_text", ""), lambda pkt: pkt.etype in [115]), ConditionalField(StrField("pushbutton_function_code", ""), lambda pkt: pkt.etype in [115]), # DIAG_DGOTYP_TABSTRIP_BUTTON ConditionalField(ByteField("tabstripbutton_v_length", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ByteField("tabstripbutton_v_height", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ByteField("tabstripbutton_page_id", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_function_code_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_text_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(ShortField("tabstripbutton_id_offset", 0), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_text", ""), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_function_code", ""), lambda pkt: pkt.etype in [116]), ConditionalField(StrNullField("tabstripbutton_id", ""), lambda pkt: pkt.etype in [116]), # DIAG_DGOTYP_XMLPROP ConditionalField( StrLenField("xmlprop_text", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype == 120), # DIAG_DGOTYP_EFIELD_1 or DIAG_DGOTYP_OFIELD_1 or DIAG_DGOTYP_KEYWORD_1 ConditionalField(ByteField("field1_flag1", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField( FieldLenField("field1_dlen", None, fmt="B", length_of="field1_text"), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField(ByteField("field1_mlen", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField(ShortField("field1_maxnrchars", 0), lambda pkt: pkt.etype in [121, 122, 123]), ConditionalField( StrLenField("field1_text", "", length_from=lambda pkt: pkt.field1_dlen), lambda pkt: pkt.etype in [121, 122, 123]), # DIAG_DGOTYP_FRAME_1 ConditionalField(ShortField("frame_drows", 0), lambda pkt: pkt.etype in [127]), ConditionalField(ShortField("frame_dcols", 0), lambda pkt: pkt.etype in [127]), ConditionalField( StrLenField("frame_text", "", length_from=lambda pkt: pkt.atom_length - 17), lambda pkt: pkt.etype in [127]), # DIAG_DGOTYP_RADIOBUTTON_3 ConditionalField(ByteField("radiobutton_button", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_visible_label_length", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_event_id_off", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ByteField("radiobutton_event_id_len", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_text_off", 0), lambda pkt: pkt.etype in [129]), ConditionalField(ShortField("radiobutton_text_length", 0), lambda pkt: pkt.etype in [129]), ConditionalField( StrLenField("radiobutton_text", "", length_from=lambda pkt: pkt.radiobutton_event_id_len + pkt.radiobutton_text_length), lambda pkt: pkt.etype in [129]), # DIAG_DGOTYP_EFIELD_2 or DIAG_DGOTYP_OFIELD_2 or DIAG_DGOTYP_KEYWORD_2 ConditionalField(ShortField("field2_flag1", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField( FieldLenField("field2_dlen", None, fmt="B", length_of="field2_text"), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField(ByteField("field2_mlen", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField(ShortField("field2_maxnrchars", 0), lambda pkt: pkt.etype in [130, 131, 132]), ConditionalField( StrLenField("field2_text", "", length_from=lambda pkt: pkt.field2_dlen), lambda pkt: pkt.etype in [130, 131, 132]), # Remaining types ConditionalField( StrLenField("value", "", length_from=lambda pkt: pkt.atom_length - 13), lambda pkt: pkt.etype not in [114, 115, 116, 120, 121, 122, 123, 127, 129, 130, 131, 132]), ] def post_build(self, p, pay): if pay is None: pay = '' # Update the atom_length field (first 2 bytes) with the packet length p = pack("!H", len(p)) + p[2:] return p + pay
class MQTTUnsubscribe(Packet): name = "MQTT unsubscribe" fields_desc = [ShortField("msgid", None), StrNullField("payload", "")]
class SAPRouter(Packet): """SAP Router packet This packet is used for general SAP Router packets. There are (at least) five types of SAP Router packets: 1. Route packets. For requesting the routing of a connection to a remote hosts. The packet contains some general information and a connection string with a list of routing hops (:class:`SAPRouterRouteHop`). 2. Administration packets. This packet is used for the SAP Router to send administrative commands. It's suppose to be used only from the hosts running the SAP Router or when an specific route is included in the routing table. Generally administration packets are not accepted from the external binding. 3. Error Information packets. Packets sent when an error occurred. 4. Control Message packets. Used to perform some control activities, like retrieving the current SAPRouter version or to perform the SNC handshake. They have the same structure that error information packets. 5. Route accepted packet. Used to acknowledge a route request ("NI_PONG"). Routed packets and some responses doesn't fill in these five packet types. For identifying those cases, you should check the type using the function :class:`router_is_known_type`. NI Versions found (unconfirmed): - 30: Release 40C - 36: Release <6.20 - 38: Release 7.00/7.10 - 39: Release 7.11 - 40: Release 7.20/7.21 """ # Default router version to use SAPROUTER_DEFAULT_VERSION = 40 # Constants for router types SAPROUTER_ROUTE = "NI_ROUTE" """ :cvar: Constant for route packets :type: C{string} """ SAPROUTER_ADMIN = "ROUTER_ADM" """ :cvar: Constant for administration packets :type: C{string} """ SAPROUTER_ERROR = "NI_RTERR" """ :cvar: Constant for error information packets :type: C{string} """ SAPROUTER_CONTROL = "NI_RTERR" """ :cvar: Constant for control messages packets :type: C{string} """ SAPROUTER_PONG = "NI_PONG" """ :cvar: Constant for route accepted packets :type: C{string} """ router_type_values = [ SAPROUTER_ADMIN, SAPROUTER_ERROR, SAPROUTER_CONTROL, SAPROUTER_ROUTE, SAPROUTER_PONG, ] """ :cvar: List of known packet types :type: ``list`` of C{string} """ name = "SAP Router" fields_desc = [ # General fields present in all SAP Router packets StrNullField("type", SAPROUTER_ROUTE), ConditionalField( ByteField("version", 2), lambda pkt: router_is_known_type(pkt) and not router_is_pong(pkt)), # Route packets ConditionalField( ByteField("route_ni_version", SAPROUTER_DEFAULT_VERSION), router_is_route), ConditionalField(ByteField("route_entries", 0), router_is_route), ConditionalField( ByteEnumKeysField("route_talk_mode", 0, router_ni_talk_mode_values), router_is_route), ConditionalField(ShortField("route_padd", 0), router_is_route), ConditionalField(ByteField("route_rest_nodes", 0), router_is_route), ConditionalField( FieldLenField("route_length", 0, length_of="route_string", fmt="I"), router_is_route), ConditionalField(IntField("route_offset", 0), router_is_route), ConditionalField( PacketListField("route_string", None, SAPRouterRouteHop, length_from=lambda pkt: pkt.route_length), router_is_route), # Admin packets ConditionalField( ByteEnumKeysField("adm_command", 0x02, router_adm_commands), router_is_admin), ConditionalField( ShortField("adm_unused", 0x00), lambda pkt: router_is_admin(pkt) and pkt.adm_command not in [10, 11, 12, 13]), # Info Request fields ConditionalField( StrNullFixedLenField("adm_password", "", 19), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [2]), # Cancel Route fields ConditionalField( FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="H"), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [6]), # Trace Connection fields ConditionalField( FieldLenField("adm_client_count", None, count_of="adm_client_ids", fmt="I"), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [12, 13]), # Cancel Route or Trace Connection fields ConditionalField( FieldListField("adm_client_ids", [0x00], IntField("", 0), count_from=lambda pkt: pkt.adm_client_count), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [6, 12, 13]), # Set/Clear Peer Trace fields # TODO: Check whether this field should be a IPv6 address or another proper field ConditionalField( StrFixedLenField("adm_address_mask", "", 32), lambda pkt: router_is_admin(pkt) and pkt.adm_command in [10, 11]), # Error Information/Control Messages fields ConditionalField( ByteEnumKeysField("opcode", 0, router_control_opcodes), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), ConditionalField( ByteField("opcode_padd", 0), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), ConditionalField( SignedIntEnumField("return_code", 0, router_return_codes), lambda pkt: router_is_error(pkt) or router_is_control(pkt)), # Error Information fields ConditionalField( FieldLenField("err_text_length", None, length_of="err_text_value", fmt="!I"), lambda pkt: router_is_error(pkt) and pkt.opcode == 0), ConditionalField( PacketField("err_text_value", SAPRouterError(), SAPRouterError), lambda pkt: router_is_error(pkt) and pkt.opcode == 0 and pkt.err_text_length > 0), ConditionalField(IntField("err_text_unknown", 0), lambda pkt: router_is_error(pkt) and pkt.opcode == 0), # Control Message fields ConditionalField( IntField("control_text_length", 0), lambda pkt: router_is_control(pkt) and pkt.opcode != 0), ConditionalField( StrField("control_text_value", "*ERR"), lambda pkt: router_is_control(pkt) and pkt.opcode != 0), # SNC Frame fields ConditionalField( PacketField("snc_frame", None, SAPSNCFrame), lambda pkt: router_is_control(pkt) and pkt.opcode in [70, 71]) ]
class SAPRouterError(PacketNoPadded): """SAP Router Protocol Error Text This packet is used to describe an error returned by SAP Router. """ name = "SAP Router Error Text" fields_desc = [ StrNullField("eyecatcher", "*ERR*"), StrNullField("counter", "1"), StrNullField("error", ""), StrNullField("return_code", ""), StrNullField("component", "NI (network interface)"), StrNullField("release", ""), StrNullField("version", ""), StrNullField("module", "nirout.cpp"), StrNullField("line", ""), StrNullField("detail", ""), StrNullField("error_time", ""), StrNullField("system_call", ""), StrNullField("errorno", ""), StrNullField("errorno_text", ""), StrNullField("error_count", ""), StrNullField("location", ""), StrNullField("XXX5", ""), StrNullField("XXX6", ""), StrNullField("XXX7", ""), StrNullField("XXX8", ""), StrNullField("eyecatcher", "*ERR*"), ] time_format = "%a %b %d %H:%M:%S %Y" """ :cvar: Format to use when building the time field
class SAPRouterRouteHop(PacketNoPadded): """SAP Router Protocol Route Hop This packet is used to describe a hop in a route using the SAP Router. """ name = "SAP Router Route Hop" fields_desc = [ StrNullField("hostname", None), StrNullField("port", None), StrNullField("password", None), ] regex = re.compile( r""" (/[hH]/(?P<hostname>[\w\.]+) # Hostname, FQDN or IP addresss (/[sS]/(?P<port>[\w]+))? # Optional port/service (/[pwPW]/(?P<password>[\w.]+))? # Optional password ) """, re.VERBOSE) """ :cvar: Regular expression for matching route strings :type: regex """ @classmethod def from_string(cls, route_string): """Build a list of route hops from a route string. The format of a route string is: (/H/host/S/service/W/pass)* or for older versions (<4.0): (/H/host/S/service/P/pass)* :param route_string: route string :type route_string: C{string} :return: route hops in the route string :rtype: ``list`` of :class:`SAPRouterRouteHop` """ result = [] for route_hop in [ x.groupdict() for x in cls.regex.finditer(route_string) ]: result.append( cls(hostname=route_hop["hostname"], port=route_hop["port"], password=route_hop["password"])) return result @classmethod def from_hops(cls, route_hops): """Build a route string from a list of route hops. :param route_hops: route hops :type route_hops: ``list`` of :class:`SAPRouterRouteHop` :return: route string :rtype: C{string} """ result = "" for route_hop in route_hops: result += "/H/{}".format(route_hop.hostname) if route_hop.port: result += "/S/{}".format(route_hop.port) if route_hop.password: result += "/W/{}".format(route_hop.password) return result
def _SMBStrNullField(name, default): return MultipleTypeField( [(StrNullFieldUtf16(name, default), lambda pkt: hasattr( pkt.underlayer, "Flags2") and pkt.underlayer.Flags2.UNICODE)], StrNullField(name, default), )
class TFTP_Option(Packet): fields_desc = [StrNullField("oname", ""), StrNullField("value", "")] def extract_padding(self, pkt): return "", pkt