def guess_payload_class(self, payload): try: dlpdu_type = payload[0] return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type] except KeyError: log_runtime.error('{}.guess_payload_class() - unknown or invalid ' 'DLPDU type'.format(self.__class__.__name__)) return Packet.guess_payload_class(self, payload) return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): try: dlpdu_type = payload[0] return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type] except KeyError: log_runtime.error( '{}.guess_payload_class() - unknown or invalid ' 'DLPDU type'.format(self.__class__.__name__)) return Packet.guess_payload_class(self, payload) return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if len(payload) < self._min_ieo_len: return Packet.guess_payload_class(self, payload) # Look at fields of the generic ICMPExtensionObject to determine which # bound extension type to use. ieo = ICMPExtensionObject(payload) if ieo.len < self._min_ieo_len: return Packet.guess_payload_class(self, payload) for fval, cls in self.payload_guess: if all(hasattr(ieo, k) and v == ieo.getfieldval(k) for k, v in six.iteritems(fval)): return cls return ICMPExtensionObject
def guess_payload_class(self, payload): if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501 return Dot11QoS elif self.FCfield & 0x40: return Dot11WEP else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.type == 2054 and len(payload) > 4: if payload[2:4] == "\x99\x99": return YOARP elif payload[2:4] == "\x08\x00": return ARP return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.frame_control & 0x02: # we have a security header return ZigbeeSecurityHeader elif self.aps_frametype == 0: # data return ZigbeeClusterLibrary # TODO might also be another frame elif self.aps_frametype == 1: # command return ZigbeeAppCommandPayload else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.flags & 0x02: return ZigbeeSecurityHeader elif self.frametype == 0: return ZigbeeAppDataPayload elif self.frametype == 1: return ZigbeeNWKCommandPayload else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501 return Dot11QoS elif self.FCfield.protected: # When a frame is handled by encryption, the Protected Frame bit # (previously called WEP bit) is set to 1, and the Frame Body # begins with the appropriate cryptographic header. return Dot11Encrypted else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): start_line = payload.splitlines(True)[0] if self.re_request_line.match(start_line) is not None: return SIPRequest elif self.re_status_line.match(start_line) is not None: return SIPResponse return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if len(payload) < self._min_ieo_len: return Packet.guess_payload_class(self, payload) # Look at fields of the generic ICMPExtensionObject to determine which # bound extension type to use. ieo = ICMPExtensionObject(payload) if ieo.len < self._min_ieo_len: return Packet.guess_payload_class(self, payload) for fval, cls in self.payload_guess: ok = 1 for k, v in fval.iteritems(): if not hasattr(ieo, k) or v != ieo.getfieldval(k): ok = 0 break if ok: return cls return ICMPExtensionObject
def guess_payload_class(self, payload): if self.fcf_frametype == 0x00: return Dot15d4Beacon elif self.fcf_frametype == 0x01: return Dot15d4Data elif self.fcf_frametype == 0x02: return Dot15d4Ack elif self.fcf_frametype == 0x03: return Dot15d4Cmd else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.frame_control & 0x02: # we have a security header return ZigbeeSecurityHeader elif self.aps_frametype == 0: # data if self.profile == 0x0000: return ZigbeeDeviceProfile else: return ZigbeeClusterLibrary elif self.aps_frametype == 1: # command return ZigbeeAppCommandPayload else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.cmd_id == 1: return Dot15d4CmdAssocReq elif self.cmd_id == 2: return Dot15d4CmdAssocResp elif self.cmd_id == 3: return Dot15d4CmdDisassociation elif self.cmd_id == 8: return Dot15d4CmdCoordRealign elif self.cmd_id == 9: return Dot15d4CmdGTSReq else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # Profile-wide commands if self.zcl_frametype == 0x00 and self.command_identifier == 0x00: # done in bind_layers pass # Cluster-specific commands elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetCurrentPrice elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetScheduledPrices elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPricePublishPrice return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # General Cluster ID Range 0x0000 - 0x00FF if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF: return ZCLGeneralReadAttributes elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF: return ZCLGeneralReadAttributesResponse elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price": return ZCLPriceGetCurrentPrice elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price": return ZCLPriceGetScheduledPrices elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price": return ZCLPricePublishPrice else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # Profile-wide commands if self.zcl_frametype == 0x00 and self.command_identifier == 0x00: return ZCLGeneralReadAttributes elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01: return ZCLGeneralReadAttributesResponse # Cluster-specific commands elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetCurrentPrice elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetScheduledPrices elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPricePublishPrice else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self,pay): """ この関数ではこのクラスのペイロード部のプロトコルを判定し、 そのプロトコルを解析しうるクラスオブジェクトを返します。 この関数の中で複雑なペイロード識別を行うことができます。 Note: TCPの宛先ポート番号80番はHTTPクラス、というように このPacketのペイロードのプロトコルがこのPacketのfields_descの値によって 即座に決定する場合、bind_layersに頼るべきです。 (オーバーライドしない場合の標準仕様です。) @param pay str extract_paddingで渡されたペイロード。 @return pktClass class 推測判定したペイロードプロトコルクラス。Packetクラスを継承していること。 """ return Packet.guess_payload_class(self,pay) #bind_layers関数による紐付けに頼ります。
def guess_payload_class(self, payload): """ Decides if the payload is an HTTP Request or Response, or something else """ try: prog = re.compile(r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"(?:.+?) " r"HTTP/\d\.\d$") req = payload[: payload.index("\r\n")] result = prog.match(req) if result: return HTTPRequest else: prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$") result = prog.match(req) if result: return HTTPResponse except: pass return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): ''' Decides if the payload is an HTTP Request or Response, or something else ''' try: prog = re.compile( r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"/.+? " r"HTTP/\d\.\d.*") result = prog.match(payload) if result: return HTTPRequest else: prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*") result = prog.match(payload) if result: return HTTPResponse except: pass return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.underlayer is not None and \ isinstance(self.underlayer, UDP) and \ self.underlayer.dport == 250 and \ self.flags == 8: try: first_byte = ord(payload[0]) except IndexError: return IP version = divmod(first_byte, 0x10)[0] if version == 4: return IP elif version == 6: return IPv6 else: return IP return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): ''' Decides if the payload is an HTTP Request or Response, or something else ''' try: prog = re.compile( r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"(?:.+?) " r"HTTP/\d\.\d$") crlfIndex = payload.index("\r\n".encode()) req = payload[:crlfIndex].decode("utf-8") result = prog.match(req) if result: return HTTPRequest else: prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$") result = prog.match(req) if result: return HTTPResponse except: pass return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # TODO: See how it's done in wireshark: # https://github.com/wireshark/wireshark/blob/93c60b3b7c801dddd11d8c7f2a0ea4b7d02d700a/epan/dissectors/packet-ieee802154.c#L2061 # noqa: E501 # it's too magic to me from scapy.layers.sixlowpan import SixLoWPAN from scapy.layers.zigbee import ZigbeeNWK, ZigbeeNWKStub if conf.dot15d4_protocol == "sixlowpan": return SixLoWPAN elif conf.dot15d4_protocol == "zigbee": if payload[0] & 0x01 and payload[0] & 0x02: # Inter-PAN Frametype return ZigbeeNWKStub else: return Packet.guess_payload_class(self, payload) else: if conf.dot15d4_protocol is None: _msg = "Please set conf.dot15d4_protocol to select a " + \ "802.15.4 protocol. Values must be in the list: " else: _msg = "Unknown conf.dot15d4_protocol value: must be in " warning(_msg + "['sixlowpan', 'zigbee']" + " Defaulting to SixLoWPAN") return SixLoWPAN
def guess_payload_class(self, payload): if self.flags > 31: return TLSv1RecordLayer else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): # check presence of LLS data block flag if self.options & 0x10 == 0x10: return OSPF_LLS_Hdr else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.underlayer.len > 28: return HSRPmd5 else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.objCount > 0: return ModbusObjectId else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if isinstance(self.underlayer, Dot11): if self.underlayer.FCfield & 0x40: return Dot11WEP return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.flags >> 2 in [1, 3, 7]: # if start bit is set return Packet.guess_payload_class(self, payload) else: return TLSv1RecordLayer
def guess_payload_class(self, payload): if self.dataLength > 0: return ModbusWriteFileSubResponse else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.frametype == 0b11: return ZigbeeAppDataPayloadStub else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if self.options[:len(dhcpmagic)] == dhcpmagic: return DHCP else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if isinstance(self.underlayer, Dot11): if self.underlayer.FCfield.protected: return Dot11Encrypted return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): if payload[:1] != b"\xff": return _CoAPOpt else: return Packet.guess_payload_class(self, payload)
def guess_payload_class(self, payload): return conf.l2types.get(self.dlt, Packet.guess_payload_class(self, payload)) # noqa: E501
def guess_payload_class(self, payload): if self.byteCount > 0: return ModbusReadFileSubRequest else: return Packet.guess_payload_class(self, payload)