| # This file is part of Scapy |
| # Scapy is free software: you can redistribute it and/or modify |
| # it under the terms of the GNU General Public License as published by |
| # the Free Software Foundation, either version 2 of the License, or |
| # any later version. |
| # |
| # Scapy is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with Scapy. If not, see <http://www.gnu.org/licenses/>. |
| |
| # scapy.contrib.description = VLAN Trunking Protocol (VTP) |
| # scapy.contrib.status = loads |
| |
| """ |
| VTP Scapy Extension |
| ~~~~~~~~~~~~~~~~~~~~~ |
| |
| :version: 2009-02-15 |
| :copyright: 2009 by Jochen Bartl |
| :e-mail: lobo@c3a.de / jochen.bartl@gmail.com |
| :license: GPL v2 |
| |
| This program is free software; you can redistribute it and/or |
| modify it under the terms of the GNU General Public License |
| as published by the Free Software Foundation; either version 2 |
| of the License, or (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| :TODO |
| |
| - Join messages |
| - RE MD5 hash calculation |
| - Have a closer look at 8 byte padding in summary adv. |
| "debug sw-vlan vtp packets" sais the TLV length is invalid, |
| when I change the values |
| b'\x00\x00\x00\x01\x06\x01\x00\x02' |
| * \x00\x00 ? |
| * \x00\x01 tlvtype? |
| * \x06 length? |
| * \x00\x02 value? |
| - h2i function for VTPTimeStampField |
| |
| :References: |
| |
| - Understanding VLAN Trunk Protocol (VTP) |
| http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml |
| """ |
| |
| from scapy.packet import * |
| from scapy.fields import * |
| from scapy.layers.l2 import * |
| |
| _VTP_VLAN_TYPE = { |
| 1 : 'Ethernet', |
| 2 : 'FDDI', |
| 3 : 'TrCRF', |
| 4 : 'FDDI-net', |
| 5 : 'TrBRF' |
| } |
| |
| _VTP_VLANINFO_TLV_TYPE = { |
| 0x01 : 'Source-Routing Ring Number', |
| 0x02 : 'Source-Routing Bridge Number', |
| 0x03 : 'Spanning-Tree Protocol Type', |
| 0x04 : 'Parent VLAN', |
| 0x05 : 'Translationally Bridged VLANs', |
| 0x06 : 'Pruning', |
| 0x07 : 'Bridge Type', |
| 0x08 : 'Max ARE Hop Count', |
| 0x09 : 'Max STE Hop Count', |
| 0x0A : 'Backup CRF Mode' |
| } |
| |
| |
| class VTPVlanInfoTlv(Packet): |
| name = "VTP VLAN Info TLV" |
| fields_desc = [ |
| ByteEnumField("type", 0, _VTP_VLANINFO_TLV_TYPE), |
| ByteField("length", 0), |
| StrLenField("value", None, length_from=lambda pkt : pkt.length + 1) |
| ] |
| |
| def guess_payload_class(self, p): |
| return conf.padding_layer |
| |
| class VTPVlanInfo(Packet): |
| name = "VTP VLAN Info" |
| fields_desc = [ |
| ByteField("len", None), # FIXME: compute length |
| ByteEnumField("status", 0, {0 : "active", 1 : "suspended"}), |
| ByteEnumField("type", 1, _VTP_VLAN_TYPE), |
| FieldLenField("vlannamelen", None, "vlanname", "B"), |
| ShortField("vlanid", 1), |
| ShortField("mtu", 1500), |
| XIntField("dot10index", None), |
| StrLenField("vlanname", "default", length_from=lambda pkt:4 * ((pkt.vlannamelen + 3) / 4)), |
| ConditionalField(PacketListField("tlvlist", [], VTPVlanInfoTlv, |
| length_from=lambda pkt:pkt.len - 12 - (4 * ((pkt.vlannamelen + 3) / 4))), |
| lambda pkt:pkt.type not in [1, 2]) |
| ] |
| |
| def post_build(self, p, pay): |
| vlannamelen = 4 * ((len(self.vlanname) + 3) / 4) |
| |
| if self.len == None: |
| l = vlannamelen + 12 |
| p = chr(l & 0xff) + p[1:] |
| |
| # Pad vlan name with zeros if vlannamelen > len(vlanname) |
| l = vlannamelen - len(self.vlanname) |
| if l != 0: |
| p += b"\x00" * l |
| |
| p += pay |
| |
| return p |
| |
| def guess_payload_class(self, p): |
| return conf.padding_layer |
| |
| _VTP_Types = { |
| 1 : 'Summary Advertisement', |
| 2 : 'Subset Advertisements', |
| 3 : 'Advertisement Request', |
| 4 : 'Join' |
| } |
| |
| class VTPTimeStampField(StrFixedLenField): |
| def __init__(self, name, default): |
| StrFixedLenField.__init__(self, name, default, 12) |
| |
| def i2repr(self, pkt, x): |
| return "%s-%s-%s %s:%s:%s" % (x[:2], x[2:4], x[4:6], x[6:8], x[8:10], x[10:12]) |
| |
| class VTP(Packet): |
| name = "VTP" |
| fields_desc = [ |
| ByteField("ver", 2), |
| ByteEnumField("code", 1, _VTP_Types), |
| ConditionalField(ByteField("followers", 1), |
| lambda pkt:pkt.code == 1), |
| ConditionalField(ByteField("seq", 1), |
| lambda pkt:pkt.code == 2), |
| ConditionalField(ByteField("reserved", 0), |
| lambda pkt:pkt.code == 3), |
| ByteField("domnamelen", None), |
| StrFixedLenField("domname", "manbearpig", 32), |
| ConditionalField(SignedIntField("rev", 0), |
| lambda pkt:pkt.code == 1 or |
| pkt.code == 2), |
| # updater identity |
| ConditionalField(IPField("uid", "192.168.0.1"), |
| lambda pkt:pkt.code == 1), |
| ConditionalField(VTPTimeStampField("timestamp", '930301000000'), |
| lambda pkt:pkt.code == 1), |
| ConditionalField(StrFixedLenField("md5", b"\x00" * 16, 16), |
| lambda pkt:pkt.code == 1), |
| ConditionalField( |
| PacketListField("vlaninfo", [], VTPVlanInfo), |
| lambda pkt: pkt.code == 2), |
| ConditionalField(ShortField("startvalue", 0), |
| lambda pkt:pkt.code == 3) |
| ] |
| |
| def post_build(self, p, pay): |
| if self.domnamelen == None: |
| domnamelen = len(self.domname.strip(b"\x00")) |
| p = p[:3] + chr(domnamelen & 0xff) + p[4:] |
| |
| p += pay |
| |
| return p |
| |
| bind_layers(SNAP, VTP, code=0x2003) |
| |
| if __name__ == '__main__': |
| from scapy.main import interact |
| interact(mydict=globals(), mybanner="VTP") |
