scapy/layers/llmnr.py - platform/external/scapy - Git at Google

 from scapy.fields import *
 from scapy.packet import *
 from scapy.layers.inet import UDP
 from scapy.layers.dns import DNSQRField, DNSRRField, DNSRRCountField

 """
 LLMNR (Link Local Multicast Node Resolution).

 [RFC 4795]
 """

 #############################################################################
 ###                           LLMNR (RFC4795)                             ###
 #############################################################################
 # LLMNR is based on the DNS packet format (RFC1035 Section 4)
 # RFC also envisions LLMNR over TCP. Like vista, we don't support it -- arno

 _LLMNR_IPv6_mcast_Addr = "FF02:0:0:0:0:0:1:3"
 _LLMNR_IPv4_mcast_addr = "224.0.0.252"

 class LLMNRQuery(Packet):
     name = "Link Local Multicast Node Resolution - Query"
     fields_desc = [ ShortField("id", 0),
                     BitField("qr", 0, 1),
                     BitEnumField("opcode", 0, 4, { 0:"QUERY" }),
                     BitField("c", 0, 1),
                     BitField("tc", 0, 2),
                     BitField("z", 0, 4),
                     BitEnumField("rcode", 0, 4, { 0:"ok" }),
                     DNSRRCountField("qdcount", None, "qd"),
                     DNSRRCountField("ancount", None, "an"),
                     DNSRRCountField("nscount", None, "ns"),
                     DNSRRCountField("arcount", None, "ar"),
                     DNSQRField("qd", "qdcount"),
                     DNSRRField("an", "ancount"),
                     DNSRRField("ns", "nscount"),
                     DNSRRField("ar", "arcount",0)]
     overload_fields = {UDP: {"sport": 5355, "dport": 5355 }}
     def hashret(self):
         return struct.pack("!H", self.id)

 class LLMNRResponse(LLMNRQuery):
     name = "Link Local Multicast Node Resolution - Response"
     qr = 1
     def answers(self, other):
         return (isinstance(other, LLMNRQuery) and
                 self.id == other.id and
                 self.qr == 1 and
                 other.qr == 0)

 def _llmnr_dispatcher(x, *args, **kargs):
     cls = conf.raw_layer
     if len(x) >= 2:
         if (orb(x[2]) & 0x80): # Response
             cls = LLMNRResponse
         else:                  # Query
             cls = LLMNRQuery
     return cls(x, *args, **kargs)

 bind_bottom_up(UDP, _llmnr_dispatcher, { "dport": 5355 })
 bind_bottom_up(UDP, _llmnr_dispatcher, { "sport": 5355 })

 # LLMNRQuery(id=RandShort(), qd=DNSQR(qname="vista.")))
	from scapy.fields import *
	from scapy.packet import *
	from scapy.layers.inet import UDP
	from scapy.layers.dns import DNSQRField, DNSRRField, DNSRRCountField

	"""
	LLMNR (Link Local Multicast Node Resolution).

	[RFC 4795]
	"""

	#############################################################################
	### LLMNR (RFC4795) ###
	#############################################################################
	# LLMNR is based on the DNS packet format (RFC1035 Section 4)
	# RFC also envisions LLMNR over TCP. Like vista, we don't support it -- arno

	_LLMNR_IPv6_mcast_Addr = "FF02:0:0:0:0:0:1:3"
	_LLMNR_IPv4_mcast_addr = "224.0.0.252"

	class LLMNRQuery(Packet):
	name = "Link Local Multicast Node Resolution - Query"
	fields_desc = [ ShortField("id", 0),
	BitField("qr", 0, 1),
	BitEnumField("opcode", 0, 4, { 0:"QUERY" }),
	BitField("c", 0, 1),
	BitField("tc", 0, 2),
	BitField("z", 0, 4),
	BitEnumField("rcode", 0, 4, { 0:"ok" }),
	DNSRRCountField("qdcount", None, "qd"),
	DNSRRCountField("ancount", None, "an"),
	DNSRRCountField("nscount", None, "ns"),
	DNSRRCountField("arcount", None, "ar"),
	DNSQRField("qd", "qdcount"),
	DNSRRField("an", "ancount"),
	DNSRRField("ns", "nscount"),
	DNSRRField("ar", "arcount",0)]
	overload_fields = {UDP: {"sport": 5355, "dport": 5355 }}
	def hashret(self):
	return struct.pack("!H", self.id)

	class LLMNRResponse(LLMNRQuery):
	name = "Link Local Multicast Node Resolution - Response"
	qr = 1
	def answers(self, other):
	return (isinstance(other, LLMNRQuery) and
	self.id == other.id and
	self.qr == 1 and
	other.qr == 0)

	def _llmnr_dispatcher(x, args, *kargs):
	cls = conf.raw_layer
	if len(x) >= 2:
	if (orb(x[2]) & 0x80): # Response
	cls = LLMNRResponse
	else: # Query
	cls = LLMNRQuery
	return cls(x, args, *kargs)

	bind_bottom_up(UDP, _llmnr_dispatcher, { "dport": 5355 })
	bind_bottom_up(UDP, _llmnr_dispatcher, { "sport": 5355 })

	# LLMNRQuery(id=RandShort(), qd=DNSQR(qname="vista.")))