| ## This file is part of Scapy |
| ## See http://www.secdev.org/projects/scapy for more informations |
| ## Copyright (C) Jan Sebechlebsky <sebechlebskyjan@gmail.com> |
| ## This program is published under a GPLv2 license |
| |
| """ |
| PPTP (Point to Point Tunneling Protocol) |
| |
| [RFC 2637] |
| """ |
| |
| from scapy.packet import Packet, bind_layers |
| from scapy.layers.inet import TCP |
| from scapy.compat import * |
| from scapy.fields import ByteEnumField, FieldLenField, FlagsField, IntField, IntEnumField,\ |
| LenField, XIntField, ShortField, ShortEnumField, StrFixedLenField,\ |
| StrLenField, XShortField, XByteField |
| |
| _PPTP_MAGIC_COOKIE = 0x1a2b3c4d |
| |
| _PPTP_msg_type = {1: "Control Message", |
| 2: "Managemenent Message"} |
| |
| _PPTP_ctrl_msg_type = { # Control Connection Management |
| 1: "Start-Control-Connection-Request", |
| 2: "Start-Control-Connection-Reply", |
| 3: "Stop-Control-Connection-Request", |
| 4: "Stop-Control-Connection-Reply", |
| 5: "Echo-Request", |
| 6: "Echo-Reply", |
| # Call Management |
| 7: "Outgoing-Call-Request", |
| 8: "Outgoing-Call-Reply", |
| 9: "Incoming-Call-Request", |
| 10: "Incoming-Call-Reply", |
| 11: "Incoming-Call-Connected", |
| 12: "Call-Clear-Request", |
| 13: "Call-Disconnect-Notify", |
| # Error Reporting |
| 14: "WAN-Error-Notify", |
| # PPP Session Control |
| 15: "Set-Link-Info"} |
| |
| _PPTP_general_error_code = {0: "None", |
| 1: "Not-Connected", |
| 2: "Bad-Format", |
| 3: "Bad-Value", |
| 4: "No-Resource", |
| 5: "Bad-Call ID", |
| 6: "PAC-Error"} |
| |
| |
| class PPTP(Packet): |
| name = "PPTP" |
| fields_desc = [FieldLenField("len", None, fmt="H", length_of="data", |
| adjust=lambda p, x: x + 12), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 1, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| StrLenField("data", "",length_from=lambda p: p.len - 12)] |
| |
| registered_options = {} |
| |
| @classmethod |
| def register_variant(cls): |
| cls.registered_options[cls.ctrl_msg_type.default] = cls |
| |
| @classmethod |
| def dispatch_hook(cls, _pkt=None, *args, **kargs): |
| if _pkt: |
| o = orb(_pkt[9]) |
| return cls.registered_options.get(o, cls) |
| return cls |
| |
| |
| _PPTP_FRAMING_CAPABILITIES_FLAGS = ["Asynchronous Framing supported", |
| "Synchronous Framing supported"] |
| |
| _PPTP_BEARER_CAPABILITIES_FLAGS = ["Analog access supported", |
| "Digital access supported"] |
| |
| |
| class PPTPStartControlConnectionRequest(PPTP): |
| name = "PPTP Start Control Connection Request" |
| fields_desc = [LenField("len", 156), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 1, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("protocol_version", 1), |
| XShortField("reserved_1", 0x0000), |
| FlagsField("framing_capabilities", 0, 32, |
| _PPTP_FRAMING_CAPABILITIES_FLAGS), |
| FlagsField("bearer_capabilities", 0, 32, |
| _PPTP_BEARER_CAPABILITIES_FLAGS), |
| ShortField("maximum_channels", 65535), |
| ShortField("firmware_revision", 256), |
| StrFixedLenField("host_name", "linux", 64), |
| StrFixedLenField("vendor_string", "", 64)] |
| |
| _PPTP_start_control_connection_result = {1: "OK", |
| 2: "General error", |
| 3: "Command channel already exists", |
| 4: "Not authorized", |
| 5: "Unsupported protocol version"} |
| |
| |
| class PPTPStartControlConnectionReply(PPTP): |
| name = "PPTP Start Control Connection Reply" |
| fields_desc = [LenField("len", 156), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 2, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("protocol_version", 1), |
| ByteEnumField("result_code", 1, |
| _PPTP_start_control_connection_result), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| FlagsField("framing_capabilities", 0, 32, |
| _PPTP_FRAMING_CAPABILITIES_FLAGS), |
| FlagsField("bearer_capabilities", 0, 32, |
| _PPTP_BEARER_CAPABILITIES_FLAGS), |
| ShortField("maximum_channels", 65535), |
| ShortField("firmware_revision", 256), |
| StrFixedLenField("host_name", "linux", 64), |
| StrFixedLenField("vendor_string", "", 64)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPStartControlConnectionRequest) |
| |
| |
| _PPTP_stop_control_connection_reason = {1: "None", |
| 2: "Stop-Protocol", |
| 3: "Stop-Local-Shutdown"} |
| |
| |
| class PPTPStopControlConnectionRequest(PPTP): |
| name = "PPTP Stop Control Connection Request" |
| fields_desc = [LenField("len", 16), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 3, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ByteEnumField("reason", 1, |
| _PPTP_stop_control_connection_reason), |
| XByteField("reserved_1", 0x00), |
| XShortField("reserved_2", 0x0000)] |
| |
| _PPTP_stop_control_connection_result = {1: "OK", |
| 2: "General error"} |
| |
| |
| class PPTPStopControlConnectionReply(PPTP): |
| name = "PPTP Stop Control Connection Reply" |
| fields_desc = [LenField("len", 16), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 4, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ByteEnumField("result_code", 1, |
| _PPTP_stop_control_connection_result), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| XShortField("reserved_2", 0x0000)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPStopControlConnectionRequest) |
| |
| |
| class PPTPEchoRequest(PPTP): |
| name = "PPTP Echo Request" |
| fields_desc = [LenField("len", 16), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 5, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| IntField("identifier", None)] |
| |
| _PPTP_echo_result = {1: "OK", |
| 2: "General error"} |
| |
| |
| class PPTPEchoReply(PPTP): |
| name = "PPTP Echo Reply" |
| fields_desc = [LenField("len", 20), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 6, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| IntField("identifier", None), |
| ByteEnumField("result_code", 1, _PPTP_echo_result), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| XShortField("reserved_1", 0x0000)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPEchoRequest) and other.identifier == self.identifier |
| |
| _PPTP_bearer_type = {1: "Analog channel", |
| 2: "Digital channel", |
| 3: "Any type of channel"} |
| |
| _PPTP_framing_type = {1: "Asynchronous framing", |
| 2: "Synchronous framing", |
| 3: "Any type of framing"} |
| |
| |
| class PPTPOutgoingCallRequest(PPTP): |
| name = "PPTP Outgoing Call Request" |
| fields_desc = [LenField("len", 168), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 7, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| ShortField("call_serial_number", 0), |
| IntField("minimum_bps", 32768), |
| IntField("maximum_bps", 2147483648), |
| IntEnumField("bearer_type", 3, _PPTP_bearer_type), |
| IntEnumField("framing_type", 3, _PPTP_framing_type), |
| ShortField("pkt_window_size", 16), |
| ShortField("pkt_proc_delay", 0), |
| ShortField('phone_number_len', 0), |
| XShortField("reserved_1", 0x0000), |
| StrFixedLenField("phone_number", '', 64), |
| StrFixedLenField("subaddress", '', 64)] |
| |
| _PPTP_result_code = {1: "Connected", |
| 2: "General error", |
| 3: "No Carrier", |
| 4: "Busy", |
| 5: "No dial tone", |
| 6: "Time-out", |
| 7: "Do not accept"} |
| |
| |
| class PPTPOutgoingCallReply(PPTP): |
| name = "PPTP Outgoing Call Reply" |
| fields_desc = [LenField("len", 32), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 8, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| ShortField("peer_call_id", 1), |
| ByteEnumField("result_code", 1, _PPTP_result_code), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| ShortField("cause_code", 0), |
| IntField("connect_speed", 100000000), |
| ShortField("pkt_window_size", 16), |
| ShortField("pkt_proc_delay", 0), |
| IntField("channel_id", 0)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPOutgoingCallRequest) and other.call_id == self.peer_call_id |
| |
| |
| class PPTPIncomingCallRequest(PPTP): |
| name = "PPTP Incoming Call Request" |
| fields_desc = [LenField("len", 220), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 9, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| ShortField("call_serial_number", 1), |
| IntEnumField("bearer_type", 3, _PPTP_bearer_type), |
| IntField("channel_id", 0), |
| ShortField("dialed_number_len", 0), |
| ShortField("dialing_number_len", 0), |
| StrFixedLenField("dialed_number", "", 64), |
| StrFixedLenField("dialing_number", "", 64), |
| StrFixedLenField("subaddress", "", 64)] |
| |
| |
| class PPTPIncomingCallReply(PPTP): |
| name = "PPTP Incoming Call Reply" |
| fields_desc = [LenField("len", 148), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 10, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| ShortField("peer_call_id", 1), |
| ByteEnumField("result_code", 1, _PPTP_result_code), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| ShortField("pkt_window_size", 64), |
| ShortField("pkt_transmit_delay", 0), |
| XShortField("reserved_1", 0x0000)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPIncomingCallRequest) and other.call_id == self.peer_call_id |
| |
| |
| class PPTPIncomingCallConnected(PPTP): |
| name = "PPTP Incoming Call Connected" |
| fields_desc = [LenField("len", 28), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 11, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("peer_call_id", 1), |
| XShortField("reserved_1", 0x0000), |
| IntField("connect_speed", 100000000), |
| ShortField("pkt_window_size", 64), |
| ShortField("pkt_transmit_delay", 0), |
| IntEnumField("framing_type", 1, _PPTP_framing_type)] |
| |
| def answers(self, other): |
| return isinstance(other, PPTPIncomingCallReply) and other.call_id == self.peer_call_id |
| |
| |
| class PPTPCallClearRequest(PPTP): |
| name = "PPTP Call Clear Request" |
| fields_desc = [LenField("len", 16), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 12, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| XShortField("reserved_1", 0x0000)] |
| |
| _PPTP_call_disconnect_result = {1: "Lost Carrier", |
| 2: "General error", |
| 3: "Admin Shutdown", |
| 4: "Request"} |
| |
| |
| class PPTPCallDisconnectNotify(PPTP): |
| name = "PPTP Call Disconnect Notify" |
| fields_desc = [LenField("len", 148), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 13, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("call_id", 1), |
| ByteEnumField("result_code", 1, |
| _PPTP_call_disconnect_result), |
| ByteEnumField("error_code", 0, _PPTP_general_error_code), |
| ShortField("cause_code", 0), |
| XShortField("reserved_1", 0x0000), |
| StrFixedLenField("call_statistic", "", 128)] |
| |
| |
| class PPTPWANErrorNotify(PPTP): |
| name = "PPTP WAN Error Notify" |
| fields_desc = [LenField("len", 40), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 14, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("peer_call_id", 1), |
| XShortField("reserved_1", 0x0000), |
| IntField("crc_errors", 0), |
| IntField("framing_errors", 0), |
| IntField("hardware_overruns", 0), |
| IntField("buffer_overruns", 0), |
| IntField("time_out_errors", 0), |
| IntField("alignment_errors", 0)] |
| |
| |
| class PPTPSetLinkInfo(PPTP): |
| name = "PPTP Set Link Info" |
| fields_desc = [LenField("len", 24), |
| ShortEnumField("type", 1, _PPTP_msg_type), |
| XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), |
| ShortEnumField("ctrl_msg_type", 15, _PPTP_ctrl_msg_type), |
| XShortField("reserved_0", 0x0000), |
| ShortField("peer_call_id", 1), |
| XShortField("reserved_1", 0x0000), |
| XIntField("send_accm", 0x00000000), |
| XIntField("receive_accm", 0x00000000)] |
| |
| bind_layers(TCP, PPTP, sport=1723) |
| bind_layers(TCP, PPTP, dport=1723) |
