| # This file is part of Scapy |
| # Scapy is free software: you can redistribute it and/or modify |
| # it under the terms of the GNU General Public License as published by |
| # the Free Software Foundation, either version 2 of the License, or |
| # any later version. |
| # |
| # Scapy is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with Scapy. If not, see <http://www.gnu.org/licenses/>. |
| |
| # author: <jellch@harris.com> |
| |
| # scapy.contrib.description = PPI |
| # scapy.contrib.status = loads |
| |
| |
| """ |
| PPI (Per-Packet Information). |
| """ |
| import logging |
| import struct |
| |
| |
| from scapy.config import conf |
| from scapy.data import DLT_EN10MB, DLT_IEEE802_11, DLT_PPI |
| from scapy.packet import * |
| from scapy.fields import * |
| from scapy.layers.l2 import Ether |
| from scapy.layers.dot11 import Dot11 |
| |
| # Dictionary to map the TLV type to the class name of a sub-packet |
| _ppi_types = {} |
| def addPPIType(id, value): |
| _ppi_types[id] = value |
| def getPPIType(id, default="default"): |
| return _ppi_types.get(id, _ppi_types.get(default, None)) |
| |
| |
| # Default PPI Field Header |
| class PPIGenericFldHdr(Packet): |
| name = "PPI Field Header" |
| fields_desc = [ LEShortField('pfh_type', 0), |
| FieldLenField('pfh_length', None, length_of="value", fmt='<H', adjust=lambda p,x:x+4), |
| StrLenField("value", "", length_from=lambda p:p.pfh_length) ] |
| |
| def extract_padding(self, p): |
| return b"",p |
| |
| def _PPIGuessPayloadClass(p, **kargs): |
| """ This function tells the PacketListField how it should extract the |
| TLVs from the payload. We pass cls only the length string |
| pfh_len says it needs. If a payload is returned, that means |
| part of the sting was unused. This converts to a Raw layer, and |
| the remainder of p is added as Raw's payload. If there is no |
| payload, the remainder of p is added as out's payload. |
| """ |
| if len(p) >= 4: |
| t,pfh_len = struct.unpack("<HH", p[:4]) |
| # Find out if the value t is in the dict _ppi_types. |
| # If not, return the default TLV class |
| cls = getPPIType(t, "default") |
| pfh_len += 4 |
| out = cls(p[:pfh_len], **kargs) |
| if (out.payload): |
| out.payload = conf.raw_layer(out.payload.load) |
| out.payload.underlayer = out |
| if (len(p) > pfh_len): |
| out.payload.payload = conf.padding_layer(p[pfh_len:]) |
| out.payload.payload.underlayer = out.payload |
| elif (len(p) > pfh_len): |
| out.payload = conf.padding_layer(p[pfh_len:]) |
| out.payload.underlayer = out |
| else: |
| out = conf.raw_layer(p, **kargs) |
| return out |
| |
| |
| |
| |
| class PPI(Packet): |
| name = "PPI Packet Header" |
| fields_desc = [ ByteField('pph_version', 0), |
| ByteField('pph_flags', 0), |
| FieldLenField('pph_len', None, length_of="PPIFieldHeaders", fmt="<H", adjust=lambda p,x:x+8 ), |
| LEIntField('dlt', None), |
| PacketListField("PPIFieldHeaders", [], _PPIGuessPayloadClass, length_from=lambda p:p.pph_len-8,) ] |
| def guess_payload_class(self,payload): |
| return conf.l2types.get(self.dlt, Packet.guess_payload_class(self, payload)) |
| |
| #Register PPI |
| addPPIType("default", PPIGenericFldHdr) |
| |
| conf.l2types.register(DLT_PPI, PPI) |
| |
| bind_layers(PPI, Dot11, dlt=DLT_IEEE802_11) |
| bind_layers(PPI, Ether, dlt=DLT_EN10MB) |
