# This file is part of Scapy # Scapy is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # any later version. # # Scapy is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Scapy. If not, see . # scapy.contrib.description = Enhanced Interior Gateway Routing Protocol (EIGRP) # scapy.contrib.status = loads """ EIGRP Scapy Extension ~~~~~~~~~~~~~~~~~~~~~ :version: 2009-08-13 :copyright: 2009 by Jochen Bartl :e-mail: lobo@c3a.de / jochen.bartl@gmail.com :license: GPL v2 :TODO - Replace TLV code with a more generic solution * http://trac.secdev.org/scapy/ticket/90 - Write function for calculating authentication data :Known bugs: - :Thanks: - TLV code derived from the CDP implementation of scapy. (Thanks to Nicolas Bareil and Arnaud Ebalard) http://trac.secdev.org/scapy/ticket/18 - IOS / EIGRP Version Representation FIX by Dirk Loss """ from __future__ import absolute_import import socket import struct from scapy.packet import Packet from scapy.fields import StrField, IPField, XShortField, FieldLenField, \ StrLenField, IntField, ByteEnumField, ByteField, ConditionalField, \ FlagsField, IP6Field, PacketField, PacketListField, ShortEnumField, \ ShortField, StrFixedLenField, ThreeBytesField from scapy.layers.inet import IP, checksum, bind_layers from scapy.layers.inet6 import IPv6 from scapy.compat import chb, raw from scapy.config import conf from scapy.utils import inet_aton, inet_ntoa from scapy.pton_ntop import inet_ntop, inet_pton from scapy.error import warning, Scapy_Exception from scapy.volatile import RandShort, RandString class EigrpIPField(StrField, IPField): """ This is a special field type for handling ip addresses of destination networks in internal and external route updates. EIGRP removes zeros from the host portion of the ip address if the netmask is 8, 16 or 24 bits. """ __slots__ = ["length_from"] def __init__(self, name, default, length=None, length_from=None): StrField.__init__(self, name, default) self.length_from = length_from if length is not None: self.length_from = lambda pkt, length=length: length def h2i(self, pkt, x): return IPField.h2i(self, pkt, x) def i2m(self, pkt, x): x = inet_aton(x) tmp_len = self.length_from(pkt) if tmp_len <= 8: return x[:1] elif tmp_len <= 16: return x[:2] elif tmp_len <= 24: return x[:3] else: return x def m2i(self, pkt, x): tmp_len = self.length_from(pkt) if tmp_len <= 8: x += b"\x00\x00\x00" elif tmp_len <= 16: x += b"\x00\x00" elif tmp_len <= 24: x += b"\x00" return inet_ntoa(x) def prefixlen_to_bytelen(self, tmp_len): if tmp_len <= 8: tmp_len = 1 elif tmp_len <= 16: tmp_len = 2 elif tmp_len <= 24: tmp_len = 3 else: tmp_len = 4 return tmp_len def i2len(self, pkt, x): tmp_len = self.length_from(pkt) tmp_len = self.prefixlen_to_bytelen(tmp_len) return tmp_len def getfield(self, pkt, s): tmp_len = self.length_from(pkt) tmp_len = self.prefixlen_to_bytelen(tmp_len) return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) def randval(self): return IPField.randval(self) class EigrpIP6Field(StrField, IP6Field): """ This is a special field type for handling ip addresses of destination networks in internal and external route updates. """ __slots__ = ["length_from"] def __init__(self, name, default, length=None, length_from=None): StrField.__init__(self, name, default) self.length_from = length_from if length is not None: self.length_from = lambda pkt, length=length: length def any2i(self, pkt, x): return IP6Field.any2i(self, pkt, x) def i2repr(self, pkt, x): return IP6Field.i2repr(self, pkt, x) def h2i(self, pkt, x): return IP6Field.h2i(self, pkt, x) def i2m(self, pkt, x): x = inet_pton(socket.AF_INET6, x) tmp_len = self.length_from(pkt) tmp_len = self.prefixlen_to_bytelen(tmp_len) return x[:tmp_len] def m2i(self, pkt, x): tmp_len = self.length_from(pkt) prefixlen = self.prefixlen_to_bytelen(tmp_len) if tmp_len > 128: warning("EigrpIP6Field: Prefix length is > 128. Dissection of this packet will fail") # noqa: E501 else: pad = b"\x00" * (16 - prefixlen) x += pad return inet_ntop(socket.AF_INET6, x) def prefixlen_to_bytelen(self, plen): plen = plen // 8 if plen < 16: plen += 1 return plen def i2len(self, pkt, x): tmp_len = self.length_from(pkt) tmp_len = self.prefixlen_to_bytelen(tmp_len) return tmp_len def getfield(self, pkt, s): tmp_len = self.length_from(pkt) tmp_len = self.prefixlen_to_bytelen(tmp_len) return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) def randval(self): return IP6Field.randval(self) class EIGRPGeneric(Packet): name = "EIGRP Generic TLV" fields_desc = [XShortField("type", 0x0000), FieldLenField("len", None, "value", "!H", adjust=lambda pkt, x: x + 4), # noqa: E501 StrLenField("value", b"\x00", length_from=lambda pkt: pkt.len - 4)] # noqa: E501 def guess_payload_class(self, p): return conf.padding_layer class EIGRPParam(EIGRPGeneric): name = "EIGRP Parameters" fields_desc = [XShortField("type", 0x0001), ShortField("len", 12), # Bandwidth ByteField("k1", 1), # Load ByteField("k2", 0), # Delay ByteField("k3", 1), # Reliability ByteField("k4", 0), # MTU ByteField("k5", 0), ByteField("reserved", 0), ShortField("holdtime", 15) ] class EIGRPAuthData(EIGRPGeneric): name = "EIGRP Authentication Data" fields_desc = [XShortField("type", 0x0002), FieldLenField("len", None, "authdata", "!H", adjust=lambda pkt, x: x + 24), # noqa: E501 ShortEnumField("authtype", 2, {2: "MD5"}), ShortField("keysize", None), IntField("keyid", 1), StrFixedLenField("nullpad", b"\x00" * 12, 12), StrLenField("authdata", RandString(16), length_from=lambda pkt: pkt.keysize) # noqa: E501 ] def post_build(self, p, pay): p += pay if self.keysize is None: keysize = len(self.authdata) p = p[:6] + chb((keysize >> 8) & 0xff) + chb(keysize & 0xff) + p[8:] # noqa: E501 return p class EIGRPSeq(EIGRPGeneric): name = "EIGRP Sequence" fields_desc = [XShortField("type", 0x0003), ShortField("len", None), ByteField("addrlen", 4), ConditionalField(IPField("ipaddr", "192.168.0.1"), lambda pkt:pkt.addrlen == 4), ConditionalField(IP6Field("ip6addr", "2001::"), lambda pkt:pkt.addrlen == 16) ] def post_build(self, p, pay): p += pay if self.len is None: tmp_len = len(p) tmp_p = p[:2] + chb((tmp_len >> 8) & 0xff) p = tmp_p + chb(tmp_len & 0xff) + p[4:] return p class ShortVersionField(ShortField): def i2repr(self, pkt, x): try: minor = x & 0xff major = (x >> 8) & 0xff except TypeError: return "unknown" else: # We print a leading 'v' so that these values don't look like floats # noqa: E501 return "v%s.%s" % (major, minor) def h2i(self, pkt, x): """The field accepts string values like v12.1, v1.1 or integer values. String values have to start with a "v" folled by a floating point number. Valid numbers are between 0 and 255. """ if isinstance(x, str) and x.startswith("v") and len(x) <= 8: major = int(x.split(".")[0][1:]) minor = int(x.split(".")[1]) return (major << 8) | minor elif isinstance(x, int) and 0 <= x <= 65535: return x else: if not hasattr(self, "default"): return x if self.default is not None: warning("set value to default. Format of %r is invalid" % x) return self.default else: raise Scapy_Exception("Format of value is invalid") def randval(self): return RandShort() class EIGRPSwVer(EIGRPGeneric): name = "EIGRP Software Version" fields_desc = [XShortField("type", 0x0004), ShortField("len", 8), ShortVersionField("ios", "v12.0"), ShortVersionField("eigrp", "v1.2") ] class EIGRPNms(EIGRPGeneric): name = "EIGRP Next Multicast Sequence" fields_desc = [XShortField("type", 0x0005), ShortField("len", 8), IntField("nms", 2) ] # Don't get confused by the term "receive-only". This flag is always set, when you configure # noqa: E501 # one of the stub options. It's also the only flag set, when you configure "eigrp stub receive-only". # noqa: E501 _EIGRP_STUB_FLAGS = ["connected", "static", "summary", "receive-only", "redistributed", "leak-map"] # noqa: E501 class EIGRPStub(EIGRPGeneric): name = "EIGRP Stub Router" fields_desc = [XShortField("type", 0x0006), ShortField("len", 6), FlagsField("flags", 0x000d, 16, _EIGRP_STUB_FLAGS)] # Delay 0xffffffff == Destination Unreachable class EIGRPIntRoute(EIGRPGeneric): name = "EIGRP Internal Route" fields_desc = [XShortField("type", 0x0102), FieldLenField("len", None, "dst", "!H", adjust=lambda pkt, x: x + 25), # noqa: E501 IPField("nexthop", "192.168.0.0"), IntField("delay", 128000), IntField("bandwidth", 256), ThreeBytesField("mtu", 1500), ByteField("hopcount", 0), ByteField("reliability", 255), ByteField("load", 0), XShortField("reserved", 0), ByteField("prefixlen", 24), EigrpIPField("dst", "192.168.1.0", length_from=lambda pkt: pkt.prefixlen), # noqa: E501 ] _EIGRP_EXTERNAL_PROTOCOL_ID = { 0x01: "IGRP", 0x02: "EIGRP", 0x03: "Static Route", 0x04: "RIP", 0x05: "Hello", 0x06: "OSPF", 0x07: "IS-IS", 0x08: "EGP", 0x09: "BGP", 0x0A: "IDRP", 0x0B: "Connected Link" } _EIGRP_EXTROUTE_FLAGS = ["external", "candidate-default"] class EIGRPExtRoute(EIGRPGeneric): name = "EIGRP External Route" fields_desc = [XShortField("type", 0x0103), FieldLenField("len", None, "dst", "!H", adjust=lambda pkt, x: x + 45), # noqa: E501 IPField("nexthop", "192.168.0.0"), IPField("originrouter", "192.168.0.1"), IntField("originasn", 0), IntField("tag", 0), IntField("externalmetric", 0), ShortField("reserved", 0), ByteEnumField("extprotocolid", 3, _EIGRP_EXTERNAL_PROTOCOL_ID), # noqa: E501 FlagsField("flags", 0, 8, _EIGRP_EXTROUTE_FLAGS), IntField("delay", 0), IntField("bandwidth", 256), ThreeBytesField("mtu", 1500), ByteField("hopcount", 0), ByteField("reliability", 255), ByteField("load", 0), XShortField("reserved2", 0), ByteField("prefixlen", 24), EigrpIPField("dst", "192.168.1.0", length_from=lambda pkt: pkt.prefixlen) # noqa: E501 ] class EIGRPv6IntRoute(EIGRPGeneric): name = "EIGRP for IPv6 Internal Route" fields_desc = [XShortField("type", 0x0402), FieldLenField("len", None, "dst", "!H", adjust=lambda pkt, x: x + 37), # noqa: E501 IP6Field("nexthop", "::"), IntField("delay", 128000), IntField("bandwidth", 256000), ThreeBytesField("mtu", 1500), ByteField("hopcount", 1), ByteField("reliability", 255), ByteField("load", 0), XShortField("reserved", 0), ByteField("prefixlen", 16), EigrpIP6Field("dst", "2001::", length_from=lambda pkt: pkt.prefixlen) # noqa: E501 ] class EIGRPv6ExtRoute(EIGRPGeneric): name = "EIGRP for IPv6 External Route" fields_desc = [XShortField("type", 0x0403), FieldLenField("len", None, "dst", "!H", adjust=lambda pkt, x: x + 57), # noqa: E501 IP6Field("nexthop", "::"), IPField("originrouter", "192.168.0.1"), IntField("originasn", 0), IntField("tag", 0), IntField("externalmetric", 0), ShortField("reserved", 0), ByteEnumField("extprotocolid", 3, _EIGRP_EXTERNAL_PROTOCOL_ID), # noqa: E501 FlagsField("flags", 0, 8, _EIGRP_EXTROUTE_FLAGS), IntField("delay", 0), IntField("bandwidth", 256000), ThreeBytesField("mtu", 1500), ByteField("hopcount", 1), ByteField("reliability", 0), ByteField("load", 1), XShortField("reserved2", 0), ByteField("prefixlen", 8), EigrpIP6Field("dst", "::", length_from=lambda pkt: pkt.prefixlen) # noqa: E501 ] _eigrp_tlv_cls = { 0x0001: "EIGRPParam", 0x0002: "EIGRPAuthData", 0x0003: "EIGRPSeq", 0x0004: "EIGRPSwVer", 0x0005: "EIGRPNms", 0x0006: "EIGRPStub", 0x0102: "EIGRPIntRoute", 0x0103: "EIGRPExtRoute", 0x0402: "EIGRPv6IntRoute", 0x0403: "EIGRPv6ExtRoute" } class RepeatedTlvListField(PacketListField): def __init__(self, name, default, cls): PacketField.__init__(self, name, default, cls) def getfield(self, pkt, s): lst = [] remain = s while len(remain) > 0: p = self.m2i(pkt, remain) if conf.padding_layer in p: pad = p[conf.padding_layer] remain = pad.load del(pad.underlayer.payload) else: remain = b"" lst.append(p) return remain, lst def addfield(self, pkt, s, val): return s + b"".join(raw(v) for v in val) def _EIGRPGuessPayloadClass(p, **kargs): cls = conf.raw_layer if len(p) >= 2: t = struct.unpack("!H", p[:2])[0] clsname = _eigrp_tlv_cls.get(t, "EIGRPGeneric") cls = globals()[clsname] return cls(p, **kargs) _EIGRP_OPCODES = {1: "Update", 2: "Request", 3: "Query", 4: "Replay", 5: "Hello", 6: "IPX SAP", 10: "SIA Query", 11: "SIA Reply"} # The Conditional Receive bit is used for reliable multicast communication. # Update-Flag: Not sure if Cisco calls it that way, but it's set when neighbors # are exchanging routing information _EIGRP_FLAGS = ["init", "cond-recv", "unknown", "update"] class EIGRP(Packet): name = "EIGRP" fields_desc = [ByteField("ver", 2), ByteEnumField("opcode", 5, _EIGRP_OPCODES), XShortField("chksum", None), FlagsField("flags", 0, 32, _EIGRP_FLAGS), IntField("seq", 0), IntField("ack", 0), IntField("asn", 100), RepeatedTlvListField("tlvlist", [], _EIGRPGuessPayloadClass) ] def post_build(self, p, pay): p += pay if self.chksum is None: c = checksum(p) p = p[:2] + chb((c >> 8) & 0xff) + chb(c & 0xff) + p[4:] return p def mysummary(self): summarystr = "EIGRP (AS=%EIGRP.asn% Opcode=%EIGRP.opcode%" if self.opcode == 5 and self.ack != 0: summarystr += " (ACK)" if self.flags != 0: summarystr += " Flags=%EIGRP.flags%" return self.sprintf(summarystr + ")") bind_layers(IP, EIGRP, proto=88) bind_layers(IPv6, EIGRP, nh=88)