summaryrefslogtreecommitdiffstats
path: root/nselib/packet.lua
diff options
context:
space:
mode:
Diffstat (limited to 'nselib/packet.lua')
-rw-r--r--nselib/packet.lua1075
1 files changed, 1075 insertions, 0 deletions
diff --git a/nselib/packet.lua b/nselib/packet.lua
new file mode 100644
index 0000000..b09dcc9
--- /dev/null
+++ b/nselib/packet.lua
@@ -0,0 +1,1075 @@
+---
+-- Facilities for manipulating raw packets.
+--
+-- @author Marek Majkowski <majek04+nse@gmail.com>
+-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
+
+local ipOps = require "ipOps"
+local stdnse = require "stdnse"
+local string = require "string"
+local unittest = require "unittest"
+_ENV = stdnse.module("packet", stdnse.seeall)
+
+
+----------------------------------------------------------------------------------------------------------------
+--- Get an 8-bit integer at a 0-based byte offset in a byte string.
+-- @param b A byte string.
+-- @param i Offset.
+-- @return An 8-bit integer.
+local function u8(b, i)
+ return b:byte(i+1)
+end
+--- Get a 16-bit integer at a 0-based byte offset in a byte string.
+-- @param b A byte string.
+-- @param i Offset.
+-- @return A 16-bit integer.
+local function u16(b, i)
+ return (">I2"):unpack(b, i+1)
+end
+--- Get a 32-bit integer at a 0-based byte offset in a byte string.
+-- @param b A byte string.
+-- @param i Offset.
+-- @return A 32-bit integer.
+local function u32(b,i)
+ return (">I4"):unpack(b, i+1)
+end
+
+--- Set an 8-bit integer at a 0-based byte offset in a byte string
+-- (big-endian).
+-- @param b A byte string.
+-- @param i Offset.
+-- @param num Integer to store.
+local function set_u8(b, i, num)
+ local s = string.char(num & 0xff)
+ return b:sub(0+1, i+1-1) .. s .. b:sub(i+1+1)
+end
+--- Set a 16-bit integer at a 0-based byte offset in a byte string
+-- (big-endian).
+-- @param b A byte string.
+-- @param i Offset.
+-- @param num Integer to store.
+local function set_u16(b, i, num)
+ return b:sub(0+1, i+1-1) .. (">I2"):pack(num) .. b:sub(i+1+2)
+end
+--- Set a 32-bit integer at a 0-based byte offset in a byte string
+-- (big-endian).
+-- @param b A byte string.
+-- @param i Offset.
+-- @param num Integer to store.
+local function set_u32(b,i, num)
+ return b:sub(0+1, i+1-1) .. (">I4"):pack(num) .. b:sub(i+1+4)
+end
+
+--- Calculate a standard Internet checksum.
+-- @param b Data to checksum.
+-- @return Checksum.
+function in_cksum(b)
+ local sum = 0
+
+ -- Pad to even length, then sum up
+ string.gsub(b .. ("\0"):rep(#b % 2), "..", function(twobytes)
+ sum = sum + (">I2"):unpack(twobytes)
+ end)
+
+ local shifted = sum >> 16
+ while shifted > 0 do
+ sum = (sum & 0xffff) + shifted
+ shifted = sum >> 16
+ end
+
+ sum = ~sum
+ sum = (sum & 0xffff) -- truncate to 16 bits
+ return sum
+end
+
+-- ip protocol field
+IPPROTO_IP = 0 -- Dummy protocol for TCP
+IPPROTO_HOPOPTS = 0 -- IPv6 hop-by-hop options
+IPPROTO_ICMP = 1 -- Internet Control Message Protocol
+IPPROTO_IGMP = 2 -- Internet Group Management Protocol
+IPPROTO_IPIP = 4 -- IPIP tunnels (older KA9Q tunnels use 94)
+IPPROTO_TCP = 6 -- Transmission Control Protocol
+IPPROTO_EGP = 8 -- Exterior Gateway Protocol
+IPPROTO_PUP = 12 -- PUP protocol
+IPPROTO_UDP = 17 -- User Datagram Protocol
+IPPROTO_IDP = 22 -- XNS IDP protocol
+IPPROTO_DCCP = 33 -- Datagram Congestion Control Protocol
+IPPROTO_RSVP = 46 -- RSVP protocol
+IPPROTO_GRE = 47 -- Cisco GRE tunnels (rfc 1701,1702)
+IPPROTO_IPV6 = 41 -- IPv6-in-IPv4 tunnelling
+
+IPPROTO_ROUTING = 43 -- IPv6 routing header
+IPPROTO_FRAGMENT= 44 -- IPv6 fragmentation header
+IPPROTO_ESP = 50 -- Encapsulation Security Payload protocol
+IPPROTO_AH = 51 -- Authentication Header protocol
+IPPROTO_ICMPV6 = 58 -- ICMP for IPv6
+IPPROTO_DSTOPTS = 60 -- IPv6 destination options
+IPPROTO_BEETPH = 94 -- IP option pseudo header for BEET
+IPPROTO_PIM = 103 -- Protocol Independent Multicast
+
+IPPROTO_COMP = 108 -- Compression Header protocol
+IPPROTO_SCTP = 132 -- Stream Control Transport Protocol
+IPPROTO_UDPLITE = 136 -- UDP-Lite (RFC 3828)
+
+
+ICMP_ECHO_REQUEST = 8
+ICMP_ECHO_REPLY = 0
+
+ICMP6_ECHO_REQUEST = 128
+ICMP6_ECHO_REPLY = 129
+MLD_LISTENER_QUERY = 130
+MLD_LISTENER_REPORT = 131
+MLD_LISTENER_REDUCTION = 132
+ND_ROUTER_SOLICIT = 133
+ND_ROUTER_ADVERT = 134
+ND_NEIGHBOR_SOLICIT = 135
+ND_NEIGHBOR_ADVERT = 136
+ND_REDIRECT = 137
+MLDV2_LISTENER_REPORT = 143
+
+ND_OPT_SOURCE_LINKADDR = 1
+ND_OPT_TARGET_LINKADDR = 2
+ND_OPT_PREFIX_INFORMATION = 3
+ND_OPT_REDIRECTED_HEADER = 4
+ND_OPT_MTU = 5
+ND_OPT_RTR_ADV_INTERVAL = 7
+ND_OPT_HOME_AGENT_INFO = 8
+
+ETHER_TYPE_IPV4 = "\x08\x00"
+ETHER_TYPE_IPV6 = "\x86\xdd"
+
+----------------------------------------------------------------------------------------------------------------
+-- Frame is a class
+Frame = {}
+
+function Frame:new(frame, force_continue)
+ local packet = nil
+ local packet_len = 0
+ if frame and #frame > 14 then
+ packet = string.sub(frame, 15, -1)
+ packet_len = #frame - 14
+ end
+ local o = Packet:new(packet, packet_len, force_continue)
+
+ o.build_ether_frame = self.build_ether_frame
+ o.ether_parse = self.ether_parse
+ o.frame_buf = frame
+ o:ether_parse()
+ return o
+end
+--- Build an Ethernet frame.
+-- @param mac_dst six-byte string of the destination MAC address.
+-- @param mac_src six-byte string of the source MAC address.
+-- @param ether_type two-byte string of the type.
+-- @param packet string of the payload.
+-- @return frame string of the Ether frame.
+function Frame:build_ether_frame(mac_dst, mac_src, ether_type, packet)
+ self.mac_dst = mac_dst or self.mac_dst
+ self.mac_src = mac_src or self.mac_src
+ self.ether_type = ether_type or self.ether_type
+ self.buf = packet or self.buf
+ if not self.ether_type then
+ return nil, "Unknown packet type."
+ end
+ self.frame_buf = self.mac_dst..self.mac_src..self.ether_type..self.buf
+end
+--- Parse an Ethernet frame.
+-- @param frame string of the Ether frame.
+-- @return mac_dst six-byte string of the destination MAC address.
+-- @return mac_src six-byte string of the source MAC address.
+-- @return packet string of the payload.
+function Frame:ether_parse()
+ if not self.frame_buf or #self.frame_buf < 14 then -- too short
+ return false
+ end
+ self.mac_dst = string.sub(self.frame_buf, 1, 6)
+ self.mac_src = string.sub(self.frame_buf, 7, 12)
+ self.ether_type = u16(self.frame_buf, 12)
+end
+
+----------------------------------------------------------------------------------------------------------------
+-- Packet is a class
+Packet = {}
+
+--- Create a new Packet object.
+-- @param packet Binary string with packet data.
+-- @param packet_len Packet length. It could be more than
+-- <code>#packet</code>.
+-- @param force_continue whether an error in parsing headers should be fatal or
+-- not. This is especially useful when parsing ICMP packets, where a small ICMP
+-- payload could be a TCP header. The problem is that parsing this payload
+-- normally would fail because the TCP header is too small.
+-- @return A new Packet.
+function Packet:new(packet, packet_len, force_continue)
+ local o = setmetatable({}, {__index = Packet})
+ if not packet then
+ return o
+ end
+ o.buf = packet
+ o.packet_len = packet_len
+ o.ip_v = string.byte(o.buf) >> 4
+ if o.ip_v == 4 and not o:ip_parse(force_continue) then
+ return nil
+ elseif o.ip_v == 6 and not o:ip6_parse(force_continue) then
+ return nil
+ end
+
+ if o.ip_v == 6 then
+ while o:ipv6_is_extension_header() do
+ if o.ip6_data_offset >= o.packet_len or not o:ipv6_ext_header_parse(force_continue) then
+ stdnse.debug1("Error while parsing IPv6 extension headers.")
+ return o
+ end
+ end
+ o.ip_p = o.ip6_nhdr
+ end
+
+ if o.ip_p == IPPROTO_TCP then
+ if not o:tcp_parse(force_continue) then
+ stdnse.debug1("Error while parsing TCP packet\n")
+ end
+ elseif o.ip_p == IPPROTO_UDP then
+ if not o:udp_parse(force_continue) then
+ stdnse.debug1("Error while parsing UDP packet\n")
+ end
+ elseif o.ip_p == IPPROTO_ICMP then
+ if not o:icmp_parse(force_continue) then
+ stdnse.debug1("Error while parsing ICMP packet\n")
+ end
+ elseif o.ip_p == IPPROTO_ICMPV6 then
+ if not o:icmpv6_parse(force_continue) then
+ stdnse.debug1("Error while parsing ICMPv6 packet\n")
+ end
+ end
+ return o
+end
+--- Convert Version, Traffic Class and Flow Label to a 4-byte string.
+-- @param ip6_tc Number stands for Traffic Class.
+-- @param ip6_fl Number stands for Flow Label.
+-- @return The first four-byte string of an IPv6 header.
+local function ipv6_hdr_tc_fl(ip6_tc, ip6_fl)
+ return (6 << 28) +
+ ((ip6_tc & 0xFF) << 20) +
+ (ip6_fl & 0xFFFFF)
+end
+--- Build an IPv6 packet.
+-- @param src 16-byte string of the source IPv6 address.
+-- @param dsr 16-byte string of the destination IPv6 address.
+-- @param nx_hdr integer that represents next header.
+-- @param h_limit integer that represents hop limit.
+-- @param t_class integer that represents traffic class.
+-- @param f_label integer that represents flow label.
+function Packet:build_ipv6_packet(src, dst, nx_hdr, payload, h_limit, t_class, f_label)
+ self.ether_type = ETHER_TYPE_IPV6
+ self.ip_v = 6
+ self.ip_bin_src = src or self.ip_bin_src
+ self.ip_bin_dst = dst or self.ip_bin_dst
+ self.ip6_nhdr = nx_hdr or self.ip6_nhdr
+ self.l4_packet = payload or self.l4_packet
+ self.ip6_tc = t_class or self.ip6_tc or 1
+ self.ip6_fl = f_label or self.ip6_fl or 1
+ self.ip6_hlimit = h_limit or self.ip6_hlimit or 255
+ self.ip6_plen = #(self.exheader or "")+#(self.l4_packet or "")
+ self.buf = (">I4I2BBc16c16"):pack(
+ ipv6_hdr_tc_fl(self.ip6_tc, self.ip6_fl),
+ self.ip6_plen, --payload length
+ self.ip6_nhdr, --next header
+ self.ip6_hlimit, --hop limit
+ self.ip_bin_src, --Source
+ self.ip_bin_dst) .. --dest
+ (self.exheader or "")..
+ (self.l4_packet or "")
+end
+--- Return true if and only if the next header is an known extension header.
+-- @param nhdr Next header.
+function Packet:ipv6_is_extension_header(nhdr)
+ self.ip6_nhdr = nhdr or self.ip6_nhdr
+ if self.ip6_nhdr == IPPROTO_HOPOPTS or
+ self.ip6_nhdr == IPPROTO_DSTOPTS or
+ self.ip6_nhdr == IPPROTO_ROUTING or
+ self.ip6_nhdr == IPPROTO_FRAGMENT then
+ return true
+ end
+ return nil
+end
+--- Count IPv6 checksum.
+-- @return the checksum.
+function Packet:count_ipv6_pseudoheader_cksum()
+ local pseudoheader = (">c16c16I2xxxB"):pack(
+ self.ip_bin_src, self.ip_bin_dst, #self.l4_packet, self.ip6_nhdr)
+ local ck_content = pseudoheader .. self.l4_packet
+ return in_cksum(ck_content)
+end
+--- Set ICMPv6 checksum.
+function Packet:set_icmp6_cksum(check_sum)
+ self.l4_packet = set_u16(self.l4_packet, 2, check_sum)
+end
+--- Build an ICMPv6 header.
+-- @param icmpv6_type integer that represent ICMPv6 type.
+-- @param icmpv6_code integer that represent ICMPv6 code.
+-- @param icmpv6_payload string of the payload
+-- @param ip_bin_src 16-byte string of the source IPv6 address.
+-- @param ip_bin_dst 16-byte string of the destination IPv6 address.
+function Packet:build_icmpv6_header(icmpv6_type, icmpv6_code, icmpv6_payload, ip_bin_src, ip_bin_dst)
+ self.ip6_nhdr = IPPROTO_ICMPV6
+ self.icmpv6_type = icmpv6_type or self.icmpv6_type
+ self.icmpv6_code = icmpv6_code or self.icmpv6_code
+ self.icmpv6_payload = icmpv6_payload or self.icmpv6_payload
+ self.ip_bin_src = ip_bin_src or self.ip_bin_src
+ self.ip_bin_dst = ip_bin_dst or self.ip_bin_dst
+
+ self.l4_packet = ("BBxx"):pack(self.icmpv6_type, self.icmpv6_code) ..
+ (self.icmpv6_payload or "")
+ local check_sum = self:count_ipv6_pseudoheader_cksum()
+ self:set_icmp6_cksum(check_sum)
+end
+--- Build an ICMPv6 Echo Request frame.
+-- @param mac_src six-byte string of source MAC address.
+-- @param mac_dst sis-byte string of destination MAC address.
+-- @param ip_bin_src 16-byte string of source IPv6 address.
+-- @param ip_bin_dst 16-byte string of destination IPv6 address.
+-- @param id integer that represents Echo ID.
+-- @param sequence integer that represents Echo sequence.
+-- @param data string of Echo data.
+-- @param tc integer that represents traffic class of IPv6 packet.
+-- @param fl integer that represents flow label of IPv6 packet.
+-- @param hop-limit integer that represents hop limit of IPv6 packet.
+function Packet:build_icmpv6_echo_request(id, sequence, data, mac_src, mac_dst, ip_bin_src, ip_bin_dst, tc, fl, hop_limit)
+ self.mac_src = mac_src or self.mac_src
+ self.mac_dst = mac_dst or self.mac_dst
+
+ self.ip_bin_src = ip_bin_src or self.ip_bin_src
+ self.ip_bin_dst = ip_bin_dst or self.ip_bin_dst
+ self.traffic_class = tc or 1
+ self.flow_label = fl or 1
+ self.ip6_hlimit = hop_limit or 255
+
+ self.icmpv6_type = ICMP6_ECHO_REQUEST
+ self.icmpv6_code = 0
+
+ self.echo_id = id or self.echo_id or 0xdead
+ self.echo_seq = sequence or self.echo_seq or 0xbeef
+ self.echo_data = data or self.echo_data or ""
+
+ self.icmpv6_payload = (">I2I2"):pack(self.echo_id, self.echo_seq) .. self.echo_data
+end
+--- Set an ICMPv6 option message.
+function Packet:set_icmpv6_option(opt_type,msg)
+ return string.char(opt_type, (#msg+2)/8) .. msg
+end
+
+--- Build an IPv4 packet.
+-- @param src 4-byte string of the source IP address.
+-- @param dst 4-byte string of the destination IP address.
+-- @param payload string containing the IP payload
+-- @param dsf byte that represents the differentiated services field
+-- @param id integer that represents the IP identification
+-- @param flags integer that represents the IP flags
+-- @param off integer that represents the IP offset
+-- @param ttl integer that represent the IP time to live
+-- @param proto integer that represents the IP protocol
+function Packet:build_ip_packet(src, dst, payload, dsf, id, flags, off, ttl, proto)
+ self.ether_type = ETHER_TYPE_IPV4
+ self.ip_v = 4
+ self.ip_bin_src = src or self.ip_bin_src
+ self.ip_bin_dst = dst or self.ip_bin_dst
+ self.l3_packet = payload or self.l3_packet
+ self.ip_dsf = dsf or self.ip_dsf or 0
+ self.ip_p = proto or self.ip_p
+ self.flags = flags or self.flags or 0 -- should be split into ip_rd, ip_df, ip_mv
+ self.ip_id = id or self.ip_id or 0xbeef
+ self.ip_off = off or self.ip_off or 0
+ self.ip_ttl = ttl or self.ip_ttl or 255
+ self.buf = (">BBI2I2BBBBI2c4c4"):pack(
+ (self.ip_v << 4) + 20 / 4, -- version and header length
+ self.ip_dsf,
+ #self.l3_packet + 20,
+ self.ip_id,
+ self.flags,
+ self.ip_off,
+ self.ip_ttl,
+ self.ip_p,
+ 0, -- checksum
+ self.ip_bin_src, --Source
+ self.ip_bin_dst --dest
+ )
+
+ self.buf = set_u16(self.buf, 10, in_cksum(self.buf))
+ self.buf = self.buf .. self.l3_packet
+end
+--- Build an ICMP header.
+-- @param icmp_type integer that represent ICMPv6 type.
+-- @param icmp_code integer that represent ICMPv6 code.
+-- @param icmp_payload string of the payload
+-- @param ip_bin_src 16-byte string of the source IPv6 address.
+-- @param ip_bin_dst 16-byte string of the destination IPv6 address.
+function Packet:build_icmp_header(icmp_type, icmp_code, icmp_payload, ip_bin_src, ip_bin_dst)
+ self.icmp_type = icmp_type or self.icmp_type
+ self.icmp_code = icmp_code or self.icmp_code
+ self.icmp_payload = icmp_payload or self.icmp_payload
+ self.ip_bin_src = ip_bin_src or self.ip_bin_src
+ self.ip_bin_dst = ip_bin_dst or self.ip_bin_dst
+
+ self.l3_packet = ("BBxx"):pack(self.icmp_type, self.icmp_code) ..
+ (self.icmp_payload or "")
+ self.l3_packet = set_u16(self.l3_packet, 2, in_cksum(self.l3_packet))
+end
+--- Build an ICMP Echo Request frame.
+-- @param mac_src six-byte string of source MAC address.
+-- @param mac_dst sis-byte string of destination MAC address.
+-- @param ip_bin_src 16-byte string of source IPv6 address.
+-- @param ip_bin_dst 16-byte string of destination IPv6 address.
+-- @param id integer that represents Echo ID.
+-- @param seq integer that represents Echo sequence.
+-- @param data string of Echo data.
+-- @param dsf integer that represents differentiated services field.
+function Packet:build_icmp_echo_request(id, seq, data, mac_src, mac_dst, ip_bin_src, ip_bin_dst)
+ self.mac_src = mac_src or self.mac_src
+ self.mac_dst = mac_dst or self.mac_dst
+
+ self.ip_p = IPPROTO_ICMP
+ self.ip_bin_src = ip_bin_src or self.ip_bin_src
+ self.ip_bin_dst = ip_bin_dst or self.ip_bin_dst
+
+ self.icmp_type = ICMP_ECHO_REQUEST
+ self.icmp_code = 0
+
+ self.echo_id = id or self.echo_id or 0xdead
+ self.echo_seq = seq or self.echo_seq or 0xbeef
+ self.echo_data = data or self.echo_data or ""
+
+ self.icmp_payload = (">I2I2"):pack(self.echo_id, self.echo_seq) .. self.echo_data
+end
+
+
+-- Helpers
+
+
+local function _hex_str (x)
+ return string.char(tonumber(x, 16))
+end
+--- Convert a MAC address string (like <code>"00:23:ae:5d:3b:10"</code>) to
+-- a raw six-byte long.
+-- @param str MAC address string.
+-- @return Six-byte string.
+function mactobin(str)
+ if not str then
+ return nil, "MAC was not specified."
+ end
+ return (str:gsub("(%x%x)[^%x]?", _hex_str))
+end
+
+--- Generate the link-local IPv6 address from the MAC address.
+-- @param mac MAC address string.
+-- @return Link-local IPv6 address string.
+function mac_to_lladdr(mac)
+ if not mac then
+ return nil, "MAC was not specified."
+ end
+ local interfier = string.char((string.byte(mac,1) | 0x02))..string.sub(mac,2,3).."\xff\xfe"..string.sub(mac,4,6)
+ local ll_prefix = ipOps.ip_to_str("fe80::")
+ return string.sub(ll_prefix,1,8)..interfier
+end
+--- Get an 8-bit integer at a 0-based byte offset in the packet.
+-- @param index Offset.
+-- @return An 8-bit integer.
+function Packet:u8(index)
+ return u8(self.buf, index)
+end
+--- Get a 16-bit integer at a 0-based byte offset in the packet.
+-- @param index Offset.
+-- @return A 16-bit integer.
+function Packet:u16(index)
+ return u16(self.buf, index)
+end
+--- Get a 32-bit integer at a 0-based byte offset in the packet.
+-- @param index Offset.
+-- @return An 32-bit integer.
+function Packet:u32(index)
+ return u32(self.buf, index)
+end
+--- Return part of the packet contents as a byte string.
+-- @param index The beginning of the part of the packet to extract. The index
+-- is 0-based. If omitted the default value is 0 (beginning of the string)
+-- @param length The length of the part of the packet to extract. If omitted
+-- the remaining contents from index to the end of the string are returned.
+-- @return A string.
+function Packet:raw(index, length)
+ if not index then index = 0 end
+ if not length then length = #self.buf-index end
+ return self.buf:sub(index+1, index+1+length-1)
+end
+
+--- Set an 8-bit integer at a 0-based byte offset in the packet.
+-- (big-endian).
+-- @param index Offset.
+-- @param num Integer to store.
+function Packet:set_u8(index, num)
+ self.buf = set_u8(self.buf, index, num)
+ return self.buf
+end
+--- Set a 16-bit integer at a 0-based byte offset in the packet.
+-- (big-endian).
+-- @param index Offset.
+-- @param num Integer to store.
+function Packet:set_u16(index, num)
+ self.buf = set_u16(self.buf, index, num)
+ return self.buf
+end
+--- Set a 32-bit integer at a 0-based byte offset in the packet.
+-- (big-endian).
+-- @param index Offset.
+-- @param num Integer to store.
+function Packet:set_u32(index, num)
+ self.buf = set_u32(self.buf, index, num)
+ return self.buf
+end
+
+--- Parse an IP packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:ip_parse(force_continue)
+ self.ip_offset = 0
+ if #self.buf < 20 then -- too short
+ stdnse.debug2("Packet.ip_parse: too short")
+ return false
+ end
+ self.ip_v = (self:u8(self.ip_offset + 0) & 0xF0) >> 4
+ self.ip_hl = (self:u8(self.ip_offset + 0) & 0x0F) -- header_length or data_offset
+ if self.ip_v ~= 4 then -- not ip
+ stdnse.debug2("Packet.ip_parse: Not IPv4")
+ return false
+ end
+ self.ip = true
+ self.ip_tos = self:u8(self.ip_offset + 1)
+ self.ip_len = self:u16(self.ip_offset + 2)
+ self.ip_id = self:u16(self.ip_offset + 4)
+ self.ip_off = self:u16(self.ip_offset + 6)
+ self.ip_rf = (self.ip_off & 0x8000)~=0 -- true/false
+ self.ip_df = (self.ip_off & 0x4000)~=0
+ self.ip_mf = (self.ip_off & 0x2000)~=0
+ self.ip_off = (self.ip_off & 0x1FFF) -- fragment offset
+ self.ip_ttl = self:u8(self.ip_offset + 8)
+ self.ip_p = self:u8(self.ip_offset + 9)
+ self.ip_sum = self:u16(self.ip_offset + 10)
+ self.ip_bin_src = self:raw(self.ip_offset + 12,4) -- raw 4-bytes string
+ self.ip_bin_dst = self:raw(self.ip_offset + 16,4)
+ self.ip_src = ipOps.str_to_ip(self.ip_bin_src) -- formatted string
+ self.ip_dst = ipOps.str_to_ip(self.ip_bin_dst)
+ self.ip_opt_offset = self.ip_offset + 20
+ self.ip_options = self:parse_options(self.ip_opt_offset, ((self.ip_hl*4)-20))
+ self.ip_data_offset = self.ip_offset + self.ip_hl*4
+ return true
+end
+--- Parse an IPv6 packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:ip6_parse(force_continue)
+ self.ip6_offset = 0
+ if #self.buf < 40 then -- too short
+ return false
+ end
+ self.ip_v = (self:u8(self.ip6_offset + 0) & 0xF0) >> 4
+ if self.ip_v ~= 6 then -- not ipv6
+ return false
+ end
+ self.ip6 = true
+ self.ip6_tc = (self:u16(self.ip6_offset + 0) & 0x0FF0) >> 4
+ self.ip6_fl = (self:u8(self.ip6_offset + 1) & 0x0F)*65536 + self:u16(self.ip6_offset + 2)
+ self.ip6_plen = self:u16(self.ip6_offset + 4)
+ self.ip6_nhdr = self:u8(self.ip6_offset + 6)
+ self.ip6_hlimt = self:u8(self.ip6_offset + 7)
+ self.ip_bin_src = self:raw(self.ip6_offset + 8, 16)
+ self.ip_bin_dst = self:raw(self.ip6_offset + 24, 16)
+ self.ip_src = ipOps.str_to_ip(self.ip_bin_src)
+ self.ip_dst = ipOps.str_to_ip(self.ip_bin_dst)
+ self.ip6_data_offset = 40
+ return true
+end
+--- Pare an IPv6 extension header. Just jump over it at the moment.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:ipv6_ext_header_parse(force_continue)
+ local ext_hdr_len = self:u8(self.ip6_data_offset + 1)
+ ext_hdr_len = ext_hdr_len*8 + 8
+ self.ip6_data_offset = self.ip6_data_offset + ext_hdr_len
+ self.ip6_nhdr = self:u8(self.ip6_data_offset)
+ return true
+end
+--- Set the payload length field.
+-- @param plen Payload length.
+function Packet:ip6_set_plen(plen)
+ self:set_u16(self.ip6_offset + 4, plen)
+ self.ip6_plen = plen
+end
+--- Set the header length field.
+function Packet:ip_set_hl(len)
+ self:set_u8(self.ip_offset + 0, (self.ip_v << 4) | (len & 0x0F))
+ self.ip_v = (self:u8(self.ip_offset + 0) & 0xF0) >> 4
+ self.ip_hl = (self:u8(self.ip_offset + 0) & 0x0F) -- header_length or data_offset
+end
+--- Set the packet length field.
+-- @param len Packet length.
+function Packet:ip_set_len(len)
+ self:set_u16(self.ip_offset + 2, len)
+ self.ip_len = len
+end
+--- Set the packet identification field.
+-- @param id packet ID.
+function Packet:ip_set_id(id)
+ self:set_u16(self.ip_offset + 4, id)
+ self.ip_id = id
+end
+--- Set the TTL.
+-- @param ttl TTL.
+function Packet:ip_set_ttl(ttl)
+ self:set_u8(self.ip_offset + 8, ttl)
+ self.ip_ttl = ttl
+end
+--- Set the checksum.
+-- @param checksum Checksum.
+function Packet:ip_set_checksum(checksum)
+ self:set_u16(self.ip_offset + 10, checksum)
+ self.ip_sum = checksum
+end
+--- Count checksum for packet and save it.
+function Packet:ip_count_checksum()
+ self:ip_set_checksum(0)
+ local csum = in_cksum( self.buf:sub(0, self.ip_offset + self.ip_hl*4) )
+ self:ip_set_checksum(csum)
+end
+--- Set the source IP address.
+-- @param binip The source IP address as a byte string.
+function Packet:ip_set_bin_src(binip)
+ local nrip = u32(binip, 0)
+ self:set_u32(self.ip_offset + 12, nrip)
+ self.ip_bin_src = self:raw(self.ip_offset + 12,4) -- raw 4-bytes string
+end
+--- Set the destination IP address.
+-- @param binip The destination IP address as a byte string.
+function Packet:ip_set_bin_dst(binip)
+ local nrip = u32(binip, 0)
+ self:set_u32(self.ip_offset + 16, nrip)
+ self.ip_bin_dst = self:raw(self.ip_offset + 16,4)
+end
+--- Set the IP options field (and move the data, count new length,
+-- etc.).
+-- @param ipoptions IP options.
+function Packet:ip_set_options(ipoptions)
+ -- packet = <ip header> + ipoptions + <payload>
+ local buf = self.buf:sub(0+1,self.ip_offset + 20) .. ipoptions .. self.buf:sub(self.ip_data_offset+1)
+ self.buf = buf
+ -- set ip_len
+ self:ip_set_len(self.buf:len())
+ -- set ip_hl
+ self:ip_set_hl(5 + ipoptions:len()/4)
+ -- set data offset correctly
+ self.ip_options = self:parse_options(self.ip_opt_offset, ((self.ip_hl*4)-20))
+ self.ip_data_offset = self.ip_offset + self.ip_hl*4
+ if self.tcp then
+ self.tcp_offset = self.ip_data_offset
+ elseif self.icmp then
+ self.icmp_offset = self.ip_data_offset
+ end
+end
+
+--- Get a short string representation of the IP header.
+-- @return A string representation of the IP header.
+function Packet:ip_tostring()
+ return string.format(
+ "IP %s -> %s",
+ self.ip_src,
+ self.ip_dst)
+end
+
+--- Parse IP/TCP options into a table.
+-- @param offset Offset at which options start.
+-- @param length Length of options.
+-- @return Table of options.
+function Packet:parse_options(offset, length)
+ local options = {}
+ local op = 1
+ local opt_ptr = 0
+ while opt_ptr < length do
+ local t, l, d
+ options[op] = {}
+
+ t = self:u8(offset + opt_ptr)
+ options[op].type = t
+ if t==0 or t==1 then
+ l = 1
+ d = nil
+ else
+ l = self:u8(offset + opt_ptr + 1)
+ if l > 2 then
+ d = self:raw(offset + opt_ptr + 2, l-2)
+ end
+ end
+ options[op].len = l
+ options[op].data = d
+ opt_ptr = opt_ptr + l
+ op = op + 1
+ end
+ return options
+end
+
+--- Get a short string representation of the packet.
+-- @return A string representation of the packet.
+function Packet:tostring()
+ if self.tcp then
+ return self:tcp_tostring()
+ elseif self.udp then
+ return self:udp_tostring()
+ elseif self.icmp then
+ return self:icmp_tostring()
+ elseif self.ip then
+ return self:ip_tostring()
+ end
+ return "<no tostring!>"
+end
+
+----------------------------------------------------------------------------------------------------------------
+--- Parse an ICMP packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:icmp_parse(force_continue)
+ self.icmp_offset = self.ip_data_offset
+ if #self.buf < self.icmp_offset + 8 then -- let's say 8 bytes minimum
+ return false
+ end
+ self.icmp = true
+ self.icmp_type = self:u8(self.icmp_offset + 0)
+ self.icmp_code = self:u8(self.icmp_offset + 1)
+ self.icmp_sum = self:u16(self.icmp_offset + 2)
+
+ if self.icmp_type == 3 or self.icmp_type == 4 or self.icmp_type == 11 or self.icmp_type == 12 then
+ self.icmp_payload = true
+ self.icmp_r0 = self:u32(self.icmp_offset + 4)
+ self.icmp_payload_offset = self.icmp_offset + 8
+ if #self.buf < self.icmp_payload_offset + 24 then
+ return false
+ end
+ self.icmp_payload = Packet:new(self.buf:sub(self.icmp_payload_offset+1), self.packet_len - self.icmp_payload_offset, true)
+ end
+ return true
+end
+--- Get a short string representation of the ICMP header.
+-- @return A string representation of the ICMP header.
+function Packet:icmp_tostring()
+ return self:ip_tostring() .. " ICMP(" .. self.icmp_payload:tostring() .. ")"
+end
+
+----------------------------------------------------------------------------------------------------------------
+--- Parse an ICMPv6 packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:icmpv6_parse(force_continue)
+ self.icmpv6_offset = self.ip6_data_offset
+ if #self.buf < self.icmpv6_offset + 8 then -- let's say 8 bytes minimum
+ return false
+ end
+ self.icmpv6 = true
+ self.icmpv6_type = self:u8(self.icmpv6_offset + 0)
+ self.icmpv6_code = self:u8(self.icmpv6_offset + 1)
+
+ if self.icmpv6_type == ND_NEIGHBOR_SOLICIT then
+ self.ns_target = self:raw(self.icmpv6_offset + 8, 16)
+ end
+ return true
+end
+
+----------------------------------------------------------------------------------------------------------------
+-- Parse a TCP packet header.
+-- @param force_continue Whether a short packet causes parsing to fail.
+-- @return Whether the parsing succeeded.
+function Packet:tcp_parse(force_continue)
+ self.tcp = true
+ self.tcp_offset = self.ip_data_offset or self.ip6_data_offset
+ if #self.buf < self.tcp_offset + 4 then
+ return false
+ end
+ self.tcp_sport = self:u16(self.tcp_offset + 0)
+ self.tcp_dport = self:u16(self.tcp_offset + 2)
+ if #self.buf < self.tcp_offset + 20 then
+ if force_continue then
+ return true
+ else
+ return false
+ end
+ end
+ self.tcp_seq = self:u32(self.tcp_offset + 4)
+ self.tcp_ack = self:u32(self.tcp_offset + 8)
+ self.tcp_hl = (self:u8(self.tcp_offset+12) & 0xF0) >> 4 -- header_length or data_offset
+ self.tcp_x2 = (self:u8(self.tcp_offset+12) & 0x0F)
+ self.tcp_flags = self:u8(self.tcp_offset + 13)
+ self.tcp_th_fin = (self.tcp_flags & 0x01)~=0 -- true/false
+ self.tcp_th_syn = (self.tcp_flags & 0x02)~=0
+ self.tcp_th_rst = (self.tcp_flags & 0x04)~=0
+ self.tcp_th_push = (self.tcp_flags & 0x08)~=0
+ self.tcp_th_ack = (self.tcp_flags & 0x10)~=0
+ self.tcp_th_urg = (self.tcp_flags & 0x20)~=0
+ self.tcp_th_ece = (self.tcp_flags & 0x40)~=0
+ self.tcp_th_cwr = (self.tcp_flags & 0x80)~=0
+ self.tcp_win = self:u16(self.tcp_offset + 14)
+ self.tcp_sum = self:u16(self.tcp_offset + 16)
+ self.tcp_urp = self:u16(self.tcp_offset + 18)
+ self.tcp_opt_offset = self.tcp_offset + 20
+ self.tcp_options = self:parse_options(self.tcp_opt_offset, ((self.tcp_hl*4)-20))
+ self.tcp_data_offset = self.tcp_offset + self.tcp_hl*4
+
+ if self.ip_len then
+ self.tcp_data_length = self.ip_len - self.tcp_offset - self.tcp_hl*4
+ else
+ self.tcp_data_length = self.ip6_plen - self.tcp_hl*4
+ end
+ self:tcp_parse_options()
+ return true
+end
+
+--- Get a short string representation of the TCP packet.
+-- @return A string representation of the TCP header.
+function Packet:tcp_tostring()
+ return string.format(
+ "TCP %s:%i -> %s:%i",
+ self.ip_src, self.tcp_sport,
+ self.ip_dst, self.tcp_dport
+ )
+end
+
+--- Parse options for TCP header.
+function Packet:tcp_parse_options()
+ local eoo = false
+ for _,opt in ipairs(self.tcp_options) do
+ if eoo then
+ self.tcp_opt_after_eol = true
+ end
+
+ if opt.type == 0 then -- end of options
+ eoo = true
+ elseif opt.type == 2 then -- MSS
+ self.tcp_opt_mss = u16(opt.data, 0)
+ self.tcp_opt_mtu = self.tcp_opt_mss + 40
+ elseif opt.type == 3 then -- widow scaling
+ self.tcp_opt_ws = u8(opt.data, 0)
+ elseif opt.type == 8 then -- timestamp
+ self.tcp_opt_t1 = u32(opt.data, 0)
+ self.tcp_opt_t2 = u32(opt.data, 4)
+ end
+ end
+end
+
+--- Set the TCP source port.
+-- @param port Source port.
+function Packet:tcp_set_sport(port)
+ self:set_u16(self.tcp_offset + 0, port)
+ self.tcp_sport = port
+end
+--- Set the TCP destination port.
+-- @param port Destination port.
+function Packet:tcp_set_dport(port)
+ self:set_u16(self.tcp_offset + 2, port)
+ self.tcp_dport = port
+end
+--- Set the TCP sequence field.
+-- @param new_seq Sequence.
+function Packet:tcp_set_seq(new_seq)
+ self:set_u32(self.tcp_offset + 4, new_seq)
+ self.tcp_seq = new_seq
+end
+--- Set the TCP flags field (like SYN, ACK, RST).
+-- @param new_flags Flags, represented as an 8-bit number.
+function Packet:tcp_set_flags(new_flags)
+ self:set_u8(self.tcp_offset + 13, new_flags)
+ self.tcp_flags = new_flags
+end
+--- Set the urgent pointer field.
+-- @param urg_ptr Urgent pointer.
+function Packet:tcp_set_urp(urg_ptr)
+ self:set_u16(self.tcp_offset + 18, urg_ptr)
+ self.tcp_urp = urg_ptr
+end
+--- Set the TCP checksum field.
+-- @param checksum Checksum.
+function Packet:tcp_set_checksum(checksum)
+ self:set_u16(self.tcp_offset + 16, checksum)
+ self.tcp_sum = checksum
+end
+--- Count and save the TCP checksum field.
+function Packet:tcp_count_checksum()
+ self:tcp_set_checksum(0)
+ local proto = self.ip_p
+ local length = self.buf:len() - self.tcp_offset
+ local b = self.ip_bin_src ..
+ self.ip_bin_dst ..
+ "\0" ..
+ (">BI2"):pack(proto, length) ..
+ self.buf:sub(self.tcp_offset+1)
+
+ self:tcp_set_checksum(in_cksum(b))
+end
+
+--- Map an MTU to a link type string. Stolen from p0f.
+-- @return A string describing the link type.
+function Packet:tcp_lookup_link()
+ local mtu_def = {
+ {["mtu"]=256, ["txt"]= "radio modem"},
+ {["mtu"]=386, ["txt"]= "ethernut"},
+ {["mtu"]=552, ["txt"]= "SLIP line / encap ppp"},
+ {["mtu"]=576, ["txt"]= "sometimes modem"},
+ {["mtu"]=1280, ["txt"]= "gif tunnel"},
+ {["mtu"]=1300, ["txt"]= "PIX, SMC, sometimes wireless"},
+ {["mtu"]=1362, ["txt"]= "sometimes DSL (1)"},
+ {["mtu"]=1372, ["txt"]= "cable modem"},
+ {["mtu"]=1400, ["txt"]= "(Google/AOL)"},
+ {["mtu"]=1415, ["txt"]= "sometimes wireless"},
+ {["mtu"]=1420, ["txt"]= "GPRS, T1, FreeS/WAN"},
+ {["mtu"]=1423, ["txt"]= "sometimes cable"},
+ {["mtu"]=1440, ["txt"]= "sometimes DSL (2)"},
+ {["mtu"]=1442, ["txt"]= "IPIP tunnel"},
+ {["mtu"]=1450, ["txt"]= "vtun"},
+ {["mtu"]=1452, ["txt"]= "sometimes DSL (3)"},
+ {["mtu"]=1454, ["txt"]= "sometimes DSL (4)"},
+ {["mtu"]=1456, ["txt"]= "ISDN ppp"},
+ {["mtu"]=1458, ["txt"]= "BT DSL (?)"},
+ {["mtu"]=1462, ["txt"]= "sometimes DSL (5)"},
+ {["mtu"]=1470, ["txt"]= "(Google 2)"},
+ {["mtu"]=1476, ["txt"]= "IPSec/GRE"},
+ {["mtu"]=1480, ["txt"]= "IPv6/IPIP"},
+ {["mtu"]=1492, ["txt"]= "pppoe (DSL)"},
+ {["mtu"]=1496, ["txt"]= "vLAN"},
+ {["mtu"]=1500, ["txt"]= "ethernet/modem"},
+ {["mtu"]=1656, ["txt"]= "Ericsson HIS"},
+ {["mtu"]=2024, ["txt"]= "wireless/IrDA"},
+ {["mtu"]=2048, ["txt"]= "Cyclom X.25 WAN"},
+ {["mtu"]=2250, ["txt"]= "AiroNet wireless"},
+ {["mtu"]=3924, ["txt"]= "loopback"},
+ {["mtu"]=4056, ["txt"]= "token ring (1)"},
+ {["mtu"]=4096, ["txt"]= "Sangoma X.25 WAN"},
+ {["mtu"]=4352, ["txt"]= "FDDI"},
+ {["mtu"]=4500, ["txt"]= "token ring (2)"},
+ {["mtu"]=9180, ["txt"]= "FORE ATM"},
+ {["mtu"]=16384, ["txt"]= "sometimes loopback (1)"},
+ {["mtu"]=16436, ["txt"]= "sometimes loopback (2)"},
+ {["mtu"]=18000, ["txt"]= "token ring x4"},
+ }
+ if not self.tcp_opt_mss or self.tcp_opt_mss==0 then
+ return "unspecified"
+ end
+ for _,x in ipairs(mtu_def) do
+ local mtu = x["mtu"]
+ local txt = x["txt"]
+ if self.tcp_opt_mtu == mtu then
+ return txt
+ end
+ if self.tcp_opt_mtu < mtu then
+ return string.format("unknown-%i", self.tcp_opt_mtu)
+ end
+ end
+ return string.format("unknown-%i", self.tcp_opt_mtu)
+end
+
+----------------------------------------------------------------------------------------------------------------
+-- Parse a UDP packet header.
+-- @param force_continue Whether a short packet causes parsing to fail.
+-- @return Whether the parsing succeeded.
+function Packet:udp_parse(force_continue)
+ self.udp = true
+ self.udp_offset = self.ip_data_offset or self.ip6_data_offset
+ if #self.buf < self.udp_offset + 4 then
+ return false
+ end
+ self.udp_sport = self:u16(self.udp_offset + 0)
+ self.udp_dport = self:u16(self.udp_offset + 2)
+ if #self.buf < self.udp_offset + 8 then
+ if force_continue then
+ return true
+ else
+ return false
+ end
+ end
+ self.udp_len = self:u16(self.udp_offset + 4)
+ self.udp_sum = self:u16(self.udp_offset + 6)
+
+ return true
+end
+
+--- Get a short string representation of the UDP packet.
+-- @return A string representation of the UDP header.
+function Packet:udp_tostring()
+ return string.format(
+ "UDP %s:%i -> %s:%i",
+ self.ip_src, self.udp_sport,
+ self.ip_dst, self.udp_dport
+ )
+end
+
+---
+-- Set the UDP source port.
+-- @param port Source port.
+function Packet:udp_set_sport(port)
+ self:set_u16(self.udp_offset + 0, port)
+ self.udp_sport = port
+end
+---
+-- Set the UDP destination port.
+-- @param port Destination port.
+function Packet:udp_set_dport(port)
+ self:set_u16(self.udp_offset + 2, port)
+ self.udp_dport = port
+end
+---
+-- Set the UDP payload length.
+-- @param len UDP payload length.
+function Packet:udp_set_length(len)
+ self:set_u16(self.udp_offset + 4, len)
+ self.udp_len = len
+end
+---
+-- Set the UDP checksum field.
+-- @param checksum Checksum.
+function Packet:udp_set_checksum(checksum)
+ self:set_u16(self.udp_offset + 6, checksum)
+ self.udp_sum = checksum
+end
+---
+-- Count and save the UDP checksum field.
+function Packet:udp_count_checksum()
+ self:udp_set_checksum(0)
+ local proto = self.ip_p
+ local length = self.buf:len() - self.udp_offset
+ local b = self.ip_bin_src ..
+ self.ip_bin_dst ..
+ "\0" ..
+ (">BI2"):pack(proto, length) ..
+ self.buf:sub(self.udp_offset+1)
+
+ self:udp_set_checksum(in_cksum(b))
+end
+
+if not unittest.testing() then
+ return _ENV
+end
+
+test_suite = unittest.TestSuite:new()
+-- Byte setting functions
+test_suite:add_test(unittest.equal(set_u8("abc", 1, 0x41), "aAc"), "set_u8")
+test_suite:add_test(unittest.equal(set_u16("abcd", 2, 0x4142), "abAB"), "set_u16")
+test_suite:add_test(unittest.equal(set_u32("abcdefg", 0, 0x41424344), "ABCDefg"), "set_u32")
+
+-- Packet parsing
+local packet1 = "\x45\x00\x00\x62\xaf\xbd\x40\x00\xe3\x06\x03\xf3\x03\x5e\x1e\xa5\xc0\xa8\x01\x3a\x01\xbb\xee\x3e\x74\xd2\x61\xbe\xd5\x66\xb1\x09\x80\x18\x00\x7a\x94\x22\x00\x00\x01\x01\x08\x0a\x73\xab\x53\x92\x05\xe3\x08\xc3\x17\x03\x03\x00\x29\x99\xff\x5d\x17\xe4\x26\x14\xb8\x53\xe3\x76\xdc\xba\xf9\x55\xf7\x52\x5f\xa2\x78\xc3\x4e\x9a\x31\x44\x2d\x67\x9c\x16\xea\x71\xf1\xdb\x0a\xdd\xc1\x92\x46\xa7\xdf\xde"
+local pkt_parsed = Packet:new(packet1, #packet1, false)
+test_suite:add_test (unittest.not_nil(pkt_parsed), "parse packet")
+
+test_suite:add_test(unittest.equal(pkt_parsed:raw(), packet1), "parse to raw")
+
+-- Checksum tests
+pkt_parsed:ip_count_checksum()
+test_suite:add_test(unittest.equal(pkt_parsed:raw(), packet1), "IP checksum")
+pkt_parsed:tcp_count_checksum()
+test_suite:add_test(unittest.equal(pkt_parsed:raw(), packet1), "TCP checksum")
+
+-- TODO: UDP parsing/checksum
+-- TODO: IPv6 parsing, ICMPv6 checksum
+-- Basically, we need a lot more test coverage here.
+return _ENV;