Home Explore Help
Sign In
emmanouil.vasilomano
/
PREPARE
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
PREPARE
/
prepare
/
pypacker
/
layer4
/
tcp.py

tcp.py 8.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 
  1. """
    2. 

  2. Transmission Control Protocol (TCP)
    3. 

  3. 

  4. RFC 675 - Specification of Internet Transmission Control Program, December 1974 Version
    5. 

  5. RFC 793 - TCP v4
    6. 

  6. RFC 1122 - includes some error corrections for TCP
    7. 

  7. RFC 1323 - TCP-Extensions
    8. 

  8. RFC 1379 - Extending TCP for Transactions—Concepts
    9. 

  9. RFC 1948 - Defending Against Sequence Number Attacks
    10. 

  10. RFC 2018 - TCP Selective Acknowledgment Options
    11. 

  11. RFC 4614 - A Roadmap for TCP Specification Documents
    12. 

  12. RFC 5681 - TCP Congestion Control
    13. 

  13. RFC 6298 - Computing TCP's Retransmission Timer
    14. 

  14. RFC 6824 - TCP Extensions for Multipath Operation with Multiple Addresses
    15. 

  15. """
    16. 

  16. 

  17. from pypacker import pypacker, triggerlist, checksum
    18. 

  18. 

  19. import logging
    20. 

  20. import struct
    21. 

  21. 

  22. # avoid unneeded references for performance reasons
    23. 

  23. pack = struct.pack
    24. 

  24. unpack = struct.unpack
    25. 

  25. 

  26. logger = logging.getLogger("pypacker")
    27. 

  27. 

  28. # TCP control flags
    29. 

  29. TH_FIN		= 0x01		# end of data
    30. 

  30. TH_SYN		= 0x02		# synchronize sequence numbers
    31. 

  31. TH_RST		= 0x04		# reset connection
    32. 

  32. TH_PUSH		= 0x08		# push
    33. 

  33. TH_ACK		= 0x10		# acknowledgment number set
    34. 

  34. TH_URG		= 0x20		# urgent pointer set
    35. 

  35. TH_ECE		= 0x40		# ECN echo, RFC 3168
    36. 

  36. TH_CWR		= 0x80		# congestion window reduced
    37. 

  37. 

  38. TCP_PORT_MAX	= 65535		# maximum port
    39. 

  39. TCP_WIN_MAX	= 65535		# maximum (unscaled) window
    40. 

  40. 

  41. # TCP Options (opt_type) - http://www.iana.org/assignments/tcp-parameters
    42. 

  42. TCP_OPT_EOL		= 0		# end of option list
    43. 

  43. TCP_OPT_NOP		= 1		# no operation
    44. 

  44. TCP_OPT_MSS		= 2		# maximum segment size
    45. 

  45. TCP_OPT_WSCALE		= 3		# window scale factor, RFC 1072
    46. 

  46. TCP_OPT_SACKOK		= 4		# SACK permitted, RFC 2018
    47. 

  47. TCP_OPT_SACK		= 5		# SACK, RFC 2018
    48. 

  48. TCP_OPT_ECHO		= 6		# echo (obsolete), RFC 1072
    49. 

  49. TCP_OPT_ECHOREPLY	= 7		# echo reply (obsolete), RFC 1072
    50. 

  50. TCP_OPT_TIMESTAMP	= 8		# timestamp, RFC 1323
    51. 

  51. TCP_OPT_POCONN		= 9		# partial order conn, RFC 1693
    52. 

  52. TCP_OPT_POSVC		= 10		# partial order service, RFC 1693
    53. 

  53. TCP_OPT_CC		= 11		# connection count, RFC 1644
    54. 

  54. TCP_OPT_CCNEW		= 12		# CC.NEW, RFC 1644
    55. 

  55. TCP_OPT_CCECHO		= 13		# CC.ECHO, RFC 1644
    56. 

  56. TCP_OPT_ALTSUM		= 14		# alt checksum request, RFC 1146
    57. 

  57. TCP_OPT_ALTSUMDATA	= 15		# alt checksum data, RFC 1146
    58. 

  58. TCP_OPT_SKEETER		= 16		# Skeeter
    59. 

  59. TCP_OPT_BUBBA		= 17		# Bubba
    60. 

  60. TCP_OPT_TRAILSUM	= 18		# trailer checksum
    61. 

  61. TCP_OPT_MD5		= 19		# MD5 signature, RFC 2385
    62. 

  62. TCP_OPT_SCPS		= 20		# SCPS capabilities
    63. 

  63. TCP_OPT_SNACK		= 21		# selective negative acks
    64. 

  64. TCP_OPT_REC		= 22		# record boundaries
    65. 

  65. TCP_OPT_CORRUPT		= 23		# corruption experienced
    66. 

  66. TCP_OPT_SNAP		= 24		# SNAP
    67. 

  67. TCP_OPT_TCPCOMP		= 26		# TCP compression filter
    68. 

  68. TCP_OPT_MAX		= 27
    69. 

  69. 

  70. 

  71. class TCPOptSingle(pypacker.Packet):
    72. 

  72. 	__hdr__ = (
    73. 

  73. 		("type", "B", 0),
    74. 

  74. 	)
    75. 

  75. 

  76. 

  77. class TCPOptMulti(pypacker.Packet):
    78. 

  78. 	"""
    79. 

  79. 	len = total length (header + data)
    80. 

  80. 	"""
    81. 

  81. 	__hdr__ = (
    82. 

  82. 		("type", "B", 0),
    83. 

  83. 		("len", "B", 2)
    84. 

  84. 	)
    85. 

  85. 

  86. 	def bin(self, update_auto_fields=True):
    87. 

  87. 		if update_auto_fields:
    88. 

  88. 			self.len = len(self)
    89. 

  89. 		return pypacker.Packet.bin(self, update_auto_fields=update_auto_fields)
    90. 

  90. 

  91. 

  92. class TCP(pypacker.Packet):
    93. 

  93. 	__hdr__ = (
    94. 

  94. 		("sport", "H", 0xdead),
    95. 

  95. 		("dport", "H", 0),
    96. 

  96. 		("seq", "I", 0xdeadbeef),
    97. 

  97. 		("ack", "I", 0),
    98. 

  98. 		("off_x2", "B", ((5 << 4) | 0)),		# 10*4 Byte
    99. 

  99. 		("flags", "B", TH_SYN),				# acces via (obj.flags & TH_XYZ)
    100. 

  100. 		("win", "H", TCP_WIN_MAX),
    101. 

  101. 		("sum", "H", 0),
    102. 

  102. 		("urp", "H", 0),
    103. 

  103. 		("opts", None, triggerlist.TriggerList)
    104. 

  104. 	)
    105. 

  105. 

  106. 	# 4 bits | 4 bits
    107. 

  107. 	# offset | reserved
    108. 

  108. 	# offset * 4 = header length
    109. 

  109. 	def __get_off(self):
    110. 

  110. 		return self.off_x2 >> 4
    111. 

  111. 

  112. 	def __set_off(self, value):
    113. 

  113. 		self.off_x2 = (value << 4) | (self.off_x2 & 0xf)
    114. 

  114. 	off = property(__get_off, __set_off)
    115. 

  115. 

  116. 	def bin(self, update_auto_fields=True):
    117. 

  117. 		if update_auto_fields:
    118. 

  118. 			"""
    119. 

  119. 			TCP-checksum needs to be updated on one of the following:
    120. 

  120. 			- this layer itself or any upper layer changed
    121. 

  121. 			- changes to the IP-pseudoheader
    122. 

  122. 			There is no update on user-set checksums.
    123. 

  123. 			"""
    124. 

  124. 			update = True
    125. 

  125. 			# update header length. NOTE: needs to be a multiple of 4 Bytes.
    126. 

  126. 			# options length need to be multiple of 4 Bytes
    127. 

  127. 			if self._header_changed:
    128. 

  128. 				self.off = int(self.header_len / 4) & 0xf
    129. 

  129. 			try:
    130. 

  130. 				# changes to IP-layer, don't mind if this isn't IP
    131. 

  131. 				if not self._lower_layer._header_changed:
    132. 

  132. 					# pseudoheader didn't change, further check for changes in layers
    133. 

  133. 					update = self._changed()
    134. 

  134. 				# logger.debug("lower layer found!")
    135. 

  135. 			except AttributeError:
    136. 

  136. 				# assume not an IP packet: we can't calculate the checksum
    137. 

  137. 				# logger.debug("no lower layer found!")
    138. 

  138. 				update = False
    139. 

  139. 

  140. 			if update:
    141. 

  141. 				# logger.debug(">>> updating checksum")
    142. 

  142. 				self._calc_sum()
    143. 

  143. 

  144. 		return pypacker.Packet.bin(self, update_auto_fields=update_auto_fields)
    145. 

  145. 

  146. 	def _dissect(self, buf):
    147. 

  147. 		# update dynamic header parts. buf: 1010???? -clear reserved-> 1010 -> *4
    148. 

  148. 		ol = ((buf[12] >> 4) << 2) - 20			# dataoffset - TCP-standard length
    149. 

  149. 

  150. 		if ol < 0:
    151. 

  151. 			raise Exception("invalid header length")
    152. 

  152. 		elif ol > 0:
    153. 

  153. 			# parse options, add offset-length to standard-length
    154. 

  154. 			opts_bytes = buf[20: 20 + ol]
    155. 

  155. 			self._init_triggerlist("opts", opts_bytes, self.__parse_opts)
    156. 

  156. 

  157. 		ports = [unpack(">H", buf[0:2])[0], unpack(">H", buf[2:4])[0]]
    158. 

  158. 

  159. 		try:
    160. 

  160. 			# source or destination port should match
    161. 

  161. 			# logger.debug("TCP handler: %r" % self._handler[TCP.__name__])
    162. 

  162. 			htype = [x for x in ports if x in self._handler[TCP.__name__]][0]
    163. 

  163. 			# logger.debug("TCP: trying to set handler, type: %d = %s" % (type, self._handler[TCP.__name__][type]))
    164. 

  164. 			self._init_handler(htype, buf[20 + ol:])
    165. 

  165. 		except:
    166. 

  166. 			# no type found
    167. 

  167. 			pass
    168. 

  168. 		return 20 + ol
    169. 

  169. 

  170. 	__TCP_OPT_SINGLE = set([TCP_OPT_EOL, TCP_OPT_NOP])
    171. 

  171. 

  172. 	@staticmethod
    173. 

  173. 	def __parse_opts(buf):
    174. 

  174. 		"""Parse TCP options using buf and return them as List."""
    175. 

  175. 		optlist = []
    176. 

  176. 		i = 0
    177. 

  177. 

  178. 		while i < len(buf):
    179. 

  179. 			# logger.debug("got TCP-option type %s" % buf[i])
    180. 

  180. 			if buf[i] in TCP.__TCP_OPT_SINGLE:
    181. 

  181. 				p = TCPOptSingle(type=buf[i])
    182. 

  182. 				i += 1
    183. 

  183. 			else:
    184. 

  184. 				olen = buf[i + 1]
    185. 

  185. 				# p = TCPOptMulti(type=buf[i], len=olen, body_bytes=buf[i + 2: i + olen])
    186. 

  186. 				p = TCPOptMulti(buf[i: i + olen])
    187. 

  187. 				i += olen     # typefield + lenfield + data-len
    188. 

  188. 			optlist.append(p)
    189. 

  189. 		# logger.debug("tcp: parseopts finished, length: %d" % len(optlist))
    190. 

  190. 		return optlist
    191. 

  191. 

  192. 	def _calc_sum(self):
    193. 

  193. 		"""Recalculate the TCP-checksum This won't reset changed state."""
    194. 

  194. 		# TCP and underwriting are freaky bitches: we need the IP pseudoheader to calculate their checksum.
    195. 

  195. 		try:
    196. 

  196. 			# we need src/dst for checksum-calculation
    197. 

  197. 			src, dst = self._lower_layer.src, self._lower_layer.dst
    198. 

  198. 			self.sum = 0
    199. 

  199. 			# logger.debug("TCP sum recalc: IP=%d / %s / %s" % (len(src), src, dst))
    200. 

  200. 

  201. 			tcp_bin = self.header_bytes + self.body_bytes
    202. 

  202. 			# IP-pseudoheader, check if version 4 or 6
    203. 

  203. 			if len(src) == 4:
    204. 

  204. 				s = pack(">4s4sxBH", src, dst, 6, len(tcp_bin))			# 6 = TCP
    205. 

  205. 			else:
    206. 

  206. 				s = pack(">16s16sxBH", src, dst, 6, len(tcp_bin))		# 6 = TCP
    207. 

  207. 

  208. 			# Get checksum of concatenated pseudoheader+TCP packet
    209. 

  209. 			# logger.debug("pseudoheader: %r" % s)
    210. 

  210. 			# logger.debug("tcp_bin: %r" % tcp_bin)
    211. 

  211. 			# assign via non-shadowed variable to trigger re-packing
    212. 

  212. 			self.sum = checksum.in_cksum(s + tcp_bin)
    213. 

  213. 			# logger.debug(">>> new checksum: %0X" % self._sum)
    214. 

  214. 		except Exception:
    215. 

  215. 			# not an IP packet as lower layer (src, dst not present) or invalid src/dst
    216. 

  216. 			# logger.debug("could not calculate checksum: %r" % e)
    217. 

  217. 			pass
    218. 

  218. 

  219. 	def direction(self, other):
    220. 

  220. 		# logger.debug("checking direction: %s<->%s" % (self, other))
    221. 

  221. 		if self.sport == other.sport and self.dport == other.dport:
    222. 

  222. 			# consider packet to itself: can be DIR_REV
    223. 

  223. 			return pypacker.Packet.DIR_SAME | pypacker.Packet.DIR_REV
    224. 

  224. 		elif self.sport == other.dport and self.dport == other.sport:
    225. 

  225. 			return pypacker.Packet.DIR_REV
    226. 

  226. 		else:
    227. 

  227. 			return pypacker.Packet.DIR_UNKNOWN
    228. 

  228. 

  229. 	def reverse_address(self):
    230. 

  230. 		self.sport, self.dport = self.dport, self.sport
    231. 

  231. 

  232. 

  233. TCP_PROTO_TELNET	= 23
    234. 

  234. TCP_PROTO_TPKT		= 102
    235. 

  235. TCP_PROTO_PMAP		= 111
    236. 

  236. TCP_PROTO_BGP		= 179
    237. 

  237. TCP_PROTO_SSL		= 443
    238. 

  238. TCP_PROTO_HTTP		= (80, 8008, 8080)
    239. 

  239. TCP_PROTO_RTP 		= (5004, 5005)
    240. 

  240. TCP_PROTO_SIP		= (5060, 5061)
    241. 

  241. 

  242. # load handler
    243. 

  243. from pypacker.layer567 import bgp, http, rtp, sip, telnet, tpkt, pmap
    244. 

  244. from pypacker.layer4 import ssl
    245. 

  245. 

  246. pypacker.Packet.load_handler(TCP,
    247. 

  247. 	{
    248. 

  248. 		TCP_PROTO_BGP: bgp.BGP,
    249. 

  249. 		TCP_PROTO_TELNET: telnet.Telnet,
    250. 

  250. 		TCP_PROTO_TPKT: tpkt.TPKT,
    251. 

  251. 		TCP_PROTO_PMAP: pmap.Pmap,
    252. 

  252. 		TCP_PROTO_HTTP: http.HTTP,
    253. 

  253. 		TCP_PROTO_SSL: ssl.SSL,
    254. 

  254. 		TCP_PROTO_RTP: rtp.RTP,
    255. 

  255. 		TCP_PROTO_SIP: sip.SIP
    256. 

  256. 	}
    257. 

  257. )
    258.