From f4a79220792ecc8c36157ae38456d55a3abe75cd Mon Sep 17 00:00:00 2001 From: Speidy Date: Mon, 15 Jan 2018 20:21:07 +0200 Subject: [PATCH] layers: l2tp: parse L2TPv2 packets correctly The current code ignores the header flags which makes every L2TP packets parse as a data message which includes the optional 'length' field. Signed-off-by: Speidy --- scapy/layers/l2tp.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scapy/layers/l2tp.py b/scapy/layers/l2tp.py index 0b56db211..749f2352a 100644 --- a/scapy/layers/l2tp.py +++ b/scapy/layers/l2tp.py @@ -16,14 +16,27 @@ from scapy.fields import * from scapy.layers.inet import UDP from scapy.layers.ppp import PPP + class L2TP(Packet): - fields_desc = [ ShortEnumField("pkt_type",2,{2:"data"}), - ShortField("len", None), + name = "L2TP" + fields_desc = [ + FlagsField("hdr", 0, 12, ['res00', 'res01', 'res02', 'res03', 'priority', 'offset', + 'res06', 'sequence', 'res08', 'res09', 'length', 'control']), + BitEnumField("version", 2, 4, {2: 'L2TPv2'}), + + ConditionalField(ShortField("len", 0), + lambda pkt: pkt.hdr & 'control+length'), ShortField("tunnel_id", 0), ShortField("session_id", 0), - ShortField("ns", 0), - ShortField("nr", 0), - ShortField("offset", 0) ] + ConditionalField(ShortField("ns", 0), + lambda pkt: pkt.hdr & 'sequence+control'), + ConditionalField(ShortField("nr", 0), + lambda pkt: pkt.hdr & 'sequence+control'), + ConditionalField( + PadField(ShortField("offset", 0), 4, b"\x00"), + lambda pkt: not (pkt.hdr & 'control') and pkt.hdr & 'offset' + ) + ] def post_build(self, pkt, pay): if self.len is None: