1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4from mixbox import entities 5from mixbox import fields 6 7import cybox.bindings.network_packet_object as network_packet_binding 8from cybox.common import (DataSegment, HexBinary, Integer, ObjectProperties, 9 PositiveInteger, String, UnsignedInteger) 10from cybox.objects.address_object import Address 11from cybox.objects.port_object import Port 12 13 14class TypeLength(entities.Entity): 15 _binding = network_packet_binding 16 _binding_class = network_packet_binding.TypeLengthType 17 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 18 19 # TODO: choice 20 length = fields.TypedField("Length", HexBinary) 21 internet_layer_type = fields.TypedField("Internet_Layer_Type", String) 22 23 24class EthernetHeader(entities.Entity): 25 _binding = network_packet_binding 26 _binding_class = network_packet_binding.EthernetHeaderType 27 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 28 29 destination_mac_addr = fields.TypedField("Destination_MAC_Addr", Address) 30 source_mac_addr = fields.TypedField("Source_MAC_Addr", Address) 31 type_or_length = fields.TypedField("Type_Or_Length", TypeLength) 32 checksum = fields.TypedField("Checksum", HexBinary) 33 34 35class EthernetInterface(entities.Entity): 36 _binding = network_packet_binding 37 _binding_class = network_packet_binding.EthernetInterfaceType 38 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 39 40 ethernet_header = fields.TypedField("Ethernet_Header", EthernetHeader) 41 42 43class PhysicalInterface(entities.Entity): 44 _binding = network_packet_binding 45 _binding_class = network_packet_binding.PhysicalInterfaceType 46 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 47 48 ethernet = fields.TypedField("Ethernet", EthernetInterface) 49 50 51class ARP(entities.Entity): 52 _binding = network_packet_binding 53 _binding_class = network_packet_binding.ARPType 54 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 55 56 hardware_addr_type = fields.TypedField("Hardware_Addr_Type", String) 57 proto_addr_type = fields.TypedField("Proto_Addr_Type", String) 58 hardware_addr_size = fields.TypedField("Hardware_Addr_Size", HexBinary) 59 proto_addr_size = fields.TypedField("Proto_Addr_Size", HexBinary) 60 op_type = fields.TypedField("Op_Type", String) 61 sender_hardware_addr = fields.TypedField("Sender_Hardware_Addr", Address) 62 sender_protocol_addr = fields.TypedField("Sender_Protocol_Addr", Address) 63 recip_hardware_addr = fields.TypedField("Recip_Hardware_Addr", Address) 64 recip_protocol_addr = fields.TypedField("Recip_Protocol_Addr", Address) 65 66 67class _ICMPHeader(entities.Entity): 68 """Abstract Type""" 69 _binding = network_packet_binding 70 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 71 72 type_ = fields.TypedField("Type", HexBinary) 73 code = fields.TypedField("Code", HexBinary) 74 checksum = fields.TypedField("Checksum", HexBinary) 75 76 77class ICMPv4Header(_ICMPHeader): 78 _binding_class = network_packet_binding.ICMPv4HeaderType 79 80 81class ICMPv6Header(_ICMPHeader): 82 _binding_class = network_packet_binding.ICMPv6HeaderType 83 84 85class NDPLinkAddr(entities.Entity): 86 """Abstract Type""" 87 _binding = network_packet_binding 88 _binding_class = network_packet_binding.NDPLinkAddrType 89 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 90 91 length = fields.TypedField("Length", HexBinary) 92 link_layer_mac_addr = fields.TypedField("Link_Layer_MAC_Addr", Address) 93 94 95class RouterSolicitationOptions(entities.Entity): 96 _binding = network_packet_binding 97 _binding_class = network_packet_binding.RouterSolicitationOptionsType 98 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 99 100 src_link_addr = fields.TypedField("Src_Link_Addr", NDPLinkAddr) 101 102 103class RouterSolicitation(entities.Entity): 104 _binding = network_packet_binding 105 _binding_class = network_packet_binding.RouterSolicitationType 106 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 107 108 options = fields.TypedField("Options", RouterSolicitationOptions, multiple=True) 109 110 111class NDPMTU(entities.Entity): 112 _binding = network_packet_binding 113 _binding_class = network_packet_binding.NDPMTUType 114 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 115 116 length = fields.TypedField("Length", Integer) 117 mtu = fields.TypedField("MTU", Integer) 118 119 120class Prefix(entities.Entity): 121 _binding = network_packet_binding 122 _binding_class = network_packet_binding.PrefixType 123 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 124 125 # TODO: choice 126 ipv6_addr = fields.TypedField("IPv6_Addr", Address) 127 ip_addr_prefix = fields.TypedField("IP_Addr_Prefix", Address) 128 129 130class NDPPrefixInfo(entities.Entity): 131 _binding = network_packet_binding 132 _binding_class = network_packet_binding.NDPPrefixInfoType 133 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 134 135 link_flag = fields.TypedField("link_flag") 136 addr_config_flag = fields.TypedField("addr_config_flag") 137 length = fields.TypedField("Length", HexBinary) 138 prefix_length = fields.TypedField("Prefix_Length", Integer) 139 valid_lifetime = fields.TypedField("Valid_Lifetime", Integer) 140 preferred_lifetime = fields.TypedField("Preferred_Lifetime", Integer) 141 prefix = fields.TypedField("Prefix", Prefix) 142 143 144class RouterAdvertisementOptions(entities.Entity): 145 _binding = network_packet_binding 146 _binding_class = network_packet_binding.RouterAdvertisementOptionsType 147 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 148 149 # TODO: choice 150 src_link_addr = fields.TypedField("Src_Link_Addr", NDPLinkAddr) 151 mtu = fields.TypedField("MTU", NDPMTU) 152 prefix_info = fields.TypedField("Prefix_Info", NDPPrefixInfo) 153 154 155class RouterAdvertisement(entities.Entity): 156 _binding = network_packet_binding 157 _binding_class = network_packet_binding.RouterAdvertisementType 158 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 159 160 managed_address_config_flag = fields.TypedField("managed_address_config_flag") 161 other_config_flag = fields.TypedField("other_config_flag") 162 cur_hop_limit = fields.TypedField("Cur_Hop_Limit", Integer) 163 router_lifetime = fields.TypedField("Router_Lifetime", Integer) 164 reachable_time = fields.TypedField("Reachable_Time", Integer) 165 retrans_timer = fields.TypedField("Retrans_Timer", Integer) 166 options = fields.TypedField("Options", RouterAdvertisementOptions) 167 168 169class NeighborSolicitationOptions(entities.Entity): 170 _binding = network_packet_binding 171 _binding_class = network_packet_binding.NeighborSolicitationOptionsType 172 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 173 174 src_link_addr = fields.TypedField("Src_Link_Addr", NDPLinkAddr) 175 176 177class NeighborSolicitation(entities.Entity): 178 _binding = network_packet_binding 179 _binding_class = network_packet_binding.NeighborSolicitationType 180 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 181 182 target_ipv6_addr = fields.TypedField("Target_IPv6_Addr", Address) 183 options = fields.TypedField("Options", NeighborSolicitationOptions) 184 185 186class NeighborOptions(entities.Entity): 187 _binding = network_packet_binding 188 _binding_class = network_packet_binding.NeighborOptionsType 189 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 190 191 target_link_addr = fields.TypedField("Target_Link_Addr", NDPLinkAddr) 192 193 194class NeighborAdvertisement(entities.Entity): 195 _binding = network_packet_binding 196 _binding_class = network_packet_binding.NeighborAdvertisementType 197 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 198 199 router_flag = fields.TypedField("router_flag") 200 solicited_flag = fields.TypedField("solicited_flag") 201 override_flag = fields.TypedField("override_flag") 202 target_ipv6_addr = fields.TypedField("Target_IPv6_Addr", Address) 203 options = fields.TypedField("Options", NeighborOptions) 204 205 206class NDPRedirectedHeader(entities.Entity): 207 _binding = network_packet_binding 208 _binding_class = network_packet_binding.NDPRedirectedHeaderType 209 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 210 211 length = fields.TypedField("Length", HexBinary) 212 ipheader_and_data = fields.TypedField("IPHeader_And_Data", HexBinary) 213 214 215class RedirectOptions(entities.Entity): 216 _binding = network_packet_binding 217 _binding_class = network_packet_binding.RedirectOptionsType 218 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 219 220 target_link_addr = fields.TypedField("Target_Link_Addr", NDPLinkAddr) 221 redirected_header = fields.TypedField("Redirected_Header", NDPRedirectedHeader) 222 223 224class Redirect(entities.Entity): 225 _binding = network_packet_binding 226 _binding_class = network_packet_binding.RedirectType 227 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 228 229 target_ipv6_addr = fields.TypedField("Target_IPv6_Addr", Address) 230 dest_ipv6_addr = fields.TypedField("Dest_IPv6_Addr", Address) 231 options = fields.TypedField("Options", RedirectOptions) 232 233 234class NDP(entities.Entity): 235 _binding = network_packet_binding 236 _binding_class = network_packet_binding.NDPType 237 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 238 239 icmpv6_header = fields.TypedField("ICMPv6_Header", ICMPv6Header) 240 241 #TODO: choice between these 5 242 router_solicitation = fields.TypedField("Router_Solicitation", RouterSolicitation) 243 router_advertisement = fields.TypedField("Router_Advertisement", RouterAdvertisement) 244 neighbor_solicitation = fields.TypedField("Neighbor_Solicitation", NeighborSolicitation) 245 neighbor_advertisement = fields.TypedField("Neighbor_Advertisement", NeighborAdvertisement) 246 redirect = fields.TypedField("Redirect", Redirect) 247 248 249class LogicalProtocol(entities.Entity): 250 _binding = network_packet_binding 251 _binding_class = network_packet_binding.LogicalProtocolType 252 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 253 254 #TODO: choice 255 arp_rarp = fields.TypedField("ARP_RARP", ARP) 256 ndp = fields.TypedField("NDP", NDP) 257 258 259class LinkLayer(entities.Entity): 260 _binding = network_packet_binding 261 _binding_class = network_packet_binding.LinkLayerType 262 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 263 264 physical_interface = fields.TypedField("Physical_Interface", PhysicalInterface) 265 logical_protocols = fields.TypedField("Logical_Protocols", LogicalProtocol) 266 267 268class IPv4Flags(entities.Entity): 269 _binding = network_packet_binding 270 _binding_class = network_packet_binding.IPv4FlagsType 271 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 272 273 reserved = fields.TypedField("Reserved", Integer) 274 do_not_fragment = fields.TypedField("Do_Not_Fragment", String) 275 more_fragments = fields.TypedField("More_Fragments", String) 276 277 def __init__(self): 278 super(IPv4Flags, self).__init__() 279 self.reserved = Integer(0) 280 281 282class IPv4Option(entities.Entity): 283 _binding = network_packet_binding 284 _binding_class = network_packet_binding.IPv4OptionType 285 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 286 287 copy_flag = fields.TypedField("Copy_Flag", String) 288 class_ = fields.TypedField("Class", String) 289 option = fields.TypedField("Option", String) 290 291 292class IPv4Header(entities.Entity): 293 _binding = network_packet_binding 294 _binding_class = network_packet_binding.IPv4HeaderType 295 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 296 297 ip_version = fields.TypedField("IP_Version", String) 298 header_length = fields.TypedField("Header_Length", Integer) 299 dscp = fields.TypedField("DSCP", HexBinary) 300 ecn = fields.TypedField("ECN", HexBinary) 301 total_length = fields.TypedField("Total_Length", HexBinary) 302 identification = fields.TypedField("Identification", PositiveInteger) 303 flags = fields.TypedField("Flags", IPv4Flags) 304 fragment_offset = fields.TypedField("Fragment_Offset", HexBinary) 305 ttl = fields.TypedField("TTL", HexBinary) 306 protocol = fields.TypedField("Protocol", String) 307 checksum = fields.TypedField("Checksum", HexBinary) 308 src_ipv4_addr = fields.TypedField("Src_IPv4_Addr", Address) 309 dest_ipv4_addr = fields.TypedField("Dest_IPv4_Addr", Address) 310 option = fields.TypedField("Option", IPv4Option, multiple=True) 311 312 313class IPv4Packet(entities.Entity): 314 _binding = network_packet_binding 315 _binding_class = network_packet_binding.IPv4PacketType 316 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 317 318 ipv4_header = fields.TypedField("IPv4_Header", IPv4Header) 319 data = fields.TypedField("Data", HexBinary) 320 321 322class FragmentationRequired(entities.Entity): 323 _binding = network_packet_binding 324 _binding_class = network_packet_binding.FragmentationRequiredType 325 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 326 327 fragmentation_required = fields.TypedField("Fragmentation_Required") 328 next_hop_mtu = fields.TypedField("Next_Hop_MTU", HexBinary) 329 330 331class ICMPv4DestinationUnreachable(entities.Entity): 332 _binding = network_packet_binding 333 _binding_class = network_packet_binding.ICMPv4DestinationUnreachableType 334 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 335 336 # TODO: choice 337 destination_network_unreachable = fields.TypedField("Destination_Network_Unreachable") 338 destination_host_unreachable = fields.TypedField("Destination_Host_Unreachable") 339 destination_protocol_unreachable = fields.TypedField("Destination_Protocol_Unreachable") 340 destination_port_unreachable = fields.TypedField("Destination_Port_Unreachable") 341 fragmentation_required = fields.TypedField("Fragmentation_Required", FragmentationRequired) 342 source_route_failed = fields.TypedField("Source_Route_Failed") 343 destination_network_unknown = fields.TypedField("Destination_Network_Unknown") 344 destination_host_unknown = fields.TypedField("Destination_Host_Unknown") 345 source_host_isolated = fields.TypedField("Source_Host_Isolated") 346 network_administratively_prohibited = fields.TypedField("Network_Administratively_Prohibited") 347 host_administratively_prohibited = fields.TypedField("Host_Administratively_Prohibited") 348 network_unreachable_for_tos = fields.TypedField("Network_Unreachable_For_TOS") 349 host_unreachable_for_tos = fields.TypedField("Host_Unreachable_For_TOS") 350 communication_administratively_prohibited = fields.TypedField("Communication_Administratively_Prohibited") 351 host_precedence_violation = fields.TypedField("Host_Precedence_Violation") 352 precedence_cutoff_in_effect = fields.TypedField("Precedence_Cutoff_In_Effect") 353 354 355class ICMPv4SourceQuench(entities.Entity): 356 _binding = network_packet_binding 357 _binding_class = network_packet_binding.ICMPv4SourceQuenchType 358 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 359 360 source_quench = fields.TypedField("Source_Quench") 361 362 363class ICMPv4RedirectMessage(entities.Entity): 364 _binding = network_packet_binding 365 _binding_class = network_packet_binding.ICMPv4RedirectMessageType 366 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 367 368 # TODO: choice of first 4 369 network_redirect = fields.TypedField("Network_Redirect") 370 host_redirect = fields.TypedField("Host_Redirect") 371 tos_network_redirect = fields.TypedField("ToS_Network_Redirect") 372 tos_host_redirect = fields.TypedField("ToS_Host_Redirect") 373 ip_address = fields.TypedField("IP_Address", Address) 374 375 376class ICMPv4TimeExceeded(entities.Entity): 377 _binding = network_packet_binding 378 _binding_class = network_packet_binding.ICMPv4TimeExceededType 379 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 380 381 # TODO: choice 382 ttl_exceeded_in_transit = fields.TypedField("TTL_Exceeded_In_Transit") 383 frag_reassembly_time_exceeded = fields.TypedField("Frag_Reassembly_Time_Exceeded") 384 385 386class ICMPv4ErrorMessageContent(entities.Entity): 387 _binding = network_packet_binding 388 _binding_class = network_packet_binding.ICMPv4ErrorMessageContentType 389 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 390 391 ip_header = fields.TypedField("IP_Header", IPv4Header) 392 first_eight_bytes = fields.TypedField("First_Eight_Bytes", HexBinary) 393 394 395class ICMPv4ErrorMessage(entities.Entity): 396 _binding = network_packet_binding 397 _binding_class = network_packet_binding.ICMPv4ErrorMessageType 398 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 399 400 destination_unreachable = fields.TypedField("Destination_Unreachable", ICMPv4DestinationUnreachable) 401 source_quench = fields.TypedField("Source_Quench", ICMPv4SourceQuench) 402 redirect_message = fields.TypedField("Redirect_Message", ICMPv4RedirectMessage) 403 time_exceeded = fields.TypedField("Time_Exceeded", ICMPv4TimeExceeded) 404 error_msg_content = fields.TypedField("Error_Msg_Content", ICMPv4ErrorMessageContent) 405 406 407class _ICMPEchoReply(entities.Entity): 408 _binding = network_packet_binding 409 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 410 411 echo_reply = fields.TypedField("Echo_Reply") 412 data = fields.TypedField("Data", HexBinary) 413 414 415class _ICMPEchoRequest(entities.Entity): 416 _binding = network_packet_binding 417 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 418 419 echo_request = fields.TypedField("Echo_Request") 420 data = fields.TypedField("Data", HexBinary) 421 422 423class ICMPv4EchoReply(_ICMPEchoReply): 424 _binding_class = network_packet_binding.ICMPv4EchoReplyType 425 426 427class ICMPv4EchoRequest(_ICMPEchoRequest): 428 _binding_class = network_packet_binding.ICMPv4EchoRequestType 429 430 431class ICMPv6EchoReply(_ICMPEchoReply): 432 _binding_class = network_packet_binding.ICMPv6EchoReplyType 433 434 435class ICMPv6EchoRequest(_ICMPEchoRequest): 436 _binding_class = network_packet_binding.ICMPv6EchoRequestType 437 438 439class ICMPv4TimestampRequest(entities.Entity): 440 _binding = network_packet_binding 441 _binding_class = network_packet_binding.ICMPv4TimestampRequestType 442 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 443 444 timestamp = fields.TypedField("Timestamp") 445 originate_timestamp = fields.TypedField("Originate_Timestamp", UnsignedInteger) 446 447 448class ICMPv4TimestampReply(entities.Entity): 449 _binding = network_packet_binding 450 _binding_class = network_packet_binding.ICMPv4TimestampReplyType 451 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 452 453 timestamp_reply = fields.TypedField("Timestamp_Reply") 454 originate_timestamp = fields.TypedField("Originate_Timestamp", UnsignedInteger) 455 receive_timestamp = fields.TypedField("Receive_Timestamp", UnsignedInteger) 456 transmit_timestamp = fields.TypedField("Transmit_Timestamp", UnsignedInteger) 457 458 459class ICMPv4AddressMaskRequest(entities.Entity): 460 _binding = network_packet_binding 461 _binding_class = network_packet_binding.ICMPv4AddressMaskRequestType 462 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 463 464 address_mask_request = fields.TypedField("Address_Mask_Request") 465 address_mask = fields.TypedField("Address_Mask", Address) 466 467 468class ICMPv4AddressMaskReply(entities.Entity): 469 _binding = network_packet_binding 470 _binding_class = network_packet_binding.ICMPv4AddressMaskReplyType 471 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 472 473 address_mask_reply = fields.TypedField("Address_Mask_Reply") 474 address_mask = fields.TypedField("Address_Mask", Address) 475 476 477class _ICMPInfoMessageContent(entities.Entity): 478 _binding = network_packet_binding 479 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 480 481 identifier = fields.TypedField("Identifier", HexBinary) 482 sequence_number = fields.TypedField("Sequence_Number", HexBinary) 483 484 485class ICMPv4InfoMessageContent(_ICMPInfoMessageContent): 486 _binding_class = network_packet_binding.ICMPv4InfoMessageContentType 487 488 489class ICMPv6InfoMessageContent(_ICMPInfoMessageContent): 490 _binding_class = network_packet_binding.ICMPv6InfoMessageContentType 491 492 493class ICMPv4InfoMessage(entities.Entity): 494 _binding = network_packet_binding 495 _binding_class = network_packet_binding.ICMPv4InfoMessageType 496 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 497 498 #TODO: choice of first 6 499 echo_reply = fields.TypedField("Echo_Reply", ICMPv4EchoReply) 500 echo_request = fields.TypedField("Echo_Request", ICMPv4EchoRequest) 501 timestamp_request = fields.TypedField("Timestamp_Request", ICMPv4TimestampRequest) 502 timestamp_reply = fields.TypedField("Timestamp_Reply", ICMPv4TimestampReply) 503 address_mask_request = fields.TypedField("Address_Mask_Request", ICMPv4AddressMaskRequest) 504 address_mask_reply = fields.TypedField("Address_Mask_Reply", ICMPv4AddressMaskReply) 505 info_msg_content = fields.TypedField("Info_Msg_Content", ICMPv4InfoMessageContent) 506 507 508class ICMPv4Traceroute(entities.Entity): 509 _binding = network_packet_binding 510 _binding_class = network_packet_binding.ICMPv4TracerouteType 511 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 512 513 outbound_packet_forward_success = fields.TypedField("Outbound_Packet_Forward_Success") 514 outbound_packet_no_route = fields.TypedField("Outbound_Packet_no_Route") 515 identifier = fields.TypedField("Identifier", HexBinary) 516 outbound_hop_count = fields.TypedField("Outbound_Hop_Count", HexBinary) 517 return_hop_count = fields.TypedField("Return_Hop_Count", HexBinary) 518 output_link_speed = fields.TypedField("Output_Link_Speed", HexBinary) 519 output_link_mtu = fields.TypedField("Output_Link_MTU", HexBinary) 520 521 522class ICMPv4Packet(entities.Entity): 523 _binding = network_packet_binding 524 _binding_class = network_packet_binding.ICMPv4PacketType 525 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 526 527 icmpv4_header = fields.TypedField("ICMPv4_Header", ICMPv4Header) 528 529 # TODO: choice between these 3 530 error_msg = fields.TypedField("Error_Msg", ICMPv4ErrorMessage) 531 info_msg = fields.TypedField("Info_Msg", ICMPv4InfoMessage) 532 traceroute = fields.TypedField("Traceroute", ICMPv4Traceroute) 533 534 535class IPv6Header(entities.Entity): 536 _binding = network_packet_binding 537 _binding_class = network_packet_binding.IPv6HeaderType 538 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 539 540 ip_version = fields.TypedField("IP_Version", String) 541 traffic_class = fields.TypedField("Traffic_Class", HexBinary) 542 flow_label = fields.TypedField("Flow_Label", HexBinary) 543 payload_length = fields.TypedField("Payload_Length", HexBinary) 544 next_header = fields.TypedField("Next_Header", String) 545 ttl = fields.TypedField("TTL", HexBinary) 546 src_ipv6_addr = fields.TypedField("Src_IPv6_Addr", Address) 547 dest_ipv6_addr = fields.TypedField("Dest_IPv6_Addr", Address) 548 549 550class IPv6Option(entities.Entity): 551 _binding = network_packet_binding 552 _binding_class = network_packet_binding.IPv6OptionType 553 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 554 555 do_not_recogn_action = fields.TypedField("Do_Not_Recogn_Action", String) 556 packet_change = fields.TypedField("Packet_Change", String) 557 option_byte = fields.TypedField("Option_Byte", HexBinary) 558 559 560class Pad1(entities.Entity): 561 _binding = network_packet_binding 562 _binding_class = network_packet_binding.Pad1Type 563 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 564 565 octet = fields.TypedField("Octet", HexBinary) 566 567 568class PadN(entities.Entity): 569 _binding = network_packet_binding 570 _binding_class = network_packet_binding.PadNType 571 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 572 573 octet = fields.TypedField("Octet", HexBinary) 574 option_data_length = fields.TypedField("Option_Data_Length", Integer) 575 option_data = fields.TypedField("Option_Data", Integer) 576 577 578class OptionData(entities.Entity): 579 _binding = network_packet_binding 580 _binding_class = network_packet_binding.OptionDataType 581 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 582 583 option_type = fields.TypedField("Option_Type", IPv6Option) 584 option_data_len = fields.TypedField("Option_Data_Len", HexBinary) 585 586 # TODO: choice 587 pad1 = fields.TypedField("Pad1", Pad1) 588 padn = fields.TypedField("PadN", PadN) 589 590 591class _IPv6ExtHeader(entities.Entity): 592 """Shared by a couple types""" 593 _binding = network_packet_binding 594 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 595 596 next_header = fields.TypedField("Next_Header", String) 597 header_ext_len = fields.TypedField("Header_Ext_Len", HexBinary) 598 option_data = fields.TypedField("Option_Data", OptionData, multiple=True) 599 600 601class HopByHopOptions(_IPv6ExtHeader): 602 _binding_class = network_packet_binding.HopByHopOptionsType 603 604 605class Routing(entities.Entity): 606 _binding = network_packet_binding 607 _binding_class = network_packet_binding.RoutingType 608 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 609 610 next_header = fields.TypedField("Next_Header", String) 611 header_ext_len = fields.TypedField("Header_Ext_Len", Integer) 612 routing_type = fields.TypedField("Routing_Type", HexBinary) 613 segments_left = fields.TypedField("Segments_Left", Integer) 614 type_specific_data = fields.TypedField("Type_Specific_Data", String) 615 616 617class FragmentHeader(entities.Entity): 618 _binding = network_packet_binding 619 _binding_class = network_packet_binding.FragmentHeaderType 620 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 621 622 next_header = fields.TypedField("Next_Header", HexBinary) 623 fragment_offset = fields.TypedField("Fragment_Offset", HexBinary) 624 m_flag = fields.TypedField("M_Flag", String) 625 identification = fields.TypedField("Identification", HexBinary) 626 627 628class Fragment(entities.Entity): 629 _binding = network_packet_binding 630 _binding_class = network_packet_binding.FragmentType 631 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 632 633 fragment_header = fields.TypedField("Fragment_Header", FragmentHeader) 634 fragment = fields.TypedField("Fragment", HexBinary) 635 636 637class DestinationOptions(_IPv6ExtHeader): 638 _binding_class = network_packet_binding.DestinationOptionsType 639 640 641class AuthenticationHeader(entities.Entity): 642 _binding = network_packet_binding 643 _binding_class = network_packet_binding.AuthenticationHeaderType 644 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 645 646 next_header = fields.TypedField("Next_Header", String) 647 header_ext_len = fields.TypedField("Header_Ext_Len", HexBinary) 648 security_parameters_index = fields.TypedField("Security_Parameters_Index", HexBinary) 649 sequence_number = fields.TypedField("Sequence_Number", HexBinary) 650 authentication_data = fields.TypedField("Authentication_Data", HexBinary) 651 652 653class EncapsulatingSecurityPayload(entities.Entity): 654 _binding = network_packet_binding 655 _binding_class = network_packet_binding.EncapsulatingSecurityPayloadType 656 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 657 658 security_parameters_index = fields.TypedField("Security_Parameters_Index", HexBinary) 659 sequence_number = fields.TypedField("Sequence_Number", HexBinary) 660 payload_data = fields.TypedField("Payload_Data", HexBinary) 661 padding = fields.TypedField("Padding", HexBinary) 662 padding_len = fields.TypedField("Padding_Len", HexBinary) 663 next_header = fields.TypedField("Next_Header", String) 664 authentication_data = fields.TypedField("Authentication_Data", HexBinary) 665 666 667class IPv6ExtHeader(entities.Entity): 668 _binding = network_packet_binding 669 _binding_class = network_packet_binding.IPv6ExtHeaderType 670 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 671 672 # TODO: choice 673 hop_by_hop_options = fields.TypedField("Hop_by_Hop_Options", HopByHopOptions) 674 routing = fields.TypedField("Routing", Routing) 675 fragment = fields.TypedField("Fragment", Fragment) 676 destination_options = fields.TypedField("Destination_Options", DestinationOptions, multiple=True) 677 authentication_header = fields.TypedField("Authentication_Header", AuthenticationHeader) 678 encapsulating_security_payload = fields.TypedField("Encapsulating_Security_Payload", EncapsulatingSecurityPayload) 679 680 681class IPv6Packet(entities.Entity): 682 _binding = network_packet_binding 683 _binding_class = network_packet_binding.IPv6PacketType 684 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 685 686 ipv6_header = fields.TypedField("IPv6_Header", IPv6Header) 687 data = fields.TypedField("Data", HexBinary) 688 ext_headers = fields.TypedField("Ext_Headers", IPv6ExtHeader, multiple=True) 689 690 691class ICMPv6DestinationUnreachable(entities.Entity): 692 _binding = network_packet_binding 693 _binding_class = network_packet_binding.ICMPv6DestinationUnreachableType 694 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 695 696 # TODO: choice 697 no_route = fields.TypedField("No_Route") 698 comm_prohibited = fields.TypedField("Comm_Prohibited") 699 beyond_scope = fields.TypedField("Beyond_Scope") 700 address_unreachable = fields.TypedField("Address_Unreachable") 701 port_unreachable = fields.TypedField("Port_Unreachable") 702 src_addr_failed_policy = fields.TypedField("Src_Addr_Failed_Policy") 703 reject_route = fields.TypedField("Reject_Route") 704 705 706class ICMPv6PacketTooBig(entities.Entity): 707 _binding = network_packet_binding 708 _binding_class = network_packet_binding.ICMPv6PacketTooBigType 709 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 710 711 packet_too_big = fields.TypedField("Packet_Too_Big") 712 mtu = fields.TypedField("MTU", HexBinary) 713 714 715class ICMPv6TimeExceeded(entities.Entity): 716 _binding = network_packet_binding 717 _binding_class = network_packet_binding.ICMPv6TimeExceededType 718 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 719 720 # TODO: choice 721 hop_limit_exceeded = fields.TypedField("Hop_Limit_Exceeded") 722 fragment_reassem_time_exceeded = fields.TypedField("Fragment_Reassem_Time_Exceeded") 723 724 725class ICMPv6ParameterProblem(entities.Entity): 726 _binding = network_packet_binding 727 _binding_class = network_packet_binding.ICMPv6ParameterProblemType 728 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 729 730 # TODO: choice of first 3 731 erroneous_header_field = fields.TypedField("Erroneous_Header_Field") 732 unrecognized_next_header_type = fields.TypedField("Unrecognized_Next_Header_Type") 733 unrecognized_ipv6_option = fields.TypedField("Unrecognized_IPv6_Option") 734 pointer = fields.TypedField("Pointer", HexBinary) 735 736 737class ICMPv6ErrorMessage(entities.Entity): 738 _binding = network_packet_binding 739 _binding_class = network_packet_binding.ICMPv6ErrorMessageType 740 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 741 742 destination_unreachable = fields.TypedField("Destination_Unreachable", ICMPv6DestinationUnreachable) 743 packet_too_big = fields.TypedField("Packet_Too_Big", ICMPv6PacketTooBig) 744 time_exceeded = fields.TypedField("Time_Exceeded", ICMPv6TimeExceeded) 745 parameter_problem = fields.TypedField("Parameter_Problem", ICMPv6ParameterProblem) 746 invoking_packet = fields.TypedField("Invoking_Packet", HexBinary) 747 748 749class ICMPv6InfoMessage(entities.Entity): 750 _binding = network_packet_binding 751 _binding_class = network_packet_binding.ICMPv6InfoMessageType 752 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 753 754 # TODO: choice of first 2 755 echo_request = fields.TypedField("Echo_Request", ICMPv6EchoRequest) 756 echo_reply = fields.TypedField("Echo_Reply", ICMPv6EchoReply) 757 info_msg_content = fields.TypedField("Info_Msg_Content", ICMPv6InfoMessageContent) 758 759 760class ICMPv6Packet(entities.Entity): 761 _binding = network_packet_binding 762 _binding_class = network_packet_binding.ICMPv6PacketType 763 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 764 765 icmpv6_header = fields.TypedField("ICMPv6_Header", ICMPv6Header) 766 error_msg = fields.TypedField("Error_Msg", ICMPv6ErrorMessage) 767 info_msg = fields.TypedField("Info_Msg", ICMPv6InfoMessage) 768 769 770class InternetLayer(entities.Entity): 771 _binding = network_packet_binding 772 _binding_class = network_packet_binding.InternetLayerType 773 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 774 775 # TODO: choice 776 ipv4 = fields.TypedField("IPv4", IPv4Packet) 777 icmpv4 = fields.TypedField("ICMPv4", ICMPv4Packet) 778 ipv6 = fields.TypedField("IPv6", IPv6Packet) 779 icmpv6 = fields.TypedField("ICMPv6", ICMPv6Packet) 780 781 782class TCPFlags(entities.Entity): 783 _binding = network_packet_binding 784 _binding_class = network_packet_binding.TCPFlagsType 785 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 786 787 ns = fields.TypedField("ns") 788 cwr = fields.TypedField("cwr") 789 ece = fields.TypedField("ece") 790 urg = fields.TypedField("urg") 791 ack = fields.TypedField("ack") 792 psh = fields.TypedField("psh") 793 rst = fields.TypedField("rst") 794 syn = fields.TypedField("syn") 795 fin = fields.TypedField("fin") 796 797 798class TCPHeader(entities.Entity): 799 _binding = network_packet_binding 800 _binding_class = network_packet_binding.TCPHeaderType 801 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 802 803 src_port = fields.TypedField("Src_Port", Port) 804 dest_port = fields.TypedField("Dest_Port", Port) 805 seq_num = fields.TypedField("Seq_Num", HexBinary) 806 ack_num = fields.TypedField("ACK_Num", HexBinary) 807 data_offset = fields.TypedField("Data_Offset", HexBinary) 808 reserved = fields.TypedField("Reserved", Integer) 809 tcp_flags = fields.TypedField("TCP_Flags", TCPFlags) 810 window = fields.TypedField("Window", HexBinary) 811 checksum = fields.TypedField("Checksum", HexBinary) 812 urg_ptr = fields.TypedField("Urg_Ptr", HexBinary) 813 814 815class TCP(entities.Entity): 816 _binding = network_packet_binding 817 _binding_class = network_packet_binding.TCPType 818 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 819 820 tcp_header = fields.TypedField("TCP_Header", TCPHeader) 821 options = fields.TypedField("Options", HexBinary) 822 data = fields.TypedField("Data", DataSegment) 823 824 825class UDPHeader(entities.Entity): 826 _binding = network_packet_binding 827 _binding_class = network_packet_binding.UDPHeaderType 828 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 829 830 srcport = fields.TypedField("SrcPort", Port) 831 destport = fields.TypedField("DestPort", Port) 832 length = fields.TypedField("Length", Integer) 833 checksum = fields.TypedField("Checksum", HexBinary) 834 835 836class UDP(entities.Entity): 837 _binding = network_packet_binding 838 _binding_class = network_packet_binding.UDPType 839 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 840 841 udp_header = fields.TypedField("UDP_Header", UDPHeader) 842 data = fields.TypedField("Data", DataSegment) 843 844 845class TransportLayer(entities.Entity): 846 _binding = network_packet_binding 847 _binding_class = network_packet_binding.TransportLayerType 848 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 849 850 tcp = fields.TypedField("TCP", TCP) 851 udp = fields.TypedField("UDP", UDP) 852 853 854class NetworkPacket(ObjectProperties): 855 _binding = network_packet_binding 856 _binding_class = network_packet_binding.NetworkPacketObjectType 857 _namespace = "http://cybox.mitre.org/objects#PacketObject-2" 858 _XSI_NS = "PacketObj" 859 _XSI_TYPE = "NetworkPacketObjectType" 860 861 link_layer = fields.TypedField("Link_Layer", LinkLayer) 862 internet_layer = fields.TypedField("Internet_Layer", InternetLayer) 863 transport_layer = fields.TypedField("Transport_Layer", TransportLayer) 864